summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan DeMasi <jrdemasi@gmail.com>2019-04-14 23:46:10 -0600
committerJonathan DeMasi <jrdemasi@gmail.com>2019-04-14 23:46:10 -0600
commit47e444501cde442de80ca35392ae5ee58fe9fbd3 (patch)
tree488b1727a93f4fb6d8313eaa8d7ead665b2472fb
downloadconfigs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar
configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.gz
configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.bz2
configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.tar.xz
configs-47e444501cde442de80ca35392ae5ee58fe9fbd3.zip
adding some confs
-rw-r--r--cgit/cgirc85
-rw-r--r--dotfiles/.bashrc13
-rw-r--r--dotfiles/.vimrc66
-rw-r--r--i3/config212
-rw-r--r--nginx/nginx.conf18
-rw-r--r--nginx/nginx_vhost57
-rw-r--r--sshd/borg_sshd27
-rw-r--r--sshd/includes/borg_restrictions.sh5
8 files changed, 483 insertions, 0 deletions
diff --git a/cgit/cgirc b/cgit/cgirc
new file mode 100644
index 0000000..804b12c
--- /dev/null
+++ b/cgit/cgirc
@@ -0,0 +1,85 @@
+#
+# cgit config
+#
+
+css=/cgit.css
+logo=/cgit.png
+
+# Following lines work with the above Apache config
+#css=/cgit-css/cgit.css
+#logo=/cgit-css/cgit.png
+
+# Following lines work with the above Lighttpd config
+#css=/cgit/cgit.css
+#logo=/cgit/cgit.png
+
+# Allow http transport git clone
+enable-http-clone=0
+
+
+# if you do not want that webcrawler (like google) index your site
+robots=noindex, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/
+
+remove-suffix=1
+
+project-list=/var/lib/gitolite/projects.list
+snapshots=tar.gz tar.bz2
+remove-suffix=1
+enable-index-owner=0
+enable-blame=1
+
+scan-path=/var/lib/gitolite/repositories
+
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh
+# Set title and description
+root-title=jthan.io::git
+root-desc=A smattering of stuff and things
+
+# Display README.md files (located with your repos) in HTML (like github)
+readme=:README.md
+readme=:readme.md
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.rst
+readme=:readme.rst
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.rst
+readme=:install.rst
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+# Show extra links for each repository on the index page
+enable-index-links=1
+
+# Enable ASCII art commit history graph on the log pages
+enable-commit-graph=1
+
+# Show number of affected files per commit on the log pages
+enable-log-filecount=1
+
+# Show number of added/removed lines per commit on the log pages
+enable-log-linecount=1
+
+# Allow using gitweb.* keys
+enable-git-config=1
diff --git a/dotfiles/.bashrc b/dotfiles/.bashrc
new file mode 100644
index 0000000..80711b0
--- /dev/null
+++ b/dotfiles/.bashrc
@@ -0,0 +1,13 @@
+if [[ $- != *i* ]] ; then
+ # Shell is non-interactive. Be done now!
+ return
+fi
+
+
+# Put your fun stuff here.
+#export PS1="[\A]-\u@\h\\$ "
+PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ "
+set -o vi
+alias ls='ls --color=auto'
+export GPG_TTY=$(tty)
+
diff --git a/dotfiles/.vimrc b/dotfiles/.vimrc
new file mode 100644
index 0000000..40e0a0d
--- /dev/null
+++ b/dotfiles/.vimrc
@@ -0,0 +1,66 @@
+" stuff for c++ specific capabilities
+
+" turn on spell checking
+"set spell
+"set relativenumber
+"set number
+" sets how many lines of history VIM has to remember
+set history=700
+" Set to auto read when a file is changed from the outside
+set autoread
+"Always show current position
+set ruler
+" Configure backspace so it acts as it should act
+set backspace=eol,start,indent
+set whichwrap+=<,>,h,l
+" Ignore case when searching
+set ignorecase
+"
+" When searching try to be smart about cases
+set smartcase
+"
+" Highlight search results
+set hlsearch
+
+" Makes search act like search in modern browsers
+set incsearch
+
+" Show matching brackets when text indicator is over them
+set showmatch
+" How many tenths of a second to blink when matching brackets
+set mat=2
+" Enable syntax highlighting
+syntax enable
+colorscheme elflord
+set background=dark
+
+" Set extra options when running in GUI mode
+if has("gui_running")
+ set guioptions-=T
+ set guioptions+=e
+ set t_Co=256
+ set guitablabel=%M\ %t
+endif
+" Set utf8 as standard encoding and en_US as the standard language
+set encoding=utf8
+"
+" " Use Unix as the standard file type
+set ffs=unix,dos,mac
+" Use spaces instead of tabs
+ set expandtab
+"
+" " Be smart when using tabs ;)
+ set smarttab
+"
+" " 1 tab == 4 spaces
+ set shiftwidth=4
+ set tabstop=4
+
+" Map <Space> to / (search) and Ctrl-<Space> to ? (backwards search)
+ map <space> /
+ map <c-space> ?
+" Always show the status line
+set laststatus=2
+
+set mouse-=a
+
diff --git a/i3/config b/i3/config
new file mode 100644
index 0000000..d7b4fa6
--- /dev/null
+++ b/i3/config
@@ -0,0 +1,212 @@
+# This file has been auto-generated by i3-config-wizard(1).
+# It will not be overwritten, so edit it as you like.
+#
+# Should you change your keyboard layout some time, delete
+# this file and re-run i3-config-wizard(1).
+#
+
+# i3 config file (v4)
+#
+# Please see http://i3wm.org/docs/userguide.html for a complete reference!
+
+set $mod Mod1
+
+# Font for window titles. Will also be used by the bar unless a different font
+# is used in the bar {} block below.
+font pango:System San Francisco Display Regular 16
+
+# This font is widely installed, provides lots of unicode glyphs, right-to-left
+# text rendering and scalability on retina/hidpi displays (thanks to pango).
+#font pango:DejaVu Sans Mono 8
+
+# Before i3 v4.8, we used to recommend this one as the default:
+# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
+# The font above is very space-efficient, that is, it looks good, sharp and
+# clear in small sizes. However, its unicode glyph coverage is limited, the old
+# X core fonts rendering does not support right-to-left and this being a bitmap
+# font, it doesn’t scale on retina/hidpi displays.
+
+# Use Mouse+$mod to drag floating windows to their wanted position
+floating_modifier $mod
+
+# start a terminal
+bindsym $mod+Return exec i3-sensible-terminal
+#bindsym $mod+Return exec termite
+
+
+# kill focused window
+bindsym $mod+q kill
+
+# There also is the (new) i3-dmenu-desktop which only displays applications
+# shipping a .desktop file. It is a wrapper around dmenu, so you need that
+# installed.
+# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
+
+# change focus
+bindsym $mod+h focus left
+bindsym $mod+j focus down
+bindsym $mod+k focus up
+bindsym $mod+l focus right
+
+# alternatively, you can use the cursor keys:
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# move focused window
+bindsym $mod+Shift+h move left
+bindsym $mod+Shift+j move down
+bindsym $mod+Shift+k move up
+bindsym $mod+Shift+l move right
+
+# alternatively, you can use the cursor keys:
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# split in horizontal orientation
+bindsym $mod+Shift+v split h
+
+# split in vertical orientation
+bindsym $mod+v split v
+
+# enter fullscreen mode for the focused container
+bindsym $mod+f fullscreen toggle
+
+# change container layout (stacked, tabbed, toggle split)
+bindsym $mod+s layout stacking
+bindsym $mod+w layout tabbed
+bindsym $mod+e layout toggle split
+
+# toggle tiling / floating
+bindsym $mod+Shift+space floating toggle
+
+# change focus between tiling / floating windows
+#bindsym $mod+space focus mode_toggle
+
+# focus the parent container
+bindsym $mod+a focus parent
+
+# focus the child container
+#bindsym $mod+d focus child
+
+set $workspace1 "1. "
+set $workspace2 "2. "
+set $workspace3 "3. "
+set $workspace4 "4. "
+set $workspace5 "5. "
+set $workspace6 "6. "
+set $workspace7 "7. "
+set $workspace8 "8. "
+set $workspace9 "9. "
+set $workspace10 "10. "
+
+# switch to workspace
+bindsym $mod+1 workspace $workspace1
+bindsym $mod+2 workspace $workspace2
+bindsym $mod+3 workspace $workspace3
+bindsym $mod+4 workspace $workspace4
+bindsym $mod+5 workspace $workspace5
+bindsym $mod+6 workspace $workspace6
+bindsym $mod+7 workspace $workspace7
+bindsym $mod+8 workspace $workspace8
+bindsym $mod+9 workspace $workspace9
+bindsym $mod+0 workspace $workspace10
+
+# move focused container to workspace
+bindsym $mod+Shift+1 move container to workspace $workspace1
+bindsym $mod+Shift+2 move container to workspace $workspace2
+bindsym $mod+Shift+3 move container to workspace $workspace3
+bindsym $mod+Shift+4 move container to workspace $workspace4
+bindsym $mod+Shift+5 move container to workspace $workspace5
+bindsym $mod+Shift+6 move container to workspace $workspace6
+bindsym $mod+Shift+7 move container to workspace $workspace7
+bindsym $mod+Shift+8 move container to workspace $workspace8
+bindsym $mod+Shift+9 move container to workspace $workspace9
+bindsym $mod+Shift+0 move container to workspace $workspace10
+
+# reload the configuration file
+bindsym $mod+Shift+c reload
+# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
+bindsym $mod+Shift+r restart
+# exit i3 (logs you out of your X session)
+bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
+
+# resize window (you can also use the mouse for that)
+mode "resize" {
+ # These bindings trigger as soon as you enter the resize mode
+
+ # Pressing left will shrink the window’s width.
+ # Pressing right will grow the window’s width.
+ # Pressing up will shrink the window’s height.
+ # Pressing down will grow the window’s height.
+ bindsym j resize shrink width 10 px or 10 ppt
+ bindsym k resize grow height 10 px or 10 ppt
+ bindsym l resize shrink height 10 px or 10 ppt
+ bindsym semicolon resize grow width 10 px or 10 ppt
+
+ # same bindings, but for the arrow keys
+ bindsym Left resize shrink width 10 px or 10 ppt
+ bindsym Down resize grow height 10 px or 10 ppt
+ bindsym Up resize shrink height 10 px or 10 ppt
+ bindsym Right resize grow width 10 px or 10 ppt
+
+ # back to normal: Enter or Escape
+ bindsym Return mode "default"
+ bindsym Escape mode "default"
+}
+
+bindsym $mod+r mode "resize"
+
+
+
+# Color and bar settings #
+set $old-bg-color #2f343f
+set $bg-color #990099
+set $inactive-bg-color #2f343f
+#set $text-color #f3f4f5
+set $text-color #00ff2f
+set $inactive-text-color #676E7D
+set $urgent-bg-color #E53935
+
+# window colors
+# border background text indicator
+client.focused $bg-color $bg-color $text-color #00ff00
+client.unfocused $inactive-bg-color $inactive-bg-color $inactive-text-color #00ff00
+client.focused_inactive $inactive-bg-color $inactive-bg-color $inactive-text-color #00ff00
+client.urgent $urgent-bg-color $urgent-bg-color $text-color #00ff00
+
+# bar
+bar {
+ status_command i3blocks
+ colors {
+ background $old-bg-color
+ separator #757575
+ # border background text
+ focused_workspace $bg-color $bg-color $text-color
+ inactive_workspace $inactive-bg-color $inactive-bg-color $inactive-text-color
+ urgent_workspace $urgent-bg-color $urgent-bg-color $text-color
+ }
+}
+
+#dmenu
+bindsym $mod+space exec dmenu_run -i -l 5
+# Screen Lock
+bindsym $mod+x exec i3lock -n --color 141414
+exec --no-startup-id xss-lock -- i3lock -n --color 141414
+
+# Background
+exec_always --no-startup-id feh --bg-scale /home/jonathan/.background.png
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume 0 +5% #increase sound volume
+bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume 0 -5% #decrease sound volume
+bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute 0 toggle # mute sound
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec xbacklight -inc 2.5 # increase screen brightness
+bindsym XF86MonBrightnessDown exec xbacklight -dec 2.5 # decrease screen brightness
+
+assign [class="Firefox"] $workspace2
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..4dddab1
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,18 @@
+user nginx;
+worker_processes 2;
+error_log logs/main_error.log;
+events {
+ worker_connections 1024;
+}
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ access_log logs/access.log;
+ error_log logs/http_error.log;
+ sendfile on;
+ keepalive_timeout 65;
+ include sites-enabled/*;
+}
diff --git a/nginx/nginx_vhost b/nginx/nginx_vhost
new file mode 100644
index 0000000..ffff985
--- /dev/null
+++ b/nginx/nginx_vhost
@@ -0,0 +1,57 @@
+server {
+ listen [::]:80 ipv6only=off default_server;
+ server_name REPLACEME.tld www.REPLACEME.tld;
+ root /srv/http/REPLACEME.tld/html;
+ location /.well-known/acme-challenge {
+ default_type "text/plain";
+ root /var/lib/letsencrypt/;
+ }
+ location / {
+ return 301 https://REPLACEME.tld$request_uri;
+ index index.htm index.html;
+ }
+
+}
+
+server {
+ listen [::]:443 ssl http2 ipv6only=off default_server;
+ ssl_certificate /etc/letsencrypt/live/REPLACEME.tld/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACEME.tld/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/REPLACEME.tld/chain.pem;
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2;
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+ ssl_dhparam /etc/nginx/ssl/key/dh4096.pem;
+ ssl_prefer_server_ciphers on;
+ add_header Strict-Transport-Security max-age=15768000;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ server_name REPLACEME.tld;
+ location / {
+ root /srv/http/REPLACEME.tld/html;
+ index index.html index.htm;
+ }
+
+}
+
+server {
+ listen [::]:443 ssl http2;
+ ssl_certificate /etc/letsencrypt/live/REPLACEME.tld/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACEME.tld/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/REPLACEME.tld/chain.pem;
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2;
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+ ssl_dhparam /etc/nginx/ssl/key/dh4096.pem;
+ ssl_prefer_server_ciphers on;
+ add_header Strict-Transport-Security max-age=15768000;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ server_name www.REPLACEME.tld;
+ return 301 https://REPLACEME.tld$request_uri;
+
+}
diff --git a/sshd/borg_sshd b/sshd/borg_sshd
new file mode 100644
index 0000000..b48901d
--- /dev/null
+++ b/sshd/borg_sshd
@@ -0,0 +1,27 @@
+# Alternate sshd for borg use only, to be run aside a normal sshd process
+Port 2222
+Protocol 2
+SyslogFacility AUTHPRIV
+PermitRootLogin no
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+AllowAgentForwarding no
+AllowTcpForwarding no
+X11Forwarding no
+PrintMotd no
+PrintLastLog no
+PermitUserEnvironment no
+ClientAliveInterval 10
+ClientAliveCountMax 3
+UseDNS no
+PidFile /var/run/sshd_backups.pid
+MaxStartups 100:60:200
+DenyUsers root
+ForceCommand /usr/local/scripts/borg-restricted.sh
diff --git a/sshd/includes/borg_restrictions.sh b/sshd/includes/borg_restrictions.sh
new file mode 100644
index 0000000..684f8b1
--- /dev/null
+++ b/sshd/includes/borg_restrictions.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+cd /home/${USER}/
+borg serve --restrict-to-path /home/${USER}/
+