aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2021-09-10 07:30:16 +0000
committerterminaldweller <thabogre@gmail.com>2021-09-10 07:30:16 +0000
commit118106cf745167db7e17654e0402721939631be7 (patch)
tree72927b53141eabee87a0160420f720b49a744076
parentupdate (diff)
downloadscripts-118106cf745167db7e17654e0402721939631be7.tar.gz
scripts-118106cf745167db7e17654e0402721939631be7.zip
update
-rw-r--r--.vimrc7
-rw-r--r--.zshrc6
-rw-r--r--baseline/.vimrc6
-rw-r--r--devi.zsh-theme4
-rw-r--r--irssi/startup2
-rwxr-xr-xlesscolor.sh26
-rw-r--r--terminaldweller.com/ejabberd/ejabberd.yml250
-rw-r--r--terminaldweller.com/haproxy/certbot/Dockerfile2
-rwxr-xr-xterminaldweller.com/haproxy/certbot/certbot-entrypoint.sh30
-rw-r--r--terminaldweller.com/haproxy/docker-compose.yaml35
-rw-r--r--terminaldweller.com/haproxy/haproxy.cfg103
-rw-r--r--terminaldweller.com/prosody/config/prosody.cfg.lua16
12 files changed, 420 insertions, 67 deletions
diff --git a/.vimrc b/.vimrc
index 2d381e6..6aa5ec4 100644
--- a/.vimrc
+++ b/.vimrc
@@ -5,6 +5,7 @@ set nocompatible
set completeopt-=preview
set showmatch
set list
+set title
set listchars=eol:$,tab:>-
set hidden
set tabstop=2
@@ -474,6 +475,12 @@ nnoremap <leader>u :GutentagsUpdate<CR>
nnoremap <localleader>v :VimtexView<CR>
nnoremap <leader>nn :bn<CR>
nnoremap <leader>pp :bp<CR>
+cnoremap <C-a> <Home>
+cnoremap <C-e> <End>
+nnoremap k gk
+nnoremap gk k
+nnoremap j gj
+nnoremap gj j
nmap [q :col<CR>
nmap ]q :cnew<CR>
diff --git a/.zshrc b/.zshrc
index f9c82ca..06ebe57 100644
--- a/.zshrc
+++ b/.zshrc
@@ -17,7 +17,7 @@ source $ZSH/oh-my-zsh.sh
autoload -U compinit && compinit -u
alias ls="ls --color=auto"
-alias la="ls -a"
+alias la="ls -A"
# alias ll="exa -abghHliSmxF --color-scale --git -@"
alias ll="\ls -lZspihbFA --color=never --full-time --author | colcol | column -t"
# alias lss="exa -Sls=size"
@@ -86,7 +86,7 @@ alias mupdf="/home/devi/extra/mupdf/build/release/mupdf-x11 -D red -P black -I"
alias googler="~/extra/googler/googler --colors GKmexy -c us -l en --count 7 --exact "
alias ddgr="ddgr --colorize always -r us-en -n 15"
alias pirate-get="pirate-get -S ~/magnets/"
-alias vps="ssh 87.236.209.206 -l ubuntu"
+alias vps="ssh 87.236.209.206 -l ubuntu -p 1022"
alias vpn="ssh 192.99.102.52 -l rooot -p 1022"
alias vpn2="ssh 145.239.165.137 -l rooot"
alias pytags="ctags --fields=+l --languages=python --python-kinds=-iv -R ."
@@ -270,7 +270,7 @@ export PATH=$PATH:/home/devi/.fzf/bin
export PATH=$PATH:/home/devi/.ghcup/bin
export PATH=$PATH:/home/devi/k3s
export PATH=$PATH:/home/devi/kompose
-export PATH=$PATH:/home/devi/mongosh
+export PATH=$PATH:/home/devi/mongosh/bin
export PATH=$PATH:/home/devi/powershell
export PATH=$PATH:/home/devi/ytfzf
export PATH=$PATH:/home/devi/gotty
diff --git a/baseline/.vimrc b/baseline/.vimrc
index aa63429..29f5659 100644
--- a/baseline/.vimrc
+++ b/baseline/.vimrc
@@ -101,6 +101,12 @@ set pastetoggle=<F11>
nnoremap <leader>cd :cd %:p:h<cr>
nmap ]c :cn<CR>
nmap [c :cp<CR>
+cnoremap <C-a> <Home>
+cnoremap <C-e> <End>
+nnoremap k gk
+nnoremap gk k
+nnoremap j gj
+nnoremap gj j
function! GetBufferList()
redir =>buflist
diff --git a/devi.zsh-theme b/devi.zsh-theme
index 989dd77..4c4aa33 100644
--- a/devi.zsh-theme
+++ b/devi.zsh-theme
@@ -100,7 +100,6 @@ is_in_git_repo() {
}
steeef_preexec() {
- #case "$(history $HISTCMD)" in
case "$2" in
*git*)
PR_GIT_UPDATE=1
@@ -113,8 +112,6 @@ steeef_preexec() {
add-zsh-hook preexec steeef_preexec
steeef_chpwd() {
- # is_in_git_repo || return
- #this is here so we dont get errors when we are in a bare git dir
local result=$(git rev-parse --is-bare-repository 2> /dev/null)
if [[ $? == 0 ]]; then
if [[ $result == true ]]; then
@@ -130,7 +127,6 @@ add-zsh-hook chpwd steeef_chpwd
steeef_precmd() {
if [[ -n "$PR_GIT_UPDATE" ]] ; then
- # check for untracked files or updated submodules, since vcs_info doesn't
if [[ ! -z $(git ls-files --other --exclude-standard 2> /dev/null) ]]; then
PR_GIT_UPDATE=1
FMT_BRANCH="${PM_RST} on %{$turquoise%}%s-➜%r-➜%b%u%c%a%{$hotpink%} ●${PR_RST}"
diff --git a/irssi/startup b/irssi/startup
index af4706d..dc00ef6 100644
--- a/irssi/startup
+++ b/irssi/startup
@@ -9,3 +9,5 @@
/* /connect irc.oftc.net */
/* /connect irc.libera.chat */
+load otr
+load xmpp
diff --git a/lesscolor.sh b/lesscolor.sh
index cffa3e0..069126e 100755
--- a/lesscolor.sh
+++ b/lesscolor.sh
@@ -1,4 +1,17 @@
-#!/bin/sh
+#!/usr/bin/env bash
+
+get_interp() {
+ shebang=$(head -1 $1)
+ IFS='/' read -ra arr_slash <<< "$shebang"
+ IFS=' ' read -ra arr_space <<< "${arr_slash[-1]}"
+
+ if [[ ${arr_space[0]} == "env" ]];then
+ echo ${arr_space[1]}
+ else
+ echo ${arr_space[0]}
+ fi
+}
+
case "$1" in
*.as|*.mxml|*.bc|*.g|*.gd|*.gi|*.gap|*.nb|*.cdf|*.nbp|*.ma|*.mu|*.at|*.run|\
*.apl|*.adl|*.adls|*.adlf|*.adlx|*.cadl|*.odin|*.c-objdump|*.s|\
@@ -50,16 +63,9 @@ case "$1" in
*.lean|*.rts|*.u|*.vcl|*.bpl|*.sil|*.vpr|*.cirru|*.duel|*.jbst|*.qml|\
*.qbs|*.slim|*.xqy|*.xquery|*.xq|*.xql|*.xqm|*.whiley|*.x10)
pygmentize -f 256 -O style=$PYGMENTIZE_STYLE "$1"|nl -b a;;
- .zshrc|.bash_aliases|.bash_environment)
- pygmentize -f 256 -l sh "$1"|nl -b a
- ;;
*)
- grep "#\!/bin/zsh" "$1" > /dev/null
- if [ "$?" -eq "0" ]; then
- pygmentize -f 256 -O style=$PYGMENTIZE_STYLE -l sh "$1"|nl -b a
- else
- exit 1
- fi
+ interp=$(get_interp $1)
+ pygmentize -f 256 -O style=$PYGMENTIZE_STYLE -l $interp "$1"|nl -b a
esac
exit 0
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
new file mode 100644
index 0000000..6257515
--- /dev/null
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -0,0 +1,250 @@
+hosts:
+ - chat.terminaldweller.com
+
+loglevel: 4
+log_rotate_size: 10485760
+log_rotate_date: ''
+log_rotate_count: 1
+log_rate_limit: 100
+
+listen:
+ - port: 5222
+ ip: '::'
+ module: ejabberd_c2s
+ max_stanza_size: 262144
+ shaper: c2s_shaper
+ access: c2s
+ starttls_required: true
+ - port: 5269
+ ip: '::'
+ module: ejabberd_s2s_in
+ max_stanza_size: 524288
+ - port: 5443
+ ip: '::'
+ module: ejabberd_http
+ request_handlers:
+ '/admin': ejabberd_web_admin
+ '/api': mod_http_api
+ '/bosh': mod_bosh
+ '/captcha': ejabberd_captcha
+ '/upload': mod_http_upload
+ '/ws': ejabberd_http_ws
+ '/oauth': ejabberd_oauth
+ - port: 5080
+ ip: '::'
+ module: ejabberd_http
+ request_handlers:
+ '/admin': ejabberd_web_admin
+ - port: 1883
+ ip: '::'
+ module: mod_mqtt
+ backlog: 1000
+ - port: 3478
+ transport: udp
+ module: ejabberd_stun
+ use_turn: true
+ turn_min_port: 49152
+ turn_max_port: 65535
+ turn_ip: 0.0.0.0
+ - port: 5349
+ transport: tcp
+ module: ejabberd_stun
+ use_turn: true
+ tls: true
+ turn_min_port: 49152
+ turn_max_port: 65535
+ ip: 0.0.0.0
+ turn_ip: 0.0.0.0
+ - port: 5280
+ module: ejabberd_http
+ tls: false
+ request_handlers:
+ /.well-known/acme-challenge: ejabberd_acme
+
+s2s_use_starttls: optional
+
+acl:
+ local:
+ user_regexp: ''
+ loopback:
+ ip:
+ - 127.0.0.0/8
+ - ::1/128
+ - ::FFFF:127.0.0.1/128
+ admin:
+ user:
+ - 'admin@localhost'
+
+access_rules:
+ local:
+ allow: local
+ c2s:
+ deny: blocked
+ allow: all
+ announce:
+ allow: admin
+ configure:
+ allow: admin
+ muc_create:
+ allow: local
+ pubsub_createnode:
+ allow: local
+ trusted_network:
+ allow: loopback
+
+api_permissions:
+ 'console commands':
+ from:
+ - ejabberd_ctl
+ who: all
+ what: '*'
+ 'admin access':
+ who:
+ access:
+ allow:
+ acl: admin
+ oauth:
+ scope: 'ejabberd:admin'
+ access:
+ allow:
+ acl: admin
+ what:
+ - '*'
+ - '!stop'
+ - '!start'
+ 'public commands':
+ who:
+ ip: 127.0.0.1/8
+ what:
+ - '*'
+ - connected_users_number
+ 'web admin':
+ who:
+ - access:
+ - allow:
+ - acl: loopback
+ - acl: admin
+ - oauth:
+ - scope: 'sasl_auth'
+ - access:
+ - allow:
+ - acl: loopback
+ - acl: admin
+ what:
+ - '*'
+ - '!stop'
+ - '!start'
+
+shaper:
+ normal: 1000
+ fast: 50000
+
+shaper_rules:
+ max_user_sessions: 10000
+ max_user_offline_messages:
+ 5000: admin
+ 100: all
+ c2s_shaper:
+ none: admin
+ normal: all
+ s2s_shaper: fast
+
+max_fsm_queue: 10000
+
+acme:
+ contact: 'mailto:devi@terminaldweller.com'
+ ca_url: 'https://acme-v01.api.letsencrypt.org'
+
+oauth_expire: 31536000
+oauth_access: all
+
+modules:
+ mod_stun_disco:
+ credentials_lifetime: 12h
+ services:
+ - host: 0.0.0.0
+ port: 3478
+ type: stun
+ transport: udp
+ restricted: false
+ - host: 0.0.0.0
+ port: 3478
+ type: turn
+ transport: udp
+ restricted: true
+ - host: rtcdev.site
+ port: 5349
+ type: stun
+ transport: tcp
+ restricted: false
+ - host: rtcdev.site
+ port: 5349
+ type: turn
+ transport: tcp
+ restricted: true
+ mod_adhoc: {}
+ mod_admin_extra: {}
+ mod_announce:
+ access: announce
+ mod_avatar: {}
+ mod_blocking: {}
+ mod_bosh: {}
+ mod_caps: {}
+ mod_carboncopy: {}
+ mod_client_state: {}
+ mod_configure: {}
+ mod_disco: {}
+ mod_fail2ban: {}
+ mod_http_api: {}
+ mod_http_upload:
+ put_url: https://@HOST@:5443/upload
+ mod_last: {}
+ mod_mam:
+ db_type: sql
+ assume_mam_usage: true
+ default: never
+ mod_mqtt: {}
+ mod_muc:
+ access:
+ - allow
+ access_admin:
+ - allow: admin
+ access_create: muc_create
+ access_persistent: muc_create
+ access_mam:
+ - allow
+ default_room_options:
+ allow_subscription: true
+ mam: false
+ mod_muc_admin: {}
+ mod_offline:
+ access_max_user_messages: max_user_offline_messages
+ mod_ping: {}
+ mod_privacy: {}
+ mod_private: {}
+ mod_proxy65:
+ access: local
+ max_connections: 5
+ mod_pubsub:
+ access_createnode: pubsub_createnode
+ plugins:
+ - flat
+ - pep
+ force_node_config:
+ storage:bookmarks:
+ access_model: whitelist
+ mod_push: {}
+ mod_push_keepalive: {}
+ mod_register:
+ ip_access: trusted_network
+ mod_roster:
+ versioning: true
+ mod_sip: {}
+ mod_s2s_dialback: {}
+ mod_shared_roster: {}
+ mod_stream_mgmt:
+ resend_on_timeout: if_offline
+ mod_vcard: {}
+ mod_vcard_xupdate: {}
+ mod_version:
+ show_os: false
diff --git a/terminaldweller.com/haproxy/certbot/Dockerfile b/terminaldweller.com/haproxy/certbot/Dockerfile
new file mode 100644
index 0000000..b6fb68a
--- /dev/null
+++ b/terminaldweller.com/haproxy/certbot/Dockerfile
@@ -0,0 +1,2 @@
+FROM certbot/certbot
+COPY ./certbot-entrypoint.sh /certbot-entrypoint.sh
diff --git a/terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh b/terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh
new file mode 100755
index 0000000..2be858f
--- /dev/null
+++ b/terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -ex
+
+cat_cert() {
+ dir="/etc/letsencrypt/live/$1"
+ cat "$dir/privkey.pem" "$dir/fullchain.pem" > "/certs/$1.pem"
+}
+
+while :;do
+ echo starting...
+ if [ -e /certs/$DOMAIN.pem ]; then
+ certbot \
+ certonly \
+ --test-cert \
+ --webroot -w /webroot \
+ -d $DOMAIN \
+ --email $EMAIL \
+ --non-interactive \
+ --agree-tos
+
+ cat_cert $DOMAIN
+ else
+ certbot renew -w /webroot
+
+ for dir in /etc/letsencrypt/live/*/; do
+ cat_cert $(basename "$dir")
+ done
+ fi
+ sleep 12h
+done
diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml
index 95752c8..571fa7c 100644
--- a/terminaldweller.com/haproxy/docker-compose.yaml
+++ b/terminaldweller.com/haproxy/docker-compose.yaml
@@ -1,12 +1,43 @@
-version: "3.4"
+version: "3.4"
services:
haproxy:
image: haproxy
ports:
- "80:80"
+ - "443:443"
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
+ - ./certs:/usr/local/etc/certs:ro
networks:
- haproxynet
+ restart: unless-stopped
+ certbot:
+ image: certbot
+ build:
+ context: ./certbot
+ ports:
+ - "127.0.0.1:9080:80"
+ - "127.0.0.1:9443:443"
+ networks:
+ - haproxynet
+ # restart: unless-stopped
+ volumes:
+ - ./letsencrypt:/etc/letsencrypt
+ - ./webroot:/webroot
+ - ./certs:/certs
+ # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"]
+ entrypoint: ["/certbot-entrypoint.sh"]
+ environment:
+ - DOMAIN=chat.terminaldweller.com
+ - EMAIL=thabogre@gmail.com
+ nginx:
+ image: nginx
+ ports:
+ - "127.0.0.1:8080:80"
+ networks:
+ - haproxynet
+ restart: unless-stopped
+ volumes:
+ - ./webroot:/usr/share/nginx/html
networks:
- - haproxynet
+ haproxynet:
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index 19e7bac..f1c288e 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -1,60 +1,77 @@
global
-log 127.0.0.1 local0
+ log 127.0.0.1 local0
+ ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
-timeout connect 5000ms
-timeout client 50000ms
-timeout server 50000ms
-mode tcp
-option tcplog
-option dontlognull
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ mode tcp
+ option tcplog
+ option dontlognull
+
+resolvers docker_resolver
+ nameserver dns 127.0.0.11:53
#Frontends
frontend front
-bind *:80
-bind: *.443
-mode tcp
-timeout client 60s
-
-#ACLs
-acl blog-host hdr_sub(host) -i blog.terminaldweller.com
-acl mail-host hdr_sub(host) -i mail.terminaldweller.com
-acl api-host hdr_sub(host) -i api.terminaldweller.com
-acl chat-host hdr_sub(host) -i chat.terminaldweller.com
-acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
-
-#Consitions
-use_backend blog-backend if blog-host
-use_backend mail-backend if mail-host
-use_backend api-backend if api-host
-use_backend chat-backend-s if chat-host-s
-default_backend blog-backend
+ bind *:80
+ bind *:443
+ mode tcp
+ timeout client 60s
+ #ACLs
+ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+ acl blog-host hdr_sub(host) -i blog.terminaldweller.com
+ acl mail-host hdr_sub(host) -i mail.terminaldweller.com
+ acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+ acl api-host hdr_sub(host) -i api.terminaldweller.com
+ acl chat-host hdr_sub(host) -i chat.terminaldweller.com
+ acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+ #Consitions
+ use_backend certbot-backend if letsencrypt-acl
+ use_backend blog-backend if blog-host
+ use_backend mail-backend if mail-host
+ use_backend mail-backend-s if mail-host-s
+ use_backend api-backend if api-host
+ use_backend chat-backend-s if chat-host-s
+ default_backend blog-backend
#Backends
+backend certbot-backend
+ server nginx nginx:80 resolvers docker_resolver check init-addr none
+
backend blog-backend
-mode http
-option forwardfor
-server blog-host 192.99.102.52:9000 check
+ mode http
+ option forwardfor
+ server blog-host 192.99.102.52:9000 check
backend mail-backend
-mode http
-option forwardfor
-server mail-host 185.126.202.69:80 check
+ mode http
+ option forwardfor
+ server mail-host 185.126.202.69:80 check
+
+backend mail-backend-s
+ timeout server 60s
+ timeout client 60s
+ mode tcp
+ option forwardfor
+ option ssl-hello-chk
+ server mail-host-s 185.126.202.69:443 check
backend api-backend
-mode http
-option forwardfor
-server api-host 192.99.102.52:8008 check
+ mode http
+ option forwardfor
+ server api-host 192.99.102.52:8008 check
backend chat-backend
-mode http
-option forwardfor
-server chat-host 87.236.209.206:5280 check
+ mode http
+ option forwardfor
+ server chat-host 87.236.209.206:5280 check
backend chat-backend-s
-timeout server 60s
-timeout client 60s
-mode tcp
-option forwardfor
-option ssl-hello-chk
-server chat-host 87.236.209.206:5281 check
+ timeout server 60s
+ timeout client 60s
+ mode tcp
+ option forwardfor
+ option ssl-hello-chk
+ server chat-host-s 87.236.209.206:5280 check
diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua
index 38fd2f0..d2c5e7d 100644
--- a/terminaldweller.com/prosody/config/prosody.cfg.lua
+++ b/terminaldweller.com/prosody/config/prosody.cfg.lua
@@ -21,7 +21,7 @@ daemonize = false;
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
-admins = { }
+admins = {"devi@chat.terminaldweller.com"}
-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
@@ -58,7 +58,7 @@ modules_enabled = {
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
- "register"; -- Allow users to register on this server using a client and change passwords
+ --"register"; -- Allow users to register on this server using a client and change passwords
--"mam"; -- Store messages in an archive and allow users to access it
--"csi_simple"; -- Simple Mobile optimizations
@@ -67,7 +67,7 @@ modules_enabled = {
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
- --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+ "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"websocket"; -- XMPP over WebSockets
--"http_files"; -- Serve static files from a directory over HTTP
@@ -191,7 +191,12 @@ certificates = "certs"
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
-VirtualHost "terminaldweller.com"
+VirtualHost "chat.terminaldweller.com"
+ enabled = true
+ ssl = {
+ key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem";
+ certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem";
+ }
--VirtualHost "example.com"
-- certificate = "/path/to/example.crt"
@@ -202,7 +207,8 @@ VirtualHost "terminaldweller.com"
-- For more information on components, see https://prosody.im/doc/components
---Set up a MUC (multi-user chat) room server on conference.example.com:
---Component "conference.example.com" "muc"
+Component "conference.chat.terminaldweller.com" "muc"
+ restrict_room_creationi = "admin"
--- Store MUC messages in an archive and allow users to access it
--modules_enabled = { "muc_mam" }