aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2022-12-18 11:18:14 +0000
committerterminaldweller <thabogre@gmail.com>2022-12-18 11:18:14 +0000
commit48bc5c779635cd369672405483082115d4f5112b (patch)
tree0db3be47d825ea04081027f2887290c3fd88ff92
parentupdate (diff)
downloadscripts-48bc5c779635cd369672405483082115d4f5112b.tar.gz
scripts-48bc5c779635cd369672405483082115d4f5112b.zip
update
Diffstat (limited to '')
-rw-r--r--.mutt/.muttrc3
-rw-r--r--.mutt/account.gmail8
-rw-r--r--.mutt/account.self2
-rw-r--r--.newsboat/config7
-rw-r--r--.newsboat/urls175
-rw-r--r--.vimrc4
-rw-r--r--.zshrc32
-rw-r--r--db/mongo/build_db.js2
-rw-r--r--etc/libvirt/qemu.conf970
-rw-r--r--init.vim2
-rw-r--r--irssi/Dockerfile29
-rw-r--r--irssi/tor/Dockerfile90
-rw-r--r--irssi/tor/proxychains.conf68
-rw-r--r--keymap.kbd2
-rw-r--r--terminaldweller.com/cgit/bootstrap/Dockerfile3
-rwxr-xr-xterminaldweller.com/cgit/bootstrap/bootstrap.sh7
-rwxr-xr-xterminaldweller.com/cgit/bootstrap/docker-entrypoint.sh3
-rw-r--r--terminaldweller.com/ejabberd/docker-compose.yaml2
-rw-r--r--terminaldweller.com/haproxy/haproxy.cfg10
-rw-r--r--terminaldweller.com/main/docker-compose.yaml21
-rw-r--r--terminaldweller.com/main/nginx.conf30
-rw-r--r--terminaldweller.com/main/srv/.well-known/webfinger/finger.json1
22 files changed, 1339 insertions, 132 deletions
diff --git a/.mutt/.muttrc b/.mutt/.muttrc
index 60ad3cb..0783b14 100644
--- a/.mutt/.muttrc
+++ b/.mutt/.muttrc
@@ -3,7 +3,8 @@ set mailcap_path= $HOME/.mutt/mailcap
set allow_ansi
set smart_wrap
set imap_keepalive = 900
-set timeout=60
+set timeout = 300
+set mail_check = 60
set move = no
# need cyrus-sasl-module to work
set ssl_starttls=yes
diff --git a/.mutt/account.gmail b/.mutt/account.gmail
index ca53300..dc92edc 100644
--- a/.mutt/account.gmail
+++ b/.mutt/account.gmail
@@ -7,10 +7,10 @@ source "gpg -d ~/scripts/mail.gmail.pass.gpg |"
set smtp_url = 'smtp://thabogre@smtp.gmail.com:587'
set realname = 'farzad sadeghi'
set folder = 'imaps://imap.gmail.com:993'
-set spoolfile = '+Inbox'
-set postponed = '+Drafts'
-set record = '+Sent'
-set trash = ''
+set spoolfile = '+INBOX'
+set postponed = '+[Gmail]/Drafts'
+set record = '+[Gmail]/Sent Mail'
+set trash = '+[Gmail]/Trash'
set header_cache = ~/.mutt/gmail/cache/headers
set message_cachedir = ~/.mutt/gmail/cache/bodies
set certificate_file = ~/.mutt/gmail/certificates
diff --git a/.mutt/account.self b/.mutt/account.self
index 71d3b72..7588110 100644
--- a/.mutt/account.self
+++ b/.mutt/account.self
@@ -15,4 +15,4 @@ set header_cache = ~/.mutt/self/cache/headers
set message_cachedir = ~/.mutt/self/cache/bodies
set certificate_file = ~/.mutt/self/certificates
# mailboxes "+INBOX" "+Drafts" "+Sent" "+Trash"
-mailboxes "+INBOX"
+mailboxes "+INBOX" "+INBOX/Github" "+INBOX/Linkedin"
diff --git a/.newsboat/config b/.newsboat/config
index 6fdd931..2e77bf0 100644
--- a/.newsboat/config
+++ b/.newsboat/config
@@ -41,3 +41,10 @@ highlight article "\\[image [0-9][0-9]*\\]" color72 default bold
highlight article "\\[embedded flash: [0-9][0-9]*\\]" color72 default bold
highlight article ":.*\\(embedded flash\\)$" color74 default
highlight article ":.*\\(image\\)$" color74 default
+
+# highlight articlelist "https?://[^ ]+" yellow red bold
+# highlight articlelist "[0-9]+" yellow red bold
+
+articlelist-format "%4i %f %D %L %?T?;%-17T; ?%t %a"
+# articlelist-title-format "%N %V %S %n - Articles in feed %T (%u unread, %t total) - %U \n %l - %L"
+feedlist-format "%4i %4S %11T %n %11u %t"
diff --git a/.newsboat/urls b/.newsboat/urls
index be4e0ce..5a1c68c 100644
--- a/.newsboat/urls
+++ b/.newsboat/urls
@@ -3,101 +3,100 @@ http://feeds.feedburner.com/abseilio
https://www.cyberciti.biz/atom/atom.xml
https://www.semicolonandsons.com/feed
https://blog.terminaldweller.com/rss/feed
-https://suckless.org/atom.xml
+https://suckless.org/atom.xml "~Suckless"Suckless
https://microservices.io/feed.xml
-https://news.ycombinator.com/rss
+https://news.ycombinator.com/rss "~HN"HN
# (Twitter)
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=_margery28_&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Marg"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PancakeSwap&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Pancakeswap"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=OrchidProtocol&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~OrchidProtocol"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=ethereum&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Ethereum"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=torproject&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~TorProject"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=HiveBlockchain&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Hive"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PrivexInc&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Privex"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=binance&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~binance"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"_("Twitter")
-https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=nobitexmarket&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~nobitex"_("Twitter")
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=_margery28_&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Marg"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PancakeSwap&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Pancakeswap"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=OrchidProtocol&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~OrchidProtocol"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=ethereum&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Ethereum"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=torproject&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~TorProject"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=HiveBlockchain&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Hive"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PrivexInc&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Privex"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=binance&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~binance"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"Twitter
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=nobitexmarket&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~nobitex"Twitter
# (Youtube)
# Horror
-https://www.youtube.com/feeds/videos.xml?channel_id=UC4QEH0BC7ZQMYIEmr1yAHfQ "~RomNex"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCVLZiwP7Hz7GDDaETFmUs7Q "~Magnetar"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCHIKRYVrVYwKb2QpoLG5W3w "~Lighthouse_Horror"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC8AaO8zkIoxbUp1_p0rl13g "~Oculus_Impera"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCnK36WwcJDTEhyS7w3SQntg "~Creepy_Ghost_Stories"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCcZ_-5180OBED8NBkZgkRmQ "~Dr._Creepen"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCcmEL8JoDBE25gvCFkrqhcw "~TheVolgun"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC_e39rWdkQqo5-LbiLiU10g "~The_Dark_Somnium"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC79H1bXWDNodOD8_VtZd_DA "~Chilling_Tales_for_Dark_Nights"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UClVIqFHcD0Dvh6BB-bYq1rg "~TheDarkCosmos"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=MrCreepyPasta "~Mr_Creepypasta"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=NaturesTemper "~NaturesTemper"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=ManggMangg "~The_Exploring_Series"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=Luetin09 "~Luetin09"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=CreepsMcPasta "~CreepsMcPasta"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=WeArEraW11 "~ScaryJUJU"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCuoMasRkMhlj1VNVAOJdw5w "~Local58TV"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC9YXCCz-A28lxhMA-ArfBaA "~Gemini_Home_Entertainment"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCxMZO9A4Jixjr9lbgeBiQ6w "~Vormithrax"_("youtube")
+https://www.youtube.com/feeds/videos.xml?channel_id=UC4QEH0BC7ZQMYIEmr1yAHfQ "~RomNex"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCVLZiwP7Hz7GDDaETFmUs7Q "~Magnetar"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCHIKRYVrVYwKb2QpoLG5W3w "~Lighthouse_Horror"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC8AaO8zkIoxbUp1_p0rl13g "~Oculus_Impera"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCnK36WwcJDTEhyS7w3SQntg "~Creepy_Ghost_Stories"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCcZ_-5180OBED8NBkZgkRmQ "~Dr._Creepen"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCcmEL8JoDBE25gvCFkrqhcw "~TheVolgun"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC_e39rWdkQqo5-LbiLiU10g "~The_Dark_Somnium"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC79H1bXWDNodOD8_VtZd_DA "~Chilling_Tales_for_Dark_Nights"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UClVIqFHcD0Dvh6BB-bYq1rg "~TheDarkCosmos"youtube
+https://www.youtube.com/feeds/videos.xml?user=MrCreepyPasta "~Mr_Creepypasta"youtube
+https://www.youtube.com/feeds/videos.xml?user=NaturesTemper "~NaturesTemper"youtube
+https://www.youtube.com/feeds/videos.xml?user=ManggMangg "~The_Exploring_Series"youtube
+https://www.youtube.com/feeds/videos.xml?user=Luetin09 "~Luetin09"youtube
+https://www.youtube.com/feeds/videos.xml?user=CreepsMcPasta "~CreepsMcPasta"youtube
+https://www.youtube.com/feeds/videos.xml?user=WeArEraW11 "~ScaryJUJU"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCuoMasRkMhlj1VNVAOJdw5w "~Local58TV"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC9YXCCz-A28lxhMA-ArfBaA "~Gemini_Home_Entertainment"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCxMZO9A4Jixjr9lbgeBiQ6w "~Vormithrax"youtube
# Tech
-https://www.youtube.com/feeds/videos.xml?channel_id=UCqK_GSMbpiV8spgD3ZGloSw "~Coin Bureau"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC-91UA-Xy2Cvb98deRXuggA "~Joshua Fluke"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC17mJJnvzAa_e9qQqLIfIeQ "~Semicolon&amp;Sons"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC2eYFnH61tmytImy1mTYvhA "~Luke_Smith"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC4w1YQAJMWOz4qtxinq55LQ "~Level1Techs"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC7YOGHUfC1Tb6E4pudI9STA "~Mental_Outlaw"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC5e__RG9K3cHrPotPABnrwg "~BoostCon"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC8ENHE5xdFSwx71u3fDH5Xw "~ThePrimeagen"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC9-y-6csu5WGm29I7JiwpnA "~Computerphile"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCD0y51PJfvkZNe3y3FR5riw "~Chyrosran22"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCorzANoC3fX9VVefJHM5wtA "~Nick_Janetakis"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCoxcjq-8xIDTYp3uz647V5A "~Numberphile"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCyUBW72KU30dfAYWLVNZO8Q "~Stefan_Mischook"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCyp1gCHZJU_fGWFf2rtMkCg "~Numberphile2"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCvEdeev3sZoxi5hMksZI4KA "~gotbletu"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCJ6q9Ie29ajGqKApbLqfBOg "~Black_Hat"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCMlGfpWw-RUdWX_JbLCukXg "~CppCon"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCOWcZ6Wicl-1N34H0zZe38w "~Level1Linux"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCQ-W1KE9EYfdxhL6S4twUNw "~The_Cherno"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCfhSB16X9MXhzSFe_H7XbHg "~Bryan_Jenks"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCQN2DsjnYH60SFBIA6IkNwg "~STÖEK"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCS97tchJDq17Qms3cux8wcA "~Chrisatmachine"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCVls1GmFKf6WlTraIb_IaJg "~DistroTube"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCgTNupxATBfWmfehv21ym-g "~Null_Byte"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "~Brodie_Robertson"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "~Linus_Tech_Tips"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCa6eh7gCkpPo5XXUDfygQQA "~Ippsec"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCdngmbVKX1Tgre699-XLlUA "~Tech_World_With_Nana"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCfp-lNJy4QkIGnaEE6NtDSg "~Terminalforlife"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCylGUf9BvQooEFjgdNudoQg "~The_Linux_Cast"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCVhQ2NnY5Rskt6UjCUkJ_DA "~Arjan_code"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCFQMnBA3CS502aghlcr0_aw "~Coffezilla"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCaw_Lz7oifDb-PZCAcZ07kw "~The_Linux_Experiment"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCsBjURrPoezykLs9EqgamOA "~Fireship"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCW6xlqxSY3gGur4PkGPEUeA "~Seytonic"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCqajGNTzlQLk5uRsD8R5m3Q "~Wolf_Lord_Rho"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCUdkjbeIFea0qUSgwR1CUOg "~Studying_With_Alex"_("youtube")
+https://www.youtube.com/feeds/videos.xml?channel_id=UCqK_GSMbpiV8spgD3ZGloSw "~Coin Bureau"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC-91UA-Xy2Cvb98deRXuggA "~Joshua Fluke"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC17mJJnvzAa_e9qQqLIfIeQ "~Semicolon&amp;Sons"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC2eYFnH61tmytImy1mTYvhA "~Luke_Smith"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC4w1YQAJMWOz4qtxinq55LQ "~Level1Techs"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC7YOGHUfC1Tb6E4pudI9STA "~Mental_Outlaw"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC5e__RG9K3cHrPotPABnrwg "~BoostCon"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC8ENHE5xdFSwx71u3fDH5Xw "~ThePrimeagen"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC9-y-6csu5WGm29I7JiwpnA "~Computerphile"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCD0y51PJfvkZNe3y3FR5riw "~Chyrosran22"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCorzANoC3fX9VVefJHM5wtA "~Nick_Janetakis"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCoxcjq-8xIDTYp3uz647V5A "~Numberphile"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCyUBW72KU30dfAYWLVNZO8Q "~Stefan_Mischook"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCyp1gCHZJU_fGWFf2rtMkCg "~Numberphile2"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCvEdeev3sZoxi5hMksZI4KA "~gotbletu"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCJ6q9Ie29ajGqKApbLqfBOg "~Black_Hat"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCMlGfpWw-RUdWX_JbLCukXg "~CppCon"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCOWcZ6Wicl-1N34H0zZe38w "~Level1Linux"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCQ-W1KE9EYfdxhL6S4twUNw "~The_Cherno"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCfhSB16X9MXhzSFe_H7XbHg "~Bryan_Jenks"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCQN2DsjnYH60SFBIA6IkNwg "~STÖEK"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCS97tchJDq17Qms3cux8wcA "~Chrisatmachine"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCVls1GmFKf6WlTraIb_IaJg "~DistroTube"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCgTNupxATBfWmfehv21ym-g "~Null_Byte"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "~Brodie_Robertson"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "~Linus_Tech_Tips"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCa6eh7gCkpPo5XXUDfygQQA "~Ippsec"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCdngmbVKX1Tgre699-XLlUA "~Tech_World_With_Nana"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCfp-lNJy4QkIGnaEE6NtDSg "~Terminalforlife"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCylGUf9BvQooEFjgdNudoQg "~The_Linux_Cast"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCVhQ2NnY5Rskt6UjCUkJ_DA "~Arjan_code"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCFQMnBA3CS502aghlcr0_aw "~Coffezilla"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCaw_Lz7oifDb-PZCAcZ07kw "~The_Linux_Experiment"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCsBjURrPoezykLs9EqgamOA "~Fireship"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCW6xlqxSY3gGur4PkGPEUeA "~Seytonic"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCqajGNTzlQLk5uRsD8R5m3Q "~Wolf_Lord_Rho"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCUdkjbeIFea0qUSgwR1CUOg "~Studying_With_Alex"youtube
-https://www.youtube.com/feeds/videos.xml?user=g297125009 "~Gavin_Freeborn"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=Hak5Darren "~Hak_5"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=GISIGeometry "~Hussein_Nasser"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=geerlingguy "~Jeff_Geerling"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=JtheLinuxguy "~Learn_Linux_TV"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=NetworkChuck "~NetworkChuck"_("youtube")
+https://www.youtube.com/feeds/videos.xml?user=g297125009 "~Gavin_Freeborn"youtube
+https://www.youtube.com/feeds/videos.xml?user=Hak5Darren "~Hak_5"youtube
+https://www.youtube.com/feeds/videos.xml?user=GISIGeometry "~Hussein_Nasser"youtube
+https://www.youtube.com/feeds/videos.xml?user=geerlingguy "~Jeff_Geerling"youtube
+https://www.youtube.com/feeds/videos.xml?user=JtheLinuxguy "~Learn_Linux_TV"youtube
+https://www.youtube.com/feeds/videos.xml?user=NetworkChuck "~NetworkChuck"youtube
# Misc
-https://www.youtube.com/feeds/videos.xml?channel_id=UC0Whg8Zz7TT1VSpWeCjghKg "~-sokoninaru-そこに鳴る"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC3M7l8ved_rYQ45AVzS0RGA "~The_Jimmy_Dore_Show"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC6gD8kk_Z_5bX2PcRk2fwDg "~Pagefire"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCQPmOWNza6PMesQaWWBEhJA "~Anabolic_Aliens"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCS5tt2z_DFvG7-39J3aE-bQ "~Life_of_Boris"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCVHOgH4XEyYx-ZEaya1XqCQ "~Cryo_Chamber"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCWUxLYGeeIKxxioUqL54Q8g "~GP-_Penitentiary_Life_Wes_Watson"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UC_NSOckDnuypJK_FpCO6ogA "~SGtMarkIV"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCchBatdUMZoMfJ3rIzgV84g "~Viva_La_Dirt League"_("youtube")
-https://www.youtube.com/feeds/videos.xml?channel_id=UCoJTOwZxbvq8Al8Qat2zgTA "~Kim_Iversen"_("youtube")
-https://www.youtube.com/feeds/videos.xml?user=lexfridman "~Lex_Fridman"_("youtube")
-
+https://www.youtube.com/feeds/videos.xml?channel_id=UC0Whg8Zz7TT1VSpWeCjghKg "~-sokoninaru-そこに鳴る"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC3M7l8ved_rYQ45AVzS0RGA "~The_Jimmy_Dore_Show"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC6gD8kk_Z_5bX2PcRk2fwDg "~Pagefire"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCQPmOWNza6PMesQaWWBEhJA "~Anabolic_Aliens"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCS5tt2z_DFvG7-39J3aE-bQ "~Life_of_Boris"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCVHOgH4XEyYx-ZEaya1XqCQ "~Cryo_Chamber"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCWUxLYGeeIKxxioUqL54Q8g "~GP-_Penitentiary_Life_Wes_Watson"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UC_NSOckDnuypJK_FpCO6ogA "~SGtMarkIV"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCchBatdUMZoMfJ3rIzgV84g "~Viva_La_Dirt League"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCoJTOwZxbvq8Al8Qat2zgTA "~Kim_Iversen"youtube
+https://www.youtube.com/feeds/videos.xml?user=lexfridman "~Lex_Fridman"youtube
diff --git a/.vimrc b/.vimrc
index 1645911..0a69f93 100644
--- a/.vimrc
+++ b/.vimrc
@@ -32,7 +32,7 @@ set laststatus=2
set smartcase
set more
set lazyredraw
-set synmaxcol=333
+set synmaxcol=500
syntax sync minlines=64
set ttyfast
set relativenumber
@@ -1140,7 +1140,7 @@ autocmd FileType javasript let b:vcm_tab_complete = 'omni'
"sets the dictionary for autocompletion with <C-n> and <C-p> for the
"filetypes
set dictionary+=/usr/share/dict/words
-autocmd FileType markdown,text,vimwiki,tex setlocal complete+=k
+autocmd FileType pandoc,markdown,text,vimwiki,tex setlocal complete+=k
"fzf
map <leader>f <Esc><Esc>:Files!<CR>
diff --git a/.zshrc b/.zshrc
index bf8bf19..dfbc93e 100644
--- a/.zshrc
+++ b/.zshrc
@@ -136,9 +136,9 @@ alias fixpgclirc="cp ~/scripts/.config/pgcli/config ~/.config/pgcli/config"
alias jupyterlab="jupyter lab --no-browser --port 9989"
alias iredisrc="vim ~/scripts/.iredisrc"
alias fixiredisrc="cp ~/scripts/.iredisrc ~/.iredisrc"
-# alias irssi="irssi -n terminaldweller"
-# alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" --network=host -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro bloodstalker/irssi:latest"
-alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi"
+# alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi"
+alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi"
+alias tor_irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none tor_irssi"
alias openbb="TERM=screen-256color \
docker \
run \
@@ -200,7 +200,7 @@ alias socks5vpn6="autossh -M 0 -N -D 9993 -o ServerAliveInterval=180 -o ServerAl
alias socks5vpn7="autossh -M 0 -N -D 9992 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 130.185.47.81"
alias socks5vpn8="autossh -M 0 -N -D 0.0.0.0:9989 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208"
alias tormapped6="autossh -M 0 -N -L 9053:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46"
-alias tormapped8="autossh -M 0 -N -L 9054:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208"
+alias tormapped8="autossh -M 0 -N -L 0.0.0.0:9054:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208"
alias k9sskin="vim ~/scripts/.k9s/skin.yml"
alias k9sconfig="vim ~/scripts/.k9s/config.yml"
alias fixk9sskin="cp ~/scripts/.k9s/skin.yml ~/.config/k9s/skin.yml"
@@ -220,8 +220,8 @@ alias zh_linux="zssh dev@192.168.90.17"
alias zh_router_root="zssh root@192.168.90.71"
alias zh_router_admin="zssh admin@192.168.90.71"
alias youtube_dl="proxychains4 -f /home/devi/proxies/ice/proxychains.conf youtube-dl"
-alias campv="proxychains4 -f /home/devi/proxies/ca/proxychains.conf mpv --no-video"
-alias tormpv="torsocks mpv --no-video"
+# alias campv="proxychains4 -f /home/devi/proxies/ca/proxychains.conf mpv --no-video"
+alias tormpv="torsocks --port 9054 mpv --no-video"
alias youtube144="proxychains4 -f /home/devi/proxies/ice/proxychains.conf mpv --ytdl-format=160+249"
alias youtube360="proxychains4 -f /home/devi/proxies/ice/proxychains.conf mpv --ytdl-format=243+160"
alias youtube480="proxychains4 -f /home/devi/proxies/ice/proxychains.conf mpv --ytdl-format=244+140"
@@ -243,7 +243,7 @@ alias qutebrowserrc="vim ~/scripts/qtbrowser/config.py"
alias fixqutebrowserrc="cp ~/scripts/qtbrowser/config.py ~/.config/qutebrowser/config.py"
alias pulsemixer="pulsemixer --color 1"
# alias vagrant="https_proxy=http://[::1]:8118 vagrant --color --timestamp"
-alias vagrant="https_proxy=socks5://[::1]:9993 vagrant --color --timestamp"
+alias vagrant="vagrant --color --timestamp"
alias vm_disposable="cp ~/scripts/vagrant/disposable/Vagrantfile ."
alias vm_disposable_alpine="cp ~/scripts/vagrant/disposable-alpine/Vagrantfile ."
alias checktor="curl --socks5 localhost:9054 --socks5-hostname localhost:9050 -s https://check.torproject.org/api/ip"
@@ -302,15 +302,18 @@ alias scapy="scapy -H"
alias dg="grc /usr/bin/dig"
alias lsof="grc lsof"
alias xxd="xxd -g 2 -E -u -c 32"
-alias torcurl='curl --connect-timeout 10 --user-agent "$(get_random_ua.sh)" --socks5-hostname localhost:9053'
+alias torcurl='curl -s --connect-timeout 10 --user-agent "$(get_random_ua.sh)" --socks5-hostname localhost:9053'
alias gpg2="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg2"
alias gpg="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg"
-alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,a,b,u,e,D,m,S,s,P'
+# alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,a,b,u,e,D,m,S,s,P'
+alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,volatile.eth0.hwaddr:MAC,a,b,u,e,D,m,S,s,P -f compact type=container status=running'
alias iptables="grc iptables"
alias ping="grc ping"
alias list_iptables="sudo iptables -nvL --line-numbers"
alias sensors_pp="sensors -A -j 2> /dev/null | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER"
alias vdiff="vimdiff"
+alias virt-top="/nix/store/gn20hprla1p86fkvml4c6im3839vmlzn-virt-top-1.1.1/bin/virt-top"
+alias fox_in_a_box='ssh -X -i /home/devi/devi/vagrantboxes.git/main/dispffox/.vagrant/machines/default/libvirt/private_key vagrant@virt-dispffox.vagrant-libvirt "XAUTHORITY=/home/vagrant/.Xauthority firefox"'
# change the 4th terminal color to #0000ff
# echo -e '\e]P40000ff'
@@ -494,6 +497,8 @@ export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.8
export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.8/node/14.18.2_64bit/bin
export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.8/upstream/emscripten
export PATH=$PATH:/home/devi/devi/git-scripts.git/master
+# flatpaks
+export PATGH=$PATH:/var/lib/flatpak/exports/bin
ks() {
grc kubectl -n kube-system "$@"
@@ -672,14 +677,13 @@ dff() {
}
jcurl() {
- curl --connect-timeout 10 "$@" | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER
+ torsocks --port 9054 curl -s --connect-timeout 10 "$@" | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER
}
xcurl() {
- curl --connect-timeout 10 "$@" | xml_pp | pygmentize -l xml -P style=$PYGMENTIZE_STYLE | $PAGER
+ torsocks --port 9054 curl -s --connect-timeout 10 "$@" | xml_pp | pygmentize -l xml -P style=$PYGMENTIZE_STYLE | $PAGER
}
-
hcurl() {
- torsocks --port 9054 curl --connect-timeout 10 -i -D /dev/stderr --user-agent "$(get_random_ua.sh)" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE | $PAGER
+ torsocks --port 9054 curl -s --connect-timeout 10 -i -D /dev/stderr --user-agent "$(get_random_ua.sh)" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE | $PAGER
}
# these i stole from junegunn to try out
@@ -778,7 +782,7 @@ export LESS_TERMCAP_me=$'\e[0m' # end mode
export LESS_TERMCAP_se=$'\e[0m' # end standout-mode
# export LESS_TERMCAP_so=$'\e[38;5;246m' # begin standout-mode - info box
# export LESS_TERMCAP_so=$'\e[1;92m' # begin standout-mode - info box
-export LESS_TERMCAP_so=$'\x1b[38;5;22m'
+export LESS_TERMCAP_so=$'\x1b[48;5;22m\x1b[38;5;0m'
export LESS_TERMCAP_ue=$'\e[0m' # end underline
export LESS_TERMCAP_us=$'\e[04;38;5;146m' # begin underline
# handle the format of the zsh built-in time
diff --git a/db/mongo/build_db.js b/db/mongo/build_db.js
index a50162e..9273193 100644
--- a/db/mongo/build_db.js
+++ b/db/mongo/build_db.js
@@ -57,7 +57,7 @@ const movies_obj = {
};
const stash_obj = {
- something: "https://spankbang.com/74bwd/video/porn",
+ momotaro: "https://www.tnaflix.com/amateur-porn/fcdc-056/video6241864",
};
function inser_into_db(mongo_collection, object) {
diff --git a/etc/libvirt/qemu.conf b/etc/libvirt/qemu.conf
new file mode 100644
index 0000000..57b2848
--- /dev/null
+++ b/etc/libvirt/qemu.conf
@@ -0,0 +1,970 @@
+# Master configuration file for the QEMU driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# Use of TLS requires that x509 certificates be issued. The default is
+# to keep them in /etc/pki/qemu. This directory must contain
+#
+# ca-cert.pem - the CA master certificate
+# server-cert.pem - the server certificate signed with ca-cert.pem
+# server-key.pem - the server private key
+#
+# and optionally may contain
+#
+# dh-params.pem - the DH params configuration file
+#
+# If the directory does not exist, libvirtd will fail to start. If the
+# directory doesn't contain the necessary files, QEMU domains will fail
+# to start if they are configured to use TLS.
+#
+# In order to overwrite the default path alter the following. This path
+# definition will be used as the default path for other *_tls_x509_cert_dir
+# configuration settings if their default path does not exist or is not
+# specifically set.
+#
+#default_tls_x509_cert_dir = "/etc/pki/qemu"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing an x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem
+#
+# The default_tls_x509_cert_dir directory must also contain
+#
+# client-cert.pem - the client certificate signed with the ca-cert.pem
+# client-key.pem - the client private key
+#
+# If this option is supplied it provides the default for the "_verify" option
+# of specific TLS users such as vnc, backups, migration, etc. The specific
+# users of TLS may override this by setting the specific "_verify" option.
+#
+# When not supplied the specific TLS users provide their own defaults.
+#
+#default_tls_x509_verify = 1
+
+#
+# Libvirt assumes the server-key.pem file is unencrypted by default.
+# To use an encrypted server-key.pem file, the password to decrypt
+# the PEM file is required. This can be provided by creating a secret
+# object in libvirt and then to uncomment this setting to set the UUID
+# of the secret.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# VNC is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#vnc_listen = "0.0.0.0"
+
+# Enable this option to have VNC served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine, though most VNC clients do not support it.
+#
+# This will only be enabled for VNC configurations that have listen
+# type=address but without any address specified. This setting takes
+# preference over vnc_listen.
+#
+#vnc_auto_unix_socket = 1
+
+# Enable use of TLS encryption on the VNC server. This requires
+# a VNC client which supports the VeNCrypt protocol extension.
+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#vnc_tls = 1
+
+
+# In order to override the default TLS certificate location for
+# vnc certificates, supply a valid path to the certificate directory.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but vnc_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
+#
+#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing an x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client that does not have a
+# certificate (as described in default_tls_x509_verify) signed by the
+# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir).
+#
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either,
+# the default is "0".
+#
+#vnc_tls_x509_verify = 1
+
+
+# The default VNC password. Only 8 bytes are significant for
+# VNC passwords. This parameter is only used if the per-domain
+# XML config does not already provide a password. To allow
+# access without passwords, leave this commented out. An empty
+# string will still enable passwords, but be rejected by QEMU,
+# effectively preventing any use of VNC. Obviously change this
+# example here before you set this.
+#
+#vnc_password = ""
+
+
+# Enable use of SASL encryption on the VNC server. This requires
+# a VNC client which supports the SASL protocol extension.
+# Examples include vinagre, virt-viewer and virt-manager
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#vnc_sasl = 1
+
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#vnc_sasl_dir = "/some/directory/sasl2"
+
+
+# QEMU implements an extension for providing audio over a VNC connection,
+# though if your VNC client does not support it, your only chance for getting
+# sound output is through regular audio backends. By default, libvirt will
+# disable all QEMU sound backends if using VNC, since they can cause
+# permissions issues. Enabling this option will make libvirtd honor the
+# QEMU_AUDIO_DRV environment variable when using VNC.
+#
+#vnc_allow_host_audio = 0
+
+
+
+# SPICE is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#spice_listen = "0.0.0.0"
+
+
+# Enable use of TLS encryption on the SPICE server.
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#spice_tls = 1
+
+
+# In order to override the default TLS certificate location for
+# spice certificates, supply a valid path to the certificate directory.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but spice_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
+#
+#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+
+
+# Enable this option to have SPICE served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine.
+#
+# This will only be enabled for SPICE configurations that have listen
+# type=address but without any address specified. This setting takes
+# preference over spice_listen.
+#
+#spice_auto_unix_socket = 1
+
+
+# The default SPICE password. This parameter is only used if the
+# per-domain XML config does not already provide a password. To
+# allow access without passwords, leave this commented out. An
+# empty string will still enable passwords, but be rejected by
+# QEMU, effectively preventing any use of SPICE. Obviously change
+# this example here before you set this.
+#
+#spice_password = ""
+
+
+# Enable use of SASL encryption on the SPICE server. This requires
+# a SPICE client which supports the SASL protocol extension.
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#spice_sasl = 1
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#spice_sasl_dir = "/some/directory/sasl2"
+
+# Enable use of TLS encryption on the chardev TCP transports.
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#chardev_tls = 1
+
+
+# In order to override the default TLS certificate location for character
+# device TCP certificates, supply a valid path to the certificate directory.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but chardev_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
+#
+#chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing an x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client that does not have a
+# certificate (as described in default_tls_x509_verify) signed by the
+# CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir).
+#
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either,
+# the default is "1".
+#
+#chardev_tls_x509_verify = 1
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# Enable use of TLS encryption for all VxHS network block devices that
+# don't specifically disable.
+#
+# When the VxHS network block device server is set up appropriately,
+# x509 certificates are required for authentication between the clients
+# (qemu processes) and the remote VxHS server.
+#
+# It is necessary to setup CA and issue the client certificate before
+# enabling this.
+#
+#vxhs_tls = 1
+
+
+# In order to override the default TLS certificate location for VxHS
+# backed storage, supply a valid path to the certificate directory.
+# This is used to authenticate the VxHS block device clients to the VxHS
+# server.
+#
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but vxhs_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
+#
+# VxHS block device clients expect the client certificate and key to be
+# present in the certificate directory along with the CA master certificate.
+# If using the default environment, default_tls_x509_verify must be configured.
+# Since this is only a client the server-key.pem certificate is not needed.
+# Thus a VxHS directory must contain the following:
+#
+# ca-cert.pem - the CA master certificate
+# client-cert.pem - the client certificate signed with the ca-cert.pem
+# client-key.pem - the client private key
+#
+#vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs"
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#vxhs_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# Enable use of TLS encryption for all NBD disk devices that don't
+# specifically disable it.
+#
+# When the NBD server is set up appropriately, x509 certificates are required
+# for authentication between the client and the remote NBD server.
+#
+# It is necessary to setup CA and issue the client certificate before
+# enabling this.
+#
+#nbd_tls = 1
+
+
+# In order to override the default TLS certificate location for NBD
+# backed storage, supply a valid path to the certificate directory.
+# This is used to authenticate the NBD block device clients to the NBD
+# server.
+#
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but nbd_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
+#
+# NBD block device clients expect the client certificate and key to be
+# present in the certificate directory along with the CA certificate.
+# Since this is only a client the server-key.pem certificate is not needed.
+# Thus a NBD directory must contain the following:
+#
+# ca-cert.pem - the CA master certificate
+# client-cert.pem - the client certificate signed with the ca-cert.pem
+# client-key.pem - the client private key
+#
+#nbd_tls_x509_cert_dir = "/etc/pki/libvirt-nbd"
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#nbd_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# In order to override the default TLS certificate location for migration
+# certificates, supply a valid path to the certificate directory. If the
+# provided path does not exist, libvirtd will fail to start. If the path is
+# not provided, but TLS-encrypted migration is requested, then the
+# default_tls_x509_cert_dir path will be used. Once/if a default certificate is
+# enabled/defined, migration will then be able to use the certificate via
+# migration API flags.
+#
+#migrate_tls_x509_cert_dir = "/etc/pki/libvirt-migrate"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing an x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client that does not have a
+# certificate (as described in default_tls_x509_verify) signed by the
+# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir).
+#
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied
+# either, the default is "1".
+#
+#migrate_tls_x509_verify = 1
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# By default TLS is requested using the VIR_MIGRATE_TLS flag, thus not requested
+# automatically. Setting 'migate_tls_force' to "1" will prevent any migration
+# which is not using VIR_MIGRATE_TLS to ensure higher level of security in
+# deployments with TLS.
+#
+#migrate_tls_force = 0
+
+
+# In order to override the default TLS certificate location for backup NBD
+# server certificates, supply a valid path to the certificate directory. If the
+# provided path does not exist, libvirtd will fail to start. If the path is
+# not provided, but TLS-encrypted backup is requested, then the
+# default_tls_x509_cert_dir path will be used.
+#
+#backup_tls_x509_cert_dir = "/etc/pki/libvirt-backup"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing an x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client that does not have a
+# certificate (as described in default_tls_x509_verify) signed by the
+# CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir).
+#
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either,
+# the default is "1".
+#
+#backup_tls_x509_verify = 1
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#backup_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
+# By default, if no graphical front end is configured, libvirt will disable
+# QEMU audio output since directly talking to alsa/pulseaudio may not work
+# with various security settings. If you know what you're doing, enable
+# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
+# environment variable when using nographics.
+#
+#nographics_allow_host_audio = 1
+
+
+# Override the port for creating both VNC and SPICE sessions (min).
+# This defaults to 5900 and increases for consecutive sessions
+# or when ports are occupied, until it hits the maximum.
+#
+# Minimum must be greater than or equal to 5900 as lower number would
+# result into negative vnc display number.
+#
+# Maximum must be less than 65536, because higher numbers do not make
+# sense as a port number.
+#
+#remote_display_port_min = 5900
+#remote_display_port_max = 65535
+
+# VNC WebSocket port policies, same rules apply as with remote display
+# ports. VNC WebSockets use similar display <-> port mappings, with
+# the exception being that ports start from 5700 instead of 5900.
+#
+#remote_websocket_port_min = 5700
+#remote_websocket_port_max = 65535
+
+# The default security driver is SELinux. If SELinux is disabled
+# on the host, then the security driver will automatically disable
+# itself. If you wish to disable QEMU SELinux security driver while
+# leaving SELinux enabled for the host in general, then set this
+# to 'none' instead. It's also possible to use more than one security
+# driver at the same time, for this use a list of names separated by
+# comma and delimited by square brackets. For example:
+#
+# security_driver = [ "selinux", "apparmor" ]
+#
+# Notes: The DAC security driver is always enabled; as a result, the
+# value of security_driver cannot contain "dac". The value "none" is
+# a special value; security_driver can be set to that value in
+# isolation, but it cannot appear in a list of drivers.
+#
+#security_driver = "selinux"
+
+# If set to non-zero, then the default security labeling
+# will make guests confined. If set to zero, then guests
+# will be unconfined by default. Defaults to 1.
+#security_default_confined = 1
+
+# If set to non-zero, then attempts to create unconfined
+# guests will be blocked. Defaults to 0.
+#security_require_confined = 1
+
+# The user for QEMU processes run by the system instance. It can be
+# specified as a user name or as a user id. The qemu driver will try to
+# parse this value first as a name and then, if the name doesn't exist,
+# as a user id.
+#
+# Since a sequence of digits is a valid user name, a leading plus sign
+# can be used to ensure that a user id will not be interpreted as a user
+# name.
+#
+# Some examples of valid values are:
+#
+# user = "qemu" # A user named "qemu"
+# user = "+0" # Super user (uid=0)
+# user = "100" # A user named "100" or a user with uid=100
+#
+user = "devi"
+
+# The group for QEMU processes run by the system instance. It can be
+# specified in a similar way to user.
+group = "libvirt"
+
+# Whether libvirt should dynamically change file ownership
+# to match the configured user/group above. Defaults to 1.
+# Set to 0 to disable file ownership changes.
+#dynamic_ownership = 1
+
+# Whether libvirt should remember and restore the original
+# ownership over files it is relabeling. Defaults to 1, set
+# to 0 to disable the feature.
+#remember_owner = 1
+
+# What cgroup controllers to make use of with QEMU guests
+#
+# - 'cpu' - use for scheduler tunables
+# - 'devices' - use for device access control
+# - 'memory' - use for memory tunables
+# - 'blkio' - use for block devices I/O tunables
+# - 'cpuset' - use for CPUs and memory nodes
+# - 'cpuacct' - use for CPUs statistics.
+#
+# NB, even if configured here, they won't be used unless
+# the administrator has mounted cgroups, e.g.:
+#
+# mkdir /dev/cgroup
+# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
+#
+# They can be mounted anywhere, and different controllers
+# can be mounted in different locations. libvirt will detect
+# where they are located.
+#
+#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
+
+# This is the basic set of devices allowed / required by
+# all virtual machines.
+#
+# As well as this, any configured block backed disks,
+# all sound device, and all PTY devices are allowed.
+#
+# This will only need setting if newer QEMU suddenly
+# wants some device we don't already know about.
+#
+#cgroup_device_acl = [
+# "/dev/null", "/dev/full", "/dev/zero",
+# "/dev/random", "/dev/urandom",
+# "/dev/ptmx", "/dev/kvm"
+#]
+#
+# RDMA migration requires the following extra files to be added to the list:
+# "/dev/infiniband/rdma_cm",
+# "/dev/infiniband/issm0",
+# "/dev/infiniband/issm1",
+# "/dev/infiniband/umad0",
+# "/dev/infiniband/umad1",
+# "/dev/infiniband/uverbs0"
+
+
+# The default format for QEMU/KVM guest save images is raw; that is, the
+# memory from the domain is dumped out directly to a file. If you have
+# guests with a large amount of memory, however, this can take up quite
+# a bit of space. If you would like to compress the images while they
+# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
+# for save_image_format. Note that this means you slow down the process of
+# saving a domain in order to save disk space; the list above is in descending
+# order by performance and ascending order by compression ratio.
+#
+# save_image_format is used when you use 'virsh save' or 'virsh managedsave'
+# at scheduled saving, and it is an error if the specified save_image_format
+# is not valid, or the requested compression program can't be found.
+#
+# dump_image_format is used when you use 'virsh dump' at emergency
+# crashdump, and if the specified dump_image_format is not valid, or
+# the requested compression program can't be found, this falls
+# back to "raw" compression.
+#
+# snapshot_image_format specifies the compression algorithm of the memory save
+# image when an external snapshot of a domain is taken. This does not apply
+# on disk image format. It is an error if the specified format isn't valid,
+# or the requested compression program can't be found.
+#
+#save_image_format = "raw"
+#dump_image_format = "raw"
+#snapshot_image_format = "raw"
+
+# When a domain is configured to be auto-dumped when libvirtd receives a
+# watchdog event from qemu guest, libvirtd will save dump files in directory
+# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
+#
+#auto_dump_path = "/var/lib/libvirt/qemu/dump"
+
+# When a domain is configured to be auto-dumped, enabling this flag
+# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
+# virDomainCoreDump API. That is, the system will avoid using the
+# file system cache while writing the dump file, but may cause
+# slower operation.
+#
+#auto_dump_bypass_cache = 0
+
+# When a domain is configured to be auto-started, enabling this flag
+# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
+# with the virDomainCreateWithFlags API. That is, the system will
+# avoid using the file system cache when restoring any managed state
+# file, but may cause slower operation.
+#
+#auto_start_bypass_cache = 0
+
+# If provided by the host and a hugetlbfs mount point is configured,
+# a guest may request huge page backing. When this mount point is
+# unspecified here, determination of a host mount point in /proc/mounts
+# will be attempted. Specifying an explicit mount overrides detection
+# of the same in /proc/mounts. Setting the mount point to "" will
+# disable guest hugepage backing. If desired, multiple mount points can
+# be specified at once, separated by comma and enclosed in square
+# brackets, for example:
+#
+# hugetlbfs_mount = ["/dev/hugepages2M", "/dev/hugepages1G"]
+#
+# The size of huge page served by specific mount point is determined by
+# libvirt at the daemon startup.
+#
+# NB, within these mount points, guests will create memory backing
+# files in a location of $MOUNTPOINT/libvirt/qemu
+#
+#hugetlbfs_mount = "/dev/hugepages"
+
+
+# Path to the setuid helper for creating tap devices. This executable
+# is used to create <source type='bridge'> interfaces when libvirtd is
+# running unprivileged. libvirt invokes the helper directly, instead
+# of using "-netdev bridge", for security reasons.
+#bridge_helper = "/usr/libexec/qemu-bridge-helper"
+
+
+# If enabled, libvirt will have QEMU set its process name to
+# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
+# process will appear as "qemu:VM_NAME" in process listings and
+# other system monitoring tools. By default, QEMU does not set
+# its process title, so the complete QEMU command (emulator and
+# its arguments) appear in process listings.
+#
+#set_process_name = 1
+
+
+# If max_processes is set to a positive integer, libvirt will use
+# it to set the maximum number of processes that can be run by qemu
+# user. This can be used to override default value set by host OS.
+# The same applies to max_files which sets the limit on the maximum
+# number of opened files.
+#
+#max_processes = 0
+#max_files = 0
+
+# If max_threads_per_process is set to a positive integer, libvirt
+# will use it to set the maximum number of threads that can be
+# created by a qemu process. Some VM configurations can result in
+# qemu processes with tens of thousands of threads. systemd-based
+# systems typically limit the number of threads per process to
+# 16k. max_threads_per_process can be used to override default
+# limits in the host OS.
+#
+#max_threads_per_process = 0
+
+# If max_core is set to a non-zero integer, then QEMU will be
+# permitted to create core dumps when it crashes, provided its
+# RAM size is smaller than the limit set.
+#
+# Be warned that the core dump will include a full copy of the
+# guest RAM, if the 'dump_guest_core' setting has been enabled,
+# or if the guest XML contains
+#
+# <memory dumpcore="on">...guest ram...</memory>
+#
+# If guest RAM is to be included, ensure the max_core limit
+# is set to at least the size of the largest expected guest
+# plus another 1GB for any QEMU host side memory mappings.
+#
+# As a special case it can be set to the string "unlimited" to
+# to allow arbitrarily sized core dumps.
+#
+# By default the core dump size is set to 0 disabling all dumps
+#
+# Size is a positive integer specifying bytes or the
+# string "unlimited"
+#
+#max_core = "unlimited"
+
+# Determine if guest RAM is included in QEMU core dumps. By
+# default guest RAM will be excluded if a new enough QEMU is
+# present. Setting this to '1' will force guest RAM to always
+# be included in QEMU core dumps.
+#
+# This setting will be ignored if the guest XML has set the
+# dumpcore attribute on the <memory> element.
+#
+#dump_guest_core = 1
+
+# mac_filter enables MAC addressed based filtering on bridge ports.
+# This currently requires ebtables to be installed.
+#
+#mac_filter = 1
+
+
+# By default, PCI devices below non-ACS switch are not allowed to be assigned
+# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
+# be assigned to guests.
+#
+#relaxed_acs_check = 1
+
+
+# In order to prevent accidentally starting two domains that
+# share one writable disk, libvirt offers two approaches for
+# locking files. The first one is sanlock, the other one,
+# virtlockd, is then our own implementation. Accepted values
+# are "sanlock" and "lockd".
+#
+#lock_manager = "lockd"
+
+
+# Set limit of maximum APIs queued on one domain. All other APIs
+# over this threshold will fail on acquiring job lock. Specially,
+# setting to zero turns this feature off.
+# Note, that job lock is per domain.
+#
+#max_queued = 0
+
+###################################################################
+# Keepalive protocol:
+# This allows qemu driver to detect broken connections to remote
+# libvirtd during peer-to-peer migration. A keepalive message is
+# sent to the daemon after keepalive_interval seconds of inactivity
+# to check if the daemon is still responding; keepalive_count is a
+# maximum number of keepalive messages that are allowed to be sent
+# to the daemon without getting any response before the connection
+# is considered broken. In other words, the connection is
+# automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the daemon. If keepalive_interval is set to
+# -1, qemu driver will not send keepalive requests during
+# peer-to-peer migration; however, the remote libvirtd can still
+# send them and source libvirtd will send responses. When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+
+
+
+# Use seccomp syscall filtering sandbox in QEMU.
+# 1 == filter enabled, 0 == filter disabled
+#
+# Unless this option is disabled, QEMU will be run with
+# a seccomp filter that stops it from executing certain
+# syscalls.
+#
+#seccomp_sandbox = 1
+
+
+# Override the listen address for all incoming migrations. Defaults to
+# 0.0.0.0, or :: if both host and qemu are capable of IPv6.
+#migration_address = "0.0.0.0"
+
+
+# The default hostname or IP address which will be used by a migration
+# source for transferring migration data to this host. The migration
+# source has to be able to resolve this hostname and connect to it so
+# setting "localhost" will not work. By default, the host's configured
+# hostname is used.
+#migration_host = "host.example.com"
+
+
+# Override the port range used for incoming migrations.
+#
+# Minimum must be greater than 0, however when QEMU is not running as root,
+# setting the minimum to be lower than 1024 will not work.
+#
+# Maximum must not be greater than 65535.
+#
+#migration_port_min = 49152
+#migration_port_max = 49215
+
+
+
+# Timestamp QEMU's log messages (if QEMU supports it)
+#
+# Defaults to 1.
+#
+#log_timestamp = 0
+
+
+# Location of master nvram file
+#
+# This configuration option is obsolete. Libvirt will follow the
+# QEMU firmware metadata specification to automatically locate
+# firmware images. See docs/interop/firmware.json in the QEMU
+# source tree. These metadata files are distributed alongside any
+# firmware images intended for use with QEMU.
+#
+# NOTE: if ANY firmware metadata files are detected, this setting
+# will be COMPLETELY IGNORED.
+#
+# ------------------------------------------
+#
+# When a domain is configured to use UEFI instead of standard
+# BIOS it may use a separate storage for UEFI variables. If
+# that's the case libvirt creates the variable store per domain
+# using this master file as image. Each UEFI firmware can,
+# however, have different variables store. Therefore the nvram is
+# a list of strings when a single item is in form of:
+# ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}.
+# Later, when libvirt creates per domain variable store, this list is
+# searched for the master image. The UEFI firmware can be called
+# differently for different guest architectures. For instance, it's OVMF
+# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
+# follows this scheme.
+#nvram = [
+# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
+# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
+# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd",
+# "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
+#]
+
+# The backend to use for handling stdout/stderr output from
+# QEMU processes.
+#
+# 'file': QEMU writes directly to a plain file. This is the
+# historical default, but allows QEMU to inflict a
+# denial of service attack on the host by exhausting
+# filesystem space
+#
+# 'logd': QEMU writes to a pipe provided by virtlogd daemon.
+# This is the current default, providing protection
+# against denial of service by performing log file
+# rollover when a size limit is hit.
+#
+#stdio_handler = "logd"
+
+# QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the
+# most verbose, and 0 representing no debugging output.
+#
+# The current logging levels defined in the gluster GFAPI are:
+#
+# 0 - None
+# 1 - Emergency
+# 2 - Alert
+# 3 - Critical
+# 4 - Error
+# 5 - Warning
+# 6 - Notice
+# 7 - Info
+# 8 - Debug
+# 9 - Trace
+#
+# Defaults to 4
+#
+#gluster_debug_level = 9
+
+# virtiofsd debug
+#
+# Whether to enable the debugging output of the virtiofsd daemon.
+# Possible values are 0 or 1. Disabled by default.
+#
+#virtiofsd_debug = 1
+
+# To enhance security, QEMU driver is capable of creating private namespaces
+# for each domain started. Well, so far only "mount" namespace is supported. If
+# enabled it means qemu process is unable to see all the devices on the system,
+# only those configured for the domain in question. Libvirt then manages
+# devices entries throughout the domain lifetime. This namespace is turned on
+# by default.
+#namespaces = [ "mount" ]
+
+# This directory is used for memoryBacking source if configured as file.
+# NOTE: big files will be stored here
+#memory_backing_dir = "/var/lib/libvirt/qemu/ram"
+
+# Path to the SCSI persistent reservations helper. This helper is
+# used whenever <reservations/> are enabled for SCSI LUN devices.
+#pr_helper = "/usr/bin/qemu-pr-helper"
+
+# Path to the SLIRP networking helper.
+#slirp_helper = "/usr/bin/slirp-helper"
+
+# Path to the dbus-daemon
+#dbus_daemon = "/usr/bin/dbus-daemon"
+
+# User for the swtpm TPM Emulator
+#
+# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
+# and uses; alternative is 'root'
+#
+#swtpm_user = "tss"
+#swtpm_group = "tss"
+
+# For debugging and testing purposes it's sometimes useful to be able to disable
+# libvirt behaviour based on the capabilities of the qemu process. This option
+# allows to do so. DO _NOT_ use in production and beaware that the behaviour
+# may change across versions.
+#
+#capability_filters = [ "capname" ]
+
+# 'deprecation_behavior' setting controls how the qemu process behaves towards
+# deprecated commands and arguments used by libvirt.
+#
+# This setting is meant for developers and CI efforts to make it obvious when
+# libvirt relies on fields which are deprecated so that it can be fixes as soon
+# as possible.
+#
+# Possible options are:
+# "none" - (default) qemu is supposed to accept and output deprecated fields
+# and commands
+# "omit" - qemu is instructed to omit deprecated fields on output, behaviour
+# towards fields and commands from qemu is not changed
+# "reject" - qemu is instructed to report an error if a deprecated command or
+# field is used by libvirtd
+# "crash" - qemu crashes when an deprecated command or field is used by libvirtd
+#
+# For both "reject" and "crash" qemu is instructed to omit any deprecated fields
+# on output.
+#
+# The "reject" option is less harsh towards the VMs but some code paths ignore
+# errors reported by qemu and thus it may not be obvious that a deprecated
+# command/field was used, thus it's suggested to use the "crash" option instead.
+#
+# In cases when qemu doesn't support configuring the behaviour this setting is
+# silently ignored to allow testing older qemu versions without having to
+# reconfigure libvirtd.
+#
+# DO NOT use in production.
+#
+#deprecation_behavior = "none"
+
+# If this is set then QEMU and its threads will run in a separate scheduling
+# group meaning no other process will share Hyper Threads of a single core with
+# QEMU. Each QEMU has its own group.
+#
+# Possible options are:
+# "none" - (default) neither QEMU or any of its helper processes are placed
+# into separate scheduling group
+# "vcpus" - only QEMU vCPU threads are placed into a separate scheduling group,
+# emulator threads and helper processes remain outside of the group
+# "emulator" - only QEMU and its threads (emulator + vCPUs) are placed into
+# separate scheduling group, helper processes remain outside of
+# the group
+# "full" - both QEMU and its helper processes are placed into separate
+# scheduling group
+#sched_core = "none"
diff --git a/init.vim b/init.vim
index 5b59c78..e69e252 100644
--- a/init.vim
+++ b/init.vim
@@ -275,7 +275,7 @@ nmap _P :r ~/.vi_tmp<CR>
"mucomplete
set completeopt+=menuone
-let g:mucomplete#enable_auto_at_startup = 1
+let g:mucomplete#enable_auto_at_startup = 0
let g:mucomplete#completion_delay = 1
" firenvim write changes automatically, throttle writes
diff --git a/irssi/Dockerfile b/irssi/Dockerfile
index cce2f59..ed8d271 100644
--- a/irssi/Dockerfile
+++ b/irssi/Dockerfile
@@ -21,7 +21,7 @@ RUN set -eux; \
ENV LANG C.UTF-8
-ENV IRSSI_VERSION 1.2.3
+ENV IRSSI_VERSION 1.4.3
RUN set -eux; \
\
@@ -37,6 +37,9 @@ RUN set -eux; \
libtool \
lynx \
make \
+ meson \
+ ninja \
+ xz \
ncurses-dev \
openssl \
openssl-dev \
@@ -61,19 +64,17 @@ RUN set -eux; \
rm /tmp/irssi.tar.xz; \
\
cd /usr/src/irssi; \
- gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
- ./configure \
- --build="$gnuArch" \
- --enable-true-color \
- --with-bot \
- --with-proxy \
- --with-socks \
- --with-otr=static \
+ meson \
+ -Denable-true-color=yes \
+ -Dwith-bot=yes \
+ -Dwith-perl=yes \
+ -Dwith-proxy=yes \
+ -Dwith-otr=yes \
+ Build \
; \
- make -j "$(nproc)"; \
- make install; \
- \
- cd /; \
+ ninja -C Build -j "$(nproc)"; \
+ ninja -C Build install;
+RUN cd /; \
rm -rf /usr/src/irssi; \
\
runDeps="$( \
@@ -82,7 +83,7 @@ RUN set -eux; \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
- apk add --no-network --virtual .irssi-rundeps $runDeps; \
+ apk add --virtual .irssi-rundeps $runDeps; \
echo https://dl-cdn.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories && apk update; \
apk add --no-cache perl-glib perl-datetime perl-dbi perl-dbd-pg perl-lwp-protocol-https proxychains-ng perl-glib-object-introspection libnotify; \
# apk add dbus; \
diff --git a/irssi/tor/Dockerfile b/irssi/tor/Dockerfile
new file mode 100644
index 0000000..40927ef
--- /dev/null
+++ b/irssi/tor/Dockerfile
@@ -0,0 +1,90 @@
+FROM alpine:3.16
+
+ENV http_proxy=socks5://192.168.1.214:9995
+ENV https_proxy=socks5://192.168.1.214:9995
+ENV HTTP_PROXY=socks5://192.168.1.214:9995
+ENV HTTPS_PROXY=socks5://192.168.1.214:9995
+
+RUN apk add --no-cache \
+ ca-certificates \
+ perl-libwww
+
+ENV HOME /home/user
+RUN set -eux; \
+ adduser -u 1001 -D -h "$HOME" user; \
+ mkdir "$HOME/.irssi"; \
+ chown -R user:user "$HOME"
+
+ENV LANG C.UTF-8
+
+ENV IRSSI_VERSION 1.4.3
+
+RUN set -eux; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ coreutils \
+ gcc \
+ glib-dev \
+ gnupg \
+ libc-dev \
+ libtool \
+ lynx \
+ meson \
+ ncurses-dev \
+ ninja \
+ openssl \
+ openssl-dev \
+ perl-dev \
+ pkgconf \
+ tar \
+ xz \
+ ;
+ ENV http_proxy=
+ ENV https_proxy=
+ ENV HTTP_PROXY=
+ ENV HTTPS_PROXY=
+ RUN wget "https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz" -O /tmp/irssi.tar.xz; \
+ wget "https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz.asc" -O /tmp/irssi.tar.xz.asc; \
+ export GNUPGHOME="$(mktemp -d)"; \
+# gpg: key DDBEF0E1: public key "The Irssi project <staff@irssi.org>" imported
+ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 7EE65E3082A5FB06AC7C368D00CCB587DDBEF0E1; \
+ gpg --batch --verify /tmp/irssi.tar.xz.asc /tmp/irssi.tar.xz; \
+ gpgconf --kill all; \
+ rm -rf "$GNUPGHOME" /tmp/irssi.tar.xz.asc; \
+ \
+ mkdir -p /usr/src/irssi; \
+ tar -xf /tmp/irssi.tar.xz -C /usr/src/irssi --strip-components 1; \
+ rm /tmp/irssi.tar.xz; \
+ \
+ cd /usr/src/irssi; \
+ meson \
+ -Denable-true-color=yes \
+ -Dwith-bot=yes \
+ -Dwith-perl=yes \
+ -Dwith-proxy=yes \
+ Build \
+ ; \
+ ninja -C Build -j "$(nproc)"; \
+ ninja -C Build install; \
+ \
+ cd /; \
+ rm -rf /usr/src/irssi; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+ | tr ',' '\n' \
+ | sort -u \
+ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+ )"; \
+ apk add --no-network --virtual .irssi-rundeps $runDeps; \
+ echo https://dl-cdn.alpinelinux.org/alpine/v3.16/main >> /etc/apk/repositories && apk update && apk add --no-cache proxychains-ng ; \
+ apk del --no-network .build-deps; \
+ \
+# basic smoke test
+ irssi --version
+
+COPY ./proxychains.conf /etc/proxychains/
+WORKDIR $HOME
+
+USER user
+CMD ["proxychains4", "-q", "irssi"]
diff --git a/irssi/tor/proxychains.conf b/irssi/tor/proxychains.conf
new file mode 100644
index 0000000..18ce7fa
--- /dev/null
+++ b/irssi/tor/proxychains.conf
@@ -0,0 +1,68 @@
+# proxychains.conf VER 3.1
+#
+# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
+#
+
+# The option below identifies how the ProxyList is treated.
+# only one option should be uncommented at time,
+# otherwise the last appearing option will be accepted
+#
+dynamic_chain
+#
+# Dynamic - Each connection will be done via chained proxies
+# all proxies chained in the order as they appear in the list
+# at least one proxy must be online to play in chain
+# (dead proxies are skipped)
+# otherwise EINTR is returned to the app
+#
+#strict_chain
+#
+# Strict - Each connection will be done via chained proxies
+# all proxies chained in the order as they appear in the list
+# all proxies must be online to play in chain
+# otherwise EINTR is returned to the app
+#
+#random_chain
+#
+# Random - Each connection will be done via random proxy
+# (or proxy chain, see chain_len) from the list.
+# this option is good to test your IDS :)
+
+# Make sense only if random_chain
+#chain_len = 2
+
+# Quiet mode (no output from library)
+#quiet_mode
+
+# Proxy DNS requests - no leak for DNS data
+proxy_dns
+
+# Some timeouts in milliseconds
+tcp_read_time_out 15000
+tcp_connect_time_out 8000
+localnet 10.0.0.0/255.0.0.0
+localnet 172.16.0.0/255.240.0.0
+localnet 192.168.0.0/255.255.0.0
+localnet 127.0.0.0/255.0.0.0
+
+# ProxyList format
+# type host port [user pass]
+# (values separated by 'tab' or 'blank')
+#
+#
+# Examples:
+#
+# socks5 192.168.67.78 1080 lamer secret
+# http 192.168.89.3 8080 justu hidden
+# socks4 192.168.1.49 1080
+# http 192.168.39.93 8080
+#
+#
+# proxy types: http, socks4, socks5
+# ( auth types supported: "basic"-http "user/pass"-socks )
+#
+[ProxyList]
+# add proxy here ...
+# meanwile
+# defaults set to "tor"
+socks5 192.168.1.214 9054
diff --git a/keymap.kbd b/keymap.kbd
index 72e0d58..a27f7a0 100644
--- a/keymap.kbd
+++ b/keymap.kbd
@@ -17,7 +17,7 @@
)
-------------------------------------------------------------------------- |#
(defcfg
- input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-if01-event-kbd")
+ input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-event-kbd")
output (uinput-sink "KMonad output")
cmp-seq lalt
diff --git a/terminaldweller.com/cgit/bootstrap/Dockerfile b/terminaldweller.com/cgit/bootstrap/Dockerfile
index fe212dd..2467f36 100644
--- a/terminaldweller.com/cgit/bootstrap/Dockerfile
+++ b/terminaldweller.com/cgit/bootstrap/Dockerfile
@@ -4,4 +4,5 @@ RUN apk update && apk add --no-cache git cronie busybox-initscripts
COPY ./bootstrap.sh /bootstrap.sh
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
COPY ./crontab /etc/crontabs/root
-ENTRYPOINT ["/bootstrap.sh"]
+RUN chmod 0744 /bootstrap.sh
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/terminaldweller.com/cgit/bootstrap/bootstrap.sh b/terminaldweller.com/cgit/bootstrap/bootstrap.sh
index d504064..3481546 100755
--- a/terminaldweller.com/cgit/bootstrap/bootstrap.sh
+++ b/terminaldweller.com/cgit/bootstrap/bootstrap.sh
@@ -32,17 +32,20 @@ REPOS="cgrep \
grpc \
faultreiber \
luatablegen \
+ magni \
cfe-extra"
bootstrap() {
for REPO in ${REPOS}; do
- (cd "${GIT_REPO_DIR}" && git clone --bare "${ORIGIN_HTTPS}/${REPO}")
+ if [ ! -d ${GIT_REPO_DIR}/${REPO}.git ]; then
+ (cd "${GIT_REPO_DIR}" && git clone --bare "${ORIGIN_HTTPS}/${REPO}")
+ fi
done
}
update_repos() {
for REPO in ${REPOS}; do
- (cd "${GIT_REPO_DIR}/${REPO}".git && git fetch || true)
+ (cd "${GIT_REPO_DIR}/${REPO}".git && git fetch origin *:*)
done
}
diff --git a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh
index 833d95b..d6d7009 100755
--- a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh
+++ b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh
@@ -3,5 +3,6 @@ set -e
set -x
. /bootstrap.sh
-on_startup /etc/gitrepos/
+bootstrap
+update_repos
crond -n -s -P
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index 1ca57b2..3ba143a 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -33,5 +33,5 @@ volumes:
mnesia_db:
vault:
# openssl dhparam -out dhparams.pem 4096
-# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive
+# certbot certonly --standlone -d chat.terminaldweller.com -m devi@terminaldweller.com --agree-tos --noninteractive
# docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index c6c9ce7..26265ae 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -46,6 +46,7 @@ frontend http
acl git-host hdr_sub(host) -i git.terminaldweller.com
acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com
acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com
+ acl main-host hdr_sub(host) -i terminaldweller.com
acl mila-api-acl url_beg /mila
acl crypto-api-acl url_beg /crypto
acl http ssl_fc,not
@@ -65,6 +66,7 @@ frontend http
http-request redirect scheme https code 301 if http browsh-host !letsencrypt-acl
#http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl
http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http main-host !letsencrypt-acl
#Conditions
use_backend blog-backend-cert if letsencrypt-acl blog-host
@@ -79,6 +81,7 @@ frontend http
use_backend searx-backend-cert if letsencrypt-acl git-host
use_backend searx-backend-cert if letsencrypt-acl cargo-host
use_backend vpn6-cert-backend if letsencrypt-acl browsh-host
+ use_backend searx-backend-cert if letsencrypt-acl main-host
# use_backend editor-backend-cert if letsencrypt-acl editor-host
use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host
use_backend blog-backend if blog-host
@@ -113,6 +116,7 @@ frontend https
acl discord-host-s req.ssl_sni -i discord.terminaldweller.com
acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com
acl browsh-host-s req.ssl_sni -i browsh.terminaldweller.com
+ acl main-host-s req.ssl_sni -i terminaldweller.com
#Conditions
use_backend mail-backend-s if mail-host-s
#use_backend chat-backend-s if chat-host-s
@@ -128,6 +132,7 @@ frontend https
use_backend git-backend-s if git-host-s
use_backend rssgen-backend-s if rssgen-host-s
use_backend browsh-backend-s if browsh-host-s
+ use_backend main-backend-s if main-host-s
#frontend jabber5222
# bind *:5222
@@ -393,3 +398,8 @@ backend browsh-backend-s
backend vpn6-cert-backend
mode http
server vpn6-cert-host 185.130.45.46:80
+
+backend main-backend-s
+ mode tcp
+ option tcp-check
+ server main-host-s 185.130.47.208:7773
diff --git a/terminaldweller.com/main/docker-compose.yaml b/terminaldweller.com/main/docker-compose.yaml
new file mode 100644
index 0000000..2f927c0
--- /dev/null
+++ b/terminaldweller.com/main/docker-compose.yaml
@@ -0,0 +1,21 @@
+version: "3"
+services:
+ nginx:
+ image: nginx:stable
+ networks:
+ - mainnet
+ ports:
+ - "7773:8080"
+ restart: unless-stopped
+ volumes:
+ - ./nginx.conf:/etc/nginx/nginx.conf:ro
+ - /etc/letsencrypt/archive/terminaldweller.com/:/certs/
+ - ./srv:/srv
+ cap_drop:
+ - ALL
+ cap_add:
+ - CHOWN
+ - SETGID
+ - SETUID
+networks:
+ mainnet:
diff --git a/terminaldweller.com/main/nginx.conf b/terminaldweller.com/main/nginx.conf
new file mode 100644
index 0000000..4007cca
--- /dev/null
+++ b/terminaldweller.com/main/nginx.conf
@@ -0,0 +1,30 @@
+events {
+ worker_connections 1024;
+}
+# curl https://fosstodon.org/.well-known/webfinger?resource=acct:terminaldweller@fosstodon.org
+http {
+ server {
+ listen 8080 ssl http2;
+ keepalive_timeout 70;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_prefer_server_ciphers on;
+ ssl_certificate /certs/fullchain1.pem;
+ ssl_certificate_key /certs/privkey1.pem;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ add_header Content-Security-Policy "default-src 'self';";
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+ add_header Referrer-Policy "no-referrer";
+ sendfile on;
+ tcp_nopush on;
+
+ location /.well-known/webfinger {
+ add_header Access-Control-Allow-Origin "*";
+ add_header Content-Type "application/json";
+ alias /srv/.well-known/webfinger/finger.json;
+ }
+ # https://metacode.biz/openpgp/web-key-directory?
+ }
+}
diff --git a/terminaldweller.com/main/srv/.well-known/webfinger/finger.json b/terminaldweller.com/main/srv/.well-known/webfinger/finger.json
new file mode 100644
index 0000000..c7cdb78
--- /dev/null
+++ b/terminaldweller.com/main/srv/.well-known/webfinger/finger.json
@@ -0,0 +1 @@
+{"subject":"acct:terminaldweller@fosstodon.org","aliases":["https://fosstodon.org/@terminaldweller","https://fosstodon.org/users/terminaldweller"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://fosstodon.org/@terminaldweller"},{"rel":"self","type":"application/activity+json","href":"https://fosstodon.org/users/terminaldweller"},{"rel":"http://ostatus.org/schema/1.0/subscribe","template":"https://fosstodon.org/authorize_interaction?uri={uri}"}]} \ No newline at end of file