diff options
40 files changed, 521 insertions, 137 deletions
diff --git a/etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive b/etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive deleted file mode 100755 index a0f0c4c8..00000000 --- a/etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# https://wiki.archlinux.org/title/NetworkManager#Use_dispatcher_to_automatically_toggle_wireless_depending_on_LAN_cable_being_plugged_in - -if [ "$1" = "enp3s0" ]; then - case "$2" in - up) - nmcli radio wifi off - ;; - down) - nmcli radio wifi on - ;; - esac -elif [ "$(nmcli -g GENERAL.STATE device show enp3s0)" = "20 (unavailable)" ]; then - nmcli radio wifi on -fi diff --git a/etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod b/etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod new file mode 100755 index 00000000..9c10aa0a --- /dev/null +++ b/etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod @@ -0,0 +1,10 @@ +#!/bin/sh + +# `man NetworkManager-dispatcher` + +if [ "$1" = wg_ba ]; then + case "$2" in + # my test shows only pre-down will be emitted, vpn-pre-down and down will not be emitted here + pre-down) systemctl stop monerod@xyz;; + esac +fi diff --git a/etc/NetworkManager/system-connections/wired_internet.nmconnection b/etc/NetworkManager/system-connections/wired_internet.nmconnection new file mode 100644 index 00000000..45df4dea --- /dev/null +++ b/etc/NetworkManager/system-connections/wired_internet.nmconnection @@ -0,0 +1,16 @@ +[connection] +id=wired_internet +uuid=e50d6197-b7c0-4062-b37a-844ba4fc6b40 +type=ethernet +autoconnect-priority=1 + +[ethernet] + +[ipv4] +method=auto + +[ipv6] +addr-gen-mode=stable-privacy +method=auto + +[proxy] diff --git a/etc/NetworkManager/system-connections/wired_two_computer.nmconnection b/etc/NetworkManager/system-connections/wired_two_computer.nmconnection new file mode 100644 index 00000000..a16520df --- /dev/null +++ b/etc/NetworkManager/system-connections/wired_two_computer.nmconnection @@ -0,0 +1,19 @@ +[connection] +id=wired_two_computer +uuid=84d6186e-c0c6-469f-bb8b-6cdc509954dd +type=ethernet +autoconnect-priority=2 + +[ethernet] + +[ipv4] +address1=10.0.3.1/32 +method=manual +route1=10.0.3.2/32 + +[ipv6] +address1=fdc9:281f:4d7:9eec::1/64 +method=manual +route1=fdc9:281f:4d7:9eec::2/128 + +[proxy] diff --git a/etc/conf.d/distccd-armv8 b/etc/conf.d/distccd-armv8 new file mode 100644 index 00000000..0fe7d752 --- /dev/null +++ b/etc/conf.d/distccd-armv8 @@ -0,0 +1,9 @@ +# +# Parameters to be passed to distccd +# +# You must explicitly add IPs (or subnets) that are allowed to connect, +# using the --allow switch. See the distccd manpage for more info. +# + +PATH=/opt/x-tools8/aarch64-unknown-linux-gnu/bin:$PATH +DISTCC_ARGS="--allow 10.0.0.7/32 --log-level info --log-file /tmp/distccd-armv8.log --port 49710" diff --git a/etc/localtime b/etc/localtime index 099d0edb..da516301 120000 --- a/etc/localtime +++ b/etc/localtime @@ -1 +1 @@ -/usr/share/zoneinfo/America/Los_Angeles
\ No newline at end of file +/usr/share/zoneinfo/Asia/Shanghai
\ No newline at end of file diff --git a/etc/mimic/enp3s0.conf b/etc/mimic/enp3s0.conf new file mode 120000 index 00000000..22cac32f --- /dev/null +++ b/etc/mimic/enp3s0.conf @@ -0,0 +1 @@ +wlp2s0.conf
\ No newline at end of file diff --git a/etc/mimic/wlp2s0.conf b/etc/mimic/wlp2s0.conf new file mode 100644 index 00000000..7bac3ce9 --- /dev/null +++ b/etc/mimic/wlp2s0.conf @@ -0,0 +1,44 @@ +# This is an example configuration for Mimic. For each interface, you may +# create <interface>.conf in /etc/mimic and in the following format to +# pass arguments to Mimic's systemd service (mimic@<interface>.service). +# +# Each configuration should be in the format of `key=value`. There might be +# whitespaces between key, '=' and value, and should be kept in one line. Empty +# lines and ones that start with '#' are ignored. + +# Sets log verbosity. Log level equal to or higher (in number) than log +# verbosity will be discarded. Both number and string matching log levels are +# accepted. Number must be greater than or equal to 0. Defaults to info (2). +# +# Log levels: +# 0 - error (cannot be discarded) +# 1 - warn +# 2 - info +# 3 - debug +# 4 - trace +#log.verbosity = trace + +# Specify link layer type, can be 'eth' (Ethernet) or 'none' (no L2 header, +# like PPP or TUN). Defaults to 'eth'. +#link_type = eth + +# Force XDP attach mode, either 'skb' or 'native'. Defaults to 'native' if +# target interface supports it, or 'skb'. +#xdp_mode = skb + +# Use libxdp instead of libbpf to load XDP program. libxdp supports chaining +# multiple XDP programs on one interface. Mimic loads libxdp dynamically using +# dlopen. Defaults to false. +#use_libxdp = false + +# Whether to always use maximum window size in TCP packets. Defaults to false. +#max_window = false + +# Specifies which packets should be processed by Mimic. Can be set more +# than once to allow parallel rules (OR'ed). +# +# Filter format follows `(local|remote)=IP:port`. For IPv6, IP addresses +# need to be surrounded by square brackets. See below for examples. +filter = remote=104.224.159.210:54635 +filter = remote=104.224.159.210:54644 +filter = remote=104.224.159.210:54645 diff --git a/etc/mkinitcpio.conf b/etc/mkinitcpio.conf index 413a707b..86f13bb0 100644 --- a/etc/mkinitcpio.conf +++ b/etc/mkinitcpio.conf @@ -34,25 +34,25 @@ FILES=() # ## This setup will autodetect all modules for your system and should ## work as a sane default -# HOOKS=(base udev autodetect modconf block filesystems fsck) +# HOOKS=(base udev autodetect microcode modconf block filesystems fsck) # ## This setup will generate a 'full' image which supports most systems. ## No autodetection is done. -# HOOKS=(base udev modconf block filesystems fsck) +# HOOKS=(base udev microcode modconf block filesystems fsck) # ## This setup assembles a mdadm array with an encrypted root file system. ## Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices. -# HOOKS=(base udev modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck) +# HOOKS=(base udev microcode modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck) # ## This setup loads an lvm2 volume group. -# HOOKS=(base udev modconf block lvm2 filesystems fsck) +# HOOKS=(base udev microcode modconf block lvm2 filesystems fsck) # ## This will create a systemd based initramfs which loads an encrypted root filesystem. -# HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole sd-encrypt block filesystems fsck) +# HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole sd-encrypt block filesystems fsck) # ## NOTE: If you have /usr on a separate partition, you MUST include the # usr and fsck hooks. -HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt filesystems fsck) +HOOKS=(base systemd autodetect microcode keyboard modconf block sd-encrypt filesystems fsck) # COMPRESSION # Use this to compress the initramfs image. By default, zstd compression diff --git a/etc/myconf/cfgl_meta b/etc/myconf/cfgl_meta index f1057d90..e615505c 100644 --- a/etc/myconf/cfgl_meta +++ b/etc/myconf/cfgl_meta @@ -7,6 +7,8 @@ 700 root root //etc/.cfgl/info 600 root root //etc/.cfgl/info/sparse-checkout 644 root root //etc/chrony.conf +755 root root //etc/conf.d +644 root root //etc/conf.d/distccd-armv8 600 root root //etc/crypttab 600 root root //etc/crypttab.initramfs 644 root root //etc/fstab @@ -17,25 +19,32 @@ 644 root root //etc/makepkg.conf 755 root root //etc/makepkg.conf.d 644 root root //etc/makepkg.conf.d/rust.conf +755 root root //etc/mimic +777 root root //etc/mimic/enp3s0.conf +644 root root //etc/mimic/wlp2s0.conf 644 root root //etc/mkinitcpio.conf 755 root root //etc/myconf 600 root root //etc/myconf/cfgl_meta 755 root root //etc/NetworkManager 755 root root //etc/NetworkManager/dispatcher.d -755 root root //etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive 755 root root //etc/NetworkManager/dispatcher.d/90-sbar +755 root root //etc/NetworkManager/dispatcher.d/pre-down.d +755 root root //etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod +700 root root //etc/NetworkManager/system-connections +600 root root //etc/NetworkManager/system-connections/wired_internet.nmconnection +600 root root //etc/NetworkManager/system-connections/wired_two_computer.nmconnection 644 root root //etc/nftables.conf 644 root root //etc/pacman.conf 777 root root //etc/resolv.conf 644 root root //etc/services 755 root root //etc/ssh -755 root root //etc/ssh/ssh_config.d -644 root root //etc/ssh/ssh_config.d/my_ssh_config.conf +644 root root //etc/ssh/sshd_config 440 root root //etc/sudoers 755 root root //etc/systemd 755 root root //etc/systemd/system 644 root root //etc/systemd/system/monerod@.service 755 root root //etc/systemd/system/multi-user.target.wants +777 root root //etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service 777 root root //etc/systemd/system/multi-user.target.wants/monerod@xyz.service 755 root root //etc/systemd/system/paccache.service.d 644 root root //etc/systemd/system/paccache.service.d/20-remove-all-uninstalled.conf @@ -81,8 +90,6 @@ 600 xyz wheel //home/xyz/.config/mimeapps.list 700 xyz wheel //home/xyz/.config/mpv 644 xyz wheel //home/xyz/.config/mpv/mpv.conf -755 xyz wheel //home/xyz/.config/mpv/scripts -777 xyz wheel //home/xyz/.config/mpv/scripts/sponsorblock-minimal.lua 755 xyz wheel //home/xyz/.config/myconf 644 xyz wheel //home/xyz/.config/myconf/pacman_Qqme 644 xyz wheel //home/xyz/.config/myconf/pacman_Qqne @@ -131,7 +138,6 @@ 755 xyz wheel //home/xyz/.local/bin/alacritty 755 xyz wheel //home/xyz/.local/bin/matlab 755 xyz wheel //home/xyz/.local/bin/neomutt -777 xyz wheel //home/xyz/.local/bin/zoom 755 xyz wheel //home/xyz/.local/share 700 xyz wheel //home/xyz/.local/share/applications 644 xyz wheel //home/xyz/.local/share/applications/editor.desktop diff --git a/etc/nftables.conf b/etc/nftables.conf index c26ae020..6bd80b22 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -20,16 +20,18 @@ table inet my_table { ip protocol icmp accept meta l4proto ipv6-icmp accept - #tcp dport ssh accept + iifname wg_* tcp dport ssh accept #tcp dport qbt-nox accept #tcp dport searx accept tcp dport qrcp accept udp dport mdns accept tcp dport qbt accept udp dport qbt accept - tcp dport monerod-p2p accept + iifname wg_* tcp dport monerod-p2p accept #tcp dport iperf3 accept #udp dport wireguard accept + iifname wg_* ip saddr 10.0.0.7 tcp dport distccd-alarm-armv8 accept + iifname wg_* ip6 saddr fdc9:281f:04d7:9ee9::7 tcp dport distccd-alarm-armv8 accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" diff --git a/etc/pacman.conf b/etc/pacman.conf index 51a6053b..3ce87953 100644 --- a/etc/pacman.conf +++ b/etc/pacman.conf @@ -44,6 +44,8 @@ SigLevel = Required DatabaseOptional LocalFileSigLevel = Optional #RemoteFileSigLevel = Required +DisableDownloadTimeout + # NOTE: You must run `pacman-key --init` before first using pacman; the local # keyring can then be populated with the keys of all official Arch Linux # packagers with `pacman-key --populate archlinux`. diff --git a/etc/services b/etc/services index 6a375314..af3c12cf 100644 --- a/etc/services +++ b/etc/services @@ -455,6 +455,7 @@ fxp 286/tcp fxp 286/udp k-block 287/tcp k-block 287/udp +tacacss 300/tcp novastorbakcup 308/tcp novastorbakcup 308/udp entrusttime 309/tcp @@ -1315,12 +1316,6 @@ pkix-3-ca-ra 829/tcp pkix-3-ca-ra 829/udp netconf-ssh 830/tcp netconf-ssh 830/udp -netconf-beep 831/tcp -netconf-beep 831/udp -netconfsoaphttp 832/tcp -netconfsoaphttp 832/udp -netconfsoapbeep 833/tcp -netconfsoapbeep 833/udp dhcp-failover2 847/tcp dhcp-failover2 847/udp gdoi 848/tcp @@ -7675,8 +7670,8 @@ perrla 4313/tcp choiceview-agt 4314/tcp choiceview-clt 4316/tcp opentelemetry 4317/tcp -fox-skytale 4319/tcp -fox-skytale 4319/udp +skytale 4319/tcp +skytale 4319/udp fdt-rcatp 4320/tcp fdt-rcatp 4320/udp rwhois 4321/tcp @@ -7799,8 +7794,8 @@ netcabinet-com 4409/tcp itwo-server 4410/tcp found 4411/tcp smallchat 4412/udp -avi-nms 4413/tcp -avi-nms-disc 4413/udp +vision-mon 4413/tcp +vision-mon-disc 4413/udp updog 4414/tcp brcd-vr-req 4415/tcp pjj-player 4416/tcp @@ -7875,6 +7870,7 @@ awacs-ice 4488/udp ipsec-nat-t 4500/tcp ipsec-nat-t 4500/udp a25-fap-fgw 4502/sctp +m-bus-oms 4503/udp armagetronad 4534/udp ehs 4535/tcp ehs 4535/udp @@ -8094,6 +8090,7 @@ vxlan-gpe 4790/udp roce 4791/udp unified-bus 4792/tcp unified-bus 4792/udp +uet 4793/udp iims 4800/tcp iims 4800/udp iwec 4801/tcp @@ -10479,6 +10476,7 @@ odnsp 9966/udp xybrid-rt 9978/tcp visweather 9979/tcp pumpkindb 9981/tcp +kaostransport 9986/tcp dsm-scm-target 9987/tcp dsm-scm-target 9987/udp nsesrvr 9988/tcp @@ -11014,6 +11012,7 @@ notezilla-lan 21010/tcp trinket-agent 21212/tcp cohesity-agent 21213/tcp aigairserver 21221/tcp +xahaud 21337/tcp rdm-tfs 21553/tcp dfserver 21554/tcp dfserver 21554/udp @@ -11128,6 +11127,7 @@ binkp 24554/tcp binkp 24554/udp bilobit 24577/tcp bilobit-update 24577/udp +udpstp 24601/udp sdtvwcam 24666/tcp canditv 24676/tcp canditv 24676/udp @@ -11443,8 +11443,8 @@ ciscocsdb 43441/udp z-wave-tunnel 44123/tcp pmcd 44321/tcp pmcd 44321/udp -pmcdproxy 44322/tcp -pmcdproxy 44322/udp +pmproxy 44322/tcp +pmproxy 44322/udp pmwebapi 44323/tcp cognex-dataman 44444/tcp acronis-backup 44445/tcp @@ -11524,9 +11524,7 @@ ai-webui 7860/tcp monerod-p2p 18080/tcp qrcp 49153/tcp wireguard 49432/udp -# My ISP verizon block incomming to gateway port 22. So I need to use another port to ssh into my home server. -# https://www.reddit.com/r/verizon/comments/to1q43/verizon_5g_home_internet_blocking_ssh_service_port/ -ssh-isp 49812/tcp +distccd-alarm-armv8 49710/tcp iperf3 53497/tcp # qemu port forward guest windows virtual machine ssh qemu-win-ssh 53683/tcp diff --git a/etc/ssh/ssh_config.d/my_ssh_config.conf b/etc/ssh/ssh_config.d/my_ssh_config.conf deleted file mode 100644 index a5f1fca3..00000000 --- a/etc/ssh/ssh_config.d/my_ssh_config.conf +++ /dev/null @@ -1,2 +0,0 @@ -Host flylightning.xyz - Port ssh-isp diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config new file mode 100644 index 00000000..bf7498f8 --- /dev/null +++ b/etc/ssh/sshd_config @@ -0,0 +1,151 @@ +# `man sshd_config` says "for each keyword, the first obtained value will be used". So I decided to put my configs before all others to override them all. +# Based on manpage, setting PasswordAuthentication no, and Arch Linux default KbdInteractiveAuthentication no, with other defaults seems already equivalent to AuthenticationMethods publickey, but I still put it here for redundancy. +# https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication +AuthenticationMethods publickey +PermitRootLogin no +PasswordAuthentication no +# KbdInteractiveAuthentication no and UsePAM yes are Arch Linux default settings see /etc/ssh/sshd_config.d/00-archlinux.conf, I need these configs, I put them here just in case Arch Linux change the defaults in the future. +KbdInteractiveAuthentication no +UsePAM yes +# when ssh into this remote server, client if use alacritty need `SendEnv COLORTERM` to send the env to server, so server ls can default output color, more see comments in my alacritty.toml config +AcceptEnv COLORTERM + +# https://unix.stackexchange.com/a/472848 wrote about sshd_config AllowUsers +# CIDR address: "Notice that that will not work with 'inconsistent' addresses +# (where the bits outside the mask are not all 0, eg. 192.168.177.0/22)". My +# understanding is that 177 in binary is 10110001, 32-22=10 so 192.168.177.0 +# last 10 binary are 0100000000, note there's a 1 so it will not work; and +# 192.168.176.0/22 works because its last 10 binary are all 0. `man +# sshd_config` also wrote about this: "Note that the mask length provided must +# be consistent with the address - it is an error to specify a mask length that +# is too long for the address or one with bits set in this host portion of the +# address. For example, 192.0.2.0/33 and 192.0.2.0/8, respectively."; the +# second part of the comment "one with bits set in this host portion of the +# address" with the example CIDR ip 192.0.2.0/8 matched my understanding above, +# 192.0.2.0/8 has a 2 which is 10 in binary which is a bit set "in" the CIDR /8 +# range, so it will not work. Just before that quote, it also gives an example +# of 192.0.2.0/24 which should work. Not tested. +# +# My test shows `AllowUsers gitolite@localhost` does not work, so I use +# 127.0.0.1 and ::1 +AllowUsers gitolite@10.0.0.0/24 gitolite@127.0.0.1 gitolite@::1 + +# Include drop-in configurations +Include /etc/ssh/sshd_config.d/*.conf + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to "no" here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to "no" to disable keyboard-interactive authentication. Depending on +# the system's configuration, this may involve passwords, challenge-response, +# one-time passwords or some combination of these and other methods. +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/etc/sudoers b/etc/sudoers index 94678ba5..faf0e3f7 100644 --- a/etc/sudoers +++ b/etc/sudoers @@ -128,7 +128,7 @@ root ALL=(ALL:ALL) ALL # %wheel ALL=(ALL:ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL:ALL) ALL +# %sudo ALL=(ALL:ALL) ALL ## Uncomment to allow any user to run sudo if they know the password ## of the user they are running the command as (root by default). diff --git a/etc/systemd/system/monerod@.service b/etc/systemd/system/monerod@.service index 0dfd9e70..bcdbb700 100644 --- a/etc/systemd/system/monerod@.service +++ b/etc/systemd/system/monerod@.service @@ -1,6 +1,44 @@ [Unit] Description=Monero Full Node for user %I After=network.target +# `man systemd.unit` + +# Notes about my tests with BindsTo= and other options see this url: +# https://git.flylightning.xyz/public_archive_codes/tree/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service +# +# I learned about using sys-subsystem-net-devices-wg_ba.device from: +# https://unix.stackexchange.com/q/360214 +# https://unix.stackexchange.com/q/669660 +# More similar devices see `systemctl` or `systemctl --user`. I also have +# sys-subsystem-net-devices-wg_ba.device which is related to +# /sys/subsystem/net/devices/wg_ba, but my computer does not have +# /sys/subsystem dir, and systemctl status +# sys-subsystem-net-devices-wg_ba.device shows "Device:" is also +# /sys/devices/virtual/net/wg_ba, so I choose to use +# sys-subsystem-net-devices-wg_ba.device. +# +# I want monerod tunnel all traffic through wireguard, otherwise China ISP will +# think I mine crypto and will be unhappy. This is one of the measures I take, +# which is to only run monerod when wg_ba network interface is up. **Note it +# seems there will still have some traffic being leaked when wg_ba is down**, +# maybe due to moenrod does not being killed immediately. Maybe use use +# KillSignal=SIGKILL can kill it faster, see `man systemd.kill`, but I don't +# want it to be killed with SIGKILL even when proper poweroff computer so maybe +# don't use it. It can be tested with sth. like `sudo tcpdump -i wlp2s0 port +# 18080`. wg_ba is tunnelling all computer traffic through ba. I bind it to +# wg_ba because trying to make monerod tunnel traffic to wireguard when +# wg_master is up is hard. wg_master does not tunnel all computer traffic. +# monerod --p2p-bind-ip does not work as expected when under wg_master, see vq +# bug notes. ba VPS nftables.conf also need `oifname $wg_iface masquerade` for +# monerod to tunnel some traffic through ba wireguard when insp is under +# wg_master, but this has issue of insp can't access ib qbt and jackett because +# I guess this maybe somehow also masquerade my website accessing ib qbt and +# jackett with other ip which ib nft refuse to let the ip to see its local +# ports. One way I could think to make monerod tunnel all traffic through +# wireguard is to use virutal network interface and namespaces but that is very +# complicated. +After=sys-subsystem-net-devices-wg_ba.device +BindsTo=sys-subsystem-net-devices-wg_ba.device [Service] User=%i @@ -9,8 +47,14 @@ Type=simple ExecStart=/usr/bin/monerod --non-interactive StandardOutput=null StandardError=null - -Restart=always +# `man systemd.service` +# I would like to kill monerod with my vpn script as one of the measures to +# bind it to wg_ba wireguard network interface, so no restart. If restart, +# after me kill monerod, it will be restarted which is not what I want. I don't +# wish to always make it run, run only for some time after me start the +# computer is ok for me, just need to sync and share the monero node a little +# bit, I'm fine if later on moenrod got killed for whatever reason. +Restart=no [Install] WantedBy=multi-user.target diff --git a/etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service b/etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service new file mode 120000 index 00000000..dce9a731 --- /dev/null +++ b/etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/mimic@.service
\ No newline at end of file diff --git a/home/xyz/.bashrc b/home/xyz/.bashrc index c811b853..ad78be64 100644 --- a/home/xyz/.bashrc +++ b/home/xyz/.bashrc @@ -55,7 +55,7 @@ unset cmd # https://unix.stackexchange.com/questions/484442/how-can-i-get-the-pid-of-a-subshell for branch in $(git -C "$HOME/programs/config_local_arch" branch | awk '{print ($1=="*")?$2:$1}' | grep -v master); do case "$branch" in - master|studio|pp) ;; + master|pp) ;; *) alias "s$branch"="ssh $branch";; esac done @@ -71,7 +71,12 @@ alias c=cfg alias cri='curl -Is' alias crig='curl -Is www.google.com' alias d='sdcv --color' -alias e='"$PAGER"' +# Using '"$PAGER"' will cause complete-alias unable to complete "e <tab>" and +# "e --<tab>". I don't know why alias v='"$EDITOR"' does not have this issue, I +# guess maybe it is related to less has some fzf completion? see `complete -p +# less` output is "complete -F _fzf_path_completion less". Temporary ignore +# shellcheck warnings about this if not met any issues. +alias e="$PAGER" # https://superuser.com/a/1202867 alias fdu="find . -maxdepth 1 -execdir du -sh '{}' \+ | sort -h" alias g=git @@ -88,7 +93,10 @@ alias ll='ls --color=auto -lAh --group-directories-first' alias lop='loop ping' alias lopd='loop ping 9.9.9.9' alias m=man +alias mpf='mpra -c "$HOME/programs/repos/fly/any/fsh-git"; sudo pacman -Sy fsh-git --noconfirm' alias p=pacman +# Pacman Qqne Redirect +alias pqr='pacman -Qqne > "$XDG_CONFIG_HOME/myconf/pacman_Qqne"; pacman -Qqme > "$XDG_CONFIG_HOME/myconf/pacman_Qqme"' alias pt=pactree alias pu=paru alias qre='qrencode -t utf8i -m 1' @@ -99,12 +107,8 @@ alias sa='ssh-add -l || ssh-add' alias se='sudo -E ' alias sp='ssh pp' alias spd='speedtest; librespeed-cli' -alias sst='ssh studio' -# \" to consider $HOME contain space, need \ else " will be expanded locally, need \$ else $HOME will expand locally -# can test with: alias mytest='ssh studio for i in \"\$SSH_CONNECTION\"\; do echo \$i\; echo a\; done' -alias sstm='ssh -t -- studio mpra -c \"\$HOME/programs/repos/fly/any/fsh-git\"' # can test this mess with `alias tt='echo "\$haha \"lala\""'` -alias sun='printf "set \$Longitude \"-121.89\"\nset \$Latitude \"37.34\"\nrem [sunrise()] msg sunrise\nrem [sunset()] msg sunset" | remind -n -' +alias sun='printf "set \$Longitude \"120.95\"\nset \$Latitude \"31.38\"\nrem [sunrise()] msg sunrise\nrem [sunset()] msg sunset" | remind -n -' # another way: # can test this mess with `alias tt="echo '\$haha \"lala\"'"` #alias sun="printf 'set \$Longitude \"-121.89\"\nset \$Latitude \"37.34\"\nrem [sunrise()] msg sunrise\nrem [sunset()] msg sunset' | remind -n -" @@ -113,6 +117,9 @@ alias y=systemctl alias yd='systemctl list-dependencies --all' alias ydr='systemctl list-dependencies --all --reverse' alias ye='systemctl list-unit-files --state=enabled' +# sYstemctl Enabled Redirect +alias yer='systemctl list-unit-files --state=enabled > "$XDG_CONFIG_HOME/myconf/sye"; systemctl --user list-unit-files --state=enabled > "$XDG_CONFIG_HOME/myconf/syue"' +alias yr='systemctl restart' alias ys='systemctl status' alias yu='systemctl --user' alias yue='systemctl --user list-unit-files --state=enabled' @@ -131,6 +138,7 @@ alias vrm='"$EDITOR" "$XDG_DOCUMENTS_DIR/notes/others/recurring_maintenance.md"' alias vt='"$EDITOR" "$XDG_DOCUMENTS_DIR/notes/others/tmp_mobile_notes.md"' alias xmr='monero-wallet-cli --config-file="$HOME/.bitmonero/monero-wallet-cli.conf"' alias xmrds='monerod status; monerod print_net_stats' +alias xr='xset r rate 250 30' alias za='zoxide add' #alias zq='zoxide query' #alias zqi='zoxide query -i' @@ -145,6 +153,7 @@ alias glmark2='glmark2 --fullscreen --annotate' alias grep='grep --color=auto' #alias info='info --vi-keys' alias ls='ls --color=auto' +alias nethogs='nethogs -C' alias radeontop='radeontop -c' alias rem='rem -@' alias remind='remind -@' diff --git a/home/xyz/.bitmonero/bitmonero.conf b/home/xyz/.bitmonero/bitmonero.conf index a1157cd8..08b96a8b 100644 --- a/home/xyz/.bitmonero/bitmonero.conf +++ b/home/xyz/.bitmonero/bitmonero.conf @@ -1,8 +1,11 @@ -# use home internet limits -# 20 Mbps \approx 2441 KiB/s -limit-rate-up=2441 -# 300 Mbps \approx 122000 KiB/s -limit-rate-down=36621 # https://monerodocs.org/interacting/monero-config-file/#syntax # need =1 for options without value -#p2p-use-ipv6=1 +p2p-use-ipv6=1 +# Bind to wireguard ips, I want monerod only using network through wireguard, +# otherwise China ISP will think I mine crypto and will be unhappy. But +# p2p-bin-ip and p2pbind-ipv6-address seems do not work, see vq buts note. But +# I still have those configs here because what if they somehow fixed it in the +# future. +# Can be tested with sth. like `sudo tcpdump -i wlp2s0 port 18080` +p2p-bind-ip=10.0.0.1 +p2p-bind-ipv6-address=fdc9:281f:04d7:9ee9::1 diff --git a/home/xyz/.config/fcitx5/conf/pinyin.conf b/home/xyz/.config/fcitx5/conf/pinyin.conf index 9d561f07..b6b7d6ec 100644 --- a/home/xyz/.config/fcitx5/conf/pinyin.conf +++ b/home/xyz/.config/fcitx5/conf/pinyin.conf @@ -2,19 +2,21 @@ ShuangpinProfile=Ziranma # Show current shuangpin mode ShowShuangpinMode=True -# Page size +# Candidates Per Page PageSize=5 -# Enable Spell +# Show English Candidates SpellEnabled=True -# Enable Symbols +# Show symbol candidates SymbolsEnabled=True -# Enable Chaizi +# Show Chaizi candidates ChaiziEnabled=True -# Enable Characters in Unicode CJK Extension B +# Enable more Characters after Unicode CJK Extension B ExtBEnabled=True +# Show stroke candidates when typing with h(一), s(丨), p(丿), n(㇏), z(𠃍) +StrokeCandidateEnabled=True # Enable Cloud Pinyin CloudPinyinEnabled=False -# Cloud Pinyin Index +# Cloud Pinyin Candidate Order CloudPinyinIndex=2 # Show animation when Cloud Pinyin is loading CloudPinyinAnimation=True @@ -28,13 +30,15 @@ PreeditCursorPositionAtBeginning=True PinyinInPreedit=True # Enable Prediction Prediction=False -# Prediction Size +# Number of Predictions PredictionSize=10 +# Backspace behavior on prediction +BackspaceBehaviorOnPrediction="Backspace when not using on-screen keyboard" # Action when switching input method SwitchInputMethodBehavior="Commit current preedit" -# Select 2nd Candidate +# Select Second Candidate SecondCandidate= -# Select 3rd Candidate +# Select Third Candidate ThirdCandidate= # Use Keypad as Selection key UseKeypadAsSelection=False @@ -42,6 +46,8 @@ UseKeypadAsSelection=False BackSpaceToUnselect=True # Number of Sentences Number of sentence=2 +# Number of Phrase Candidates +WordCandidateLimit=15 # Prompt long word length when input length over (0 for disable) LongWordLengthLimit=4 # Key to trigger quickphrase @@ -127,6 +133,8 @@ C_CH=False F_H=False # l <-> n L_N=False +# l <-> r +L_R=False # s <-> sh S_SH=False # z <-> zh diff --git a/home/xyz/.config/fcitx5/config b/home/xyz/.config/fcitx5/config index 147e612e..64a62d09 100644 --- a/home/xyz/.config/fcitx5/config +++ b/home/xyz/.config/fcitx5/config @@ -15,6 +15,8 @@ EnumerateGroupBackwardKeys= ActivateKeys= # Deactivate Input Method DeactivateKeys= +# Time limit in milliseconds for triggering modifier key shortcuts +ModifierOnlyKeyTimeout=250 [Hotkey/TriggerKeys] 0=Control+space @@ -40,6 +42,8 @@ DeactivateKeys= [Behavior] # Active By Default ActiveByDefault=False +# Reset state on Focus In +resetStateWhenFocusIn=No # Share Input State ShareInputState=No # Show preedit in application @@ -62,6 +66,12 @@ CustomXkbOption= EnabledAddons= # Preload input method to be used by default PreloadInputMethod=True +# Allow input method in the password field +AllowInputMethodForPassword=False +# Show preedit text when typing password +ShowPreeditForPassword=False +# Interval of saving user data in minutes +AutoSavePeriod=30 [Behavior/DisabledAddons] 0=clipboard diff --git a/home/xyz/.config/mimeapps.list b/home/xyz/.config/mimeapps.list index c2badfd6..baa25ed9 100644 --- a/home/xyz/.config/mimeapps.list +++ b/home/xyz/.config/mimeapps.list @@ -7,15 +7,6 @@ image/jxl=nsxiv.desktop image/png=nsxiv.desktop inode/directory=file.desktop text/plain=editor.desktop -x-scheme-handler/callto=ZoomFirejail.desktop -x-scheme-handler/tel=ZoomFirejail.desktop -x-scheme-handler/tg=org.telegram.desktop.desktop -x-scheme-handler/zoommtg=ZoomFirejail.desktop -x-scheme-handler/zoomphonecall=ZoomFirejail.desktop -x-scheme-handler/zoomus=ZoomFirejail.desktop -x-scheme-handler/tonsite=org.telegram.desktop.desktop -x-scheme-handler/zoomphonesms=ZoomFirejail.desktop -x-scheme-handler/zoomcontactcentercall=ZoomFirejail.desktop [Added Associations] x-scheme-handler/tg=org.telegram.desktop.desktop; diff --git a/home/xyz/.config/mpv/scripts/sponsorblock-minimal.lua b/home/xyz/.config/mpv/scripts/sponsorblock-minimal.lua deleted file mode 120000 index cb3390f8..00000000 --- a/home/xyz/.config/mpv/scripts/sponsorblock-minimal.lua +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/mpv/sponsorblock-minimal.lua
\ No newline at end of file diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 0c0338ad..cbcc21b5 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -5,8 +5,8 @@ arc-gtk-theme argos-translate arkenfox-user.js asap -atool2-git bash-complete-alias +beyondallreason-appimage bitlbee calculix-ccx calculix-doc @@ -15,32 +15,38 @@ cht.sh-git czkawka-cli-bin czkawka-gui-bin dashbinsh +distccd-alarm-armv8 dnsleaktest -drawio-desktop-bin envycontrol f3 fcitx5-pinyin-chinese-idiom fcitx5-pinyin-custom-pinyin-dictionary fcitx5-pinyin-moegirl -fcitx5-pinyin-sougou +fcitx5-pinyin-sougou-dict-git freepats-legacy git-tools-git gmsh-bin grub-hook +gtk2fontsel hardcode-fixer-git hatt-bin htop-vim librespeed-cli-bin +mimic-bpf-git miniconda3 mpv-sponsorblock-minimal-git neovim-plug networkmanager-dispatcher-chrony +opencv-docs optimfrog-bin osmin paru-bin pass-rotate-git pipdeptree plplot +python-spacy-bin +python-thinc-bin-8.3.2 +python-wasabi-git qmmp-plugin-pack qt5-styleplugins qt6gtk2 @@ -59,7 +65,7 @@ task-spooler tio tldr-sh ttf-adobe-kaiti -ttf-gelasio-ib +ttf-gelasio typioca units urlview @@ -67,5 +73,3 @@ ventoy-bin weechat-matrix xrectsel yt-dlp-drop-in -zoom -zoom-firejail diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index ea477cd4..8f59f208 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -1,4 +1,3 @@ -7zip alacritty alsa-utils aria2 @@ -9,6 +8,8 @@ base base-devel bash-completion bcprov +bluez-utils +bpf browserpass browserpass-firefox busybox @@ -18,19 +19,18 @@ chrony clang clinfo cloc -cmark -cpio cuda dash devtools dfu-util +distcc dmenu dos2unix dunst duplicity dwm_fly-git -element-desktop enca +ethtool evtest exfatprogs exiv2 @@ -46,7 +46,6 @@ fcitx5-qt ffmpeg fio firefox -firejail freecad fsh-git fwupd @@ -56,14 +55,15 @@ geoip geoip-database-extra gimp git +git-filter-repo git-lfs +gitolite glib2-devel glib2-docs glmark2 go grub gsl -gtk2fontsel gtk4 gtk4-demos gtk4-docs @@ -84,6 +84,8 @@ isync java-commons-lang jdk-openjdk jq +kicad +kicad-library krita ladspa lf @@ -104,7 +106,9 @@ libva-utils libvdpau-va-gl linux linux-docs -linux-firmware +linux-firmware-intel +linux-firmware-realtek +linux-headers llvm lostfiles lshw @@ -136,6 +140,7 @@ npm nss-mdns nsxiv ntfs-3g +nvchecker nvidia nvidia-prime nvidia-settings @@ -189,7 +194,6 @@ speedtest-cli splix sqlitebrowser strace -stress sysbench systemd-resolvconf tcpdump @@ -212,7 +216,6 @@ ttf-caladea ttf-carlito ttf-liberation udiskie -unrar-free unzip usbutils valgrind @@ -239,6 +242,7 @@ xorg-xdpyinfo xorg-xev xorg-xinit xorg-xrandr +xorg-xset xorg-xsetroot xorg-xwininfo xsel @@ -248,5 +252,4 @@ zathura zathura-pdf-mupdf zathura-ps zbar -zip zoxide diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index 5bdd3fe2..853cdcbe 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -1,6 +1,8 @@ UNIT FILE STATE PRESET atd.service enabled disabled +bluetooth.service enabled disabled chronyd.service enabled disabled +distccd-armv8.service enabled disabled getty@.service enabled enabled NetworkManager-dispatcher.service enabled disabled NetworkManager-wait-online.service enabled disabled @@ -9,6 +11,7 @@ nftables.service enabled disabled nvidia-hibernate.service enabled disabled nvidia-resume.service enabled disabled nvidia-suspend.service enabled disabled +sshd.service enabled disabled swgp-go.service enabled disabled systemd-resolved.service enabled enabled bitlbee.socket enabled disabled @@ -19,4 +22,4 @@ paccache.timer enabled disabled pacman-filesdb-refresh.timer enabled disabled units_currency.timer enabled disabled -19 unit files listed. +22 unit files listed. diff --git a/home/xyz/.config/myconf/syue b/home/xyz/.config/myconf/syue index 41742797..3bc02a65 100644 --- a/home/xyz/.config/myconf/syue +++ b/home/xyz/.config/myconf/syue @@ -1,6 +1,6 @@ -UNIT FILE STATE PRESET -ssh-agent.service enabled enabled -xdg-user-dirs-update.service enabled enabled -p11-kit-server.socket enabled enabled +UNIT FILE STATE PRESET +ssh-agent.service enabled enabled +xdg-user-dirs.service enabled enabled +p11-kit-server.socket enabled enabled 3 unit files listed. diff --git a/home/xyz/.config/myconf/upd_rsync_files b/home/xyz/.config/myconf/upd_rsync_files index ebd32477..60e6626a 100644 --- a/home/xyz/.config/myconf/upd_rsync_files +++ b/home/xyz/.config/myconf/upd_rsync_files @@ -7,6 +7,7 @@ /home/xyz/.local/share/qBittorrent/BT_backup /home/xyz/.local/share/sdcv_history /home/xyz/.password-store +/home/xyz/.ssh/id_rsa /home/xyz/archive /home/xyz/documents /home/xyz/music diff --git a/home/xyz/.config/neomutt/neomuttrc b/home/xyz/.config/neomutt/neomuttrc index 8d81f2bb..afd5aa75 100644 --- a/home/xyz/.config/neomutt/neomuttrc +++ b/home/xyz/.config/neomutt/neomuttrc @@ -172,8 +172,11 @@ macro index,pager Mj ";<save-message>=Junk<enter>" "move mail to junk" macro index,pager Ms ";<save-message>=Sent<enter>" "move mail to sent" macro index,pager Mt ";<save-message>=Trash<enter>" "move mail to trash" # here must specify full path of the file to source, else it will souce in the dir where neomutt is execute at -macro index,pager ia '<sync-mailbox><enter-command>source "$XDG_CONFIG_HOME/neomutt/mail"<enter><change-folder>!<enter>' -macro index,pager ib '<sync-mailbox><enter-command>source "$XDG_CONFIG_HOME/neomutt/mail2"<enter><change-folder>!<enter>' +# use vim-like uppercase marks +# Ca mail server +macro index,pager \'C '<sync-mailbox><enter-command>source "$XDG_CONFIG_HOME/neomutt/mail"<enter><change-folder>!<enter>' +# Ib mail server +macro index,pager \'I '<sync-mailbox><enter-command>source "$XDG_CONFIG_HOME/neomutt/mail2"<enter><change-folder>!<enter>' # maybe useful for multiple accounts #macro index c "<change-folder>?<change-dir><home>^K=<enter>" diff --git a/home/xyz/.config/newsboat/config b/home/xyz/.config/newsboat/config index 1e8ddf64..3bfadf8e 100644 --- a/home/xyz/.config/newsboat/config +++ b/home/xyz/.config/newsboat/config @@ -19,7 +19,10 @@ macro y set browser "echo %u | xsel -ib"; open-in-browser; set browser "$BROWSER # maybe aur rss feed is broken; maybe arch linux feeds are updated very fast so I can't get the wanted news? # not fully understand the rss feed #ignore-article "https://aur.archlinux.org/rss/" "title !~\"youtube-dlp|yt-dlp\"" -ignore-article "https://zh.wikinews.org/w/index.php?title=Special:NewsFeed&feed=atom&Category:published" "title =~ \"^[0-9]{4,}年[0-9]{1,2}月[0-9]{1,2}日(中文|香港)報紙頭條$\"" +# use \ to "Splitting long lines into multiple ones" (`man newsboat`) +ignore-article "https://zh.wikinews.org/w/index.php?title=Special:NewsFeed&feed=atom&Category:published" \ +"title =~ \"^([0-9]{4,}年[0-9]{1,2}月[0-9]{1,2}日((中文|香港)報紙頭條|香港天氣報告))|\ +((竹新|柏立)社[0-9]{4,}年[0-9]{1,2}月[0-9]{1,2}日新闻)$\"" ignore-article "https://github.blog/feed/" "title !~ \"game\"" @@ -42,4 +45,12 @@ color hint-separator black blue bold color hint-description black blue #color article white black +# Need following two lines to write defunct RSS feeds log. There was a time +# when exit newsboat, it ask me to press enter, maybe due to I removed a url +# and there's remain cache, with following lines I won't be asked to press +# enter. +cleanup-on-quit yes +# I couldn't find a way to use $XDG_STATE_HOME env. var. +error-log ~/.local/state/newsboat/error.log + # vim: ft=sh diff --git a/home/xyz/.config/newsboat/urls b/home/xyz/.config/newsboat/urls index 2c16e89f..47b69395 100644 --- a/home/xyz/.config/newsboat/urls +++ b/home/xyz/.config/newsboat/urls @@ -40,6 +40,8 @@ https://www.iso.org/contents/data/standard/08/20/82075.detail.rss #https://www.beyondallreason.info/news/rss.xml #https://www.beyondallreason.info/microblogs/rss.xml #https://git.kyun.host/naphtha.atom +https://social.treehouse.systems/@danctnix.rss +https://www.bandwagonhost.net/feed ---arch_Linux--- https://archlinux.org/feeds/news/ @@ -47,6 +49,7 @@ https://archlinux.org/feeds/news/ https://rfc.archlinux.page/index.xml ---news--- +https://www.laborfact.com/rss # free license #https://en.wikinews.org/w/index.php?title=Special:NewsFeed&feed=atom&categories=Published https://zh.wikinews.org/w/index.php?title=Special:NewsFeed&feed=atom&Category:published @@ -108,12 +111,13 @@ https://git.sr.ht/~mil/mepo/refs/rss.xml #https://www.paritybit.ca/feed.xml #https://a3nm.net/blog/feed.xml #https://myrtana.sk/allfeed.atom +#https://clehaxze.tw/atom.xml -#---videos--- +---videos--- # free license, free software related or author like free software #https://peertube.kx.studio/feeds/videos.xml?videoChannelId=3 #https://odysee.com/$/rss/@thelinuxcast:4 -#https://videos.lukesmith.xyz/feeds/videos.atom?sort=-publishedAt&isLocal=true +https://videos.lukesmith.xyz/feeds/videos.atom?sort=-publishedAt&isLocal=true #https://odysee.com/$/rss/@bugswriter:8 #https://odysee.com/$/rss/@bW:9 #https://odysee.com/$/rss/@DenshiVideo:f diff --git a/home/xyz/.config/nvim/init.vim b/home/xyz/.config/nvim/init.vim index b5c7be08..cd1a4004 100644 --- a/home/xyz/.config/nvim/init.vim +++ b/home/xyz/.config/nvim/init.vim @@ -76,8 +76,12 @@ endfunction " https://www.youtube.com/watch?v=dBBUOO1PRIU augroup mycmd autocmd! - " disable auto line break (tc) and insert comment (cro) - autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o formatoptions-=t + " Disable auto line break (tc) and insert comment (cro). Also add m and M + " to wrap Chinese sentences when using gq, more see :h fo-table. I learned + " it from: https://www.reddit.com/r/vim/comments/5k7fxg/comment/dbmngin/. + " The url use formatoptions+=mM but I choose to add one flag at a time + " because it is suggested in :h add-options-flags. + autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o formatoptions-=t formatoptions+=m formatoptions+=M " auto rewrite as utf-8 if not when :w " if use FileType *, nvim can't recognize some file extensions, ex: .csv autocmd BufRead * let fenc_bef = Autocmd_set_fenc() diff --git a/home/xyz/.config/qrcp/config.json b/home/xyz/.config/qrcp/config.json index 171909ef..63955990 100644 --- a/home/xyz/.config/qrcp/config.json +++ b/home/xyz/.config/qrcp/config.json @@ -1,6 +1,6 @@ { "fqdn": "", - "interface": "enp3s0", + "interface": "wlp2s0", "keepalive": false, "output": "", "path": "", @@ -8,4 +8,4 @@ "secure": false, "tls-cert": "", "tls-key": "" -}
\ No newline at end of file +} diff --git a/home/xyz/.config/redshift/redshift.conf b/home/xyz/.config/redshift/redshift.conf index d8f3fe44..da9ff5ed 100644 --- a/home/xyz/.config/redshift/redshift.conf +++ b/home/xyz/.config/redshift/redshift.conf @@ -57,8 +57,8 @@ adjustment-method=randr ; Keep in mind that longitudes west of Greenwich (e.g. the Americas) ; are negative numbers. [manual] -lat=37.34 -lon=-121.89 +lat=31.38 +lon=120.95 ; Configuration of the adjustment-method ; type 'redshift -m METHOD:help' to see the settings. diff --git a/home/xyz/.config/sdcv_ordering b/home/xyz/.config/sdcv_ordering index 85f847c0..ad60d82b 100644 --- a/home/xyz/.config/sdcv_ordering +++ b/home/xyz/.config/sdcv_ordering @@ -5,7 +5,7 @@ MDBG Chinese-English dictionary (www.mdbg.net) 朗道汉英字典5.0 WordNet Moby Thesaurus II -wikt-en-en-2024-10-05 +wikt-en-en-2025-10-05 Urban Dictionary P1 (En-En) Urban Dictionary P2 (En-En) Dictionnaire de l’Académie Française, 8ème édition (1935). diff --git a/home/xyz/.local/bin/zoom b/home/xyz/.local/bin/zoom deleted file mode 120000 index c81c2c75..00000000 --- a/home/xyz/.local/bin/zoom +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/zoom-firejail
\ No newline at end of file diff --git a/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css b/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css index 16bf50b2..1d45123d 100644 --- a/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css +++ b/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css @@ -1,18 +1,43 @@ -@import url(firefox-csshacks/chrome/navbar_tabs_oneliner.css); +/* need `user_pref("userchrome.navbar-tabs-oneliner.tabs-on-right.enabled", + * true);` in /home/xyz/.mozilla/firefox/xxxxxxxx.fly/user-overrides.js to make + * its tab on right instead of left, like old + * firefox-csshacks/chrome/deprecated/navbar_tabs_oneliner.css */ +@import url(firefox-csshacks/chrome/oneline_toolbar.css); @import url(firefox-csshacks/chrome/urlbar_popup_full_width.css); -/* On my laptop with linux, if only has more tool >> button and application menu hambugger button, need at least 733px for search bookmarks urls and title shown in one line, or 39vw when full screen on my xyzinsp laptop. Not sure why % is not working. -I choose to use vw because after resize to a smaller window, the navigation bar will be too big if use px. -I choose a lower vw to give more room to tabs. */ -#navigator-toolbox { --uc-navigationbar-width: 30vw !important; } +/* In the past I use old + * firefox-csshacks/chrome/deprecated/navbar_tabs_oneliner.css, on my laptop + * with linux, if only has more tool >> button and application menu hambugger + * button, need at least 733px for --uc-navigationbar-width for search + * bookmarks urls and title shown in one line, or 39vw when full screen on my + * xyzinsp laptop. Not sure why % is not working. + * + * I choose to use vw because after resize to a smaller window, the navigation + * bar will be too big if use px. + * + * I choose a lower vw to give more room to tabs. + * + * Now I use new firefox-csshacks/chrome/oneline_toolbar.css, + * --uc-navigationbar-width not work any more, by reading the css source code I + * use grid-template-columns instead, and I use 3fr which seems mean 30% which + * is similar to vw */ +#navigator-toolbox { grid-template-columns: 3fr 7fr !important; } /* Narror windows will cause url bar on top of extensions button, hamburger * button, and tabs. It will also cause extensions button and hamburger button * overlap each other. I don't care if url bar is too narror. I prefer url bar * never on top of other items. I prefer extensions button and hamburger button * never overlap. Set min-width to 0 for urlbar-container gives me the result I - * want */ -#urlbar-container { min-width: 0 !important; } + * want. + * + * When using new firefox-csshacks/chrome/oneline_toolbar.css instead of old + * firefox-csshacks/chrome/legacy/navbar_tabs_oneliner.css, also need + * `flex-shrink: 1 !important;` instead of only `min-width: 0 !important;` for + * it to work */ +#urlbar-container{ + min-width: 0 !important; + flex-shrink: 1 !important; +} /* hide history back, forward-button, and ^ alltabs-button */ #back-button, #forward-button, #alltabs-button { display: none !important; } diff --git a/home/xyz/.mozilla/firefox/xxxxxxxx.fly/user-overrides.js b/home/xyz/.mozilla/firefox/xxxxxxxx.fly/user-overrides.js index fe0c8be6..edd8dd5d 100644 --- a/home/xyz/.mozilla/firefox/xxxxxxxx.fly/user-overrides.js +++ b/home/xyz/.mozilla/firefox/xxxxxxxx.fly/user-overrides.js @@ -6,13 +6,14 @@ user_pref("_user.js.parrot", "custom overrides: starting"); // douyu pay, bilibili stream watch and user space, pixiv some images not show // now default for version 115.1 so no need //user_pref("network.http.referer.XOriginPolicy", 0); -// in the past: baidu +// in the past: baidu; now: zwfwbl.cscse.edu.cn //user_pref("security.ssl.require_safe_negotiation", false); // fixes and issues unrelated to arkenfox user.js and addons: // disable ublock origin: // baidu drive save to my drive not working // baidu drive verify phone when delete file not working +// alipay login sliding shape challenge, maybe also need to disable ETP and RFP // disable enhanced tracking protection: // google drive can't download // douyu verification for change password @@ -26,13 +27,15 @@ user_pref("_user.js.parrot", "custom overrides: starting"); // mail.qq.com // arkenfox v128 disabled these previously enabled options, I want to enable them -// set to false to fix: image upload from local, image check not robot, disable surfingkey alt-s hotkey, twitch login and follow, douyin login, douyin chat in live streaming room, google map highway name, protomaps China province name, joinhandshake.com maybe need to disable this once, adobe express +// set to false to fix: image upload from local, image check not robot, disable surfingkey alt-s hotkey, twitch login and follow, douyin login, douyin chat in live streaming room, google map highway name, protomaps China province name, joinhandshake.com maybe need to disable this once, adobe express, some VPS web VNC keyboard shift modifier not working (e.g., I can't press shift+[ to get { and instead I get [, also for all other keys) user_pref("privacy.resistFingerprinting", true); user_pref("privacy.resistFingerprinting.letterboxing", true); // this can be used to disable RFP by domain, see user.js and https://github.com/arkenfox/user.js/issues/1804#issuecomment-2331701765 //user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); // set to false to fix: labster, protomaps, starlink.com availability map, istheservicedown.com outage map, adobe express user_pref("webgl.disabled", true); +// pp maybe need this (disable OCSP) for its mobile network to work +//user_pref("security.OCSP.enabled", 0); // http://kb.mozillazine.org/Network.cookie.lifetimePolicy // https://github.com/arkenfox/user.js/releases/tag/102.1 @@ -67,6 +70,19 @@ user_pref("media.autoplay.default", 5); user_pref("gfx.webrender.all", true); user_pref("media.ffmpeg.vaapi.enabled", true); +// arkenfox user.js new verison 140 changed those from true to false, but I'm +// used to the old behavior, so I changed them back. The first three settings +// maybe obsolete in the future but I'm not sure, I just put them all here. +// More see https://github.com/arkenfox/user.js/releases/tag/140.1 and +// https://github.com/arkenfox/user.js/issues/1974. +user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); +user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true); +user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); +user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); +user_pref("privacy.clearOnShutdown_v2.downloads", true); +user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true); +user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); + // old about:config and settings, for perfsCleaner.sh // use extensions on more sites user_pref("extensions.webextensions.restrictedDomains", ""); @@ -95,6 +111,14 @@ user_pref("browser.urlbar.suggest.topsites", false); //user_pref("browser.startup.page", 1); //user_pref("browser.startup.homepage", "javascript:"); +// no need on pinephone +// +// chrome/userChrome.css need this for +// chrome/firefox-csshacks/chrome/oneline_toolbar.css to work like old +// chrome/firefox-csshacks/chrome/deprecated/navbar_tabs_oneliner.css with tab +// on right instead of left +user_pref("userchrome.navbar-tabs-oneliner.tabs-on-right.enabled", true); + // I switched to pass, no need firefox password manager anymore user_pref("signon.rememberSignons", false); // no need credit card save and autofill diff --git a/home/xyz/.ssh/config b/home/xyz/.ssh/config index 90c96706..41a67680 100644 --- a/home/xyz/.ssh/config +++ b/home/xyz/.ssh/config @@ -6,14 +6,8 @@ AddKeysToAgent yes # more see alacritty.toml config SendEnv COLORTERM -# tabs and empty only for readability, without also works, not sure about newline -Host studio - Hostname flylightning.xyz - Port ssh-isp - User xyz - Host pp - Hostname xyzpp + Hostname xyzpp.local User xyz Host qw @@ -39,10 +33,14 @@ Host ca Hostname ca.flylightning.xyz User xyz -Host aa - Hostname aawg - User xyz - Host ib Hostname ib.flylightning.xyz User xyz + # ib VPS provider cancelled ipv6 + #AddressFamily inet6 + +Host ba + Hostname ba.flylightning.xyz + User xyz + # ba ipv4 has better optimized route + AddressFamily inet |