aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.config/bat/config2
-rw-r--r--.newsboat/urls1
-rw-r--r--.vimrc1
-rw-r--r--.zshrc15
-rwxr-xr-xbin/get_random_ua.sh53
-rw-r--r--db/mongo/build_db.js2
-rw-r--r--kubernetes/bitlbee-purple/docker-compose.yaml27
-rw-r--r--kubernetes/postgres/postgres-deployment.yaml2
-rw-r--r--postit1
-rw-r--r--redirector/Redirector.json57
-rwxr-xr-xseccomp/bwrap_generator.sh25
-rw-r--r--seccomp/makefile237
-rw-r--r--seccomp/seccomp_filter.c75
-rw-r--r--stylus/manganato_sepia.css2
-rw-r--r--terminaldweller.com/browsh/nginx.conf40
-rw-r--r--terminaldweller.com/cargo/nginx.conf11
-rw-r--r--terminaldweller.com/cgit/cgit.conf11
-rw-r--r--terminaldweller.com/ejabberd/ejabberd.yml5
-rw-r--r--terminaldweller.com/rss-bridge/nginx.conf40
-rwxr-xr-xtmux/date.sh4
20 files changed, 599 insertions, 12 deletions
diff --git a/.config/bat/config b/.config/bat/config
index 3334823..329b5c9 100644
--- a/.config/bat/config
+++ b/.config/bat/config
@@ -24,4 +24,4 @@
--map-syntax "*.ino:C++"
--map-syntax ".ignore:Git Ignore"
---style="numbers,changes,header,rule,grid,snip"
+--style="full"
diff --git a/.newsboat/urls b/.newsboat/urls
index 1cae29e..e60118a 100644
--- a/.newsboat/urls
+++ b/.newsboat/urls
@@ -18,6 +18,7 @@ https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=
https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=binance&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~binance"_("Twitter")
https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"_("Twitter")
https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"_("Twitter")
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"_("Twitter")
# (Youtube)
# Horror
diff --git a/.vimrc b/.vimrc
index fa4b041..1645911 100644
--- a/.vimrc
+++ b/.vimrc
@@ -252,6 +252,7 @@ Plug 'goerz/jupytext.vim'
" Plug 'gcmt/wildfire.vim'
" Plug 'luochen1990/rainbow'
" Plug 'voldikss/vim-floaterm'
+" Plug 'fidian/hexmode'
call plug#end()
filetype plugin indent on
diff --git a/.zshrc b/.zshrc
index 50ddad7..35b4076 100644
--- a/.zshrc
+++ b/.zshrc
@@ -178,7 +178,7 @@ alias pwsh="/mnt/c/Program\ Files/PowerShell/7/pwsh.exe"
alias wincmd="/mnt/c/Windows/System32/runas.exe /profile /user:administrator cmd.exe"
alias xonshrc="vim ~/scripts/.xonshrc"
alias fixxonshrc="cp ~/scripts/.xonshrc ~/.xonshrc"
-alias deviphone="ssh u0_a601@deviphone.lan -p 8022"
+alias deviphone="ssh -p 8022 u0_a601@farzad-s-galaxy-a51.lan"
alias rpiz2="ssh 192.168.1.205 -l pi"
alias rpiz13="ssh 192.168.1.101 -l root"
alias moshvpn="mosh rooot@192.99.102.52 --ssh='ssh -p 1022'"
@@ -292,7 +292,7 @@ alias swe_proxy="proxychains4 -q -f ~/proxies/swe/proxychains.conf"
alias ir_proxy="proxychains4 -q -f ~/proxies/ir/proxychains.conf"
alias ice_proxy="proxychains4 -q -f ~/proxies/ice/proxychains.conf"
alias tor_carrier_proxy="proxychains4 -q -f ~/proxies/tor_carrier/proxychains.conf"
-alias glow="glow -s ~/.config/glow/dark.json -p"
+alias glow="glow --style ~/.config/glow/dark.json --pager --local"
alias nmap="grc nmap"
alias fdisk="grc fdisk"
alias blkid="grc blkid"
@@ -300,12 +300,19 @@ alias b="buku --suggest"
alias whois="grc whois -H"
alias scapy="scapy -H"
alias dg="grc /usr/bin/dig"
+alias lsof="grc lsof"
+alias xxd="xxd -g 2 -E -u -c 32"
+alias torcurl="curl --user-agent '' --sock5-hostname localhost:9053"
# change the 4th terminal color to #0000ff
# echo -e '\e]P40000ff'
# reset all
# echo -e '\e]R'
+# mdcat(){
+# mdcat --fail --local "$@" | bat
+# }
+
get_domain_dns_records() {
jcurl -X GET -H "Accept: application/json" -H "Authorization: $(cat ~/scripts/arvan-api-key)" "https://napi.arvancloud.com/cdn/4.0/domains/terminaldweller.com/dns-records"
}
@@ -667,6 +674,10 @@ xcurl() {
curl "$@" | xml_pp | pygmentize -l xml -P style=$PYGMENTIZE_STYLE
}
+hcurl() {
+ torsocks --port 9054 curl -i -D /dev/stderr --user-agent 'Chrome/79' "https://papers.ssrn.com/sol3/papersstract_id=1925128" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE
+}
+
# these i stole from junegunn to try out
fzf_gf() {
is_in_git_repo || return
diff --git a/bin/get_random_ua.sh b/bin/get_random_ua.sh
new file mode 100755
index 0000000..3737a89
--- /dev/null
+++ b/bin/get_random_ua.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env sh
+
+USER_AGENT_PATH=/home/devi/devi/List-of-user-agents
+ANDY_FILE="Android+Webkit+Browser.txt"
+OPERA_FILE="Opera.txt"
+FFOX_FILE="Firefox.txt"
+IE_FILE="Internet+Explorer.txt"
+CHROME_FILE="Chrome.txt"
+EDGE_FILE="Edge.txt"
+SAFARI_FILE="Safari.txt"
+
+get_ua() {
+ if [ "$1" = "andy" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${ANDY_FILE}"
+ elif [ "$1" = "opera" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${OPERA_FILE}"
+ elif [ "$1" = "ffox" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${FFOX_FILE}"
+ elif [ "$1" = "ie" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${IE_FILE}"
+ elif [ "$1" = "chrome" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${CHROME_FILE}"
+ elif [ "$1" = "edge" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${EDGE_FILE}"
+ elif [ "$1" = "safari" ]; then
+ UA_FILE="${USER_AGENT_PATH}"/"${SAFARI_FILE}"
+ elif [ "$1" = "all" ]; then
+ cat ${USER_AGENT_PATH}/${ANDY_FILE} \
+ ${USER_AGENT_PATH}/${OPERA_FILE} \
+ ${USER_AGENT_PATH}/${FFOX_FILE} \
+ ${USER_AGENT_PATH}/${IE_FILE} \
+ ${USER_AGENT_PATH}/${CHROME_FILE} \
+ ${USER_AGENT_PATH}/${EDGE_FILE} \
+ ${USER_AGENT_PATH}/${SAFARI_FILE} \
+ > /tmp/random_uas_concat
+ UA_FILE="/tmp/random_uas_concat"
+ else
+ echo "error: unknown kind. must be one of andy,opera,ffox,ie,chrome,edge,safari,all"
+ exit 1
+ fi
+
+ shuf -n 1 "${UA_FILE}"
+}
+
+if [ "$1" = "--help" ]; then
+ echo "prints a random user agent string."
+ echo "you can specify a --kind to get a random user agent of a specific browser."
+ echo "currently the valid values are: andy,opera,ffox,ie,chrome,edge,safari,all"
+elif [ "$1" = "--kind" ]; then
+ get_ua "$2"
+else
+ get_ua all
+fi
diff --git a/db/mongo/build_db.js b/db/mongo/build_db.js
index 2483347..a50162e 100644
--- a/db/mongo/build_db.js
+++ b/db/mongo/build_db.js
@@ -92,7 +92,7 @@ db.mangas.updateOne(
{ _id: mangas_id },
{
$set: {
- "gantz:e": "https://manganato.com/manga-ho984623",
+ "at the mountains of madness": "https://manganato.com/manga-ct979576",
},
}
);
diff --git a/kubernetes/bitlbee-purple/docker-compose.yaml b/kubernetes/bitlbee-purple/docker-compose.yaml
new file mode 100644
index 0000000..84e1842
--- /dev/null
+++ b/kubernetes/bitlbee-purple/docker-compose.yaml
@@ -0,0 +1,27 @@
+version: "3"
+services:
+ bitlbee:
+ image: ezkrg/bitlbee-libpurple:debian-20220408145536
+ networks:
+ - bitlbeenet
+ ports:
+ - "7777:6667"
+ restart: unless-stopped
+ user: "101:101"
+ volumes:
+ - ./bitlbee.conf:/var/lib/bitlbee/bitlbee.conf:ro
+ - bitlbeedata:/bitlbee-user-data
+ entrypoint: ["/usr/sbin/bitlbee"]
+ command: ["-F", "-n", "-u", "bitlbee", "-c", "/var/lib/bitlbee/bitlbee.conf","-d","/bitlbee-user-data"]
+ env_file:
+ - .env
+ cap_drop:
+ - ALL
+ cap_add:
+ - CHOWN
+ - SETGID
+ - SETUID
+networks:
+ bitlbeenet:
+volumes:
+ bitlbeedata:
diff --git a/kubernetes/postgres/postgres-deployment.yaml b/kubernetes/postgres/postgres-deployment.yaml
index 2711117..41d4942 100644
--- a/kubernetes/postgres/postgres-deployment.yaml
+++ b/kubernetes/postgres/postgres-deployment.yaml
@@ -52,7 +52,7 @@ spec:
optional: false
volumeMounts:
- name: postgres-data
- mountPath: /var/lib/postgres/data
+ mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-data
persistentVolumeClaim:
diff --git a/postit b/postit
index df991aa..4c30967 100644
--- a/postit
+++ b/postit
@@ -47,3 +47,4 @@ irancell 196242684
rust tutorial https://www.youtube.com/watch?v=ygL_xcavzQ4
https://wms.cs.kuleuven.be/cs/studeren/master-artificial-intelligence/MAI_SIP/masters-thesis/thesis-topic-proposals
https://www.ssllabs.com/ssltest
+ntfs-3g
diff --git a/redirector/Redirector.json b/redirector/Redirector.json
new file mode 100644
index 0000000..3aa64fc
--- /dev/null
+++ b/redirector/Redirector.json
@@ -0,0 +1,57 @@
+{
+ "createdBy": "Redirector v3.5.3",
+ "createdAt": "2022-11-29T07:44:23.356Z",
+ "redirects": [
+ {
+ "description": "medium redirect",
+ "exampleUrl": "https://medium.com/zocdoc-engineering/monorepo-magic-escaping-version-hell-by-decoupling-dependencies-46e817073bdf",
+ "exampleResult": "https://scribe.rip/zocdoc-engineering/monorepo-magic-escaping-version-hell-by-decoupling-dependencies-46e817073bdf",
+ "error": null,
+ "includePattern": "https://medium.com/*",
+ "excludePattern": "",
+ "patternDesc": "",
+ "redirectUrl": "https://scribe.rip/$1",
+ "patternType": "W",
+ "processMatches": "noProcessing",
+ "disabled": false,
+ "grouped": false,
+ "appliesTo": [
+ "main_frame"
+ ]
+ },
+ {
+ "description": "reddit redirect",
+ "exampleUrl": "https://www.reddit.com/r/voidlinux/",
+ "exampleResult": "https://teddit.net/r/voidlinux/",
+ "error": null,
+ "includePattern": "https://www.reddit.com/*",
+ "excludePattern": "",
+ "patternDesc": "",
+ "redirectUrl": "https://teddit.net/$1",
+ "patternType": "W",
+ "processMatches": "noProcessing",
+ "disabled": false,
+ "grouped": false,
+ "appliesTo": [
+ "main_frame"
+ ]
+ },
+ {
+ "description": "medium redirect",
+ "exampleUrl": "https://dreamume.medium.com/leetcode-458-poor-pigs-adc1bef981c1",
+ "exampleResult": "https://scribe.rip/leetcode-458-poor-pigs-adc1bef981c1",
+ "error": null,
+ "includePattern": "https://*.medium.com/*",
+ "excludePattern": "",
+ "patternDesc": "",
+ "redirectUrl": "https://scribe.rip/$2",
+ "patternType": "W",
+ "processMatches": "noProcessing",
+ "disabled": true,
+ "grouped": false,
+ "appliesTo": [
+ "main_frame"
+ ]
+ }
+ ]
+} \ No newline at end of file
diff --git a/seccomp/bwrap_generator.sh b/seccomp/bwrap_generator.sh
new file mode 100755
index 0000000..53b3d0c
--- /dev/null
+++ b/seccomp/bwrap_generator.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env dash
+
+TEMP_LOG=/tmp/seccomp_logging_filter.bpf
+
+get_sos() {
+ SO_LIST=$(ldd "$1" | awk '{print $3}')
+ for SO in ${SO_LIST}; do
+ echo --ro-bind "${SO}" "${SO} \\"
+ done
+}
+
+make && ./seccomp_filter --filter logging > ${TEMP_LOG}
+
+echo "env -i \\"
+echo "bwrap \\"
+echo "--unshare-all --share-net \\"
+get_sos "$@"
+echo "--uid $(id -u) \\"
+echo "--gid $(id -g) \\"
+echo "--chdir ${SANDBOX_DIR_NAME} \\"
+echo "--bind $1 ${SANDBOX_DIR_NAME} \\"
+echo "--setenv HTTP_PROXY socks5h://192.168.1.214 \\"
+echo "--setenv HTTPS_PROXY socks5h://192.168.1.214 \\"
+echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16 \\"
+echo "--seccomp 10 10<${TEMP_LOG} \\"
diff --git a/seccomp/makefile b/seccomp/makefile
new file mode 100644
index 0000000..35da2cd
--- /dev/null
+++ b/seccomp/makefile
@@ -0,0 +1,237 @@
+TARGET?=seccomp_filter
+SHELL=bash
+SHELL?=bash
+CC=clang
+CC?=clang
+ifdef OS
+CC_FLAGS=
+else
+CC_FLAGS=-fpic
+endif
+CC_EXTRA?=
+CTAGS_I_PATH?=./
+LD_FLAGS=-lseccomp
+EXTRA_LD_FLAGS?=
+ADD_SANITIZERS_CC= -g -fsanitize=address -fno-omit-frame-pointer
+ADD_SANITIZERS_LD= -g -fsanitize=address
+MEM_SANITIZERS_CC= -g -fsanitize=memory -fno-omit-frame-pointer
+MEM_SANITIZERS_LD= -g -fsanitize=memory
+UB_SANITIZERS_CC= -g -fsanitize=undefined -fno-omit-frame-pointer
+UB_SANITIZERS_LD= -g -fsanitize=undefined
+FUZZ_SANITIZERS_CC= -fsanitize=fuzzer,address -g -fno-omit-frame-pointer
+FUZZ_SANITIZERS_LD= -fsanitize=fuzzer,address -g -fno-omit-frame-pointer
+COV_CC= -fprofile-instr-generate -fcoverage-mapping
+COV_LD= -fprofile-instr-generate
+# BUILD_MODES are=RELEASE(default), DEBUG,ADDSAN,MEMSAN,UBSAN,FUZZ
+BUILD_MODE?=RELEASE
+#EXCLUSION_LIST='(\bdip)|(\bdim)'
+EXCLUSION_LIST='xxxxxx'
+OBJ_LIST:=$(patsubst %.c, %.o, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+OBJ_COV_LIST:=$(patsubst %.c, %.ocov, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+OBJ_DBG_LIST:=$(patsubst %.c, %.odbg, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+ASM_LIST:=$(patsubst %.c, %.s, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+WASM_LIST:=$(patsubst %.c, %.wasm, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+WAST_LIST:=$(patsubst %.c, %.wast, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+IR_LIST:=$(patsubst %.c, %.ir, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+JS_LIST:=$(patsubst %.c, %.js, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+AST_LIST:=$(patsubst %.c, %.ast, $(shell find . -name '*.c' | grep -Ev $(EXCLUSION_LIST)))
+
+ifeq ($(BUILD_MODE), ADDSAN)
+ifeq ($(CC), gcc)
+$(error This build mode is only useable with clang.)
+endif
+CC_EXTRA+=$(ADD_SANITIZERS_CC)
+EXTRA_LD_FLAGS+=$(ADD_SANITIZERS_LD)
+endif
+
+ifeq ($(BUILD_MODE), MEMSAN)
+ifeq ($(CC), gcc)
+$(error This build mode is only useable with clang.)
+endif
+CC_EXTRA+=$(MEM_SANITIZERS_CC)
+EXTRA_LD_FLAGS+=$(MEM_SANITIZERS_LD)
+endif
+
+ifeq ($(BUILD_MODE), UBSAN)
+ifeq ($(CC), gcc)
+$(error This build mode is only useable with clang.)
+endif
+CC_EXTRA+=$(UB_SANITIZERS_CC)
+EXTRA_LD_FLAGS+=$(UB_SANITIZERS_LD)
+endif
+
+ifeq ($(BUILD_MODE), FUZZ)
+ifeq ($(CXX), g++)
+$(error This build mode is only useable with clang++.)
+endif
+CXX_EXTRA+=$(FUZZ_SANITIZERS_CC)
+EXTRA_LD_FLAGS+=$(FUZZ_SANITIZERS_LD)
+endif
+
+SRCS:=$(wildcard *.c)
+HDRS:=$(wildcard *.h)
+CC_FLAGS+=$(CC_EXTRA)
+LD_FLAGS+=$(EXTRA_LD_FLAGS)
+
+.DEFAULT:all
+
+.PHONY:all clean help ASM SO TAGS WASM JS IR WAST A ADBG AST cppcheck DOCKER
+
+all:$(TARGET)
+
+everything:$(TARGET) A ASM SO $(TARGET)-static $(TARGET)-dbg ADBG TAGS $(TARGET)-cov WASM JS IR WAST AST DOCKER
+
+depend:.depend
+
+.depend:$(SRCS)
+ rm -rf .depend
+ $(CC) -MM $(CC_FLAGS) $^ > ./.depend
+ echo $(patsubst %.o:, %.odbg:, $(shell $(CC) -MM $(CC_FLAGS) $^)) | sed -r 's/[A-Za-z0-9\-\_]+\.odbg/\n&/g' >> ./.depend
+ echo $(patsubst %.o:, %.ocov:, $(shell $(CC) -MM $(CC_FLAGS) $^)) | sed -r 's/[A-Za-z0-9\-\_]+\.ocov/\n&/g' >> ./.depend
+
+-include ./.depend
+
+.c.o:
+ $(CC) $(CC_FLAGS) -c $< -o $@
+
+%.odbg:%.c
+ $(CC) $(CC_FLAGS) -g -c $< -o $@
+
+%.ocov:%.c
+ $(CC) $(CC_FLAGS) $(COV_CC) -c $< -o $@
+
+$(TARGET): $(OBJ_LIST)
+ $(CC) $(LD_FLAGS) $^ -o $@
+
+$(TARGET)-static: $(OBJ_LIST)
+ $(CC) $(LD_FLAGS) $^ -static -o $@
+
+$(TARGET)-dbg: $(OBJ_DBG_LIST)
+ $(CC) $(LD_FLAGS) $^ -g -o $@
+
+$(TARGET)-cov: $(OBJ_COV_LIST)
+ $(CC) $(LD_FLAGS) $^ $(COV_LD) -o $@
+
+cov: runcov
+ @llvm-profdata merge -sparse ./default.profraw -o ./default.profdata
+ @llvm-cov show $(TARGET)-cov -instr-profile=default.profdata
+
+covrep: runcov
+ @llvm-profdata merge -sparse ./default.profraw -o ./default.profdata
+ @llvm-cov report $(TARGET)-cov -instr-profile=default.profdata
+
+ASM:$(ASM_LIST)
+
+SO:$(TARGET).so
+
+A:$(TARGET).a
+
+ADBG:$(TARGET).adbg
+
+IR:$(IR_LIST)
+
+WASM:$(WASM_LIST)
+
+WAST:$(WAST_LIST)
+
+JS:$(JS_LIST)
+
+AST:$(AST_LIST)
+
+TAGS:tags
+
+#https://github.com/rizsotto/Bear
+BEAR: clean
+ bear -- make
+
+tags:$(SRCS)
+ $(shell $(CC) -c -I $(CTAGS_I_PATH) -M $(SRCS)|\
+ sed -e 's/[\\ ]/\n/g'|sed -e '/^$$/d' -e '/\.o:[ \t]*$$/d'|\
+ ctags -L - --c++-kinds=+p --fields=+iaS --extra=+q)
+
+%.s: %.c
+ $(CC) -S $< -o $@
+ # objdump -r -d -M intel -S $< > $@
+
+%.ir: %.c
+ $(CC) -emit-llvm -S -o $@ $<
+
+%.wasm: %.c
+ emcc $< -o $@
+
+%.wast: %.wasm
+ wasm2wat $< > $@
+
+%.js: %.c
+ emcc $< -s FORCE_FILESYSTEM=1 -s EXIT_RUNTIME=1 -o $@
+
+%.ast: %.c
+ $(CC) -Xclang -ast-dump -fsyntax-only $< > $@
+
+$(TARGET).so: $(OBJ_LIST)
+ $(CC) $(LD_FLAGS) $^ -shared -o $@
+
+$(TARGET).a: $(OBJ_LIST)
+ ar rcs $(TARGET).a $(OBJ_LIST)
+
+$(TARGET).adbg: $(OBJ_DBG_LIST)
+ ar rcs $(TARGET).adbg $(OBJ_DBG_LIST)
+
+runcov: $(TARGET)-cov
+ "./$(TARGET)-cov"
+
+test: $(TARGET)
+ "./$(TARGET)"
+
+run: $(TARGET)
+ "./$(TARGET)"
+
+valgrind: $(TARGET)
+ - valgrind --track-origins=yes --leak-check=full --show-leak-kinds=all "./$(TARGET)"
+
+cppcheck:
+ cppcheck $(SRCS)
+
+rundbg: $(TARGET)-dbg
+ gdb --batch --command=./debug.dbg --args "./$(TARGET)-dbg"
+
+format:
+ - clang-format -i $(SRCS) $(HDRS)
+
+DOCKER: Dockerfile
+ docker build -t proto ./
+
+clean:
+ - rm -f *.o *.s *.odbg *.ocov *.js *.ir *~ $(TARGET) $(TARGET).so $(TARGET)-static \
+ $(TARGET)-dbg $(TARGET).a $(TARGET)-cov *.wasm *.wast $(TARGET).adbg *.ast
+
+deepclean: clean
+ - rm tags
+ - rm .depend
+ - rm ./default.profraw ./default.profdata
+ - rm vgcore.*
+ - rm compile_commands.json
+ - rm *.gch
+
+help:
+ @echo "--all is the default target, runs $(TARGET) target"
+ @echo "--everything will build everything"
+ @echo "--SO will generate the so"
+ @echo "--ASM will generate assembly files"
+ @echo "--TAGS will generate tags file"
+ @echo "--BEAR will generate a compilation database"
+ @echo "--IR will generate llvm IR"
+ @echo "--JS will make the js file"
+ @echo "--AST will make the llvm ast file"
+ @echo "--WASM will make the wasm file"
+ @echo "--WAST will make the wasm text debug file"
+ @echo "--$(TARGET) builds the dynamically-linked executable"
+ @echo "--$(TARGET)-dbg will generate the debug build. BUILD_MODE should be set to DEBUG to work"
+ @echo "--$(TARGET)-static will statically link the executable to the libraries"
+ @echo "--$(TARGET)-cov is the coverage build"
+ @echo "--cov will print the coverage report"
+ @echo "--covrep will print the line coverage report"
+ @echo "--A will build the static library"
+ @echo "--TAGS will build the tags file"
+ @echo "--clean"
+ @echo "--deepclean will clean almost everything"
diff --git a/seccomp/seccomp_filter.c b/seccomp/seccomp_filter.c
new file mode 100644
index 0000000..89ea917
--- /dev/null
+++ b/seccomp/seccomp_filter.c
@@ -0,0 +1,75 @@
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <seccomp.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void log_all_syscalls(void) {
+ scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_LOG);
+ seccomp_arch_add(ctx, SCMP_ARCH_X86_64);
+ seccomp_export_bpf(ctx, 1);
+ seccomp_export_pfc(ctx, 2);
+ seccomp_release(ctx);
+}
+
+int log_current_seccomp(void) {
+ int rc = -1;
+ scmp_filter_ctx ctx;
+ int filter_fd;
+
+ ctx = seccomp_init(SCMP_ACT_KILL);
+ if (ctx == NULL)
+ goto out;
+
+ filter_fd = open("/tmp/seccomp_filter.bpf",
+ O_CREAT | O_WRONLY | O_NOFOLLOW | O_TRUNC, S_IRWXU);
+ if (filter_fd == -1) {
+ rc = -errno;
+ goto out;
+ }
+
+ rc = seccomp_export_bpf(ctx, filter_fd);
+ if (rc < 0) {
+ close(filter_fd);
+ goto out;
+ }
+ close(filter_fd);
+
+ filter_fd = open("/tmp/seccomp_filter.pfc",
+ O_CREAT | O_WRONLY | O_NOFOLLOW | O_TRUNC, S_IRWXU);
+ if (filter_fd == -1) {
+ rc = -errno;
+ goto out;
+ }
+
+ rc = seccomp_export_pfc(ctx, filter_fd);
+ if (rc < 0) {
+ close(filter_fd);
+ goto out;
+ }
+ close(filter_fd);
+
+out:
+ seccomp_release(ctx);
+ return -rc;
+}
+
+int main(int argc, char **argv) {
+ if (argc == 3) {
+ if (!strcmp("--filter", argv[1])) {
+ if (!strcmp("current", argv[2])) {
+ log_current_seccomp();
+ } else if (!strcmp("logging", argv[2])) {
+ log_all_syscalls();
+ } else {
+ }
+ }
+ } else {
+ printf("going with the default filter kind which is logging.\n");
+ log_all_syscalls();
+ }
+}
diff --git a/stylus/manganato_sepia.css b/stylus/manganato_sepia.css
index f168003..0712029 100644
--- a/stylus/manganato_sepia.css
+++ b/stylus/manganato_sepia.css
@@ -1,6 +1,6 @@
@-moz-document domain("readmanganato.com"), domain("chapmanganato.com") {
img {
- filter: sepia(1) brightness(0.7) contrast(0.9) saturate(0.9);
+ filter: sepia(1) brightness(0.5) contrast(1) saturate(0.6);
}
img:hover {
diff --git a/terminaldweller.com/browsh/nginx.conf b/terminaldweller.com/browsh/nginx.conf
new file mode 100644
index 0000000..eb40f31
--- /dev/null
+++ b/terminaldweller.com/browsh/nginx.conf
@@ -0,0 +1,40 @@
+events {
+ worker_connections 1024;
+}
+http {
+ include /etc/nginx/mime.types;
+ server_tokens off;
+ limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
+ server {
+ listen 443 ssl http2;
+ keepalive_timeout 60;
+ charset utf-8;
+ ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_certificate /certs/fullchain1.pem;
+ ssl_certificate_key /certs/privkey1.pem;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 1d;
+ ssl_session_tickets off;
+ ssl_prefer_server_ciphers on;
+ sendfile on;
+ tcp_nopush on;
+ # add_header X-Content-Type-Options "nosniff" always;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *;";
+ # add_header X-Frame-Options SAMEORIGIN always;
+ # add_header X-XSS-Protection "1; mode=block" always;
+ # add_header Permissions-Policy "geolocation=(self),midi=(self),sync-xhr=(self),microphone=(self),camera=(self),magnetometer=(self),gyroscope=(self),fullscreen=(self),payment=(self),usb=(self)";
+ # add_header Referrer-Policy "no-referrer";
+ fastcgi_hide_header X-Powered-By;
+ resolver 9.9.9.9 208.67.222.222;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /certs/cert1.pem;
+
+ error_page 401 403 404 /404.html;
+ location / {
+ proxy_pass http://browsh:4333;
+ }
+ }
+}
diff --git a/terminaldweller.com/cargo/nginx.conf b/terminaldweller.com/cargo/nginx.conf
index eafeeee..bec87f2 100644
--- a/terminaldweller.com/cargo/nginx.conf
+++ b/terminaldweller.com/cargo/nginx.conf
@@ -5,10 +5,17 @@ http {
server {
listen 8080 ssl http2;
keepalive_timeout 70;
- ssl_certificate /certs/cert1.pem;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_prefer_server_ciphers on;
+ ssl_certificate /certs/fullchain1.pem;
ssl_certificate_key /certs/privkey1.pem;
ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers HIGH:!aNULL:!MD5;
+ add_header Content-Security-Policy "default-src 'self';";
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+ add_header Referrer-Policy "no-referrer";
sendfile on;
tcp_nopush on;
diff --git a/terminaldweller.com/cgit/cgit.conf b/terminaldweller.com/cgit/cgit.conf
index e180158..82a9877 100644
--- a/terminaldweller.com/cgit/cgit.conf
+++ b/terminaldweller.com/cgit/cgit.conf
@@ -1,10 +1,19 @@
-server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl" )
+server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl", "mod_setenv" )
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/certs/fullchain1.pem"
ssl.privkey = "/etc/certs/privkey1.pem"
+ setenv.add-response-header = (
+ "Strict-Transport-Security"=>"max-age=63072000; includeSubdomains",
+ "X-Frame-Options"=>"DENY",
+ "X-XSS-Protection"=>"1; mode=block",
+ "X-Content-Type-Options" => "nosniff",
+ "Content-Security-Policy" => "script-src 'self'; object-src 'self'",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "Referrer-Policy" => "no-referrer")
+
server.name = "git.terminaldweller.com"
server.document-root = "/usr/share/webapps/cgit/"
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 228ac6d..815d702 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -1,7 +1,7 @@
hosts:
- jabber.terminaldweller.com
-auth_method: internal
+auth_method: internal
auth_password_format: scram # pragma: allowlist secret
# anonymous_protocol: both
allow_multiple_connections: true
@@ -16,6 +16,7 @@ define_macro:
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
+ - "no_tlsv1_2"
- "cipher_server_preference"
- "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA"
- "no_compression"
@@ -200,7 +201,7 @@ max_fsm_queue: 10000
acme:
# for auto ACME requests, we need this to be true
auto: false
- contact:
+ contact:
- mailto:devi@terminaldweller.com
ca_url: https://acme-v02.api.letsencrypt.org/directory
diff --git a/terminaldweller.com/rss-bridge/nginx.conf b/terminaldweller.com/rss-bridge/nginx.conf
new file mode 100644
index 0000000..b80883b
--- /dev/null
+++ b/terminaldweller.com/rss-bridge/nginx.conf
@@ -0,0 +1,40 @@
+events {
+ worker_connections 1024;
+}
+http {
+ include /etc/nginx/mime.types;
+ server_tokens off;
+ limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
+ server {
+ listen 443 ssl;
+ keepalive_timeout 60;
+ charset utf-8;
+ ssl_certificate /certs/fullchain1.pem;
+ ssl_certificate_key /certs/privkey1.pem;
+ ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 1d;
+ ssl_session_tickets off;
+ ssl_prefer_server_ciphers on;
+ # sendfile on;
+ tcp_nopush on;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ add_header Content-Security-Policy "default-src 'self';";
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-XSS-Protection "1; mode=block" always;
+ # add_header Permissions-Policy "geolocation=(self),midi=(self),sync-xhr=(self),microphone=(self),camera=(self),magnetometer=(self),gyroscope=(self),fullscreen=(self),payment=(self),usb=(self)";
+ add_header Referrer-Policy "no-referrer";
+ fastcgi_hide_header X-Powered-By;
+ # resolver 9.9.9.9 208.67.222.222;
+ # ssl_stapling on;
+ # ssl_stapling_verify on;
+ ssl_trusted_certificate /certs/cert1.pem;
+
+ error_page 401 403 404 /404.html;
+ location / {
+ proxy_pass http://rssbridge:80;
+ }
+ }
+}
diff --git a/tmux/date.sh b/tmux/date.sh
index 1bfbc01..b3f6436 100755
--- a/tmux/date.sh
+++ b/tmux/date.sh
@@ -16,13 +16,15 @@ JDATE="#[fg=colour255 bg=colour29]"$(jdate | gawk '{print $2" "$3}')
# OPENWEATHERMAP_TOKEN=$(jq -r ".token" < /home/devi/scripts/tmux/openweathermap.json)
# WEATHER_INFO=$(sleep 120 && proxychains4 -q -f /home/devi/proxies/ice/proxychains.conf curl "https://api.openweathermap.org/data/2.5/weather?q=Tehran&appid=${OPENWEATHERMAP_TOKEN}&units=metric"|jq ".main.temp")
-WEATHER_INFO=$(curl 'wttr.in/tehran?T&format=%f')
+WEATHER_INFO=$(proxychains4 -f ~/proxies/ice/proxychains.conf curl 'wttr.in/tehran?T&format=%f')
if echo "${WEATHER_INFO}" | grep Unknown\ location; then
WEATHER="#[fg=colour255 bg=colour32]"no_temp
else
WEATHER="#[fg=colour255 bg=colour32]"${WEATHER_INFO}
fi
+date >> /tmp/time_counter
+
CPU_TEMP=$(sensors -j | jq .["\"coretemp-isa-0000\""]."\"Package id 0\"".temp1_input)
CPU_SECTION="#[fg=colour36 bg=colour24]${SEPARATOR_LEFT_BOLD}#[fg=colour16 bg=colour36]${CPU_TEMP} C"
BATTERY=$(upower -i "$(upower -e | grep 'BAT')" | grep -E "percentage" | awk '{print $2}')