diff options
29 files changed, 1808 insertions, 71 deletions
diff --git a/etc/cgitrc b/etc/cgitrc new file mode 100644 index 00000000..1b439c53 --- /dev/null +++ b/etc/cgitrc @@ -0,0 +1,116 @@ +# https://wiki.archlinux.org/title/Cgit#Configuration_of_cgit +# https://wiki.gentoo.org/wiki/User:Halcon/HOWTO_cgit_uwsgi_nginx +# `man cgitrc` + +cache-size=1000 +enable-index-owner=0 +mimetype-file=/etc/mime.types +# https://stackoverflow.com/questions/16182421/cgit-and-nginx-url-rewrite +virtual-root=/ + +# useful but may makes page generation slow, maybe disable +# can see the log via `journalctl -b -u uwsgi@cgit` and search less pager with sth. like `/[0-9]{3} msecs` +#enable-blame=1 +#enable-log-filecount=1 +#enable-log-linecount=1 +# showing branch merge, ex: https://git.flylightning.xyz/dwm_fly/log/?h=fly +#enable-commit-graph=1 + +# not very useful, maybe disable +#enable-follow-links=1 +#enable-subject-links=1 + +# `man cgitrc` uses $CGIT_REPO_URL instead of $CGIT_REPO_NAME, I guess maybe because repo name can be different from repo url? +#clone-url=https://git.flylightning.xyz/$CGIT_REPO_URL https://codeberg.org/flyxyz123/$CGIT_REPO_URL +clone-prefix=https://git.flylightning.xyz https://codeberg.org/flyxyz123 + +source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh +css=/mycgit.css + +about-filter=/usr/lib/cgit/filters/about-formatting-edited.sh +#readme=:README.markdown +#readme=:readme.markdown +#readme=:README.mdown +#readme=:readme.mdown +readme=:README.md +#readme=:readme.md +#readme=:README.mkd +#readme=:readme.mkd +#readme=:README.rst +#readme=:readme.rst +#readme=:README.html +#readme=:readme.html +#readme=:README.htm +#readme=:readme.htm +#readme=:README.txt +#readme=:readme.txt +readme=:README +#readme=:readme +#readme=:INSTALL.markdown +#readme=:install.markdown +#readme=:INSTALL.mdown +#readme=:install.mdown +#readme=:INSTALL.md +#readme=:install.md +#readme=:INSTALL.mkd +#readme=:install.mkd +#readme=:INSTALL.rst +#readme=:install.rst +#readme=:INSTALL.html +#readme=:install.html +#readme=:INSTALL.htm +#readme=:install.htm +#readme=:INSTALL.txt +#readme=:install.txt +#readme=:INSTALL +#readme=:install + +root-title=flylightning.xyz git repositories +root-desc= + +repo.url=config_local_arch +repo.path=/var/lib/gitolite/repositories/config_local_arch.git +repo.desc=Device dependent config files for Arch Linux, managed by https://git.flylightning.xyz/fsh/tree/sh/cfg (git bare repo method) + +repo.url=xcross +repo.path=/var/lib/gitolite/repositories/xcross.git +repo.desc=X11 draw a cross at cursor across screen + +repo.url=fly +repo.path=/var/lib/gitolite/repositories/fly.git +repo.desc=Arch Linux custom local repository + +repo.url=aur +repo.path=/var/lib/gitolite/repositories/aur.git +repo.desc=PKGBUILDs I maintain for AUR + +repo.url=fsh +repo.path=/var/lib/gitolite/repositories/fsh.git +repo.desc=My shell utilities + +section=Archived. Have license issues. + +repo.url=remote_plot +repo.path=/var/lib/gitolite/repositories/remote_plot.git +repo.desc=Archived. Has license issues. Plot on GUI a remote file updating using https://git.flylightning.xyz/mycan + +repo.url=mycan +repo.path=/var/lib/gitolite/repositories/mycan.git +repo.desc=Archived. Has license issues. Read CAN and write to a file. + +section=forks + +repo.url=dwm_fly +repo.path=/var/lib/gitolite/repositories/dwm_fly.git +repo.desc=My fork of https://git.suckless.org/dwm +#repo.readme=:dwm.1 + +section=archives + +repo.url=config_local_arch_studio +repo.path=/var/lib/gitolite/repositories/config_local_arch_studio.git +repo.desc=Archived config_local_arch studio branch + +repo.url=public_archive_codes +repo.path=/var/lib/gitolite/repositories/public_archive_codes.git +repo.desc=My mostly not used, not maintained, archived codes/configs diff --git a/etc/dnsmasq.conf b/etc/dnsmasq.conf new file mode 100644 index 00000000..743f55aa --- /dev/null +++ b/etc/dnsmasq.conf @@ -0,0 +1,696 @@ +# Configuration file for dnsmasq. +# +# Format is one option per line, legal options are the same +# as the long options legal on the command line. See +# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. + +# Listen on this specific port instead of the standard DNS port +# (53). Setting this to zero completely disables DNS function, +# leaving only DHCP and/or TFTP. +#port=5353 + +# The following two options make you a better netizen, since they +# tell dnsmasq to filter out queries which the public DNS cannot +# answer, and which load the servers (especially the root servers) +# unnecessarily. If you have a dial-on-demand link they also stop +# these requests from bringing up the link unnecessarily. + +# Never forward plain names (without a dot or domain part) +#domain-needed +# Never forward addresses in the non-routed address spaces. +#bogus-priv + +# Uncomment these to enable DNSSEC validation and caching: +# (Requires dnsmasq to be built with DNSSEC option.) +#conf-file=/usr/share/dnsmasq/trust-anchors.conf +#dnssec + +# Replies which are not DNSSEC signed may be legitimate, because the domain +# is unsigned, or may be forgeries. Setting this option tells dnsmasq to +# check that an unsigned reply is OK, by finding a secure proof that a DS +# record somewhere between the root and the domain does not exist. +# The cost of setting this is that even queries in unsigned domains will need +# one or more extra DNS queries to verify. +#dnssec-check-unsigned + +# Uncomment this to filter useless windows-originated DNS requests +# which can trigger dial-on-demand links needlessly. +# Note that (amongst other things) this blocks all SRV requests, +# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. +# This option only affects forwarding, SRV records originating for +# dnsmasq (via srv-host= lines) are not suppressed by it. +#filterwin2k + +# Change this line if you want dns to get its upstream servers from +# somewhere other that /etc/resolv.conf +#resolv-file= + +# By default, dnsmasq will send queries to any of the upstream +# servers it knows about and tries to favour servers to are known +# to be up. Uncommenting this forces dnsmasq to try each query +# with each server strictly in the order they appear in +# /etc/resolv.conf +#strict-order + +# If you don't want dnsmasq to read /etc/resolv.conf or any other +# file, getting its servers from this file instead (see below), then +# uncomment this. +no-resolv + +# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv +# files for changes and re-read them then uncomment this. +#no-poll + +# Add other name servers here, with domain specs if they are for +# non-public domains. +#server=/localnet/192.168.0.1 + +# Example of routing PTR queries to nameservers: this will send all +# address->name queries for 192.168.3/24 to nameserver 10.1.2.3 +#server=/3.168.192.in-addr.arpa/10.1.2.3 + +# Add local-only domains here, queries in these domains are answered +# from /etc/hosts or DHCP only. +#local=/localnet/ + +# Add domains which you want to force to an IP address here. +# The example below send any host in double-click.net to a local +# web-server. +#address=/double-click.net/127.0.0.1 + +# --address (and --server) work with IPv6 addresses too. +#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 + +# Add the IPs of all queries to yahoo.com, google.com, and their +# subdomains to the vpn and search ipsets: +#ipset=/yahoo.com/google.com/vpn,search + +# Add the IPs of all queries to yahoo.com, google.com, and their +# subdomains to netfilters sets, which is equivalent to +# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }' +#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search + +# Use netfilters sets for both IPv4 and IPv6: +# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses. +#nftset=/yahoo.com/4#ip#test#vpn4 +#nftset=/yahoo.com/6#ip#test#vpn6 + +# You can control how dnsmasq talks to a server: this forces +# queries to 10.1.2.3 to be routed via eth1 +# server=10.1.2.3@eth1 + +# and this sets the source (ie local) address used to talk to +# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that +# IP on the machine, obviously). +# server=10.1.2.3@192.168.1.1#55 + +# If you want dnsmasq to change uid and gid to something other +# than the default, edit the following lines. +#user= +#group= + +# If you want dnsmasq to listen for DHCP and DNS requests only on +# specified interfaces (and the loopback) give the name of the +# interface (eg eth0) here. +# Repeat the line for more than one interface. +#interface= +# Or you can specify which interface _not_ to listen on +#except-interface= +# Or which to listen on by address (remember to include 127.0.0.1 if +# you use this.) +#listen-address= +# If you want dnsmasq to provide only DNS service on an interface, +# configure it as shown above, and then use the following line to +# disable DHCP and TFTP on it. +#no-dhcp-interface= + +# On systems which support it, dnsmasq binds the wildcard address, +# even when it is listening on only some interfaces. It then discards +# requests that it shouldn't reply to. This has the advantage of +# working even when interfaces come and go and change address. If you +# want dnsmasq to really bind only the interfaces it is listening on, +# uncomment this option. About the only time you may need this is when +# running another nameserver on the same machine. +#bind-interfaces + +# If you don't want dnsmasq to read /etc/hosts, uncomment the +# following line. +#no-hosts +# or if you want it to read another file, as well as /etc/hosts, use +# this. +#addn-hosts=/etc/banner_add_hosts + +# Set this (and domain: see below) if you want to have a domain +# automatically added to simple names in a hosts-file. +#expand-hosts + +# Set the domain for dnsmasq. this is optional, but if it is set, it +# does the following things. +# 1) Allows DHCP hosts to have fully qualified domain names, as long +# as the domain part matches this setting. +# 2) Sets the "domain" DHCP option thereby potentially setting the +# domain of all systems configured by DHCP +# 3) Provides the domain part for "expand-hosts" +#domain=thekelleys.org.uk + +# Set a different domain for a particular subnet +#domain=wireless.thekelleys.org.uk,192.168.2.0/24 + +# Same idea, but range rather then subnet +#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 + +# Uncomment this to enable the integrated DHCP server, you need +# to supply the range of addresses available for lease and optionally +# a lease time. If you have more than one network, you will need to +# repeat this for each network on which you want to supply DHCP +# service. +#dhcp-range=192.168.0.50,192.168.0.150,12h + +# This is an example of a DHCP range where the netmask is given. This +# is needed for networks we reach the dnsmasq DHCP server via a relay +# agent. If you don't know what a DHCP relay agent is, you probably +# don't need to worry about this. +#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h + +# This is an example of a DHCP range which sets a tag, so that +# some DHCP options may be set only for this network. +#dhcp-range=set:red,192.168.0.50,192.168.0.150 + +# Use this DHCP range only when the tag "green" is set. +#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h + +# Specify a subnet which can't be used for dynamic address allocation, +# is available for hosts with matching --dhcp-host lines. Note that +# dhcp-host declarations will be ignored unless there is a dhcp-range +# of some type for the subnet in question. +# In this case the netmask is implied (it comes from the network +# configuration on the machine running dnsmasq) it is possible to give +# an explicit netmask instead. +#dhcp-range=192.168.0.0,static + +# Enable DHCPv6. Note that the prefix-length does not need to be specified +# and defaults to 64 if missing/ +#dhcp-range=1234::2, 1234::500, 64, 12h + +# Do Router Advertisements, BUT NOT DHCP for this subnet. +#dhcp-range=1234::, ra-only + +# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and +# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack +# hosts. Use the DHCPv4 lease to derive the name, network segment and +# MAC address and assume that the host will also have an +# IPv6 address calculated using the SLAAC algorithm. +#dhcp-range=1234::, ra-names + +# Do Router Advertisements, BUT NOT DHCP for this subnet. +# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.) +#dhcp-range=1234::, ra-only, 48h + +# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA +# so that clients can use SLAAC addresses as well as DHCP ones. +#dhcp-range=1234::2, 1234::500, slaac + +# Do Router Advertisements and stateless DHCP for this subnet. Clients will +# not get addresses from DHCP, but they will get other configuration information. +# They will use SLAAC for addresses. +#dhcp-range=1234::, ra-stateless + +# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses +# from DHCPv4 leases. +#dhcp-range=1234::, ra-stateless, ra-names + +# Do router advertisements for all subnets where we're doing DHCPv6 +# Unless overridden by ra-stateless, ra-names, et al, the router +# advertisements will have the M and O bits set, so that the clients +# get addresses and configuration from DHCPv6, and the A bit reset, so the +# clients don't use SLAAC addresses. +#enable-ra + +# Supply parameters for specified hosts using DHCP. There are lots +# of valid alternatives, so we will give examples of each. Note that +# IP addresses DO NOT have to be in the range given above, they just +# need to be on the same network. The order of the parameters in these +# do not matter, it's permissible to give name, address and MAC in any +# order. + +# Always allocate the host with Ethernet address 11:22:33:44:55:66 +# The IP address 192.168.0.60 +#dhcp-host=11:22:33:44:55:66,192.168.0.60 + +# Always set the name of the host with hardware address +# 11:22:33:44:55:66 to be "fred" +#dhcp-host=11:22:33:44:55:66,fred + +# Always give the host with Ethernet address 11:22:33:44:55:66 +# the name fred and IP address 192.168.0.60 and lease time 45 minutes +#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m + +# Give a host with Ethernet address 11:22:33:44:55:66 or +# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume +# that these two Ethernet interfaces will never be in use at the same +# time, and give the IP address to the second, even if it is already +# in use by the first. Useful for laptops with wired and wireless +# addresses. +#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 + +# Give the machine which says its name is "bert" IP address +# 192.168.0.70 and an infinite lease +#dhcp-host=bert,192.168.0.70,infinite + +# Always give the host with client identifier 01:02:02:04 +# the IP address 192.168.0.60 +#dhcp-host=id:01:02:02:04,192.168.0.60 + +# Always give the InfiniBand interface with hardware address +# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the +# ip address 192.168.0.61. The client id is derived from the prefix +# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of +# hex digits of the hardware address. +#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61 + +# Always give the host with client identifier "marjorie" +# the IP address 192.168.0.60 +#dhcp-host=id:marjorie,192.168.0.60 + +# Enable the address given for "judge" in /etc/hosts +# to be given to a machine presenting the name "judge" when +# it asks for a DHCP lease. +#dhcp-host=judge + +# Never offer DHCP service to a machine whose Ethernet +# address is 11:22:33:44:55:66 +#dhcp-host=11:22:33:44:55:66,ignore + +# Ignore any client-id presented by the machine with Ethernet +# address 11:22:33:44:55:66. This is useful to prevent a machine +# being treated differently when running under different OS's or +# between PXE boot and OS boot. +#dhcp-host=11:22:33:44:55:66,id:* + +# Send extra options which are tagged as "red" to +# the machine with Ethernet address 11:22:33:44:55:66 +#dhcp-host=11:22:33:44:55:66,set:red + +# Send extra options which are tagged as "red" to +# any machine with Ethernet address starting 11:22:33: +#dhcp-host=11:22:33:*:*:*,set:red + +# Give a fixed IPv6 address and name to client with +# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 +# Note the MAC addresses CANNOT be used to identify DHCPv6 clients. +# Note also that the [] around the IPv6 address are obligatory. +#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] + +# Ignore any clients which are not specified in dhcp-host lines +# or /etc/ethers. Equivalent to ISC "deny unknown-clients". +# This relies on the special "known" tag which is set when +# a host is matched. +#dhcp-ignore=tag:!known + +# Send extra options which are tagged as "red" to any machine whose +# DHCP vendorclass string includes the substring "Linux" +#dhcp-vendorclass=set:red,Linux + +# Send extra options which are tagged as "red" to any machine one +# of whose DHCP userclass strings includes the substring "accounts" +#dhcp-userclass=set:red,accounts + +# Send extra options which are tagged as "red" to any machine whose +# MAC address matches the pattern. +#dhcp-mac=set:red,00:60:8C:*:*:* + +# If this line is uncommented, dnsmasq will read /etc/ethers and act +# on the ethernet-address/IP pairs found there just as if they had +# been given as --dhcp-host options. Useful if you keep +# MAC-address/host mappings there for other purposes. +#read-ethers + +# Send options to hosts which ask for a DHCP lease. +# See RFC 2132 for details of available options. +# Common options can be given to dnsmasq by name: +# run "dnsmasq --help dhcp" to get a list. +# Note that all the common settings, such as netmask and +# broadcast address, DNS server and default route, are given +# sane defaults by dnsmasq. You very likely will not need +# any dhcp-options. If you use Windows clients and Samba, there +# are some options which are recommended, they are detailed at the +# end of this section. + +# Override the default route supplied by dnsmasq, which assumes the +# router is the same machine as the one running dnsmasq. +#dhcp-option=3,1.2.3.4 + +# Do the same thing, but using the option name +#dhcp-option=option:router,1.2.3.4 + +# Override the default route supplied by dnsmasq and send no default +# route at all. Note that this only works for the options sent by +# default (1, 3, 6, 12, 28) the same line will send a zero-length option +# for all other option numbers. +#dhcp-option=3 + +# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 +#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 + +# Send DHCPv6 option. Note [] around IPv6 addresses. +#dhcp-option=option6:dns-server,[1234::77],[1234::88] + +# Send DHCPv6 option for namservers as the machine running +# dnsmasq and another. +#dhcp-option=option6:dns-server,[::],[1234::88] + +# Ask client to poll for option changes every six hours. (RFC4242) +#dhcp-option=option6:information-refresh-time,6h + +# Set option 58 client renewal time (T1). Defaults to half of the +# lease time if not specified. (RFC2132) +#dhcp-option=option:T1,1m + +# Set option 59 rebinding time (T2). Defaults to 7/8 of the +# lease time if not specified. (RFC2132) +#dhcp-option=option:T2,2m + +# Set the NTP time server address to be the same machine as +# is running dnsmasq +#dhcp-option=42,0.0.0.0 + +# Set the NIS domain name to "welly" +#dhcp-option=40,welly + +# Set the default time-to-live to 50 +#dhcp-option=23,50 + +# Set the "all subnets are local" flag +#dhcp-option=27,1 + +# Send the etherboot magic flag and then etherboot options (a string). +#dhcp-option=128,e4:45:74:68:00:00 +#dhcp-option=129,NIC=eepro100 + +# Specify an option which will only be sent to the "red" network +# (see dhcp-range for the declaration of the "red" network) +# Note that the tag: part must precede the option: part. +#dhcp-option = tag:red, option:ntp-server, 192.168.1.1 + +# The following DHCP options set up dnsmasq in the same way as is specified +# for the ISC dhcpcd in +# https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt +# adapted for a typical dnsmasq installation where the host running +# dnsmasq is also the host running samba. +# you may want to uncomment some or all of them if you use +# Windows clients and Samba. +#dhcp-option=19,0 # option ip-forwarding off +#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) +#dhcp-option=45,0.0.0.0 # netbios datagram distribution server +#dhcp-option=46,8 # netbios node type + +# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave. +#dhcp-option=252,"\n" + +# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client +# probably doesn't support this...... +#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com + +# Send RFC-3442 classless static routes (note the netmask encoding) +#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 + +# Send vendor-class specific options encapsulated in DHCP option 43. +# The meaning of the options is defined by the vendor-class so +# options are sent only when the client supplied vendor class +# matches the class given here. (A substring match is OK, so "MSFT" +# matches "MSFT" and "MSFT 5.0"). This example sets the +# mtftp address to 0.0.0.0 for PXEClients. +#dhcp-option=vendor:PXEClient,1,0.0.0.0 + +# Send microsoft-specific option to tell windows to release the DHCP lease +# when it shuts down. Note the "i" flag, to tell dnsmasq to send the +# value as a four-byte integer - that's what microsoft wants. See +# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true +#dhcp-option=vendor:MSFT,2,1i + +# Send the Encapsulated-vendor-class ID needed by some configurations of +# Etherboot to allow is to recognise the DHCP server. +#dhcp-option=vendor:Etherboot,60,"Etherboot" + +# Send options to PXELinux. Note that we need to send the options even +# though they don't appear in the parameter request list, so we need +# to use dhcp-option-force here. +# See http://syslinux.zytor.com/pxe.php#special for details. +# Magic number - needed before anything else is recognised +#dhcp-option-force=208,f1:00:74:7e +# Configuration file name +#dhcp-option-force=209,configs/common +# Path prefix +#dhcp-option-force=210,/tftpboot/pxelinux/files/ +# Reboot time. (Note 'i' to send 32-bit value) +#dhcp-option-force=211,30i + +# Set the boot filename for netboot/PXE. You will only need +# this if you want to boot machines over the network and you will need +# a TFTP server; either dnsmasq's built-in TFTP server or an +# external one. (See below for how to enable the TFTP server.) +#dhcp-boot=pxelinux.0 + +# The same as above, but use custom tftp-server instead machine running dnsmasq +#dhcp-boot=pxelinux,server.name,192.168.1.100 + +# Boot for iPXE. The idea is to send two different +# filenames, the first loads iPXE, and the second tells iPXE what to +# load. The dhcp-match sets the ipxe tag for requests from iPXE. +#dhcp-boot=undionly.kpxe +#dhcp-match=set:ipxe,175 # iPXE sends a 175 option. +#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php + +# Encapsulated options for iPXE. All the options are +# encapsulated within option 175 +#dhcp-option=encap:175, 1, 5b # priority code +#dhcp-option=encap:175, 176, 1b # no-proxydhcp +#dhcp-option=encap:175, 177, string # bus-id +#dhcp-option=encap:175, 189, 1b # BIOS drive code +#dhcp-option=encap:175, 190, user # iSCSI username +#dhcp-option=encap:175, 191, pass # iSCSI password + +# Test for the architecture of a netboot client. PXE clients are +# supposed to send their architecture as option 93. (See RFC 4578) +#dhcp-match=peecees, option:client-arch, 0 #x86-32 +#dhcp-match=itanics, option:client-arch, 2 #IA64 +#dhcp-match=hammers, option:client-arch, 6 #x86-64 +#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64 + +# Do real PXE, rather than just booting a single file, this is an +# alternative to dhcp-boot. +#pxe-prompt="What system shall I netboot?" +# or with timeout before first available action is taken: +#pxe-prompt="Press F8 for menu.", 60 + +# Available boot services. for PXE. +#pxe-service=x86PC, "Boot from local disk" + +# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server. +#pxe-service=x86PC, "Install Linux", pxelinux + +# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4. +# Beware this fails on old PXE ROMS. +#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4 + +# Use bootserver on network, found my multicast or broadcast. +#pxe-service=x86PC, "Install windows from RIS server", 1 + +# Use bootserver at a known IP address. +#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4 + +# If you have multicast-FTP available, +# information for that can be passed in a similar way using options 1 +# to 5. See page 19 of +# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf + + +# Enable dnsmasq's built-in TFTP server +#enable-tftp + +# Set the root directory for files available via FTP. +#tftp-root=/var/ftpd + +# Do not abort if the tftp-root is unavailable +#tftp-no-fail + +# Make the TFTP server more secure: with this set, only files owned by +# the user dnsmasq is running as will be send over the net. +#tftp-secure + +# This option stops dnsmasq from negotiating a larger blocksize for TFTP +# transfers. It will slow things down, but may rescue some broken TFTP +# clients. +#tftp-no-blocksize + +# Set the boot file name only when the "red" tag is set. +#dhcp-boot=tag:red,pxelinux.red-net + +# An example of dhcp-boot with an external TFTP server: the name and IP +# address of the server are given after the filename. +# Can fail with old PXE ROMS. Overridden by --pxe-service. +#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 + +# If there are multiple external tftp servers having a same name +# (using /etc/hosts) then that name can be specified as the +# tftp_servername (the third option to dhcp-boot) and in that +# case dnsmasq resolves this name and returns the resultant IP +# addresses in round robin fashion. This facility can be used to +# load balance the tftp load among a set of servers. +#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name + +# Set the limit on DHCP leases, the default is 150 +#dhcp-lease-max=150 + +# The DHCP server needs somewhere on disk to keep its lease database. +# This defaults to a sane location, but if you want to change it, use +# the line below. +#dhcp-leasefile=/var/lib/misc/dnsmasq.leases + +# Set the DHCP server to authoritative mode. In this mode it will barge in +# and take over the lease for any client which broadcasts on the network, +# whether it has a record of the lease or not. This avoids long timeouts +# when a machine wakes up on a new network. DO NOT enable this if there's +# the slightest chance that you might end up accidentally configuring a DHCP +# server for your campus/company accidentally. The ISC server uses +# the same option, and this URL provides more information: +# http://www.isc.org/files/auth.html +#dhcp-authoritative + +# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. +# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit +# option with a DHCPACK including a Rapid Commit option and fully committed address +# and configuration information. This must only be enabled if either the server is +# the only server for the subnet, or multiple servers are present and they each +# commit a binding for all clients. +#dhcp-rapid-commit + +# Run an executable when a DHCP lease is created or destroyed. +# The arguments sent to the script are "add" or "del", +# then the MAC address, the IP address and finally the hostname +# if there is one. +#dhcp-script=/bin/echo + +# Set the cachesize here. +#cache-size=150 + +# If you want to disable negative caching, uncomment this. +#no-negcache + +# Normally responses which come from /etc/hosts and the DHCP lease +# file have Time-To-Live set as zero, which conventionally means +# do not cache further. If you are happy to trade lower load on the +# server for potentially stale date, you can set a time-to-live (in +# seconds) here. +#local-ttl= + +# If you want dnsmasq to detect attempts by Verisign to send queries +# to unregistered .com and .net hosts to its sitefinder service and +# have dnsmasq instead return the correct NXDOMAIN response, uncomment +# this line. You can add similar lines to do the same for other +# registries which have implemented wildcard A records. +#bogus-nxdomain=64.94.110.11 + +# If you want to fix up DNS results from upstream servers, use the +# alias option. This only works for IPv4. +# This alias makes a result of 1.2.3.4 appear as 5.6.7.8 +#alias=1.2.3.4,5.6.7.8 +# and this maps 1.2.3.x to 5.6.7.x +#alias=1.2.3.0,5.6.7.0,255.255.255.0 +# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 +#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 + +# Change these lines if you want dnsmasq to serve MX records. + +# Return an MX record named "maildomain.com" with target +# servermachine.com and preference 50 +#mx-host=maildomain.com,servermachine.com,50 + +# Set the default target for MX records created using the localmx option. +#mx-target=servermachine.com + +# Return an MX record pointing to the mx-target for all local +# machines. +#localmx + +# Return an MX record pointing to itself for all local machines. +#selfmx + +# Change the following lines if you want dnsmasq to serve SRV +# records. These are useful if you want to serve ldap requests for +# Active Directory and other windows-originated DNS requests. +# See RFC 2782. +# You may add multiple srv-host lines. +# The fields are <name>,<target>,<port>,<priority>,<weight> +# If the domain part if missing from the name (so that is just has the +# service and protocol sections) then the domain given by the domain= +# config option is used. (Note that expand-hosts does not need to be +# set for this to work.) + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 389 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 389 (using domain=) +#domain=example.com +#srv-host=_ldap._tcp,ldapserver.example.com,389 + +# Two SRV records for LDAP, each with different priorities +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 + +# A SRV record indicating that there is no LDAP server for the domain +# example.com +#srv-host=_ldap._tcp.example.com + +# The following line shows how to make dnsmasq serve an arbitrary PTR +# record. This is useful for DNS-SD. (Note that the +# domain-name expansion done for SRV records _does_not +# occur for PTR records.) +#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" + +# Change the following lines to enable dnsmasq to serve TXT records. +# These are used for things like SPF and zeroconf. (Note that the +# domain-name expansion done for SRV records _does_not +# occur for TXT records.) + +#Example SPF. +#txt-record=example.com,"v=spf1 a -all" + +#Example zeroconf +#txt-record=_http._tcp.example.com,name=value,paper=A4 + +# Provide an alias for a "local" DNS name. Note that this _only_ works +# for targets which are names from DHCP or /etc/hosts. Give host +# "bert" another name, bertrand +#cname=bertrand,bert + +# For debugging purposes, log each DNS query as it passes through +# dnsmasq. +#log-queries + +# Log lots of extra information about DHCP transactions. +#log-dhcp + +# Include another lot of configuration options. +#conf-file=/etc/dnsmasq.more.conf +#conf-dir=/etc/dnsmasq.d + +# Include all the files in a directory except those ending in .bak +#conf-dir=/etc/dnsmasq.d,.bak + +# Include all files in a directory which end in .conf +#conf-dir=/etc/dnsmasq.d/,*.conf + +# If a DHCP client claims that its name is "wpad", ignore that. +# This fixes a security hole. see CERT Vulnerability VU#598349 +#dhcp-name-match=set:wpad-ignore,wpad +#dhcp-ignore-names=tag:wpad-ignore + +server=2001:4860:4860::8888 +server=2606:4700:4700::1111 +server=2620:fe::9 +server=8.8.8.8 +server=1.1.1.1 +server=9.9.9.9 diff --git a/etc/dovecot/dovecot.conf b/etc/dovecot/dovecot.conf index e7d11a07..b4001ada 100644 --- a/etc/dovecot/dovecot.conf +++ b/etc/dovecot/dovecot.conf @@ -1,8 +1,23 @@ +# https://doc.dovecot.org/2.4.2/installation/upgrade/2.3-to-2.4.html#default-settings +# needed for 2.4 +dovecot_config_version = 2.4.2 +dovecot_storage_version = 2.4.2 + # Edited from `doveconf -nP`, see https://doc.dovecot.org/2.3/configuration_manual/quick_configuration/#split-configuration-files -mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs +# https://doc.dovecot.org/2.4.2/installation/upgrade/2.3-to-2.4.html#converted-settings +# > mail_location setting & mail userdb field Split into multiple mail_* settings. +mail_driver = maildir +mail_path = ~/Mail +# https://doc.dovecot.org/2.4.1/core/config/mail_location.html#mail_inbox_path +mail_inbox_path = ~/Mail/Inbox +# https://doc.dovecot.org/2.4.1/core/config/mailbox_formats/maildir.html#directory-layout +# > use hierarchical directories, such as Maildir/folder/ Maildir/folder/subfolder/ +mailbox_list_layout = fs namespace inbox { inbox = yes - location = + # https://doc.dovecot.org/2.4.2/installation/upgrade/2.3-to-2.4.html#converted-settings + # namespace { location } setting is changed in 2.4, it is kinda no need to + # so I just removed, not remove will error mailbox Archive { auto = subscribe special_use = \Archive @@ -29,7 +44,9 @@ namespace inbox { } prefix = } -passdb { +# https://doc.dovecot.org/2.4.1/installation/upgrade/2.3-to-2.4.html#passdb-userdb-section-naming +# > passdb and userdb sections now require a name +passdb some_name { driver = pam } service auth { @@ -40,9 +57,16 @@ service auth { } } ssl = required -ssl_cert = </etc/postfix/flylightning.pem -ssl_dh = </etc/dovecot/dh.pem -ssl_key = </etc/postfix/flylightning.key -userdb { +# https://doc.dovecot.org/2.4.2/installation/upgrade/2.3-to-2.4.html#converted-settings +# ssl_cert, ssl_dh, ssl_key name changed +ssl_server_cert_file = /etc/postfix/flylightning.pem +ssl_server_dh_file = /etc/dovecot/dh.pem +ssl_server_key_file = /etc/postfix/flylightning.key +userdb some_name { driver = passwd } +# https://doc.dovecot.org/2.4.2/installation/upgrade/2.3-to-2.4.html#default-settings +# > No protocols are enabled by default. +# In the past, imap pop3 lmtp are enabled by default. Now none I only need +# imaps, so I put imap here +protocols = imap diff --git a/etc/highlight/filetypes.conf b/etc/highlight/filetypes.conf new file mode 100644 index 00000000..5028b5c3 --- /dev/null +++ b/etc/highlight/filetypes.conf @@ -0,0 +1,185 @@ +-- Filename and shebang mapping +-- +-- Add an entry for a language syntax which is occupied by multiple source file extensions. +-- If there is only one extension, just name the lang file accordingly and it will work (no entry needed here). +-- The filetype entries in gui_files/ext/fileopenfilter.conf should also be updated for the GUI file dialogs. +-- +-- Extensions can be configured for multiple languages (see "asm", which is assigned to assembler and fasm). +-- The command line (CLI) and Qt GUI builds handle ambiguous assignments as follows: +-- - CLI: the first association listed here will be used +-- - GUI: a syntax selection prompt will be shown +-- +-- If a filename has no extension by convention (ie. makefile), it may be added here nevertheless or be +-- configured as "Shebang". +-- +-- You can assign complete filenames to a syntax with "Filenames", see the "cmake" entry. +-- To define both filenames and extensions, add two separate entries (see "sh" entry). +-- +-- A default input encoding can be set with an EncodingHint attribute (requires v. 3.55). +-- +-- The first filetypes.conf found in a highlight search directory wins. See README.adoc for search dirs. +-- +-- You can override specific settings in ~/.highlight/filetypes.conf like this: +-- +-- dofile "/etc/highlight/filetypes.conf" +-- +-- table.insert(FileMapping, { Lang="yourlang", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?yourlang]] }) + +FileMapping = { + + { Lang="abap", Extensions={"abp"} }, + { Lang="ada", Extensions={"adb", "ads", "a", "gnad"} }, + { Lang="agda", Extensions={"lagda"} }, + { Lang="alan", Extensions={"alan", "i"} }, + { Lang="algol", Extensions={"alg"} }, + { Lang="ampl", Extensions={"dat", "run"} }, + { Lang="amtrix", Extensions={"s4", "s4t", "s4h", "hnd", "t4"} }, + { Lang="assembler", Extensions={"asm", "a51", "29k", "68s", "68x", "x86"} }, + { Lang="fasm", Extensions={"asm", "inc"} }, + { Lang="asp", Extensions={"aspx", "ashx", "ascx"} }, + { Lang="ats", Extensions={"dats"} }, + { Lang="aspect", Extensions={"was", "wud"} }, + { Lang="ballerina", Extensions={"bal"} }, + { Lang="bat", Extensions={"cmd"} }, + { Lang="c", Extensions={"c++", "cpp", "cxx", "cc", "h", "hh", "hxx", "hpp", "cu", "inl", "ipp", "ino", "ixx", "cppm"} }, + { Lang="cmake", Filenames={"CMakeLists.txt"} }, + { Lang="charmm", Extensions={"inp"} }, + { Lang="clojure", Extensions={"boot", "cl2", "clj", "cljscm", "cljx", "hic"} }, + { Lang="coldfusion", Extensions={"cfc","cfm"} }, + { Lang="cobol", Extensions={"cob", "cbl"} }, + { Lang="crystal", Extensions={"cr"} }, + { Lang="coffeescript", Extensions={"coffee", "cakefile", "cjsx", "coffee", "iced"} }, + { Lang="conf", Extensions={"anacrontab"} }, + { Lang="delphi", Extensions={"pas", "dpr"} }, + { Lang="diff", Extensions={"patch"} }, + { Lang="dts", Extensions={"dtsi"} }, + { Lang="eiffel", Extensions={"e", "se"} }, + { Lang="elixir", Extensions={"ex", "exs", "heex"} }, + { Lang="erlang", Extensions={"hrl", "erl", "xrl", "yrl"} }, + { Lang="euphoria", Extensions={"ex", "exw", "wxu", "ew", "eu"} }, + { Lang="fortran77", Extensions={"f", "for", "ftn"} }, + { Lang="fortran90", Extensions={"f95", "f90"} }, + { Lang="gambas", Extensions={"class"} }, + { Lang="gdscript", Extensions={"gd"} }, + { Lang="haskell", Extensions={"hs"} }, + { Lang="hugo", Extensions={"hug"} }, + { Lang="ini", Extensions={"doxyfile", "desktop", "kdev3", "reg", "cfg", "inf", "config", ".gitconfig", "service", "network"} }, + { Lang="jam", Extensions={"jam", "ham"} }, + { Lang="java", Extensions={"groovy", "grv", "jenkinsfile", "gradle"} }, + { Lang="javascript", Extensions={"js"} }, + { Lang="julia", Extensions={"jl"} }, + { Lang="kotlin", Extensions={"kt", "kts"} }, + { Lang="limbo", Extensions={"b"} }, + { Lang="lisp", Extensions={"cl", "clisp", "el", "lsp", "sbcl", "scom", "fas", "scm", "mud", "fasl" } }, + { Lang="makefile", Extensions={"mak", "mk", "gnumakefile"} }, + { Lang="meson", Filenames={ "meson.build", "meson_options.txt" } }, + { Lang="snmp", Extensions={"mib", "smi"} }, + { Lang="ocaml", Extensions={"ml","mli", "eliom", "eliomi", "ml4", "mll", "mly"} }, + { Lang="mod2", Extensions={"mod", "def"} }, + { Lang="mod3", Extensions={"m3", "i3"} }, + { Lang="oberon", Extensions={"ooc"} }, + { Lang="php", Extensions={"php3", "php4", "php5", "php6", "php7", "phps", "phpt"} }, + { Lang="pike", Extensions={"pmod"} }, + { Lang="pl1", Extensions={"ff", "fp", "fpp", "rpp","sf", "sp", "spb", + "spp","sps", "wp", "wf", "wpp","wps","wpb","bdy","spe"} }, + { Lang="perl", Extensions={"pl","perl", "cgi", "pm", "plx", "plex"} }, + { Lang="polygen", Extensions={"grm"} }, + { Lang="pro", Extensions={"pro"} }, + { Lang="qmake", Extensions={"pro"} }, + { Lang="progress", Extensions={"p", "i", "w"} }, + { Lang="purescript", Extensions={"purs"} }, + { Lang="ruby", Extensions={"rb","ruby", "pp", "rjs", "gemfile", "rakefile", "appfile", "appraisals", "berksfile", + "brewfile", "capfile", "cgi", "cheffile", "config.ru", "deliverfile", "fastfile", "fcgi", "gemspec", + "guardfile", "irbrc", "jbuilder", "podfile", "podspec", "prawn", "rabl", "rake", "rantfile", "rbx", + "scanfile", "simplecov", "snapfile", "thor", "thorfile", "vagrantfile" } }, + { Lang="rexx", Extensions={"rex", "rx", "the"} }, + { Lang="shellscript", Filenames={".zshrc", ".bashrc"} }, + { Lang="shellscript", Extensions={"sh", "bash", "zsh", "ebuild", "eclass"} }, + { Lang="smalltalk", Extensions={"st", "gst", "sq"} }, + { Lang="sybase", Extensions={"sp"} }, + { Lang="tcl", Extensions={"wish", "itcl"} }, + { Lang="tcsh", Extensions={"csh", "tcsh", ".cshrc", ".tcshrc"} }, + { Lang="terraform", Extensions={"tf", "tfvars"} }, + { Lang="tex", Extensions={"sty", "cls"} }, + { Lang="vb", Extensions={"bas", "basic", "bi", "vbs"} }, + { Lang="verilog", Extensions={"v"} }, + { Lang="html", Extensions={"htm", "xhtml", "twig", "jinja"} }, + { Lang="xml", Extensions={"sgm", "sgml", "nrm", "ent","hdr", "hub", "dtd", "glade", + "wml","vxml", "wml", "tld", "csproj","xsl", "ecf", "jnlp", "xsd", + "resx", "rng", "rss", "opml", "graphml"} }, + { Lang="fsharp", Extensions={"fs","fsi","fsx"} }, + { Lang="informix", Extensions={"4gl"} }, + { Lang="blitzbasic", Extensions={"bb"} }, + { Lang="innosetup", Extensions={"iss"} }, + { Lang="lotus", Extensions={"ls"} }, + { Lang="ascend", Extensions={"a4c"} }, + { Lang="actionscript", Extensions={"as"} }, + { Lang="express", Extensions={"exp"} }, + { Lang="hare", Extensions={"ha"} }, + { Lang="haxe", Extensions={"hx"} }, + { Lang="pyrex", Extensions={"pyx"} }, + + { Lang="abap4", Extensions={"abp"} }, + { Lang="csharp", Extensions={"cs"} }, + { Lang="interlis", Extensions={"ili"} }, + { Lang="logtalk", Extensions={"lgt"} }, + { Lang="matlab", Extensions={"m"} }, + { Lang="nsis", Extensions={"nsi", "nsh"} }, + { Lang="bison", Extensions={"y"} }, + { Lang="squirrel", Extensions={"nut"} }, + { Lang="luban", Extensions={"lbn"} }, + { Lang="maya", Extensions={"mel"} }, + { Lang="nemerle", Extensions={"n"} }, + { Lang="nim", Extensions={"nimble", "nimrod", "nims"} }, + { Lang="paradox", Extensions={"sc"} }, + { Lang="netrexx", Extensions={"nrx"} }, + { Lang="clearbasic", Extensions={"cb"} }, + { Lang="graphviz", Extensions={"dot"} }, + { Lang="small", Extensions={"sma"} }, + { Lang="autoit", Extensions={"au3"} }, + { Lang="chill", Extensions={"chl"} }, + { Lang="autohotkey", Extensions={"ahk"} }, + { Lang="fame", Extensions={"fame"} }, + { Lang="modelica", Extensions={"mo"} }, + { Lang="maple", Extensions={"mpl"} }, + { Lang="jasmin", Extensions={"j"} }, + { Lang="snobol", Extensions={"sno"} }, + { Lang="icon", Extensions={"icn"} }, + { Lang="felix", Extensions={"flx"} }, + { Lang="lindenscript", Extensions={"lsl"} }, + { Lang="lilypond", Extensions={"ly"} }, + { Lang="nasal", Extensions={"nas"} }, + { Lang="clean", Extensions={"icl"} }, + { Lang="bibtex", Extensions={"bib"} }, + { Lang="python", Extensions={"py", "py3", "pyw", "pyi", "pyx", "pxd", "pxi", "rpy", "cpy", + "sconstruct", "gyp", "gypi", "snakefile", "wscript" } }, + { Lang="python", Filenames={"SConstruct"} }, + { Lang="rust", Extensions={"rs"} }, + + { Lang="txt", Extensions={"text"} }, + { Lang="n3", Extensions={"ttl", "nt"} }, + { Lang="biferno", Extensions={"bfr"} }, + { Lang="scilab", Extensions={"sci", "sce"} }, + { Lang="msl", Extensions={"nbs"} }, + { Lang="yaml", Extensions={"yml"} }, + { Lang="vimscript", Extensions={"vim", "vimrc", "gvimrc"} }, + { Lang="purebasic", Extensions={"pb", "pbi", "pbf"} }, + { Lang="markdown", Extensions={"md", "markdown", "mdwn", "mdx", "mkd", "mkdn", "mkdown", "ronn", "workbook"} }, + { Lang="clojure", Extensions={"clj", "cljc", "cljs", "edn"} }, + { Lang="solidity", Extensions={"sol"} }, + { Lang="powershell", Extensions={"ps1", "psm1", "psd1"} }, + { Lang="typescript", Extensions={"ts"} }, + + { Lang="exapunks", Extensions={"exapunks", "exa"} }, + { Lang="exapunks", Shebang=[[^(?i:NOTE\sEXAPUNKS)\b]] }, + + { Lang="xml", Shebang=[[^\s*<\?xml\s+version=\"1\.0\"\s+[^(>)]*?>\s*$]] }, + { Lang="shellscript", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?([bd]ash|t?csh|[akz]?sh)]] }, + { Lang="makefile",Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?make]] }, + { Lang="awk", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?[gnm]?awk]] }, + { Lang="perl", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?perl]] }, + { Lang="python", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?python]] }, + { Lang="ruby", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?ruby]] }, + { Lang="php", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?php]] }, + { Lang="javascript", Shebang=[[^#!\s*(/usr)?(/local)?/bin/(env\s+)?node]] } +} diff --git a/etc/myconf/cfgl_meta b/etc/myconf/cfgl_meta index 111342b8..92955539 100644 --- a/etc/myconf/cfgl_meta +++ b/etc/myconf/cfgl_meta @@ -4,9 +4,13 @@ 600 root root //etc/.cfgl/config.worktree 700 root root //etc/.cfgl/info 600 root root //etc/.cfgl/info/sparse-checkout +644 root root //etc/cgitrc +644 root root //etc/dnsmasq.conf 755 root root //etc/dovecot 644 root root //etc/dovecot/dovecot.conf 644 root root //etc/fstab +755 root root //etc/highlight +644 root root //etc/highlight/filetypes.conf 644 root root //etc/hostname 644 root root //etc/locale.conf 644 root root //etc/locale.gen @@ -17,20 +21,23 @@ 755 root root //etc/myconf 600 root root //etc/myconf/cfgl_meta 644 root root //etc/nftables.conf +755 root root //etc/nginx +644 root root //etc/nginx/nginx.conf 700 opendkim mail //etc/opendkim 644 opendkim mail //etc/opendkim/opendkim.conf 755 root root //etc/opendmarc 640 opendmarc mail //etc/opendmarc/opendmarc.conf 644 root root //etc/pacman.conf +755 root root //etc/pacman.d +755 root root //etc/pacman.d/hooks +644 root root //etc/pacman.d/hooks/highlight-css.hook 755 root root //etc/postfix 644 root root //etc/postfix/aliases 644 root root //etc/postfix/main.cf 644 root root //etc/postfix/master.cf -777 root root //etc/resolv.conf +644 root root //etc/resolv.conf 644 root root //etc/services 755 root root //etc/ssh -755 root root //etc/ssh/ssh_config.d -644 root root //etc/ssh/ssh_config.d/my_ssh_config.conf 644 root root //etc/ssh/sshd_config 440 root root //etc/sudoers 755 root root //etc/sysctl.d @@ -47,8 +54,12 @@ 644 root root //etc/systemd/system/opendmarc.service.d/override.conf 755 root root //etc/systemd/system/paccache.service.d 644 root root //etc/systemd/system/paccache.service.d/20-remove-all-uninstalled.conf +755 root root //etc/systemd/system/sockets.target.wants +777 root root //etc/systemd/system/sockets.target.wants/uwsgi@cgit.socket 755 root root //etc/tmpfiles.d 644 root root //etc/tmpfiles.d/opendmarc.conf +755 root root //etc/uwsgi +644 root root //etc/uwsgi/cgit.ini 755 root root //home 700 xyz wheel //home/xyz 644 xyz wheel //home/xyz/.bashrc @@ -71,3 +82,24 @@ 644 xyz wheel //home/xyz/.profile 700 xyz wheel //home/xyz/.ssh 600 xyz wheel //home/xyz/.ssh/authorized_keys +755 root root //srv +755 root root //srv/http +755 root root //srv/http/master +644 root root //srv/http/master/index.html +644 root root //srv/http/master/pub_pgp_key.asc +644 root root //srv/http/master/pub_ssh_key.txt +755 root root //usr +755 root root //usr/lib +755 root root //usr/lib/cgit +755 root root //usr/lib/cgit/filters +755 root root //usr/lib/cgit/filters/about-formatting-edited.sh +755 root root //usr/lib/cgit/filters/syntax-highlighting-edited.sh +755 root root //usr/share +755 root root //usr/share/webapps +755 root root //usr/share/webapps/cgit +644 root root //usr/share/webapps/cgit/highlight.css +644 root root //usr/share/webapps/cgit/mycgit.css +755 root root //var +755 root root //var/lib +750 gitolite gitolite //var/lib/gitolite +600 gitolite gitolite //var/lib/gitolite/.gitolite.rc diff --git a/etc/nftables.conf b/etc/nftables.conf index 1ea06d6b..0f1aceeb 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -19,28 +19,27 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - iifname $wg_iface accept comment "allow from wireguard" + iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip" ip protocol icmp accept meta l4proto ipv6-icmp accept tcp dport ssh accept - #tcp dport qbt-nox accept - #tcp dport qbt accept - #udp dport qbt accept #tcp dport iperf3 accept udp dport wireguard accept - udp dport swgp accept - # for acme.sh standalone mode builtin webserver to renew ssl cert tcp dport http accept + tcp dport https accept + # http3 quic + # seems no need open port 80 udp for http3, see https://serverfault.com/q/1185886 + udp dport https accept # email related ports tcp dport smtp accept - tcp dport pop3 accept - tcp dport imap accept + #tcp dport pop3 accept + #tcp dport imap accept tcp dport submissions accept tcp dport submission accept tcp dport imaps accept - tcp dport pop3s accept - tcp dport monerod-p2p accept + #tcp dport pop3s accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" @@ -72,14 +71,6 @@ table inet nat { # newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }` if has `chain postrouting` # also vice versa, no need `chain postrouting` if has `chain prerouting` # more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ - chain prerouting { - type nat hook prerouting priority -100 - policy accept - # port forwarding from client - # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet - iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p - iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p - } # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface chain postrouting { type nat hook postrouting priority 100 @@ -87,8 +78,5 @@ table inet nat { # Needed for VPN. Needed for port forwarding from cilent with VPN through server # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#default-route oifname $pub_iface masquerade - # needed for port forwarding from client without VPN through server - # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#masquerading - #oifname $wg_iface masquerade } } diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 00000000..4fad34f0 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,227 @@ + +#user http; +# https://freenginx.org/en/docs/ngx_core_module.html#worker_processes +worker_processes auto; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + # nginx warning in journal or `sudo nginx -t`: "could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size" + # default is 1024, I increased to 2048 and still throws warning, I increase 4096 and warning is gone + # not fully understood + # https://wiki.archlinux.org/title/nginx#Warning:_Could_not_build_optimal_types_hash + # https://nginx.org/en/docs/http/ngx_http_core_module.html + # https://nginx.org/en/docs/hash.html + # https://nginx.org/en/docs/http/server_names.html + types_hash_max_size 4096; + + # https://freenginx.org/en/docs/http/ngx_http_v2_module.html#example + http2 on; + + server { + listen 80; + # needed for ipv6 + listen [::]:80; + # needed for http3 quic + # https://freenginx.org/en/docs/quic.html + # https://oheng.com/enabling-http-3-under-nginx/ + # + # http3 quic can be testd with https://http3check.net + # + # Note reuseport should only be used once per address:port pair. + # https://serverfault.com/a/1000428 points out that + # https://freenginx.org/en/docs/http/ngx_http_core_module.html#listen + # wrote: "The listen directive can have several additional parameters + # specific to socket-related system calls. These parameters can be + # specified in any listen directive, but only once for a given + # address:port pair." Also see https://stackoverflow.com/q/76348128 + listen 443 quic reuseport; + listen [::]:443 quic reuseport; + # https://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server + listen 443 ssl; + listen [::]:443 ssl; + server_name flylightning.xyz; + + ssl_certificate /etc/postfix/flylightning.pem; + ssl_certificate_key /etc/postfix/flylightning.key; + + # needed for http3 quic + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Svc + add_header Alt-Svc 'h3=":443"; ma=86400'; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root /srv/http/master; + index index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + #error_page 500 502 503 504 /50x.html; + #location = /50x.html { + # root /usr/share/nginx/html; + #} + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + server { + listen 80; + listen [::]:80; + listen 443 quic; + listen [::]:443 quic; + listen 443 ssl; + listen [::]:443 ssl; + server_name mirrors.flylightning.xyz; + + ssl_certificate /etc/postfix/flylightning.pem; + ssl_certificate_key /etc/postfix/flylightning.key; + + add_header Alt-Svc 'h3=":443"; ma=86400'; + + location / { + root /srv/http/mirrors; + autoindex on; + } + } + + # https://wiki.archlinux.org/title/Cgit#Using_uwsgi + # https://wiki.gentoo.org/wiki/User:Halcon/HOWTO_cgit_uwsgi_nginx + # https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html + # https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html + # https://stackoverflow.com/questions/16182421/cgit-and-nginx-url-rewrite + server { + listen 80; + listen [::]:80; + listen 443 quic; + listen [::]:443 quic; + listen 443 ssl; + listen [::]:443 ssl; + server_name git.flylightning.xyz; + root /usr/share/webapps/cgit; + + ssl_certificate /etc/postfix/flylightning.pem; + ssl_certificate_key /etc/postfix/flylightning.key; + + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # about nginx location regex: + # - https://nginx.org/en/docs/http/ngx_http_core_module.html#location + # - https://stackoverflow.com/a/59846239 + # - note in nginx / only means / and no other meaning, so no need \/ + # - ~ means case-sensitive regex + # about (?:) non-capturing group: + # - https://manifold.net/doc/radian/why_do_non-capture_groups_exist_.htm + # - non-capturing group won't capture things inside () which may use later like in sed \1 + # - note: I don't think sed support ?: , because POSIX ERE and BRE doesn't seem to support ?: + # - maybe improve a little bit performance by not storing things (not tested, also I did not read the source code) + # Serve static files with nginx + location ~ ^/(?:cgit\.(?:css|png|js)|robots\.txt|highlight\.css|mycgit\.css|favicon\.ico)$ { + root /usr/share/webapps/cgit; + expires 30d; + } + location / { + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/cgit.sock; + } + } + + # needed for acme.sh to renew mail.flylightning.xyz + server { + listen 80; + listen [::]:80; + server_name mail.flylightning.xyz; + } +} + +# vim: expandtab diff --git a/etc/pacman.d/hooks/highlight-css.hook b/etc/pacman.d/hooks/highlight-css.hook new file mode 100644 index 00000000..f14acaa7 --- /dev/null +++ b/etc/pacman.d/hooks/highlight-css.hook @@ -0,0 +1,13 @@ +[Trigger] +Type = Package +Operation = Install +Operation = Upgrade +Target = highlight + +[Action] +Description = Upgrading highlight.css for cgit syntax highlighting... +When = PostTransaction +# mycgit.css import this highlight.css and cgit.css, for syntax-highlighting-edited.sh +# because cgit.css is not pacman backup file and will be overwritten when upgrade cgit +Exec = /usr/bin/sh -c '/usr/bin/mkdir -p /usr/share/webapps/cgit && /usr/bin/highlight -O xhtml --print-style -o /usr/share/webapps/cgit/highlight.css' +Depends = highlight diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index 63fa4261..0d45fedd 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -743,5 +743,5 @@ sample_directory = /etc/postfix # readme_directory = /usr/share/doc/postfix inet_protocols = ipv4 -meta_directory = /etc/postfix shlib_directory = /usr/lib/postfix +meta_directory = /etc/postfix diff --git a/etc/resolv.conf b/etc/resolv.conf index 36396629..647b840f 120000..100644 --- a/etc/resolv.conf +++ b/etc/resolv.conf @@ -1 +1,3 @@ -/run/systemd/resolve/stub-resolv.conf
\ No newline at end of file +nameserver ::1 +nameserver 127.0.0.1 +options trust-ad diff --git a/etc/services b/etc/services index a7275932..fe9042b6 100644 --- a/etc/services +++ b/etc/services @@ -455,6 +455,7 @@ fxp 286/tcp fxp 286/udp k-block 287/tcp k-block 287/udp +tacacss 300/tcp novastorbakcup 308/tcp novastorbakcup 308/udp entrusttime 309/tcp @@ -1315,12 +1316,6 @@ pkix-3-ca-ra 829/tcp pkix-3-ca-ra 829/udp netconf-ssh 830/tcp netconf-ssh 830/udp -netconf-beep 831/tcp -netconf-beep 831/udp -netconfsoaphttp 832/tcp -netconfsoaphttp 832/udp -netconfsoapbeep 833/tcp -netconfsoapbeep 833/udp dhcp-failover2 847/tcp dhcp-failover2 847/udp gdoi 848/tcp @@ -7675,8 +7670,8 @@ perrla 4313/tcp choiceview-agt 4314/tcp choiceview-clt 4316/tcp opentelemetry 4317/tcp -fox-skytale 4319/tcp -fox-skytale 4319/udp +skytale 4319/tcp +skytale 4319/udp fdt-rcatp 4320/tcp fdt-rcatp 4320/udp rwhois 4321/tcp @@ -7799,8 +7794,8 @@ netcabinet-com 4409/tcp itwo-server 4410/tcp found 4411/tcp smallchat 4412/udp -avi-nms 4413/tcp -avi-nms-disc 4413/udp +vision-mon 4413/tcp +vision-mon-disc 4413/udp updog 4414/tcp brcd-vr-req 4415/tcp pjj-player 4416/tcp @@ -7875,6 +7870,7 @@ awacs-ice 4488/udp ipsec-nat-t 4500/tcp ipsec-nat-t 4500/udp a25-fap-fgw 4502/sctp +m-bus-oms 4503/udp armagetronad 4534/udp ehs 4535/tcp ehs 4535/udp @@ -8094,6 +8090,7 @@ vxlan-gpe 4790/udp roce 4791/udp unified-bus 4792/tcp unified-bus 4792/udp +uet 4793/udp iims 4800/tcp iims 4800/udp iwec 4801/tcp @@ -9671,6 +9668,7 @@ cuseeme 7648/tcp cuseeme 7648/udp rome 7663/tcp rome 7663/udp +authoritygate 7668/tcp imqstomp 7672/tcp imqstomps 7673/tcp imqtunnels 7674/tcp @@ -10478,6 +10476,7 @@ odnsp 9966/udp xybrid-rt 9978/tcp visweather 9979/tcp pumpkindb 9981/tcp +kaostransport 9986/tcp dsm-scm-target 9987/tcp dsm-scm-target 9987/udp nsesrvr 9988/tcp @@ -11013,6 +11012,7 @@ notezilla-lan 21010/tcp trinket-agent 21212/tcp cohesity-agent 21213/tcp aigairserver 21221/tcp +xahaud 21337/tcp rdm-tfs 21553/tcp dfserver 21554/tcp dfserver 21554/udp @@ -11127,6 +11127,7 @@ binkp 24554/tcp binkp 24554/udp bilobit 24577/tcp bilobit-update 24577/udp +udpstp 24601/udp sdtvwcam 24666/tcp canditv 24676/tcp canditv 24676/udp @@ -11442,8 +11443,8 @@ ciscocsdb 43441/udp z-wave-tunnel 44123/tcp pmcd 44321/tcp pmcd 44321/udp -pmcdproxy 44322/tcp -pmcdproxy 44322/udp +pmproxy 44322/tcp +pmproxy 44322/udp pmwebapi 44323/tcp cognex-dataman 44444/tcp acronis-backup 44445/tcp @@ -11462,6 +11463,8 @@ rs-status 45002/tcp synctest 45045/tcp invision-ag 45054/tcp invision-ag 45054/udp +witsnet 45185/tcp +witsnet 45185/udp cloudcheck 45514/tcp cloudcheck-ping 45514/udp eba 45678/tcp @@ -11516,10 +11519,5 @@ nusrp 49001/tcp nusdp-disc 49001/udp inspider 49150/tcp # my services -monerod-p2p 18080/tcp wireguard 49432/udp -# My ISP verizon block incomming to gateway port 22. So I need to use another port to ssh into my home server. -# https://www.reddit.com/r/verizon/comments/to1q43/verizon_5g_home_internet_blocking_ssh_service_port/ -ssh-isp 49812/tcp iperf3 53497/tcp -swgp 54635/udp diff --git a/etc/ssh/ssh_config.d/my_ssh_config.conf b/etc/ssh/ssh_config.d/my_ssh_config.conf deleted file mode 100644 index a5f1fca3..00000000 --- a/etc/ssh/ssh_config.d/my_ssh_config.conf +++ /dev/null @@ -1,2 +0,0 @@ -Host flylightning.xyz - Port ssh-isp diff --git a/etc/sudoers b/etc/sudoers index 94678ba5..faf0e3f7 100644 --- a/etc/sudoers +++ b/etc/sudoers @@ -128,7 +128,7 @@ root ALL=(ALL:ALL) ALL # %wheel ALL=(ALL:ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL:ALL) ALL +# %sudo ALL=(ALL:ALL) ALL ## Uncomment to allow any user to run sudo if they know the password ## of the user they are running the command as (root by default). diff --git a/etc/systemd/system/acme.sh.service.d/override.conf b/etc/systemd/system/acme.sh.service.d/override.conf index 722f60a6..d18024e2 100644 --- a/etc/systemd/system/acme.sh.service.d/override.conf +++ b/etc/systemd/system/acme.sh.service.d/override.conf @@ -1,2 +1,9 @@ +# Note need both /etc/nginx and /var/log/nginx, else acme.sh will error: "It +# seems that the nginx config is not correct, cannot continue." By editing +# /usr/share/acme.sh/acme.sh to change `nginx -t >/dev/null 2>&1` to `nginx +# -t`, we can see nginx's error log: "open() "/var/log/nginx/access.log" +# failed", this is the reason why /var/log/nginx is also included. Including +# both /etc/nginx and /var/log/nginx is also what I did on old studio laptop, +# see config_local_arch_studio repo. [Service] -ReadWritePaths=/etc/acme.sh /var/log/acme.sh /etc/postfix +ReadWritePaths=/etc/acme.sh /var/log/acme.sh /etc/postfix /etc/nginx /var/log/nginx diff --git a/etc/systemd/system/sockets.target.wants/uwsgi@cgit.socket b/etc/systemd/system/sockets.target.wants/uwsgi@cgit.socket new file mode 120000 index 00000000..ec2ebc97 --- /dev/null +++ b/etc/systemd/system/sockets.target.wants/uwsgi@cgit.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/uwsgi@.socket
\ No newline at end of file diff --git a/etc/uwsgi/cgit.ini b/etc/uwsgi/cgit.ini new file mode 100644 index 00000000..e2f750cb --- /dev/null +++ b/etc/uwsgi/cgit.ini @@ -0,0 +1,14 @@ +# https://wiki.archlinux.org/title/Cgit#Using_uwsgi +# https://wiki.gentoo.org/wiki/User:Halcon/HOWTO_cgit_uwsgi_nginx +# https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html +# https://uwsgi-docs.readthedocs.io/en/latest/Options.html +[uwsgi] +master = true +plugins = cgi +socket = /run/uwsgi/%n.sock +uid = http +gid = http +procname-master = uwsgi cgit +processes = 1 +threads = 2 +cgi = /usr/lib/cgit/cgit.cgi diff --git a/home/xyz/.bashrc b/home/xyz/.bashrc index 00660c0b..9857ec00 100644 --- a/home/xyz/.bashrc +++ b/home/xyz/.bashrc @@ -53,7 +53,12 @@ alias c=cfg alias cri='curl -Is' alias crig='curl -Is www.google.com' alias d='sdcv --color' -alias e='"$PAGER"' +# Using '"$PAGER"' will cause complete-alias unable to complete "e <tab>" and +# "e --<tab>". I don't know why alias v='"$EDITOR"' does not have this issue, I +# guess maybe it is related to less has some fzf completion? see `complete -p +# less` output is "complete -F _fzf_path_completion less". Temporary ignore +# shellcheck warnings about this if not met any issues. +alias e="$PAGER" # https://superuser.com/a/1202867 alias fdu="find . -maxdepth 1 -execdir du -sh '{}' \+ | sort -h" alias g=git @@ -63,13 +68,17 @@ alias grr='grep --color=auto -iIR' alias h=htop alias i=nsxiv alias j=journalctl +alias ju='journalctl --user' alias l='ls --color=auto -A --group-directories-first' alias ll='ls --color=auto -lAh --group-directories-first' #alias lo=loop alias lop='loop ping' alias lopd='loop ping 9.9.9.9' alias m=man +alias mpf='mpra -c "$HOME/programs/repos/fly/any/fsh-git"; sudo pacman -Sy fsh-git --noconfirm' alias p=pacman +# Pacman Qqne Redirect +alias pqr='pacman -Qqne > "$XDG_CONFIG_HOME/myconf/pacman_Qqne"; pacman -Qqme > "$XDG_CONFIG_HOME/myconf/pacman_Qqme"' alias pt=pactree alias pu=paru alias qre='qrencode -t utf8i -m 1' @@ -80,10 +89,6 @@ alias sa='ssh-add -l || ssh-add' alias se='sudo -E ' alias sp='ssh pp' alias spd='speedtest; librespeed-cli' -alias sst='ssh studio' -# \" to consider $HOME contain space, need \ else " will be expanded locally, need \$ else $HOME will expand locally -# can test with: alias mytest='ssh studio for i in \"\$SSH_CONNECTION\"\; do echo \$i\; echo a\; done' -alias sstm='ssh -t -- studio mpra -c \"\$HOME/programs/repos/fly/any/fsh-git\"' # can test this mess with `alias tt='echo "\$haha \"lala\""'` alias sun='printf "set \$Longitude \"-121.89\"\nset \$Latitude \"37.34\"\nrem [sunrise()] msg sunrise\nrem [sunset()] msg sunset" | remind -n -' # another way: @@ -94,6 +99,9 @@ alias y=systemctl alias yd='systemctl list-dependencies --all' alias ydr='systemctl list-dependencies --all --reverse' alias ye='systemctl list-unit-files --state=enabled' +# sYstemctl Enabled Redirect +alias yer='systemctl list-unit-files --state=enabled > "$XDG_CONFIG_HOME/myconf/sye"; systemctl --user list-unit-files --state=enabled > "$XDG_CONFIG_HOME/myconf/syue"' +alias yr='systemctl restart' alias ys='systemctl status' alias yu='systemctl --user' alias yue='systemctl --user list-unit-files --state=enabled' @@ -112,6 +120,7 @@ alias vrm='"$EDITOR" "$XDG_DOCUMENTS_DIR/notes/others/recurring_maintenance.md"' alias vt='"$EDITOR" "$XDG_DOCUMENTS_DIR/notes/others/tmp_mobile_notes.md"' alias xmr='monero-wallet-cli --config-file="$HOME/.bitmonero/monero-wallet-cli.conf"' alias xmrds='monerod status; monerod print_net_stats' +alias xr='xset r rate 250 30' alias za='zoxide add' #alias zq='zoxide query' #alias zqi='zoxide query -i' @@ -126,6 +135,7 @@ alias glmark2='glmark2 --fullscreen --annotate' alias grep='grep --color=auto' #alias info='info --vi-keys' alias ls='ls --color=auto' +alias nethogs='nethogs -C' alias radeontop='radeontop -c' alias rem='rem -@' alias remind='remind -@' diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 1ae88691..e1ae79b3 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -1,13 +1,12 @@ absolutely-proprietary acme.sh-systemd -atool2-git bash-complete-alias dashbinsh +freenginx-mainline grub-hook htop-vim librespeed-cli-bin neovim-plug paru-bin pipdeptree -swgp-go task-spooler diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 1996e583..1166a17e 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -1,17 +1,20 @@ -7zip base base-devel bash-completion btrfs-progs +cgit dash devtools +dnsmasq dovecot fastfetch fio fsh-git fzf git +gitolite grub +highlight ioping iotop-c iperf3 @@ -22,6 +25,7 @@ lostfiles lsof mailutils man-pages +md4c moreutils neovim nethogs @@ -41,7 +45,6 @@ python-pip rebuild-detector reflector shellcheck -socat speedtest-cli strace systemd-resolvconf @@ -50,11 +53,10 @@ testdisk tinyxxd traceroute tree -unrar-free -unzip +uwsgi +uwsgi-plugin-cgi vidir2-git wget wireguard-tools xdg-user-dirs -zip zoxide diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index a47a970f..5fd80224 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -1,16 +1,16 @@ UNIT FILE STATE PRESET +dnsmasq.service enabled disabled dovecot.service enabled disabled getty@.service enabled enabled nftables.service enabled disabled +nginx.service enabled disabled opendkim.service enabled disabled opendmarc.service enabled disabled postfix.service enabled disabled sshd.service enabled disabled -swgp-go.service enabled disabled systemd-network-generator.service enabled enabled systemd-networkd-wait-online.service enabled enabled systemd-networkd.service enabled enabled -systemd-resolved.service enabled enabled systemd-time-wait-sync.service enabled disabled systemd-timesyncd.service enabled enabled systemd-networkd.socket enabled disabled diff --git a/home/xyz/.config/myconf/syue b/home/xyz/.config/myconf/syue index a280d38a..e9f32533 100644 --- a/home/xyz/.config/myconf/syue +++ b/home/xyz/.config/myconf/syue @@ -1,5 +1,5 @@ -UNIT FILE STATE PRESET -xdg-user-dirs-update.service enabled enabled -p11-kit-server.socket enabled enabled +UNIT FILE STATE PRESET +xdg-user-dirs.service enabled enabled +p11-kit-server.socket enabled enabled 2 unit files listed. diff --git a/srv/http/master/index.html b/srv/http/master/index.html new file mode 100644 index 00000000..88de2a03 --- /dev/null +++ b/srv/http/master/index.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> +<head> +<title>flylightning's homepage</title> +</head> +<body> + +<p>My email: <a href="mailto:xyz@flylightning.xyz">xyz@flylightning.xyz</a></p> +<ul> + <li>Old email: <a href="mailto:gky44px1999@gmail.com">gky44px1999@gmail.com</a></li> +</ul> + +<p>My public PGP key: <a href="https://flylightning.xyz/pub_pgp_key.asc">https://flylightning.xyz/pub_pgp_key.asc</a></p> +<ul> + <li>PGP fingerprint: FDA389A17B94BCE0E2FA3D71842BFD347BE06812</li> +</ul> + +<p>My public ssh key: <a href="https://flylightning.xyz/pub_ssh_key.txt">https://flylightning.xyz/pub_ssh_key.txt</a></p> + +<p>My public git repositories:</p> +<ul> + <li>Issues and pull requests: <a href="https://codeberg.org/flyxyz123">https://codeberg.org/flyxyz123</a></li> + <li>Mirror: <a href="https://git.flylightning.xyz">https://git.flylightning.xyz</a></li> + <li>Archive: <a href="https://github.com/flyxyz123">https://github.com/flyxyz123</a></li> +</ul> + +<p>My Linux custom repositories: <a href="https://mirrors.flylightning.xyz">https://mirrors.flylightning.xyz</a></p> + +</body> +</html> diff --git a/srv/http/master/pub_pgp_key.asc b/srv/http/master/pub_pgp_key.asc new file mode 100644 index 00000000..1fff07c6 --- /dev/null +++ b/srv/http/master/pub_pgp_key.asc @@ -0,0 +1,100 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCOJncBEACdW7UUSxKbISs3KimLr1ayO3/pjgedzehXdOCstRQ9AJT9s33n +ZIEgR8NWMjbRCEvrrYqUEbylm8rLKlOR0j9qgebLavhsVDl0d+D6Hf+sDNZmuTz+ +SwJn5+0ZirrcwF3HM3ySUiR98sR/cd8w9V0VpXu9UPoOfmvVeT8lyOtEtHfgKsW8 +dYhMXJMK9UvRsTiyZMYc8FUPCJvQ3XgQUiv+i/+TYRanvG3/GVX6CN5CFWa2MU9W +4wS9YB36JbStRczcpbCzYKr3s32O7OqZwqjqD7Fl7fwcx8CppjgUn0AkhpKO8PCZ +Wi1IOJtVPw9EhmxD2RK5VjL0jP3EWhHoDV7TV4DHJLqfau04g4PINpVwUMm4e2HU +Jy9CV5Jk9gjQEXJzMCL8nFq/T2xGTqUcppnyrlLN6iTIbUWaU+Lpwe4i0xhSk2UI +gRgNQil9RCYC5HQnK3x0TX+80k+aDwdmhaEhUnF7v0L0HDw3RzSqkd8R84IFgFm8 +wVGRVXjYwWkcgR7l1Dx4hr2QhSdv0PkpZnd4rBeTdXv7X4A09jZyswhfjuxB3BFH +TZQQQNFXUDl2nSgG9YwjmIAtn0F6QNGpsXRH0ZfkbzKuX2olCjKWPDUwLxm91iMh +HCW6dQ5L7YrfDt2+R8+HMRiRNHUZCGeq3/OZjWAzi7mZQCfOaN4VwPQNtQARAQAB +tDdYaWFvIFBhbiAoZmx5eHl6MTIzIGdpdGh1YiBrZXkpIDxna3k0NHB4MTk5OUBn +bWFpbC5jb20+iQJOBBMBCAA4FiEE/aOJoXuUvODi+j1xhCv9NHvgaBIFAmCOJncC +GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQhCv9NHvgaBLOiA/8Cu8c9Dez +eq/ZmM0YOk+BkXNOkwqfk/aCcH0Zn4lotgMQRjRmZ8LE61F2uqyOZHaTBO11VSn0 +R6sjAXZgt0apjLY4RW+ntEeuBngULMikPQXij8x7dgvYW+DyhJayw7ypWPfSgick +3jO6ksLsBqM1aKOruRx8dpUQKoTdid9dPyXM+S/PCPwanXpsmL+e122rydqjBXKZ +jUt7SfZb8Vcfel0u+SXoL4i5xa6Esw7cP15sTtRURCC1rPbm2laXTdb0xViaAFpH +g3zX9yNJ0FoJEGjcLmQoI9l7srBc7uB1SENzJwO09Orgt3frCyAebugyZ37kQkUZ +Lr/x/K6nDjc95UQihR1a50UHW/N+7lHud1dUfY1xyEa60pD7+tX/WHsABR5Yp/Eb +sKCAzy3wFm/uWJGLx6aZWwgTop36eerkcAncsfFI3xnM9A6QhpsxPS51LDBUg9Ho +GkgDhvpxO3Ae4h/QO48h1wYxYw5dLkrxsA+fpcVXNPBj7iiUUZhXGptY3DwO/ET8 +ZdyaiK0CTCRD7dI7yMRfbGu5tT6gXAiXUkXKnRpZdeMDqE3vgXG7S+teC/qbXWaL +jnAzL/E2MhE/dTfFqfxXSQbwxp0qyMUkad1ysjrjxh0teMsV5jLhBdvvK/0W+1bg +UUp/xtxtmsGtSX7G3YhqXCCAaYuiGnReoX20H1hpYW8gUGFuIDx4eXpAZmx5bGln +aHRuaW5nLnh5ej6JAlQEEwEIAD4CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcC +F4AWIQT9o4mhe5S84OL6PXGEK/00e+BoEgUCZpSjvAIZAQAKCRCEK/00e+BoEkYn +D/4vipOnD7I4Re7ERbvyVD1iUXygEYfuh+QCKKXJnIOaKjxZHH4L6DIEIHkAV4xx +NuokNjeP8+VbRj6y4Oi1OvjWzXa1Nzcnk/359uLfjiH67fZ5WXyUoljZ24R8om7K +mKQ2VFiHC1BOhCzYSMRU4e+ogRdI9HWyHJnRThM/D/GduwfwE//xBRaoQyJ+07HY +XhemAbhDt2BdGR9MMd7NloR3b09SpgIBuw6BagK7BoIsEreEPAzqtGIWYMepfCGY +ytmmAqjuVJFYsIR5kNYO11qyKaPhSuGaMikz/Plq6VxlUvkzRXJCJW4coWR30XRN +OrYR3+QTLBY9TUWy7peoLccXB8aytWmhG6yq5PeC+sfcEPuYN5yabhoKYQrpIrFH +B3OQl7jnqYN+ticEVh/NUn49t6+4fjCXzlBoojrF5Tk8mp/r6ieYljiC2qSwhirq +gPd6MiojRDdHTi0FFHVYhJJ71SQXcF/p+4R13GJxdygmu3/Wv8rRrFO4cXoix0Gj +iAOouE5LjdRpF4TQaZ0GMPBGkV2Hg93VCugaFLoHsgWTNyG/ZB9ICstFvgtNEqaI +iR7MByg7URYMaITpAR2DATIYl6dzWhgs986cSS2YuJP746lol2KdvRgp7CHMs6XV +dHu9jOtKfeJZE0mjmza0fvgJ376veK6+qvcrUsyalDCSCrkCDQRgjiZ3ARAAwMNi +n7zkKainK9bm6NtMR7LBE1PpT1pXyA7hAUeutHqklhZN70uy+Glm3FMLorSq/jsi +f3KNqjIaRX9qUGmQr37laQvJVwLzjZSsj8/LinMKpA+bJw/3kYJiT8qZKWUveDOE +Egx4jji+5GrfFcVLaNL86Gf0SGRhnu2bwgmNuCtH+tRi0BXfd+IdkEZ8+qNLnq2q +HtJRecZhJkDDfFq+gVc5cVIdINGtWAs6DIAteyodAwqo/9o71WuJDT2kNx49nQYi +dhYaYC6iwiJd6flzCGEfjkpa2aEgfj6MM3m+6ToO2pOrN5bR+0+fIUXYmLOIiTs/ +r6U58FZSu+gHoE3lZrzXkCv3X23MlKESRknaxbQiV+CXlfg91fSNE3OeffNhMBTq +Gn2rFKD+8nGzDzellJXW+6SxXeRQZ8ZldYX5AqdzsjOBqIp95YLhtfBEoEz/bvKe +WCHIv6BMwh7mPSfW1OmiA7M6aPqo8zBgdJgk++i13ZrIL6sdZiKEujRzdpz6m8kt +iZE5MrYDa8PjPeUvve/EExDsFP4me4RWvnRnsIFwY1VxyrJtjhmITD9LlDQiFh/j +O8wFhY84oQHLfWKpMlUVz6A/xpfu92Q4HJdAW2QW4zALi2wO1ahzL82fkth8qb+5 +s+6vciaiSTDJsNxquOQ+Zvk9gM1+fWPpjun+DMUAEQEAAYkCNgQYAQgAIBYhBP2j +iaF7lLzg4vo9cYQr/TR74GgSBQJgjiZ3AhsMAAoJEIQr/TR74GgSrQcP/2gBmCUi +7/8d08G294PW+QXzGFbxSVCBgHN++KzXML8D/DhaD4uukO2apSgJ9n+2pnFMNF/x +1yqJCCyICFRmThIBNEwYR10+mzXYntbDVfe3K7FXk9JJPKW6NrJH/Klu3stIgjPo +XYATyoK1go4iBpA9ilIa1X/ha8OuaG5Cbv5396/7let3ofMXRivH7FIhy8IPx757 +TnC5O5Y2Wo14hXpDyjMDuDg3QeBL22SQJqbT2gsjw5bjWZUdiqPhP/T4wZuaqa2v +Cx7YWq9r7dyCLU2vJJ0EBpuESGnu97OzlcCNB+kMUo2xfwiLtSkvhEBxHI7nErtX +JZgr7lAkw2BF7CfVhG7QhkMRmpewGOEL/JWS09q/s3qhSbE+ooSZvbETavLXda8o +Z/+mBzqIft4BIr8AGBf8lcdmO5M6dE0YUj1p3v5sUy8IfppfBJIVMLhNvLJxx9WT +/IVQc2LPxGGMMmidV0fTmSl3CxGr/taoR/P4YAtHyHqC4o8cWP6uQNYPjJPDS6Hm +4VQRiBKp/t3GZg9UkEL7Oq2v9Jw96lwwTzWVyHZIvPmPKMAyjpVWOHrclgP57bEF +TlxZwy/jnANzUHLcHQgZ1cZ9zUmzwRynPvF/YeSiEo69lRxSHJ2wnxCQ1xoMCF8J +uOUZmvb7Dy/7CywQhnYgZVaR6enPLn4WQy5FuQINBGCPSp0BEADp8xSqq1I+M1nw +u9zxwVcWUkOjY1Otm9ZMTxddkLUyX191kAuIBsbKDNwFCGgwGR9fvzBund30Bdg6 +g/kMrtJq2c32zDO6KDUjlNXa/zt+I7QJlepxVyjASWSiCBMkJyjTwJ25c2c1OrWM +LSmRmg2KmygKZQqUUTltsn2gt9uWNkcC7zP2tll0918Rs1chCJcD0YRBw3FsxgKr +SgW1LewbQtBW/0WRVcA9dwNXXRyOMC/6qaPXzTeU8SLbVHx4+GtQT9+Q0qeoO6cK +Jq5gIhRw2rpceqTovtVOsDvgkyiKt9FfVbQgHu1MARNbsDuwxSbfyQcSBwBe95xJ +/I04JJmES8sm5edSLuOg97EIJoVZuhnuUtfxlVq0MdPi0osKTWed+cI7Dpc6kLiL +//P9YTrLZB0nYSwd5blGKqyj+yvVjBdcxzqysYevZEoZ36Tg4ThK8Wusd8rnzgBq +pSVIi26KSam9n9DyTh+kmWalD6jaLR/DIe8s6HjchErgTs/pqCQauBu0sScWP04/ +8RR2AX6WWE9WUVNaTkaCZY7aE8cGTFV/8MT0SFCk4qC9AceB55iiv4/jLDZjuDFc +D998Fw8H62Z7T4js5UAN3FgQyPUMt86dZSDihcUKT0W9QBKsV0BjfjHoQVXlpywU +OxtUYAzAz8pfagvN6TzEc/vRu5FGnwARAQABiQRsBBgBCAAgFiEE/aOJoXuUvODi ++j1xhCv9NHvgaBIFAmCPSp0CGwICQAkQhCv9NHvgaBLBdCAEGQEIAB0WIQQFiZJw +3yW7Hu31e+gk92nl0IyemgUCYI9KnQAKCRAk92nl0Iyemo+5D/45r5BCWl515n+V +WFl4TpEEcxoxOYA4LVWVMJKVoYxf9Bqj4Od4BtYZKNYCxmI5We1kVu/iD9COqj92 +Vv6pSzAJbWbMjfXOruL10xTD7A9GUqtXsAGk0l7ruyTQkpnipQ/fz/1jKL9++SBu ++jhrMd2nH2mPk84kwK+GheIfj+KD9R774vEhl4jyZSN6hjRrHLznifdOC5/2ReMl +xLthrj0fVK1uyYnmU8N/9qKESw14KtvYmS4R4E/kpD/m7cWVsMWY+WLa8csPDAv8 +TEnTBUdjVZ7uZVeYFfjUaFCE0XNFxjEj5CPAJw3PqHJ7SNf7dEDu1dcb5a0b5uBH +bACKBGlGI06XAdlzFWQ03/t3U4Pi/QJDTrjGIEOz9chnzZsAU0Tv5xHsaRkN5qi2 +TKNguvUClh8lFTnRrm5TcAJvSCiiH0GLSd/xbK3DPYOTEY+Jh+c5Jw+c5fjMDOu1 +Nzg4+ORvJ3fc4dXpy0s2UV1BDhtPbANLuPY3Ku+wrva/zkQElt/e6G6sZKxSpSgW +WOxzvh3V9/yVnuHCVnRVppOyL+eTks2ZMqp3PKZjPBgk8ktlZg6eLxCLdrChmU6h +b3G0HEDhoUgoOy2DSetPelCOqSTvrHSsi3hiP0o7oEKOZ16JHpissNm2mceitU6R +uAzGR3drD/S/jwlaZc80UOfG+9OiJpRFD/9JP9yijpLrkHWe3pp1fi1neyQsT6Vk +Lz2YH3kIEgY9JFLGL3Nhnt5CnZp1BTwnSB+VuzTaIOmEiumiSA76LlLiI8UmBpAM +9f1l5lKfwKeVk4xgqmrOIvlUF3e+ViwSM+Q46xAtzU7N3ujfFbWEgMx3XdRQC/n+ +MTv33WT4YNBYEoQTztJrn0vtUWuLYDfQkKUhVT6860TZLW+pGF0zSrRpjE+1LwKS +laAk6fYl7VCriQTdI+JUVrgrf9s3WMBK4pejDFGXQMUuaAyCgeJ7QiH+efgvrl3i +tIKhXyZvaLrbI4LZThGMCf3LDii2eqyEhDnfZwxslpN4xyp0rhiZmR/9lbwgJsMU +U/bxCPD32B56R5LngyjV4Rxj8Dfmm6kzj8skOLo3ApFtQNa6Tpg879s31WHB7fYP +cHp7BS/HBWiu/MUBm7DSgwZEpo10Up9ChbkYwkGPsNHfzKgidN4x0L9q4idv5Ub/ +HB0JamQsP1YWnjpGIKLkZCLUeZzrG3nXI5QP9uRtby+9S1xjNsFsk7CvmAbvJ7D6 +ILaVNsRa5GtR8DvHgPB4ZBf/PFqF9HvEjtmzvkCkuOeAk96VhZyJIeF4yqlZ+dsG +LoSzoTBHWrsaqMf6B8PQm0qyolkG8I3MbG20RwFhJnCvBvR08BY8wffWKfP6jgtn +8e+CFvBSqaFUrQ== +=EAd+ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/srv/http/master/pub_ssh_key.txt b/srv/http/master/pub_ssh_key.txt new file mode 100644 index 00000000..0560ce51 --- /dev/null +++ b/srv/http/master/pub_ssh_key.txt @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCv5BUlURCkc3pycnmSvakTFl6W1fnCrIkzxJKQQcz18/eL9pa/M0KWjq3KoxFrsHxtsCjY3fYoUJ6XqYKEWUJRsB2ZFS0qhCPTaqhqFfKJzkKUpHyDwF5IN+/gJ95IN2slq9MRb9I4mCqUwatNHDKuctdCN3K5GCkbYbuhVKsR+2bK51aYYWtw2Pxvmhfhza0tYHdgv2nFuhEjPsRwB+dZ4XJ6fbQnXQKc8ZQVXHr+Yj4+VUIvgqbccyJvo6ICdO5YSJAT5Ue7Qm+qUKVraI6ALd2M5yLD2PyWR5x6VrtDs/3i1kH1EQw9h+2WNyW4ZUB5wRTUlKZNATWhB39K0a6jvr8V8getzcVpagIJ/obhTxg8rgoaYj1JOpDp4UnNxHaUCjXtSZdcruX+JnQyBjo4awyxUJBaym8J5+F9JWtMgTNQ+94n+eCAnp3sQigbUnft9au2wjytUL7lWJwzboNNhv2n2QUSWSaz5uoaXcDr/MOXa83MBYgr0xuDIHCPD5E= gky44px1999@gmail.com diff --git a/usr/lib/cgit/filters/about-formatting-edited.sh b/usr/lib/cgit/filters/about-formatting-edited.sh new file mode 100755 index 00000000..70ca8aa4 --- /dev/null +++ b/usr/lib/cgit/filters/about-formatting-edited.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# This may be used with the about-filter or repo.about-filter setting in cgitrc. +# It passes formatting of about pages to differing programs, depending on the usage. + +# Markdown support requires python and markdown-python. +# RestructuredText support requires python and docutils. +# Man page support requires groff. + +# The following environment variables can be used to retrieve the configuration +# of the repository for which this script is called: +# CGIT_REPO_URL ( = repo.url setting ) +# CGIT_REPO_NAME ( = repo.name setting ) +# CGIT_REPO_PATH ( = repo.path setting ) +# CGIT_REPO_OWNER ( = repo.owner setting ) +# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting ) +# CGIT_REPO_SECTION ( = section setting ) +# CGIT_REPO_CLONE_URL ( = repo.clone-url setting ) + +# note `pwd` when cgit run this script is /, can be tested by `cat '<p>$(pwd)</p>'` +# so need to get those scripts location via $0, $0 is /usr/lib/cgit/filters/about-formatting-edited.sh +dir="$(dirname "$0")/html-converters/" +case "$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')" in + *.markdown|*.mdown|*.md|*.mkd) exec md2html;; +# *.rst) exec "$dir/rst2html";; + *.[1-9]) exec "$dir/man2html";; + *.htm|*.html) exec cat;; + *.txt|*) exec "$dir/txt2html";; +esac diff --git a/usr/lib/cgit/filters/syntax-highlighting-edited.sh b/usr/lib/cgit/filters/syntax-highlighting-edited.sh new file mode 100755 index 00000000..111b1928 --- /dev/null +++ b/usr/lib/cgit/filters/syntax-highlighting-edited.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# This script can be used to implement syntax highlighting in the cgit +# tree-view by referring to this file with the source-filter or repo.source- +# filter options in cgitrc. +# +# Note: the highlight command (https://gitlab.com/saalen/highlight) uses css for syntax +# highlighting, I choose to output a file /usr/share/webapps/cgit/highlight.css +# by `highlight -O xhtml --print-style` and import it in mycgit.css for cgit to use. +# +# The following environment variables can be used to retrieve the configuration +# of the repository for which this script is called: +# CGIT_REPO_URL ( = repo.url setting ) +# CGIT_REPO_NAME ( = repo.name setting ) +# CGIT_REPO_PATH ( = repo.path setting ) +# CGIT_REPO_OWNER ( = repo.owner setting ) +# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting ) +# CGIT_REPO_SECTION ( = section setting ) +# CGIT_REPO_CLONE_URL ( = repo.clone-url setting ) + +syntax= +case "$1" in + nginx.conf) syntax=nginx;; + pacman.conf) syntax=ini;; + cgitrc) syntax=ini;; + .gitolite.rc) syntax=perl;; +esac + +# `--force` needed for highlight; one example is `< textfile highlight -O ansi --force`, without `--force` will error 1 and no output +if [ "$syntax" ]; then + exec highlight --force -f -I -O xhtml -S "$syntax" 2>/dev/null +else + exec highlight --force -f -I -O xhtml --syntax-by-name "$1" 2>/dev/null +fi diff --git a/usr/share/webapps/cgit/highlight.css b/usr/share/webapps/cgit/highlight.css new file mode 100644 index 00000000..41da8cd4 --- /dev/null +++ b/usr/share/webapps/cgit/highlight.css @@ -0,0 +1,24 @@ +/* Style definition file generated by highlight 4.18, http://andre-simon.de/ */ +/* highlight theme: Kwrite Editor */ +body.hl { background-color:#e0eaee; } +pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace; white-space: pre-wrap; } +.hl.num { color:#b07e00; } +.hl.esc { color:#ff00ff; } +.hl.sng { color:#bf0303; } +.hl.pps { color:#818100; } +.hl.slc { color:#838183; font-style:italic; } +.hl.com { color:#838183; font-style:italic; } +.hl.ppc { color:#008200; } +.hl.opt { color:#000000; } +.hl.ipl { color:#0057ae; } +.hl.lin { color:#555555; user-select: none;-webkit-user-select: none; } +.hl.hvr { cursor:help; } +.hl.erm { color:#ff0000; font-weight:bold; border:solid 1px red; margin-left: 3em; } +.hl.err { color:#ff0000; font-weight:bold; } +.hl.kwa { color:#000000; font-weight:bold; } +.hl.kwb { color:#0057ae; } +.hl.kwc { color:#000000; } +.hl.kwd { color:#010181; } +.hl.kwe { color:#0d5bc3; } +.hl.kwf { color:#750dc3; } + diff --git a/usr/share/webapps/cgit/mycgit.css b/usr/share/webapps/cgit/mycgit.css new file mode 100644 index 00000000..bc1ac964 --- /dev/null +++ b/usr/share/webapps/cgit/mycgit.css @@ -0,0 +1,6 @@ +@import "cgit.css"; +@import "highlight.css"; + +div#cgit pre { tab-size: 4; } + +div#cgit table.diff { tab-size: 4; } diff --git a/var/lib/gitolite/.gitolite.rc b/var/lib/gitolite/.gitolite.rc new file mode 100644 index 00000000..6f92032d --- /dev/null +++ b/var/lib/gitolite/.gitolite.rc @@ -0,0 +1,202 @@ +# configuration variables for gitolite + +# This file is in perl syntax. But you do NOT need to know perl to edit it -- +# just mind the commas, use single quotes unless you know what you're doing, +# and make sure the brackets and braces stay matched up! + +# (Tip: perl allows a comma after the last item in a list also!) + +# HELP for commands can be had by running the command with "-h". + +# HELP for all the other FEATURES can be found in the documentation (look for +# "list of non-core programs shipped with gitolite" in the master index) or +# directly in the corresponding source file. + +%RC = ( + + # ------------------------------------------------------------------ + + # default umask gives you perms of '0700'; see the rc file docs for + # how/why you might change this + UMASK => 0027, + + # look for "git-config" in the documentation + GIT_CONFIG_KEYS => '', + + # comment out if you don't need all the extra detail in the logfile + LOG_EXTRA => 1, + # logging options + # 1. leave this section as is for 'normal' gitolite logging (default) + # 2. uncomment this line to log ONLY to syslog: + # LOG_DEST => 'syslog', + # 3. uncomment this line to log to syslog and the normal gitolite log: + # LOG_DEST => 'syslog,normal', + # 4. prefixing "repo-log," to any of the above will **also** log just the + # update records to "gl-log" in the bare repo directory: + # LOG_DEST => 'repo-log,normal', + # LOG_DEST => 'repo-log,syslog', + # LOG_DEST => 'repo-log,syslog,normal', + # syslog 'facility': defaults to 'local0', uncomment if needed. For example: + # LOG_FACILITY => 'local4', + + # roles. add more roles (like MANAGER, TESTER, ...) here. + # WARNING: if you make changes to this hash, you MUST run 'gitolite + # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' + ROLES => { + READERS => 1, + WRITERS => 1, + }, + + # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! + # CACHE => 'Redis', + + # ------------------------------------------------------------------ + + # rc variables used by various features + + # the 'info' command prints this as additional info, if it is set + # SITE_INFO => 'Please see http://blahblah/gitolite for more help', + + # the CpuTime feature uses these + # display user, system, and elapsed times to user after each git operation + # DISPLAY_CPU_TIME => 1, + # display a warning if total CPU times (u, s, cu, cs) crosses this limit + # CPU_TIME_WARN_LIMIT => 0.1, + + # the Mirroring feature needs this + # HOSTNAME => "foo", + + # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! + # CACHE_TTL => 600, + + # ------------------------------------------------------------------ + + # suggested locations for site-local gitolite code (see cust.html) + + # this one is managed directly on the server + # LOCAL_CODE => "$ENV{HOME}/local", + + # or you can use this, which lets you put everything in a subdirectory + # called "local" in your gitolite-admin repo. For a SECURITY WARNING + # on this, see http://gitolite.com/gitolite/non-core.html#using-the-gitolite-admin-repo-to-manage-non-core-code + # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", + + # ------------------------------------------------------------------ + + # List of commands and features to enable + + ENABLE => [ + + # COMMANDS + + # These are the commands enabled by default + 'help', + 'desc', + 'info', + 'perms', + 'writable', + + # Uncomment or add new commands here. + # 'create', + # 'fork', + # 'mirror', + # 'readme', + # 'sskm', + # 'D', + + # These FEATURES are enabled by default. + + # essential (unless you're using smart-http mode) + 'ssh-authkeys', + + # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz' + 'git-config', + + # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out + 'daemon', + + # creates projects.list file; if you don't use gitweb, comment this out + 'gitweb', + + # These FEATURES are disabled by default; uncomment to enable. If you + # need to add new ones, ask on the mailing list :-) + + # user-visible behaviour + + # prevent wild repos auto-create on fetch/clone + # 'no-create-on-read', + # no auto-create at all (don't forget to enable the 'create' command!) + # 'no-auto-create', + + # access a repo by another (possibly legacy) name + # 'Alias', + + # give some users direct shell access. See documentation in + # sts.html for details on the following two choices. + # "Shell $ENV{HOME}/.gitolite.shell-users", + # 'Shell alice bob', + + # set default roles from lines like 'option default.roles-1 = ...', etc. + # 'set-default-roles', + + # show more detailed messages on deny + # 'expand-deny-messages', + + # show a message of the day + # 'Motd', + + # system admin stuff + + # enable mirroring (don't forget to set the HOSTNAME too!) + # 'Mirroring', + + # allow people to submit pub files with more than one key in them + # 'ssh-authkeys-split', + + # selective read control hack + # 'partial-copy', + + # manage local, gitolite-controlled, copies of read-only upstream repos + # 'upstream', + + # updates 'description' file instead of 'gitweb.description' config item + # 'cgit', + + # allow repo-specific hooks to be added + # 'repo-specific-hooks', + + # performance, logging, monitoring... + + # be nice + # 'renice 10', + + # log CPU times (user, system, cumulative user, cumulative system) + # 'CpuTime', + + # syntactic_sugar for gitolite.conf and included files + + # allow backslash-escaped continuation lines in gitolite.conf + # 'continuation-lines', + + # create implicit user groups from directory names in keydir/ + # 'keysubdirs-as-groups', + + # allow simple line-oriented macros + # 'macros', + + # Kindergarten mode + + # disallow various things that sensible people shouldn't be doing anyway + # 'Kindergarten', + ], + +); + +# ------------------------------------------------------------------------------ +# per perl rules, this should be the last line in such a file: +1; + +# Local variables: +# mode: perl +# End: +# vim: set syn=perl: |