diff options
| author | terminaldweller <thabogre@gmail.com> | 2022-12-18 11:18:14 +0000 |
|---|---|---|
| committer | terminaldweller <thabogre@gmail.com> | 2022-12-18 11:18:14 +0000 |
| commit | 48bc5c779635cd369672405483082115d4f5112b (patch) | |
| tree | 0db3be47d825ea04081027f2887290c3fd88ff92 | |
| parent | update (diff) | |
| download | scripts-48bc5c779635cd369672405483082115d4f5112b.tar.gz scripts-48bc5c779635cd369672405483082115d4f5112b.zip | |
update
| -rw-r--r-- | .mutt/.muttrc | 3 | ||||
| -rw-r--r-- | .mutt/account.gmail | 8 | ||||
| -rw-r--r-- | .mutt/account.self | 2 | ||||
| -rw-r--r-- | .newsboat/config | 7 | ||||
| -rw-r--r-- | .newsboat/urls | 175 | ||||
| -rw-r--r-- | .vimrc | 4 | ||||
| -rw-r--r-- | .zshrc | 32 | ||||
| -rw-r--r-- | db/mongo/build_db.js | 2 | ||||
| -rw-r--r-- | etc/libvirt/qemu.conf | 970 | ||||
| -rw-r--r-- | init.vim | 2 | ||||
| -rw-r--r-- | irssi/Dockerfile | 29 | ||||
| -rw-r--r-- | irssi/tor/Dockerfile | 90 | ||||
| -rw-r--r-- | irssi/tor/proxychains.conf | 68 | ||||
| -rw-r--r-- | keymap.kbd | 2 | ||||
| -rw-r--r-- | terminaldweller.com/cgit/bootstrap/Dockerfile | 3 | ||||
| -rwxr-xr-x | terminaldweller.com/cgit/bootstrap/bootstrap.sh | 7 | ||||
| -rwxr-xr-x | terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh | 3 | ||||
| -rw-r--r-- | terminaldweller.com/ejabberd/docker-compose.yaml | 2 | ||||
| -rw-r--r-- | terminaldweller.com/haproxy/haproxy.cfg | 10 | ||||
| -rw-r--r-- | terminaldweller.com/main/docker-compose.yaml | 21 | ||||
| -rw-r--r-- | terminaldweller.com/main/nginx.conf | 30 | ||||
| -rw-r--r-- | terminaldweller.com/main/srv/.well-known/webfinger/finger.json | 1 |
22 files changed, 1339 insertions, 132 deletions
diff --git a/.mutt/.muttrc b/.mutt/.muttrc index 60ad3cb..0783b14 100644 --- a/.mutt/.muttrc +++ b/.mutt/.muttrc @@ -3,7 +3,8 @@ set mailcap_path= $HOME/.mutt/mailcap set allow_ansi set smart_wrap set imap_keepalive = 900 -set timeout=60 +set timeout = 300 +set mail_check = 60 set move = no # need cyrus-sasl-module to work set ssl_starttls=yes diff --git a/.mutt/account.gmail b/.mutt/account.gmail index ca53300..dc92edc 100644 --- a/.mutt/account.gmail +++ b/.mutt/account.gmail @@ -7,10 +7,10 @@ source "gpg -d ~/scripts/mail.gmail.pass.gpg |" set smtp_url = 'smtp://thabogre@smtp.gmail.com:587' set realname = 'farzad sadeghi' set folder = 'imaps://imap.gmail.com:993' -set spoolfile = '+Inbox' -set postponed = '+Drafts' -set record = '+Sent' -set trash = '' +set spoolfile = '+INBOX' +set postponed = '+[Gmail]/Drafts' +set record = '+[Gmail]/Sent Mail' +set trash = '+[Gmail]/Trash' set header_cache = ~/.mutt/gmail/cache/headers set message_cachedir = ~/.mutt/gmail/cache/bodies set certificate_file = ~/.mutt/gmail/certificates diff --git a/.mutt/account.self b/.mutt/account.self index 71d3b72..7588110 100644 --- a/.mutt/account.self +++ b/.mutt/account.self @@ -15,4 +15,4 @@ set header_cache = ~/.mutt/self/cache/headers set message_cachedir = ~/.mutt/self/cache/bodies set certificate_file = ~/.mutt/self/certificates # mailboxes "+INBOX" "+Drafts" "+Sent" "+Trash" -mailboxes "+INBOX" +mailboxes "+INBOX" "+INBOX/Github" "+INBOX/Linkedin" diff --git a/.newsboat/config b/.newsboat/config index 6fdd931..2e77bf0 100644 --- a/.newsboat/config +++ b/.newsboat/config @@ -41,3 +41,10 @@ highlight article "\\[image [0-9][0-9]*\\]" color72 default bold highlight article "\\[embedded flash: [0-9][0-9]*\\]" color72 default bold highlight article ":.*\\(embedded flash\\)$" color74 default highlight article ":.*\\(image\\)$" color74 default + +# highlight articlelist "https?://[^ ]+" yellow red bold +# highlight articlelist "[0-9]+" yellow red bold + +articlelist-format "%4i %f %D %L %?T?;%-17T; ?%t %a" +# articlelist-title-format "%N %V %S %n - Articles in feed %T (%u unread, %t total) - %U \n %l - %L" +feedlist-format "%4i %4S %11T %n %11u %t" diff --git a/.newsboat/urls b/.newsboat/urls index be4e0ce..5a1c68c 100644 --- a/.newsboat/urls +++ b/.newsboat/urls @@ -3,101 +3,100 @@ http://feeds.feedburner.com/abseilio https://www.cyberciti.biz/atom/atom.xml https://www.semicolonandsons.com/feed https://blog.terminaldweller.com/rss/feed -https://suckless.org/atom.xml +https://suckless.org/atom.xml "~Suckless"Suckless https://microservices.io/feed.xml -https://news.ycombinator.com/rss +https://news.ycombinator.com/rss "~HN"HN # (Twitter) -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=_margery28_&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Marg"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PancakeSwap&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Pancakeswap"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=OrchidProtocol&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~OrchidProtocol"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=ethereum&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Ethereum"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=torproject&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~TorProject"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=HiveBlockchain&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Hive"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PrivexInc&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Privex"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=binance&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~binance"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"_("Twitter") -https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=nobitexmarket&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~nobitex"_("Twitter") +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=_margery28_&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Marg"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PancakeSwap&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Pancakeswap"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=OrchidProtocol&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~OrchidProtocol"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=ethereum&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Ethereum"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=torproject&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~TorProject"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=HiveBlockchain&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Hive"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=PrivexInc&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~Privex"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=binance&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~binance"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"Twitter +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=nobitexmarket&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~nobitex"Twitter # (Youtube) # Horror -https://www.youtube.com/feeds/videos.xml?channel_id=UC4QEH0BC7ZQMYIEmr1yAHfQ "~RomNex"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCVLZiwP7Hz7GDDaETFmUs7Q "~Magnetar"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCHIKRYVrVYwKb2QpoLG5W3w "~Lighthouse_Horror"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC8AaO8zkIoxbUp1_p0rl13g "~Oculus_Impera"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCnK36WwcJDTEhyS7w3SQntg "~Creepy_Ghost_Stories"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCcZ_-5180OBED8NBkZgkRmQ "~Dr._Creepen"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCcmEL8JoDBE25gvCFkrqhcw "~TheVolgun"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC_e39rWdkQqo5-LbiLiU10g "~The_Dark_Somnium"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC79H1bXWDNodOD8_VtZd_DA "~Chilling_Tales_for_Dark_Nights"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UClVIqFHcD0Dvh6BB-bYq1rg "~TheDarkCosmos"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=MrCreepyPasta "~Mr_Creepypasta"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=NaturesTemper "~NaturesTemper"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=ManggMangg "~The_Exploring_Series"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=Luetin09 "~Luetin09"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=CreepsMcPasta "~CreepsMcPasta"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=WeArEraW11 "~ScaryJUJU"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCuoMasRkMhlj1VNVAOJdw5w "~Local58TV"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC9YXCCz-A28lxhMA-ArfBaA "~Gemini_Home_Entertainment"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCxMZO9A4Jixjr9lbgeBiQ6w "~Vormithrax"_("youtube") +https://www.youtube.com/feeds/videos.xml?channel_id=UC4QEH0BC7ZQMYIEmr1yAHfQ "~RomNex"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCVLZiwP7Hz7GDDaETFmUs7Q "~Magnetar"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCHIKRYVrVYwKb2QpoLG5W3w "~Lighthouse_Horror"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC8AaO8zkIoxbUp1_p0rl13g "~Oculus_Impera"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCnK36WwcJDTEhyS7w3SQntg "~Creepy_Ghost_Stories"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCcZ_-5180OBED8NBkZgkRmQ "~Dr._Creepen"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCcmEL8JoDBE25gvCFkrqhcw "~TheVolgun"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC_e39rWdkQqo5-LbiLiU10g "~The_Dark_Somnium"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC79H1bXWDNodOD8_VtZd_DA "~Chilling_Tales_for_Dark_Nights"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UClVIqFHcD0Dvh6BB-bYq1rg "~TheDarkCosmos"youtube +https://www.youtube.com/feeds/videos.xml?user=MrCreepyPasta "~Mr_Creepypasta"youtube +https://www.youtube.com/feeds/videos.xml?user=NaturesTemper "~NaturesTemper"youtube +https://www.youtube.com/feeds/videos.xml?user=ManggMangg "~The_Exploring_Series"youtube +https://www.youtube.com/feeds/videos.xml?user=Luetin09 "~Luetin09"youtube +https://www.youtube.com/feeds/videos.xml?user=CreepsMcPasta "~CreepsMcPasta"youtube +https://www.youtube.com/feeds/videos.xml?user=WeArEraW11 "~ScaryJUJU"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCuoMasRkMhlj1VNVAOJdw5w "~Local58TV"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC9YXCCz-A28lxhMA-ArfBaA "~Gemini_Home_Entertainment"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCxMZO9A4Jixjr9lbgeBiQ6w "~Vormithrax"youtube # Tech -https://www.youtube.com/feeds/videos.xml?channel_id=UCqK_GSMbpiV8spgD3ZGloSw "~Coin Bureau"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC-91UA-Xy2Cvb98deRXuggA "~Joshua Fluke"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC17mJJnvzAa_e9qQqLIfIeQ "~Semicolon&Sons"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC2eYFnH61tmytImy1mTYvhA "~Luke_Smith"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC4w1YQAJMWOz4qtxinq55LQ "~Level1Techs"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC7YOGHUfC1Tb6E4pudI9STA "~Mental_Outlaw"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC5e__RG9K3cHrPotPABnrwg "~BoostCon"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC8ENHE5xdFSwx71u3fDH5Xw "~ThePrimeagen"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC9-y-6csu5WGm29I7JiwpnA "~Computerphile"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCD0y51PJfvkZNe3y3FR5riw "~Chyrosran22"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCorzANoC3fX9VVefJHM5wtA "~Nick_Janetakis"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCoxcjq-8xIDTYp3uz647V5A "~Numberphile"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCyUBW72KU30dfAYWLVNZO8Q "~Stefan_Mischook"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCyp1gCHZJU_fGWFf2rtMkCg "~Numberphile2"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCvEdeev3sZoxi5hMksZI4KA "~gotbletu"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCJ6q9Ie29ajGqKApbLqfBOg "~Black_Hat"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCMlGfpWw-RUdWX_JbLCukXg "~CppCon"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCOWcZ6Wicl-1N34H0zZe38w "~Level1Linux"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCQ-W1KE9EYfdxhL6S4twUNw "~The_Cherno"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCfhSB16X9MXhzSFe_H7XbHg "~Bryan_Jenks"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCQN2DsjnYH60SFBIA6IkNwg "~STÖEK"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCS97tchJDq17Qms3cux8wcA "~Chrisatmachine"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCVls1GmFKf6WlTraIb_IaJg "~DistroTube"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCgTNupxATBfWmfehv21ym-g "~Null_Byte"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "~Brodie_Robertson"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "~Linus_Tech_Tips"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCa6eh7gCkpPo5XXUDfygQQA "~Ippsec"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCdngmbVKX1Tgre699-XLlUA "~Tech_World_With_Nana"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCfp-lNJy4QkIGnaEE6NtDSg "~Terminalforlife"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCylGUf9BvQooEFjgdNudoQg "~The_Linux_Cast"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCVhQ2NnY5Rskt6UjCUkJ_DA "~Arjan_code"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCFQMnBA3CS502aghlcr0_aw "~Coffezilla"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCaw_Lz7oifDb-PZCAcZ07kw "~The_Linux_Experiment"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCsBjURrPoezykLs9EqgamOA "~Fireship"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCW6xlqxSY3gGur4PkGPEUeA "~Seytonic"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCqajGNTzlQLk5uRsD8R5m3Q "~Wolf_Lord_Rho"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCUdkjbeIFea0qUSgwR1CUOg "~Studying_With_Alex"_("youtube") +https://www.youtube.com/feeds/videos.xml?channel_id=UCqK_GSMbpiV8spgD3ZGloSw "~Coin Bureau"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC-91UA-Xy2Cvb98deRXuggA "~Joshua Fluke"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC17mJJnvzAa_e9qQqLIfIeQ "~Semicolon&Sons"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC2eYFnH61tmytImy1mTYvhA "~Luke_Smith"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC4w1YQAJMWOz4qtxinq55LQ "~Level1Techs"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC7YOGHUfC1Tb6E4pudI9STA "~Mental_Outlaw"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC5e__RG9K3cHrPotPABnrwg "~BoostCon"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC8ENHE5xdFSwx71u3fDH5Xw "~ThePrimeagen"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC9-y-6csu5WGm29I7JiwpnA "~Computerphile"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCD0y51PJfvkZNe3y3FR5riw "~Chyrosran22"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCorzANoC3fX9VVefJHM5wtA "~Nick_Janetakis"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCoxcjq-8xIDTYp3uz647V5A "~Numberphile"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCyUBW72KU30dfAYWLVNZO8Q "~Stefan_Mischook"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCyp1gCHZJU_fGWFf2rtMkCg "~Numberphile2"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCvEdeev3sZoxi5hMksZI4KA "~gotbletu"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCJ6q9Ie29ajGqKApbLqfBOg "~Black_Hat"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCMlGfpWw-RUdWX_JbLCukXg "~CppCon"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCOWcZ6Wicl-1N34H0zZe38w "~Level1Linux"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCQ-W1KE9EYfdxhL6S4twUNw "~The_Cherno"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCfhSB16X9MXhzSFe_H7XbHg "~Bryan_Jenks"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCQN2DsjnYH60SFBIA6IkNwg "~STÖEK"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCS97tchJDq17Qms3cux8wcA "~Chrisatmachine"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCVls1GmFKf6WlTraIb_IaJg "~DistroTube"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCgTNupxATBfWmfehv21ym-g "~Null_Byte"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "~Brodie_Robertson"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "~Linus_Tech_Tips"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCa6eh7gCkpPo5XXUDfygQQA "~Ippsec"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCdngmbVKX1Tgre699-XLlUA "~Tech_World_With_Nana"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCfp-lNJy4QkIGnaEE6NtDSg "~Terminalforlife"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCylGUf9BvQooEFjgdNudoQg "~The_Linux_Cast"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCVhQ2NnY5Rskt6UjCUkJ_DA "~Arjan_code"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCFQMnBA3CS502aghlcr0_aw "~Coffezilla"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCaw_Lz7oifDb-PZCAcZ07kw "~The_Linux_Experiment"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCsBjURrPoezykLs9EqgamOA "~Fireship"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCW6xlqxSY3gGur4PkGPEUeA "~Seytonic"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCqajGNTzlQLk5uRsD8R5m3Q "~Wolf_Lord_Rho"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCUdkjbeIFea0qUSgwR1CUOg "~Studying_With_Alex"youtube -https://www.youtube.com/feeds/videos.xml?user=g297125009 "~Gavin_Freeborn"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=Hak5Darren "~Hak_5"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=GISIGeometry "~Hussein_Nasser"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=geerlingguy "~Jeff_Geerling"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=JtheLinuxguy "~Learn_Linux_TV"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=NetworkChuck "~NetworkChuck"_("youtube") +https://www.youtube.com/feeds/videos.xml?user=g297125009 "~Gavin_Freeborn"youtube +https://www.youtube.com/feeds/videos.xml?user=Hak5Darren "~Hak_5"youtube +https://www.youtube.com/feeds/videos.xml?user=GISIGeometry "~Hussein_Nasser"youtube +https://www.youtube.com/feeds/videos.xml?user=geerlingguy "~Jeff_Geerling"youtube +https://www.youtube.com/feeds/videos.xml?user=JtheLinuxguy "~Learn_Linux_TV"youtube +https://www.youtube.com/feeds/videos.xml?user=NetworkChuck "~NetworkChuck"youtube # Misc -https://www.youtube.com/feeds/videos.xml?channel_id=UC0Whg8Zz7TT1VSpWeCjghKg "~-sokoninaru-そこに鳴る"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC3M7l8ved_rYQ45AVzS0RGA "~The_Jimmy_Dore_Show"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC6gD8kk_Z_5bX2PcRk2fwDg "~Pagefire"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCQPmOWNza6PMesQaWWBEhJA "~Anabolic_Aliens"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCS5tt2z_DFvG7-39J3aE-bQ "~Life_of_Boris"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCVHOgH4XEyYx-ZEaya1XqCQ "~Cryo_Chamber"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCWUxLYGeeIKxxioUqL54Q8g "~GP-_Penitentiary_Life_Wes_Watson"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UC_NSOckDnuypJK_FpCO6ogA "~SGtMarkIV"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCchBatdUMZoMfJ3rIzgV84g "~Viva_La_Dirt League"_("youtube") -https://www.youtube.com/feeds/videos.xml?channel_id=UCoJTOwZxbvq8Al8Qat2zgTA "~Kim_Iversen"_("youtube") -https://www.youtube.com/feeds/videos.xml?user=lexfridman "~Lex_Fridman"_("youtube") - +https://www.youtube.com/feeds/videos.xml?channel_id=UC0Whg8Zz7TT1VSpWeCjghKg "~-sokoninaru-そこに鳴る"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC3M7l8ved_rYQ45AVzS0RGA "~The_Jimmy_Dore_Show"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC6gD8kk_Z_5bX2PcRk2fwDg "~Pagefire"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCQPmOWNza6PMesQaWWBEhJA "~Anabolic_Aliens"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCS5tt2z_DFvG7-39J3aE-bQ "~Life_of_Boris"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCVHOgH4XEyYx-ZEaya1XqCQ "~Cryo_Chamber"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCWUxLYGeeIKxxioUqL54Q8g "~GP-_Penitentiary_Life_Wes_Watson"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UC_NSOckDnuypJK_FpCO6ogA "~SGtMarkIV"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCchBatdUMZoMfJ3rIzgV84g "~Viva_La_Dirt League"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCoJTOwZxbvq8Al8Qat2zgTA "~Kim_Iversen"youtube +https://www.youtube.com/feeds/videos.xml?user=lexfridman "~Lex_Fridman"youtube @@ -32,7 +32,7 @@ set laststatus=2 set smartcase set more set lazyredraw -set synmaxcol=333 +set synmaxcol=500 syntax sync minlines=64 set ttyfast set relativenumber @@ -1140,7 +1140,7 @@ autocmd FileType javasript let b:vcm_tab_complete = 'omni' "sets the dictionary for autocompletion with <C-n> and <C-p> for the "filetypes set dictionary+=/usr/share/dict/words -autocmd FileType markdown,text,vimwiki,tex setlocal complete+=k +autocmd FileType pandoc,markdown,text,vimwiki,tex setlocal complete+=k "fzf map <leader>f <Esc><Esc>:Files!<CR> @@ -136,9 +136,9 @@ alias fixpgclirc="cp ~/scripts/.config/pgcli/config ~/.config/pgcli/config" alias jupyterlab="jupyter lab --no-browser --port 9989" alias iredisrc="vim ~/scripts/.iredisrc" alias fixiredisrc="cp ~/scripts/.iredisrc ~/.iredisrc" -# alias irssi="irssi -n terminaldweller" -# alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" --network=host -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro bloodstalker/irssi:latest" -alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi" +# alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi" +alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi" +alias tor_irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none tor_irssi" alias openbb="TERM=screen-256color \ docker \ run \ @@ -200,7 +200,7 @@ alias socks5vpn6="autossh -M 0 -N -D 9993 -o ServerAliveInterval=180 -o ServerAl alias socks5vpn7="autossh -M 0 -N -D 9992 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 130.185.47.81" alias socks5vpn8="autossh -M 0 -N -D 0.0.0.0:9989 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" alias tormapped6="autossh -M 0 -N -L 9053:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" -alias tormapped8="autossh -M 0 -N -L 9054:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" +alias tormapped8="autossh -M 0 -N -L 0.0.0.0:9054:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" alias k9sskin="vim ~/scripts/.k9s/skin.yml" alias k9sconfig="vim ~/scripts/.k9s/config.yml" alias fixk9sskin="cp ~/scripts/.k9s/skin.yml ~/.config/k9s/skin.yml" @@ -220,8 +220,8 @@ alias zh_linux="zssh dev@192.168.90.17" alias zh_router_root="zssh root@192.168.90.71" alias zh_router_admin="zssh admin@192.168.90.71" alias youtube_dl="proxychains4 -f /home/devi/proxies/ice/proxychains.conf youtube-dl" -alias campv="proxychains4 -f /home/devi/proxies/ca/proxychains.conf mpv --no-video" -alias tormpv="torsocks mpv --no-video" +# alias campv="proxychains4 -f /home/devi/proxies/ca/proxychains.conf mpv --no-video" +alias tormpv="torsocks --port 9054 mpv --no-video" alias youtube144="proxychains4 -f /home/devi/proxies/ice/proxychains.conf mpv --ytdl-format=160+249" alias youtube360="proxychains4 -f /home/devi/proxies/ice/proxychains.conf mpv --ytdl-format=243+160" alias youtube480="proxychains4 -f /home/devi/proxies/ice/proxychains.conf mpv --ytdl-format=244+140" @@ -243,7 +243,7 @@ alias qutebrowserrc="vim ~/scripts/qtbrowser/config.py" alias fixqutebrowserrc="cp ~/scripts/qtbrowser/config.py ~/.config/qutebrowser/config.py" alias pulsemixer="pulsemixer --color 1" # alias vagrant="https_proxy=http://[::1]:8118 vagrant --color --timestamp" -alias vagrant="https_proxy=socks5://[::1]:9993 vagrant --color --timestamp" +alias vagrant="vagrant --color --timestamp" alias vm_disposable="cp ~/scripts/vagrant/disposable/Vagrantfile ." alias vm_disposable_alpine="cp ~/scripts/vagrant/disposable-alpine/Vagrantfile ." alias checktor="curl --socks5 localhost:9054 --socks5-hostname localhost:9050 -s https://check.torproject.org/api/ip" @@ -302,15 +302,18 @@ alias scapy="scapy -H" alias dg="grc /usr/bin/dig" alias lsof="grc lsof" alias xxd="xxd -g 2 -E -u -c 32" -alias torcurl='curl --connect-timeout 10 --user-agent "$(get_random_ua.sh)" --socks5-hostname localhost:9053' +alias torcurl='curl -s --connect-timeout 10 --user-agent "$(get_random_ua.sh)" --socks5-hostname localhost:9053' alias gpg2="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg2" alias gpg="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg" -alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,a,b,u,e,D,m,S,s,P' +# alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,a,b,u,e,D,m,S,s,P' +alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,volatile.eth0.hwaddr:MAC,a,b,u,e,D,m,S,s,P -f compact type=container status=running' alias iptables="grc iptables" alias ping="grc ping" alias list_iptables="sudo iptables -nvL --line-numbers" alias sensors_pp="sensors -A -j 2> /dev/null | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER" alias vdiff="vimdiff" +alias virt-top="/nix/store/gn20hprla1p86fkvml4c6im3839vmlzn-virt-top-1.1.1/bin/virt-top" +alias fox_in_a_box='ssh -X -i /home/devi/devi/vagrantboxes.git/main/dispffox/.vagrant/machines/default/libvirt/private_key vagrant@virt-dispffox.vagrant-libvirt "XAUTHORITY=/home/vagrant/.Xauthority firefox"' # change the 4th terminal color to #0000ff # echo -e '\e]P40000ff' @@ -494,6 +497,8 @@ export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.8 export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.8/node/14.18.2_64bit/bin export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.8/upstream/emscripten export PATH=$PATH:/home/devi/devi/git-scripts.git/master +# flatpaks +export PATGH=$PATH:/var/lib/flatpak/exports/bin ks() { grc kubectl -n kube-system "$@" @@ -672,14 +677,13 @@ dff() { } jcurl() { - curl --connect-timeout 10 "$@" | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER + torsocks --port 9054 curl -s --connect-timeout 10 "$@" | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER } xcurl() { - curl --connect-timeout 10 "$@" | xml_pp | pygmentize -l xml -P style=$PYGMENTIZE_STYLE | $PAGER + torsocks --port 9054 curl -s --connect-timeout 10 "$@" | xml_pp | pygmentize -l xml -P style=$PYGMENTIZE_STYLE | $PAGER } - hcurl() { - torsocks --port 9054 curl --connect-timeout 10 -i -D /dev/stderr --user-agent "$(get_random_ua.sh)" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE | $PAGER + torsocks --port 9054 curl -s --connect-timeout 10 -i -D /dev/stderr --user-agent "$(get_random_ua.sh)" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE | $PAGER } # these i stole from junegunn to try out @@ -778,7 +782,7 @@ export LESS_TERMCAP_me=$'\e[0m' # end mode export LESS_TERMCAP_se=$'\e[0m' # end standout-mode # export LESS_TERMCAP_so=$'\e[38;5;246m' # begin standout-mode - info box # export LESS_TERMCAP_so=$'\e[1;92m' # begin standout-mode - info box -export LESS_TERMCAP_so=$'\x1b[38;5;22m' +export LESS_TERMCAP_so=$'\x1b[48;5;22m\x1b[38;5;0m' export LESS_TERMCAP_ue=$'\e[0m' # end underline export LESS_TERMCAP_us=$'\e[04;38;5;146m' # begin underline # handle the format of the zsh built-in time diff --git a/db/mongo/build_db.js b/db/mongo/build_db.js index a50162e..9273193 100644 --- a/db/mongo/build_db.js +++ b/db/mongo/build_db.js @@ -57,7 +57,7 @@ const movies_obj = { }; const stash_obj = { - something: "https://spankbang.com/74bwd/video/porn", + momotaro: "https://www.tnaflix.com/amateur-porn/fcdc-056/video6241864", }; function inser_into_db(mongo_collection, object) { diff --git a/etc/libvirt/qemu.conf b/etc/libvirt/qemu.conf new file mode 100644 index 0000000..57b2848 --- /dev/null +++ b/etc/libvirt/qemu.conf @@ -0,0 +1,970 @@ +# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# Use of TLS requires that x509 certificates be issued. The default is +# to keep them in /etc/pki/qemu. This directory must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# and optionally may contain +# +# dh-params.pem - the DH params configuration file +# +# If the directory does not exist, libvirtd will fail to start. If the +# directory doesn't contain the necessary files, QEMU domains will fail +# to start if they are configured to use TLS. +# +# In order to overwrite the default path alter the following. This path +# definition will be used as the default path for other *_tls_x509_cert_dir +# configuration settings if their default path does not exist or is not +# specifically set. +# +#default_tls_x509_cert_dir = "/etc/pki/qemu" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem +# +# The default_tls_x509_cert_dir directory must also contain +# +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +# If this option is supplied it provides the default for the "_verify" option +# of specific TLS users such as vnc, backups, migration, etc. The specific +# users of TLS may override this by setting the specific "_verify" option. +# +# When not supplied the specific TLS users provide their own defaults. +# +#default_tls_x509_verify = 1 + +# +# Libvirt assumes the server-key.pem file is unencrypted by default. +# To use an encrypted server-key.pem file, the password to decrypt +# the PEM file is required. This can be provided by creating a secret +# object in libvirt and then to uncomment this setting to set the UUID +# of the secret. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#vnc_listen = "0.0.0.0" + +# Enable this option to have VNC served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine, though most VNC clients do not support it. +# +# This will only be enabled for VNC configurations that have listen +# type=address but without any address specified. This setting takes +# preference over vnc_listen. +# +#vnc_auto_unix_socket = 1 + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#vnc_tls = 1 + + +# In order to override the default TLS certificate location for +# vnc certificates, supply a valid path to the certificate directory. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but vnc_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either, +# the default is "0". +# +#vnc_tls_x509_verify = 1 + + +# The default VNC password. Only 8 bytes are significant for +# VNC passwords. This parameter is only used if the per-domain +# XML config does not already provide a password. To allow +# access without passwords, leave this commented out. An empty +# string will still enable passwords, but be rejected by QEMU, +# effectively preventing any use of VNC. Obviously change this +# example here before you set this. +# +#vnc_password = "" + + +# Enable use of SASL encryption on the VNC server. This requires +# a VNC client which supports the SASL protocol extension. +# Examples include vinagre, virt-viewer and virt-manager +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#vnc_sasl = 1 + + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#vnc_sasl_dir = "/some/directory/sasl2" + + +# QEMU implements an extension for providing audio over a VNC connection, +# though if your VNC client does not support it, your only chance for getting +# sound output is through regular audio backends. By default, libvirt will +# disable all QEMU sound backends if using VNC, since they can cause +# permissions issues. Enabling this option will make libvirtd honor the +# QEMU_AUDIO_DRV environment variable when using VNC. +# +#vnc_allow_host_audio = 0 + + + +# SPICE is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#spice_listen = "0.0.0.0" + + +# Enable use of TLS encryption on the SPICE server. +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#spice_tls = 1 + + +# In order to override the default TLS certificate location for +# spice certificates, supply a valid path to the certificate directory. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but spice_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" + + +# Enable this option to have SPICE served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine. +# +# This will only be enabled for SPICE configurations that have listen +# type=address but without any address specified. This setting takes +# preference over spice_listen. +# +#spice_auto_unix_socket = 1 + + +# The default SPICE password. This parameter is only used if the +# per-domain XML config does not already provide a password. To +# allow access without passwords, leave this commented out. An +# empty string will still enable passwords, but be rejected by +# QEMU, effectively preventing any use of SPICE. Obviously change +# this example here before you set this. +# +#spice_password = "" + + +# Enable use of SASL encryption on the SPICE server. This requires +# a SPICE client which supports the SASL protocol extension. +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#spice_sasl = 1 + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#spice_sasl_dir = "/some/directory/sasl2" + +# Enable use of TLS encryption on the chardev TCP transports. +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#chardev_tls = 1 + + +# In order to override the default TLS certificate location for character +# device TCP certificates, supply a valid path to the certificate directory. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but chardev_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +#chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either, +# the default is "1". +# +#chardev_tls_x509_verify = 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# Enable use of TLS encryption for all VxHS network block devices that +# don't specifically disable. +# +# When the VxHS network block device server is set up appropriately, +# x509 certificates are required for authentication between the clients +# (qemu processes) and the remote VxHS server. +# +# It is necessary to setup CA and issue the client certificate before +# enabling this. +# +#vxhs_tls = 1 + + +# In order to override the default TLS certificate location for VxHS +# backed storage, supply a valid path to the certificate directory. +# This is used to authenticate the VxHS block device clients to the VxHS +# server. +# +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but vxhs_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +# VxHS block device clients expect the client certificate and key to be +# present in the certificate directory along with the CA master certificate. +# If using the default environment, default_tls_x509_verify must be configured. +# Since this is only a client the server-key.pem certificate is not needed. +# Thus a VxHS directory must contain the following: +# +# ca-cert.pem - the CA master certificate +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +#vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs" + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#vxhs_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# Enable use of TLS encryption for all NBD disk devices that don't +# specifically disable it. +# +# When the NBD server is set up appropriately, x509 certificates are required +# for authentication between the client and the remote NBD server. +# +# It is necessary to setup CA and issue the client certificate before +# enabling this. +# +#nbd_tls = 1 + + +# In order to override the default TLS certificate location for NBD +# backed storage, supply a valid path to the certificate directory. +# This is used to authenticate the NBD block device clients to the NBD +# server. +# +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but nbd_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +# NBD block device clients expect the client certificate and key to be +# present in the certificate directory along with the CA certificate. +# Since this is only a client the server-key.pem certificate is not needed. +# Thus a NBD directory must contain the following: +# +# ca-cert.pem - the CA master certificate +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +#nbd_tls_x509_cert_dir = "/etc/pki/libvirt-nbd" + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#nbd_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# In order to override the default TLS certificate location for migration +# certificates, supply a valid path to the certificate directory. If the +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but TLS-encrypted migration is requested, then the +# default_tls_x509_cert_dir path will be used. Once/if a default certificate is +# enabled/defined, migration will then be able to use the certificate via +# migration API flags. +# +#migrate_tls_x509_cert_dir = "/etc/pki/libvirt-migrate" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied +# either, the default is "1". +# +#migrate_tls_x509_verify = 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# By default TLS is requested using the VIR_MIGRATE_TLS flag, thus not requested +# automatically. Setting 'migate_tls_force' to "1" will prevent any migration +# which is not using VIR_MIGRATE_TLS to ensure higher level of security in +# deployments with TLS. +# +#migrate_tls_force = 0 + + +# In order to override the default TLS certificate location for backup NBD +# server certificates, supply a valid path to the certificate directory. If the +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but TLS-encrypted backup is requested, then the +# default_tls_x509_cert_dir path will be used. +# +#backup_tls_x509_cert_dir = "/etc/pki/libvirt-backup" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either, +# the default is "1". +# +#backup_tls_x509_verify = 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#backup_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# By default, if no graphical front end is configured, libvirt will disable +# QEMU audio output since directly talking to alsa/pulseaudio may not work +# with various security settings. If you know what you're doing, enable +# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV +# environment variable when using nographics. +# +#nographics_allow_host_audio = 1 + + +# Override the port for creating both VNC and SPICE sessions (min). +# This defaults to 5900 and increases for consecutive sessions +# or when ports are occupied, until it hits the maximum. +# +# Minimum must be greater than or equal to 5900 as lower number would +# result into negative vnc display number. +# +# Maximum must be less than 65536, because higher numbers do not make +# sense as a port number. +# +#remote_display_port_min = 5900 +#remote_display_port_max = 65535 + +# VNC WebSocket port policies, same rules apply as with remote display +# ports. VNC WebSockets use similar display <-> port mappings, with +# the exception being that ports start from 5700 instead of 5900. +# +#remote_websocket_port_min = 5700 +#remote_websocket_port_max = 65535 + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead. It's also possible to use more than one security +# driver at the same time, for this use a list of names separated by +# comma and delimited by square brackets. For example: +# +# security_driver = [ "selinux", "apparmor" ] +# +# Notes: The DAC security driver is always enabled; as a result, the +# value of security_driver cannot contain "dac". The value "none" is +# a special value; security_driver can be set to that value in +# isolation, but it cannot appear in a list of drivers. +# +#security_driver = "selinux" + +# If set to non-zero, then the default security labeling +# will make guests confined. If set to zero, then guests +# will be unconfined by default. Defaults to 1. +#security_default_confined = 1 + +# If set to non-zero, then attempts to create unconfined +# guests will be blocked. Defaults to 0. +#security_require_confined = 1 + +# The user for QEMU processes run by the system instance. It can be +# specified as a user name or as a user id. The qemu driver will try to +# parse this value first as a name and then, if the name doesn't exist, +# as a user id. +# +# Since a sequence of digits is a valid user name, a leading plus sign +# can be used to ensure that a user id will not be interpreted as a user +# name. +# +# Some examples of valid values are: +# +# user = "qemu" # A user named "qemu" +# user = "+0" # Super user (uid=0) +# user = "100" # A user named "100" or a user with uid=100 +# +user = "devi" + +# The group for QEMU processes run by the system instance. It can be +# specified in a similar way to user. +group = "libvirt" + +# Whether libvirt should dynamically change file ownership +# to match the configured user/group above. Defaults to 1. +# Set to 0 to disable file ownership changes. +#dynamic_ownership = 1 + +# Whether libvirt should remember and restore the original +# ownership over files it is relabeling. Defaults to 1, set +# to 0 to disable the feature. +#remember_owner = 1 + +# What cgroup controllers to make use of with QEMU guests +# +# - 'cpu' - use for scheduler tunables +# - 'devices' - use for device access control +# - 'memory' - use for memory tunables +# - 'blkio' - use for block devices I/O tunables +# - 'cpuset' - use for CPUs and memory nodes +# - 'cpuacct' - use for CPUs statistics. +# +# NB, even if configured here, they won't be used unless +# the administrator has mounted cgroups, e.g.: +# +# mkdir /dev/cgroup +# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup +# +# They can be mounted anywhere, and different controllers +# can be mounted in different locations. libvirt will detect +# where they are located. +# +#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] + +# This is the basic set of devices allowed / required by +# all virtual machines. +# +# As well as this, any configured block backed disks, +# all sound device, and all PTY devices are allowed. +# +# This will only need setting if newer QEMU suddenly +# wants some device we don't already know about. +# +#cgroup_device_acl = [ +# "/dev/null", "/dev/full", "/dev/zero", +# "/dev/random", "/dev/urandom", +# "/dev/ptmx", "/dev/kvm" +#] +# +# RDMA migration requires the following extra files to be added to the list: +# "/dev/infiniband/rdma_cm", +# "/dev/infiniband/issm0", +# "/dev/infiniband/issm1", +# "/dev/infiniband/umad0", +# "/dev/infiniband/umad1", +# "/dev/infiniband/uverbs0" + + +# The default format for QEMU/KVM guest save images is raw; that is, the +# memory from the domain is dumped out directly to a file. If you have +# guests with a large amount of memory, however, this can take up quite +# a bit of space. If you would like to compress the images while they +# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" +# for save_image_format. Note that this means you slow down the process of +# saving a domain in order to save disk space; the list above is in descending +# order by performance and ascending order by compression ratio. +# +# save_image_format is used when you use 'virsh save' or 'virsh managedsave' +# at scheduled saving, and it is an error if the specified save_image_format +# is not valid, or the requested compression program can't be found. +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the requested compression program can't be found, this falls +# back to "raw" compression. +# +# snapshot_image_format specifies the compression algorithm of the memory save +# image when an external snapshot of a domain is taken. This does not apply +# on disk image format. It is an error if the specified format isn't valid, +# or the requested compression program can't be found. +# +#save_image_format = "raw" +#dump_image_format = "raw" +#snapshot_image_format = "raw" + +# When a domain is configured to be auto-dumped when libvirtd receives a +# watchdog event from qemu guest, libvirtd will save dump files in directory +# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump +# +#auto_dump_path = "/var/lib/libvirt/qemu/dump" + +# When a domain is configured to be auto-dumped, enabling this flag +# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the +# virDomainCoreDump API. That is, the system will avoid using the +# file system cache while writing the dump file, but may cause +# slower operation. +# +#auto_dump_bypass_cache = 0 + +# When a domain is configured to be auto-started, enabling this flag +# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag +# with the virDomainCreateWithFlags API. That is, the system will +# avoid using the file system cache when restoring any managed state +# file, but may cause slower operation. +# +#auto_start_bypass_cache = 0 + +# If provided by the host and a hugetlbfs mount point is configured, +# a guest may request huge page backing. When this mount point is +# unspecified here, determination of a host mount point in /proc/mounts +# will be attempted. Specifying an explicit mount overrides detection +# of the same in /proc/mounts. Setting the mount point to "" will +# disable guest hugepage backing. If desired, multiple mount points can +# be specified at once, separated by comma and enclosed in square +# brackets, for example: +# +# hugetlbfs_mount = ["/dev/hugepages2M", "/dev/hugepages1G"] +# +# The size of huge page served by specific mount point is determined by +# libvirt at the daemon startup. +# +# NB, within these mount points, guests will create memory backing +# files in a location of $MOUNTPOINT/libvirt/qemu +# +#hugetlbfs_mount = "/dev/hugepages" + + +# Path to the setuid helper for creating tap devices. This executable +# is used to create <source type='bridge'> interfaces when libvirtd is +# running unprivileged. libvirt invokes the helper directly, instead +# of using "-netdev bridge", for security reasons. +#bridge_helper = "/usr/libexec/qemu-bridge-helper" + + +# If enabled, libvirt will have QEMU set its process name to +# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU +# process will appear as "qemu:VM_NAME" in process listings and +# other system monitoring tools. By default, QEMU does not set +# its process title, so the complete QEMU command (emulator and +# its arguments) appear in process listings. +# +#set_process_name = 1 + + +# If max_processes is set to a positive integer, libvirt will use +# it to set the maximum number of processes that can be run by qemu +# user. This can be used to override default value set by host OS. +# The same applies to max_files which sets the limit on the maximum +# number of opened files. +# +#max_processes = 0 +#max_files = 0 + +# If max_threads_per_process is set to a positive integer, libvirt +# will use it to set the maximum number of threads that can be +# created by a qemu process. Some VM configurations can result in +# qemu processes with tens of thousands of threads. systemd-based +# systems typically limit the number of threads per process to +# 16k. max_threads_per_process can be used to override default +# limits in the host OS. +# +#max_threads_per_process = 0 + +# If max_core is set to a non-zero integer, then QEMU will be +# permitted to create core dumps when it crashes, provided its +# RAM size is smaller than the limit set. +# +# Be warned that the core dump will include a full copy of the +# guest RAM, if the 'dump_guest_core' setting has been enabled, +# or if the guest XML contains +# +# <memory dumpcore="on">...guest ram...</memory> +# +# If guest RAM is to be included, ensure the max_core limit +# is set to at least the size of the largest expected guest +# plus another 1GB for any QEMU host side memory mappings. +# +# As a special case it can be set to the string "unlimited" to +# to allow arbitrarily sized core dumps. +# +# By default the core dump size is set to 0 disabling all dumps +# +# Size is a positive integer specifying bytes or the +# string "unlimited" +# +#max_core = "unlimited" + +# Determine if guest RAM is included in QEMU core dumps. By +# default guest RAM will be excluded if a new enough QEMU is +# present. Setting this to '1' will force guest RAM to always +# be included in QEMU core dumps. +# +# This setting will be ignored if the guest XML has set the +# dumpcore attribute on the <memory> element. +# +#dump_guest_core = 1 + +# mac_filter enables MAC addressed based filtering on bridge ports. +# This currently requires ebtables to be installed. +# +#mac_filter = 1 + + +# By default, PCI devices below non-ACS switch are not allowed to be assigned +# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to +# be assigned to guests. +# +#relaxed_acs_check = 1 + + +# In order to prevent accidentally starting two domains that +# share one writable disk, libvirt offers two approaches for +# locking files. The first one is sanlock, the other one, +# virtlockd, is then our own implementation. Accepted values +# are "sanlock" and "lockd". +# +#lock_manager = "lockd" + + +# Set limit of maximum APIs queued on one domain. All other APIs +# over this threshold will fail on acquiring job lock. Specially, +# setting to zero turns this feature off. +# Note, that job lock is per domain. +# +#max_queued = 0 + +################################################################### +# Keepalive protocol: +# This allows qemu driver to detect broken connections to remote +# libvirtd during peer-to-peer migration. A keepalive message is +# sent to the daemon after keepalive_interval seconds of inactivity +# to check if the daemon is still responding; keepalive_count is a +# maximum number of keepalive messages that are allowed to be sent +# to the daemon without getting any response before the connection +# is considered broken. In other words, the connection is +# automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the daemon. If keepalive_interval is set to +# -1, qemu driver will not send keepalive requests during +# peer-to-peer migration; however, the remote libvirtd can still +# send them and source libvirtd will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 + + + +# Use seccomp syscall filtering sandbox in QEMU. +# 1 == filter enabled, 0 == filter disabled +# +# Unless this option is disabled, QEMU will be run with +# a seccomp filter that stops it from executing certain +# syscalls. +# +#seccomp_sandbox = 1 + + +# Override the listen address for all incoming migrations. Defaults to +# 0.0.0.0, or :: if both host and qemu are capable of IPv6. +#migration_address = "0.0.0.0" + + +# The default hostname or IP address which will be used by a migration +# source for transferring migration data to this host. The migration +# source has to be able to resolve this hostname and connect to it so +# setting "localhost" will not work. By default, the host's configured +# hostname is used. +#migration_host = "host.example.com" + + +# Override the port range used for incoming migrations. +# +# Minimum must be greater than 0, however when QEMU is not running as root, +# setting the minimum to be lower than 1024 will not work. +# +# Maximum must not be greater than 65535. +# +#migration_port_min = 49152 +#migration_port_max = 49215 + + + +# Timestamp QEMU's log messages (if QEMU supports it) +# +# Defaults to 1. +# +#log_timestamp = 0 + + +# Location of master nvram file +# +# This configuration option is obsolete. Libvirt will follow the +# QEMU firmware metadata specification to automatically locate +# firmware images. See docs/interop/firmware.json in the QEMU +# source tree. These metadata files are distributed alongside any +# firmware images intended for use with QEMU. +# +# NOTE: if ANY firmware metadata files are detected, this setting +# will be COMPLETELY IGNORED. +# +# ------------------------------------------ +# +# When a domain is configured to use UEFI instead of standard +# BIOS it may use a separate storage for UEFI variables. If +# that's the case libvirt creates the variable store per domain +# using this master file as image. Each UEFI firmware can, +# however, have different variables store. Therefore the nvram is +# a list of strings when a single item is in form of: +# ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}. +# Later, when libvirt creates per domain variable store, this list is +# searched for the master image. The UEFI firmware can be called +# differently for different guest architectures. For instance, it's OVMF +# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default +# follows this scheme. +#nvram = [ +# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", +# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", +# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", +# "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" +#] + +# The backend to use for handling stdout/stderr output from +# QEMU processes. +# +# 'file': QEMU writes directly to a plain file. This is the +# historical default, but allows QEMU to inflict a +# denial of service attack on the host by exhausting +# filesystem space +# +# 'logd': QEMU writes to a pipe provided by virtlogd daemon. +# This is the current default, providing protection +# against denial of service by performing log file +# rollover when a size limit is hit. +# +#stdio_handler = "logd" + +# QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the +# most verbose, and 0 representing no debugging output. +# +# The current logging levels defined in the gluster GFAPI are: +# +# 0 - None +# 1 - Emergency +# 2 - Alert +# 3 - Critical +# 4 - Error +# 5 - Warning +# 6 - Notice +# 7 - Info +# 8 - Debug +# 9 - Trace +# +# Defaults to 4 +# +#gluster_debug_level = 9 + +# virtiofsd debug +# +# Whether to enable the debugging output of the virtiofsd daemon. +# Possible values are 0 or 1. Disabled by default. +# +#virtiofsd_debug = 1 + +# To enhance security, QEMU driver is capable of creating private namespaces +# for each domain started. Well, so far only "mount" namespace is supported. If +# enabled it means qemu process is unable to see all the devices on the system, +# only those configured for the domain in question. Libvirt then manages +# devices entries throughout the domain lifetime. This namespace is turned on +# by default. +#namespaces = [ "mount" ] + +# This directory is used for memoryBacking source if configured as file. +# NOTE: big files will be stored here +#memory_backing_dir = "/var/lib/libvirt/qemu/ram" + +# Path to the SCSI persistent reservations helper. This helper is +# used whenever <reservations/> are enabled for SCSI LUN devices. +#pr_helper = "/usr/bin/qemu-pr-helper" + +# Path to the SLIRP networking helper. +#slirp_helper = "/usr/bin/slirp-helper" + +# Path to the dbus-daemon +#dbus_daemon = "/usr/bin/dbus-daemon" + +# User for the swtpm TPM Emulator +# +# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs +# and uses; alternative is 'root' +# +#swtpm_user = "tss" +#swtpm_group = "tss" + +# For debugging and testing purposes it's sometimes useful to be able to disable +# libvirt behaviour based on the capabilities of the qemu process. This option +# allows to do so. DO _NOT_ use in production and beaware that the behaviour +# may change across versions. +# +#capability_filters = [ "capname" ] + +# 'deprecation_behavior' setting controls how the qemu process behaves towards +# deprecated commands and arguments used by libvirt. +# +# This setting is meant for developers and CI efforts to make it obvious when +# libvirt relies on fields which are deprecated so that it can be fixes as soon +# as possible. +# +# Possible options are: +# "none" - (default) qemu is supposed to accept and output deprecated fields +# and commands +# "omit" - qemu is instructed to omit deprecated fields on output, behaviour +# towards fields and commands from qemu is not changed +# "reject" - qemu is instructed to report an error if a deprecated command or +# field is used by libvirtd +# "crash" - qemu crashes when an deprecated command or field is used by libvirtd +# +# For both "reject" and "crash" qemu is instructed to omit any deprecated fields +# on output. +# +# The "reject" option is less harsh towards the VMs but some code paths ignore +# errors reported by qemu and thus it may not be obvious that a deprecated +# command/field was used, thus it's suggested to use the "crash" option instead. +# +# In cases when qemu doesn't support configuring the behaviour this setting is +# silently ignored to allow testing older qemu versions without having to +# reconfigure libvirtd. +# +# DO NOT use in production. +# +#deprecation_behavior = "none" + +# If this is set then QEMU and its threads will run in a separate scheduling +# group meaning no other process will share Hyper Threads of a single core with +# QEMU. Each QEMU has its own group. +# +# Possible options are: +# "none" - (default) neither QEMU or any of its helper processes are placed +# into separate scheduling group +# "vcpus" - only QEMU vCPU threads are placed into a separate scheduling group, +# emulator threads and helper processes remain outside of the group +# "emulator" - only QEMU and its threads (emulator + vCPUs) are placed into +# separate scheduling group, helper processes remain outside of +# the group +# "full" - both QEMU and its helper processes are placed into separate +# scheduling group +#sched_core = "none" @@ -275,7 +275,7 @@ nmap _P :r ~/.vi_tmp<CR> "mucomplete set completeopt+=menuone -let g:mucomplete#enable_auto_at_startup = 1 +let g:mucomplete#enable_auto_at_startup = 0 let g:mucomplete#completion_delay = 1 " firenvim write changes automatically, throttle writes diff --git a/irssi/Dockerfile b/irssi/Dockerfile index cce2f59..ed8d271 100644 --- a/irssi/Dockerfile +++ b/irssi/Dockerfile @@ -21,7 +21,7 @@ RUN set -eux; \ ENV LANG C.UTF-8 -ENV IRSSI_VERSION 1.2.3 +ENV IRSSI_VERSION 1.4.3 RUN set -eux; \ \ @@ -37,6 +37,9 @@ RUN set -eux; \ libtool \ lynx \ make \ + meson \ + ninja \ + xz \ ncurses-dev \ openssl \ openssl-dev \ @@ -61,19 +64,17 @@ RUN set -eux; \ rm /tmp/irssi.tar.xz; \ \ cd /usr/src/irssi; \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - ./configure \ - --build="$gnuArch" \ - --enable-true-color \ - --with-bot \ - --with-proxy \ - --with-socks \ - --with-otr=static \ + meson \ + -Denable-true-color=yes \ + -Dwith-bot=yes \ + -Dwith-perl=yes \ + -Dwith-proxy=yes \ + -Dwith-otr=yes \ + Build \ ; \ - make -j "$(nproc)"; \ - make install; \ - \ - cd /; \ + ninja -C Build -j "$(nproc)"; \ + ninja -C Build install; +RUN cd /; \ rm -rf /usr/src/irssi; \ \ runDeps="$( \ @@ -82,7 +83,7 @@ RUN set -eux; \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ - apk add --no-network --virtual .irssi-rundeps $runDeps; \ + apk add --virtual .irssi-rundeps $runDeps; \ echo https://dl-cdn.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories && apk update; \ apk add --no-cache perl-glib perl-datetime perl-dbi perl-dbd-pg perl-lwp-protocol-https proxychains-ng perl-glib-object-introspection libnotify; \ # apk add dbus; \ diff --git a/irssi/tor/Dockerfile b/irssi/tor/Dockerfile new file mode 100644 index 0000000..40927ef --- /dev/null +++ b/irssi/tor/Dockerfile @@ -0,0 +1,90 @@ +FROM alpine:3.16 + +ENV http_proxy=socks5://192.168.1.214:9995 +ENV https_proxy=socks5://192.168.1.214:9995 +ENV HTTP_PROXY=socks5://192.168.1.214:9995 +ENV HTTPS_PROXY=socks5://192.168.1.214:9995 + +RUN apk add --no-cache \ + ca-certificates \ + perl-libwww + +ENV HOME /home/user +RUN set -eux; \ + adduser -u 1001 -D -h "$HOME" user; \ + mkdir "$HOME/.irssi"; \ + chown -R user:user "$HOME" + +ENV LANG C.UTF-8 + +ENV IRSSI_VERSION 1.4.3 + +RUN set -eux; \ + \ + apk add --no-cache --virtual .build-deps \ + coreutils \ + gcc \ + glib-dev \ + gnupg \ + libc-dev \ + libtool \ + lynx \ + meson \ + ncurses-dev \ + ninja \ + openssl \ + openssl-dev \ + perl-dev \ + pkgconf \ + tar \ + xz \ + ; + ENV http_proxy= + ENV https_proxy= + ENV HTTP_PROXY= + ENV HTTPS_PROXY= + RUN wget "https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz" -O /tmp/irssi.tar.xz; \ + wget "https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz.asc" -O /tmp/irssi.tar.xz.asc; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg: key DDBEF0E1: public key "The Irssi project <staff@irssi.org>" imported + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 7EE65E3082A5FB06AC7C368D00CCB587DDBEF0E1; \ + gpg --batch --verify /tmp/irssi.tar.xz.asc /tmp/irssi.tar.xz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /tmp/irssi.tar.xz.asc; \ + \ + mkdir -p /usr/src/irssi; \ + tar -xf /tmp/irssi.tar.xz -C /usr/src/irssi --strip-components 1; \ + rm /tmp/irssi.tar.xz; \ + \ + cd /usr/src/irssi; \ + meson \ + -Denable-true-color=yes \ + -Dwith-bot=yes \ + -Dwith-perl=yes \ + -Dwith-proxy=yes \ + Build \ + ; \ + ninja -C Build -j "$(nproc)"; \ + ninja -C Build install; \ + \ + cd /; \ + rm -rf /usr/src/irssi; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .irssi-rundeps $runDeps; \ + echo https://dl-cdn.alpinelinux.org/alpine/v3.16/main >> /etc/apk/repositories && apk update && apk add --no-cache proxychains-ng ; \ + apk del --no-network .build-deps; \ + \ +# basic smoke test + irssi --version + +COPY ./proxychains.conf /etc/proxychains/ +WORKDIR $HOME + +USER user +CMD ["proxychains4", "-q", "irssi"] diff --git a/irssi/tor/proxychains.conf b/irssi/tor/proxychains.conf new file mode 100644 index 0000000..18ce7fa --- /dev/null +++ b/irssi/tor/proxychains.conf @@ -0,0 +1,68 @@ +# proxychains.conf VER 3.1 +# +# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS. +# + +# The option below identifies how the ProxyList is treated. +# only one option should be uncommented at time, +# otherwise the last appearing option will be accepted +# +dynamic_chain +# +# Dynamic - Each connection will be done via chained proxies +# all proxies chained in the order as they appear in the list +# at least one proxy must be online to play in chain +# (dead proxies are skipped) +# otherwise EINTR is returned to the app +# +#strict_chain +# +# Strict - Each connection will be done via chained proxies +# all proxies chained in the order as they appear in the list +# all proxies must be online to play in chain +# otherwise EINTR is returned to the app +# +#random_chain +# +# Random - Each connection will be done via random proxy +# (or proxy chain, see chain_len) from the list. +# this option is good to test your IDS :) + +# Make sense only if random_chain +#chain_len = 2 + +# Quiet mode (no output from library) +#quiet_mode + +# Proxy DNS requests - no leak for DNS data +proxy_dns + +# Some timeouts in milliseconds +tcp_read_time_out 15000 +tcp_connect_time_out 8000 +localnet 10.0.0.0/255.0.0.0 +localnet 172.16.0.0/255.240.0.0 +localnet 192.168.0.0/255.255.0.0 +localnet 127.0.0.0/255.0.0.0 + +# ProxyList format +# type host port [user pass] +# (values separated by 'tab' or 'blank') +# +# +# Examples: +# +# socks5 192.168.67.78 1080 lamer secret +# http 192.168.89.3 8080 justu hidden +# socks4 192.168.1.49 1080 +# http 192.168.39.93 8080 +# +# +# proxy types: http, socks4, socks5 +# ( auth types supported: "basic"-http "user/pass"-socks ) +# +[ProxyList] +# add proxy here ... +# meanwile +# defaults set to "tor" +socks5 192.168.1.214 9054 @@ -17,7 +17,7 @@ ) -------------------------------------------------------------------------- |# (defcfg - input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-if01-event-kbd") + input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-event-kbd") output (uinput-sink "KMonad output") cmp-seq lalt diff --git a/terminaldweller.com/cgit/bootstrap/Dockerfile b/terminaldweller.com/cgit/bootstrap/Dockerfile index fe212dd..2467f36 100644 --- a/terminaldweller.com/cgit/bootstrap/Dockerfile +++ b/terminaldweller.com/cgit/bootstrap/Dockerfile @@ -4,4 +4,5 @@ RUN apk update && apk add --no-cache git cronie busybox-initscripts COPY ./bootstrap.sh /bootstrap.sh COPY ./docker-entrypoint.sh /docker-entrypoint.sh COPY ./crontab /etc/crontabs/root -ENTRYPOINT ["/bootstrap.sh"] +RUN chmod 0744 /bootstrap.sh +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/terminaldweller.com/cgit/bootstrap/bootstrap.sh b/terminaldweller.com/cgit/bootstrap/bootstrap.sh index d504064..3481546 100755 --- a/terminaldweller.com/cgit/bootstrap/bootstrap.sh +++ b/terminaldweller.com/cgit/bootstrap/bootstrap.sh @@ -32,17 +32,20 @@ REPOS="cgrep \ grpc \ faultreiber \ luatablegen \ + magni \ cfe-extra" bootstrap() { for REPO in ${REPOS}; do - (cd "${GIT_REPO_DIR}" && git clone --bare "${ORIGIN_HTTPS}/${REPO}") + if [ ! -d ${GIT_REPO_DIR}/${REPO}.git ]; then + (cd "${GIT_REPO_DIR}" && git clone --bare "${ORIGIN_HTTPS}/${REPO}") + fi done } update_repos() { for REPO in ${REPOS}; do - (cd "${GIT_REPO_DIR}/${REPO}".git && git fetch || true) + (cd "${GIT_REPO_DIR}/${REPO}".git && git fetch origin *:*) done } diff --git a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh index 833d95b..d6d7009 100755 --- a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh +++ b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh @@ -3,5 +3,6 @@ set -e set -x . /bootstrap.sh -on_startup /etc/gitrepos/ +bootstrap +update_repos crond -n -s -P diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index 1ca57b2..3ba143a 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -33,5 +33,5 @@ volumes: mnesia_db: vault: # openssl dhparam -out dhparams.pem 4096 -# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive +# certbot certonly --standlone -d chat.terminaldweller.com -m devi@terminaldweller.com --agree-tos --noninteractive # docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index c6c9ce7..26265ae 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -46,6 +46,7 @@ frontend http acl git-host hdr_sub(host) -i git.terminaldweller.com acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com + acl main-host hdr_sub(host) -i terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto acl http ssl_fc,not @@ -65,6 +66,7 @@ frontend http http-request redirect scheme https code 301 if http browsh-host !letsencrypt-acl #http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl + http-request redirect scheme https code 301 if http main-host !letsencrypt-acl #Conditions use_backend blog-backend-cert if letsencrypt-acl blog-host @@ -79,6 +81,7 @@ frontend http use_backend searx-backend-cert if letsencrypt-acl git-host use_backend searx-backend-cert if letsencrypt-acl cargo-host use_backend vpn6-cert-backend if letsencrypt-acl browsh-host + use_backend searx-backend-cert if letsencrypt-acl main-host # use_backend editor-backend-cert if letsencrypt-acl editor-host use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host use_backend blog-backend if blog-host @@ -113,6 +116,7 @@ frontend https acl discord-host-s req.ssl_sni -i discord.terminaldweller.com acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com acl browsh-host-s req.ssl_sni -i browsh.terminaldweller.com + acl main-host-s req.ssl_sni -i terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s @@ -128,6 +132,7 @@ frontend https use_backend git-backend-s if git-host-s use_backend rssgen-backend-s if rssgen-host-s use_backend browsh-backend-s if browsh-host-s + use_backend main-backend-s if main-host-s #frontend jabber5222 # bind *:5222 @@ -393,3 +398,8 @@ backend browsh-backend-s backend vpn6-cert-backend mode http server vpn6-cert-host 185.130.45.46:80 + +backend main-backend-s + mode tcp + option tcp-check + server main-host-s 185.130.47.208:7773 diff --git a/terminaldweller.com/main/docker-compose.yaml b/terminaldweller.com/main/docker-compose.yaml new file mode 100644 index 0000000..2f927c0 --- /dev/null +++ b/terminaldweller.com/main/docker-compose.yaml @@ -0,0 +1,21 @@ +version: "3" +services: + nginx: + image: nginx:stable + networks: + - mainnet + ports: + - "7773:8080" + restart: unless-stopped + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - /etc/letsencrypt/archive/terminaldweller.com/:/certs/ + - ./srv:/srv + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID +networks: + mainnet: diff --git a/terminaldweller.com/main/nginx.conf b/terminaldweller.com/main/nginx.conf new file mode 100644 index 0000000..4007cca --- /dev/null +++ b/terminaldweller.com/main/nginx.conf @@ -0,0 +1,30 @@ +events { + worker_connections 1024; +} +# curl https://fosstodon.org/.well-known/webfinger?resource=acct:terminaldweller@fosstodon.org +http { + server { + listen 8080 ssl http2; + keepalive_timeout 70; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers on; + ssl_certificate /certs/fullchain1.pem; + ssl_certificate_key /certs/privkey1.pem; + ssl_protocols TLSv1.2 TLSv1.3; + add_header Content-Security-Policy "default-src 'self';"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer"; + sendfile on; + tcp_nopush on; + + location /.well-known/webfinger { + add_header Access-Control-Allow-Origin "*"; + add_header Content-Type "application/json"; + alias /srv/.well-known/webfinger/finger.json; + } + # https://metacode.biz/openpgp/web-key-directory? + } +} diff --git a/terminaldweller.com/main/srv/.well-known/webfinger/finger.json b/terminaldweller.com/main/srv/.well-known/webfinger/finger.json new file mode 100644 index 0000000..c7cdb78 --- /dev/null +++ b/terminaldweller.com/main/srv/.well-known/webfinger/finger.json @@ -0,0 +1 @@ +{"subject":"acct:terminaldweller@fosstodon.org","aliases":["https://fosstodon.org/@terminaldweller","https://fosstodon.org/users/terminaldweller"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://fosstodon.org/@terminaldweller"},{"rel":"self","type":"application/activity+json","href":"https://fosstodon.org/users/terminaldweller"},{"rel":"http://ostatus.org/schema/1.0/subscribe","template":"https://fosstodon.org/authorize_interaction?uri={uri}"}]}
\ No newline at end of file |