diff options
author | Jonathan DeMasi <jrdemasi@gmail.com> | 2019-04-14 23:46:10 -0600 |
---|---|---|
committer | Jonathan DeMasi <jrdemasi@gmail.com> | 2019-04-14 23:46:10 -0600 |
commit | 47e444501cde442de80ca35392ae5ee58fe9fbd3 (patch) | |
tree | 488b1727a93f4fb6d8313eaa8d7ead665b2472fb | |
download | configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.gz configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.bz2 configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.lz configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.xz configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.zst configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.zip |
adding some confs
-rw-r--r-- | cgit/cgirc | 85 | ||||
-rw-r--r-- | dotfiles/.bashrc | 13 | ||||
-rw-r--r-- | dotfiles/.vimrc | 66 | ||||
-rw-r--r-- | i3/config | 212 | ||||
-rw-r--r-- | nginx/nginx.conf | 18 | ||||
-rw-r--r-- | nginx/nginx_vhost | 57 | ||||
-rw-r--r-- | sshd/borg_sshd | 27 | ||||
-rw-r--r-- | sshd/includes/borg_restrictions.sh | 5 |
8 files changed, 483 insertions, 0 deletions
diff --git a/cgit/cgirc b/cgit/cgirc new file mode 100644 index 0000000..804b12c --- /dev/null +++ b/cgit/cgirc @@ -0,0 +1,85 @@ +# +# cgit config +# + +css=/cgit.css +logo=/cgit.png + +# Following lines work with the above Apache config +#css=/cgit-css/cgit.css +#logo=/cgit-css/cgit.png + +# Following lines work with the above Lighttpd config +#css=/cgit/cgit.css +#logo=/cgit/cgit.png + +# Allow http transport git clone +enable-http-clone=0 + + +# if you do not want that webcrawler (like google) index your site +robots=noindex, nofollow + +# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value: +virtual-root=/ + +remove-suffix=1 + +project-list=/var/lib/gitolite/projects.list +snapshots=tar.gz tar.bz2 +remove-suffix=1 +enable-index-owner=0 +enable-blame=1 + +scan-path=/var/lib/gitolite/repositories + +source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh +# Set title and description +root-title=jthan.io::git +root-desc=A smattering of stuff and things + +# Display README.md files (located with your repos) in HTML (like github) +readme=:README.md +readme=:readme.md +readme=:README.mkd +readme=:readme.mkd +readme=:README.rst +readme=:readme.rst +readme=:README.html +readme=:readme.html +readme=:README.htm +readme=:readme.htm +readme=:README.txt +readme=:readme.txt +readme=:README +readme=:readme +readme=:INSTALL.md +readme=:install.md +readme=:INSTALL.mkd +readme=:install.mkd +readme=:INSTALL.rst +readme=:install.rst +readme=:INSTALL.html +readme=:install.html +readme=:INSTALL.htm +readme=:install.htm +readme=:INSTALL.txt +readme=:install.txt +readme=:INSTALL +readme=:install +about-filter=/usr/lib/cgit/filters/about-formatting.sh + +# Show extra links for each repository on the index page +enable-index-links=1 + +# Enable ASCII art commit history graph on the log pages +enable-commit-graph=1 + +# Show number of affected files per commit on the log pages +enable-log-filecount=1 + +# Show number of added/removed lines per commit on the log pages +enable-log-linecount=1 + +# Allow using gitweb.* keys +enable-git-config=1 diff --git a/dotfiles/.bashrc b/dotfiles/.bashrc new file mode 100644 index 0000000..80711b0 --- /dev/null +++ b/dotfiles/.bashrc @@ -0,0 +1,13 @@ +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + + +# Put your fun stuff here. +#export PS1="[\A]-\u@\h\\$ " +PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ " +set -o vi +alias ls='ls --color=auto' +export GPG_TTY=$(tty) + diff --git a/dotfiles/.vimrc b/dotfiles/.vimrc new file mode 100644 index 0000000..40e0a0d --- /dev/null +++ b/dotfiles/.vimrc @@ -0,0 +1,66 @@ +" stuff for c++ specific capabilities + +" turn on spell checking +"set spell +"set relativenumber +"set number +" sets how many lines of history VIM has to remember +set history=700 +" Set to auto read when a file is changed from the outside +set autoread +"Always show current position +set ruler +" Configure backspace so it acts as it should act +set backspace=eol,start,indent +set whichwrap+=<,>,h,l +" Ignore case when searching +set ignorecase +" +" When searching try to be smart about cases +set smartcase +" +" Highlight search results +set hlsearch + +" Makes search act like search in modern browsers +set incsearch + +" Show matching brackets when text indicator is over them +set showmatch +" How many tenths of a second to blink when matching brackets +set mat=2 +" Enable syntax highlighting +syntax enable +colorscheme elflord +set background=dark + +" Set extra options when running in GUI mode +if has("gui_running") + set guioptions-=T + set guioptions+=e + set t_Co=256 + set guitablabel=%M\ %t +endif +" Set utf8 as standard encoding and en_US as the standard language +set encoding=utf8 +" +" " Use Unix as the standard file type +set ffs=unix,dos,mac +" Use spaces instead of tabs + set expandtab +" +" " Be smart when using tabs ;) + set smarttab +" +" " 1 tab == 4 spaces + set shiftwidth=4 + set tabstop=4 + +" Map <Space> to / (search) and Ctrl-<Space> to ? (backwards search) + map <space> / + map <c-space> ? +" Always show the status line +set laststatus=2 + +set mouse-=a + diff --git a/i3/config b/i3/config new file mode 100644 index 0000000..d7b4fa6 --- /dev/null +++ b/i3/config @@ -0,0 +1,212 @@ +# This file has been auto-generated by i3-config-wizard(1). +# It will not be overwritten, so edit it as you like. +# +# Should you change your keyboard layout some time, delete +# this file and re-run i3-config-wizard(1). +# + +# i3 config file (v4) +# +# Please see http://i3wm.org/docs/userguide.html for a complete reference! + +set $mod Mod1 + +# Font for window titles. Will also be used by the bar unless a different font +# is used in the bar {} block below. +font pango:System San Francisco Display Regular 16 + +# This font is widely installed, provides lots of unicode glyphs, right-to-left +# text rendering and scalability on retina/hidpi displays (thanks to pango). +#font pango:DejaVu Sans Mono 8 + +# Before i3 v4.8, we used to recommend this one as the default: +# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 +# The font above is very space-efficient, that is, it looks good, sharp and +# clear in small sizes. However, its unicode glyph coverage is limited, the old +# X core fonts rendering does not support right-to-left and this being a bitmap +# font, it doesn’t scale on retina/hidpi displays. + +# Use Mouse+$mod to drag floating windows to their wanted position +floating_modifier $mod + +# start a terminal +bindsym $mod+Return exec i3-sensible-terminal +#bindsym $mod+Return exec termite + + +# kill focused window +bindsym $mod+q kill + +# There also is the (new) i3-dmenu-desktop which only displays applications +# shipping a .desktop file. It is a wrapper around dmenu, so you need that +# installed. +# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop + +# change focus +bindsym $mod+h focus left +bindsym $mod+j focus down +bindsym $mod+k focus up +bindsym $mod+l focus right + +# alternatively, you can use the cursor keys: +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# move focused window +bindsym $mod+Shift+h move left +bindsym $mod+Shift+j move down +bindsym $mod+Shift+k move up +bindsym $mod+Shift+l move right + +# alternatively, you can use the cursor keys: +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# split in horizontal orientation +bindsym $mod+Shift+v split h + +# split in vertical orientation +bindsym $mod+v split v + +# enter fullscreen mode for the focused container +bindsym $mod+f fullscreen toggle + +# change container layout (stacked, tabbed, toggle split) +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +bindsym $mod+e layout toggle split + +# toggle tiling / floating +bindsym $mod+Shift+space floating toggle + +# change focus between tiling / floating windows +#bindsym $mod+space focus mode_toggle + +# focus the parent container +bindsym $mod+a focus parent + +# focus the child container +#bindsym $mod+d focus child + +set $workspace1 "1. " +set $workspace2 "2. " +set $workspace3 "3. " +set $workspace4 "4. " +set $workspace5 "5. " +set $workspace6 "6. " +set $workspace7 "7. " +set $workspace8 "8. " +set $workspace9 "9. " +set $workspace10 "10. " + +# switch to workspace +bindsym $mod+1 workspace $workspace1 +bindsym $mod+2 workspace $workspace2 +bindsym $mod+3 workspace $workspace3 +bindsym $mod+4 workspace $workspace4 +bindsym $mod+5 workspace $workspace5 +bindsym $mod+6 workspace $workspace6 +bindsym $mod+7 workspace $workspace7 +bindsym $mod+8 workspace $workspace8 +bindsym $mod+9 workspace $workspace9 +bindsym $mod+0 workspace $workspace10 + +# move focused container to workspace +bindsym $mod+Shift+1 move container to workspace $workspace1 +bindsym $mod+Shift+2 move container to workspace $workspace2 +bindsym $mod+Shift+3 move container to workspace $workspace3 +bindsym $mod+Shift+4 move container to workspace $workspace4 +bindsym $mod+Shift+5 move container to workspace $workspace5 +bindsym $mod+Shift+6 move container to workspace $workspace6 +bindsym $mod+Shift+7 move container to workspace $workspace7 +bindsym $mod+Shift+8 move container to workspace $workspace8 +bindsym $mod+Shift+9 move container to workspace $workspace9 +bindsym $mod+Shift+0 move container to workspace $workspace10 + +# reload the configuration file +bindsym $mod+Shift+c reload +# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) +bindsym $mod+Shift+r restart +# exit i3 (logs you out of your X session) +bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" + +# resize window (you can also use the mouse for that) +mode "resize" { + # These bindings trigger as soon as you enter the resize mode + + # Pressing left will shrink the window’s width. + # Pressing right will grow the window’s width. + # Pressing up will shrink the window’s height. + # Pressing down will grow the window’s height. + bindsym j resize shrink width 10 px or 10 ppt + bindsym k resize grow height 10 px or 10 ppt + bindsym l resize shrink height 10 px or 10 ppt + bindsym semicolon resize grow width 10 px or 10 ppt + + # same bindings, but for the arrow keys + bindsym Left resize shrink width 10 px or 10 ppt + bindsym Down resize grow height 10 px or 10 ppt + bindsym Up resize shrink height 10 px or 10 ppt + bindsym Right resize grow width 10 px or 10 ppt + + # back to normal: Enter or Escape + bindsym Return mode "default" + bindsym Escape mode "default" +} + +bindsym $mod+r mode "resize" + + + +# Color and bar settings # +set $old-bg-color #2f343f +set $bg-color #990099 +set $inactive-bg-color #2f343f +#set $text-color #f3f4f5 +set $text-color #00ff2f +set $inactive-text-color #676E7D +set $urgent-bg-color #E53935 + +# window colors +# border background text indicator +client.focused $bg-color $bg-color $text-color #00ff00 +client.unfocused $inactive-bg-color $inactive-bg-color $inactive-text-color #00ff00 +client.focused_inactive $inactive-bg-color $inactive-bg-color $inactive-text-color #00ff00 +client.urgent $urgent-bg-color $urgent-bg-color $text-color #00ff00 + +# bar +bar { + status_command i3blocks + colors { + background $old-bg-color + separator #757575 + # border background text + focused_workspace $bg-color $bg-color $text-color + inactive_workspace $inactive-bg-color $inactive-bg-color $inactive-text-color + urgent_workspace $urgent-bg-color $urgent-bg-color $text-color + } +} + +#dmenu +bindsym $mod+space exec dmenu_run -i -l 5 +# Screen Lock +bindsym $mod+x exec i3lock -n --color 141414 +exec --no-startup-id xss-lock -- i3lock -n --color 141414 + +# Background +exec_always --no-startup-id feh --bg-scale /home/jonathan/.background.png + +# Pulse Audio controls +bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume 0 +5% #increase sound volume +bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume 0 -5% #decrease sound volume +bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute 0 toggle # mute sound + +# Screen brightness controls +bindsym XF86MonBrightnessUp exec xbacklight -inc 2.5 # increase screen brightness +bindsym XF86MonBrightnessDown exec xbacklight -dec 2.5 # decrease screen brightness + +assign [class="Firefox"] $workspace2 diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..4dddab1 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,18 @@ +user nginx; +worker_processes 2; +error_log logs/main_error.log; +events { + worker_connections 1024; +} +http { + include mime.types; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log logs/access.log; + error_log logs/http_error.log; + sendfile on; + keepalive_timeout 65; + include sites-enabled/*; +} diff --git a/nginx/nginx_vhost b/nginx/nginx_vhost new file mode 100644 index 0000000..ffff985 --- /dev/null +++ b/nginx/nginx_vhost @@ -0,0 +1,57 @@ +server { + listen [::]:80 ipv6only=off default_server; + server_name REPLACEME.tld www.REPLACEME.tld; + root /srv/http/REPLACEME.tld/html; + location /.well-known/acme-challenge { + default_type "text/plain"; + root /var/lib/letsencrypt/; + } + location / { + return 301 https://REPLACEME.tld$request_uri; + index index.htm index.html; + } + +} + +server { + listen [::]:443 ssl http2 ipv6only=off default_server; + ssl_certificate /etc/letsencrypt/live/REPLACEME.tld/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACEME.tld/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/REPLACEME.tld/chain.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_dhparam /etc/nginx/ssl/key/dh4096.pem; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security max-age=15768000; + ssl_stapling on; + ssl_stapling_verify on; + server_name REPLACEME.tld; + location / { + root /srv/http/REPLACEME.tld/html; + index index.html index.htm; + } + +} + +server { + listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/REPLACEME.tld/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACEME.tld/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/REPLACEME.tld/chain.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_dhparam /etc/nginx/ssl/key/dh4096.pem; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security max-age=15768000; + ssl_stapling on; + ssl_stapling_verify on; + server_name www.REPLACEME.tld; + return 301 https://REPLACEME.tld$request_uri; + +} diff --git a/sshd/borg_sshd b/sshd/borg_sshd new file mode 100644 index 0000000..b48901d --- /dev/null +++ b/sshd/borg_sshd @@ -0,0 +1,27 @@ +# Alternate sshd for borg use only, to be run aside a normal sshd process +Port 2222 +Protocol 2 +SyslogFacility AUTHPRIV +PermitRootLogin no +PasswordAuthentication no +ChallengeResponseAuthentication no +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes +UsePAM yes +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS +AllowAgentForwarding no +AllowTcpForwarding no +X11Forwarding no +PrintMotd no +PrintLastLog no +PermitUserEnvironment no +ClientAliveInterval 10 +ClientAliveCountMax 3 +UseDNS no +PidFile /var/run/sshd_backups.pid +MaxStartups 100:60:200 +DenyUsers root +ForceCommand /usr/local/scripts/borg-restricted.sh diff --git a/sshd/includes/borg_restrictions.sh b/sshd/includes/borg_restrictions.sh new file mode 100644 index 0000000..684f8b1 --- /dev/null +++ b/sshd/includes/borg_restrictions.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -e +cd /home/${USER}/ +borg serve --restrict-to-path /home/${USER}/ + |