From 118106cf745167db7e17654e0402721939631be7 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Fri, 10 Sep 2021 12:00:16 +0430 Subject: update --- .vimrc | 7 + .zshrc | 6 +- baseline/.vimrc | 6 + devi.zsh-theme | 4 - irssi/startup | 2 + lesscolor.sh | 26 ++- terminaldweller.com/ejabberd/ejabberd.yml | 250 +++++++++++++++++++++ terminaldweller.com/haproxy/certbot/Dockerfile | 2 + .../haproxy/certbot/certbot-entrypoint.sh | 30 +++ terminaldweller.com/haproxy/docker-compose.yaml | 35 ++- terminaldweller.com/haproxy/haproxy.cfg | 103 +++++---- terminaldweller.com/prosody/config/prosody.cfg.lua | 16 +- 12 files changed, 420 insertions(+), 67 deletions(-) create mode 100644 terminaldweller.com/ejabberd/ejabberd.yml create mode 100644 terminaldweller.com/haproxy/certbot/Dockerfile create mode 100755 terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh diff --git a/.vimrc b/.vimrc index 2d381e6..6aa5ec4 100644 --- a/.vimrc +++ b/.vimrc @@ -5,6 +5,7 @@ set nocompatible set completeopt-=preview set showmatch set list +set title set listchars=eol:$,tab:>- set hidden set tabstop=2 @@ -474,6 +475,12 @@ nnoremap u :GutentagsUpdate nnoremap v :VimtexView nnoremap nn :bn nnoremap pp :bp +cnoremap +cnoremap +nnoremap k gk +nnoremap gk k +nnoremap j gj +nnoremap gj j nmap [q :col nmap ]q :cnew diff --git a/.zshrc b/.zshrc index f9c82ca..06ebe57 100644 --- a/.zshrc +++ b/.zshrc @@ -17,7 +17,7 @@ source $ZSH/oh-my-zsh.sh autoload -U compinit && compinit -u alias ls="ls --color=auto" -alias la="ls -a" +alias la="ls -A" # alias ll="exa -abghHliSmxF --color-scale --git -@" alias ll="\ls -lZspihbFA --color=never --full-time --author | colcol | column -t" # alias lss="exa -Sls=size" @@ -86,7 +86,7 @@ alias mupdf="/home/devi/extra/mupdf/build/release/mupdf-x11 -D red -P black -I" alias googler="~/extra/googler/googler --colors GKmexy -c us -l en --count 7 --exact " alias ddgr="ddgr --colorize always -r us-en -n 15" alias pirate-get="pirate-get -S ~/magnets/" -alias vps="ssh 87.236.209.206 -l ubuntu" +alias vps="ssh 87.236.209.206 -l ubuntu -p 1022" alias vpn="ssh 192.99.102.52 -l rooot -p 1022" alias vpn2="ssh 145.239.165.137 -l rooot" alias pytags="ctags --fields=+l --languages=python --python-kinds=-iv -R ." @@ -270,7 +270,7 @@ export PATH=$PATH:/home/devi/.fzf/bin export PATH=$PATH:/home/devi/.ghcup/bin export PATH=$PATH:/home/devi/k3s export PATH=$PATH:/home/devi/kompose -export PATH=$PATH:/home/devi/mongosh +export PATH=$PATH:/home/devi/mongosh/bin export PATH=$PATH:/home/devi/powershell export PATH=$PATH:/home/devi/ytfzf export PATH=$PATH:/home/devi/gotty diff --git a/baseline/.vimrc b/baseline/.vimrc index aa63429..29f5659 100644 --- a/baseline/.vimrc +++ b/baseline/.vimrc @@ -101,6 +101,12 @@ set pastetoggle= nnoremap cd :cd %:p:h nmap ]c :cn nmap [c :cp +cnoremap +cnoremap +nnoremap k gk +nnoremap gk k +nnoremap j gj +nnoremap gj j function! GetBufferList() redir =>buflist diff --git a/devi.zsh-theme b/devi.zsh-theme index 989dd77..4c4aa33 100644 --- a/devi.zsh-theme +++ b/devi.zsh-theme @@ -100,7 +100,6 @@ is_in_git_repo() { } steeef_preexec() { - #case "$(history $HISTCMD)" in case "$2" in *git*) PR_GIT_UPDATE=1 @@ -113,8 +112,6 @@ steeef_preexec() { add-zsh-hook preexec steeef_preexec steeef_chpwd() { - # is_in_git_repo || return - #this is here so we dont get errors when we are in a bare git dir local result=$(git rev-parse --is-bare-repository 2> /dev/null) if [[ $? == 0 ]]; then if [[ $result == true ]]; then @@ -130,7 +127,6 @@ add-zsh-hook chpwd steeef_chpwd steeef_precmd() { if [[ -n "$PR_GIT_UPDATE" ]] ; then - # check for untracked files or updated submodules, since vcs_info doesn't if [[ ! -z $(git ls-files --other --exclude-standard 2> /dev/null) ]]; then PR_GIT_UPDATE=1 FMT_BRANCH="${PM_RST} on %{$turquoise%}%s-➜%r-➜%b%u%c%a%{$hotpink%} ●${PR_RST}" diff --git a/irssi/startup b/irssi/startup index af4706d..dc00ef6 100644 --- a/irssi/startup +++ b/irssi/startup @@ -9,3 +9,5 @@ /* /connect irc.oftc.net */ /* /connect irc.libera.chat */ +load otr +load xmpp diff --git a/lesscolor.sh b/lesscolor.sh index cffa3e0..069126e 100755 --- a/lesscolor.sh +++ b/lesscolor.sh @@ -1,4 +1,17 @@ -#!/bin/sh +#!/usr/bin/env bash + +get_interp() { + shebang=$(head -1 $1) + IFS='/' read -ra arr_slash <<< "$shebang" + IFS=' ' read -ra arr_space <<< "${arr_slash[-1]}" + + if [[ ${arr_space[0]} == "env" ]];then + echo ${arr_space[1]} + else + echo ${arr_space[0]} + fi +} + case "$1" in *.as|*.mxml|*.bc|*.g|*.gd|*.gi|*.gap|*.nb|*.cdf|*.nbp|*.ma|*.mu|*.at|*.run|\ *.apl|*.adl|*.adls|*.adlf|*.adlx|*.cadl|*.odin|*.c-objdump|*.s|\ @@ -50,16 +63,9 @@ case "$1" in *.lean|*.rts|*.u|*.vcl|*.bpl|*.sil|*.vpr|*.cirru|*.duel|*.jbst|*.qml|\ *.qbs|*.slim|*.xqy|*.xquery|*.xq|*.xql|*.xqm|*.whiley|*.x10) pygmentize -f 256 -O style=$PYGMENTIZE_STYLE "$1"|nl -b a;; - .zshrc|.bash_aliases|.bash_environment) - pygmentize -f 256 -l sh "$1"|nl -b a - ;; *) - grep "#\!/bin/zsh" "$1" > /dev/null - if [ "$?" -eq "0" ]; then - pygmentize -f 256 -O style=$PYGMENTIZE_STYLE -l sh "$1"|nl -b a - else - exit 1 - fi + interp=$(get_interp $1) + pygmentize -f 256 -O style=$PYGMENTIZE_STYLE -l $interp "$1"|nl -b a esac exit 0 diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml new file mode 100644 index 0000000..6257515 --- /dev/null +++ b/terminaldweller.com/ejabberd/ejabberd.yml @@ -0,0 +1,250 @@ +hosts: + - chat.terminaldweller.com + +loglevel: 4 +log_rotate_size: 10485760 +log_rotate_date: '' +log_rotate_count: 1 +log_rate_limit: 100 + +listen: + - port: 5222 + ip: '::' + module: ejabberd_c2s + max_stanza_size: 262144 + shaper: c2s_shaper + access: c2s + starttls_required: true + - port: 5269 + ip: '::' + module: ejabberd_s2s_in + max_stanza_size: 524288 + - port: 5443 + ip: '::' + module: ejabberd_http + request_handlers: + '/admin': ejabberd_web_admin + '/api': mod_http_api + '/bosh': mod_bosh + '/captcha': ejabberd_captcha + '/upload': mod_http_upload + '/ws': ejabberd_http_ws + '/oauth': ejabberd_oauth + - port: 5080 + ip: '::' + module: ejabberd_http + request_handlers: + '/admin': ejabberd_web_admin + - port: 1883 + ip: '::' + module: mod_mqtt + backlog: 1000 + - port: 3478 + transport: udp + module: ejabberd_stun + use_turn: true + turn_min_port: 49152 + turn_max_port: 65535 + turn_ip: 0.0.0.0 + - port: 5349 + transport: tcp + module: ejabberd_stun + use_turn: true + tls: true + turn_min_port: 49152 + turn_max_port: 65535 + ip: 0.0.0.0 + turn_ip: 0.0.0.0 + - port: 5280 + module: ejabberd_http + tls: false + request_handlers: + /.well-known/acme-challenge: ejabberd_acme + +s2s_use_starttls: optional + +acl: + local: + user_regexp: '' + loopback: + ip: + - 127.0.0.0/8 + - ::1/128 + - ::FFFF:127.0.0.1/128 + admin: + user: + - 'admin@localhost' + +access_rules: + local: + allow: local + c2s: + deny: blocked + allow: all + announce: + allow: admin + configure: + allow: admin + muc_create: + allow: local + pubsub_createnode: + allow: local + trusted_network: + allow: loopback + +api_permissions: + 'console commands': + from: + - ejabberd_ctl + who: all + what: '*' + 'admin access': + who: + access: + allow: + acl: admin + oauth: + scope: 'ejabberd:admin' + access: + allow: + acl: admin + what: + - '*' + - '!stop' + - '!start' + 'public commands': + who: + ip: 127.0.0.1/8 + what: + - '*' + - connected_users_number + 'web admin': + who: + - access: + - allow: + - acl: loopback + - acl: admin + - oauth: + - scope: 'sasl_auth' + - access: + - allow: + - acl: loopback + - acl: admin + what: + - '*' + - '!stop' + - '!start' + +shaper: + normal: 1000 + fast: 50000 + +shaper_rules: + max_user_sessions: 10000 + max_user_offline_messages: + 5000: admin + 100: all + c2s_shaper: + none: admin + normal: all + s2s_shaper: fast + +max_fsm_queue: 10000 + +acme: + contact: 'mailto:devi@terminaldweller.com' + ca_url: 'https://acme-v01.api.letsencrypt.org' + +oauth_expire: 31536000 +oauth_access: all + +modules: + mod_stun_disco: + credentials_lifetime: 12h + services: + - host: 0.0.0.0 + port: 3478 + type: stun + transport: udp + restricted: false + - host: 0.0.0.0 + port: 3478 + type: turn + transport: udp + restricted: true + - host: rtcdev.site + port: 5349 + type: stun + transport: tcp + restricted: false + - host: rtcdev.site + port: 5349 + type: turn + transport: tcp + restricted: true + mod_adhoc: {} + mod_admin_extra: {} + mod_announce: + access: announce + mod_avatar: {} + mod_blocking: {} + mod_bosh: {} + mod_caps: {} + mod_carboncopy: {} + mod_client_state: {} + mod_configure: {} + mod_disco: {} + mod_fail2ban: {} + mod_http_api: {} + mod_http_upload: + put_url: https://@HOST@:5443/upload + mod_last: {} + mod_mam: + db_type: sql + assume_mam_usage: true + default: never + mod_mqtt: {} + mod_muc: + access: + - allow + access_admin: + - allow: admin + access_create: muc_create + access_persistent: muc_create + access_mam: + - allow + default_room_options: + allow_subscription: true + mam: false + mod_muc_admin: {} + mod_offline: + access_max_user_messages: max_user_offline_messages + mod_ping: {} + mod_privacy: {} + mod_private: {} + mod_proxy65: + access: local + max_connections: 5 + mod_pubsub: + access_createnode: pubsub_createnode + plugins: + - flat + - pep + force_node_config: + storage:bookmarks: + access_model: whitelist + mod_push: {} + mod_push_keepalive: {} + mod_register: + ip_access: trusted_network + mod_roster: + versioning: true + mod_sip: {} + mod_s2s_dialback: {} + mod_shared_roster: {} + mod_stream_mgmt: + resend_on_timeout: if_offline + mod_vcard: {} + mod_vcard_xupdate: {} + mod_version: + show_os: false diff --git a/terminaldweller.com/haproxy/certbot/Dockerfile b/terminaldweller.com/haproxy/certbot/Dockerfile new file mode 100644 index 0000000..b6fb68a --- /dev/null +++ b/terminaldweller.com/haproxy/certbot/Dockerfile @@ -0,0 +1,2 @@ +FROM certbot/certbot +COPY ./certbot-entrypoint.sh /certbot-entrypoint.sh diff --git a/terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh b/terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh new file mode 100755 index 0000000..2be858f --- /dev/null +++ b/terminaldweller.com/haproxy/certbot/certbot-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh +set -ex + +cat_cert() { + dir="/etc/letsencrypt/live/$1" + cat "$dir/privkey.pem" "$dir/fullchain.pem" > "/certs/$1.pem" +} + +while :;do + echo starting... + if [ -e /certs/$DOMAIN.pem ]; then + certbot \ + certonly \ + --test-cert \ + --webroot -w /webroot \ + -d $DOMAIN \ + --email $EMAIL \ + --non-interactive \ + --agree-tos + + cat_cert $DOMAIN + else + certbot renew -w /webroot + + for dir in /etc/letsencrypt/live/*/; do + cat_cert $(basename "$dir") + done + fi + sleep 12h +done diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml index 95752c8..571fa7c 100644 --- a/terminaldweller.com/haproxy/docker-compose.yaml +++ b/terminaldweller.com/haproxy/docker-compose.yaml @@ -1,12 +1,43 @@ -version: "3.4" +version: "3.4" services: haproxy: image: haproxy ports: - "80:80" + - "443:443" volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro + - ./certs:/usr/local/etc/certs:ro networks: - haproxynet + restart: unless-stopped + certbot: + image: certbot + build: + context: ./certbot + ports: + - "127.0.0.1:9080:80" + - "127.0.0.1:9443:443" + networks: + - haproxynet + # restart: unless-stopped + volumes: + - ./letsencrypt:/etc/letsencrypt + - ./webroot:/webroot + - ./certs:/certs + # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] + entrypoint: ["/certbot-entrypoint.sh"] + environment: + - DOMAIN=chat.terminaldweller.com + - EMAIL=thabogre@gmail.com + nginx: + image: nginx + ports: + - "127.0.0.1:8080:80" + networks: + - haproxynet + restart: unless-stopped + volumes: + - ./webroot:/usr/share/nginx/html networks: - - haproxynet + haproxynet: diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index 19e7bac..f1c288e 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -1,60 +1,77 @@ global -log 127.0.0.1 local0 + log 127.0.0.1 local0 + ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL defaults -timeout connect 5000ms -timeout client 50000ms -timeout server 50000ms -mode tcp -option tcplog -option dontlognull + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + mode tcp + option tcplog + option dontlognull + +resolvers docker_resolver + nameserver dns 127.0.0.11:53 #Frontends frontend front -bind *:80 -bind: *.443 -mode tcp -timeout client 60s - -#ACLs -acl blog-host hdr_sub(host) -i blog.terminaldweller.com -acl mail-host hdr_sub(host) -i mail.terminaldweller.com -acl api-host hdr_sub(host) -i api.terminaldweller.com -acl chat-host hdr_sub(host) -i chat.terminaldweller.com -acl chat-host-s req.ssl_sni -i chat.terminaldweller.com - -#Consitions -use_backend blog-backend if blog-host -use_backend mail-backend if mail-host -use_backend api-backend if api-host -use_backend chat-backend-s if chat-host-s -default_backend blog-backend + bind *:80 + bind *:443 + mode tcp + timeout client 60s + #ACLs + acl letsencrypt-acl path_beg /.well-known/acme-challenge/ + acl blog-host hdr_sub(host) -i blog.terminaldweller.com + acl mail-host hdr_sub(host) -i mail.terminaldweller.com + acl mail-host-s req.ssl_sni -i mail.terminaldweller.com + acl api-host hdr_sub(host) -i api.terminaldweller.com + acl chat-host hdr_sub(host) -i chat.terminaldweller.com + acl chat-host-s req.ssl_sni -i chat.terminaldweller.com + #Consitions + use_backend certbot-backend if letsencrypt-acl + use_backend blog-backend if blog-host + use_backend mail-backend if mail-host + use_backend mail-backend-s if mail-host-s + use_backend api-backend if api-host + use_backend chat-backend-s if chat-host-s + default_backend blog-backend #Backends +backend certbot-backend + server nginx nginx:80 resolvers docker_resolver check init-addr none + backend blog-backend -mode http -option forwardfor -server blog-host 192.99.102.52:9000 check + mode http + option forwardfor + server blog-host 192.99.102.52:9000 check backend mail-backend -mode http -option forwardfor -server mail-host 185.126.202.69:80 check + mode http + option forwardfor + server mail-host 185.126.202.69:80 check + +backend mail-backend-s + timeout server 60s + timeout client 60s + mode tcp + option forwardfor + option ssl-hello-chk + server mail-host-s 185.126.202.69:443 check backend api-backend -mode http -option forwardfor -server api-host 192.99.102.52:8008 check + mode http + option forwardfor + server api-host 192.99.102.52:8008 check backend chat-backend -mode http -option forwardfor -server chat-host 87.236.209.206:5280 check + mode http + option forwardfor + server chat-host 87.236.209.206:5280 check backend chat-backend-s -timeout server 60s -timeout client 60s -mode tcp -option forwardfor -option ssl-hello-chk -server chat-host 87.236.209.206:5281 check + timeout server 60s + timeout client 60s + mode tcp + option forwardfor + option ssl-hello-chk + server chat-host-s 87.236.209.206:5280 check diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua index 38fd2f0..d2c5e7d 100644 --- a/terminaldweller.com/prosody/config/prosody.cfg.lua +++ b/terminaldweller.com/prosody/config/prosody.cfg.lua @@ -21,7 +21,7 @@ daemonize = false; -- for the server. Note that you must create the accounts separately -- (see https://prosody.im/doc/creating_accounts for info) -- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { } +admins = {"devi@chat.terminaldweller.com"} -- Enable use of libevent for better performance under high load -- For more information see: https://prosody.im/doc/libevent @@ -58,7 +58,7 @@ modules_enabled = { "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs - "register"; -- Allow users to register on this server using a client and change passwords + --"register"; -- Allow users to register on this server using a client and change passwords --"mam"; -- Store messages in an archive and allow users to access it --"csi_simple"; -- Simple Mobile optimizations @@ -67,7 +67,7 @@ modules_enabled = { --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 -- HTTP modules - --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"websocket"; -- XMPP over WebSockets --"http_files"; -- Serve static files from a directory over HTTP @@ -191,7 +191,12 @@ certificates = "certs" -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. -VirtualHost "terminaldweller.com" +VirtualHost "chat.terminaldweller.com" + enabled = true + ssl = { + key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem"; + certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem"; + } --VirtualHost "example.com" -- certificate = "/path/to/example.crt" @@ -202,7 +207,8 @@ VirtualHost "terminaldweller.com" -- For more information on components, see https://prosody.im/doc/components ---Set up a MUC (multi-user chat) room server on conference.example.com: ---Component "conference.example.com" "muc" +Component "conference.chat.terminaldweller.com" "muc" + restrict_room_creationi = "admin" --- Store MUC messages in an archive and allow users to access it --modules_enabled = { "muc_mam" } -- cgit v1.2.3