aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.mongoshrc.js4
-rw-r--r--.mutt/account.self2
-rw-r--r--.newsboat/urls7
-rw-r--r--.secrets.baseline4
-rw-r--r--.tunneltop.toml10
-rw-r--r--.vimrc5
-rw-r--r--.w3m/keymap2
-rw-r--r--.zshrc13
-rwxr-xr-xbin/postit.sh7
-rw-r--r--dnscrypt/dnscrypt-proxy.toml875
-rw-r--r--irssi/config340
-rw-r--r--irssi/solarized-powerline.theme2
-rw-r--r--keymap.kbd2
-rw-r--r--postit10
-rw-r--r--terminaldweller.com/ejabberd/docker-compose.yaml2
-rw-r--r--terminaldweller.com/gemini/index.gmi45
-rw-r--r--terminaldweller.com/ircd/docker-compose.yml23
-rw-r--r--terminaldweller.com/ircd/ircd.yaml1010
-rw-r--r--terminaldweller.com/main/docker-compose.yaml3
-rw-r--r--terminaldweller.com/main/nginx.conf19
-rw-r--r--terminaldweller.com/main/srv/index.html51
-rw-r--r--terminaldweller.com/matrix/docker-compose.yml51
-rw-r--r--terminaldweller.com/pleroma/config-override.exs4
-rw-r--r--terminaldweller.com/pleroma/config.exs74
-rw-r--r--terminaldweller.com/pleroma/docker-compose.yml60
-rw-r--r--vagrant/DVB.xml6
-rwxr-xr-xvagrant/kali_purple.sh15
-rw-r--r--znc/docker-compose.yaml14
-rw-r--r--znc/znc.conf132
29 files changed, 2657 insertions, 135 deletions
diff --git a/.mongoshrc.js b/.mongoshrc.js
index bd91d9a..b1f85ab 100644
--- a/.mongoshrc.js
+++ b/.mongoshrc.js
@@ -28,3 +28,7 @@ function get_animes() {
function get_movies() {
return db.movies.find();
}
+
+function get_stash() {
+ return db.stash.find();
+}
diff --git a/.mutt/account.self b/.mutt/account.self
index 986f8bf..161b2d5 100644
--- a/.mutt/account.self
+++ b/.mutt/account.self
@@ -16,4 +16,4 @@ set header_cache = ~/.mutt/self/cache/headers
set message_cachedir = ~/.mutt/self/cache/bodies
set certificate_file = ~/.mutt/self/certificates
# mailboxes "+INBOX" "+Drafts" "+Sent" "+Trash"
-mailboxes "+INBOX" "+INBOX/Github" "+INBOX/Linkedin" "+INBOX/Launchpad" "+INBOX/Opennic" "+INBOX/Trf" "+INBOX/Devto" "+INBOX/Kaggle" "+INBOX/Codeberg" "+INBOX/Rumble" "+INBOX/Substack" "+INBOX/Infura" "+INBOX/Skiff"
+mailboxes "+INBOX" "+INBOX/Github" "+INBOX/Linkedin" "+INBOX/Launchpad" "+INBOX/Opennic" "+INBOX/Trf" "+INBOX/Devto" "+INBOX/Kaggle" "+INBOX/Codeberg" "+INBOX/Rumble" "+INBOX/Substack" "+INBOX/Infura" "+INBOX/Skiff" "+INBOX/Spotify" "+INBOX/Bonobonet"
diff --git a/.newsboat/urls b/.newsboat/urls
index aa2519b..59f2d18 100644
--- a/.newsboat/urls
+++ b/.newsboat/urls
@@ -10,6 +10,9 @@ https://www.ecliptik.com/feed.xml "~Ecliptik"
https://www.privacytools.io/guides/rss.xml "~Privacy_Tools"
https://voidlinux.org/atom.xml "~VoidLinux"
https://blog.qutebrowser.org/feeds/all.rss.xml "~Qutebrowser"
+https://sfconservancy.org/feeds/omnibus/ "~SFC"
+https://www.fsf.org/static/fsforg/rss/blogs.xml "~FSF"
+https://www.eff.org/rss/updates.xml "~EFF"
"exec:gemget gemini://mozz.us/journal/atom.xml --output -" "~MOZZ"GEMINI
"exec:gemget gemini://midnight.pub/feed.xml --output -" "~Midnight_Pub"GEMINI
@@ -47,6 +50,8 @@ https://www.google.com/alerts/feeds/12093321976767190558/2769088908428192247 "~i
https://www.google.com/alerts/feeds/12093321976767190558/16765140344737729825 "~TheGreenPlace"Google_Alerts
https://www.google.com/alerts/feeds/12093321976767190558/11780712112899033397 "~Security_Breach"Google_Alerts
https://www.google.com/alerts/feeds/12093321976767190558/8312907097599403294 "~Terminaldweller"Google_Alerts
+https://www.google.com/alerts/feeds/12093321976767190558/14483201011249340076 "~ChancenKarte"Google_Alerts
+https://www.google.com/alerts/feeds/12093321976767190558/397063251466190481 "~thabogre@gmail.com"Google_Alerts
# (Youtube)
# Horror
@@ -101,7 +106,6 @@ https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "~B
https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "~Linus_Tech_Tips"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UCa6eh7gCkpPo5XXUDfygQQA "~Ippsec"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UCdngmbVKX1Tgre699-XLlUA "~Tech_World_With_Nana"youtube
-https://www.youtube.com/feeds/videos.xml?channel_id=UCfp-lNJy4QkIGnaEE6NtDSg "~Terminalforlife"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UCylGUf9BvQooEFjgdNudoQg "~The_Linux_Cast"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UCVhQ2NnY5Rskt6UjCUkJ_DA "~Arjan_code"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UCFQMnBA3CS502aghlcr0_aw "~Coffezilla"youtube
@@ -123,6 +127,7 @@ https://www.youtube.com/feeds/videos.xml?channel_id=UCdSnjmLUUe_NT4ml9OkUi1A "~N
https://www.youtube.com/feeds/videos.xml?channel_id=UCpFFItkfZz1qz5PpHpqzYBw "~Nexpo"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UC9PIn6-XuRKZ5HmYeu46AIw "~Barely_Sociable"youtube
https://www.youtube.com/feeds/videos.xml?channel_id=UCZHmQk67mSJgfCCTn7xBfew "~Yannic_Kilcher"youtube
+https://www.youtube.com/feeds/videos.xml?channel_id=UCa4GzOwXZbQPQyPHhQmpKCQ "~Ants_Are_Everywhere"youtube
https://www.youtube.com/feeds/videos.xml?user=g297125009 "~Gavin_Freeborn"youtube
https://www.youtube.com/feeds/videos.xml?user=Hak5Darren "~Hak_5"youtube
diff --git a/.secrets.baseline b/.secrets.baseline
index 5fd71f9..04e6446 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -270,7 +270,7 @@
"filename": "irssi/config",
"hashed_secret": "825e522c6f25f4d5e79c97adb96bf4d84f8606c2",
"is_verified": false,
- "line_number": 524
+ "line_number": 660
}
],
"kubernetes/mongodb/add-user.yaml": [
@@ -365,5 +365,5 @@
}
]
},
- "generated_at": "2023-02-13T09:48:20Z"
+ "generated_at": "2023-04-10T07:42:47Z"
}
diff --git a/.tunneltop.toml b/.tunneltop.toml
index 5e1ea1e..043bb55 100644
--- a/.tunneltop.toml
+++ b/.tunneltop.toml
@@ -24,6 +24,16 @@ test_interval = 300
test_timeout = 10
auto_start = true
+[tunnel.socks_can]
+address = "127.0.0.1"
+port = 9999
+command = "autossh -M 0 -N -D 9999 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l rooot -p 1022 192.99.102.52"
+test_command = 'curl -s -o /dev/null -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9999 https://icanhazallips.terminaldweller.com:9380'
+test_command_result = "200"
+test_interval = 300
+test_timeout = 10
+auto_start = false
+
[tunnel.socks5_3]
address = "127.0.0.1"
port = 9995
diff --git a/.vimrc b/.vimrc
index 7141e00..7934f3c 100644
--- a/.vimrc
+++ b/.vimrc
@@ -1157,6 +1157,8 @@ autocmd FileType javasript let b:vcm_tab_complete = 'omni'
"filetypes
set dictionary+=/usr/share/dict/words
autocmd FileType pandoc,markdown,text,vimwiki,tex setlocal complete+=k
+let g:pandoc#syntax#conceal#use = 0
+autocmd FileType pandoc PandocHighlight sh
"fzf
map <leader>f <Esc><Esc>:Files!<CR>
@@ -1373,7 +1375,7 @@ let g:context_presenter = 'vim-popup'
augroup AUSpell
autocmd!
- autocmd FileType markdown,txt,vimwiki,tex setlocal spell
+ autocmd FileType markdown,txt,vimwiki,tex,pandoc setlocal spell
augroup END
augroup MDInsert
@@ -1477,6 +1479,7 @@ augroup ALETS
autocmd FileType typescript let b:ale_fixers = {'typescript': ['prettier']}
augroup END
let b:ale_python_mypy_options = "--check-untyped-defs"
+let b:ale_python_pylint_options = "--generate-members"
augroup ALEPY
autocmd!
autocmd FileType python let b:ale_linters = {'python': ['mypy', 'pylint', 'bandit', 'ruff']}
diff --git a/.w3m/keymap b/.w3m/keymap
index d45692a..786d03f 100644
--- a/.w3m/keymap
+++ b/.w3m/keymap
@@ -107,7 +107,7 @@ keymap ESC-z INTERRUPT
keymap C CHARSET
keymap :q EXIT
-keymap Q COMMAND "EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; READ_SHELL ~/.w3m/cgi-bin/restore_session.cgi ; EXIT"
+keymap Q COMMAND "EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ;EXTERN 'echo %s > ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; NEXT_TAB ; EXTERN 'echo %s >> ~/.w3m/RestoreSession.txt' ; READ_SHELL ~/.w3m/cgi-bin/restore_session.cgi ; EXIT"
# external stuff
keymap SPC-r COMMAND "SHELL 'readable $W3M_URL -p html-title,html-content > /tmp/readable.html'; LOAD /tmp/readable.html"
diff --git a/.zshrc b/.zshrc
index 90973f3..b3d5c23 100644
--- a/.zshrc
+++ b/.zshrc
@@ -24,8 +24,9 @@ eval `dircolors ~/.dir_colors`
# alias git="proxychains4 -q -f ~/proxies/ice/proxychains.conf git"
alias sudo="sudo "
alias mpv="proxychains4 -q -f ~/proxies/swe/proxychains.conf mpv --save-position-on-quit --term-osd-bar --msg-module --msg-time --cache=yes --cache-secs=15000 --cache-on-disk --cache-dir=/tmp/ --demuxer-max-bytes=500MiB"
-alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph'
+alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf w3m -s -W -4 -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph'
alias torw3m='torsocks --port 9053 w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph'
+alias boxed_w3m="ssh -tt -i /home/devi/devi/vagrantboxes.git/main/netbsd9/.vagrant/machines/default/libvirt/private_key vagrant@w3m-host.vagrant-libvirt torsocks --address 192.168.1.214 --port 9054 w3m -s -W -4 -o -graph"
alias i2pw3m='proxychains4 -q -f ~/proxies/i2p_one/proxychains.conf w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph'
alias rm="rm -I --one-file-system --preserve-root=all"
alias vv="vim"
@@ -113,6 +114,7 @@ alias vpn8="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -p 3333 ub
alias vpn9="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -i ~/.ssh/id_rsa -p 3333 ubuntu@185.130.47.81 ssh -tt -i /home/ubuntu/.ssh/id_rsa_lv2 2a07:e01:3:1c4::1 -p 3333 -l ubuntu"
alias vms="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt 185.126.202.69 -l ubuntu -p 1022"
alias vpnvv="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -p 3333 ubuntu@185.244.29.79"
+alias vpn10="proxychains4 -q -f ~/proxies/swe/proxychains.conf ssh -tt -p 3333 root@89.147.110.30"
alias -g DOCKER_HOST_VPS="ssh://ubuntu@87.236.209.206:1022"
alias -g DOCKER_HOST_VPN="ssh://rooot@192.99.102.52:1022"
alias -g DOCKER_HOST_VPN2="ssh://rooot@145.239.165.137:22"
@@ -122,6 +124,7 @@ alias -g DOCKER_HOST_VPN7="ssh://ubuntu@185.130.47.81:3333"
alias -g DOCKER_HOST_VPN8="ssh://ubuntu@185.130.47.208:3333"
# alias -g DOCKER_HOST_VPN9=""
alias -g DOCKER_HOST_VMS="ssh://ubuntu@185.126.202.69:1022"
+alias -g DOCKER_HOST_VPN10="ssh://root@89.147.110.30:3333"
# alias cloud_one="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 130.185.121.80 -l ubuntu -p 1022"
# alias pytags="ctags --fields=+l --languages=python --python-kinds=-iv -R ."
alias v="vim"
@@ -150,7 +153,7 @@ alias jupyterlab="jupyter lab --no-browser --port 9989"
alias iredisrc="vim ~/scripts/.iredisrc"
alias fixiredisrc="cp ~/scripts/.iredisrc ~/.iredisrc"
# alias irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -e DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi"
-alias irssi="TERM=screen-256color COLORTERM=truecolor docker run --runtime=runsc -it -e COLORTERM -e TERM -u $(id -u):$(id -g) --log-driver=none -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi"
+alias irssi="TERM=screen-256color COLORTERM=truecolor docker run --runtime=runsc -it -e COLORTERM -e TERM -u $(id -u):$(id -g) --log-driver=none -v $HOME/.irssi:/home/user/.irssi:ro -v /etc/localtime:/etc/localtime:ro devi_irssi"
alias tor_irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u 1001:1001 --log-driver=none -v tor_irssi_mount:/home/user/.irssi -v ~/devi/abbatoir/hole16:/home/user/.irssi/certs tor_irssi"
alias i2p_irssi="TERM=screen-256color docker run --runtime=runsc -it -e TERM -u $(id -u):$(id -g) --log-driver=none -v i2p_irssi_mount:/home/user/.irssi irssi:1.2.3"
alias openbb="TERM=screen-256color \
@@ -366,6 +369,7 @@ alias waydroid="WAYLAND_DISPLAY=wayland-0 waydroid"
alias gw="git worktree"
alias redshiftrc="vim ~/scripts/.config/redshift.conf"
alias fixredshiftrc="cp ~/scripts/.config/redshift.conf ~/.config/redshift.conf"
+alias waydroid_ssh="ssh -p 8022 u0_a411@192.168.240.112"
gwta() {
git worktree add ./"$1" $(git rev-parse "$1")
@@ -490,6 +494,8 @@ export MYSQL_PS1="\U@\N:\p [\d] - \R:\m:\s - \v\n>>>"
# export TZ
# export GPG_TTY=$(tty)
+export PS_FORMAT=pid,start,etime,%cpu,%mem,lxc,cgroup,tty,wchan,exe,cmd
+
export VAGRANT_HOME="/home/devi/storage/ssd1/vagrant"
export BAT_THEME="Solarized (light)"
@@ -539,7 +545,7 @@ export PATH=$PATH:/home/devi/.fzf/bin
export PATH=$PATH:/home/devi/k3s
export PATH=$PATH:/home/devi/kompose
export PATH=$PATH:/home/devi/powershell
-export PATH=$PATH:/home/devi/ytfzf.git/rewrite
+export PATH=$PATH:/home/devi/ytfzf.git/v2.5.5.rc-5
export PATH=$PATH:/home/devi/gotty
export PATH=$PATH:/home/devi/.poetry/bin
export PATH=$PATH:/home/devi/pulumi
@@ -564,6 +570,7 @@ export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.28
export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.28/node/14.18.2_64bit/bin
export PATH=$PATH:/home/devi/devi/emsdk.git/3.1.28/upstream/emscripten
export PATH=$PATH:/home/devi/devi/git-scripts.git/master
+export PATH=$PATH:/home/devi/mongo_db_tools/mongodb-database-tools-ubuntu2004-x86_64-100.5.2/bin
# flatpaks
export PATGH=$PATH:/var/lib/flatpak/exports/bin
diff --git a/bin/postit.sh b/bin/postit.sh
index 17589c5..496ddd8 100755
--- a/bin/postit.sh
+++ b/bin/postit.sh
@@ -1,6 +1,5 @@
#!/usr/bin/env sh
-CLIP_HIST_FILE=/tmp/.clip_history
-# POSTIT=$(cat ${CLIP_HIST_FILE} | dmenu -l 20 -p "Select Postit:")
-sqlite3 $(cat /tmp/lclipd/lclipd_db_name) 'select content from lclipd;' | dmenu -l 20 | xsel -ib
-# echo -n "${POSTIT:0:${#POSTIT}}" | xsel -ip
+SQL_DB="$(cat /tmp/lclipd/lclipd_db_name)"
+content=$(sqlite3 "${SQL_DB}" "select replace(content,char(10),' '),id from lclipd;" | dmenu -fn "DejaVuSansMono Nerd Font Mono-11.3;antialias=true;autohint=true" -D "|" -l 20 -p "lclipd:")
+sqlite3 "${SQL_DB}" "select content from lclipd where id = ${content}" | xsel -ib
diff --git a/dnscrypt/dnscrypt-proxy.toml b/dnscrypt/dnscrypt-proxy.toml
new file mode 100644
index 0000000..9938e08
--- /dev/null
+++ b/dnscrypt/dnscrypt-proxy.toml
@@ -0,0 +1,875 @@
+
+##############################################
+# #
+# dnscrypt-proxy configuration #
+# #
+##############################################
+
+## This is an example configuration file.
+## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
+##
+## Online documentation is available here: https://dnscrypt.info/doc
+
+
+
+##################################
+# Global settings #
+##################################
+
+## List of servers to use
+##
+## Servers from the "public-resolvers" source (see down below) can
+## be viewed here: https://dnscrypt.info/public-servers
+##
+## The proxy will automatically pick working servers from this list.
+## Note that the require_* filters do NOT apply when using this setting.
+##
+## By default, this list is empty and all registered servers matching the
+## require_* filters will be used instead.
+##
+## Remove the leading # first to enable this; lines starting with # are ignored.
+
+# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
+
+
+## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
+## Example with both IPv4 and IPv6:
+## listen_addresses = ['127.0.0.1:53', '[::1]:53']
+##
+## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']`
+## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']`
+
+listen_addresses = ['[::]:5553']
+
+
+## Maximum number of simultaneous client connections to accept
+
+max_clients = 250
+
+
+## Switch to a different system user after listening sockets have been created.
+## Note (1): this feature is currently unsupported on Windows.
+## Note (2): this feature is not compatible with systemd socket activation.
+## Note (3): when using -pidfile, the PID file directory must be writable by the new user
+
+# user_name = 'nobody'
+
+
+## Require servers (from remote sources) to satisfy specific properties
+
+# Use servers reachable over IPv4
+ipv4_servers = true
+
+# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
+ipv6_servers = true
+
+# Use servers implementing the DNSCrypt protocol
+dnscrypt_servers = true
+
+# Use servers implementing the DNS-over-HTTPS protocol
+doh_servers = true
+
+# Use servers implementing the Oblivious DoH protocol
+odoh_servers = false
+
+
+## Require servers defined by remote sources to satisfy specific properties
+
+# Server must support DNS security extensions (DNSSEC)
+require_dnssec = true
+
+# Server must not log user queries (declarative)
+require_nolog = true
+
+# Server must not enforce its own blocklist (for parental control, ads blocking...)
+require_nofilter = true
+
+# Server names to avoid even if they match all criteria
+disabled_server_names = []
+
+
+## Always use TCP to connect to upstream servers.
+## This can be useful if you need to route everything through Tor.
+## Otherwise, leave this to `false`, as it doesn't improve security
+## (dnscrypt-proxy will always encrypt everything even using UDP), and can
+## only increase latency.
+
+force_tcp = true
+
+
+## Enable *experimental* support for HTTP/3 (DoH3, HTTP over QUIC)
+## Note that, like DNSCrypt but unlike other HTTP versions, this uses
+## UDP and (usually) port 443 instead of TCP.
+
+http3 = false
+
+
+## SOCKS proxy
+## Uncomment the following line to route all TCP connections to a local Tor node
+## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
+
+proxy = 'socks5h://127.0.0.1:9054'
+
+
+## HTTP/HTTPS proxy
+## Only for DoH servers
+
+# http_proxy = 'http://127.0.0.1:8118'
+
+
+## How long a DNS query will wait for a response, in milliseconds.
+## If you have a network with *a lot* of latency, you may need to
+## increase this. Startup may be slower if you do so.
+## Don't increase it too much. 10000 is the highest reasonable value.
+
+timeout = 5000
+
+
+## Keepalive for HTTP (HTTPS, HTTP/2, HTTP/3) queries, in seconds
+
+keepalive = 30
+
+
+## Add EDNS-client-subnet information to outgoing queries
+##
+## Multiple networks can be listed; they will be randomly chosen.
+## These networks don't have to match your actual networks.
+
+# edns_client_subnet = ['0.0.0.0/0', '2001:db8::/32']
+
+
+## Response for blocked queries. Options are `refused`, `hinfo` (default) or
+## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
+## Using the `hinfo` option means that some responses will be lies.
+## Unfortunately, the `hinfo` option appears to be required for Android 8+
+
+# blocked_query_response = 'refused'
+
+
+## Load-balancing strategy: 'p2' (default), 'ph', 'p<n>', 'first' or 'random'
+## Randomly choose 1 of the fastest 2, half, n, 1 or all live servers by latency.
+## The response quality still depends on the server itself.
+
+# lb_strategy = 'p2'
+
+## Set to `true` to constantly try to estimate the latency of all the resolvers
+## and adjust the load-balancing parameters accordingly, or to `false` to disable.
+## Default is `true` that makes 'p2' `lb_strategy` work well.
+
+# lb_estimator = true
+
+
+## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
+
+log_level = 2
+
+
+## Log file for the application, as an alternative to sending logs to
+## the standard system logging service (syslog/Windows event log).
+##
+## This file is different from other log files, and will not be
+## automatically rotated by the application.
+
+# log_file = 'dnscrypt-proxy.log'
+
+
+## When using a log file, only keep logs from the most recent launch.
+
+# log_file_latest = true
+
+
+## Use the system logger (syslog on Unix, Event Log on Windows)
+
+# use_syslog = true
+
+
+## Delay, in minutes, after which certificates are reloaded
+
+cert_refresh_delay = 240
+
+
+## Initially don't check DNSCrypt server certificates for expiration, and
+## only start checking them after a first successful connection to a resolver.
+## This can be useful on routers with no battery-backed clock.
+
+# cert_ignore_timestamp = false
+
+
+## DNSCrypt: Create a new, unique key for every single DNS query
+## This may improve privacy but can also have a significant impact on CPU usage
+## Only enable if you don't have a lot of network load
+
+# dnscrypt_ephemeral_keys = false
+
+
+## DoH: Disable TLS session tickets - increases privacy but also latency
+
+# tls_disable_session_tickets = false
+
+
+## DoH: Use a specific cipher suite instead of the server preference
+## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+## 4865 = TLS_AES_128_GCM_SHA256
+## 4867 = TLS_CHACHA20_POLY1305_SHA256
+##
+## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
+## the following suite improves performance.
+## This may also help on Intel CPUs running 32-bit operating systems.
+##
+## Keep tls_cipher_suite empty if you have issues fetching sources or
+## connecting to some DoH servers. Google and Cloudflare are fine with it.
+
+# tls_cipher_suite = [52392, 49199]
+
+
+## Bootstrap resolvers
+##
+## These are normal, non-encrypted DNS resolvers, that will be only used
+## for one-shot queries when retrieving the initial resolvers list and if
+## the system DNS configuration doesn't work.
+##
+## No user queries will ever be leaked through these resolvers, and they will
+## not be used after IP addresses of DoH resolvers have been found (if you are
+## using DoH).
+##
+## They will never be used if lists have already been cached, and if the stamps
+## of the configured servers already include IP addresses (which is the case for
+## most of DoH servers, and for all DNSCrypt servers and relays).
+##
+## They will not be used if the configured system DNS works, or after the
+## proxy already has at least one usable secure resolver.
+##
+## Resolvers supporting DNSSEC are recommended, and, if you are using
+## DoH, bootstrap resolvers should ideally be operated by a different entity
+## than the DoH servers you will be using, especially if you have IPv6 enabled.
+##
+## People in China may want to use 114.114.114.114:53 here.
+## Other popular options include 8.8.8.8, 9.9.9.9 and 1.1.1.1.
+##
+## If more than one resolver is specified, they will be tried in sequence.
+##
+## TL;DR: put valid standard resolver addresses here. Your actual queries will
+## not be sent there. If you're using DNSCrypt or Anonymized DNS and your
+## lists are up to date, these resolvers will not even be used.
+
+bootstrap_resolvers = ['9.9.9.11:53', '8.8.8.8:53']
+
+
+## Always use the bootstrap resolver before the system DNS settings.
+
+ignore_system_dns = true
+
+
+## Maximum time (in seconds) to wait for network connectivity before
+## initializing the proxy.
+## Useful if the proxy is automatically started at boot, and network
+## connectivity is not guaranteed to be immediately available.
+## Use 0 to not test for connectivity at all (not recommended),
+## and -1 to wait as much as possible.
+
+netprobe_timeout = 60
+
+## Address and port to try initializing a connection to, just to check
+## if the network is up. It can be any address and any port, even if
+## there is nothing answering these on the other side. Just don't use
+## a local address, as the goal is to check for Internet connectivity.
+## On Windows, a datagram with a single, nul byte will be sent, only
+## when the system starts.
+## On other operating systems, the connection will be initialized
+## but nothing will be sent at all.
+
+netprobe_address = '9.9.9.9:53'
+
+
+## Offline mode - Do not use any remote encrypted servers.
+## The proxy will remain fully functional to respond to queries that
+## plugins can handle directly (forwarding, cloaking, ...)
+
+# offline_mode = false
+
+
+## Additional data to attach to outgoing queries.
+## These strings will be added as TXT records to queries.
+## Do not use, except on servers explicitly asking for extra data
+## to be present.
+## encrypted-dns-server can be configured to use this for access control
+## in the [access_control] section
+
+# query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken']
+
+
+## Automatic log files rotation
+
+# Maximum log files size in MB - Set to 0 for unlimited.
+log_files_max_size = 10
+
+# How long to keep backup files, in days
+log_files_max_age = 7
+
+# Maximum log files backups to keep (or 0 to keep all backups)
+log_files_max_backups = 1
+
+
+
+#########################
+# Filters #
+#########################
+
+## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
+## configure dnscrypt-proxy to do any kind of filtering (including the filters
+## below and blocklists).
+## You can still choose resolvers that do DNSSEC validation.
+
+
+## Immediately respond to IPv6-related queries with an empty response
+## This makes things faster when there is no IPv6 connectivity, but can
+## also cause reliability issues with some stub resolvers.
+
+block_ipv6 = false
+
+
+## Immediately respond to A and AAAA queries for host names without a domain name
+
+block_unqualified = true
+
+
+## Immediately respond to queries for local zones instead of leaking them to
+## upstream resolvers (always causing errors or timeouts).
+
+block_undelegated = true
+
+
+## TTL for synthetic responses sent when a request has been blocked (due to
+## IPv6 or blocklists).
+
+reject_ttl = 10
+
+
+
+##################################################################################
+# Route queries for specific domains to a dedicated set of servers #
+##################################################################################
+
+## See the `example-forwarding-rules.txt` file for an example
+
+# forwarding_rules = 'forwarding-rules.txt'
+
+
+
+###############################
+# Cloaking rules #
+###############################
+
+## Cloaking returns a predefined address for a specific name.
+## In addition to acting as a HOSTS file, it can also return the IP address
+## of a different name. It will also do CNAME flattening.
+## If 'cloak_ptr' is set, then PTR (reverse lookups) are enabled
+## for cloaking rules that do not contain wild cards.
+##
+## See the `example-cloaking-rules.txt` file for an example
+
+# cloaking_rules = 'cloaking-rules.txt'
+
+## TTL used when serving entries in cloaking-rules.txt
+
+# cloak_ttl = 600
+# cloak_ptr = false
+
+
+
+###########################
+# DNS cache #
+###########################
+
+## Enable a DNS cache to reduce latency and outgoing traffic
+
+cache = true
+
+
+## Cache size
+
+cache_size = 4096
+
+
+## Minimum TTL for cached entries
+
+cache_min_ttl = 2400
+
+
+## Maximum TTL for cached entries
+
+cache_max_ttl = 86400
+
+
+## Minimum TTL for negatively cached entries
+
+cache_neg_min_ttl = 60
+
+
+## Maximum TTL for negatively cached entries
+
+cache_neg_max_ttl = 600
+
+
+
+########################################
+# Captive portal handling #
+########################################
+
+[captive_portals]
+
+## A file that contains a set of names used by operating systems to
+## check for connectivity and captive portals, along with hard-coded
+## IP addresses to return.
+
+# map_file = 'example-captive-portals.txt'
+
+
+
+##################################
+# Local DoH server #
+##################################
+
+[local_doh]
+
+## dnscrypt-proxy can act as a local DoH server. By doing so, web browsers
+## requiring a direct connection to a DoH server in order to enable some
+## features will enable these, without bypassing your DNS proxy.
+
+## Addresses that the local DoH server should listen to
+
+# listen_addresses = ['127.0.0.1:3033']
+
+
+## Path of the DoH URL. This is not a file, but the part after the hostname
+## in the URL. By convention, `/dns-query` is frequently chosen.
+## For each `listen_address` the complete URL to access the server will be:
+## `https://<listen_address><path>` (ex: `https://127.0.0.1/dns-query`)
+
+# path = '/dns-query'
+
+
+## Certificate file and key - Note that the certificate has to be trusted.
+## See the documentation (wiki) for more information.
+
+# cert_file = 'localhost.pem'
+# cert_key_file = 'localhost.pem'
+
+
+
+###############################
+# Query logging #
+###############################
+
+## Log client queries to a file
+
+[query_log]
+
+## Path to the query log file (absolute, or relative to the same directory as the config file)
+## Can be set to /dev/stdout in order to log to the standard output.
+
+# file = 'query.log'
+
+
+## Query log format (currently supported: tsv and ltsv)
+
+format = 'tsv'
+
+
+## Do not log these query types, to reduce verbosity. Keep empty to log everything.
+
+# ignored_qtypes = ['DNSKEY', 'NS']
+
+
+
+############################################
+# Suspicious queries logging #
+############################################
+
+## Log queries for nonexistent zones
+## These queries can reveal the presence of malware, broken/obsolete applications,
+## and devices signaling their presence to 3rd parties.
+
+[nx_log]
+
+## Path to the query log file (absolute, or relative to the same directory as the config file)
+
+# file = 'nx.log'
+
+
+## Query log format (currently supported: tsv and ltsv)
+
+format = 'tsv'
+
+
+
+######################################################
+# Pattern-based blocking (blocklists) #
+######################################################
+
+## Blocklists are made of one pattern per line. Example of valid patterns:
+##
+## example.com
+## =example.com
+## *sex*
+## ads.*
+## ads*.example.*
+## ads*.example[0-9]*.com
+##
+## Example blocklist files can be found at https://download.dnscrypt.info/blocklists/
+## A script to build blocklists from public feeds can be found in the
+## `utils/generate-domains-blocklists` directory of the dnscrypt-proxy source code.
+
+[blocked_names]
+
+## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
+
+# blocked_names_file = 'blocked-names.txt'
+
+
+## Optional path to a file logging blocked queries
+
+# log_file = 'blocked-names.log'
+
+
+## Optional log format: tsv or ltsv (default: tsv)
+
+# log_format = 'tsv'
+
+
+
+###########################################################
+# Pattern-based IP blocking (IP blocklists) #
+###########################################################
+
+## IP blocklists are made of one pattern per line. Example of valid patterns:
+##
+## 127.*
+## fe80:abcd:*
+## 192.168.1.4
+
+[blocked_ips]
+
+## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
+
+# blocked_ips_file = 'blocked-ips.txt'
+
+
+## Optional path to a file logging blocked queries
+
+# log_file = 'blocked-ips.log'
+
+
+## Optional log format: tsv or ltsv (default: tsv)
+
+# log_format = 'tsv'
+
+
+
+######################################################
+# Pattern-based allow lists (blocklists bypass) #
+######################################################
+
+## Allowlists support the same patterns as blocklists
+## If a name matches an allowlist entry, the corresponding session
+## will bypass names and IP filters.
+##
+## Time-based rules are also supported to make some websites only accessible at specific times of the day.
+
+[allowed_names]
+
+## Path to the file of allow list rules (absolute, or relative to the same directory as the config file)
+
+# allowed_names_file = 'allowed-names.txt'
+
+
+## Optional path to a file logging allowed queries
+
+# log_file = 'allowed-names.log'
+
+
+## Optional log format: tsv or ltsv (default: tsv)
+
+# log_format = 'tsv'
+
+
+
+#########################################################
+# Pattern-based allowed IPs lists (blocklists bypass) #
+#########################################################
+
+## Allowed IP lists support the same patterns as IP blocklists
+## If an IP response matches an allowed entry, the corresponding session
+## will bypass IP filters.
+##
+## Time-based rules are also supported to make some websites only accessible at specific times of the day.
+
+[allowed_ips]
+
+## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file)
+
+# allowed_ips_file = 'allowed-ips.txt'
+
+
+## Optional path to a file logging allowed queries
+
+# log_file = 'allowed-ips.log'
+
+## Optional log format: tsv or ltsv (default: tsv)
+
+# log_format = 'tsv'
+
+
+
+##########################################
+# Time access restrictions #
+##########################################
+
+## One or more weekly schedules can be defined here.
+## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name
+## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
+##
+## For example, the following rule in a blocklist file:
+## *.youtube.* @time-to-sleep
+## would block access to YouTube during the times defined by the 'time-to-sleep' schedule.
+##
+## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
+## {after= '9:00', before='18:00'} matches 9:00-18:00
+
+[schedules]
+
+ # [schedules.time-to-sleep]
+ # mon = [{after='21:00', before='7:00'}]
+ # tue = [{after='21:00', before='7:00'}]
+ # wed = [{after='21:00', before='7:00'}]
+ # thu = [{after='21:00', before='7:00'}]
+ # fri = [{after='23:00', before='7:00'}]
+ # sat = [{after='23:00', before='7:00'}]
+ # sun = [{after='21:00', before='7:00'}]
+
+ # [schedules.work]
+ # mon = [{after='9:00', before='18:00'}]
+ # tue = [{after='9:00', before='18:00'}]
+ # wed = [{after='9:00', before='18:00'}]
+ # thu = [{after='9:00', before='18:00'}]
+ # fri = [{after='9:00', before='17:00'}]
+
+
+
+#########################
+# Servers #
+#########################
+
+## Remote lists of available servers
+## Multiple sources can be used simultaneously, but every source
+## requires a dedicated cache file.
+##
+## Refer to the documentation for URLs of public sources.
+##
+## A prefix can be prepended to server names in order to
+## avoid collisions if different sources share the same for
+## different servers. In that case, names listed in `server_names`
+## must include the prefixes.
+##
+## If the `urls` property is missing, cache files and valid signatures
+## must already be present. This doesn't prevent these cache files from
+## expiring after `refresh_delay` hours.
+## Cache freshness is checked every 24 hours, so values for 'refresh_delay'
+## of less than 24 hours will have no effect.
+## A maximum delay of 168 hours (1 week) is imposed to ensure cache freshness.
+
+[sources]
+
+ ### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
+
+ [sources.public-resolvers]
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
+ cache_file = 'public-resolvers.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret
+ refresh_delay = 72
+ prefix = ''
+
+ ### Anonymized DNS relays
+
+ [sources.relays]
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']
+ cache_file = 'relays.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret
+ refresh_delay = 72
+ prefix = ''
+
+ ### ODoH (Oblivious DoH) servers and relays
+
+ # [sources.odoh-servers]
+ # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
+ # cache_file = 'odoh-servers.md'
+ # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret
+ # refresh_delay = 24
+ # prefix = ''
+ # [sources.odoh-relays]
+ # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
+ # cache_file = 'odoh-relays.md'
+ # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret
+ # refresh_delay = 24
+ # prefix = ''
+
+ ### Quad9
+
+ # [sources.quad9-resolvers]
+ # urls = ['https://www.quad9.net/quad9-resolvers.md']
+ # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' #pragma: allowlist secret
+ # cache_file = 'quad9-resolvers.md'
+ # prefix = 'quad9-'
+
+ ### Another example source, with resolvers censoring some websites not appropriate for children
+ ### This is a subset of the `public-resolvers` list, so enabling both is useless.
+
+ # [sources.parental-control]
+ # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md']
+ # cache_file = 'parental-control.md'
+ # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' #pragma: allowlist secret
+
+
+
+#########################################
+# Servers with known bugs #
+#########################################
+
+[broken_implementations]
+
+## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
+## truncate responses larger than questions as expected by the DNSCrypt protocol.
+## This prevents large responses from being received over UDP and over relays.
+##
+## Older versions of the `dnsdist` server software had a bug with queries larger
+## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
+## some server may still run an outdated version.
+##
+## The list below enables workarounds to make non-relayed usage more reliable
+## until the servers are fixed.
+
+fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
+
+
+
+#################################################################
+# Certificate-based client authentication for DoH #
+#################################################################
+
+## Use a X509 certificate to authenticate yourself when connecting to DoH servers.
+## This is only useful if you are operating your own, private DoH server(s).
+## 'creds' maps servers to certificates, and supports multiple entries.
+## If you are not using the standard root CA, an optional "root_ca"
+## property set to the path to a root CRT file can be added to a server entry.
+
+[doh_client_x509_auth]
+
+# creds = [
+# { server_name='*', client_cert='client.crt', client_key='client.key' } #pragma: allowlist secret
+# ]
+
+
+
+################################
+# Anonymized DNS #
+################################
+
+[anonymized_dns]
+
+## Routes are indirect ways to reach DNSCrypt servers.
+##
+## A route maps a server name ("server_name") to one or more relays that will be
+## used to connect to that server.
+##
+## A relay can be specified as a DNS Stamp (either a relay stamp, or a
+## DNSCrypt stamp) or a server name.
+##
+## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
+## and "example-server-2" via the relay whose relay DNS stamp is
+## "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
+##
+## !!! THESE ARE JUST EXAMPLES !!!
+##
+## Review the list of available relays from the "relays.md" file, and, for each
+## server you want to use, define the relays you want connections to go through.
+##
+## Carefully choose relays and servers so that they are run by different entities.
+##
+## "server_name" can also be set to "*" to define a default route, for all servers:
+## { server_name='*', via=['anon-example-1', 'anon-example-2'] }
+##
+## If a route is ["*"], the proxy automatically picks a relay on a distinct network.
+## { server_name='*', via=['*'] } is also an option, but is likely to be suboptimal.
+##
+## Manual selection is always recommended over automatic selection, so that you can
+## select (relay,server) pairs that work well and fit your own criteria (close by or
+## in different countries, operated by different entities, on distinct ISPs...)
+
+# routes = [
+# { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
+# { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
+# ]
+
+
+## Skip resolvers incompatible with anonymization instead of using them directly
+
+skip_incompatible = false
+
+
+## If public server certificates for a non-conformant server cannot be
+## retrieved via a relay, try getting them directly. Actual queries
+## will then always go through relays.
+
+# direct_cert_fallback = false
+
+
+
+###############################
+# DNS64 #
+###############################
+
+## DNS64 is a mechanism for synthesizing AAAA records from A records.
+## It is used with an IPv6/IPv4 translator to enable client-server
+## communication between an IPv6-only client and an IPv4-only server,
+## without requiring any changes to either the IPv6 or the IPv4 node,
+## for the class of applications that work through NATs.
+##
+## There are two options to synthesize such records:
+## Option 1: Using a set of static IPv6 prefixes;
+## Option 2: By discovering the IPv6 prefix from DNS64-enabled resolver.
+##
+## If both options are configured - only static prefixes are used.
+## (Ref. RFC6147, RFC6052, RFC7050)
+##
+## Do not enable unless you know what DNS64 is and why you need it, or else
+## you won't be able to connect to anything at all.
+
+[dns64]
+
+## Static prefix(es) as Pref64::/n CIDRs
+
+# prefix = ['64:ff9b::/96']
+
+## DNS64-enabled resolver(s) to discover Pref64::/n CIDRs
+## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only.
+## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96).
+## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only.
+
+# resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53']
+
+
+
+########################################
+# Static entries #
+########################################
+
+## Optional, local, static list of additional servers
+## Mostly useful for testing your own servers.
+
+[static]
+
+ # [static.myserver]
+ # stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
diff --git a/irssi/config b/irssi/config
index 8914e06..a05f05b 100644
--- a/irssi/config
+++ b/irssi/config
@@ -3,19 +3,16 @@
# https://www.oftc.net/NickServ/CertFP/
servers = (
{
- address = "irc.gitter.im";
- chatnet = "gitter";
- port = "6697";
- password = "";
- use_tls = "yes";
- tls_verify = "yes";
+ address = "irc.probably.loki";
+ chatnet = "PROBABLY_LOKI";
+ port = "6667";
autoconnect = "yes";
},
{
- address = "192.99.102.52";
- chatnet = "FRRouting.slack.com";
- port = "6667";
- password = "";
+ address = "kfswfco7mfb38dj7hsm4b8gs13ppjnog886y8zcgzno4jt16cepy.loki";
+ chatnet = "BonoboNET_LOKI";
+ port = "6697";
+ tls_cert = "~/.irssi/certs/nick.pem";
use_tls = "yes";
tls_verify = "no";
autoconnect = "yes";
@@ -29,20 +26,32 @@ servers = (
# tls_verify = "yes";
# autoconnect = "no";
# },
+ # {
+ # address = "192.168.1.109";
+ # port = "6667";
+ # chatnet = "bitlbee";
+ # autoconnect = "no";
+ # },
{
- address = "192.168.1.109";
- port = "6667";
- chatnet = "bitlbee";
+ address = "192.168.1.214";
+ port = "8667";
+ chatnet = "bitlbee_local";
autoconnect = "yes";
},
{
address = "192.168.1.214";
- port = "8667";
- chatnet = "bitlbee_r";
+ port = "8668";
+ chatnet = "matterircd";
autoconnect = "no";
- use_tls = "no";
},
# {
+ # address = "192.168.1.214";
+ # port = "8667";
+ # chatnet = "bitlbee_r";
+ # autoconnect = "no";
+ # use_tls = "no";
+ # },
+ # {
# address = "irc.libera.chat";
# chatnet = "LiberaChat";
# port = "6697";
@@ -60,9 +69,18 @@ servers = (
# tls_verify = "yes";
# autoconnect = "no";
# },
+ # {
+ # address = "ssl.ircnet.io";
+ # chatnet = "IRCNet";
+ # port = "6697";
+ # use_tls = "yes";
+ # tls_cert = "~/.irssi/certs/nick.pem";
+ # tls_verify = "yes";
+ # autoconnect = "yes";
+ # },
{
- address = "ssl.ircnet.io";
- chatnet = "IRCNet";
+ address = "irc.terminaldweller.com";
+ chatnet = "devinet";
port = "6697";
use_tls = "yes";
tls_cert = "~/.irssi/certs/nick.pem";
@@ -71,9 +89,29 @@ servers = (
},
{
address = "185.130.45.46";
+ chatnet = "IRCNet_ZNC";
+ port = "1025";
+ password = "terminaldweller/IRCNET:network";# pragma: allowlist secret
+ use_tls = "yes";
+ tls_cert = "~/.irssi/certs/nick.pem";
+ tls_verify = "no";
+ autoconnect = "yes";
+ },
+ # {
+ # address = "185.130.45.46";
+ # chatnet = "BonoboNET_LOKI_ZNC";
+ # port = "1025";
+ # password = "terminaldweller/Bonobonet_Loki:network";# pragma: allowlist secret
+ # tls_cert = "~/.irssi/certs/nick.pem";
+ # use_tls = "yes";
+ # tls_verify = "no";
+ # autoconnect = "yes";
+ # },
+ {
+ address = "185.130.45.46";
chatnet = "Libera-ZNC";
port = "1025";
- password = "terminaldweller/Liberachat:"; # pragma: allowlist secret
+ password = "terminaldweller/Liberachat:lama";# pragma: allowlist secret
use_tls = "yes";
tls_cert = "~/.irssi/certs/nick.pem";
tls_verify = "no";
@@ -83,7 +121,7 @@ servers = (
address = "185.130.45.46";
chatnet = "OFTC-ZNC";
port = "1025";
- password = "terminaldweller/OFTC:network"; # pragma: allowlist secret
+ password = "terminaldweller/OFTC:network";# pragma: allowlist secret
use_tls = "yes";
tls_cert = "~/.irssi/certs/nick.pem";
tls_verify = "no";
@@ -93,7 +131,7 @@ servers = (
address = "185.130.45.46";
chatnet = "Rizon-ZNC";
port = "1025";
- password = "terminaldweller/Rizon:network"; # pragma: allowlist secret
+ password = "terminaldweller/Rizon:network";# pragma: allowlist secret
use_tls = "yes";
tls_cert = "~/.irssi/certs/nick.pem";
tls_verify = "no";
@@ -103,49 +141,89 @@ servers = (
address = "185.130.45.46";
chatnet = "Undernet-ZNC";
port = "1025";
- password = "terminaldweller/undernet:network"; # pragma: allowlist secret
+ password = "terminaldweller/undernet:network";# pragma: allowlist secret
use_tls = "yes";
tls_cert = "~/.irssi/certs/nick.pem";
tls_verify = "no";
autoconnect = "yes";
},
+ # {
+ # address = "efnet.port80.se";
+ # chatnet = "EFnet";
+ # port = "6697";
+ # use_tls = "yes";
+ # tls_verify = "no";
+ # autoconnect = "yes";
+ # },
{
- address = "efnet.port80.se";
- chatnet = "EFnet";
- port = "6697";
+ address = "185.130.45.46";
+ chatnet = "EFnet_ZNC";
+ port = "1025";
+ password = "terminaldweller/EFNET:locolobo";# pragma: allowlist secret
use_tls = "yes";
+ tls_cert = "~/.irssi/certs/nick.pem";
tls_verify = "no";
autoconnect = "yes";
},
+ # {
+ # address = "irc.dal.net";
+ # chatnet = "DALnet";
+ # port = "6697";
+ # use_tls = "yes";
+ # tls_verify = "yes";
+ # autoconnect = "yes";
+ # },
{
- address = "irc.dal.net";
- chatnet = "DALnet";
- port = "6697";
+ address = "185.130.45.46";
+ chatnet = "DALnet_ZNC";
+ port = "1025";
+ password = "terminaldweller/DALNET:netwqkkk";# pragma: allowlist secret
use_tls = "yes";
- tls_verify = "yes";
+ tls_cert = "~/.irssi/certs/nick.pem";
+ tls_verify = "no";
autoconnect = "yes";
},
{
address = "185.130.45.46";
chatnet = "TildeChat_ZNC";
port = "1025";
- password = "terminaldweller/Tilde_Chat:network"; # pragma: allowlist secret
+ password = "terminaldweller/Tilde_Chat:network";# pragma: allowlist secret
tls_cert = "~/.irssi/certs/nick.pem";
use_tls = "yes";
tls_verify = "no";
autoconnect = "yes";
+ },
+ {
+ address = "192.168.1.214";
+ chatnet = "I2P_ILITIA";
+ port = "9068";
+ use_tls = "no";
+ tls_verify = "no";
+ autoconnect = "no";
+ },
+ {
+ address = "192.168.1.214";
+ chatnet = "I2P_POSTMAN";
+ port = "9069";
+ use_tls = "no";
+ tls_verify = "no";
+ autoconnect = "no";
}
);
chatnets = {
- OFTC = {
- type = "IRC";
- nick = "terminaldweller";
- autosendcmd = "/^msg nickserv set cloak on;wait 3000";
- max_kicks = "1";
- max_msgs = "1";
- max_whois = "1";
- };
+ I2P_ILITIA = { type = "IRC"; nick = "useruseR"; };
+ I2P_POSTMAN = { type = "IRC"; nick = "useruseR"; };
+ PROBABLY_LOKI = { type = "IRC"; nick = "terminaldweller"; };
+ BonoboNET_LOKI = { type = "IRC"; nick = "terminaldweller"; };
+ # OFTC = {
+ # type = "IRC";
+ # nick = "terminaldweller";
+ # autosendcmd = "/^msg nickserv set cloak on;wait 3000";
+ # max_kicks = "1";
+ # max_msgs = "1";
+ # max_whois = "1";
+ # };
"OFTC-ZNC" = {
type = "IRC";
nick = "terminaldweller";
@@ -154,14 +232,21 @@ chatnets = {
max_msgs = "1";
max_whois = "1";
};
- gitter = { type = "IRC"; nick = "terminaldweller"; };
- "app.slack.com" = { type = "IRC"; nick = "terminaldweller"; };
- "FRRouting.slack.com" = { type = "IRC"; };
- bitlbee = {
+ # gitter = { type = "IRC"; nick = "terminaldweller"; };
+ # "app.slack.com" = { type = "IRC"; nick = "terminaldweller"; };
+ # "FRRouting.slack.com" = { type = "IRC"; };
+ # "magmacore.slack.com" = { type = "IRC"; nick = "farzad sadeghi";};
+ # "frrouting_slack_irslackd" = { type = "IRC"; nick = "farzad sadeghi";};
+ # "magmacore_slack_irslackd" = { type = "IRC"; nick = "farzad sadeghi";};
+ # bitlbee = {
+ # autosendcmd = "/^msg &bitlbee identify gorgoroth;wait 3000";
+ # type = "IRC";
+ # };
+ bitlbee_local = {
autosendcmd = "/^msg &bitlbee identify gorgoroth;wait 3000";
type = "IRC";
};
- LiberaChat = { type = "IRC"; sasl_mechanism = "EXTERNAL"; };
+ # LiberaChat = { type = "IRC"; sasl_mechanism = "EXTERNAL"; };
"Libera-ZNC" = {
type = "IRC";
autosendcmd = "/^mode terminaldweller +g;wait 3000";
@@ -172,21 +257,28 @@ chatnets = {
# };
"Rizon-ZNC" = {
type = "IRC";
- autosendcmd = "/^mode terminaldweller +RCGpx;wait 3000";
+ autosendcmd = "/^mode terminaldweller +RCGpx;msg hostserv on;wait 3000";
};
- IRCNet = { type = "IRC"; };
+ IRCNet_ZNC = { type = "IRC"; };
"Undernet-ZNC" = {
type = "IRC";
nick = "terminaldwel";
- autosendcmd = "/^mode termi +ix;msg *status traffic;wait 3000";
+ autosendcmd = "/^mode terminaldwel +ix;msg *status traffic;wait 3000";
+ };
+ EFnet_ZNC = { type = "IRC"; nick = "termi";};
+ DALnet_ZNC = {
+ type = "IRC";
+ nick = "terminaldweller";
+ autosendcmd = "/^msg nickserv@services.dal.net identify ;mode terminaldweller HRCi;wait 3000";
};
- EFnet = { type = "IRC"; };
- DALnet = {
+ TildeChat_ZNC = { type = "IRC"; };
+ devinet = {
type = "IRC";
nick = "terminaldweller";
- autosendcmd = "/^msg nickserv@services.dal.net identify identify;mode terminaldweller HCi;wait 3000";
+ # autosendcmd = "/^msg nickserv identify terminaldweller;wait 3000;";
+ sasl_mechanism = "EXTERNAL";
+ sasl_username = "terminaldweller";
};
- bitlbee_r = { type = "IRC"; };
};
channels = (
@@ -200,19 +292,46 @@ channels = (
{ name = "#debian"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
# { name = "#virt"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
{ name = "#openwrt"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
- { name = "#selfhosting"; chatnet = "TildeChat_ZNC"; autojoin = "yes"; },
+ {
+ name = "#selfhosting";
+ chatnet = "TildeChat_ZNC";
+ autojoin = "yes";
+ },
{ name = "#tor"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
{ name = "#llvm"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
- { name = "##terminaldweller"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
+ { name = "#bitlbee"; chatnet = "OFTC-ZNC"; autojoin = "yes"; },
+ {
+ name = "##terminaldweller";
+ chatnet = "OFTC-ZNC";
+ autojoin = "yes";
+ },
# { name = "#openssh"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
# { name = "#gdb"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#openbsd"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#lobsters"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#gnupg"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#znc"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
+ { name = "#qutebrowser"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
+ { name = "#lokinet"; chatnet = "PROBABLY_LOKI"; autojoin = "yes"; },
+ { name = "#general"; chatnet = "PROBABLY_LOKI"; autojoin = "yes"; },
+ { name = "#crxn"; chatnet = "BonoboNET_LOKI"; autojoin = "yes"; },
+ {
+ name = "#networking";
+ chatnet = "BonoboNET_LOKI";
+ autojoin = "yes";
+ },
+ {
+ name = "#general";
+ chatnet = "BonoboNET_LOKI";
+ autojoin = "yes";
+ },
{ name = "#go-nuts"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#opennic"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
- { name = "##terminaldweller"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
+ {
+ name = "##terminaldweller";
+ chatnet = "Libera-ZNC";
+ autojoin = "yes";
+ },
{ name = "#voidlinux"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#CataclysmDDA"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#security"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
@@ -222,6 +341,8 @@ channels = (
{ name = "#vim"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#git"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#neomutt"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
+ { name = "##posix"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
+ { name = "#lua"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#busybox"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
# { name = "#shadow"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#freebsd"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
@@ -230,9 +351,13 @@ channels = (
{ name = "#bookz"; chatnet = "Undernet-ZNC"; autojoin = "yes"; },
{ name = "#postgresql"; chatnet = "Libera-ZNC"; autojoin = "yes"; },
{ name = "#news"; chatnet = "Rizon-ZNC"; autojoin = "yes"; },
- { name = "##terminaldweller"; chatnet = "Rizon-ZNC"; autojoin = "yes"; },
- { name = "#irc"; chatnet = "IRCNet"; autojoin = "yes"; },
- { name = "#supersonic"; chatnet = "DALNet"; autojoin = "yes"; },
+ {
+ name = "##terminaldweller";
+ chatnet = "Rizon-ZNC";
+ autojoin = "yes";
+ },
+ { name = "#irc"; chatnet = "IRCNet_ZNC"; autojoin = "yes"; },
+ { name = "#supersonic"; chatnet = "DALnet_ZNC"; autojoin = "yes"; },
# { name = "#kvm"; chatnet = "Libera-ZNC"; autojoin = "yes"; }
);
@@ -457,22 +582,28 @@ statusbar = {
barend = { priority = "100"; alignment = "right"; };
};
};
+ awl_5 = {
+ items = {
+ barstart = { priority = "100"; };
+ awl_5 = { };
+ barend = { priority = "100"; alignment = "right"; };
+ };
+ };
};
};
settings = {
- misc = {
- split_line_end = "↪";
- }
+ misc = { split_line_end = "↪"; };
core = {
real_name = "john doe";
user_name = "devi";
nick = "terminaldweller";
- use_proxy = "no";
- proxy_address = "127.0.0.1";
- proxy_port = "9050";
- proxy_string = "CONNECT %s:%d HTTP/1.0\012\012";
- proxy_string_after = "conn %s %d";
- proxy_password = "";
+ # use_proxy = "no";
+ # proxy_address = "127.0.0.1";
+ # proxy_port = "9050";
+ # proxy_string = "CONNECT %s:%d HTTP/1.0\012\012";
+ # proxy_string_after = "conn %s %d";
+ # proxy_password = "";
+ # recode_transliterate = "no";
};
"fe-common/core" = {
theme = "solarized-powerline";
@@ -482,7 +613,12 @@ settings = {
emphasis_replace = "no";
show_names_on_join = "no";
};
- "fe-text" = { actlist_sort = "refnum"; };
+ "fe-text" = {
+ actlist_sort = "refnum";
+ # scrollback_lines = "1000";
+ # scrollback_time = "3days";
+ # scrollback_max_age = "0";
+ };
"perl/core/scripts" = {
# adv_windowlist.pl
awl_block = "-20";
@@ -537,6 +673,13 @@ settings = {
# bitlbee_typing_notice
bitlbee_send_typing = "0";
bitlbee_typing_allwin = "1";
+ # leodict
+ leodict_default_options = "-en -both";
+ leodict_paste_max_translations = "2";
+ leodict_paste_beautify = "1";
+ leodict_http_proxy_address = "192.168.1.214";
+ leodict_http_proxy_port = "9054";
+ leodict_http_proxy_type = "socks";
};
"irc/dcc" = {
dcc_download_path = "~/.irssi/downloads/";
@@ -568,8 +711,7 @@ keyboard = (
{ key = "meta-m"; id = "change_window"; data = "37"; },
{ key = "meta-,"; id = "change_window"; data = "38"; },
{ key = "meta-."; id = "change_window"; data = "39"; },
- { key = "meta-/"; id = "change_window"; data = "40"; }
- { key = "meta-meta2-1"; id = "change_window"; data = "41"; }
+ { key = "meta-/"; id = "change_window"; data = "40"; },
);
ignores = (
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#docker" ); },
@@ -624,15 +766,75 @@ ignores = (
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#forgefed" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#lobsters" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#s6" ); },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "#lua" ); },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "#networking" ); },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "##posix" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#postgresql" ); },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "#crxn" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#meta" ); },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "#python" ); },
+ {
+ level = "JOINS PARTS QUITS NICKS";
+ channels = ( "#qutebrowser" );
+ },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "#lokinet" ); },
+ { level = "JOINS PARTS QUITS NICKS"; channels = ( "#bitlbee" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#gemini" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#llvm" ); },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#opennic" ); },
- { level = "JOINS PARTS QUITS NICKS"; channels = ( "#selfhosting" ); },
+ {
+ level = "JOINS PARTS QUITS NICKS";
+ channels = ( "#selfhosting" );
+ },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#irc" ); },
{ level = "CTCPS"; },
{ level = "JOINS PARTS QUITS NICKS"; channels = ( "#zsh" ); }
);
Mogs = { };
logs = { };
+windows = {
+ 1 = { immortal = "yes"; name = "(status)"; level = "ALL"; };
+ 2 = {
+ immortal = "yes";
+ name = "(notices)";
+ level = "MSGS NOTICES SNOTES WALLOPS INVITES";
+ };
+ 3 = {
+ items = (
+ {
+ type = "CHANNEL";
+ chat_type = "IRC";
+ name = "&bitlbee";
+ tag = "bitlbee_local";
+ }
+ );
+ };
+ 4 = {
+ items = (
+ {
+ type = "CHANNEL";
+ chat_type = "IRC";
+ name = "#general";
+ tag = "BonoboNET_LOKI";
+ }
+ );
+ };
+ 5 = {
+ items = (
+ {
+ type = "QUERY";
+ chat_type = "IRC";
+ name = "*status";
+ tag = "Undernet-ZNC";
+ }
+ );
+ };
+};
+mainwindows = {
+ 3 = {
+ first_line = "1";
+ lines = "47";
+ first_column = "0";
+ columns = "212";
+ };
+};
diff --git a/irssi/solarized-powerline.theme b/irssi/solarized-powerline.theme
index 37b0b3f..7a3772e 100644
--- a/irssi/solarized-powerline.theme
+++ b/irssi/solarized-powerline.theme
@@ -403,7 +403,7 @@ formats = {
daychange = " %g-----%k-%W-%n Day changed to %%D %W-%k-%g-----%n";
join = "%k%z00af5fJOIN %8 {ichannelhilight $2} %0%Z00d700%0 {inick $0}%0 %N {chanhost_hilight $1}";
line_start_irssi = "%k%z5f5fd7IRSSI%N%Z5f5fd7î‚° %N";
- new_topic = "%k%z00d700TOPIC %8 {ichannelhilight $1} %wby {inick $0}%Z005f87%N  $2";
+ new_topic = "%k%z00d700TOPIC %8 {ichannelhilight $1} %wby {inick $0} %N%9%Z5f5fd7  $2";
nick_changed = "%k%z00d700RENAME %Z00d700%0 %k%z005f87{nick $0} %Zff8700 {nick $1}%Z005f87%0%N";
part = "%K%Z00d700%k%z00d700PART %8 {ichannelhilight $2}%N %0%Z005f87 %N{inick $0}%0 %Z005f87%Zeeeeee {reason $3}";
quit = "%0%Z005f00%k%z005f00QUIT %N {inick $0}%0 %Zeeeeee %N%n%k%N {reason $2}";
diff --git a/keymap.kbd b/keymap.kbd
index a27f7a0..72e0d58 100644
--- a/keymap.kbd
+++ b/keymap.kbd
@@ -17,7 +17,7 @@
)
-------------------------------------------------------------------------- |#
(defcfg
- input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-event-kbd")
+ input (device-file "/dev/input/by-id/usb-Razer_Razer_Huntsman_Tournament_Edition_00000000001A-if01-event-kbd")
output (uinput-sink "KMonad output")
cmp-seq lalt
diff --git a/postit b/postit
index 3e09ea0..a1becb9 100644
--- a/postit
+++ b/postit
@@ -57,3 +57,13 @@ https://magma.lavafeld.org/guide/osint-sources.html#looking-glasses
echo "" | GPG_TTY=$(tty) gpg2 --pinentry-mode loopback -a --default-key A6A0F5158B3881DF --detach-sig
echo 0 > /proc/sys/vm/compaction_proactiveness
browser.fixup.domainsuffixwhitelist.loki
+https://www.remlab.net/miredo/
+https://ftp.mozilla.org/
+https://metacode.biz/openpgp/web-key-directory
+dpmx
+https://malltina.com/product/mlt-1675290
+https://grandvape.shop/
+https://artemislena.eu/
+https://gtmetrix.com/analyze.html
+adb shell settings put global http_proxy 192.168.1.214:8118
+https://open.spotify.com/show/2Mu5dTlsG1vRE25twu1P2l
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index cbc9377..3c860ae 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -33,5 +33,5 @@ volumes:
mnesia_db:
vault:
# openssl dhparam -out dhparams.pem 4096
-# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive
+# certbot certonly --standalone -d chat.terminaldweller.com --email devi@terminaldweller.com --agree-tos --noninteractive --dry-run
# docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password
diff --git a/terminaldweller.com/gemini/index.gmi b/terminaldweller.com/gemini/index.gmi
index 625c86c..dae8a76 100644
--- a/terminaldweller.com/gemini/index.gmi
+++ b/terminaldweller.com/gemini/index.gmi
@@ -17,10 +17,11 @@ I manually upload my PGP key to https://keys.openpgp.org and https://pgp.mit.edu
SSH FP: SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4 - github [10], gitlab [11], codeberg [12], self-hosted [13]
IRC:
-Libera [14] : terminaldweller FP:FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F
-OFTC [15] : terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876
-Rizon [16] : terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876
-Tilde [17] : terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876
+Libera [14] : terminaldweller FP: FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F
+OFTC [15] : terminaldweller FP: 1072EFECA623C6E3D7A6628BEB6021F77EA2C876
+Rizon [16] : terminaldweller FP: 1072EFECA623C6E3D7A6628BEB6021F77EA2C876
+Tilde [17] : terminaldweller FP: 1072EFECA623C6E3D7A6628BEB6021F77EA2C876
+Bonobonet [18] : terminaldweller FP: 5e3bd8ab6f8c6f6a614d4b2245fd6b5737a6e59917c6719de62b55bac77b978c
You can also find me on Libera, OFTC and Rizon in ##terminaldweller.
XMPP:
@@ -31,24 +32,31 @@ Email:
(the order is significant)
devi@terminaldweller.com
thabogre@gmail.com
+bloodstalker@zoho.com
farzadsadeghi@protonmail.ch
All emails have the ssh and pgp key fingerprints as signature. You can ask for one.
+I sign all emails, unless I receive an encrypted email in which case, I will also encrypt the response.
+
+Matrix:
+@devi:terminaldweller.com [19]
+@terminaldweller:matrix.org [20]
OpenID: https://launchpad.net/~terminaldweller
Git:
-Github: terminaldweller [18]
+github.com/terminaldweller [21]
Mirrors:
-git.terminaldweller.com [19]
-codeberg.org/terminaldweller [20]
-gitlab.com/terminaldweller [21]
+git.terminaldweller.com [22]
+codeberg.org/terminaldweller [23]
+gitlab.com/terminaldweller [24]
-Mastodon: @terminaldweller@terminaldweller.com [22]
-If you cant find the handle then you need to log in. I'm not hosting my own mastodon instance. I'm just hosting my own webfinger. The actual handle is @terminaldweller@fosstodon.org [23]
+Mastodon:
+@devi@pleroma.terminaldweller.com [25]
+@terminaldweller@fosstodon.com [26]
-Blog: Blog [24] RSS [25]
+Blog: Blog [27] RSS [28]
-Linkedin [26]
+Linkedin [29]
Services: N/A
@@ -66,15 +74,18 @@ Services: N/A
=> https://codeberg.org/terminaldweller.keys codeberg
=> keys/id_rsa_pub self-hosted
=> https://libera.chat Libera
-=> https://oftc.net OFTC
+=> https://oftc.net/ OFTC
=> https://rizon.net/ Rizon
-=> https://tilde.chat Tilde
-=> https://github.com/terminaldweller terminaldweller
+=> https://tilde.chat/ Tilde
+=> https://bnet.eu.org/ Bonobonet
+=> https://matrix.to/#/@devi:terminaldweller.com @devi:terminaldweller.com
+=> https://matrix.to/#/@terminaldweller:matrix.org @terminaldweller:matrix.org
+=> https://github.com/terminaldweller github.com/terminaldweller
=> https://git.terminaldweller.com git.terminaldweller.com
=> https://codeberg.org/terminaldweller codeberg.org/terminaldweller
=> https://gitlab.com/terminaldweller gitlab.com/terminaldweller
-=> https://fosstodon.org/@terminaldweller @terminaldweller@terminaldweller.com
-=> https://fosstodon.org/@terminaldweller @terminaldweller@fosstodon.org
+=> https://pleroma.terminaldweller.com/users/devi @devi@pleroma.terminaldweller.com
+=> https://fosstodon.org/@terminaldweller @terminaldweller@fosstodon.com
=> https://blog.terminaldweller.com Blog
=> https://blog.terminaldweller.com/rss/feed RSS
=> https://www.linkedin.com/in/farzad-sadeghi/ Linkedin
diff --git a/terminaldweller.com/ircd/docker-compose.yml b/terminaldweller.com/ircd/docker-compose.yml
new file mode 100644
index 0000000..0292f2a
--- /dev/null
+++ b/terminaldweller.com/ircd/docker-compose.yml
@@ -0,0 +1,23 @@
+version: "3.8"
+
+services:
+ ergo:
+ image: ghcr.io/ergochat/ergo:stable
+ ports:
+ - "6697:6697/tcp"
+ volumes:
+ - ergodata:/ircd
+ - ./ircd.yaml:/ircd/ircd.yaml:ro
+ - /etc/letsencrypt/live/irc.terminaldweller.com/fullchain.pem:/etc/letsencrypt/live/irc.terminaldweller.com/fullchain.pem
+ - /etc/letsencrypt/live/irc.terminaldweller.com/privkey.pem:/etc/letsencrypt/live/irc.terminaldweller.com/privkey.pem
+ networks:
+ - ergonet
+ labels:
+ - traefik.enable=false
+volumes:
+ ergodata:
+networks:
+ ergonet:
+ traefiknet:
+ name: matrix_default
+ external: true
diff --git a/terminaldweller.com/ircd/ircd.yaml b/terminaldweller.com/ircd/ircd.yaml
new file mode 100644
index 0000000..987f0bb
--- /dev/null
+++ b/terminaldweller.com/ircd/ircd.yaml
@@ -0,0 +1,1010 @@
+# This is the default config file for Ergo.
+# It contains recommended defaults for all settings, including some behaviors
+# that differ from conventional ircd+services setups. See traditional.yaml
+# for a config with more "mainstream" behavior.
+#
+# If you are setting up a new Ergo server, you should copy this file
+# to a new one named 'ircd.yaml', then look through the file to see which
+# settings you want to customize. If you don't understand a setting, or
+# aren't sure what behavior you want, most of the defaults are fine
+# to start with (you can change them later, even on a running server).
+# However, there are a few that you should probably change up front:
+# 1. network.name (a human-readable name that identifies your network,
+# no spaces or special characters) and server.name (consider using the
+# domain name of your server)
+# 2. if you have valid TLS certificates (for example, from letsencrypt.org),
+# you should enable them in server.listeners in place of the default
+# self-signed certificates
+# 3. the operator password in the 'opers' section
+# 4. by default, message history is enabled, using in-memory history storage
+# and with messages expiring after 7 days. depending on your needs, you may
+# want to disable history entirely, remove the expiration time, switch to
+# persistent history stored in MySQL, or do something else entirely. See
+# the 'history' section of the config.
+
+# network configuration
+network:
+ # name of the network
+ name: devinet
+
+# server configuration
+server:
+ # server name
+ name: irc.terminaldweller.com
+
+ # addresses to listen on
+ listeners:
+ # The standard plaintext port for IRC is 6667. Allowing plaintext over the
+ # public Internet poses serious security and privacy issues. Accordingly,
+ # we recommend using plaintext only on local (loopback) interfaces:
+ # "127.0.0.1:6667": # (loopback ipv4, localhost-only)
+ # "[::1]:6667": # (loopback ipv6, localhost-only)
+ # If you need to serve plaintext on public interfaces, comment out the above
+ # two lines and uncomment the line below (which listens on all interfaces):
+ # ":6667":
+ # Alternately, if you have a TLS certificate issued by a recognized CA,
+ # you can configure port 6667 as an STS-only listener that only serves
+ # "redirects" to the TLS port, but doesn't allow chat. See the manual
+ # for details.
+
+ # The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
+ ":6697":
+ # this is a standard TLS configuration with a single certificate;
+ # see the manual for instructions on how to configure SNI
+ tls:
+ cert: /etc/letsencrypt/live/irc.terminaldweller.com/fullchain.pem
+ key: /etc/letsencrypt/live/irc.terminaldweller.com/privkey.pem
+ # 'proxy' should typically be false. It's for cloud load balancers that
+ # always send a PROXY protocol header ahead of the connection. See the
+ # manual ("Reverse proxies") for more details.
+ proxy: false
+ # set the minimum TLS version:
+ min-tls-version: 1.3
+
+ # Example of a Unix domain socket for proxying:
+ # "/tmp/ergo_sock":
+
+ # Example of a Tor listener: any connection that comes in on this listener will
+ # be considered a Tor connection. It is strongly recommended that this listener
+ # *not* be on a public interface --- it should be on 127.0.0.0/8 or unix domain:
+ # "/hidden_service_sockets/ergo_tor_sock":
+ # tor: true
+
+ # Example of a WebSocket listener:
+ # ":8097":
+ # websocket: true
+ # tls:
+ # cert: fullchain.pem
+ # key: privkey.pem
+
+ # sets the permissions for Unix listen sockets. on a typical Linux system,
+ # the default is 0775 or 0755, which prevents other users/groups from connecting
+ # to the socket. With 0777, it behaves like a normal TCP socket
+ # where anyone can connect.
+ unix-bind-mode: 0777
+
+ # configure the behavior of Tor listeners (ignored if you didn't enable any):
+ tor-listeners:
+ # if this is true, connections from Tor must authenticate with SASL
+ require-sasl: false
+
+ # what hostname should be displayed for Tor connections?
+ vhost: "tor-network.onion"
+
+ # allow at most this many connections at once (0 for no limit):
+ max-connections: 64
+
+ # connection throttling (limit how many connection attempts are allowed at once):
+ throttle-duration: 10m
+ # set to 0 to disable throttling:
+ max-connections-per-duration: 64
+
+ # strict transport security, to get clients to automagically use TLS
+ sts:
+ # whether to advertise STS
+ #
+ # to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
+ # advertise to connecting users that the STS policy they have saved is no longer valid
+ enabled: true
+
+ # how long clients should be forced to use TLS for.
+ # setting this to a too-long time will mean bad things if you later remove your TLS.
+ # the default duration below is 1 month, 2 days and 5 minutes.
+ duration: 1mo2d5m
+
+ # tls port - you should be listening on this port above
+ port: 6697
+
+ # should clients include this STS policy when they ship their inbuilt preload lists?
+ preload: false
+
+ websockets:
+ # Restrict the origin of WebSocket connections by matching the "Origin" HTTP
+ # header. This setting causes ergo to reject websocket connections unless
+ # they originate from a page on one of the whitelisted websites in this list.
+ # This prevents malicious websites from making their visitors connect to your
+ # ergo instance without their knowledge. An empty list means there are no
+ # restrictions.
+ allowed-origins:
+ # - "https://ergo.chat"
+ # - "https://*.ergo.chat"
+
+ # casemapping controls what kinds of strings are permitted as identifiers (nicknames,
+ # channel names, account names, etc.), and how they are normalized for case.
+ # the recommended default is 'ascii' (traditional ASCII-only identifiers).
+ # the other options are 'precis', which allows UTF8 identifiers that are "sane"
+ # (according to UFC 8265), with additional mitigations for homoglyph attacks,
+ # and 'permissive', which allows identifiers containing unusual characters like
+ # emoji, at the cost of increased vulnerability to homoglyph attacks and potential
+ # client compatibility problems. we recommend leaving this value at its default;
+ # however, note that changing it once the network is already up and running is
+ # problematic.
+ casemapping: "ascii"
+
+ # enforce-utf8 controls whether the server will preemptively discard non-UTF8
+ # messages (since they cannot be relayed to websocket clients), or will allow
+ # them and relay them to non-websocket clients (as in traditional IRC).
+ enforce-utf8: true
+
+ # whether to look up user hostnames with reverse DNS. there are 3 possibilities:
+ # 1. lookup-hostnames enabled, IP cloaking disabled; users will see each other's hostnames
+ # 2. lookup-hostnames disabled, IP cloaking disabled; users will see each other's numeric IPs
+ # 3. [the default] IP cloaking enabled; users will see cloaked hostnames
+ lookup-hostnames: false
+ # whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for
+ # any hostname returned from reverse DNS, resolve it back to an IP address and reject it
+ # unless it matches the connecting IP
+ forward-confirm-hostnames: true
+
+ # use ident protocol to get usernames
+ check-ident: false
+
+ # ignore the supplied user/ident string from the USER command, always setting user/ident
+ # to the following literal value; this can potentially reduce confusion and simplify bans.
+ # the value must begin with a '~' character. comment out / omit to disable:
+ coerce-ident: '~u'
+
+ # 'password' allows you to require a global, shared password (the IRC `PASS` command)
+ # to connect to the server. for operator passwords, see the `opers` section of the
+ # config. for a more secure way to create a private server, see the `require-sasl`
+ # section. you must hash the password with `ergo genpasswd`, then enter the hash here:
+ #password: "" #pragma: allowlist secret
+
+ # motd filename
+ # if you change the motd, you should move it to ircd.motd
+ motd: ergo.motd
+
+ # motd formatting codes
+ # if this is true, the motd is escaped using formatting codes like $c, $b, and $i
+ motd-formatting: true
+
+ # relaying using the RELAYMSG command
+ relaymsg:
+ # is relaymsg enabled at all?
+ enabled: true
+
+ # which character(s) are reserved for relayed nicks?
+ separators: "/"
+
+ # can channel operators use RELAYMSG in their channels?
+ # our implementation of RELAYMSG makes it safe for chanops to use without the
+ # possibility of real users being silently spoofed
+ available-to-chanops: true
+
+ # IPs/CIDRs the PROXY command can be used from
+ # This should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets).
+ # Unless you have a good reason. you should also add these addresses to the
+ # connection limits and throttling exemption lists.
+ proxy-allowed-from:
+ - localhost
+ # - "192.168.1.1"
+ # - "192.168.10.1/24"
+
+ # controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
+ webirc:
+ # one webirc block -- should correspond to one set of gateways
+ -
+ # SHA-256 fingerprint of the TLS certificate the gateway must use to connect
+ # (comment this out to use passwords only)
+ certfp: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789" #pragma: allowlist secret
+
+ # password the gateway uses to connect, made with `ergo genpasswd`
+ password: "" # pragma: allowlist secret
+
+ # IPs/CIDRs that can use this webirc command
+ # you should also add these addresses to the connection limits and throttling exemption lists
+ hosts:
+ - localhost
+ # - "192.168.1.1"
+ # - "192.168.10.1/24"
+
+ # maximum length of clients' sendQ in bytes
+ # this should be big enough to hold bursts of channel/direct messages
+ max-sendq: 96k
+
+ # compatibility with legacy clients
+ compatibility:
+ # many clients require that the final parameter of certain messages be an
+ # RFC1459 trailing parameter, i.e., prefixed with :, whether or not this is
+ # actually required. this forces Ergo to send those parameters
+ # as trailings. this is recommended unless you're testing clients for conformance;
+ # defaults to true when unset for that reason.
+ force-trailing: true
+
+ # some clients (ZNC 1.6.x and lower, Pidgin 2.12 and lower) do not
+ # respond correctly to SASL messages with the server name as a prefix:
+ # https://github.com/znc/znc/issues/1212
+ # this works around that bug, allowing them to use SASL.
+ send-unprefixed-sasl: true
+
+ # traditionally, IRC servers will truncate and send messages that are
+ # too long to be relayed intact. this behavior can be disabled by setting
+ # allow-truncation to false, in which case Ergo will reject the message
+ # and return an error to the client. (note that this option defaults to true
+ # when unset.)
+ allow-truncation: false
+
+ # IP-based DoS protection
+ ip-limits:
+ # whether to limit the total number of concurrent connections per IP/CIDR
+ count: true
+ # maximum concurrent connections per IP/CIDR
+ max-concurrent-connections: 16
+
+ # whether to restrict the rate of new connections per IP/CIDR
+ throttle: true
+ # how long to keep track of connections for
+ window: 10m
+ # maximum number of new connections per IP/CIDR within the given duration
+ max-connections-per-window: 32
+
+ # how wide the CIDR should be for IPv4 (a /32 is a fully specified IPv4 address)
+ cidr-len-ipv4: 32
+ # how wide the CIDR should be for IPv6 (a /64 is the typical prefix assigned
+ # by an ISP to an individual customer for their LAN)
+ cidr-len-ipv6: 64
+
+ # IPs/networks which are exempted from connection limits
+ exempted:
+ - "localhost"
+ # - "192.168.1.1"
+ # - "2001:0db8::/32"
+
+ # custom connection limits for certain IPs/networks.
+ custom-limits:
+ #"irccloud":
+ # nets:
+ # - "192.184.9.108" # highgate.irccloud.com
+ # - "192.184.9.110" # ealing.irccloud.com
+ # - "192.184.9.112" # charlton.irccloud.com
+ # - "192.184.10.118" # brockwell.irccloud.com
+ # - "192.184.10.9" # tooting.irccloud.com
+ # - "192.184.8.73" # hathersage.irccloud.com
+ # - "192.184.8.103" # stonehaven.irccloud.com
+ # - "5.254.36.57" # tinside.irccloud.com
+ # - "5.254.36.56/29" # additional ipv4 net
+ # - "2001:67c:2f08::/48"
+ # - "2a03:5180:f::/64"
+ # max-concurrent-connections: 2048
+ # max-connections-per-window: 2048
+
+ # pluggable IP ban mechanism, via subprocess invocation
+ # this can be used to check new connections against a DNSBL, for example
+ # see the manual for details on how to write an IP ban checking script
+ ip-check-script:
+ enabled: false
+ command: "/usr/local/bin/check-ip-ban"
+ # constant list of args to pass to the command; the actual query
+ # and result are transmitted over stdin/stdout:
+ args: []
+ # timeout for process execution, after which we send a SIGTERM:
+ timeout: 9s
+ # how long after the SIGTERM before we follow up with a SIGKILL:
+ kill-timeout: 1s
+ # how many scripts are allowed to run at once? 0 for no limit:
+ max-concurrency: 64
+ # if true, only check anonymous connections (not logged into an account)
+ # at the very end of the handshake:
+ exempt-sasl: false
+
+ # IP cloaking hides users' IP addresses from other users and from channel admins
+ # (but not from server admins), while still allowing channel admins to ban
+ # offending IP addresses or networks. In place of hostnames derived from reverse
+ # DNS, users see fake domain names like pwbs2ui4377257x8.irc. These names are
+ # generated deterministically from the underlying IP address, but if the underlying
+ # IP is not already known, it is infeasible to recover it from the cloaked name.
+ # If you disable this, you should probably enable lookup-hostnames in its place.
+ ip-cloaking:
+ # whether to enable IP cloaking
+ enabled: true
+
+ # whether to use these cloak settings (specifically, `netname` and `num-bits`)
+ # to produce unique hostnames for always-on clients. you can enable this even if
+ # you disabled IP cloaking for normal clients above. if this is disabled,
+ # always-on clients will all have an identical hostname (the server name).
+ enabled-for-always-on: true
+
+ # fake TLD at the end of the hostname, e.g., pwbs2ui4377257x8.irc
+ # you may want to use your network name here
+ netname: "irc"
+
+ # the cloaked hostname is derived only from the CIDR (most significant bits
+ # of the IP address), up to a configurable number of bits. this is the
+ # granularity at which bans will take effect for IPv4. Note that changing
+ # this value will invalidate any stored bans.
+ cidr-len-ipv4: 32
+
+ # analogous granularity for IPv6
+ cidr-len-ipv6: 64
+
+ # number of bits of hash output to include in the cloaked hostname.
+ # more bits means less likelihood of distinct IPs colliding,
+ # at the cost of a longer cloaked hostname. if this value is set to 0,
+ # all users will receive simply `netname` as their cloaked hostname.
+ num-bits: 64
+
+ # secure-nets identifies IPs and CIDRs which are secure at layer 3,
+ # for example, because they are on a trusted internal LAN or a VPN.
+ # plaintext connections from these IPs and CIDRs will be considered
+ # secure (clients will receive the +Z mode and be allowed to resume
+ # or reattach to secure connections). note that loopback IPs are always
+ # considered secure:
+ secure-nets:
+ # - "10.0.0.0/8"
+
+ # Ergo will write files to disk under certain circumstances, e.g.,
+ # CPU profiling or data export. by default, these files will be written
+ # to the working directory. set this to customize:
+ #output-path: "/home/ergo/out"
+
+ # the hostname used by "services", e.g., NickServ, defaults to "localhost",
+ # e.g., `NickServ!NickServ@localhost`. uncomment this to override:
+ #override-services-hostname: "example.network"
+
+ # in a "closed-loop" system where you control the server and all the clients,
+ # you may want to increase the maximum (non-tag) length of an IRC line from
+ # the default value of 512. DO NOT change this on a public server:
+ # max-line-len: 512
+
+ # send all 0's as the LUSERS (user counts) output to non-operators; potentially useful
+ # if you don't want to publicize how popular the server is
+ suppress-lusers: false
+
+# account options
+accounts:
+ # is account authentication enabled, i.e., can users log into existing accounts?
+ authentication-enabled: true
+
+ # account registration
+ registration:
+ # can users register new accounts for themselves? if this is false, operators with
+ # the `accreg` capability can still create accounts with `/NICKSERV SAREGISTER`
+ enabled: false
+
+ # can users use the REGISTER command to register before fully connecting?
+ allow-before-connect: false
+
+ # global throttle on new account creation
+ throttling:
+ enabled: true
+ # window
+ duration: 10m
+ # number of attempts allowed within the window
+ max-attempts: 30
+
+ # this is the bcrypt cost we'll use for account passwords
+ # (note that 4 is the lowest value allowed by the bcrypt library)
+ bcrypt-cost: 4
+
+ # length of time a user has to verify their account before it can be re-registered
+ verify-timeout: "32h"
+
+ # options for email verification of account registrations
+ email-verification:
+ enabled: false
+ sender: "admin@my.network"
+ require-tls: true
+ helo-domain: "my.network" # defaults to server name if unset
+ # options to enable DKIM signing of outgoing emails (recommended, but
+ # requires creating a DNS entry for the public key):
+ # dkim:
+ # domain: "my.network"
+ # selector: "20200229"
+ # key-file: "dkim.pem"
+ # to use an MTA/smarthost instead of sending email directly:
+ # mta:
+ # server: localhost
+ # port: 25
+ # username: "admin"
+ # password: "" # pragma: allowlist secret
+ # implicit-tls: false # TLS from the first byte, typically on port 465
+ blacklist-regexes:
+ # - ".*@mailinator.com"
+ timeout: 60s
+ # email-based password reset:
+ password-reset:
+ enabled: false
+ # time before we allow resending the email
+ cooldown: 1h
+ # time for which a password reset code is valid
+ timeout: 1d
+
+ # throttle account login attempts (to prevent either password guessing, or DoS
+ # attacks on the server aimed at forcing repeated expensive bcrypt computations)
+ login-throttling:
+ enabled: true
+
+ # window
+ duration: 1m
+
+ # number of attempts allowed within the window
+ max-attempts: 3
+
+ # some clients (notably Pidgin and Hexchat) offer only a single password field,
+ # which makes it impossible to specify a separate server password (for the PASS
+ # command) and SASL password. if this option is set to true, a client that
+ # successfully authenticates with SASL will not be required to send
+ # PASS as well, so it can be configured to authenticate with SASL only.
+ skip-server-password: false
+
+ # enable login to accounts via the PASS command, e.g., PASS account:password
+ # this is useful for compatibility with old clients that don't support SASL
+ login-via-pass-command: true
+
+ # advertise the SCRAM-SHA-256 authentication method. set to false in case of
+ # compatibility issues with certain clients:
+ advertise-scram: true
+
+ # require-sasl controls whether clients are required to have accounts
+ # (and sign into them using SASL) to connect to the server
+ require-sasl:
+ # if this is enabled, all clients must authenticate with SASL while connecting.
+ # WARNING: for a private server, you MUST set accounts.registration.enabled
+ # to false as well, in order to prevent non-administrators from registering
+ # accounts.
+ enabled: true
+
+ # IPs/CIDRs which are exempted from the account requirement
+ exempted:
+ - "localhost"
+ # - '10.10.0.0/16'
+
+ # nick-reservation controls how, and whether, nicknames are linked to accounts
+ nick-reservation:
+ # is there any enforcement of reserved nicknames?
+ enabled: true
+
+ # how many nicknames, in addition to the account name, can be reserved?
+ # (note that additional nicks are unusable under force-nick-equals-account
+ # or if the client is always-on)
+ additional-nick-limit: 0
+
+ # method describes how nickname reservation is handled
+ # strict: users must already be logged in to their account (via
+ # SASL, PASS account:password, or /NickServ IDENTIFY)
+ # in order to use their reserved nickname(s)
+ # optional: no enforcement by default, but allow users to opt in to
+ # the enforcement level of their choice
+ method: strict
+
+ # allow users to set their own nickname enforcement status, e.g.,
+ # to opt out of strict enforcement
+ allow-custom-enforcement: false
+
+ # format for guest nicknames:
+ # 1. these nicknames cannot be registered or reserved
+ # 2. if a client is automatically renamed by the server,
+ # this is the template that will be used (e.g., Guest-nccj6rgmt97cg)
+ # 3. if enforce-guest-format (see below) is enabled, clients without
+ # a registered account will have this template applied to their
+ # nicknames (e.g., 'katie' will become 'Guest-katie')
+ guest-nickname-format: "Guest-*"
+
+ # when enabled, forces users not logged into an account to use
+ # a nickname matching the guest template. a caveat: this may prevent
+ # users from choosing nicknames in scripts different from the guest
+ # nickname format.
+ force-guest-format: false
+
+ # when enabled, forces users logged into an account to use the
+ # account name as their nickname. when combined with strict nickname
+ # enforcement, this lets users treat nicknames and account names
+ # as equivalent for the purpose of ban/invite/exception lists.
+ force-nick-equals-account: true
+
+ # parallel setting to force-nick-equals-account: if true, this forbids
+ # anonymous users (i.e., users not logged into an account) to change their
+ # nickname after the initial connection is complete
+ forbid-anonymous-nick-changes: false
+
+ # multiclient controls whether Ergo allows multiple connections to
+ # attach to the same client/nickname identity; this is part of the
+ # functionality traditionally provided by a bouncer like ZNC
+ multiclient:
+ # when disabled, each connection must use a separate nickname (as is the
+ # typical behavior of IRC servers). when enabled, a new connection that
+ # has authenticated with SASL can associate itself with an existing
+ # client
+ enabled: true
+
+ # if this is disabled, clients have to opt in to bouncer functionality
+ # using nickserv or the cap system. if it's enabled, they can opt out
+ # via nickserv
+ allowed-by-default: true
+
+ # whether to allow clients that remain on the server even
+ # when they have no active connections. The possible values are:
+ # "disabled", "opt-in", "opt-out", or "mandatory".
+ always-on: "opt-in"
+
+ # whether to mark always-on clients away when they have no active connections:
+ auto-away: "opt-in"
+
+ # QUIT always-on clients from the server if they go this long without connecting
+ # (use 0 or omit for no expiration):
+ #always-on-expiration: 90d
+
+ # vhosts controls the assignment of vhosts (strings displayed in place of the user's
+ # hostname/IP) by the HostServ service
+ vhosts:
+ # are vhosts enabled at all?
+ enabled: true
+
+ # maximum length of a vhost
+ max-length: 64
+
+ # regexp for testing the validity of a vhost
+ # (make sure any changes you make here are RFC-compliant)
+ valid-regexp: '^[0-9A-Za-z.\-_/]+$'
+
+ # modes that are set by default when a user connects
+ # if unset, no user modes will be set by default
+ # +i is invisible (a user's channels are hidden from whois replies)
+ # see /QUOTE HELP umodes for more user modes
+ default-user-modes: +i
+
+ # pluggable authentication mechanism, via subprocess invocation
+ # see the manual for details on how to write an authentication plugin script
+ auth-script:
+ enabled: false
+ command: "/usr/local/bin/authenticate-irc-user"
+ # constant list of args to pass to the command; the actual authentication
+ # data is transmitted over stdin/stdout:
+ args: []
+ # should we automatically create users if the plugin returns success?
+ autocreate: true
+ # timeout for process execution, after which we send a SIGTERM:
+ timeout: 9s
+ # how long after the SIGTERM before we follow up with a SIGKILL:
+ kill-timeout: 1s
+ # how many scripts are allowed to run at once? 0 for no limit:
+ max-concurrency: 64
+
+# channel options
+channels:
+ # modes that are set when new channels are created
+ # +n is no-external-messages, +t is op-only-topic,
+ # +C is no CTCPs (besides ACTION)
+ # see /QUOTE HELP cmodes for more channel modes
+ default-modes: +ntC
+
+ # how many channels can a client be in at once?
+ max-channels-per-client: 100
+
+ # if this is true, new channels can only be created by operators with the
+ # `chanreg` operator capability
+ operator-only-creation: false
+
+ # channel registration - requires an account
+ registration:
+ # can users register new channels?
+ enabled: true
+
+ # restrict new channel registrations to operators only?
+ # (operators can then transfer channels to regular users using /CS TRANSFER)
+ operator-only: false
+
+ # how many channels can each account register?
+ max-channels-per-account: 15
+
+ # as a crude countermeasure against spambots, anonymous connections younger
+ # than this value will get an empty response to /LIST (a time period of 0 disables)
+ list-delay: 0s
+
+ # INVITE to an invite-only channel expires after this amount of time
+ # (0 or omit for no expiration):
+ invite-expiration: 24h
+
+# operator classes:
+# an operator has a single "class" (defining a privilege level), which can include
+# multiple "capabilities" (defining privileged actions they can take). all
+# currently available operator capabilities are associated with either the
+# 'chat-moderator' class (less privileged) or the 'server-admin' class (full
+# privileges) below: you can mix and match to create new classes.
+oper-classes:
+ # chat moderator: can ban/unban users from the server, join channels,
+ # fix mode issues and sort out vhosts.
+ "chat-moderator":
+ # title shown in WHOIS
+ title: Chat Moderator
+
+ # capability names
+ capabilities:
+ - "kill" # disconnect user sessions
+ - "ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE)
+ - "nofakelag" # exempted from "fakelag" restrictions on rate of message sending
+ - "relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block)
+ - "vhosts" # add and remove vhosts from users
+ - "sajoin" # join arbitrary channels, including private channels
+ - "samode" # modify arbitrary channel and user modes
+ - "snomasks" # subscribe to arbitrary server notice masks
+ - "roleplay" # use the (deprecated) roleplay commands in any channel
+
+ # server admin: has full control of the ircd, including nickname and
+ # channel registrations
+ "server-admin":
+ # title shown in WHOIS
+ title: Server Admin
+
+ # oper class this extends from
+ extends: "chat-moderator"
+
+ # capability names
+ capabilities:
+ - "rehash" # rehash the server, i.e. reload the config at runtime
+ - "accreg" # modify arbitrary account registrations
+ - "chanreg" # modify arbitrary channel registrations
+ - "history" # modify or delete history messages
+ - "defcon" # use the DEFCON command (restrict server capabilities)
+ - "massmessage" # message all users on the server
+
+# ircd operators
+opers:
+ # default operator named 'admin'; log in with /OPER admin <password>
+ admin:
+ # which capabilities this oper has access to
+ class: "server-admin"
+
+ # traditionally, operator status is visible to unprivileged users in
+ # WHO and WHOIS responses. this can be disabled with 'hidden'.
+ hidden: true
+
+ # custom whois line (if `hidden` is enabled, visible only to other operators)
+ whois-line: is the server administrator
+
+ # custom hostname (ignored if `hidden` is enabled)
+ #vhost: "staff"
+
+ # modes are modes to auto-set upon opering-up. uncomment this to automatically
+ # enable snomasks ("server notification masks" that alert you to server events;
+ # see `/quote help snomasks` while opered-up for more information):
+ modes: +is acdjknoqtuxv
+
+ # operators can be authenticated either by password (with the /OPER command),
+ # or by certificate fingerprint, or both. if a password hash is set, then a
+ # password is required to oper up (e.g., /OPER dan mypassword). to generate
+ # the hash, use `ergo genpasswd`.
+ # password: "" # pragma: allowlist secret
+
+ # if a SHA-256 certificate fingerprint is configured here, then it will be
+ # required to /OPER. if you comment out the password hash above, then you can
+ # /OPER without a password.
+ certfp: "5e3bd8ab6f8c6f6a614d4b2245fd6b5737a6e59917c6719de62b55bac77b978c" # pragma: allowlist secret
+ # if 'auto' is set (and no password hash is set), operator permissions will be
+ # granted automatically as soon as you connect with the right fingerprint.
+ auto: true
+
+ # example of a moderator named 'alice'
+ # (log in with /OPER alice <password>):
+ #alice:
+ # class: "chat-moderator"
+ # whois-line: "can help with moderation issues!"
+ # password: "" #pragma: allowlist secret
+
+# logging, takes inspiration from Insp
+logging:
+ -
+ # how to log these messages
+ #
+ # file log to a file
+ # stdout log to stdout
+ # stderr log to stderr
+ # (you can specify multiple methods, e.g., to log to both stderr and a file)
+ method: stderr
+
+ # filename to log to, if file method is selected
+ # filename: ircd.log
+
+ # type(s) of logs to keep here. you can use - to exclude those types
+ #
+ # exclusions take precedent over inclusions, so if you exclude a type it will NEVER
+ # be logged, even if you explicitly include it
+ #
+ # useful types include:
+ # * everything (usually used with exclusing some types below)
+ # server server startup, rehash, and shutdown events
+ # accounts account registration and authentication
+ # channels channel creation and operations
+ # opers oper actions, authentication, etc
+ # services actions related to NickServ, ChanServ, etc.
+ # internal unexpected runtime behavior, including potential bugs
+ # userinput raw lines sent by users
+ # useroutput raw lines sent to users
+ type: "* -userinput -useroutput"
+
+ # one of: debug info warn error
+ level: info
+ #-
+ # # example of a file log that avoids logging IP addresses
+ # method: file
+ # filename: ircd.log
+ # type: "* -userinput -useroutput -connect-ip"
+ # level: debug
+
+# debug options
+debug:
+ # when enabled, Ergo will attempt to recover from certain kinds of
+ # client-triggered runtime errors that would normally crash the server.
+ # this makes the server more resilient to DoS, but could result in incorrect
+ # behavior. deployments that would prefer to "start from scratch", e.g., by
+ # letting the process crash and auto-restarting it with systemd, can set
+ # this to false.
+ recover-from-errors: true
+
+ # optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/
+ # it is strongly recommended that you don't expose this on a public interface;
+ # if you need to access it remotely, you can use an SSH tunnel.
+ # set to `null`, "", leave blank, or omit to disable
+ # pprof-listener: "localhost:6060"
+
+# lock file preventing multiple instances of Ergo from accidentally being
+# started at once. comment out or set to the empty string ("") to disable.
+# this path is relative to the working directory; if your datastore.path
+# is absolute, you should use an absolute path here as well.
+lock-file: "ircd.lock"
+
+# datastore configuration
+datastore:
+ # path to the datastore
+ path: ircd.db
+
+ # if the database schema requires an upgrade, `autoupgrade` will attempt to
+ # perform it automatically on startup. the database will be backed
+ # up, and if the upgrade fails, the original database will be restored.
+ autoupgrade: true
+
+ # connection information for MySQL (currently only used for persistent history):
+ mysql:
+ enabled: false
+ host: "localhost"
+ port: 3306
+ # if socket-path is set, it will be used instead of host:port
+ #socket-path: "/var/run/mysqld/mysqld.sock"
+ user: "ergo"
+ password: "" # pragma: allowlist secret
+ history-database: "ergo_history"
+ timeout: 3s
+ max-conns: 4
+ # this may be necessary to prevent middleware from closing your connections:
+ #conn-max-lifetime: 180s
+
+# languages config
+languages:
+ # whether to load languages
+ enabled: false
+
+ # default language to use for new clients
+ # 'en' is the default English language in the code
+ default: en
+
+ # which directory contains our language files
+ path: languages
+
+# limits - these need to be the same across the network
+limits:
+ # nicklen is the max nick length allowed
+ nicklen: 32
+
+ # identlen is the max ident length allowed
+ identlen: 20
+
+ # channellen is the max channel length allowed
+ channellen: 64
+
+ # awaylen is the maximum length of an away message
+ awaylen: 390
+
+ # kicklen is the maximum length of a kick message
+ kicklen: 390
+
+ # topiclen is the maximum length of a channel topic
+ topiclen: 390
+
+ # maximum number of monitor entries a client can have
+ monitor-entries: 100
+
+ # whowas entries to store
+ whowas-entries: 100
+
+ # maximum length of channel lists (beI modes)
+ chan-list-modes: 60
+
+ # maximum number of messages to accept during registration (prevents
+ # DoS / resource exhaustion attacks):
+ registration-messages: 1024
+
+ # message length limits for the new multiline cap
+ multiline:
+ max-bytes: 4096 # 0 means disabled
+ max-lines: 100 # 0 means no limit
+
+# fakelag: prevents clients from spamming commands too rapidly
+fakelag:
+ # whether to enforce fakelag
+ enabled: true
+
+ # time unit for counting command rates
+ window: 1s
+
+ # clients can send this many commands without fakelag being imposed
+ burst-limit: 5
+
+ # once clients have exceeded their burst allowance, they can send only
+ # this many commands per `window`:
+ messages-per-window: 2
+
+ # client status resets to the default state if they go this long without
+ # sending any commands:
+ cooldown: 2s
+
+ # exempt a certain number of command invocations per session from fakelag;
+ # this is to speed up "resynchronization" of client state during reattach
+ command-budgets:
+ "CHATHISTORY": 16
+ "MARKREAD": 16
+ "MONITOR": 1
+ "WHO": 4
+
+# the roleplay commands are semi-standardized extensions to IRC that allow
+# sending and receiving messages from pseudo-nicknames. this can be used either
+# for actual roleplaying, or for bridging IRC with other protocols.
+roleplay:
+ # are roleplay commands enabled at all? (channels and clients still have to
+ # opt in individually with the +E mode)
+ enabled: false
+
+ # require the "roleplay" oper capability to send roleplay messages?
+ require-oper: false
+
+ # require channel operator permissions to send roleplay messages?
+ require-chanops: false
+
+ # add the real nickname, in parentheses, to the end of every roleplay message?
+ add-suffix: true
+
+# external services can integrate with the ircd using JSON Web Tokens (https://jwt.io).
+# in effect, the server can sign a token attesting that the client is present on
+# the server, is a member of a particular channel, etc.
+extjwt:
+ # # default service config (for `EXTJWT #channel`).
+ # # expiration time for the token:
+ # expiration: 45s
+ # # you can configure tokens to be signed either with HMAC and a symmetric secret:
+ # secret: "65PHvk0K1_sM-raTsCEhatVkER_QD8a0zVV8gG2EWcI"
+ # # or with an RSA private key:
+ # #rsa-private-key-file: "extjwt.pem"
+
+ # # named services (for `EXTJWT #channel service_name`):
+ # services:
+ # "jitsi":
+ # expiration: 30s
+ # secret: "qmamLKDuOzIzlO8XqsGGewei_At11lewh6jtKfSTbkg"
+
+# history message storage: this is used by CHATHISTORY, HISTORY, znc.in/playback,
+# various autoreplay features, and the resume extension
+history:
+ # should we store messages for later playback?
+ # by default, messages are stored in RAM only; they do not persist
+ # across server restarts. however, you may want to understand how message
+ # history interacts with the GDPR and/or any data privacy laws that apply
+ # in your country and the countries of your users.
+ enabled: true
+
+ # how many channel-specific events (messages, joins, parts) should be tracked per channel?
+ channel-length: 2048
+
+ # how many direct messages and notices should be tracked per user?
+ client-length: 256
+
+ # how long should we try to preserve messages?
+ # if `autoresize-window` is 0, the in-memory message buffers are preallocated to
+ # their maximum length. if it is nonzero, the buffers are initially small and
+ # are dynamically expanded up to the maximum length. if the buffer is full
+ # and the oldest message is older than `autoresize-window`, then it will overwrite
+ # the oldest message rather than resize; otherwise, it will expand if possible.
+ autoresize-window: 3d
+
+ # number of messages to automatically play back on channel join (0 to disable):
+ autoreplay-on-join: 0
+
+ # maximum number of CHATHISTORY messages that can be
+ # requested at once (0 disables support for CHATHISTORY)
+ chathistory-maxmessages: 1000
+
+ # maximum number of messages that can be replayed at once during znc emulation
+ # (znc.in/playback, or automatic replay on initial reattach to a persistent client):
+ znc-maxmessages: 2048
+
+ # options to delete old messages, or prevent them from being retrieved
+ restrictions:
+ # if this is set, messages older than this cannot be retrieved by anyone
+ # (and will eventually be deleted from persistent storage, if that's enabled)
+ expire-time: 1w
+
+ # this restricts access to channel history (it can be overridden by channel
+ # owners). options are: 'none' (no restrictions), 'registration-time'
+ # (logged-in users cannot retrieve messages older than their account
+ # registration date, and anonymous users cannot retrieve messages older than
+ # their sign-on time, modulo the grace-period described below), and
+ # 'join-time' (users cannot retrieve messages older than the time they
+ # joined the channel, so only always-on clients can view history).
+ query-cutoff: 'none'
+
+ # if query-cutoff is set to 'registration-time', this allows retrieval
+ # of messages that are up to 'grace-period' older than the above cutoff.
+ # if you use 'registration-time', this is recommended to allow logged-out
+ # users to query history after disconnections.
+ grace-period: 1h
+
+ # options to store history messages in a persistent database (currently only MySQL).
+ # in order to enable any of this functionality, you must configure a MySQL server
+ # in the `datastore.mysql` section. enabling persistence overrides the history
+ # size limits above (`channel-length`, `client-length`, etc.); persistent
+ # history has no limits other than those imposed by expire-time.
+ persistent:
+ enabled: false
+
+ # store unregistered channel messages in the persistent database?
+ unregistered-channels: false
+
+ # for a registered channel, the channel owner can potentially customize
+ # the history storage setting. as the server operator, your options are
+ # 'disabled' (no persistent storage, regardless of per-channel setting),
+ # 'opt-in', 'opt-out', and 'mandatory' (force persistent storage, ignoring
+ # per-channel setting):
+ registered-channels: "opt-out"
+
+ # direct messages are only stored in the database for logged-in clients;
+ # you can control how they are stored here (same options as above).
+ # if you enable this, strict nickname reservation is strongly recommended
+ # as well.
+ direct-messages: "opt-out"
+
+ # options to control how messages are stored and deleted:
+ retention:
+ # allow users to delete their own messages from history?
+ allow-individual-delete: false
+
+ # if persistent history is enabled, create additional index tables,
+ # allowing deletion of JSON export of an account's messages. this
+ # may be needed for compliance with data privacy regulations.
+ enable-account-indexing: false
+
+ # options to control storage of TAGMSG
+ tagmsg-storage:
+ # by default, should TAGMSG be stored?
+ default: false
+
+ # if `default` is false, store TAGMSG containing any of these tags:
+ whitelist:
+ - "+draft/react"
+ - "+react"
+
+ # if `default` is true, don't store TAGMSG containing any of these tags:
+ #blacklist:
+ # - "+draft/typing"
+ # - "typing"
+
+# whether to allow customization of the config at runtime using environment variables,
+# e.g., ERGO__SERVER__MAX_SENDQ=128k. see the manual for more details.
+allow-environment-overrides: true
diff --git a/terminaldweller.com/main/docker-compose.yaml b/terminaldweller.com/main/docker-compose.yaml
index 7d73795..5c38d62 100644
--- a/terminaldweller.com/main/docker-compose.yaml
+++ b/terminaldweller.com/main/docker-compose.yaml
@@ -10,7 +10,8 @@ services:
restart: unless-stopped
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- - /etc/letsencrypt/archive/terminaldweller.com/:/certs/
+ - /etc/letsencrypt/live/terminaldweller.com/fullchain.pem:/etc/letsencrypt/live/terminaldweller.com/fullchain.pem:ro
+ - /etc/letsencrypt/live/terminaldweller.com/privkey.pem:/etc/letsencrypt/live/terminaldweller.com/privkey.pem:ro
- ./srv:/srv
cap_drop:
- ALL
diff --git a/terminaldweller.com/main/nginx.conf b/terminaldweller.com/main/nginx.conf
index 1a9ea0e..3801219 100644
--- a/terminaldweller.com/main/nginx.conf
+++ b/terminaldweller.com/main/nginx.conf
@@ -15,8 +15,8 @@ http {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
- ssl_certificate /certs/fullchain1.pem;
- ssl_certificate_key /certs/privkey1.pem;
+ ssl_certificate /etc/letsencrypt/live/terminaldweller.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/terminaldweller.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
add_header Content-Security-Policy "default-src 'self';";
add_header X-Frame-Options SAMEORIGIN always;
@@ -32,6 +32,7 @@ http {
add_header Content-Type "application/json";
alias /srv/.well-known/webfinger/finger.json;
}
+
# https://metacode.biz/openpgp/web-key-directory?
location /.well-known/openpgpkey/hu/ojxfrmdxrz4pm3hh16s5149w5b8acbsn {
alias /srv/.well-known/openpgpkey/hu/gpg_pubkey.asc;
@@ -41,6 +42,20 @@ http {
alias /srv/.well-known/openpgpkey/policy;
add_header Access-Control-Allow-Origin "*";
}
+
+ location /.well-known/matrix/server {
+ access_log off;
+ add_header Access-Control-Allow-Origin "*";
+ default_type application/json;
+ return 200 '{"m.server": "matrix.terminaldweller.com:443"}';
+ }
+ location /.well-known/matrix/client {
+ access_log off;
+ add_header Access-Control-Allow-Origin "*";
+ default_type application/json;
+ return 200 '{"m.homeserver": {"base_url": "https://matrix.terminaldweller.com"}}';
+ }
+
location / {
root /srv/;
add_header Access-Control-Allow-Origin "*";
diff --git a/terminaldweller.com/main/srv/index.html b/terminaldweller.com/main/srv/index.html
index a69fd8a..8f90c05 100644
--- a/terminaldweller.com/main/srv/index.html
+++ b/terminaldweller.com/main/srv/index.html
@@ -25,65 +25,72 @@
}
</style>
</head>
- <body style="color:#005f87;background:#000000;text-align:center;padding:0px;border:0px;margin:0px;">
- <p style="font-size:20px;font-weight:bold">This is a list of links:</p>
+ <body style="color:#005f87;background:#000000;text-align:center;padding:0px;border:0px;margin:0px;font-family:mono;">
+ <p style="font-size:20px;font-weight:bold;padding:0px;border:0px;margin:0px;">This is a list of links:</p>
<p>
<div>This page is available on:</div>
- <div>web2 from <a href="https://terminaldweller.com">https://terminaldweller.com</a></div>
+ <div><a href="https://terminaldweller.com">web2</a> - <span style="user-select: all;">https://terminaldweller.com</span></div>
<div>IPFS from <a href="https://ipfs.terminaldweller.com">https://ipfs.terminaldweller.com</a> or from <a href="https://terminaldweller.eth.link">terminaldweller.eth</a></div>
- <div>On <a href="gemini://gemini.terminaldweller.com">Gemini</a></div>
- <div><a href="http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p/">i2p mirror</a></div>
- <div><a href="http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion/">tor mirror</a></div>
+ <div>On <a href="gemini://gemini.terminaldweller.com">Gemini</a> - <span style="user-select: all;">gemini://gemini.terminaldweller.com</span></div>
+ <div><a href="http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p/">i2p mirror</a> - <span style="user-select: all;">http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p</span></div>
+ <div><a href="http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion/">tor mirror</a> - <span style="user-select: all;">http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion</span></div>
<p>WKD direct and advanced are setup on/for the domain.</p>
<p>
<div><a href="https://keyoxide.org/hkp/9e20464f1ccf3b103249fa93a6a0f5158b3881df">keyoxide</a></div>
<div>I don't use all the accounts listed on keyoxide regularly. The preferred methods of contacting me are the ones that are listed here, IRC, email and XMPP (The order is not significant).</div>
</p>
<div>
- <div>PGP FP: 9E20464F1CCF3B103249FA93A6A0F5158B3881DF - <a href="https://github.com/terminaldweller.gpg">github</a>, <a href="https://gitlab.com/terminaldweller.gpg">gitlab</a>, <a href="https://codeberg.org/terminaldweller.gpg">codeberg</a>, <a href="keys/gpg_pubkey">self-hosted</a></div>
+ <div>PGP FP: <span style="user-select: all;">9E20464F1CCF3B103249FA93A6A0F5158B3881DF</span> - <a href="https://github.com/terminaldweller.gpg">github</a>, <a href="https://gitlab.com/terminaldweller.gpg">gitlab</a>, <a href="https://codeberg.org/terminaldweller.gpg">codeberg</a>, <a href="keys/gpg_pubkey">self-hosted</a></div>
<div>I manually upload my PGP key to <a href="https://keys.openpgp.org">https://keys.openpgp.org</a> and <a href="https://pgp.mit.edu/">https://pgp.mit.edu/</a>.</div>
- <div>SSH FP: SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4 - <a href="https://github.com/terminaldweller.keys">github</a>, <a href="https://gitlab.com/terminaldweller.keys">gitlab</a>, <a href="https://codeberg.org/terminaldweller.keys">codeberg</a>, <a href="keys/id_rsa_pub">self-hosted</a></div>
+ <div>SSH FP: <span style="user-select: all;">SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4</span> - <a href="https://github.com/terminaldweller.keys">github</a>, <a href="https://gitlab.com/terminaldweller.keys">gitlab</a>, <a href="https://codeberg.org/terminaldweller.keys">codeberg</a>, <a href="keys/id_rsa_pub">self-hosted</a></div>
<p>
<div>IRC:</div>
- <div><a href="https://libera.chat">Libera</a>: terminaldweller <a>FP:FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F</a></div>
- <div><a href="https://oftc.net">OFTC</a>: terminaldweller <a>FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876</a></div>
- <div><a href="https://rizon.net/">Rizon</a>: terminaldweller <a>FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876</a></div>
- <div><a href="https://tilde.chat">Tilde</a>: terminaldweller <a>FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876</a></div>
+ <div><a href="https://libera.chat">Libera</a>: terminaldweller FP:<span style="user-select: all;">FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F</span></div>
+ <div><a href="https://oftc.net/">OFTC</a>: terminaldweller FP:<span style="user-select: all;">1072EFECA623C6E3D7A6628BEB6021F77EA2C876</span></div>
+ <div><a href="https://rizon.net/">Rizon</a>: terminaldweller FP:<span style="user-select: all;">1072EFECA623C6E3D7A6628BEB6021F77EA2C876</span></div>
+ <div><a href="https://tilde.chat/">Tilde</a>: terminaldweller FP:<span style="user-select: all;">1072EFECA623C6E3D7A6628BEB6021F77EA2C876</span></div>
+ <div><a href="https://bnet.eu.org/">Bonobonet</a>: terminaldweller FP:<span style="user-select: all;">5e3bd8ab6f8c6f6a614d4b2245fd6b5737a6e59917c6719de62b55bac77b978c</span></div>
<div>You can also find me on Libera, OFTC and Rizon in ##terminaldweller.</div>
</p>
</div>
</p>
<p>
<div>XMPP:</div>
- <div>devi@jabber.terminaldweller.com</div>
- <div>devi@draugr.de</div>
+ <div><span style="user-select: all;">devi@jabber.terminaldweller.com</span></div>
+ <div><span style="user-select: all;">devi@draugr.de</span></div>
</p>
<p>
<div>Email:</div>
<div style="font-weight:bold;">(the order is significant)</div>
- <div>devi@terminaldweller.com</div>
- <div>thabogre@gmail.com</div>
- <div>bloodstalker@zoho.com</div>
- <div>farzadsadeghi@protonmail.ch</div>
+ <div><span style="user-select: all;">devi@terminaldweller.com</span></div>
+ <div><span style="user-select: all;">thabogre@gmail.com</span></div>
+ <div><span style="user-select: all;">bloodstalker@zoho.com</span></div>
+ <div><span style="user-select: all;">farzadsadeghi@protonmail.ch</span></div>
<div>All emails have the ssh and pgp key fingerprints as signature. You can ask for one.</div>
+ <div>I sign all emails, unless I receive an encrypted email in which case, I will also encrypt the response.</div>
+ </p>
+ <p>
+ <div>Matrix:</div>
+ <div><a href="https://matrix.to/#/@devi:terminaldweller.com">@devi:terminaldweller.com</a></div>
+ <div><a href="https://matrix.to/#/@terminaldweller:matrix.org">@terminaldweller:matrix.org</a></div>
</p>
<p>
<div>OpenID: <a href="https://launchpad.net/~terminaldweller">https://launchpad.net/~terminaldweller</a></div>
</p>
<p>
<div>Git:</div>
- <div>Github: <a href="https://github.com/terminaldweller">terminaldweller</a></div>
+ <div><a href="https://github.com/terminaldweller">github.com/terminaldweller</a></div>
<div>Mirrors:</div>
<div><a href="https://git.terminaldweller.com">git.terminaldweller.com</a></div>
<div><a href="https://codeberg.org/terminaldweller">codeberg.org/terminaldweller</a></div>
<div><a href="https://gitlab.com/terminaldweller">gitlab.com/terminaldweller</a></div>
</p>
<p>
- <div>Mastodon: <a href="https://fosstodon.org/@terminaldweller">@terminaldweller@terminaldweller.com</a></div>
- <div>If you cant find the handle then you need to log in. I'm not hosting my own mastodon instance. I'm just hosting my own webfinger. The actual handle is <a href="https://fosstodon.org/@terminaldweller">@terminaldweller@fosstodon.org</a></div>
+ <div>Mastodon:</div>
+ <div><a href="https://pleroma.terminaldweller.com/users/devi">@devi@pleroma.terminaldweller.com</a></div>
+ <div><a href="https://fosstodon.org/@terminaldweller">@terminaldweller@fosstodon.com</a></div>
</p>
<p>Blog: <a href="https://blog.terminaldweller.com">Blog</a> <a href="https://blog.terminaldweller.com/rss/feed">RSS</a></p>
- <p><a href="https://www.linkedin.com/in/farzad-sadeghi/">Linkedin</a></p>
<div>
<div>Services: N/A</div>
</div>
diff --git a/terminaldweller.com/matrix/docker-compose.yml b/terminaldweller.com/matrix/docker-compose.yml
new file mode 100644
index 0000000..66d692e
--- /dev/null
+++ b/terminaldweller.com/matrix/docker-compose.yml
@@ -0,0 +1,51 @@
+version: "3.4"
+services:
+ postgresql:
+ image: postgres:15.2-alpine
+ restart: unless-stopped
+ volumes:
+ - db-data:/var/lib/postgresql/data
+ environment:
+ - POSTGRES_PASSWORD= #pragma: allowlist secret
+ - POSTGRES_USER=synapse
+ - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+ synapse:
+ image: matrixdotorg/synapse:v1.80.0
+ restart: unless-stopped
+ volumes:
+ - synapse-data:/data/
+ depends_on:
+ - postgresql
+ environment:
+ - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.synapse.entrypoints=websecure
+ - traefik.http.routers.synapse.rule=Host(`matrix.terminaldweller.com`)
+ - traefik.http.routers.synapse.tls=true
+ - traefik.http.routers.synapse.tls.certresolver=letls
+ traefik:
+ image: traefik:v2.9.9
+ restart: unless-stopped
+ command:
+ - "--api=true"
+ - "--providers.docker=true"
+ - "--providers.docker.exposedbydefault=false"
+ - "--entrypoints.web.address=:80"
+ - "--entrypoints.websecure.address=:443"
+ - "--certificatesresolvers.letls.acme.email=devi@terminaldweller.com"
+ - "--certificatesresolvers.letls.acme.storage=/certs/acme.json"
+ - "--certificatesresolvers.letls.acme.httpchallenge=true"
+ - "--certificatesresolvers.letls.acme.httpchallenge.entrypoint=web"
+ ports:
+ - "443:443"
+ - "80:80"
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - traefik_certs:/certs
+volumes:
+ db-data:
+ synapse-data:
+ traefik_certs:
+
+# https://matrix.org/docs/guides/understanding-synapse-hosting
diff --git a/terminaldweller.com/pleroma/config-override.exs b/terminaldweller.com/pleroma/config-override.exs
new file mode 100644
index 0000000..a240744
--- /dev/null
+++ b/terminaldweller.com/pleroma/config-override.exs
@@ -0,0 +1,4 @@
+import Config
+
+config :pleroma, :instance,
+ registrations_open: false
diff --git a/terminaldweller.com/pleroma/config.exs b/terminaldweller.com/pleroma/config.exs
new file mode 100644
index 0000000..382941e
--- /dev/null
+++ b/terminaldweller.com/pleroma/config.exs
@@ -0,0 +1,74 @@
+import Config
+
+config :pleroma, Pleroma.Web.Endpoint,
+ url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443],
+ http: [ip: {0, 0, 0, 0}, port: 4000]
+
+config :pleroma, :instance,
+ name: System.get_env("INSTANCE_NAME", "Pleroma"),
+ email: System.get_env("ADMIN_EMAIL"),
+ notify_email: System.get_env("NOTIFY_EMAIL"),
+ limit: 5000,
+ registrations_open: false,
+ federating: true,
+ healthcheck: true
+
+config :pleroma, :media_proxy,
+ enabled: false,
+ redirect_on_failure: true,
+ base_url: "https://cache.domain.tld"
+
+config :pleroma, Pleroma.Repo,
+ adapter: Ecto.Adapters.Postgres,
+ username: System.get_env("DB_USER", "pleroma"),
+ password: System.fetch_env!("DB_PASS"),
+ database: System.get_env("DB_NAME", "pleroma"),
+ hostname: System.get_env("DB_HOST", "db"),
+ pool_size: 10
+
+# Configure web push notifications
+config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("NOTIFY_EMAIL")}"
+
+config :pleroma, :database, rum_enabled: false
+config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
+config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
+
+# We can't store the secrets in this file, since this is baked into the docker image
+if not File.exists?("/var/lib/pleroma/secret.exs") do
+ secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
+ signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
+ {web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
+
+ secret_file =
+ EEx.eval_string(
+ """
+ import Config
+
+ config :pleroma, Pleroma.Web.Endpoint,
+ secret_key_base: "<%= secret %>",
+ signing_salt: "<%= signing_salt %>"
+
+ config :web_push_encryption, :vapid_details,
+ public_key: "<%= web_push_public_key %>",
+ private_key: "<%= web_push_private_key %>"
+ """,
+ secret: secret,
+ signing_salt: signing_salt,
+ web_push_public_key: Base.url_encode64(web_push_public_key, padding: false),
+ web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
+ )
+
+ File.write("/var/lib/pleroma/secret.exs", secret_file)
+end
+
+import_config("/var/lib/pleroma/secret.exs")
+
+# For additional user config
+if File.exists?("/var/lib/pleroma/config.exs"),
+ do: import_config("/var/lib/pleroma/config.exs"),
+ else:
+ File.write("/var/lib/pleroma/config.exs", """
+ import Config
+
+ # For additional configuration outside of environmental variables
+ """)
diff --git a/terminaldweller.com/pleroma/docker-compose.yml b/terminaldweller.com/pleroma/docker-compose.yml
new file mode 100644
index 0000000..c1ae91d
--- /dev/null
+++ b/terminaldweller.com/pleroma/docker-compose.yml
@@ -0,0 +1,60 @@
+version: '3.8'
+
+services:
+ db:
+ image: postgres:12.1-alpine
+ container_name: pleroma_db
+ restart: always
+ healthcheck:
+ test: ["CMD", "pg_isready", "-U", "pleroma"]
+ environment:
+ POSTGRES_USER: pleroma
+ POSTGRES_PASSWORD: # pragma: allowlist secret
+ POSTGRES_DB: pleroma
+ volumes:
+ - ./postgres:/var/lib/postgresql/data
+ networks:
+ - traefiknet
+ pleroma:
+ image: pleroma
+ container_name: pleroma_web
+ healthcheck:
+ test:
+ [
+ "CMD-SHELL",
+ "wget -q --spider --proxy=off localhost:4000 || exit 1",
+ ]
+ restart: always
+ build:
+ context: .
+ args:
+ - "UID=1001"
+ - "GID=1001"
+ - "PLEROMA_VER=v2.4.2"
+ volumes:
+ - ./uploads:/var/lib/pleroma/uploads
+ - ./static:/var/lib/pleroma/static
+ - ./config.exs:/etc/pleroma/config.exs:ro
+ - ./config-override.exs:/var/lib/pleroma/config.exs:ro
+ environment:
+ DOMAIN: pleroma.terminaldweller.com
+ INSTANCE_NAME: Pleroma
+ ADMIN_EMAIL: devi@terminaldweller.com
+ NOTIFY_EMAIL: devi@terminaldweller.com
+ DB_USER: pleroma
+ DB_PASS: # pragma: allowlist secret
+ DB_NAME: pleroma
+ depends_on:
+ - db
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.pleroma.entrypoints=websecure
+ - traefik.http.routers.pleroma.rule=Host(`pleroma.terminaldweller.com`)
+ - traefik.http.routers.pleroma.tls=true
+ - traefik.http.routers.pleroma.tls.certresolver=letls
+ networks:
+ - traefiknet
+networks:
+ traefiknet:
+ name: matrix_default
+ external: true
diff --git a/vagrant/DVB.xml b/vagrant/DVB.xml
new file mode 100644
index 0000000..df3ba26
--- /dev/null
+++ b/vagrant/DVB.xml
@@ -0,0 +1,6 @@
+<hostdev mode='subsystem' type='usb' managed='yes'>
+ <source>
+ <vendor id='0x0bda'/>
+ <product id='0x2838'/>
+ </source>
+</hostdev>
diff --git a/vagrant/kali_purple.sh b/vagrant/kali_purple.sh
new file mode 100755
index 0000000..0151f77
--- /dev/null
+++ b/vagrant/kali_purple.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+
+# get locations for initrd and kernel
+# isoinfo -J -i ~/ssd1/images/kali-linux-2023.1-installer-purple-amd64.iso -f
+virt-install \
+ --connect qemu:///system \
+ --name kali_purple \
+ --vcpus=2 \
+ --memory=4096 \
+ --location /home/devi/ssd1/images/kali-linux-2023.1-installer-purple-amd64.iso,kernel=/install.amd/vmlinuz,initrd=/install.amd/initrd.gz \
+ --disk pool=default,size=30,sparse=yes \
+ --osinfo detect=on \
+ --os-variant=debian11 \
+ --graphics none \
+ --console pty,target_type=serial
diff --git a/znc/docker-compose.yaml b/znc/docker-compose.yaml
new file mode 100644
index 0000000..b636f34
--- /dev/null
+++ b/znc/docker-compose.yaml
@@ -0,0 +1,14 @@
+version: "3.7"
+services:
+ bitlbee:
+ image: znc:1.8.2
+ user: ${ZNC_UID}:${ZNC_GID}
+ networks:
+ - zncnet
+ ports:
+ - "1025:1025"
+ restart: unless-stopped
+ volumes:
+ - /home/znc/.znc/:~/.znc/
+networks:
+ zncnet:
diff --git a/znc/znc.conf b/znc/znc.conf
index c031322..ee33b44 100644
--- a/znc/znc.conf
+++ b/znc/znc.conf
@@ -20,13 +20,13 @@ SSLCertFile = /home/znc/.znc/znc.pem
SSLDHParamFile = /home/znc/.znc/znc.pem
SSLKeyFile = /home/znc/.znc/znc.pem
ServerThrottle = 30
-Version = 1.7.5
+Version = 1.8.2
<Listener listener0>
AllowIRC = true
AllowWeb = true
IPv4 = true
- IPv6 = false
+ IPv6 = true
Port = 1025
SSL = true
URIPrefix = /
@@ -34,9 +34,10 @@ Version = 1.7.5
<User terminaldweller>
Admin = true
+ Allow = 185.112.147.110
AltNick = terminaldweller_
- AppendTimestamp = false
- AuthOnlyViaModule = false
+ AppendTimestamp = true
+ AuthOnlyViaModule = true
AutoClearChanBuffer = true
AutoClearQueryBuffer = true
ChanBufferSize = 50
@@ -47,18 +48,61 @@ Version = 1.7.5
LoadModule = chansaver
LoadModule = controlpanel
MaxJoins = 0
- MaxNetworks = 1
- MaxQueryBuffers = 50
- MultiClients = true
+ MaxNetworks = 10
+ MaxQueryBuffers = 500
+ MultiClients = false
Nick = terminaldweller
NoTrafficTimeout = 180
PrependTimestamp = true
- QueryBufferSize = 50
+ QueryBufferSize = 5000
QuitMsg = %znc%
RealName = johndoe
StatusPrefix = *
TimestampFormat = [%H:%M:%S]
+ <Network DALNET>
+ FloodBurst = 9
+ FloodRate = 2.00
+ IRCConnectEnabled = true
+ JoinDelay = 0
+ LoadModule = simple_away
+ LoadModule = cert
+ Server = irc.dal.net +6697
+ TrustAllCerts = false
+ TrustPKI = true
+
+ <Chan #supersonic>
+ </Chan>
+ </Network>
+
+ <Network EFNET>
+ FloodBurst = 9
+ FloodRate = 2.00
+ IRCConnectEnabled = true
+ JoinDelay = 0
+ LoadModule = simple_away
+ LoadModule = cert
+ Nick = termi
+ Server = efnet.port80.se +6697
+ TrustAllCerts = false
+ TrustPKI = true
+ </Network>
+
+ <Network IRCNET>
+ FloodBurst = 9
+ FloodRate = 2.00
+ IRCConnectEnabled = true
+ JoinDelay = 0
+ LoadModule = simple_away
+ LoadModule = cert
+ Server = ssl.ircnet.io +6697
+ TrustAllCerts = false
+ TrustPKI = true
+
+ <Chan #irc>
+ </Chan>
+ </Network>
+
<Network Liberachat>
FloodBurst = 9
FloodRate = 2.00
@@ -70,6 +114,12 @@ Version = 1.7.5
TrustAllCerts = false
TrustPKI = true
+ <Chan ##posix>
+ </Chan>
+
+ <Chan ##terminaldweller>
+ </Chan>
+
<Chan #CataclysmDDA>
</Chan>
@@ -79,12 +129,24 @@ Version = 1.7.5
<Chan #crypto>
</Chan>
+ <Chan #docker>
+ </Chan>
+
+ <Chan #forgefed>
+ </Chan>
+
<Chan #freebsd>
</Chan>
+ <Chan #general>
+ </Chan>
+
<Chan #git>
</Chan>
+ <Chan #gnupg>
+ </Chan>
+
<Chan #go-nuts>
</Chan>
@@ -94,6 +156,12 @@ Version = 1.7.5
<Chan #linux>
</Chan>
+ <Chan #lobsters>
+ </Chan>
+
+ <Chan #lua>
+ </Chan>
+
<Chan #neomutt>
</Chan>
@@ -103,9 +171,21 @@ Version = 1.7.5
<Chan #openbsd>
</Chan>
+ <Chan #opennic>
+ </Chan>
+
<Chan #postgresql>
</Chan>
+ <Chan #python>
+ </Chan>
+
+ <Chan #qubes>
+ </Chan>
+
+ <Chan #qutebrowser>
+ </Chan>
+
<Chan #security>
</Chan>
@@ -136,15 +216,27 @@ Version = 1.7.5
TrustAllCerts = false
TrustPKI = true
+ <Chan ##terminaldweller>
+ </Chan>
+
+ <Chan #bitlbee>
+ </Chan>
+
<Chan #debian>
</Chan>
<Chan #llvm>
</Chan>
+ <Chan #mednafen>
+ </Chan>
+
<Chan #openwrt>
</Chan>
+ <Chan #s6>
+ </Chan>
+
<Chan #tor>
</Chan>
</Network>
@@ -160,10 +252,34 @@ Version = 1.7.5
TrustAllCerts = false
TrustPKI = true
+ <Chan ##terminaldweller>
+ </Chan>
+
<Chan #news>
</Chan>
</Network>
+ <Network Tilde_Chat>
+ FloodBurst = 9
+ FloodRate = 2.00
+ IRCConnectEnabled = true
+ JoinDelay = 0
+ LoadModule = simple_away
+ LoadModule = cert
+ Server = irc.tilde.chat +6697
+ TrustAllCerts = false
+ TrustPKI = true
+
+ <Chan #gemini>
+ </Chan>
+
+ <Chan #meta>
+ </Chan>
+
+ <Chan #selfhosting>
+ </Chan>
+ </Network>
+
<Network undernet>
FloodBurst = 9
FloodRate = 2.00