8 files changed, 164 insertions, 2 deletions
diff --git a/configs/configs_root_dir/etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive b/configs/configs_root_dir/etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive
new file mode 100755
index 0000000..a0f0c4c
--- /dev/null
+++ b/configs/configs_root_dir/etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# https://wiki.archlinux.org/title/NetworkManager#Use_dispatcher_to_automatically_toggle_wireless_depending_on_LAN_cable_being_plugged_in
+
+if [ "$1" = "enp3s0" ]; then
+	case "$2" in
+		up)
+			nmcli radio wifi off
+			;;
+		down)
+			nmcli radio wifi on
+			;;
+	esac
+elif [ "$(nmcli -g GENERAL.STATE device show enp3s0)" = "20 (unavailable)" ]; then
+	nmcli radio wifi on
+fi
diff --git a/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf b/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf
index 4c7d084..0d803d8 100644
--- a/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf
+++ b/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf
@@ -74,8 +74,8 @@ table inet nat {
 	chain prerouting {
 		type nat hook prerouting priority dstnat
 		policy accept
-		iif $pub_iface tcp dport 59083 dnat ip to 10.0.2.2
-		iif $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2
+		iifname $pub_iface tcp dport 59083 dnat ip to 10.0.2.2
+		iifname $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2
 	}
 	# newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }`, more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/
 	# for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface
diff --git a/configs/configs_root_dir/etc/pacman.d/hooks/linux-megi-mkinitcpio.hook b/configs/configs_root_dir/etc/pacman.d/hooks/linux-megi-mkinitcpio.hook
new file mode 100644
index 0000000..109c2f0
--- /dev/null
+++ b/configs/configs_root_dir/etc/pacman.d/hooks/linux-megi-mkinitcpio.hook
@@ -0,0 +1,15 @@
+# Sometimes after linux-megi upgrade, reboot results into osk-sdl errors so I can't decrypt FDE.
+# Maybe it is because linux-megi does not have `/usr/lib/modules/*/vmlinuz`, this cause /usr/share/libalpm/hooks/90-mkinitcpio-install.hook to not run when linux-megi upgrade, which cause mkinitcpio not run.
+# Also, 90-linux-megi.hook does not set linux-megi as target and it seems cause it not running when linux-megi upgrade.
+# I'm not sure what's the cause of the issue. This pacman hook is just a dirty workaround, because it may cause mkinitcpio run twice.
+[Trigger]
+Type = Package
+Operation = Install
+Operation = Upgrade
+Target = linux-megi
+
+[Action]
+Description = My workaround to mkinitcpio after linux-megi upgrade...
+When = PostTransaction
+Exec = /usr/bin/mkinitcpio -P
+Depends = linux-megi
diff --git a/configs/configs_root_dir/etc/searxng/settings.yml b/configs/configs_root_dir/etc/searxng/settings.yml
new file mode 100644
index 0000000..f0139f9
--- /dev/null
+++ b/configs/configs_root_dir/etc/searxng/settings.yml
@@ -0,0 +1,86 @@
+use_default_settings: true
+server:
+    secret_key: "<secret_key>"
+checker:
+    scheduling:
+    start_after: [300, 1800]  # delay to start the first run of the checker
+    every: [86400, 90000]     # how often the checker runs
+
+ui:
+  results_on_new_tab: true
+  infinite_scroll: true
+  theme_args:
+    simple_style: dark
+
+outgoing:
+  request_timeout: 60
+
+enabled_plugins:
+  - 'Hash plugin'
+  - 'Search on category select'
+  - 'Self Informations'
+  - 'Tracker URL remover'
+  - 'Ahmia blacklist'
+  - 'Open Access DOI rewrite'
+
+engines:
+  # general/web
+  - name: brave
+    disabled: false
+  - name: bing
+    disabled: false
+  - name: duckduckgo
+    disabled: false
+  - name: gigablast
+    disabled: false
+  - name: yahoo
+    disabled: false
+  # general/others
+  - name: ddg definitions
+    disabled: false
+  # images/web
+  - name: duckduckgo images
+    disabled: false
+  # images/others
+  - name: imgur
+    disabled: false
+  # videos/others
+  - name: peertube
+    disabled: false
+  # news
+  - name: wikinews
+    disabled: false
+  # IT/packages
+  - name: lib.rs
+    disabled: false
+  - name: metacpan
+    disabled: false
+  - name: npm
+    disabled: false
+  - name: packagist
+    disabled: false
+  - name: pub.dev
+    disabled: false
+  - name: rubygems
+    disabled: false
+  # IT/repos
+  - name: bitbucket
+    disabled: false
+  - name: codeberg
+    disabled: false
+  - name: gitlab
+    disabled: false
+  - name: sourcehut
+    disabled: false
+  # IT/software wikis
+  - name: free software directory
+    disabled: false
+  # files/others
+  - name: 1337x
+    disabled: false
+  - name: library genesis
+    disabled: false
+  - name: nyaa
+    disabled: false
+  - name: tokyotoshokan
+    disabled: false
diff --git a/configs/configs_root_dir/etc/systemd/resolved.conf.d/resolved.conf b/configs/configs_root_dir/etc/systemd/resolved.conf.d/mdns.conf
index 314a2db..314a2db 100644
--- a/configs/configs_root_dir/etc/systemd/resolved.conf.d/resolved.conf
+++ b/configs/configs_root_dir/etc/systemd/resolved.conf.d/mdns.conf
diff --git a/configs/configs_root_dir/etc/systemd/system/phantun_client.service b/configs/configs_root_dir/etc/systemd/system/phantun_client.service
new file mode 100644
index 0000000..550bf39
--- /dev/null
+++ b/configs/configs_root_dir/etc/systemd/system/phantun_client.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=phantun client
+After=network.target
+
+[Service]
+Type=simple
+Environment=RUST_LOG=info
+ExecStart=/usr/bin/phantun_client --local [::1]:59083 --remote 104.224.159.210:59083 --tun-local 10.0.1.1 --tun-peer 10.0.1.2 --tun-local6 fdc9:281f:04d7:9eea::1 --tun-peer6 fdc9:281f:04d7:9eea::2 --tun pt0
+#ExecStart=/usr/bin/env RUST_LOG=info /usr/bin/phantun_client --local [::1]:59083 --remote 104.224.159.210:59083 --tun-local 10.0.1.1 --tun-peer 10.0.1.2 --tun-local6 fdc9:281f:04d7:9eea::1 --tun-peer6 fdc9:281f:04d7:9eea::2 --tun pt0
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/configs/configs_root_dir/etc/systemd/system/phantun_server.service b/configs/configs_root_dir/etc/systemd/system/phantun_server.service
new file mode 100644
index 0000000..67b24f9
--- /dev/null
+++ b/configs/configs_root_dir/etc/systemd/system/phantun_server.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=phantun client
+After=network.target
+
+[Service]
+Type=simple
+Environment=RUST_LOG=info
+ExecStart=/usr/bin/phantun_server --local 59083 --remote [::1]:54635 --tun-local 10.0.2.1 --tun-peer 10.0.2.2 --tun-local6 fdc9:281f:04d7:9eeb::1 --tun-peer6 fdc9:281f:04d7:9eeb::2 --tun pt0
+#ExecStart=/usr/bin/env RUST_LOG=info /usr/bin/phantun_server --local 59083 --remote [::1]:54635 --tun-local 10.0.2.1 --tun-peer 10.0.2.2 --tun-local6 fdc9:281f:04d7:9eeb::1 --tun-peer6 fdc9:281f:04d7:9eeb::2 --tun pt0
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/configs/configs_root_dir/etc/uwsgi/vassals/searxng.ini b/configs/configs_root_dir/etc/uwsgi/vassals/searxng.ini
new file mode 100644
index 0000000..403ffe1
--- /dev/null
+++ b/configs/configs_root_dir/etc/uwsgi/vassals/searxng.ini
@@ -0,0 +1,19 @@
+[uwsgi]
+uid = searxng
+gid = searxng
+env = LANG=C.UTF-8
+env = LANGUAGE=C.UTF-8
+env = LC_ALL=C.UTF-8
+env = SEARX_SETTINGS_PATH=/etc/searxng/settings.yml
+logger = systemd
+disable-logging = true
+chmod-socket = 666
+single-interpreter = true
+master = true
+lazy-apps = true
+plugin = python
+enable-threads = true
+module = searx.webapp
+chmod-socket = 666
+http = :49152
+cache2 = name=searxngcache,items=2000,blocks=2000,blocksize=4096,bitmap=1