diff options
Diffstat (limited to '')
29 files changed, 2657 insertions, 135 deletions
diff --git a/.mongoshrc.js b/.mongoshrc.js index bd91d9a..b1f85ab 100644 --- a/.mongoshrc.js +++ b/.mongoshrc.js @@ -28,3 +28,7 @@ function get_animes() { function get_movies() { return db.movies.find(); } + +function get_stash() { + return db.stash.find(); +} diff --git a/.mutt/account.self b/.mutt/account.self index 986f8bf..161b2d5 100644 --- a/.mutt/account.self +++ b/.mutt/account.self @@ -16,4 +16,4 @@ set header_cache = ~/.mutt/self/cache/headers set message_cachedir = ~/.mutt/self/cache/bodies set certificate_file = ~/.mutt/self/certificates # mailboxes "+INBOX" "+Drafts" "+Sent" "+Trash" -mailboxes "+INBOX" "+INBOX/Github" "+INBOX/Linkedin" "+INBOX/Launchpad" "+INBOX/Opennic" "+INBOX/Trf" "+INBOX/Devto" "+INBOX/Kaggle" "+INBOX/Codeberg" "+INBOX/Rumble" "+INBOX/Substack" "+INBOX/Infura" "+INBOX/Skiff" +mailboxes "+INBOX" "+INBOX/Github" "+INBOX/Linkedin" "+INBOX/Launchpad" "+INBOX/Opennic" "+INBOX/Trf" "+INBOX/Devto" "+INBOX/Kaggle" "+INBOX/Codeberg" "+INBOX/Rumble" "+INBOX/Substack" "+INBOX/Infura" "+INBOX/Skiff" "+INBOX/Spotify" "+INBOX/Bonobonet" diff --git a/.newsboat/urls b/.newsboat/urls index aa2519b..59f2d18 100644 --- a/.newsboat/urls +++ b/.newsboat/urls @@ -10,6 +10,9 @@ https://www.ecliptik.com/feed.xml "~Ecliptik" https://www.privacytools.io/guides/rss.xml "~Privacy_Tools" https://voidlinux.org/atom.xml "~VoidLinux" https://blog.qutebrowser.org/feeds/all.rss.xml "~Qutebrowser" +https://sfconservancy.org/feeds/omnibus/ "~SFC" +https://www.fsf.org/static/fsforg/rss/blogs.xml "~FSF" +https://www.eff.org/rss/updates.xml "~EFF" "exec:gemget gemini://mozz.us/journal/atom.xml --output -" "~MOZZ"GEMINI "exec:gemget gemini://midnight.pub/feed.xml --output -" "~Midnight_Pub"GEMINI @@ -47,6 +50,8 @@ https://www.google.com/alerts/feeds/12093321976767190558/2769088908428192247 "~i https://www.google.com/alerts/feeds/12093321976767190558/16765140344737729825 "~TheGreenPlace"Google_Alerts https://www.google.com/alerts/feeds/12093321976767190558/11780712112899033397 "~Security_Breach"Google_Alerts https://www.google.com/alerts/feeds/12093321976767190558/8312907097599403294 "~Terminaldweller"Google_Alerts +https://www.google.com/alerts/feeds/12093321976767190558/14483201011249340076 "~ChancenKarte"Google_Alerts +https://www.google.com/alerts/feeds/12093321976767190558/397063251466190481 "~thabogre@gmail.com"Google_Alerts # (Youtube) # Horror @@ -101,7 +106,6 @@ https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "~B https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "~Linus_Tech_Tips"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCa6eh7gCkpPo5XXUDfygQQA "~Ippsec"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCdngmbVKX1Tgre699-XLlUA "~Tech_World_With_Nana"youtube -https://www.youtube.com/feeds/videos.xml?channel_id=UCfp-lNJy4QkIGnaEE6NtDSg "~Terminalforlife"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCylGUf9BvQooEFjgdNudoQg "~The_Linux_Cast"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCVhQ2NnY5Rskt6UjCUkJ_DA "~Arjan_code"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCFQMnBA3CS502aghlcr0_aw "~Coffezilla"youtube @@ -123,6 +127,7 @@ https://www.youtube.com/feeds/videos.xml?channel_id=UCdSnjmLUUe_NT4ml9OkUi1A "~N https://www.youtube.com/feeds/videos.xml?channel_id=UCpFFItkfZz1qz5PpHpqzYBw "~Nexpo"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UC9PIn6-XuRKZ5HmYeu46AIw "~Barely_Sociable"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCZHmQk67mSJgfCCTn7xBfew "~Yannic_Kilcher"youtube +https://www.youtube.com/feeds/videos.xml?channel_id=UCa4GzOwXZbQPQyPHhQmpKCQ "~Ants_Are_Everywhere"youtube https://www.youtube.com/feeds/videos.xml?user=g297125009 "~Gavin_Freeborn"youtube https://www.youtube.com/feeds/videos.xml?user=Hak5Darren "~Hak_5"youtube diff --git a/.secrets.baseline b/.secrets.baseline index 5fd71f9..04e6446 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -270,7 +270,7 @@ "filename": "irssi/config", "hashed_secret": "825e522c6f25f4d5e79c97adb96bf4d84f8606c2", "is_verified": false, - "line_number": 524 + "line_number": 660 } ], "kubernetes/mongodb/add-user.yaml": [ @@ -365,5 +365,5 @@ } ] }, - "generated_at": "2023-02-13T09:48:20Z" + "generated_at": "2023-04-10T07:42:47Z" } diff --git a/.tunneltop.toml b/.tunneltop.toml index 5e1ea1e..043bb55 100644 --- a/.tunneltop.toml +++ b/.tunneltop.toml @@ -24,6 +24,16 @@ test_interval = 300 test_timeout = 10 auto_start = true +[tunnel.socks_can] +address = "127.0.0.1" +port = 9999 +command = "autossh -M 0 -N -D 9999 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l rooot -p 1022 192.99.102.52" +test_command = 'curl -s -o /dev/null -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9999 https://icanhazallips.terminaldweller.com:9380' +test_command_result = "200" +test_interval = 300 +test_timeout = 10 +auto_start = false + [tunnel.socks5_3] address = "127.0.0.1" port = 9995 @@ -1157,6 +1157,8 @@ autocmd FileType javasript let b:vcm_tab_complete = 'omni' "filetypes set dictionary+=/usr/share/dict/words autocmd FileType pandoc,markdown,text,vimwiki,tex setlocal complete+=k +let g:pandoc#syntax#conceal#use = 0 +autocmd FileType pandoc PandocHighlight sh "fzf map <leader>f <Esc><Esc>:Files!<CR> @@ -1373,7 +1375,7 @@ let g:context_presenter = 'vim-popup' augroup AUSpell autocmd! - autocmd FileType markdown,txt,vimwiki,tex setlocal spell + autocmd FileType markdown,txt,vimwiki,tex,pandoc setlocal spell augroup END augroup MDInsert @@ -1477,6 +1479,7 @@ augroup ALETS autocmd FileType typescript let b:ale_fixers = {'typescript': ['prettier']} augroup END let b:ale_python_mypy_options = "--check-untyped-defs" +let b:ale_python_pylint_options = "--generate-members" augroup ALEPY autocmd! autocmd FileType python let b:ale_linters = {'python': ['mypy', 'pylint', 'bandit', 'ruff']} diff --git a/.w3m/keymap b/.w3m/keymap index d45692a..786d03f 100644 --- a/.w3m/keymap +++ b/.w3m/keymap @@ -107,7 +107,7 @@ keymap ESC-z INTERRUPT keymap C CHARSET keymap :q EXIT -keymap Q COMMAND "EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; READ_SHELL ~/.w3m/cgi-bin/restore_session.cgi ; EXIT" +keymap Q COMMAND "EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; READ_SHELL ~/.w3m/cgi-bin/restore_session.cgi ; EXIT" # external stuff keymap SPC-r COMMAND "SHELL 'readable $W3M_URL -p html-title,html-content > /tmp/readable.html'; LOAD /tmp/readable.html" @@ -24,8 +24,9 @@ eval `dircolors ~/.dir_colors` # alias git="proxychains4 -q -f ~/proxies/ice/proxychains.conf git" alias sudo="sudo " alias mpv="proxychains4 -q -f ~/proxies/swe/proxychains.conf mpv --save-position-on-quit --term-osd-bar --msg-module --msg-time --cache=yes --cache-secs=15000 --cache-on-disk --cache-dir=/tmp/ --demuxer-max-bytes=500MiB" -alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' +alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf w3m -s -W -4 -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' alias torw3m='torsocks --port 9053 w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' +alias boxed_w3m="ssh -tt -i /home/devi/devi/vagrantboxes.git/main/netbsd9/.vagrant/machines/default/libvirt/private_key vagrant@w3m-host.vagrant-libvirt torsocks --address 192.168.1.214 --port 9054 w3m -s -W -4 -o -graph" alias i2pw3m='proxychains4 -q -f ~/proxies/i2p_one/proxychains.conf w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' alias rm="rm -I --one-file-system --preserve-root=all" alias vv="vim" @@ -113,6 +114,7 @@ alias vpn8="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -p 3333 ub alias vpn9="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -i ~/.ssh/id_rsa -p 3333 ubuntu@185.130.47.81 ssh -tt -i /home/ubuntu/.ssh/id_rsa_lv2 2a07:e01:3:1c4::1 -p 3333 -l ubuntu" alias vms="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt 185.126.202.69 -l ubuntu -p 1022" alias vpnvv="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -p 3333 ubuntu@185.244.29.79" +alias vpn10="proxychains4 -q -f ~/proxies/swe/proxychains.conf ssh -tt -p 3333 root@89.147.110.30" alias -g DOCKER_HOST_VPS="ssh://ubuntu@87.236.209.206:1022" alias -g DOCKER_HOST_VPN="ssh://rooot@192.99.102.52:1022" alias -g DOCKER_HOST_VPN2="ssh://rooot@145.239.165.137:22" @@ -122,6 +124,7 @@ alias -g DOCKER_HOST_VPN7="ssh://ubuntu@185.130.47.81:3333" alias -g DOCKER_HOST_VPN8="ssh://ubuntu@185.130.47.208:3333" # alias -g DOCKER_HOST_VPN9="" alias -g DOCKER_HOST_VMS="ssh://ubuntu@185.126.202.69:1022" +alias -g DOCKER_HOST_VPN10="ssh://root@89.147.110.30:3333" # alias cloud_one="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 130.185.121.80 -l ubuntu -p 1022" # alias pytags="ctags --fields=+l --languages=python --python-kinds=-iv -R ." alias v="vim" @@ -150,7 +153,7 @@ alias jupyterlab="jupyter lab --no-browser --port 9989" alias iredisrc="vim ~/scripts/.iredisrc" alias fixiredisrc="cp ~/scripts/.iredisrc ~/.iredisrc" # alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi" -alias irssi="TERM=screen-256color COLORTERM=truecolor docker run --runtime=runsc -it -e COLORTERM -e TERM -u $(id -u):$(id -g) --log-driver=none -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi" +alias irssi="TERM=screen-256color COLORTERM=truecolor docker run --runtime=runsc -it -e COLORTERM -e TERM -u $(id -u):$(id -g) --log-driver=none -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi" alias tor_irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u 1001:1001 --log-driver=none -v tor_irssi_mount:/home/user/.irssi -v ~/devi/abbatoir/hole16:/home/user/.irssi/certs tor_irssi" alias i2p_irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -v i2p_irssi_mount:/home/user/.irssi irssi:1.2.3" alias openbb="TERM=screen-256color \ @@ -366,6 +369,7 @@ alias waydroid="WAYLAND_DISPLAY=wayland-0 waydroid" alias gw="git worktree" alias redshiftrc="vim ~/scripts/.config/redshift.conf" alias fixredshiftrc="cp ~/scripts/.config/redshift.conf ~/.config/redshift.conf" +alias waydroid_ssh="ssh -p 8022 u0_a411@192.168.240.112" gwta() { git worktree add ./"$1" $(git rev-parse "$1") @@ -490,6 +494,8 @@ export MYSQL_PS1="\U@\N:\p [\d] - \R:\m:\s - \v\n>>>" # export TZ # export GPG_TTY=$(tty) +export PS_FORMAT=pid,start,etime,%cpu,%mem,lxc,cgroup,tty,wchan,exe,cmd + export VAGRANT_HOME="/home/devi/storage/ssd1/vagrant" export BAT_THEME="Solarized (light)" @@ -539,7 +545,7 @@ export PATH=$PATH:/home/devi/.fzf/bin export PATH=$PATH:/home/devi/k3s export PATH=$PATH:/home/devi/kompose export PATH=$PATH:/home/devi/powershell -export PATH=$PATH:/home/devi/ytfzf.git/rewrite +export PATH=$PATH:/home/devi/ytfzf.git/v2.5.5.rc-5 export PATH=$PATH:/home/devi/gotty export PATH=$PATH:/home/devi/.poetry/bin export PATH=$PATH:/home/devi/pulumi @@ -564,6 +570,7 @@ export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.28 export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.28/node/14.18.2_64bit/bin export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.28/upstream/emscripten export PATH=$PATH:/home/devi/devi/git-scripts.git/master +export PATH=$PATH:/home/devi/mongo_db_tools/mongodb-database-tools-ubuntu2004-x86_64-100.5.2/bin # flatpaks export PATGH=$PATH:/var/lib/flatpak/exports/bin diff --git a/bin/postit.sh b/bin/postit.sh index 17589c5..496ddd8 100755 --- a/bin/postit.sh +++ b/bin/postit.sh @@ -1,6 +1,5 @@ #!/usr/bin/env sh -CLIP_HIST_FILE=/tmp/.clip_history -# POSTIT=$(cat ${CLIP_HIST_FILE} | dmenu -l 20 -p "Select Postit:") -sqlite3 $(cat /tmp/lclipd/lclipd_db_name) 'select content from lclipd;' | dmenu -l 20 | xsel -ib -# echo -n "${POSTIT:0:${#POSTIT}}" | xsel -ip +SQL_DB="$(cat /tmp/lclipd/lclipd_db_name)" +content=$(sqlite3 "${SQL_DB}" "select replace(content,char(10),' '),id from lclipd;" | dmenu -fn "DejaVuSansMono Nerd Font Mono-11.3;antialias=true;autohint=true" -D "|" -l 20 -p "lclipd:") +sqlite3 "${SQL_DB}" "select content from lclipd where id = ${content}" | xsel -ib diff --git a/dnscrypt/dnscrypt-proxy.toml b/dnscrypt/dnscrypt-proxy.toml new file mode 100644 index 0000000..9938e08 --- /dev/null +++ b/dnscrypt/dnscrypt-proxy.toml @@ -0,0 +1,875 @@ + +############################################## +# # +# dnscrypt-proxy configuration # +# # +############################################## + +## This is an example configuration file. +## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml" +## +## Online documentation is available here: https://dnscrypt.info/doc + + + +################################## +# Global settings # +################################## + +## List of servers to use +## +## Servers from the "public-resolvers" source (see down below) can +## be viewed here: https://dnscrypt.info/public-servers +## +## The proxy will automatically pick working servers from this list. +## Note that the require_* filters do NOT apply when using this setting. +## +## By default, this list is empty and all registered servers matching the +## require_* filters will be used instead. +## +## Remove the leading # first to enable this; lines starting with # are ignored. + +# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare'] + + +## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. +## Example with both IPv4 and IPv6: +## listen_addresses = ['127.0.0.1:53', '[::1]:53'] +## +## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']` +## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']` + +listen_addresses = ['[::]:5553'] + + +## Maximum number of simultaneous client connections to accept + +max_clients = 250 + + +## Switch to a different system user after listening sockets have been created. +## Note (1): this feature is currently unsupported on Windows. +## Note (2): this feature is not compatible with systemd socket activation. +## Note (3): when using -pidfile, the PID file directory must be writable by the new user + +# user_name = 'nobody' + + +## Require servers (from remote sources) to satisfy specific properties + +# Use servers reachable over IPv4 +ipv4_servers = true + +# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity +ipv6_servers = true + +# Use servers implementing the DNSCrypt protocol +dnscrypt_servers = true + +# Use servers implementing the DNS-over-HTTPS protocol +doh_servers = true + +# Use servers implementing the Oblivious DoH protocol +odoh_servers = false + + +## Require servers defined by remote sources to satisfy specific properties + +# Server must support DNS security extensions (DNSSEC) +require_dnssec = true + +# Server must not log user queries (declarative) +require_nolog = true + +# Server must not enforce its own blocklist (for parental control, ads blocking...) +require_nofilter = true + +# Server names to avoid even if they match all criteria +disabled_server_names = [] + + +## Always use TCP to connect to upstream servers. +## This can be useful if you need to route everything through Tor. +## Otherwise, leave this to `false`, as it doesn't improve security +## (dnscrypt-proxy will always encrypt everything even using UDP), and can +## only increase latency. + +force_tcp = true + + +## Enable *experimental* support for HTTP/3 (DoH3, HTTP over QUIC) +## Note that, like DNSCrypt but unlike other HTTP versions, this uses +## UDP and (usually) port 443 instead of TCP. + +http3 = false + + +## SOCKS proxy +## Uncomment the following line to route all TCP connections to a local Tor node +## Tor doesn't support UDP, so set `force_tcp` to `true` as well. + +proxy = 'socks5h://127.0.0.1:9054' + + +## HTTP/HTTPS proxy +## Only for DoH servers + +# http_proxy = 'http://127.0.0.1:8118' + + +## How long a DNS query will wait for a response, in milliseconds. +## If you have a network with *a lot* of latency, you may need to +## increase this. Startup may be slower if you do so. +## Don't increase it too much. 10000 is the highest reasonable value. + +timeout = 5000 + + +## Keepalive for HTTP (HTTPS, HTTP/2, HTTP/3) queries, in seconds + +keepalive = 30 + + +## Add EDNS-client-subnet information to outgoing queries +## +## Multiple networks can be listed; they will be randomly chosen. +## These networks don't have to match your actual networks. + +# edns_client_subnet = ['0.0.0.0/0', '2001:db8::/32'] + + +## Response for blocked queries. Options are `refused`, `hinfo` (default) or +## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`. +## Using the `hinfo` option means that some responses will be lies. +## Unfortunately, the `hinfo` option appears to be required for Android 8+ + +# blocked_query_response = 'refused' + + +## Load-balancing strategy: 'p2' (default), 'ph', 'p<n>', 'first' or 'random' +## Randomly choose 1 of the fastest 2, half, n, 1 or all live servers by latency. +## The response quality still depends on the server itself. + +# lb_strategy = 'p2' + +## Set to `true` to constantly try to estimate the latency of all the resolvers +## and adjust the load-balancing parameters accordingly, or to `false` to disable. +## Default is `true` that makes 'p2' `lb_strategy` work well. + +# lb_estimator = true + + +## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) + +log_level = 2 + + +## Log file for the application, as an alternative to sending logs to +## the standard system logging service (syslog/Windows event log). +## +## This file is different from other log files, and will not be +## automatically rotated by the application. + +# log_file = 'dnscrypt-proxy.log' + + +## When using a log file, only keep logs from the most recent launch. + +# log_file_latest = true + + +## Use the system logger (syslog on Unix, Event Log on Windows) + +# use_syslog = true + + +## Delay, in minutes, after which certificates are reloaded + +cert_refresh_delay = 240 + + +## Initially don't check DNSCrypt server certificates for expiration, and +## only start checking them after a first successful connection to a resolver. +## This can be useful on routers with no battery-backed clock. + +# cert_ignore_timestamp = false + + +## DNSCrypt: Create a new, unique key for every single DNS query +## This may improve privacy but can also have a significant impact on CPU usage +## Only enable if you don't have a lot of network load + +# dnscrypt_ephemeral_keys = false + + +## DoH: Disable TLS session tickets - increases privacy but also latency + +# tls_disable_session_tickets = false + + +## DoH: Use a specific cipher suite instead of the server preference +## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 +## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 +## 4865 = TLS_AES_128_GCM_SHA256 +## 4867 = TLS_CHACHA20_POLY1305_SHA256 +## +## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), +## the following suite improves performance. +## This may also help on Intel CPUs running 32-bit operating systems. +## +## Keep tls_cipher_suite empty if you have issues fetching sources or +## connecting to some DoH servers. Google and Cloudflare are fine with it. + +# tls_cipher_suite = [52392, 49199] + + +## Bootstrap resolvers +## +## These are normal, non-encrypted DNS resolvers, that will be only used +## for one-shot queries when retrieving the initial resolvers list and if +## the system DNS configuration doesn't work. +## +## No user queries will ever be leaked through these resolvers, and they will +## not be used after IP addresses of DoH resolvers have been found (if you are +## using DoH). +## +## They will never be used if lists have already been cached, and if the stamps +## of the configured servers already include IP addresses (which is the case for +## most of DoH servers, and for all DNSCrypt servers and relays). +## +## They will not be used if the configured system DNS works, or after the +## proxy already has at least one usable secure resolver. +## +## Resolvers supporting DNSSEC are recommended, and, if you are using +## DoH, bootstrap resolvers should ideally be operated by a different entity +## than the DoH servers you will be using, especially if you have IPv6 enabled. +## +## People in China may want to use 114.114.114.114:53 here. +## Other popular options include 8.8.8.8, 9.9.9.9 and 1.1.1.1. +## +## If more than one resolver is specified, they will be tried in sequence. +## +## TL;DR: put valid standard resolver addresses here. Your actual queries will +## not be sent there. If you're using DNSCrypt or Anonymized DNS and your +## lists are up to date, these resolvers will not even be used. + +bootstrap_resolvers = ['9.9.9.11:53', '8.8.8.8:53'] + + +## Always use the bootstrap resolver before the system DNS settings. + +ignore_system_dns = true + + +## Maximum time (in seconds) to wait for network connectivity before +## initializing the proxy. +## Useful if the proxy is automatically started at boot, and network +## connectivity is not guaranteed to be immediately available. +## Use 0 to not test for connectivity at all (not recommended), +## and -1 to wait as much as possible. + +netprobe_timeout = 60 + +## Address and port to try initializing a connection to, just to check +## if the network is up. It can be any address and any port, even if +## there is nothing answering these on the other side. Just don't use +## a local address, as the goal is to check for Internet connectivity. +## On Windows, a datagram with a single, nul byte will be sent, only +## when the system starts. +## On other operating systems, the connection will be initialized +## but nothing will be sent at all. + +netprobe_address = '9.9.9.9:53' + + +## Offline mode - Do not use any remote encrypted servers. +## The proxy will remain fully functional to respond to queries that +## plugins can handle directly (forwarding, cloaking, ...) + +# offline_mode = false + + +## Additional data to attach to outgoing queries. +## These strings will be added as TXT records to queries. +## Do not use, except on servers explicitly asking for extra data +## to be present. +## encrypted-dns-server can be configured to use this for access control +## in the [access_control] section + +# query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken'] + + +## Automatic log files rotation + +# Maximum log files size in MB - Set to 0 for unlimited. +log_files_max_size = 10 + +# How long to keep backup files, in days +log_files_max_age = 7 + +# Maximum log files backups to keep (or 0 to keep all backups) +log_files_max_backups = 1 + + + +######################### +# Filters # +######################### + +## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you +## configure dnscrypt-proxy to do any kind of filtering (including the filters +## below and blocklists). +## You can still choose resolvers that do DNSSEC validation. + + +## Immediately respond to IPv6-related queries with an empty response +## This makes things faster when there is no IPv6 connectivity, but can +## also cause reliability issues with some stub resolvers. + +block_ipv6 = false + + +## Immediately respond to A and AAAA queries for host names without a domain name + +block_unqualified = true + + +## Immediately respond to queries for local zones instead of leaking them to +## upstream resolvers (always causing errors or timeouts). + +block_undelegated = true + + +## TTL for synthetic responses sent when a request has been blocked (due to +## IPv6 or blocklists). + +reject_ttl = 10 + + + +################################################################################## +# Route queries for specific domains to a dedicated set of servers # +################################################################################## + +## See the `example-forwarding-rules.txt` file for an example + +# forwarding_rules = 'forwarding-rules.txt' + + + +############################### +# Cloaking rules # +############################### + +## Cloaking returns a predefined address for a specific name. +## In addition to acting as a HOSTS file, it can also return the IP address +## of a different name. It will also do CNAME flattening. +## If 'cloak_ptr' is set, then PTR (reverse lookups) are enabled +## for cloaking rules that do not contain wild cards. +## +## See the `example-cloaking-rules.txt` file for an example + +# cloaking_rules = 'cloaking-rules.txt' + +## TTL used when serving entries in cloaking-rules.txt + +# cloak_ttl = 600 +# cloak_ptr = false + + + +########################### +# DNS cache # +########################### + +## Enable a DNS cache to reduce latency and outgoing traffic + +cache = true + + +## Cache size + +cache_size = 4096 + + +## Minimum TTL for cached entries + +cache_min_ttl = 2400 + + +## Maximum TTL for cached entries + +cache_max_ttl = 86400 + + +## Minimum TTL for negatively cached entries + +cache_neg_min_ttl = 60 + + +## Maximum TTL for negatively cached entries + +cache_neg_max_ttl = 600 + + + +######################################## +# Captive portal handling # +######################################## + +[captive_portals] + +## A file that contains a set of names used by operating systems to +## check for connectivity and captive portals, along with hard-coded +## IP addresses to return. + +# map_file = 'example-captive-portals.txt' + + + +################################## +# Local DoH server # +################################## + +[local_doh] + +## dnscrypt-proxy can act as a local DoH server. By doing so, web browsers +## requiring a direct connection to a DoH server in order to enable some +## features will enable these, without bypassing your DNS proxy. + +## Addresses that the local DoH server should listen to + +# listen_addresses = ['127.0.0.1:3033'] + + +## Path of the DoH URL. This is not a file, but the part after the hostname +## in the URL. By convention, `/dns-query` is frequently chosen. +## For each `listen_address` the complete URL to access the server will be: +## `https://<listen_address><path>` (ex: `https://127.0.0.1/dns-query`) + +# path = '/dns-query' + + +## Certificate file and key - Note that the certificate has to be trusted. +## See the documentation (wiki) for more information. + +# cert_file = 'localhost.pem' +# cert_key_file = 'localhost.pem' + + + +############################### +# Query logging # +############################### + +## Log client queries to a file + +[query_log] + +## Path to the query log file (absolute, or relative to the same directory as the config file) +## Can be set to /dev/stdout in order to log to the standard output. + +# file = 'query.log' + + +## Query log format (currently supported: tsv and ltsv) + +format = 'tsv' + + +## Do not log these query types, to reduce verbosity. Keep empty to log everything. + +# ignored_qtypes = ['DNSKEY', 'NS'] + + + +############################################ +# Suspicious queries logging # +############################################ + +## Log queries for nonexistent zones +## These queries can reveal the presence of malware, broken/obsolete applications, +## and devices signaling their presence to 3rd parties. + +[nx_log] + +## Path to the query log file (absolute, or relative to the same directory as the config file) + +# file = 'nx.log' + + +## Query log format (currently supported: tsv and ltsv) + +format = 'tsv' + + + +###################################################### +# Pattern-based blocking (blocklists) # +###################################################### + +## Blocklists are made of one pattern per line. Example of valid patterns: +## +## example.com +## =example.com +## *sex* +## ads.* +## ads*.example.* +## ads*.example[0-9]*.com +## +## Example blocklist files can be found at https://download.dnscrypt.info/blocklists/ +## A script to build blocklists from public feeds can be found in the +## `utils/generate-domains-blocklists` directory of the dnscrypt-proxy source code. + +[blocked_names] + +## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) + +# blocked_names_file = 'blocked-names.txt' + + +## Optional path to a file logging blocked queries + +# log_file = 'blocked-names.log' + + +## Optional log format: tsv or ltsv (default: tsv) + +# log_format = 'tsv' + + + +########################################################### +# Pattern-based IP blocking (IP blocklists) # +########################################################### + +## IP blocklists are made of one pattern per line. Example of valid patterns: +## +## 127.* +## fe80:abcd:* +## 192.168.1.4 + +[blocked_ips] + +## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) + +# blocked_ips_file = 'blocked-ips.txt' + + +## Optional path to a file logging blocked queries + +# log_file = 'blocked-ips.log' + + +## Optional log format: tsv or ltsv (default: tsv) + +# log_format = 'tsv' + + + +###################################################### +# Pattern-based allow lists (blocklists bypass) # +###################################################### + +## Allowlists support the same patterns as blocklists +## If a name matches an allowlist entry, the corresponding session +## will bypass names and IP filters. +## +## Time-based rules are also supported to make some websites only accessible at specific times of the day. + +[allowed_names] + +## Path to the file of allow list rules (absolute, or relative to the same directory as the config file) + +# allowed_names_file = 'allowed-names.txt' + + +## Optional path to a file logging allowed queries + +# log_file = 'allowed-names.log' + + +## Optional log format: tsv or ltsv (default: tsv) + +# log_format = 'tsv' + + + +######################################################### +# Pattern-based allowed IPs lists (blocklists bypass) # +######################################################### + +## Allowed IP lists support the same patterns as IP blocklists +## If an IP response matches an allowed entry, the corresponding session +## will bypass IP filters. +## +## Time-based rules are also supported to make some websites only accessible at specific times of the day. + +[allowed_ips] + +## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file) + +# allowed_ips_file = 'allowed-ips.txt' + + +## Optional path to a file logging allowed queries + +# log_file = 'allowed-ips.log' + +## Optional log format: tsv or ltsv (default: tsv) + +# log_format = 'tsv' + + + +########################################## +# Time access restrictions # +########################################## + +## One or more weekly schedules can be defined here. +## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name +## to apply the pattern 'schedule_name' only when it matches a time range of that schedule. +## +## For example, the following rule in a blocklist file: +## *.youtube.* @time-to-sleep +## would block access to YouTube during the times defined by the 'time-to-sleep' schedule. +## +## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00 +## {after= '9:00', before='18:00'} matches 9:00-18:00 + +[schedules] + + # [schedules.time-to-sleep] + # mon = [{after='21:00', before='7:00'}] + # tue = [{after='21:00', before='7:00'}] + # wed = [{after='21:00', before='7:00'}] + # thu = [{after='21:00', before='7:00'}] + # fri = [{after='23:00', before='7:00'}] + # sat = [{after='23:00', before='7:00'}] + # sun = [{after='21:00', before='7:00'}] + + # [schedules.work] + # mon = [{after='9:00', before='18:00'}] + # tue = [{after='9:00', before='18:00'}] + # wed = [{after='9:00', before='18:00'}] + # thu = [{after='9:00', before='18:00'}] + # fri = [{after='9:00', before='17:00'}] + + + +######################### +# Servers # +######################### + +## Remote lists of available servers +## Multiple sources can be used simultaneously, but every source +## requires a dedicated cache file. +## +## Refer to the documentation for URLs of public sources. +## +## A prefix can be prepended to server names in order to +## avoid collisions if different sources share the same for +## different servers. In that case, names listed in `server_names` +## must include the prefixes. +## +## If the `urls` property is missing, cache files and valid signatures +## must already be present. This doesn't prevent these cache files from +## expiring after `refresh_delay` hours. +## Cache freshness is checked every 24 hours, so values for 'refresh_delay' +## of less than 24 hours will have no effect. +## A maximum delay of 168 hours (1 week) is imposed to ensure cache freshness. + +[sources] + + ### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers + + [sources.public-resolvers] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] + cache_file = 'public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret + refresh_delay = 72 + prefix = '' + + ### Anonymized DNS relays + + [sources.relays] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md'] + cache_file = 'relays.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret + refresh_delay = 72 + prefix = '' + + ### ODoH (Oblivious DoH) servers and relays + + # [sources.odoh-servers] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md'] + # cache_file = 'odoh-servers.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret + # refresh_delay = 24 + # prefix = '' + # [sources.odoh-relays] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md'] + # cache_file = 'odoh-relays.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret + # refresh_delay = 24 + # prefix = '' + + ### Quad9 + + # [sources.quad9-resolvers] + # urls = ['https://www.quad9.net/quad9-resolvers.md'] + # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' #pragma: allowlist secret + # cache_file = 'quad9-resolvers.md' + # prefix = 'quad9-' + + ### Another example source, with resolvers censoring some websites not appropriate for children + ### This is a subset of the `public-resolvers` list, so enabling both is useless. + + # [sources.parental-control] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md'] + # cache_file = 'parental-control.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret + + + +######################################### +# Servers with known bugs # +######################################### + +[broken_implementations] + +## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't +## truncate responses larger than questions as expected by the DNSCrypt protocol. +## This prevents large responses from being received over UDP and over relays. +## +## Older versions of the `dnsdist` server software had a bug with queries larger +## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but +## some server may still run an outdated version. +## +## The list below enables workarounds to make non-relayed usage more reliable +## until the servers are fixed. + +fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6'] + + + +################################################################# +# Certificate-based client authentication for DoH # +################################################################# + +## Use a X509 certificate to authenticate yourself when connecting to DoH servers. +## This is only useful if you are operating your own, private DoH server(s). +## 'creds' maps servers to certificates, and supports multiple entries. +## If you are not using the standard root CA, an optional "root_ca" +## property set to the path to a root CRT file can be added to a server entry. + +[doh_client_x509_auth] + +# creds = [ +# { server_name='*', client_cert='client.crt', client_key='client.key' } #pragma: allowlist secret +# ] + + + +################################ +# Anonymized DNS # +################################ + +[anonymized_dns] + +## Routes are indirect ways to reach DNSCrypt servers. +## +## A route maps a server name ("server_name") to one or more relays that will be +## used to connect to that server. +## +## A relay can be specified as a DNS Stamp (either a relay stamp, or a +## DNSCrypt stamp) or a server name. +## +## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`, +## and "example-server-2" via the relay whose relay DNS stamp is +## "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". +## +## !!! THESE ARE JUST EXAMPLES !!! +## +## Review the list of available relays from the "relays.md" file, and, for each +## server you want to use, define the relays you want connections to go through. +## +## Carefully choose relays and servers so that they are run by different entities. +## +## "server_name" can also be set to "*" to define a default route, for all servers: +## { server_name='*', via=['anon-example-1', 'anon-example-2'] } +## +## If a route is ["*"], the proxy automatically picks a relay on a distinct network. +## { server_name='*', via=['*'] } is also an option, but is likely to be suboptimal. +## +## Manual selection is always recommended over automatic selection, so that you can +## select (relay,server) pairs that work well and fit your own criteria (close by or +## in different countries, operated by different entities, on distinct ISPs...) + +# routes = [ +# { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] }, +# { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] } +# ] + + +## Skip resolvers incompatible with anonymization instead of using them directly + +skip_incompatible = false + + +## If public server certificates for a non-conformant server cannot be +## retrieved via a relay, try getting them directly. Actual queries +## will then always go through relays. + +# direct_cert_fallback = false + + + +############################### +# DNS64 # +############################### + +## DNS64 is a mechanism for synthesizing AAAA records from A records. +## It is used with an IPv6/IPv4 translator to enable client-server +## communication between an IPv6-only client and an IPv4-only server, +## without requiring any changes to either the IPv6 or the IPv4 node, +## for the class of applications that work through NATs. +## +## There are two options to synthesize such records: +## Option 1: Using a set of static IPv6 prefixes; +## Option 2: By discovering the IPv6 prefix from DNS64-enabled resolver. +## +## If both options are configured - only static prefixes are used. +## (Ref. RFC6147, RFC6052, RFC7050) +## +## Do not enable unless you know what DNS64 is and why you need it, or else +## you won't be able to connect to anything at all. + +[dns64] + +## Static prefix(es) as Pref64::/n CIDRs + +# prefix = ['64:ff9b::/96'] + +## DNS64-enabled resolver(s) to discover Pref64::/n CIDRs +## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only. +## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96). +## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only. + +# resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53'] + + + +######################################## +# Static entries # +######################################## + +## Optional, local, static list of additional servers +## Mostly useful for testing your own servers. + +[static] + + # [static.myserver] + # stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg' diff --git a/irssi/config b/irssi/config index 8914e06..a05f05b 100644 --- a/irssi/config +++ b/irssi/config @@ -3,19 +3,16 @@ # https://www.oftc.net/NickServ/CertFP/ servers = ( { - address = "irc.gitter.im"; - chatnet = "gitter"; - port = "6697"; - password = ""; - use_tls = "yes"; - tls_verify = "yes"; + address = "irc.probably.loki"; + chatnet = "PROBABLY_LOKI"; + port = "6667"; autoconnect = "yes"; }, { - address = "192.99.102.52"; - chatnet = "FRRouting.slack.com"; - port = "6667"; - password = ""; + address = "kfswfco7mfb38dj7hsm4b8gs13ppjnog886y8zcgzno4jt16cepy.loki"; + chatnet = "BonoboNET_LOKI"; + port = "6697"; + tls_cert = "~/.irssi/certs/nick.pem"; use_tls = "yes"; tls_verify = "no"; autoconnect = "yes"; @@ -29,20 +26,32 @@ servers = ( # tls_verify = "yes"; # autoconnect = "no"; # }, + # { + # address = "192.168.1.109"; + # port = "6667"; + # chatnet = "bitlbee"; + # autoconnect = "no"; + # }, { - address = "192.168.1.109"; - port = "6667"; - chatnet = "bitlbee"; + address = "192.168.1.214"; + port = "8667"; + chatnet = "bitlbee_local"; autoconnect = "yes"; }, { address = "192.168.1.214"; - port = "8667"; - chatnet = "bitlbee_r"; + port = "8668"; + chatnet = "matterircd"; autoconnect = "no"; - use_tls = "no"; }, # { + # address = "192.168.1.214"; + # port = "8667"; + # chatnet = "bitlbee_r"; + # autoconnect = "no"; + # use_tls = "no"; + # }, + # { # address = "irc.libera.chat"; # chatnet = "LiberaChat"; # port = "6697"; @@ -60,9 +69,18 @@ servers = ( # tls_verify = "yes"; # autoconnect = "no"; # }, + # { + # address = "ssl.ircnet.io"; + # chatnet = "IRCNet"; + # port = "6697"; + # use_tls = "yes"; + # tls_cert = "~/.irssi/certs/nick.pem"; + # tls_verify = "yes"; + # autoconnect = "yes"; + # }, { - address = "ssl.ircnet.io"; - chatnet = "IRCNet"; + address = "irc.terminaldweller.com"; + chatnet = "devinet"; port = "6697"; use_tls = "yes"; tls_cert = "~/.irssi/certs/nick.pem"; @@ -71,9 +89,29 @@ servers = ( }, { address = "185.130.45.46"; + chatnet = "IRCNet_ZNC"; + port = "1025"; + password = "terminaldweller/IRCNET:network";# pragma: allowlist secret + use_tls = "yes"; + tls_cert = "~/.irssi/certs/nick.pem"; + tls_verify = "no"; + autoconnect = "yes"; + }, + # { + # address = "185.130.45.46"; + # chatnet = "BonoboNET_LOKI_ZNC"; + # port = "1025"; + # password = "terminaldweller/Bonobonet_Loki:network";# pragma: allowlist secret + # tls_cert = "~/.irssi/certs/nick.pem"; + # use_tls = "yes"; + # tls_verify = "no"; + # autoconnect = "yes"; + # }, + { + address = "185.130.45.46"; chatnet = "Libera-ZNC"; port = "1025"; - password = "terminaldweller/Liberachat:"; # pragma: allowlist secret + password = "terminaldweller/Liberachat:lama";# pragma: allowlist secret use_tls = "yes"; tls_cert = "~/.irssi/certs/nick.pem"; tls_verify = "no"; @@ -83,7 +121,7 @@ servers = ( address = "185.130.45.46"; chatnet = "OFTC-ZNC"; port = "1025"; - password = "terminaldweller/OFTC:network"; # pragma: allowlist secret + password = "terminaldweller/OFTC:network";# pragma: allowlist secret use_tls = "yes"; tls_cert = "~/.irssi/certs/nick.pem"; tls_verify = "no"; @@ -93,7 +131,7 @@ servers = ( address = "185.130.45.46"; chatnet = "Rizon-ZNC"; port = "1025"; - password = "terminaldweller/Rizon:network"; # pragma: allowlist secret + password = "terminaldweller/Rizon:network";# pragma: allowlist secret use_tls = "yes"; tls_cert = "~/.irssi/certs/nick.pem"; tls_verify = "no"; @@ -103,49 +141,89 @@ servers = ( address = "185.130.45.46"; chatnet = "Undernet-ZNC"; port = "1025"; - password = "terminaldweller/undernet:network"; # pragma: allowlist secret + password = "terminaldweller/undernet:network";# pragma: allowlist secret use_tls = "yes"; tls_cert = "~/.irssi/certs/nick.pem"; tls_verify = "no"; autoconnect = "yes"; }, + # { + # address = "efnet.port80.se"; + # chatnet = "EFnet"; + # port = "6697"; + # use_tls = "yes"; + # tls_verify = "no"; + # autoconnect = "yes"; + # }, { - address = "efnet.port80.se"; - chatnet = "EFnet"; - port = "6697"; + address = "185.130.45.46"; + chatnet = "EFnet_ZNC"; + port = "1025"; + password = "terminaldweller/EFNET:locolobo";# pragma: allowlist secret use_tls = "yes"; + tls_cert = "~/.irssi/certs/nick.pem"; tls_verify = "no"; autoconnect = "yes"; }, + # { + # address = "irc.dal.net"; + # chatnet = "DALnet"; + # port = "6697"; + # use_tls = "yes"; + # tls_verify = "yes"; + # autoconnect = "yes"; + # }, { - address = "irc.dal.net"; - chatnet = "DALnet"; - port = "6697"; + address = "185.130.45.46"; + chatnet = "DALnet_ZNC"; + port = "1025"; + password = "terminaldweller/DALNET:netwqkkk";# pragma: allowlist secret use_tls = "yes"; - tls_verify = "yes"; + tls_cert = "~/.irssi/certs/nick.pem"; + tls_verify = "no"; autoconnect = "yes"; }, { address = "185.130.45.46"; chatnet = "TildeChat_ZNC"; port = "1025"; - password = "terminaldweller/Tilde_Chat:network"; # pragma: allowlist secret + password = "terminaldweller/Tilde_Chat:network";# pragma: allowlist secret tls_cert = "~/.irssi/certs/nick.pem"; use_tls = "yes"; tls_verify = "no"; autoconnect = "yes"; + }, + { + address = "192.168.1.214"; + chatnet = "I2P_ILITIA"; + port = "9068"; + use_tls = "no"; + tls_verify = "no"; + autoconnect = "no"; + }, + { + address = "192.168.1.214"; + chatnet = "I2P_POSTMAN"; + port = "9069"; + use_tls = "no"; + tls_verify = "no"; + autoconnect = "no"; } ); chatnets = { - OFTC = { - type = "IRC"; - nick = "terminaldweller"; - autosendcmd = "/^msg nickserv set cloak on;wait 3000"; - max_kicks = "1"; - max_msgs = "1"; - max_whois = "1"; - }; + I2P_ILITIA = { type = "IRC"; nick = "useruseR"; }; + I2P_POSTMAN = { type = "IRC"; nick = "useruseR"; }; + PROBABLY_LOKI = { type = "IRC"; nick = "terminaldweller"; }; + BonoboNET_LOKI = { type = "IRC"; nick = "terminaldweller"; }; + # OFTC = { + # type = "IRC"; + # nick = "terminaldweller"; + # autosendcmd = "/^msg nickserv set cloak on;wait 3000"; + # max_kicks = "1"; + # max_msgs = "1"; + # max_whois = "1"; + # }; "OFTC-ZNC" = { type = "IRC"; nick = "terminaldweller"; @@ -154,14 +232,21 @@ chatnets = { max_msgs = "1"; max_whois = "1"; }; - gitter = { type = "IRC"; nick = "terminaldweller"; }; - "app.slack.com" = { type = "IRC"; nick = "terminaldweller"; }; - "FRRouting.slack.com" = { type = "IRC"; }; - bitlbee = { + # gitter = { type = "IRC"; nick = "terminaldweller"; }; + # "app.slack.com" = { type = "IRC"; nick = "terminaldweller"; }; + # "FRRouting.slack.com" = { type = "IRC"; }; + # "magmacore.slack.com" = { type = "IRC"; nick = "farzad sadeghi";}; + # "frrouting_slack_irslackd" = { type = "IRC"; nick = "farzad sadeghi";}; + # "magmacore_slack_irslackd" = { type = "IRC"; nick = "farzad sadeghi";}; + # bitlbee = { + # autosendcmd = "/^msg &bitlbee identify gorgoroth;wait 3000"; + # type = "IRC"; + # }; + bitlbee_local = { autosendcmd = "/^msg &bitlbee identify gorgoroth;wait 3000"; type = "IRC"; }; - LiberaChat = { type = "IRC"; sasl_mechanism = "EXTERNAL"; }; + # LiberaChat = { type = "IRC"; sasl_mechanism = "EXTERNAL"; }; "Libera-ZNC" = { type = "IRC"; autosendcmd = "/^mode terminaldweller +g;wait 3000"; @@ -172,21 +257,28 @@ chatnets = { # }; "Rizon-ZNC" = { type = "IRC"; - autosendcmd = "/^mode terminaldweller +RCGpx;wait 3000"; + autosendcmd = "/^mode terminaldweller +RCGpx;msg hostserv on;wait 3000"; }; - IRCNet = { type = "IRC"; }; + IRCNet_ZNC = { type = "IRC"; }; "Undernet-ZNC" = { type = "IRC"; nick = "terminaldwel"; - autosendcmd = "/^mode termi +ix;msg *status traffic;wait 3000"; + autosendcmd = "/^mode terminaldwel +ix;msg *status traffic;wait 3000"; + }; + EFnet_ZNC = { type = "IRC"; nick = "termi";}; + DALnet_ZNC = { + type = "IRC"; + nick = "terminaldweller"; + autosendcmd = "/^msg nickserv@services.dal.net identify ;mode terminaldweller HRCi;wait 3000"; }; - EFnet = { type = "IRC"; }; - DALnet = { + TildeChat_ZNC = { type = "IRC"; }; + devinet = { type = "IRC"; nick = "terminaldweller"; - autosendcmd = "/^msg nickserv@services.dal.net identify identify;mode terminaldweller HCi;wait 3000"; + # autosendcmd = "/^msg nickserv identify terminaldweller;wait 3000;"; + sasl_mechanism = "EXTERNAL"; + sasl_username = "terminaldweller"; }; - bitlbee_r = { type = "IRC"; }; }; channels = ( @@ -200,19 +292,46 @@ channels = ( { name = "#debian"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, # { name = "#virt"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, { name = "#openwrt"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, - { name = "#selfhosting"; chatnet = "TildeChat_ZNC"; autojoin = "yes"; }, + { + name = "#selfhosting"; + chatnet = "TildeChat_ZNC"; + autojoin = "yes"; + }, { name = "#tor"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, { name = "#llvm"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, - { name = "##terminaldweller"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, + { name = "#bitlbee"; chatnet = "OFTC-ZNC"; autojoin = "yes"; }, + { + name = "##terminaldweller"; + chatnet = "OFTC-ZNC"; + autojoin = "yes"; + }, # { name = "#openssh"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, # { name = "#gdb"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#openbsd"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#lobsters"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#gnupg"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#znc"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, + { name = "#qutebrowser"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, + { name = "#lokinet"; chatnet = "PROBABLY_LOKI"; autojoin = "yes"; }, + { name = "#general"; chatnet = "PROBABLY_LOKI"; autojoin = "yes"; }, + { name = "#crxn"; chatnet = "BonoboNET_LOKI"; autojoin = "yes"; }, + { + name = "#networking"; + chatnet = "BonoboNET_LOKI"; + autojoin = "yes"; + }, + { + name = "#general"; + chatnet = "BonoboNET_LOKI"; + autojoin = "yes"; + }, { name = "#go-nuts"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#opennic"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, - { name = "##terminaldweller"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, + { + name = "##terminaldweller"; + chatnet = "Libera-ZNC"; + autojoin = "yes"; + }, { name = "#voidlinux"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#CataclysmDDA"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#security"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, @@ -222,6 +341,8 @@ channels = ( { name = "#vim"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#git"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#neomutt"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, + { name = "##posix"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, + { name = "#lua"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#busybox"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, # { name = "#shadow"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#freebsd"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, @@ -230,9 +351,13 @@ channels = ( { name = "#bookz"; chatnet = "Undernet-ZNC"; autojoin = "yes"; }, { name = "#postgresql"; chatnet = "Libera-ZNC"; autojoin = "yes"; }, { name = "#news"; chatnet = "Rizon-ZNC"; autojoin = "yes"; }, - { name = "##terminaldweller"; chatnet = "Rizon-ZNC"; autojoin = "yes"; }, - { name = "#irc"; chatnet = "IRCNet"; autojoin = "yes"; }, - { name = "#supersonic"; chatnet = "DALNet"; autojoin = "yes"; }, + { + name = "##terminaldweller"; + chatnet = "Rizon-ZNC"; + autojoin = "yes"; + }, + { name = "#irc"; chatnet = "IRCNet_ZNC"; autojoin = "yes"; }, + { name = "#supersonic"; chatnet = "DALnet_ZNC"; autojoin = "yes"; }, # { name = "#kvm"; chatnet = "Libera-ZNC"; autojoin = "yes"; } ); @@ -457,22 +582,28 @@ statusbar = { barend = { priority = "100"; alignment = "right"; }; }; }; + awl_5 = { + items = { + barstart = { priority = "100"; }; + awl_5 = { }; + barend = { priority = "100"; alignment = "right"; }; + }; + }; }; }; settings = { - misc = { - split_line_end = "↪"; - } + misc = { split_line_end = "↪"; }; core = { real_name = "john doe"; user_name = "devi"; nick = "terminaldweller"; - use_proxy = "no"; - proxy_address = "127.0.0.1"; - proxy_port = "9050"; - proxy_string = "CONNECT %s:%d HTTP/1.0\012\012"; - proxy_string_after = "conn %s %d"; - proxy_password = ""; + # use_proxy = "no"; + # proxy_address = "127.0.0.1"; + # proxy_port = "9050"; + # proxy_string = "CONNECT %s:%d HTTP/1.0\012\012"; + # proxy_string_after = "conn %s %d"; + # proxy_password = ""; + # recode_transliterate = "no"; }; "fe-common/core" = { theme = "solarized-powerline"; @@ -482,7 +613,12 @@ settings = { emphasis_replace = "no"; show_names_on_join = "no"; }; - "fe-text" = { actlist_sort = "refnum"; }; + "fe-text" = { + actlist_sort = "refnum"; + # scrollback_lines = "1000"; + # scrollback_time = "3days"; + # scrollback_max_age = "0"; + }; "perl/core/scripts" = { # adv_windowlist.pl awl_block = "-20"; @@ -537,6 +673,13 @@ settings = { # bitlbee_typing_notice bitlbee_send_typing = "0"; bitlbee_typing_allwin = "1"; + # leodict + leodict_default_options = "-en -both"; + leodict_paste_max_translations = "2"; + leodict_paste_beautify = "1"; + leodict_http_proxy_address = "192.168.1.214"; + leodict_http_proxy_port = "9054"; + leodict_http_proxy_type = "socks"; }; "irc/dcc" = { dcc_download_path = "~/.irssi/downloads/"; @@ -568,8 +711,7 @@ keyboard = ( { key = "meta-m"; id = "change_window"; data = "37"; }, { key = "meta-,"; id = "change_window"; data = "38"; }, { key = "meta-."; id = "change_window"; data = "39"; }, - { key = "meta-/"; id = "change_window"; data = "40"; } - { key = "meta-meta2-1"; id = "change_window"; data = "41"; } + { key = "meta-/"; id = "change_window"; data = "40"; }, ); ignores = ( { level = "JOINS PARTS QUITS NICKS"; channels = ( "#docker" ); }, @@ -624,15 +766,75 @@ ignores = ( { level = "JOINS PARTS QUITS NICKS"; channels = ( "#forgefed" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#lobsters" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#s6" ); }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "#lua" ); }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "#networking" ); }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "##posix" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#postgresql" ); }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "#crxn" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#meta" ); }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "#python" ); }, + { + level = "JOINS PARTS QUITS NICKS"; + channels = ( "#qutebrowser" ); + }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "#lokinet" ); }, + { level = "JOINS PARTS QUITS NICKS"; channels = ( "#bitlbee" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#gemini" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#llvm" ); }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#opennic" ); }, - { level = "JOINS PARTS QUITS NICKS"; channels = ( "#selfhosting" ); }, + { + level = "JOINS PARTS QUITS NICKS"; + channels = ( "#selfhosting" ); + }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#irc" ); }, { level = "CTCPS"; }, { level = "JOINS PARTS QUITS NICKS"; channels = ( "#zsh" ); } ); Mogs = { }; logs = { }; +windows = { + 1 = { immortal = "yes"; name = "(status)"; level = "ALL"; }; + 2 = { + immortal = "yes"; + name = "(notices)"; + level = "MSGS NOTICES SNOTES WALLOPS INVITES"; + }; + 3 = { + items = ( + { + type = "CHANNEL"; + chat_type = "IRC"; + name = "&bitlbee"; + tag = "bitlbee_local"; + } + ); + }; + 4 = { + items = ( + { + type = "CHANNEL"; + chat_type = "IRC"; + name = "#general"; + tag = "BonoboNET_LOKI"; + } + ); + }; + 5 = { + items = ( + { + type = "QUERY"; + chat_type = "IRC"; + name = "*status"; + tag = "Undernet-ZNC"; + } + ); + }; +}; +mainwindows = { + 3 = { + first_line = "1"; + lines = "47"; + first_column = "0"; + columns = "212"; + }; +}; diff --git a/irssi/solarized-powerline.theme b/irssi/solarized-powerline.theme index 37b0b3f..7a3772e 100644 --- a/irssi/solarized-powerline.theme +++ b/irssi/solarized-powerline.theme @@ -403,7 +403,7 @@ formats = { daychange = " %g-----%k-%W-%n Day changed to %%D %W-%k-%g-----%n"; join = "%k%z00af5fJOIN %8 {ichannelhilight $2} %0%Z00d700%0 {inick $0}%0 %N {chanhost_hilight $1}"; line_start_irssi = "%k%z5f5fd7IRSSI%N%Z5f5fd7 %N"; - new_topic = "%k%z00d700TOPIC %8 {ichannelhilight $1} %wby {inick $0}%Z005f87%N  $2"; + new_topic = "%k%z00d700TOPIC %8 {ichannelhilight $1} %wby {inick $0} %N%9%Z5f5fd7  $2"; nick_changed = "%k%z00d700RENAME %Z00d700%0 %k%z005f87{nick $0} %Zff8700 {nick $1}%Z005f87%0%N"; part = "%K%Z00d700%k%z00d700PART %8 {ichannelhilight $2}%N %0%Z005f87 %N{inick $0}%0 %Z005f87%Zeeeeee {reason $3}"; quit = "%0%Z005f00%k%z005f00QUIT %N {inick $0}%0 %Zeeeeee %N%n%k%N {reason $2}"; @@ -17,7 +17,7 @@ ) -------------------------------------------------------------------------- |# (defcfg - input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-event-kbd") + input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-if01-event-kbd") output (uinput-sink "KMonad output") cmp-seq lalt @@ -57,3 +57,13 @@ https://magma.lavafeld.org/guide/osint-sources.html#looking-glasses echo "" | GPG_TTY=$(tty) gpg2 --pinentry-mode loopback -a --default-key A6A0F5158B3881DF --detach-sig echo 0 > /proc/sys/vm/compaction_proactiveness browser.fixup.domainsuffixwhitelist.loki +https://www.remlab.net/miredo/ +https://ftp.mozilla.org/ +https://metacode.biz/openpgp/web-key-directory +dpmx +https://malltina.com/product/mlt-1675290 +https://grandvape.shop/ +https://artemislena.eu/ +https://gtmetrix.com/analyze.html +adb shell settings put global http_proxy 192.168.1.214:8118 +https://open.spotify.com/show/2Mu5dTlsG1vRE25twu1P2l diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index cbc9377..3c860ae 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -33,5 +33,5 @@ volumes: mnesia_db: vault: # openssl dhparam -out dhparams.pem 4096 -# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive +# certbot certonly --standalone -d chat.terminaldweller.com --email devi@terminaldweller.com --agree-tos --noninteractive --dry-run # docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password diff --git a/terminaldweller.com/gemini/index.gmi b/terminaldweller.com/gemini/index.gmi index 625c86c..dae8a76 100644 --- a/terminaldweller.com/gemini/index.gmi +++ b/terminaldweller.com/gemini/index.gmi @@ -17,10 +17,11 @@ I manually upload my PGP key to https://keys.openpgp.org and https://pgp.mit.edu SSH FP: SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4 - github [10], gitlab [11], codeberg [12], self-hosted [13] IRC: -Libera [14] : terminaldweller FP:FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F -OFTC [15] : terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 -Rizon [16] : terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 -Tilde [17] : terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +Libera [14] : terminaldweller FP: FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F +OFTC [15] : terminaldweller FP: 1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +Rizon [16] : terminaldweller FP: 1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +Tilde [17] : terminaldweller FP: 1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +Bonobonet [18] : terminaldweller FP: 5e3bd8ab6f8c6f6a614d4b2245fd6b5737a6e59917c6719de62b55bac77b978c You can also find me on Libera, OFTC and Rizon in ##terminaldweller. XMPP: @@ -31,24 +32,31 @@ Email: (the order is significant) devi@terminaldweller.com thabogre@gmail.com +bloodstalker@zoho.com farzadsadeghi@protonmail.ch All emails have the ssh and pgp key fingerprints as signature. You can ask for one. +I sign all emails, unless I receive an encrypted email in which case, I will also encrypt the response. + +Matrix: +@devi:terminaldweller.com [19] +@terminaldweller:matrix.org [20] OpenID: https://launchpad.net/~terminaldweller Git: -Github: terminaldweller [18] +github.com/terminaldweller [21] Mirrors: -git.terminaldweller.com [19] -codeberg.org/terminaldweller [20] -gitlab.com/terminaldweller [21] +git.terminaldweller.com [22] +codeberg.org/terminaldweller [23] +gitlab.com/terminaldweller [24] -Mastodon: @terminaldweller@terminaldweller.com [22] -If you cant find the handle then you need to log in. I'm not hosting my own mastodon instance. I'm just hosting my own webfinger. The actual handle is @terminaldweller@fosstodon.org [23] +Mastodon: +@devi@pleroma.terminaldweller.com [25] +@terminaldweller@fosstodon.com [26] -Blog: Blog [24] RSS [25] +Blog: Blog [27] RSS [28] -Linkedin [26] +Linkedin [29] Services: N/A @@ -66,15 +74,18 @@ Services: N/A => https://codeberg.org/terminaldweller.keys codeberg => keys/id_rsa_pub self-hosted => https://libera.chat Libera -=> https://oftc.net OFTC +=> https://oftc.net/ OFTC => https://rizon.net/ Rizon -=> https://tilde.chat Tilde -=> https://github.com/terminaldweller terminaldweller +=> https://tilde.chat/ Tilde +=> https://bnet.eu.org/ Bonobonet +=> https://matrix.to/#/@devi:terminaldweller.com @devi:terminaldweller.com +=> https://matrix.to/#/@terminaldweller:matrix.org @terminaldweller:matrix.org +=> https://github.com/terminaldweller github.com/terminaldweller => https://git.terminaldweller.com git.terminaldweller.com => https://codeberg.org/terminaldweller codeberg.org/terminaldweller => https://gitlab.com/terminaldweller gitlab.com/terminaldweller -=> https://fosstodon.org/@terminaldweller @terminaldweller@terminaldweller.com -=> https://fosstodon.org/@terminaldweller @terminaldweller@fosstodon.org +=> https://pleroma.terminaldweller.com/users/devi @devi@pleroma.terminaldweller.com +=> https://fosstodon.org/@terminaldweller @terminaldweller@fosstodon.com => https://blog.terminaldweller.com Blog => https://blog.terminaldweller.com/rss/feed RSS => https://www.linkedin.com/in/farzad-sadeghi/ Linkedin diff --git a/terminaldweller.com/ircd/docker-compose.yml b/terminaldweller.com/ircd/docker-compose.yml new file mode 100644 index 0000000..0292f2a --- /dev/null +++ b/terminaldweller.com/ircd/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3.8" + +services: + ergo: + image: ghcr.io/ergochat/ergo:stable + ports: + - "6697:6697/tcp" + volumes: + - ergodata:/ircd + - ./ircd.yaml:/ircd/ircd.yaml:ro + - /etc/letsencrypt/live/irc.terminaldweller.com/fullchain.pem:/etc/letsencrypt/live/irc.terminaldweller.com/fullchain.pem + - /etc/letsencrypt/live/irc.terminaldweller.com/privkey.pem:/etc/letsencrypt/live/irc.terminaldweller.com/privkey.pem + networks: + - ergonet + labels: + - traefik.enable=false +volumes: + ergodata: +networks: + ergonet: + traefiknet: + name: matrix_default + external: true diff --git a/terminaldweller.com/ircd/ircd.yaml b/terminaldweller.com/ircd/ircd.yaml new file mode 100644 index 0000000..987f0bb --- /dev/null +++ b/terminaldweller.com/ircd/ircd.yaml @@ -0,0 +1,1010 @@ +# This is the default config file for Ergo. +# It contains recommended defaults for all settings, including some behaviors +# that differ from conventional ircd+services setups. See traditional.yaml +# for a config with more "mainstream" behavior. +# +# If you are setting up a new Ergo server, you should copy this file +# to a new one named 'ircd.yaml', then look through the file to see which +# settings you want to customize. If you don't understand a setting, or +# aren't sure what behavior you want, most of the defaults are fine +# to start with (you can change them later, even on a running server). +# However, there are a few that you should probably change up front: +# 1. network.name (a human-readable name that identifies your network, +# no spaces or special characters) and server.name (consider using the +# domain name of your server) +# 2. if you have valid TLS certificates (for example, from letsencrypt.org), +# you should enable them in server.listeners in place of the default +# self-signed certificates +# 3. the operator password in the 'opers' section +# 4. by default, message history is enabled, using in-memory history storage +# and with messages expiring after 7 days. depending on your needs, you may +# want to disable history entirely, remove the expiration time, switch to +# persistent history stored in MySQL, or do something else entirely. See +# the 'history' section of the config. + +# network configuration +network: + # name of the network + name: devinet + +# server configuration +server: + # server name + name: irc.terminaldweller.com + + # addresses to listen on + listeners: + # The standard plaintext port for IRC is 6667. Allowing plaintext over the + # public Internet poses serious security and privacy issues. Accordingly, + # we recommend using plaintext only on local (loopback) interfaces: + # "127.0.0.1:6667": # (loopback ipv4, localhost-only) + # "[::1]:6667": # (loopback ipv6, localhost-only) + # If you need to serve plaintext on public interfaces, comment out the above + # two lines and uncomment the line below (which listens on all interfaces): + # ":6667": + # Alternately, if you have a TLS certificate issued by a recognized CA, + # you can configure port 6667 as an STS-only listener that only serves + # "redirects" to the TLS port, but doesn't allow chat. See the manual + # for details. + + # The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces: + ":6697": + # this is a standard TLS configuration with a single certificate; + # see the manual for instructions on how to configure SNI + tls: + cert: /etc/letsencrypt/live/irc.terminaldweller.com/fullchain.pem + key: /etc/letsencrypt/live/irc.terminaldweller.com/privkey.pem + # 'proxy' should typically be false. It's for cloud load balancers that + # always send a PROXY protocol header ahead of the connection. See the + # manual ("Reverse proxies") for more details. + proxy: false + # set the minimum TLS version: + min-tls-version: 1.3 + + # Example of a Unix domain socket for proxying: + # "/tmp/ergo_sock": + + # Example of a Tor listener: any connection that comes in on this listener will + # be considered a Tor connection. It is strongly recommended that this listener + # *not* be on a public interface --- it should be on 127.0.0.0/8 or unix domain: + # "/hidden_service_sockets/ergo_tor_sock": + # tor: true + + # Example of a WebSocket listener: + # ":8097": + # websocket: true + # tls: + # cert: fullchain.pem + # key: privkey.pem + + # sets the permissions for Unix listen sockets. on a typical Linux system, + # the default is 0775 or 0755, which prevents other users/groups from connecting + # to the socket. With 0777, it behaves like a normal TCP socket + # where anyone can connect. + unix-bind-mode: 0777 + + # configure the behavior of Tor listeners (ignored if you didn't enable any): + tor-listeners: + # if this is true, connections from Tor must authenticate with SASL + require-sasl: false + + # what hostname should be displayed for Tor connections? + vhost: "tor-network.onion" + + # allow at most this many connections at once (0 for no limit): + max-connections: 64 + + # connection throttling (limit how many connection attempts are allowed at once): + throttle-duration: 10m + # set to 0 to disable throttling: + max-connections-per-duration: 64 + + # strict transport security, to get clients to automagically use TLS + sts: + # whether to advertise STS + # + # to stop advertising STS, leave this enabled and set 'duration' below to "0". this will + # advertise to connecting users that the STS policy they have saved is no longer valid + enabled: true + + # how long clients should be forced to use TLS for. + # setting this to a too-long time will mean bad things if you later remove your TLS. + # the default duration below is 1 month, 2 days and 5 minutes. + duration: 1mo2d5m + + # tls port - you should be listening on this port above + port: 6697 + + # should clients include this STS policy when they ship their inbuilt preload lists? + preload: false + + websockets: + # Restrict the origin of WebSocket connections by matching the "Origin" HTTP + # header. This setting causes ergo to reject websocket connections unless + # they originate from a page on one of the whitelisted websites in this list. + # This prevents malicious websites from making their visitors connect to your + # ergo instance without their knowledge. An empty list means there are no + # restrictions. + allowed-origins: + # - "https://ergo.chat" + # - "https://*.ergo.chat" + + # casemapping controls what kinds of strings are permitted as identifiers (nicknames, + # channel names, account names, etc.), and how they are normalized for case. + # the recommended default is 'ascii' (traditional ASCII-only identifiers). + # the other options are 'precis', which allows UTF8 identifiers that are "sane" + # (according to UFC 8265), with additional mitigations for homoglyph attacks, + # and 'permissive', which allows identifiers containing unusual characters like + # emoji, at the cost of increased vulnerability to homoglyph attacks and potential + # client compatibility problems. we recommend leaving this value at its default; + # however, note that changing it once the network is already up and running is + # problematic. + casemapping: "ascii" + + # enforce-utf8 controls whether the server will preemptively discard non-UTF8 + # messages (since they cannot be relayed to websocket clients), or will allow + # them and relay them to non-websocket clients (as in traditional IRC). + enforce-utf8: true + + # whether to look up user hostnames with reverse DNS. there are 3 possibilities: + # 1. lookup-hostnames enabled, IP cloaking disabled; users will see each other's hostnames + # 2. lookup-hostnames disabled, IP cloaking disabled; users will see each other's numeric IPs + # 3. [the default] IP cloaking enabled; users will see cloaked hostnames + lookup-hostnames: false + # whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for + # any hostname returned from reverse DNS, resolve it back to an IP address and reject it + # unless it matches the connecting IP + forward-confirm-hostnames: true + + # use ident protocol to get usernames + check-ident: false + + # ignore the supplied user/ident string from the USER command, always setting user/ident + # to the following literal value; this can potentially reduce confusion and simplify bans. + # the value must begin with a '~' character. comment out / omit to disable: + coerce-ident: '~u' + + # 'password' allows you to require a global, shared password (the IRC `PASS` command) + # to connect to the server. for operator passwords, see the `opers` section of the + # config. for a more secure way to create a private server, see the `require-sasl` + # section. you must hash the password with `ergo genpasswd`, then enter the hash here: + #password: "" #pragma: allowlist secret + + # motd filename + # if you change the motd, you should move it to ircd.motd + motd: ergo.motd + + # motd formatting codes + # if this is true, the motd is escaped using formatting codes like $c, $b, and $i + motd-formatting: true + + # relaying using the RELAYMSG command + relaymsg: + # is relaymsg enabled at all? + enabled: true + + # which character(s) are reserved for relayed nicks? + separators: "/" + + # can channel operators use RELAYMSG in their channels? + # our implementation of RELAYMSG makes it safe for chanops to use without the + # possibility of real users being silently spoofed + available-to-chanops: true + + # IPs/CIDRs the PROXY command can be used from + # This should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets). + # Unless you have a good reason. you should also add these addresses to the + # connection limits and throttling exemption lists. + proxy-allowed-from: + - localhost + # - "192.168.1.1" + # - "192.168.10.1/24" + + # controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar) + webirc: + # one webirc block -- should correspond to one set of gateways + - + # SHA-256 fingerprint of the TLS certificate the gateway must use to connect + # (comment this out to use passwords only) + certfp: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789" #pragma: allowlist secret + + # password the gateway uses to connect, made with `ergo genpasswd` + password: "" # pragma: allowlist secret + + # IPs/CIDRs that can use this webirc command + # you should also add these addresses to the connection limits and throttling exemption lists + hosts: + - localhost + # - "192.168.1.1" + # - "192.168.10.1/24" + + # maximum length of clients' sendQ in bytes + # this should be big enough to hold bursts of channel/direct messages + max-sendq: 96k + + # compatibility with legacy clients + compatibility: + # many clients require that the final parameter of certain messages be an + # RFC1459 trailing parameter, i.e., prefixed with :, whether or not this is + # actually required. this forces Ergo to send those parameters + # as trailings. this is recommended unless you're testing clients for conformance; + # defaults to true when unset for that reason. + force-trailing: true + + # some clients (ZNC 1.6.x and lower, Pidgin 2.12 and lower) do not + # respond correctly to SASL messages with the server name as a prefix: + # https://github.com/znc/znc/issues/1212 + # this works around that bug, allowing them to use SASL. + send-unprefixed-sasl: true + + # traditionally, IRC servers will truncate and send messages that are + # too long to be relayed intact. this behavior can be disabled by setting + # allow-truncation to false, in which case Ergo will reject the message + # and return an error to the client. (note that this option defaults to true + # when unset.) + allow-truncation: false + + # IP-based DoS protection + ip-limits: + # whether to limit the total number of concurrent connections per IP/CIDR + count: true + # maximum concurrent connections per IP/CIDR + max-concurrent-connections: 16 + + # whether to restrict the rate of new connections per IP/CIDR + throttle: true + # how long to keep track of connections for + window: 10m + # maximum number of new connections per IP/CIDR within the given duration + max-connections-per-window: 32 + + # how wide the CIDR should be for IPv4 (a /32 is a fully specified IPv4 address) + cidr-len-ipv4: 32 + # how wide the CIDR should be for IPv6 (a /64 is the typical prefix assigned + # by an ISP to an individual customer for their LAN) + cidr-len-ipv6: 64 + + # IPs/networks which are exempted from connection limits + exempted: + - "localhost" + # - "192.168.1.1" + # - "2001:0db8::/32" + + # custom connection limits for certain IPs/networks. + custom-limits: + #"irccloud": + # nets: + # - "192.184.9.108" # highgate.irccloud.com + # - "192.184.9.110" # ealing.irccloud.com + # - "192.184.9.112" # charlton.irccloud.com + # - "192.184.10.118" # brockwell.irccloud.com + # - "192.184.10.9" # tooting.irccloud.com + # - "192.184.8.73" # hathersage.irccloud.com + # - "192.184.8.103" # stonehaven.irccloud.com + # - "5.254.36.57" # tinside.irccloud.com + # - "5.254.36.56/29" # additional ipv4 net + # - "2001:67c:2f08::/48" + # - "2a03:5180:f::/64" + # max-concurrent-connections: 2048 + # max-connections-per-window: 2048 + + # pluggable IP ban mechanism, via subprocess invocation + # this can be used to check new connections against a DNSBL, for example + # see the manual for details on how to write an IP ban checking script + ip-check-script: + enabled: false + command: "/usr/local/bin/check-ip-ban" + # constant list of args to pass to the command; the actual query + # and result are transmitted over stdin/stdout: + args: [] + # timeout for process execution, after which we send a SIGTERM: + timeout: 9s + # how long after the SIGTERM before we follow up with a SIGKILL: + kill-timeout: 1s + # how many scripts are allowed to run at once? 0 for no limit: + max-concurrency: 64 + # if true, only check anonymous connections (not logged into an account) + # at the very end of the handshake: + exempt-sasl: false + + # IP cloaking hides users' IP addresses from other users and from channel admins + # (but not from server admins), while still allowing channel admins to ban + # offending IP addresses or networks. In place of hostnames derived from reverse + # DNS, users see fake domain names like pwbs2ui4377257x8.irc. These names are + # generated deterministically from the underlying IP address, but if the underlying + # IP is not already known, it is infeasible to recover it from the cloaked name. + # If you disable this, you should probably enable lookup-hostnames in its place. + ip-cloaking: + # whether to enable IP cloaking + enabled: true + + # whether to use these cloak settings (specifically, `netname` and `num-bits`) + # to produce unique hostnames for always-on clients. you can enable this even if + # you disabled IP cloaking for normal clients above. if this is disabled, + # always-on clients will all have an identical hostname (the server name). + enabled-for-always-on: true + + # fake TLD at the end of the hostname, e.g., pwbs2ui4377257x8.irc + # you may want to use your network name here + netname: "irc" + + # the cloaked hostname is derived only from the CIDR (most significant bits + # of the IP address), up to a configurable number of bits. this is the + # granularity at which bans will take effect for IPv4. Note that changing + # this value will invalidate any stored bans. + cidr-len-ipv4: 32 + + # analogous granularity for IPv6 + cidr-len-ipv6: 64 + + # number of bits of hash output to include in the cloaked hostname. + # more bits means less likelihood of distinct IPs colliding, + # at the cost of a longer cloaked hostname. if this value is set to 0, + # all users will receive simply `netname` as their cloaked hostname. + num-bits: 64 + + # secure-nets identifies IPs and CIDRs which are secure at layer 3, + # for example, because they are on a trusted internal LAN or a VPN. + # plaintext connections from these IPs and CIDRs will be considered + # secure (clients will receive the +Z mode and be allowed to resume + # or reattach to secure connections). note that loopback IPs are always + # considered secure: + secure-nets: + # - "10.0.0.0/8" + + # Ergo will write files to disk under certain circumstances, e.g., + # CPU profiling or data export. by default, these files will be written + # to the working directory. set this to customize: + #output-path: "/home/ergo/out" + + # the hostname used by "services", e.g., NickServ, defaults to "localhost", + # e.g., `NickServ!NickServ@localhost`. uncomment this to override: + #override-services-hostname: "example.network" + + # in a "closed-loop" system where you control the server and all the clients, + # you may want to increase the maximum (non-tag) length of an IRC line from + # the default value of 512. DO NOT change this on a public server: + # max-line-len: 512 + + # send all 0's as the LUSERS (user counts) output to non-operators; potentially useful + # if you don't want to publicize how popular the server is + suppress-lusers: false + +# account options +accounts: + # is account authentication enabled, i.e., can users log into existing accounts? + authentication-enabled: true + + # account registration + registration: + # can users register new accounts for themselves? if this is false, operators with + # the `accreg` capability can still create accounts with `/NICKSERV SAREGISTER` + enabled: false + + # can users use the REGISTER command to register before fully connecting? + allow-before-connect: false + + # global throttle on new account creation + throttling: + enabled: true + # window + duration: 10m + # number of attempts allowed within the window + max-attempts: 30 + + # this is the bcrypt cost we'll use for account passwords + # (note that 4 is the lowest value allowed by the bcrypt library) + bcrypt-cost: 4 + + # length of time a user has to verify their account before it can be re-registered + verify-timeout: "32h" + + # options for email verification of account registrations + email-verification: + enabled: false + sender: "admin@my.network" + require-tls: true + helo-domain: "my.network" # defaults to server name if unset + # options to enable DKIM signing of outgoing emails (recommended, but + # requires creating a DNS entry for the public key): + # dkim: + # domain: "my.network" + # selector: "20200229" + # key-file: "dkim.pem" + # to use an MTA/smarthost instead of sending email directly: + # mta: + # server: localhost + # port: 25 + # username: "admin" + # password: "" # pragma: allowlist secret + # implicit-tls: false # TLS from the first byte, typically on port 465 + blacklist-regexes: + # - ".*@mailinator.com" + timeout: 60s + # email-based password reset: + password-reset: + enabled: false + # time before we allow resending the email + cooldown: 1h + # time for which a password reset code is valid + timeout: 1d + + # throttle account login attempts (to prevent either password guessing, or DoS + # attacks on the server aimed at forcing repeated expensive bcrypt computations) + login-throttling: + enabled: true + + # window + duration: 1m + + # number of attempts allowed within the window + max-attempts: 3 + + # some clients (notably Pidgin and Hexchat) offer only a single password field, + # which makes it impossible to specify a separate server password (for the PASS + # command) and SASL password. if this option is set to true, a client that + # successfully authenticates with SASL will not be required to send + # PASS as well, so it can be configured to authenticate with SASL only. + skip-server-password: false + + # enable login to accounts via the PASS command, e.g., PASS account:password + # this is useful for compatibility with old clients that don't support SASL + login-via-pass-command: true + + # advertise the SCRAM-SHA-256 authentication method. set to false in case of + # compatibility issues with certain clients: + advertise-scram: true + + # require-sasl controls whether clients are required to have accounts + # (and sign into them using SASL) to connect to the server + require-sasl: + # if this is enabled, all clients must authenticate with SASL while connecting. + # WARNING: for a private server, you MUST set accounts.registration.enabled + # to false as well, in order to prevent non-administrators from registering + # accounts. + enabled: true + + # IPs/CIDRs which are exempted from the account requirement + exempted: + - "localhost" + # - '10.10.0.0/16' + + # nick-reservation controls how, and whether, nicknames are linked to accounts + nick-reservation: + # is there any enforcement of reserved nicknames? + enabled: true + + # how many nicknames, in addition to the account name, can be reserved? + # (note that additional nicks are unusable under force-nick-equals-account + # or if the client is always-on) + additional-nick-limit: 0 + + # method describes how nickname reservation is handled + # strict: users must already be logged in to their account (via + # SASL, PASS account:password, or /NickServ IDENTIFY) + # in order to use their reserved nickname(s) + # optional: no enforcement by default, but allow users to opt in to + # the enforcement level of their choice + method: strict + + # allow users to set their own nickname enforcement status, e.g., + # to opt out of strict enforcement + allow-custom-enforcement: false + + # format for guest nicknames: + # 1. these nicknames cannot be registered or reserved + # 2. if a client is automatically renamed by the server, + # this is the template that will be used (e.g., Guest-nccj6rgmt97cg) + # 3. if enforce-guest-format (see below) is enabled, clients without + # a registered account will have this template applied to their + # nicknames (e.g., 'katie' will become 'Guest-katie') + guest-nickname-format: "Guest-*" + + # when enabled, forces users not logged into an account to use + # a nickname matching the guest template. a caveat: this may prevent + # users from choosing nicknames in scripts different from the guest + # nickname format. + force-guest-format: false + + # when enabled, forces users logged into an account to use the + # account name as their nickname. when combined with strict nickname + # enforcement, this lets users treat nicknames and account names + # as equivalent for the purpose of ban/invite/exception lists. + force-nick-equals-account: true + + # parallel setting to force-nick-equals-account: if true, this forbids + # anonymous users (i.e., users not logged into an account) to change their + # nickname after the initial connection is complete + forbid-anonymous-nick-changes: false + + # multiclient controls whether Ergo allows multiple connections to + # attach to the same client/nickname identity; this is part of the + # functionality traditionally provided by a bouncer like ZNC + multiclient: + # when disabled, each connection must use a separate nickname (as is the + # typical behavior of IRC servers). when enabled, a new connection that + # has authenticated with SASL can associate itself with an existing + # client + enabled: true + + # if this is disabled, clients have to opt in to bouncer functionality + # using nickserv or the cap system. if it's enabled, they can opt out + # via nickserv + allowed-by-default: true + + # whether to allow clients that remain on the server even + # when they have no active connections. The possible values are: + # "disabled", "opt-in", "opt-out", or "mandatory". + always-on: "opt-in" + + # whether to mark always-on clients away when they have no active connections: + auto-away: "opt-in" + + # QUIT always-on clients from the server if they go this long without connecting + # (use 0 or omit for no expiration): + #always-on-expiration: 90d + + # vhosts controls the assignment of vhosts (strings displayed in place of the user's + # hostname/IP) by the HostServ service + vhosts: + # are vhosts enabled at all? + enabled: true + + # maximum length of a vhost + max-length: 64 + + # regexp for testing the validity of a vhost + # (make sure any changes you make here are RFC-compliant) + valid-regexp: '^[0-9A-Za-z.\-_/]+$' + + # modes that are set by default when a user connects + # if unset, no user modes will be set by default + # +i is invisible (a user's channels are hidden from whois replies) + # see /QUOTE HELP umodes for more user modes + default-user-modes: +i + + # pluggable authentication mechanism, via subprocess invocation + # see the manual for details on how to write an authentication plugin script + auth-script: + enabled: false + command: "/usr/local/bin/authenticate-irc-user" + # constant list of args to pass to the command; the actual authentication + # data is transmitted over stdin/stdout: + args: [] + # should we automatically create users if the plugin returns success? + autocreate: true + # timeout for process execution, after which we send a SIGTERM: + timeout: 9s + # how long after the SIGTERM before we follow up with a SIGKILL: + kill-timeout: 1s + # how many scripts are allowed to run at once? 0 for no limit: + max-concurrency: 64 + +# channel options +channels: + # modes that are set when new channels are created + # +n is no-external-messages, +t is op-only-topic, + # +C is no CTCPs (besides ACTION) + # see /QUOTE HELP cmodes for more channel modes + default-modes: +ntC + + # how many channels can a client be in at once? + max-channels-per-client: 100 + + # if this is true, new channels can only be created by operators with the + # `chanreg` operator capability + operator-only-creation: false + + # channel registration - requires an account + registration: + # can users register new channels? + enabled: true + + # restrict new channel registrations to operators only? + # (operators can then transfer channels to regular users using /CS TRANSFER) + operator-only: false + + # how many channels can each account register? + max-channels-per-account: 15 + + # as a crude countermeasure against spambots, anonymous connections younger + # than this value will get an empty response to /LIST (a time period of 0 disables) + list-delay: 0s + + # INVITE to an invite-only channel expires after this amount of time + # (0 or omit for no expiration): + invite-expiration: 24h + +# operator classes: +# an operator has a single "class" (defining a privilege level), which can include +# multiple "capabilities" (defining privileged actions they can take). all +# currently available operator capabilities are associated with either the +# 'chat-moderator' class (less privileged) or the 'server-admin' class (full +# privileges) below: you can mix and match to create new classes. +oper-classes: + # chat moderator: can ban/unban users from the server, join channels, + # fix mode issues and sort out vhosts. + "chat-moderator": + # title shown in WHOIS + title: Chat Moderator + + # capability names + capabilities: + - "kill" # disconnect user sessions + - "ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE) + - "nofakelag" # exempted from "fakelag" restrictions on rate of message sending + - "relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block) + - "vhosts" # add and remove vhosts from users + - "sajoin" # join arbitrary channels, including private channels + - "samode" # modify arbitrary channel and user modes + - "snomasks" # subscribe to arbitrary server notice masks + - "roleplay" # use the (deprecated) roleplay commands in any channel + + # server admin: has full control of the ircd, including nickname and + # channel registrations + "server-admin": + # title shown in WHOIS + title: Server Admin + + # oper class this extends from + extends: "chat-moderator" + + # capability names + capabilities: + - "rehash" # rehash the server, i.e. reload the config at runtime + - "accreg" # modify arbitrary account registrations + - "chanreg" # modify arbitrary channel registrations + - "history" # modify or delete history messages + - "defcon" # use the DEFCON command (restrict server capabilities) + - "massmessage" # message all users on the server + +# ircd operators +opers: + # default operator named 'admin'; log in with /OPER admin <password> + admin: + # which capabilities this oper has access to + class: "server-admin" + + # traditionally, operator status is visible to unprivileged users in + # WHO and WHOIS responses. this can be disabled with 'hidden'. + hidden: true + + # custom whois line (if `hidden` is enabled, visible only to other operators) + whois-line: is the server administrator + + # custom hostname (ignored if `hidden` is enabled) + #vhost: "staff" + + # modes are modes to auto-set upon opering-up. uncomment this to automatically + # enable snomasks ("server notification masks" that alert you to server events; + # see `/quote help snomasks` while opered-up for more information): + modes: +is acdjknoqtuxv + + # operators can be authenticated either by password (with the /OPER command), + # or by certificate fingerprint, or both. if a password hash is set, then a + # password is required to oper up (e.g., /OPER dan mypassword). to generate + # the hash, use `ergo genpasswd`. + # password: "" # pragma: allowlist secret + + # if a SHA-256 certificate fingerprint is configured here, then it will be + # required to /OPER. if you comment out the password hash above, then you can + # /OPER without a password. + certfp: "5e3bd8ab6f8c6f6a614d4b2245fd6b5737a6e59917c6719de62b55bac77b978c" # pragma: allowlist secret + # if 'auto' is set (and no password hash is set), operator permissions will be + # granted automatically as soon as you connect with the right fingerprint. + auto: true + + # example of a moderator named 'alice' + # (log in with /OPER alice <password>): + #alice: + # class: "chat-moderator" + # whois-line: "can help with moderation issues!" + # password: "" #pragma: allowlist secret + +# logging, takes inspiration from Insp +logging: + - + # how to log these messages + # + # file log to a file + # stdout log to stdout + # stderr log to stderr + # (you can specify multiple methods, e.g., to log to both stderr and a file) + method: stderr + + # filename to log to, if file method is selected + # filename: ircd.log + + # type(s) of logs to keep here. you can use - to exclude those types + # + # exclusions take precedent over inclusions, so if you exclude a type it will NEVER + # be logged, even if you explicitly include it + # + # useful types include: + # * everything (usually used with exclusing some types below) + # server server startup, rehash, and shutdown events + # accounts account registration and authentication + # channels channel creation and operations + # opers oper actions, authentication, etc + # services actions related to NickServ, ChanServ, etc. + # internal unexpected runtime behavior, including potential bugs + # userinput raw lines sent by users + # useroutput raw lines sent to users + type: "* -userinput -useroutput" + + # one of: debug info warn error + level: info + #- + # # example of a file log that avoids logging IP addresses + # method: file + # filename: ircd.log + # type: "* -userinput -useroutput -connect-ip" + # level: debug + +# debug options +debug: + # when enabled, Ergo will attempt to recover from certain kinds of + # client-triggered runtime errors that would normally crash the server. + # this makes the server more resilient to DoS, but could result in incorrect + # behavior. deployments that would prefer to "start from scratch", e.g., by + # letting the process crash and auto-restarting it with systemd, can set + # this to false. + recover-from-errors: true + + # optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/ + # it is strongly recommended that you don't expose this on a public interface; + # if you need to access it remotely, you can use an SSH tunnel. + # set to `null`, "", leave blank, or omit to disable + # pprof-listener: "localhost:6060" + +# lock file preventing multiple instances of Ergo from accidentally being +# started at once. comment out or set to the empty string ("") to disable. +# this path is relative to the working directory; if your datastore.path +# is absolute, you should use an absolute path here as well. +lock-file: "ircd.lock" + +# datastore configuration +datastore: + # path to the datastore + path: ircd.db + + # if the database schema requires an upgrade, `autoupgrade` will attempt to + # perform it automatically on startup. the database will be backed + # up, and if the upgrade fails, the original database will be restored. + autoupgrade: true + + # connection information for MySQL (currently only used for persistent history): + mysql: + enabled: false + host: "localhost" + port: 3306 + # if socket-path is set, it will be used instead of host:port + #socket-path: "/var/run/mysqld/mysqld.sock" + user: "ergo" + password: "" # pragma: allowlist secret + history-database: "ergo_history" + timeout: 3s + max-conns: 4 + # this may be necessary to prevent middleware from closing your connections: + #conn-max-lifetime: 180s + +# languages config +languages: + # whether to load languages + enabled: false + + # default language to use for new clients + # 'en' is the default English language in the code + default: en + + # which directory contains our language files + path: languages + +# limits - these need to be the same across the network +limits: + # nicklen is the max nick length allowed + nicklen: 32 + + # identlen is the max ident length allowed + identlen: 20 + + # channellen is the max channel length allowed + channellen: 64 + + # awaylen is the maximum length of an away message + awaylen: 390 + + # kicklen is the maximum length of a kick message + kicklen: 390 + + # topiclen is the maximum length of a channel topic + topiclen: 390 + + # maximum number of monitor entries a client can have + monitor-entries: 100 + + # whowas entries to store + whowas-entries: 100 + + # maximum length of channel lists (beI modes) + chan-list-modes: 60 + + # maximum number of messages to accept during registration (prevents + # DoS / resource exhaustion attacks): + registration-messages: 1024 + + # message length limits for the new multiline cap + multiline: + max-bytes: 4096 # 0 means disabled + max-lines: 100 # 0 means no limit + +# fakelag: prevents clients from spamming commands too rapidly +fakelag: + # whether to enforce fakelag + enabled: true + + # time unit for counting command rates + window: 1s + + # clients can send this many commands without fakelag being imposed + burst-limit: 5 + + # once clients have exceeded their burst allowance, they can send only + # this many commands per `window`: + messages-per-window: 2 + + # client status resets to the default state if they go this long without + # sending any commands: + cooldown: 2s + + # exempt a certain number of command invocations per session from fakelag; + # this is to speed up "resynchronization" of client state during reattach + command-budgets: + "CHATHISTORY": 16 + "MARKREAD": 16 + "MONITOR": 1 + "WHO": 4 + +# the roleplay commands are semi-standardized extensions to IRC that allow +# sending and receiving messages from pseudo-nicknames. this can be used either +# for actual roleplaying, or for bridging IRC with other protocols. +roleplay: + # are roleplay commands enabled at all? (channels and clients still have to + # opt in individually with the +E mode) + enabled: false + + # require the "roleplay" oper capability to send roleplay messages? + require-oper: false + + # require channel operator permissions to send roleplay messages? + require-chanops: false + + # add the real nickname, in parentheses, to the end of every roleplay message? + add-suffix: true + +# external services can integrate with the ircd using JSON Web Tokens (https://jwt.io). +# in effect, the server can sign a token attesting that the client is present on +# the server, is a member of a particular channel, etc. +extjwt: + # # default service config (for `EXTJWT #channel`). + # # expiration time for the token: + # expiration: 45s + # # you can configure tokens to be signed either with HMAC and a symmetric secret: + # secret: "65PHvk0K1_sM-raTsCEhatVkER_QD8a0zVV8gG2EWcI" + # # or with an RSA private key: + # #rsa-private-key-file: "extjwt.pem" + + # # named services (for `EXTJWT #channel service_name`): + # services: + # "jitsi": + # expiration: 30s + # secret: "qmamLKDuOzIzlO8XqsGGewei_At11lewh6jtKfSTbkg" + +# history message storage: this is used by CHATHISTORY, HISTORY, znc.in/playback, +# various autoreplay features, and the resume extension +history: + # should we store messages for later playback? + # by default, messages are stored in RAM only; they do not persist + # across server restarts. however, you may want to understand how message + # history interacts with the GDPR and/or any data privacy laws that apply + # in your country and the countries of your users. + enabled: true + + # how many channel-specific events (messages, joins, parts) should be tracked per channel? + channel-length: 2048 + + # how many direct messages and notices should be tracked per user? + client-length: 256 + + # how long should we try to preserve messages? + # if `autoresize-window` is 0, the in-memory message buffers are preallocated to + # their maximum length. if it is nonzero, the buffers are initially small and + # are dynamically expanded up to the maximum length. if the buffer is full + # and the oldest message is older than `autoresize-window`, then it will overwrite + # the oldest message rather than resize; otherwise, it will expand if possible. + autoresize-window: 3d + + # number of messages to automatically play back on channel join (0 to disable): + autoreplay-on-join: 0 + + # maximum number of CHATHISTORY messages that can be + # requested at once (0 disables support for CHATHISTORY) + chathistory-maxmessages: 1000 + + # maximum number of messages that can be replayed at once during znc emulation + # (znc.in/playback, or automatic replay on initial reattach to a persistent client): + znc-maxmessages: 2048 + + # options to delete old messages, or prevent them from being retrieved + restrictions: + # if this is set, messages older than this cannot be retrieved by anyone + # (and will eventually be deleted from persistent storage, if that's enabled) + expire-time: 1w + + # this restricts access to channel history (it can be overridden by channel + # owners). options are: 'none' (no restrictions), 'registration-time' + # (logged-in users cannot retrieve messages older than their account + # registration date, and anonymous users cannot retrieve messages older than + # their sign-on time, modulo the grace-period described below), and + # 'join-time' (users cannot retrieve messages older than the time they + # joined the channel, so only always-on clients can view history). + query-cutoff: 'none' + + # if query-cutoff is set to 'registration-time', this allows retrieval + # of messages that are up to 'grace-period' older than the above cutoff. + # if you use 'registration-time', this is recommended to allow logged-out + # users to query history after disconnections. + grace-period: 1h + + # options to store history messages in a persistent database (currently only MySQL). + # in order to enable any of this functionality, you must configure a MySQL server + # in the `datastore.mysql` section. enabling persistence overrides the history + # size limits above (`channel-length`, `client-length`, etc.); persistent + # history has no limits other than those imposed by expire-time. + persistent: + enabled: false + + # store unregistered channel messages in the persistent database? + unregistered-channels: false + + # for a registered channel, the channel owner can potentially customize + # the history storage setting. as the server operator, your options are + # 'disabled' (no persistent storage, regardless of per-channel setting), + # 'opt-in', 'opt-out', and 'mandatory' (force persistent storage, ignoring + # per-channel setting): + registered-channels: "opt-out" + + # direct messages are only stored in the database for logged-in clients; + # you can control how they are stored here (same options as above). + # if you enable this, strict nickname reservation is strongly recommended + # as well. + direct-messages: "opt-out" + + # options to control how messages are stored and deleted: + retention: + # allow users to delete their own messages from history? + allow-individual-delete: false + + # if persistent history is enabled, create additional index tables, + # allowing deletion of JSON export of an account's messages. this + # may be needed for compliance with data privacy regulations. + enable-account-indexing: false + + # options to control storage of TAGMSG + tagmsg-storage: + # by default, should TAGMSG be stored? + default: false + + # if `default` is false, store TAGMSG containing any of these tags: + whitelist: + - "+draft/react" + - "+react" + + # if `default` is true, don't store TAGMSG containing any of these tags: + #blacklist: + # - "+draft/typing" + # - "typing" + +# whether to allow customization of the config at runtime using environment variables, +# e.g., ERGO__SERVER__MAX_SENDQ=128k. see the manual for more details. +allow-environment-overrides: true diff --git a/terminaldweller.com/main/docker-compose.yaml b/terminaldweller.com/main/docker-compose.yaml index 7d73795..5c38d62 100644 --- a/terminaldweller.com/main/docker-compose.yaml +++ b/terminaldweller.com/main/docker-compose.yaml @@ -10,7 +10,8 @@ services: restart: unless-stopped volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - - /etc/letsencrypt/archive/terminaldweller.com/:/certs/ + - /etc/letsencrypt/live/terminaldweller.com/fullchain.pem:/etc/letsencrypt/live/terminaldweller.com/fullchain.pem:ro + - /etc/letsencrypt/live/terminaldweller.com/privkey.pem:/etc/letsencrypt/live/terminaldweller.com/privkey.pem:ro - ./srv:/srv cap_drop: - ALL diff --git a/terminaldweller.com/main/nginx.conf b/terminaldweller.com/main/nginx.conf index 1a9ea0e..3801219 100644 --- a/terminaldweller.com/main/nginx.conf +++ b/terminaldweller.com/main/nginx.conf @@ -15,8 +15,8 @@ http { add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; - ssl_certificate /certs/fullchain1.pem; - ssl_certificate_key /certs/privkey1.pem; + ssl_certificate /etc/letsencrypt/live/terminaldweller.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/terminaldweller.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; add_header Content-Security-Policy "default-src 'self';"; add_header X-Frame-Options SAMEORIGIN always; @@ -32,6 +32,7 @@ http { add_header Content-Type "application/json"; alias /srv/.well-known/webfinger/finger.json; } + # https://metacode.biz/openpgp/web-key-directory? location /.well-known/openpgpkey/hu/ojxfrmdxrz4pm3hh16s5149w5b8acbsn { alias /srv/.well-known/openpgpkey/hu/gpg_pubkey.asc; @@ -41,6 +42,20 @@ http { alias /srv/.well-known/openpgpkey/policy; add_header Access-Control-Allow-Origin "*"; } + + location /.well-known/matrix/server { + access_log off; + add_header Access-Control-Allow-Origin "*"; + default_type application/json; + return 200 '{"m.server": "matrix.terminaldweller.com:443"}'; + } + location /.well-known/matrix/client { + access_log off; + add_header Access-Control-Allow-Origin "*"; + default_type application/json; + return 200 '{"m.homeserver": {"base_url": "https://matrix.terminaldweller.com"}}'; + } + location / { root /srv/; add_header Access-Control-Allow-Origin "*"; diff --git a/terminaldweller.com/main/srv/index.html b/terminaldweller.com/main/srv/index.html index a69fd8a..8f90c05 100644 --- a/terminaldweller.com/main/srv/index.html +++ b/terminaldweller.com/main/srv/index.html @@ -25,65 +25,72 @@ } </style> </head> - <body style="color:#005f87;background:#000000;text-align:center;padding:0px;border:0px;margin:0px;"> - <p style="font-size:20px;font-weight:bold">This is a list of links:</p> + <body style="color:#005f87;background:#000000;text-align:center;padding:0px;border:0px;margin:0px;font-family:mono;"> + <p style="font-size:20px;font-weight:bold;padding:0px;border:0px;margin:0px;">This is a list of links:</p> <p> <div>This page is available on:</div> - <div>web2 from <a href="https://terminaldweller.com">https://terminaldweller.com</a></div> + <div><a href="https://terminaldweller.com">web2</a> - <span style="user-select: all;">https://terminaldweller.com</span></div> <div>IPFS from <a href="https://ipfs.terminaldweller.com">https://ipfs.terminaldweller.com</a> or from <a href="https://terminaldweller.eth.link">terminaldweller.eth</a></div> - <div>On <a href="gemini://gemini.terminaldweller.com">Gemini</a></div> - <div><a href="http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p/">i2p mirror</a></div> - <div><a href="http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion/">tor mirror</a></div> + <div>On <a href="gemini://gemini.terminaldweller.com">Gemini</a> - <span style="user-select: all;">gemini://gemini.terminaldweller.com</span></div> + <div><a href="http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p/">i2p mirror</a> - <span style="user-select: all;">http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p</span></div> + <div><a href="http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion/">tor mirror</a> - <span style="user-select: all;">http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion</span></div> <p>WKD direct and advanced are setup on/for the domain.</p> <p> <div><a href="https://keyoxide.org/hkp/9e20464f1ccf3b103249fa93a6a0f5158b3881df">keyoxide</a></div> <div>I don't use all the accounts listed on keyoxide regularly. The preferred methods of contacting me are the ones that are listed here, IRC, email and XMPP (The order is not significant).</div> </p> <div> - <div>PGP FP: 9E20464F1CCF3B103249FA93A6A0F5158B3881DF - <a href="https://github.com/terminaldweller.gpg">github</a>, <a href="https://gitlab.com/terminaldweller.gpg">gitlab</a>, <a href="https://codeberg.org/terminaldweller.gpg">codeberg</a>, <a href="keys/gpg_pubkey">self-hosted</a></div> + <div>PGP FP: <span style="user-select: all;">9E20464F1CCF3B103249FA93A6A0F5158B3881DF</span> - <a href="https://github.com/terminaldweller.gpg">github</a>, <a href="https://gitlab.com/terminaldweller.gpg">gitlab</a>, <a href="https://codeberg.org/terminaldweller.gpg">codeberg</a>, <a href="keys/gpg_pubkey">self-hosted</a></div> <div>I manually upload my PGP key to <a href="https://keys.openpgp.org">https://keys.openpgp.org</a> and <a href="https://pgp.mit.edu/">https://pgp.mit.edu/</a>.</div> - <div>SSH FP: SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4 - <a href="https://github.com/terminaldweller.keys">github</a>, <a href="https://gitlab.com/terminaldweller.keys">gitlab</a>, <a href="https://codeberg.org/terminaldweller.keys">codeberg</a>, <a href="keys/id_rsa_pub">self-hosted</a></div> + <div>SSH FP: <span style="user-select: all;">SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4</span> - <a href="https://github.com/terminaldweller.keys">github</a>, <a href="https://gitlab.com/terminaldweller.keys">gitlab</a>, <a href="https://codeberg.org/terminaldweller.keys">codeberg</a>, <a href="keys/id_rsa_pub">self-hosted</a></div> <p> <div>IRC:</div> - <div><a href="https://libera.chat">Libera</a>: terminaldweller <a>FP:FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F</a></div> - <div><a href="https://oftc.net">OFTC</a>: terminaldweller <a>FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876</a></div> - <div><a href="https://rizon.net/">Rizon</a>: terminaldweller <a>FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876</a></div> - <div><a href="https://tilde.chat">Tilde</a>: terminaldweller <a>FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876</a></div> + <div><a href="https://libera.chat">Libera</a>: terminaldweller FP:<span style="user-select: all;">FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F</span></div> + <div><a href="https://oftc.net/">OFTC</a>: terminaldweller FP:<span style="user-select: all;">1072EFECA623C6E3D7A6628BEB6021F77EA2C876</span></div> + <div><a href="https://rizon.net/">Rizon</a>: terminaldweller FP:<span style="user-select: all;">1072EFECA623C6E3D7A6628BEB6021F77EA2C876</span></div> + <div><a href="https://tilde.chat/">Tilde</a>: terminaldweller FP:<span style="user-select: all;">1072EFECA623C6E3D7A6628BEB6021F77EA2C876</span></div> + <div><a href="https://bnet.eu.org/">Bonobonet</a>: terminaldweller FP:<span style="user-select: all;">5e3bd8ab6f8c6f6a614d4b2245fd6b5737a6e59917c6719de62b55bac77b978c</span></div> <div>You can also find me on Libera, OFTC and Rizon in ##terminaldweller.</div> </p> </div> </p> <p> <div>XMPP:</div> - <div>devi@jabber.terminaldweller.com</div> - <div>devi@draugr.de</div> + <div><span style="user-select: all;">devi@jabber.terminaldweller.com</span></div> + <div><span style="user-select: all;">devi@draugr.de</span></div> </p> <p> <div>Email:</div> <div style="font-weight:bold;">(the order is significant)</div> - <div>devi@terminaldweller.com</div> - <div>thabogre@gmail.com</div> - <div>bloodstalker@zoho.com</div> - <div>farzadsadeghi@protonmail.ch</div> + <div><span style="user-select: all;">devi@terminaldweller.com</span></div> + <div><span style="user-select: all;">thabogre@gmail.com</span></div> + <div><span style="user-select: all;">bloodstalker@zoho.com</span></div> + <div><span style="user-select: all;">farzadsadeghi@protonmail.ch</span></div> <div>All emails have the ssh and pgp key fingerprints as signature. You can ask for one.</div> + <div>I sign all emails, unless I receive an encrypted email in which case, I will also encrypt the response.</div> + </p> + <p> + <div>Matrix:</div> + <div><a href="https://matrix.to/#/@devi:terminaldweller.com">@devi:terminaldweller.com</a></div> + <div><a href="https://matrix.to/#/@terminaldweller:matrix.org">@terminaldweller:matrix.org</a></div> </p> <p> <div>OpenID: <a href="https://launchpad.net/~terminaldweller">https://launchpad.net/~terminaldweller</a></div> </p> <p> <div>Git:</div> - <div>Github: <a href="https://github.com/terminaldweller">terminaldweller</a></div> + <div><a href="https://github.com/terminaldweller">github.com/terminaldweller</a></div> <div>Mirrors:</div> <div><a href="https://git.terminaldweller.com">git.terminaldweller.com</a></div> <div><a href="https://codeberg.org/terminaldweller">codeberg.org/terminaldweller</a></div> <div><a href="https://gitlab.com/terminaldweller">gitlab.com/terminaldweller</a></div> </p> <p> - <div>Mastodon: <a href="https://fosstodon.org/@terminaldweller">@terminaldweller@terminaldweller.com</a></div> - <div>If you cant find the handle then you need to log in. I'm not hosting my own mastodon instance. I'm just hosting my own webfinger. The actual handle is <a href="https://fosstodon.org/@terminaldweller">@terminaldweller@fosstodon.org</a></div> + <div>Mastodon:</div> + <div><a href="https://pleroma.terminaldweller.com/users/devi">@devi@pleroma.terminaldweller.com</a></div> + <div><a href="https://fosstodon.org/@terminaldweller">@terminaldweller@fosstodon.com</a></div> </p> <p>Blog: <a href="https://blog.terminaldweller.com">Blog</a> <a href="https://blog.terminaldweller.com/rss/feed">RSS</a></p> - <p><a href="https://www.linkedin.com/in/farzad-sadeghi/">Linkedin</a></p> <div> <div>Services: N/A</div> </div> diff --git a/terminaldweller.com/matrix/docker-compose.yml b/terminaldweller.com/matrix/docker-compose.yml new file mode 100644 index 0000000..66d692e --- /dev/null +++ b/terminaldweller.com/matrix/docker-compose.yml @@ -0,0 +1,51 @@ +version: "3.4" +services: + postgresql: + image: postgres:15.2-alpine + restart: unless-stopped + volumes: + - db-data:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD= #pragma: allowlist secret + - POSTGRES_USER=synapse + - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C + synapse: + image: matrixdotorg/synapse:v1.80.0 + restart: unless-stopped + volumes: + - synapse-data:/data/ + depends_on: + - postgresql + environment: + - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml + labels: + - traefik.enable=true + - traefik.http.routers.synapse.entrypoints=websecure + - traefik.http.routers.synapse.rule=Host(`matrix.terminaldweller.com`) + - traefik.http.routers.synapse.tls=true + - traefik.http.routers.synapse.tls.certresolver=letls + traefik: + image: traefik:v2.9.9 + restart: unless-stopped + command: + - "--api=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.letls.acme.email=devi@terminaldweller.com" + - "--certificatesresolvers.letls.acme.storage=/certs/acme.json" + - "--certificatesresolvers.letls.acme.httpchallenge=true" + - "--certificatesresolvers.letls.acme.httpchallenge.entrypoint=web" + ports: + - "443:443" + - "80:80" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik_certs:/certs +volumes: + db-data: + synapse-data: + traefik_certs: + +# https://matrix.org/docs/guides/understanding-synapse-hosting diff --git a/terminaldweller.com/pleroma/config-override.exs b/terminaldweller.com/pleroma/config-override.exs new file mode 100644 index 0000000..a240744 --- /dev/null +++ b/terminaldweller.com/pleroma/config-override.exs @@ -0,0 +1,4 @@ +import Config + +config :pleroma, :instance, + registrations_open: false diff --git a/terminaldweller.com/pleroma/config.exs b/terminaldweller.com/pleroma/config.exs new file mode 100644 index 0000000..382941e --- /dev/null +++ b/terminaldweller.com/pleroma/config.exs @@ -0,0 +1,74 @@ +import Config + +config :pleroma, Pleroma.Web.Endpoint, + url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443], + http: [ip: {0, 0, 0, 0}, port: 4000] + +config :pleroma, :instance, + name: System.get_env("INSTANCE_NAME", "Pleroma"), + email: System.get_env("ADMIN_EMAIL"), + notify_email: System.get_env("NOTIFY_EMAIL"), + limit: 5000, + registrations_open: false, + federating: true, + healthcheck: true + +config :pleroma, :media_proxy, + enabled: false, + redirect_on_failure: true, + base_url: "https://cache.domain.tld" + +config :pleroma, Pleroma.Repo, + adapter: Ecto.Adapters.Postgres, + username: System.get_env("DB_USER", "pleroma"), + password: System.fetch_env!("DB_PASS"), + database: System.get_env("DB_NAME", "pleroma"), + hostname: System.get_env("DB_HOST", "db"), + pool_size: 10 + +# Configure web push notifications +config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("NOTIFY_EMAIL")}" + +config :pleroma, :database, rum_enabled: false +config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" +config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" + +# We can't store the secrets in this file, since this is baked into the docker image +if not File.exists?("/var/lib/pleroma/secret.exs") do + secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64) + signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8) + {web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1) + + secret_file = + EEx.eval_string( + """ + import Config + + config :pleroma, Pleroma.Web.Endpoint, + secret_key_base: "<%= secret %>", + signing_salt: "<%= signing_salt %>" + + config :web_push_encryption, :vapid_details, + public_key: "<%= web_push_public_key %>", + private_key: "<%= web_push_private_key %>" + """, + secret: secret, + signing_salt: signing_salt, + web_push_public_key: Base.url_encode64(web_push_public_key, padding: false), + web_push_private_key: Base.url_encode64(web_push_private_key, padding: false) + ) + + File.write("/var/lib/pleroma/secret.exs", secret_file) +end + +import_config("/var/lib/pleroma/secret.exs") + +# For additional user config +if File.exists?("/var/lib/pleroma/config.exs"), + do: import_config("/var/lib/pleroma/config.exs"), + else: + File.write("/var/lib/pleroma/config.exs", """ + import Config + + # For additional configuration outside of environmental variables + """) diff --git a/terminaldweller.com/pleroma/docker-compose.yml b/terminaldweller.com/pleroma/docker-compose.yml new file mode 100644 index 0000000..c1ae91d --- /dev/null +++ b/terminaldweller.com/pleroma/docker-compose.yml @@ -0,0 +1,60 @@ +version: '3.8' + +services: + db: + image: postgres:12.1-alpine + container_name: pleroma_db + restart: always + healthcheck: + test: ["CMD", "pg_isready", "-U", "pleroma"] + environment: + POSTGRES_USER: pleroma + POSTGRES_PASSWORD: # pragma: allowlist secret + POSTGRES_DB: pleroma + volumes: + - ./postgres:/var/lib/postgresql/data + networks: + - traefiknet + pleroma: + image: pleroma + container_name: pleroma_web + healthcheck: + test: + [ + "CMD-SHELL", + "wget -q --spider --proxy=off localhost:4000 || exit 1", + ] + restart: always + build: + context: . + args: + - "UID=1001" + - "GID=1001" + - "PLEROMA_VER=v2.4.2" + volumes: + - ./uploads:/var/lib/pleroma/uploads + - ./static:/var/lib/pleroma/static + - ./config.exs:/etc/pleroma/config.exs:ro + - ./config-override.exs:/var/lib/pleroma/config.exs:ro + environment: + DOMAIN: pleroma.terminaldweller.com + INSTANCE_NAME: Pleroma + ADMIN_EMAIL: devi@terminaldweller.com + NOTIFY_EMAIL: devi@terminaldweller.com + DB_USER: pleroma + DB_PASS: # pragma: allowlist secret + DB_NAME: pleroma + depends_on: + - db + labels: + - traefik.enable=true + - traefik.http.routers.pleroma.entrypoints=websecure + - traefik.http.routers.pleroma.rule=Host(`pleroma.terminaldweller.com`) + - traefik.http.routers.pleroma.tls=true + - traefik.http.routers.pleroma.tls.certresolver=letls + networks: + - traefiknet +networks: + traefiknet: + name: matrix_default + external: true diff --git a/vagrant/DVB.xml b/vagrant/DVB.xml new file mode 100644 index 0000000..df3ba26 --- /dev/null +++ b/vagrant/DVB.xml @@ -0,0 +1,6 @@ +<hostdev mode='subsystem' type='usb' managed='yes'> + <source> + <vendor id='0x0bda'/> + <product id='0x2838'/> + </source> +</hostdev> diff --git a/vagrant/kali_purple.sh b/vagrant/kali_purple.sh new file mode 100755 index 0000000..0151f77 --- /dev/null +++ b/vagrant/kali_purple.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env sh + +# get locations for initrd and kernel +# isoinfo -J -i ~/ssd1/images/kali-linux-2023.1-installer-purple-amd64.iso -f +virt-install \ + --connect qemu:///system \ + --name kali_purple \ + --vcpus=2 \ + --memory=4096 \ + --location /home/devi/ssd1/images/kali-linux-2023.1-installer-purple-amd64.iso,kernel=/install.amd/vmlinuz,initrd=/install.amd/initrd.gz \ + --disk pool=default,size=30,sparse=yes \ + --osinfo detect=on \ + --os-variant=debian11 \ + --graphics none \ + --console pty,target_type=serial diff --git a/znc/docker-compose.yaml b/znc/docker-compose.yaml new file mode 100644 index 0000000..b636f34 --- /dev/null +++ b/znc/docker-compose.yaml @@ -0,0 +1,14 @@ +version: "3.7" +services: + bitlbee: + image: znc:1.8.2 + user: ${ZNC_UID}:${ZNC_GID} + networks: + - zncnet + ports: + - "1025:1025" + restart: unless-stopped + volumes: + - /home/znc/.znc/:~/.znc/ +networks: + zncnet: diff --git a/znc/znc.conf b/znc/znc.conf index c031322..ee33b44 100644 --- a/znc/znc.conf +++ b/znc/znc.conf @@ -20,13 +20,13 @@ SSLCertFile = /home/znc/.znc/znc.pem SSLDHParamFile = /home/znc/.znc/znc.pem SSLKeyFile = /home/znc/.znc/znc.pem ServerThrottle = 30 -Version = 1.7.5 +Version = 1.8.2 <Listener listener0> AllowIRC = true AllowWeb = true IPv4 = true - IPv6 = false + IPv6 = true Port = 1025 SSL = true URIPrefix = / @@ -34,9 +34,10 @@ Version = 1.7.5 <User terminaldweller> Admin = true + Allow = 185.112.147.110 AltNick = terminaldweller_ - AppendTimestamp = false - AuthOnlyViaModule = false + AppendTimestamp = true + AuthOnlyViaModule = true AutoClearChanBuffer = true AutoClearQueryBuffer = true ChanBufferSize = 50 @@ -47,18 +48,61 @@ Version = 1.7.5 LoadModule = chansaver LoadModule = controlpanel MaxJoins = 0 - MaxNetworks = 1 - MaxQueryBuffers = 50 - MultiClients = true + MaxNetworks = 10 + MaxQueryBuffers = 500 + MultiClients = false Nick = terminaldweller NoTrafficTimeout = 180 PrependTimestamp = true - QueryBufferSize = 50 + QueryBufferSize = 5000 QuitMsg = %znc% RealName = johndoe StatusPrefix = * TimestampFormat = [%H:%M:%S] + <Network DALNET> + FloodBurst = 9 + FloodRate = 2.00 + IRCConnectEnabled = true + JoinDelay = 0 + LoadModule = simple_away + LoadModule = cert + Server = irc.dal.net +6697 + TrustAllCerts = false + TrustPKI = true + + <Chan #supersonic> + </Chan> + </Network> + + <Network EFNET> + FloodBurst = 9 + FloodRate = 2.00 + IRCConnectEnabled = true + JoinDelay = 0 + LoadModule = simple_away + LoadModule = cert + Nick = termi + Server = efnet.port80.se +6697 + TrustAllCerts = false + TrustPKI = true + </Network> + + <Network IRCNET> + FloodBurst = 9 + FloodRate = 2.00 + IRCConnectEnabled = true + JoinDelay = 0 + LoadModule = simple_away + LoadModule = cert + Server = ssl.ircnet.io +6697 + TrustAllCerts = false + TrustPKI = true + + <Chan #irc> + </Chan> + </Network> + <Network Liberachat> FloodBurst = 9 FloodRate = 2.00 @@ -70,6 +114,12 @@ Version = 1.7.5 TrustAllCerts = false TrustPKI = true + <Chan ##posix> + </Chan> + + <Chan ##terminaldweller> + </Chan> + <Chan #CataclysmDDA> </Chan> @@ -79,12 +129,24 @@ Version = 1.7.5 <Chan #crypto> </Chan> + <Chan #docker> + </Chan> + + <Chan #forgefed> + </Chan> + <Chan #freebsd> </Chan> + <Chan #general> + </Chan> + <Chan #git> </Chan> + <Chan #gnupg> + </Chan> + <Chan #go-nuts> </Chan> @@ -94,6 +156,12 @@ Version = 1.7.5 <Chan #linux> </Chan> + <Chan #lobsters> + </Chan> + + <Chan #lua> + </Chan> + <Chan #neomutt> </Chan> @@ -103,9 +171,21 @@ Version = 1.7.5 <Chan #openbsd> </Chan> + <Chan #opennic> + </Chan> + <Chan #postgresql> </Chan> + <Chan #python> + </Chan> + + <Chan #qubes> + </Chan> + + <Chan #qutebrowser> + </Chan> + <Chan #security> </Chan> @@ -136,15 +216,27 @@ Version = 1.7.5 TrustAllCerts = false TrustPKI = true + <Chan ##terminaldweller> + </Chan> + + <Chan #bitlbee> + </Chan> + <Chan #debian> </Chan> <Chan #llvm> </Chan> + <Chan #mednafen> + </Chan> + <Chan #openwrt> </Chan> + <Chan #s6> + </Chan> + <Chan #tor> </Chan> </Network> @@ -160,10 +252,34 @@ Version = 1.7.5 TrustAllCerts = false TrustPKI = true + <Chan ##terminaldweller> + </Chan> + <Chan #news> </Chan> </Network> + <Network Tilde_Chat> + FloodBurst = 9 + FloodRate = 2.00 + IRCConnectEnabled = true + JoinDelay = 0 + LoadModule = simple_away + LoadModule = cert + Server = irc.tilde.chat +6697 + TrustAllCerts = false + TrustPKI = true + + <Chan #gemini> + </Chan> + + <Chan #meta> + </Chan> + + <Chan #selfhosting> + </Chan> + </Network> + <Network undernet> FloodBurst = 9 FloodRate = 2.00 |