--- /dev/null
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
+# unpredictably so
+ifupdown
+isc-dhcp-client
+# git for the setup directory; cloning works with ca-certificates
+ca-certificates
+git
+# to avoid constant warnings about no locale being found
+locales
+# extremely useful for basic network debugging; missed these more than once in an emergency
+netcat-traditional
+iputils-ping
+# what would we do without this …
+apt
--- /dev/null
+# for X to start at all
+linux-headers-amd64
+nvidia-driver
+firmware-misc-nonfree
+# X input: keyboard
+xserver-xorg-input-evdev
+# CUDA
+nvidia-cuda-dev
+nvidia-cuda-toolkit
+
--- /dev/null
+# needed for torrenting
+rtorrent
+# needed for torrenting session
+screen
+
--- /dev/null
+# so we can login at all …
+openssh-server
+# firewalling
+nftables
+# We want to be able to use ALL our servers as borg backup destinations.
+borgbackup
+# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown
+systemd-sysv
+# necessary on _some_ vservers
+net-tools
+quota
+
--- /dev/null
+# for wifi
+firmware-iwlwifi
+network-manager
+wpasupplicant
+# for tlp
+tlp
+tp-smapi-dkms
+# for X to start at all
+xserver-xorg-video-intel
+# X input: keyboard and touchpad
+xserver-xorg-input-evdev
+xserver-xorg-input-synaptics
+# to use printer
+cups
+#
+
--- /dev/null
+# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
+cryptsetup-initramfs
+lvm2
+# this provides setupcon which reads /etc/default/console-setup
+console-setup
+# for startx
+xinit
+# for xrdb
+x11-xserver-utils
+# for startx to run for non-root user
+libpam-systemd
+# window environment
+i3
+i3status
+suckless-tools
+xterm
+# to get sleepy at night
+redshift
+# for alsamixer
+alsa-utils
+# also useful
+vim
+sudo
+less
+man-db
+manpages
+procps
+# firefox install dependencies
+wget
+bzip2
+# firefox running dependencies
+libgtk-3-0
+libdbus-glib-1-2
+# tridactyl install recommendations
+vim-gtk3
+curl
+# for firefox to emit sound
+pulseaudio
+# emacs
+emacs
+emacs-common-non-dfsg
+emacs-el
+elpa-ledger
+ledger
+# to mount encrypted USB stick and use its contents
+pmount
+cryptsetup
+openssh-client
+# for syncing
+borgbackup
+# mail setup
+isync
+notmuch
+elpa-notmuch
+pinentry-gtk2
+#
--- /dev/null
+# for open-gpu-kernel-modules building
+gcc
+g++
+make
+linux-headers-amd64
+xz-utils
+# for NVIDIA driver .run --no-kernel-modules
+libvulkan1
+libglvnd-dev
+pkg-config
+# so we can add nvidia.NVreg_OpenRmEnableUnsupportedGpus=1 to default grub
+grub-efi-amd64
+
--- /dev/null
+nginx-light
+# for SSL
+certbot
+python3-certbot-nginx
--- /dev/null
+../bullseye/borg.sh
\ No newline at end of file
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+deb http://ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+[Unit]
+Description=rtorrent session
+After=network.target
+
+[Service]
+Type=simple
+User=plom
+Group=plom
+WorkingDirectory=/home/plom
+ExecStartPre=-/bin/rm -f /home/plom/session/rtorrent.lock
+ExecStart=/usr/bin/screen -S rtorrent -Dm /usr/bin/rtorrent
+ExecStop=/usr/bin/screen -S rtorrent -X quit
+Restart=on-failure
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+PermitRootLogin no # plomlompom's security rule
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+ClientAliveInterval 15
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/status.plomlompom.com/;
+
+ location = / {
+ return 301 /users/plomlompom.html;
+ }
+
+ # re-direct to .html endings
+ location ~ ^/(notice|users)/([^\.]*)/?$ {
+ rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent;
+ }
+}
--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/tube.plomlompom.com/;
+
+ # re-direct to .html endings
+ location ~ ^/videos/watch/([^\.]*)/?$ {
+ rewrite ^/videos/watch/([^\./]*)/?$ /videos/watch/$1.html permanent;
+ }
+}
--- /dev/null
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+# info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
+GRUB_CMDLINE_LINUX=""
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"
--- /dev/null
+blacklist nouveau
+options nouveau modeset=0
+
--- /dev/null
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0; policy drop;
+ iif lo accept comment "accept localhost traffic"
+ ct state invalid drop comment "drop invalid connections"
+ ct state established, related accept comment "accept traffic originated from us"
+ tcp dport 22 accept comment "accept SSH on default port"
+ tcp dport 80 accept comment "accept HTTP on default port"
+ tcp dport 443 accept comment "accept HTTPS on default port"
+ ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+ }
+ chain forward {
+ type filter hook forward priority 0; policy drop;
+ }
+ chain output {
+ type filter hook output priority 0; policy accept;
+ }
+}
--- /dev/null
+# system integration
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+# is expected even if empty
+events {
+}
+
+http {
+ # define content-type headers
+ include /etc/nginx/mime.types;
+ charset utf-8;
+
+ # Some standard optimizations, i.e. Debian default. Explained in
+ # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
+ # Not that I understand it all …
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+
+ # logging deactivated due to GDPR
+ #access_log /var/log/nginx/access.log;
+ #error_log /var/log/nginx/error.log;
+ access_log off;
+ error_log off;
+
+ # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+
+ # Redirect all HTTP requests to HTTPS.
+ server {
+ listen 80;
+ return 301 https://$host$request_uri;
+ }
+}
--- /dev/null
+# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
+xset s noblank
--- /dev/null
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Other helpful aliases
+alias sshauth='eval $(ssh-agent) && ssh-add'
+# alias xrandrbig='xrandr --output LVDS-1 --off'
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+ colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+ tput_color="\[$tput_color\]"
+ tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
--- /dev/null
+# where to write downloads into
+directory.default.set = ~/downloads
+
+# rtorrent's memory
+session.path.set = ~/session
+
+# security and paranoia
+dht.mode.set = disable
+protocol.pex.set = no
+protocol.encryption.set = require,require_RC4,allow_incoming,try_outgoing
+
--- /dev/null
+! otherwise various applications will assume merely 8 colors
+XTerm.termName: xterm-256color
+
+! font
+! actually, "mono" is already the default for faceName (it will
+! pick whatever fc-match mono delivers), but we need to set _some_
+! faceName to trigger XTerm activating TrueType fonts
+! (XTerm*fontRender by itself won't do the trick), and we want
+! TrueType fonts because, well, they scale better, and XTerm lets them
+! fall back on alternatives (hi there ttf-unifont) when a Unicode
+! glyph is not found
+XTerm*faceName: mono
+
+! white on black
+XTerm*reverseVideo: on
+
+! blink screen instead of sound
+XTerm*visualBell: on
+
+! proper ALT as META key treatment
+XTerm*eightBitInput: false
+
+! font sizes
+XTerm*faceSize: 8
+XTerm*faceSize1: 4
+XTerm*faceSize2: 5
+XTerm*faceSize3: 6
+XTerm*faceSize4: 8
+XTerm*faceSize5: 14
+XTerm*faceSize6: 25
+
+! colors
+! black
+XTerm*color0: #202020
+XTerm*color8: #3F3F3F
+! red
+XTerm*color1: #A82020
+XTerm*color9: #E82020
+! green
+XTerm*color2: #20A820
+XTerm*color10: #20E820
+! yellow
+XTerm*color3: #A8A820
+XTerm*color11: #E8E820
+! blue
+XTerm*color4: #3F3FFF
+XTerm*color12: #9F9FFF
+! magenta
+XTerm*color5: #A83FFF
+XTerm*color13: #E89FFF
+! cyan
+XTerm*color6: #3FA8FF
+XTerm*color14: #9FE8FF
+! white
+XTerm*color7: #A8A8A8
+XTerm*color15: #E8E8E8
--- /dev/null
+plom@plomlompom.com
+plom@mail.plomlompom.com
+plom@play.plomlompom.com
+# file read ends at last newline
--- /dev/null
+# plomlompom's i3-wm configuration
+
+# Font for i3 text
+font pango:Terminus 8px
+
+# Force "tabbed" as default layout for new windows.
+workspace_layout tabbed
+
+# Make the Windows key the modifier key for all i3-wm actions.
+set $mod Mod4
+floating_modifier $mod
+
+# Launch xterm.
+bindsym $mod+Return exec xterm
+
+# Launch programs via dmenu.
+bindsym $mod+d exec dmenu_run
+bindsym $mod+x exec dmenu_run
+
+# Kill window.
+bindsym $mod+Shift+Q kill
+
+# Move focus between windows.
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# Don't move focus with mouse.
+focus_follows_mouse no
+
+# Move windows.
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# Resize windows
+bindsym $mod+h resize shrink width 1 px or 1 ppt
+bindsym $mod+l resize grow width 1 px or 1 ppt
+bindsym $mod+j resize shrink height
+bindsym $mod+k resize grow height
+
+# Toggle fullscreen for focused window.
+bindsym $mod+f fullscreen
+
+# Toggle floating of window, focus on floating or tabbed windows.
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+space focus mode_toggle
+
+# Switch to workspace x.
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# Move window to workspace x.
+bindsym $mod+Shift+exclam move workspace 1
+bindsym $mod+Shift+quotedbl move workspace 2
+bindsym $mod+Shift+section move workspace 3
+bindsym $mod+Shift+dollar move workspace 4
+bindsym $mod+Shift+percent move workspace 5
+bindsym $mod+Shift+ampersand move workspace 6
+bindsym $mod+Shift+slash move workspace 7
+bindsym $mod+Shift+parenleft move workspace 8
+bindsym $mod+Shift+parenright move workspace 9
+bindsym $mod+Shift+equal move workspace 10
+
+# Reload i3 config file, restart (keeping sesion) i3, exit i3.
+bindsym $mod+Shift+C reload
+bindsym $mod+Shift+R restart
+bindsym $mod+Shift+P exit
+
+# Select "i3status" as i3 status bar, hide systray icons.
+bar {
+ tray_output none
+ status_command i3status
+}
+
+include ~/.config/i3/config_bonus
--- /dev/null
+# plomlompom's i3 status bar configuration
+
+# Activate colors; set update interval of one second.
+general {
+ colors = true
+ interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "disk /home/"
+order += "wireless wlp3s0"
+order += "ethernet enp0s25"
+order += "battery 0"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature 0"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+ format = "/: %avail available of %total"
+ separator_block_width = 25
+}
+
+# How much space is left in /home ?
+disk "/home/" {
+ format = "/home: %avail available of %total"
+ separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless wlp3s0 {
+ format_up = "w: (%quality at %essid) %ip"
+ format_down = "w: down"
+ separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet enp0s25 {
+ format_up = "e: %ip"
+ format_down = "e: down"
+ separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery 0 {
+ format = "b: %status %percentage %remaining"
+ separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+ format = "cpu: %usage"
+ separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+ format = "%1min %5min %15min"
+ separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature 0 {
+ format = "%degrees °C"
+ separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+ format = "%Y-%m-%d %H:%M:%S %z/%Z"
+ separator_block_width = 25
+}
+
+volume master {
+ format = "♪: %volume"
+ format_muted = "♪: muted (%volume)"
+ separator_block_width = 25
+}
--- /dev/null
+;; general layout
+;; ==============
+
+;; need no stinkin emacs help screen as start up, and no menu bar
+(setq inhibit-startup-screen t)
+(menu-bar-mode -1)
+
+;; highlight cursor line, parentheses
+(global-hl-line-mode 1)
+(show-paren-mode 1)
+
+;; show line numbers, use separator space
+(global-linum-mode)
+(setq linum-format "%d ")
+
+;; count cursor column, row in mode line
+(setq column-number-mode t)
+
+;; settings to make GUI tolerable
+(if window-system
+ (progn
+ (add-to-list 'default-frame-alist '(foreground-color . "white"))
+ (add-to-list 'default-frame-alist '(background-color . "black"))
+ (set-face-attribute 'default nil :height 80)
+ (scroll-bar-mode -1)
+ (setq visible-bell t)
+ (setq linum-format "%d")))
+
+;; use as default browser what XDG offers
+(setq-default browse-url-browser-function 'browse-url-xdg-open)
+
+
+
+;; general keybindings
+;; ===================
+
+;; create and use a minimal global map using just the self-insert command
+;; bindings and a selection of some to me very common keystrokes
+(setq minimal-map (make-sparse-keymap))
+(substitute-key-definition 'self-insert-command 'self-insert-command
+ minimal-map global-map)
+(use-global-map minimal-map)
+(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
+(global-set-key (kbd "RET") 'newline)
+(global-set-key (kbd "TAB") 'indent-for-tab-command)
+(global-set-key (kbd "<up>") 'previous-line)
+(global-set-key (kbd "<down>") 'next-line)
+(global-set-key (kbd "<left>") 'left-char)
+(global-set-key (kbd "<right>") 'right-char)
+(global-set-key (kbd "<prior>") 'scroll-down-command)
+(global-set-key (kbd "<next>") 'scroll-up-command)
+(global-set-key (kbd "M-x") 'execute-extended-command)
+(global-set-key (kbd "C-g") 'keyboard-quit)
+;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
+;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
+;; note how to switch back to the original map: (use-global-map global-map)
+(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
+
+
+
+;; minibuffer
+;; ==========
+
+;; incremental minibuffer completion
+(icomplete-mode 1)
+
+
+
+;; text editing
+;; ============
+
+;; tabs are evil
+(setq-default indent-tabs-mode nil)
+(setq-default tab-width 4)
+(setq indent-line-function 'insert-tab)
+
+;; show trailing whitespace
+(setq-default show-trailing-whitespace 1)
+
+;; on save, ask whether to ensure text file's last line ends in a
+;; newline character
+(setq require-final-newline 1)
+
+;; use dedicated directory for version-controlled, endless backups;
+;; never delete old versions
+(setq make-backup-files t
+ backup-directory-alist `(("." . "~/.emacs_backups"))
+ backup-by-copying t
+ version-control t
+ delete-old-versions 1) ;; neither t nor nil: never delete
+
+
+;; package management
+;; ==================
+
+;; where we get packages from
+(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
+ ("melpa-unstable" . "https://melpa.org/packages/")
+ ("melpa-stable" . "https://stable.melpa.org/packages/")))
+
+;; ensure certain packages are installed (actually, we use Debian repos here)
+;; credit to <https://stackoverflow.com/a/10093312>
+;(setq package-list '(elfeed ledger-mode))
+;(package-initialize)
+;(dolist (package package-list)
+; (unless (package-installed-p package)
+; (package-install package)))
+
+
+
+;;; window management
+;;; =================
+;
+;;; track window configurations to allow window config undo
+;(winner-mode 1)
+
+
+
+;; mail setup
+;; ==========
+
+(setq send-mail-function 'smtpmail-send-it)
+(setq smtpmail-smtp-server "mail.plomlompom.com")
+(setq smtpmail-smtp-service 465)
+(setq smtpmail-stream-type 'ssl)
+(setq smtpmail-smtp-user "plom")
+(setq mml-secure-openpgp-encrypt-to-self t)
+(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
+
+;(setq gnutls-log-level 0)
+
+;; if we don't set this, we get this warning:
+;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
+;; has been lowered to 256 bits and this may allow decryption of the session data
+(setq gnutls-min-prime-bits 1024)
+
+;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
+;; stream process, seemingly unless the /message/ function is called at the right
+;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
+;; in /network-stream-get-response/ right after "(goto-char start)"; this works
+;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
+;; buffer is not relevant, but maybe writing to the echo area is); activing the
+;; gnutls logging is just a hack to achieve such calls to /message/ in the
+;; /network-stream-open-tls/ flow.
+(setq gnutls-log-level 1) ; miraculously makes smtpmail work
+
+;; constructs From: domain if mail composer directly called (from without
+;; notmuch), but we don't actually intend to do that
+;(setq mail-host-address "plomlompom.com")
+
+;; otherwise notmuch becomes extremely slow in some cases
+(setq-default notmuch-show-indent-content nil)
+
+;; this only works if we use notmuch-mua-send instead of message-send
+(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
+
+;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
+;; in the message ID
+(setq mail-host-address "plomlompom.com")
+
+;; notmuch saved searches
+(setq notmuch-saved-searches
+ '((:name "inbox" :query "tag:unread and folder:inbox")
+ (:name "all" :query "tag:unread not folder:maildir/Trash")
+ (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
+ (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
+ (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
+ (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
+ (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
+
+
+
+;; org mode
+;; ========
+
+;; unsure why, but to re-set the key map, we not only have to explicitely do it
+;; only after org-mode loading, but also have to explicitely overwrite the
+;; C-c keybinding; TODO: investigate
+(with-eval-after-load 'org
+ (setq org-mode-map (make-sparse-keymap))
+ (define-key org-mode-map (kbd "C-c") nil)
+ (define-key org-mode-map (kbd "TAB") 'org-cycle)
+ (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
+
+;; don't truncate lines by default
+(setq org-startup-truncated nil)
+
+;; basic org-capture config
+(setq org-capture-templates
+ '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
+(add-hook 'org-capture-mode-hook 'evil-insert-state)
+
+;; agenda view on startup
+(load-library "find-lisp")
+(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
+(setq org-agenda-span 90)
+(setq org-agenda-use-time-grid nil)
+(add-hook 'emacs-startup-hook (lambda ()
+ (org-agenda-list)
+ (switch-to-buffer "*Org Agenda*")
+ (other-window 1)))
+
+;;; for calendar, use ISO date style
+;(setq calendar-date-style 'iso)
+;(setq diary-number-of-entries 7)
+;(diary)
+;(setq org-agenda-time-grid '((today require-timed remove-match)
+; #("----------------" 0 16 (org-heading t))
+; (0 200 400 600 800 1000 1200
+; 1400 1600 1800 2000 2200)))
+
+;; empty org-agenda-mode keybindings
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (setq org-agenda-mode-map (make-sparse-keymap))))
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (use-local-map (make-sparse-keymap))))
+
+;; org-publish-all
+(setq org-publish-project-alist
+ '(
+ ("website"
+ :base-directory "~/org/web/"
+ :base-extension "org"
+ :publishing-directory "~/html/"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4 ; Just the default for this project.
+ :auto-preamble t
+ )))
+
+;; use [ki:] syntax to hide stuff from exports
+(defun classify-information (text backend info)
+ "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
+ (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
+(add-hook 'org-export-filter-plain-text-functions 'classify-information)
+
+;; add HTML validator link to exports
+(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
+
+
+
+;;; Info mode
+;;; =========
+
+(setq Info-mode-map (make-sparse-keymap))
+(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
+(define-key Info-mode-map (kbd "u") 'Info-up)
+(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
+(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
+(define-key Info-mode-map (kbd "H") 'Info-history-back)
+(define-key Info-mode-map (kbd "L") 'Info-history-forward)
+(define-key Info-mode-map (kbd "I") 'Info-goto-node)
+(define-key Info-mode-map (kbd "i") 'Info-index)
+
+
+
+;; help mode
+;; =========
+
+(setq help-mode-map (make-sparse-keymap))
+(define-key help-mode-map (kbd "TAB") 'forward-button)
+(define-key help-mode-map (kbd "RET") 'help-follow)
+(define-key help-mode-map (kbd "<backtab>") 'backward-button)
+
+
+
+; ;; elfeed
+; ;; ======
+;
+; (require 'elfeed) ; needed so we can set the font faces
+; (set-face-background 'elfeed-search-title-face "magenta")
+; (set-face-background 'elfeed-search-unread-count-face "magenta")
+; (setq elfeed-feeds
+; '("https://capsurvival.blogspot.com/feeds/posts/default"
+; "https://jungle.world/rss.xml"
+; "http://news.dieweltistgarnichtso.net/bin/index.xml"
+; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
+; "http://www.tagesschau.de/xml/atom"))
+; (setq elfeed-search-mode-map (make-sparse-keymap))
+; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
+; (defun elfeed-search-mark-as-read() (interactive)
+; (elfeed-search-untag-all 'unread))
+; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
+; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
+; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
+; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
+; (setq elfeed-show-mode-map (make-sparse-keymap))
+; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
+; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
+; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
+; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
+; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
+;
+;
+;
+; ;; eww
+; ;; ===
+;
+; (setq eww-mode-map (make-sparse-keymap))
+; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key eww-mode-map (kbd "H") 'eww-back-url)
+; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
+
+
+
+;; ledger
+;; ======
+(setq ledger-mode-map (make-sparse-keymap))
+(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
+
+
+
+;;; plomvi mode
+;;; ===========
+
+(defvar plomvi-return-combo (kbd "C-c"))
+(load "~/public_repos/plomvi.el/plomvi.el")
+(plomvi-global-mode 1)
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
--- /dev/null
+IMAPAccount plom
+# Address to connect to
+Host mail.plomlompom.com
+User plom
+# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
+# therefore the pw in ~/.authinfo should not be longer than that.
+PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
+SSLType IMAPS
+AuthMechs LOGIN
+
+IMAPStore core-remote
+Account plom
+
+MaildirStore core-local
+# The trailing "/" is important
+Path ~/mail/maildir/
+Inbox ~/mail/inbox/
+
+Channel core
+Far :core-remote:
+Near :core-local:
+Patterns *
+# Automatically create missing mailboxes, both locally and on the server
+Create Both
+# Save the synchronization state files in the relevant directory
+SyncState *
+# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
+Expunge Both
--- /dev/null
+[database]
+path=/home/plom/mail
+[search]
+exclude_tags=deleted;spam;
+# the fields below set the From: if the mail composer is called from
+# within notmuch
+[user]
+name=Christian Heller
+primary_email=plom@plomlompom.com
--- /dev/null
+# sanitize tridactyllocal tridactylsync
+# guiset tabs always
+# guiset hoverlink left
+# guiset statuspanel right
+autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
+# bind ö fillcmdline find
+# bind n findnext 1
+# bind N findnext -1
+bind j scrollline 3
+bind k scrollline -3
+set hintuppercase false
+set searchengine duckduckgo
+set theme midnight
+set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
+set searchurls.dictcc https://www.dict.cc/?s=
+set hintchars 123456qwertasdfgyxcvb
+guiset gui none
+escapehatch
--- /dev/null
+# X init configuration
+
+# Set keymap.
+setxkbmap de
+
+# Map CapsLock to Compose key.
+xmodmap -e "clear Lock"
+xmodmap -e "keycode 66 = Multi_key"
+
+# Load xterm settings
+xrdb -merge ~/.Xresources
+
+# Redshift to Berlin, Germany.
+redshift -rl 53:13 &
+
+sh .xinitrc_bonus
+
+# Launch window manager.
+i3
--- /dev/null
+#!/bin/sh
+set -e
+
+basedir="/home/plom/mail/maildir/"
+# Ensure directories exist for all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ if [ ! -d "${target_dir}" ]; then
+ echo "Directory ${target_dir} does not exist."
+ exit 1
+ fi
+done
+
+# Ensure all "dir:*"-tagged mails are in proper directories,
+# remove all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ for f in $(notmuch search --output=files tag:"${tag}"); do
+ new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
+ target_path="${target_dir}${new_name}"
+ if [ ! "${target_path}" = "${f}" ]; then
+ echo "Moving ${f} to ${target_path}."
+ mv "${f}" "${target_path}"
+ # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
+ fi
+ done
+ notmuch tag -"${tag}" tag:"${tag}"
+done
+
+# Remove all "deleted"-tagged files from maildirs.
+notmuch search --output=files tag:deleted | while read f; do
+ echo "Deleting ${f}"
+ rm "${f}"
+done
+
+# Sync changes back to server and update notmuch index.
+mbsync -a
+notmuch new
--- /dev/null
+# List of repos we want cloned in ~/public_repos
+config
+pingmail.git
+plomlombot-irc.git
+plomrogue
+plomrogue2-experiments
+plomvi.el
+misc
--- /dev/null
+# put main workspaces on big monitor
+workspace 1 output LVDS-1
+workspace 2 output HDMI-1-0
+workspace 3 output HDMI-1-0
+workspace 4 output HDMI-1-0
+workspace 5 output HDMI-1-0
+workspace 6 output HDMI-1-0
+workspace 7 output HDMI-1-0
+workspace 8 output HDMI-1-0
+workspace 9 output HDMI-1-0
+workspace 10 output HDMI-1-0
+
+# default to big monitor's first workspace
+# exec "i3-msg 'workspace 1'"
--- /dev/null
+# The extreme --pos disconnects the cursor movement spaces, so mouse stays inside selected screen.
+xrandr --output LVDS-1 --mode 1368x768 --output HDMI-1-0 --auto --pos 2000x2000
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+shift 2
+
+cd "${setup_scripts_dir}"
+
+# Adapt /etc/ to our needs by copying from ./etc_files. This will set
+# basic configurations affecting following steps, such as setup of APT
+# and the locale selection, so needs to be right at the beginning.
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
+
+# Set hostname and FQDN.
+./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
+
+# Ensure package installation state as defined by what packages are
+# defined as required by Debian policy and by settings in ./apt-mark/.
+apt update
+./install_for_target.sh all "$@"
+./purge_nonrequireds.sh all "$@"
+
+# Ensure our desired locale is available.
+locale-gen
+
+# Only upgrade after reducing the system to the desired minimum, so that
+# we don't need to get more data than necessary.
+apt -y dist-upgrade
+
+# Set Berlin localtime.
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
--- /dev/null
+#!/bin/sh
+# Copy files in argument-selected subdirectories of $1 to subdirectories
+# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
+# of "" and $3 of "all", copy files below etc_files/all such as
+# etc_files/all/etc/foo/bar to equivalent locations below / such as
+# /etc/foo/bar. Create directories as necessary. Multiple arguments after
+# $3 are possible.
+#
+# CAUTION: This removes original files at the affected paths.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 3 "(source root, target root, modules)" "$@"
+
+source_root="$1"
+target_root="$2"
+shift 2
+
+for target_module in "$@"; do
+ mkdir -p "${source_root}/${target_module}"
+ cd "${source_root}/${target_module}"
+ for path in $(find . -type f); do
+ target_path="${target_root}"$(echo "${path}" | cut -c2-)
+ source_path=$(realpath "${path}")
+ dir=$(dirname "${target_path}")
+ mkdir -p "${dir}"
+ cp "${source_path}" "${target_path}"
+ done
+done
--- /dev/null
+../../bullseye/setup_scripts/init_user_and_keybased_login.sh
\ No newline at end of file
--- /dev/null
+../../bullseye/setup_scripts/init_user_login.sh
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+# Walks through the package names in the argument-selected files of
+# apt-mark/ and ensures the respective packages are installed.
+#
+# Ignores anything in an apt-mark/ file after the last newline.
+set -e
+. ./misc.sh
+
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ # TODO: continue if file at $path not found, to get rid of dummy files
+ cat "${path}" | while read line; do
+ echo "$line"
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
+ fi
+ done
+done
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(old server IP)" "$@"
+old_server="$1"
+cp "${setup_scripts_dir}/misc.sh" /home/plom/
+cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
+chown plom:plom /home/plom/prepare_to_meet_server.sh
+su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+read -p'Hit Enter when you are done.' ignore
+rm /home/plom/prepare_to_meet_server.sh
+cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
+rm /home/plom/mirror_dir.sh
+rm /home/plom/misc.sh
--- /dev/null
+#!/bin/sh
+# Mirror directory tree from remote to local server, keeping the path.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 2 "(server, directory)" "$@"
+server=$1
+dir=$2
+path_package=/tmp/delete.tar
+
+eval `ssh-agent`
+ssh-add
+cd
+ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
+scp plom@"${server}":"${path_package}" "${path_package}"
+mkdir -p "${dir}"
+cd "${dir}"
+tar xf "${path_package}"
+cd
+rm "${path_package}"
+ssh plom@"${server}" rm "${path_package}"
--- /dev/null
+#!/bin/sh
+set -e
+debian_version="bookworm"
+legal_system_names="x220 w530 h610m"
+config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
+if [ ! -d "${config_tree_prefix}" ]; then
+ config_tree_prefix="${HOME}/config/${debian_version}"
+fi
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+expect_setup_finished_file() {
+ filename="$1"
+ setup_script="$2"
+ if [ ! -f "${HOME}/${filename}" ]; then
+ echo "First need to run ${setup_script}."
+ false
+ fi
+}
+
+get_system_name_arg() {
+ found=0
+ for system_name_i in $legal_system_names; do
+ if [ "$1" = "$system_name_i" ]; then
+ found=1
+ system_name="${system_name_i}"
+ continue
+ fi
+ done
+ if [ "$found" = 0 ]; then
+ echo "Need legal system name."
+ false
+ fi
+}
--- /dev/null
+#!/bin/sh
+# Do some of the steps necessary to SSH (key-based) with another server.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server IP)" "$@"
+target="$1"
+
+# We need a public key to copy over, so generate it if not found.
+if [ ! -f ~/.ssh/id_rsa.pub ]; then
+ ssh-keygen -N ""
+fi
+
+# Add target to ~/.ssh/known_hosts so we don't get
+# asked for permission at inopportune moments.
+ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
+
+# Tell user what to do.
+echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
+cat ~/.ssh/id_rsa.pub
--- /dev/null
+#!/bin/sh
+# This script removes all Debian packages that are not of Priority
+# "required" or not depended on by packages of priority "required"
+# or not listed in the argument-selected files of apt-mark/.
+set -e
+. ./misc.sh
+
+# FIXME packages listed twice in the aptmark_dir get blacklisted?
+
+dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ cat "${path}" | while read line; do
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ echo "${line}" >> /tmp/list_white_unsorted
+ fi
+ done
+done
+sort /tmp/list_white_unsorted > /tmp/list_white
+dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
+sort /tmp/list_all_packages > /tmp/foo
+mv /tmp/foo /tmp/list_all_packages
+comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
+apt-mark auto `cat /tmp/list_black`
+DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
--- /dev/null
+#!/bin/sh
+# Sets hostname and optionally FQDN.
+#
+# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
+# writing follows recommendations from Debian manual at
+# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
+# (section "The hostname resolution") on how to map hostname and possibly
+# FQDN to a permanent IP if present (we assume here any non-private IP
+# and non-loopback IP returned by hostname -I to fulfill that criterion
+# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
+# localhost and hostname mapping to different IPs, see
+# <https://unix.stackexchange.com/a/13087>.
+#
+# Ignores IPv6s.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(hostname, fqdn)" "$@"
+
+hostname="$1"
+fqdn="$2"
+echo "${hostname}" > /etc/hostname
+hostname "${hostname}"
+
+final_ip="127.0.1.1"
+for ip in $(hostname -I); do
+ if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
+ continue
+ fi
+ range_1=$(echo "${ip}" | cut -d "." -f 1)
+ range_2=$(echo "${ip}" | cut -d "." -f 2)
+ if [ "${range_1}" -eq 127 ]; then
+ continue
+ elif [ "${range_1}" -eq 10 ]; then
+ continue
+ elif [ "${range_1}" -eq 172 ]; then
+ if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+ continue
+ fi
+ elif [ "${range_1}" -eq 192 ]; then
+ if [ "${range_2}" -eq 168 ]; then
+ continue
+ fi
+ fi
+ final_ip="${ip}"
+done
+
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+# Set up system without user environment.
+cd "${setup_scripts_dir}"
+if [ "$system_name" = "w530" || "$system_name" = "x220"]; then
+ ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
+else
+ ./_setup.sh "${system_name}" "" user desktop "${system_name}"
+fi
+
+# # Set up printer.
+# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb"
+# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
+# dpkg --add-architecture i386
+# apt update
+# apt install -y "./${ppd_deb}"
+# service cups restart
+# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
+# rm "./${ppd_deb}"
+# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
+
+# Set up NVIDIA eGPU config.
+if [ "$system_name" = "w530" ]; then
+ cd
+ git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+ cd open-gpu-kernel-modules
+ git checkout 337e28e
+ # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+ make modules -j$(nproc)
+ make modules_install
+ cd
+ driver_version=535.86.05
+ # driver_version=545.29.06
+ runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+ wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+ rmmod nouveau
+ chmod u+x ${runscript}
+ ./${runscript} --no-kernel-modules --silent
+ depmod
+ # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
+fi
+
+# Set up user environments.
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
+adduser --disabled-password --gecos "" plom
+usermod -a -G sudo plom
+passwd plom
+cp -a ~/config /home/plom
+chown -R plom:plom /home/plom/config
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Install Firefox directly from Mozilla.
+firefox_release="128.4.0esr"
+firefox_filename="firefox-${firefox_release}.tar.bz2"
+url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
+wget "${url_firefox}"
+mv "${firefox_filename}" /opt/
+cd /opt/
+tar xf "${firefox_filename}"
+rm "${firefox_filename}"
+ln -f -s /opt/firefox/firefox /usr/local/bin/
+update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
+update-alternatives --set x-www-browser /opt/firefox/firefox
+
+echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source."
+
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+cd $setup_scripts_dir
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
+
+secrets_dev="sdb"
+source_dir_secrets="/media/${secrets_dev}/to_usb"
+target_dir_secrets="${HOME}/tmp_secrets"
+echo "Put secrets drive into slot for /dev/${secrets_dev}."
+while [ ! -e /dev/"${secrets_dev}" ]; do
+ sleep 1
+done
+stty -echo
+printf "Secrets passphrase: "
+read SECRETS_PASS
+stty echo
+echo "" # newline so user knows their input return was accepted
+sudo -v
+echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
+cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+sudo chown -R plom:plom "${target_dir_secrets}"
+sudo pumount "${secrets_dev}"
+echo "You can remove /dev/${secrets_dev} now."
+
+# Set up iniitial non-public parts of infrastructure: SSH authentication.
+ssh_dir=~/.ssh
+cd "${target_dir_secrets}"
+mkdir -p "${ssh_dir}"
+echo "Setting up .ssh"
+cp id_rsa ~/.ssh
+stty -echo
+ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+stty echo
+eval $(ssh-agent)
+ssh-add
+ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+
+# Fill ~/public_repos.
+public_repos_dir="${HOME}/public_repos"
+repos_list_file="${public_repos_dir}/repos"
+mkdir -p "${public_repos_dir}"
+cat "${repos_list_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo_name="${line}"
+ if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+ cd "${public_repos_dir}"
+ git clone plom@plomlompom.com:/var/repos/${repo_name}
+ fi
+done
+
+# Remove redundant config repo copy.
+config_tree_prefix="${public_repos_dir}/config/${debian_version}"
+rm -rf ~/config
+
+# # Set up native messenger for tridactyl.
+# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
+# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
+
+# Set up further non-public parts of infrastructure.
+cd "${target_dir_secrets}"
+script -c 'gpg --import secret_keys.asc' /dev/null
+path_borgscript="${config_tree_prefix}//borg.sh"
+
+# borg setup
+borgkeys_dir=~/.config/borg/keys
+borgrepos_file=~/.borgrepos
+tar xf borg_keyfiles.tar
+mkdir -p "${borgkeys_dir}"
+mv borg_keyfiles/* "${borgkeys_dir}"
+# Sync org dir via borgbackup. For this we need the borgbackup servers
+# in our .ssh/known_hosts file.
+cat "${borgrepos_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ server=$(echo "${line}" | sed 's/.*@//')
+ ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+done
+BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+
+# .authinfo may not be present on every secrets drive yet
+authinfo_file=.authinfo
+if [ -f "${authinfo_file}" ]; then
+ cp "${authinfo_file}" ~
+fi
+cd
+
+maildir=~/mail/maildir
+# # Set up e-mail system. Note that we only do mbsync if the imap pass file
+# # is found. It may not be present on every secrets drive yet, so we have to
+# # deal with the possibility of it being absent at this point.
+mkdir -p "${maildir}" # expected by mbsync/isync
+if [ -f "${HOME}/${authinfo_file}" ]; then
+ mbsync -a
+ notmuch new
+fi
+
+# # Final note on how to integrate tridactyl.
+# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Set up NVIDIA eGPU config.
+cd
+# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+# cd open-gpu-kernel-modules
+# git checkout 337e28e
+# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+# make modules -j$(nproc)
+# make modules_install
+# cd
+driver_version=535.86.05
+# driver_version=545.29.06
+runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+set +e
+rmmod nouveau
+set -e
+chmod u+x ${runscript}
+./${runscript} --no-kernel-modules --silent
+depmod
+# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_setup_finished_file setup_server_has_been_run setup_server.sh
+
+plom_home_dir=/home/plom
+
+cd "${setup_scripts_dir}"
+cp "${config_tree_prefix}/home_files/seedbox/.rtorrent.rc" "${plom_home_dir}"
+chown plom:plom "${plom_home_dir}/.rtorrent.rc"
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" seedbox
+./install_for_target.sh seedbox
+mkdir "${plom_home_dir}/downloads"
+chown plom:plom "${plom_home_dir}/downloads"
+mkdir "${plom_home_dir}/session"
+chown plom:plom "${plom_home_dir}/session"
+systemctl enable rtorrent.service --now
--- /dev/null
+#!/bin/sh
+# Next setup steps for a server whose login policy has just been set from
+# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+additional_arg="$3"
+
+# Set up basic server system.
+cd "${setup_scripts_dir}"
+./_setup.sh "${hostname}" "${fqdn}" server "$@"
+
+# If we have not yet set the shell for user plom, ensure it here. This
+# is mostly for convenience.
+usermod -s /bin/bash plom
+
+# Enable firewall.
+systemctl enable nftables.service
+
+touch "$HOME/setup_server_has_been_run"
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_setup_finished_file setup_web_has_been_run setup_web.sh
+
+expect_n_args 1 "(website template, i.e. status.plomlompom.com, tube.plomlompom.com …)" "$@"
+website_template="$1"
+shift 1
+
+mirror_ip=""
+mirror_state="not mirroring automatically, since no IP given"
+domain="${website_template}"
+mail="plom+webmaster@plomlompom.com"
+if [ "$#" -gt 0 ]; then
+ domain="$1"
+ if [ "$#" -gt 1 ]; then
+ mail="$2"
+ if [ "$#" -gt 2 ]; then
+ mirror_ip="$3"
+ mirror_state="mirroring automatically from ${mirror_ip}"
+ fi
+ fi
+fi
+echo "Assuming domain ${domain} and letsencrypt support mail address ${mail} and ${mirror_state}, abort and provide as arguments in this order if other desired! (Otherwise just hit Return.)"
+read _
+
+if [ ! -z "${mirror_ip}" ]; then
+ # Set up connection to old server.
+ cp "${setup_scripts_dir}/misc.sh" /home/plom/
+ cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
+ chown plom:plom /home/plom/prepare_to_meet_server.sh
+ su -lc "./prepare_to_meet_server.sh ${mirror_ip}" plom
+ read -p 'Hit Enter when you are done.' ignore
+ rm /home/plom/prepare_to_meet_server.sh
+
+ # Mirror dirs.
+ cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
+ su -lc "./mirror_dir.sh ${mirror_ip} /var/www/${website_template}" plom
+ rm /home/plom/mirror_dir.sh
+ rm /home/plom/misc.sh
+fi
+
+# Install configs, set up firewall.
+./install_for_target.sh "${website_template}"
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" "${website_template}"
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Prepare NGINX.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" "/etc/nginx/sites-available/${website_template}.nginx"
+ln -s "/etc/nginx/sites-available/${website_template}.nginx" "/etc/nginx/sites-enabled/${website_template}.nginx"
+
+service nginx restart
+
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_setup_finished_file setup_server_has_been_run setup_server.sh
+
+expect_n_args 1 "(domain name)" "$@"
+domain="$1"
+
+# Install configs, set up firewall.
+./install_for_target.sh web
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
+nft -f /etc/nftables.conf
+
+chown plom /var/www
+
+# # Set up letsencrypt certificate. TODO: Is it auto-renewed?
+# ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+# certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+# rm /etc/nginx/sites-enabled/default
+
+# # Prepare NGINX for status.plomlompom.com.
+# sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/status.plomlompom.com.nginx
+# ln -s /etc/nginx/sites-available/status.plomlompom.com.nginx /etc/nginx/sites-enabled/status.plomlompom.com.nginx
+#
+# service nginx restart
+
+touch "$HOME/setup_web_has_been_run"
--- /dev/null
+#!/bin/sh
+
+# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't
+# expect any customized config files to survive this. If you run this on a
+# remote machine, take care not to loose anything you need to re-connect, e.g.
+# any relevant adaptations you did to /etc/ssh/sshd_config …
+
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+path_sources_list="/etc/apt/sources.list"
+
+export DEBIAN_FRONTEND=noninteractive
+apt update
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
+cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
+apt clean
+apt update
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
+apt -y autoremove
+cp "${local_path_sshd_config}" "${system_path_sshd_config}"
--- /dev/null
+#!/bin/sh
+set -e
+
+PATH_REL_ETC=etc
+PATH_REL_APTMARK=aptmark
+PATH_REL_REPO=config
+PATH_REL_HOME=home
+PATH_MANY=../../many_releases
+PATH_MANY_MISC="${PATH_MANY}/scripts/_misc.sh"
+ROOTS_HERE_AND_MANY="${PATH_MANY} .."
+
+USERNAME=plom
+PATH_USER_HOME="/home/${USERNAME}"
+
+FILENAME_PRIVATE_KEY=id_rsa
+FILENAME_PUBLIC_KEY="${FILENAME_PRIVATE_KEY}.pub"
+URL_PUBLIC_KEY="https://dump.plomlompom.com/dump/${FILENAME_PUBLIC_KEY}"
+PATH_REL_LOCAL_SSH=.ssh
+PATH_REL_AUTHORIZED_KEYS="${PATH_REL_LOCAL_SSH}/authorized_keys"
+PATH_AUTHORIZED_KEYS="${HOME}/${PATH_REL_AUTHORIZED_KEYS}"
+PATH_USER_SSH="${PATH_USER_HOME}/${PATH_REL_LOCAL_SSH}"
+
--- /dev/null
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client unpredictably so
+ifupdown
+isc-dhcp-client
+# git for the setup directory; cloning works with ca-certificates
+ca-certificates
+git
+# to avoid constant warnings about no locale being found
+locales
+# extremely useful for basic network debugging; missed these more than once in an emergency
+netcat-traditional
+iputils-ping
+
--- /dev/null
+# so we can still connect
+openssh-server
+# this gotta be good for _something_ …
+raspi-firmware
+# to boot into a graphical environment
+greetd
+sway
+# for waybar script
+calc
+# for sound
+pulseaudio
+# for setting console keyboard via /etc/default/keyboard
+console-setup
+# for setting system time
+ntpsec-ntpdate
+# basic usage
+mpv
+firefox-esr
+# for convenience
+foot
+less
+sudo
+vim
+ack
+man-db
+# for ytplom
+python3-venv
+libmpv2
+ffmpeg
+
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+[terminal]
+vt = 7
+[default_session]
+command = "~/.nonpath_bins/on_session_start.sh"
+user = "plom"
--- /dev/null
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+PermitRootLogin no # plomlompom's security rule
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+ClientAliveInterval 15
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
--- /dev/null
+[Unit]
+Description=Monitor temperature to throttle CPU if necessary
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/root/throttle_cpu.sh
+Restart=always
+RestartSec=10
+User=root
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Other helpful aliases
+alias sshauth='eval $(ssh-agent) && ssh-add'
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+ colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+ tput_color="\[$tput_color\]"
+ tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
--- /dev/null
+fullscreen=yes
+profile=fast
+vo=gpu
+ao=pulse
--- /dev/null
+# because these are included by /etc/sway/config for probably good reason …
+include /etc/sway/config-vars.d/*
+include /etc/sway/config.d/*
+
+# simple green background
+output * background #559911 solid_color
+
+# keyboard layout
+input * xkb_layout "de"
+
+# waybar
+bar {
+ position top
+ status_command ~/.nonpath_bins/status.sh
+}
+
+# keybindings
+set $mod Mod4
+
+bindsym $mod+Return exec foot
+bindsym $mod+Shift+q kill
+bindsym $mod+Shift+p exit
+
+bindsym $mod+f fullscreen
+bindsym $mod+space focus mode_toggle
+bindsym $mod+Shift+space floating toggle
+
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
--- /dev/null
+#!/usr/bin/sh
+# Iinitalize anything we want in our sessions opened by greetd.
+
+# Workaround to pulseaudio daemon somehow not respecting setting these with
+# ~/.config/pulse/default.pa – note that the first pactl call also seems
+# necessary, probably for forcing some init routines without which the pacmd
+# calls that follow won't work; TODO: find cleaner solutions
+pactl list sinks > /dev/null
+pacmd set-default-sink alsa_output.platform-fef05700.hdmi.hdmi-stereo
+pacmd set-sink-volume alsa_output.platform-fef05700.hdmi.hdmi-stereo 65536
+
+# Wayland environment.
+/usr/bin/sway
--- /dev/null
+#!/bin/sh
+# see sway-bar(5) and swaybar-protocol(7)
+MEGA=1000
+GIGA=1000000
+printf '{ "version": 1 }\n[\n'
+while true; do
+ printf ' [\n'
+ printf ' {"full_text": "%s"},\n' "$(ip -4 addr show scope global | grep -oP '(?<=inet\s)\d+(\.\d+){3}')"
+ printf ' {"full_text": "%d° C"},\n' $(calc "$(cat /sys/class/thermal/thermal_zone0/temp) // ${MEGA}")
+ printf ' {"full_text": "%.1f/%.1f GHz"},\n' $(calc "$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq) / ${GIGA}") $(calc "$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq) / ${GIGA}")
+ printf ' {"full_text": "%s"},\n' "$(date +'%Y-%m-%d %X')"
+ printf ' ],\n'
+ sleep 1
+done
--- /dev/null
+# ~/.profile: executed by the command interpreter for login shells.
+
+# simplified defaults: read .bashrc, extend PATH by bin dirs
+. "$HOME/.bashrc"
+PATH="$HOME/.local/bin:$HOME/bin:$PATH"
+
+# to forward video on commands run via SSH login to screen we expect connected
+if [ -n "$SSH_CONNECTION" ]; then
+ export WAYLAND_DISPLAY=wayland-1
+fi
--- /dev/null
+#!/bin/sh
+set -e
+
+MED_TEMP=85000
+MAX_TEMP=95000
+
+MIN_FREQ=600000
+MED_FREQ=1000000
+MAX_FREQ=1500000
+
+PATH_TEMP='/sys/class/thermal/thermal_zone0/temp'
+
+set_max_freq() {
+ for cpu in /sys/devices/system/cpu/cpu[0-9]*; do
+ echo "$1" > "$cpu/cpufreq/scaling_max_freq"
+ done
+ echo "$1"
+}
+
+freq_set=$(set_max_freq "${MIN_FREQ}")
+while true; do
+ temp=$(cat "${PATH_TEMP}")
+ if [ "${temp}" -ge "${MAX_TEMP}" ]; then
+ if [ "${freq_set}" -gt "${MIN_FREQ}" ]; then
+ freq_set=$(set_max_freq "${MIN_FREQ}")
+ fi
+ elif [ "${temp}" -ge "${MED_TEMP}" ]; then
+ if [ "${freq_set}" -gt "${MED_FREQ}" ]; then
+ freq_set=$(set_max_freq "${MED_FREQ}")
+ fi
+ elif [ "${freq_set}" -lt "${MAX_FREQ}" ]; then
+ freq_set=$(set_max_freq "${MAX_FREQ}")
+ fi
+ sleep 1
+done
--- /dev/null
+#!/bin/sh
+set -e
+
+export DEBIAN_FRONTEND=noninteractive
+
+expect_min_n_args() {
+ min_args="$1"
+ explainer="$2"
+ shift 2
+ if [ "$#" -lt "${min_args}" ]; then
+ echo "Need at least ${min_args} arguments … ${explainer}"
+ false
+ fi
+}
+
+copy_dirtree() {
+ # Copy files in argument-selected subdirectories of $1 to subdirectories
+ # of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
+ # of "" and $3 of "all", copy files below etc_files/all such as
+ # etc_files/all/etc/foo/bar to equivalent locations below / such as
+ # /etc/foo/bar. Create directories as necessary. Multiple arguments after
+ # $3 are possible.
+ #
+ # CAUTION: This overwrites original files at the affected paths.
+ expect_min_n_args 3 "(source root, target root, modules)" "$@"
+ source_root="$1"
+ target_root="$2"
+ shift 2
+ modules="$@"
+ initial_directory="$(pwd)"
+ for module in ${modules}; do
+ module_path="${source_root}/${module}"
+ if [ ! -d "${module_path}" ]; then
+ continue
+ fi
+ cd "${module_path}"
+ for path in $(find . -type f); do
+ target_path="${target_root}"$(echo "${path}" | cut -c2-)
+ source_path=$(realpath "${path}")
+ dir=$(dirname "${target_path}")
+ mkdir -p "${dir}"
+ cp "${source_path}" "${target_path}"
+ done
+ cd "${initial_directory}"
+ done
+}
+
+install_for_modules() {
+ # Walk through the package names in the argument-selected files of
+ # apt-mark/ and ensures the respective packages are installed.
+ #
+ # Caution: Ignores anything in an apt-mark/ file after the last newline,
+ # so make sure there's nothing meaningful thereafter.
+ expect_min_n_args 2 "(apt_mark_dir, modules)" "$@"
+ apt_mark_dir="$1"
+ shift 1
+ modules="$@"
+ for module in ${modules}; do
+ path="${apt_mark_dir}/${module}"
+ if [ ! -f "${path}" ]; then
+ continue
+ fi
+ cat "${path}" | while read line; do
+ echo "$line"
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ apt-get -y -o Dpkg::Options::="--force-confnew" install "${line}"
+ fi
+ done
+ done
+}
+
+mark_nonrequireds_auto() {
+ path_list_unsorted='/tmp/list_unsorted'
+ path_list_all_packages='/tmp/list_all_packages'
+ path_list_white='/tmp/list_white'
+ path_list_black='/tmp/list_black'
+ dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > "${path_list_unsorted}"
+ sort "${path_list_unsorted}" | uniq > "${path_list_white}"
+ dpkg-query -Wf '${Package}\n' > "${path_list_unsorted}"
+ sort "${path_list_unsorted}" | uniq > "${path_list_all_packages}"
+ comm -3 "${path_list_all_packages}" "${path_list_white}" > "${path_list_black}"
+ apt-mark auto `cat "${path_list_black}"`
+ rm "${path_list_unsorted}" "${path_list_all_packages}" "${path_list_white}" "${path_list_black}"
+}
+
+upgrade_from_older_release() {
+ # Upgrade system to calling context's Debian release.
+ # Caution: Don't expect any customized /etc files to surivive this!
+ path_sources_list='/apt/sources.list'
+ apt update
+ apt -y -o Dpkg::Options::='--force-confnew' upgrade
+ apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
+ cp "../etc/all${path_sources_list}" "/etc${path_sources_list}"
+ apt clean
+ apt update
+ apt -y -o Dpkg::Options::='--force-confnew' upgrade
+ apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
+ apt -y autoremove
+}
+
+add_my_public_key() {
+ # NB: vars expected to be pulled in from caller previously calling constants.sh!
+ apt update
+ apt -y install wget
+ wget "${URL_PUBLIC_KEY}"
+ cat "${FILENAME_PUBLIC_KEY}" >> "${PATH_AUTHORIZED_KEYS}"
+ rm "${FILENAME_PUBLIC_KEY}"
+}
+
+setup_for_raspi() {
+ # NB: vars expected to be pulled in from caller previously calling constants.sh!
+
+ # ensure we can log in
+ add_my_public_key
+ # (alternatively, or preceding this to reduce non-remote typing, TEMPORARILY
+ # (!) set password login:)
+ # passwd
+ # echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
+
+ # migrate to testing
+ upgrade_from_older_release
+
+ # on installing console-setup, will guide it to do the right thing (including
+ # re-writing /etc/default/keyboard)
+ echo 'XKBLAYOUT=de' > /etc/default/keyboard
+
+ # properly configure apt and reduce system to minimum that satisfies our own
+ # aptmark/ package lists
+ for root in ${ROOTS_HERE_AND_MANY}; do
+ copy_dirtree "${root}/${PATH_REL_ETC}/all" '/etc/apt' apt
+ done
+ apt update
+ mark_nonrequireds_auto
+ for root in ${ROOTS_HERE_AND_MANY}; do
+ install_for_modules "${root}/${PATH_REL_APTMARK}" all raspi
+ done
+ apt -y --purge autoremove
+ for root in ${ROOTS_HERE_AND_MANY}; do
+ copy_dirtree "${root}/${PATH_REL_ETC}" '/etc' all raspi
+ done
+
+ # Ensure our desired locale is available.
+ locale-gen
+
+ # Set Berlin localtime.
+ ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+ ntpdate-debian
+
+ # so Sway won't complain about failing to access non-existant background image file
+ sed -i '/^output \* bg/ s/^/#/' /etc/sway/config
+
+ # Set up root environment.
+ for root in ${ROOTS_HERE_AND_MANY}; do
+ copy_dirtree "${root}/${PATH_REL_HOME}" '/root' all root raspi_root
+ done
+
+ # Set up user and their environment.
+ adduser --disabled-password --gecos "" "${USERNAME}"
+ usermod -a -G sudo "${USERNAME}"
+ for root in ${ROOTS_HERE_AND_MANY}; do
+ copy_dirtree "${root}/${PATH_REL_HOME}" "${PATH_USER_HOME}" all desktop raspi
+ done
+ mkdir "${PATH_USER_SSH}"
+ cp "${PATH_AUTHORIZED_KEYS}" "${PATH_USER_SSH}"
+ chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_HOME}"
+ passwd "${USERNAME}"
+ rm "${PATH_AUTHORIZED_KEYS}"
+
+ # Activate /root/throttle_cpu.sh daemonization.
+ systemctl enable throttle_cpu.service
+ systemctl start throttle_cpu.service
+}
+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
+++ /dev/null
-# needed to log in to server via ssh
-openssh-server
-# provides /etc/inputrc and understanding of ctrl+arrow key combos
-readline-common
-# provides systemd scripts that configure iptables via /etc/iptables/*
-iptables-persistent
-# this line is here because the shell "read" in install_for_target.sh ignores lines without final newline
\ No newline at end of file
+++ /dev/null
-#!/bin/sh
-set -e
-
-standard_repo="borg"
-config_file="${HOME}/.borgrepos"
-
-usage() {
- echo "Need operation as argument, one of:"
- echo "init"
- echo "store"
- echo "check"
- echo "export_keyfiles"
- echo "orgpush"
- echo "orgpull"
- false
-}
-
-read_pw() {
- if [ "${#SSH_AGENT_PID}" -eq 0 ]; then
- eval $(ssh-agent)
- echo "ssh-add"
- stty -echo
- ssh-add
- stty echo
- fi
- if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then
- stty -echo
- printf "Borg passphrase: "
- read password
- stty echo
- printf "\n"
- export BORG_PASSPHRASE="${password}"
- fi
-}
-
-if [ ! -f "${config_file}" ]; then
- echo '# file read ends at last newline' >> "${config_file}"
-fi
-if [ "$#" -lt 1 ]; then
- usage
-fi
-first_arg="$1"
-shift
-if [ "${first_arg}" = "init" ]; then
- if [ ! "$#" -eq 1 ]; then
- echo "Need exactly one argument: target of form user@server"
- false
- fi
- target="$1"
- echo "Initializing: ${target}"
- borg init --verbose --encryption=keyfile "${target}:${standard_repo}"
- tmp_file="/tmp/new_borgrepos"
- echo "${target}" > "${tmp_file}"
- cat "${config_file}" >> "${tmp_file}"
- cp "${tmp_file}" "${config_file}"
-elif [ "${first_arg}" = "store" ]; then
- if [ ! "$#" -eq 2 ]; then
- echo "Need precisely two arguments: archive name and path to archive."
- false
- fi
- archive_name=$1
- shift
- to_backup="$@"
- read_pw
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}"
- echo "Creating archive: ${archive}"
- borg create --verbose --list "${archive}" "${to_backup}"
- done
-elif [ "${first_arg}" = "check" ]; then
- if [ ! "$#" -eq 0 ]; then
- echo "Need no arguments"
- false
- fi
- read_pw
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- echo "Checking repo: ${repo}"
- borg check --verbose "${repo}"
- done
-elif [ "${first_arg}" = "export_keyfiles" ]; then
- if [ ! "$#" -eq 1 ]; then
- echo "Need output tar file name."
- false
- fi
- tar_target="${1}"
- tmp_dir="${HOME}/.borgtmp"
- keyfiles_dir="${tmp_dir}/borg_keyfiles"
- mkdir -p "${keyfiles_dir}"
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- borg key export "${repo}" "${keyfiles_dir}/${line}"
- done
- cur_dir="$(pwd)"
- cd "${tmp_dir}"
- target=$(basename "${keyfiles_dir}")
- tar cf "${tar_target}" "${target}"
- mv "${tar_target}" "${cur_dir}"
- cd
- rm -rf "${tmp_dir}"
-elif [ "${first_arg}" = "orgpush" ]; then
- archive_name="orgdir"
- to_backup=~/org
- read_pw
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}"
- echo "Creating archive: ${archive}"
- borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git
- done
-elif [ "${first_arg}" = "orgpull" ]; then
- archive_name="orgdir"
- read_pw
- cd /
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ')
- echo "Pulling archive: ${archive}"
- borg extract --verbose "${repo}::${archive}"
- break
- done
-else
- usage
-fi
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://deb.debian.org/debian stretch main contrib non-free
-deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free
-deb http://deb.debian.org/debian stretch-updates main contrib non-free
-deb http://ftp.debian.org/debian stretch-backports main contrib non-free
\ No newline at end of file
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-# /etc/aliases
-
-# As per RFC 2142.
-mailer-daemon: plom
-postmaster: plom
-hostmaster: plom
-usenet: plom
-news: plom
-webmaster: plom
-www: plom
-ftp: plom
-abuse: plom
-noc: plom
-security: plom
-root: plom
-
-# Personal aliases.
-plomlompom: plom
-christian.heller: plom
-christian_heller: plom
-christianheller: plom
-c.heller: plom
-heller: plom
+++ /dev/null
-# This is only necessary when we use dovecot's LMTP mechanism to receive
-# mail from postfix.
-auth_username_format = %Ln
+++ /dev/null
-# Add sieve filtering.
-protocol lmtp {
- mail_plugins = $mail_plugins sieve
-}
+++ /dev/null
-mail_privileged_group = mail
\ No newline at end of file
+++ /dev/null
-service auth {
- unix_listener auth-userdb {
- }
-
- unix_listener /var/spool/postfix/private/auth {
- mode = 0660
- user = postfix
- group = postfix
- }
-}
-
-# We don't strictly need to provide a LMTP server to fetch mail from
-# postfix, but we do if we want to do sophisticated stuff like sieve
-# filtering on the way.
-service lmtp {
- inet_listener lmtp {
- address = 127.0.0.1
- port = 2424
- }
-}
+++ /dev/null
-ssl = required
+++ /dev/null
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-# otherwise self-referential connections to local host will fail
--A INPUT -i lo -j ACCEPT
-# this enables ping etc.
--A INPUT -p icmp -j ACCEPT
-# tolerate any inbound connections requested by our server, no matter the port
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-# SSH
--A INPUT -p tcp --dport 22 -j ACCEPT
-# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter
--A INPUT -p tcp --dport 25 -j ACCEPT
-# SMTPS, for mail server to mail user agent communication
--A INPUT -p tcp --dport 465 -j ACCEPT
-# IMAPS
--A INPUT -p tcp --dport 993 -j ACCEPT
-COMMIT
-# this last line is here because iptables-restore ignores the final command if no newline follows it
\ No newline at end of file
+++ /dev/null
-# mailutils by default uses the FQDN as the mail domain name, fix this
-address {
- email-domain REPLACE_maildomain_ECALPER;
-};
+++ /dev/null
-# This is a basic configuration that can easily be adapted to suit a standard
-# installation. For more advanced options, see opendkim.conf(5) and/or
-# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
-
-# Log to syslog
-Syslog yes
-# Required to use local socket with MTAs that access the socket as a non-
-# privileged user (e.g. Postfix)
-UMask 007
-
-# Sign for example.com with key in /etc/dkimkeys/dkim.key using
-# selector '2007' (e.g. 2007._domainkey.example.com)
-#Domain example.com
-#KeyFile /etc/dkimkeys/dkim.key
-#Selector 2007
-Domain REPLACE_Domain_ECALPER
-KeyFile /etc/dkimkeys/REPLACE_Selector_ECALPER.private
-Selector REPLACE_Selector_ECALPER
-
-# Commonly-used options; the commented-out versions show the defaults.
-#Canonicalization simple
-#Mode sv
-#SubDomains no
-#SubDomains yes
-Canonicalization relaxed/simple
-
-# Socket smtp://localhost
-#
-# ## Socket socketspec
-# ##
-# ## Names the socket where this filter should listen for milter connections
-# ## from the MTA. Required. Should be in one of these forms:
-# ##
-# ## inet:port@address to listen on a specific interface
-# ## inet:port to listen on all interfaces
-# ## local:/path/to/socket to listen on a UNIX domain socket
-#
-#Socket inet:8892@localhost
-#Socket local:/var/run/opendkim/opendkim.sock
-Socket inet:12301@localhost
-
-## PidFile filename
-### default (none)
-###
-### Name of the file where the filter should write its pid before beginning
-### normal operations.
-#
-PidFile /var/run/opendkim/opendkim.pid
-
-
-# Always oversign From (sign using actual From and a null From to prevent
-# malicious signatures header fields (From and/or others) between the signer
-# and the verifier. From is oversigned by default in the Debian pacakge
-# because it is often the identity key used by reputation systems and thus
-# somewhat security sensitive.
-OversignHeaders From
-
-## ResolverConfiguration filename
-## default (none)
-##
-## Specifies a configuration file to be passed to the Unbound library that
-## performs DNS queries applying the DNSSEC protocol. See the Unbound
-## documentation at http://unbound.net for the expected content of this file.
-## The results of using this and the TrustAnchorFile setting at the same
-## time are undefined.
-## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
-## unbound package
-
-# ResolverConfiguration /etc/unbound/unbound.conf
-
-## TrustAnchorFile filename
-## default (none)
-##
-## Specifies a file from which trust anchor data should be read when doing
-## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
-## at http://unbound.net for the expected format of this file.
-
-TrustAnchorFile /usr/share/dns/root.key
-
-## Userid userid
-### default (none)
-###
-### Change to user "userid" before starting normal operation? May include
-### a group ID as well, separated from the userid by a colon.
-#
-UserID opendkim
\ No newline at end of file
+++ /dev/null
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-# TLS parameters (excluding smtpd_tls_(cert|key)_file for own adaption below)
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myorigin = /etc/mailname
-myhostname = REPLACE_myhostname_ECALPER
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER
-relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all
-
-# plomlompom-specific adaptions to allow TLS and SASL via LetsEncrypt/Dovecot.
-smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem
-smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-
-# connect to opendkim
-smtpd_milters = inet:localhost:12301
-non_smtpd_milters = inet:localhost:12301
-
-# transport mail to dovecot; not strictly needed, as even without this
-# postfix will throw mail to /var/mail/USER to be found by dovecot for
-# serving via IMAP etc.; but using dovecot's LMTP server for delivery
-# allows us to do stuff like dovecot-side sieve filtering.
-mailbox_transport = lmtp:inet:127.0.0.1:2424
\ No newline at end of file
+++ /dev/null
-#
-# Postfix master process configuration file. For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master" or
-# on-line: http://www.postfix.org/master.5.html).
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (no) (never) (100)
-# ==========================================================================
-smtp inet n - y - - smtpd
-#smtp inet n - y - 1 postscreen
-#smtpd pass - - y - - smtpd
-#dnsblog unix - - y - 0 dnsblog
-#tlsproxy unix - - y - 0 tlsproxy
-#submission inet n - y - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-smtps inet n - y - - smtpd
- -o syslog_name=postfix/smtps
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - y - - qmqpd
-pickup unix n - y 60 1 pickup
-cleanup unix n - y - 0 cleanup
-qmgr unix n - n 300 1 qmgr
-#qmgr unix n - n 300 1 oqmgr
-tlsmgr unix - - y 1000? 1 tlsmgr
-rewrite unix - - y - - trivial-rewrite
-bounce unix - - y - 0 bounce
-defer unix - - y - 0 bounce
-trace unix - - y - 0 bounce
-verify unix - - y - 1 verify
-flush unix n - y 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-smtp unix - - y - - smtp
-relay unix - - y - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - y - - showq
-error unix - - y - - error
-retry unix - - y - - error
-discard unix - - y - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - y - - lmtp
-anvil unix - - y - 1 anvil
-scache unix - - y - 1 scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
-
+++ /dev/null
-[Unit]
-Description=Run plom's fetchmail
-
-[Service]
-Type=oneshot
-User=plom
-# fetchmail returns 1 when no new mail, we want to catch that
-ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]'
+++ /dev/null
-[Unit]
-Description=Run pingmail check
-
-[Service]
-Type=oneshot
-User=plom
-ExecStart=/bin/sh -c '~/pingmail/pingmail check'
+++ /dev/null
-[Unit]
-Description=Run fetchmail once every minute
-
-[Timer]
-OnCalendar=*-*-* *:*:00
-
-[Install]
-WantedBy=timers.target
+++ /dev/null
-[Unit]
-Description=Run pingmail check once every hour
-
-[Timer]
-OnCalendar=*-*-* *:00:00
-
-[Install]
-WantedBy=timers.target
+++ /dev/null
-[Unit]
-Description=Pull website repo
-[Service]
-Type=oneshot
-User=plom
-ExecStart=/bin/sh -c '~/encrypter.sh'
+++ /dev/null
-[Unit]
-Description=Attempt encryption of old chatlogs once every minute.
-
-[Timer]
-OnCalendar=*-*-* *:*:00
-
-[Install]
-WantedBy=timers.target
\ No newline at end of file
+++ /dev/null
-# /etc/aliases
-postmaster: root
-root: plom@plomlompom.com
\ No newline at end of file
+++ /dev/null
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myorigin = /etc/mailname
-myhostname = $myorigin
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydestination = $myhostname localhost.$mydomain localhost
-relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = loopback-only
-inet_protocols = all
\ No newline at end of file
+++ /dev/null
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-# otherwise self-referential connections to local host will fail
--A INPUT -i lo -j ACCEPT
-# tolerate any inbound connections requested by our server, no matter the port
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-# this enables ping etc.
--A INPUT -p icmp -j ACCEPT
-# SSH
--A INPUT -p tcp --dport 22 -j ACCEPT
-COMMIT
-# this last line is here because iptables-restore ignores the final command if no newline follows it
\ No newline at end of file
+++ /dev/null
-# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin yes
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation sandbox
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
-
-ClientAliveInterval 120
-PasswordAuthentication no # plomlompom's security rule
+++ /dev/null
-# /etc/cron.d/certbot: crontab entries for the certbot package
-#
-# Upstream recommends attempting renewal twice a day
-#
-# Eventually, this will be an opportunity to validate certificates
-# haven't been revoked, etc. Renewal will only occur if expiration
-# is within 30 days.
-SHELL=/bin/sh
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-
-# plomlompom added the --webroot -w /var/www/html/ so that renewal
-# works with nginx running, and the nginx reload post-hook so that
-# the new certificates are linked to by nginx. Note that by default
-# we rely on the systemd timer service file instead of this cronjob,
-# but since both are installed by the certbot package to serve which
-# ever of the two is used, we cautiously adapt both of them too.
-0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload"
+++ /dev/null
-# path to git projects (<project>.git)
-$projectroot = "/var/public_repos";
-
-# directory to use for temp files
-# explicitely set by Debian so it's probably a good choice
-$git_temp = "/tmp";
-
-# git-diff-tree(1) options to use for generated patches
-# we don't want to to guess renames, so empty
-@diff_opts = ();
-
-# Base path for where to find the repos for cloning.
-@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
-
-# allow snapshots
-$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
-
-# insert header for GDPR compliance
-$site_header = "/var/www/header.html"
+++ /dev/null
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-# otherwise self-referential connections to local host will fail
--A INPUT -i lo -j ACCEPT
-# tolerate any inbound connections requested by our server, no matter the port
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-# this enables ping etc.
--A INPUT -p icmp -j ACCEPT
-# SSH
--A INPUT -p tcp --dport 22 -j ACCEPT
-# HTTP
--A INPUT -p tcp --dport 80 -j ACCEPT
-# HTTPS
--A INPUT -p tcp --dport 443 -j ACCEPT
-COMMIT
-# this last line is here because iptables-restore ignores the final command if no newline follows it
\ No newline at end of file
+++ /dev/null
-# system integration
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-
-# we need this for the xslt_stylesheet directive below
-#load_module modules/ngx_http_xslt_filter_module.so;
-
-# is expected even if empty
-events {
-}
-
-http {
- # define content-type headers
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- text/plain txt sh rst md asc;
- application/xhtml+xml xhtml;
- application/pdf pdf;
- image/jpeg jpg jpeg;
- image/png png;
- }
- default_type application/octet_stream;
- charset utf-8;
-
- # logging deactivated due to GDPR
- #access_log /var/log/nginx/access.log;
- #error_log /var/log/nginx/error.log;
-
- # HTTP server: only enforce HTTPS
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
-
- # HTTPS server
- server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/html/;
- index index.html index.htm index.nginx-debian.html;
-
- # serve /var/www/public_repos/* for HTTPS git cloning
- location ~ /repos/clone(/.*) {
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- fastcgi_param GIT_HTTP_EXPORT_ALL "";
- fastcgi_param GIT_PROJECT_ROOT /var/public_repos;
- fastcgi_param PATH_INFO $1;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- # gitweb static files
- location /repos/static/ {
- alias /usr/share/gitweb/static/;
- }
-
- # gitweb; this needs packages fcgiwrap and gitweb
- location /repos/ {
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
- fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- # login-protected IRC logs
- location ~ /irclogs/([^/]+)/ {
- auth_basic "$1 logs";
- auth_basic_user_file /var/www/irclogs_pw/$1;
- autoindex on;
- }
-
- ## entry for IRC logs
- #location /irclogs/ {
- # autoindex on;
- # autoindex_format xml;
- # xslt_stylesheet /var/www/autoindex.xslt;
- #}
- }
-}
+++ /dev/null
-[Unit]
-Description=Certbot
-Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
-Documentation=https://letsencrypt.readthedocs.io/en/latest/
-[Service]
-# plomlompom added the --webroot -w /var/www/html/ so that renewal
-# works with nginx running, and the nginx reload post-hook so that
-# the new certificates are linked to by nginx.
-Type=oneshot
-ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload"
-PrivateTmp=true
\ No newline at end of file
+++ /dev/null
-[Unit]
-Description=plomlombot screen
-
-[Service]
-Type=simple
-User=plom
-ExecStart=/bin/sh -c '~/plomlombot_daemon.sh'
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Ensure we have a GPG target to encrypt to.
-if [ $# -lt 1 ]; then
- echo "Need public key ID as argument."
- false
-fi
-gpg_key="$1"
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-apt -y install gnupg dirmngr
-keyservers='sks-keyservers.net/ keys.gnupg.net'
-set +e
-while true; do
- do_break=0
- for keyserver in $(echo "${keyservers}"); do
- su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
- if [ $? -eq "0" ]; then
- do_break=1
- break
- fi
- echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
- done
- if [ "${do_break}" -eq "1" ]; then
- break
- fi
-done
-set -e
-# TODO: We may remove dirmngr here if only this script installed it.
+++ /dev/null
-#!/bin/sh
-# Hard link files to those in argument-selected subdirectories of
-# linkable_etc_files//, e.g. link /etc/foo/bar to
-# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as
-# necessary. We do the hard linking so files that should be readable to
-# non-root in /etc/ remain so despite having a path below /root/, as
-# symbolic links point into /root/ without making the targets readable
-# to non-root.
-# CAUTION: This removes original files at the affected paths.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-linkable_files_dir="${config_tree_prefix}/linkable_etc_files"
-
-for target in "$@"; do
- cd "${linkable_files_dir}/${target}"
- for path in $(find . -type f); do
- linking=$(echo "${path}" | cut -c2-)
- linked=$(realpath "${path}")
- dir=$(dirname "${linking}")
- mkdir -p "${dir}"
- ln -f "${linked}" "${linking}"
- done
-done
+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access to
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
-set -e
-
-# Location auf a sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/config/all_new_2018"
-linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
- echo "Need server as argument."
- false
-fi
-server="$1"
-
-# Ask for root password only once, sshpass will re-use it then often.
-stty -echo
-printf "Server root password: "
-read PW_ROOT
-stty echo
-printf "\n"
-export SSHPASS="${PW_ROOT}"
-
-# Create user plom, and his ~/.ssh/authorized_keys based on the local
-# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login by copying over the
-# sshd_config and restart ssh daemon.
-#
-# This could be a line or two shorter by using ssh-copy-id, but that
-# would require setting a password for user plom otherwise not needed.
-sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
-sshpass -e ssh root@"${server}" \
- 'useradd -m plom && '\
- 'mkdir /home/plom/.ssh && '\
- 'chown plom:plom /home/plom/.ssh && '\
- 'chown plom:plom /tmp/authorized_keys && '\
- 'chmod u=rw,go= /tmp/authorized_keys && '\
- 'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-sshpass -e ssh root@"${server}" 'service ssh restart'
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- apt-get -y install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-# Certify current server with LetsEncrypt.
-# Uses hostname -f for the domain we want to certify.
-set -e
-
-# Ensure we have a mail address as argument.
-if [ $# -lt 1 ]; then
- echo "Need mail address as argument."
- false
-fi
-mail_address="$1"
-
-# We need certbot to get LetsEncrypt certificates.
-apt install -y certbot
-
-# If port 80 blocked by iptables, open it.
-set +e
-iptables -C INPUT -p tcp --dport 80 -j ACCEPT
-open_iptables="$?"
-set -e
-if [ "${open_iptables}" -eq "1" ]; then
- iptables -A INPUT -p tcp --dport 80 -j ACCEPT
-fi
-
-# Create new certificate and copy it to /etc/letsencrypt.
-certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)"
-
-# Remove iptables rule to open port 80 if we added it.
-if [ "${open_iptables}" -eq "1" ]; then
- iptables -D INPUT -p tcp --dport 80 -j ACCEPT
-fi
+++ /dev/null
-#!/bin/sh
-# Copy over LetsEncrypt certificates from another server.
-set -e
-
-# Ensure we have a server name as argument.
-if [ $# -lt 1 ]; then
- echo "Need server as argument."
- false
-fi
-server="$1"
-
-# Copy over.
-ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"'
-scp plom@${server}:~/letsencrypt.tar .
-apt -y install certbot
-rmdir /etc/letsencrypt
-mv letsencrypt.tar /etc/
-cd /etc/
-tar xf letsencrypt.tar
-rm letsencrypt.tar
+++ /dev/null
-#!/bin/sh
-# Mirror directory tree from remote to local server, keeping the path.
-set -e
-
-if [ $# -lt 2 ]; then
- echo "Need server and directory as arguments."
- false
-fi
-server=$1
-dir=$2
-path_package=/tmp/delete.tar
-
-eval `ssh-agent`
-ssh-add
-cd
-ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
-scp plom@"${server}":"${path_package}" "${path_package}"
-mkdir -p "${dir}"
-cd "${dir}"
-tar xf "${path_package}"
-cd
-rm "${path_package}"
-ssh plom@"${server}" rm "${path_package}"
+++ /dev/null
-#!/bin/sh
-# Do some of the steps necessary to SSH (key-based) with another server.
-set -e
-
-target="$1"
-
-# We need a public key to copy over, so generate it if not found.
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
- ssh-keygen
-fi
-
-# Add target to ~/.ssh/known_hosts so we don't get
-# asked for permission at inopportune moments.
-ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
-
-# Tell user what to do.
-echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
-cat ~/.ssh/id_rsa.pub
+++ /dev/null
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- echo "${line}" >> /tmp/list_white_unsorted
- fi
- done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
+++ /dev/null
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-set -e
-
-hostname="$1"
-fqdn="$2"
-if [ "${hostname}" = "" ]; then
- echo "Need hostname as argument."
- false
-fi
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
- continue
- fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
- continue
- fi
- fi
- final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
+++ /dev/null
-#/bin/sh
-set -e
-
-# Check we have the necessary arguments.
-if [ $# -lt 2 ]; then
- echo "Give arguments of mail domain and DKIM selector."
- echo "Also, if hosting mail for entire domain, give third argument 'domainwide'."
- false
-fi
-mail_domain="$1"
-dkim_selector="$2"
-domainwide="$3"
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-# Set up DKIM key. Only keep opendkim-tools on system if pre-installed.
-mkdir -p /etc/dkimkeys/
-set +e
-dpkg -s opendkim-tools &> /dev/null
-preinstalled="$?"
-set -e
-if [ ! "${preinstalled}" -eq "0" ]; then
- apt install -y opendkim-tools
-fi
-opendkim-genkey -s "${dkim_selector}"
-mv "${dkim_selector}.private" /etc/dkimkeys/
-if [ ! "${preinstalled}" -eq "0" ]; then
- apt -y --purge autoremove opendkim-tools
-fi
-
-# Link and adapt mail-server-specific /etc/ files.
-./hardlink_etc.sh mail
-sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf
-sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf
-sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf
-sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf
-if [ "${domainwide}" = "domainwide" ]; then
- sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf
-else
- sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf
-fi
-# Since we re-set the iptables rules, we need to reload them.
-iptables-restore /etc/iptables/rules.v4
-
-# Some useful debconf selections.
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf
-echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf
-
-# The second line should not be necessary due to the first line, but for
-# some reason the installation forgets to set up /etc/mailname early
-# enough to not (when running newaliases) stumble over its absence.
-echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections
-echo "${mail_domain}" > /etc/mailname
-
-# Everything should now be ready for installations. Note that we don't
-# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER
-# in any case, to be found by dovecot; we use it as a transport mechanism to
-# allow for sophisticated stuff like dovecot-side sieve filtering (installed
-# with dovecot-sieve).
-apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim
-cp "${config_tree_prefix}/user_files/dovecot.sieve" /home/plom/.dovecot.sieve
-chown plom:plom /home/plom/.dovecot.sieve
-
-# Pingmail setup.
-apt install -y mailutils
-cp "${config_tree_prefix}/user_files/pingmailrc" /home/plom/.pingmailrc
-chown plom:plom /home/plom/.pingmailrc
-su plom -c "cd && git clone https://plomlompom.com/repos/clone/pingmail.git"
-
-# In addition to our postfix server receiving mails, we funnel mails from a
-# POP3 account into dovecot via fetchmail. It might make sense to adapt the
-# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their
-# own mbox.
-apt -y install fetchmail
-cp "${config_tree_prefix}/user_files/fetchmailrc" /home/plom/.fetchmailrc
-chown plom:plom /home/plom/.fetchmailrc
-chmod 0700 /home/plom/.fetchmailrc
-
-# Pingmail and fetchmail have some systemd timers waiting. To let systemd
-# know about them, do this.
-systemctl daemon-reload
-
-# Final advice to user.
-echo "TODO: Ensure MX entry for your system in your DNS configuration."
-echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host."
-echo "TODO: passwd plom for IMAPS login"
-echo "TODO: adapt /home/plom/.fetchmailrc and then do: systemctl start fetchmail.timer"
-echo "TODO: adapt /home/plom/.dovecot.sieve and /home/plom/.pingmailrc (sieve mail by pingmail target person into mbox defined in .pingmailrc), then run: systemctl start pingmail.timer"
-echo "TODO: Add the follow DMARK entry as TXT to your DNS configugration: 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' mapped to _dmarc"
-echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):"
-cat "${dkim_selector}.txt"
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Ensure we have a GPG target to encrypt to.
-if [ $# -lt 1 ]; then
- echo "Need public key ID as argument."
- false
-fi
-gpg_key="$1"
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-# If anything strange happens, let root send mail to us.
-./setup_sendonly.sh
-
-# Apart from weechat, vim and screen will also be useful for everyday activity.
-apt -y install weechat screen vim
-
-# Link and copy over files.
-./hardlink_etc.sh play
-cp "${config_tree_prefix}/user_files/encrypter.sh" /home/plom/
-chown plom:plom /home/plom/encrypter.sh
-cp "${config_tree_prefix}/user_files/weechat-wrapper.sh" /home/plom/
-chown plom:plom /home/plom/weechat-wrapper.sh
-cp "${config_tree_prefix}/user_files/weechatrc" /home/plom/.weechatrc
-chown plom:plom /home/plom/.weechatrc
-apt -y install screen
-echo "$gpg_key" > /home/plom/.encrypt_target
-chown plom:plom /home/plom/.encrypt_target
-
-# Start encrypt_chatlogs job.
-./add_encryption_key.sh "${gpg_key}"
-systemctl daemon-reload
-systemctl start encrypt_chatlogs.timer
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Ensure we have a GPG target to encrypt to.
-if [ $# -lt 1 ]; then
- echo "Need public key ID as argument."
- false
-fi
-gpg_key="$1"
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-
-./add_encryption_key.sh "${gpg_key}"
-apt -y install screen python3-venv
-cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/
-chown plom:plom /home/plom/plomlombot_daemon.sh
-su plom -c "cd && git clone /var/public_repos/plomlombot-irc"
-systemctl enable /etc/systemd/system/plomlombot.service
-service plomlombot start
-mkdir -p "${irclogs_dir}"
-chown -R plom:plom "${irclogs_dir}"
-mkdir -p "${irclogs_pw_dir}"
-chown -R plom:plom "${irclogs_pw_dir}"
-echo "Don't forget to add a file ~/.plomlombot with content such as:"
-echo "gpg_key ${gpg_key}"
-echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW"
-echo "# file should end in newline or non-interpreted line such as this"
+++ /dev/null
-#!/bin/sh
-# This sets up the minimum of a mail server necessary to send out mails
-# to the world.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-./hardlink_etc.sh sendonly
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
-echo "$(hostname -f)" > /etc/mailname
-apt install -y postfix
+++ /dev/null
-#!/bin/sh
-# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_and_keybased_login.sh.
-set -e
-
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -ne 2 ]; then
- echo 'Need exactly two arguments (hostname, FQDN).'
- false
-fi
-hostname="$1"
-fqdn="$2"
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This
-# will set basic configurations affecting following steps, such as setup
-# of APT and the locale selection, so needs to be right at the beginning.
-./hardlink_etc.sh all server
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Some debconf selections we don't want to get asked during coming
-# install actions.
-echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections
-echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all server
-./purge_nonrequireds.sh all server
-
-# Ensure our desired locale is available.
-locale-gen
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
-
-# If we have not yet set the shell for user plom, ensure it here. This
-# is mostly for convenience.
-usermod -s /bin/bash plom
-
-# We want to be able to use ALL our servers as borg backup destinations.
-apt -y install borgbackup
+++ /dev/null
-#!/bin/sh
-# Set up plomlompom.com web server.
-set -e
-
-config_tree_prefix="${HOME}/config/all_new_2018"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-./hardlink_etc.sh web
-./setup_sendonly.sh
-sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf
-sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf
-cd /var/
-rm -rf www
-git clone plom@core.plomlompom.com:repos/website www
-apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap
-mkdir /var/public_repos
-chown plom:plom /var/public_repos
-iptables-restore /etc/iptables/rules.v4
+++ /dev/null
-require ["fileinto"];
-require ["mailbox"];
-if address :is "from" "foo@bar.com" {
- fileinto :create "foo";
-}
-if address :is :domain "to" "example.com" {
- fileinto :create "example.com";
-}
+++ /dev/null
-#!/bin/sh
-# Encrypt dated weechatlog files older than one day to GPG target defined in
-# ~/.encrypt_target
-set -e
-
-gpg_key=$(cat ~/.encrypt_target)
-cd ~/weechatlogs/irc/
-find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --encrypt {} \; -exec rm {} \;
-
+++ /dev/null
-# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted
-poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep
+++ /dev/null
-# place for test files whose modification times are used to track lifesigns
-testdir=$HOME'/.pingmail'
-
-# modification time is the last time a ping was sent or a lifetime received
-ping_touch=$testdir'/ping_touch'
-
-# modification time is when the count for sending checker a warning mail starts
-reminder_touch=$testdir'/reminder_touch'
-
-# how long to wait for lifesigns before sending a ping; double is time to wait
-# for a lifesign before sending a warning message to checker
-wait_time=86400
-
-# address of the checker, receives warning message after too long wait
-checker_address='bar@example.org'
-
-# address of the checked person, ping is sent here
-checked_address='foo@example.org'
-
-# content of ping message sent to checked person
-subj2checked='[pingmail] Ping!'
-msg2checked='Hi!\n
-\nThis is an automated mail ping from '$checker_address'.
-\nRespond to show that you are still alive!'
-
-# content of warning message sent to checker
-id_target='foo'
-subj2checker='[pingmail] No recent life signs from '$id_target
-reminder_time=`expr $wait_time \* 2`
-msg2checker='pingmail reporting in:\n
-\nNo life signs from '$id_target' for the last '$reminder_time' seconds.
-\nMaybe you should give them a call to check if they are okay.'
-
-# mail client command reading message body from stdin and subject from parameter
-mailclient_s='mail -s'
-
-# mailbox file to check for most recent life sign
-mbox=$HOME'/mail/foo'
-
-# to recursively search for most recent matches to $matchstring as lifesigns
-#maildir=$HOME'/mail'
-
-# pattern to search $maildir for recursively for lifesigns
-#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'`
-#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)'
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Repeatedly parse config file for GPG key and bot screen configs.
-path=~/.plomlombot
-db_dir="${HOME}/plomlombot_db"
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-while true; do
- if [ -f "${path}" ]; then
- cat "${path}" | while read line; do
- first_word=$(echo -n "${line}" | cut -d' ' -f1)
-
- # Read "bot:" line, start bot screen session from it if not yet existing,
- # set up irclogs dir if not yet existing.
- if [ "${first_word}" = "bot:" ]; then
- session_name=$(echo -n "${line}" | cut -d' ' -f2)
- bot_name=$(echo -n "${line}" | cut -d' ' -f3)
- channel_name=$(echo -n "${line}" | cut -d' ' -f4)
- shortened_channel_name="${channel_name}"
- first_char=$(echo -n "${channel_name}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-)
- fi
- server_name=$(echo -n "${line}" | cut -d' ' -f5)
- login_user=$(echo -n "${line}" | cut -d' ' -f6)
- login_pw=$(echo -n "${line}" | cut -d' ' -f7)
- set +e
- screen -S "${session_name}" -Q select . > /dev/null
- start_screen=$?
- set -e
- if [ "${start_screen}" -eq "1" ]; then
- cd ~/plomlombot-irc
- LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" "${channel_name}"
- fi
- md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1)
- md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1)
- logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs"
- # FIXME: Note the trouble we will have if we have the same channel
- # name on different servers …
- ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}"
- echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}"
-
- # If "gpg" line, encrypt old raw logs to that GPG key.
- elif [ "${first_word}" = "gpg_key" ]; then
- key=$(echo -n "${line}" | cut -d' ' -f2)
- mkdir -p ~/plomlombot_db
- cd ~/plomlombot_db
- find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --encrypt {} \; -exec rm {} \;
- fi
-
- done
- sleep 1
- fi
-done
+++ /dev/null
-#!/bin/sh
-
-# Enforce ~/.weechatrc as sole persistent weechat config file.
-#~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder
-rm -rf ~/.weechat/
-WEECHATCONF=`tr '\n' ';' < ~/.weechatrc`
-weechat -r "$WEECHATCONF"
-rm -rf ~/.weechat/
+++ /dev/null
-/set logger.file.path ~/weechatlogs
-/set logger.file.flush_delay 0
-/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog"
-/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]"
-/set weechat.color.chat_nick_colors "lightcyan"
-/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest
-/connect freenode
+++ /dev/null
----
-- hosts: all
- user: root
- become: yes
- tasks:
-
- - name: ensure directories for symlinks exist
- file: state=directory dest={{item}}
- with_lines: cat ~/config/ansible/files/dirs | sed -e 's/ *#.*$//'
- - name: symlink system files
- file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}}
- with_fileglob: ~/config/ansible/files/system/*
- - name: set hostname for current session
- shell: hostname w530
-
- # Init package management.
- - name: update package lists
- apt: update_cache=yes
- - name: APT - dist-upgrade
- apt: upgrade=dist
-
- # Ensure power management.
- - name: ensure power management tools are installed
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/power_management | sed -e 's/ *#.*$//'
- - name: start TLP
- shell: tlp start
-
- # Configure console.
- #
- # For some reason, some settings are only applied two reboots after this.
- - name: symlink console config files
- file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}}
- with_fileglob: ~/config/ansible/files/console/*
- - name: ensure locales and console-setup are installed
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/console | sed -e 's/ *#.*$//'
- - name: generate en_US.UTF-8 locale
- locale_gen: name=en_US.UTF-8 state=present
- - name: run setupcon to apply console settings from /etc/default/
- command: setupcon
-
- # Miscellaneous.
- - name: Ensure dotfile symlinks
- file: state=link force=yes src={{item}} dest=~/.{{item|basename}}
- with_fileglob:
- - ~/config/dotfiles/minimal/*
- - ~/config/dotfiles/root/*
- - name: ensure ~/.vimbackups directory
- file: state=directory dest=~/.vimbackups
- - name: ensure man-db, manpages are installed
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/man | sed -e 's/ *#.*$//'
- - name: set /etc/localtime
- file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime
- - name: ensure various useful tools are installed – sudo, git, vim, less, openssh
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/various_useful | sed -e 's/ *#.*$//'
- - name: ensure boot messages are not cleared on start up
- replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no'
-
- # Config user.
- - name: create user plom with sudo privileges and bash shell
- user: name=plom groups=sudo shell=/bin/bash
- - name: have config repo in user directory
- git: repo=https://github.com/plomlompom/config dest=/home/plom/config
- become_user: plom
- become_method: su
-
- # Ensure X window environment.
- - name: ensure minimal X window environment
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/minimal_x | sed -e 's/ *#.*$//'
- - name: ensure 3d acceleration and optimus switch
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/3d_acceleration | sed -e 's/ *#.*$//'
- - name: ensure user plom is in bumblebee group
- user: name=plom groups=bumblebee append=yes
- - name: ensure basic X tools
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/basic_x_tools | sed -e 's/ *#.*$//'
-
- # Set up pentadactyl.
- - name: ensure browser environment
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/browser_environment | sed -e 's/ *#.*$//'
-
- # Ensure wifi.
- - name: ensure wifi configuration
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/wifi | sed -e 's/ *#.*$//'
-
- # Ensure audio/video consumption necessities.
- - name: ensure multimedia tools
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/multimedia | sed -e 's/ *#.*$//'
-
- # Ensure hotkeys.
- #
- # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot).
- - name: ensure hotkeys
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//'
-
- # Remove undesired packages
- - name: collect desired packages
- shell: cat files/apt-mark/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted
- - name: collect currently installed packages
- shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted
- - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed
- shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black
- - name: mark all packages from black list as automatically installed
- shell: apt-mark auto $(cat /tmp/list_black)
- - name: mark all packages from white list as manually installed
- shell: apt-mark manual $(cat /tmp/white_list_unsorted)
- - name: purge all packages automatically installed that are not depended on
- shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+++ /dev/null
----
-- hosts: all
- user: root
- become: yes
- tasks:
-
- - name: ensure directories for symlinks exist
- file: state=directory dest={{item}}
- with_lines: cat ~/config/ansible/files/dirs_new | sed -e 's/ *#.*$//'
- - name: symlink system files
- file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}}
- with_fileglob:
- - ~/config/ansible/files/system_new/minimal/*
- - ~/config/ansible/files/system_new/{{ system_name }}/*
- - name: set hostname for current session
- shell: hostname {{ system_name }}
-
- # Init package management.
- - name: add palemoon repo signing key
- apt_key:
- url: https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key
- state: present
- - name: update package lists
- apt: update_cache=yes
- - name: APT - dist-upgrade
- apt: upgrade=dist
-
- # Ensure packages needed for disk encryption on startup (how does this work?)
- - name: ensure power management tools are installed
- apt: name={{item}} state=present
- with_lines:
- - cat ~/config/ansible/files/apt-mark_new/minimal/disk_encryption | sed -e 's/ *#.*$//'
-
- # Ensure power management.
- - name: ensure power management tools are installed
- apt: name={{item}} state=present
- with_lines:
- - cat ~/config/ansible/files/apt-mark_new/minimal/power_management | sed -e 's/ *#.*$//'
- - cat ~/config/ansible/files/apt-mark_new/X200s/power_management | sed -e 's/ *#.*$//'
- - name: start TLP
- shell: tlp start
-
- # Configure console.
- #
- # For some reason, some settings are only applied two reboots after this.
- - name: symlink console config files
- file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}}
- with_fileglob: ~/config/ansible/files/console/*
- - name: ensure locales and console-setup are installed
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/console | sed -e 's/ *#.*$//'
- - name: generate en_US.UTF-8 locale
- locale_gen: name=en_US.UTF-8 state=present
- - name: Touch keyboard config file so setupcon does not ignore it.
- command: touch /etc/default/keyboard
- - name: run setupcon to apply console settings from /etc/default/
- command: setupcon
-
- # Miscellaneous.
- - name: Ensure dotfile symlinks
- file: state=link force=yes src={{item}} dest=~/.{{item|basename}}
- with_fileglob:
- - ~/config/dotfiles/minimal/*
- - ~/config/dotfiles/root/*
- - name: ensure ~/.vimbackups directory
- file: state=directory dest=~/.vimbackups
- - name: ensure man-db, manpages are installed
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/man | sed -e 's/ *#.*$//'
- - name: set /etc/localtime
- file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime
- - name: ensure various useful tools are installed – sudo, git, vim, less, openssh
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/various_useful | sed -e 's/ *#.*$//'
- - name: ensure boot messages are not cleared on start up
- replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no'
-
- # Config user.
- - name: create user plom with sudo privileges and bash shell
- user: name=plom groups=sudo shell=/bin/bash
- #- name: have config repo in user directory
- # git: repo=https://github.com/plomlompom/config dest=/home/plom/config
- # become_user: plom
- # become_method: su
-
- # Ensure X window environment.
- - name: ensure minimal X window environment
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/minimal_x | sed -e 's/ *#.*$//'
- - name: ensure 3d acceleration
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/3d_acceleration | sed -e 's/ *#.*$//'
- #- name: ensure optimus switch
- # apt: name={{item}} state=present
- # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/3d_acceleration | sed -e 's/ *#.*$//'
- #- name: ensure user plom is in bumblebee group
- # user: name=plom groups=bumblebee append=yes
- - name: ensure basic X tools
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/basic_x_tools | sed -e 's/ *#.*$//'
-
- ## Set up browser environment.
- #- name: ensure qutebrowser
- # include: tasks/qutebrowser.yml
- - name: ensure browser environment
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/browser_environment | sed -e 's/ *#.*$//'
-
- # Ensure wifi.
- - name: ensure wifi configuration
- apt: name={{item}} state=present
- with_lines:
- - cat ~/config/ansible/files/apt-mark_new/minimal/wifi | sed -e 's/ *#.*$//'
- - cat ~/config/ansible/files/apt-mark_new/X200s/wifi | sed -e 's/ *#.*$//'
- #- name: ensure wicd
- # apt: name={{item}} state=present
- # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/wicd | sed -e 's/ *#.*$//'
-
- # Ensure audio/video consumption necessities.
- - name: ensure multimedia tools
- apt: name={{item}} state=present
- with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/multimedia | sed -e 's/ *#.*$//'
- #- name: ensure multimedia tools
- # apt: name={{item}} state=present
- # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/multimedia | sed -e 's/ *#.*$//'
-
- # Ensure hotkeys.
- #
- # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot).
- #- name: ensure hotkeys
- # apt: name={{item}} state=present
- # with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//'
-
- # Remove undesired packages
- - name: collect desired packages
- shell: cat files/apt-mark_new/minimal/* files/apt-mark_new/{{ system_name }}/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted
- - name: collect currently installed packages
- shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted
- - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed
- shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black
- - name: mark all packages from black list as automatically installed
- shell: apt-mark auto $(cat /tmp/list_black)
- - name: mark all packages from white list as manually installed
- shell: apt-mark manual $(cat /tmp/white_list_unsorted)
- - name: purge all packages automatically installed that are not depended on
- shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-
+++ /dev/null
-bumblebee-nvidia
-libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work
-libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work
-linux-headers-amd64 # tested as necessary to build proper nvidia-driver module
-primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card
+++ /dev/null
-i3
-i3status
-python3 # this is what the i3status wrapper is written in
-redshift
-suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed
-xterm
-x11-xserver-utils # includes xrdb which applies .Xresources files
+++ /dev/null
-iceweasel
-vim-gtk # used by pentadactyl for text editing
-xul-ext-noscript
-xul-ext-pentadactyl
+++ /dev/null
-console-setup
-locales
+++ /dev/null
-base-files
-base-passwd
-bash
-bsdutils
-coreutils
-dash
-debconf
-debianutils
-diffutils
-dpkg
-e2fslibs
-e2fsprogs
-findutils
-gcc-6-base
-grep
-gzip
-hostname
-init-system-helpers
-libacl1
-libattr1
-libblkid1
-libc6
-libc-bin
-libcomerr2
-libfdisk1
-libgcc1
-liblzma5
-libmount1
-libpam0g
-libpam-modules
-libpam-modules-bin
-libpam-runtime
-libpcre3
-libselinux1
-libsepol1
-libsmartcols1
-libss2
-libtinfo5
-libuuid1
-login
-lsb-base
-mawk
-mount
-multiarch-support
-ncurses-base
-ncurses-bin
-passwd
-perl-base
-sed
-sensible-utils
-sysvinit-utils
-tar
-tzdata
-util-linux
-zlib1g
+++ /dev/null
-acpid # captures hotkey presses and triggers respective /etc/acpi/events/*
+++ /dev/null
-man-db
-manpages
+++ /dev/null
-ansible
-ifupdown # needed for internet connectivity
-isc-dhcp-client # needed for internet connectivity
+++ /dev/null
-libpam-systemd # needed to start X as non-root
-xinit # contains startx
-xserver-xorg-core
-xserver-xorg-input-evdev # supports all input devices the kernel knows about
+++ /dev/null
-alsa-utils
-eject
-ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos
-libdvd-pkg # decss stuff
-mpv
-youtube-dl # needed by mpv to directly work YouTube URLs
+++ /dev/null
-acpi-call-dkms # needed for tlp to access Thinkpad-specific features
-tlp
+++ /dev/null
-git
-less
-openssh-client
-sudo
-vim
+++ /dev/null
-firmware-iwlwifi # wifi driver
-wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff
-wicd-curses # although this currently is very buggy
-wicd-gtk # workaround for when wicd-curses fails
+++ /dev/null
-bumblebee-nvidia
-linux-headers-amd64 # tested as necessary to build proper nvidia-driver module
-primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card
+++ /dev/null
-iceweasel
-vim-gtk # used by pentadactyl for text editing
-xul-ext-noscript
-xul-ext-pentadactyl
+++ /dev/null
-acpid # captures hotkey presses and triggers respective /etc/acpi/events/*
+++ /dev/null
-eject
-ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos
-libdvd-pkg # decss stuff
+++ /dev/null
-wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff
-wicd-curses # although this currently is very buggy
-wicd-gtk # workaround for when wicd-curses fails
+++ /dev/null
-alsa-utils
-ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos
-mpv
-youtube-dl # needed by mpv to directly work YouTube URLs
+++ /dev/null
-tp-smapi-dkms
-linux-headers-amd64
+++ /dev/null
-wpasupplicant
+++ /dev/null
-libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work
-libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work
+++ /dev/null
-i3
-i3status
-python3 # this is what the i3status wrapper is written in
-redshift
-suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed
-xterm
-x11-xserver-utils # includes xrdb which applies .Xresources files
+++ /dev/null
-console-setup
-locales
+++ /dev/null
-base-files
-base-passwd
-bash
-bsdutils
-coreutils
-dash
-debconf
-debianutils
-diffutils
-dpkg
-e2fslibs
-e2fsprogs
-findutils
-gcc-6-base
-grep
-gzip
-hostname
-init-system-helpers
-libacl1
-libattr1
-libblkid1
-libc6
-libc-bin
-libcomerr2
-libfdisk1
-libgcc1
-liblzma5
-libmount1
-libpam0g
-libpam-modules
-libpam-modules-bin
-libpam-runtime
-libpcre3
-libselinux1
-libsepol1
-libsmartcols1
-libss2
-libtinfo5
-libuuid1
-login
-lsb-base
-mawk
-mount
-multiarch-support
-ncurses-base
-ncurses-bin
-passwd
-perl-base
-sed
-sensible-utils
-sysvinit-utils
-tar
-tzdata
-util-linux
-zlib1g
+++ /dev/null
-cryptsetup
-udev
+++ /dev/null
-man-db
-manpages
+++ /dev/null
-ansible
-ifupdown # needed for internet connectivity
-isc-dhcp-client # needed for internet connectivity
+++ /dev/null
-libpam-systemd # needed to start X as non-root
-xinit # contains startx
-xserver-xorg-core
-xserver-xorg-input-evdev # supports all input devices the kernel knows about
+++ /dev/null
-alsa-utils
-mpv
-youtube-dl # needed by mpv to directly work YouTube URLs
+++ /dev/null
-acpi-call-dkms # needed for tlp to access Thinkpad-specific features
-tlp
+++ /dev/null
-git
-less
-openssh-client
-sudo
-vim
+++ /dev/null
-firmware-iwlwifi # wifi driver
+++ /dev/null
-CHARMAP="UTF-8"
-CODESET="Lat15"
-FONTFACE="Terminus"
-FONTSIZE="6x12"
+++ /dev/null
-# setting XKBMODEL to the questionable default seems to be necessary and works nicely
-# curiously, putting a comment on the same line as a variable setting seems to break things
-XKBMODEL="pc105"
-XKBLAYOUT="de"
+++ /dev/null
-/etc/wicd
-/etc/acpi/events
+++ /dev/null
-# This is the Optimus-specific configuration recommended by the "NVIDIA
-# Accelerated Linux Graphics Drivre README and Installation Guide", Chapter 32
-# "Offloading Graphics Display with RandR 1.4"
-# (<http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>)
-# with the "AllowEmptyInitialConfigratuion" added as described by
-# <http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>.
-
-Section "ServerLayout"
- Identifier "layout"
- Screen 0 "nvidia"
- Inactive "intel"
-EndSection
-
-Section "Device"
- Identifier "nvidia"
- Driver "nvidia"
- BusID "PCI:01:00:0"
- Option "AllowEmptyInitialConfiguration"
-EndSection
-
-Section "Screen"
- Identifier "nvidia"
- Device "nvidia"
-EndSection
-
-Section "Device"
- Identifier "intel"
- Driver "modesetting"
-EndSection
-
-Section "Screen"
- Identifier "intel"
- Device "intel"
-EndSection
+++ /dev/null
-event=video/brightnessdown
-action=/root/config/bin/w530_backlight.sh -
+++ /dev/null
-event=video/brightnessup
-action=/root/config/bin/w530_backlight.sh +
+++ /dev/null
-event=button/f20
-action=amixer set Mic toggle
+++ /dev/null
-event=button/mute
-action=amixer set Master toggle
+++ /dev/null
-event=button/volumedown
-action=amixer set Master 10-
+++ /dev/null
-event=button/volumeup
-action=amixer set Master 10+
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://ftp.debian.org/debian/ stretch main contrib non-free
-deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free
-deb http://ftp.debian.org/debian stretch-backports main contrib non-free
-deb http://security.debian.org/ stretch/updates main contrib non-free
+++ /dev/null
-# ------------------------------------------------------------------------------
-# tlp - Parameters for power save
-# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html
-
-# Hint: some features are disabled by default, remove the leading # to enable
-# them.
-
-# Set to 0 to disable, 1 to enable TLP.
-TLP_ENABLE=1
-
-# Operation mode when no power supply can be detected: AC, BAT
-# Concerns some desktop and embedded hardware only.
-TLP_DEFAULT_MODE=AC
-
-# Seconds laptop mode has to wait after the disk goes idle before doing a sync.
-# Non-zero value enables, zero disables laptop mode.
-DISK_IDLE_SECS_ON_AC=0
-DISK_IDLE_SECS_ON_BAT=2
-
-# Dirty page values (timeouts in secs).
-MAX_LOST_WORK_SECS_ON_AC=15
-MAX_LOST_WORK_SECS_ON_BAT=60
-
-# Hint: CPU parameters below are disabled by default, remove the leading #
-# to enable them, otherwise kernel default values are used.
-
-# Select a CPU frequency scaling governor.
-# Intel Core i processor with intel_pstate driver:
-# powersave(*), performance
-# Older hardware with acpi-cpufreq driver:
-# ondemand(*), powersave, performance, conservative
-# (*) is recommended.
-# Hint: use tlp-stat -p to show the active driver and available governors.
-# Important:
-# You *must* disable your distribution's governor settings or conflicts will
-# occur. ondemand is sufficient for *almost all* workloads, you should know
-# what you're doing!
-#CPU_SCALING_GOVERNOR_ON_AC=powersave
-#CPU_SCALING_GOVERNOR_ON_BAT=powersave
-
-# Set the min/max frequency available for the scaling governor.
-# Possible values strongly depend on your CPU. For available frequencies see
-# the output of tlp-stat -p.
-#CPU_SCALING_MIN_FREQ_ON_AC=0
-#CPU_SCALING_MAX_FREQ_ON_AC=0
-#CPU_SCALING_MIN_FREQ_ON_BAT=0
-#CPU_SCALING_MAX_FREQ_ON_BAT=0
-
-# Set Intel P-state performance: 0..100 (%)
-# Limit the max/min P-state to control the power dissipation of the CPU.
-# Values are stated as a percentage of the available performance.
-# Requires an Intel Core i processor with intel_pstate driver.
-#CPU_MIN_PERF_ON_AC=0
-#CPU_MAX_PERF_ON_AC=100
-#CPU_MIN_PERF_ON_BAT=0
-#CPU_MAX_PERF_ON_BAT=30
-
-# Set the CPU "turbo boost" feature: 0=disable, 1=allow
-# Requires an Intel Core i processor.
-# Important:
-# - This may conflict with your distribution's governor settings
-# - A value of 1 does *not* activate boosting, it just allows it
-#CPU_BOOST_ON_AC=1
-#CPU_BOOST_ON_BAT=0
-
-# Minimize number of used CPU cores/hyper-threads under light load conditions
-SCHED_POWERSAVE_ON_AC=0
-SCHED_POWERSAVE_ON_BAT=1
-
-# Kernel NMI Watchdog:
-# 0=disable (default, saves power), 1=enable (for kernel debugging only)
-NMI_WATCHDOG=0
-
-# Change CPU voltages aka "undervolting" - Kernel with PHC patch required
-# Frequency voltage pairs are written to:
-# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls
-# CAUTION: only use this, if you thoroughly understand what you are doing!
-#PHC_CONTROLS="F:V F:V F:V F:V"
-
-# Set CPU performance versus energy savings policy:
-# performance, normal, powersave
-# Requires kernel module msr and x86_energy_perf_policy from linux-tools
-ENERGY_PERF_POLICY_ON_AC=performance
-ENERGY_PERF_POLICY_ON_BAT=powersave
-
-# Hard disk devices; separate multiple devices with spaces (default: sda).
-# Devices can be specified by disk ID also (lookup with: tlp diskid).
-DISK_DEVICES="sda sdb"
-
-# Hard disk advanced power management level: 1..254, 255 (max saving, min, off)
-# Levels 1..127 may spin down the disk; 255 allowable on most drives.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-DISK_APM_LEVEL_ON_AC="254 254"
-DISK_APM_LEVEL_ON_BAT="128 128"
-
-# Hard disk spin down timeout:
-# 0: spin down disabled
-# 1..240: timeouts from 5s to 20min (in units of 5s)
-# 241..251: timeouts from 30min to 5.5 hours (in units of 30min)
-# See 'man hdparm' for details.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0"
-#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0"
-
-# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq);
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the kernel default scheduler for the particular disk.
-#DISK_IOSCHED="cfq cfq"
-
-# SATA aggressive link power management (ALPM):
-# min_power, medium_power, max_performance
-SATA_LINKPWR_ON_AC=max_performance
-SATA_LINKPWR_ON_BAT=min_power
-
-# Exclude SATA host devices from link power management.
-# Separate multiple hosts with spaces.
-#SATA_LINKPWR_BLACKLIST="host1"
-
-# Runtime Power Management for AHCI controllers and disks:
-# on=disable, auto=enable
-# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss
-#AHCI_RUNTIME_PM_ON_AC=on
-#AHCI_RUNTIME_PM_ON_BAT=on
-
-# Seconds of inactivity before disk is suspended
-AHCI_RUNTIME_PM_TIMEOUT=15
-
-# PCI Express Active State Power Management (PCIe ASPM):
-# default, performance, powersave
-PCIE_ASPM_ON_AC=performance
-PCIE_ASPM_ON_BAT=powersave
-
-# Radeon graphics clock speed (profile method): low, mid, high, auto, default;
-# auto = mid on BAT, high on AC; default = use hardware defaults.
-# (Kernel >= 2.6.35 only, open-source radeon driver explicitly)
-RADEON_POWER_PROFILE_ON_AC=high
-RADEON_POWER_PROFILE_ON_BAT=low
-
-# Radeon dynamic power management method (DPM): battery, performance
-# (Kernel >= 3.11 only, requires boot option radeon.dpm=1)
-RADEON_DPM_STATE_ON_AC=performance
-RADEON_DPM_STATE_ON_BAT=battery
-
-# Radeon DPM performance level: auto, low, high; auto is recommended.
-RADEON_DPM_PERF_LEVEL_ON_AC=auto
-RADEON_DPM_PERF_LEVEL_ON_BAT=auto
-
-# WiFi power saving mode: on=enable, off=disable; not supported by all adapters.
-WIFI_PWR_ON_AC=off
-WIFI_PWR_ON_BAT=on
-
-# Disable wake on LAN: Y/N
-WOL_DISABLE=Y
-
-# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
-# A value of 0 disables, >=1 enables power save.
-SOUND_POWER_SAVE_ON_AC=0
-SOUND_POWER_SAVE_ON_BAT=1
-
-# Disable controller too (HDA only): Y/N
-SOUND_POWER_SAVE_CONTROLLER=Y
-
-# Set to 1 to power off optical drive in UltraBay/MediaBay when running on
-# battery. A value of 0 disables this feature (Default).
-# Drive can be powered on again by releasing (and reinserting) the eject lever
-# or by pressing the disc eject button on newer models.
-# Note: an UltraBay/MediaBay hard disk is never powered off.
-BAY_POWEROFF_ON_BAT=0
-# Optical drive device to power off (default sr0).
-BAY_DEVICE="sr0"
-
-# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable
-RUNTIME_PM_ON_AC=on
-RUNTIME_PM_ON_BAT=auto
-
-# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones:
-# 0=disable, 1=enable
-RUNTIME_PM_ALL=1
-
-# Exclude PCI(e) device adresses the following list from Runtime PM
-# (separate with spaces). Use lspci to get the adresses (1st column).
-#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6"
-
-# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM
-# (should prevent accidential power on of hybrid graphics' discrete part).
-# Default is "radeon nouveau"; use "" to disable the feature completely.
-# Separate multiple drivers with spaces.
-RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau"
-
-# Set to 0 to disable, 1 to enable USB autosuspend feature.
-USB_AUTOSUSPEND=1
-
-# Exclude listed devices from USB autosuspend (separate with spaces).
-# Use lsusb to get the ids.
-# Note: input devices (usbhid) are excluded automatically (see below)
-#USB_BLACKLIST="1111:2222 3333:4444"
-
-# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude
-USB_BLACKLIST_WWAN=1
-
-# Include listed devices into USB autosuspend even if already excluded
-# by the driver or WWAN blacklists above (separate with spaces).
-# Use lsusb to get the ids.
-#USB_WHITELIST="1111:2222 3333:4444"
-
-# Set to 1 to disable autosuspend before shutdown, 0 to do nothing
-# (workaround for USB devices that cause shutdown problems).
-#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
-
-# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown
-# on system startup: 0=disable, 1=enable.
-# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below
-# are ignored when this is enabled!
-RESTORE_DEVICE_STATE_ON_STARTUP=0
-
-# Radio devices to disable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan"
-
-# Radio devices to enable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-#DEVICES_TO_ENABLE_ON_STARTUP="wifi"
-
-# Radio devices to disable on shutdown: bluetooth, wifi, wwan
-# (workaround for devices that are blocking shutdown).
-#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan"
-
-# Radio devices to enable on shutdown: bluetooth, wifi, wwan
-# (to prevent other operating systems from missing radios).
-#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan"
-
-# Radio devices to enable on AC: bluetooth, wifi, wwan
-#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-
-# Radio devices to disable on battery: bluetooth, wifi, wwan
-#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan"
-
-# Radio devices to disable on battery when not in use (not connected):
-# bluetooth, wifi, wwan
-DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan"
-
-# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module
-# required). Charging starts when the remaining capacity falls below the
-# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value.
-# Main / Internal battery (values in %)
-START_CHARGE_THRESH_BAT0=10
-STOP_CHARGE_THRESH_BAT0=95
-# Ultrabay / Slice / Replaceable battery (values in %)
-START_CHARGE_THRESH_BAT1=10
-STOP_CHARGE_THRESH_BAT1=95
-
-# ------------------------------------------------------------------------------
-# tlp-rdw - Parameters for the radio device wizard
-# Possible devices: bluetooth, wifi, wwan
-
-# Hints:
-# - Parameters are disabled by default, remove the leading # to enable them.
-# - Separate multiple radio devices with spaces.
-
-# Radio devices to disable on connect.
-#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
-#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"
-#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"
-
-# Radio devices to enable on disconnect.
-#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"
-#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-
-# Radio devices to enable/disable when docked.
-#DEVICES_TO_ENABLE_ON_DOCK=""
-#DEVICES_TO_DISABLE_ON_DOCK=""
-
-# Radio devices to enable/disable when undocked.
-#DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
-#DEVICES_TO_DISABLE_ON_UNDOCK=""
+++ /dev/null
-127.0.0.1 localhost
-127.0.1.1 w530
-
-# The following lines are desirable for IPv6 capable hosts
-::1 localhost ip6-localhost ip6-loopback
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
+++ /dev/null
-# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
-# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
-
-if [ "`id -u`" -eq 0 ]; then
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-else
- PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
-fi
-export PATH
-
-if [ "${PS1-}" ]; then
- if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
- # The file bash.bashrc already sets the default PS1.
- # PS1='\h:\w\$ '
- if [ -f /etc/bash.bashrc ]; then
- . /etc/bash.bashrc
- fi
- else
- if [ "`id -u`" -eq 0 ]; then
- PS1='# '
- else
- PS1='$ '
- fi
- fi
-fi
-
-if [ -d /etc/profile.d ]; then
- for i in /etc/profile.d/*.sh; do
- if [ -r $i ]; then
- . $i
- fi
- done
- unset i
-fi
-export LC_ALL="en_US.UTF-8"
+++ /dev/null
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-#
-# Entries in this file show the compile time defaults.
-# You can change settings by editing this file.
-# Defaults can be restored by simply deleting this file.
-#
-# See logind.conf(5) for details.
-
-[Login]
-#NAutoVTs=6
-#ReserveVT=6
-#KillUserProcesses=no
-#KillOnlyUsers=
-#KillExcludeUsers=root
-#InhibitDelayMaxSec=5
-#HandlePowerKey=poweroff
-#HandleSuspendKey=suspend
-#HandleHibernateKey=hibernate
-#HandleLidSwitch=suspend
-#HandleLidSwitchDocked=ignore
-#PowerKeyIgnoreInhibited=no
-#SuspendKeyIgnoreInhibited=no
-#HibernateKeyIgnoreInhibited=no
-#LidSwitchIgnoreInhibited=yes
-#HoldoffTimeoutSec=30s
-#IdleAction=ignore
-#IdleActionSec=30min
-#RuntimeDirectorySize=10%
-#RemoveIPC=yes
-#InhibitorsMax=8192
-#SessionsMax=8192
-#UserTasksMax=33%
-HandleLidSwitch=hibernate
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-[Settings]
-backend = external
-wireless_interface = wlp3s0
-wired_interface = enp0s25
-wpa_driver = wext
-always_show_wired_interface = False
-use_global_dns = False
-global_dns_1 = None
-global_dns_2 = None
-global_dns_3 = None
-global_dns_dom = None
-global_search_dom = None
-auto_reconnect = True
-debug_mode = False
-wired_connect_mode = 1
-signal_display_type = 0
-should_verify_ap = 1
-dhcp_client = 0
-link_detect_tool = 0
-flush_tool = 0
-sudo_app = 0
-prefer_wired = False
-show_never_connect = True
-
+++ /dev/null
-# This is the Optimus-specific configuration recommended by the "NVIDIA
-# Accelerated Linux Graphics Driver README and Installation Guide", Chapter 32
-# "Offloading Graphics Display with RandR 1.4"
-# (<http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>)
-# with the "AllowEmptyInitialConfigratuion" added as described by
-# <http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>.
-
-Section "ServerLayout"
- Identifier "layout"
- Screen 0 "nvidia"
- Inactive "intel"
-EndSection
-
-Section "Device"
- Identifier "nvidia"
- Driver "nvidia"
- BusID "PCI:01:00:0"
- Option "AllowEmptyInitialConfiguration"
-EndSection
-
-Section "Screen"
- Identifier "nvidia"
- Device "nvidia"
-EndSection
-
-Section "Device"
- Identifier "intel"
- Driver "modesetting"
-EndSection
-
-Section "Screen"
- Identifier "intel"
- Device "intel"
-EndSection
+++ /dev/null
-127.0.0.1 localhost
-127.0.1.1 W530
-
-# The following lines are desirable for IPv6 capable hosts
-::1 localhost ip6-localhost ip6-loopback
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
+++ /dev/null
-[Settings]
-backend = external
-wireless_interface = wlp3s0
-wired_interface = enp0s25
-wpa_driver = wext
-always_show_wired_interface = False
-use_global_dns = False
-global_dns_1 = None
-global_dns_2 = None
-global_dns_3 = None
-global_dns_dom = None
-global_search_dom = None
-auto_reconnect = True
-debug_mode = False
-wired_connect_mode = 1
-signal_display_type = 0
-should_verify_ap = 1
-dhcp_client = 0
-link_detect_tool = 0
-flush_tool = 0
-sudo_app = 0
-prefer_wired = False
-show_never_connect = True
-
+++ /dev/null
-127.0.0.1 localhost
-127.0.1.1 X200s
-
-# The following lines are desirable for IPv6 capable hosts
-::1 localhost ip6-localhost ip6-loopback
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://ftp.debian.org/debian/ stretch main contrib non-free
-deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free
-deb http://ftp.debian.org/debian stretch-backports main contrib non-free
-deb http://security.debian.org/ stretch/updates main contrib non-free
+++ /dev/null
-deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ /
+++ /dev/null
-# ------------------------------------------------------------------------------
-# tlp - Parameters for power save
-# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html
-
-# Hint: some features are disabled by default, remove the leading # to enable
-# them.
-
-# Set to 0 to disable, 1 to enable TLP.
-TLP_ENABLE=1
-
-# Operation mode when no power supply can be detected: AC, BAT
-# Concerns some desktop and embedded hardware only.
-TLP_DEFAULT_MODE=AC
-
-# Seconds laptop mode has to wait after the disk goes idle before doing a sync.
-# Non-zero value enables, zero disables laptop mode.
-DISK_IDLE_SECS_ON_AC=0
-DISK_IDLE_SECS_ON_BAT=2
-
-# Dirty page values (timeouts in secs).
-MAX_LOST_WORK_SECS_ON_AC=15
-MAX_LOST_WORK_SECS_ON_BAT=60
-
-# Hint: CPU parameters below are disabled by default, remove the leading #
-# to enable them, otherwise kernel default values are used.
-
-# Select a CPU frequency scaling governor.
-# Intel Core i processor with intel_pstate driver:
-# powersave(*), performance
-# Older hardware with acpi-cpufreq driver:
-# ondemand(*), powersave, performance, conservative
-# (*) is recommended.
-# Hint: use tlp-stat -p to show the active driver and available governors.
-# Important:
-# You *must* disable your distribution's governor settings or conflicts will
-# occur. ondemand is sufficient for *almost all* workloads, you should know
-# what you're doing!
-#CPU_SCALING_GOVERNOR_ON_AC=powersave
-#CPU_SCALING_GOVERNOR_ON_BAT=powersave
-
-# Set the min/max frequency available for the scaling governor.
-# Possible values strongly depend on your CPU. For available frequencies see
-# the output of tlp-stat -p.
-#CPU_SCALING_MIN_FREQ_ON_AC=0
-#CPU_SCALING_MAX_FREQ_ON_AC=0
-#CPU_SCALING_MIN_FREQ_ON_BAT=0
-#CPU_SCALING_MAX_FREQ_ON_BAT=0
-
-# Set Intel P-state performance: 0..100 (%)
-# Limit the max/min P-state to control the power dissipation of the CPU.
-# Values are stated as a percentage of the available performance.
-# Requires an Intel Core i processor with intel_pstate driver.
-#CPU_MIN_PERF_ON_AC=0
-#CPU_MAX_PERF_ON_AC=100
-#CPU_MIN_PERF_ON_BAT=0
-#CPU_MAX_PERF_ON_BAT=30
-
-# Set the CPU "turbo boost" feature: 0=disable, 1=allow
-# Requires an Intel Core i processor.
-# Important:
-# - This may conflict with your distribution's governor settings
-# - A value of 1 does *not* activate boosting, it just allows it
-#CPU_BOOST_ON_AC=1
-#CPU_BOOST_ON_BAT=0
-
-# Minimize number of used CPU cores/hyper-threads under light load conditions
-SCHED_POWERSAVE_ON_AC=0
-SCHED_POWERSAVE_ON_BAT=1
-
-# Kernel NMI Watchdog:
-# 0=disable (default, saves power), 1=enable (for kernel debugging only)
-NMI_WATCHDOG=0
-
-# Change CPU voltages aka "undervolting" - Kernel with PHC patch required
-# Frequency voltage pairs are written to:
-# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls
-# CAUTION: only use this, if you thoroughly understand what you are doing!
-#PHC_CONTROLS="F:V F:V F:V F:V"
-
-# Set CPU performance versus energy savings policy:
-# performance, normal, powersave
-# Requires kernel module msr and x86_energy_perf_policy from linux-tools
-ENERGY_PERF_POLICY_ON_AC=performance
-ENERGY_PERF_POLICY_ON_BAT=powersave
-
-# Hard disk devices; separate multiple devices with spaces (default: sda).
-# Devices can be specified by disk ID also (lookup with: tlp diskid).
-DISK_DEVICES="sda sdb"
-
-# Hard disk advanced power management level: 1..254, 255 (max saving, min, off)
-# Levels 1..127 may spin down the disk; 255 allowable on most drives.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-DISK_APM_LEVEL_ON_AC="254 254"
-DISK_APM_LEVEL_ON_BAT="128 128"
-
-# Hard disk spin down timeout:
-# 0: spin down disabled
-# 1..240: timeouts from 5s to 20min (in units of 5s)
-# 241..251: timeouts from 30min to 5.5 hours (in units of 30min)
-# See 'man hdparm' for details.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0"
-#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0"
-
-# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq);
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the kernel default scheduler for the particular disk.
-#DISK_IOSCHED="cfq cfq"
-
-# SATA aggressive link power management (ALPM):
-# min_power, medium_power, max_performance
-SATA_LINKPWR_ON_AC=max_performance
-SATA_LINKPWR_ON_BAT=min_power
-
-# Exclude SATA host devices from link power management.
-# Separate multiple hosts with spaces.
-#SATA_LINKPWR_BLACKLIST="host1"
-
-# Runtime Power Management for AHCI controllers and disks:
-# on=disable, auto=enable
-# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss
-#AHCI_RUNTIME_PM_ON_AC=on
-#AHCI_RUNTIME_PM_ON_BAT=on
-
-# Seconds of inactivity before disk is suspended
-AHCI_RUNTIME_PM_TIMEOUT=15
-
-# PCI Express Active State Power Management (PCIe ASPM):
-# default, performance, powersave
-PCIE_ASPM_ON_AC=performance
-PCIE_ASPM_ON_BAT=powersave
-
-# Radeon graphics clock speed (profile method): low, mid, high, auto, default;
-# auto = mid on BAT, high on AC; default = use hardware defaults.
-# (Kernel >= 2.6.35 only, open-source radeon driver explicitly)
-RADEON_POWER_PROFILE_ON_AC=high
-RADEON_POWER_PROFILE_ON_BAT=low
-
-# Radeon dynamic power management method (DPM): battery, performance
-# (Kernel >= 3.11 only, requires boot option radeon.dpm=1)
-RADEON_DPM_STATE_ON_AC=performance
-RADEON_DPM_STATE_ON_BAT=battery
-
-# Radeon DPM performance level: auto, low, high; auto is recommended.
-RADEON_DPM_PERF_LEVEL_ON_AC=auto
-RADEON_DPM_PERF_LEVEL_ON_BAT=auto
-
-# WiFi power saving mode: on=enable, off=disable; not supported by all adapters.
-WIFI_PWR_ON_AC=off
-WIFI_PWR_ON_BAT=on
-
-# Disable wake on LAN: Y/N
-WOL_DISABLE=Y
-
-# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
-# A value of 0 disables, >=1 enables power save.
-SOUND_POWER_SAVE_ON_AC=0
-SOUND_POWER_SAVE_ON_BAT=1
-
-# Disable controller too (HDA only): Y/N
-SOUND_POWER_SAVE_CONTROLLER=Y
-
-# Set to 1 to power off optical drive in UltraBay/MediaBay when running on
-# battery. A value of 0 disables this feature (Default).
-# Drive can be powered on again by releasing (and reinserting) the eject lever
-# or by pressing the disc eject button on newer models.
-# Note: an UltraBay/MediaBay hard disk is never powered off.
-BAY_POWEROFF_ON_BAT=0
-# Optical drive device to power off (default sr0).
-BAY_DEVICE="sr0"
-
-# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable
-RUNTIME_PM_ON_AC=on
-RUNTIME_PM_ON_BAT=auto
-
-# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones:
-# 0=disable, 1=enable
-RUNTIME_PM_ALL=1
-
-# Exclude PCI(e) device adresses the following list from Runtime PM
-# (separate with spaces). Use lspci to get the adresses (1st column).
-#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6"
-
-# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM
-# (should prevent accidential power on of hybrid graphics' discrete part).
-# Default is "radeon nouveau"; use "" to disable the feature completely.
-# Separate multiple drivers with spaces.
-RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau"
-
-# Set to 0 to disable, 1 to enable USB autosuspend feature.
-USB_AUTOSUSPEND=1
-
-# Exclude listed devices from USB autosuspend (separate with spaces).
-# Use lsusb to get the ids.
-# Note: input devices (usbhid) are excluded automatically (see below)
-#USB_BLACKLIST="1111:2222 3333:4444"
-
-# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude
-USB_BLACKLIST_WWAN=1
-
-# Include listed devices into USB autosuspend even if already excluded
-# by the driver or WWAN blacklists above (separate with spaces).
-# Use lsusb to get the ids.
-#USB_WHITELIST="1111:2222 3333:4444"
-
-# Set to 1 to disable autosuspend before shutdown, 0 to do nothing
-# (workaround for USB devices that cause shutdown problems).
-#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
-
-# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown
-# on system startup: 0=disable, 1=enable.
-# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below
-# are ignored when this is enabled!
-RESTORE_DEVICE_STATE_ON_STARTUP=0
-
-# Radio devices to disable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan"
-
-# Radio devices to enable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-#DEVICES_TO_ENABLE_ON_STARTUP="wifi"
-
-# Radio devices to disable on shutdown: bluetooth, wifi, wwan
-# (workaround for devices that are blocking shutdown).
-#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan"
-
-# Radio devices to enable on shutdown: bluetooth, wifi, wwan
-# (to prevent other operating systems from missing radios).
-#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan"
-
-# Radio devices to enable on AC: bluetooth, wifi, wwan
-#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-
-# Radio devices to disable on battery: bluetooth, wifi, wwan
-#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan"
-
-# Radio devices to disable on battery when not in use (not connected):
-# bluetooth, wifi, wwan
-DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan"
-
-# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module
-# required). Charging starts when the remaining capacity falls below the
-# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value.
-# Main / Internal battery (values in %)
-START_CHARGE_THRESH_BAT0=10
-STOP_CHARGE_THRESH_BAT0=95
-# Ultrabay / Slice / Replaceable battery (values in %)
-START_CHARGE_THRESH_BAT1=10
-STOP_CHARGE_THRESH_BAT1=95
-
-# ------------------------------------------------------------------------------
-# tlp-rdw - Parameters for the radio device wizard
-# Possible devices: bluetooth, wifi, wwan
-
-# Hints:
-# - Parameters are disabled by default, remove the leading # to enable them.
-# - Separate multiple radio devices with spaces.
-
-# Radio devices to disable on connect.
-#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
-#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"
-#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"
-
-# Radio devices to enable on disconnect.
-#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"
-#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-
-# Radio devices to enable/disable when docked.
-#DEVICES_TO_ENABLE_ON_DOCK=""
-#DEVICES_TO_DISABLE_ON_DOCK=""
-
-# Radio devices to enable/disable when undocked.
-#DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
-#DEVICES_TO_DISABLE_ON_UNDOCK=""
+++ /dev/null
-# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
-# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
-
-if [ "`id -u`" -eq 0 ]; then
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-else
- PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
-fi
-export PATH
-
-if [ "${PS1-}" ]; then
- if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
- # The file bash.bashrc already sets the default PS1.
- # PS1='\h:\w\$ '
- if [ -f /etc/bash.bashrc ]; then
- . /etc/bash.bashrc
- fi
- else
- if [ "`id -u`" -eq 0 ]; then
- PS1='# '
- else
- PS1='$ '
- fi
- fi
-fi
-
-if [ -d /etc/profile.d ]; then
- for i in /etc/profile.d/*.sh; do
- if [ -r $i ]; then
- . $i
- fi
- done
- unset i
-fi
-export LC_ALL="en_US.UTF-8"
+++ /dev/null
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-#
-# Entries in this file show the compile time defaults.
-# You can change settings by editing this file.
-# Defaults can be restored by simply deleting this file.
-#
-# See logind.conf(5) for details.
-
-[Login]
-#NAutoVTs=6
-#ReserveVT=6
-#KillUserProcesses=no
-#KillOnlyUsers=
-#KillExcludeUsers=root
-#InhibitDelayMaxSec=5
-#HandlePowerKey=poweroff
-#HandleSuspendKey=suspend
-#HandleHibernateKey=hibernate
-#HandleLidSwitch=suspend
-#HandleLidSwitchDocked=ignore
-#PowerKeyIgnoreInhibited=no
-#SuspendKeyIgnoreInhibited=no
-#HibernateKeyIgnoreInhibited=no
-#LidSwitchIgnoreInhibited=yes
-#HoldoffTimeoutSec=30s
-#IdleAction=ignore
-#IdleActionSec=30min
-#RuntimeDirectorySize=10%
-#RemoveIPC=yes
-#InhibitorsMax=8192
-#SessionsMax=8192
-#UserTasksMax=33%
-HandleLidSwitch=hibernate
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-ansible-playbook -i 'localhost,' -c local config.yml
+++ /dev/null
-ansible-playbook -i 'localhost,' -e system_name=X200s -c local config_new.yml
+++ /dev/null
-ansible-playbook -i 'localhost,' -c local user.yml
+++ /dev/null
-ansible-playbook -i 'localhost,' -e system_name=X200s -c local user_new.yml
+++ /dev/null
----
-
-- name: collect officially required packages
- shell: dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-
-- name: add "ifupdown" and "isc-dhcp-client" (to keep internet connection afterwards) and "ansible" (to keep its modules available for continuing the configuration) to required packages
- shell: echo 'ifupdown' >> /tmp/list_white_unsorted && echo 'isc-dhcp-client' >> /tmp/list_white_unsorted && echo 'ansible' >> /tmp/list_white_unsorted && sort /tmp/list_white_unsorted > /tmp/list_white
-
-- name: collect currently installed packages
- shell: dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages && sort /tmp/list_all_packages > /tmp/foo && mv /tmp/foo /tmp/list_all_packages
-
-- name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed
- shell: comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-
-- name: mark all packages from black list as automatically installed
- shell: apt-mark auto $(cat /tmp/list_black)
-
-- name: purge all packages automatically installed that are not depended on
- shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-
-- name: ensure flags directory exists
- file: path=flags state=directory
-
-- name: set initial_purge_happened flag, so that this whole process does not get repeated
- file: path=flags/initial_purge_happened state=touch
+++ /dev/null
----
-
-- name: Set qutebrowser, python3-pypeg2 facts.
- set_fact:
- qutebrowser_deb_url: https://github.com/qutebrowser/qutebrowser/releases/download/v0.11.0/qutebrowser_0.11.0-1_all.deb
- python3pypeg2_deb_url: https://qutebrowser.org/python3-pypeg2_2.15.2-1_all.deb
- qutebrowser_deb_path: /tmp/qutebrowser.deb
- python3pypeg2_deb_path: /tmp/python3-pypeg2.deb
-
-- name: Check if qutebrowser is installed.
- command: dpkg-query -W qutebrowser
- register: qutebrowser_debcheck
- failed_when: qutebrowser_debcheck.rc > 1
- changed_when: qutebrowser_debcheck.rc == 1
-
-- name: Check if qutebrowser-dependency python3-pypeg2 is installed.
- command: dpkg-query -W python3-pypeg2
- register: python3pypeg2_debcheck
- failed_when: python3pypeg2_debcheck.rc > 1
- changed_when: python3pypeg2_debcheck.rc == 1
- when: qutebrowser_debcheck.rc == 1
-
-- name: Download python3-pypeg2 package.
- get_url: url={{ python3pypeg2_deb_url }} dest={{ python3pypeg2_deb_path }}
- when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1
-
-- name: Download qutebrowser package.
- get_url: url={{ qutebrowser_deb_url }} dest={{ qutebrowser_deb_path }}
- when: qutebrowser_debcheck.rc == 1
-
-# We use command: apt as a workaround because the Ansible apt module installs
-# the Depends of the .deb marked as manual while we want them marked as auto.
-- name: Install python3-pypeg2 package,
- command: apt install --yes "{{ python3pypeg2_deb_path}}"
- when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1
-
-- name: Mark python3-pypeg2 package as automatically installed.
- command: apt-mark auto python3-pypeg2
- when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1
-
-# We use command: apt as a workaround because the Ansible apt module installs
-# the Depends of the .deb marked as manual while we want them marked as auto.
-- name: Install qutebrowser package.
- command: apt install --yes "{{ qutebrowser_deb_path}}"
- when: qutebrowser_debcheck.rc == 1
+++ /dev/null
-- hosts: all
- tasks:
-
- - name: ensure ~/.vimbackups directory
- file: state=directory dest=~/.vimbackups
- - name: Ensure dotfile symlinks
- file: state=link force=yes src={{item}} dest=~/.{{item|basename}}
- with_fileglob:
- - ~/config/dotfiles/minimal/*
- - ~/config/dotfiles/user/thinkpad/minimal/*
- - ~/config/dotfiles/user/thinkpad/W530/*
- - name: ensure ~/downloads directory
- file: state=directory dest=~/downloads
+++ /dev/null
-- hosts: all
- tasks:
-
- - name: ensure ~/.vimbackups directory
- file: state=directory dest=~/.vimbackups
- - name: Ensure dotfile symlinks
- file: state=link force=yes src={{item}} dest=~/.{{item|basename}}
- with_fileglob:
- - ~/config/dotfiles/minimal/*
- - ~/config/dotfiles/user/thinkpad/minimal/*
- - ~/config/dotfiles/user/thinkpad/{{ system_name }}/*
- - name: ensure ~/downloads directory
- file: state=directory dest=~/downloads
+++ /dev/null
-#!/usr/bin/env python3
-import lxml
-import argparse
-# use with `find status.plomlompom.com -type f -name "*.html" -exec ./archive_plomroma.py -f {} \;`
-
-parser = argparse.ArgumentParser(description="archive plom's self-hosted pleroma feed")
-parser.add_argument("-f", "--file", dest="file", required=True, help="HTML file to process")
-args = parser.parse_args()
-print("processing", args.file)
-
-def print_tree(node, level=0):
- tag = node.tag
- id = node.get("id")
- classes = node.get("class")
- text = (node.text or "").strip()
- attributes_info = []
- if id:
- attributes_info.append(f"id='{id}'")
- if classes:
- attributes_info.append(f"class='{classes}'")
- attr_str = " ".join(attributes_info)
- print(" " * level + f"<{tag} {attr_str}>", end="")
- if text:
- print(f" -> {text}")
- else:
- print()
- for child in node:
- print_tree(child, level + 1)
-
-with open(args.file, "r", encoding="utf-8") as file:
- content = file.read()
-from lxml import html
-tree = html.fromstring(content)
-
-atom_links = tree.xpath('/html/head/link[@rel="alternate"]')
-for atom_link in atom_links:
- atom_link.getparent().remove(atom_link)
-comments = tree.xpath('//comment()')
-for comment in comments:
- comment.getparent().remove(comment)
-forms = tree.xpath('//form')
-for form in forms:
- form.getparent().remove(form)
-
-
-def has_class(context, element, class_name):
- classes = element[0].get('class', '').split()
- return class_name in classes
-ns = lxml.etree.FunctionNamespace(None)
-ns['has-class'] = has_class
-matching_divs = tree.xpath('//div[has-class(., "activity") and .//div[has-class(., "p-author")] and .//bdi[has-class(., "p-name") and string()!="plomlompom"]]')
-imgs = tree.xpath('//img')
-for img in imgs:
- src = img.get('src')
- if src and not src.startswith('https://status.plomlompom.com/'):
- img.attrib.pop('src', None)
- alt = img.get('alt')
- if alt and not alt.startswith('../'):
- img.attrib.pop('alt', None)
- title = img.get('title')
- if title and not title.startswith('../'):
- img.attrib.pop('title', None)
-removal_notice = "[Removed foreign content for static archive, follow permalink on date to see original.]"
-for activity_div in matching_divs:
- details = activity_div.xpath('.//details[./div[has-class]]')
- for detail in details:
- new_div = lxml.etree.Element("div")
- new_div.text = removal_notice
- detail.getparent().replace(detail, new_div)
- e_contents = activity_div.xpath('.//div[has-class(., "e-content") or has-class(., "activity-content")]')
- for content in e_contents:
- content.clear()
- content.text = removal_notice
-
-header = """
-<p style="text-align: right;"><a href="https://plomlompom.com/contact.html">contact</a> / <a href="https://plomlompom.com/privacy.html">privacy</a></p>
-<p>plomroma (archived): This site is a static archive of a Pleroma instance formerly hosted by me, to preserve my own messages from that time. Foreign content has been removed, but may still be available via links.</p>
-<hr />
-"""
-tree.body.insert(0, html.fromstring(header))
-
-# print_tree(tree)
-with open(args.file, "w", encoding="utf-8") as file:
- file.write(html.tostring(tree, pretty_print=True, encoding="utf-8").decode("utf-8"))
-
-print("done")
+++ /dev/null
-#!/bin/sh
-cd ~/plomlombot-irc
-./run.sh -r 604800 -n broiler_in "#nodrama.de"
+++ /dev/null
-#!/bin/sh
-cd ~/plomlombot-irc
-./run.sh -r 604800 -n hubbabubba "#freakazoid"
+++ /dev/null
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-# Inspired by http://code.stapelberg.de/git/i3status/tree/contrib/wrapper.py
-
-import sys
-import json
-import subprocess
-
-def print_nonbuffered(message):
- sys.stdout.write(message)
- sys.stdout.flush()
-
-if __name__ == '__main__':
- print_nonbuffered(sys.stdin.readline())
- print_nonbuffered(sys.stdin.readline())
- while True:
- line, prefix = sys.stdin.readline(), ''
- if line.startswith(','):
- line, prefix = line[1:], ','
- j = json.loads(line)
- if '1' == subprocess.getoutput('xset q | grep LED')[65]:
- j.insert(len(j), {'full_text' : 'CAPS',
- 'separator_block_width': 40,
- 'color': '#FF0000'})
- print_nonbuffered(prefix+json.dumps(j))
+++ /dev/null
-#!/bin/sh
-
-set -e
-set -x
-
-~/letsencrypt/letsencrypt-auto certonly --standalone -d dump.plomlompom.com
-~/letsencrypt/letsencrypt-auto certonly --standalone -d htwtxt.plomlompom.com
+++ /dev/null
-#!/bin/sh
-
-eth_interface=enp0s25
-wifi_interface=wls1
-
-ensure_wifi_on() {
- if [ ! "$(wifi)" = "wifi = on" ]; then
- #wifi on
- ip link set "$wifi_interface" up
- fi
-}
-
-if ! echo "${1}"; then
- echo 'No command given.'
- print_usage
- exit 1
-elif [ "${1}" = 'eth_connect' ]; then
- ip link set "$eth_interface" up
- dhclient "$eth_interface"
-
-elif [ "${1}" = 'eth_disconnect' ]; then
- ip link set "$eth_interface" down
-
-elif [ "${1}" = 'wifi_scan' ]; then
- ensure_wifi_on
- ip link set "$wifi_interface" up
- iw dev "$wifi_interface" scan | grep SSID
-
-elif [ "${1}" = 'wifi_connect_open' ]; then
- ensure_wifi_on
- iw dev "$wifi_interface" connect "${2}"
- dhclient "$wifi_interface"
- #ip route delete default
- #ip route add default via 192.168.1.1 dev wls1
-
-elif [ "${1}" = 'wifi_connect_wep_ascii' ]; then
- ensure_wifi_on
- iw dev "$wifi_interface" connect "${2}" key 0:"${3}"
- dhclient "$wifi_interface"
-
-elif [ "${1}" = 'wifi_connect_wep_hex' ]; then
- ensure_wifi_on
- iw dev "$wifi_interface" connect "${2}" key d:0:"${3}"
- dhclient "$wifi_interface"
-
-elif [ "${1}" = 'wifi_connect_wpa' ]; then
- ensure_wifi_on
- wpa_passphrase "${2}" "${3}" > /tmp/wpa_supplicant.conf
- wpa_supplicant -B -i "$wifi_interface" -c /tmp/wpa_supplicant.conf
- dhclient "$wifi_interface"
-
-elif [ "${1}" = 'wifi_disconnect' ]; then
- ip link set "$wifi_interface" down
-
-else
- echo 'Available commands:'
- echo ' eth_connect'
- echo ' eth_disconnect'
- echo ' wifi_scan'
- echo ' wifi_connect_open SSID'
- echo ' wifi_connect_wep_ascii SSID KEY'
- echo ' wifi_connect_wep_hex SSID KEY'
- echo ' wifi_connect_wpa SSID KEY'
- echo ' wifi_disconnect'
-fi
+++ /dev/null
-#!/bin/sh
-cd ~/plomlombot-irc
-./run.sh -r 604800 -n botlomplom "#zrolaps"
+++ /dev/null
-#!/bin/sh
-
-service nginx stop
-~/letsencrypt/letsencrypt-auto renew
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-selector=$1
-file=$2
-
-if [ ! -n "$selector" ]; then
- cat << EOF
-Usage: $0 SELECTOR [KEYFILE] - set up DKIM system and configuration
-
-If existing KEYFILE is given, set up DKIM to use SELECTOR and apply key from
-KEYFILE.
-
-If existing KEYFILE is not given, generate KEYFILE and DNS TXT file for
-SELECTOR.
-EOF
- exit
-fi
-
-if [ ! "$(id -u)" -eq "0" ]; then
- echo "Must be run as root."
- exit 1
-fi
-
-set -x
-apt-get -y install opendkim
-
-if [ ! -n "$file" ]; then
- apt-get -y install opendkim-tools
- opendkim-genkey -d plomlompom.com -s $selector
- apt-get -y --purge autoremove opendkim-tools
- set +x
- echo
- echo 'Generated key file at '$selector'.private.'
- echo 'Also generated '$selector'.txt, APPLY its content below to your DNS' \
- 'record.'
- echo 'AFTER the waiting time for DNS propagation RERUN this script with' \
- 'the key file as SECOND parameter (still use selector as first one).'
- echo
- cat $selector.txt
-else
- if [ ! -f "$file" ]; then
- set +x
- echo
- echo "Keyfile $file does not exist."
- exit 1
- fi
- cp ~/config/systemfiles/opendkim.conf /etc/opendkim.conf
- sed -r -i 's/^#Selector .*$/Selector '$selector'/' /etc/opendkim.conf
- mkdir -p /etc/opendkim
- if [ -f /etc/opendkim/dkim.key ]; then
- cp /etc/opendkim/dkim.key /etc/opendkim/dkim.key~
- fi
- cp $file /etc/opendkim/dkim.key
- cp ~/config/systemfiles/main.cf /etc/postfix/main.cf
- cat >> /etc/postfix/main.cf << EOF
-
-# Use opendkim at given port as mail filter.
-non_smtpd_milters = inet:localhost:12301
-EOF
- service opendkim restart
- service postfix restart
- set +x
- echo
- echo 'Ensure the DKIM TXT entry in your DNS record matches!'
-fi
+++ /dev/null
-#!/bin/sh
-set -x
-set -e
-key=$1
-cert=$2
-
-if [ ! "$(id -u)" -eq "0" ]; then
- echo "Must be run as root."
- exit 1
-fi
-
-key_target=/etc/postfix/key.pem
-if [ ! -n "$key" ]; then
- if [ ! -f "${key_target}" ]; then
- (umask 077; openssl genrsa -out "${key_target}" 2048)
- fi
-else
- cp "$key" "${key_target}"
-fi
-
-fqdn=$(postconf -h myhostname)
-cert_target=/etc/postfix/cert.pem
-if [ ! -n "$cert" ]; then
- if [ ! -f "${cert_target}" ]; then
- openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}"
- fi
-else
- cp "$cert" "${cert_target}"
-fi
-
-cat >> /etc/postfix/main.cf << EOF
-
-# Enable server-side STARTTLS.
-smtpd_tls_cert_file = /etc/postfix/cert.pem
-smtpd_tls_key_file = /etc/postfix/key.pem
-smtpd_tls_security_level = may
-EOF
-service postfix restart
+++ /dev/null
-#!/bin/sh
-#
-# This mails to user plom the message in the file named by the first parameter,
-# decoded with the first line as subject and everything below the second line
-# as the message body.
-
-subject=`head -1 $1`
-body=`tail -n +3 $1`
-echo "$body" | mutt -s "$subject" plom
+++ /dev/null
-#!/bin/sh
-#
-# This mails to plom@plomlompom.com the message in the file named by the first
-# parameter, decoded with the first line as subject and everything below the
-# second line as the message body.
-
-subject=`head -1 $1`
-body=`tail -n +3 $1`
-echo "$body" | mutt -s "$subject" plom@plomlompom.com
+++ /dev/null
-#!/bin/sh
-$GOPATH/bin/htwtxt \
- --contact 'see http://www.plomlompom.de/' \
- --mailport 587 \
- --mailserver smtp.gmail.com \
- --mailuser christian.heller@gmail.com \
- --port 8000 \
- --signup
+++ /dev/null
-#!/bin/sh
-
-set -x
-set -e
-
-dir_minimal=~/config/dotfiles/minimal
-dir_user_prefix=~/config/dotfiles/user
-dir_user_minimal=$dir_user_prefix/minimal
-dir_user_machine=$dir_user_prefix/$1/minimal
-if [ "$3" = "" ]; then
- dir_user_variety=$dir_user_prefix/$1/$2
-else
- dir_user_variety=$dir_user_prefix/$1/$2/minimal
-fi
-dir_user_subvariety=$dir_user_prefix/$1/$2/$3
-dir_root=~/config/dotfiles/root
-homedir=`echo ~`
-find ~ -lname $homedir'/config/*' -delete
-for file in `ls $dir_minimal`; do
- ln -fs $dir_minimal/$file ~/.$file
-done
-if [ "$(id -u)" -eq "0" ]; then
- for file in `ls $dir_root`; do
- ln -fs $dir_root/$file ~/.$file
- done
-else
- for file in `ls $dir_user_minimal`; do
- ln -fs $dir_user_minimal/$file ~/.$file
- done
- for file in `ls $dir_user_machine`; do
- ln -fs $dir_user_machine/$file ~/.$file
- done
- for file in `ls $dir_user_variety`; do
- ln -fs $dir_user_variety/$file ~/.$file
- done
- if [ ! "$3" = "" ]; then
- for file in `ls $dir_user_subvariety`; do
- ln -fs $dir_user_subvariety/$file ~/.$file
- done
- fi
-fi
+++ /dev/null
-#!/bin/sh
-
-# A very primitive backlight setter with a hardcoded backlight path, to replace
-# xbacklight which currently does not work on my system.
-
-if ! echo "${1}" | egrep -q '^[0-9]+$' && ! [ "${1}" = "+" -o "${1}" = "-" ]; then
- echo 'Argument must be a number, or "+", or "-".'
- exit 1
-fi
-backlight_dir=/sys/class/backlight/intel_backlight
-max_brightness=$(cat "${backlight_dir}"/max_brightness)
-target="${backlight_dir}"/brightness
-if [ "${1}" = "+" -o "${1}" = "-" ]; then
- fract=$(expr "${max_brightness}" / 20)
- cur_brightness=$(cat "${backlight_dir}"/brightness)
- brightness=$(expr "${cur_brightness}" "${1}" "${fract}")
- if [ "${brightness}" -gt "${max_brightness}" ]; then
- brightness="${max_brightness}"
- elif [ "${brightness}" -lt "0" ]; then
- brightness=0
- fi
- sudo sh -c 'echo '"${brightness}"' > '"${target}"
- exit 0
-fi
-percentage=${1}
-if [ "${percentage}" = '100' ]; then
- sudo sh -c 'echo '"${max_brightness}"' > '"${target}"
-else
- fract=$(expr "${max_brightness}" / 100)
- brightness=$(expr "${percentage}" \* "${fract}")
- sudo sh -c 'echo '"${brightness}"' > '"${target}"
-fi
+++ /dev/null
-#!/bin/sh
-
-# Undo bumblebee setup.
-sudo service bumblebeed stop
-sudo modprobe nvidia-drm
-sudo update-alternatives --set glx /usr/lib/nvidia
-
-# Use special xorg.conf and pass NVIDIA_DIRECT directive to .xinitrc.
-NVIDIA_DIRECT=1 startx -- -config xorg.conf.forced_nvidia
-
-# Recreate bumblebee setup.
-sudo service bumblebeed start
-sudo update-alternatives --auto glx
+++ /dev/null
-#!/bin/sh
-
-# Enforce ~/.weechatrc as sole persistent weechat config file.
-~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder
-rm -rf ~/.weechat/
-WEECHATCONF=`tr '\n' ';' < ~/.weechatrc`
-weechat -r "$WEECHATCONF"
-rm -rf ~/.weechat/
+++ /dev/null
-#!/bin/sh
-
-check_wifi_id_set() {
- if ! echo "${1}" | egrep -q '^[0-9]+$'; then
- echo 'Wifi identifier must be integer.'
- exit 1
- fi
-}
-
-ensure_wifi_on() {
- if [ ! "$(wifi)" = "wifi = on" ]; then
- sudo wifi on
- fi
-}
-
-print_usage() {
- echo 'Available commands:'
- echo ' eth_connect'
- echo ' eth_disconnect'
- echo ' wifi_scan'
- echo ' wifi_info WIFI_ID'
- echo ' wifi_set_wpa WIFI_ID KEY'
- echo ' wifi_connect WIFI_ID'
- echo ' wifi_disconnect'
-}
-
-if ! echo "${1}"; then
- echo 'No command given.'
- print_usage
- exit 1
-elif [ "${1}" = 'eth_connect' ]; then
- wicd-cli --wired --connect
-
-elif [ "${1}" = 'eth_disconnect' ]; then
- wicd-cli --wired --disconnect
-
-elif [ "${1}" = 'wifi_scan' ]; then
- ensure_wifi_on
- wicd-cli --wireless --scan
- wicd-cli --wireless --list-networks
-
-elif [ "${1}" = 'wifi_info' ]; then
- check_wifi_id_set "${2}"
- wicd-cli --wireless --network="${2}" --network-details
-
-elif [ "${1}" = 'wifi_set_wpa' ]; then
- check_wifi_id_set "${2}"
- if ! echo "${3}" ; then
- echo 'No key set.'
- exit 1
- fi
- wicd-cli --wireless --network="${2}" --network-property=enctype --set-to=wpa
- wicd-cli --wireless --network="${2}" --network-property=key --set-to="${3}"
-
-elif [ "${1}" = 'wifi_connect' ]; then
- ensure_wifi_on
- check_wifi_id_set "${2}"
- wicd-cli --wireless --network="${2}" --connect
-
-elif [ "${1}" = 'wifi_disconnect' ]; then
- wicd-cli --wireless --disconnect
-
-else
- echo 'Unknown command.'
- print_usage
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-cd ~/plomlombot-irc
-./run.sh -r 604800 -n histomat "#freie-gesellschaft"
--- /dev/null
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
+# unpredictably so
+ifupdown
+isc-dhcp-client
+# git for the setup directory; cloning works with ca-certificates
+ca-certificates
+git
+# to avoid constant warnings about no locale being found
+locales
+# extremely useful for basic network debugging; missed these more than once in an emergency
+netcat
+iputils-ping
--- /dev/null
+# so that grub learns about kernel updates
+grub-pc
--- /dev/null
+wget
+# for blog and zettel
+pandoc
+# for blog
+html2text
+uuid-runtime
+python3
+# for url_catcher daemon
+python3-venv
+build-essential
+python3-dev
+screen
+postfix
--- /dev/null
+# to get python3.11 tgz
+wget
+build-essential
+zlib1g-dev
+libncurses5-dev
+libgdbm-dev
+libnss3-dev
+libssl-dev
+libreadline-dev
+libffi-dev
+libsqlite3-dev
+libbz2-dev
+# to set up poetry
+curl
--- /dev/null
+weechat
+screen
+gnupg
+dirmngr
--- /dev/null
+# so we can login at all …
+openssh-server
+# firewalling
+nftables
+# We want to be able to use ALL our servers as borg backup destinations.
+borgbackup
--- /dev/null
+# for wifi
+firmware-iwlwifi
+# for tlp
+tlp
+tp-smapi-dkms
+linux-headers-amd64
+#
--- /dev/null
+# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
+cryptsetup-initramfs
+lvm2
+# this provides setupcon which reads /etc/default/console-setup
+console-setup
+# without this, systemd-logind won't run, and so not detect lid close for hibernation
+dbus
+# for X to start at all
+xserver-xorg-video-intel
+# X input: keyboard and touchpad
+xserver-xorg-input-evdev
+xserver-xorg-input-synaptics
+# for startx
+xinit
+# for xrdb
+x11-xserver-utils
+# for startx to run for non-root user
+libpam-systemd
+# window environment
+i3
+i3status
+suckless-tools
+xterm
+# to get sleepy at night
+redshift
+# for alsamixer
+alsa-utils
+# for xterm and browser unicode display
+ttf-unifont
+# also useful
+vim
+sudo
+less
+man-db
+manpages
+procps
+# firefox dependencies
+libdbus-glib-1-2
+libgtk-3-0
+# firefox installation dependencies (remove later?)
+curl
+python3
+bzip2
+wget
+jq
+unzip
+# to mount encrypted USB stick and use its contents
+pmount
+cryptsetup
+openssh-client
+# for syncing
+borgbackup
+# emacs
+emacs
+emacs-common-non-dfsg
+emacs-el
+elpa-ledger
+ledger
+elpa-elfeed
+# mail setup
+isync
+notmuch
+elpa-notmuch
+pinentry-gtk2
+# to mount Android phone
+go-mtpfs
+# to use HP Deskjet F380 scanner from GIMP
+sane-utils
+xsane
+# to use HP Deskjet F380 printer
+cups
+# for wifi
+network-manager
+#
--- /dev/null
+nginx-light
+# for SSL
+certbot
+python3-certbot-nginx
--- /dev/null
+# for gitweb
+gitweb
+fcgiwrap
+# for plomlombot
+gnupg
+dirmngr
+python3-venv
+screen
+# for uwsgi
+build-essential
+python3-dev
--- /dev/null
+#!/bin/sh
+set -e
+
+standard_repo="borg"
+config_file="${HOME}/.borgrepos"
+
+usage() {
+ echo "Need operation as argument, one of:"
+ echo "init"
+ echo "store"
+ echo "check"
+ echo "export_keyfiles"
+ echo "orgpush"
+ echo "orgpull"
+ false
+}
+
+read_pw() {
+ if [ "${#SSH_AGENT_PID}" -eq 0 ]; then
+ eval $(ssh-agent)
+ echo "ssh-add"
+ stty -echo
+ ssh-add
+ stty echo
+ fi
+ if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then
+ stty -echo
+ printf "Borg passphrase: "
+ read password
+ stty echo
+ printf "\n"
+ export BORG_PASSPHRASE="${password}"
+ fi
+}
+
+if [ ! -f "${config_file}" ]; then
+ echo '# file read ends at last newline' >> "${config_file}"
+fi
+if [ "$#" -lt 1 ]; then
+ usage
+fi
+first_arg="$1"
+shift
+if [ "${first_arg}" = "init" ]; then
+ if [ ! "$#" -eq 1 ]; then
+ echo "Need exactly one argument: target of form user@server"
+ false
+ fi
+ target="$1"
+ echo "Initializing: ${target}"
+ borg init --verbose --encryption=keyfile "${target}:${standard_repo}"
+ tmp_file="/tmp/new_borgrepos"
+ echo "${target}" > "${tmp_file}"
+ cat "${config_file}" >> "${tmp_file}"
+ cp "${tmp_file}" "${config_file}"
+elif [ "${first_arg}" = "store" ]; then
+ if [ ! "$#" -eq 2 ]; then
+ echo "Need precisely two arguments: archive name and path to archive."
+ false
+ fi
+ archive_name=$1
+ shift
+ to_backup="$@"
+ read_pw
+ cat "${config_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo="${line}:${standard_repo}"
+ archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}"
+ echo "Creating archive: ${archive}"
+ borg create --verbose --list "${archive}" "${to_backup}"
+ done
+elif [ "${first_arg}" = "check" ]; then
+ if [ ! "$#" -eq 0 ]; then
+ echo "Need no arguments"
+ false
+ fi
+ read_pw
+ cat "${config_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo="${line}:${standard_repo}"
+ echo "Checking repo: ${repo}"
+ borg check --verbose "${repo}"
+ done
+elif [ "${first_arg}" = "export_keyfiles" ]; then
+ if [ ! "$#" -eq 1 ]; then
+ echo "Need output tar file name."
+ false
+ fi
+ tar_target="${1}"
+ tmp_dir="${HOME}/.borgtmp"
+ keyfiles_dir="${tmp_dir}/borg_keyfiles"
+ mkdir -p "${keyfiles_dir}"
+ cat "${config_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo="${line}:${standard_repo}"
+ borg key export "${repo}" "${keyfiles_dir}/${line}"
+ done
+ cur_dir="$(pwd)"
+ cd "${tmp_dir}"
+ target=$(basename "${keyfiles_dir}")
+ tar cf "${tar_target}" "${target}"
+ mv "${tar_target}" "${cur_dir}"
+ cd
+ rm -rf "${tmp_dir}"
+elif [ "${first_arg}" = "orgpush" ]; then
+ archive_name="orgdir"
+ to_backup=~/org
+ read_pw
+ cat "${config_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo="${line}:${standard_repo}"
+ archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}"
+ echo "Creating archive: ${archive}"
+ borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git
+ done
+elif [ "${first_arg}" = "orgpull" ]; then
+ echo "Doing ORGPULL, potentially overwriting important data. Hit Return to continue, last chance to abort!"
+ read _
+ archive_name="orgdir"
+ read_pw
+ cd /
+ cat "${config_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo="${line}:${standard_repo}"
+ archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ')
+ echo "Pulling archive: ${archive}"
+ borg extract --verbose "${repo}::${archive}"
+ break
+ done
+else
+ usage
+fi
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+deb http://deb.debian.org/debian bullseye main contrib non-free
+deb http://security.debian.org/debian-security bullseye-security main contrib non-free
+deb http://deb.debian.org/debian bullseye-updates main contrib non-free
+deb http://ftp.debian.org/debian bullseye-backports main contrib non-free
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+[Unit]
+Description=Scheduled Reboot
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/systemctl --force reboot
--- /dev/null
+[Unit]
+Description=schedule reboot
+
+[Timer]
+Unit=reboot.service
+OnCalendar=*-*-* 7:00:00
+
+[Install]
+WantedBy=timers.target
--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www-dump/;
+
+ location /dump/ {
+ autoindex on;
+ # add_header "Access-Control-Allow-Origin" *;
+ }
+
+ location /geheim/ {
+ auth_basic "geheim geheim";
+ auth_basic_user_file /var/www-dump/password_geheim;
+ autoindex on;
+ }
+
+ location /zettel/ {
+ # rewrite non-suffixed filenames to .html ones
+ rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html;
+ autoindex on;
+ }
+
+ location /uwsgi/ {
+ include uwsgi_params;
+ uwsgi_pass 127.0.0.1:3031;
+ }
+}
--- /dev/null
+[Unit]
+Description=url_catcher screen
+
+[Service]
+Type=forking
+User=plom
+# The LC_ALL fixes submission failing on some articles.
+ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh'
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+deb http://deb.debian.org/debian bullseye main contrib non-free
+deb-src http://deb.debian.org/debian bullseye main contrib non-free
+deb http://security.debian.org/debian-security bullseye-security main contrib non-free
+deb http://deb.debian.org/debian bullseye-updates main contrib non-free
+deb http://ftp.debian.org/debian bullseye-backports main contrib non-free
--- /dev/null
+server {
+ listen 443 ssl;
+ client_max_body_size 4G;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+
+ # via <https://www.digitalocean.com/community/tutorials/how-to-improve-website-performance-using-gzip-and-nginx-on-ubuntu-20-04>
+ # and https://docs.microblog.pub/installing.html#nginx-config-tips
+ gzip on;
+ gzip_disable "msie6";
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 6;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_min_length 256;
+ gzip_types
+ application/atom+xml
+ application/geo+json
+ application/javascript
+ application/x-javascript
+ application/json
+ application/ld+json
+ application/manifest+json
+ application/rdf+xml
+ application/rss+xml
+ application/xhtml+xml
+ application/xml
+ font/eot
+ font/otf
+ font/ttf
+ image/svg+xml
+ text/css
+ text/javascript
+ text/plain
+ text/xml
+
+ text/html
+
+ application/javascript
+ application/activity+json
+ application/octet-stream;
+
+ location / {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_redirect off;
+ proxy_buffering off;
+ proxy_pass http://localhost:8000;
+ }
+}
+
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
--- /dev/null
+[Unit]
+Description=microblog.pub
+
+[Service]
+Type=simple
+User=plom
+WorkingDirectory=/home/plom/testing.microblog.pub/
+ExecStart=/bin/sh -c '/home/plom/.local/bin/poetry run supervisord -c misc/supervisord.conf -n'
+Environment=VENV_DIR=/home/plom/.cache/pypoetry/virtualenvs/REPLACE_venv_dir_ECALPER
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=microblog.pub pruning
+
+[Service]
+Type=simple
+ExecStart=/bin/sh -c '.prune.sh'
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=schedule microblog.pub pruning
+
+[Timer]
+Unit=microblogpub_prune.service
+OnCalendar=*-*-* 7:00:00
+
+[Install]
+WantedBy=timers.target
--- /dev/null
+[Unit]
+Description=Attempt encryption of old chat logs
+[Service]
+Type=oneshot
+User=plom
+ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh'
--- /dev/null
+[Unit]
+Description=Attempt encryption of old chatlogs once every minute.
+
+[Timer]
+OnCalendar=*-*-* *:*:00
+
+[Install]
+WantedBy=timers.target
\ No newline at end of file
--- /dev/null
+# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin no # plomlompom's security rule
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
+ClientAliveInterval 15
--- /dev/null
+# ------------------------------------------------------------------------------
+# tlp - Parameters for power saving
+# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html
+
+# Hint: some features are disabled by default, remove the leading # to enable
+# them.
+
+# Set to 0 to disable, 1 to enable TLP.
+TLP_ENABLE=1
+
+# Operation mode when no power supply can be detected: AC, BAT.
+# Concerns some desktop and embedded hardware only.
+TLP_DEFAULT_MODE=AC
+
+# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE
+# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC.
+TLP_PERSISTENT_DEFAULT=0
+
+# Seconds laptop mode has to wait after the disk goes idle before doing a sync.
+# Non-zero value enables, zero disables laptop mode.
+DISK_IDLE_SECS_ON_AC=0
+DISK_IDLE_SECS_ON_BAT=2
+
+# Dirty page values (timeouts in secs).
+MAX_LOST_WORK_SECS_ON_AC=15
+MAX_LOST_WORK_SECS_ON_BAT=60
+
+# Hint: CPU parameters below are disabled by default, remove the leading #
+# to enable them, otherwise kernel default values are used.
+
+# Select a CPU frequency scaling governor.
+# Intel Core i processor with intel_pstate driver:
+# powersave(*), performance.
+# Older hardware with acpi-cpufreq driver:
+# ondemand(*), powersave, performance, conservative, schedutil.
+# (*) is recommended.
+# Hint: use tlp-stat -p to show the active driver and available governors.
+# Important:
+# powersave for intel_pstate and ondemand for acpi-cpufreq are power
+# efficient for *almost all* workloads and therefore kernel and most
+# distributions have chosen them as defaults. If you still want to change,
+# you should know what you're doing! You *must* disable your distribution's
+# governor settings or conflicts will occur.
+#CPU_SCALING_GOVERNOR_ON_AC=powersave
+#CPU_SCALING_GOVERNOR_ON_BAT=powersave
+
+# Set the min/max frequency available for the scaling governor.
+# Possible values strongly depend on your CPU. For available frequencies see
+# the output of tlp-stat -p.
+#CPU_SCALING_MIN_FREQ_ON_AC=0
+#CPU_SCALING_MAX_FREQ_ON_AC=0
+#CPU_SCALING_MIN_FREQ_ON_BAT=0
+#CPU_SCALING_MAX_FREQ_ON_BAT=0
+
+# Set energy performance hints (HWP) for Intel P-state governor:
+# performance, balance_performance, default, balance_power, power
+# Values are given in order of increasing power saving.
+# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required.
+CPU_HWP_ON_AC=balance_performance
+CPU_HWP_ON_BAT=balance_power
+
+# Set Intel P-state performance: 0..100 (%).
+# Limit the max/min P-state to control the power dissipation of the CPU.
+# Values are stated as a percentage of the available performance.
+# Requires an Intel Core i processor with intel_pstate driver.
+#CPU_MIN_PERF_ON_AC=0
+#CPU_MAX_PERF_ON_AC=100
+#CPU_MIN_PERF_ON_BAT=0
+#CPU_MAX_PERF_ON_BAT=30
+
+# Set the CPU "turbo boost" feature: 0=disable, 1=allow
+# Requires an Intel Core i processor.
+# Important:
+# - This may conflict with your distribution's governor settings
+# - A value of 1 does *not* activate boosting, it just allows it
+#CPU_BOOST_ON_AC=1
+#CPU_BOOST_ON_BAT=0
+
+# Minimize number of used CPU cores/hyper-threads under light load conditions:
+# 0=disable, 1=enable.
+SCHED_POWERSAVE_ON_AC=0
+SCHED_POWERSAVE_ON_BAT=1
+
+# Kernel NMI Watchdog:
+# 0=disable (default, saves power), 1=enable (for kernel debugging only).
+NMI_WATCHDOG=0
+
+# Change CPU voltages aka "undervolting" - Kernel with PHC patch required.
+# Frequency voltage pairs are written to:
+# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls
+# CAUTION: only use this, if you thoroughly understand what you are doing!
+#PHC_CONTROLS="F:V F:V F:V F:V"
+
+# Set CPU performance versus energy savings policy:
+# performance, balance-performance, default, balance-power, power.
+# Values are given in order of increasing power saving.
+# Requires kernel module msr and x86_energy_perf_policy from linux-tools.
+ENERGY_PERF_POLICY_ON_AC=performance
+ENERGY_PERF_POLICY_ON_BAT=power
+
+# Disk devices; separate multiple devices with spaces (default: sda).
+# Devices can be specified by disk ID also (lookup with: tlp diskid).
+DISK_DEVICES="sda sdb"
+
+# Disk advanced power management level: 1..254, 255 (max saving, min, off).
+# Levels 1..127 may spin down the disk; 255 allowable on most drives.
+# Separate values for multiple disks with spaces. Use the special value 'keep'
+# to keep the hardware default for the particular disk.
+DISK_APM_LEVEL_ON_AC="254 254"
+DISK_APM_LEVEL_ON_BAT="128 128"
+
+# Hard disk spin down timeout:
+# 0: spin down disabled
+# 1..240: timeouts from 5s to 20min (in units of 5s)
+# 241..251: timeouts from 30min to 5.5 hours (in units of 30min)
+# See 'man hdparm' for details.
+# Separate values for multiple disks with spaces. Use the special value 'keep'
+# to keep the hardware default for the particular disk.
+#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0"
+#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0"
+
+# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq).
+# Separate values for multiple disks with spaces. Use the special value 'keep'
+# to keep the kernel default scheduler for the particular disk.
+#DISK_IOSCHED="cfq cfq"
+
+# AHCI link power management (ALPM) for disk devices:
+# min_power, med_power_with_dipm(*), medium_power, max_performance.
+# (*) Kernel >= 4.15 required, then recommended.
+# Multiple values separated with spaces are tried sequentially until success.
+SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance"
+SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power"
+
+# Exclude host devices from AHCI link power management.
+# Separate multiple hosts with spaces.
+#SATA_LINKPWR_BLACKLIST="host1"
+
+# Runtime Power Management for AHCI host and disks devices:
+# on=disable, auto=enable.
+# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss.
+#AHCI_RUNTIME_PM_ON_AC=on
+#AHCI_RUNTIME_PM_ON_BAT=on
+
+# Seconds of inactivity before disk is suspended.
+AHCI_RUNTIME_PM_TIMEOUT=15
+
+# PCI Express Active State Power Management (PCIe ASPM):
+# default, performance, powersave.
+PCIE_ASPM_ON_AC=performance
+PCIE_ASPM_ON_BAT=powersave
+
+# Radeon graphics clock speed (profile method): low, mid, high, auto, default;
+# auto = mid on BAT, high on AC; default = use hardware defaults.
+RADEON_POWER_PROFILE_ON_AC=high
+RADEON_POWER_PROFILE_ON_BAT=low
+
+# Radeon dynamic power management method (DPM): battery, performance.
+RADEON_DPM_STATE_ON_AC=performance
+RADEON_DPM_STATE_ON_BAT=battery
+
+# Radeon DPM performance level: auto, low, high; auto is recommended.
+RADEON_DPM_PERF_LEVEL_ON_AC=auto
+RADEON_DPM_PERF_LEVEL_ON_BAT=auto
+
+# WiFi power saving mode: on=enable, off=disable; not supported by all adapters.
+WIFI_PWR_ON_AC=off
+WIFI_PWR_ON_BAT=on
+
+# Disable wake on LAN: Y/N.
+WOL_DISABLE=Y
+
+# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
+# A value of 0 disables, >=1 enables power saving (recommended: 1).
+SOUND_POWER_SAVE_ON_AC=0
+SOUND_POWER_SAVE_ON_BAT=1
+
+# Disable controller too (HDA only): Y/N.
+SOUND_POWER_SAVE_CONTROLLER=Y
+
+# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable.
+# Drive can be powered on again by releasing (and reinserting) the eject lever
+# or by pressing the disc eject button on newer models.
+# Note: an UltraBay/MediaBay hard disk is never powered off.
+BAY_POWEROFF_ON_AC=0
+BAY_POWEROFF_ON_BAT=0
+# Optical drive device to power off (default sr0).
+BAY_DEVICE="sr0"
+
+# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable.
+RUNTIME_PM_ON_AC=on
+RUNTIME_PM_ON_BAT=auto
+
+# Exclude PCI(e) device adresses the following list from Runtime PM
+# (separate with spaces). Use lspci to get the adresses (1st column).
+#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6"
+
+# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM.
+# Default when unconfigured is "amdgpu nouveau nvidia radeon" which
+# prevents accidential power-on of dGPU in hybrid graphics setups.
+# Use "" to disable the feature completely.
+# Separate multiple drivers with spaces.
+#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon"
+
+# Set to 0 to disable, 1 to enable USB autosuspend feature.
+USB_AUTOSUSPEND=1
+
+# Exclude listed devices from USB autosuspend (separate with spaces).
+# Use lsusb to get the ids.
+# Note: input devices (usbhid) are excluded automatically
+#USB_BLACKLIST="1111:2222 3333:4444"
+
+# Bluetooth devices are excluded from USB autosuspend:
+# 0=do not exclude, 1=exclude.
+USB_BLACKLIST_BTUSB=0
+
+# Phone devices are excluded from USB autosuspend:
+# 0=do not exclude, 1=exclude (enable charging).
+USB_BLACKLIST_PHONE=0
+
+# Printers are excluded from USB autosuspend:
+# 0=do not exclude, 1=exclude.
+USB_BLACKLIST_PRINTER=1
+
+# WWAN devices are excluded from USB autosuspend:
+# 0=do not exclude, 1=exclude.
+USB_BLACKLIST_WWAN=1
+
+# Include listed devices into USB autosuspend even if already excluded
+# by the blacklists above (separate with spaces).
+# Use lsusb to get the ids.
+#USB_WHITELIST="1111:2222 3333:4444"
+
+# Set to 1 to disable autosuspend before shutdown, 0 to do nothing
+# (workaround for USB devices that cause shutdown problems).
+#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
+
+# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown
+# on system startup: 0=disable, 1=enable.
+# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below
+# are ignored when this is enabled!
+RESTORE_DEVICE_STATE_ON_STARTUP=0
+
+# Radio devices to disable on startup: bluetooth, wifi, wwan.
+# Separate multiple devices with spaces.
+#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan"
+
+# Radio devices to enable on startup: bluetooth, wifi, wwan.
+# Separate multiple devices with spaces.
+#DEVICES_TO_ENABLE_ON_STARTUP="wifi"
+
+# Radio devices to disable on shutdown: bluetooth, wifi, wwan.
+# (workaround for devices that are blocking shutdown).
+#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan"
+
+# Radio devices to enable on shutdown: bluetooth, wifi, wwan.
+# (to prevent other operating systems from missing radios).
+#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan"
+
+# Radio devices to enable on AC: bluetooth, wifi, wwan.
+#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
+
+# Radio devices to disable on battery: bluetooth, wifi, wwan.
+#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan"
+
+# Radio devices to disable on battery when not in use (not connected):
+# bluetooth, wifi, wwan.
+#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan"
+
+# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module
+# required). Charging starts when the remaining capacity falls below the
+# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value.
+# Main / Internal battery (values in %)
+START_CHARGE_THRESH_BAT0=75
+STOP_CHARGE_THRESH_BAT0=80
+# Ultrabay / Slice / Replaceable battery (values in %)
+#START_CHARGE_THRESH_BAT1=75
+#STOP_CHARGE_THRESH_BAT1=80
+
+# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable.
+#RESTORE_THRESHOLDS_ON_BAT=1
+
+# ------------------------------------------------------------------------------
+# tlp-rdw - Parameters for the radio device wizard
+# Possible devices: bluetooth, wifi, wwan.
+
+# Hints:
+# - Parameters are disabled by default, remove the leading # to enable them
+# - Separate multiple radio devices with spaces
+
+# Radio devices to disable on connect.
+#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
+#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"
+#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"
+
+# Radio devices to enable on disconnect.
+#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"
+#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
+#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
+
+# Radio devices to enable/disable when docked.
+#DEVICES_TO_ENABLE_ON_DOCK=""
+#DEVICES_TO_DISABLE_ON_DOCK=""
+
+# Radio devices to enable/disable when undocked.
+#DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
+#DEVICES_TO_DISABLE_ON_UNDOCK=""
--- /dev/null
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# # The primary network interface – commented out so network-manager can handle this!
+# allow-hotplug enp0s25
+# iface enp0s25 inet dhcp
+# # This is an autoconfigured IPv6 interface
+# iface enp0s25 inet6 auto
--- /dev/null
+# This file is part of systemd.
+#
+# See logind.conf(5) for details.
+
+[Login]
+HandleLidSwitch=hibernate
--- /dev/null
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0; policy drop;
+ iif lo accept comment "accept localhost traffic"
+ ct state invalid drop comment "drop invalid connections"
+ ct state established, related accept comment "accept traffic originated from us"
+ tcp dport 22 accept comment "accept SSH on default port"
+ tcp dport 80 accept comment "accept HTTP on default port"
+ tcp dport 443 accept comment "accept HTTPS on default port"
+ ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+ }
+ chain forward {
+ type filter hook forward priority 0; policy drop;
+ }
+ chain output {
+ type filter hook output priority 0; policy accept;
+ }
+}
--- /dev/null
+# system integration
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+# is expected even if empty
+events {
+}
+
+http {
+ # define content-type headers
+ include /etc/nginx/mime.types;
+ charset utf-8;
+
+ # Some standard optimizations, i.e. Debian default. Explained in
+ # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
+ # Not that I understand it all …
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+
+ # logging deactivated due to GDPR
+ #access_log /var/log/nginx/access.log;
+ #error_log /var/log/nginx/error.log;
+ access_log off;
+ error_log off;
+
+ # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+
+ # Redirect all HTTP requests to HTTPS.
+ server {
+ listen 80;
+ return 301 https://$host$request_uri;
+ }
+}
--- /dev/null
+# path to git projects (<project>.git)
+$projectroot = "/var/repos";
+
+# don't show repos without git-daemon-export-ok file
+$export_ok = "git-daemon-export-ok";
+
+# directory to use for temp files
+# explicitely set by Debian so it's probably a good choice
+$git_temp = "/tmp";
+
+# git-diff-tree(1) options to use for generated patches
+# we don't want to to guess renames, so empty
+@diff_opts = ();
+
+# Base path for where to find the repos for cloning.
+@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
+
+# allow snapshots
+$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
+
+# insert header for GDPR compliance
+$site_header = "/var/www/header.html"
--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/html/;
+ index index.html index.htm index.nginx-debian.html;
+
+ # serve /var/repos/* for HTTPS git cloning
+ location ~ /repos/clone(/.*) {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ # Commented out so only repos are served that contain a
+ # git-daemon-export-ok file.
+ # fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /var/repos;
+ fastcgi_param PATH_INFO $1;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
+
+ # gitweb static files
+ location /repos/static/ {
+ alias /usr/share/gitweb/static/;
+ }
+
+ # gitweb; this needs packages fcgiwrap and gitweb
+ location /repos/ {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
+ fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
+
+ # login-protected IRC logs
+ location ~ ^/irclogs/([^/]+)/ {
+ auth_basic "$1 logs";
+ auth_basic_user_file /var/www/irclogs_pw/$1;
+ autoindex on;
+ }
+
+ location /guiltcards/ {
+ include uwsgi_params;
+ uwsgi_pass 127.0.0.1:9000;
+ }
+}
--- /dev/null
+[Unit]
+Description=plomlombot screen
+
+[Service]
+Type=simple
+User=plom
+ExecStart=/bin/sh -c '~/plomlombot_daemon.sh'
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Other helpful aliases
+alias sshauth='eval $(ssh-agent) && ssh-add'
+alias xrandrbig='xrandr --output LVDS-1 --off'
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+ colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+ tput_color="\[$tput_color\]"
+ tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
--- /dev/null
+! otherwise various applications will assume merely 8 colors
+XTerm.termName: xterm-256color
+
+! font
+! actually, "mono" is already the default for faceName (it will
+! pick whatever fc-match mono delivers), but we need to set _some_
+! faceName to trigger XTerm activating TrueType fonts
+! (XTerm*fontRender by itself won't do the trick), and we want
+! TrueType fonts because, well, they scale better, and XTerm lets them
+! fall back on alternatives (hi there ttf-unifont) when a Unicode
+! glyph is not found
+XTerm*faceName: mono
+
+! white on black
+XTerm*reverseVideo: on
+
+! blink screen instead of sound
+XTerm*visualBell: on
+
+! proper ALT as META key treatment
+XTerm*eightBitInput: false
+
+! font sizes
+XTerm*faceSize: 8
+XTerm*faceSize1: 4
+XTerm*faceSize2: 5
+XTerm*faceSize3: 6
+XTerm*faceSize4: 8
+XTerm*faceSize5: 14
+XTerm*faceSize6: 25
+
+! colors
+! black
+XTerm*color0: #202020
+XTerm*color8: #3F3F3F
+! red
+XTerm*color1: #A82020
+XTerm*color9: #E82020
+! green
+XTerm*color2: #20A820
+XTerm*color10: #20E820
+! yellow
+XTerm*color3: #A8A820
+XTerm*color11: #E8E820
+! blue
+XTerm*color4: #3F3FFF
+XTerm*color12: #9F9FFF
+! magenta
+XTerm*color5: #A83FFF
+XTerm*color13: #E89FFF
+! cyan
+XTerm*color6: #3FA8FF
+XTerm*color14: #9FE8FF
+! white
+XTerm*color7: #A8A8A8
+XTerm*color15: #E8E8E8
--- /dev/null
+plom@plomlompom.com
+plom@mail.plomlompom.com
+plom@play.plomlompom.com
+# file read ends at last newline
--- /dev/null
+# plomlompom's i3-wm configuration
+
+# Font for i3 text
+font pango:Terminus 8px
+
+# Force "tabbed" as default layout for new windows.
+workspace_layout tabbed
+
+# Make the Windows key the modifier key for all i3-wm actions.
+set $mod Mod4
+floating_modifier $mod
+
+# Launch xterm.
+bindsym $mod+Return exec xterm
+
+# Launch programs via dmenu.
+bindsym $mod+d exec dmenu_run
+bindsym $mod+x exec dmenu_run
+
+# Kill window.
+bindsym $mod+Shift+Q kill
+
+# Move focus between windows.
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# Don't move focus with mouse.
+focus_follows_mouse no
+
+# Move windows.
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# Resize windows
+bindsym $mod+h resize shrink width 1 px or 1 ppt
+bindsym $mod+l resize grow width 1 px or 1 ppt
+bindsym $mod+j resize shrink height
+bindsym $mod+k resize grow height
+
+# Toggle fullscreen for focused window.
+bindsym $mod+f fullscreen
+
+# Toggle floating of window, focus on floating or tabbed windows.
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+space focus mode_toggle
+
+# Switch to workspace x.
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# Move window to workspace x.
+bindsym $mod+Shift+exclam move workspace 1
+bindsym $mod+Shift+quotedbl move workspace 2
+bindsym $mod+Shift+section move workspace 3
+bindsym $mod+Shift+dollar move workspace 4
+bindsym $mod+Shift+percent move workspace 5
+bindsym $mod+Shift+ampersand move workspace 6
+bindsym $mod+Shift+slash move workspace 7
+bindsym $mod+Shift+parenleft move workspace 8
+bindsym $mod+Shift+parenright move workspace 9
+bindsym $mod+Shift+equal move workspace 10
+
+# Reload i3 config file, restart (keeping sesion) i3, exit i3.
+bindsym $mod+Shift+C reload
+bindsym $mod+Shift+R restart
+bindsym $mod+Shift+P exit
+
+# Select "i3status" as i3 status bar, hide systray icons.
+bar {
+ tray_output none
+ status_command i3status
+}
--- /dev/null
+;; general layout
+;; ==============
+
+;; need no stinkin emacs help screen as start up, and no menu bar
+(setq inhibit-startup-screen t)
+(menu-bar-mode -1)
+
+;; highlight cursor line, parentheses
+(global-hl-line-mode 1)
+(show-paren-mode 1)
+
+;; show line numbers, use separator space
+(global-linum-mode)
+(setq linum-format "%d ")
+
+;; count cursor column, row in mode line
+(setq column-number-mode t)
+
+;; settings to make GUI tolerable
+(if window-system
+ (progn
+ (add-to-list 'default-frame-alist '(foreground-color . "white"))
+ (add-to-list 'default-frame-alist '(background-color . "black"))
+ (set-face-attribute 'default nil :height 80)
+ (scroll-bar-mode -1)
+ (setq visible-bell t)
+ (setq linum-format "%d")))
+
+;; use as default browser what XDG offers
+(setq-default browse-url-browser-function 'browse-url-xdg-open)
+
+
+
+;; general keybindings
+;; ===================
+
+;; create and use a minimal global map using just the self-insert command
+;; bindings and a selection of some to me very common keystrokes
+(setq minimal-map (make-sparse-keymap))
+(substitute-key-definition 'self-insert-command 'self-insert-command
+ minimal-map global-map)
+(use-global-map minimal-map)
+(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
+(global-set-key (kbd "RET") 'newline)
+(global-set-key (kbd "TAB") 'indent-for-tab-command)
+(global-set-key (kbd "<up>") 'previous-line)
+(global-set-key (kbd "<down>") 'next-line)
+(global-set-key (kbd "<left>") 'left-char)
+(global-set-key (kbd "<right>") 'right-char)
+(global-set-key (kbd "<prior>") 'scroll-down-command)
+(global-set-key (kbd "<next>") 'scroll-up-command)
+(global-set-key (kbd "M-x") 'execute-extended-command)
+(global-set-key (kbd "C-g") 'keyboard-quit)
+;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
+;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
+;; note how to switch back to the original map: (use-global-map global-map)
+(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
+
+
+
+;; minibuffer
+;; ==========
+
+;; incremental minibuffer completion
+(icomplete-mode 1)
+
+
+
+;; text editing
+;; ============
+
+;; tabs are evil
+(setq-default indent-tabs-mode nil)
+(setq-default tab-width 4)
+(setq indent-line-function 'insert-tab)
+
+;; show trailing whitespace
+(setq-default show-trailing-whitespace 1)
+
+;; on save, ask whether to ensure text file's last line ends in a
+;; newline character
+(setq require-final-newline 1)
+
+;; use dedicated directory for version-controlled, endless backups;
+;; never delete old versions
+(setq make-backup-files t
+ backup-directory-alist `(("." . "~/.emacs_backups"))
+ backup-by-copying t
+ version-control t
+ delete-old-versions 1) ;; neither t nor nil: never delete
+
+
+;; package management
+;; ==================
+
+;; where we get packages from
+(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
+ ("melpa-unstable" . "https://melpa.org/packages/")
+ ("melpa-stable" . "https://stable.melpa.org/packages/")))
+
+;; ensure certain packages are installed (actually, we use Debian repos here)
+;; credit to <https://stackoverflow.com/a/10093312>
+;(setq package-list '(elfeed ledger-mode))
+;(package-initialize)
+;(dolist (package package-list)
+; (unless (package-installed-p package)
+; (package-install package)))
+
+
+
+;;; window management
+;;; =================
+;
+;;; track window configurations to allow window config undo
+;(winner-mode 1)
+
+
+
+;; mail setup
+;; ==========
+
+(setq send-mail-function 'smtpmail-send-it)
+(setq smtpmail-smtp-server "mail.plomlompom.com")
+(setq smtpmail-smtp-service 465)
+(setq smtpmail-stream-type 'ssl)
+(setq smtpmail-smtp-user "plom")
+(setq mml-secure-openpgp-encrypt-to-self t)
+(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
+
+;(setq gnutls-log-level 0)
+
+;; if we don't set this, we get this warning:
+;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
+;; has been lowered to 256 bits and this may allow decryption of the session data
+(setq gnutls-min-prime-bits 1024)
+
+;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
+;; stream process, seemingly unless the /message/ function is called at the right
+;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
+;; in /network-stream-get-response/ right after "(goto-char start)"; this works
+;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
+;; buffer is not relevant, but maybe writing to the echo area is); activing the
+;; gnutls logging is just a hack to achieve such calls to /message/ in the
+;; /network-stream-open-tls/ flow.
+(setq gnutls-log-level 1) ; miraculously makes smtpmail work
+
+;; constructs From: domain if mail composer directly called (from without
+;; notmuch), but we don't actually intend to do that
+;(setq mail-host-address "plomlompom.com")
+
+;; otherwise notmuch becomes extremely slow in some cases
+(setq-default notmuch-show-indent-content nil)
+
+;; this only works if we use notmuch-mua-send instead of message-send
+(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
+
+;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
+;; in the message ID
+(setq mail-host-address "plomlompom.com")
+
+;; notmuch saved searches
+(setq notmuch-saved-searches
+ '((:name "inbox" :query "tag:unread and folder:inbox")
+ (:name "all" :query "tag:unread not folder:maildir/Trash")
+ (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
+ (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
+ (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
+ (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
+ (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
+
+
+
+;; org mode
+;; ========
+
+;; unsure why, but to re-set the key map, we not only have to explicitely do it
+;; only after org-mode loading, but also have to explicitely overwrite the
+;; C-c keybinding; TODO: investigate
+(with-eval-after-load 'org
+ (setq org-mode-map (make-sparse-keymap))
+ (define-key org-mode-map (kbd "C-c") nil)
+ (define-key org-mode-map (kbd "TAB") 'org-cycle)
+ (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
+
+;; don't truncate lines by default
+(setq org-startup-truncated nil)
+
+;; basic org-capture config
+(setq org-capture-templates
+ '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
+(add-hook 'org-capture-mode-hook 'evil-insert-state)
+
+;; agenda view on startup
+(load-library "find-lisp")
+(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
+(setq org-agenda-span 90)
+(setq org-agenda-use-time-grid nil)
+(add-hook 'emacs-startup-hook (lambda ()
+ (org-agenda-list)
+ (switch-to-buffer "*Org Agenda*")
+ (other-window 1)))
+
+;;; for calendar, use ISO date style
+;(setq calendar-date-style 'iso)
+;(setq diary-number-of-entries 7)
+;(diary)
+;(setq org-agenda-time-grid '((today require-timed remove-match)
+; #("----------------" 0 16 (org-heading t))
+; (0 200 400 600 800 1000 1200
+; 1400 1600 1800 2000 2200)))
+
+;; empty org-agenda-mode keybindings
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (setq org-agenda-mode-map (make-sparse-keymap))))
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (use-local-map (make-sparse-keymap))))
+
+;; org-publish-all
+(setq org-publish-project-alist
+ '(
+ ("website"
+ :base-directory "~/org/web/"
+ :base-extension "org"
+ :publishing-directory "~/html/"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4 ; Just the default for this project.
+ :auto-preamble t
+ )))
+
+;; use [ki:] syntax to hide stuff from exports
+(defun classify-information (text backend info)
+ "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
+ (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
+(add-hook 'org-export-filter-plain-text-functions 'classify-information)
+
+;; add HTML validator link to exports
+(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
+
+
+
+;;; Info mode
+;;; =========
+
+(setq Info-mode-map (make-sparse-keymap))
+(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
+(define-key Info-mode-map (kbd "u") 'Info-up)
+(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
+(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
+(define-key Info-mode-map (kbd "H") 'Info-history-back)
+(define-key Info-mode-map (kbd "L") 'Info-history-forward)
+(define-key Info-mode-map (kbd "I") 'Info-goto-node)
+(define-key Info-mode-map (kbd "i") 'Info-index)
+
+
+
+;; help mode
+;; =========
+
+(setq help-mode-map (make-sparse-keymap))
+(define-key help-mode-map (kbd "TAB") 'forward-button)
+(define-key help-mode-map (kbd "RET") 'help-follow)
+(define-key help-mode-map (kbd "<backtab>") 'backward-button)
+
+
+
+;; elfeed
+;; ======
+
+(require 'elfeed) ; needed so we can set the font faces
+(set-face-background 'elfeed-search-title-face "magenta")
+(set-face-background 'elfeed-search-unread-count-face "magenta")
+(setq elfeed-feeds
+ '("https://capsurvival.blogspot.com/feeds/posts/default"
+ "https://jungle.world/rss.xml"
+ "http://news.dieweltistgarnichtso.net/bin/index.xml"
+ "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
+ "http://www.tagesschau.de/xml/atom"))
+(setq elfeed-search-mode-map (make-sparse-keymap))
+(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
+(defun elfeed-search-mark-as-read() (interactive)
+ (elfeed-search-untag-all 'unread))
+(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
+(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
+(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
+(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
+(setq elfeed-show-mode-map (make-sparse-keymap))
+(define-key elfeed-show-mode-map (kbd "u") 'elfeed)
+(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
+(define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
+(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
+(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
+(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
+(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
+
+
+
+;; eww
+;; ===
+
+(setq eww-mode-map (make-sparse-keymap))
+(define-key eww-mode-map (kbd "TAB") 'shr-next-link)
+(define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
+(define-key eww-mode-map (kbd "H") 'eww-back-url)
+(define-key eww-mode-map (kbd "L") 'eww-forward-url)
+
+
+
+;; ledger
+;; ======
+(setq ledger-mode-map (make-sparse-keymap))
+(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
+
+
+
+;;; plomvi mode
+;;; ===========
+
+(defvar plomvi-return-combo (kbd "C-c"))
+(load "~/public_repos/plomvi.el/plomvi.el")
+(plomvi-global-mode 1)
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
--- /dev/null
+IMAPAccount plom
+# Address to connect to
+Host mail.plomlompom.com
+User plom
+# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
+# therefore the pw in ~/.authinfo should not be longer than that.
+PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
+SSLType IMAPS
+AuthMechs LOGIN
+
+IMAPStore core-remote
+Account plom
+
+MaildirStore core-local
+# The trailing "/" is important
+Path ~/mail/maildir/
+Inbox ~/mail/inbox/
+
+Channel core
+Master :core-remote:
+Slave :core-local:
+Patterns *
+# Automatically create missing mailboxes, both locally and on the server
+Create Both
+# Save the synchronization state files in the relevant directory
+SyncState *
+# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
+Expunge Both
--- /dev/null
+[database]
+path=/home/plom/mail
+[search]
+exclude_tags=deleted;spam;
+# the fields below set the From: if the mail composer is called from
+# within notmuch
+[user]
+name=Christian Heller
+primary_email=plom@plomlompom.com
--- /dev/null
+sanitize tridactyllocal tridactylsync
+guiset statuspanel top-right
+guiset tabs autohide
+set newtab file:///opt/firefox/blank.html
+autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
+bind / fillcmdline find
+bind n findnext 1
+bind N findnext -1
+set findcase insensitive
+bind j scrollline 3
+bind k scrollline -3
+set hintuppercase false
+set searchengine duckduckgo
--- /dev/null
+# X init configuration
+
+# Set keymap.
+setxkbmap de
+
+# Map CapsLock to Compose key.
+xmodmap -e "clear Lock"
+xmodmap -e "keycode 66 = Multi_key"
+
+# Load xterm settings
+xrdb -merge ~/.Xresources
+
+# Redshift to Berlin, Germany.
+redshift -rl 53:13 &
+
+# Launch window manager.
+i3
--- /dev/null
+#!/bin/sh
+set -e
+
+basedir="/home/plom/mail/maildir/"
+# Ensure directories exist for all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ if [ ! -d "${target_dir}" ]; then
+ echo "Directory ${target_dir} does not exist."
+ exit 1
+ fi
+done
+
+# Ensure all "dir:*"-tagged mails are in proper directories,
+# remove all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ for f in $(notmuch search --output=files tag:"${tag}"); do
+ new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
+ target_path="${target_dir}${new_name}"
+ if [ ! "${target_path}" = "${f}" ]; then
+ echo "Moving ${f} to ${target_path}."
+ mv "${f}" "${target_path}"
+ fi
+ done
+ notmuch tag -"${tag}" tag:"${tag}"
+done
+
+# Remove all "deleted"-tagged files from maildirs.
+notmuch search --output=files tag:deleted | while read f; do
+ echo "Deleting ${f}"
+ rm "${f}"
+done
+
+# Sync changes back to server and update notmuch index.
+mbsync -a
+notmuch new
--- /dev/null
+# List of repos we want cloned in ~/public_repos
+config
+pingmail.git
+plomlombot-irc.git
+plomrogue
+plomrogue2-experiments
+plomvi.el
--- /dev/null
+# plomlompom's i3 status bar configuration
+
+# Activate colors; set update interval of one second.
+general {
+ colors = true
+ interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "disk /home/"
+order += "wireless wlp3s0"
+order += "ethernet enp0s25"
+order += "battery 0"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature 0"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+ format = "/: %avail available of %total"
+ separator_block_width = 25
+}
+
+# How much space is left in /home ?
+disk "/home/" {
+ format = "/home: %avail available of %total"
+ separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless wlp3s0 {
+ format_up = "w: (%quality at %essid) %ip"
+ format_down = "w: down"
+ separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet enp0s25 {
+ format_up = "e: %ip"
+ format_down = "e: down"
+ separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery 0 {
+ format = "b: %status %percentage %remaining"
+ separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+ format = "cpu: %usage"
+ separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+ format = "%1min %5min %15min"
+ separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature 0 {
+ format = "%degrees °C"
+ separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+ format = "%Y-%m-%d %H:%M:%S %z/%Z"
+ separator_block_width = 25
+}
+
+volume master {
+ format = "♪: %volume"
+ format_muted = "♪: muted (%volume)"
+ separator_block_width = 25
+}
--- /dev/null
+# plomlompom's i3 status bar configuration
+
+# It is important that this file is edited as UTF-8.
+# The following line should contain a sharp s:
+# ß
+
+# Activate colors; set update interval of one second.
+general {
+ colors = true
+ interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "wireless _first_"
+order += "ethernet _first_"
+order += "battery all"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature all"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+ format = "/: %avail available of %total"
+ separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless _first_ {
+ format_up = "w: (%quality at %essid) %ip"
+ format_down = "w: down"
+ separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet _first_ {
+ format_up = "e: %ip"
+ format_down = "e: down"
+ separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery all {
+ format = "b: %status %percentage %remaining"
+ separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+ format = "cpu: %usage"
+ separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+ format = "%1min %5min %15min"
+ separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature all {
+ format = "%degrees °C"
+ separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+ format = "%Y-%m-%d %H:%M:%S %z/%Z"
+ separator_block_width = 25
+}
+
+volume master {
+ format = "♪: %volume"
+ format_muted = "♪: muted (%volume)"
+ separator_block_width = 25
+}
--- /dev/null
+not quite blank
--- /dev/null
+#!/bin/sh
+blog_dir=~/blog
+export GIT_DIR=$(pwd)
+export GIT_WORK_TREE="$blog_dir"
+git checkout -f
+cd "$GIT_WORK_TREE"
+redo
+git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/*
+count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l)
+if [ "$count" != 0 ]; then
+ git add metadata/*.automatic_metadata
+fi
+status=$(git status -s)
+n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l)
+if [ "$n_updates" -gt 0 ]; then
+ git commit -a -m 'Update metadata'
+fi
--- /dev/null
+<!DOCTYPE html>
+<meta charset="UTF-8">
+<a href="blog">Zum Blog?</a>
--- /dev/null
+#!/bin/sh
+set -e
+
+# Repeatedly parse config file for GPG key and bot screen configs.
+path=~/.plomlombot
+db_dir="${HOME}/plomlombot_db"
+irclogs_dir=/var/www/html/irclogs
+irclogs_pw_dir=/var/www/irclogs_pw
+hostname_mod_epoch=$(stat -c%Y /etc/hostname)
+while true; do
+ if [ -f "${path}" ]; then
+ cat "${path}" | while read line; do
+ first_word=$(echo -n "${line}" | cut -d' ' -f1)
+
+ # Read "bot:" line, start bot screen session from it if not yet existing,
+ # set up irclogs dir if not yet existing.
+ if [ "${first_word}" = "bot:" ]; then
+ session_name=$(echo -n "${line}" | cut -d' ' -f2)
+ bot_name=$(echo -n "${line}" | cut -d' ' -f3)
+ channel_name=$(echo -n "${line}" | cut -d' ' -f4)
+ shortened_channel_name="${channel_name}"
+ first_char=$(echo -n "${channel_name}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-)
+ fi
+ server_name=$(echo -n "${line}" | cut -d' ' -f5)
+ login_user=$(echo -n "${line}" | cut -d' ' -f6)
+ login_pw=$(echo -n "${line}" | cut -d' ' -f7)
+ add_option=$(echo -n "${line}" | cut -d' ' -f8-)
+ set +e
+ screen -S "${session_name}" -Q select . > /dev/null
+ start_screen=$?
+ set -e
+ if [ "${start_screen}" -eq "1" ]; then
+ cd ~/plomlombot-irc
+ LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -u "${bot_name}" -s "${server_name}" -c "${channel_name}" ${add_option}
+ fi
+ md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1)
+ md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1)
+ logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs"
+ # FIXME: Note the trouble we will have if we have the same channel
+ # name on different servers …
+ ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}"
+ echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}"
+
+ # If "gpg_key" line, encrypt old raw logs to that GPG key.
+ elif [ "${first_word}" = "gpg_key" ]; then
+ key=$(echo -n "${line}" | cut -d' ' -f2)
+ mkdir -p ~/plomlombot_db
+ cd ~/plomlombot_db
+ # Dirty hack: To avoid trouble with GPG key expiration, fake
+ # system to something reasonbly old (younger than key creation,
+ # older than expiration) by taking the mod datetime of
+ # /etc/hostname, which should have last be changed when the
+ # system was set up.
+ find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
+ fi
+
+ done
+ sleep 1
+ fi
+done
--- /dev/null
+#!/bin/sh
+GIT_WORK_TREE=/home/plom/plomlombot-irc git checkout -f
--- /dev/null
+#!/bin/sh
+set -e
+set -x
+service microblogpub stop
+microblogdir=/home/plom/testing.microblog.pub
+cd "${microblogdir}"
+cp -r data/microblogpub.db data/microblogpub.db.bak.$(date +%a)
+su -lc "cd ${microblogdir} && poetry run inv prune-old-data" - plom
+service microblogpub start
+echo "last microblog pruning at $(date)" >> /home/plom/prune_log.txt
--- /dev/null
+{
+ "translations": {
+ "wrongCaptcha": "Captcha leider falsch.",
+ "invalidURL": "Falsch formatierte URL.",
+ "recordedURL": "URL aufgezeichnet (wird gesichtet und bei Angemessenheit dem Artikel angefügt): ",
+ "pleaseWait": "Zu viele Versuche von dieser IP. So viele Sekunden warten: "
+ },
+ "mailConfig": {
+ "to": "plom+url_catcher@plomlompom.com",
+ "from": "plom+url_catcher@plomlompom.com"
+ },
+ "slowdownReset": 3600
+}
--- /dev/null
+#!/bin/sh
+GIT_WORK_TREE=/var/www git checkout -f
--- /dev/null
+#!/bin/sh
+
+# Enforce ~/.weechatrc as sole persistent weechat config file.
+rm -rf ~/.weechat/
+WEECHATCONF=`tr '\n' ';' < ~/.weechatrc`
+weechat -r "$WEECHATCONF"
+rm -rf ~/.weechat/
--- /dev/null
+#!/bin/sh
+# Encrypt dated weechatlog files older than one day to GPG target defined in
+# ~/.encrypt_target
+set -e
+
+gpg_key=$(cat ~/.encrypt_target)
+cd ~/weechatlogs/irc/
+
+# Dirty hack: To avoid trouble with GPG key expiration, fake
+# system to something reasonbly old (younger than key creation,
+# older than expiration) by taking the mod datetime of
+# /etc/hostname, which should have last be changed when the
+# system was set up.
+hostname_mod_epoch=$(stat -c%Y /etc/hostname)
+find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
+
--- /dev/null
+/set logger.file.path ~/weechatlogs
+/set logger.file.flush_delay 0
+/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog"
+/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]"
+/set weechat.color.chat_nick_colors "lightcyan"
+/server add libera irc.libera.chat/6697 -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#plomlomtest -ssl
+/set irc.server.libera.sasl_mechanism PLAIN
+/set irc.server.libera.sasl_username FOO
+/set irc.server.libera.sasl_password BAR
+/connect libera
+/bar hide buflist
--- /dev/null
+#!/bin/sh
+ZETTELDIR=/home/plom/zettel
+GIT_WORK_TREE=$ZETTELDIR git checkout -f
+cd $ZETTELDIR
+redo
--- /dev/null
+#!/bin/sh
+# Copy files in argument-selected subdirectories of $1 to subdirectories
+# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
+# of "" and $3 of "all", copy files below etc_files/all such as
+# etc_files/all/etc/foo/bar to equivalent locations below / such as
+# /etc/foo/bar. Create directories as necessary. Multiple arguments after
+# $3 are possible.
+#
+# CAUTION: This removes original files at the affected paths.
+set -e
+
+if [ "$#" -lt 3 ]; then
+ echo 'Need arguments: source root, target root, modules.'
+ false
+fi
+source_root="$1"
+target_root="$2"
+shift 2
+
+for target_module in "$@"; do
+ mkdir -p "${source_root}/${target_module}"
+ cd "${source_root}/${target_module}"
+ for path in $(find . -type f); do
+ target_path="${target_root}"$(echo "${path}" | cut -c2-)
+ source_path=$(realpath "${path}")
+ dir=$(dirname "${target_path}")
+ mkdir -p "${dir}"
+ cp "${source_path}" "${target_path}"
+ done
+done
--- /dev/null
+#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
+# configured sshd_config file in misc.sh:$local_etc_server
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server)" "$@"
+server="$1"
+
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
+# This will be used to log-in as root from plom account.
+printf '\nFirst, enter the old root password; then enter new password three times.\n\n'
+ssh root@"${server}" 'printf "\n\n" && passwd'
+
+# Save root password for sshpass
+stty -echo
+printf "Re-enter new server root password: "
+read PW_ROOT
+stty echo
+printf "\n"
+export SSHPASS="${PW_ROOT}"
+
+# Create user plom, and his ~/.ssh/authorized_keys based on the local
+# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
+# ownerships. Then disable root and pw login by copying over the
+# sshd_config and restart ssh daemon.
+#
+# This could be a line or two shorter by using ssh-copy-id, but that
+# would require setting a password for user plom otherwise not needed.
+sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
+sshpass -e ssh root@"${server}" \
+ 'useradd -m plom && '\
+ 'mkdir /home/plom/.ssh && '\
+ 'chown plom:plom /home/plom/.ssh && '\
+ 'chown plom:plom /tmp/authorized_keys && '\
+ 'chmod u=rw,go= /tmp/authorized_keys && '\
+ 'mv /tmp/authorized_keys /home/plom/.ssh/'
+sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+sshpass -e ssh root@"${server}" 'service ssh restart'
--- /dev/null
+#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:$local_etc_server.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server)" "$@"
+server="$1"
+
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
+# So we're only asked once …
+eval $(ssh-agent)
+ssh-add
+
+# This will be used to log-in as root from plom account.
+printf '\nAsking for new root password.\n\n'
+ssh root@"${server}" 'printf "\n\n" && passwd'
+
+# Set up plom's ~/.ssh/authorized_keys from root's.
+ssh root@"${server}" 'useradd -m plom'
+ssh root@"${server}" 'mkdir /home/plom/.ssh'
+ssh root@"${server}" 'chown plom:plom /home/plom/.ssh'
+ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/'
+ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'
+
+# Set up SSH config and remove direct SSH login to root.
+scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
--- /dev/null
+#!/bin/sh
+# Walks through the package names in the argument-selected files of
+# apt-mark/ and ensures the respective packages are installed.
+#
+# Ignores anything in an apt-mark/ file after the last newline.
+set -e
+
+config_tree_prefix="${HOME}/config/bullseye"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ # TODO: continue if file at $path not found, to get rid of dummy files
+ cat "${path}" | while read line; do
+ echo "$line"
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
+ fi
+ done
+done
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 1 ]; then
+ echo 'Need old server IP.'
+ false
+fi
+old_server="$1"
+config_tree_prefix="${HOME}/config/bullseye"
+cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
+chown plom:plom /home/plom/prepare_to_meet_server.sh
+su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+read -p'Hit Enter when you are done.' ignore
+rm /home/plom/prepare_to_meet_server.sh
+cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
+rm /home/plom/mirror_dir.sh
--- /dev/null
+#!/bin/sh
+# Mirror directory tree from remote to local server, keeping the path.
+set -e
+
+if [ $# -lt 2 ]; then
+ echo "Need server and directory as arguments."
+ false
+fi
+server=$1
+dir=$2
+path_package=/tmp/delete.tar
+
+eval `ssh-agent`
+ssh-add
+cd
+ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
+scp plom@"${server}":"${path_package}" "${path_package}"
+mkdir -p "${dir}"
+cd "${dir}"
+tar xf "${path_package}"
+cd
+rm "${path_package}"
+ssh plom@"${server}" rm "${path_package}"
--- /dev/null
+#!/bin/sh
+#set -e
+config_tree_prefix="${HOME}/public_repos/config/bullseye"
--- /dev/null
+#!/bin/sh
+# Do some of the steps necessary to SSH (key-based) with another server.
+set -e
+
+if [ "$#" -ne 1 ]; then
+ echo 'Need server IP as argument.'
+ false
+fi
+target="$1"
+
+# We need a public key to copy over, so generate it if not found.
+if [ ! -f ~/.ssh/id_rsa.pub ]; then
+ ssh-keygen -N ""
+fi
+
+# Add target to ~/.ssh/known_hosts so we don't get
+# asked for permission at inopportune moments.
+ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
+
+# Tell user what to do.
+echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
+cat ~/.ssh/id_rsa.pub
--- /dev/null
+#!/bin/sh
+# This script removes all Debian packages that are not of Priority
+# "required" or not depended on by packages of priority "required"
+# or not listed in the argument-selected files of apt-mark/.
+set -e
+
+config_tree_prefix="${HOME}/config/bullseye"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ cat "${path}" | while read line; do
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ echo "${line}" >> /tmp/list_white_unsorted
+ fi
+ done
+done
+sort /tmp/list_white_unsorted > /tmp/list_white
+dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
+sort /tmp/list_all_packages > /tmp/foo
+mv /tmp/foo /tmp/list_all_packages
+comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
+apt-mark auto `cat /tmp/list_black`
+DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
+
+# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab.
+# TODO: Find out why.
+mount -a
--- /dev/null
+#!/bin/sh
+# Sets hostname and optionally FQDN.
+#
+# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
+# writing follows recommendations from Debian manual at
+# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
+# (section "The hostname resolution") on how to map hostname and possibly
+# FQDN to a permanent IP if present (we assume here any non-private IP
+# and non-loopback IP returned by hostname -I to fulfill that criterion
+# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
+# localhost and hostname mapping to different IPs, see
+# <https://unix.stackexchange.com/a/13087>.
+#
+# Ignores IPv6s.
+set -e
+
+hostname="$1"
+fqdn="$2"
+if [ "${hostname}" = "" ]; then
+ echo "Need hostname as argument."
+ false
+fi
+echo "${hostname}" > /etc/hostname
+hostname "${hostname}"
+
+final_ip="127.0.1.1"
+for ip in $(hostname -I); do
+ if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
+ continue
+ fi
+ range_1=$(echo "${ip}" | cut -d "." -f 1)
+ range_2=$(echo "${ip}" | cut -d "." -f 2)
+ if [ "${range_1}" -eq 127 ]; then
+ continue
+ elif [ "${range_1}" -eq 10 ]; then
+ continue
+ elif [ "${range_1}" -eq 172 ]; then
+ if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+ continue
+ fi
+ elif [ "${range_1}" -eq 192 ]; then
+ if [ "${range_2}" -eq 168 ]; then
+ continue
+ fi
+ fi
+ final_ip="${ip}"
+done
+
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
--- /dev/null
+#!/bin/sh
+set -e
+
+# Provide maximum input for set_hostname_and_fqdn.sh.
+if [ "$#" -lt 2 ]; then
+ echo 'Need at least two arguments (hostname, FQDN).'
+ false
+fi
+hostname="$1"
+fqdn="$2"
+shift 2
+
+config_tree_prefix="${HOME}/config/bullseye"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+
+# Adapt /etc/ to our needs by copying from ./etc_files. This will set
+# basic configurations affecting following steps, such as setup of APT
+# and the locale selection, so needs to be right at the beginning.
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
+
+# Set hostname and FQDN.
+./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
+
+# Ensure package installation state as defined by what packages are
+# defined as required by Debian policy and by settings in ./apt-mark/.
+apt update
+./install_for_target.sh all "$@"
+./purge_nonrequireds.sh all "$@"
+
+# Ensure our desired locale is available.
+locale-gen
+
+# Only upgrade after reducing the system to the desired minimum, so that
+# we don't need to get more data than necessary.
+apt -y dist-upgrade
+
+# Set Berlin localtime.
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
--- /dev/null
+#!/bin/sh
+set -e
+
+# Set up system without user environment.
+config_tree_prefix="${HOME}/config/bullseye"
+
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" daily_reboot
+systemctl enable reboot.timer
+systemctl start reboot.timer
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 1 ]; then
+ echo 'Need exactly one argument (system name).'
+ false
+fi
+if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then
+ echo "Need legal system name."
+ false
+fi
+system_name="$1"
+
+# Set up system without user environment.
+config_tree_prefix="${HOME}/config/bullseye"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then
+ ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
+else
+ ./setup.sh "${system_name}" "" user desktop "${system_name}"
+fi
+
+# # Set up printer.
+# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb"
+# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
+# dpkg --add-architecture i386
+# apt update
+# apt install -y "./${ppd_deb}"
+# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
+# # service cups restart
+# rm "./${ppd_deb}"
+# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
+
+# Set up user environments.
+secrets_dev="sdb"
+source_dir_secrets="/media/${secrets_dev}/to_usb"
+target_dir_secrets="/home/plom/tmp_secrets"
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
+set +e
+HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?)
+set -e
+adduser --disabled-password --gecos "" plom
+usermod -a -G sudo plom
+passwd plom
+if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then
+ echo "Put secrets drive into slot for /dev/${secrets_dev}."
+ while [ ! -e /dev/"${secrets_dev}" ]; do
+ sleep 1
+ done
+ stty -echo
+ printf "Secrets passphrase: "
+ read secrets_pass
+ stty echo
+ echo "" # newline so user knows their input return was accepted
+ echo "${secrets_pass}" | pmount /dev/"${secrets_dev}"
+ cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+ chown -R plom:plom "${target_dir_secrets}"
+ pumount "${secrets_dev}"
+ echo "You can remove /dev/${secrets_dev} now."
+ cp setup_home.sh /home/plom
+ chown plom:plom /home/plom/setup_home.sh
+ SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom
+fi
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 4 ]; then
+ echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).'
+ false
+fi
+if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then
+ echo "Need legal repo source name."
+ false
+fi
+domain="$1"
+mail="$2"
+old_server="$3"
+repos_source="$4"
+
+read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore
+
+# Install configs, set up firewall.
+echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
+echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
+config_tree_prefix="${HOME}/config/bullseye"
+./install_for_target.sh web dumpsite
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Set up connection to old dump server.
+cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
+chown plom:plom /home/plom/prepare_to_meet_server.sh
+su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+read -p'Hit Enter when you are done.' ignore
+rm /home/plom/prepare_to_meet_server.sh
+
+# Set up dump dirs.
+mkdir /var/www-dump
+chown plom:plom /var/www-dump
+dump_dir=dump
+geheim_dir=geheim
+su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom
+su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom
+cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom
+su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom
+su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom
+mv /home/plom/password_geheim /var/www-dump/password_geheim
+rm /home/plom/mirror_dir.sh
+
+# Set up redo.
+wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz
+tar -moxzf redo-sh.tar.gz -C /usr/local
+
+# Set up zettel.
+su -lc "git clone --mirror ${old_server}:zettel.git" plom
+cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive
+su -lc "git clone ~/zettel.git && cd zettel && redo" plom
+su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom
+# NOTE: Locally, to update content, clone zettel.git, not zettel.
+
+# Set up redo blog.
+su -lc "git clone --mirror ${old_server}:blog.git" plom
+cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive
+su -lc "git clone ~/blog.git" plom
+# TODO: set up like plomlombot repo (with post-recieve hook)?
+if [ "$repos_source" = "local"]; then
+ su -lc "git clone /var/repos/redo-blog" plom
+else
+ su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom
+fi
+su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom
+su -lc "cd blog && redo" plom
+su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom
+# NOTE: Locally, to update content, clone blog.git, not blog.
+
+# Set up url catcher.
+# TODO: set up like plomlombot repo (with post-recieve hook)?
+if [ "$repos_source" = "local" ]; then
+ su -lc "git clone /var/repos/url-catcher" plom
+else
+ su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom
+fi
+su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom
+cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json
+systemctl enable url_catcher.service
+service url_catcher start
+cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom
+su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom
+rm /home/plom/mirror_dir.sh
+
+# Set up index.html
+cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html
+
+# Prepare NGINX.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx
+ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx
+
+service nginx restart
--- /dev/null
+#!/bin/sh
+set -e
+
+# Set up system without user environment.
+config_tree_prefix="${HOME}/config/bullseye"
+
+# Install Firefox directly from Mozilla.
+firefox_release="91.5.1esr"
+firefox_filename="firefox-${firefox_release}.tar.bz2"
+url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
+wget "${url_firefox}"
+mv "${firefox_filename}" /opt/
+cd /opt/
+tar xf "${firefox_filename}"
+rm "${firefox_filename}"
+ln -f -s /opt/firefox/firefox /usr/local/bin/
+update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
+update-alternatives --set x-www-browser /opt/firefox/firefox
+
+# as default new tab content for tridactyl
+cp "${config_tree_prefix}/other_files/blank.html" /opt/firefox/
+
+echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source."
+
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 1 ]; then
+ echo 'Need exactly one argument (system name).'
+ false
+fi
+if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then
+ echo "Need legal system name."
+ false
+fi
+system_name="$1"
+
+public_repos_dir="${HOME}/public_repos"
+config_tree_prefix="${public_repos_dir}/config/bullseye"
+path_borgscript="${config_tree_prefix}//borg.sh"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+repos_list_file="${public_repos_dir}/repos"
+dir_secrets="${HOME}/tmp_secrets"
+borgkeys_dir=~/.config/borg/keys
+borgrepos_file=~/.borgrepos
+ssh_dir=~/.ssh
+authinfo_file=.authinfo
+maildir=~/mail/maildir
+
+ensure_repo() {
+ repo_name="${1}"
+ if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+ cd "${public_repos_dir}"
+ git clone plom@plomlompom.com:/var/repos/${repo_name}
+ fi
+}
+
+# Set up iniitial non-public parts of infrastructure: SSH authentication.
+cd "${dir_secrets}"
+mkdir -p "${ssh_dir}"
+echo "Setting up .ssh"
+cp id_rsa ~/.ssh
+stty -echo
+ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+stty echo
+eval $(ssh-agent)
+ssh-add
+ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+
+# Clone config to copy dotfiles etc. from it.
+cd
+mkdir -p "${public_repos_dir}"
+ensure_repo config
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
+
+# # Set up native messenger for tridactyl.
+# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
+# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
+
+# Set up further non-public parts of infrastructure.
+cd "${dir_secrets}"
+script -c 'gpg --import secret_keys.asc' /dev/null
+tar xf borg_keyfiles.tar
+mkdir -p "${borgkeys_dir}"
+mv borg_keyfiles/* "${borgkeys_dir}"
+# .authinfo may not be present on every secrets drive yet
+if [ -f "${authinfo_file}" ]; then
+ cp "${authinfo_file}" ~
+fi
+cd
+rm -rf "${dir_secrets}"
+
+# Sync org dir via borgbackup. For this we need the borgbackup servers
+# in our .ssh/known_hosts file.
+cat "${borgrepos_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ server=$(echo "${line}" | sed 's/.*@//')
+ ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+done
+BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+
+# Fill ~/public_repos.
+cat "${repos_list_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ ensure_repo "${line}"
+done
+
+# Set up e-mail system. Note that we only do mbsync if the imap pass file
+# is found. It may not be present on every secrets drive yet, so we have to
+# deal with the possibility of it being absent at this point.
+mkdir -p "${maildir}" # expected by mbsync/isync
+if [ -f "${HOME}/${authinfo_file}" ]; then
+ mbsync -a
+ notmuch new
+fi
+
+# # Final note on how to integrate tridactyl.
+# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
--- /dev/null
+#!/bin/sh
+set -e
+set -x
+
+if [ "$#" -ne 2 ]; then
+ echo 'Need domain name and mail.'
+ false
+fi
+domain="$1"
+mail="$2"
+
+# Install configs, set up firewall.
+config_tree_prefix="${HOME}/config/bullseye"
+./install_for_target.sh web microblogpub
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web microblogpub
+apt update # since we just updated /etc/apt/sources.list
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Install Python >=3.10 from source (Bullseye only has 3.9).
+python_version=3.11.1
+python_dirname="Python-${python_version}"
+su -lc "wget https://www.python.org/ftp/python/${python_version}/${python_dirname}.tgz" plom
+su -lc "tar -xvf ${python_dirname}.tgz" plom
+su -lc "cd /home/plom/${python_dirname} && ./configure --enable-optimizations && make"
+cd /home/plom/${python_dirname}/
+make altinstall
+cd
+rm -rf /home/plom/${python_dirname}
+
+# Configure/install Poetry and microblog.pub.
+su -lc "curl -sSL https://install.python-poetry.org | python3.11" - plom
+su -lc "git clone https://git.sr.ht/~tsileo/microblog.pub testing.microblog.pub" - plom
+su -lc "poetry config installer.parallel false" - plom
+su -lc "cd testing.microblog.pub && poetry install" - plom
+su -lPc "cd testing.microblog.pub && poetry run inv configuration-wizard" - plom
+su -lPc "cd testing.microblog.pub && poetry run inv migrate-db" - plom
+
+# Set up microblog.pub daemon service.
+venv_dir_path=$( su -lPc "cd testing.microblog.pub && poetry env info --path" - plom)
+venv_dir=$(basename ${venv_dir_path})
+sed -i "s/REPLACE_venv_dir_ECALPER/${venv_dir}/g" /etc/systemd/system/microblogpub.service
+systemctl enable microblogpub.service
+service microblogpub start
+
+# Prepare and start NGINX config.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/microblogpub.nginx
+ln -s /etc/nginx/sites-available/microblogpub.nginx /etc/nginx/sites-enabled/microblogpub.nginx
+service nginx restart
+
+# Setup regular DB pruning
+cp "${config_tree_prefix}/other_files/prune_microblog.sh" /home/plom/
+systemctl enable microblogpub_prune.timer
+systemctl start microblogpub_prune.timer
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -lt 1 ]; then
+ echo "Need public key ID and optionally old server IP."
+ false
+fi
+gpg_key="$1"
+old_server="$2"
+
+config_tree_prefix="${HOME}/config/bullseye"
+./install_for_target.sh play
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play
+cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc
+cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/
+cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/
+chown plom:plom /home/plom/*weechat*
+chown plom:plom /home/plom/.weechatrc
+echo "${gpg_key}" > /home/plom/.encrypt_target
+chown plom:plom /home/plom/.encrypt_target
+
+# TODO refactor with setup_website.sh
+# Add encryption key.
+keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es'
+set +e
+while true; do
+ do_break=0
+ for keyserver in $(echo "${keyservers}"); do
+ su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
+ if [ $? -eq "0" ]; then
+ do_break=1
+ break
+ fi
+ echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
+ done
+ if [ "${do_break}" -eq "1" ]; then
+ break
+ fi
+done
+set -e
+
+if [ "${old_server}" != "" ]; then
+ cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
+ su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+ read -p'Hit Enter when you are done.' ignore
+ rm /home/plom/prepare_to_meet_server.sh
+ su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom
+ su -lc "scp plom@${old_server}:.weechatrc ~" plom
+ cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+ su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom
+ rm /home/plom/mirror_dir.sh
+fi
+
+systemctl enable --now encrypt_chatlogs.timer
--- /dev/null
+#!/bin/sh
+# Next setup steps for a server whose login policy has just been set from
+# the outside via ./init_user_and_keybased_login.sh.
+set -e
+
+# Provide maximum input for set_hostname_and_fqdn.sh.
+if [ "$#" -lt 2 ]; then
+ echo 'Need exactly two arguments (hostname, FQDN).'
+ false
+fi
+hostname="$1"
+fqdn="$2"
+additional_arg="$3"
+
+# Set up system without user environment.
+config_tree_prefix="${HOME}/config/bullseye"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+./setup.sh "${hostname}" "${fqdn}" server "${additional_arg}"
+
+# If we have not yet set the shell for user plom, ensure it here. This
+# is mostly for convenience.
+usermod -s /bin/bash plom
+
+# Enable firewall.
+systemctl enable nftables.service
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 4 ] && [ "$#" -ne 5 ]; then
+ echo 'Need domain name and mail and key ID and init state and possibly old server IP as argument.'
+ false
+fi
+if [ ! "$4" = "copy" ] && [ ! "$4" = "new" ]; then
+ echo "Need init state to be either 'copy' or 'new'."
+ false
+fi
+if [ ! "$4" = "new" ] && [ "$#" -ne 5 ]; then
+ echo "With init state != 'new' need fifth argument old server IP."
+ false
+fi
+domain="$1"
+mail="$2"
+gpg_key="$3"
+init_state="$4"
+old_server="$5"
+
+# Install configs, set up firewall.
+config_tree_prefix="${HOME}/config/bullseye"
+./install_for_target.sh web website
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Set up connection to old server.
+if [ ! "${init_state}" = "new" ]; then
+ cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
+ chown plom:plom /home/plom/prepare_to_meet_server.sh
+ su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+ read -p'Hit Enter when you are done.' ignore
+ rm /home/plom/prepare_to_meet_server.sh
+fi
+
+# Set up repos dir.
+# To use this dir, "git clone --mirror" repo source paths into it as user plom.
+# As user plom, touch git-daemon-export-ok files into it to make the repo
+# publically available.
+if [ "${init_state}" = "new" ]; then
+ mkdir /var/repos
+ chown plom:plom /var/repos
+else
+ cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+ chmod a+w /var
+ if [ "${init_state}" = "copy" ]; then
+ su -lc "./mirror_dir.sh ${old_server} /var/repos" plom
+ else
+ su -lc "./mirror_dir.sh ${old_server} /var/public_repos" plom
+ fi
+ chmod a-w /var
+ rm /home/plom/mirror_dir.sh
+fi
+
+# Prepare NGINX and GitWeb config.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx
+ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx
+
+# Set up website. TODO: use non-/var/www dir for better separation to dump site
+rm -rf /var/www
+mkdir /var/www
+chown plom:plom /var/www
+if [ "${init_state}" = "new" ]; then
+ su -lc "cd /var/repos && git init --bare website.git" plom
+fi
+cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive
+su -lc 'cd /var/www && git clone /var/repos/website.git .' plom
+
+# Add encryption key.
+keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es'
+set +e
+while true; do
+ do_break=0
+ for keyserver in $(echo "${keyservers}"); do
+ su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
+ if [ $? -eq "0" ]; then
+ do_break=1
+ break
+ fi
+ echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
+ done
+ if [ "${do_break}" -eq "1" ]; then
+ break
+ fi
+done
+set -e
+
+# Set up plomlombot.
+irclogs_dir=/var/www/html/irclogs
+irclogs_pw_dir=/var/www/irclogs_pw
+mkdir -p "${irclogs_dir}"
+chown -R plom:plom "${irclogs_dir}"
+mkdir -p "${irclogs_pw_dir}"
+chown -R plom:plom "${irclogs_pw_dir}"
+if [ "${init_state}" = "new" ]; then
+ # TODO investigate whether we can get rid of anything here
+ # Handle the case that the repo is in the old pre-buster server setup –
+ # even then, the URL should be the same.
+ su -lc "cd /var/repos && git clone --mirror https://plomlompom.com/repos/clone/plomlombot-irc" plom
+ su -lc "touch /var/repos/plomlombot-irc.git/git-daemon-export-ok" plom
+ cp "${config_tree_prefix}/other_files/plomlombot_hook_post-receive" /var/repos/plomlombot-irc.git/hooks/post-receive
+fi
+su -lc "git clone /var/repos/plomlombot-irc.git" plom
+cp "${config_tree_prefix}/other_files/plomlombot_daemon.sh" /home/plom/
+chown plom:plom /home/plom/plomlombot_daemon.sh
+if [ "${init_state}" = "new" ]; then
+ echo 'bot: plomlombog plomlombog #plomlomtest irc.freenode.net foo bar' >> /home/plom/.plomlombot
+ chown plom:plom /home/plom/.plomlombot
+else
+ cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+ su -lc "./mirror_dir.sh ${old_server} /home/plom/plomlombot_db" plom
+ rm /home/plom/mirror_dir.sh
+ su -lc "scp plom@${old_server}:.plomlombot ~" plom
+ # TODO su -lc "ssh plom@${old_server} \"su -lc 'service plomlombot stop'\"" plom
+fi
+# TODO systemctl enable plomlombot.service
+# TODO service plomlombot start
+
+# Set up guiltcards.
+su -lc "git clone /var/repos/guiltcards" plom
+cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/guiltcards/decks" plom
+rm /home/plom/mirror_dir.sh
+
+# In the above step, we might have created a root-owned /var/www/html –
+# fix this here.
+chown -R plom:plom /var/www/html
+
+# TODO:
+# - rename /home/plom/public_repos to /home/plom/repos
+
+service nginx restart
+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
-# extremely useful for basic network debugging; missed these more than once in an emergency
-netcat
-iputils-ping
+++ /dev/null
-# so that grub learns about kernel updates
-grub-pc
+++ /dev/null
-wget
-# for blog and zettel
-pandoc
-# for blog
-html2text
-uuid-runtime
-python3
-# for url_catcher daemon
-python3-venv
-build-essential
-python3-dev
-screen
-postfix
+++ /dev/null
-# for wifi
-firmware-ralink
-#
+++ /dev/null
-# smtp server
-postfix
-# opendkim
-opendkim
-opendkim-tools
-# for pingmail
-mailutils
-# ssl
-certbot
-# IMAPS
-pwgen
-dovecot-imapd
-# sieve filtering
-dovecot-lmtpd
-dovecot-sieve
-# to funnel mail from additional server
-fetchmail
+++ /dev/null
-# because it contains ifconfig
-net-tools
+++ /dev/null
-ffmpeg
-postgresql
-postgresql-contrib
-openssl
-redis-server
-python-dev
-# only needed for setup
-g++
-make
-git
-curl
-unzip
-libncurses5
-pwgen
-wget
+++ /dev/null
-weechat
-screen
-gnupg
-dirmngr
+++ /dev/null
-# Pleroma DB
-postgresql
-postgresql-contrib
-# only needed for setup
-pwgen
+++ /dev/null
-# only needed for setup
-curl
-unzip
-libncurses5
+++ /dev/null
-# only needed for setup
-build-essential
-wget
-gnupg
+++ /dev/null
-# needed for rtorrent config setup
-curl
-# needed for torrenting
-rtorrent
-# needed for torrenting session
-screen
-# needed for upload/download
-rsync
+++ /dev/null
-# so we can login at all …
-openssh-server
-# firewalling
-nftables
-# We want to be able to use ALL our servers as borg backup destinations.
-borgbackup
+++ /dev/null
-# for wifi
-firmware-iwlwifi
-# for tlp
-tlp
-tp-smapi-dkms
-linux-headers-amd64
-#
+++ /dev/null
-# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
-cryptsetup-initramfs
-lvm2
-# this provides setupcon which reads /etc/default/console-setup
-console-setup
-# without this, systemd-logind won't run, and so not detect lid close for hibernation
-dbus
-# for wifi
-wicd-curses
-wicd-gtk
-# for X to start at all
-xserver-xorg-video-intel
-# X input: keyboard and touchpad
-xserver-xorg-input-evdev
-xserver-xorg-input-synaptics
-# for startx
-xinit
-# for xrdb
-x11-xserver-utils
-# for startx to run for non-root user
-libpam-systemd
-# window environment
-i3
-i3status
-suckless-tools
-xterm
-# to get sleepy at night
-redshift
-# for alsamixer
-alsa-utils
-# for xterm and browser unicode display
-ttf-unifont
-# also useful
-vim
-sudo
-less
-man-db
-manpages
-procps
-# firefox dependencies
-libdbus-glib-1-2
-libgtk-3-0
-# firefox installation dependencies (remove later?)
-curl
-python3
-bzip2
-wget
-jq
-unzip
-# to mount encrypted USB stick and use its contents
-pmount
-cryptsetup
-openssh-client
-# for syncing
-borgbackup
-# emacs
-emacs25
-emacs-common-non-dfsg
-emacs-el
-elpa-ledger
-ledger
-elpa-elfeed
-# mail setup
-isync
-notmuch
-elpa-notmuch
-pinentry-gtk2
-# to mount Android phone
-go-mtpfs
-# to use HP Deskjet F380 scanner from GIMP
-sane-utils
-libsane-hpaio
-xsane
-# to use HP Deskjet F380 printer
-cups
-hplip
-#
+++ /dev/null
-nginx-light
-# for SSL
-certbot
-python3-certbot-nginx
+++ /dev/null
-# for gitweb
-gitweb
-fcgiwrap
-# for plomlombot
-gnupg
-dirmngr
-python3-venv
-screen
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://deb.debian.org/debian buster main contrib non-free
-deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
-deb http://deb.debian.org/debian buster-updates main contrib non-free
-deb http://ftp.debian.org/debian buster-backports main contrib non-free
+++ /dev/null
-LANG="en_US.UTF-8"
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www-dump/;
-
- location /dump/ {
- autoindex on;
- }
-
- location /geheim/ {
- auth_basic "geheim geheim";
- auth_basic_user_file /var/www-dump/password_geheim;
- autoindex on;
- }
-
- location /zettel/ {
- # rewrite non-suffixed filenames to .html ones
- rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html;
- autoindex on;
- }
-
- location /uwsgi/ {
- include uwsgi_params;
- uwsgi_pass 127.0.0.1:3031;
- }
-}
+++ /dev/null
-[Unit]
-Description=url_catcher screen
-
-[Service]
-Type=forking
-User=plom
-# The LC_ALL fixes submission failing on some articles.
-ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh'
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-# This file is part of systemd.
-#
-# See logind.conf(5) for details.
-
-[Login]
-# Note that with the standard Buster kernel this won't work due to
-# <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919227>.
-HandleLidSwitch=hibernate
+++ /dev/null
-# /etc/aliases
-# maps whom what is sent to
-
-# As per RFC 2142.
-mailer-daemon: plom
-postmaster: plom
-hostmaster: plom
-usenet: plom
-news: plom
-webmaster: plom
-www: plom
-ftp: plom
-abuse: plom
-noc: plom
-security: plom
-root: plom
-
-# Personal aliases.
-plomlompom: plom
-christian.heller: plom
-christian_heller: plom
-christianheller: plom
-c.heller: plom
-heller: plom
+++ /dev/null
-# This is only necessary when we use dovecot's LMTP mechanism to receive
-# mail from postfix.
-auth_username_format = %Ln
-
-# Add sieve filtering.
-protocol lmtp {
- mail_plugins = $mail_plugins sieve
-}
-
-# We don't strictly need to provide a LMTP server to fetch mail from
-# postfix, but we do if we want to do sophisticated stuff like sieve
-# filtering on the way.
-service lmtp {
- inet_listener lmtp {
- address = 127.0.0.1
- port = 2424
- }
-}
+++ /dev/null
-service auth {
- unix_listener auth-userdb {
- }
-
- unix_listener /var/spool/postfix/private/auth {
- mode = 0660
- user = postfix
- group = postfix
- }
-}
+++ /dev/null
-# mailutils by default uses the FQDN as the mail domain name, fix this
-address {
- email-domain REPLACE_maildomain_ECALPER;
-};
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- tcp dport 25 accept comment "accept SMTP (allowing for STARTTLS); necessary for mail server to mail server banter, i.e. for receiving mails"
- tcp dport 80 accept comment "accept HTTP; necessary for Certbot HTTP challenge"
- tcp dport 465 accept comment "accept SMTPS; for mail user agent to mail server, i.e. for sending mails"
- tcp dport 993 accept comment "accept IMAPS; for reading/downloading mails"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
+++ /dev/null
-[Unit]
-Description=Run plom's fetchmail
-
-[Service]
-Type=oneshot
-User=plom
-# fetchmail returns 1 when no new mail, we want to catch that
-ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]'
+++ /dev/null
-[Unit]
-Description=Run fetchmail once every minute
-
-[Timer]
-OnCalendar=minutely
-
-[Install]
-WantedBy=timers.target
+++ /dev/null
-[Unit]
-Description=Run pingmail check
-
-[Service]
-Type=oneshot
-User=plom
-ExecStart=/bin/sh -c '~/pingmail/pingmail check'
+++ /dev/null
-[Unit]
-Description=Run pingmail check once every hour
-
-[Timer]
-OnCalendar=*-*-* *:00:00
-
-[Install]
-WantedBy=timers.target
+++ /dev/null
-deb http://deb.debian.org/debian stretch main contrib non-free
-deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free
-deb http://deb.debian.org/debian stretch-updates main contrib non-free
-deb http://ftp.debian.org/debian stretch-backports main contrib non-free
+++ /dev/null
-[Unit]
-Description=Attempt encryption of old chat logs
-[Service]
-Type=oneshot
-User=plom
-ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh'
+++ /dev/null
-[Unit]
-Description=Attempt encryption of old chatlogs once every minute.
-
-[Timer]
-OnCalendar=*-*-* *:*:00
-
-[Install]
-WantedBy=timers.target
\ No newline at end of file
+++ /dev/null
-<div style="margin: 1em;">
- <p>Privacy: Visitor IP addresses are anonymized in the logs.</p>
- <p>Contact: See <a href="https://plomlompom.com/contact.html">plomlompom.com contact page</a>.</p>
-</div>
+++ /dev/null
-User-agent: *
-Disallow:
+++ /dev/null
-This is <a href="https://plomlompom.com">plomlompom</a>'s personal single-user Pleroma instance.
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
+++ /dev/null
-# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin yes
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
-
-ClientAliveInterval 120
-PasswordAuthentication no # plomlompom's security rule
+++ /dev/null
-# ------------------------------------------------------------------------------
-# tlp - Parameters for power saving
-# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html
-
-# Hint: some features are disabled by default, remove the leading # to enable
-# them.
-
-# Set to 0 to disable, 1 to enable TLP.
-TLP_ENABLE=1
-
-# Operation mode when no power supply can be detected: AC, BAT.
-# Concerns some desktop and embedded hardware only.
-TLP_DEFAULT_MODE=AC
-
-# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE
-# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC.
-TLP_PERSISTENT_DEFAULT=0
-
-# Seconds laptop mode has to wait after the disk goes idle before doing a sync.
-# Non-zero value enables, zero disables laptop mode.
-DISK_IDLE_SECS_ON_AC=0
-DISK_IDLE_SECS_ON_BAT=2
-
-# Dirty page values (timeouts in secs).
-MAX_LOST_WORK_SECS_ON_AC=15
-MAX_LOST_WORK_SECS_ON_BAT=60
-
-# Hint: CPU parameters below are disabled by default, remove the leading #
-# to enable them, otherwise kernel default values are used.
-
-# Select a CPU frequency scaling governor.
-# Intel Core i processor with intel_pstate driver:
-# powersave(*), performance.
-# Older hardware with acpi-cpufreq driver:
-# ondemand(*), powersave, performance, conservative, schedutil.
-# (*) is recommended.
-# Hint: use tlp-stat -p to show the active driver and available governors.
-# Important:
-# powersave for intel_pstate and ondemand for acpi-cpufreq are power
-# efficient for *almost all* workloads and therefore kernel and most
-# distributions have chosen them as defaults. If you still want to change,
-# you should know what you're doing! You *must* disable your distribution's
-# governor settings or conflicts will occur.
-#CPU_SCALING_GOVERNOR_ON_AC=powersave
-#CPU_SCALING_GOVERNOR_ON_BAT=powersave
-
-# Set the min/max frequency available for the scaling governor.
-# Possible values strongly depend on your CPU. For available frequencies see
-# the output of tlp-stat -p.
-#CPU_SCALING_MIN_FREQ_ON_AC=0
-#CPU_SCALING_MAX_FREQ_ON_AC=0
-#CPU_SCALING_MIN_FREQ_ON_BAT=0
-#CPU_SCALING_MAX_FREQ_ON_BAT=0
-
-# Set energy performance hints (HWP) for Intel P-state governor:
-# performance, balance_performance, default, balance_power, power
-# Values are given in order of increasing power saving.
-# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required.
-CPU_HWP_ON_AC=balance_performance
-CPU_HWP_ON_BAT=balance_power
-
-# Set Intel P-state performance: 0..100 (%).
-# Limit the max/min P-state to control the power dissipation of the CPU.
-# Values are stated as a percentage of the available performance.
-# Requires an Intel Core i processor with intel_pstate driver.
-#CPU_MIN_PERF_ON_AC=0
-#CPU_MAX_PERF_ON_AC=100
-#CPU_MIN_PERF_ON_BAT=0
-#CPU_MAX_PERF_ON_BAT=30
-
-# Set the CPU "turbo boost" feature: 0=disable, 1=allow
-# Requires an Intel Core i processor.
-# Important:
-# - This may conflict with your distribution's governor settings
-# - A value of 1 does *not* activate boosting, it just allows it
-#CPU_BOOST_ON_AC=1
-#CPU_BOOST_ON_BAT=0
-
-# Minimize number of used CPU cores/hyper-threads under light load conditions:
-# 0=disable, 1=enable.
-SCHED_POWERSAVE_ON_AC=0
-SCHED_POWERSAVE_ON_BAT=1
-
-# Kernel NMI Watchdog:
-# 0=disable (default, saves power), 1=enable (for kernel debugging only).
-NMI_WATCHDOG=0
-
-# Change CPU voltages aka "undervolting" - Kernel with PHC patch required.
-# Frequency voltage pairs are written to:
-# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls
-# CAUTION: only use this, if you thoroughly understand what you are doing!
-#PHC_CONTROLS="F:V F:V F:V F:V"
-
-# Set CPU performance versus energy savings policy:
-# performance, balance-performance, default, balance-power, power.
-# Values are given in order of increasing power saving.
-# Requires kernel module msr and x86_energy_perf_policy from linux-tools.
-ENERGY_PERF_POLICY_ON_AC=performance
-ENERGY_PERF_POLICY_ON_BAT=power
-
-# Disk devices; separate multiple devices with spaces (default: sda).
-# Devices can be specified by disk ID also (lookup with: tlp diskid).
-DISK_DEVICES="sda sdb"
-
-# Disk advanced power management level: 1..254, 255 (max saving, min, off).
-# Levels 1..127 may spin down the disk; 255 allowable on most drives.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-DISK_APM_LEVEL_ON_AC="254 254"
-DISK_APM_LEVEL_ON_BAT="128 128"
-
-# Hard disk spin down timeout:
-# 0: spin down disabled
-# 1..240: timeouts from 5s to 20min (in units of 5s)
-# 241..251: timeouts from 30min to 5.5 hours (in units of 30min)
-# See 'man hdparm' for details.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0"
-#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0"
-
-# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq).
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the kernel default scheduler for the particular disk.
-#DISK_IOSCHED="cfq cfq"
-
-# AHCI link power management (ALPM) for disk devices:
-# min_power, med_power_with_dipm(*), medium_power, max_performance.
-# (*) Kernel >= 4.15 required, then recommended.
-# Multiple values separated with spaces are tried sequentially until success.
-SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance"
-SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power"
-
-# Exclude host devices from AHCI link power management.
-# Separate multiple hosts with spaces.
-#SATA_LINKPWR_BLACKLIST="host1"
-
-# Runtime Power Management for AHCI host and disks devices:
-# on=disable, auto=enable.
-# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss.
-#AHCI_RUNTIME_PM_ON_AC=on
-#AHCI_RUNTIME_PM_ON_BAT=on
-
-# Seconds of inactivity before disk is suspended.
-AHCI_RUNTIME_PM_TIMEOUT=15
-
-# PCI Express Active State Power Management (PCIe ASPM):
-# default, performance, powersave.
-PCIE_ASPM_ON_AC=performance
-PCIE_ASPM_ON_BAT=powersave
-
-# Radeon graphics clock speed (profile method): low, mid, high, auto, default;
-# auto = mid on BAT, high on AC; default = use hardware defaults.
-RADEON_POWER_PROFILE_ON_AC=high
-RADEON_POWER_PROFILE_ON_BAT=low
-
-# Radeon dynamic power management method (DPM): battery, performance.
-RADEON_DPM_STATE_ON_AC=performance
-RADEON_DPM_STATE_ON_BAT=battery
-
-# Radeon DPM performance level: auto, low, high; auto is recommended.
-RADEON_DPM_PERF_LEVEL_ON_AC=auto
-RADEON_DPM_PERF_LEVEL_ON_BAT=auto
-
-# WiFi power saving mode: on=enable, off=disable; not supported by all adapters.
-WIFI_PWR_ON_AC=off
-WIFI_PWR_ON_BAT=on
-
-# Disable wake on LAN: Y/N.
-WOL_DISABLE=Y
-
-# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
-# A value of 0 disables, >=1 enables power saving (recommended: 1).
-SOUND_POWER_SAVE_ON_AC=0
-SOUND_POWER_SAVE_ON_BAT=1
-
-# Disable controller too (HDA only): Y/N.
-SOUND_POWER_SAVE_CONTROLLER=Y
-
-# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable.
-# Drive can be powered on again by releasing (and reinserting) the eject lever
-# or by pressing the disc eject button on newer models.
-# Note: an UltraBay/MediaBay hard disk is never powered off.
-BAY_POWEROFF_ON_AC=0
-BAY_POWEROFF_ON_BAT=0
-# Optical drive device to power off (default sr0).
-BAY_DEVICE="sr0"
-
-# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable.
-RUNTIME_PM_ON_AC=on
-RUNTIME_PM_ON_BAT=auto
-
-# Exclude PCI(e) device adresses the following list from Runtime PM
-# (separate with spaces). Use lspci to get the adresses (1st column).
-#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6"
-
-# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM.
-# Default when unconfigured is "amdgpu nouveau nvidia radeon" which
-# prevents accidential power-on of dGPU in hybrid graphics setups.
-# Use "" to disable the feature completely.
-# Separate multiple drivers with spaces.
-#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon"
-
-# Set to 0 to disable, 1 to enable USB autosuspend feature.
-USB_AUTOSUSPEND=1
-
-# Exclude listed devices from USB autosuspend (separate with spaces).
-# Use lsusb to get the ids.
-# Note: input devices (usbhid) are excluded automatically
-#USB_BLACKLIST="1111:2222 3333:4444"
-
-# Bluetooth devices are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude.
-USB_BLACKLIST_BTUSB=0
-
-# Phone devices are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude (enable charging).
-USB_BLACKLIST_PHONE=0
-
-# Printers are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude.
-USB_BLACKLIST_PRINTER=1
-
-# WWAN devices are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude.
-USB_BLACKLIST_WWAN=1
-
-# Include listed devices into USB autosuspend even if already excluded
-# by the blacklists above (separate with spaces).
-# Use lsusb to get the ids.
-#USB_WHITELIST="1111:2222 3333:4444"
-
-# Set to 1 to disable autosuspend before shutdown, 0 to do nothing
-# (workaround for USB devices that cause shutdown problems).
-#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
-
-# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown
-# on system startup: 0=disable, 1=enable.
-# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below
-# are ignored when this is enabled!
-RESTORE_DEVICE_STATE_ON_STARTUP=0
-
-# Radio devices to disable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan"
-
-# Radio devices to enable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-#DEVICES_TO_ENABLE_ON_STARTUP="wifi"
-
-# Radio devices to disable on shutdown: bluetooth, wifi, wwan.
-# (workaround for devices that are blocking shutdown).
-#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan"
-
-# Radio devices to enable on shutdown: bluetooth, wifi, wwan.
-# (to prevent other operating systems from missing radios).
-#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan"
-
-# Radio devices to enable on AC: bluetooth, wifi, wwan.
-#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-
-# Radio devices to disable on battery: bluetooth, wifi, wwan.
-#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan"
-
-# Radio devices to disable on battery when not in use (not connected):
-# bluetooth, wifi, wwan.
-#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan"
-
-# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module
-# required). Charging starts when the remaining capacity falls below the
-# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value.
-# Main / Internal battery (values in %)
-START_CHARGE_THRESH_BAT0=75
-STOP_CHARGE_THRESH_BAT0=80
-# Ultrabay / Slice / Replaceable battery (values in %)
-#START_CHARGE_THRESH_BAT1=75
-#STOP_CHARGE_THRESH_BAT1=80
-
-# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable.
-#RESTORE_THRESHOLDS_ON_BAT=1
-
-# ------------------------------------------------------------------------------
-# tlp-rdw - Parameters for the radio device wizard
-# Possible devices: bluetooth, wifi, wwan.
-
-# Hints:
-# - Parameters are disabled by default, remove the leading # to enable them
-# - Separate multiple radio devices with spaces
-
-# Radio devices to disable on connect.
-#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
-#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"
-#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"
-
-# Radio devices to enable on disconnect.
-#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"
-#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-
-# Radio devices to enable/disable when docked.
-#DEVICES_TO_ENABLE_ON_DOCK=""
-#DEVICES_TO_DISABLE_ON_DOCK=""
-
-# Radio devices to enable/disable when undocked.
-#DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
-#DEVICES_TO_DISABLE_ON_UNDOCK=""
+++ /dev/null
-# This file is part of systemd.
-#
-# See logind.conf(5) for details.
-
-[Login]
-HandleLidSwitch=hibernate
+++ /dev/null
-# Printer configuration file for CUPS v2.2.10
-# Written by cupsd
-# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
-<Printer HP_Deskjet_F300_series>
-UUID urn:uuid:e856a26d-66f8-327a-4dca-0d8a09f87a25
-Info HP Deskjet F300 series
-Location
-MakeModel HP Deskjet f300 Series, hpcups 3.18.12
-DeviceURI hp:/usb/Deskjet_F300_series?serial=CN63VB21TM04KH
-State Idle
-Type 36892
-Accepting Yes
-Shared No
-JobSheets none none
-QuotaPeriod 0
-PageLimit 0
-KLimit 0
-OpPolicy default
-ErrorPolicy retry-job
-</Printer>
+++ /dev/null
-CHARMAP="UTF-8"
-CODESET="Lat15"
-FONTFACE="Terminus"
-FONTSIZE="6x12"
+++ /dev/null
-not quite blank
+++ /dev/null
-// We set up AutoConfig according to <https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig>, see firefox.cfg comments on why we need it
-pref("general.config.filename", "firefox.cfg");
-pref("general.config.obscure_value", 0);
-
+++ /dev/null
-// do not put any code into this first line, as it gets ignored by Firefox
-
-// we zero extensions.autoDisableScopes so our pre-installed extensions activate by default
-pref("extensions.autoDisableScopes", 0);
-
-// we turn off annoying setup popups and pages; these settings are the result more of trial and error than thorough understanding by me, so more research might be warranted to discipline them
-pref("startup.homepage_welcome_url", "file:///opt/firefox/blank.html");
-pref("browser.startup.homepage", "file:///opt/firefox/blank.html");
-pref("browser.startup.blankWindow", true);
-pref("datareporting.policy.firstRunURL", "");
-pref("browser.shell.checkDefaultBrowser", false);
-pref("datareporting.policy.dataSubmissionPolicyBypassNotification", true);
-
-// use socks proxy by default
-pref("network.proxy.type", 1);
-pref("network.proxy.socks", "localhost");
-pref("network.proxy.socks_port", 9999);
-pref("network.proxy.remote_dns", true);
+++ /dev/null
-[Desktop Entry]
-Name=Firefox
-Exec=/usr/local/bin/firefox %u
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- tcp dport 80 accept comment "accept HTTP on default port"
- tcp dport 443 accept comment "accept HTTPS on default port"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
+++ /dev/null
-# system integration
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-# is expected even if empty
-events {
-}
-
-http {
- # define content-type headers
- include /etc/nginx/mime.types;
- charset utf-8;
-
- # Some standard optimizations, i.e. Debian default. Explained in
- # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
- # Not that I understand it all …
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
-
- # logging deactivated due to GDPR
- #access_log /var/log/nginx/access.log;
- #error_log /var/log/nginx/error.log;
- access_log off;
- error_log off;
-
- # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-
- # Redirect all HTTP requests to HTTPS.
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
-}
+++ /dev/null
-# path to git projects (<project>.git)
-$projectroot = "/var/repos";
-
-# don't show repos without git-daemon-export-ok file
-$export_ok = "git-daemon-export-ok";
-
-# directory to use for temp files
-# explicitely set by Debian so it's probably a good choice
-$git_temp = "/tmp";
-
-# git-diff-tree(1) options to use for generated patches
-# we don't want to to guess renames, so empty
-@diff_opts = ();
-
-# Base path for where to find the repos for cloning.
-@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
-
-# allow snapshots
-$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
-
-# insert header for GDPR compliance
-$site_header = "/var/www/header.html"
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/html/;
- index index.html index.htm index.nginx-debian.html;
-
- # serve /var/repos/* for HTTPS git cloning
- location ~ /repos/clone(/.*) {
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- # Commented out so only repos are served that contain a
- # git-daemon-export-ok file.
- # fastcgi_param GIT_HTTP_EXPORT_ALL "";
- fastcgi_param GIT_PROJECT_ROOT /var/repos;
- fastcgi_param PATH_INFO $1;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- # gitweb static files
- location /repos/static/ {
- alias /usr/share/gitweb/static/;
- }
-
- # gitweb; this needs packages fcgiwrap and gitweb
- location /repos/ {
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
- fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- # login-protected IRC logs
- location ~ ^/irclogs/([^/]+)/ {
- auth_basic "$1 logs";
- auth_basic_user_file /var/www/irclogs_pw/$1;
- autoindex on;
- }
-}
+++ /dev/null
-[Unit]
-Description=plomlombot screen
-
-[Service]
-Type=simple
-User=plom
-ExecStart=/bin/sh -c '~/plomlombot_daemon.sh'
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-[Settings]
-backend = external
-wireless_interface = wls1
-wired_interface = enp0s25
-wpa_driver = wext
-always_show_wired_interface = False
-use_global_dns = False
-global_dns_1 = None
-global_dns_2 = None
-global_dns_3 = None
-global_dns_dom = None
-global_search_dom = None
-auto_reconnect = True
-debug_mode = 0
-wired_connect_mode = 1
-signal_display_type = 0
-should_verify_ap = 1
-dhcp_client = 0
-link_detect_tool = 0
-flush_tool = 0
-sudo_app = 0
-prefer_wired = False
-show_never_connect = True
-
+++ /dev/null
-[Settings]
-backend = external
-wireless_interface = wlp3s0
-wired_interface = enp0s25
-wpa_driver = wext
-always_show_wired_interface = False
-use_global_dns = False
-global_dns_1 = None
-global_dns_2 = None
-global_dns_3 = None
-global_dns_dom = None
-global_search_dom = None
-auto_reconnect = True
-debug_mode = 0
-wired_connect_mode = 1
-signal_display_type = 0
-should_verify_ap = 1
-dhcp_client = 0
-link_detect_tool = 0
-flush_tool = 0
-sudo_app = 0
-prefer_wired = False
-show_never_connect = True
-
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp2s0"
-order += "ethernet enp1s0"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home/ ?
-disk "/home/" {
- format = "/home: %avail of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp2s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp1s0 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-# Settings for interactive shells.
-
-# Fancy colors for ls.
-alias ls="ls --color=auto"
-
-# Use vim as default editor for anything.
-export VISUAL=vim
-export EDITOR=$VISUAL
-
-# Colored prompt with username, hostname, date/time, directory.
-colornumber=7 # Default to white if no color set via colornumber dotfile.
-colornumber_file=~/.shell_prompt_color
-if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
-fi
-tput_color="$(tput setaf $colornumber)$(tput bold)"
-tput_reset="$(tput sgr0)"
-# Bash confuses the line length when not told to not count escape sequences.
-if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
-fi
-PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
-PS2="${tput_color}> $tput_reset"
-PS3="${tput_color}select: $tput_reset"
-PS4="${tput_color}+ $tput_reset"
+++ /dev/null
-! otherwise various applications will assume merely 8 colors
-XTerm.termName: xterm-256color
-
-! font
-! actually, "mono" is already the default for faceName (it will
-! pick whatever fc-match mono delivers), but we need to set _some_
-! faceName to trigger XTerm activating TrueType fonts
-! (XTerm*fontRender by itself won't do the trick), and we want
-! TrueType fonts because, well, they scale better, and XTerm lets them
-! fall back on alternatives (hi there ttf-unifont) when a Unicode
-! glyph is not found
-XTerm*faceName: mono
-
-! white on black
-XTerm*reverseVideo: on
-
-! blink screen instead of sound
-XTerm*visualBell: on
-
-! proper ALT as META key treatment
-XTerm*eightBitInput: false
-
-! font sizes
-XTerm*faceSize: 8
-XTerm*faceSize1: 4
-XTerm*faceSize2: 5
-XTerm*faceSize3: 6
-XTerm*faceSize4: 8
-XTerm*faceSize5: 14
-XTerm*faceSize6: 25
-
-! colors
-! black
-XTerm*color0: #202020
-XTerm*color8: #3F3F3F
-! red
-XTerm*color1: #A82020
-XTerm*color9: #E82020
-! green
-XTerm*color2: #20A820
-XTerm*color10: #20E820
-! yellow
-XTerm*color3: #A8A820
-XTerm*color11: #E8E820
-! blue
-XTerm*color4: #3F3FFF
-XTerm*color12: #9F9FFF
-! magenta
-XTerm*color5: #A83FFF
-XTerm*color13: #E89FFF
-! cyan
-XTerm*color6: #3FA8FF
-XTerm*color14: #9FE8FF
-! white
-XTerm*color7: #A8A8A8
-XTerm*color15: #E8E8E8
+++ /dev/null
-plom@plomlompom.com
-plom@mail.plomlompom.com
-plom@play.plomlompom.com
-# file read ends at last newline
+++ /dev/null
-# plomlompom's i3-wm configuration
-
-# Font for i3 text
-font pango:Terminus 8px
-
-# Force "tabbed" as default layout for new windows.
-workspace_layout tabbed
-
-# Make the Windows key the modifier key for all i3-wm actions.
-set $mod Mod4
-floating_modifier $mod
-
-# Launch xterm.
-bindsym $mod+Return exec xterm
-
-# Launch programs via dmenu.
-bindsym $mod+d exec dmenu_run
-bindsym $mod+x exec dmenu_run
-
-# Kill window.
-bindsym $mod+Shift+Q kill
-
-# Move focus between windows.
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Don't move focus with mouse.
-focus_follows_mouse no
-
-# Move windows.
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# Resize windows
-bindsym $mod+h resize shrink width 1 px or 1 ppt
-bindsym $mod+l resize grow width 1 px or 1 ppt
-bindsym $mod+j resize shrink height
-bindsym $mod+k resize grow height
-
-# Toggle fullscreen for focused window.
-bindsym $mod+f fullscreen
-
-# Toggle floating of window, focus on floating or tabbed windows.
-bindsym $mod+Shift+space floating toggle
-bindsym $mod+space focus mode_toggle
-
-# Switch to workspace x.
-bindsym $mod+1 workspace 1
-bindsym $mod+2 workspace 2
-bindsym $mod+3 workspace 3
-bindsym $mod+4 workspace 4
-bindsym $mod+5 workspace 5
-bindsym $mod+6 workspace 6
-bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace 8
-bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
-
-# Move window to workspace x.
-bindsym $mod+Shift+exclam move workspace 1
-bindsym $mod+Shift+quotedbl move workspace 2
-bindsym $mod+Shift+section move workspace 3
-bindsym $mod+Shift+dollar move workspace 4
-bindsym $mod+Shift+percent move workspace 5
-bindsym $mod+Shift+ampersand move workspace 6
-bindsym $mod+Shift+slash move workspace 7
-bindsym $mod+Shift+parenleft move workspace 8
-bindsym $mod+Shift+parenright move workspace 9
-bindsym $mod+Shift+equal move workspace 10
-
-# Reload i3 config file, restart (keeping sesion) i3, exit i3.
-bindsym $mod+Shift+C reload
-bindsym $mod+Shift+R restart
-bindsym $mod+Shift+P exit
-
-# Select "i3status" as i3 status bar.
-bar {
- status_command i3status
-}
+++ /dev/null
-;; general layout
-;; ==============
-
-;; need no stinkin emacs help screen as start up, and no menu bar
-(setq inhibit-startup-screen t)
-(menu-bar-mode -1)
-
-;; highlight cursor line, parentheses
-(global-hl-line-mode 1)
-(show-paren-mode 1)
-
-;; show line numbers, use separator space
-(global-linum-mode)
-(setq linum-format "%d ")
-
-;; count cursor column, row in mode line
-(setq column-number-mode t)
-
-;; settings to make GUI tolerable
-(if window-system
- (progn
- (add-to-list 'default-frame-alist '(foreground-color . "white"))
- (add-to-list 'default-frame-alist '(background-color . "black"))
- (set-face-attribute 'default nil :height 80)
- (scroll-bar-mode -1)
- (setq visible-bell t)
- (setq linum-format "%d")))
-
-;; use as default browser what XDG offers
-(setq-default browse-url-browser-function 'browse-url-xdg-open)
-
-
-
-;; general keybindings
-;; ===================
-
-;; create and use a minimal global map using just the self-insert command
-;; bindings and a selection of some to me very common keystrokes
-(setq minimal-map (make-sparse-keymap))
-(substitute-key-definition 'self-insert-command 'self-insert-command
- minimal-map global-map)
-(use-global-map minimal-map)
-(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
-(global-set-key (kbd "RET") 'newline)
-(global-set-key (kbd "TAB") 'indent-for-tab-command)
-(global-set-key (kbd "<up>") 'previous-line)
-(global-set-key (kbd "<down>") 'next-line)
-(global-set-key (kbd "<left>") 'left-char)
-(global-set-key (kbd "<right>") 'right-char)
-(global-set-key (kbd "<prior>") 'scroll-down-command)
-(global-set-key (kbd "<next>") 'scroll-up-command)
-(global-set-key (kbd "M-x") 'execute-extended-command)
-(global-set-key (kbd "C-g") 'keyboard-quit)
-;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
-;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
-;; note how to switch back to the original map: (use-global-map global-map)
-(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
-
-
-
-;; minibuffer
-;; ==========
-
-;; incremental minibuffer completion
-(icomplete-mode 1)
-
-
-
-;; text editing
-;; ============
-
-;; tabs are evil
-(setq-default indent-tabs-mode nil)
-(setq-default tab-width 4)
-(setq indent-line-function 'insert-tab)
-
-;; show trailing whitespace
-(setq-default show-trailing-whitespace 1)
-
-;; on save, ask whether to ensure text file's last line ends in a
-;; newline character
-(setq require-final-newline 1)
-
-;; use dedicated directory for version-controlled, endless backups;
-;; never delete old versions
-(setq make-backup-files t
- backup-directory-alist `(("." . "~/.emacs_backups"))
- backup-by-copying t
- version-control t
- delete-old-versions 1) ;; neither t nor nil: never delete
-
-
-;; package management
-;; ==================
-
-;; where we get packages from
-(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
- ("melpa-unstable" . "https://melpa.org/packages/")
- ("melpa-stable" . "https://stable.melpa.org/packages/")))
-
-;; ensure certain packages are installed (actually, we use Debian repos here)
-;; credit to <https://stackoverflow.com/a/10093312>
-;(setq package-list '(elfeed ledger-mode))
-;(package-initialize)
-;(dolist (package package-list)
-; (unless (package-installed-p package)
-; (package-install package)))
-
-
-
-;;; window management
-;;; =================
-;
-;;; track window configurations to allow window config undo
-;(winner-mode 1)
-
-
-
-;; mail setup
-;; ==========
-
-(setq send-mail-function 'smtpmail-send-it)
-(setq smtpmail-smtp-server "mail.plomlompom.com")
-(setq smtpmail-smtp-service 465)
-(setq smtpmail-stream-type 'ssl)
-(setq smtpmail-smtp-user "plom")
-(setq mml-secure-openpgp-encrypt-to-self t)
-(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
-
-;(setq gnutls-log-level 0)
-
-;; if we don't set this, we get this warning:
-;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
-;; has been lowered to 256 bits and this may allow decryption of the session data
-(setq gnutls-min-prime-bits 1024)
-
-;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
-;; stream process, seemingly unless the /message/ function is called at the right
-;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
-;; in /network-stream-get-response/ right after "(goto-char start)"; this works
-;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
-;; buffer is not relevant, but maybe writing to the echo area is); activing the
-;; gnutls logging is just a hack to achieve such calls to /message/ in the
-;; /network-stream-open-tls/ flow.
-(setq gnutls-log-level 1) ; miraculously makes smtpmail work
-
-;; constructs From: domain if mail composer directly called (from without
-;; notmuch), but we don't actually intend to do that
-;(setq mail-host-address "plomlompom.com")
-
-;; otherwise notmuch becomes extremely slow in some cases
-(setq-default notmuch-show-indent-content nil)
-
-;; this only works if we use notmuch-mua-send instead of message-send
-(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
-
-;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
-;; in the message ID
-(setq mail-host-address "plomlompom.com")
-
-;; notmuch saved searches
-(setq notmuch-saved-searches
- '((:name "inbox" :query "tag:unread and folder:inbox")
- (:name "all" :query "tag:unread not folder:maildir/Trash")
- (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
- (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
- (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
- (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
- (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
-
-
-
-;; org mode
-;; ========
-
-;; unsure why, but to re-set the key map, we not only have to explicitely do it
-;; only after org-mode loading, but also have to explicitely overwrite the
-;; C-c keybinding; TODO: investigate
-(with-eval-after-load 'org
- (setq org-mode-map (make-sparse-keymap))
- (define-key org-mode-map (kbd "C-c") nil)
- (define-key org-mode-map (kbd "TAB") 'org-cycle)
- (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
-
-;; don't truncate lines by default
-(setq org-startup-truncated nil)
-
-;; basic org-capture config
-(setq org-capture-templates
- '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
-(add-hook 'org-capture-mode-hook 'evil-insert-state)
-
-;; agenda view on startup
-(load-library "find-lisp")
-(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
-(setq org-agenda-span 90)
-(setq org-agenda-use-time-grid nil)
-(add-hook 'emacs-startup-hook (lambda ()
- (org-agenda-list)
- (switch-to-buffer "*Org Agenda*")
- (other-window 1)))
-
-;;; for calendar, use ISO date style
-;(setq calendar-date-style 'iso)
-;(setq diary-number-of-entries 7)
-;(diary)
-;(setq org-agenda-time-grid '((today require-timed remove-match)
-; #("----------------" 0 16 (org-heading t))
-; (0 200 400 600 800 1000 1200
-; 1400 1600 1800 2000 2200)))
-
-;; empty org-agenda-mode keybindings
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (setq org-agenda-mode-map (make-sparse-keymap))))
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (use-local-map (make-sparse-keymap))))
-
-;; org-publish-all
-(setq org-publish-project-alist
- '(
- ("website"
- :base-directory "~/org/web/"
- :base-extension "org"
- :publishing-directory "~/html/"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4 ; Just the default for this project.
- :auto-preamble t
- )))
-
-;; use [ki:] syntax to hide stuff from exports
-(defun classify-information (text backend info)
- "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
- (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
-(add-hook 'org-export-filter-plain-text-functions 'classify-information)
-
-;; add HTML validator link to exports
-(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
-
-
-
-;;; Info mode
-;;; =========
-
-(setq Info-mode-map (make-sparse-keymap))
-(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
-(define-key Info-mode-map (kbd "u") 'Info-up)
-(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
-(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
-(define-key Info-mode-map (kbd "H") 'Info-history-back)
-(define-key Info-mode-map (kbd "L") 'Info-history-forward)
-(define-key Info-mode-map (kbd "I") 'Info-goto-node)
-(define-key Info-mode-map (kbd "i") 'Info-index)
-
-
-
-;; help mode
-;; =========
-
-(setq help-mode-map (make-sparse-keymap))
-(define-key help-mode-map (kbd "TAB") 'forward-button)
-(define-key help-mode-map (kbd "RET") 'help-follow)
-(define-key help-mode-map (kbd "<backtab>") 'backward-button)
-
-
-
-;; elfeed
-;; ======
-
-(require 'elfeed) ; needed so we can set the font faces
-(set-face-background 'elfeed-search-title-face "magenta")
-(set-face-background 'elfeed-search-unread-count-face "magenta")
-(setq elfeed-feeds
- '("https://capsurvival.blogspot.com/feeds/posts/default"
- "https://jungle.world/rss.xml"
- "http://news.dieweltistgarnichtso.net/bin/index.xml"
- "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
- "http://www.tagesschau.de/xml/atom"))
-(setq elfeed-search-mode-map (make-sparse-keymap))
-(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
-(defun elfeed-search-mark-as-read() (interactive)
- (elfeed-search-untag-all 'unread))
-(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
-(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
-(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
-(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
-(setq elfeed-show-mode-map (make-sparse-keymap))
-(define-key elfeed-show-mode-map (kbd "u") 'elfeed)
-(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
-(define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
-(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
-(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
-(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
-(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
-
-
-
-;; eww
-;; ===
-
-(setq eww-mode-map (make-sparse-keymap))
-(define-key eww-mode-map (kbd "TAB") 'shr-next-link)
-(define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
-(define-key eww-mode-map (kbd "H") 'eww-back-url)
-(define-key eww-mode-map (kbd "L") 'eww-forward-url)
-
-
-
-;; ledger
-;; ======
-(setq ledger-mode-map (make-sparse-keymap))
-(define-key ledger-mode-map (kbd "TAB") 'ledger-magic-tab)
-
-
-
-;;; plomvi mode
-;;; ===========
-
-(defvar plomvi-return-combo (kbd "C-c"))
-(load "~/public_repos/plomvi.el/plomvi.el")
-(plomvi-global-mode 1)
+++ /dev/null
-[user]
- email = c.heller@plomlompom.de
- name = Christian Heller
+++ /dev/null
-IMAPAccount plom
-# Address to connect to
-Host mail.plomlompom.com
-User plom
-# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
-# therefore the pw in ~/.authinfo should not be longer than that.
-PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
-SSLType IMAPS
-AuthMechs LOGIN
-
-IMAPStore core-remote
-Account plom
-
-MaildirStore core-local
-# The trailing "/" is important
-Path ~/mail/maildir/
-Inbox ~/mail/inbox/
-
-Channel core
-Master :core-remote:
-Slave :core-local:
-Patterns *
-# Automatically create missing mailboxes, both locally and on the server
-Create Both
-# Save the synchronization state files in the relevant directory
-SyncState *
-# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
-Expunge Both
+++ /dev/null
-[database]
-path=/home/plom/mail
-[search]
-exclude_tags=deleted;spam;
-# the fields below set the From: if the mail composer is called from
-# within notmuch
-[user]
-name=Christian Heller
-primary_email=plom@plomlompom.com
+++ /dev/null
-sanitize tridactyllocal tridactylsync
-guiset statuspanel top-right
-guiset tabs autohide
-set newtab file:///opt/firefox/blank.html
-autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
-bind / fillcmdline find
-bind n findnext 1
-bind N findnext -1
-set findcase insensitive
-bind j scrollline 3
-bind k scrollline -3
-set hintuppercase false
-set searchengine duckduckgo
+++ /dev/null
-# X init configuration
-
-# Set keymap.
-setxkbmap de
-
-# Map CapsLock to Compose key.
-xmodmap -e "clear Lock"
-xmodmap -e "keycode 66 = Multi_key"
-
-# Load xterm settings
-xrdb -merge ~/.Xresources
-
-# Redshift to Berlin, Germany.
-redshift -rl 53:13 &
-
-# Launch window manager.
-i3
+++ /dev/null
-#!/bin/sh
-set -e
-
-basedir="/home/plom/mail/maildir/"
-# Ensure directories exist for all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- if [ ! -d "${target_dir}" ]; then
- echo "Directory ${target_dir} does not exist."
- exit 1
- fi
-done
-
-# Ensure all "dir:*"-tagged mails are in proper directories,
-# remove all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- for f in $(notmuch search --output=files tag:"${tag}"); do
- new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
- target_path="${target_dir}${new_name}"
- if [ ! "${target_path}" = "${f}" ]; then
- echo "Moving ${f} to ${target_path}."
- mv "${f}" "${target_path}"
- fi
- done
- notmuch tag -"${tag}" tag:"${tag}"
-done
-
-# Remove all "deleted"-tagged files from maildirs.
-notmuch search --output=files tag:deleted | while read f; do
- echo "Deleting ${f}"
- rm "${f}"
-done
-
-# Sync changes back to server and update notmuch index.
-mbsync -a
-notmuch new
+++ /dev/null
-# List of repos we want cloned in ~/public_repos
-config
-pingmail.git
-plomlombot-irc.git
-plomrogue
-plomrogue2-experiments
-plomvi.el
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wls1"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wls1 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-
-# plomlompom customizations
-Domain REPLACE_maildomain_ECALPER
-KeyFile /etc/dkimkeys/REPLACE_selector_ECALPER.private
-Selector REPLACE_selector_ECALPER
-Socket inet:8892@localhost
+++ /dev/null
-
-##########################################
-# below this: customizations by plomlompom
-
-config :pleroma, :instance,
- registrations_open: false,
- safe_dm_mentions: true,
- cleanup_attachments: true
-
-config :pleroma, :frontend_configurations,
- pleroma_fe: %{
- showInstanceSpecificPanel: true,
- background: "/pixel.png",
- logo: "/pixel.png"
- }
-
-config :pleroma, :chat,
- enabled: false
-
-config :pleroma, Pleroma.Captcha,
- enabled: false
-
-config :pleroma, :static_fe,
- enabled: true
+++ /dev/null
-
-# TLS certs
-smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem
-smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem
-
-# OpenDKIM milter
-non_smtpd_milters = inet:localhost:8892
-smtpd_milters = inet:localhost:8892
-
-# transport mail to dovecot; not strictly needed, as even without this
-# postfix will throw mail to /var/mail/USER to be found by dovecot for
-# serving via IMAP etc.; but using dovecot's LMTP server for delivery
-# allows us to do stuff like dovecot-side sieve filtering.
-mailbox_transport = lmtp:inet:127.0.0.1:2424
-
-# to authenticate on SMTP, we need a SASL mechanism; we talk to dovecot
-# for this, since it provides one
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_auth_enable = yes
-
-# we append mail domain here for if it is different than $myhostname
-mydestination = $myhostname localhost.$mydomain localhost REPLACE_maildomain_ECALPER
+++ /dev/null
-
-# Run SMTPS on port 465, enforce TLS there.
-smtps inet n - y - - smtpd
- -o smtpd_tls_wrappermode=yes
+++ /dev/null
-#!/bin/sh
-blog_dir=~/blog
-export GIT_DIR=$(pwd)
-export GIT_WORK_TREE="$blog_dir"
-git checkout -f
-cd "$GIT_WORK_TREE"
-redo
-git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/*
-count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l)
-if [ "$count" != 0 ]; then
- git add metadata/*.automatic_metadata
-fi
-status=$(git status -s)
-n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l)
-if [ "$n_updates" -gt 0 ]; then
- git commit -a -m 'Update metadata'
-fi
+++ /dev/null
-require ["fileinto"];
-require ["mailbox"];
-if address :is "from" "foo@bar.com" {
- fileinto :create "foo";
-}
-if address :is :domain "to" "example.com" {
- fileinto :create "example.com";
-}
+++ /dev/null
-<!DOCTYPE html>
-<meta charset="UTF-8">
-<a href="blog">Zum Blog?</a>
+++ /dev/null
-# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted
-poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep
+++ /dev/null
-listen:
- hostname: 'localhost'
- port: 9000
-
-# Correspond to your reverse proxy server_name/listen configuration
-webserver:
- https: true
- hostname: 'example.com'
- port: 443
-
-rates_limit:
- api:
- # 50 attempts in 10 seconds
- window: 10 seconds
- max: 50
- login:
- # 15 attempts in 5 min
- window: 5 minutes
- max: 15
- signup:
- # 2 attempts in 5 min (only succeeded attempts are taken into account)
- window: 5 minutes
- max: 2
- ask_send_email:
- # 3 attempts in 5 min
- window: 5 minutes
- max: 3
-
-# Proxies to trust to get real client IP
-# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
-# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
-trust_proxy:
- - 'loopback'
-
-# Your database name will be "peertube"+database.suffix
-database:
- password: 'peertube'
- hostname: 'localhost'
- port: 5432
- suffix: '_prod'
- username: 'peertube'
- pool:
- max: 5
-
-# Redis server for short time storage
-# You can also specify a 'socket' path to a unix socket but first need to
-# comment out hostname and port
-redis:
- hostname: 'localhost'
- port: 6379
- auth: null
- db: 0
-
-# SMTP server to send emails
-smtp:
- hostname: null
- port: 465 # If you use StartTLS: 587
- username: null
- password: null
- tls: true # If you use StartTLS: false
- disable_starttls: false
- ca_file: null # Used for self signed certificates
- from_address: 'admin@example.com'
-
-email:
- body:
- signature: "PeerTube"
- subject:
- prefix: "[PeerTube]"
-
-# From the project root directory
-storage:
- tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before processing...
- avatars: '/var/www/peertube/storage/avatars/'
- videos: '/var/www/peertube/storage/videos/'
- streaming_playlists: '/var/www/peertube/storage/streaming-playlists/'
- redundancy: '/var/www/peertube/storage/redundancy/'
- logs: '/var/www/peertube/storage/logs/'
- previews: '/var/www/peertube/storage/previews/'
- thumbnails: '/var/www/peertube/storage/thumbnails/'
- torrents: '/var/www/peertube/storage/torrents/'
- captions: '/var/www/peertube/storage/captions/'
- cache: '/var/www/peertube/storage/cache/'
- plugins: '/var/www/peertube/storage/plugins/'
-
-log:
- level: 'info' # debug/info/warning/error
- rotation:
- enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
- maxFileSize: 12MB
- maxFiles: 20
- anonymizeIP: true
-
-search:
- # Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
- # If enabled, the associated group will be able to "escape" from the instance follows
- # That means they will be able to follow channels, watch videos, list videos of non followed instances
- remote_uri:
- users: true
- anonymous: false
-
-trending:
- videos:
- interval_days: 7 # Compute trending videos for the last x days
-
-# Cache remote videos on your server, to help other instances to broadcast the video
-# You can define multiple caches using different sizes/strategies
-# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
-redundancy:
- videos:
- check_interval: '1 hour' # How often you want to check new videos to cache
- strategies: # Just uncomment strategies you want
-# -
-# size: '10GB'
-# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
-# min_lifetime: '48 hours'
-# strategy: 'most-views' # Cache videos that have the most views
-# -
-# size: '10GB'
-# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
-# min_lifetime: '48 hours'
-# strategy: 'trending' # Cache trending videos
-# -
-# size: '10GB'
-# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
-# min_lifetime: '48 hours'
-# strategy: 'recently-added' # Cache recently added videos
-# min_views: 10 # Having at least x views
-
-csp:
- enabled: false
- report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
- report_uri:
-
-tracker:
- # If you disable the tracker, you disable the P2P aspect of PeerTube
- enabled: true
- # Only handle requests on your videos.
- # If you set this to false it means you have a public tracker.
- # Then, it is possible that clients overload your instance with external torrents
- private: true
- # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
- reject_too_many_announces: false
-
-history:
- videos:
- # If you want to limit users videos history
- # -1 means there is no limitations
- # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
- max_age: -1
-
-views:
- videos:
- # PeerTube creates a database entry every hour for each video to track views over a period of time
- # This is used in particular by the Trending page
- # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
- # -1 means no cleanup
- # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
- remote:
- max_age: -1
-
-plugins:
- # The website PeerTube will ask for available PeerTube plugins and themes
- # This is an unmoderated plugin index, so only install plugins/themes you trust
- index:
- enabled: true
- check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
- url: 'https://packages.joinpeertube.org'
-
-
-###############################################################################
-#
-# From this point, all the following keys can be overridden by the web interface
-# (local-production.json file). If you need to change some values, prefer to
-# use the web interface because the configuration will be automatically
-# reloaded without any need to restart PeerTube.
-#
-# /!\ If you already have a local-production.json file, the modification of the
-# following keys will have no effect /!\.
-#
-###############################################################################
-
-cache:
- previews:
- size: 500 # Max number of previews you want to cache
- captions:
- size: 500 # Max number of video captions/subtitles you want to cache
-
-admin:
- # Used to generate the root user at first startup
- # And to receive emails from the contact form
- email: 'admin@example.com'
-
-contact_form:
- enabled: true
-
-signup:
- enabled: false
- limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
- requires_email_verification: false
- filters:
- cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
- whitelist: []
- blacklist: []
-
-user:
- # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
- # -1 == unlimited
- video_quota: -1
- video_quota_daily: -1
-
-# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
-# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
-# Please, do not disable transcoding since many uploaded videos will not work
-transcoding:
- enabled: true
- # Allow your users to upload .mkv, .mov, .avi, .flv videos
- allow_additional_extensions: true
- # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
- allow_audio_files: true
- threads: 1
- resolutions: # Only created if the original video has a higher resolution, uses more storage!
- 0p: false # audio-only (creates mp4 without video stream, always created when enabled)
- 240p: true
- 360p: true
- 480p: true
- 720p: true
- 1080p: true
- 2160p: false
-
- # Generate videos in a WebTorrent format (what we do since the first PeerTube release)
- # If you also enabled the hls format, it will multiply videos storage by 2
- # If disabled, breaks federation with PeerTube instances < 2.1
- webtorrent:
- enabled: true
-
- # /!\ Requires ffmpeg >= 4.1
- # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
- # * Resolution change is smoother
- # * Faster playback in particular with long videos
- # * More stable playback (less bugs/infinite loading)
- # If you also enabled the webtorrent format, it will multiply videos storage by 2
- hls:
- enabled: true
-
-import:
- # Add ability for your users to import remote videos (from YouTube, torrent...)
- videos:
- http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
- enabled: false
- # You can use an HTTP/HTTPS/SOCKS proxy with youtube-dl
- proxy:
- enabled: false
- url: ""
- torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
- enabled: false
-
-auto_blacklist:
- # New videos automatically blacklisted so moderators can review before publishing
- videos:
- of_users:
- enabled: false
-
-# Instance settings
-instance:
- name: 'PlomTube'
- short_description: ''
- description: 'Personal PeerTube instance by plomlompom (see https://plomlompom.com) for his own videos.' # Support markdown
- terms: '**Privacy**: Videos here are streamed via the BitTorrent protocol, which might expose your IP to other peers – see the "P2P & Privacy" section [here](/about/peertube). Internally, site visits are logged by the PeerTube software, but with IPs anonymized. **Contact**: See https://plomlompom.com/contact.html' # Support markdown
- code_of_conduct: '' # Supports markdown
-
- # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
- moderation_information: '' # Supports markdown
-
- # Why did you create this instance?
- creation_reason: ''
-
- # Who is behind the instance? A single person? A non profit?
- administrator: ''
-
- # How long do you plan to maintain this instance?
- maintenance_lifetime: ''
-
- # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
- business_model: ''
-
- # If you want to explain on what type of hardware your PeerTube instance runs
- # Example: "2 vCore, 2GB RAM..."
- hardware_information: '' # Supports Markdown
-
- # What are the main languages of your instance? To interact with your users for example
- # Uncomment or add the languages you want
- # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
- languages:
-# - en
-# - es
-# - fr
-
- # You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
- # Uncomment or add the category ids you want
- # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories
- categories:
-# - 1 # Music
-# - 2 # Films
-# - 3 # Vehicles
-# - 4 # Art
-# - 5 # Sports
-# - 6 # Travels
-# - 7 # Gaming
-# - 8 # People
-# - 9 # Comedy
-# - 10 # Entertainment
-# - 11 # News & Politics
-# - 12 # How To
-# - 13 # Education
-# - 14 # Activism
-# - 15 # Science & Technology
-# - 16 # Animals
-# - 17 # Kids
-# - 18 # Food
-
- default_client_route: '/videos/trending'
-
- # Whether or not the instance is dedicated to NSFW content
- # Enabling it will allow other administrators to know that you are mainly federating sensitive content
- # Moreover, the NSFW checkbox on video upload will be automatically checked by default
- is_nsfw: false
- # By default, "do_not_list" or "blur" or "display" NSFW videos
- # Could be overridden per user with a setting
- default_nsfw_policy: 'do_not_list'
-
- customizations:
- javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
- css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
- # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
- robots: |
- User-agent: *
- Disallow:
- # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
- securitytxt:
- "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
-
-services:
- # Cards configuration to format video in Twitter
- twitter:
- username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
- # If true, a video player will be embedded in the Twitter feed on PeerTube video share
- # If false, we use an image link card that will redirect on your PeerTube instance
- # Change it to "true", and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
- whitelisted: false
-
-followers:
- instance:
- # Allow or not other instances to follow yours
- enabled: true
- # Whether or not an administrator must manually validate a new follower
- manual_approval: false
-
-followings:
- instance:
- # If you want to automatically follow back new instance followers
- # If this option is enabled, use the mute feature instead of deleting followings
- # /!\ Don't enable this if you don't have a reactive moderation team /!\
- auto_follow_back:
- enabled: false
-
- # If you want to automatically follow instances of the public index
- # If this option is enabled, use the mute feature instead of deleting followings
- # /!\ Don't enable this if you don't have a reactive moderation team /!\
- auto_follow_index:
- enabled: false
- index_url: 'https://instances.joinpeertube.org'
-
-theme:
- default: 'default'
+++ /dev/null
-# place for test files whose modification times are used to track lifesigns
-testdir=$HOME'/.pingmail'
-
-# modification time is the last time a ping was sent or a lifetime received
-ping_touch=$testdir'/ping_touch'
-
-# modification time is when the count for sending checker a warning mail starts
-reminder_touch=$testdir'/reminder_touch'
-
-# how long to wait for lifesigns before sending a ping; double is time to wait
-# for a lifesign before sending a warning message to checker
-wait_time=86400
-
-# address of the checker, receives warning message after too long wait
-checker_address='bar@example.org'
-
-# address of the checked person, ping is sent here
-checked_address='foo@example.org'
-
-# content of ping message sent to checked person
-subj2checked='[pingmail] Ping!'
-msg2checked='Hi!\n
-\nThis is an automated mail ping from '$checker_address'.
-\nRespond to show that you are still alive!'
-
-# content of warning message sent to checker
-id_target='foo'
-subj2checker='[pingmail] No recent life signs from '$id_target
-reminder_time=`expr $wait_time \* 2`
-msg2checker='pingmail reporting in:\n
-\nNo life signs from '$id_target' for the last '$reminder_time' seconds.
-\nMaybe you should give them a call to check if they are okay.'
-
-# mail client command reading message body from stdin and subject from parameter
-mailclient_s='mail -s'
-
-# mailbox file to check for most recent life sign
-mbox=$HOME'/mail/foo'
-
-# to recursively search for most recent matches to $matchstring as lifesigns
-#maildir=$HOME'/mail'
-
-# pattern to search $maildir for recursively for lifesigns
-#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'`
-#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)'
+++ /dev/null
-<div style="margin: 1em;">
- <p>Privacy: Visitor IP addresses are anonymized in the logs.</p>
- <p>Contact: See <a href="https://plomlompom.com/contact.html">plomlompom.com contact page</a>.</p>
-</div>
+++ /dev/null
-User-agent: *
-Disallow:
+++ /dev/null
-This is <a href="https://plomlompom.com">plomlompom</a>'s personal single-user Pleroma instance.
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Repeatedly parse config file for GPG key and bot screen configs.
-path=~/.plomlombot
-db_dir="${HOME}/plomlombot_db"
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-hostname_mod_epoch=$(stat -c%Y /etc/hostname)
-while true; do
- if [ -f "${path}" ]; then
- cat "${path}" | while read line; do
- first_word=$(echo -n "${line}" | cut -d' ' -f1)
-
- # Read "bot:" line, start bot screen session from it if not yet existing,
- # set up irclogs dir if not yet existing.
- if [ "${first_word}" = "bot:" ]; then
- session_name=$(echo -n "${line}" | cut -d' ' -f2)
- bot_name=$(echo -n "${line}" | cut -d' ' -f3)
- channel_name=$(echo -n "${line}" | cut -d' ' -f4)
- shortened_channel_name="${channel_name}"
- first_char=$(echo -n "${channel_name}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-)
- fi
- server_name=$(echo -n "${line}" | cut -d' ' -f5)
- login_user=$(echo -n "${line}" | cut -d' ' -f6)
- login_pw=$(echo -n "${line}" | cut -d' ' -f7)
- add_option=$(echo -n "${line}" | cut -d' ' -f8-)
- set +e
- screen -S "${session_name}" -Q select . > /dev/null
- start_screen=$?
- set -e
- if [ "${start_screen}" -eq "1" ]; then
- cd ~/plomlombot-irc
- LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" -c "${channel_name}" ${add_option}
- fi
- md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1)
- md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1)
- logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs"
- # FIXME: Note the trouble we will have if we have the same channel
- # name on different servers …
- ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}"
- echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}"
-
- # If "gpg_key" line, encrypt old raw logs to that GPG key.
- elif [ "${first_word}" = "gpg_key" ]; then
- key=$(echo -n "${line}" | cut -d' ' -f2)
- mkdir -p ~/plomlombot_db
- cd ~/plomlombot_db
- # Dirty hack: To avoid trouble with GPG key expiration, fake
- # system to something reasonbly old (younger than key creation,
- # older than expiration) by taking the mod datetime of
- # /etc/hostname, which should have last be changed when the
- # system was set up.
- find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
- fi
-
- done
- sleep 1
- fi
-done
+++ /dev/null
-#!/bin/sh
-GIT_WORK_TREE=/home/plom/plomlombot-irc git checkout -f
+++ /dev/null
-{
- "translations": {
- "wrongCaptcha": "Captcha leider falsch.",
- "invalidURL": "Falsch formatierte URL.",
- "recordedURL": "URL aufgezeichnet (wird gesichtet und bei Angemessenheit dem Artikel angefügt): ",
- "pleaseWait": "Zu viele Versuche von dieser IP. So viele Sekunden warten: "
- },
- "mailConfig": {
- "to": "plom+url_catcher@plomlompom.com",
- "from": "plom+url_catcher@plomlompom.com"
- },
- "slowdownReset": 3600
-}
+++ /dev/null
-#!/bin/sh
-GIT_WORK_TREE=/var/www git checkout -f
+++ /dev/null
-#!/bin/sh
-
-# Enforce ~/.weechatrc as sole persistent weechat config file.
-rm -rf ~/.weechat/
-WEECHATCONF=`tr '\n' ';' < ~/.weechatrc`
-weechat -r "$WEECHATCONF"
-rm -rf ~/.weechat/
+++ /dev/null
-#!/bin/sh
-# Encrypt dated weechatlog files older than one day to GPG target defined in
-# ~/.encrypt_target
-set -e
-
-gpg_key=$(cat ~/.encrypt_target)
-cd ~/weechatlogs/irc/
-
-# Dirty hack: To avoid trouble with GPG key expiration, fake
-# system to something reasonbly old (younger than key creation,
-# older than expiration) by taking the mod datetime of
-# /etc/hostname, which should have last be changed when the
-# system was set up.
-hostname_mod_epoch=$(stat -c%Y /etc/hostname)
-find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
-
+++ /dev/null
-/set logger.file.path ~/weechatlogs
-/set logger.file.flush_delay 0
-/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog"
-/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]"
-/set weechat.color.chat_nick_colors "lightcyan"
-/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest
-/connect freenode
-/bar hide buflist
+++ /dev/null
-#!/bin/sh
-ZETTELDIR=/home/plom/zettel
-GIT_WORK_TREE=$ZETTELDIR git checkout -f
-cd $ZETTELDIR
-redo
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-
-if [ "$#" -lt 3 ]; then
- echo 'Need at least three arguments: service name, DB name, and backup directory names.'
- false
-fi
-app="$1"
-db_name="$2"
-shift 2
-
-cd /tmp
-rm -rf "${app}_backup"
-mkdir "${app}_backup"
-chmod 777 "${app}_backup"
-
-service "${app}" stop
-
-su postgres -lc "pg_dump -d ${db_name} --format=custom -f /tmp/${app}_backup/${db_name}.pgdump"
-for target in "$@"; do
- mkdir -p $(dirname "${app}_backup${target}")
- cp -a "${target}" "${app}_backup${target}"
-done
-
-tar cf "${app}_backup.tar" "${app}_backup"
-rm -rf "${app}_backup"
-chown plom:plom "${app}_backup.tar"
-mv "${app}_backup.tar" /home/plom
+++ /dev/null
-#!/bin/sh
-# Copy files in argument-selected subdirectories of $1 to subdirectories
-# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
-# of "" and $3 of "all", copy files below etc_files/all such as
-# etc_files/all/etc/foo/bar to equivalent locations below / such as
-# /etc/foo/bar. Create directories as necessary. Multiple arguments after
-# $3 are possible.
-#
-# CAUTION: This removes original files at the affected paths.
-set -e
-
-if [ "$#" -lt 3 ]; then
- echo 'Need arguments: source root, target root, modules.'
- false
-fi
-source_root="$1"
-target_root="$2"
-shift 2
-
-for target_module in "$@"; do
- mkdir -p "${source_root}/${target_module}"
- cd "${source_root}/${target_module}"
- for path in $(find . -type f); do
- target_path="${target_root}"$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp "${source_path}" "${target_path}"
- done
-done
+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access to
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
-set -e
-
-# Location auf a sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/buster"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
- echo "Need server as argument."
- false
-fi
-server="$1"
-
-# Ask for root password only once, sshpass will re-use it then often.
-stty -echo
-printf "(Old) server root password: "
-read PW_ROOT
-stty echo
-printf "\n"
-export SSHPASS="${PW_ROOT}"
-
-# This will be used to log-in as root from plom account.
-echo 'Asking for new root password.'
-ssh root@"${server}" "passwd"
-
-# Create user plom, and his ~/.ssh/authorized_keys based on the local
-# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login by copying over the
-# sshd_config and restart ssh daemon.
-#
-# This could be a line or two shorter by using ssh-copy-id, but that
-# would require setting a password for user plom otherwise not needed.
-sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
-sshpass -e ssh root@"${server}" \
- 'useradd -m plom && '\
- 'mkdir /home/plom/.ssh && '\
- 'chown plom:plom /home/plom/.ssh && '\
- 'chown plom:plom /tmp/authorized_keys && '\
- 'chmod u=rw,go= /tmp/authorized_keys && '\
- 'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-sshpass -e ssh root@"${server}" 'service ssh restart'
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Location auf a sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/buster"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
- echo "Need server as argument."
- false
-fi
-server="$1"
-
-# So we're only asked once …
-eval $(ssh-agent)
-ssh-add
-
-# This will be used to log-in as root from plom account.
-echo 'Asking for new root password.'
-ssh root@"${server}" "passwd"
-
-# Set up plom's ~/.ssh/authorized_keys from root's.
-ssh root@"${server}" 'useradd -m plom'
-ssh root@"${server}" 'mkdir /home/plom/.ssh'
-ssh root@"${server}" 'chown plom:plom /home/plom/.ssh'
-ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/'
-ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'
-
-# Set up SSH config and remove direct SSH login to root.
-scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-
-config_tree_prefix="${HOME}/config/buster"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- # TODO: continue if file at $path not found, to get rid of dummy files
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-
-if [ "$#" -lt 2 ]; then
- echo 'Need two arguments: old server IP, and service name.'
- false
-fi
-if [ ! "$2" = "pleroma_otp" ] && [ ! "$2" = "pleroma_source" ] && [ ! "$2" = "peertube" ]; then
- echo "Need legal service name (pleroma_otp or pleroma_source or peertube)."
- false
-fi
-server_ip="$1"
-app="$2"
-service="$2"
-if [ "${app}" = "pleroma_otp" ]; then
- db_name="pleroma"
- dirs="/var/lib/pleroma/uploads /etc/pleroma"
- service=pleroma
-elif [ "${app}" = "pleroma_source" ]; then
- db_name="pleroma"
- dirs="/var/lib/pleroma/uploads /opt/pleroma/config"
- service=pleroma
-elif [ "${app}" = "peertube" ]; then
- db_name="peertube_prod"
- dirs="/var/www/peertube/storage /var/www/peertube/config"
-fi
-
-config_tree_prefix="${HOME}/config/buster"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-
-cd "${setup_scripts_dir}"
-./prepare_to_meet_server.sh "${server_ip}"
-read -p'Hit Enter when you are done.' ignore
-eval $(ssh-agent) && ssh-add
-echo 'Enter password for root on target server next.'
-ssh plom@"${server_ip}" "su -lc \"cd config/buster/setup_scripts && git pull && ./backup_app.sh ${service} ${db_name} ${dirs}\""
-scp plom@"${server_ip}":~/${service}_backup.tar /home/plom/${service}_backup.tar
-./restore_app.sh "${app}" "${db_name}"
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need old server IP.'
- false
-fi
-old_server="$1"
-config_tree_prefix="${HOME}/config/buster"
-cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
-chown plom:plom /home/plom/prepare_to_meet_server.sh
-su -lc "./prepare_to_meet_server.sh ${old_server}" plom
-read -p'Hit Enter when you are done.' ignore
-rm /home/plom/prepare_to_meet_server.sh
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
-rm /home/plom/mirror_dir.sh
+++ /dev/null
-#!/bin/sh
-# Mirror directory tree from remote to local server, keeping the path.
-set -e
-
-if [ $# -lt 2 ]; then
- echo "Need server and directory as arguments."
- false
-fi
-server=$1
-dir=$2
-path_package=/tmp/delete.tar
-
-eval `ssh-agent`
-ssh-add
-cd
-ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
-scp plom@"${server}":"${path_package}" "${path_package}"
-mkdir -p "${dir}"
-cd "${dir}"
-tar xf "${path_package}"
-cd
-rm "${path_package}"
-ssh plom@"${server}" rm "${path_package}"
+++ /dev/null
-#!/bin/sh
-# Do some of the steps necessary to SSH (key-based) with another server.
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need server IP as argument.'
- false
-fi
-target="$1"
-
-# We need a public key to copy over, so generate it if not found.
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
- ssh-keygen -N ""
-fi
-
-# Add target to ~/.ssh/known_hosts so we don't get
-# asked for permission at inopportune moments.
-ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
-
-# Tell user what to do.
-echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
-cat ~/.ssh/id_rsa.pub
+++ /dev/null
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-
-config_tree_prefix="${HOME}/config/buster"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- echo "${line}" >> /tmp/list_white_unsorted
- fi
- done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
-
-# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab.
-# TODO: Find out why.
-mount -a
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-
-if [ "$#" -lt 2 ]; then
- echo 'Need two arguments: service name and DB name.'
- false
-fi
-if [ ! "$1" = "pleroma_otp" ] && [ ! "$1" = "pleroma_source" ] && [ ! "$1" = "peertube" ]; then
- echo "Need legal service name (pleroma_otp or pleroma_source or peertube)."
- false
-fi
-app="$1"
-db_name="$2"
-service="$1"
-if [ "${app}" = "pleroma_source" ] || [ "${app}" = "pleroma_otp" ]; then
- service=pleroma
-fi
-
-service "${service}" stop
-
-mv "/home/plom/${service}_backup.tar" /tmp/
-cd /tmp
-tar xf "${service}_backup.tar"
-
-su postgres -c "pg_restore -c -1 -d ${db_name} ${service}_backup/${db_name}.pgdump"
-rm "${service}_backup/${db_name}.pgdump"
-
-cd "${service}_backup"
-for path in $(find . -type f); do
- if [ "${app}" = "pleroma_source" ]; then
- if [ "${path}" = './opt/pleroma/config/prod.secret.exs' ]; then
- continue # skip file that contains passwords
- fi
- fi
- target_path=$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp -a "${source_path}" "${target_path}"
-done
-
-# TODO: Horrible hack, improve.
-if [ "${app}" = "pleroma_otp" ]; then
- db_pw=$(cat /etc/pleroma/config.exs | grep password | sed 's/[ ]*password\: *//g' | sed 's/,//g' | sed 's/"//g')
-elif [ "${app}" = "peertube" ]; then
- db_pw=$(cat /var/www/peertube/config/production.yaml | grep password | head -1 | sed "s/[ ]*password\: *//g" | sed "s/'//g")
-fi
-if [ "${app}" = "pleroma_otp" ] || [ "${app}" = "peertube" ]; then
- su postgres -lc "psql -c \"ALTER USER ${service} WITH PASSWORD '${db_pw}';\""
-fi
-
-service "${service}" start
+++ /dev/null
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-#
-# Ignores IPv6s.
-set -e
-
-hostname="$1"
-fqdn="$2"
-if [ "${hostname}" = "" ]; then
- echo "Need hostname as argument."
- false
-fi
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
- continue
- fi
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
- continue
- fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
- continue
- fi
- fi
- final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -lt 2 ]; then
- echo 'Need at least two arguments (hostname, FQDN).'
- false
-fi
-hostname="$1"
-fqdn="$2"
-shift 2
-
-config_tree_prefix="${HOME}/config/buster"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-# Adapt /etc/ to our needs by copying from ./etc_files. This will set
-# basic configurations affecting following steps, such as setup of APT
-# and the locale selection, so needs to be right at the beginning.
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all "$@"
-./purge_nonrequireds.sh all "$@"
-
-# Ensure our desired locale is available.
-locale-gen
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need exactly one argument (system name).'
- false
-fi
-if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ] && [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then
- echo "Need legal system name."
- false
-fi
-system_name="$1"
-
-# Set up system without user environment.
-config_tree_prefix="${HOME}/config/buster"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then
- ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
-else
- ./setup.sh "${system_name}" "" user desktop "${system_name}"
-fi
-# For hibernation on lid switch to work, we need a newer kernel on the EeePC,
-# see <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919227>.
-if [ "${system_name}" = "eeepc" ]; then
- apt -y install -t buster-backports linux-image-amd64
-fi
-
-# Set up printer.
-lpadmin -p 'HP_Deskjet_F300_series' -m 'drv:///hpcups.drv/hp-deskjet_f300_series.ppd' -o 'OutputMode=NormalGray' -E
-service cups restart
-
-# Install Firefox directly from Mozilla.
-firefox_release="68.4.1esr"
-firefox_filename="firefox-${firefox_release}.tar.bz2"
-url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
-wget "${url_firefox}"
-mv "${firefox_filename}" /opt/
-cd /opt/
-tar xf "${firefox_filename}"
-rm "${firefox_filename}"
-ln -s /opt/firefox/firefox /usr/local/bin/
-update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
-update-alternatives --set x-www-browser /opt/firefox/firefox
-
-# Install Firefox plugins.
-# See <https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Sideloading_add-ons>
-extensions_dir="/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/"
-mkdir -p "${extensions_dir}"
-umatrix_version="1.4.0"
-umatrix_xpi="uMatrix.firefox.xpi"
-url_umatrix="https://github.com/gorhill/uMatrix/releases/download/${umatrix_version}/${umatrix_xpi}"
-wget "${url_umatrix}"
-name=$(unzip -p "${umatrix_xpi}" manifest.json | jq -r .applications.gecko.id)
-mv "${umatrix_xpi}" "${name}".xpi
-tridactyl_version="1.17.1pre3355"
-tridactyl_xpi="tridactyl_beta-${tridactyl_version}-an+fx.xpi"
-url_tridactyl="https://tridactyl.cmcaine.co.uk/betas/${tridactyl_xpi}"
-wget "${url_tridactyl}"
-name=$(unzip -p "${tridactyl_xpi}" manifest.json | jq -r .applications.gecko.id)
-mv "${tridactyl_xpi}" "${name}.xpi"
-mv *.xpi "${extensions_dir}"
-
-# Set up user environments.
-secrets_dev="sdb"
-source_dir_secrets="/media/${secrets_dev}/to_usb"
-target_dir_secrets="/home/plom/tmp_secrets"
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
-set +e
-HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?)
-set -e
-adduser --disabled-password --gecos "" plom
-usermod -a -G sudo plom
-passwd plom
-if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then
- echo "Put secrets drive into slot for /dev/${secrets_dev}."
- while [ ! -e /dev/"${secrets_dev}" ]; do
- sleep 1
- done
- stty -echo
- printf "Secrets passphrase: "
- read secrets_pass
- stty echo
- echo "" # newline so user knows their input return was accepted
- echo "${secrets_pass}" | pmount /dev/"${secrets_dev}"
- cp -a "${source_dir_secrets}" "${target_dir_secrets}"
- chown -R plom:plom "${target_dir_secrets}"
- pumount "${secrets_dev}"
- echo "You can remove /dev/${secrets_dev} now."
- cp setup_home.sh /home/plom
- chown plom:plom /home/plom/setup_home.sh
- SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom
-fi
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 4 ]; then
- echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).'
- false
-fi
-if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then
- echo "Need legal repo source name."
- false
-fi
-domain="$1"
-mail="$2"
-old_server="$3"
-repos_source="$4"
-
-read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore
-
-# Install configs, set up firewall.
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh web dumpsite
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Set up connection to old dump server.
-cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
-chown plom:plom /home/plom/prepare_to_meet_server.sh
-su -lc "./prepare_to_meet_server.sh ${old_server}" plom
-read -p'Hit Enter when you are done.' ignore
-rm /home/plom/prepare_to_meet_server.sh
-
-# Set up dump dirs.
-mkdir /var/www-dump
-chown plom:plom /var/www-dump
-dump_dir=dump
-geheim_dir=geheim
-su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom
-su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom
-su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom
-su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom
-mv /home/plom/password_geheim /var/www-dump/password_geheim
-rm /home/plom/mirror_dir.sh
-
-# Set up redo.
-wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz
-tar -moxzf redo-sh.tar.gz -C /usr/local
-
-# Set up zettel.
-su -lc "git clone --mirror ${old_server}:zettel.git" plom
-cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive
-su -lc "git clone ~/zettel.git && cd zettel && redo" plom
-su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom
-# NOTE: Locally, to update content, clone zettel.git, not zettel.
-
-# Set up redo blog.
-su -lc "git clone --mirror ${old_server}:blog.git" plom
-cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive
-su -lc "git clone ~/blog.git" plom
-# TODO: set up like plomlombot repo (with post-recieve hook)?
-if [ "$repo_source" = "local"]; then
- su -lc "git clone /var/repos/redo-blog" plom
-else
- su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom
-fi
-su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom
-su -lc "cd blog && redo" plom
-su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom
-# NOTE: Locally, to update content, clone blog.git, not blog.
-
-# Set up url catcher.
-# TODO: set up like plomlombot repo (with post-recieve hook)?
-if [ "$repo_source" = "local"]; then
- su -lc "git clone /var/repos/url-catcher" plom
-else
- su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom
-fi
-su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom
-cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json
-systemctl enable url_catcher.service
-service url_catcher start
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom
-su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom
-rm /home/plom/mirror_dir.sh
-
-# Set up index.html
-cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html
-
-# Prepare NGINX.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx
-ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx
-
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need exactly one argument (system name).'
- false
-fi
-if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ]&& [ ! "$1" = "x220" ]; then
- echo "Need legal system name."
- false
-fi
-system_name="$1"
-
-public_repos_dir="${HOME}/public_repos"
-config_tree_prefix="${public_repos_dir}/config"
-path_borgscript="${config_tree_prefix}/all_new_2018/borg.sh"
-config_tree_buster="${config_tree_prefix}/buster"
-setup_scripts_dir="${config_tree_buster}/setup_scripts"
-repos_list_file="${public_repos_dir}/repos"
-dir_secrets="${HOME}/tmp_secrets"
-borgkeys_dir=~/.config/borg/keys
-borgrepos_file=~/.borgrepos
-ssh_dir=~/.ssh
-authinfo_file=.authinfo
-maildir=~/mail/maildir
-
-ensure_repo() {
- repo_name="${1}"
- if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
- cd "${public_repos_dir}"
- git clone plom@plomlompom.com:/var/repos/${repo_name}
- fi
-}
-
-# Set up iniitial non-public parts of infrastructure: SSH authentication.
-cd "${dir_secrets}"
-mkdir -p "${ssh_dir}"
-echo "Setting up .ssh"
-cp id_rsa ~/.ssh
-stty -echo
-ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
-stty echo
-eval $(ssh-agent)
-ssh-add
-ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
-
-# Clone config to copy dotfiles etc. from it.
-cd
-mkdir -p "${public_repos_dir}"
-ensure_repo config
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_buster}/home_files" "${HOME}" minimal user "${system_name}"
-
-# Set up native messenger for tridactyl.
-version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
-curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
-
-# Set up further non-public parts of infrastructure.
-cd "${dir_secrets}"
-script -c 'gpg --import secret_keys.asc' /dev/null
-tar xf borg_keyfiles.tar
-mkdir -p "${borgkeys_dir}"
-mv borg_keyfiles/* "${borgkeys_dir}"
-# .authinfo may not be present on every secrets drive yet
-if [ -f "${authinfo_file}" ]; then
- cp "${authinfo_file}" ~
-fi
-cd
-rm -rf "${dir_secrets}"
-
-# Sync org dir via borgbackup. For this we need the borgbackup servers
-# in our .ssh/known_hosts file.
-cat "${borgrepos_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- server=$(echo "${line}" | sed 's/.*@//')
- ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
-done
-BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
-
-# Fill ~/public_repos.
-cat "${repos_list_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- ensure_repo "${line}"
-done
-
-# Set up e-mail system. Note that we only do mbsync if the imap pass file
-# is found. It may not be present on every secrets drive yet, so we have to
-# deal with the possibility of it being absent at this point.
-mkdir -p "${maildir}" # expected by mbsync/isync
-if [ -f "${HOME}/${authinfo_file}" ]; then
- mbsync -a
- notmuch new
-fi
-
-# Final note on how to integrate tridactyl.
-echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Check we have the necessary arguments.
-if [ "$#" -lt 1 ]; then
- echo 'Need mail for letsencrypt, mail domain, and optionally old server IP.'
- false
-fi
-mail="$1"
-mail_domain="$2"
-old_server="$3"
-
-read -p'You sure you entered the correct mail domain? (not the server domain, but what comes after the @ in your mail addresses) If not, abort here!' ignore
-
-config_tree_prefix="${HOME}/config/buster"
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections
-./install_for_target.sh mail
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" mail
-nft -f /etc/nftables.conf
-
-# Rebuild aliases DB from /etc/aliases
-newaliases
-
-# Update config files without overwriting defaults.
-cat "${config_tree_prefix}/other_files/append_postfix_main.cf" >> /etc/postfix/main.cf
-cat "${config_tree_prefix}/other_files/append_postfix_master.cf" >> /etc/postfix/master.cf
-cat "${config_tree_prefix}/other_files/append_opendkim.conf" >> /etc/opendkim.conf
-
-# Set up letsencrypt certificate. We need this for STARTTLS on port
-# 25/SMTP (some mail servers refuse delivering mails here if no
-# STARTTLS available) and transport-layer TLS on port 465 (for
-# user-to-server SMTPS)
-# TODO: Is it auto-renewed?
-certbot certonly --standalone --agree-tos --no-eff-email -m "${mail}" -d "$(hostname -f)"
-
-# For if FQDN != mail domain name.
-sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf
-sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/postfix/main.cf
-
-# OpenDKIM setup.
-selector=$(hostname)$(date +%Y%m%d)
-opendkim-genkey -d "${mail_domain}" -D /etc/dkimkeys -s "${selector}"
-sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/opendkim.conf
-sed -i "s/REPLACE_selector_ECALPER/${selector}/g" /etc/opendkim.conf
-
-# Dovecot sieve filtering via LMTP. Without this, mail only gets
-# delivered to /var/mail/…, with it /var/mail/… remains the fallback
-# inbox, but all else is sieve-filtered to ~/mail/.
-cp "${config_tree_prefix}/other_files/dovecot.sieve" /home/plom/.dovecot.sieve
-chown plom:plom /home/plom/.dovecot.sieve
-
-# In addition to our postfix server receiving mails, we funnel mails from a
-# POP3 account into dovecot via fetchmail. It might make sense to adapt the
-# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their
-# own mbox.
-cp "${config_tree_prefix}/other_files/fetchmailrc" /home/plom/.fetchmailrc
-chown plom:plom /home/plom/.fetchmailrc
-chmod 0700 /home/plom/.fetchmailrc
-
-# Pingmail setup.
-cp "${config_tree_prefix}/other_files/pingmailrc" /home/plom/.pingmailrc
-chown plom:plom /home/plom/.pingmailrc
-su -lc "cd && git clone https://plomlompom.com/repos/clone/pingmail" plom
-
-# To allow IMAPS access.
-echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf
-echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf
-password=$(pwgen -s 100 1)
-echo "plom:${password}" | chpasswd
-
-# Get old mail data, shutdown old postfix server.
-if [ "${old_server}" != "" ]; then
- cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
- su -lc "./prepare_to_meet_server.sh ${old_server}" plom
- read -p'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
- su -lc "scp plom@${old_server}:.dovecot.sieve ~" plom
- su -lc "scp plom@${old_server}:.fetchmailrc ~" plom
- su -lc "scp plom@${old_server}:.pingmailrc ~" plom
- su -lc "ssh -t plom@${old_server} \"su -lc 'service postfix stop'\"" plom
- su -lc "ssh plom@${old_server} \"su -lc 'systemctl disable fetchmail_old_account.timer'\"" plom
- su -lc "ssh plom@${old_server} \"su -lc 'service fetchmail_old_account stop'\"" plom
- #su -lc "ssh -t plom@${old_server} \"su -lc 'service fetchmail stop'\"" plom
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${old_server} /home/plom/mail" plom
- rm /home/plom/mirror_dir.sh
- touch /var/mail/plom
- chown plom:mail /var/mail/plom
- chmod 0600 /var/mail/plom
- su -lc "scp plom@${old_server}:/var/mail/plom /var/mail/plom" plom
-fi
-
-# Start everything anew to ensure new configurations.
-service opendkim restart
-service postfix restart
-service dovecot restart
-
-# Pingmail and fetchmail have some systemd timers waiting. To let systemd
-# know about them, do this.
-systemctl daemon-reload
-systemctl enable --now fetchmail_old_account.timer
-systemctl enable --now pingmail.timer
-
-# Final advice to user.
-echo "To put into DNS:"
-cat "/etc/dkimkeys/${selector}.txt"
-echo "If subdomain, append .subdomain to _domainkeys!"
-echo "Also ensure DMARC record of 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' as TXT entry at _dmarc or, if subdomain, _dmarc.subdomain"
-echo "Also ensure SPF record of 'v=spf1 mx -all' as TXT entry at @ or subdomain"
-echo "Also ensure reverse DNS lookup for our IP points to $(hostname -f)"
-echo "Also ensure MX record of priority 10 for @ or subdomain pointing to $(hostname -f)"
-echo "IMAPS password for user plom is: ${password}"
-echo "Also don't forget borgbackup migration …"
-
-# todo just for proper mail /sending/:
-# * how to check IP safety
-# https://talosintelligence.com/reputation_center/lookup?search=$IP
-# http://www.anti-abuse.org/multi-rbl-check-results/?host=
-# https://www.dnsbl.info/dnsbl-database-check.php
-# note that none of these catch the IPs that gmx etc. reject
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Heavily inspired by
-# <https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md>
-# and
-# <https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/dependencies.md>
-
-if [ "$#" -ne 2 ]; then
- echo 'Need domain name, mail_address as arguments.'
- false
-fi
-domain="$1"
-mail="$2"
-
-# Install dependencies, set up firewall.
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh web peertube
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
-nft -f /etc/nftables.conf
-
-# Get NodeJS. See
-# <https://github.com/nodesource/distributions/blob/master/README.md>
-curl -sL https://deb.nodesource.com/setup_10.x | bash -
-apt-get install -y nodejs
-
-# Get Yarn. See
-# <https://classic.yarnpkg.com/en/docs/install#debian-stable>
-curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-apt update && apt install yarn
-
-systemctl start redis postgresql
-
-# Prepare user and DB.
-useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube
-db_pw=$(pwgen -s 100 1)
-su postgres -lc "psql -c \"CREATE USER peertube WITH PASSWORD '${db_pw}';\""
-su -l postgres -c 'createdb -O peertube -E UTF8 -T template0 peertube_prod'
-su -l postgres -c 'psql -c "CREATE EXTENSION pg_trgm;" peertube_prod'
-su -l postgres -c 'psql -c "CREATE EXTENSION unaccent;" peertube_prod'
-
-# Install and configure PeerTube from latest version.
-VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
-cd /var/www/peertube && su -l peertube -c "mkdir config storage versions && cd versions"
-su -l peertube -c "wget -q 'https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip'"
-su -l peertube -c "unzip peertube-${VERSION}.zip && rm peertube-${VERSION}.zip"
-su -l peertube -c "ln -s peertube-${VERSION} ./peertube-latest"
-su -l peertube -c "cd peertube-latest && yarn install --production --pure-lockfile"
-
-# Configure PeerTube.
-cp "${config_tree_prefix}/other_files/peertube_production.yaml" /var/www/peertube/config/production.yaml
-chown peertube:peertube /var/www/peertube/config/production.yaml
-sed -i "s/admin\@example\.com/${mail}/g" config/production.yaml
-sed -i "s/example\.com/${domain}/g" config/production.yaml
-sed -i "s/password: 'peertube'/password: '${db_pw}'/g" config/production.yaml
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Configure NGINX.
-cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube
-sed -i "s/peertube.example.com/${domain}/g" /etc/nginx/sites-available/peertube
-sed -i -E 's/^([[:space:]]*)(access_log|error_log)([[:space:]])/\1# \2\3/g' /etc/nginx/sites-available/peertube
-ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
-
-# Configure systemd and start PeerTube through it.
-cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/
-systemctl daemon-reload
-systemctl enable peertube
-systemctl start peertube
-
-# Restart NGINX.
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-
-if [ "$#" -lt 1 ]; then
- echo "Need public key ID and optionally old server IP."
- false
-fi
-gpg_key="$1"
-old_server="$2"
-
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh play
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play
-cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc
-cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/
-cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/
-chown plom:plom /home/plom/*weechat*
-chown plom:plom /home/plom/.weechatrc
-echo "${gpg_key}" > /home/plom/.encrypt_target
-chown plom:plom /home/plom/.encrypt_target
-
-# TODO refactor with setup_website.sh
-# Add encryption key.
-keyservers='sks-keyservers.net/ keys.gnupg.net'
-set +e
-while true; do
- do_break=0
- for keyserver in $(echo "${keyservers}"); do
- su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
- if [ $? -eq "0" ]; then
- do_break=1
- break
- fi
- echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
- done
- if [ "${do_break}" -eq "1" ]; then
- break
- fi
-done
-set -e
-
-if [ "${old_server}" != "" ]; then
- cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
- su -lc "./prepare_to_meet_server.sh ${old_server}" plom
- read -p'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
- su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom
- su -lc "scp plom@${old_server}:.weechatrc ~" plom
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom
- rm /home/plom/mirror_dir.sh
-fi
-
-systemctl enable --now encrypt_chatlogs.timer
+++ /dev/null
-#!/bin/sh
-set -e
-# Heavily inspired by <https://docs.pleroma.social/otp_en.html>
-
-if [ "$#" -ne 2 ]; then
- echo 'Need domain name, mail_address as arguments.'
- false
-fi
-domain="$1"
-mail="$2"
-
-# Install dependencies, set up firewall.
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh web pleroma pleroma_otp
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web pleroma
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Prepare user.
-adduser --system --shell /bin/false --home /opt/pleroma pleroma
-
-# Download and unzip latest stable release, set up Pleroma dirs.
-export FLAVOUR='amd64'
-su pleroma -s $SHELL -lc "
-curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
-unzip /tmp/pleroma.zip -d /tmp/
-"
-su pleroma -s $SHELL -lc "
-mv /tmp/release/* /opt/pleroma
-rmdir /tmp/release
-rm /tmp/pleroma.zip
-"
-mkdir -p /var/lib/pleroma/uploads
-chown -R pleroma /var/lib/pleroma
-mkdir -p /etc/pleroma
-chown -R pleroma /etc/pleroma
-
-# Configure and set up DB.
-su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \
---output /etc/pleroma/config.exs \
---output-psql /tmp/setup_db.psql \
---domain ${domain} \
---instance-name plom-roma \
---admin-email ${mail} \
---notify-email ${mail} \
---dbhost localhost \
---dbname pleroma \
---dbuser pleroma \
---db-configurable N \
---rum N \
---indexable Y \
---uploads-dir /var/lib/pleroma/uploads \
---static-dir /var/lib/pleroma/static \
---listen-ip 127.0.0.1 \
---listen-port 4000 \
---dbpass $(pwgen -s 100 1)"
-su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
-su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
-
-# Since the OTP release does not support .secret.exs configuration
-# files, we hack our own alternative by simply appending custom
-# configurations to /etc/config.exs.
-cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs
-
-# Single-pixel picture hack for removing Pleroma FE images.
-cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/
-chown pleroma:nogroup /var/lib/pleroma/static/pixel.png
-
-# Info panel and TOS.
-#mkdir -p /var/lib/pleroma/static/instance
-#mkdir -p /var/lib/pleroma/static/static
-#cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html
-#cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html
-#cp "${config_tree_prefix}/other_files/pleroma_robots.txt" /var/lib/pleroma/static/robots.txt
-
-# Hack to fix <https://git.pleroma.social/pleroma/pleroma/issues/1616>
-curl https://git.pleroma.social/pleroma/pleroma/-/raw/4271cfb81a8983f5ec6a878cab1fb3fbd164245d/priv/static/static/static-fe.css?inline=false >> /var/lib/pleroma/static/static/static-fe.css
-
-# Prepare NGINX config for Pleroma.
-cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
-sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx
-ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
-
-# Systemd integration.
-cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
-systemctl start pleroma
-systemctl enable pleroma
-
-# Only restart NGINX with Pleroma running.
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-# Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/>
-
-if [ "$#" -ne 2 ]; then
- echo 'Need domain name, mail_address as arguments.'
- false
-fi
-domain="$1"
-mail="$2"
-
-# Install dependencies, configs, set up firewall.
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh web pleroma pleroma_source
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web pleroma
-nft -f /etc/nftables.conf
-
-# Prepare user.
-adduser --system --group --shell /bin/false --home /var/lib/pleroma pleroma
-
-# Setup Erlang.
-wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
-dpkg -i /tmp/erlang-solutions_1.0_all.deb
-apt update
-apt -y install elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-ssh erlang-xmerl
-
-mkdir -p /opt/pleroma
-chown -R pleroma:pleroma /opt/pleroma
-su pleroma -s $SHELL -lc 'git clone -b develop https://git.pleroma.social/pleroma/pleroma /opt/pleroma'
-su pleroma -s $SHELL -lc 'mix local.hex --force'
-su pleroma -s $SHELL -lc 'mix local.rebar --force'
-su pleroma -s $SHELL -lc "cd /opt/pleroma &&\
-mix deps.get &&\
-mix pleroma.instance gen \
---output config/generated_config.exs \
---output-psql /tmp/setup_db.psql \
---domain ${domain} \
---instance-name plomroma \
---admin-email ${mail} \
---notify-email ${mail} \
---dbhost localhost \
---dbname pleroma \
---dbuser pleroma \
---db-configurable N \
---rum N \
---indexable Y \
---uploads-dir /var/lib/pleroma/uploads \
---static-dir /var/lib/pleroma/static \
---listen-ip 127.0.0.1 \
---listen-port 4000 \
---dbpass $(pwgen -s 100 1) &&\
-mv config/{generated_config.exs,prod.secret.exs}"
-su postgres -s $SHELL -lc 'psql -f /tmp/setup_db.psql'
-su pleroma -s $SHELL -lc 'cd /opt/pleroma && MIX_ENV=prod mix ecto.migrate'
-
-# Add our own plom.exs and import it to prod.secret.exs
-echo '' >> /opt/pleroma/config/prod.secret.exs
-echo 'import_config "plom.exs"' >> /opt/pleroma/config/prod.secret.exs
-echo 'import Config' > /opt/pleroma/config/plom.exs
-cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /opt/pleroma/config/plom.exs
-
-# Single-pixel picture hack for removing Pleroma FE images.
-cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/
-chown pleroma:nogroup /var/lib/pleroma/static/pixel.png
-
-# Info panel and TOS.
-#mkdir -p /var/lib/pleroma/static/instance
-#mkdir -p /var/lib/pleroma/static/static
-#cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html
-#cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html
-#cp "${config_tree_prefix}/other_files/pleroma_robots.txt" /var/lib/pleroma/static/robots.txt
-
-# Upload directory. For some reason this does not exist yet here.
-mkdir -p /var/lib/pleroma/uploads
-chown pleroma:nogroup /var/lib/pleroma/uploads
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Prepare NGINX config for Pleroma.
-cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
-sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx
-ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
-
-# Systemd integration.
-cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
-systemctl start pleroma
-systemctl enable pleroma
-
-# Only restart NGINX with Pleroma running.
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-
-./install_for_target.sh seedbox
-
-# As according to <https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template>
-su -lc "curl -Ls 'https://raw.githubusercontent.com/wiki/rakshasa/rtorrent/CONFIG-Template.md' | grep -A9999 '^######' | grep -B9999 '^### END' | sed -re \"s:/home/USERNAME:\$HOME:\" >~/.rtorrent.rc" plom
-su -lc "mkdir ~/rtorrent" plom
-
-# As according to <https://unix.stackexchange.com/a/475485>
-chmod u+s /usr/bin/screen
-chmod 755 /var/run/screen
+++ /dev/null
-#!/bin/sh
-# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_and_keybased_login.sh.
-set -e
-
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -lt 2 ]; then
- echo 'Need exactly two arguments (hostname, FQDN).'
- false
-fi
-hostname="$1"
-fqdn="$2"
-additional_arg="$3"
-
-# Set up system without user environment.
-config_tree_prefix="${HOME}/config/buster"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-./setup.sh "${hostname}" "${fqdn}" server "${additional_arg}"
-
-# If we have not yet set the shell for user plom, ensure it here. This
-# is mostly for convenience.
-usermod -s /bin/bash plom
-
-# Enable firewall.
-systemctl enable nftables.service
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 4 ] && [ "$#" -ne 5 ]; then
- echo 'Need domain name and mail and key ID and init state and possibly old server IP as argument.'
- false
-fi
-if [ ! "$4" = "copy" ] && [ ! "$4" = "new" ] && [ ! "$4" = "upgrade" ]; then
- echo "Need init state to be either 'copy' or 'new' or 'upgrade'"
- false
-fi
-if [ ! "$4" = "new" ] && [ "$#" -ne 5 ]; then
- echo "With init state != 'new' need fifth argument old server IP."
- false
-fi
-domain="$1"
-mail="$2"
-gpg_key="$3"
-init_state="$4"
-old_server="$5"
-
-# NOTE: init_state=upgrade is for migration from older stretch server setup
-
-# Install configs, set up firewall.
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh web website
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Set up connection to old server.
-if [ ! "${init_state}" = "new" ]; then
- cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
- chown plom:plom /home/plom/prepare_to_meet_server.sh
- su -lc "./prepare_to_meet_server.sh ${old_server}" plom
- read -p'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
-fi
-
-# Set up repos dir.
-# To use this dir, "git clone --mirror" repo source paths into it as user plom.
-# As user plom, touch git-daemon-export-ok files into it to make the repo
-# publically available.
-if [ "${init_state}" = "new" ]; then
- mkdir /var/repos
- chown plom:plom /var/repos
-else
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- chmod a+w /var
- if [ "${init_state}" = "copy" ]; then
- su -lc "./mirror_dir.sh ${old_server} /var/repos" plom
- else
- su -lc "./mirror_dir.sh ${old_server} /var/public_repos" plom
- fi
- chmod a-w /var
- rm /home/plom/mirror_dir.sh
-fi
-
-# Prepare NGINX and GitWeb config.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx
-ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx
-
-# Set up website. TODO: use non-/var/www dir for better separation to dump site
-rm -rf /var/www
-mkdir /var/www
-chown plom:plom /var/www
-if [ "${init_state}" = "upgrade" ]; then
- # This assumes the old core.plomlompom.com filesystem hierarchy.
- su -lc "cd /var/repos && git clone --mirror plom@core.plomlompom.com:repos/website" plom
-elif [ "${init_state}" = "new" ]; then
- su -lc "cd /var/repos && git init --bare website.git" plom
-fi
-cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive
-su -lc 'cd /var/www && git clone /var/repos/website.git .' plom
-
-# Add encryption key.
-keyservers='sks-keyservers.net/ keys.gnupg.net'
-set +e
-while true; do
- do_break=0
- for keyserver in $(echo "${keyservers}"); do
- su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
- if [ $? -eq "0" ]; then
- do_break=1
- break
- fi
- echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
- done
- if [ "${do_break}" -eq "1" ]; then
- break
- fi
-done
-set -e
-
-# Set up plomlombot.
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-mkdir -p "${irclogs_dir}"
-chown -R plom:plom "${irclogs_dir}"
-mkdir -p "${irclogs_pw_dir}"
-chown -R plom:plom "${irclogs_pw_dir}"
-if [ "${init_state}" = "new" ]; then
- # Handle the case that the repo is in the old pre-buster server setup –
- # even then, the URL should be the same.
- su -lc "cd /var/repos && git clone --mirror https://plomlompom.com/repos/clone/plomlombot-irc" plom
- su -lc "touch /var/repos/plomlombot-irc.git/git-daemon-export-ok" plom
- cp "${config_tree_prefix}/other_files/plomlombot_hook_post-receive" /var/repos/plomlombot-irc.git/hooks/post-receive
-fi
-su -lc "git clone /var/repos/plomlombot-irc.git" plom
-cp "${config_tree_prefix}/other_files/plomlombot_daemon.sh" /home/plom/
-chown plom:plom /home/plom/plomlombot_daemon.sh
-if [ "${init_state}" = "new" ]; then
- echo 'bot: plomlombog plomlombog #plomlomtest irc.freenode.net foo bar' >> /home/plom/.plomlombot
- chown plom:plom /home/plom/.plomlombot
-else
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${old_server} /home/plom/plomlombot_db" plom
- rm /home/plom/mirror_dir.sh
- su -lc "scp plom@${old_server}:.plomlombot ~" plom
- su -lc "ssh plom@${old_server} \"su -lc 'service plomlombot stop'\"" plom
-fi
-systemctl enable plomlombot.service
-service plomlombot start
-
-# In the above step, we might have created a root-owned /var/www/html –
-# fix this here.
-chown -R plom:plom /var/www/html
-
-# TODO:
-# - rename /home/plom/public_repos to /home/plom/repos
-
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-
-# Heavily inspired by <https://docs-develop.pleroma.social/backend/administration/updating/>
-su pleroma -s $SHELL -lc 'cd /opt/pleroma && git pull && mix deps.get'
-service pleroma stop
-su pleroma -s $SHELL -lc 'MIX_ENV=prod cd /opt/pleroma && mix ecto.migrate'
-service pleroma start
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Heavily inspired by
-# <https://docs.joinpeertube.org/#/install-any-os?id=upgrade>
-
-# backup DB
-SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak"
-cd /var/www/peertube/
-su peertube -c 'mkdir -p backup'
-su postgres -c "pg_dump -F c peertube_prod" | su peertube -c "tee ${SQL_BACKUP_PATH}" > /dev/null
-
-# Get new PeerTube version.
-VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
-cd /var/www/peertube/versions
-su peertube -c "wget -q \"https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip\""
-su peertube -c "unzip -o peertube-${VERSION}.zip && rm peertube-${VERSION}.zip"
-
-# Yarn new PeerTube.
-su -l peertube -c "cd /var/www/peertube/versions/peertube-${VERSION} && yarn install --production --pure-lockfile"
-
-# Copy new default.yaml (TODO: find out what it does)
-su peertube -c "cp /var/www/peertube/versions/peertube-${VERSION}/config/default.yaml /var/www/peertube/config/default.yaml"
-
-set +e
-echo
-echo "Check differences between new and old production.yaml[.example]"
-diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml
-echo
-set -e
-
-# Link new PeerTube as latest one.
-cd /var/www/peertube
-unlink ./peertube-latest
-su peertube -c "ln -s versions/peertube-${VERSION} ./peertube-latest"
-
-set +e
-echo
-echo "Check differences between new and old NGINX files"
-cd /var/www/peertube/versions
-diff "$(ls --sort=t | head -2 | tail -1)/support/nginx/peertube" "$(ls --sort=t | head -1)/support/nginx/peertube"
-echo
-echo "Check differences between new and old systemd unit files"
-diff "$(ls --sort=t | head -2 | tail -1)/support/systemd/peertube.service" "$(ls --sort=t | head -1)/support/systemd/peertube.service"
-echo
-set -e
-
-service peertube restart
+++ /dev/null
-# Bash as a non-login shell in non-POSIX-mode does not read in the startup
-# script at the path in $ENV. This forces it to still read in the ~/.shinit
-# startup script for non-login shells.
-
-. ~/.shinit
-
-export NVM_DIR="$HOME/.nvm"
-[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
-[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
+++ /dev/null
-[user]
- name = Christian Heller
- email = c.heller@plomlompom.de
+++ /dev/null
-# Initialization for login shells.
-
-# Tell interactive shells to look in ~/.shinit for setup.
-ENV=$HOME/.shinit
-export ENV
-. $ENV
-
-export PATH="$HOME/.cargo/bin:$PATH"
+++ /dev/null
-# Settings for interactive shells.
-
-# Ensure shell truly is interactive to avoid confusing non-interactive shells.
-if [[ $- == *i* ]]; then
-
- # Fancy colors for ls.
- alias ls="ls --color=auto"
-
- # Use vim as default editor for anything.
- export VISUAL=vim
- export EDITOR=$VISUAL
-
- # Colored prompt with username, hostname, date/time, directory.
- colornumber=7 # Default to white if no color set via colornumber dotfile.
- colornumber_file=~/.shinit_color
- if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
- fi
- tput_color="$(tput setaf $colornumber)$(tput bold)"
- tput_reset="$(tput sgr0)"
- # Bash confuses the line length when not told to not count escape sequences.
- if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
- fi
- PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $USER@$(hostname):"\$\(pwd\)"]$ $tput_reset"
- PS2="${tput_color}> $tput_reset"
- PS3="${tput_color}select: $tput_reset"
- PS4="${tput_color}+ $tput_reset"
-
- # Add local additions.
- local_shinit_file=~/.shinit_add
- if [ -f $local_shinit_file ]; then
- . $local_shinit_file
- fi
-
-fi
+++ /dev/null
-" Activate syntax highlighting.
-syntax on
-filetype plugin on
-
-" Number lines.
-set number
-
-"" Don't add unsolicited final newline.
-"set binary
-
-" Indentation rules (tabs to 4 spaces).
-set expandtab
-set shiftwidth=2
-set softtabstop=2
-
-" Backups.
-set backup
-set backupdir=~/.vimbackups
-let myvar = strftime("%Y-%m-%d_%H-%M-%S")
-let myvar = "set backupext=_". myvar
-execute myvar
-
-" Keep syntax highlighting healthy.
-autocmd BufEnter * :syntax sync fromstart
-
-" Mark the 80-th column.
-set colorcolumn=80
-
-" Source additions
-source ~/.vimrc_add
+++ /dev/null
-DEFAULT="$HOME/mail/new_inbox/"
-logfile "$HOME/.mailfilter.log"
-
-if ( /^To: .*heller@talon\.one.*/:D || /^Subject: .*Talon*/:D )
-{
- DIR="$HOME/mail/talonone/"
- `mkdir -p $DIR/{cur,new,tmp}`
- to $DIR
-}
-
-if ( /^Subject: Postfix SMTP server: errors from /:D && \
- /^From: Mail Delivery System <MAILER-DAEMON@plomlompom\.com>/:D && \
- /^To: Postmaster <postmaster@plomlompom\.com>/:D )
-{
- DIR="$HOME/mail/new_postfix_smtp_server_errors_from/"
- `mkdir -p $DIR/{cur,new,tmp}`
- to $DIR
-}
-
-if ( /^From: \"Nebenan\.de\" \<noreply@nebenan\.de\>/:D )
-{
- DIR="$HOME/mail/nebenan_de/"
- `mkdir -p $DIR/{cur,new,tmp}`
- to $DIR
-}
+++ /dev/null
-# plomlompom's mutt configuration file
-
-# Define mailboxes.
-set mbox_type=Maildir
-set folder=/home/plom/mail
-set spoolfile=$folder/inbox
-set mbox=$folder/archive
-set record=$folder/sent
-set postponed=$folder/postponed
-
-# Move read messages from $spoolfile to $mbox.
-set move=yes
-
-# Macro to a mailboxes view built from all folders below ~/mail.
-macro index,pager y <change-folder>?<toggle-mailboxes>
-mailboxes `ls /home/plom/mail | sed -e 's/^/=/' | tr "\n" " "`
-
-# What goes into the default header display.
-ignore *
-unignore from: subject to cc date
-
-# Force some variables for From: and Message-ID: generation.
-set realname="Christian Heller"
-
-# Allow me to reply myself.
-set reply_self = yes
-
-# Only scroll in the current message, not across messages.
-set pager_stop = yes
-
-# Sort message top-down new-old.
-set sort=reverse-date
-
-# Ensure visibility of attachments. The second line handles (in an ugly way) the
-# issue of mails that use the content-type of multipart/alternative wrongly, by
-# omitting from the text/plain alternative relevant multimedia files attached to
-# the multipart/related alternative that contains text/html and said files. This
-# will in certain cases make the pager default to displaying the HTML variant of
-# a mail when a plain text one is available, but this is preferable to hiding
-# potentially important attachments.
-set index_format="%4C %Z %?X?[%X]& ? %{%b %d} %-15.15L (%?l?%4l&%4c?) %s"
-alternative_order multipart/related text/plain text/html
-
-# Defaults from /usr/share/doc/mutt/examples/gpg.rc
-set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
-set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
-set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
-set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
-set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
-set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
-set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
-set pgp_import_command="gpg --no-verbose --import %f"
-set pgp_export_command="gpg --no-verbose --export --armor %r"
-set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
-set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --list-keys %r"
-set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --list-secret-keys %r"
-set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
-
-# Further stuff from http://codesorcery.net/old/mutt/mutt-gnupg-howto
-set pgp_autosign=yes
-set pgp_sign_as=0x98F64A5F
-set pgp_replyencrypt=yes
-set pgp_timeout=1800
-
-# Promoting my public key.
-my_hdr X-PGP-Key: https://dump.plomlompom.com/dump/plomlompom.asc
+++ /dev/null
-# plomlompom's getmail configuration
-
-# Where and how to get mail from.
-[retriever]
-type = SimplePOP3SSLRetriever
-server = mail.klostein.com
-username = c.heller@plomlompom.de
-
-# Let procmail take charge of incoming mail. Use user-defined rc file.
-[destination]
-type = MDA_external
-path = /usr/bin/procmail
-arguments = ("-m", "/home/plom/.procmailrc")
-
-# Delete retrieved mail from server.
-[options]
-delete = false
+++ /dev/null
-# plomlompom's procmail configuration
-
-MAILDIR=/home/plom/mail
-DEFAULT=$MAILDIR/inbox/
-
-:0
-* ^To: Bisdahin <termin@bisdahin.de>
-bisdahin/
-
-:0
-* ^From: Doodle <mailer@doodle.com>
-doodle/
-
-:0
-* ^From: FetLife <donotreply@fetlifemail\.com>
-fetlife/
-
-:0
-* ^From: Flattr <no-reply@flattr.com>
-flattr/
-
-:0
-* ^From: noreply@statusnetondemand.net
-identica/
-
-:0
-* ^From: .*@linkedin\.com
-linkedin/
-
-:0
-* ^To: .*forum@detrans.de
-ML-detrans/
-
-:0
-* ^To: .*liste-ff-medien@gruene-jugend.de
-ML-gj-medien/
-
-:0
-* ^To: wann-klettern-wir@googlegroups\.com
-ML-klettern/
-
-:0
-* ^Subject: \[schildower-kreis-info\]
-schildower_kreis/
-
-:0
-* ^Subject: .*\[reflect-info\]
-reflect-info/
-
-:0
-* ^To: .*st-berlin@smjg.org
-ML-smjg-berlin/
-
-:0
-* ^Subject: Logwatch for plomlompom\.com \(Linux\)
-serverlogs/
-
-:0
-* ^Subject: ***SPAM***
-spam-suspect/
-
-:0
-* ^Subject: .*talon.*
-talonone/
-
-:0
-* ^From: Twitter
-twitter/
-
-:0
-* ^From: Computerspielemuseum
-computerspielemuseum/
+++ /dev/null
-# Server-specific .shinit additions.
-
-# Wrapper for weechat to force local config file on it anew on each run.
-alias weechat="~/config/bin/weechat-wrapper.sh"
+++ /dev/null
-/set logger.file.path ~/weechatlogs
-/set logger.file.flush_delay 0
-/script install otr.py
-/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]"
-/set weechat.color.chat_nick_colors "lightcyan"
-/server add localhost localhost
-/connect localhost
-/server del freenode
-/server add freenode irc.freenode.net -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#nodrama.de,#twitter.de,#freie-gesellschaft,#zrolaps,#twtxt,#freakazoid,#nodrama.finance,#unordentlich
-/server add rizon irc.rizon.net -nicks=AlfredEdel,AlfredEde1,A1fredEdel,A1fredEde1 -autojoin=#8chan-deutsch,#mememagic -username=foo
-/server add quakenet irc.quakenet.org -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#rgrd
-/connect freenode
-/connect rizon
+++ /dev/null
-# Server-specific .shinit additions.
-
-# Golang dev environment
-export GOPATH=~/gopath
+++ /dev/null
-! font size
-XTerm*faceSize: 8
-xterm*VT100*faceSize1: 7
-xterm*VT100*faceSize2: 8
-xterm*VT100*faceSize3: 9
-xterm*VT100*faceSize4: 10
-xterm*VT100*faceSize5: 12
-xterm*VT100*faceSize6: 15
-
-! black
-*color0: #202020
-*color8: #3F3F3F
-
-! red
-*color1: #A82020
-*color9: #E82020
-
-! green
-*color2: #20A820
-*color10: #20E820
-
-! yellow
-*color3: #A8A820
-*color11: #E8E820
-
-! blue
-*color4: #3F3FFF
-*color12: #9F9FFF
-
-! magenta
-*color5: #A83FFF
-*color13: #E89FFF
-
-! cyan
-*color6: #3FA8FF
-*color14: #9FE8FF
-
-! white
-*color7: #A8A8A8
-*color15: #E8E8E8
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "cpu_temperature 1"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 10
-}
-
-# How much space is left in /home ?
-disk "/home" {
- format = "/home: %avail available of %total"
- separator_block_width = 40
-}
-
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 40
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 40
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 40
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 10
-}
-cpu_temperature 1 {
- format = "%degrees °C"
- separator_block_width = 40
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 40
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 40
-}
+++ /dev/null
-! font size
-XTerm*faceSize: 8
-
-! black
-*color0: #000000
-*color8: #3F3F3F
-
-! red
-*color1: #BF0000
-*color9: #FF0000
-
-! green
-*color2: #00BF00
-*color10: #00FF00
-
-! yellow
-*color3: #BFBF00
-*color11: #FFFF00
-
-! blue
-*color4: #3F3FFF
-*color12: #9F9FFF
-
-! magenta
-*color5: #BF3FFF
-*color13: #FFF9FF
-
-! cyan
-*color6: #3FBFFF
-*color14: #9FFFFF
-
-! white
-*color7: #BFBFBF
-*color15: #FFFFFF
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home"
-order += "wireless wls1"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_temperature 0"
-order += "load"
-order += "time"
-
-# How much space is left in / ?
-disk "/" {
- format = "%free"
-}
-
-# How much space is left in /home ?
-disk "/home" {
- format = "%free"
-}
-
-
-# WLAN status: show IP and connection quality or "down".
-wireless wls1 {
- format_up = "W: (%quality at %essid) %ip"
- format_down = "W: down"
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "E: %ip"
- format_down = "E: down"
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "%status %percentage %remaining"
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "T: %degrees °C"
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "L: %1min %5min %15min"
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
-
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
-}
+++ /dev/null
-! font
-XTerm*faceName: -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
-XTerm*reverseVideo: on
-XTerm*visualBell: on
-
-! proper ALT as META key treatment
-XTerm*eightBitInput: false
+++ /dev/null
-# plomlompom's i3-wm configuration
-
-# Font for i3 text
-font pango:Terminus 11px
-#font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
-
-# Force "tabbed" as default layout for new windows.
-workspace_layout tabbed
-
-# Make the Windows key the modifier key for all i3-wm actions.
-set $mod Mod4
-floating_modifier $mod
-
-# Launch xterm.
-bindsym $mod+Return exec xterm -r
-
-# Launch programs via dmenu.
-bindsym $mod+d exec dmenu_run
-bindsym $mod+x exec dmenu_run
-
-# Kill window.
-bindsym $mod+Shift+Q kill
-
-# Move focus between windows.
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Don't move focus with mouse.
-focus_follows_mouse no
-
-# Move windows.
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# Resize windows
-bindsym $mod+h resize shrink width 1 px or 1 ppt
-bindsym $mod+l resize grow width 1 px or 1 ppt
-bindsym $mod+j resize shrink height
-bindsym $mod+k resize grow height
-
-# Toggle fullscreen for focused window.
-bindsym $mod+f fullscreen
-
-# Toggle floating of window, focus on floating or tabbed windows.
-bindsym $mod+Shift+space floating toggle
-bindsym $mod+space focus mode_toggle
-
-# Switch to workspace x.
-bindsym $mod+1 workspace 1
-bindsym $mod+2 workspace 2
-bindsym $mod+3 workspace 3
-bindsym $mod+4 workspace 4
-bindsym $mod+5 workspace 5
-bindsym $mod+6 workspace 6
-bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace 8
-bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
-
-# Move window to workspace x.
-bindsym $mod+Shift+exclam move workspace 1
-bindsym $mod+Shift+quotedbl move workspace 2
-bindsym $mod+Shift+section move workspace 3
-bindsym $mod+Shift+dollar move workspace 4
-bindsym $mod+Shift+percent move workspace 5
-bindsym $mod+Shift+ampersand move workspace 6
-bindsym $mod+Shift+slash move workspace 7
-bindsym $mod+Shift+parenleft move workspace 8
-bindsym $mod+Shift+parenright move workspace 9
-bindsym $mod+Shift+equal move workspace 10
-
-# Reload i3 config file, restart (keeping sesion) i3, exit i3.
-bindsym $mod+Shift+C reload
-bindsym $mod+Shift+R restart
-bindsym $mod+Shift+P exit
-
-# Select "i3status" as i3 status bar.
-bar {
- status_command i3status | ~/config/bin/i3status_wrapper.py
-}
+++ /dev/null
-set! browser.startup.page=3
-set! privacy.donottrackheader.enabled=true
-set! network.cookie.lifetimePolicy=2
-set! browser.formfill.enable=false
-set! browser.block.target_new_window=true
-set! browser.download.lastDir=~/downloads
-"set! javascript.enabled=false
-"set! permissions.default.image=2
-set! general.useragent.override=foo
-set! signon.rememberSignons=false
-set! network.proxy.socks=localhost
-set! network.proxy.socks_port=9999
-set! network.proxy.type=1
-set go=CMsbr
-set showtabline=never
-highlight Hint -append font: "Droid Sans Mono"; margin: 0em; padding: 0.1em; padding-right: 0.2em;
-command plom open http://www.plomlompom.de/PlomWiki/plomwiki.php?title=Start
-set fc=ignore
-set ds=duckduckgo
-set visualbell
+++ /dev/null
-" source ~/.vimrc_vimgo
+++ /dev/null
-# X init configuration
-
-# Set keymap.
-setxkbmap de
-
-# Read in X configuration.
-xrdb -merge ~/.Xresources
-xrdb -merge ~/.Xresources-local
-
-# Redshift to Berlin, Germany.
-redshift -rl 53:13 &
-
-# Enforce QWERTZ. (Why twice?)
-setxkbmap de
-
-# Use CapsLock as Ctrl, against the Emacs pinky.
-setxkbmap -option caps:ctrl_modifier
-
-# Set up compose key.
-xmodmap ~/.Xmodmap
-
-# Optionally, for certain Optimus systems with a first GPU connected to the
-# display and a second (NVidia) GPU providing 3D acceleration, use the first GPU
-# as sink for the second. This may confuse DPI settings, so re-set those.
-if [ "${NVIDIA_DIRECT}" ]; then
- xrandr --setprovideroutputsource modesetting NVIDIA-0
- xrandr --auto
- xrandr --dpi 96
-fi
-
-# Launch window manager.
-i3 -c ~/.i3
+++ /dev/null
-#!/bin/sh
-set -x
-set -e
-
-if [ ! "$1" = "thinkpad" ] && [ ! "$1" = "server" ]; then
- echo "Need argument."
- false
-fi
-if [ "$1" = "thinkpad" ] && [ ! "$2" = "X200s" ] && [ ! "$2" = "T450s" ]; then
- echo "Need Thinkpad type."
- false
-fi
-if [ "$1" = "server" ] && [ ! "$2" = "personal" ] && [ ! "$2" = "public" ]; then
- echo "Need server purpose."
- false
-fi
-if [ "$2" = "personal" ] && [ ! "$3" = "test.plomlompom.com" ] && \
- [ ! "$3" = "plomlompom.com" ]; then
- echo "Need server domain"
- false
-fi
-
-# Some important variables
-if [ "$3" = "plomlompom.com" ]; then
- hostname="plomlompom"
-elif [ "$3" = "test.plomlompom.com" ]; then
- hostname="test.plomlompom"
-elif [ "$2" = "public" ]; then
- hostname="htwtxt.plomlompom"
-elif [ "$2" = "X200s" ]; then
- hostname="X200s"
-elif [ "$2" = "T450s" ]; then
- hostname="T450s"
-fi
-
-if [ "$1" = "server" ]; then
- # Set root pw.
- passwd
-fi
-
-# Post-installation reduction.
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed \
- 's/ required//' > list_white_unsorted
-echo 'ifupdown' >> list_white_unsorted
-echo 'isc-dhcp-client' >> list_white_unsorted
-sort list_white_unsorted > list_white
-dpkg-query -Wf '${Package}\n' > list_all_packages
-sort list_all_packages > foo
-mv foo list_all_packages
-comm -3 list_all_packages list_white > list_black
-apt-mark auto `cat list_black`
-echo 'APT::AutoRemove::RecommendsImportant "false";' > /etc/apt/apt.conf.d/99mindeps
-echo 'APT::AutoRemove::SuggestsImportant "false";' >> /etc/apt/apt.conf.d/99mindeps
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm list_all_packages list_white_unsorted list_white list_black
-echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf.d/99mindeps
-echo 'APT::Install-Suggests "false";' >> /etc/apt/apt.conf.d/99mindeps
-
-# Set hostname and FQDN.
-echo $hostname > /etc/hostname
-hostname $hostname
-if [ "$1" = "server" ]; then
- echo '127.0.0.1 localhost' > /etc/hosts
- ip=`hostname -I | cut -d " " -f 1`
- echo "$ip $hostname.com $hostname" >> /etc/hosts
-
- # Call dhclient on startup.
- cat > /etc/systemd/system/dhclient.service << EOF
-[Unit]
-Description=Ethernet connection
-
-[Service]
-ExecStart=/sbin/dhclient eth0
-
-[Install]
-WantedBy=multi-user.target
-EOF
- systemctl enable /etc/systemd/system/dhclient.service
-fi
-
-# Package management config, system upgrade.
-echo 'deb http://ftp.debian.org/debian/ jessie main contrib non-free' \
- > /etc/apt/sources.list
-echo 'deb http://security.debian.org/ jessie/updates main contrib non-free' \
- >> /etc/apt/sources.list
-echo 'deb http://ftp.debian.org/debian/ jessie-updates main contrib non-free' \
- >> /etc/apt/sources.list
-if [ "$1" = "thinkpad" ] || [ "$2" = "public" ]; then
- echo 'deb http://ftp.debian.org/debian/ jessie-backports main contrib' \
-' non-free' >> /etc/apt/sources.list
- echo 'deb http://ftp.debian.org/debian/ testing main contrib non-free' \
- >> /etc/apt/sources.list
- echo 'deb http://security.debian.org/ testing/updates main contrib' \
-' non-free' >> /etc/apt/sources.list
- echo 'deb http://ftp.debian.org/debian/ testing-updates main contrib' \
-' non-free' >> /etc/apt/sources.list
- echo 'APT::Default-Release "stable";' \
- >> /etc/apt/apt.conf.d/99defaultrelease
-fi
-if [ "$1" = "thinkpad" ]; then
- dhclient eth0
-fi
-apt-get update
-apt-get -y dist-upgrade
-
-# Set up manuals.
-apt-get -y install man-db manpages less
-
-if [ "$1" = "thinkpad" ]; then
- # Power management as per <http://thinkwiki.de/TLP_-_Linux_Stromsparen>.
- echo '' >> /etc/apt/sources.list
- echo 'deb http://repo.linrunner.de/debian jessie main' \
- >> /etc/apt/sources.list
- apt-key adv --keyserver pool.sks-keyservers.net --recv-keys CD4E8809
- apt-get update
- apt-get -y install linux-headers-amd64 tlp tp-smapi-dkms
- sed -i 's/^#START_CHARGE_THRESH_BAT0/START_CHARGE_THRESH_BAT0=10 '\
-'#START_CHARGE_THRESH_BAT0/' /etc/default/tlp
- sed -i 's/^#STOP_CHARGE_THRESH_BAT0/STOP_CHARGE_THRESH_BAT0=95 '\
-'#STOP_CHARGE_THRESH_BAT0/' /etc/default/tlp
- sed -i 's/^#START_CHARGE_THRESH_BAT1/START_CHARGE_THRESH_BAT0=10 '\
-'#START_CHARGE_THRESH_BAT1/' /etc/default/tlp
- sed -i 's/^#STOP_CHARGE_THRESH_BAT1/STOP_CHARGE_THRESH_BAT0=95 '\
-'#STOP_CHARGE_THRESH_BAT1/' /etc/default/tlp
- sed -i 's/^#DEVICES_TO_DISABLE_ON_STARTUP/DEVICES_TO_DISABLE_ON_STARTUP='\
-'"bluetooth wifi wwan" #DEVICES_TO_DISABLE_ON_STARTUP/' /etc/default/tlp
- tlp start
-fi
-
-# Don't clear boot messages on start up.
-sed -i 's/^TTYVTDisallocate=yes$/TTYVTDisallocate=no/g' \
- /etc/systemd/system/getty.target.wants/getty\@tty1.service
-
-# Set up timezone.
-echo 'Europe/Berlin' > /etc/timezone
-cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime
-
-# Locale config.
-apt-get -y install locales
-echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen
-locale-gen
-
-if [ "$1" = "thinkpad" ]; then
- # Console config.
- DEBIAN_FRONTEND=nointeractive apt-get -y install console-setup
- echo 'ACTIVE_CONSOLES="/dev/tty[1-6]"' > /etc/default/console-setup
- echo 'CHARMAP="UTF-8"' >> /etc/default/console-setup
- echo 'CODESET="Lat15"' >> /etc/default/console-setup
- echo 'FONTFACE="TerminusBold"' >> /etc/default/console-setup
- echo 'FONTSIZE="8x16"' >> /etc/default/console-setup
- echo 'export LC_ALL="en_US.UTF-8"' >> /etc/profile
- sed -i 's/^XKBLAYOUT/XKBLAYOUT="de" # XKBLAYOUT/g' /etc/default/keyboard
- service keyboard-setup restart
-fi
-
-# Clone git repository.
-apt-get -y install ca-certificates
-apt-get -y install git
-git clone http://github.com/plomlompom/config
-config/bin/symlink.sh
-
-# Add user. Remove old user's config/ if it exists.
-useradd -m -s /bin/bash plom
-rm -rf /home/plom/config
-su - plom -c 'git clone http://github.com/plomlompom/config /home/plom/config'
-su plom -c '/home/plom/config/bin/symlink.sh '$1' '$2' '$3
-
-# Allow user to sudo.
-if [ "$1" = "thinkpad" ]; then
- apt-get -y install sudo
- adduser plom sudo
-fi
-
-# Set up editor.
-mkdir -p .vimbackups
-su plom -c 'mkdir -p /home/plom/.vimbackups/'
-apt-get -y install vim
-
-if [ "$1" = "server" ]; then
- # Set up ssh-guard.
- apt-get -y install sshguard rsyslog
-
- # Set up openssh-server.
- apt-get -y install openssh-server
-
- # Set up mail system.
- su plom -c 'mkdir -p /home/plom/mail/'
- su plom -c 'mkdir -p /home/plom/mail/inbox/{cur,new,tmp}'
- su plom -c 'mkdir -p /home/plom/mail/new_inbox/{cur,new,tmp}'
- sed -i 's/^delete = true$/delete = false/g' \
- /home/plom/config/dotfiles/user/server/personal/minimal/getmail/getmailrc
- DEBIAN_FRONTEND=noninteractive apt-get -y install mutt postfix maildrop
- cp config/systemfiles/main.cf /etc/postfix/main.cf
- sed -i 's/HOSTNAME/'$hostname.com'/g' /etc/postfix/main.cf
- cp config/systemfiles/aliases /etc/aliases
- newaliases
- service postfix restart
- if [ "$2" = "personal" ]; then
- apt-get -y install getmail4 procmail
- fi
-
- # Set up regular system update reminder.
- apt-get -y install cron
- su plom -c "echo '0 18 * * 0 ~/config/bin/simplemail.sh '\
- '~/config/mails/update_reminder' | crontab -"
-
- if [ "$2" = "personal" ]; then
- # Set up screen/weechat/OTR/bitlbee. Make bitlbee listen only locally.
- apt-get -y install screen weechat-plugins python-potr bitlbee
- sed -i 's/^# DaemonInterface/DaemonInterface = 127.0.0.1 '\
-'# DaemonInterface/' /etc/bitlbee/bitlbee.conf
- sedtest=`grep -E '^DaemonInterface = 127.0.0.1 #' \
- /etc/bitlbee/bitlbee.conf | wc -l | cut -d ' ' -f 1`
- if [ 0 -eq $sedtest ]; then
- false
- fi
- cp config/systemfiles/weechat.service \
- /etc/systemd/system/weechat.service
- systemctl enable /etc/systemd/system/weechat.service
-
- # Send instructions mail.
- config/bin/simplemail.sh config/mails/server_postinstall_finished
-
- elif [ "$2" = "public" ]; then
-
- # Set up htwtxt and environment.
- apt-get -y install screen
- apt-get -y -t jessie-backports install golang
- su - plom -c 'git clone https://github.com/plomlompom/htwtxt $GOPATH/src/htwtxt'
- su - plom -c 'go get htwtxt'
- path=`su - plom -c 'echo $GOPATH/bin/htwtxt'`
- su - plom -c 'mkdir -p ~/htwtxt'
- cp config/systemfiles/htwtxt_restart_reminder.service \
- /etc/systemd/system/htwtxt_restart_reminder.service
- systemctl enable /etc/systemd/system/htwtxt_restart_reminder.service
-
- # Set up nginx and letsencrypt.
- apt-get -y install nginx
- cp config/systemfiles/nginx.conf /etc/nginx/nginx.conf
- cd ~
- git clone https://github.com/letsencrypt/letsencrypt
- echo '0 18 * * 0 ~/config/bin/renew_certs.sh' | crontab -
-
- # Set up plomlombot.
- apt-get -y install python3 python3-venv python3-pip
- su - plom -c 'cd && git clone http://github.com/plomlompom/plomlombot-irc'
- su - plom -c 'mkdir -p ~/plomlombot_db'
- cp config/systemfiles/plomlombot.service \
- /etc/systemd/system/plomlombot.service
- systemctl enable /etc/systemd/system/plomlombot.service
-
- # Set up plomlombot logging infrastructure.
- mkdir -p /var/www/html/irclogs/
- ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/3c0248e76a1de3a6ee5bf3421f7379b0/logs/ /var/www/html/irclogs/zrolaps
- touch /var/www/password_irclogs_zrolaps
- ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/657eea42f86866f2954d39f92a6c71ff/logs/ /var/www/html/irclogs/nodrama.de
- touch /var/www/password_irclogs_nodrama_de
- ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/a083c5d5efca3734294fa656692990b6/logs/ /var/www/html/irclogs/freakazoid
- touch /var/www/password_irclogs_freakazoid
-
- # Set up other web-served directories.
- su - plom -c 'mkdir -p /home/plom/dump'
- ln -s /home/plom/dump/ /var/www/html/dump
- su - plom -c 'mkdir -p /home/plom/geheim'
- ln -s /home/plom/geheim/ /var/www/html/geheim
- su - plom -c 'mkdir -p /home/plom/lesekreis'
- ln -s /home/plom/geheim/ /var/www/html/lesekreis
- su - plom -c 'mkdir -p /home/plom/zettel'
- ln -s /home/plom/zettel/ /var/www/html/zettel
- su - plom -c 'git init --bare /home/plom/zettel.git'
- su - plom -c 'cp ~/config/systemfiles/post-update ~/zettel.git/hooks/'
- su - plom -c 'chmod a+x /home/plom/zettel.git/hooks/post-update'
-
- # Install website generator tools
- apt-get -y install pandoc wget
- wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz
- tar -oxzf redo-sh.tar.gz -C /usr/local
- rm redo-sh.tar.gz
- apt-get --purge autoremove wget
- fi
-
-elif [ "$1" = "thinkpad" ]; then
- # Set up networking (wifi!).
- apt-get -y install firmware-iwlwifi
- DEBIAN_FRONTEND=noninteractive apt-get -y install wicd-curses
- sed -i 's/^wired_interface = .*$/wired_interface = eth0/g' \
- /etc/wicd/manager-settings.conf
- sed -i 's/^wireless_interface = .*$/wireless_interface = wlan0/g' \
- /etc/wicd/manager-settings.conf
- systemctl restart wicd
-
- # Set up hibernation on lid close.
- echo 'HandleLidSwitch=hibernate' >> /etc/systemd/logind.conf
-
- # Set up sound.
- usermod -aG audio plom
- apt-get -y install alsa-utils
- if [ "$2" = "X200s" ]; then
- amixer -c 0 sset Master playback 100% unmute
- elif [ "$2" = "T450s" ]; then
- amixer -c 1 sset Master playback 100% unmute
- # Re-order souncards so the commonly used one is the first one.
- echo 'options snd_hda_intel index=1,0' >> /etc/modprobe.d/sound.conf
- fi
-
- # Set up window system, i3, redshift.
- apt-get -y install xserver-xorg xinit xterm i3 i3status dmenu redshift
-
- # Set up OpenGL and hardware acceleration.
- if [ "$2" = "X200s" ]; then
- apt-get -y install i965-va-driver
- elif [ "$2" = "T450s" ]; then
- apt-get -y -t jessie-backports install xserver-xorg-video-intel
- fi
- apt-get -y install libgl1-mesa-dri
- usermod -aG video plom
-
- # Install xrandr.
- apt-get -y install x11-xserver-utils
-
- # Set up pentadactyl.
- apt-get -y install iceweasel xul-ext-noscript
- apt-get -y -t jessie-backports install xul-ext-pentadactyl
- apt-get -y install vim-gtk
- su plom -c 'mkdir -p /home/plom/downloads/'
-
- # Set up openssh-client.
- apt-get -y install openssh-client
-fi
-
-# Set password for user.
-passwd plom
-
-# Clean up.
-rm jessie_postinstall.sh
-
-# Finalize everything with a reboot.
-echo "You may reboot now with the 'reboot' command unless there's more to do."
+++ /dev/null
-[SYSADMIN] [HTWTXT] Restart reminder
-
-The virtual server hosting the htwtxt server was restarted, so the htwtxt server
-itself needs to be restarted too, via (in screen) its
-~/config/bin/start_htwtxt.sh.
+++ /dev/null
-[SYSADMIN] Server post-installation TODO
-
-The server post-installation script seems to have run successfully. Remember to
-perform the following tasks:
-
-- once when mail system set-up seems stable, in
- config/dotfiles_user_server/getmail/getmailrc, set [options] delete = true
-
-- ensure the following DNS TXT record for @: v=spf1 mx -all
-
-- run (as root) config/bin/setup_opendkim.sh $selector to set up system for DKIM
- key signing, with a second parameter $keyfile if a key already exists; without
- second parameter, this will generate a new key and print the DNS record to add
-
-- run (as root) config/bin/setup_starttls.sh to set up server-side STARTTLS for
- mail; optionally run with paths to 1) a key file and 2) a cert file as
- arguments if those exist to re-use existing ones
-
-- in the screen weechat/bitlbee session (run "screen -dr"), switch to the
- &bitlbee channel, register with a password ("register", "/oper . [password]"),
- and set up Jabber account with password ("account add jabber
- plomlompom@jabber.ccc.de", "/oper . [password]"), then activate it ("account
- on")
+++ /dev/null
-[SYSADMIN] System updating reminder
-
-This is your regular reminder to run:
-
-apt-get update
-apt-get upgrade
-apt-get dist-upgrade
+++ /dev/null
-[SYSADMIN] weechat restarted, re-identify!
-
-Your weechat was restarted, so don't forget to re-identify on freenode to
-nickserv via "/msg nickserv identify [password]", and on bitlbee by joining
-&bitlbee, "identify", "/oper . [password]", and "account on".
--- /dev/null
+#!/bin/sh
+
+local_etc_server="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+local_path_sshd_config="${local_etc_server}${system_path_sshd_config}"
+
+expect_n_args() {
+ min_args="$1"
+ explainer="$2"
+ shift 2
+ if [ "$#" -lt "${min_args}" ]; then
+ echo "Need at least ${min_args} arguments … ${explainer}"
+ false
+ fi
+}
+
+++ /dev/null
-some stuff I need to incorporate later on:
-
-the blog post-update git hook:
-
-
-
-#!/bin/sh
-blog_dir=~/blog
-export GIT_DIR=$(pwd)
-export GIT_WORK_TREE="$blog_dir"
-git checkout -f
-cd "$GIT_WORK_TREE"
-redo
-git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/*
-count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l)
-if [ "$count" != 0 ]; then
- git add metadata/*.automatic_metadata
-fi
-status=$(git status -s)
-n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l)
-if [ "$n_updates" -gt 0 ]; then
- git commit -a -m 'Update metadata'
-fi
-
-
-furthermore, the url_catcher virtualenv run.sh script needs this (to compile uwsgi):
-
-apt-get install python3.4-dev
-
-
-also, these:
-
-# /etc/systemd/system/url_catcher.service
-
-[Unit]
-Description=URL catcher
-
-[Service]
-Type=forking
-User=plom
-ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/url_catcher.sh'
-
-[Install]
-WantedBy=multi-user.target
-
-
-
-and url_catcher.sh:
-
-#!/bin/sh
-
-cd ~
-cd url-catcher
-./run.sh
+++ /dev/null
-# for minetest sound to work
-[alsa]
-mmap = false
+++ /dev/null
-# using hdmi0 for TV stereo, hdmi1 for a 5.1 speaker set-up
-# unfortunately, a non-square speaker number creates some noise
-# therefore for hdmi1 we declare 8 speakers, but re-map them to 6 speakers
-pcm.hdmi0 {
- type hw
- card 0
-}
-pcm.hdmi1 {
- type route
- slave {
- pcm "hw:1,0"
- channels 8
- }
- ttable {
- 0.0 = 1
- 1.1 = 1
- 2.2 = 1
- 3.3 = 1
- 4.4 = 1
- 5.5 = 1
- 6.0 = 0.5
- 6.2 = 0.5
- 7.1 = 0.5
- 7.3 = 0.5
- }
-}
-
-# upmix stereo to 5.1 – so we can watch stereo YouTube on all speakers
-# with this: $ chromium-browser --alsa-output-device=stereo51
-# (numbers taken from <https://www.volkerschatz.com/noise/alsa.html>)
-pcm.stereo51 {
- type route
- slave {
- pcm "hw:1,0"
- channels 8
- }
- ttable {
- 0.0 = 1
- 0.2 = -0.6
- 0.3 = -0.39
- 0.4 = 0.5
- 0.5 = 0.5
- 1.1 = 1
- 1.2 = -0.6
- 1.3 = -0.39
- 1.4 = 0.5
- 1.5 = 0.5
- }
-}
-
-# default to hdmi0, overwrite with AUDIO_HDMI=1 env prefix
-pcm.!default {
- type plug
- slave.pcm {
- @func concat
- strings [
- "hdmi"
- {
- @func getenv
- vars [ AUDIO_HDMI ]
- default "0"
- }
- ]
- }
-}
-ctl.!default {
- type hw
- card {
- @func getenv
- vars [ AUDIO_HDMI ]
- default 0
- }
-}
+++ /dev/null
-# for whatever reason, emulationstation gets some strange screen flicker issues
-# if the second display is activated, so ensure it is only started with that off
-alias emulationstation="xrandr --output HDMI-2 --off && emulationstation"
-
-# since the second HDMI only outputs sound with video, we have to ensure it's
-# activated with xrandr if we want to use it for surround sound setup
-alias mpv51="xrandr --output HDMI-2 --auto && AUDIO_HDMI=1 mpv --alsa-ignore-chmap '--audio-channels=5.1(alsa)'"
-alias chromium-upmix="xrandr --output HDMI-2 --auto && chromium-browser --alsa-output-device=stereo51"
-alias alsamixer51="AUDIO_HDMI=1 alsamixer"
-# see vlc -H why these
-alias vlc51="xrandr --output HDMI-2 --auto && vlc --alsa-audio-device=hdmi1 --alsa-audio-channels=4199"
+++ /dev/null
-#!/bin/sh
-
-set -e
-set -x
-
-url=$1
-
-ensure_line() {
- add_string="$1"
- file="$2"
- test=`grep "$add_string" "$file" | wc -l`
- if [ $test -lt 1 ]; then
- echo "$add_string" >> "$file"
- fi
-}
-
-filename=temp_golang_binary
-
-if [ "$url" = "" ]; then
- echo 'Need URL of current go package'
- exit 1
-fi
-sudo rm -rf /usr/local/go
-sudo apt-get -y install wget
-wget -O $filename $url
-sudo tar -C /usr/local -xzf $filename
-rm $filename
-ensure_line 'export PATH=$PATH:/usr/local/go/bin' ~/.shinit_add
-ensure_line 'export GOPATH=~/gopath' ~/.shinit_add
-sudo apt-get -y install vim-pathogen
-rm -rf ~/.vim/bundle/vim-go
-git clone https://github.com/fatih/vim-go.git ~/.vim/bundle/vim-go
-ensure_line 'source ~/.vimrc_vimgo' ~/.vimrc_add
-cat << EOF > ~/.vimrc_vimgo
-" vim-go: Make vim-go run.
-call pathogen#infect()
-let g:go_disable_autoinstall = 0
-" vim-go: Highlight
-let g:go_highlight_functions = 1
-let g:go_highlight_methods = 1
-let g:go_highlight_structs = 1
-let g:go_highlight_operators = 1
-let g:go_highlight_build_constraints = 1
-EOF
+++ /dev/null
-# needed for rtorrent config setup
-curl
-# needed for torrenting
-rtorrent
-# needed for torrenting session
-screen
-# needed for upload/download
-rsync
+++ /dev/null
-# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin yes
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation sandbox
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
-
-ClientAliveInterval 120
-PasswordAuthentication no # plomlompom's security rule
+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access into
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
-set -e
-
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/stretch"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
- echo "Need server as argument."
- false
-fi
-server="$1"
-
-# This will be used to log-in as root from plom account.
-echo 'First, enter the old root password; then enter new password twice.'
-ssh root@"${server}" "passwd"
-
-# Save root password for sshpass
-stty -echo
-printf "Re-enter new server root password: "
-read PW_ROOT
-stty echo
-printf "\n"
-export SSHPASS="${PW_ROOT}"
-
-# Create user plom, and his ~/.ssh/authorized_keys based on the local
-# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login by copying over the
-# sshd_config and restart ssh daemon.
-#
-# This could be a line or two shorter by using ssh-copy-id, but that
-# would require setting a password for user plom otherwise not needed.
-sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
-sshpass -e ssh root@"${server}" \
- 'useradd -m plom && '\
- 'mkdir /home/plom/.ssh && '\
- 'chown plom:plom /home/plom/.ssh && '\
- 'chown plom:plom /tmp/authorized_keys && '\
- 'chmod u=rw,go= /tmp/authorized_keys && '\
- 'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-sshpass -e ssh root@"${server}" 'service ssh restart'
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-
-config_tree_prefix="${HOME}/config/stretch"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- # TODO: continue if file at $path not found, to get rid of dummy files
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-set -e
-
-./install_for_target.sh seedbox
-
-# As according to <https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template>
-su -lc "curl -Ls 'https://raw.githubusercontent.com/wiki/rakshasa/rtorrent/CONFIG-Template.md' | grep -A9999 '^######' | grep -B9999 '^### END' | sed -re \"s:/home/USERNAME:\$HOME:\" >~/.rtorrent.rc" plom
-su -lc "echo 'pieces.hash.on_completion.set = no' >> ~/.rtorrent.rc" plom
-su -lc "mkdir ~/rtorrent" plom
-
-# As according to <https://unix.stackexchange.com/a/475485>
-chmod u+s /usr/bin/screen
-chmod 755 /var/run/screen
+++ /dev/null
-# /etc/aliases
-
-# As per RFC 2142.
-mailer-daemon: plom
-postmaster: plom
-hostmaster: plom
-usenet: plom
-news: plom
-webmaster: plom
-www: plom
-ftp: plom
-abuse: plom
-noc: plom
-security: plom
-root: plom
-
-# Personal aliases.
-plomlompom: plom
-christian.heller: plom
-christian_heller: plom
-christianheller: plom
-c.heller: plom
-heller: plom
+++ /dev/null
-# /etc/systemd/system/weechat.service
-
-[Unit]
-Description=htwtxt restart reminder
-
-[Service]
-Type=forking
-User=plom
-ExecStart=/bin/sh -c '~/config/bin/simplemail_out.sh ~/config/mails/htwtxt_restart'
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-# /etc/postfix/main.cf
-
-# Use maildrop as MDA.
-mailbox_command = /usr/bin/maildrop
-
-# Restrictive relaying policy.
-smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination
-
-# What domains to receive mail for: names of local server.
-mydestination = HOSTNAME, localhost
-
-# What clients to relay mail from: only local server.
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-
-# Paranoid maximum error notification.
-notify_classes=2bounce, bounce, data, delay, policy, protocol, resource, software
+++ /dev/null
-# system integration
-user www-data;
-pid /run/nginx.pid;
-
-# is expected even if empty
-events {
-}
-
-http {
- # define content-type headers
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- text/plain txt sh rst md;
- application/xhtml+xml xhtml;
- application/pdf pdf;
- image/jpeg jpg jpeg;
- image/png png;
- }
- default_type application/octet_stream;
- charset utf-8;
-
- # logging
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
-
- # enforce https
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
-
- # IRC logs
- server {
- listen 443 ssl;
- server_name dump.plomlompom.com;
- ssl_certificate /etc/letsencrypt/live/dump.plomlompom.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/dump.plomlompom.com/privkey.pem;
- root /var/www/html/;
- location /zettel/ {
- # rewrite non-suffixed filenames to .html ones
- rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html;
- autoindex on;
- }
- location /dump/ {
- autoindex on;
- }
- location /geheim/ {
- auth_basic "geheim geheim";
- auth_basic_user_file /var/www/password_geheim;
- autoindex on;
- }
- location /irclogs/zrolaps/ {
- auth_basic "#zrolaps logs";
- auth_basic_user_file /var/www/password_irclogs_zrolaps;
- autoindex on;
- }
- location /irclogs/nodrama.de/ {
- auth_basic "#nodrama.de logs";
- auth_basic_user_file /var/www/password_irclogs_nodrama_de;
- autoindex on;
- }
- location /irclogs/freakazoid/ {
- auth_basic "#freakazoid logs";
- auth_basic_user_file /var/www/password_irclogs_freakazoid;
- autoindex on;
- }
- location /lesekreis/ {
- auth_basic "Quellen Lesekreis";
- auth_basic_user_file /var/www/password_lesekreis;
- autoindex on;
- }
- location /uwsgi/ {
- include uwsgi_params;
- uwsgi_pass 127.0.0.1:3031;
- }
- }
-
- # htwtxt
- server {
- listen 443 ssl;
- server_name htwtxt.plomlompom.com;
- ssl_certificate /etc/letsencrypt/live/htwtxt.plomlompom.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/htwtxt.plomlompom.com/privkey.pem;
- location / {
- proxy_pass http://127.0.0.1:8000;
- }
- }
-}
+++ /dev/null
-# The domain for which mails are signed.
-Domain plomlompom.com
-
-# Location of the private key to sign mails with.
-KeyFile /etc/opendkim/dkim.key
-
-# Identifies the signing key; useful when replacing it.
-#Selector keyname
-
-# Canonicalize the body strictly for signing, but the header (more legitimately
-# subject to reformatting by forwarding servers) less so.
-Canonicalization relaxed/simple
-
-# Invalidate the signature of mails to which additional From fields were added
-# after the signing. (See RFC for details on how this works.)
-OversignHeaders From
-
-# Where to communicate with the MTA.
-Socket inet:12301@localhost
-
-# Don't act as root.
-UserID opendkim:opendkim
+++ /dev/null
-# /etc/systemd/system/plomlombot.service
-
-[Unit]
-Description=plomlombot screen
-
-[Service]
-Type=forking
-User=plom
-ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh && screen -d -m ~/config/bin/broiler_in.sh && screen -d -m ~/config/bin/hubbabubba.sh && screen -d -m ~/config/bin/zinskritik.sh'
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-#!/bin/sh
-ZETTELDIR=/home/plom/zettel
-GIT_WORK_TREE=$ZETTELDIR git checkout -f
-cd $ZETTELDIR
-redo
+++ /dev/null
-# /etc/systemd/system/weechat.service
-
-[Unit]
-Description=weechat screen
-
-[Service]
-Type=forking
-User=plom
-ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/weechat-wrapper.sh'
-
-[Install]
-WantedBy=multi-user.target
--- /dev/null
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
+# unpredictably so
+ifupdown
+isc-dhcp-client
+# git for the setup directory; cloning works with ca-certificates
+ca-certificates
+git
+# to avoid constant warnings about no locale being found
+locales
+# extremely useful for basic network debugging; missed these more than once in an emergency
+netcat-traditional
+iputils-ping
+# to set the time
+ntpsec-ntpdate
--- /dev/null
+# for X to start at all
+linux-headers-amd64
+nvidia-driver
+firmware-misc-nonfree
+# X input: keyboard
+xserver-xorg-input-evdev
+## CUDA
+#nvidia-cuda-dev
+#nvidia-cuda-toolkit
+
--- /dev/null
+# so we can work without the Ethernet adapter
+network-manager
+
--- /dev/null
+# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
+cryptsetup-initramfs
+lvm2
+# this provides setupcon which reads /etc/default/console-setup
+console-setup
+# for startx
+xinit
+# for xrdb
+x11-xserver-utils
+# for startx to run for non-root user
+libpam-systemd
+# window environment
+i3
+i3status
+suckless-tools
+xterm
+# to get sleepy at night
+redshift
+# for alsamixer
+alsa-utils
+# also useful
+vim
+sudo
+less
+man-db
+manpages
+procps
+# browsers
+firefox-esr
+chromium
+# tridactyl install recommendations
+vim-gtk3
+curl
+## for firefox to emit sound
+#pulseaudio
+# emacs
+emacs
+emacs-common-non-dfsg
+emacs-el
+elpa-ledger
+ledger
+# to mount encrypted USB stick and use its contents
+pmount
+cryptsetup
+openssh-client
+# for syncing
+borgbackup
+# mail setup
+isync
+notmuch
+elpa-notmuch
+pinentry-gtk2
+#
--- /dev/null
+# for X to start at all
+linux-headers-amd64
+nvidia-driver
+firmware-misc-nonfree
+# X input: keyboard
+xserver-xorg-input-evdev
+## CUDA
+#nvidia-cuda-dev
+#nvidia-cuda-toolkit
+
--- /dev/null
+# technically not necessarily anymore, but on older servers needed for playing nicely with foot, kept here more as a reminder than for any specific use
+foot-terminfo
+#
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
+xset s noblank
--- /dev/null
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Other helpful aliases
+alias sshauth='eval $(ssh-agent) && ssh-add'
+# alias xrandrbig='xrandr --output LVDS-1 --off'
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+ colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+ tput_color="\[$tput_color\]"
+ tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
--- /dev/null
+! otherwise various applications will assume merely 8 colors
+XTerm.termName: xterm-256color
+
+! font
+! actually, "mono" is already the default for faceName (it will
+! pick whatever fc-match mono delivers), but we need to set _some_
+! faceName to trigger XTerm activating TrueType fonts
+! (XTerm*fontRender by itself won't do the trick), and we want
+! TrueType fonts because, well, they scale better, and XTerm lets them
+! fall back on alternatives (hi there ttf-unifont) when a Unicode
+! glyph is not found
+XTerm*faceName: mono
+
+! white on black
+XTerm*reverseVideo: on
+
+! blink screen instead of sound
+XTerm*visualBell: on
+
+! proper ALT as META key treatment
+XTerm*eightBitInput: false
+
+! font sizes
+XTerm*faceSize: 8
+XTerm*faceSize1: 4
+XTerm*faceSize2: 5
+XTerm*faceSize3: 6
+XTerm*faceSize4: 8
+XTerm*faceSize5: 14
+XTerm*faceSize6: 25
+
+! colors
+! black
+XTerm*color0: #202020
+XTerm*color8: #3F3F3F
+! red
+XTerm*color1: #A82020
+XTerm*color9: #E82020
+! green
+XTerm*color2: #20A820
+XTerm*color10: #20E820
+! yellow
+XTerm*color3: #A8A820
+XTerm*color11: #E8E820
+! blue
+XTerm*color4: #3F3FFF
+XTerm*color12: #9F9FFF
+! magenta
+XTerm*color5: #A83FFF
+XTerm*color13: #E89FFF
+! cyan
+XTerm*color6: #3FA8FF
+XTerm*color14: #9FE8FF
+! white
+XTerm*color7: #A8A8A8
+XTerm*color15: #E8E8E8
--- /dev/null
+plom@plomlompom.com
+plom@mail.plomlompom.com
+plom@play.plomlompom.com
+# file read ends at last newline
--- /dev/null
+# plomlompom's i3-wm configuration
+
+# Font for i3 text
+font pango:Terminus 8px
+
+# Force "tabbed" as default layout for new windows.
+workspace_layout tabbed
+
+# Make the Windows key the modifier key for all i3-wm actions.
+set $mod Mod4
+floating_modifier $mod
+
+# Launch xterm.
+bindsym $mod+Return exec xterm
+
+# Launch programs via dmenu.
+bindsym $mod+d exec dmenu_run
+bindsym $mod+x exec dmenu_run
+
+# Kill window.
+bindsym $mod+Shift+Q kill
+
+# Move focus between windows.
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# Don't move focus with mouse.
+focus_follows_mouse no
+
+# Move windows.
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# Resize windows
+bindsym $mod+h resize shrink width 1 px or 1 ppt
+bindsym $mod+l resize grow width 1 px or 1 ppt
+bindsym $mod+j resize shrink height
+bindsym $mod+k resize grow height
+
+# Toggle fullscreen for focused window.
+bindsym $mod+f fullscreen
+
+# Toggle floating of window, focus on floating or tabbed windows.
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+space focus mode_toggle
+
+# Switch to workspace x.
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# Move window to workspace x.
+bindsym $mod+Shift+exclam move workspace 1
+bindsym $mod+Shift+quotedbl move workspace 2
+bindsym $mod+Shift+section move workspace 3
+bindsym $mod+Shift+dollar move workspace 4
+bindsym $mod+Shift+percent move workspace 5
+bindsym $mod+Shift+ampersand move workspace 6
+bindsym $mod+Shift+slash move workspace 7
+bindsym $mod+Shift+parenleft move workspace 8
+bindsym $mod+Shift+parenright move workspace 9
+bindsym $mod+Shift+equal move workspace 10
+
+# Reload i3 config file, restart (keeping sesion) i3, exit i3.
+bindsym $mod+Shift+C reload
+bindsym $mod+Shift+R restart
+bindsym $mod+Shift+P exit
+
+# Select "i3status" as i3 status bar, hide systray icons.
+bar {
+ tray_output none
+ status_command i3status
+}
+
+include ~/.config/i3/config_bonus
--- /dev/null
+# plomlompom's i3 status bar configuration
+
+# Activate colors; set update interval of one second.
+general {
+ colors = true
+ interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "disk /home/"
+order += "wireless wlp3s0"
+order += "ethernet enp0s25"
+order += "battery 0"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature 0"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+ format = "/: %avail available of %total"
+ separator_block_width = 25
+}
+
+# How much space is left in /home ?
+disk "/home/" {
+ format = "/home: %avail available of %total"
+ separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless wlp3s0 {
+ format_up = "w: (%quality at %essid) %ip"
+ format_down = "w: down"
+ separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet enp0s25 {
+ format_up = "e: %ip"
+ format_down = "e: down"
+ separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery 0 {
+ format = "b: %status %percentage %remaining"
+ separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+ format = "cpu: %usage"
+ separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+ format = "%1min %5min %15min"
+ separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature 0 {
+ format = "%degrees °C"
+ separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+ format = "%Y-%m-%d %H:%M:%S %z/%Z"
+ separator_block_width = 25
+}
+
+volume master {
+ format = "♪: %volume"
+ format_muted = "♪: muted (%volume)"
+ separator_block_width = 25
+}
--- /dev/null
+;; general layout
+;; ==============
+
+;; need no stinkin emacs help screen as start up, and no menu bar
+(setq inhibit-startup-screen t)
+(menu-bar-mode -1)
+
+;; highlight cursor line, parentheses
+(global-hl-line-mode 1)
+(show-paren-mode 1)
+
+;; show line numbers, use separator space
+(global-linum-mode)
+(setq linum-format "%d ")
+
+;; count cursor column, row in mode line
+(setq column-number-mode t)
+
+;; settings to make GUI tolerable
+(if window-system
+ (progn
+ (add-to-list 'default-frame-alist '(foreground-color . "white"))
+ (add-to-list 'default-frame-alist '(background-color . "black"))
+ (set-face-attribute 'default nil :height 80)
+ (scroll-bar-mode -1)
+ (setq visible-bell t)
+ (setq linum-format "%d")))
+
+;; use as default browser what XDG offers
+(setq-default browse-url-browser-function 'browse-url-xdg-open)
+
+
+
+;; general keybindings
+;; ===================
+
+;; create and use a minimal global map using just the self-insert command
+;; bindings and a selection of some to me very common keystrokes
+(setq minimal-map (make-sparse-keymap))
+(substitute-key-definition 'self-insert-command 'self-insert-command
+ minimal-map global-map)
+(use-global-map minimal-map)
+(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
+(global-set-key (kbd "RET") 'newline)
+(global-set-key (kbd "TAB") 'indent-for-tab-command)
+(global-set-key (kbd "<up>") 'previous-line)
+(global-set-key (kbd "<down>") 'next-line)
+(global-set-key (kbd "<left>") 'left-char)
+(global-set-key (kbd "<right>") 'right-char)
+(global-set-key (kbd "<prior>") 'scroll-down-command)
+(global-set-key (kbd "<next>") 'scroll-up-command)
+(global-set-key (kbd "M-x") 'execute-extended-command)
+(global-set-key (kbd "C-g") 'keyboard-quit)
+;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
+;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
+;; note how to switch back to the original map: (use-global-map global-map)
+(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
+
+
+
+;; minibuffer
+;; ==========
+
+;; incremental minibuffer completion
+(icomplete-mode 1)
+
+
+
+;; text editing
+;; ============
+
+;; tabs are evil
+(setq-default indent-tabs-mode nil)
+(setq-default tab-width 4)
+(setq indent-line-function 'insert-tab)
+
+;; show trailing whitespace
+(setq-default show-trailing-whitespace 1)
+
+;; on save, ask whether to ensure text file's last line ends in a
+;; newline character
+(setq require-final-newline 1)
+
+;; use dedicated directory for version-controlled, endless backups;
+;; never delete old versions
+(setq make-backup-files t
+ backup-directory-alist `(("." . "~/.emacs_backups"))
+ backup-by-copying t
+ version-control t
+ delete-old-versions 1) ;; neither t nor nil: never delete
+
+
+;; package management
+;; ==================
+
+;; where we get packages from
+(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
+ ("melpa-unstable" . "https://melpa.org/packages/")
+ ("melpa-stable" . "https://stable.melpa.org/packages/")))
+
+;; ensure certain packages are installed (actually, we use Debian repos here)
+;; credit to <https://stackoverflow.com/a/10093312>
+;(setq package-list '(elfeed ledger-mode))
+;(package-initialize)
+;(dolist (package package-list)
+; (unless (package-installed-p package)
+; (package-install package)))
+
+
+
+;;; window management
+;;; =================
+;
+;;; track window configurations to allow window config undo
+;(winner-mode 1)
+
+
+
+;; mail setup
+;; ==========
+
+(setq send-mail-function 'smtpmail-send-it)
+(setq smtpmail-smtp-server "mail.plomlompom.com")
+(setq smtpmail-smtp-service 465)
+(setq smtpmail-stream-type 'ssl)
+(setq smtpmail-smtp-user "plom")
+(setq mml-secure-openpgp-encrypt-to-self t)
+(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
+
+;(setq gnutls-log-level 0)
+
+;; if we don't set this, we get this warning:
+;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
+;; has been lowered to 256 bits and this may allow decryption of the session data
+(setq gnutls-min-prime-bits 1024)
+
+;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
+;; stream process, seemingly unless the /message/ function is called at the right
+;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
+;; in /network-stream-get-response/ right after "(goto-char start)"; this works
+;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
+;; buffer is not relevant, but maybe writing to the echo area is); activing the
+;; gnutls logging is just a hack to achieve such calls to /message/ in the
+;; /network-stream-open-tls/ flow.
+(setq gnutls-log-level 1) ; miraculously makes smtpmail work
+
+;; constructs From: domain if mail composer directly called (from without
+;; notmuch), but we don't actually intend to do that
+;(setq mail-host-address "plomlompom.com")
+
+;; otherwise notmuch becomes extremely slow in some cases
+(setq-default notmuch-show-indent-content nil)
+
+;; this only works if we use notmuch-mua-send instead of message-send
+(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
+
+;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
+;; in the message ID
+(setq mail-host-address "plomlompom.com")
+
+;; notmuch saved searches
+(setq notmuch-saved-searches
+ '((:name "inbox" :query "tag:unread and folder:inbox")
+ (:name "all" :query "tag:unread not folder:maildir/Trash")
+ (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
+ (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
+ (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
+ (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
+ (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
+
+
+
+;; org mode
+;; ========
+
+;; unsure why, but to re-set the key map, we not only have to explicitely do it
+;; only after org-mode loading, but also have to explicitely overwrite the
+;; C-c keybinding; TODO: investigate
+(with-eval-after-load 'org
+ (setq org-mode-map (make-sparse-keymap))
+ (define-key org-mode-map (kbd "C-c") nil)
+ (define-key org-mode-map (kbd "TAB") 'org-cycle)
+ (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
+
+;; don't truncate lines by default
+(setq org-startup-truncated nil)
+
+;; basic org-capture config
+(setq org-capture-templates
+ '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
+(add-hook 'org-capture-mode-hook 'evil-insert-state)
+
+;; agenda view on startup
+(load-library "find-lisp")
+(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
+(setq org-agenda-span 90)
+(setq org-agenda-use-time-grid nil)
+(add-hook 'emacs-startup-hook (lambda ()
+ (org-agenda-list)
+ (switch-to-buffer "*Org Agenda*")
+ (other-window 1)))
+
+;;; for calendar, use ISO date style
+;(setq calendar-date-style 'iso)
+;(setq diary-number-of-entries 7)
+;(diary)
+;(setq org-agenda-time-grid '((today require-timed remove-match)
+; #("----------------" 0 16 (org-heading t))
+; (0 200 400 600 800 1000 1200
+; 1400 1600 1800 2000 2200)))
+
+;; empty org-agenda-mode keybindings
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (setq org-agenda-mode-map (make-sparse-keymap))))
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (use-local-map (make-sparse-keymap))))
+
+;; org-publish-all
+(setq org-publish-project-alist
+ '(
+ ("website"
+ :base-directory "~/org/web/"
+ :base-extension "org"
+ :publishing-directory "~/html/"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4 ; Just the default for this project.
+ :auto-preamble t
+ )))
+
+;; use [ki:] syntax to hide stuff from exports
+(defun classify-information (text backend info)
+ "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
+ (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
+(add-hook 'org-export-filter-plain-text-functions 'classify-information)
+
+;; add HTML validator link to exports
+(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
+
+
+
+;;; Info mode
+;;; =========
+
+(setq Info-mode-map (make-sparse-keymap))
+(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
+(define-key Info-mode-map (kbd "u") 'Info-up)
+(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
+(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
+(define-key Info-mode-map (kbd "H") 'Info-history-back)
+(define-key Info-mode-map (kbd "L") 'Info-history-forward)
+(define-key Info-mode-map (kbd "I") 'Info-goto-node)
+(define-key Info-mode-map (kbd "i") 'Info-index)
+
+
+
+;; help mode
+;; =========
+
+(setq help-mode-map (make-sparse-keymap))
+(define-key help-mode-map (kbd "TAB") 'forward-button)
+(define-key help-mode-map (kbd "RET") 'help-follow)
+(define-key help-mode-map (kbd "<backtab>") 'backward-button)
+
+
+
+; ;; elfeed
+; ;; ======
+;
+; (require 'elfeed) ; needed so we can set the font faces
+; (set-face-background 'elfeed-search-title-face "magenta")
+; (set-face-background 'elfeed-search-unread-count-face "magenta")
+; (setq elfeed-feeds
+; '("https://capsurvival.blogspot.com/feeds/posts/default"
+; "https://jungle.world/rss.xml"
+; "http://news.dieweltistgarnichtso.net/bin/index.xml"
+; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
+; "http://www.tagesschau.de/xml/atom"))
+; (setq elfeed-search-mode-map (make-sparse-keymap))
+; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
+; (defun elfeed-search-mark-as-read() (interactive)
+; (elfeed-search-untag-all 'unread))
+; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
+; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
+; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
+; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
+; (setq elfeed-show-mode-map (make-sparse-keymap))
+; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
+; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
+; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
+; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
+; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
+;
+;
+;
+; ;; eww
+; ;; ===
+;
+; (setq eww-mode-map (make-sparse-keymap))
+; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key eww-mode-map (kbd "H") 'eww-back-url)
+; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
+
+
+
+;; ledger
+;; ======
+(setq ledger-mode-map (make-sparse-keymap))
+(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
+
+
+
+;;; plomvi mode
+;;; ===========
+
+(defvar plomvi-return-combo (kbd "C-c"))
+(load "~/public_repos/plomvi.el/plomvi.el")
+(plomvi-global-mode 1)
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
--- /dev/null
+IMAPAccount plom
+# Address to connect to
+Host mail.plomlompom.com
+User plom
+# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
+# therefore the pw in ~/.authinfo should not be longer than that.
+PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
+SSLType IMAPS
+AuthMechs LOGIN
+
+IMAPStore core-remote
+Account plom
+
+MaildirStore core-local
+# The trailing "/" is important
+Path ~/mail/maildir/
+Inbox ~/mail/inbox/
+
+Channel core
+Far :core-remote:
+Near :core-local:
+Patterns *
+# Automatically create missing mailboxes, both locally and on the server
+Create Both
+# Save the synchronization state files in the relevant directory
+SyncState *
+# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
+Expunge Both
--- /dev/null
+[database]
+path=/home/plom/mail
+[search]
+exclude_tags=deleted;spam;
+# the fields below set the From: if the mail composer is called from
+# within notmuch
+[user]
+name=Christian Heller
+primary_email=plom@plomlompom.com
--- /dev/null
+# sanitize tridactyllocal tridactylsync
+# guiset tabs always
+# guiset hoverlink left
+# guiset statuspanel right
+autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
+# bind ö fillcmdline find
+# bind n findnext 1
+# bind N findnext -1
+bind j scrollline 3
+bind k scrollline -3
+set hintuppercase false
+set searchengine duckduckgo
+set theme midnight
+set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
+set searchurls.dictcc https://www.dict.cc/?s=
+set hintchars 123456qwertasdfgyxcvb
+guiset gui none
+escapehatch
--- /dev/null
+# X init configuration
+
+# Set keymap.
+setxkbmap de
+
+# Map CapsLock to Compose key.
+xmodmap -e "clear Lock"
+xmodmap -e "keycode 66 = Multi_key"
+
+# Load xterm settings
+xrdb -merge ~/.Xresources
+
+# Redshift to Berlin, Germany.
+redshift -rl 53:13 &
+
+sh .xinitrc_bonus
+
+# Launch window manager.
+i3
--- /dev/null
+#!/bin/sh
+set -e
+
+basedir="/home/plom/mail/maildir/"
+# Ensure directories exist for all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ if [ ! -d "${target_dir}" ]; then
+ echo "Directory ${target_dir} does not exist."
+ exit 1
+ fi
+done
+
+# Ensure all "dir:*"-tagged mails are in proper directories,
+# remove all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ for f in $(notmuch search --output=files tag:"${tag}"); do
+ new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
+ target_path="${target_dir}${new_name}"
+ if [ ! "${target_path}" = "${f}" ]; then
+ echo "Moving ${f} to ${target_path}."
+ mv "${f}" "${target_path}"
+ # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
+ fi
+ done
+ notmuch tag -"${tag}" tag:"${tag}"
+done
+
+# Remove all "deleted"-tagged files from maildirs.
+notmuch search --output=files tag:deleted | while read f; do
+ echo "Deleting ${f}"
+ rm "${f}"
+done
+
+# Sync changes back to server and update notmuch index.
+mbsync -a
+notmuch new
--- /dev/null
+# List of repos we want cloned in ~/public_repos
+config
+pingmail.git
+plomlombot-irc.git
+plomrogue
+plomrogue2-experiments
+plomvi.el
+misc
--- /dev/null
+#!/bin/sh
+set -e
+set -x
+. ../../constants.sh
+. "${PATH_MANY_MISC}"
+
+setup_for_raspi
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+shift 2
+
+cd "${setup_scripts_dir}"
+
+# Adapt /etc/ to our needs by copying from ./etc_files. This will set
+# basic configurations affecting following steps, such as setup of APT
+# and the locale selection, so needs to be right at the beginning.
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
+
+# Set hostname and FQDN.
+./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
+
+# Ensure package installation state as defined by what packages are
+# defined as required by Debian policy and by settings in ./apt-mark/.
+apt update
+./install_for_target.sh all "$@"
+./purge_nonrequireds.sh all "$@"
+
+# Ensure our desired locale is available.
+locale-gen
+
+# Only upgrade after reducing the system to the desired minimum, so that
+# we don't need to get more data than necessary.
+apt -y dist-upgrade
+
+# Set Berlin localtime.
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
--- /dev/null
+#!/bin/sh
+# Copy files in argument-selected subdirectories of $1 to subdirectories
+# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
+# of "" and $3 of "all", copy files below etc_files/all such as
+# etc_files/all/etc/foo/bar to equivalent locations below / such as
+# /etc/foo/bar. Create directories as necessary. Multiple arguments after
+# $3 are possible.
+#
+# CAUTION: This removes original files at the affected paths.
+set -e
+. ./misc.sh
+
+expect_n_args 3 "(source root, target root, modules)" "$@"
+
+source_root="$1"
+target_root="$2"
+shift 2
+
+for target_module in "$@"; do
+ mkdir -p "${source_root}/${target_module}"
+ cd "${source_root}/${target_module}"
+ for path in $(find . -type f); do
+ target_path="${target_root}"$(echo "${path}" | cut -c2-)
+ source_path=$(realpath "${path}")
+ dir=$(dirname "${target_path}")
+ mkdir -p "${dir}"
+ cp "${source_path}" "${target_path}"
+ done
+done
--- /dev/null
+#!/bin/sh
+# Walks through the package names in the argument-selected files of
+# apt-mark/ and ensures the respective packages are installed.
+#
+# Ignores anything in an apt-mark/ file after the last newline.
+set -e
+. ./misc.sh
+
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ # TODO: continue if file at $path not found, to get rid of dummy files
+ cat "${path}" | while read line; do
+ echo "$line"
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
+ fi
+ done
+done
--- /dev/null
+#!/bin/sh
+set -e
+debian_version="testing"
+legal_system_names="x220 w530 h610m"
+config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
+if [ ! -d "${config_tree_prefix}" ]; then
+ config_tree_prefix="${HOME}/config/${debian_version}"
+fi
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+expect_n_args() {
+ min_args="$1"
+ explainer="$2"
+ shift 2
+ if [ "$#" -lt "${min_args}" ]; then
+ echo "Need at least ${min_args} arguments … ${explainer}"
+ false
+ fi
+}
+
+expect_setup_finished_file() {
+ filename="$1"
+ setup_script="$2"
+ if [ ! -f "${HOME}/${filename}" ]; then
+ echo "First need to run ${setup_script}."
+ false
+ fi
+}
+
+get_system_name_arg() {
+ found=0
+ for system_name_i in $legal_system_names; do
+ if [ "$1" = "$system_name_i" ]; then
+ found=1
+ system_name="${system_name_i}"
+ continue
+ fi
+ done
+ if [ "$found" = 0 ]; then
+ echo "Need legal system name."
+ false
+ fi
+}
--- /dev/null
+#!/bin/sh
+# This script removes all Debian packages that are not of Priority
+# "required" or not depended on by packages of priority "required"
+# or not listed in the argument-selected files of apt-mark/.
+set -e
+. ./misc.sh
+
+# FIXME packages listed twice in the aptmark_dir get blacklisted?
+
+dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ cat "${path}" | while read line; do
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ echo "${line}" >> /tmp/list_white_unsorted
+ fi
+ done
+done
+sort /tmp/list_white_unsorted > /tmp/list_white
+dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
+sort /tmp/list_all_packages > /tmp/foo
+mv /tmp/foo /tmp/list_all_packages
+comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
+apt-mark auto `cat /tmp/list_black`
+DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
+
+# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab.
+# TODO: Find out why.
+mount -a
--- /dev/null
+#!/bin/sh
+# Sets hostname and optionally FQDN.
+#
+# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
+# writing follows recommendations from Debian manual at
+# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
+# (section "The hostname resolution") on how to map hostname and possibly
+# FQDN to a permanent IP if present (we assume here any non-private IP
+# and non-loopback IP returned by hostname -I to fulfill that criterion
+# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
+# localhost and hostname mapping to different IPs, see
+# <https://unix.stackexchange.com/a/13087>.
+#
+# Ignores IPv6s.
+set -e
+. ./misc.sh
+
+expect_n_args 1 "(hostname, fqdn)" "$@"
+
+hostname="$1"
+fqdn="$2"
+echo "${hostname}" > /etc/hostname
+hostname "${hostname}"
+
+final_ip="127.0.1.1"
+for ip in $(hostname -I); do
+ if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
+ continue
+ fi
+ range_1=$(echo "${ip}" | cut -d "." -f 1)
+ range_2=$(echo "${ip}" | cut -d "." -f 2)
+ if [ "${range_1}" -eq 127 ]; then
+ continue
+ elif [ "${range_1}" -eq 10 ]; then
+ continue
+ elif [ "${range_1}" -eq 172 ]; then
+ if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+ continue
+ fi
+ elif [ "${range_1}" -eq 192 ]; then
+ if [ "${range_2}" -eq 168 ]; then
+ continue
+ fi
+ fi
+ final_ip="${ip}"
+done
+
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+# Set up system without user environment.
+cd "${setup_scripts_dir}"
+if [ "$system_name" = "w530" ] || [ "$system_name" = "x220" ]; then
+ ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
+else
+ ./_setup.sh "${system_name}" "" user desktop "${system_name}"
+fi
+
+# Upgrade to testing, but hold kernel known to work with nvidia-drivers.
+sed -i 's/bookworm/testing/g' /etc/apt/sources.list
+if [ "$system_name" = "h610m" ]; then
+ apt-mark hold linux-image-amd64 linux-headers-amd64
+fi
+apt update
+apt dist-upgrade
+
+# Set up user environments.
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
+adduser --disabled-password --gecos "" plom
+usermod -a -G sudo plom
+passwd plom
+cp -a ~/config /home/plom
+chown -R plom:plom /home/plom/config
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+cd $setup_scripts_dir
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
+
+# secrets_dev="sdb"
+# source_dir_secrets="/media/${secrets_dev}/to_usb"
+# target_dir_secrets="${HOME}/tmp_secrets"
+# echo "Put secrets drive into slot for /dev/${secrets_dev}."
+# while [ ! -e /dev/"${secrets_dev}" ]; do
+# sleep 1
+# done
+# stty -echo
+# printf "Secrets passphrase: "
+# read SECRETS_PASS
+# stty echo
+# echo "" # newline so user knows their input return was accepted
+# sudo -v
+# echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
+# cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+# sudo chown -R plom:plom "${target_dir_secrets}"
+# sudo pumount "${secrets_dev}"
+# echo "You can remove /dev/${secrets_dev} now."
+#
+# # Set up iniitial non-public parts of infrastructure: SSH authentication.
+# ssh_dir=~/.ssh
+# cd "${target_dir_secrets}"
+# mkdir -p "${ssh_dir}"
+# echo "Setting up .ssh"
+# cp id_rsa ~/.ssh
+# stty -echo
+# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+# stty echo
+# eval $(ssh-agent)
+# ssh-add
+# ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+#
+# # Fill ~/public_repos.
+# public_repos_dir="${HOME}/public_repos"
+# repos_list_file="${public_repos_dir}/repos"
+# mkdir -p "${public_repos_dir}"
+# cat "${repos_list_file}" | while read line; do
+# first_char=$(echo "${line}" | cut -c1)
+# if [ "${first_char}" = "#" ]; then
+# continue
+# fi
+# repo_name="${line}"
+# if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+# cd "${public_repos_dir}"
+# git clone plom@plomlompom.com:/var/repos/${repo_name}
+# fi
+# done
+#
+# # Remove redundant config repo copy.
+# config_tree_prefix="${public_repos_dir}/config/${debian_version}"
+# rm -rf ~/config
+#
+# # Set up native messenger for tridactyl.
+# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
+# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
+#
+# # Set up further non-public parts of infrastructure.
+# cd "${target_dir_secrets}"
+# script -c 'gpg --import secret_keys.asc' /dev/null
+# path_borgscript="${config_tree_prefix}//borg.sh"
+#
+# # borg setup
+# borgkeys_dir=~/.config/borg/keys
+# borgrepos_file=~/.borgrepos
+# tar xf borg_keyfiles.tar
+# mkdir -p "${borgkeys_dir}"
+# mv borg_keyfiles/* "${borgkeys_dir}"
+# # Sync org dir via borgbackup. For this we need the borgbackup servers
+# # in our .ssh/known_hosts file.
+# cat "${borgrepos_file}" | while read line; do
+# first_char=$(echo "${line}" | cut -c1)
+# if [ "${first_char}" = "#" ]; then
+# continue
+# fi
+# server=$(echo "${line}" | sed 's/.*@//')
+# ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+# done
+# BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+#
+# # .authinfo may not be present on every secrets drive yet
+# authinfo_file=.authinfo
+# if [ -f "${authinfo_file}" ]; then
+# cp "${authinfo_file}" ~
+# fi
+# cd
+#
+# maildir=~/mail/maildir
+# # # Set up e-mail system. Note that we only do mbsync if the imap pass file
+# # # is found. It may not be present on every secrets drive yet, so we have to
+# # # deal with the possibility of it being absent at this point.
+# mkdir -p "${maildir}" # expected by mbsync/isync
+# if [ -f "${HOME}/${authinfo_file}" ]; then
+# mbsync -a
+# notmuch new
+# fi
+#
+# # # Final note on how to integrate tridactyl.
+# # echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo "Need exactly one argument: public key ID."
- false
-fi
-gpg_key="$1"
-keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es'
-set +e
-for keyserver in $(echo "${keyservers}"); do
- gpg --no-tty --keyserver $keyserver --send-key "${gpg_key}"
-done
-set -e
+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
-# extremely useful for basic network debugging; missed these more than once in an emergency
-netcat-traditional
-iputils-ping
-# what would we do without this …
-apt
+++ /dev/null
-# for X to start at all
-linux-headers-amd64
-nvidia-driver
-firmware-misc-nonfree
-# X input: keyboard
-xserver-xorg-input-evdev
-# CUDA
-nvidia-cuda-dev
-nvidia-cuda-toolkit
-
+++ /dev/null
-# needed for torrenting
-rtorrent
-# needed for torrenting session
-screen
-
+++ /dev/null
-# so we can login at all …
-openssh-server
-# firewalling
-nftables
-# We want to be able to use ALL our servers as borg backup destinations.
-borgbackup
-# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown
-systemd-sysv
-# necessary on _some_ vservers
-net-tools
-quota
-
+++ /dev/null
-# for wifi
-firmware-iwlwifi
-network-manager
-wpasupplicant
-# for tlp
-tlp
-tp-smapi-dkms
-# for X to start at all
-xserver-xorg-video-intel
-# X input: keyboard and touchpad
-xserver-xorg-input-evdev
-xserver-xorg-input-synaptics
-# to use printer
-cups
-#
-
+++ /dev/null
-# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
-cryptsetup-initramfs
-lvm2
-# this provides setupcon which reads /etc/default/console-setup
-console-setup
-# for startx
-xinit
-# for xrdb
-x11-xserver-utils
-# for startx to run for non-root user
-libpam-systemd
-# window environment
-i3
-i3status
-suckless-tools
-xterm
-# to get sleepy at night
-redshift
-# for alsamixer
-alsa-utils
-# also useful
-vim
-sudo
-less
-man-db
-manpages
-procps
-# firefox install dependencies
-wget
-bzip2
-# firefox running dependencies
-libgtk-3-0
-libdbus-glib-1-2
-# tridactyl install recommendations
-vim-gtk3
-curl
-# for firefox to emit sound
-pulseaudio
-# emacs
-emacs
-emacs-common-non-dfsg
-emacs-el
-elpa-ledger
-ledger
-# to mount encrypted USB stick and use its contents
-pmount
-cryptsetup
-openssh-client
-# for syncing
-borgbackup
-# mail setup
-isync
-notmuch
-elpa-notmuch
-pinentry-gtk2
-#
+++ /dev/null
-# for open-gpu-kernel-modules building
-gcc
-g++
-make
-linux-headers-amd64
-xz-utils
-# for NVIDIA driver .run --no-kernel-modules
-libvulkan1
-libglvnd-dev
-pkg-config
-# so we can add nvidia.NVreg_OpenRmEnableUnsupportedGpus=1 to default grub
-grub-efi-amd64
-
+++ /dev/null
-nginx-light
-# for SSL
-certbot
-python3-certbot-nginx
+++ /dev/null
-../bullseye/borg.sh
\ No newline at end of file
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
-deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
-deb http://ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
+++ /dev/null
-LANG="en_US.UTF-8"
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-[Unit]
-Description=rtorrent session
-After=network.target
-
-[Service]
-Type=simple
-User=plom
-Group=plom
-WorkingDirectory=/home/plom
-ExecStartPre=-/bin/rm -f /home/plom/session/rtorrent.lock
-ExecStart=/usr/bin/screen -S rtorrent -Dm /usr/bin/rtorrent
-ExecStop=/usr/bin/screen -S rtorrent -X quit
-Restart=on-failure
-RestartSec=3
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Include /etc/ssh/sshd_config.d/*.conf
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-KbdInteractiveAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the KbdInteractiveAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin prohibit-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and KbdInteractiveAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#PermitUserEnvironment no
-#Compression delayed
-ClientAliveInterval 15
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/status.plomlompom.com/;
-
- location = / {
- return 301 /users/plomlompom.html;
- }
-
- # re-direct to .html endings
- location ~ ^/(notice|users)/([^\.]*)/?$ {
- rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent;
- }
-}
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/tube.plomlompom.com/;
-
- # re-direct to .html endings
- location ~ ^/videos/watch/([^\.]*)/?$ {
- rewrite ^/videos/watch/([^\./]*)/?$ /videos/watch/$1.html permanent;
- }
-}
+++ /dev/null
-# If you change this file, run 'update-grub' afterwards to update
-# /boot/grub/grub.cfg.
-# For full documentation of the options in this file, see:
-# info -f grub -n 'Simple configuration'
-
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=5
-GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
-GRUB_CMDLINE_LINUX=""
-
-# Uncomment to enable BadRAM filtering, modify to suit your needs
-# This works with Linux (no patch required) and with any kernel that obtains
-# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
-#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
-
-# Uncomment to disable graphical terminal (grub-pc only)
-#GRUB_TERMINAL=console
-
-# The resolution used on graphical terminal
-# note that you can use only modes which your graphic card supports via VBE
-# you can see them in real GRUB with the command `vbeinfo'
-#GRUB_GFXMODE=640x480
-
-# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
-#GRUB_DISABLE_LINUX_UUID=true
-
-# Uncomment to disable generation of recovery mode menu entries
-#GRUB_DISABLE_RECOVERY="true"
-
-# Uncomment to get a beep at grub start
-#GRUB_INIT_TUNE="480 440 1"
+++ /dev/null
-blacklist nouveau
-options nouveau modeset=0
-
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- tcp dport 80 accept comment "accept HTTP on default port"
- tcp dport 443 accept comment "accept HTTPS on default port"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
+++ /dev/null
-# system integration
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-# is expected even if empty
-events {
-}
-
-http {
- # define content-type headers
- include /etc/nginx/mime.types;
- charset utf-8;
-
- # Some standard optimizations, i.e. Debian default. Explained in
- # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
- # Not that I understand it all …
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
-
- # logging deactivated due to GDPR
- #access_log /var/log/nginx/access.log;
- #error_log /var/log/nginx/error.log;
- access_log off;
- error_log off;
-
- # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-
- # Redirect all HTTP requests to HTTPS.
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
-}
+++ /dev/null
-# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
-xset s noblank
+++ /dev/null
-# Settings for interactive shells.
-
-# Fancy colors for ls.
-alias ls="ls --color=auto"
-
-# Other helpful aliases
-alias sshauth='eval $(ssh-agent) && ssh-add'
-# alias xrandrbig='xrandr --output LVDS-1 --off'
-
-# Use vim as default editor for anything.
-export VISUAL=vim
-export EDITOR=$VISUAL
-
-# Colored prompt with username, hostname, date/time, directory.
-colornumber=7 # Default to white if no color set via colornumber dotfile.
-colornumber_file=~/.shell_prompt_color
-if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
-fi
-tput_color="$(tput setaf $colornumber)$(tput bold)"
-tput_reset="$(tput sgr0)"
-# Bash confuses the line length when not told to not count escape sequences.
-if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
-fi
-PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
-PS2="${tput_color}> $tput_reset"
-PS3="${tput_color}select: $tput_reset"
-PS4="${tput_color}+ $tput_reset"
+++ /dev/null
-# where to write downloads into
-directory.default.set = ~/downloads
-
-# rtorrent's memory
-session.path.set = ~/session
-
-# security and paranoia
-dht.mode.set = disable
-protocol.pex.set = no
-protocol.encryption.set = require,require_RC4,allow_incoming,try_outgoing
-
+++ /dev/null
-! otherwise various applications will assume merely 8 colors
-XTerm.termName: xterm-256color
-
-! font
-! actually, "mono" is already the default for faceName (it will
-! pick whatever fc-match mono delivers), but we need to set _some_
-! faceName to trigger XTerm activating TrueType fonts
-! (XTerm*fontRender by itself won't do the trick), and we want
-! TrueType fonts because, well, they scale better, and XTerm lets them
-! fall back on alternatives (hi there ttf-unifont) when a Unicode
-! glyph is not found
-XTerm*faceName: mono
-
-! white on black
-XTerm*reverseVideo: on
-
-! blink screen instead of sound
-XTerm*visualBell: on
-
-! proper ALT as META key treatment
-XTerm*eightBitInput: false
-
-! font sizes
-XTerm*faceSize: 8
-XTerm*faceSize1: 4
-XTerm*faceSize2: 5
-XTerm*faceSize3: 6
-XTerm*faceSize4: 8
-XTerm*faceSize5: 14
-XTerm*faceSize6: 25
-
-! colors
-! black
-XTerm*color0: #202020
-XTerm*color8: #3F3F3F
-! red
-XTerm*color1: #A82020
-XTerm*color9: #E82020
-! green
-XTerm*color2: #20A820
-XTerm*color10: #20E820
-! yellow
-XTerm*color3: #A8A820
-XTerm*color11: #E8E820
-! blue
-XTerm*color4: #3F3FFF
-XTerm*color12: #9F9FFF
-! magenta
-XTerm*color5: #A83FFF
-XTerm*color13: #E89FFF
-! cyan
-XTerm*color6: #3FA8FF
-XTerm*color14: #9FE8FF
-! white
-XTerm*color7: #A8A8A8
-XTerm*color15: #E8E8E8
+++ /dev/null
-plom@plomlompom.com
-plom@mail.plomlompom.com
-plom@play.plomlompom.com
-# file read ends at last newline
+++ /dev/null
-# plomlompom's i3-wm configuration
-
-# Font for i3 text
-font pango:Terminus 8px
-
-# Force "tabbed" as default layout for new windows.
-workspace_layout tabbed
-
-# Make the Windows key the modifier key for all i3-wm actions.
-set $mod Mod4
-floating_modifier $mod
-
-# Launch xterm.
-bindsym $mod+Return exec xterm
-
-# Launch programs via dmenu.
-bindsym $mod+d exec dmenu_run
-bindsym $mod+x exec dmenu_run
-
-# Kill window.
-bindsym $mod+Shift+Q kill
-
-# Move focus between windows.
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Don't move focus with mouse.
-focus_follows_mouse no
-
-# Move windows.
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# Resize windows
-bindsym $mod+h resize shrink width 1 px or 1 ppt
-bindsym $mod+l resize grow width 1 px or 1 ppt
-bindsym $mod+j resize shrink height
-bindsym $mod+k resize grow height
-
-# Toggle fullscreen for focused window.
-bindsym $mod+f fullscreen
-
-# Toggle floating of window, focus on floating or tabbed windows.
-bindsym $mod+Shift+space floating toggle
-bindsym $mod+space focus mode_toggle
-
-# Switch to workspace x.
-bindsym $mod+1 workspace 1
-bindsym $mod+2 workspace 2
-bindsym $mod+3 workspace 3
-bindsym $mod+4 workspace 4
-bindsym $mod+5 workspace 5
-bindsym $mod+6 workspace 6
-bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace 8
-bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
-
-# Move window to workspace x.
-bindsym $mod+Shift+exclam move workspace 1
-bindsym $mod+Shift+quotedbl move workspace 2
-bindsym $mod+Shift+section move workspace 3
-bindsym $mod+Shift+dollar move workspace 4
-bindsym $mod+Shift+percent move workspace 5
-bindsym $mod+Shift+ampersand move workspace 6
-bindsym $mod+Shift+slash move workspace 7
-bindsym $mod+Shift+parenleft move workspace 8
-bindsym $mod+Shift+parenright move workspace 9
-bindsym $mod+Shift+equal move workspace 10
-
-# Reload i3 config file, restart (keeping sesion) i3, exit i3.
-bindsym $mod+Shift+C reload
-bindsym $mod+Shift+R restart
-bindsym $mod+Shift+P exit
-
-# Select "i3status" as i3 status bar, hide systray icons.
-bar {
- tray_output none
- status_command i3status
-}
-
-include ~/.config/i3/config_bonus
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-;; general layout
-;; ==============
-
-;; need no stinkin emacs help screen as start up, and no menu bar
-(setq inhibit-startup-screen t)
-(menu-bar-mode -1)
-
-;; highlight cursor line, parentheses
-(global-hl-line-mode 1)
-(show-paren-mode 1)
-
-;; show line numbers, use separator space
-(global-linum-mode)
-(setq linum-format "%d ")
-
-;; count cursor column, row in mode line
-(setq column-number-mode t)
-
-;; settings to make GUI tolerable
-(if window-system
- (progn
- (add-to-list 'default-frame-alist '(foreground-color . "white"))
- (add-to-list 'default-frame-alist '(background-color . "black"))
- (set-face-attribute 'default nil :height 80)
- (scroll-bar-mode -1)
- (setq visible-bell t)
- (setq linum-format "%d")))
-
-;; use as default browser what XDG offers
-(setq-default browse-url-browser-function 'browse-url-xdg-open)
-
-
-
-;; general keybindings
-;; ===================
-
-;; create and use a minimal global map using just the self-insert command
-;; bindings and a selection of some to me very common keystrokes
-(setq minimal-map (make-sparse-keymap))
-(substitute-key-definition 'self-insert-command 'self-insert-command
- minimal-map global-map)
-(use-global-map minimal-map)
-(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
-(global-set-key (kbd "RET") 'newline)
-(global-set-key (kbd "TAB") 'indent-for-tab-command)
-(global-set-key (kbd "<up>") 'previous-line)
-(global-set-key (kbd "<down>") 'next-line)
-(global-set-key (kbd "<left>") 'left-char)
-(global-set-key (kbd "<right>") 'right-char)
-(global-set-key (kbd "<prior>") 'scroll-down-command)
-(global-set-key (kbd "<next>") 'scroll-up-command)
-(global-set-key (kbd "M-x") 'execute-extended-command)
-(global-set-key (kbd "C-g") 'keyboard-quit)
-;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
-;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
-;; note how to switch back to the original map: (use-global-map global-map)
-(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
-
-
-
-;; minibuffer
-;; ==========
-
-;; incremental minibuffer completion
-(icomplete-mode 1)
-
-
-
-;; text editing
-;; ============
-
-;; tabs are evil
-(setq-default indent-tabs-mode nil)
-(setq-default tab-width 4)
-(setq indent-line-function 'insert-tab)
-
-;; show trailing whitespace
-(setq-default show-trailing-whitespace 1)
-
-;; on save, ask whether to ensure text file's last line ends in a
-;; newline character
-(setq require-final-newline 1)
-
-;; use dedicated directory for version-controlled, endless backups;
-;; never delete old versions
-(setq make-backup-files t
- backup-directory-alist `(("." . "~/.emacs_backups"))
- backup-by-copying t
- version-control t
- delete-old-versions 1) ;; neither t nor nil: never delete
-
-
-;; package management
-;; ==================
-
-;; where we get packages from
-(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
- ("melpa-unstable" . "https://melpa.org/packages/")
- ("melpa-stable" . "https://stable.melpa.org/packages/")))
-
-;; ensure certain packages are installed (actually, we use Debian repos here)
-;; credit to <https://stackoverflow.com/a/10093312>
-;(setq package-list '(elfeed ledger-mode))
-;(package-initialize)
-;(dolist (package package-list)
-; (unless (package-installed-p package)
-; (package-install package)))
-
-
-
-;;; window management
-;;; =================
-;
-;;; track window configurations to allow window config undo
-;(winner-mode 1)
-
-
-
-;; mail setup
-;; ==========
-
-(setq send-mail-function 'smtpmail-send-it)
-(setq smtpmail-smtp-server "mail.plomlompom.com")
-(setq smtpmail-smtp-service 465)
-(setq smtpmail-stream-type 'ssl)
-(setq smtpmail-smtp-user "plom")
-(setq mml-secure-openpgp-encrypt-to-self t)
-(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
-
-;(setq gnutls-log-level 0)
-
-;; if we don't set this, we get this warning:
-;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
-;; has been lowered to 256 bits and this may allow decryption of the session data
-(setq gnutls-min-prime-bits 1024)
-
-;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
-;; stream process, seemingly unless the /message/ function is called at the right
-;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
-;; in /network-stream-get-response/ right after "(goto-char start)"; this works
-;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
-;; buffer is not relevant, but maybe writing to the echo area is); activing the
-;; gnutls logging is just a hack to achieve such calls to /message/ in the
-;; /network-stream-open-tls/ flow.
-(setq gnutls-log-level 1) ; miraculously makes smtpmail work
-
-;; constructs From: domain if mail composer directly called (from without
-;; notmuch), but we don't actually intend to do that
-;(setq mail-host-address "plomlompom.com")
-
-;; otherwise notmuch becomes extremely slow in some cases
-(setq-default notmuch-show-indent-content nil)
-
-;; this only works if we use notmuch-mua-send instead of message-send
-(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
-
-;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
-;; in the message ID
-(setq mail-host-address "plomlompom.com")
-
-;; notmuch saved searches
-(setq notmuch-saved-searches
- '((:name "inbox" :query "tag:unread and folder:inbox")
- (:name "all" :query "tag:unread not folder:maildir/Trash")
- (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
- (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
- (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
- (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
- (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
-
-
-
-;; org mode
-;; ========
-
-;; unsure why, but to re-set the key map, we not only have to explicitely do it
-;; only after org-mode loading, but also have to explicitely overwrite the
-;; C-c keybinding; TODO: investigate
-(with-eval-after-load 'org
- (setq org-mode-map (make-sparse-keymap))
- (define-key org-mode-map (kbd "C-c") nil)
- (define-key org-mode-map (kbd "TAB") 'org-cycle)
- (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
-
-;; don't truncate lines by default
-(setq org-startup-truncated nil)
-
-;; basic org-capture config
-(setq org-capture-templates
- '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
-(add-hook 'org-capture-mode-hook 'evil-insert-state)
-
-;; agenda view on startup
-(load-library "find-lisp")
-(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
-(setq org-agenda-span 90)
-(setq org-agenda-use-time-grid nil)
-(add-hook 'emacs-startup-hook (lambda ()
- (org-agenda-list)
- (switch-to-buffer "*Org Agenda*")
- (other-window 1)))
-
-;;; for calendar, use ISO date style
-;(setq calendar-date-style 'iso)
-;(setq diary-number-of-entries 7)
-;(diary)
-;(setq org-agenda-time-grid '((today require-timed remove-match)
-; #("----------------" 0 16 (org-heading t))
-; (0 200 400 600 800 1000 1200
-; 1400 1600 1800 2000 2200)))
-
-;; empty org-agenda-mode keybindings
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (setq org-agenda-mode-map (make-sparse-keymap))))
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (use-local-map (make-sparse-keymap))))
-
-;; org-publish-all
-(setq org-publish-project-alist
- '(
- ("website"
- :base-directory "~/org/web/"
- :base-extension "org"
- :publishing-directory "~/html/"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4 ; Just the default for this project.
- :auto-preamble t
- )))
-
-;; use [ki:] syntax to hide stuff from exports
-(defun classify-information (text backend info)
- "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
- (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
-(add-hook 'org-export-filter-plain-text-functions 'classify-information)
-
-;; add HTML validator link to exports
-(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
-
-
-
-;;; Info mode
-;;; =========
-
-(setq Info-mode-map (make-sparse-keymap))
-(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
-(define-key Info-mode-map (kbd "u") 'Info-up)
-(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
-(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
-(define-key Info-mode-map (kbd "H") 'Info-history-back)
-(define-key Info-mode-map (kbd "L") 'Info-history-forward)
-(define-key Info-mode-map (kbd "I") 'Info-goto-node)
-(define-key Info-mode-map (kbd "i") 'Info-index)
-
-
-
-;; help mode
-;; =========
-
-(setq help-mode-map (make-sparse-keymap))
-(define-key help-mode-map (kbd "TAB") 'forward-button)
-(define-key help-mode-map (kbd "RET") 'help-follow)
-(define-key help-mode-map (kbd "<backtab>") 'backward-button)
-
-
-
-; ;; elfeed
-; ;; ======
-;
-; (require 'elfeed) ; needed so we can set the font faces
-; (set-face-background 'elfeed-search-title-face "magenta")
-; (set-face-background 'elfeed-search-unread-count-face "magenta")
-; (setq elfeed-feeds
-; '("https://capsurvival.blogspot.com/feeds/posts/default"
-; "https://jungle.world/rss.xml"
-; "http://news.dieweltistgarnichtso.net/bin/index.xml"
-; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
-; "http://www.tagesschau.de/xml/atom"))
-; (setq elfeed-search-mode-map (make-sparse-keymap))
-; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
-; (defun elfeed-search-mark-as-read() (interactive)
-; (elfeed-search-untag-all 'unread))
-; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
-; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
-; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
-; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
-; (setq elfeed-show-mode-map (make-sparse-keymap))
-; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
-; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
-; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
-; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
-; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
-; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
-; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
-;
-;
-;
-; ;; eww
-; ;; ===
-;
-; (setq eww-mode-map (make-sparse-keymap))
-; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
-; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
-; (define-key eww-mode-map (kbd "H") 'eww-back-url)
-; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
-
-
-
-;; ledger
-;; ======
-(setq ledger-mode-map (make-sparse-keymap))
-(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
-
-
-
-;;; plomvi mode
-;;; ===========
-
-(defvar plomvi-return-combo (kbd "C-c"))
-(load "~/public_repos/plomvi.el/plomvi.el")
-(plomvi-global-mode 1)
+++ /dev/null
-[user]
- email = c.heller@plomlompom.de
- name = Christian Heller
+++ /dev/null
-IMAPAccount plom
-# Address to connect to
-Host mail.plomlompom.com
-User plom
-# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
-# therefore the pw in ~/.authinfo should not be longer than that.
-PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
-SSLType IMAPS
-AuthMechs LOGIN
-
-IMAPStore core-remote
-Account plom
-
-MaildirStore core-local
-# The trailing "/" is important
-Path ~/mail/maildir/
-Inbox ~/mail/inbox/
-
-Channel core
-Far :core-remote:
-Near :core-local:
-Patterns *
-# Automatically create missing mailboxes, both locally and on the server
-Create Both
-# Save the synchronization state files in the relevant directory
-SyncState *
-# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
-Expunge Both
+++ /dev/null
-[database]
-path=/home/plom/mail
-[search]
-exclude_tags=deleted;spam;
-# the fields below set the From: if the mail composer is called from
-# within notmuch
-[user]
-name=Christian Heller
-primary_email=plom@plomlompom.com
+++ /dev/null
-# sanitize tridactyllocal tridactylsync
-# guiset tabs always
-# guiset hoverlink left
-# guiset statuspanel right
-autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
-# bind ö fillcmdline find
-# bind n findnext 1
-# bind N findnext -1
-bind j scrollline 3
-bind k scrollline -3
-set hintuppercase false
-set searchengine duckduckgo
-set theme midnight
-set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
-set searchurls.dictcc https://www.dict.cc/?s=
-set hintchars 123456qwertasdfgyxcvb
-guiset gui none
-escapehatch
+++ /dev/null
-# X init configuration
-
-# Set keymap.
-setxkbmap de
-
-# Map CapsLock to Compose key.
-xmodmap -e "clear Lock"
-xmodmap -e "keycode 66 = Multi_key"
-
-# Load xterm settings
-xrdb -merge ~/.Xresources
-
-# Redshift to Berlin, Germany.
-redshift -rl 53:13 &
-
-sh .xinitrc_bonus
-
-# Launch window manager.
-i3
+++ /dev/null
-#!/bin/sh
-set -e
-
-basedir="/home/plom/mail/maildir/"
-# Ensure directories exist for all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- if [ ! -d "${target_dir}" ]; then
- echo "Directory ${target_dir} does not exist."
- exit 1
- fi
-done
-
-# Ensure all "dir:*"-tagged mails are in proper directories,
-# remove all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- for f in $(notmuch search --output=files tag:"${tag}"); do
- new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
- target_path="${target_dir}${new_name}"
- if [ ! "${target_path}" = "${f}" ]; then
- echo "Moving ${f} to ${target_path}."
- mv "${f}" "${target_path}"
- # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
- fi
- done
- notmuch tag -"${tag}" tag:"${tag}"
-done
-
-# Remove all "deleted"-tagged files from maildirs.
-notmuch search --output=files tag:deleted | while read f; do
- echo "Deleting ${f}"
- rm "${f}"
-done
-
-# Sync changes back to server and update notmuch index.
-mbsync -a
-notmuch new
+++ /dev/null
-# List of repos we want cloned in ~/public_repos
-config
-pingmail.git
-plomlombot-irc.git
-plomrogue
-plomrogue2-experiments
-plomvi.el
-misc
+++ /dev/null
-# put main workspaces on big monitor
-workspace 1 output LVDS-1
-workspace 2 output HDMI-1-0
-workspace 3 output HDMI-1-0
-workspace 4 output HDMI-1-0
-workspace 5 output HDMI-1-0
-workspace 6 output HDMI-1-0
-workspace 7 output HDMI-1-0
-workspace 8 output HDMI-1-0
-workspace 9 output HDMI-1-0
-workspace 10 output HDMI-1-0
-
-# default to big monitor's first workspace
-# exec "i3-msg 'workspace 1'"
+++ /dev/null
-# The extreme --pos disconnects the cursor movement spaces, so mouse stays inside selected screen.
-xrandr --output LVDS-1 --mode 1368x768 --output HDMI-1-0 --auto --pos 2000x2000
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 2 "(hostname, FQDN)" "$@"
-hostname="$1"
-fqdn="$2"
-shift 2
-
-cd "${setup_scripts_dir}"
-
-# Adapt /etc/ to our needs by copying from ./etc_files. This will set
-# basic configurations affecting following steps, such as setup of APT
-# and the locale selection, so needs to be right at the beginning.
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all "$@"
-./purge_nonrequireds.sh all "$@"
-
-# Ensure our desired locale is available.
-locale-gen
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+++ /dev/null
-#!/bin/sh
-# Copy files in argument-selected subdirectories of $1 to subdirectories
-# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
-# of "" and $3 of "all", copy files below etc_files/all such as
-# etc_files/all/etc/foo/bar to equivalent locations below / such as
-# /etc/foo/bar. Create directories as necessary. Multiple arguments after
-# $3 are possible.
-#
-# CAUTION: This removes original files at the affected paths.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 3 "(source root, target root, modules)" "$@"
-
-source_root="$1"
-target_root="$2"
-shift 2
-
-for target_module in "$@"; do
- mkdir -p "${source_root}/${target_module}"
- cd "${source_root}/${target_module}"
- for path in $(find . -type f); do
- target_path="${target_root}"$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp "${source_path}" "${target_path}"
- done
-done
+++ /dev/null
-../../bullseye/setup_scripts/init_user_and_keybased_login.sh
\ No newline at end of file
+++ /dev/null
-../../bullseye/setup_scripts/init_user_login.sh
\ No newline at end of file
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-. ./misc.sh
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- # TODO: continue if file at $path not found, to get rid of dummy files
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(old server IP)" "$@"
-old_server="$1"
-cp "${setup_scripts_dir}/misc.sh" /home/plom/
-cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
-chown plom:plom /home/plom/prepare_to_meet_server.sh
-su -lc "./prepare_to_meet_server.sh ${old_server}" plom
-read -p'Hit Enter when you are done.' ignore
-rm /home/plom/prepare_to_meet_server.sh
-cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
-rm /home/plom/mirror_dir.sh
-rm /home/plom/misc.sh
+++ /dev/null
-#!/bin/sh
-# Mirror directory tree from remote to local server, keeping the path.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 2 "(server, directory)" "$@"
-server=$1
-dir=$2
-path_package=/tmp/delete.tar
-
-eval `ssh-agent`
-ssh-add
-cd
-ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
-scp plom@"${server}":"${path_package}" "${path_package}"
-mkdir -p "${dir}"
-cd "${dir}"
-tar xf "${path_package}"
-cd
-rm "${path_package}"
-ssh plom@"${server}" rm "${path_package}"
+++ /dev/null
-#!/bin/sh
-set -e
-debian_version="bookworm"
-legal_system_names="x220 w530 h610m"
-config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
-if [ ! -d "${config_tree_prefix}" ]; then
- config_tree_prefix="${HOME}/config/${debian_version}"
-fi
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-expect_setup_finished_file() {
- filename="$1"
- setup_script="$2"
- if [ ! -f "${HOME}/${filename}" ]; then
- echo "First need to run ${setup_script}."
- false
- fi
-}
-
-get_system_name_arg() {
- found=0
- for system_name_i in $legal_system_names; do
- if [ "$1" = "$system_name_i" ]; then
- found=1
- system_name="${system_name_i}"
- continue
- fi
- done
- if [ "$found" = 0 ]; then
- echo "Need legal system name."
- false
- fi
-}
+++ /dev/null
-#!/bin/sh
-# Do some of the steps necessary to SSH (key-based) with another server.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(server IP)" "$@"
-target="$1"
-
-# We need a public key to copy over, so generate it if not found.
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
- ssh-keygen -N ""
-fi
-
-# Add target to ~/.ssh/known_hosts so we don't get
-# asked for permission at inopportune moments.
-ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
-
-# Tell user what to do.
-echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
-cat ~/.ssh/id_rsa.pub
+++ /dev/null
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-. ./misc.sh
-
-# FIXME packages listed twice in the aptmark_dir get blacklisted?
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- echo "${line}" >> /tmp/list_white_unsorted
- fi
- done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
+++ /dev/null
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-#
-# Ignores IPv6s.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(hostname, fqdn)" "$@"
-
-hostname="$1"
-fqdn="$2"
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
- continue
- fi
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
- continue
- fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
- continue
- fi
- fi
- final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(system name)" "$@"
-get_system_name_arg "$1"
-
-# Set up system without user environment.
-cd "${setup_scripts_dir}"
-if [ "$system_name" = "w530" || "$system_name" = "x220"]; then
- ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
-else
- ./_setup.sh "${system_name}" "" user desktop "${system_name}"
-fi
-
-# # Set up printer.
-# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb"
-# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
-# dpkg --add-architecture i386
-# apt update
-# apt install -y "./${ppd_deb}"
-# service cups restart
-# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
-# rm "./${ppd_deb}"
-# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
-
-# Set up NVIDIA eGPU config.
-if [ "$system_name" = "w530" ]; then
- cd
- git clone https://github.com/NVIDIA/open-gpu-kernel-modules
- cd open-gpu-kernel-modules
- git checkout 337e28e
- # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
- make modules -j$(nproc)
- make modules_install
- cd
- driver_version=535.86.05
- # driver_version=545.29.06
- runscript=NVIDIA-Linux-x86_64-${driver_version}.run
- wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
- rmmod nouveau
- chmod u+x ${runscript}
- ./${runscript} --no-kernel-modules --silent
- depmod
- # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
-fi
-
-# Set up user environments.
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
-adduser --disabled-password --gecos "" plom
-usermod -a -G sudo plom
-passwd plom
-cp -a ~/config /home/plom
-chown -R plom:plom /home/plom/config
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-# Install Firefox directly from Mozilla.
-firefox_release="128.4.0esr"
-firefox_filename="firefox-${firefox_release}.tar.bz2"
-url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
-wget "${url_firefox}"
-mv "${firefox_filename}" /opt/
-cd /opt/
-tar xf "${firefox_filename}"
-rm "${firefox_filename}"
-ln -f -s /opt/firefox/firefox /usr/local/bin/
-update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
-update-alternatives --set x-www-browser /opt/firefox/firefox
-
-echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source."
-
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(system name)" "$@"
-get_system_name_arg "$1"
-
-cd $setup_scripts_dir
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
-
-secrets_dev="sdb"
-source_dir_secrets="/media/${secrets_dev}/to_usb"
-target_dir_secrets="${HOME}/tmp_secrets"
-echo "Put secrets drive into slot for /dev/${secrets_dev}."
-while [ ! -e /dev/"${secrets_dev}" ]; do
- sleep 1
-done
-stty -echo
-printf "Secrets passphrase: "
-read SECRETS_PASS
-stty echo
-echo "" # newline so user knows their input return was accepted
-sudo -v
-echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
-cp -a "${source_dir_secrets}" "${target_dir_secrets}"
-sudo chown -R plom:plom "${target_dir_secrets}"
-sudo pumount "${secrets_dev}"
-echo "You can remove /dev/${secrets_dev} now."
-
-# Set up iniitial non-public parts of infrastructure: SSH authentication.
-ssh_dir=~/.ssh
-cd "${target_dir_secrets}"
-mkdir -p "${ssh_dir}"
-echo "Setting up .ssh"
-cp id_rsa ~/.ssh
-stty -echo
-ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
-stty echo
-eval $(ssh-agent)
-ssh-add
-ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
-
-# Fill ~/public_repos.
-public_repos_dir="${HOME}/public_repos"
-repos_list_file="${public_repos_dir}/repos"
-mkdir -p "${public_repos_dir}"
-cat "${repos_list_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo_name="${line}"
- if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
- cd "${public_repos_dir}"
- git clone plom@plomlompom.com:/var/repos/${repo_name}
- fi
-done
-
-# Remove redundant config repo copy.
-config_tree_prefix="${public_repos_dir}/config/${debian_version}"
-rm -rf ~/config
-
-# # Set up native messenger for tridactyl.
-# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
-# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
-
-# Set up further non-public parts of infrastructure.
-cd "${target_dir_secrets}"
-script -c 'gpg --import secret_keys.asc' /dev/null
-path_borgscript="${config_tree_prefix}//borg.sh"
-
-# borg setup
-borgkeys_dir=~/.config/borg/keys
-borgrepos_file=~/.borgrepos
-tar xf borg_keyfiles.tar
-mkdir -p "${borgkeys_dir}"
-mv borg_keyfiles/* "${borgkeys_dir}"
-# Sync org dir via borgbackup. For this we need the borgbackup servers
-# in our .ssh/known_hosts file.
-cat "${borgrepos_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- server=$(echo "${line}" | sed 's/.*@//')
- ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
-done
-BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
-
-# .authinfo may not be present on every secrets drive yet
-authinfo_file=.authinfo
-if [ -f "${authinfo_file}" ]; then
- cp "${authinfo_file}" ~
-fi
-cd
-
-maildir=~/mail/maildir
-# # Set up e-mail system. Note that we only do mbsync if the imap pass file
-# # is found. It may not be present on every secrets drive yet, so we have to
-# # deal with the possibility of it being absent at this point.
-mkdir -p "${maildir}" # expected by mbsync/isync
-if [ -f "${HOME}/${authinfo_file}" ]; then
- mbsync -a
- notmuch new
-fi
-
-# # Final note on how to integrate tridactyl.
-# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-# Set up NVIDIA eGPU config.
-cd
-# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
-# cd open-gpu-kernel-modules
-# git checkout 337e28e
-# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
-# make modules -j$(nproc)
-# make modules_install
-# cd
-driver_version=535.86.05
-# driver_version=545.29.06
-runscript=NVIDIA-Linux-x86_64-${driver_version}.run
-# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
-set +e
-rmmod nouveau
-set -e
-chmod u+x ${runscript}
-./${runscript} --no-kernel-modules --silent
-depmod
-# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_setup_finished_file setup_server_has_been_run setup_server.sh
-
-plom_home_dir=/home/plom
-
-cd "${setup_scripts_dir}"
-cp "${config_tree_prefix}/home_files/seedbox/.rtorrent.rc" "${plom_home_dir}"
-chown plom:plom "${plom_home_dir}/.rtorrent.rc"
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" seedbox
-./install_for_target.sh seedbox
-mkdir "${plom_home_dir}/downloads"
-chown plom:plom "${plom_home_dir}/downloads"
-mkdir "${plom_home_dir}/session"
-chown plom:plom "${plom_home_dir}/session"
-systemctl enable rtorrent.service --now
+++ /dev/null
-#!/bin/sh
-# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 2 "(hostname, FQDN)" "$@"
-hostname="$1"
-fqdn="$2"
-additional_arg="$3"
-
-# Set up basic server system.
-cd "${setup_scripts_dir}"
-./_setup.sh "${hostname}" "${fqdn}" server "$@"
-
-# If we have not yet set the shell for user plom, ensure it here. This
-# is mostly for convenience.
-usermod -s /bin/bash plom
-
-# Enable firewall.
-systemctl enable nftables.service
-
-touch "$HOME/setup_server_has_been_run"
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_setup_finished_file setup_web_has_been_run setup_web.sh
-
-expect_n_args 1 "(website template, i.e. status.plomlompom.com, tube.plomlompom.com …)" "$@"
-website_template="$1"
-shift 1
-
-mirror_ip=""
-mirror_state="not mirroring automatically, since no IP given"
-domain="${website_template}"
-mail="plom+webmaster@plomlompom.com"
-if [ "$#" -gt 0 ]; then
- domain="$1"
- if [ "$#" -gt 1 ]; then
- mail="$2"
- if [ "$#" -gt 2 ]; then
- mirror_ip="$3"
- mirror_state="mirroring automatically from ${mirror_ip}"
- fi
- fi
-fi
-echo "Assuming domain ${domain} and letsencrypt support mail address ${mail} and ${mirror_state}, abort and provide as arguments in this order if other desired! (Otherwise just hit Return.)"
-read _
-
-if [ ! -z "${mirror_ip}" ]; then
- # Set up connection to old server.
- cp "${setup_scripts_dir}/misc.sh" /home/plom/
- cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
- chown plom:plom /home/plom/prepare_to_meet_server.sh
- su -lc "./prepare_to_meet_server.sh ${mirror_ip}" plom
- read -p 'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
-
- # Mirror dirs.
- cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${mirror_ip} /var/www/${website_template}" plom
- rm /home/plom/mirror_dir.sh
- rm /home/plom/misc.sh
-fi
-
-# Install configs, set up firewall.
-./install_for_target.sh "${website_template}"
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" "${website_template}"
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Prepare NGINX.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" "/etc/nginx/sites-available/${website_template}.nginx"
-ln -s "/etc/nginx/sites-available/${website_template}.nginx" "/etc/nginx/sites-enabled/${website_template}.nginx"
-
-service nginx restart
-
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_setup_finished_file setup_server_has_been_run setup_server.sh
-
-expect_n_args 1 "(domain name)" "$@"
-domain="$1"
-
-# Install configs, set up firewall.
-./install_for_target.sh web
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
-nft -f /etc/nftables.conf
-
-chown plom /var/www
-
-# # Set up letsencrypt certificate. TODO: Is it auto-renewed?
-# ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-# certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-# rm /etc/nginx/sites-enabled/default
-
-# # Prepare NGINX for status.plomlompom.com.
-# sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/status.plomlompom.com.nginx
-# ln -s /etc/nginx/sites-available/status.plomlompom.com.nginx /etc/nginx/sites-enabled/status.plomlompom.com.nginx
-#
-# service nginx restart
-
-touch "$HOME/setup_web_has_been_run"
+++ /dev/null
-#!/bin/sh
-
-# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't
-# expect any customized config files to survive this. If you run this on a
-# remote machine, take care not to loose anything you need to re-connect, e.g.
-# any relevant adaptations you did to /etc/ssh/sshd_config …
-
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-path_sources_list="/etc/apt/sources.list"
-
-export DEBIAN_FRONTEND=noninteractive
-apt update
-apt -y -o Dpkg::Options::="--force-confnew" upgrade
-apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
-cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
-apt clean
-apt update
-apt -y -o Dpkg::Options::="--force-confnew" upgrade
-apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
-apt -y autoremove
-cp "${local_path_sshd_config}" "${system_path_sshd_config}"
+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
-# extremely useful for basic network debugging; missed these more than once in an emergency
-netcat
-iputils-ping
+++ /dev/null
-# so that grub learns about kernel updates
-grub-pc
+++ /dev/null
-wget
-# for blog and zettel
-pandoc
-# for blog
-html2text
-uuid-runtime
-python3
-# for url_catcher daemon
-python3-venv
-build-essential
-python3-dev
-screen
-postfix
+++ /dev/null
-# to get python3.11 tgz
-wget
-build-essential
-zlib1g-dev
-libncurses5-dev
-libgdbm-dev
-libnss3-dev
-libssl-dev
-libreadline-dev
-libffi-dev
-libsqlite3-dev
-libbz2-dev
-# to set up poetry
-curl
+++ /dev/null
-weechat
-screen
-gnupg
-dirmngr
+++ /dev/null
-# so we can login at all …
-openssh-server
-# firewalling
-nftables
-# We want to be able to use ALL our servers as borg backup destinations.
-borgbackup
+++ /dev/null
-# for wifi
-firmware-iwlwifi
-# for tlp
-tlp
-tp-smapi-dkms
-linux-headers-amd64
-#
+++ /dev/null
-# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
-cryptsetup-initramfs
-lvm2
-# this provides setupcon which reads /etc/default/console-setup
-console-setup
-# without this, systemd-logind won't run, and so not detect lid close for hibernation
-dbus
-# for X to start at all
-xserver-xorg-video-intel
-# X input: keyboard and touchpad
-xserver-xorg-input-evdev
-xserver-xorg-input-synaptics
-# for startx
-xinit
-# for xrdb
-x11-xserver-utils
-# for startx to run for non-root user
-libpam-systemd
-# window environment
-i3
-i3status
-suckless-tools
-xterm
-# to get sleepy at night
-redshift
-# for alsamixer
-alsa-utils
-# for xterm and browser unicode display
-ttf-unifont
-# also useful
-vim
-sudo
-less
-man-db
-manpages
-procps
-# firefox dependencies
-libdbus-glib-1-2
-libgtk-3-0
-# firefox installation dependencies (remove later?)
-curl
-python3
-bzip2
-wget
-jq
-unzip
-# to mount encrypted USB stick and use its contents
-pmount
-cryptsetup
-openssh-client
-# for syncing
-borgbackup
-# emacs
-emacs
-emacs-common-non-dfsg
-emacs-el
-elpa-ledger
-ledger
-elpa-elfeed
-# mail setup
-isync
-notmuch
-elpa-notmuch
-pinentry-gtk2
-# to mount Android phone
-go-mtpfs
-# to use HP Deskjet F380 scanner from GIMP
-sane-utils
-xsane
-# to use HP Deskjet F380 printer
-cups
-# for wifi
-network-manager
-#
+++ /dev/null
-nginx-light
-# for SSL
-certbot
-python3-certbot-nginx
+++ /dev/null
-# for gitweb
-gitweb
-fcgiwrap
-# for plomlombot
-gnupg
-dirmngr
-python3-venv
-screen
-# for uwsgi
-build-essential
-python3-dev
+++ /dev/null
-#!/bin/sh
-set -e
-
-standard_repo="borg"
-config_file="${HOME}/.borgrepos"
-
-usage() {
- echo "Need operation as argument, one of:"
- echo "init"
- echo "store"
- echo "check"
- echo "export_keyfiles"
- echo "orgpush"
- echo "orgpull"
- false
-}
-
-read_pw() {
- if [ "${#SSH_AGENT_PID}" -eq 0 ]; then
- eval $(ssh-agent)
- echo "ssh-add"
- stty -echo
- ssh-add
- stty echo
- fi
- if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then
- stty -echo
- printf "Borg passphrase: "
- read password
- stty echo
- printf "\n"
- export BORG_PASSPHRASE="${password}"
- fi
-}
-
-if [ ! -f "${config_file}" ]; then
- echo '# file read ends at last newline' >> "${config_file}"
-fi
-if [ "$#" -lt 1 ]; then
- usage
-fi
-first_arg="$1"
-shift
-if [ "${first_arg}" = "init" ]; then
- if [ ! "$#" -eq 1 ]; then
- echo "Need exactly one argument: target of form user@server"
- false
- fi
- target="$1"
- echo "Initializing: ${target}"
- borg init --verbose --encryption=keyfile "${target}:${standard_repo}"
- tmp_file="/tmp/new_borgrepos"
- echo "${target}" > "${tmp_file}"
- cat "${config_file}" >> "${tmp_file}"
- cp "${tmp_file}" "${config_file}"
-elif [ "${first_arg}" = "store" ]; then
- if [ ! "$#" -eq 2 ]; then
- echo "Need precisely two arguments: archive name and path to archive."
- false
- fi
- archive_name=$1
- shift
- to_backup="$@"
- read_pw
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}"
- echo "Creating archive: ${archive}"
- borg create --verbose --list "${archive}" "${to_backup}"
- done
-elif [ "${first_arg}" = "check" ]; then
- if [ ! "$#" -eq 0 ]; then
- echo "Need no arguments"
- false
- fi
- read_pw
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- echo "Checking repo: ${repo}"
- borg check --verbose "${repo}"
- done
-elif [ "${first_arg}" = "export_keyfiles" ]; then
- if [ ! "$#" -eq 1 ]; then
- echo "Need output tar file name."
- false
- fi
- tar_target="${1}"
- tmp_dir="${HOME}/.borgtmp"
- keyfiles_dir="${tmp_dir}/borg_keyfiles"
- mkdir -p "${keyfiles_dir}"
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- borg key export "${repo}" "${keyfiles_dir}/${line}"
- done
- cur_dir="$(pwd)"
- cd "${tmp_dir}"
- target=$(basename "${keyfiles_dir}")
- tar cf "${tar_target}" "${target}"
- mv "${tar_target}" "${cur_dir}"
- cd
- rm -rf "${tmp_dir}"
-elif [ "${first_arg}" = "orgpush" ]; then
- archive_name="orgdir"
- to_backup=~/org
- read_pw
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}"
- echo "Creating archive: ${archive}"
- borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git
- done
-elif [ "${first_arg}" = "orgpull" ]; then
- echo "Doing ORGPULL, potentially overwriting important data. Hit Return to continue, last chance to abort!"
- read _
- archive_name="orgdir"
- read_pw
- cd /
- cat "${config_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo="${line}:${standard_repo}"
- archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ')
- echo "Pulling archive: ${archive}"
- borg extract --verbose "${repo}::${archive}"
- break
- done
-else
- usage
-fi
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://deb.debian.org/debian bullseye main contrib non-free
-deb http://security.debian.org/debian-security bullseye-security main contrib non-free
-deb http://deb.debian.org/debian bullseye-updates main contrib non-free
-deb http://ftp.debian.org/debian bullseye-backports main contrib non-free
+++ /dev/null
-LANG="en_US.UTF-8"
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-[Unit]
-Description=Scheduled Reboot
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/systemctl --force reboot
+++ /dev/null
-[Unit]
-Description=schedule reboot
-
-[Timer]
-Unit=reboot.service
-OnCalendar=*-*-* 7:00:00
-
-[Install]
-WantedBy=timers.target
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www-dump/;
-
- location /dump/ {
- autoindex on;
- # add_header "Access-Control-Allow-Origin" *;
- }
-
- location /geheim/ {
- auth_basic "geheim geheim";
- auth_basic_user_file /var/www-dump/password_geheim;
- autoindex on;
- }
-
- location /zettel/ {
- # rewrite non-suffixed filenames to .html ones
- rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html;
- autoindex on;
- }
-
- location /uwsgi/ {
- include uwsgi_params;
- uwsgi_pass 127.0.0.1:3031;
- }
-}
+++ /dev/null
-[Unit]
-Description=url_catcher screen
-
-[Service]
-Type=forking
-User=plom
-# The LC_ALL fixes submission failing on some articles.
-ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh'
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-deb http://deb.debian.org/debian bullseye main contrib non-free
-deb-src http://deb.debian.org/debian bullseye main contrib non-free
-deb http://security.debian.org/debian-security bullseye-security main contrib non-free
-deb http://deb.debian.org/debian bullseye-updates main contrib non-free
-deb http://ftp.debian.org/debian bullseye-backports main contrib non-free
+++ /dev/null
-server {
- listen 443 ssl;
- client_max_body_size 4G;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
-
- # via <https://www.digitalocean.com/community/tutorials/how-to-improve-website-performance-using-gzip-and-nginx-on-ubuntu-20-04>
- # and https://docs.microblog.pub/installing.html#nginx-config-tips
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_min_length 256;
- gzip_types
- application/atom+xml
- application/geo+json
- application/javascript
- application/x-javascript
- application/json
- application/ld+json
- application/manifest+json
- application/rdf+xml
- application/rss+xml
- application/xhtml+xml
- application/xml
- font/eot
- font/otf
- font/ttf
- image/svg+xml
- text/css
- text/javascript
- text/plain
- text/xml
-
- text/html
-
- application/javascript
- application/activity+json
- application/octet-stream;
-
- location / {
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_redirect off;
- proxy_buffering off;
- proxy_pass http://localhost:8000;
- }
-}
-
-map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
-}
+++ /dev/null
-[Unit]
-Description=microblog.pub
-
-[Service]
-Type=simple
-User=plom
-WorkingDirectory=/home/plom/testing.microblog.pub/
-ExecStart=/bin/sh -c '/home/plom/.local/bin/poetry run supervisord -c misc/supervisord.conf -n'
-Environment=VENV_DIR=/home/plom/.cache/pypoetry/virtualenvs/REPLACE_venv_dir_ECALPER
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-[Unit]
-Description=microblog.pub pruning
-
-[Service]
-Type=simple
-ExecStart=/bin/sh -c '.prune.sh'
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-[Unit]
-Description=schedule microblog.pub pruning
-
-[Timer]
-Unit=microblogpub_prune.service
-OnCalendar=*-*-* 7:00:00
-
-[Install]
-WantedBy=timers.target
+++ /dev/null
-[Unit]
-Description=Attempt encryption of old chat logs
-[Service]
-Type=oneshot
-User=plom
-ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh'
+++ /dev/null
-[Unit]
-Description=Attempt encryption of old chatlogs once every minute.
-
-[Timer]
-OnCalendar=*-*-* *:*:00
-
-[Install]
-WantedBy=timers.target
\ No newline at end of file
+++ /dev/null
-# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Include /etc/ssh/sshd_config.d/*.conf
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
-ClientAliveInterval 15
+++ /dev/null
-# ------------------------------------------------------------------------------
-# tlp - Parameters for power saving
-# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html
-
-# Hint: some features are disabled by default, remove the leading # to enable
-# them.
-
-# Set to 0 to disable, 1 to enable TLP.
-TLP_ENABLE=1
-
-# Operation mode when no power supply can be detected: AC, BAT.
-# Concerns some desktop and embedded hardware only.
-TLP_DEFAULT_MODE=AC
-
-# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE
-# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC.
-TLP_PERSISTENT_DEFAULT=0
-
-# Seconds laptop mode has to wait after the disk goes idle before doing a sync.
-# Non-zero value enables, zero disables laptop mode.
-DISK_IDLE_SECS_ON_AC=0
-DISK_IDLE_SECS_ON_BAT=2
-
-# Dirty page values (timeouts in secs).
-MAX_LOST_WORK_SECS_ON_AC=15
-MAX_LOST_WORK_SECS_ON_BAT=60
-
-# Hint: CPU parameters below are disabled by default, remove the leading #
-# to enable them, otherwise kernel default values are used.
-
-# Select a CPU frequency scaling governor.
-# Intel Core i processor with intel_pstate driver:
-# powersave(*), performance.
-# Older hardware with acpi-cpufreq driver:
-# ondemand(*), powersave, performance, conservative, schedutil.
-# (*) is recommended.
-# Hint: use tlp-stat -p to show the active driver and available governors.
-# Important:
-# powersave for intel_pstate and ondemand for acpi-cpufreq are power
-# efficient for *almost all* workloads and therefore kernel and most
-# distributions have chosen them as defaults. If you still want to change,
-# you should know what you're doing! You *must* disable your distribution's
-# governor settings or conflicts will occur.
-#CPU_SCALING_GOVERNOR_ON_AC=powersave
-#CPU_SCALING_GOVERNOR_ON_BAT=powersave
-
-# Set the min/max frequency available for the scaling governor.
-# Possible values strongly depend on your CPU. For available frequencies see
-# the output of tlp-stat -p.
-#CPU_SCALING_MIN_FREQ_ON_AC=0
-#CPU_SCALING_MAX_FREQ_ON_AC=0
-#CPU_SCALING_MIN_FREQ_ON_BAT=0
-#CPU_SCALING_MAX_FREQ_ON_BAT=0
-
-# Set energy performance hints (HWP) for Intel P-state governor:
-# performance, balance_performance, default, balance_power, power
-# Values are given in order of increasing power saving.
-# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required.
-CPU_HWP_ON_AC=balance_performance
-CPU_HWP_ON_BAT=balance_power
-
-# Set Intel P-state performance: 0..100 (%).
-# Limit the max/min P-state to control the power dissipation of the CPU.
-# Values are stated as a percentage of the available performance.
-# Requires an Intel Core i processor with intel_pstate driver.
-#CPU_MIN_PERF_ON_AC=0
-#CPU_MAX_PERF_ON_AC=100
-#CPU_MIN_PERF_ON_BAT=0
-#CPU_MAX_PERF_ON_BAT=30
-
-# Set the CPU "turbo boost" feature: 0=disable, 1=allow
-# Requires an Intel Core i processor.
-# Important:
-# - This may conflict with your distribution's governor settings
-# - A value of 1 does *not* activate boosting, it just allows it
-#CPU_BOOST_ON_AC=1
-#CPU_BOOST_ON_BAT=0
-
-# Minimize number of used CPU cores/hyper-threads under light load conditions:
-# 0=disable, 1=enable.
-SCHED_POWERSAVE_ON_AC=0
-SCHED_POWERSAVE_ON_BAT=1
-
-# Kernel NMI Watchdog:
-# 0=disable (default, saves power), 1=enable (for kernel debugging only).
-NMI_WATCHDOG=0
-
-# Change CPU voltages aka "undervolting" - Kernel with PHC patch required.
-# Frequency voltage pairs are written to:
-# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls
-# CAUTION: only use this, if you thoroughly understand what you are doing!
-#PHC_CONTROLS="F:V F:V F:V F:V"
-
-# Set CPU performance versus energy savings policy:
-# performance, balance-performance, default, balance-power, power.
-# Values are given in order of increasing power saving.
-# Requires kernel module msr and x86_energy_perf_policy from linux-tools.
-ENERGY_PERF_POLICY_ON_AC=performance
-ENERGY_PERF_POLICY_ON_BAT=power
-
-# Disk devices; separate multiple devices with spaces (default: sda).
-# Devices can be specified by disk ID also (lookup with: tlp diskid).
-DISK_DEVICES="sda sdb"
-
-# Disk advanced power management level: 1..254, 255 (max saving, min, off).
-# Levels 1..127 may spin down the disk; 255 allowable on most drives.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-DISK_APM_LEVEL_ON_AC="254 254"
-DISK_APM_LEVEL_ON_BAT="128 128"
-
-# Hard disk spin down timeout:
-# 0: spin down disabled
-# 1..240: timeouts from 5s to 20min (in units of 5s)
-# 241..251: timeouts from 30min to 5.5 hours (in units of 30min)
-# See 'man hdparm' for details.
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the hardware default for the particular disk.
-#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0"
-#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0"
-
-# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq).
-# Separate values for multiple disks with spaces. Use the special value 'keep'
-# to keep the kernel default scheduler for the particular disk.
-#DISK_IOSCHED="cfq cfq"
-
-# AHCI link power management (ALPM) for disk devices:
-# min_power, med_power_with_dipm(*), medium_power, max_performance.
-# (*) Kernel >= 4.15 required, then recommended.
-# Multiple values separated with spaces are tried sequentially until success.
-SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance"
-SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power"
-
-# Exclude host devices from AHCI link power management.
-# Separate multiple hosts with spaces.
-#SATA_LINKPWR_BLACKLIST="host1"
-
-# Runtime Power Management for AHCI host and disks devices:
-# on=disable, auto=enable.
-# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss.
-#AHCI_RUNTIME_PM_ON_AC=on
-#AHCI_RUNTIME_PM_ON_BAT=on
-
-# Seconds of inactivity before disk is suspended.
-AHCI_RUNTIME_PM_TIMEOUT=15
-
-# PCI Express Active State Power Management (PCIe ASPM):
-# default, performance, powersave.
-PCIE_ASPM_ON_AC=performance
-PCIE_ASPM_ON_BAT=powersave
-
-# Radeon graphics clock speed (profile method): low, mid, high, auto, default;
-# auto = mid on BAT, high on AC; default = use hardware defaults.
-RADEON_POWER_PROFILE_ON_AC=high
-RADEON_POWER_PROFILE_ON_BAT=low
-
-# Radeon dynamic power management method (DPM): battery, performance.
-RADEON_DPM_STATE_ON_AC=performance
-RADEON_DPM_STATE_ON_BAT=battery
-
-# Radeon DPM performance level: auto, low, high; auto is recommended.
-RADEON_DPM_PERF_LEVEL_ON_AC=auto
-RADEON_DPM_PERF_LEVEL_ON_BAT=auto
-
-# WiFi power saving mode: on=enable, off=disable; not supported by all adapters.
-WIFI_PWR_ON_AC=off
-WIFI_PWR_ON_BAT=on
-
-# Disable wake on LAN: Y/N.
-WOL_DISABLE=Y
-
-# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
-# A value of 0 disables, >=1 enables power saving (recommended: 1).
-SOUND_POWER_SAVE_ON_AC=0
-SOUND_POWER_SAVE_ON_BAT=1
-
-# Disable controller too (HDA only): Y/N.
-SOUND_POWER_SAVE_CONTROLLER=Y
-
-# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable.
-# Drive can be powered on again by releasing (and reinserting) the eject lever
-# or by pressing the disc eject button on newer models.
-# Note: an UltraBay/MediaBay hard disk is never powered off.
-BAY_POWEROFF_ON_AC=0
-BAY_POWEROFF_ON_BAT=0
-# Optical drive device to power off (default sr0).
-BAY_DEVICE="sr0"
-
-# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable.
-RUNTIME_PM_ON_AC=on
-RUNTIME_PM_ON_BAT=auto
-
-# Exclude PCI(e) device adresses the following list from Runtime PM
-# (separate with spaces). Use lspci to get the adresses (1st column).
-#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6"
-
-# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM.
-# Default when unconfigured is "amdgpu nouveau nvidia radeon" which
-# prevents accidential power-on of dGPU in hybrid graphics setups.
-# Use "" to disable the feature completely.
-# Separate multiple drivers with spaces.
-#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon"
-
-# Set to 0 to disable, 1 to enable USB autosuspend feature.
-USB_AUTOSUSPEND=1
-
-# Exclude listed devices from USB autosuspend (separate with spaces).
-# Use lsusb to get the ids.
-# Note: input devices (usbhid) are excluded automatically
-#USB_BLACKLIST="1111:2222 3333:4444"
-
-# Bluetooth devices are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude.
-USB_BLACKLIST_BTUSB=0
-
-# Phone devices are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude (enable charging).
-USB_BLACKLIST_PHONE=0
-
-# Printers are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude.
-USB_BLACKLIST_PRINTER=1
-
-# WWAN devices are excluded from USB autosuspend:
-# 0=do not exclude, 1=exclude.
-USB_BLACKLIST_WWAN=1
-
-# Include listed devices into USB autosuspend even if already excluded
-# by the blacklists above (separate with spaces).
-# Use lsusb to get the ids.
-#USB_WHITELIST="1111:2222 3333:4444"
-
-# Set to 1 to disable autosuspend before shutdown, 0 to do nothing
-# (workaround for USB devices that cause shutdown problems).
-#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
-
-# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown
-# on system startup: 0=disable, 1=enable.
-# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below
-# are ignored when this is enabled!
-RESTORE_DEVICE_STATE_ON_STARTUP=0
-
-# Radio devices to disable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan"
-
-# Radio devices to enable on startup: bluetooth, wifi, wwan.
-# Separate multiple devices with spaces.
-#DEVICES_TO_ENABLE_ON_STARTUP="wifi"
-
-# Radio devices to disable on shutdown: bluetooth, wifi, wwan.
-# (workaround for devices that are blocking shutdown).
-#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan"
-
-# Radio devices to enable on shutdown: bluetooth, wifi, wwan.
-# (to prevent other operating systems from missing radios).
-#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan"
-
-# Radio devices to enable on AC: bluetooth, wifi, wwan.
-#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
-
-# Radio devices to disable on battery: bluetooth, wifi, wwan.
-#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan"
-
-# Radio devices to disable on battery when not in use (not connected):
-# bluetooth, wifi, wwan.
-#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan"
-
-# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module
-# required). Charging starts when the remaining capacity falls below the
-# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value.
-# Main / Internal battery (values in %)
-START_CHARGE_THRESH_BAT0=75
-STOP_CHARGE_THRESH_BAT0=80
-# Ultrabay / Slice / Replaceable battery (values in %)
-#START_CHARGE_THRESH_BAT1=75
-#STOP_CHARGE_THRESH_BAT1=80
-
-# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable.
-#RESTORE_THRESHOLDS_ON_BAT=1
-
-# ------------------------------------------------------------------------------
-# tlp-rdw - Parameters for the radio device wizard
-# Possible devices: bluetooth, wifi, wwan.
-
-# Hints:
-# - Parameters are disabled by default, remove the leading # to enable them
-# - Separate multiple radio devices with spaces
-
-# Radio devices to disable on connect.
-#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
-#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"
-#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"
-
-# Radio devices to enable on disconnect.
-#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"
-#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
-#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
-
-# Radio devices to enable/disable when docked.
-#DEVICES_TO_ENABLE_ON_DOCK=""
-#DEVICES_TO_DISABLE_ON_DOCK=""
-
-# Radio devices to enable/disable when undocked.
-#DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
-#DEVICES_TO_DISABLE_ON_UNDOCK=""
+++ /dev/null
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-source /etc/network/interfaces.d/*
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
-
-# # The primary network interface – commented out so network-manager can handle this!
-# allow-hotplug enp0s25
-# iface enp0s25 inet dhcp
-# # This is an autoconfigured IPv6 interface
-# iface enp0s25 inet6 auto
+++ /dev/null
-# This file is part of systemd.
-#
-# See logind.conf(5) for details.
-
-[Login]
-HandleLidSwitch=hibernate
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- tcp dport 80 accept comment "accept HTTP on default port"
- tcp dport 443 accept comment "accept HTTPS on default port"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
+++ /dev/null
-# system integration
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-# is expected even if empty
-events {
-}
-
-http {
- # define content-type headers
- include /etc/nginx/mime.types;
- charset utf-8;
-
- # Some standard optimizations, i.e. Debian default. Explained in
- # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
- # Not that I understand it all …
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
-
- # logging deactivated due to GDPR
- #access_log /var/log/nginx/access.log;
- #error_log /var/log/nginx/error.log;
- access_log off;
- error_log off;
-
- # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-
- # Redirect all HTTP requests to HTTPS.
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
-}
+++ /dev/null
-# path to git projects (<project>.git)
-$projectroot = "/var/repos";
-
-# don't show repos without git-daemon-export-ok file
-$export_ok = "git-daemon-export-ok";
-
-# directory to use for temp files
-# explicitely set by Debian so it's probably a good choice
-$git_temp = "/tmp";
-
-# git-diff-tree(1) options to use for generated patches
-# we don't want to to guess renames, so empty
-@diff_opts = ();
-
-# Base path for where to find the repos for cloning.
-@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
-
-# allow snapshots
-$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
-
-# insert header for GDPR compliance
-$site_header = "/var/www/header.html"
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/html/;
- index index.html index.htm index.nginx-debian.html;
-
- # serve /var/repos/* for HTTPS git cloning
- location ~ /repos/clone(/.*) {
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- # Commented out so only repos are served that contain a
- # git-daemon-export-ok file.
- # fastcgi_param GIT_HTTP_EXPORT_ALL "";
- fastcgi_param GIT_PROJECT_ROOT /var/repos;
- fastcgi_param PATH_INFO $1;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- # gitweb static files
- location /repos/static/ {
- alias /usr/share/gitweb/static/;
- }
-
- # gitweb; this needs packages fcgiwrap and gitweb
- location /repos/ {
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
- fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- # login-protected IRC logs
- location ~ ^/irclogs/([^/]+)/ {
- auth_basic "$1 logs";
- auth_basic_user_file /var/www/irclogs_pw/$1;
- autoindex on;
- }
-
- location /guiltcards/ {
- include uwsgi_params;
- uwsgi_pass 127.0.0.1:9000;
- }
-}
+++ /dev/null
-[Unit]
-Description=plomlombot screen
-
-[Service]
-Type=simple
-User=plom
-ExecStart=/bin/sh -c '~/plomlombot_daemon.sh'
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-# Settings for interactive shells.
-
-# Fancy colors for ls.
-alias ls="ls --color=auto"
-
-# Other helpful aliases
-alias sshauth='eval $(ssh-agent) && ssh-add'
-alias xrandrbig='xrandr --output LVDS-1 --off'
-
-# Use vim as default editor for anything.
-export VISUAL=vim
-export EDITOR=$VISUAL
-
-# Colored prompt with username, hostname, date/time, directory.
-colornumber=7 # Default to white if no color set via colornumber dotfile.
-colornumber_file=~/.shell_prompt_color
-if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
-fi
-tput_color="$(tput setaf $colornumber)$(tput bold)"
-tput_reset="$(tput sgr0)"
-# Bash confuses the line length when not told to not count escape sequences.
-if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
-fi
-PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
-PS2="${tput_color}> $tput_reset"
-PS3="${tput_color}select: $tput_reset"
-PS4="${tput_color}+ $tput_reset"
+++ /dev/null
-! otherwise various applications will assume merely 8 colors
-XTerm.termName: xterm-256color
-
-! font
-! actually, "mono" is already the default for faceName (it will
-! pick whatever fc-match mono delivers), but we need to set _some_
-! faceName to trigger XTerm activating TrueType fonts
-! (XTerm*fontRender by itself won't do the trick), and we want
-! TrueType fonts because, well, they scale better, and XTerm lets them
-! fall back on alternatives (hi there ttf-unifont) when a Unicode
-! glyph is not found
-XTerm*faceName: mono
-
-! white on black
-XTerm*reverseVideo: on
-
-! blink screen instead of sound
-XTerm*visualBell: on
-
-! proper ALT as META key treatment
-XTerm*eightBitInput: false
-
-! font sizes
-XTerm*faceSize: 8
-XTerm*faceSize1: 4
-XTerm*faceSize2: 5
-XTerm*faceSize3: 6
-XTerm*faceSize4: 8
-XTerm*faceSize5: 14
-XTerm*faceSize6: 25
-
-! colors
-! black
-XTerm*color0: #202020
-XTerm*color8: #3F3F3F
-! red
-XTerm*color1: #A82020
-XTerm*color9: #E82020
-! green
-XTerm*color2: #20A820
-XTerm*color10: #20E820
-! yellow
-XTerm*color3: #A8A820
-XTerm*color11: #E8E820
-! blue
-XTerm*color4: #3F3FFF
-XTerm*color12: #9F9FFF
-! magenta
-XTerm*color5: #A83FFF
-XTerm*color13: #E89FFF
-! cyan
-XTerm*color6: #3FA8FF
-XTerm*color14: #9FE8FF
-! white
-XTerm*color7: #A8A8A8
-XTerm*color15: #E8E8E8
+++ /dev/null
-plom@plomlompom.com
-plom@mail.plomlompom.com
-plom@play.plomlompom.com
-# file read ends at last newline
+++ /dev/null
-# plomlompom's i3-wm configuration
-
-# Font for i3 text
-font pango:Terminus 8px
-
-# Force "tabbed" as default layout for new windows.
-workspace_layout tabbed
-
-# Make the Windows key the modifier key for all i3-wm actions.
-set $mod Mod4
-floating_modifier $mod
-
-# Launch xterm.
-bindsym $mod+Return exec xterm
-
-# Launch programs via dmenu.
-bindsym $mod+d exec dmenu_run
-bindsym $mod+x exec dmenu_run
-
-# Kill window.
-bindsym $mod+Shift+Q kill
-
-# Move focus between windows.
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Don't move focus with mouse.
-focus_follows_mouse no
-
-# Move windows.
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# Resize windows
-bindsym $mod+h resize shrink width 1 px or 1 ppt
-bindsym $mod+l resize grow width 1 px or 1 ppt
-bindsym $mod+j resize shrink height
-bindsym $mod+k resize grow height
-
-# Toggle fullscreen for focused window.
-bindsym $mod+f fullscreen
-
-# Toggle floating of window, focus on floating or tabbed windows.
-bindsym $mod+Shift+space floating toggle
-bindsym $mod+space focus mode_toggle
-
-# Switch to workspace x.
-bindsym $mod+1 workspace 1
-bindsym $mod+2 workspace 2
-bindsym $mod+3 workspace 3
-bindsym $mod+4 workspace 4
-bindsym $mod+5 workspace 5
-bindsym $mod+6 workspace 6
-bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace 8
-bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
-
-# Move window to workspace x.
-bindsym $mod+Shift+exclam move workspace 1
-bindsym $mod+Shift+quotedbl move workspace 2
-bindsym $mod+Shift+section move workspace 3
-bindsym $mod+Shift+dollar move workspace 4
-bindsym $mod+Shift+percent move workspace 5
-bindsym $mod+Shift+ampersand move workspace 6
-bindsym $mod+Shift+slash move workspace 7
-bindsym $mod+Shift+parenleft move workspace 8
-bindsym $mod+Shift+parenright move workspace 9
-bindsym $mod+Shift+equal move workspace 10
-
-# Reload i3 config file, restart (keeping sesion) i3, exit i3.
-bindsym $mod+Shift+C reload
-bindsym $mod+Shift+R restart
-bindsym $mod+Shift+P exit
-
-# Select "i3status" as i3 status bar, hide systray icons.
-bar {
- tray_output none
- status_command i3status
-}
+++ /dev/null
-;; general layout
-;; ==============
-
-;; need no stinkin emacs help screen as start up, and no menu bar
-(setq inhibit-startup-screen t)
-(menu-bar-mode -1)
-
-;; highlight cursor line, parentheses
-(global-hl-line-mode 1)
-(show-paren-mode 1)
-
-;; show line numbers, use separator space
-(global-linum-mode)
-(setq linum-format "%d ")
-
-;; count cursor column, row in mode line
-(setq column-number-mode t)
-
-;; settings to make GUI tolerable
-(if window-system
- (progn
- (add-to-list 'default-frame-alist '(foreground-color . "white"))
- (add-to-list 'default-frame-alist '(background-color . "black"))
- (set-face-attribute 'default nil :height 80)
- (scroll-bar-mode -1)
- (setq visible-bell t)
- (setq linum-format "%d")))
-
-;; use as default browser what XDG offers
-(setq-default browse-url-browser-function 'browse-url-xdg-open)
-
-
-
-;; general keybindings
-;; ===================
-
-;; create and use a minimal global map using just the self-insert command
-;; bindings and a selection of some to me very common keystrokes
-(setq minimal-map (make-sparse-keymap))
-(substitute-key-definition 'self-insert-command 'self-insert-command
- minimal-map global-map)
-(use-global-map minimal-map)
-(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
-(global-set-key (kbd "RET") 'newline)
-(global-set-key (kbd "TAB") 'indent-for-tab-command)
-(global-set-key (kbd "<up>") 'previous-line)
-(global-set-key (kbd "<down>") 'next-line)
-(global-set-key (kbd "<left>") 'left-char)
-(global-set-key (kbd "<right>") 'right-char)
-(global-set-key (kbd "<prior>") 'scroll-down-command)
-(global-set-key (kbd "<next>") 'scroll-up-command)
-(global-set-key (kbd "M-x") 'execute-extended-command)
-(global-set-key (kbd "C-g") 'keyboard-quit)
-;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
-;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
-;; note how to switch back to the original map: (use-global-map global-map)
-(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
-
-
-
-;; minibuffer
-;; ==========
-
-;; incremental minibuffer completion
-(icomplete-mode 1)
-
-
-
-;; text editing
-;; ============
-
-;; tabs are evil
-(setq-default indent-tabs-mode nil)
-(setq-default tab-width 4)
-(setq indent-line-function 'insert-tab)
-
-;; show trailing whitespace
-(setq-default show-trailing-whitespace 1)
-
-;; on save, ask whether to ensure text file's last line ends in a
-;; newline character
-(setq require-final-newline 1)
-
-;; use dedicated directory for version-controlled, endless backups;
-;; never delete old versions
-(setq make-backup-files t
- backup-directory-alist `(("." . "~/.emacs_backups"))
- backup-by-copying t
- version-control t
- delete-old-versions 1) ;; neither t nor nil: never delete
-
-
-;; package management
-;; ==================
-
-;; where we get packages from
-(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
- ("melpa-unstable" . "https://melpa.org/packages/")
- ("melpa-stable" . "https://stable.melpa.org/packages/")))
-
-;; ensure certain packages are installed (actually, we use Debian repos here)
-;; credit to <https://stackoverflow.com/a/10093312>
-;(setq package-list '(elfeed ledger-mode))
-;(package-initialize)
-;(dolist (package package-list)
-; (unless (package-installed-p package)
-; (package-install package)))
-
-
-
-;;; window management
-;;; =================
-;
-;;; track window configurations to allow window config undo
-;(winner-mode 1)
-
-
-
-;; mail setup
-;; ==========
-
-(setq send-mail-function 'smtpmail-send-it)
-(setq smtpmail-smtp-server "mail.plomlompom.com")
-(setq smtpmail-smtp-service 465)
-(setq smtpmail-stream-type 'ssl)
-(setq smtpmail-smtp-user "plom")
-(setq mml-secure-openpgp-encrypt-to-self t)
-(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
-
-;(setq gnutls-log-level 0)
-
-;; if we don't set this, we get this warning:
-;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
-;; has been lowered to 256 bits and this may allow decryption of the session data
-(setq gnutls-min-prime-bits 1024)
-
-;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
-;; stream process, seemingly unless the /message/ function is called at the right
-;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
-;; in /network-stream-get-response/ right after "(goto-char start)"; this works
-;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
-;; buffer is not relevant, but maybe writing to the echo area is); activing the
-;; gnutls logging is just a hack to achieve such calls to /message/ in the
-;; /network-stream-open-tls/ flow.
-(setq gnutls-log-level 1) ; miraculously makes smtpmail work
-
-;; constructs From: domain if mail composer directly called (from without
-;; notmuch), but we don't actually intend to do that
-;(setq mail-host-address "plomlompom.com")
-
-;; otherwise notmuch becomes extremely slow in some cases
-(setq-default notmuch-show-indent-content nil)
-
-;; this only works if we use notmuch-mua-send instead of message-send
-(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
-
-;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
-;; in the message ID
-(setq mail-host-address "plomlompom.com")
-
-;; notmuch saved searches
-(setq notmuch-saved-searches
- '((:name "inbox" :query "tag:unread and folder:inbox")
- (:name "all" :query "tag:unread not folder:maildir/Trash")
- (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
- (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
- (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
- (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
- (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
-
-
-
-;; org mode
-;; ========
-
-;; unsure why, but to re-set the key map, we not only have to explicitely do it
-;; only after org-mode loading, but also have to explicitely overwrite the
-;; C-c keybinding; TODO: investigate
-(with-eval-after-load 'org
- (setq org-mode-map (make-sparse-keymap))
- (define-key org-mode-map (kbd "C-c") nil)
- (define-key org-mode-map (kbd "TAB") 'org-cycle)
- (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
-
-;; don't truncate lines by default
-(setq org-startup-truncated nil)
-
-;; basic org-capture config
-(setq org-capture-templates
- '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
-(add-hook 'org-capture-mode-hook 'evil-insert-state)
-
-;; agenda view on startup
-(load-library "find-lisp")
-(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
-(setq org-agenda-span 90)
-(setq org-agenda-use-time-grid nil)
-(add-hook 'emacs-startup-hook (lambda ()
- (org-agenda-list)
- (switch-to-buffer "*Org Agenda*")
- (other-window 1)))
-
-;;; for calendar, use ISO date style
-;(setq calendar-date-style 'iso)
-;(setq diary-number-of-entries 7)
-;(diary)
-;(setq org-agenda-time-grid '((today require-timed remove-match)
-; #("----------------" 0 16 (org-heading t))
-; (0 200 400 600 800 1000 1200
-; 1400 1600 1800 2000 2200)))
-
-;; empty org-agenda-mode keybindings
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (setq org-agenda-mode-map (make-sparse-keymap))))
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (use-local-map (make-sparse-keymap))))
-
-;; org-publish-all
-(setq org-publish-project-alist
- '(
- ("website"
- :base-directory "~/org/web/"
- :base-extension "org"
- :publishing-directory "~/html/"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4 ; Just the default for this project.
- :auto-preamble t
- )))
-
-;; use [ki:] syntax to hide stuff from exports
-(defun classify-information (text backend info)
- "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
- (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
-(add-hook 'org-export-filter-plain-text-functions 'classify-information)
-
-;; add HTML validator link to exports
-(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
-
-
-
-;;; Info mode
-;;; =========
-
-(setq Info-mode-map (make-sparse-keymap))
-(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
-(define-key Info-mode-map (kbd "u") 'Info-up)
-(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
-(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
-(define-key Info-mode-map (kbd "H") 'Info-history-back)
-(define-key Info-mode-map (kbd "L") 'Info-history-forward)
-(define-key Info-mode-map (kbd "I") 'Info-goto-node)
-(define-key Info-mode-map (kbd "i") 'Info-index)
-
-
-
-;; help mode
-;; =========
-
-(setq help-mode-map (make-sparse-keymap))
-(define-key help-mode-map (kbd "TAB") 'forward-button)
-(define-key help-mode-map (kbd "RET") 'help-follow)
-(define-key help-mode-map (kbd "<backtab>") 'backward-button)
-
-
-
-;; elfeed
-;; ======
-
-(require 'elfeed) ; needed so we can set the font faces
-(set-face-background 'elfeed-search-title-face "magenta")
-(set-face-background 'elfeed-search-unread-count-face "magenta")
-(setq elfeed-feeds
- '("https://capsurvival.blogspot.com/feeds/posts/default"
- "https://jungle.world/rss.xml"
- "http://news.dieweltistgarnichtso.net/bin/index.xml"
- "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
- "http://www.tagesschau.de/xml/atom"))
-(setq elfeed-search-mode-map (make-sparse-keymap))
-(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
-(defun elfeed-search-mark-as-read() (interactive)
- (elfeed-search-untag-all 'unread))
-(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
-(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
-(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
-(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
-(setq elfeed-show-mode-map (make-sparse-keymap))
-(define-key elfeed-show-mode-map (kbd "u") 'elfeed)
-(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
-(define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
-(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
-(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
-(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
-(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
-
-
-
-;; eww
-;; ===
-
-(setq eww-mode-map (make-sparse-keymap))
-(define-key eww-mode-map (kbd "TAB") 'shr-next-link)
-(define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
-(define-key eww-mode-map (kbd "H") 'eww-back-url)
-(define-key eww-mode-map (kbd "L") 'eww-forward-url)
-
-
-
-;; ledger
-;; ======
-(setq ledger-mode-map (make-sparse-keymap))
-(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
-
-
-
-;;; plomvi mode
-;;; ===========
-
-(defvar plomvi-return-combo (kbd "C-c"))
-(load "~/public_repos/plomvi.el/plomvi.el")
-(plomvi-global-mode 1)
+++ /dev/null
-[user]
- email = c.heller@plomlompom.de
- name = Christian Heller
+++ /dev/null
-IMAPAccount plom
-# Address to connect to
-Host mail.plomlompom.com
-User plom
-# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
-# therefore the pw in ~/.authinfo should not be longer than that.
-PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
-SSLType IMAPS
-AuthMechs LOGIN
-
-IMAPStore core-remote
-Account plom
-
-MaildirStore core-local
-# The trailing "/" is important
-Path ~/mail/maildir/
-Inbox ~/mail/inbox/
-
-Channel core
-Master :core-remote:
-Slave :core-local:
-Patterns *
-# Automatically create missing mailboxes, both locally and on the server
-Create Both
-# Save the synchronization state files in the relevant directory
-SyncState *
-# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
-Expunge Both
+++ /dev/null
-[database]
-path=/home/plom/mail
-[search]
-exclude_tags=deleted;spam;
-# the fields below set the From: if the mail composer is called from
-# within notmuch
-[user]
-name=Christian Heller
-primary_email=plom@plomlompom.com
+++ /dev/null
-sanitize tridactyllocal tridactylsync
-guiset statuspanel top-right
-guiset tabs autohide
-set newtab file:///opt/firefox/blank.html
-autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
-bind / fillcmdline find
-bind n findnext 1
-bind N findnext -1
-set findcase insensitive
-bind j scrollline 3
-bind k scrollline -3
-set hintuppercase false
-set searchengine duckduckgo
+++ /dev/null
-# X init configuration
-
-# Set keymap.
-setxkbmap de
-
-# Map CapsLock to Compose key.
-xmodmap -e "clear Lock"
-xmodmap -e "keycode 66 = Multi_key"
-
-# Load xterm settings
-xrdb -merge ~/.Xresources
-
-# Redshift to Berlin, Germany.
-redshift -rl 53:13 &
-
-# Launch window manager.
-i3
+++ /dev/null
-#!/bin/sh
-set -e
-
-basedir="/home/plom/mail/maildir/"
-# Ensure directories exist for all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- if [ ! -d "${target_dir}" ]; then
- echo "Directory ${target_dir} does not exist."
- exit 1
- fi
-done
-
-# Ensure all "dir:*"-tagged mails are in proper directories,
-# remove all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- for f in $(notmuch search --output=files tag:"${tag}"); do
- new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
- target_path="${target_dir}${new_name}"
- if [ ! "${target_path}" = "${f}" ]; then
- echo "Moving ${f} to ${target_path}."
- mv "${f}" "${target_path}"
- fi
- done
- notmuch tag -"${tag}" tag:"${tag}"
-done
-
-# Remove all "deleted"-tagged files from maildirs.
-notmuch search --output=files tag:deleted | while read f; do
- echo "Deleting ${f}"
- rm "${f}"
-done
-
-# Sync changes back to server and update notmuch index.
-mbsync -a
-notmuch new
+++ /dev/null
-# List of repos we want cloned in ~/public_repos
-config
-pingmail.git
-plomlombot-irc.git
-plomrogue
-plomrogue2-experiments
-plomvi.el
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# It is important that this file is edited as UTF-8.
-# The following line should contain a sharp s:
-# ß
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "wireless _first_"
-order += "ethernet _first_"
-order += "battery all"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature all"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless _first_ {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet _first_ {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery all {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature all {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-not quite blank
+++ /dev/null
-#!/bin/sh
-blog_dir=~/blog
-export GIT_DIR=$(pwd)
-export GIT_WORK_TREE="$blog_dir"
-git checkout -f
-cd "$GIT_WORK_TREE"
-redo
-git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/*
-count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l)
-if [ "$count" != 0 ]; then
- git add metadata/*.automatic_metadata
-fi
-status=$(git status -s)
-n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l)
-if [ "$n_updates" -gt 0 ]; then
- git commit -a -m 'Update metadata'
-fi
+++ /dev/null
-<!DOCTYPE html>
-<meta charset="UTF-8">
-<a href="blog">Zum Blog?</a>
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Repeatedly parse config file for GPG key and bot screen configs.
-path=~/.plomlombot
-db_dir="${HOME}/plomlombot_db"
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-hostname_mod_epoch=$(stat -c%Y /etc/hostname)
-while true; do
- if [ -f "${path}" ]; then
- cat "${path}" | while read line; do
- first_word=$(echo -n "${line}" | cut -d' ' -f1)
-
- # Read "bot:" line, start bot screen session from it if not yet existing,
- # set up irclogs dir if not yet existing.
- if [ "${first_word}" = "bot:" ]; then
- session_name=$(echo -n "${line}" | cut -d' ' -f2)
- bot_name=$(echo -n "${line}" | cut -d' ' -f3)
- channel_name=$(echo -n "${line}" | cut -d' ' -f4)
- shortened_channel_name="${channel_name}"
- first_char=$(echo -n "${channel_name}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-)
- fi
- server_name=$(echo -n "${line}" | cut -d' ' -f5)
- login_user=$(echo -n "${line}" | cut -d' ' -f6)
- login_pw=$(echo -n "${line}" | cut -d' ' -f7)
- add_option=$(echo -n "${line}" | cut -d' ' -f8-)
- set +e
- screen -S "${session_name}" -Q select . > /dev/null
- start_screen=$?
- set -e
- if [ "${start_screen}" -eq "1" ]; then
- cd ~/plomlombot-irc
- LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -u "${bot_name}" -s "${server_name}" -c "${channel_name}" ${add_option}
- fi
- md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1)
- md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1)
- logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs"
- # FIXME: Note the trouble we will have if we have the same channel
- # name on different servers …
- ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}"
- echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}"
-
- # If "gpg_key" line, encrypt old raw logs to that GPG key.
- elif [ "${first_word}" = "gpg_key" ]; then
- key=$(echo -n "${line}" | cut -d' ' -f2)
- mkdir -p ~/plomlombot_db
- cd ~/plomlombot_db
- # Dirty hack: To avoid trouble with GPG key expiration, fake
- # system to something reasonbly old (younger than key creation,
- # older than expiration) by taking the mod datetime of
- # /etc/hostname, which should have last be changed when the
- # system was set up.
- find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
- fi
-
- done
- sleep 1
- fi
-done
+++ /dev/null
-#!/bin/sh
-GIT_WORK_TREE=/home/plom/plomlombot-irc git checkout -f
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-service microblogpub stop
-microblogdir=/home/plom/testing.microblog.pub
-cd "${microblogdir}"
-cp -r data/microblogpub.db data/microblogpub.db.bak.$(date +%a)
-su -lc "cd ${microblogdir} && poetry run inv prune-old-data" - plom
-service microblogpub start
-echo "last microblog pruning at $(date)" >> /home/plom/prune_log.txt
+++ /dev/null
-{
- "translations": {
- "wrongCaptcha": "Captcha leider falsch.",
- "invalidURL": "Falsch formatierte URL.",
- "recordedURL": "URL aufgezeichnet (wird gesichtet und bei Angemessenheit dem Artikel angefügt): ",
- "pleaseWait": "Zu viele Versuche von dieser IP. So viele Sekunden warten: "
- },
- "mailConfig": {
- "to": "plom+url_catcher@plomlompom.com",
- "from": "plom+url_catcher@plomlompom.com"
- },
- "slowdownReset": 3600
-}
+++ /dev/null
-#!/bin/sh
-GIT_WORK_TREE=/var/www git checkout -f
+++ /dev/null
-#!/bin/sh
-
-# Enforce ~/.weechatrc as sole persistent weechat config file.
-rm -rf ~/.weechat/
-WEECHATCONF=`tr '\n' ';' < ~/.weechatrc`
-weechat -r "$WEECHATCONF"
-rm -rf ~/.weechat/
+++ /dev/null
-#!/bin/sh
-# Encrypt dated weechatlog files older than one day to GPG target defined in
-# ~/.encrypt_target
-set -e
-
-gpg_key=$(cat ~/.encrypt_target)
-cd ~/weechatlogs/irc/
-
-# Dirty hack: To avoid trouble with GPG key expiration, fake
-# system to something reasonbly old (younger than key creation,
-# older than expiration) by taking the mod datetime of
-# /etc/hostname, which should have last be changed when the
-# system was set up.
-hostname_mod_epoch=$(stat -c%Y /etc/hostname)
-find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \;
-
+++ /dev/null
-/set logger.file.path ~/weechatlogs
-/set logger.file.flush_delay 0
-/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog"
-/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]"
-/set weechat.color.chat_nick_colors "lightcyan"
-/server add libera irc.libera.chat/6697 -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#plomlomtest -ssl
-/set irc.server.libera.sasl_mechanism PLAIN
-/set irc.server.libera.sasl_username FOO
-/set irc.server.libera.sasl_password BAR
-/connect libera
-/bar hide buflist
+++ /dev/null
-#!/bin/sh
-ZETTELDIR=/home/plom/zettel
-GIT_WORK_TREE=$ZETTELDIR git checkout -f
-cd $ZETTELDIR
-redo
+++ /dev/null
-#!/bin/sh
-# Copy files in argument-selected subdirectories of $1 to subdirectories
-# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
-# of "" and $3 of "all", copy files below etc_files/all such as
-# etc_files/all/etc/foo/bar to equivalent locations below / such as
-# /etc/foo/bar. Create directories as necessary. Multiple arguments after
-# $3 are possible.
-#
-# CAUTION: This removes original files at the affected paths.
-set -e
-
-if [ "$#" -lt 3 ]; then
- echo 'Need arguments: source root, target root, modules.'
- false
-fi
-source_root="$1"
-target_root="$2"
-shift 2
-
-for target_module in "$@"; do
- mkdir -p "${source_root}/${target_module}"
- cd "${source_root}/${target_module}"
- for path in $(find . -type f); do
- target_path="${target_root}"$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp "${source_path}" "${target_path}"
- done
-done
+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access into
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in misc.sh:$local_etc_server
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(server)" "$@"
-server="$1"
-
-# If we already knew that host …
-ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
-
-# This will be used to log-in as root from plom account.
-printf '\nFirst, enter the old root password; then enter new password three times.\n\n'
-ssh root@"${server}" 'printf "\n\n" && passwd'
-
-# Save root password for sshpass
-stty -echo
-printf "Re-enter new server root password: "
-read PW_ROOT
-stty echo
-printf "\n"
-export SSHPASS="${PW_ROOT}"
-
-# Create user plom, and his ~/.ssh/authorized_keys based on the local
-# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
-# ownerships. Then disable root and pw login by copying over the
-# sshd_config and restart ssh daemon.
-#
-# This could be a line or two shorter by using ssh-copy-id, but that
-# would require setting a password for user plom otherwise not needed.
-sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
-sshpass -e ssh root@"${server}" \
- 'useradd -m plom && '\
- 'mkdir /home/plom/.ssh && '\
- 'chown plom:plom /home/plom/.ssh && '\
- 'chown plom:plom /tmp/authorized_keys && '\
- 'chmod u=rw,go= /tmp/authorized_keys && '\
- 'mv /tmp/authorized_keys /home/plom/.ssh/'
-sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-sshpass -e ssh root@"${server}" 'service ssh restart'
+++ /dev/null
-#!/bin/sh
-# This script turns a fresh server with password-based root access into
-# one of only key-based access and only to new non-root account plom.
-#
-# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
-# contains the local ~/.ssh/id_rsa.pub, and also any old
-# /etc/ssh/sshd_config.
-#
-# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
-# file in misc.sh:$local_etc_server.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(server)" "$@"
-server="$1"
-
-# If we already knew that host …
-ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
-
-# So we're only asked once …
-eval $(ssh-agent)
-ssh-add
-
-# This will be used to log-in as root from plom account.
-printf '\nAsking for new root password.\n\n'
-ssh root@"${server}" 'printf "\n\n" && passwd'
-
-# Set up plom's ~/.ssh/authorized_keys from root's.
-ssh root@"${server}" 'useradd -m plom'
-ssh root@"${server}" 'mkdir /home/plom/.ssh'
-ssh root@"${server}" 'chown plom:plom /home/plom/.ssh'
-ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/'
-ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys'
-
-# Set up SSH config and remove direct SSH login to root.
-scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
-ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-
-config_tree_prefix="${HOME}/config/bullseye"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- # TODO: continue if file at $path not found, to get rid of dummy files
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need old server IP.'
- false
-fi
-old_server="$1"
-config_tree_prefix="${HOME}/config/bullseye"
-cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
-chown plom:plom /home/plom/prepare_to_meet_server.sh
-su -lc "./prepare_to_meet_server.sh ${old_server}" plom
-read -p'Hit Enter when you are done.' ignore
-rm /home/plom/prepare_to_meet_server.sh
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
-rm /home/plom/mirror_dir.sh
+++ /dev/null
-#!/bin/sh
-# Mirror directory tree from remote to local server, keeping the path.
-set -e
-
-if [ $# -lt 2 ]; then
- echo "Need server and directory as arguments."
- false
-fi
-server=$1
-dir=$2
-path_package=/tmp/delete.tar
-
-eval `ssh-agent`
-ssh-add
-cd
-ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
-scp plom@"${server}":"${path_package}" "${path_package}"
-mkdir -p "${dir}"
-cd "${dir}"
-tar xf "${path_package}"
-cd
-rm "${path_package}"
-ssh plom@"${server}" rm "${path_package}"
+++ /dev/null
-#!/bin/sh
-#set -e
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
+++ /dev/null
-#!/bin/sh
-# Do some of the steps necessary to SSH (key-based) with another server.
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need server IP as argument.'
- false
-fi
-target="$1"
-
-# We need a public key to copy over, so generate it if not found.
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
- ssh-keygen -N ""
-fi
-
-# Add target to ~/.ssh/known_hosts so we don't get
-# asked for permission at inopportune moments.
-ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
-
-# Tell user what to do.
-echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
-cat ~/.ssh/id_rsa.pub
+++ /dev/null
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-
-config_tree_prefix="${HOME}/config/bullseye"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- echo "${line}" >> /tmp/list_white_unsorted
- fi
- done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
-
-# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab.
-# TODO: Find out why.
-mount -a
+++ /dev/null
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-#
-# Ignores IPv6s.
-set -e
-
-hostname="$1"
-fqdn="$2"
-if [ "${hostname}" = "" ]; then
- echo "Need hostname as argument."
- false
-fi
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
- continue
- fi
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
- continue
- fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
- continue
- fi
- fi
- final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -lt 2 ]; then
- echo 'Need at least two arguments (hostname, FQDN).'
- false
-fi
-hostname="$1"
-fqdn="$2"
-shift 2
-
-config_tree_prefix="${HOME}/config/bullseye"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-
-# Adapt /etc/ to our needs by copying from ./etc_files. This will set
-# basic configurations affecting following steps, such as setup of APT
-# and the locale selection, so needs to be right at the beginning.
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all "$@"
-./purge_nonrequireds.sh all "$@"
-
-# Ensure our desired locale is available.
-locale-gen
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Set up system without user environment.
-config_tree_prefix="${HOME}/config/bullseye"
-
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" daily_reboot
-systemctl enable reboot.timer
-systemctl start reboot.timer
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need exactly one argument (system name).'
- false
-fi
-if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then
- echo "Need legal system name."
- false
-fi
-system_name="$1"
-
-# Set up system without user environment.
-config_tree_prefix="${HOME}/config/bullseye"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then
- ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
-else
- ./setup.sh "${system_name}" "" user desktop "${system_name}"
-fi
-
-# # Set up printer.
-# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb"
-# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
-# dpkg --add-architecture i386
-# apt update
-# apt install -y "./${ppd_deb}"
-# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
-# # service cups restart
-# rm "./${ppd_deb}"
-# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
-
-# Set up user environments.
-secrets_dev="sdb"
-source_dir_secrets="/media/${secrets_dev}/to_usb"
-target_dir_secrets="/home/plom/tmp_secrets"
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
-set +e
-HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?)
-set -e
-adduser --disabled-password --gecos "" plom
-usermod -a -G sudo plom
-passwd plom
-if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then
- echo "Put secrets drive into slot for /dev/${secrets_dev}."
- while [ ! -e /dev/"${secrets_dev}" ]; do
- sleep 1
- done
- stty -echo
- printf "Secrets passphrase: "
- read secrets_pass
- stty echo
- echo "" # newline so user knows their input return was accepted
- echo "${secrets_pass}" | pmount /dev/"${secrets_dev}"
- cp -a "${source_dir_secrets}" "${target_dir_secrets}"
- chown -R plom:plom "${target_dir_secrets}"
- pumount "${secrets_dev}"
- echo "You can remove /dev/${secrets_dev} now."
- cp setup_home.sh /home/plom
- chown plom:plom /home/plom/setup_home.sh
- SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom
-fi
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 4 ]; then
- echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).'
- false
-fi
-if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then
- echo "Need legal repo source name."
- false
-fi
-domain="$1"
-mail="$2"
-old_server="$3"
-repos_source="$4"
-
-read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore
-
-# Install configs, set up firewall.
-echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
-config_tree_prefix="${HOME}/config/bullseye"
-./install_for_target.sh web dumpsite
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Set up connection to old dump server.
-cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
-chown plom:plom /home/plom/prepare_to_meet_server.sh
-su -lc "./prepare_to_meet_server.sh ${old_server}" plom
-read -p'Hit Enter when you are done.' ignore
-rm /home/plom/prepare_to_meet_server.sh
-
-# Set up dump dirs.
-mkdir /var/www-dump
-chown plom:plom /var/www-dump
-dump_dir=dump
-geheim_dir=geheim
-su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom
-su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom
-su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom
-su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom
-mv /home/plom/password_geheim /var/www-dump/password_geheim
-rm /home/plom/mirror_dir.sh
-
-# Set up redo.
-wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz
-tar -moxzf redo-sh.tar.gz -C /usr/local
-
-# Set up zettel.
-su -lc "git clone --mirror ${old_server}:zettel.git" plom
-cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive
-su -lc "git clone ~/zettel.git && cd zettel && redo" plom
-su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom
-# NOTE: Locally, to update content, clone zettel.git, not zettel.
-
-# Set up redo blog.
-su -lc "git clone --mirror ${old_server}:blog.git" plom
-cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive
-su -lc "git clone ~/blog.git" plom
-# TODO: set up like plomlombot repo (with post-recieve hook)?
-if [ "$repos_source" = "local"]; then
- su -lc "git clone /var/repos/redo-blog" plom
-else
- su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom
-fi
-su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom
-su -lc "cd blog && redo" plom
-su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom
-# NOTE: Locally, to update content, clone blog.git, not blog.
-
-# Set up url catcher.
-# TODO: set up like plomlombot repo (with post-recieve hook)?
-if [ "$repos_source" = "local" ]; then
- su -lc "git clone /var/repos/url-catcher" plom
-else
- su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom
-fi
-su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom
-cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json
-systemctl enable url_catcher.service
-service url_catcher start
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom
-su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom
-rm /home/plom/mirror_dir.sh
-
-# Set up index.html
-cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html
-
-# Prepare NGINX.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx
-ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx
-
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-
-# Set up system without user environment.
-config_tree_prefix="${HOME}/config/bullseye"
-
-# Install Firefox directly from Mozilla.
-firefox_release="91.5.1esr"
-firefox_filename="firefox-${firefox_release}.tar.bz2"
-url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
-wget "${url_firefox}"
-mv "${firefox_filename}" /opt/
-cd /opt/
-tar xf "${firefox_filename}"
-rm "${firefox_filename}"
-ln -f -s /opt/firefox/firefox /usr/local/bin/
-update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
-update-alternatives --set x-www-browser /opt/firefox/firefox
-
-# as default new tab content for tridactyl
-cp "${config_tree_prefix}/other_files/blank.html" /opt/firefox/
-
-echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source."
-
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 1 ]; then
- echo 'Need exactly one argument (system name).'
- false
-fi
-if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then
- echo "Need legal system name."
- false
-fi
-system_name="$1"
-
-public_repos_dir="${HOME}/public_repos"
-config_tree_prefix="${public_repos_dir}/config/bullseye"
-path_borgscript="${config_tree_prefix}//borg.sh"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-repos_list_file="${public_repos_dir}/repos"
-dir_secrets="${HOME}/tmp_secrets"
-borgkeys_dir=~/.config/borg/keys
-borgrepos_file=~/.borgrepos
-ssh_dir=~/.ssh
-authinfo_file=.authinfo
-maildir=~/mail/maildir
-
-ensure_repo() {
- repo_name="${1}"
- if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
- cd "${public_repos_dir}"
- git clone plom@plomlompom.com:/var/repos/${repo_name}
- fi
-}
-
-# Set up iniitial non-public parts of infrastructure: SSH authentication.
-cd "${dir_secrets}"
-mkdir -p "${ssh_dir}"
-echo "Setting up .ssh"
-cp id_rsa ~/.ssh
-stty -echo
-ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
-stty echo
-eval $(ssh-agent)
-ssh-add
-ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
-
-# Clone config to copy dotfiles etc. from it.
-cd
-mkdir -p "${public_repos_dir}"
-ensure_repo config
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
-
-# # Set up native messenger for tridactyl.
-# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
-# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
-
-# Set up further non-public parts of infrastructure.
-cd "${dir_secrets}"
-script -c 'gpg --import secret_keys.asc' /dev/null
-tar xf borg_keyfiles.tar
-mkdir -p "${borgkeys_dir}"
-mv borg_keyfiles/* "${borgkeys_dir}"
-# .authinfo may not be present on every secrets drive yet
-if [ -f "${authinfo_file}" ]; then
- cp "${authinfo_file}" ~
-fi
-cd
-rm -rf "${dir_secrets}"
-
-# Sync org dir via borgbackup. For this we need the borgbackup servers
-# in our .ssh/known_hosts file.
-cat "${borgrepos_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- server=$(echo "${line}" | sed 's/.*@//')
- ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
-done
-BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
-
-# Fill ~/public_repos.
-cat "${repos_list_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- ensure_repo "${line}"
-done
-
-# Set up e-mail system. Note that we only do mbsync if the imap pass file
-# is found. It may not be present on every secrets drive yet, so we have to
-# deal with the possibility of it being absent at this point.
-mkdir -p "${maildir}" # expected by mbsync/isync
-if [ -f "${HOME}/${authinfo_file}" ]; then
- mbsync -a
- notmuch new
-fi
-
-# # Final note on how to integrate tridactyl.
-# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-
-if [ "$#" -ne 2 ]; then
- echo 'Need domain name and mail.'
- false
-fi
-domain="$1"
-mail="$2"
-
-# Install configs, set up firewall.
-config_tree_prefix="${HOME}/config/bullseye"
-./install_for_target.sh web microblogpub
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web microblogpub
-apt update # since we just updated /etc/apt/sources.list
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Install Python >=3.10 from source (Bullseye only has 3.9).
-python_version=3.11.1
-python_dirname="Python-${python_version}"
-su -lc "wget https://www.python.org/ftp/python/${python_version}/${python_dirname}.tgz" plom
-su -lc "tar -xvf ${python_dirname}.tgz" plom
-su -lc "cd /home/plom/${python_dirname} && ./configure --enable-optimizations && make"
-cd /home/plom/${python_dirname}/
-make altinstall
-cd
-rm -rf /home/plom/${python_dirname}
-
-# Configure/install Poetry and microblog.pub.
-su -lc "curl -sSL https://install.python-poetry.org | python3.11" - plom
-su -lc "git clone https://git.sr.ht/~tsileo/microblog.pub testing.microblog.pub" - plom
-su -lc "poetry config installer.parallel false" - plom
-su -lc "cd testing.microblog.pub && poetry install" - plom
-su -lPc "cd testing.microblog.pub && poetry run inv configuration-wizard" - plom
-su -lPc "cd testing.microblog.pub && poetry run inv migrate-db" - plom
-
-# Set up microblog.pub daemon service.
-venv_dir_path=$( su -lPc "cd testing.microblog.pub && poetry env info --path" - plom)
-venv_dir=$(basename ${venv_dir_path})
-sed -i "s/REPLACE_venv_dir_ECALPER/${venv_dir}/g" /etc/systemd/system/microblogpub.service
-systemctl enable microblogpub.service
-service microblogpub start
-
-# Prepare and start NGINX config.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/microblogpub.nginx
-ln -s /etc/nginx/sites-available/microblogpub.nginx /etc/nginx/sites-enabled/microblogpub.nginx
-service nginx restart
-
-# Setup regular DB pruning
-cp "${config_tree_prefix}/other_files/prune_microblog.sh" /home/plom/
-systemctl enable microblogpub_prune.timer
-systemctl start microblogpub_prune.timer
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -lt 1 ]; then
- echo "Need public key ID and optionally old server IP."
- false
-fi
-gpg_key="$1"
-old_server="$2"
-
-config_tree_prefix="${HOME}/config/bullseye"
-./install_for_target.sh play
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play
-cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc
-cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/
-cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/
-chown plom:plom /home/plom/*weechat*
-chown plom:plom /home/plom/.weechatrc
-echo "${gpg_key}" > /home/plom/.encrypt_target
-chown plom:plom /home/plom/.encrypt_target
-
-# TODO refactor with setup_website.sh
-# Add encryption key.
-keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es'
-set +e
-while true; do
- do_break=0
- for keyserver in $(echo "${keyservers}"); do
- su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
- if [ $? -eq "0" ]; then
- do_break=1
- break
- fi
- echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
- done
- if [ "${do_break}" -eq "1" ]; then
- break
- fi
-done
-set -e
-
-if [ "${old_server}" != "" ]; then
- cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
- su -lc "./prepare_to_meet_server.sh ${old_server}" plom
- read -p'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
- su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom
- su -lc "scp plom@${old_server}:.weechatrc ~" plom
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom
- rm /home/plom/mirror_dir.sh
-fi
-
-systemctl enable --now encrypt_chatlogs.timer
+++ /dev/null
-#!/bin/sh
-# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_and_keybased_login.sh.
-set -e
-
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -lt 2 ]; then
- echo 'Need exactly two arguments (hostname, FQDN).'
- false
-fi
-hostname="$1"
-fqdn="$2"
-additional_arg="$3"
-
-# Set up system without user environment.
-config_tree_prefix="${HOME}/config/bullseye"
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-cd "${setup_scripts_dir}"
-./setup.sh "${hostname}" "${fqdn}" server "${additional_arg}"
-
-# If we have not yet set the shell for user plom, ensure it here. This
-# is mostly for convenience.
-usermod -s /bin/bash plom
-
-# Enable firewall.
-systemctl enable nftables.service
+++ /dev/null
-#!/bin/sh
-set -e
-
-if [ "$#" -ne 4 ] && [ "$#" -ne 5 ]; then
- echo 'Need domain name and mail and key ID and init state and possibly old server IP as argument.'
- false
-fi
-if [ ! "$4" = "copy" ] && [ ! "$4" = "new" ]; then
- echo "Need init state to be either 'copy' or 'new'."
- false
-fi
-if [ ! "$4" = "new" ] && [ "$#" -ne 5 ]; then
- echo "With init state != 'new' need fifth argument old server IP."
- false
-fi
-domain="$1"
-mail="$2"
-gpg_key="$3"
-init_state="$4"
-old_server="$5"
-
-# Install configs, set up firewall.
-config_tree_prefix="${HOME}/config/bullseye"
-./install_for_target.sh web website
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Set up connection to old server.
-if [ ! "${init_state}" = "new" ]; then
- cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
- chown plom:plom /home/plom/prepare_to_meet_server.sh
- su -lc "./prepare_to_meet_server.sh ${old_server}" plom
- read -p'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
-fi
-
-# Set up repos dir.
-# To use this dir, "git clone --mirror" repo source paths into it as user plom.
-# As user plom, touch git-daemon-export-ok files into it to make the repo
-# publically available.
-if [ "${init_state}" = "new" ]; then
- mkdir /var/repos
- chown plom:plom /var/repos
-else
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- chmod a+w /var
- if [ "${init_state}" = "copy" ]; then
- su -lc "./mirror_dir.sh ${old_server} /var/repos" plom
- else
- su -lc "./mirror_dir.sh ${old_server} /var/public_repos" plom
- fi
- chmod a-w /var
- rm /home/plom/mirror_dir.sh
-fi
-
-# Prepare NGINX and GitWeb config.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx
-ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx
-
-# Set up website. TODO: use non-/var/www dir for better separation to dump site
-rm -rf /var/www
-mkdir /var/www
-chown plom:plom /var/www
-if [ "${init_state}" = "new" ]; then
- su -lc "cd /var/repos && git init --bare website.git" plom
-fi
-cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive
-su -lc 'cd /var/www && git clone /var/repos/website.git .' plom
-
-# Add encryption key.
-keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es'
-set +e
-while true; do
- do_break=0
- for keyserver in $(echo "${keyservers}"); do
- su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}"
- if [ $? -eq "0" ]; then
- do_break=1
- break
- fi
- echo "Attempt with keyserver ${keyserver} unsuccessful, trying other."
- done
- if [ "${do_break}" -eq "1" ]; then
- break
- fi
-done
-set -e
-
-# Set up plomlombot.
-irclogs_dir=/var/www/html/irclogs
-irclogs_pw_dir=/var/www/irclogs_pw
-mkdir -p "${irclogs_dir}"
-chown -R plom:plom "${irclogs_dir}"
-mkdir -p "${irclogs_pw_dir}"
-chown -R plom:plom "${irclogs_pw_dir}"
-if [ "${init_state}" = "new" ]; then
- # TODO investigate whether we can get rid of anything here
- # Handle the case that the repo is in the old pre-buster server setup –
- # even then, the URL should be the same.
- su -lc "cd /var/repos && git clone --mirror https://plomlompom.com/repos/clone/plomlombot-irc" plom
- su -lc "touch /var/repos/plomlombot-irc.git/git-daemon-export-ok" plom
- cp "${config_tree_prefix}/other_files/plomlombot_hook_post-receive" /var/repos/plomlombot-irc.git/hooks/post-receive
-fi
-su -lc "git clone /var/repos/plomlombot-irc.git" plom
-cp "${config_tree_prefix}/other_files/plomlombot_daemon.sh" /home/plom/
-chown plom:plom /home/plom/plomlombot_daemon.sh
-if [ "${init_state}" = "new" ]; then
- echo 'bot: plomlombog plomlombog #plomlomtest irc.freenode.net foo bar' >> /home/plom/.plomlombot
- chown plom:plom /home/plom/.plomlombot
-else
- cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${old_server} /home/plom/plomlombot_db" plom
- rm /home/plom/mirror_dir.sh
- su -lc "scp plom@${old_server}:.plomlombot ~" plom
- # TODO su -lc "ssh plom@${old_server} \"su -lc 'service plomlombot stop'\"" plom
-fi
-# TODO systemctl enable plomlombot.service
-# TODO service plomlombot start
-
-# Set up guiltcards.
-su -lc "git clone /var/repos/guiltcards" plom
-cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/guiltcards/decks" plom
-rm /home/plom/mirror_dir.sh
-
-# In the above step, we might have created a root-owned /var/www/html –
-# fix this here.
-chown -R plom:plom /var/www/html
-
-# TODO:
-# - rename /home/plom/public_repos to /home/plom/repos
-
-service nginx restart
+++ /dev/null
-#!/bin/sh
-set -e
-
-PATH_REL_ETC=etc
-PATH_REL_APTMARK=aptmark
-PATH_REL_REPO=config
-PATH_REL_HOME=home
-PATH_MANY=../../many_releases
-PATH_MANY_MISC="${PATH_MANY}/scripts/_misc.sh"
-ROOTS_HERE_AND_MANY="${PATH_MANY} .."
-
-USERNAME=plom
-PATH_USER_HOME="/home/${USERNAME}"
-
-FILENAME_PRIVATE_KEY=id_rsa
-FILENAME_PUBLIC_KEY="${FILENAME_PRIVATE_KEY}.pub"
-URL_PUBLIC_KEY="https://dump.plomlompom.com/dump/${FILENAME_PUBLIC_KEY}"
-PATH_REL_LOCAL_SSH=.ssh
-PATH_REL_AUTHORIZED_KEYS="${PATH_REL_LOCAL_SSH}/authorized_keys"
-PATH_AUTHORIZED_KEYS="${HOME}/${PATH_REL_AUTHORIZED_KEYS}"
-PATH_USER_SSH="${PATH_USER_HOME}/${PATH_REL_LOCAL_SSH}"
-
+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
-# extremely useful for basic network debugging; missed these more than once in an emergency
-netcat-traditional
-iputils-ping
-
+++ /dev/null
-# so we can still connect
-openssh-server
-# this gotta be good for _something_ …
-raspi-firmware
-# to boot into a graphical environment
-greetd
-sway
-# for waybar script
-calc
-# for sound
-pulseaudio
-# for setting console keyboard via /etc/default/keyboard
-console-setup
-# for setting system time
-ntpsec-ntpdate
-# basic usage
-mpv
-firefox-esr
-# for convenience
-foot
-less
-sudo
-vim
-ack
-man-db
-# for ytplom
-python3-venv
-libmpv2
-ffmpeg
-
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-LANG="en_US.UTF-8"
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-[terminal]
-vt = 7
-[default_session]
-command = "~/.nonpath_bins/on_session_start.sh"
-user = "plom"
+++ /dev/null
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Include /etc/ssh/sshd_config.d/*.conf
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-KbdInteractiveAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the KbdInteractiveAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin prohibit-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and KbdInteractiveAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#PermitUserEnvironment no
-#Compression delayed
-ClientAliveInterval 15
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
+++ /dev/null
-[Unit]
-Description=Monitor temperature to throttle CPU if necessary
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/root/throttle_cpu.sh
-Restart=always
-RestartSec=10
-User=root
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-# Settings for interactive shells.
-
-# Fancy colors for ls.
-alias ls="ls --color=auto"
-
-# Other helpful aliases
-alias sshauth='eval $(ssh-agent) && ssh-add'
-
-# Use vim as default editor for anything.
-export VISUAL=vim
-export EDITOR=$VISUAL
-
-# Colored prompt with username, hostname, date/time, directory.
-colornumber=7 # Default to white if no color set via colornumber dotfile.
-colornumber_file=~/.shell_prompt_color
-if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
-fi
-tput_color="$(tput setaf $colornumber)$(tput bold)"
-tput_reset="$(tput sgr0)"
-# Bash confuses the line length when not told to not count escape sequences.
-if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
-fi
-PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
-PS2="${tput_color}> $tput_reset"
-PS3="${tput_color}select: $tput_reset"
-PS4="${tput_color}+ $tput_reset"
+++ /dev/null
-[user]
- email = c.heller@plomlompom.de
- name = Christian Heller
+++ /dev/null
-fullscreen=yes
-profile=fast
-vo=gpu
-ao=pulse
+++ /dev/null
-# because these are included by /etc/sway/config for probably good reason …
-include /etc/sway/config-vars.d/*
-include /etc/sway/config.d/*
-
-# simple green background
-output * background #559911 solid_color
-
-# keyboard layout
-input * xkb_layout "de"
-
-# waybar
-bar {
- position top
- status_command ~/.nonpath_bins/status.sh
-}
-
-# keybindings
-set $mod Mod4
-
-bindsym $mod+Return exec foot
-bindsym $mod+Shift+q kill
-bindsym $mod+Shift+p exit
-
-bindsym $mod+f fullscreen
-bindsym $mod+space focus mode_toggle
-bindsym $mod+Shift+space floating toggle
-
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
+++ /dev/null
-#!/usr/bin/sh
-# Iinitalize anything we want in our sessions opened by greetd.
-
-# Workaround to pulseaudio daemon somehow not respecting setting these with
-# ~/.config/pulse/default.pa – note that the first pactl call also seems
-# necessary, probably for forcing some init routines without which the pacmd
-# calls that follow won't work; TODO: find cleaner solutions
-pactl list sinks > /dev/null
-pacmd set-default-sink alsa_output.platform-fef05700.hdmi.hdmi-stereo
-pacmd set-sink-volume alsa_output.platform-fef05700.hdmi.hdmi-stereo 65536
-
-# Wayland environment.
-/usr/bin/sway
+++ /dev/null
-#!/bin/sh
-# see sway-bar(5) and swaybar-protocol(7)
-MEGA=1000
-GIGA=1000000
-printf '{ "version": 1 }\n[\n'
-while true; do
- printf ' [\n'
- printf ' {"full_text": "%s"},\n' "$(ip -4 addr show scope global | grep -oP '(?<=inet\s)\d+(\.\d+){3}')"
- printf ' {"full_text": "%d° C"},\n' $(calc "$(cat /sys/class/thermal/thermal_zone0/temp) // ${MEGA}")
- printf ' {"full_text": "%.1f/%.1f GHz"},\n' $(calc "$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq) / ${GIGA}") $(calc "$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq) / ${GIGA}")
- printf ' {"full_text": "%s"},\n' "$(date +'%Y-%m-%d %X')"
- printf ' ],\n'
- sleep 1
-done
+++ /dev/null
-# ~/.profile: executed by the command interpreter for login shells.
-
-# simplified defaults: read .bashrc, extend PATH by bin dirs
-. "$HOME/.bashrc"
-PATH="$HOME/.local/bin:$HOME/bin:$PATH"
-
-# to forward video on commands run via SSH login to screen we expect connected
-if [ -n "$SSH_CONNECTION" ]; then
- export WAYLAND_DISPLAY=wayland-1
-fi
+++ /dev/null
-#!/bin/sh
-set -e
-
-MED_TEMP=85000
-MAX_TEMP=95000
-
-MIN_FREQ=600000
-MED_FREQ=1000000
-MAX_FREQ=1500000
-
-PATH_TEMP='/sys/class/thermal/thermal_zone0/temp'
-
-set_max_freq() {
- for cpu in /sys/devices/system/cpu/cpu[0-9]*; do
- echo "$1" > "$cpu/cpufreq/scaling_max_freq"
- done
- echo "$1"
-}
-
-freq_set=$(set_max_freq "${MIN_FREQ}")
-while true; do
- temp=$(cat "${PATH_TEMP}")
- if [ "${temp}" -ge "${MAX_TEMP}" ]; then
- if [ "${freq_set}" -gt "${MIN_FREQ}" ]; then
- freq_set=$(set_max_freq "${MIN_FREQ}")
- fi
- elif [ "${temp}" -ge "${MED_TEMP}" ]; then
- if [ "${freq_set}" -gt "${MED_FREQ}" ]; then
- freq_set=$(set_max_freq "${MED_FREQ}")
- fi
- elif [ "${freq_set}" -lt "${MAX_FREQ}" ]; then
- freq_set=$(set_max_freq "${MAX_FREQ}")
- fi
- sleep 1
-done
+++ /dev/null
-#!/bin/sh
-set -e
-
-export DEBIAN_FRONTEND=noninteractive
-
-expect_min_n_args() {
- min_args="$1"
- explainer="$2"
- shift 2
- if [ "$#" -lt "${min_args}" ]; then
- echo "Need at least ${min_args} arguments … ${explainer}"
- false
- fi
-}
-
-copy_dirtree() {
- # Copy files in argument-selected subdirectories of $1 to subdirectories
- # of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
- # of "" and $3 of "all", copy files below etc_files/all such as
- # etc_files/all/etc/foo/bar to equivalent locations below / such as
- # /etc/foo/bar. Create directories as necessary. Multiple arguments after
- # $3 are possible.
- #
- # CAUTION: This overwrites original files at the affected paths.
- expect_min_n_args 3 "(source root, target root, modules)" "$@"
- source_root="$1"
- target_root="$2"
- shift 2
- modules="$@"
- initial_directory="$(pwd)"
- for module in ${modules}; do
- module_path="${source_root}/${module}"
- if [ ! -d "${module_path}" ]; then
- continue
- fi
- cd "${module_path}"
- for path in $(find . -type f); do
- target_path="${target_root}"$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp "${source_path}" "${target_path}"
- done
- cd "${initial_directory}"
- done
-}
-
-install_for_modules() {
- # Walk through the package names in the argument-selected files of
- # apt-mark/ and ensures the respective packages are installed.
- #
- # Caution: Ignores anything in an apt-mark/ file after the last newline,
- # so make sure there's nothing meaningful thereafter.
- expect_min_n_args 2 "(apt_mark_dir, modules)" "$@"
- apt_mark_dir="$1"
- shift 1
- modules="$@"
- for module in ${modules}; do
- path="${apt_mark_dir}/${module}"
- if [ ! -f "${path}" ]; then
- continue
- fi
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- apt-get -y -o Dpkg::Options::="--force-confnew" install "${line}"
- fi
- done
- done
-}
-
-mark_nonrequireds_auto() {
- path_list_unsorted='/tmp/list_unsorted'
- path_list_all_packages='/tmp/list_all_packages'
- path_list_white='/tmp/list_white'
- path_list_black='/tmp/list_black'
- dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > "${path_list_unsorted}"
- sort "${path_list_unsorted}" | uniq > "${path_list_white}"
- dpkg-query -Wf '${Package}\n' > "${path_list_unsorted}"
- sort "${path_list_unsorted}" | uniq > "${path_list_all_packages}"
- comm -3 "${path_list_all_packages}" "${path_list_white}" > "${path_list_black}"
- apt-mark auto `cat "${path_list_black}"`
- rm "${path_list_unsorted}" "${path_list_all_packages}" "${path_list_white}" "${path_list_black}"
-}
-
-upgrade_from_older_release() {
- # Upgrade system to calling context's Debian release.
- # Caution: Don't expect any customized /etc files to surivive this!
- path_sources_list='/apt/sources.list'
- apt update
- apt -y -o Dpkg::Options::='--force-confnew' upgrade
- apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
- cp "../etc/all${path_sources_list}" "/etc${path_sources_list}"
- apt clean
- apt update
- apt -y -o Dpkg::Options::='--force-confnew' upgrade
- apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
- apt -y autoremove
-}
-
-add_my_public_key() {
- # NB: vars expected to be pulled in from caller previously calling constants.sh!
- apt update
- apt -y install wget
- wget "${URL_PUBLIC_KEY}"
- cat "${FILENAME_PUBLIC_KEY}" >> "${PATH_AUTHORIZED_KEYS}"
- rm "${FILENAME_PUBLIC_KEY}"
-}
-
-setup_for_raspi() {
- # NB: vars expected to be pulled in from caller previously calling constants.sh!
-
- # ensure we can log in
- add_my_public_key
- # (alternatively, or preceding this to reduce non-remote typing, TEMPORARILY
- # (!) set password login:)
- # passwd
- # echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
-
- # migrate to testing
- upgrade_from_older_release
-
- # on installing console-setup, will guide it to do the right thing (including
- # re-writing /etc/default/keyboard)
- echo 'XKBLAYOUT=de' > /etc/default/keyboard
-
- # properly configure apt and reduce system to minimum that satisfies our own
- # aptmark/ package lists
- for root in ${ROOTS_HERE_AND_MANY}; do
- copy_dirtree "${root}/${PATH_REL_ETC}/all" '/etc/apt' apt
- done
- apt update
- mark_nonrequireds_auto
- for root in ${ROOTS_HERE_AND_MANY}; do
- install_for_modules "${root}/${PATH_REL_APTMARK}" all raspi
- done
- apt -y --purge autoremove
- for root in ${ROOTS_HERE_AND_MANY}; do
- copy_dirtree "${root}/${PATH_REL_ETC}" '/etc' all raspi
- done
-
- # Ensure our desired locale is available.
- locale-gen
-
- # Set Berlin localtime.
- ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
- ntpdate-debian
-
- # so Sway won't complain about failing to access non-existant background image file
- sed -i '/^output \* bg/ s/^/#/' /etc/sway/config
-
- # Set up root environment.
- for root in ${ROOTS_HERE_AND_MANY}; do
- copy_dirtree "${root}/${PATH_REL_HOME}" '/root' all root raspi_root
- done
-
- # Set up user and their environment.
- adduser --disabled-password --gecos "" "${USERNAME}"
- usermod -a -G sudo "${USERNAME}"
- for root in ${ROOTS_HERE_AND_MANY}; do
- copy_dirtree "${root}/${PATH_REL_HOME}" "${PATH_USER_HOME}" all desktop raspi
- done
- mkdir "${PATH_USER_SSH}"
- cp "${PATH_AUTHORIZED_KEYS}" "${PATH_USER_SSH}"
- chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_HOME}"
- passwd "${USERNAME}"
- rm "${PATH_AUTHORIZED_KEYS}"
-
- # Activate /root/throttle_cpu.sh daemonization.
- systemctl enable throttle_cpu.service
- systemctl start throttle_cpu.service
-}
+++ /dev/null
-#!/bin/sh
-
-local_etc_server="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${local_etc_server}${system_path_sshd_config}"
-
-expect_n_args() {
- min_args="$1"
- explainer="$2"
- shift 2
- if [ "$#" -lt "${min_args}" ]; then
- echo "Need at least ${min_args} arguments … ${explainer}"
- false
- fi
-}
-
+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
-# extremely useful for basic network debugging; missed these more than once in an emergency
-netcat-traditional
-iputils-ping
-# to set the time
-ntpsec-ntpdate
+++ /dev/null
-# for X to start at all
-linux-headers-amd64
-nvidia-driver
-firmware-misc-nonfree
-# X input: keyboard
-xserver-xorg-input-evdev
-## CUDA
-#nvidia-cuda-dev
-#nvidia-cuda-toolkit
-
+++ /dev/null
-# so we can work without the Ethernet adapter
-network-manager
-
+++ /dev/null
-# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
-cryptsetup-initramfs
-lvm2
-# this provides setupcon which reads /etc/default/console-setup
-console-setup
-# for startx
-xinit
-# for xrdb
-x11-xserver-utils
-# for startx to run for non-root user
-libpam-systemd
-# window environment
-i3
-i3status
-suckless-tools
-xterm
-# to get sleepy at night
-redshift
-# for alsamixer
-alsa-utils
-# also useful
-vim
-sudo
-less
-man-db
-manpages
-procps
-# browsers
-firefox-esr
-chromium
-# tridactyl install recommendations
-vim-gtk3
-curl
-## for firefox to emit sound
-#pulseaudio
-# emacs
-emacs
-emacs-common-non-dfsg
-emacs-el
-elpa-ledger
-ledger
-# to mount encrypted USB stick and use its contents
-pmount
-cryptsetup
-openssh-client
-# for syncing
-borgbackup
-# mail setup
-isync
-notmuch
-elpa-notmuch
-pinentry-gtk2
-#
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client unpredictably so
ifupdown
isc-dhcp-client
# git for the setup directory; cloning works with ca-certificates
# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
cryptsetup-initramfs
lvm2
+# for secrets
+pmount
+# for accessing remote machines
+openssh-client
# wayland usage essentials
sway
# at a minimum sets env stuff without which sway won't start
+++ /dev/null
-# for X to start at all
-linux-headers-amd64
-nvidia-driver
-firmware-misc-nonfree
-# X input: keyboard
-xserver-xorg-input-evdev
-## CUDA
-#nvidia-cuda-dev
-#nvidia-cuda-toolkit
-
+++ /dev/null
-# technically not necessarily anymore, but on older servers needed for playing nicely with foot, kept here more as a reminder than for any specific use
-foot-terminfo
-#
-# for secrets
-pmount
# ping won't work for user without this – see <https://shallowsky.com/blog/linux/ping-permissions.html>
linux-sysctl-defaults
# generally useful
man-db
manpages
procps
-openssh-client
# for syncing
borgbackup
# for my own scripts to run
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# anything more would only confuse NetworkManager
+++ /dev/null
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-source /etc/network/interfaces.d/*
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
-
-# anything more would only confuse NetworkManager
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+++ /dev/null
-LANG="en_US.UTF-8"
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
audio_dev_is_mute() {
[ "$(pactl get-sink-mute 0)" = "Mute: yes" ]
}
-
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
+++ /dev/null
-# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
-xset s noblank
+++ /dev/null
-# Settings for interactive shells.
-
-# Fancy colors for ls.
-alias ls="ls --color=auto"
-
-# Other helpful aliases
-alias sshauth='eval $(ssh-agent) && ssh-add'
-# alias xrandrbig='xrandr --output LVDS-1 --off'
-
-# Use vim as default editor for anything.
-export VISUAL=vim
-export EDITOR=$VISUAL
-
-# Colored prompt with username, hostname, date/time, directory.
-colornumber=7 # Default to white if no color set via colornumber dotfile.
-colornumber_file=~/.shell_prompt_color
-if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
-fi
-tput_color="$(tput setaf $colornumber)$(tput bold)"
-tput_reset="$(tput sgr0)"
-# Bash confuses the line length when not told to not count escape sequences.
-if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
-fi
-PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
-PS2="${tput_color}> $tput_reset"
-PS3="${tput_color}select: $tput_reset"
-PS4="${tput_color}+ $tput_reset"
+++ /dev/null
-! otherwise various applications will assume merely 8 colors
-XTerm.termName: xterm-256color
-
-! font
-! actually, "mono" is already the default for faceName (it will
-! pick whatever fc-match mono delivers), but we need to set _some_
-! faceName to trigger XTerm activating TrueType fonts
-! (XTerm*fontRender by itself won't do the trick), and we want
-! TrueType fonts because, well, they scale better, and XTerm lets them
-! fall back on alternatives (hi there ttf-unifont) when a Unicode
-! glyph is not found
-XTerm*faceName: mono
-
-! white on black
-XTerm*reverseVideo: on
-
-! blink screen instead of sound
-XTerm*visualBell: on
-
-! proper ALT as META key treatment
-XTerm*eightBitInput: false
-
-! font sizes
-XTerm*faceSize: 8
-XTerm*faceSize1: 4
-XTerm*faceSize2: 5
-XTerm*faceSize3: 6
-XTerm*faceSize4: 8
-XTerm*faceSize5: 14
-XTerm*faceSize6: 25
-
-! colors
-! black
-XTerm*color0: #202020
-XTerm*color8: #3F3F3F
-! red
-XTerm*color1: #A82020
-XTerm*color9: #E82020
-! green
-XTerm*color2: #20A820
-XTerm*color10: #20E820
-! yellow
-XTerm*color3: #A8A820
-XTerm*color11: #E8E820
-! blue
-XTerm*color4: #3F3FFF
-XTerm*color12: #9F9FFF
-! magenta
-XTerm*color5: #A83FFF
-XTerm*color13: #E89FFF
-! cyan
-XTerm*color6: #3FA8FF
-XTerm*color14: #9FE8FF
-! white
-XTerm*color7: #A8A8A8
-XTerm*color15: #E8E8E8
+++ /dev/null
-plom@plomlompom.com
-plom@mail.plomlompom.com
-plom@play.plomlompom.com
-# file read ends at last newline
+++ /dev/null
-# plomlompom's i3-wm configuration
-
-# Font for i3 text
-font pango:Terminus 8px
-
-# Force "tabbed" as default layout for new windows.
-workspace_layout tabbed
-
-# Make the Windows key the modifier key for all i3-wm actions.
-set $mod Mod4
-floating_modifier $mod
-
-# Launch xterm.
-bindsym $mod+Return exec xterm
-
-# Launch programs via dmenu.
-bindsym $mod+d exec dmenu_run
-bindsym $mod+x exec dmenu_run
-
-# Kill window.
-bindsym $mod+Shift+Q kill
-
-# Move focus between windows.
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Don't move focus with mouse.
-focus_follows_mouse no
-
-# Move windows.
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# Resize windows
-bindsym $mod+h resize shrink width 1 px or 1 ppt
-bindsym $mod+l resize grow width 1 px or 1 ppt
-bindsym $mod+j resize shrink height
-bindsym $mod+k resize grow height
-
-# Toggle fullscreen for focused window.
-bindsym $mod+f fullscreen
-
-# Toggle floating of window, focus on floating or tabbed windows.
-bindsym $mod+Shift+space floating toggle
-bindsym $mod+space focus mode_toggle
-
-# Switch to workspace x.
-bindsym $mod+1 workspace 1
-bindsym $mod+2 workspace 2
-bindsym $mod+3 workspace 3
-bindsym $mod+4 workspace 4
-bindsym $mod+5 workspace 5
-bindsym $mod+6 workspace 6
-bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace 8
-bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
-
-# Move window to workspace x.
-bindsym $mod+Shift+exclam move workspace 1
-bindsym $mod+Shift+quotedbl move workspace 2
-bindsym $mod+Shift+section move workspace 3
-bindsym $mod+Shift+dollar move workspace 4
-bindsym $mod+Shift+percent move workspace 5
-bindsym $mod+Shift+ampersand move workspace 6
-bindsym $mod+Shift+slash move workspace 7
-bindsym $mod+Shift+parenleft move workspace 8
-bindsym $mod+Shift+parenright move workspace 9
-bindsym $mod+Shift+equal move workspace 10
-
-# Reload i3 config file, restart (keeping sesion) i3, exit i3.
-bindsym $mod+Shift+C reload
-bindsym $mod+Shift+R restart
-bindsym $mod+Shift+P exit
-
-# Select "i3status" as i3 status bar, hide systray icons.
-bar {
- tray_output none
- status_command i3status
-}
-
-include ~/.config/i3/config_bonus
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-;; general layout
-;; ==============
-
-;; need no stinkin emacs help screen as start up, and no menu bar
-(setq inhibit-startup-screen t)
-(menu-bar-mode -1)
-
-;; highlight cursor line, parentheses
-(global-hl-line-mode 1)
-(show-paren-mode 1)
-
-;; show line numbers, use separator space
-(global-linum-mode)
-(setq linum-format "%d ")
-
-;; count cursor column, row in mode line
-(setq column-number-mode t)
-
-;; settings to make GUI tolerable
-(if window-system
- (progn
- (add-to-list 'default-frame-alist '(foreground-color . "white"))
- (add-to-list 'default-frame-alist '(background-color . "black"))
- (set-face-attribute 'default nil :height 80)
- (scroll-bar-mode -1)
- (setq visible-bell t)
- (setq linum-format "%d")))
-
-;; use as default browser what XDG offers
-(setq-default browse-url-browser-function 'browse-url-xdg-open)
-
-
-
-;; general keybindings
-;; ===================
-
-;; create and use a minimal global map using just the self-insert command
-;; bindings and a selection of some to me very common keystrokes
-(setq minimal-map (make-sparse-keymap))
-(substitute-key-definition 'self-insert-command 'self-insert-command
- minimal-map global-map)
-(use-global-map minimal-map)
-(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
-(global-set-key (kbd "RET") 'newline)
-(global-set-key (kbd "TAB") 'indent-for-tab-command)
-(global-set-key (kbd "<up>") 'previous-line)
-(global-set-key (kbd "<down>") 'next-line)
-(global-set-key (kbd "<left>") 'left-char)
-(global-set-key (kbd "<right>") 'right-char)
-(global-set-key (kbd "<prior>") 'scroll-down-command)
-(global-set-key (kbd "<next>") 'scroll-up-command)
-(global-set-key (kbd "M-x") 'execute-extended-command)
-(global-set-key (kbd "C-g") 'keyboard-quit)
-;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
-;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
-;; note how to switch back to the original map: (use-global-map global-map)
-(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
-
-
-
-;; minibuffer
-;; ==========
-
-;; incremental minibuffer completion
-(icomplete-mode 1)
-
-
-
-;; text editing
-;; ============
-
-;; tabs are evil
-(setq-default indent-tabs-mode nil)
-(setq-default tab-width 4)
-(setq indent-line-function 'insert-tab)
-
-;; show trailing whitespace
-(setq-default show-trailing-whitespace 1)
-
-;; on save, ask whether to ensure text file's last line ends in a
-;; newline character
-(setq require-final-newline 1)
-
-;; use dedicated directory for version-controlled, endless backups;
-;; never delete old versions
-(setq make-backup-files t
- backup-directory-alist `(("." . "~/.emacs_backups"))
- backup-by-copying t
- version-control t
- delete-old-versions 1) ;; neither t nor nil: never delete
-
-
-;; package management
-;; ==================
-
-;; where we get packages from
-(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
- ("melpa-unstable" . "https://melpa.org/packages/")
- ("melpa-stable" . "https://stable.melpa.org/packages/")))
-
-;; ensure certain packages are installed (actually, we use Debian repos here)
-;; credit to <https://stackoverflow.com/a/10093312>
-;(setq package-list '(elfeed ledger-mode))
-;(package-initialize)
-;(dolist (package package-list)
-; (unless (package-installed-p package)
-; (package-install package)))
-
-
-
-;;; window management
-;;; =================
-;
-;;; track window configurations to allow window config undo
-;(winner-mode 1)
-
-
-
-;; mail setup
-;; ==========
-
-(setq send-mail-function 'smtpmail-send-it)
-(setq smtpmail-smtp-server "mail.plomlompom.com")
-(setq smtpmail-smtp-service 465)
-(setq smtpmail-stream-type 'ssl)
-(setq smtpmail-smtp-user "plom")
-(setq mml-secure-openpgp-encrypt-to-self t)
-(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
-
-;(setq gnutls-log-level 0)
-
-;; if we don't set this, we get this warning:
-;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
-;; has been lowered to 256 bits and this may allow decryption of the session data
-(setq gnutls-min-prime-bits 1024)
-
-;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
-;; stream process, seemingly unless the /message/ function is called at the right
-;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
-;; in /network-stream-get-response/ right after "(goto-char start)"; this works
-;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
-;; buffer is not relevant, but maybe writing to the echo area is); activing the
-;; gnutls logging is just a hack to achieve such calls to /message/ in the
-;; /network-stream-open-tls/ flow.
-(setq gnutls-log-level 1) ; miraculously makes smtpmail work
-
-;; constructs From: domain if mail composer directly called (from without
-;; notmuch), but we don't actually intend to do that
-;(setq mail-host-address "plomlompom.com")
-
-;; otherwise notmuch becomes extremely slow in some cases
-(setq-default notmuch-show-indent-content nil)
-
-;; this only works if we use notmuch-mua-send instead of message-send
-(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
-
-;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
-;; in the message ID
-(setq mail-host-address "plomlompom.com")
-
-;; notmuch saved searches
-(setq notmuch-saved-searches
- '((:name "inbox" :query "tag:unread and folder:inbox")
- (:name "all" :query "tag:unread not folder:maildir/Trash")
- (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
- (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
- (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
- (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
- (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
-
-
-
-;; org mode
-;; ========
-
-;; unsure why, but to re-set the key map, we not only have to explicitely do it
-;; only after org-mode loading, but also have to explicitely overwrite the
-;; C-c keybinding; TODO: investigate
-(with-eval-after-load 'org
- (setq org-mode-map (make-sparse-keymap))
- (define-key org-mode-map (kbd "C-c") nil)
- (define-key org-mode-map (kbd "TAB") 'org-cycle)
- (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
-
-;; don't truncate lines by default
-(setq org-startup-truncated nil)
-
-;; basic org-capture config
-(setq org-capture-templates
- '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
-(add-hook 'org-capture-mode-hook 'evil-insert-state)
-
-;; agenda view on startup
-(load-library "find-lisp")
-(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
-(setq org-agenda-span 90)
-(setq org-agenda-use-time-grid nil)
-(add-hook 'emacs-startup-hook (lambda ()
- (org-agenda-list)
- (switch-to-buffer "*Org Agenda*")
- (other-window 1)))
-
-;;; for calendar, use ISO date style
-;(setq calendar-date-style 'iso)
-;(setq diary-number-of-entries 7)
-;(diary)
-;(setq org-agenda-time-grid '((today require-timed remove-match)
-; #("----------------" 0 16 (org-heading t))
-; (0 200 400 600 800 1000 1200
-; 1400 1600 1800 2000 2200)))
-
-;; empty org-agenda-mode keybindings
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (setq org-agenda-mode-map (make-sparse-keymap))))
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (use-local-map (make-sparse-keymap))))
-
-;; org-publish-all
-(setq org-publish-project-alist
- '(
- ("website"
- :base-directory "~/org/web/"
- :base-extension "org"
- :publishing-directory "~/html/"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4 ; Just the default for this project.
- :auto-preamble t
- )))
-
-;; use [ki:] syntax to hide stuff from exports
-(defun classify-information (text backend info)
- "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
- (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
-(add-hook 'org-export-filter-plain-text-functions 'classify-information)
-
-;; add HTML validator link to exports
-(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
-
-
-
-;;; Info mode
-;;; =========
-
-(setq Info-mode-map (make-sparse-keymap))
-(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
-(define-key Info-mode-map (kbd "u") 'Info-up)
-(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
-(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
-(define-key Info-mode-map (kbd "H") 'Info-history-back)
-(define-key Info-mode-map (kbd "L") 'Info-history-forward)
-(define-key Info-mode-map (kbd "I") 'Info-goto-node)
-(define-key Info-mode-map (kbd "i") 'Info-index)
-
-
-
-;; help mode
-;; =========
-
-(setq help-mode-map (make-sparse-keymap))
-(define-key help-mode-map (kbd "TAB") 'forward-button)
-(define-key help-mode-map (kbd "RET") 'help-follow)
-(define-key help-mode-map (kbd "<backtab>") 'backward-button)
-
-
-
-; ;; elfeed
-; ;; ======
-;
-; (require 'elfeed) ; needed so we can set the font faces
-; (set-face-background 'elfeed-search-title-face "magenta")
-; (set-face-background 'elfeed-search-unread-count-face "magenta")
-; (setq elfeed-feeds
-; '("https://capsurvival.blogspot.com/feeds/posts/default"
-; "https://jungle.world/rss.xml"
-; "http://news.dieweltistgarnichtso.net/bin/index.xml"
-; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
-; "http://www.tagesschau.de/xml/atom"))
-; (setq elfeed-search-mode-map (make-sparse-keymap))
-; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
-; (defun elfeed-search-mark-as-read() (interactive)
-; (elfeed-search-untag-all 'unread))
-; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
-; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
-; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
-; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
-; (setq elfeed-show-mode-map (make-sparse-keymap))
-; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
-; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
-; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
-; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
-; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
-; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
-; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
-;
-;
-;
-; ;; eww
-; ;; ===
-;
-; (setq eww-mode-map (make-sparse-keymap))
-; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
-; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
-; (define-key eww-mode-map (kbd "H") 'eww-back-url)
-; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
-
-
-
-;; ledger
-;; ======
-(setq ledger-mode-map (make-sparse-keymap))
-(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
-
-
-
-;;; plomvi mode
-;;; ===========
-
-(defvar plomvi-return-combo (kbd "C-c"))
-(load "~/public_repos/plomvi.el/plomvi.el")
-(plomvi-global-mode 1)
+++ /dev/null
-[user]
- email = c.heller@plomlompom.de
- name = Christian Heller
+++ /dev/null
-IMAPAccount plom
-# Address to connect to
-Host mail.plomlompom.com
-User plom
-# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
-# therefore the pw in ~/.authinfo should not be longer than that.
-PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
-SSLType IMAPS
-AuthMechs LOGIN
-
-IMAPStore core-remote
-Account plom
-
-MaildirStore core-local
-# The trailing "/" is important
-Path ~/mail/maildir/
-Inbox ~/mail/inbox/
-
-Channel core
-Far :core-remote:
-Near :core-local:
-Patterns *
-# Automatically create missing mailboxes, both locally and on the server
-Create Both
-# Save the synchronization state files in the relevant directory
-SyncState *
-# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
-Expunge Both
+++ /dev/null
-[database]
-path=/home/plom/mail
-[search]
-exclude_tags=deleted;spam;
-# the fields below set the From: if the mail composer is called from
-# within notmuch
-[user]
-name=Christian Heller
-primary_email=plom@plomlompom.com
+++ /dev/null
-# sanitize tridactyllocal tridactylsync
-# guiset tabs always
-# guiset hoverlink left
-# guiset statuspanel right
-autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
-# bind ö fillcmdline find
-# bind n findnext 1
-# bind N findnext -1
-bind j scrollline 3
-bind k scrollline -3
-set hintuppercase false
-set searchengine duckduckgo
-set theme midnight
-set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
-set searchurls.dictcc https://www.dict.cc/?s=
-set hintchars 123456qwertasdfgyxcvb
-guiset gui none
-escapehatch
+++ /dev/null
-# X init configuration
-
-# Set keymap.
-setxkbmap de
-
-# Map CapsLock to Compose key.
-xmodmap -e "clear Lock"
-xmodmap -e "keycode 66 = Multi_key"
-
-# Load xterm settings
-xrdb -merge ~/.Xresources
-
-# Redshift to Berlin, Germany.
-redshift -rl 53:13 &
-
-sh .xinitrc_bonus
-
-# Launch window manager.
-i3
+++ /dev/null
-#!/bin/sh
-set -e
-
-basedir="/home/plom/mail/maildir/"
-# Ensure directories exist for all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- if [ ! -d "${target_dir}" ]; then
- echo "Directory ${target_dir} does not exist."
- exit 1
- fi
-done
-
-# Ensure all "dir:*"-tagged mails are in proper directories,
-# remove all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- for f in $(notmuch search --output=files tag:"${tag}"); do
- new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
- target_path="${target_dir}${new_name}"
- if [ ! "${target_path}" = "${f}" ]; then
- echo "Moving ${f} to ${target_path}."
- mv "${f}" "${target_path}"
- # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
- fi
- done
- notmuch tag -"${tag}" tag:"${tag}"
-done
-
-# Remove all "deleted"-tagged files from maildirs.
-notmuch search --output=files tag:deleted | while read f; do
- echo "Deleting ${f}"
- rm "${f}"
-done
-
-# Sync changes back to server and update notmuch index.
-mbsync -a
-notmuch new
+++ /dev/null
-# List of repos we want cloned in ~/public_repos
-config
-pingmail.git
-plomlombot-irc.git
-plomrogue
-plomrogue2-experiments
-plomvi.el
-misc
--- /dev/null
+export DEBIAN_FRONTEND=noninteractive
+
+USERNAME=plom
+PATH_USER_HOME="/home/${USERNAME}"
+
+# NB: this assume we're run from script's parent directory
+cd ../..
+PATH_REPO=$(pwd)
+cd -
+PATH_CONF="${PATH_REPO}/testing"
+PATH_CONF_HOME="${PATH_CONF}/home"
+
+expect_min_n_args() {
+ MIN_ARGS="$1"
+ EXPLAINER="$2"
+ shift 2
+ if [ "$#" -lt "${MIN_ARGS}" ]; then
+ echo "Need at least ${MIN_ARGS} arguments … ${EXPLAINER}"
+ false
+ fi
+}
+
+abort_if_exists() {
+ if [ -e "$1" ]; then
+ echo "Aborting because $1 already exists."
+ exit 1
+ fi
+}
+
+abort_if_not_user() {
+ if [ "$(whoami)" != "$1" ]; then
+ echo "Must be run as ${1}."
+ exit 1
+ fi
+}
+
+abort_if_offline() {
+ if ! ping -c1 -W2 1.1.1.1 > /dev/null 2>&1; then
+ echo "Must be run online."
+ exit 1
+ fi
+}
+++ /dev/null
-. ../../constants.sh
-. "${PATH_MANY_MISC}"
-
-PATH_REL_SECRETS=to_usb
-PATH_SECRETS=${PATH_USER_HOME}/${PATH_REL_SECRETS}
-
-get_system_name_arg() {
- THINKPAD_NAMES="x220 w530 t490s"
- LEGAL_SYSTEM_NAMES="${THINKPAD_NAMES} h610m"
- FOUND=0
- for SYSTEM_NAME_I in $LEGAL_SYSTEM_NAMES; do
- if [ "$1" = "$SYSTEM_NAME_I" ]; then
- FOUND=1
- SYSTEM_NAME="${SYSTEM_NAME_I}"
- break
- fi
- done
- if [ "${FOUND}" = 0 ]; then
- echo "Need legal system name."
- false
- fi
- SYSTEM_CLASS_NAME=
- for THINKPAD_NAME in $THINKPAD_NAMES; do
- if [ "${SYSTEM_NAME}" = "${THINKPAD_NAME}" ]; then
- SYSTEM_CLASS_NAME=thinkpad
- break
- fi
- done
-}
-
-abort_if_exists() {
- if [ -e "${1}" ]; then
- echo "Aborting because $1 already exists."
- exit 1
- fi
-}
-
-abort_if_not_user() {
- if [ `whoami` != "$1" ]; then
- echo "Must be run as ${1}."
- exit 1
- fi
-}
-
-abort_if_offline() {
- if ! ping -c1 -W2 1.1.1.1 > /dev/null 2>&1; then
- echo "Must be run online."
- exit 1
- fi
-}
set -e
-. ./_misc.sh
+
+# NB: this assume we're run from script's parent directory
+. ./_config_scripts_lib.sh
PATH_REPOS="${HOME}/repos"
PATH_BORGKEYS="${HOME}/.config/borg/keys"
+PATH_USER_SSH="${PATH_USER_HOME}/.ssh"
+FILENAME_KEY=id_rsa
+PATH_PRIVATE_KEY="${PATH_USER_SSH}/${FILENAME_KEY}"
+PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts"
REPOS_SITE_DOMAIN=plomlompom.com
REMOTE_PATH_REPOS=/var/repos
NAME_BORGAPP=borgplom
abort_if_exists "${PATH_BORGKEYS}"
echo "\nSetting up ~/.ssh"
-PATH_PRIVATE_KEY="${PATH_USER_SSH}/${FILENAME_PRIVATE_KEY}"
-PATH_PUBLIC_KEY="${PATH_USER_SSH}/${FILENAME_PUBLIC_KEY}"
-PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts"
+PATH_PUBLIC_KEY="${PATH_PRIVATE_KEY}.pub"
mkdir -p "${PATH_USER_SSH}"
-cp "${PATH_SECRETS}/${FILENAME_PRIVATE_KEY}" "${PATH_PRIVATE_KEY}"
+cp "${PATH_SECRETS}/${FILENAME_KEY}" "${PATH_KEY}"
stty -echo
while [ ! -s "${PATH_PUBLIC_KEY}" ]; do
set +e
fi
done
+PATH_REL_REPO=$(basename "${PATH_REPO}")
PATH_REL_DEL_REPO="DELETE_${PATH_REL_REPO}"
mv "${HOME}/${PATH_REL_REPO}" "${HOME}/${PATH_REL_DEL_REPO}"
echo "\nWith ~/repos set up, new reference be ~/repos/${PATH_REL_REPO}; moved ~/${PATH_REL_REPO} to ~/${PATH_REL_DEL_REPO}, ready to be deleted by you."
#!/bin/sh
set -e
-. ./_misc.sh
-expect_min_n_args 1 "(system name)" "$@"
-abort_if_offline
-get_system_name_arg "$1"
-MIN_MODULES="all ${SYSTEM_CLASS_NAME} ${SYSTEM_NAME}"
+# NB: this assume we're run from script's parent directory
+. ./_config_scripts_lib.sh
-echo "\nUpgrading to testing."
-# For this step only very selectively prepare /etc/ files.
+PATH_REL_ETC=etc
+PATH_CONF_ETC="${PATH_CONF}/${PATH_REL_ETC}"
+PATH_ETC="/${PATH_REL_ETC}"
+PATH_NETWORK_INTERFACES="${PATH_ETC}/network/interfaces"
PATH_REL_APT=apt
PATH_REL_APT_CONF=${PATH_REL_APT}/apt.conf.d
-PATH_REL_SOURCES_LIST=${PATH_REL_APT}/sources.list
-cp ${PATH_MANY}/${PATH_REL_ETC}/all/${PATH_REL_APT_CONF}/* /${PATH_REL_ETC}/${PATH_REL_APT_CONF}/
-apt update
-apt -y -o Dpkg::Options::='--force-confnew' upgrade
-apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
-cp ../${PATH_REL_ETC}/all/${PATH_REL_SOURCES_LIST} /${PATH_REL_ETC}/${PATH_REL_APT}/
-apt clean
-apt update
-apt -y -o Dpkg::Options::='--force-confnew' upgrade
-apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
-apt -y autoremove
+TAG_ALL=all
+TAGS_USER='user desktop'
-echo "\nSetting hostname and FQDN."
-echo "${SYSTEM_NAME}" > /etc/hostname
-hostname "${SYSTEM_NAME}"
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
- continue
- fi
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+copy_dirtree() {
+ expect_min_n_args 3 "(source root, target root, tags)" "$@"
+ SOURCE_ROOT="$1"
+ TARGET_ROOT="$2"
+ shift 2
+ modules="$@"
+ INITIAL_DIRECTORY="$(pwd)"
+ for TAG in ${TAGS}; do
+ TAG_PATH="${SOURCE_ROOT}/${TAG}"
+ if [ ! -d "${TAG_PATH}" ]; then
+ continue
+ fi
+ cd "${TAG_PATH}"
+ for PATH in $(find . -type f); do
+ TARGET_PATH="${TARGET_ROOT}"$(echo "${PATH}" | cut -c2-)
+ SOURCE_PATH=$(realpath "${PATH}")
+ DIRECTORY=$(dirname "${TARGET_PATH}")
+ mkdir -p "${DIRECTORY}"
+ cp "${SOURCE_PATH}" "${TARGET_PATH}"
+ done
+ cd "${INITIAL_DIRECTORY}"
+ done
+}
+
+get_system_class_for() {
+ THINKPAD_NAMES="x220 w530 t490s"
+ for THINKPAD_NAME in $THINKPAD_NAMES; do
+ if [ "$1" = "${THINKPAD_NAME}" ]; then
+ printf 'thinkpad'
+ break
+ fi
+ done
+ printf ''
+}
+
+abort_if_illegal_system_name() {
+ LEGAL_SYSTEM_NAMES="${THINKPAD_NAMES} h610m"
+ for SYSTEM_NAME_I in $LEGAL_SYSTEM_NAMES; do
+ if [ "$1" = "$SYSTEM_NAME_I" ]; then
+ return 0
+ fi
+ done
+ echo "Need legal system name."
+ exit 1
+}
+
+upgrade_from_older_release() {
+ apt_update_to_full_upgrade() {
+ apt update
+ apt -y -o Dpkg::Options::='--force-confnew' upgrade
+ apt -y -o Dpkg::Options::='--force-confnew' full-upgrade
+ }
+ apt_update_to_full_upgrade
+ cp "${PATH_CONF_ETC}/${TAG_ALL}/${PATH_REL_APT}/sources.list" "${PATH_ETC}/${PATH_REL_APT}/"
+ apt clean
+ apt_update_to_full_upgrade
+ apt -y autoremove
+}
+
+determine_ip() {
+ FINAL_IP="127.0.1.1"
+ for IP in $(hostname -I); do
+ if [ $(echo "${IP}" | grep ':' | wc -l) -eq 1 ]; then
continue
fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
+ RANGE_1=$(echo "${IP}" | cut -d "." -f 1)
+ RANGE_2=$(echo "${IP}" | cut -d "." -f 2)
+ if [ "${RANGE_1}" -eq 127 ]; then
+ continue
+ elif [ "${RANGE_1}" -eq 10 ]; then
+ continue
+ elif [ "${RANGE_1}" -eq 172 ]; then
+ if [ "${RANGE_2}" -ge 16 ] && [ "${RANGE_2}" -le 31 ]; then
+ continue
+ fi
+ elif [ "${RANGE_1}" -eq 192 ]; then
+ if [ "${RANGE_2}" -eq 168 ]; then
+ continue
+ fi
+ fi
+ FINAL_IP="${IP}"
+ done
+ printf "${FINAL_IP}"
+}
+
+mark_nonrequireds_auto() {
+ PATH_LIST_PREFIX=/tmp/list_
+ PATH_LIST_UNSORTED="${PATH_LIST_PREFIX}unsorted"
+ PATH_LIST_ALL_PACKAGES="${PATH_LIST_PREFIX}all_packages"
+ PATH_LIST_WHITE="${PATH_LIST_PREFIX}white"
+ PATH_LIST_BLACK="${PATH_LIST_PREFIX}black"
+ TOK_REQ=" required"
+ dpkg-query -Wf '${Package} ${Priority}\n' | grep "${TOK_REQ}" | sed "s/${TOK_REQ}//" > "${PATH_LIST_UNSORTED}"
+ sort "${PATH_LIST_UNSORTED}" | uniq > "${PATH_LIST_WHITE}"
+ dpkg-query -Wf '${Package}\n' > "${PATH_LIST_UNSORTED}"
+ sort "${PATH_LIST_UNSORTED}" | uniq > "${PATH_LIST_ALL_PACKAGES}"
+ comm -3 "${PATH_LIST_ALL_PACKAGES}" "${PATH_LIST_WHITE}" > "${PATH_LIST_BLACK}"
+ apt-mark auto `cat "${PATH_LIST_BLACK}"`
+ rm "${PATH_LIST_UNSORTED}" "${PATH_LIST_ALL_PACKAGES}" "${PATH_LIST_WHITE}" "${PATH_LIST_BLACK}"
+}
+
+install_aptmarkeds() {
+ # Walk through the package names in ../aptmark/ files to ensure the respective
+ # packages are installed.
+ for TAG in ${MIN_TAGS} user desktop; do
+ PATH="${PATH_CONF}/aptmark/${TAG}"
+ if [ ! -f "${PATH}" ]; then
continue
fi
+ cat "${PATH}" | while read line; do
+ echo "$LINE"
+ if [ ! $(echo "${LINE}" | cut -c1) = "#" ]; then
+ apt-get -y -o Dpkg::Options::="--force-confnew" install "${LINE}"
+ fi
+ done
+ done
+}
+
+adopt_wifi_connection() {
+ get_network_interfaces_last_wpa_value() {
+ REGEX="^\s+wpa-${1}\s+"
+ cat "${PATH_NETWORK_INTERFACES}" | grep -E "${REGEX}" | sed -E "s/${REGEX}//g" | tail -1
+ }
+ WLAN_SSID=$(get_network_interfaces_last_wpa_value 'ssid')
+ WLAN_PSK=$(get_network_interfaces_last_wpa_value 'psk')
+ if [ ! -z "${WLAN_SSID}" ]; then
+ echo "Found, adding to NetworkManager."
+ if [ -z "${WLAN_PSK}" ]; then
+ nmcli connection add type wifi wifi.ssid "${WLAN_SSID}"
+ else # NB: assumes last (collected with tail -1) wpa-psk that of last wlan-ssid
+ nmcli connection add type wifi wifi.ssid "${WLAN_SSID}" wifi-sec.key-mgmt wpa-psk wifi-sec.psk "${WLAN_PSK}"
+ fi
fi
- final_ip="${ip}"
-done
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${SYSTEM_NAME}" >> /etc/hosts
+}
+
+expect_min_n_args 1 "(system name)" "$@"
+abort_if_offline
+SYSTEM_NAME="$1"
+abort_if_illegal_system_name "${SYSTEM_NAME}"
+SYSTEM_CLASS_NAME="$(get_system_class_for ${SYSTEM_NAME})"
+MIN_TAGS="${TAG_ALL} ${SYSTEM_CLASS_NAME} ${SYSTEM_NAME}"
+
+echo "\nUpgrading to testing."
+# For this step only very selectively prepare /etc/ files.
+cp "${PATH_CONF_ETC}/${TAG_ALL}/${PATH_REL_APT_CONF}/99_minimize_dependencies" "${PATH_ETC}/${PATH_REL_APT_CONF}/"
+upgrade_from_older_release
echo "\nInstalling and/or keeping only what's required by us or Debian."
# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
+# defined as required by Debian policy and by settings in ./aptmark.
mark_nonrequireds_auto
if [ "${SYSTEM_NAME}" = "h610m" ]; then
# Hold kernel known to work with nvidia-drivers.
apt-mark hold linux-image-amd64 linux-headers-amd64
fi
-for root in $ROOTS_HERE_AND_MANY; do
- install_for_modules "${root}/${PATH_REL_APTMARK}" ${MIN_MODULES} user desktop
-done
+install_aptmarkeds
apt -y --purge autoremove
-echo "\nChecking for existing wifi config in ${PATH_NETWORK_INTERFACES}."
# NB: This needs to come before steps potentially overwriting /etc/network/interfaces.
-PATH_NETWORK_INTERFACES=/etc/network/interfaces
-get_network_interfaces_last_wpa_value() {
- REGEX="^\s+wpa-${1}\s+"
- cat "${PATH_NETWORK_INTERFACES}" | grep -E "${REGEX}" | sed -E "s/${REGEX}//g" | tail -1
-}
-WLAN_SSID=$(get_network_interfaces_last_wpa_value 'ssid')
-WLAN_PSK=$(get_network_interfaces_last_wpa_value 'psk')
-if [ ! -z "${WLAN_SSID}" ]; then
- echo "Found, adding to NetworkManager."
- if [ -z "${WLAN_PSK}" ]; then
- nmcli connection add type wifi wifi.ssid "${WLAN_SSID}"
- else # NB: assumes last (collected with tail -1) wpa-psk that of last wlan-ssid
- nmcli connection add type wifi wifi.ssid "${WLAN_SSID}" wifi-sec.key-mgmt wpa-psk wifi-sec.psk "${WLAN_PSK}"
- fi
-fi
+echo "\nChecking for existing wifi config in ${PATH_NETWORK_INTERFACES}."
+adopt_wifi_connection
-echo "\nAdapting /etc to our needs."
-for root in $ROOTS_HERE_AND_MANY; do
- copy_dirtree "${root}/${PATH_REL_ETC}" '/etc' ${MIN_MODULES} user desktop
-done
+echo "\nSetting hostname and FQDN."
+echo "${SYSTEM_NAME}" > "${PATH_ETC}/hostname"
+hostname "${SYSTEM_NAME}"
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "$(determine_ip) ${SYSTEM_NAME}" >> /etc/hosts
+echo "\nAdapting /etc to our needs."
+copy_dirtree "${PATH_CONF_ETC}" '/etc' ${MIN_TAGS} ${TAGS_USER}
echo "\nEnsuring our desired locale is available."
locale-gen
-
echo "\nSetting Berlin localtime."
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
ntpdate-debian
echo "\nSetting up root user's home directory."
-for root in $ROOTS_HERE_AND_MANY; do
- copy_dirtree "${root}/${PATH_REL_HOME}" '/root' ${MIN_MODULES} minimal root
-done
+copy_dirtree "${PATH_CONF_HOME}" '/root' ${MIN_TAGS} root
echo "\nSetting up user ${USERNAME}."
adduser --disabled-password --gecos "" "${USERNAME}"
usermod -a -G sudo "${USERNAME}"
-for root in $ROOTS_HERE_AND_MANY; do
- copy_dirtree "${root}/${PATH_REL_HOME}" "${PATH_USER_HOME}" ${MIN_MODULES} user desktop
-done
-cp -a "../../../${PATH_REL_REPO}" "${PATH_USER_HOME}/"
+copy_dirtree "${PATH_CONF_HOME}" "${PATH_USER_HOME}" ${MIN_TAGS} ${TAGS_USER}
+cp -a "${PATH_REPO}" "${PATH_USER_HOME}/"
chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_HOME}"
passwd "${USERNAME}"
+++ /dev/null
-#!/bin/sh
-set -e
-set -x
-. ../../constants.sh
-. "${PATH_MANY_MISC}"
-
-setup_for_raspi
#!/bin/sh
set -e
-. ./_misc.sh
-. ../home/desktop/.nonpath_bins/plomlib.sh
+
+# NB: this assume we're run from script's parent directory
+. ./_config_scripts_lib.sh
+. "${PATH_CONF_HOME}"/desktop/.nonpath_bins/plomlib.sh
+
+export PATH_SECRETS=${PATH_USER_HOME}/to_usb
abort_if_not_user root
abort_if_offline
echo "You can remove ${PATH_DEV} now."
chown -R "${USERNAME}:${USERNAME}" "${PATH_SECRETS}"
-cd ../..
-PATH_REPO=$(pwd)
CONTAINS_TICK=$(echo "${PASSPHRASE}" | grep "'" | wc -l)
if [ "${CONTAINS_TICK}" = "1" ]; then
echo "Cannot pass to user script passphrase with illegal character, aborting."
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-expect_n_args 2 "(hostname, FQDN)" "$@"
-hostname="$1"
-fqdn="$2"
-shift 2
-
-cd "${setup_scripts_dir}"
-
-# Adapt /etc/ to our needs by copying from ./etc_files. This will set
-# basic configurations affecting following steps, such as setup of APT
-# and the locale selection, so needs to be right at the beginning.
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all "$@"
-./purge_nonrequireds.sh all "$@"
-
-# Ensure our desired locale is available.
-locale-gen
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+++ /dev/null
-#!/bin/sh
-# Copy files in argument-selected subdirectories of $1 to subdirectories
-# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
-# of "" and $3 of "all", copy files below etc_files/all such as
-# etc_files/all/etc/foo/bar to equivalent locations below / such as
-# /etc/foo/bar. Create directories as necessary. Multiple arguments after
-# $3 are possible.
-#
-# CAUTION: This removes original files at the affected paths.
-set -e
-. ./misc.sh
-
-expect_n_args 3 "(source root, target root, modules)" "$@"
-
-source_root="$1"
-target_root="$2"
-shift 2
-
-for target_module in "$@"; do
- mkdir -p "${source_root}/${target_module}"
- cd "${source_root}/${target_module}"
- for path in $(find . -type f); do
- target_path="${target_root}"$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp "${source_path}" "${target_path}"
- done
-done
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-. ./misc.sh
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- # TODO: continue if file at $path not found, to get rid of dummy files
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-set -e
-debian_version="testing"
-legal_system_names="x220 w530 h610m"
-config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
-if [ ! -d "${config_tree_prefix}" ]; then
- config_tree_prefix="${HOME}/config/${debian_version}"
-fi
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-expect_n_args() {
- min_args="$1"
- explainer="$2"
- shift 2
- if [ "$#" -lt "${min_args}" ]; then
- echo "Need at least ${min_args} arguments … ${explainer}"
- false
- fi
-}
-
-expect_setup_finished_file() {
- filename="$1"
- setup_script="$2"
- if [ ! -f "${HOME}/${filename}" ]; then
- echo "First need to run ${setup_script}."
- false
- fi
-}
-
-get_system_name_arg() {
- found=0
- for system_name_i in $legal_system_names; do
- if [ "$1" = "$system_name_i" ]; then
- found=1
- system_name="${system_name_i}"
- continue
- fi
- done
- if [ "$found" = 0 ]; then
- echo "Need legal system name."
- false
- fi
-}
+++ /dev/null
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-. ./misc.sh
-
-# FIXME packages listed twice in the aptmark_dir get blacklisted?
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- echo "${line}" >> /tmp/list_white_unsorted
- fi
- done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
-
-# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab.
-# TODO: Find out why.
-mount -a
+++ /dev/null
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-#
-# Ignores IPv6s.
-set -e
-. ./misc.sh
-
-expect_n_args 1 "(hostname, fqdn)" "$@"
-
-hostname="$1"
-fqdn="$2"
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
- continue
- fi
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
- continue
- fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
- continue
- fi
- fi
- final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-expect_n_args 1 "(system name)" "$@"
-get_system_name_arg "$1"
-
-# Set up system without user environment.
-cd "${setup_scripts_dir}"
-if [ "$system_name" = "w530" ] || [ "$system_name" = "x220" ]; then
- ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
-else
- ./_setup.sh "${system_name}" "" user desktop "${system_name}"
-fi
-
-# Upgrade to testing, but hold kernel known to work with nvidia-drivers.
-sed -i 's/bookworm/testing/g' /etc/apt/sources.list
-if [ "$system_name" = "h610m" ]; then
- apt-mark hold linux-image-amd64 linux-headers-amd64
-fi
-apt update
-apt dist-upgrade
-
-# Set up user environments.
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
-adduser --disabled-password --gecos "" plom
-usermod -a -G sudo plom
-passwd plom
-cp -a ~/config /home/plom
-chown -R plom:plom /home/plom/config
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-expect_n_args 1 "(system name)" "$@"
-get_system_name_arg "$1"
-
-cd $setup_scripts_dir
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
-
-# secrets_dev="sdb"
-# source_dir_secrets="/media/${secrets_dev}/to_usb"
-# target_dir_secrets="${HOME}/tmp_secrets"
-# echo "Put secrets drive into slot for /dev/${secrets_dev}."
-# while [ ! -e /dev/"${secrets_dev}" ]; do
-# sleep 1
-# done
-# stty -echo
-# printf "Secrets passphrase: "
-# read SECRETS_PASS
-# stty echo
-# echo "" # newline so user knows their input return was accepted
-# sudo -v
-# echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
-# cp -a "${source_dir_secrets}" "${target_dir_secrets}"
-# sudo chown -R plom:plom "${target_dir_secrets}"
-# sudo pumount "${secrets_dev}"
-# echo "You can remove /dev/${secrets_dev} now."
-#
-# # Set up iniitial non-public parts of infrastructure: SSH authentication.
-# ssh_dir=~/.ssh
-# cd "${target_dir_secrets}"
-# mkdir -p "${ssh_dir}"
-# echo "Setting up .ssh"
-# cp id_rsa ~/.ssh
-# stty -echo
-# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
-# stty echo
-# eval $(ssh-agent)
-# ssh-add
-# ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
-#
-# # Fill ~/public_repos.
-# public_repos_dir="${HOME}/public_repos"
-# repos_list_file="${public_repos_dir}/repos"
-# mkdir -p "${public_repos_dir}"
-# cat "${repos_list_file}" | while read line; do
-# first_char=$(echo "${line}" | cut -c1)
-# if [ "${first_char}" = "#" ]; then
-# continue
-# fi
-# repo_name="${line}"
-# if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
-# cd "${public_repos_dir}"
-# git clone plom@plomlompom.com:/var/repos/${repo_name}
-# fi
-# done
-#
-# # Remove redundant config repo copy.
-# config_tree_prefix="${public_repos_dir}/config/${debian_version}"
-# rm -rf ~/config
-#
-# # Set up native messenger for tridactyl.
-# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
-# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
-#
-# # Set up further non-public parts of infrastructure.
-# cd "${target_dir_secrets}"
-# script -c 'gpg --import secret_keys.asc' /dev/null
-# path_borgscript="${config_tree_prefix}//borg.sh"
-#
-# # borg setup
-# borgkeys_dir=~/.config/borg/keys
-# borgrepos_file=~/.borgrepos
-# tar xf borg_keyfiles.tar
-# mkdir -p "${borgkeys_dir}"
-# mv borg_keyfiles/* "${borgkeys_dir}"
-# # Sync org dir via borgbackup. For this we need the borgbackup servers
-# # in our .ssh/known_hosts file.
-# cat "${borgrepos_file}" | while read line; do
-# first_char=$(echo "${line}" | cut -c1)
-# if [ "${first_char}" = "#" ]; then
-# continue
-# fi
-# server=$(echo "${line}" | sed 's/.*@//')
-# ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
-# done
-# BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
-#
-# # .authinfo may not be present on every secrets drive yet
-# authinfo_file=.authinfo
-# if [ -f "${authinfo_file}" ]; then
-# cp "${authinfo_file}" ~
-# fi
-# cd
-#
-# maildir=~/mail/maildir
-# # # Set up e-mail system. Note that we only do mbsync if the imap pass file
-# # # is found. It may not be present on every secrets drive yet, so we have to
-# # # deal with the possibility of it being absent at this point.
-# mkdir -p "${maildir}" # expected by mbsync/isync
-# if [ -f "${HOME}/${authinfo_file}" ]; then
-# mbsync -a
-# notmuch new
-# fi
-#
-# # # Final note on how to integrate tridactyl.
-# # echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
projects / config / commitdiff
