From 15171dcfb9e48aa0311fb77948478dbca48245fa Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Thu, 13 Jan 2022 00:43:04 +0100
Subject: [PATCH] Add w530 setup.

---
 bullseye/apt-mark/desktop                     |   2 +
 bullseye/apt-mark/thinkpad                    |   7 +
 bullseye/apt-mark/w530                        |   0
 bullseye/etc_files/thinkpad/etc/default/tlp   | 306 +++++++++++++++++
 .../thinkpad/etc/systemd/logind.conf          |   6 +
 bullseye/home_files/minimal/.bashrc           |  26 ++
 bullseye/home_files/user/.Xresources          |  56 +++
 bullseye/home_files/user/.borgrepos           |   4 +
 bullseye/home_files/user/.config/i3/config    |  83 +++++
 bullseye/home_files/user/.emacs.d/init.el     | 323 ++++++++++++++++++
 bullseye/home_files/user/.gitconfig           |   3 +
 bullseye/home_files/user/.mbsyncrc            |  28 ++
 bullseye/home_files/user/.notmuch-config      |   9 +
 bullseye/home_files/user/.shell_prompt_color  |   1 +
 bullseye/home_files/user/.tridactylrc         |  13 +
 bullseye/home_files/user/.xinitrc             |  17 +
 bullseye/home_files/user/mail_sync.sh         |  43 +++
 bullseye/home_files/user/public_repos/repos   |   7 +
 .../home_files/w530/.config/i3status/config   |  82 +++++
 bullseye/setup_scripts/setup_desktop.sh       |  89 +++++
 bullseye/setup_scripts/setup_home.sh          | 101 ++++++
 21 files changed, 1206 insertions(+)
 create mode 100644 bullseye/apt-mark/desktop
 create mode 100644 bullseye/apt-mark/thinkpad
 create mode 100644 bullseye/apt-mark/w530
 create mode 100644 bullseye/etc_files/thinkpad/etc/default/tlp
 create mode 100644 bullseye/etc_files/thinkpad/etc/systemd/logind.conf
 create mode 100644 bullseye/home_files/minimal/.bashrc
 create mode 100644 bullseye/home_files/user/.Xresources
 create mode 100644 bullseye/home_files/user/.borgrepos
 create mode 100644 bullseye/home_files/user/.config/i3/config
 create mode 100644 bullseye/home_files/user/.emacs.d/init.el
 create mode 100644 bullseye/home_files/user/.gitconfig
 create mode 100644 bullseye/home_files/user/.mbsyncrc
 create mode 100644 bullseye/home_files/user/.notmuch-config
 create mode 100644 bullseye/home_files/user/.shell_prompt_color
 create mode 100644 bullseye/home_files/user/.tridactylrc
 create mode 100644 bullseye/home_files/user/.xinitrc
 create mode 100755 bullseye/home_files/user/mail_sync.sh
 create mode 100644 bullseye/home_files/user/public_repos/repos
 create mode 100644 bullseye/home_files/w530/.config/i3status/config
 create mode 100755 bullseye/setup_scripts/setup_desktop.sh
 create mode 100755 bullseye/setup_scripts/setup_home.sh

diff --git a/bullseye/apt-mark/desktop b/bullseye/apt-mark/desktop
new file mode 100644
index 0000000..f537318
--- /dev/null
+++ b/bullseye/apt-mark/desktop
@@ -0,0 +1,2 @@
+# so that grub learns about kernel updates
+grub-pc
diff --git a/bullseye/apt-mark/thinkpad b/bullseye/apt-mark/thinkpad
new file mode 100644
index 0000000..6a780f2
--- /dev/null
+++ b/bullseye/apt-mark/thinkpad
@@ -0,0 +1,7 @@
+# for wifi
+firmware-iwlwifi
+# for tlp
+tlp
+tp-smapi-dkms
+linux-headers-amd64
+#
diff --git a/bullseye/apt-mark/w530 b/bullseye/apt-mark/w530
new file mode 100644
index 0000000..e69de29
diff --git a/bullseye/etc_files/thinkpad/etc/default/tlp b/bullseye/etc_files/thinkpad/etc/default/tlp
new file mode 100644
index 0000000..b73846b
--- /dev/null
+++ b/bullseye/etc_files/thinkpad/etc/default/tlp
@@ -0,0 +1,306 @@
+# ------------------------------------------------------------------------------
+# tlp - Parameters for power saving
+# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html
+
+# Hint: some features are disabled by default, remove the leading # to enable
+# them.
+
+# Set to 0 to disable, 1 to enable TLP.
+TLP_ENABLE=1
+
+# Operation mode when no power supply can be detected: AC, BAT.
+# Concerns some desktop and embedded hardware only.
+TLP_DEFAULT_MODE=AC
+
+# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE
+# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC.
+TLP_PERSISTENT_DEFAULT=0
+
+# Seconds laptop mode has to wait after the disk goes idle before doing a sync.
+# Non-zero value enables, zero disables laptop mode.
+DISK_IDLE_SECS_ON_AC=0
+DISK_IDLE_SECS_ON_BAT=2
+
+# Dirty page values (timeouts in secs).
+MAX_LOST_WORK_SECS_ON_AC=15
+MAX_LOST_WORK_SECS_ON_BAT=60
+
+# Hint: CPU parameters below are disabled by default, remove the leading #
+# to enable them, otherwise kernel default values are used.
+
+# Select a CPU frequency scaling governor.
+# Intel Core i processor with intel_pstate driver:
+#   powersave(*), performance.
+# Older hardware with acpi-cpufreq driver:
+#   ondemand(*), powersave, performance, conservative, schedutil.
+# (*) is recommended.
+# Hint: use tlp-stat -p to show the active driver and available governors.
+# Important:
+#   powersave for intel_pstate and ondemand for acpi-cpufreq are power
+#   efficient for *almost all* workloads and therefore kernel and most
+#   distributions have chosen them as defaults. If you still want to change,
+#   you should know what you're doing! You *must* disable your distribution's
+#   governor settings or conflicts will occur.
+#CPU_SCALING_GOVERNOR_ON_AC=powersave
+#CPU_SCALING_GOVERNOR_ON_BAT=powersave
+
+# Set the min/max frequency available for the scaling governor.
+# Possible values strongly depend on your CPU. For available frequencies see
+# the output of tlp-stat -p.
+#CPU_SCALING_MIN_FREQ_ON_AC=0
+#CPU_SCALING_MAX_FREQ_ON_AC=0
+#CPU_SCALING_MIN_FREQ_ON_BAT=0
+#CPU_SCALING_MAX_FREQ_ON_BAT=0
+
+# Set energy performance hints (HWP) for Intel P-state governor:
+#   performance, balance_performance, default, balance_power, power
+# Values are given in order of increasing power saving.
+# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required.
+CPU_HWP_ON_AC=balance_performance
+CPU_HWP_ON_BAT=balance_power
+
+# Set Intel P-state performance: 0..100 (%).
+# Limit the max/min P-state to control the power dissipation of the CPU.
+# Values are stated as a percentage of the available performance.
+# Requires an Intel Core i processor with intel_pstate driver.
+#CPU_MIN_PERF_ON_AC=0
+#CPU_MAX_PERF_ON_AC=100
+#CPU_MIN_PERF_ON_BAT=0
+#CPU_MAX_PERF_ON_BAT=30
+
+# Set the CPU "turbo boost" feature: 0=disable, 1=allow
+# Requires an Intel Core i processor.
+# Important:
+# - This may conflict with your distribution's governor settings
+# - A value of 1 does *not* activate boosting, it just allows it
+#CPU_BOOST_ON_AC=1
+#CPU_BOOST_ON_BAT=0
+
+# Minimize number of used CPU cores/hyper-threads under light load conditions:
+#   0=disable, 1=enable.
+SCHED_POWERSAVE_ON_AC=0
+SCHED_POWERSAVE_ON_BAT=1
+
+# Kernel NMI Watchdog:
+#   0=disable (default, saves power), 1=enable (for kernel debugging only).
+NMI_WATCHDOG=0
+
+# Change CPU voltages aka "undervolting" - Kernel with PHC patch required.
+# Frequency voltage pairs are written to:
+#   /sys/devices/system/cpu/cpu0/cpufreq/phc_controls
+# CAUTION: only use this, if you thoroughly understand what you are doing!
+#PHC_CONTROLS="F:V F:V F:V F:V"
+
+# Set CPU performance versus energy savings policy:
+#   performance, balance-performance, default, balance-power, power.
+# Values are given in order of increasing power saving.
+# Requires kernel module msr and x86_energy_perf_policy from linux-tools.
+ENERGY_PERF_POLICY_ON_AC=performance
+ENERGY_PERF_POLICY_ON_BAT=power
+
+# Disk devices; separate multiple devices with spaces (default: sda).
+# Devices can be specified by disk ID also (lookup with: tlp diskid).
+DISK_DEVICES="sda sdb"
+
+# Disk advanced power management level: 1..254, 255 (max saving, min, off).
+# Levels 1..127 may spin down the disk; 255 allowable on most drives.
+# Separate values for multiple disks with spaces. Use the special value 'keep'
+# to keep the hardware default for the particular disk.
+DISK_APM_LEVEL_ON_AC="254 254"
+DISK_APM_LEVEL_ON_BAT="128 128"
+
+# Hard disk spin down timeout:
+#   0:        spin down disabled
+#   1..240:   timeouts from 5s to 20min (in units of 5s)
+#   241..251: timeouts from 30min to 5.5 hours (in units of 30min)
+# See 'man hdparm' for details.
+# Separate values for multiple disks with spaces. Use the special value 'keep'
+# to keep the hardware default for the particular disk.
+#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0"
+#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0"
+
+# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq).
+# Separate values for multiple disks with spaces. Use the special value 'keep'
+# to keep the kernel default scheduler for the particular disk.
+#DISK_IOSCHED="cfq cfq"
+
+# AHCI link power management (ALPM) for disk devices:
+#   min_power, med_power_with_dipm(*), medium_power, max_performance.
+# (*) Kernel >= 4.15 required, then recommended.
+# Multiple values separated with spaces are tried sequentially until success.
+SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance"
+SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power"
+
+# Exclude host devices from AHCI link power management.
+# Separate multiple hosts with spaces.
+#SATA_LINKPWR_BLACKLIST="host1"
+
+# Runtime Power Management for AHCI host and disks devices:
+#   on=disable, auto=enable.
+# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss.
+#AHCI_RUNTIME_PM_ON_AC=on
+#AHCI_RUNTIME_PM_ON_BAT=on
+
+# Seconds of inactivity before disk is suspended.
+AHCI_RUNTIME_PM_TIMEOUT=15
+
+# PCI Express Active State Power Management (PCIe ASPM):
+#   default, performance, powersave.
+PCIE_ASPM_ON_AC=performance
+PCIE_ASPM_ON_BAT=powersave
+
+# Radeon graphics clock speed (profile method): low, mid, high, auto, default;
+# auto = mid on BAT, high on AC; default = use hardware defaults.
+RADEON_POWER_PROFILE_ON_AC=high
+RADEON_POWER_PROFILE_ON_BAT=low
+
+# Radeon dynamic power management method (DPM): battery, performance.
+RADEON_DPM_STATE_ON_AC=performance
+RADEON_DPM_STATE_ON_BAT=battery
+
+# Radeon DPM performance level: auto, low, high; auto is recommended.
+RADEON_DPM_PERF_LEVEL_ON_AC=auto
+RADEON_DPM_PERF_LEVEL_ON_BAT=auto
+
+# WiFi power saving mode: on=enable, off=disable; not supported by all adapters.
+WIFI_PWR_ON_AC=off
+WIFI_PWR_ON_BAT=on
+
+# Disable wake on LAN: Y/N.
+WOL_DISABLE=Y
+
+# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
+# A value of 0 disables, >=1 enables power saving (recommended: 1).
+SOUND_POWER_SAVE_ON_AC=0
+SOUND_POWER_SAVE_ON_BAT=1
+
+# Disable controller too (HDA only): Y/N.
+SOUND_POWER_SAVE_CONTROLLER=Y
+
+# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable.
+# Drive can be powered on again by releasing (and reinserting) the eject lever
+# or by pressing the disc eject button on newer models.
+# Note: an UltraBay/MediaBay hard disk is never powered off.
+BAY_POWEROFF_ON_AC=0
+BAY_POWEROFF_ON_BAT=0
+# Optical drive device to power off (default sr0).
+BAY_DEVICE="sr0"
+
+# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable.
+RUNTIME_PM_ON_AC=on
+RUNTIME_PM_ON_BAT=auto
+
+# Exclude PCI(e) device adresses the following list from Runtime PM
+# (separate with spaces). Use lspci to get the adresses (1st column).
+#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6"
+
+# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM.
+# Default when unconfigured is "amdgpu nouveau nvidia radeon" which
+# prevents accidential power-on of dGPU in hybrid graphics setups.
+# Use "" to disable the feature completely.
+# Separate multiple drivers with spaces.
+#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon"
+
+# Set to 0 to disable, 1 to enable USB autosuspend feature.
+USB_AUTOSUSPEND=1
+
+# Exclude listed devices from USB autosuspend (separate with spaces).
+# Use lsusb to get the ids.
+# Note: input devices (usbhid) are excluded automatically
+#USB_BLACKLIST="1111:2222 3333:4444"
+
+# Bluetooth devices are excluded from USB autosuspend:
+#   0=do not exclude, 1=exclude.
+USB_BLACKLIST_BTUSB=0
+
+# Phone devices are excluded from USB autosuspend:
+#   0=do not exclude, 1=exclude (enable charging).
+USB_BLACKLIST_PHONE=0
+
+# Printers are excluded from USB autosuspend:
+#   0=do not exclude, 1=exclude.
+USB_BLACKLIST_PRINTER=1
+
+# WWAN devices are excluded from USB autosuspend:
+#   0=do not exclude, 1=exclude.
+USB_BLACKLIST_WWAN=1
+
+# Include listed devices into USB autosuspend even if already excluded
+# by the blacklists above (separate with spaces).
+# Use lsusb to get the ids.
+#USB_WHITELIST="1111:2222 3333:4444"
+
+# Set to 1 to disable autosuspend before shutdown, 0 to do nothing
+# (workaround for USB devices that cause shutdown problems).
+#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
+
+# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown
+# on system startup: 0=disable, 1=enable.
+# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below
+#   are ignored when this is enabled!
+RESTORE_DEVICE_STATE_ON_STARTUP=0
+
+# Radio devices to disable on startup: bluetooth, wifi, wwan.
+# Separate multiple devices with spaces.
+#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan"
+
+# Radio devices to enable on startup: bluetooth, wifi, wwan.
+# Separate multiple devices with spaces.
+#DEVICES_TO_ENABLE_ON_STARTUP="wifi"
+
+# Radio devices to disable on shutdown: bluetooth, wifi, wwan.
+# (workaround for devices that are blocking shutdown).
+#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan"
+
+# Radio devices to enable on shutdown: bluetooth, wifi, wwan.
+# (to prevent other operating systems from missing radios).
+#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan"
+
+# Radio devices to enable on AC: bluetooth, wifi, wwan.
+#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
+
+# Radio devices to disable on battery: bluetooth, wifi, wwan.
+#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan"
+
+# Radio devices to disable on battery when not in use (not connected):
+#   bluetooth, wifi, wwan.
+#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan"
+
+# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module
+# required). Charging starts when the remaining capacity falls below the
+# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value.
+# Main / Internal battery (values in %)
+START_CHARGE_THRESH_BAT0=75
+STOP_CHARGE_THRESH_BAT0=80
+# Ultrabay / Slice / Replaceable battery (values in %)
+#START_CHARGE_THRESH_BAT1=75
+#STOP_CHARGE_THRESH_BAT1=80
+
+# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable.
+#RESTORE_THRESHOLDS_ON_BAT=1
+
+# ------------------------------------------------------------------------------
+# tlp-rdw - Parameters for the radio device wizard
+# Possible devices: bluetooth, wifi, wwan.
+
+# Hints:
+# - Parameters are disabled by default, remove the leading # to enable them
+# - Separate multiple radio devices with spaces
+
+# Radio devices to disable on connect.
+#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
+#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan"
+#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi"
+
+# Radio devices to enable on disconnect.
+#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"
+#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
+#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
+
+# Radio devices to enable/disable when docked.
+#DEVICES_TO_ENABLE_ON_DOCK=""
+#DEVICES_TO_DISABLE_ON_DOCK=""
+
+# Radio devices to enable/disable when undocked.
+#DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
+#DEVICES_TO_DISABLE_ON_UNDOCK=""
diff --git a/bullseye/etc_files/thinkpad/etc/systemd/logind.conf b/bullseye/etc_files/thinkpad/etc/systemd/logind.conf
new file mode 100644
index 0000000..1098229
--- /dev/null
+++ b/bullseye/etc_files/thinkpad/etc/systemd/logind.conf
@@ -0,0 +1,6 @@
+#  This file is part of systemd.
+#
+# See logind.conf(5) for details.
+
+[Login]
+HandleLidSwitch=hibernate
diff --git a/bullseye/home_files/minimal/.bashrc b/bullseye/home_files/minimal/.bashrc
new file mode 100644
index 0000000..5ee9ad8
--- /dev/null
+++ b/bullseye/home_files/minimal/.bashrc
@@ -0,0 +1,26 @@
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+    colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+    tput_color="\[$tput_color\]"
+    tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
diff --git a/bullseye/home_files/user/.Xresources b/bullseye/home_files/user/.Xresources
new file mode 100644
index 0000000..45b10af
--- /dev/null
+++ b/bullseye/home_files/user/.Xresources
@@ -0,0 +1,56 @@
+! otherwise various applications will assume merely 8 colors
+XTerm.termName: xterm-256color
+
+! font
+! actually, "mono" is already the default for faceName (it will
+! pick whatever fc-match mono delivers), but we need to set _some_
+! faceName to trigger XTerm activating TrueType fonts
+! (XTerm*fontRender by itself won't do the trick), and we want
+! TrueType fonts because, well, they scale better, and XTerm lets them
+! fall back on alternatives (hi there ttf-unifont) when a Unicode
+! glyph is not found
+XTerm*faceName: mono
+
+! white on black
+XTerm*reverseVideo: on
+
+! blink screen instead of sound
+XTerm*visualBell: on
+
+! proper ALT as META key treatment
+XTerm*eightBitInput: false
+
+! font sizes
+XTerm*faceSize: 8
+XTerm*faceSize1: 4
+XTerm*faceSize2: 5
+XTerm*faceSize3: 6
+XTerm*faceSize4: 8
+XTerm*faceSize5: 14
+XTerm*faceSize6: 25
+
+! colors
+! black
+XTerm*color0: #202020
+XTerm*color8: #3F3F3F
+! red
+XTerm*color1: #A82020
+XTerm*color9: #E82020
+! green
+XTerm*color2: #20A820
+XTerm*color10: #20E820
+! yellow
+XTerm*color3: #A8A820
+XTerm*color11: #E8E820
+! blue
+XTerm*color4: #3F3FFF
+XTerm*color12: #9F9FFF
+! magenta
+XTerm*color5: #A83FFF
+XTerm*color13: #E89FFF
+! cyan
+XTerm*color6: #3FA8FF
+XTerm*color14: #9FE8FF
+! white
+XTerm*color7: #A8A8A8
+XTerm*color15: #E8E8E8
diff --git a/bullseye/home_files/user/.borgrepos b/bullseye/home_files/user/.borgrepos
new file mode 100644
index 0000000..c40eee3
--- /dev/null
+++ b/bullseye/home_files/user/.borgrepos
@@ -0,0 +1,4 @@
+plom@plomlompom.com
+plom@mail.plomlompom.com
+plom@play.plomlompom.com
+# file read ends at last newline
diff --git a/bullseye/home_files/user/.config/i3/config b/bullseye/home_files/user/.config/i3/config
new file mode 100644
index 0000000..19c654e
--- /dev/null
+++ b/bullseye/home_files/user/.config/i3/config
@@ -0,0 +1,83 @@
+# plomlompom's i3-wm configuration
+
+# Font for i3 text
+font pango:Terminus 8px
+
+# Force "tabbed" as default layout for new windows.
+workspace_layout              tabbed
+
+# Make the Windows key the modifier key for all i3-wm actions.
+set                           $mod Mod4
+floating_modifier             $mod
+
+# Launch xterm.
+bindsym $mod+Return           exec xterm
+
+# Launch programs via dmenu.
+bindsym $mod+d                exec dmenu_run
+bindsym $mod+x                exec dmenu_run
+
+# Kill window.
+bindsym $mod+Shift+Q          kill
+
+# Move focus between windows.
+bindsym $mod+Left             focus left
+bindsym $mod+Down             focus down
+bindsym $mod+Up               focus up
+bindsym $mod+Right            focus right
+
+# Don't move focus with mouse.
+focus_follows_mouse           no
+
+# Move windows.
+bindsym $mod+Shift+Left       move left
+bindsym $mod+Shift+Down       move down
+bindsym $mod+Shift+Up         move up
+bindsym $mod+Shift+Right      move right
+
+# Resize windows
+bindsym $mod+h                resize shrink width 1 px or 1 ppt
+bindsym $mod+l                resize grow width 1 px or 1 ppt
+bindsym $mod+j                resize shrink height
+bindsym $mod+k                resize grow height
+
+# Toggle fullscreen for focused window.
+bindsym $mod+f                fullscreen
+
+# Toggle floating of window, focus on floating or tabbed windows.
+bindsym $mod+Shift+space      floating toggle
+bindsym $mod+space            focus mode_toggle
+
+# Switch to workspace x.
+bindsym $mod+1                workspace 1
+bindsym $mod+2                workspace 2
+bindsym $mod+3                workspace 3
+bindsym $mod+4                workspace 4
+bindsym $mod+5                workspace 5
+bindsym $mod+6                workspace 6
+bindsym $mod+7                workspace 7
+bindsym $mod+8                workspace 8
+bindsym $mod+9                workspace 9
+bindsym $mod+0                workspace 10
+
+# Move window to workspace x.
+bindsym $mod+Shift+exclam     move workspace 1
+bindsym $mod+Shift+quotedbl   move workspace 2
+bindsym $mod+Shift+section    move workspace 3
+bindsym $mod+Shift+dollar     move workspace 4
+bindsym $mod+Shift+percent    move workspace 5
+bindsym $mod+Shift+ampersand  move workspace 6
+bindsym $mod+Shift+slash      move workspace 7
+bindsym $mod+Shift+parenleft  move workspace 8
+bindsym $mod+Shift+parenright move workspace 9
+bindsym $mod+Shift+equal      move workspace 10
+
+# Reload i3 config file, restart (keeping sesion) i3, exit i3.
+bindsym $mod+Shift+C          reload
+bindsym $mod+Shift+R          restart
+bindsym $mod+Shift+P          exit
+
+# Select "i3status" as i3 status bar.
+bar {
+  status_command i3status
+}
diff --git a/bullseye/home_files/user/.emacs.d/init.el b/bullseye/home_files/user/.emacs.d/init.el
new file mode 100644
index 0000000..fbec980
--- /dev/null
+++ b/bullseye/home_files/user/.emacs.d/init.el
@@ -0,0 +1,323 @@
+;; general layout
+;; ==============
+
+;; need no stinkin emacs help screen as start up, and no menu bar
+(setq inhibit-startup-screen t)
+(menu-bar-mode -1)
+
+;; highlight cursor line, parentheses
+(global-hl-line-mode 1)
+(show-paren-mode 1)
+
+;; show line numbers, use separator space
+(global-linum-mode)
+(setq linum-format "%d ")
+
+;; count cursor column, row in mode line
+(setq column-number-mode t)
+
+;; settings to make GUI tolerable
+(if window-system
+  (progn
+    (add-to-list 'default-frame-alist '(foreground-color . "white"))
+    (add-to-list 'default-frame-alist '(background-color . "black"))
+    (set-face-attribute 'default nil :height 80)
+    (scroll-bar-mode -1)
+    (setq visible-bell t)
+    (setq linum-format "%d")))
+
+;; use as default browser what XDG offers
+(setq-default browse-url-browser-function 'browse-url-xdg-open)
+
+
+
+;; general keybindings
+;; ===================
+
+;; create and use a minimal global map using just the self-insert command
+;; bindings and a selection of some to me very common keystrokes
+(setq minimal-map (make-sparse-keymap))
+(substitute-key-definition 'self-insert-command 'self-insert-command
+                           minimal-map global-map)
+(use-global-map minimal-map)
+(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
+(global-set-key (kbd "RET") 'newline)
+(global-set-key (kbd "TAB") 'indent-for-tab-command)
+(global-set-key (kbd "<up>") 'previous-line)
+(global-set-key (kbd "<down>") 'next-line)
+(global-set-key (kbd "<left>") 'left-char)
+(global-set-key (kbd "<right>") 'right-char)
+(global-set-key (kbd "<prior>") 'scroll-down-command)
+(global-set-key (kbd "<next>") 'scroll-up-command)
+(global-set-key (kbd "M-x") 'execute-extended-command)
+(global-set-key (kbd "C-g") 'keyboard-quit)
+;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
+;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
+;; note how to switch back to the original map: (use-global-map global-map)
+(setq shr-map (make-sparse-keymap))  ; got annoying in elfeed-show on URLs
+
+
+
+;; minibuffer
+;; ==========
+
+;; incremental minibuffer completion
+(icomplete-mode 1)
+
+
+
+;; text editing
+;; ============
+
+;; tabs are evil
+(setq-default indent-tabs-mode nil)
+(setq-default tab-width 4)
+(setq indent-line-function 'insert-tab)
+
+;; show trailing whitespace
+(setq-default show-trailing-whitespace 1)
+
+;; on save, ask whether to ensure text file's last line ends in a
+;; newline character
+(setq require-final-newline 1)
+
+;; use dedicated directory for version-controlled, endless backups;
+;; never delete old versions
+(setq make-backup-files t
+      backup-directory-alist `(("." . "~/.emacs_backups"))
+      backup-by-copying t
+      version-control t
+      delete-old-versions 1)  ;; neither t nor nil: never delete
+
+
+;; package management
+;; ==================
+
+;; where we get packages from
+(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
+                         ("melpa-unstable" . "https://melpa.org/packages/")
+                         ("melpa-stable" . "https://stable.melpa.org/packages/")))
+
+;; ensure certain packages are installed (actually, we use Debian repos here)
+;; credit to <https://stackoverflow.com/a/10093312>
+;(setq package-list '(elfeed ledger-mode))
+;(package-initialize)
+;(dolist (package package-list)
+;  (unless (package-installed-p package)
+;    (package-install package)))
+
+
+
+;;; window management
+;;; =================
+;
+;;; track window configurations to allow window config undo
+;(winner-mode 1)
+
+
+
+;; mail setup
+;; ==========
+
+(setq send-mail-function 'smtpmail-send-it)
+(setq smtpmail-smtp-server "mail.plomlompom.com")
+(setq smtpmail-smtp-service 465)
+(setq smtpmail-stream-type 'ssl)
+(setq smtpmail-smtp-user "plom")
+(setq mml-secure-openpgp-encrypt-to-self t)
+(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
+
+;(setq gnutls-log-level 0)
+
+;; if we don't set this, we get this warning:
+;;   gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
+;;   has been lowered to 256 bits and this may allow decryption of the session data
+(setq gnutls-min-prime-bits 1024)
+
+;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
+;; stream process, seemingly unless the /message/ function is called at the right
+;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
+;; in /network-stream-get-response/ right after "(goto-char start)"; this works
+;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
+;; buffer is not relevant, but maybe writing to the echo area is); activing the
+;; gnutls logging is just a hack to achieve such calls to /message/ in the
+;; /network-stream-open-tls/ flow.
+(setq gnutls-log-level 1) ; miraculously makes smtpmail work
+
+;; constructs From: domain if mail composer directly called (from without
+;; notmuch), but we don't actually intend to do that
+;(setq mail-host-address "plomlompom.com")
+
+;; otherwise notmuch becomes extremely slow in some cases
+(setq-default notmuch-show-indent-content nil)
+
+;; this only works if we use notmuch-mua-send instead of message-send
+(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
+
+;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
+;; in the message ID
+(setq mail-host-address "plomlompom.com")
+
+;; notmuch saved searches
+(setq notmuch-saved-searches
+      '((:name "inbox" :query "tag:unread and folder:inbox")
+        (:name "all" :query "tag:unread not folder:maildir/Trash")
+        (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
+        (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
+        (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
+        (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
+        (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
+
+
+
+;; org mode
+;; ========
+
+;; unsure why, but to re-set the key map, we not only have to explicitely do it
+;; only after org-mode loading, but also have to explicitely overwrite the
+;; C-c keybinding; TODO: investigate
+(with-eval-after-load 'org
+    (setq org-mode-map (make-sparse-keymap))
+    (define-key org-mode-map (kbd "C-c") nil)
+    (define-key org-mode-map (kbd "TAB") 'org-cycle)
+    (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
+
+;; don't truncate lines by default
+(setq org-startup-truncated nil)
+
+;; basic org-capture config
+(setq org-capture-templates
+      '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
+(add-hook 'org-capture-mode-hook 'evil-insert-state)
+
+;; agenda view on startup
+(load-library "find-lisp")
+(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
+(setq org-agenda-span 90)
+(setq org-agenda-use-time-grid nil)
+(add-hook 'emacs-startup-hook (lambda ()
+                                 (org-agenda-list)
+                                 (switch-to-buffer "*Org Agenda*")
+                                 (other-window 1)))
+
+;;; for calendar, use ISO date style
+;(setq calendar-date-style 'iso)
+;(setq diary-number-of-entries 7)
+;(diary)
+;(setq org-agenda-time-grid '((today require-timed remove-match)
+;                             #("----------------" 0 16 (org-heading t))
+;                             (0 200 400 600 800 1000 1200
+;                                1400 1600 1800 2000 2200)))
+
+;; empty org-agenda-mode keybindings
+(add-hook 'org-agenda-mode-hook
+          (lambda ()
+            (setq org-agenda-mode-map (make-sparse-keymap))))
+(add-hook 'org-agenda-mode-hook
+          (lambda ()
+            (use-local-map (make-sparse-keymap))))
+
+;; org-publish-all
+(setq org-publish-project-alist
+      '(
+        ("website"
+         :base-directory "~/org/web/"
+         :base-extension "org"
+         :publishing-directory "~/html/"
+         :recursive t
+         :publishing-function org-html-publish-to-html
+         :headline-levels 4             ; Just the default for this project.
+         :auto-preamble t
+          )))
+
+;; use [ki:] syntax to hide stuff from exports
+(defun classify-information (text backend info)
+  "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
+  (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
+(add-hook 'org-export-filter-plain-text-functions 'classify-information)
+
+;; add HTML validator link to exports
+(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
+
+
+
+;;; Info mode
+;;; =========
+
+(setq Info-mode-map (make-sparse-keymap))
+(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
+(define-key Info-mode-map (kbd "u") 'Info-up)
+(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
+(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
+(define-key Info-mode-map (kbd "H") 'Info-history-back)
+(define-key Info-mode-map (kbd "L") 'Info-history-forward)
+(define-key Info-mode-map (kbd "I") 'Info-goto-node)
+(define-key Info-mode-map (kbd "i") 'Info-index)
+
+
+
+;; help mode
+;; =========
+
+(setq help-mode-map (make-sparse-keymap))
+(define-key help-mode-map (kbd "TAB") 'forward-button)
+(define-key help-mode-map (kbd "RET") 'help-follow)
+(define-key help-mode-map (kbd "<backtab>") 'backward-button)
+
+
+
+;; elfeed
+;; ======
+
+(require 'elfeed)  ; needed so we can set the font faces
+(set-face-background 'elfeed-search-title-face "magenta")
+(set-face-background 'elfeed-search-unread-count-face "magenta")
+(setq elfeed-feeds
+      '("https://capsurvival.blogspot.com/feeds/posts/default"
+        "https://jungle.world/rss.xml"
+        "http://news.dieweltistgarnichtso.net/bin/index.xml"
+        "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
+        "http://www.tagesschau.de/xml/atom"))
+(setq elfeed-search-mode-map (make-sparse-keymap))
+(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
+(defun elfeed-search-mark-as-read() (interactive)
+  (elfeed-search-untag-all 'unread))
+(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
+(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
+(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
+(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
+(setq elfeed-show-mode-map (make-sparse-keymap))
+(define-key elfeed-show-mode-map (kbd "u") 'elfeed)
+(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
+(define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
+(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
+(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
+(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
+(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
+
+
+
+;; eww
+;; ===
+
+(setq eww-mode-map (make-sparse-keymap))
+(define-key eww-mode-map (kbd "TAB") 'shr-next-link)
+(define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
+(define-key eww-mode-map (kbd "H") 'eww-back-url)
+(define-key eww-mode-map (kbd "L") 'eww-forward-url)
+
+
+
+;; ledger
+;; ======
+(setq ledger-mode-map (make-sparse-keymap))
+(define-key ledger-mode-map (kbd "TAB") 'ledger-magic-tab)
+
+
+
+;;; plomvi mode
+;;; ===========
+
+(defvar plomvi-return-combo (kbd "C-c"))
+(load "~/public_repos/plomvi.el/plomvi.el")
+(plomvi-global-mode 1)
diff --git a/bullseye/home_files/user/.gitconfig b/bullseye/home_files/user/.gitconfig
new file mode 100644
index 0000000..8967d25
--- /dev/null
+++ b/bullseye/home_files/user/.gitconfig
@@ -0,0 +1,3 @@
+[user]
+	email = c.heller@plomlompom.de
+	name = Christian Heller
diff --git a/bullseye/home_files/user/.mbsyncrc b/bullseye/home_files/user/.mbsyncrc
new file mode 100644
index 0000000..6a0e5cd
--- /dev/null
+++ b/bullseye/home_files/user/.mbsyncrc
@@ -0,0 +1,28 @@
+IMAPAccount plom
+# Address to connect to
+Host mail.plomlompom.com
+User plom
+# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
+# therefore the pw in ~/.authinfo should not be longer than that.
+PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
+SSLType IMAPS
+AuthMechs LOGIN
+
+IMAPStore core-remote
+Account plom
+
+MaildirStore core-local
+# The trailing "/" is important
+Path ~/mail/maildir/
+Inbox ~/mail/inbox/
+
+Channel core
+Master :core-remote:
+Slave :core-local:
+Patterns *
+# Automatically create missing mailboxes, both locally and on the server
+Create Both
+# Save the synchronization state files in the relevant directory
+SyncState *
+# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
+Expunge Both
diff --git a/bullseye/home_files/user/.notmuch-config b/bullseye/home_files/user/.notmuch-config
new file mode 100644
index 0000000..9532761
--- /dev/null
+++ b/bullseye/home_files/user/.notmuch-config
@@ -0,0 +1,9 @@
+[database]
+path=/home/plom/mail
+[search]
+exclude_tags=deleted;spam;
+# the fields below set the From: if the mail composer is called from
+# within notmuch
+[user]
+name=Christian Heller
+primary_email=plom@plomlompom.com
diff --git a/bullseye/home_files/user/.shell_prompt_color b/bullseye/home_files/user/.shell_prompt_color
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/bullseye/home_files/user/.shell_prompt_color
@@ -0,0 +1 @@
+2
diff --git a/bullseye/home_files/user/.tridactylrc b/bullseye/home_files/user/.tridactylrc
new file mode 100644
index 0000000..e39e5a0
--- /dev/null
+++ b/bullseye/home_files/user/.tridactylrc
@@ -0,0 +1,13 @@
+sanitize tridactyllocal tridactylsync
+guiset statuspanel top-right
+guiset tabs autohide 
+set newtab file:///opt/firefox/blank.html
+autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
+bind / fillcmdline find
+bind n findnext 1
+bind N findnext -1
+set findcase insensitive
+bind j scrollline 3
+bind k scrollline -3
+set hintuppercase false
+set searchengine duckduckgo
diff --git a/bullseye/home_files/user/.xinitrc b/bullseye/home_files/user/.xinitrc
new file mode 100644
index 0000000..c7a0a66
--- /dev/null
+++ b/bullseye/home_files/user/.xinitrc
@@ -0,0 +1,17 @@
+# X init configuration
+
+# Set keymap.
+setxkbmap de
+
+# Map CapsLock to Compose key.
+xmodmap -e "clear Lock"
+xmodmap -e "keycode 66 = Multi_key"
+
+# Load xterm settings
+xrdb -merge ~/.Xresources
+
+# Redshift to Berlin, Germany.
+redshift -rl 53:13 &
+
+# Launch window manager.
+i3
diff --git a/bullseye/home_files/user/mail_sync.sh b/bullseye/home_files/user/mail_sync.sh
new file mode 100755
index 0000000..6962800
--- /dev/null
+++ b/bullseye/home_files/user/mail_sync.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+set -e
+
+basedir="/home/plom/mail/maildir/"
+# Ensure directories exist for all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+    if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+        continue
+    fi
+    target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+    if [ ! -d "${target_dir}" ]; then
+        echo "Directory ${target_dir} does not exist."
+        exit 1
+    fi
+done
+
+# Ensure all "dir:*"-tagged mails are in proper directories,
+# remove all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+    if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+        continue
+    fi
+    target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+    for f in $(notmuch search --output=files tag:"${tag}"); do
+         new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
+         target_path="${target_dir}${new_name}"
+         if [ ! "${target_path}" = "${f}" ]; then
+             echo "Moving ${f} to ${target_path}."
+             mv "${f}" "${target_path}"
+         fi
+    done
+    notmuch tag -"${tag}" tag:"${tag}"
+done
+
+# Remove all "deleted"-tagged files from maildirs.
+notmuch search --output=files tag:deleted | while read f; do
+    echo "Deleting ${f}"
+    rm "${f}"
+done
+
+# Sync changes back to server and update notmuch index.
+mbsync -a
+notmuch new
diff --git a/bullseye/home_files/user/public_repos/repos b/bullseye/home_files/user/public_repos/repos
new file mode 100644
index 0000000..27eb028
--- /dev/null
+++ b/bullseye/home_files/user/public_repos/repos
@@ -0,0 +1,7 @@
+# List of repos we want cloned in ~/public_repos
+config
+pingmail.git
+plomlombot-irc.git
+plomrogue
+plomrogue2-experiments
+plomvi.el
diff --git a/bullseye/home_files/w530/.config/i3status/config b/bullseye/home_files/w530/.config/i3status/config
new file mode 100644
index 0000000..b9fb15f
--- /dev/null
+++ b/bullseye/home_files/w530/.config/i3status/config
@@ -0,0 +1,82 @@
+# plomlompom's i3 status bar configuration
+
+# Activate colors; set update interval of one second.
+general {
+  colors = true
+  interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "disk /home/"
+order += "wireless wlp3s0"
+order += "ethernet enp0s25"
+order += "battery 0"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature 0"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+  format = "/: %avail available of %total"
+  separator_block_width = 25
+}
+
+# How much space is left in /home ?
+disk "/home/" {
+  format = "/home: %avail available of %total"
+  separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless wlp3s0 {
+  format_up = "w: (%quality at %essid) %ip"
+  format_down = "w: down"
+  separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet enp0s25 {
+  format_up = "e: %ip"
+  format_down = "e: down"
+  separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery 0 {
+  format = "b: %status %percentage %remaining"
+  separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+  format = "cpu: %usage"
+  separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+  format = "%1min %5min %15min"
+  separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature 0 {
+  format = "%degrees °C"
+  separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+  format = "%Y-%m-%d %H:%M:%S %z/%Z"
+  separator_block_width = 25
+}
+
+volume master {
+  format = "♪: %volume"
+  format_muted = "♪: muted (%volume)"
+  separator_block_width = 25
+}
diff --git a/bullseye/setup_scripts/setup_desktop.sh b/bullseye/setup_scripts/setup_desktop.sh
new file mode 100755
index 0000000..6f4754f
--- /dev/null
+++ b/bullseye/setup_scripts/setup_desktop.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 1 ]; then
+    echo 'Need exactly one argument (system name).'
+    false
+fi
+if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then
+    echo "Need legal system name."
+    false
+fi
+system_name="$1"
+
+# Set up system without user environment.
+config_tree_prefix="${HOME}/config/bullseye"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+cd "${setup_scripts_dir}"
+if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then
+  ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
+else
+  ./setup.sh "${system_name}" "" user desktop "${system_name}"
+fi
+
+# # Set up printer.
+# lpadmin -p 'HP_Deskjet_F300_series' -m 'drv:///hpcups.drv/hp-deskjet_f300_series.ppd' -o 'OutputMode=NormalGray' -E
+# service cups restart
+
+# Install Firefox directly from Mozilla.
+firefox_release="91.5.0esr"
+firefox_filename="firefox-${firefox_release}.tar.bz2"
+url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
+wget "${url_firefox}"
+mv "${firefox_filename}" /opt/
+cd /opt/
+tar xf "${firefox_filename}"
+rm "${firefox_filename}"
+ln -s /opt/firefox/firefox /usr/local/bin/
+update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
+update-alternatives --set x-www-browser /opt/firefox/firefox
+
+# Install Firefox plugins.
+# See <https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Sideloading_add-ons>
+extensions_dir="/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/"
+mkdir -p "${extensions_dir}"
+ublock_version="1.40.8"
+ublock_xpi="$uBlock_0{ublock_version}.firefox.signed.xpi"
+url_ublock="https://github.com/gorhill/uBlock/releases/download/${ublock_version}/${ublock_xpi}"
+wget "${url_ublock}"
+name=$(unzip -p "${ublock_xpi}" manifest.json | jq -r .applications.gecko.id)
+mv "${ublock_xpi}" "${name}".xpi
+tridactyl_version="1.22.0pre6103"
+tridactyl_xpi="tridactyl_beta-${tridactyl_version}-an+fx.xpi"
+url_tridactyl="https://tridactyl.cmcaine.co.uk/betas/${tridactyl_xpi}"
+wget "${url_tridactyl}"
+name=$(unzip -p "${tridactyl_xpi}" manifest.json | jq -r .applications.gecko.id)
+mv "${tridactyl_xpi}" "${name}.xpi"
+mv *.xpi "${extensions_dir}"
+
+# Set up user environments.
+secrets_dev="sdb"
+source_dir_secrets="/media/${secrets_dev}/to_usb"
+target_dir_secrets="/home/plom/tmp_secrets"
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
+set +e
+HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?)
+set -e
+adduser --disabled-password --gecos "" plom
+usermod -a -G sudo plom
+passwd plom
+if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then
+    echo "Put secrets drive into slot for /dev/${secrets_dev}."
+    while [ ! -e /dev/"${secrets_dev}" ]; do
+        sleep 1
+    done
+    stty -echo
+    printf "Secrets passphrase: "
+    read secrets_pass
+    stty echo
+    echo "" # newline so user knows their input return was accepted
+    echo "${secrets_pass}" | pmount /dev/"${secrets_dev}"
+    cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+    chown -R plom:plom "${target_dir_secrets}"
+    pumount "${secrets_dev}"
+    echo "You can remove /dev/${secrets_dev} now."
+    cp setup_home.sh /home/plom
+    chown plom:plom /home/plom/setup_home.sh
+    SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom
+fi
diff --git a/bullseye/setup_scripts/setup_home.sh b/bullseye/setup_scripts/setup_home.sh
new file mode 100755
index 0000000..438ed9a
--- /dev/null
+++ b/bullseye/setup_scripts/setup_home.sh
@@ -0,0 +1,101 @@
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 1 ]; then
+    echo 'Need exactly one argument (system name).'
+    false
+fi
+if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ]&& [ ! "$1" = "x220" ]; then
+    echo "Need legal system name."
+    false
+fi
+system_name="$1"
+
+public_repos_dir="${HOME}/public_repos"
+config_tree_prefix="${public_repos_dir}/config/bullseye"
+path_borgscript="${config_tree_prefix}//borg.sh"
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+repos_list_file="${public_repos_dir}/repos"
+dir_secrets="${HOME}/tmp_secrets"
+borgkeys_dir=~/.config/borg/keys
+borgrepos_file=~/.borgrepos
+ssh_dir=~/.ssh
+authinfo_file=.authinfo
+maildir=~/mail/maildir
+
+ensure_repo() {
+    repo_name="${1}"
+    if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+        cd "${public_repos_dir}"
+        git clone plom@plomlompom.com:/var/repos/${repo_name}
+    fi
+}
+
+# Set up iniitial non-public parts of infrastructure: SSH authentication.
+cd "${dir_secrets}"
+mkdir -p "${ssh_dir}"
+echo "Setting up .ssh"
+cp id_rsa ~/.ssh
+stty -echo
+ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+stty echo
+eval $(ssh-agent)
+ssh-add
+ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+
+# Clone config to copy dotfiles etc. from it.
+cd
+mkdir -p "${public_repos_dir}"
+ensure_repo config
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
+
+# # Set up native messenger for tridactyl.
+# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
+# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
+
+# Set up further non-public parts of infrastructure.
+cd "${dir_secrets}"
+script -c 'gpg --import secret_keys.asc' /dev/null
+tar xf borg_keyfiles.tar
+mkdir -p "${borgkeys_dir}"
+mv borg_keyfiles/* "${borgkeys_dir}"
+# .authinfo may not be present on every secrets drive yet
+if [ -f "${authinfo_file}" ]; then
+    cp "${authinfo_file}" ~
+fi
+cd
+rm -rf "${dir_secrets}"
+
+# Sync org dir via borgbackup. For this we need the borgbackup servers
+# in our .ssh/known_hosts file.
+cat "${borgrepos_file}" | while read line; do
+    first_char=$(echo "${line}" | cut -c1)
+    if [ "${first_char}" = "#" ]; then
+        continue
+    fi
+    server=$(echo "${line}" | sed 's/.*@//')
+    ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+done
+BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+
+# Fill ~/public_repos.
+cat "${repos_list_file}" | while read line; do
+    first_char=$(echo "${line}" | cut -c1)
+    if [ "${first_char}" = "#" ]; then
+        continue
+    fi
+    ensure_repo "${line}"
+done
+
+# Set up e-mail system. Note that we only do mbsync if the imap pass file
+# is found. It may not be present on every secrets drive yet, so we have to
+# deal with the possibility of it being absent at this point.
+mkdir -p "${maildir}"  # expected by mbsync/isync
+if [ -f "${HOME}/${authinfo_file}" ]; then
+    mbsync -a
+    notmuch new
+fi
+
+# Final note on how to integrate tridactyl.
+echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
-- 
2.30.2