# extremely useful for basic network debugging; missed these more than once in an emergency
netcat-traditional
iputils-ping
+# what would we do without this …
+apt
nftables
# We want to be able to use ALL our servers as borg backup destinations.
borgbackup
+# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown
+systemd-sysv
# Authentication:
#LoginGraceTime 2m
-PermitRootLogin no
+#PermitRootLogin prohibit-password
+PermitRootLogin no # plomlompom's security rule
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
+PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
#!/bin/sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 2 "(hostname, FQDN)" "$@"
hostname="$1"
# CAUTION: This removes original files at the affected paths.
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 3 "(source root, target root, modules)" "$@"
--- /dev/null
+#!/bin/sh
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
+#
+# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
+#
+# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
+# configured sshd_config file in misc.sh:$local_etc_server
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server)" "$@"
+server="$1"
+
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
+# This will be used to log-in as root from plom account.
+printf '\nFirst, enter the old root password; then enter new password three times.\n\n'
+ssh root@"${server}" 'printf "\n\n" && passwd'
+
+# Save root password for sshpass
+stty -echo
+printf "Re-enter new server root password: "
+read PW_ROOT
+stty echo
+printf "\n"
+export SSHPASS="${PW_ROOT}"
+
+# Create user plom, and his ~/.ssh/authorized_keys based on the local
+# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and
+# ownerships. Then disable root and pw login by copying over the
+# sshd_config and restart ssh daemon.
+#
+# This could be a line or two shorter by using ssh-copy-id, but that
+# would require setting a password for user plom otherwise not needed.
+sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys
+sshpass -e ssh root@"${server}" \
+ 'useradd -m plom && '\
+ 'mkdir /home/plom/.ssh && '\
+ 'chown plom:plom /home/plom/.ssh && '\
+ 'chown plom:plom /tmp/authorized_keys && '\
+ 'chmod u=rw,go= /tmp/authorized_keys && '\
+ 'mv /tmp/authorized_keys /home/plom/.ssh/'
+sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
+sshpass -e ssh root@"${server}" 'service ssh restart'
+
#!/bin/sh
-# This script assumes a server with key-based root access into one of
-# key-based access only to a new non-root account plom.
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
#
# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# old /etc/ssh/sshd_config.
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
#
-# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:local_etc_server$
set -e
. ./misc.sh
-
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
+. ../../misc.sh
expect_n_args 1 "(server)" "$@"
server="$1"
ssh-add
# This will be used to log-in as root from plom account.
-echo 'Asking for new root password.'
-ssh root@"${server}" "passwd"
+printf '\nAsking for new root password.\n\n'
+ssh root@"${server}" 'printf "\n\n" && passwd'
# Set up plom's ~/.ssh/authorized_keys from root's.
ssh root@"${server}" 'useradd -m plom'
# Set up SSH config and remove direct SSH login to root.
scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}"
ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'
+
#!/bin/sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 1 "(old server IP)" "$@"
old_server="$1"
# Mirror directory tree from remote to local server, keeping the path.
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 2 "(server, directory)" "$@"
server=$1
setup_scripts_dir="${config_tree_prefix}/setup_scripts"
aptmark_dir="${config_tree_prefix}/apt-mark"
-expect_n_args() {
- min_args="$1"
- explainer="$2"
- shift 2
- if [ "$#" -lt "${min_args}" ]; then
- echo "Need at least ${1} arguments … ${explainer}"
- false
- fi
-}
-
expect_setup_finished_file() {
filename="$1"
setup_script="$2"
# Do some of the steps necessary to SSH (key-based) with another server.
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 1 "(server IP)" "$@"
target="$1"
# Ignores IPv6s.
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 1 "(hostname, fqdn)" "$@"
#!/bin/sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 1 "(system name)" "$@"
get_system_name_arg "$1"
. ./misc.sh
# Install Firefox directly from Mozilla.
-firefox_release="115.11.0esr"
+firefox_release="115.15.0esr"
firefox_filename="firefox-${firefox_release}.tar.bz2"
url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
wget "${url_firefox}"
#!/bin/sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 1 "(system name)" "$@"
get_system_name_arg "$1"
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Set up NVIDIA eGPU config.
+cd
+# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+# cd open-gpu-kernel-modules
+# git checkout 337e28e
+# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+# make modules -j$(nproc)
+# make modules_install
+# cd
+driver_version=535.86.05
+# driver_version=545.29.06
+runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+set +e
+rmmod nouveau
+set -e
+chmod u+x ${runscript}
+./${runscript} --no-kernel-modules --silent
+depmod
+# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
#!/bin/sh
# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_login.sh.
+# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_n_args 2 "(hostname, FQDN)" "$@"
hostname="$1"
#!/bin/sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_setup_finished_file setup_web_has_been_run setup_web.sh
#!/bin/sh
set -e
. ./misc.sh
+. ../../misc.sh
expect_setup_finished_file setup_server_has_been_run setup_server.sh
--- /dev/null
+#!/bin/sh
+
+# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't
+# expect any customized config files to survive this. If you run this on a
+# remote machine, take care not to loose anything you need to re-connect, e.g.
+# any relevant adaptations you did to /etc/ssh/sshd_config …
+
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+path_sources_list="/etc/apt/sources.list"
+
+apt update
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
+cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
+apt clean
+apt update
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
+apt -y autoremove
+cp "${local_path_sshd_config}" "${system_path_sshd_config}"
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin yes
+# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
-ClientAliveInterval 120
+ClientAliveInterval 15
# /etc/ssh/sshd_config.
#
# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly
-# configured sshd_config file in reach.
+# configured sshd_config file in misc.sh:$local_etc_server
set -e
+. ./misc.sh
+. ../../misc.sh
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
- echo "Need server as argument."
- false
-fi
+expect_n_args 1 "(server)" "$@"
server="$1"
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
# This will be used to log-in as root from plom account.
-echo 'First, enter the old root password; then enter new password twice.'
-ssh root@"${server}" "passwd"
+printf '\nFirst, enter the old root password; then enter new password three times.\n\n'
+ssh root@"${server}" 'printf "\n" && passwd'
# Save root password for sshpass
stty -echo
#!/bin/sh
-# This script assumes a server with key-based root access into one of
-# key-based access only to a new non-root account plom.
+# This script turns a fresh server with password-based root access into
+# one of only key-based access and only to new non-root account plom.
#
# CAUTION: This is optimized for a *fresh* setup. It will overwrite any
-# old /etc/ssh/sshd_config.
+# pre-existing ~/.ssh/authorized_keys of user plom with one that solely
+# contains the local ~/.ssh/id_rsa.pub, and also any old
+# /etc/ssh/sshd_config.
#
-# Dependencies: ssh, scp, properly configured sshd_config file in reach.
+# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config
+# file in misc.sh:$linkable_files_dir
set -e
+. ./misc.sh
+. ../../misc.sh
-# Location of an sshd_config with "PermitRootLogin no" and
-# "PasswordAuthentication no".
-config_tree_prefix="${HOME}/public_repos/config/bullseye"
-linkable_files_dir="${config_tree_prefix}/etc_files/server"
-system_path_sshd_config='/etc/ssh/sshd_config'
-local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}"
-
-# Ensure we have a server name as argument.
-if [ $# -eq 0 ]; then
- echo "Need server as argument."
- false
-fi
+expect_n_args 1 "(server)" "$@"
server="$1"
+# If we already knew that host …
+ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}"
+
# So we're only asked once …
eval $(ssh-agent)
ssh-add
--- /dev/null
+#!/bin/sh
+#set -e
+config_tree_prefix="${HOME}/public_repos/config/bullseye"
--- /dev/null
+#!/bin/sh
+
+local_etc_server="${config_tree_prefix}/etc_files/server"
+system_path_sshd_config='/etc/ssh/sshd_config'
+local_path_sshd_config="${local_etc_server}${system_path_sshd_config}"
+
+expect_n_args() {
+ min_args="$1"
+ explainer="$2"
+ shift 2
+ if [ "$#" -lt "${min_args}" ]; then
+ echo "Need at least ${min_args} arguments … ${explainer}"
+ false
+ fi
+}
+
--- /dev/null
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
+# unpredictably so
+ifupdown
+isc-dhcp-client
+# git for the setup directory; cloning works with ca-certificates
+ca-certificates
+git
+# to avoid constant warnings about no locale being found
+locales
+# extremely useful for basic network debugging; missed these more than once in an emergency
+netcat-traditional
+iputils-ping
--- /dev/null
+# for X to start at all
+linux-headers-amd64
+nvidia-driver
+firmware-misc-nonfree
+# X input: keyboard
+xserver-xorg-input-evdev
+## CUDA
+#nvidia-cuda-dev
+#nvidia-cuda-toolkit
+
--- /dev/null
+# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
+cryptsetup-initramfs
+lvm2
+# this provides setupcon which reads /etc/default/console-setup
+console-setup
+# for startx
+xinit
+# for xrdb
+x11-xserver-utils
+# for startx to run for non-root user
+libpam-systemd
+# window environment
+i3
+i3status
+suckless-tools
+xterm
+# to get sleepy at night
+redshift
+# for alsamixer
+alsa-utils
+# also useful
+vim
+sudo
+less
+man-db
+manpages
+procps
+# browsers
+firefox-esr
+chromium
+# tridactyl install recommendations
+vim-gtk3
+curl
+## for firefox to emit sound
+#pulseaudio
+# emacs
+emacs
+emacs-common-non-dfsg
+emacs-el
+elpa-ledger
+ledger
+# to mount encrypted USB stick and use its contents
+pmount
+cryptsetup
+openssh-client
+# for syncing
+borgbackup
+# mail setup
+isync
+notmuch
+elpa-notmuch
+pinentry-gtk2
+#
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
+xset s noblank
--- /dev/null
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Other helpful aliases
+alias sshauth='eval $(ssh-agent) && ssh-add'
+# alias xrandrbig='xrandr --output LVDS-1 --off'
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+ colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+ tput_color="\[$tput_color\]"
+ tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
--- /dev/null
+! otherwise various applications will assume merely 8 colors
+XTerm.termName: xterm-256color
+
+! font
+! actually, "mono" is already the default for faceName (it will
+! pick whatever fc-match mono delivers), but we need to set _some_
+! faceName to trigger XTerm activating TrueType fonts
+! (XTerm*fontRender by itself won't do the trick), and we want
+! TrueType fonts because, well, they scale better, and XTerm lets them
+! fall back on alternatives (hi there ttf-unifont) when a Unicode
+! glyph is not found
+XTerm*faceName: mono
+
+! white on black
+XTerm*reverseVideo: on
+
+! blink screen instead of sound
+XTerm*visualBell: on
+
+! proper ALT as META key treatment
+XTerm*eightBitInput: false
+
+! font sizes
+XTerm*faceSize: 8
+XTerm*faceSize1: 4
+XTerm*faceSize2: 5
+XTerm*faceSize3: 6
+XTerm*faceSize4: 8
+XTerm*faceSize5: 14
+XTerm*faceSize6: 25
+
+! colors
+! black
+XTerm*color0: #202020
+XTerm*color8: #3F3F3F
+! red
+XTerm*color1: #A82020
+XTerm*color9: #E82020
+! green
+XTerm*color2: #20A820
+XTerm*color10: #20E820
+! yellow
+XTerm*color3: #A8A820
+XTerm*color11: #E8E820
+! blue
+XTerm*color4: #3F3FFF
+XTerm*color12: #9F9FFF
+! magenta
+XTerm*color5: #A83FFF
+XTerm*color13: #E89FFF
+! cyan
+XTerm*color6: #3FA8FF
+XTerm*color14: #9FE8FF
+! white
+XTerm*color7: #A8A8A8
+XTerm*color15: #E8E8E8
--- /dev/null
+plom@plomlompom.com
+plom@mail.plomlompom.com
+plom@play.plomlompom.com
+# file read ends at last newline
--- /dev/null
+# plomlompom's i3-wm configuration
+
+# Font for i3 text
+font pango:Terminus 8px
+
+# Force "tabbed" as default layout for new windows.
+workspace_layout tabbed
+
+# Make the Windows key the modifier key for all i3-wm actions.
+set $mod Mod4
+floating_modifier $mod
+
+# Launch xterm.
+bindsym $mod+Return exec xterm
+
+# Launch programs via dmenu.
+bindsym $mod+d exec dmenu_run
+bindsym $mod+x exec dmenu_run
+
+# Kill window.
+bindsym $mod+Shift+Q kill
+
+# Move focus between windows.
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# Don't move focus with mouse.
+focus_follows_mouse no
+
+# Move windows.
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# Resize windows
+bindsym $mod+h resize shrink width 1 px or 1 ppt
+bindsym $mod+l resize grow width 1 px or 1 ppt
+bindsym $mod+j resize shrink height
+bindsym $mod+k resize grow height
+
+# Toggle fullscreen for focused window.
+bindsym $mod+f fullscreen
+
+# Toggle floating of window, focus on floating or tabbed windows.
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+space focus mode_toggle
+
+# Switch to workspace x.
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# Move window to workspace x.
+bindsym $mod+Shift+exclam move workspace 1
+bindsym $mod+Shift+quotedbl move workspace 2
+bindsym $mod+Shift+section move workspace 3
+bindsym $mod+Shift+dollar move workspace 4
+bindsym $mod+Shift+percent move workspace 5
+bindsym $mod+Shift+ampersand move workspace 6
+bindsym $mod+Shift+slash move workspace 7
+bindsym $mod+Shift+parenleft move workspace 8
+bindsym $mod+Shift+parenright move workspace 9
+bindsym $mod+Shift+equal move workspace 10
+
+# Reload i3 config file, restart (keeping sesion) i3, exit i3.
+bindsym $mod+Shift+C reload
+bindsym $mod+Shift+R restart
+bindsym $mod+Shift+P exit
+
+# Select "i3status" as i3 status bar, hide systray icons.
+bar {
+ tray_output none
+ status_command i3status
+}
+
+include ~/.config/i3/config_bonus
--- /dev/null
+# plomlompom's i3 status bar configuration
+
+# Activate colors; set update interval of one second.
+general {
+ colors = true
+ interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "disk /home/"
+order += "wireless wlp3s0"
+order += "ethernet enp0s25"
+order += "battery 0"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature 0"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+ format = "/: %avail available of %total"
+ separator_block_width = 25
+}
+
+# How much space is left in /home ?
+disk "/home/" {
+ format = "/home: %avail available of %total"
+ separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless wlp3s0 {
+ format_up = "w: (%quality at %essid) %ip"
+ format_down = "w: down"
+ separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet enp0s25 {
+ format_up = "e: %ip"
+ format_down = "e: down"
+ separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery 0 {
+ format = "b: %status %percentage %remaining"
+ separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+ format = "cpu: %usage"
+ separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+ format = "%1min %5min %15min"
+ separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature 0 {
+ format = "%degrees °C"
+ separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+ format = "%Y-%m-%d %H:%M:%S %z/%Z"
+ separator_block_width = 25
+}
+
+volume master {
+ format = "♪: %volume"
+ format_muted = "♪: muted (%volume)"
+ separator_block_width = 25
+}
--- /dev/null
+;; general layout
+;; ==============
+
+;; need no stinkin emacs help screen as start up, and no menu bar
+(setq inhibit-startup-screen t)
+(menu-bar-mode -1)
+
+;; highlight cursor line, parentheses
+(global-hl-line-mode 1)
+(show-paren-mode 1)
+
+;; show line numbers, use separator space
+(global-linum-mode)
+(setq linum-format "%d ")
+
+;; count cursor column, row in mode line
+(setq column-number-mode t)
+
+;; settings to make GUI tolerable
+(if window-system
+ (progn
+ (add-to-list 'default-frame-alist '(foreground-color . "white"))
+ (add-to-list 'default-frame-alist '(background-color . "black"))
+ (set-face-attribute 'default nil :height 80)
+ (scroll-bar-mode -1)
+ (setq visible-bell t)
+ (setq linum-format "%d")))
+
+;; use as default browser what XDG offers
+(setq-default browse-url-browser-function 'browse-url-xdg-open)
+
+
+
+;; general keybindings
+;; ===================
+
+;; create and use a minimal global map using just the self-insert command
+;; bindings and a selection of some to me very common keystrokes
+(setq minimal-map (make-sparse-keymap))
+(substitute-key-definition 'self-insert-command 'self-insert-command
+ minimal-map global-map)
+(use-global-map minimal-map)
+(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
+(global-set-key (kbd "RET") 'newline)
+(global-set-key (kbd "TAB") 'indent-for-tab-command)
+(global-set-key (kbd "<up>") 'previous-line)
+(global-set-key (kbd "<down>") 'next-line)
+(global-set-key (kbd "<left>") 'left-char)
+(global-set-key (kbd "<right>") 'right-char)
+(global-set-key (kbd "<prior>") 'scroll-down-command)
+(global-set-key (kbd "<next>") 'scroll-up-command)
+(global-set-key (kbd "M-x") 'execute-extended-command)
+(global-set-key (kbd "C-g") 'keyboard-quit)
+;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
+;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
+;; note how to switch back to the original map: (use-global-map global-map)
+(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
+
+
+
+;; minibuffer
+;; ==========
+
+;; incremental minibuffer completion
+(icomplete-mode 1)
+
+
+
+;; text editing
+;; ============
+
+;; tabs are evil
+(setq-default indent-tabs-mode nil)
+(setq-default tab-width 4)
+(setq indent-line-function 'insert-tab)
+
+;; show trailing whitespace
+(setq-default show-trailing-whitespace 1)
+
+;; on save, ask whether to ensure text file's last line ends in a
+;; newline character
+(setq require-final-newline 1)
+
+;; use dedicated directory for version-controlled, endless backups;
+;; never delete old versions
+(setq make-backup-files t
+ backup-directory-alist `(("." . "~/.emacs_backups"))
+ backup-by-copying t
+ version-control t
+ delete-old-versions 1) ;; neither t nor nil: never delete
+
+
+;; package management
+;; ==================
+
+;; where we get packages from
+(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
+ ("melpa-unstable" . "https://melpa.org/packages/")
+ ("melpa-stable" . "https://stable.melpa.org/packages/")))
+
+;; ensure certain packages are installed (actually, we use Debian repos here)
+;; credit to <https://stackoverflow.com/a/10093312>
+;(setq package-list '(elfeed ledger-mode))
+;(package-initialize)
+;(dolist (package package-list)
+; (unless (package-installed-p package)
+; (package-install package)))
+
+
+
+;;; window management
+;;; =================
+;
+;;; track window configurations to allow window config undo
+;(winner-mode 1)
+
+
+
+;; mail setup
+;; ==========
+
+(setq send-mail-function 'smtpmail-send-it)
+(setq smtpmail-smtp-server "mail.plomlompom.com")
+(setq smtpmail-smtp-service 465)
+(setq smtpmail-stream-type 'ssl)
+(setq smtpmail-smtp-user "plom")
+(setq mml-secure-openpgp-encrypt-to-self t)
+(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
+
+;(setq gnutls-log-level 0)
+
+;; if we don't set this, we get this warning:
+;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
+;; has been lowered to 256 bits and this may allow decryption of the session data
+(setq gnutls-min-prime-bits 1024)
+
+;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
+;; stream process, seemingly unless the /message/ function is called at the right
+;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
+;; in /network-stream-get-response/ right after "(goto-char start)"; this works
+;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
+;; buffer is not relevant, but maybe writing to the echo area is); activing the
+;; gnutls logging is just a hack to achieve such calls to /message/ in the
+;; /network-stream-open-tls/ flow.
+(setq gnutls-log-level 1) ; miraculously makes smtpmail work
+
+;; constructs From: domain if mail composer directly called (from without
+;; notmuch), but we don't actually intend to do that
+;(setq mail-host-address "plomlompom.com")
+
+;; otherwise notmuch becomes extremely slow in some cases
+(setq-default notmuch-show-indent-content nil)
+
+;; this only works if we use notmuch-mua-send instead of message-send
+(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
+
+;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
+;; in the message ID
+(setq mail-host-address "plomlompom.com")
+
+;; notmuch saved searches
+(setq notmuch-saved-searches
+ '((:name "inbox" :query "tag:unread and folder:inbox")
+ (:name "all" :query "tag:unread not folder:maildir/Trash")
+ (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
+ (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
+ (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
+ (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
+ (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
+
+
+
+;; org mode
+;; ========
+
+;; unsure why, but to re-set the key map, we not only have to explicitely do it
+;; only after org-mode loading, but also have to explicitely overwrite the
+;; C-c keybinding; TODO: investigate
+(with-eval-after-load 'org
+ (setq org-mode-map (make-sparse-keymap))
+ (define-key org-mode-map (kbd "C-c") nil)
+ (define-key org-mode-map (kbd "TAB") 'org-cycle)
+ (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
+
+;; don't truncate lines by default
+(setq org-startup-truncated nil)
+
+;; basic org-capture config
+(setq org-capture-templates
+ '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
+(add-hook 'org-capture-mode-hook 'evil-insert-state)
+
+;; agenda view on startup
+(load-library "find-lisp")
+(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
+(setq org-agenda-span 90)
+(setq org-agenda-use-time-grid nil)
+(add-hook 'emacs-startup-hook (lambda ()
+ (org-agenda-list)
+ (switch-to-buffer "*Org Agenda*")
+ (other-window 1)))
+
+;;; for calendar, use ISO date style
+;(setq calendar-date-style 'iso)
+;(setq diary-number-of-entries 7)
+;(diary)
+;(setq org-agenda-time-grid '((today require-timed remove-match)
+; #("----------------" 0 16 (org-heading t))
+; (0 200 400 600 800 1000 1200
+; 1400 1600 1800 2000 2200)))
+
+;; empty org-agenda-mode keybindings
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (setq org-agenda-mode-map (make-sparse-keymap))))
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (use-local-map (make-sparse-keymap))))
+
+;; org-publish-all
+(setq org-publish-project-alist
+ '(
+ ("website"
+ :base-directory "~/org/web/"
+ :base-extension "org"
+ :publishing-directory "~/html/"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4 ; Just the default for this project.
+ :auto-preamble t
+ )))
+
+;; use [ki:] syntax to hide stuff from exports
+(defun classify-information (text backend info)
+ "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
+ (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
+(add-hook 'org-export-filter-plain-text-functions 'classify-information)
+
+;; add HTML validator link to exports
+(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
+
+
+
+;;; Info mode
+;;; =========
+
+(setq Info-mode-map (make-sparse-keymap))
+(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
+(define-key Info-mode-map (kbd "u") 'Info-up)
+(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
+(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
+(define-key Info-mode-map (kbd "H") 'Info-history-back)
+(define-key Info-mode-map (kbd "L") 'Info-history-forward)
+(define-key Info-mode-map (kbd "I") 'Info-goto-node)
+(define-key Info-mode-map (kbd "i") 'Info-index)
+
+
+
+;; help mode
+;; =========
+
+(setq help-mode-map (make-sparse-keymap))
+(define-key help-mode-map (kbd "TAB") 'forward-button)
+(define-key help-mode-map (kbd "RET") 'help-follow)
+(define-key help-mode-map (kbd "<backtab>") 'backward-button)
+
+
+
+; ;; elfeed
+; ;; ======
+;
+; (require 'elfeed) ; needed so we can set the font faces
+; (set-face-background 'elfeed-search-title-face "magenta")
+; (set-face-background 'elfeed-search-unread-count-face "magenta")
+; (setq elfeed-feeds
+; '("https://capsurvival.blogspot.com/feeds/posts/default"
+; "https://jungle.world/rss.xml"
+; "http://news.dieweltistgarnichtso.net/bin/index.xml"
+; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
+; "http://www.tagesschau.de/xml/atom"))
+; (setq elfeed-search-mode-map (make-sparse-keymap))
+; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
+; (defun elfeed-search-mark-as-read() (interactive)
+; (elfeed-search-untag-all 'unread))
+; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
+; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
+; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
+; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
+; (setq elfeed-show-mode-map (make-sparse-keymap))
+; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
+; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
+; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
+; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
+; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
+;
+;
+;
+; ;; eww
+; ;; ===
+;
+; (setq eww-mode-map (make-sparse-keymap))
+; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key eww-mode-map (kbd "H") 'eww-back-url)
+; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
+
+
+
+;; ledger
+;; ======
+(setq ledger-mode-map (make-sparse-keymap))
+(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
+
+
+
+;;; plomvi mode
+;;; ===========
+
+(defvar plomvi-return-combo (kbd "C-c"))
+(load "~/public_repos/plomvi.el/plomvi.el")
+(plomvi-global-mode 1)
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
--- /dev/null
+IMAPAccount plom
+# Address to connect to
+Host mail.plomlompom.com
+User plom
+# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
+# therefore the pw in ~/.authinfo should not be longer than that.
+PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
+SSLType IMAPS
+AuthMechs LOGIN
+
+IMAPStore core-remote
+Account plom
+
+MaildirStore core-local
+# The trailing "/" is important
+Path ~/mail/maildir/
+Inbox ~/mail/inbox/
+
+Channel core
+Far :core-remote:
+Near :core-local:
+Patterns *
+# Automatically create missing mailboxes, both locally and on the server
+Create Both
+# Save the synchronization state files in the relevant directory
+SyncState *
+# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
+Expunge Both
--- /dev/null
+[database]
+path=/home/plom/mail
+[search]
+exclude_tags=deleted;spam;
+# the fields below set the From: if the mail composer is called from
+# within notmuch
+[user]
+name=Christian Heller
+primary_email=plom@plomlompom.com
--- /dev/null
+# sanitize tridactyllocal tridactylsync
+# guiset tabs always
+# guiset hoverlink left
+# guiset statuspanel right
+autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
+# bind ö fillcmdline find
+# bind n findnext 1
+# bind N findnext -1
+bind j scrollline 3
+bind k scrollline -3
+set hintuppercase false
+set searchengine duckduckgo
+set theme midnight
+set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
+set searchurls.dictcc https://www.dict.cc/?s=
+set hintchars 123456qwertasdfgyxcvb
+guiset gui none
+escapehatch
--- /dev/null
+# X init configuration
+
+# Set keymap.
+setxkbmap de
+
+# Map CapsLock to Compose key.
+xmodmap -e "clear Lock"
+xmodmap -e "keycode 66 = Multi_key"
+
+# Load xterm settings
+xrdb -merge ~/.Xresources
+
+# Redshift to Berlin, Germany.
+redshift -rl 53:13 &
+
+sh .xinitrc_bonus
+
+# Launch window manager.
+i3
--- /dev/null
+#!/bin/sh
+set -e
+
+basedir="/home/plom/mail/maildir/"
+# Ensure directories exist for all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ if [ ! -d "${target_dir}" ]; then
+ echo "Directory ${target_dir} does not exist."
+ exit 1
+ fi
+done
+
+# Ensure all "dir:*"-tagged mails are in proper directories,
+# remove all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ for f in $(notmuch search --output=files tag:"${tag}"); do
+ new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
+ target_path="${target_dir}${new_name}"
+ if [ ! "${target_path}" = "${f}" ]; then
+ echo "Moving ${f} to ${target_path}."
+ mv "${f}" "${target_path}"
+ # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
+ fi
+ done
+ notmuch tag -"${tag}" tag:"${tag}"
+done
+
+# Remove all "deleted"-tagged files from maildirs.
+notmuch search --output=files tag:deleted | while read f; do
+ echo "Deleting ${f}"
+ rm "${f}"
+done
+
+# Sync changes back to server and update notmuch index.
+mbsync -a
+notmuch new
--- /dev/null
+# List of repos we want cloned in ~/public_repos
+config
+pingmail.git
+plomlombot-irc.git
+plomrogue
+plomrogue2-experiments
+plomvi.el
+misc
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+shift 2
+
+cd "${setup_scripts_dir}"
+
+# Adapt /etc/ to our needs by copying from ./etc_files. This will set
+# basic configurations affecting following steps, such as setup of APT
+# and the locale selection, so needs to be right at the beginning.
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
+
+# Set hostname and FQDN.
+./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
+
+# Ensure package installation state as defined by what packages are
+# defined as required by Debian policy and by settings in ./apt-mark/.
+apt update
+./install_for_target.sh all "$@"
+./purge_nonrequireds.sh all "$@"
+
+# Ensure our desired locale is available.
+locale-gen
+
+# Only upgrade after reducing the system to the desired minimum, so that
+# we don't need to get more data than necessary.
+apt -y dist-upgrade
+
+# Set Berlin localtime.
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
--- /dev/null
+#!/bin/sh
+# Copy files in argument-selected subdirectories of $1 to subdirectories
+# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
+# of "" and $3 of "all", copy files below etc_files/all such as
+# etc_files/all/etc/foo/bar to equivalent locations below / such as
+# /etc/foo/bar. Create directories as necessary. Multiple arguments after
+# $3 are possible.
+#
+# CAUTION: This removes original files at the affected paths.
+set -e
+. ./misc.sh
+
+expect_n_args 3 "(source root, target root, modules)" "$@"
+
+source_root="$1"
+target_root="$2"
+shift 2
+
+for target_module in "$@"; do
+ mkdir -p "${source_root}/${target_module}"
+ cd "${source_root}/${target_module}"
+ for path in $(find . -type f); do
+ target_path="${target_root}"$(echo "${path}" | cut -c2-)
+ source_path=$(realpath "${path}")
+ dir=$(dirname "${target_path}")
+ mkdir -p "${dir}"
+ cp "${source_path}" "${target_path}"
+ done
+done
--- /dev/null
+#!/bin/sh
+# Walks through the package names in the argument-selected files of
+# apt-mark/ and ensures the respective packages are installed.
+#
+# Ignores anything in an apt-mark/ file after the last newline.
+set -e
+. ./misc.sh
+
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ # TODO: continue if file at $path not found, to get rid of dummy files
+ cat "${path}" | while read line; do
+ echo "$line"
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
+ fi
+ done
+done
--- /dev/null
+#!/bin/sh
+set -e
+debian_version="testing"
+legal_system_names="x220 w530 h610m"
+config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
+if [ ! -d "${config_tree_prefix}" ]; then
+ config_tree_prefix="${HOME}/config/${debian_version}"
+fi
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+expect_n_args() {
+ min_args="$1"
+ explainer="$2"
+ shift 2
+ if [ "$#" -lt "${min_args}" ]; then
+ echo "Need at least ${min_args} arguments … ${explainer}"
+ false
+ fi
+}
+
+expect_setup_finished_file() {
+ filename="$1"
+ setup_script="$2"
+ if [ ! -f "${HOME}/${filename}" ]; then
+ echo "First need to run ${setup_script}."
+ false
+ fi
+}
+
+get_system_name_arg() {
+ found=0
+ for system_name_i in $legal_system_names; do
+ if [ "$1" = "$system_name_i" ]; then
+ found=1
+ system_name="${system_name_i}"
+ continue
+ fi
+ done
+ if [ "$found" = 0 ]; then
+ echo "Need legal system name."
+ false
+ fi
+}
--- /dev/null
+#!/bin/sh
+# This script removes all Debian packages that are not of Priority
+# "required" or not depended on by packages of priority "required"
+# or not listed in the argument-selected files of apt-mark/.
+set -e
+. ./misc.sh
+
+# FIXME packages listed twice in the aptmark_dir get blacklisted?
+
+dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ cat "${path}" | while read line; do
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ echo "${line}" >> /tmp/list_white_unsorted
+ fi
+ done
+done
+sort /tmp/list_white_unsorted > /tmp/list_white
+dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
+sort /tmp/list_all_packages > /tmp/foo
+mv /tmp/foo /tmp/list_all_packages
+comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
+apt-mark auto `cat /tmp/list_black`
+DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
+
+# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab.
+# TODO: Find out why.
+mount -a
--- /dev/null
+#!/bin/sh
+# Sets hostname and optionally FQDN.
+#
+# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
+# writing follows recommendations from Debian manual at
+# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
+# (section "The hostname resolution") on how to map hostname and possibly
+# FQDN to a permanent IP if present (we assume here any non-private IP
+# and non-loopback IP returned by hostname -I to fulfill that criterion
+# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
+# localhost and hostname mapping to different IPs, see
+# <https://unix.stackexchange.com/a/13087>.
+#
+# Ignores IPv6s.
+set -e
+. ./misc.sh
+
+expect_n_args 1 "(hostname, fqdn)" "$@"
+
+hostname="$1"
+fqdn="$2"
+echo "${hostname}" > /etc/hostname
+hostname "${hostname}"
+
+final_ip="127.0.1.1"
+for ip in $(hostname -I); do
+ if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
+ continue
+ fi
+ range_1=$(echo "${ip}" | cut -d "." -f 1)
+ range_2=$(echo "${ip}" | cut -d "." -f 2)
+ if [ "${range_1}" -eq 127 ]; then
+ continue
+ elif [ "${range_1}" -eq 10 ]; then
+ continue
+ elif [ "${range_1}" -eq 172 ]; then
+ if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+ continue
+ fi
+ elif [ "${range_1}" -eq 192 ]; then
+ if [ "${range_2}" -eq 168 ]; then
+ continue
+ fi
+ fi
+ final_ip="${ip}"
+done
+
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+# Set up system without user environment.
+cd "${setup_scripts_dir}"
+if [ "$system_name" = "w530" ] || [ "$system_name" = "x220" ]; then
+ ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
+else
+ ./_setup.sh "${system_name}" "" user desktop "${system_name}"
+fi
+
+# Upgrade to testing, but hold kernel known to work with nvidia-drivers.
+sed -i 's/bookworm/testing/g' /etc/apt/sources.list
+if [ "$system_name" = "h610m" ]; then
+ apt-mark hold linux-image-amd64 linux-headers-amd64
+fi
+apt update
+apt dist-upgrade
+
+# Set up user environments.
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
+adduser --disabled-password --gecos "" plom
+usermod -a -G sudo plom
+passwd plom
+cp -a ~/config /home/plom
+chown -R plom:plom /home/plom/config
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+cd $setup_scripts_dir
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
+
+# secrets_dev="sdb"
+# source_dir_secrets="/media/${secrets_dev}/to_usb"
+# target_dir_secrets="${HOME}/tmp_secrets"
+# echo "Put secrets drive into slot for /dev/${secrets_dev}."
+# while [ ! -e /dev/"${secrets_dev}" ]; do
+# sleep 1
+# done
+# stty -echo
+# printf "Secrets passphrase: "
+# read SECRETS_PASS
+# stty echo
+# echo "" # newline so user knows their input return was accepted
+# sudo -v
+# echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
+# cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+# sudo chown -R plom:plom "${target_dir_secrets}"
+# sudo pumount "${secrets_dev}"
+# echo "You can remove /dev/${secrets_dev} now."
+#
+# # Set up iniitial non-public parts of infrastructure: SSH authentication.
+# ssh_dir=~/.ssh
+# cd "${target_dir_secrets}"
+# mkdir -p "${ssh_dir}"
+# echo "Setting up .ssh"
+# cp id_rsa ~/.ssh
+# stty -echo
+# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+# stty echo
+# eval $(ssh-agent)
+# ssh-add
+# ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+#
+# # Fill ~/public_repos.
+# public_repos_dir="${HOME}/public_repos"
+# repos_list_file="${public_repos_dir}/repos"
+# mkdir -p "${public_repos_dir}"
+# cat "${repos_list_file}" | while read line; do
+# first_char=$(echo "${line}" | cut -c1)
+# if [ "${first_char}" = "#" ]; then
+# continue
+# fi
+# repo_name="${line}"
+# if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+# cd "${public_repos_dir}"
+# git clone plom@plomlompom.com:/var/repos/${repo_name}
+# fi
+# done
+#
+# # Remove redundant config repo copy.
+# config_tree_prefix="${public_repos_dir}/config/${debian_version}"
+# rm -rf ~/config
+#
+# # Set up native messenger for tridactyl.
+# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
+# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
+#
+# # Set up further non-public parts of infrastructure.
+# cd "${target_dir_secrets}"
+# script -c 'gpg --import secret_keys.asc' /dev/null
+# path_borgscript="${config_tree_prefix}//borg.sh"
+#
+# # borg setup
+# borgkeys_dir=~/.config/borg/keys
+# borgrepos_file=~/.borgrepos
+# tar xf borg_keyfiles.tar
+# mkdir -p "${borgkeys_dir}"
+# mv borg_keyfiles/* "${borgkeys_dir}"
+# # Sync org dir via borgbackup. For this we need the borgbackup servers
+# # in our .ssh/known_hosts file.
+# cat "${borgrepos_file}" | while read line; do
+# first_char=$(echo "${line}" | cut -c1)
+# if [ "${first_char}" = "#" ]; then
+# continue
+# fi
+# server=$(echo "${line}" | sed 's/.*@//')
+# ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+# done
+# BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+#
+# # .authinfo may not be present on every secrets drive yet
+# authinfo_file=.authinfo
+# if [ -f "${authinfo_file}" ]; then
+# cp "${authinfo_file}" ~
+# fi
+# cd
+#
+# maildir=~/mail/maildir
+# # # Set up e-mail system. Note that we only do mbsync if the imap pass file
+# # # is found. It may not be present on every secrets drive yet, so we have to
+# # # deal with the possibility of it being absent at this point.
+# mkdir -p "${maildir}" # expected by mbsync/isync
+# if [ -f "${HOME}/${authinfo_file}" ]; then
+# mbsync -a
+# notmuch new
+# fi
+#
+# # # Final note on how to integrate tridactyl.
+# # echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
projects / config / commitdiff