dotfiles

git clone git://git.afify.dev/dotfiles
Log | Files | Refs

commit 8806d9fa26a90908854f6d57abe6dc929f7c97d5
Author: afify <hassan@afify.dev>
Date:   Fri,  5 Nov 2021 11:38:42 +0300

[init]

Diffstat:
A.mbsyncrc | 22++++++++++++++++++++++
A.msmtprc | 13+++++++++++++
A.profile | 33+++++++++++++++++++++++++++++++++
A.scripts/certbot.sh | 5+++++
A.scripts/check_ffmpeg.sh | 5+++++
A.scripts/check_mic.sh | 7+++++++
A.scripts/check_ssh.sh | 8++++++++
A.scripts/con_putty.sh | 4++++
A.scripts/create_diff_git.sh | 30++++++++++++++++++++++++++++++
A.scripts/create_links.sh | 34++++++++++++++++++++++++++++++++++
A.scripts/create_mnt_dirs.sh | 5+++++
A.scripts/doas.sh | 3+++
A.scripts/format_usb.sh | 38++++++++++++++++++++++++++++++++++++++
A.scripts/gpu.sh | 20++++++++++++++++++++
A.scripts/hostname.sh | 15+++++++++++++++
A.scripts/inbox.sh | 3+++
A.scripts/mount_drives | 30++++++++++++++++++++++++++++++
A.scripts/newrepo.sh | 10++++++++++
A.scripts/notify_azan | 2++
A.scripts/notify_cpu | 2++
A.scripts/notify_disks | 4++++
A.scripts/notify_gpu | 4++++
A.scripts/pass_manager | 4++++
A.scripts/post-receive | 98+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A.scripts/production_server.sh | 281+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A.scripts/rfkill_status.sh | 7+++++++
A.scripts/update.sh | 6++++++
A.scripts/volume_control | 33+++++++++++++++++++++++++++++++++
A.xinitrc | 14++++++++++++++
29 files changed, 740 insertions(+), 0 deletions(-)

diff --git a/.mbsyncrc b/.mbsyncrc @@ -0,0 +1,22 @@ +IMAPAccount afify +Host mail.afify.dev +User hassan@afify.dev +PassCmd "pass myemail" +SSLType IMAPS +SSLVersions TLSv1.2 + +IMAPStore afify-remote +Account afify + +MaildirStore afify-local +Path ~/.mail/afify/ +Inbox ~/.mail/afify/Inbox + +Channel afify +Far :afify-remote: +Near :afify-local: +Create Both +Sync All +Expunge Both +SyncState * +Patterns * diff --git a/.msmtprc b/.msmtprc @@ -0,0 +1,13 @@ +# Set default values for all following accounts. +defaults +auth on +tls on +tls_trust_file /etc/ssl/certs.pem +logfile ~/.msmtp.log +account afify +host mail.afify.dev +port 587 +from hassan@afify.dev +user hassan@afify.dev +passwordeval "pass myemail" +account default : afify diff --git a/.profile b/.profile @@ -0,0 +1,33 @@ +#!/bin/sh + +umask 077 +export EDITOR=nvim +export VISUAL=nvim +export GPG_TTY=$(tty) +export LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 +export ENV=~/.config/ksh/kshrc +export R2_RCFILE=~/.config/radare2rc +export HISTSIZE=10000 +export HISTCONTROL=ignoredups +export HISTFILE=~/.cache/.sh_history +export GTK2_RC_FILES=~/.config/gtk-2.0/gtkrc-2.0 +export MANPATH="/usr/local/share/man:/usr/local/man:/usr/share/man:/usr/X11R6/man" +export JAVA_HOME="$HOME/android-studio/jre/" +export _JAVA_AWT_WM_NONREPARENTING=1 +export MYSQL_HISTFILE=/dev/null +export LESSHISTFILE="-" +export LESS_TERMCAP_mb="$(printf '\33[38;5;214m')" +export LESS_TERMCAP_md="$(printf '\33[38;5;214m')" +export LESS_TERMCAP_me="$(printf '\33[0m')" +export LESS_TERMCAP_so="$(printf '\33[1;44;37m')" +export LESS_TERMCAP_se="$(printf '\33[0m')" +export LESS_TERMCAP_us="$(printf '\33[38;5;166m')" +export LESS_TERMCAP_ue="$(printf '\33[0m')" +export LESS=-r + +if [ "$(uname -s)" = "Linux" ]; then + export HW=$(cat /sys/devices/virtual/dmi/id/sys_vendor /sys/devices/virtual/dmi/id/product_name) +else + export HW="$(sysctl -n hw.vendor) $(sysctl -n hw.product)" +fi diff --git a/.scripts/certbot.sh b/.scripts/certbot.sh @@ -0,0 +1,5 @@ +#!/bin/sh +domain="afify.dev" +certbot certonly --webroot -w "/var/www/$domain" -d "$domain" +certbot renew --pre-hook "rcctl stop httpd" --post-hook "rcctl start httpd" +echo "/usr/bin/certbot renew --quiet" >> /etc/monthly.local diff --git a/.scripts/check_ffmpeg.sh b/.scripts/check_ffmpeg.sh @@ -0,0 +1,5 @@ +#!/bin/sh +is_recording=$(pgrep -f "ffmpeg -f" | wc -l) +if [ "$is_recording" -gt 0 ]; then + echo " 辶 " +fi diff --git a/.scripts/check_mic.sh b/.scripts/check_mic.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +case $(uname) in + Linux) unmuted_count=$(pactl list sources| grep -c 'Mute: no') + [ "$unmuted_count" -gt 0 ] && echo " $unmuted_count 壘 ";; + OpenBSD) [ "$(sysctl -n kern.audio.record)" -gt 0 ] && echo " 壘 ";; +esac diff --git a/.scripts/check_ssh.sh b/.scripts/check_ssh.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +cin=$(who | grep -Ec "\\([0-9]{1,3}") +cout=$(pgrep -f "^ssh " | wc -l | tr -d ' ') +[ "$cin" -gt 0 ] && in="$cin 﫻 " +[ "$cout" -gt 0 ] && out="$cout  " +[ "$(pgrep sshd | wc -l)" -gt 0 ] && sshd="[sshd]" +printf " %s%s%s" "$in" "$out" "$sshd" diff --git a/.scripts/con_putty.sh b/.scripts/con_putty.sh @@ -0,0 +1,4 @@ +#!/bin/sh +base=$(echo "$1" | cut -f 1 -d '.') +puttygen "$1" -O private-openssh -o "$base" +puttygen "$1" -O public-openssh -o "$base.pub" diff --git a/.scripts/create_diff_git.sh b/.scripts/create_diff_git.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +# Description : create diff file from 2 commits + +# git_dir=$() +# --git-dir $git_dir/.git +# patch -p1 < path/to/patch.diff + +# diff -u old new > patch.diff +# patch OriginalFile < PatchFile +# diff -r -x *.o -x *.so -x *.git dir1 dir2 + +old_commit=$(git log --all --pretty=format:'%h %s %d' |\ + dmenu -p 'old commmit' -l 10 | awk '{print $1}') + +if [ "$old_commit" ]; then + new_commit=$(git log --all --pretty=format:'%h %s' |\ + dmenu -p 'new commmit' -l 10 | awk '{print $1}') + if [ "$new_commit" ]; then +# TODO + file_name=$(ls -p | grep -v /| dmenu -p 'select file' -l 10) + if [ "$file_name" ]; then + output_file="$old_commit"_"$new_commit"_"$file_name".diff + git diff "$old_commit" "$new_commit" -- "$file_name" > "$output_file" && echo "create diff for $file_name." + else + output_file="$old_commit"_"$new_commit".diff + git diff "$old_commit" "$new_commit" > "$output_file" && echo "create diff all dir." + fi + fi +fi diff --git a/.scripts/create_links.sh b/.scripts/create_links.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +[ "$USER" != "root" ] && echo "Must run as root." && exit 1 + +mkdir /root/.config +ln -s /home/hassan/.local/share/nvim/site /root/.local/share/nvim/site +ln -s /home/hassan/.config/nvim /root/.config/nvim +ln -s /home/hassan/.vim /root/.vim +ln -s /mnt/data/todo.txt /home/hassan/ + +if [ "$(uname)" = "Linux" ]; then + ln -fs /bin/clang /bin/cc + ln -fs /bin/ld.lld /bin/ld + ln -s /etc/sv/wpa_supplicant /var/service/ + ln -s /etc/sv/ntpd /var/service/ + ln -s /etc/sv/crond/ /var/service/ +# ln -s /etc/sv/apache /var/service/ +# ln -sf /etc/sv/mysqld /var/service/ +# ln -s /home/hassan/android-studio/bin/studio.sh /usr/local/bin/android-studio +# ln -s /etc/sv/sshd /var/service/ +# ln -s /etc/sv/bluetoothd /var/service/ +fi + +if [ "$(uname)" = "OpenBSD" ]; then + ln -s /home/hassan/.config/ /root/.config + ln -s /home/hassan/.local/ /root/.local + ln -s /home/hassan/.vim/ /root/.vim + ln -s /home/hassan/.profile /root/.profile + + ln -s /home/hassan/.config/ /home/git/.config + ln -s /home/hassan/.local/ /home/git/.local + ln -s /home/hassan/.vim/ /home/git/.vim + ln -s /home/hassan/.profile /home/git/.profile +fi diff --git a/.scripts/create_mnt_dirs.sh b/.scripts/create_mnt_dirs.sh @@ -0,0 +1,5 @@ +#!/bin/sh +[ "$USER" != "root" ] && echo "Must run as root." && exit 1 +cd /mnt/ || exit +mkdir 4tb 1tb data sd1 sd2 usb1 usb2 phone1 phone2 temp1 temp2 vera +chown -R hassan:hassan /mnt/ && chgrp -R hassan:hassan /mnt/ diff --git a/.scripts/doas.sh b/.scripts/doas.sh @@ -0,0 +1,3 @@ +#!/bin/sh +echo "permit :wheel +permit nopass hassan cmd zzz" > /etc/doas.conf diff --git a/.scripts/format_usb.sh b/.scripts/format_usb.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +[ "$USER" != "root" ] && echo "Must run as root." && exit 1 +export DISPLAY=:0 +export XAUTHORITY=/home/hassan/.Xauthority + +usb=$(lsblk --noheadings --raw -o NAME,SIZE |\ + awk '$1~/sd[a-z]$/' |\ + dmenu -i -p "choose disk"|\ + awk '{print $1}') +if [ ! "$usb" ]; then exit;fi + +format=$(printf "mkfs.vfat\nmkfs.ext4\nmkfs.ext2\nmkfs.exfat" |\ + dmenu -i -p "choose format") + +wipe=$(printf "no\nyes" |\ + dmenu -p "WARNING wipe $usb" -nb "#000" -nf "#FFF" -sb "#FF0000" -sf "#FFF") + + if [ "${wipe}" = "yes" ]; then + dd bs=4M if=/dev/urandom of=/dev/"${usb}" status=progress oflag=sync; + fi; + + if [ "${format}" = "mkfs.ext4" ]; then + printf "o\nn\np\n1\n2048\n\n\nw\n" | fdisk /dev/"${usb}" && \ + mkfs.ext4 /dev/"${usb}1" && notify-send "formated ${usb}" + + elif [ "${format}" = mkfs.ext2 ]; then + printf "o\nn\np\n1\n2048\n\n\nw\n" | fdisk /dev/"${usb}" && \ + mkfs.ext2 /dev/"${usb}1" && notify-send "formated ${usb}" + + elif [ "${format}" = mkfs.exfat ]; then + printf "o\nn\np\n1\n2048\n\nt\n7\n\nw\n" | fdisk /dev/"${usb}" && \ + mkfs.exfat /dev/"${usb}1" && notify-send "formated ${usb}" + + elif [ "${format}" = mkfs.vfat ]; then + printf "o\nn\np\n1\n2048\n\nt\nb\n\nw\n" | fdisk /dev/"${usb}" && \ + mkfs.vfat /dev/"${usb}1" && notify-send "formated ${usb}" + fi diff --git a/.scripts/gpu.sh b/.scripts/gpu.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +max_mem="700" +max_temp="52" +max_gpu="25" + +if ! [ "$(uname)" = "Linux" ]; then exit;fi + +query=$(nvidia-smi --query-gpu=memory.used,temperature.gpu,utilization.gpu \ + --format=csv | sed 's/memory.*//g' | tr -d '\n,') + +cur_mem=$(echo "$query" | awk '{print $1}') +cur_temp=$(echo "$query" | awk '{print $3}') +cur_gpu=$(echo "$query" | awk '{print $4}') + +if [ "$cur_mem" -gt "$max_mem" ] || + [ "$cur_temp" -gt "$max_temp" ] || + [ "$cur_gpu" -gt "$max_gpu" ]; then + echo "GPU [$cur_mem MB] [$cur_temp C] [$cur_gpu %]" +fi diff --git a/.scripts/hostname.sh b/.scripts/hostname.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +[ "$USER" != "root" ] && echo "Must run as root." && exit 1 + +if [ "$(uname)" = "OpenBSD" ]; then + hostname openbsd && echo "openbsd" > /etc/myname &&\ + printf "127.0.0.1\topenbsd\tlocalhost\n::1\t\topenbsd\tlocalhost\n" > /etc/hosts + +elif [ "$(uname)" = "Linux" ]; then + hostname alien && echo "alien" > /etc/hostname &&\ + printf "127.0.0.1\talien\tlocalhost\n::1\t\talien\tlocalhost\n" > /etc/hosts + sed -i 's/#hostname/hostname/' /etc/dhcpcd.conf + echo "static domain_name_servers=208.67.220.220 208.67.222.222" >> /etc/dhcpcd.conf + sv restart dhcpcd +fi diff --git a/.scripts/inbox.sh b/.scripts/inbox.sh @@ -0,0 +1,3 @@ +#!/bin/sh +count=$(ls /home/hassan/.mail/afify/Inbox/new | wc -l) +[ "$count" -gt 0 ] && echo "[$count]" && exit 0 diff --git a/.scripts/mount_drives b/.scripts/mount_drives @@ -0,0 +1,30 @@ +#!/bin/sh + +if [ "$(uname)" = "Linux" ]; then + chosen=$(\ + lsblk --noheadings --raw -o \ + NAME,SIZE,TYPE,FSTYPE,MOUNTPOINT |\ + awk '$3 == "part" && $5 == ""' |\ + dmenu -i -p "Mount volume" -l 10 ) + partition=$(echo "$chosen" | awk '{print $1}') + file_type=$(echo "$chosen" | awk '{print $4}') + + if [ "$file_type" = "crypto_LUKS" ]; then + dev=dev/mapper + else # file_type != crypto_LUKS + dev=dev + fi +fi + +[ "$file_type" = "vfat" ] && mount_option="-o rw,umask=0000" + +# Mount partition +[ ! "$partition" ] && exit 0 +mount_point=$(find /mnt/ -maxdepth 1 -type d -empty | sort |\ + dmenu -i -p "Select mount point") +[ ! "$mount_point" ] && exit 0 + echo mount "/$dev/$partition" "$mount_point" "$mount_option" +dmenu -P -p "Mount | sudo " |\ + sudo -S mount /$dev/$partition $mount_point $mount_option\ + && notify-send "Mounted" "$partition"\ + || notify-send -u critical "Error Mounting" "$partition" diff --git a/.scripts/newrepo.sh b/.scripts/newrepo.sh @@ -0,0 +1,10 @@ +#!/bin/sh +[ ! $# -eq 1 ] || [ "${1##*.}" != "git" ] && echo "usage: sh newrepo.sh EXAMPLE.git" && + exit 1; +b="${1%.*}" +cd /home/git/src || exit +git init --bare "$1" +ln -s "/home/git/src/post-receive" "/home/git/src/$1/hooks/post-receive" +echo "description" > "$1/description" +echo "afify" > "$1/owner" +echo "git://git.afify.dev/$b" > "$1/url" diff --git a/.scripts/notify_azan b/.scripts/notify_azan @@ -0,0 +1,2 @@ +#!/bin/sh +notify-send "Azan" "$(azan -A)" -t 5000 diff --git a/.scripts/notify_cpu b/.scripts/notify_cpu @@ -0,0 +1,2 @@ +#!/bin/sh +notify-send "CPU" "$(ps axch -o cmd:15,%cpu --sort=-%cpu | head)" -t 10000 diff --git a/.scripts/notify_disks b/.scripts/notify_disks @@ -0,0 +1,4 @@ +#!/bin/sh +com=$(df -h | grep -E "(Mounted|\/$|mnt|home)" |\ + awk '{print $6"\t"$3"\t"$4"\t" $5}' | column -t) +notify-send "Disks Usage" "$com" diff --git a/.scripts/notify_gpu b/.scripts/notify_gpu @@ -0,0 +1,4 @@ +#!/bin/sh + +ps=$(nvidia-smi pmon -c 1 | tail -n +3 |awk '{print $2 " " $4 "% " $8}' | sort -k2 -r | column -t) +notify-send "GPU" "$ps" -t 5000 diff --git a/.scripts/pass_manager b/.scripts/pass_manager @@ -0,0 +1,4 @@ +#!/bin/sh +path=$HOME/.password-store/ +chosen=$(ls $path | sed -r 's/(\.gpg|.gpg-id)//g' | dmenu -i -p "Pass ") +[ "$chosen" ] && pass -c "$chosen" diff --git a/.scripts/post-receive b/.scripts/post-receive @@ -0,0 +1,98 @@ +#!/bin/sh +# generic git post-receive hook. +# change the config options below and call this script in your post-receive +# hook or symlink it. +# +# usage: $0 [name] +# +# if name is not set the basename of the current directory is used, +# this is the directory of the repo when called from the post-receive script. + +# NOTE: needs to be set for correct locale (expects UTF-8) otherwise the +# default is LC_CTYPE="POSIX". +export LC_CTYPE="en_US.UTF-8" + +name="$1" +if test "${name}" = ""; then + name=$(basename "$(pwd)") +fi + +# config +# paths must be absolute. +reposdir="/home/git/src" +dir="${reposdir}/${name}" +htmldir="/var/www/htdocs/git.afify.dev/" +stagitdir="/" +destdir="${htmldir}${stagitdir}" +cachefile=".htmlcache" +# /config + +if ! test -d "${dir}"; then + echo "${dir} does not exist" >&2 + exit 1 +fi +cd "${dir}" || exit 1 + +# dont create private repos +[ -e "${dir}/git-daemon-export-ok" ] || exit 1; + +# detect git push -f +force=0 +while read -r old new ref; do + test "${old}" = "0000000000000000000000000000000000000000" && continue + test "${new}" = "0000000000000000000000000000000000000000" && continue + + hasrevs=$(git rev-list "${old}" "^${new}" | sed 1q) + if test -n "${hasrevs}"; then + force=1 + break + fi +done + +# strip .git suffix. +r=$(basename "${name}") +d=$(basename "${name}" ".git") +printf "[%s] stagit HTML pages... " "${d}" + +# create archives and sha256 +rel="${htmldir}/${d}/releases" +mkdir -p $rel + +git tag -l | while read -r t; do + f="${rel}/${d}-$(echo "${t}" | tr '/' '_').tar.gz" + test -f "${f}" && continue + git archive \ + --format tar.gz \ + --prefix "${d}-${t}/" \ + -o "${f}" \ + -- \ + "${t}" + cd "${rel}" + sha256 "${d}-${t}.tar.gz" > "${rel}/${d}-${t}.tar.gz.sha256" + cd "${dir}" +done + +mkdir -p "${destdir}/${d}" +cd "${destdir}/${d}" || exit 1 + +# remove commits and ${cachefile} on git push -f, this recreated later on. +if test "${force}" = "1"; then + rm -f "${cachefile}" + rm -rf "commit" +fi + +# make index. +public_dirs=$(find ${reposdir} -type f -name "git-daemon-export-ok" -exec sh -c 'echo $(dirname "$0")/' {} \; | tr '\n' ' '); +echo "$public_dirs" +stagit-index $public_dirs > "${destdir}/index.html" +# stagit-index "${reposdir}/"*/ > "${destdir}/index.html" + +# make pages. +stagit -c "${cachefile}" -u "https://git.afify.dev/$d/" "${reposdir}/${r}" + +ln -sf log.html index.html +ln -sf ../style.css style.css +ln -sf ../logo.png logo.png +ln -sf ../favicon.png favicon.png + +echo "done" diff --git a/.scripts/production_server.sh b/.scripts/production_server.sh @@ -0,0 +1,281 @@ +#!/bin/sh + +# pkgs +pkg_add -u +pkg_add neovim colorls git node opensmtpd-extras opensmtpd-filter-rspamd dovecot dovecot-pigeonhole rspamd redis mariadb-client mariadb-server php php-curl php-mysqli php-pdo_mysql php-gd php-intl phpMyAdmin + +# user +useradd -m -G wheel -s /bin/ksh hassan +echo "permit nopass keepenv :wheel" > /etc/doas.conf +passwd hassan +rm -rf /home/hassan/* +mkdir .ssh && touch authorized_keys +#local scp .config/ksh .config/git .config/nvim .profile $domain:. +ln -s /home/hassan/.config/ /root/.config +ln -s /home/hassan/.local/ /root/.local +ln -s /home/hassan/.vim/ /root/.vim +sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.vim --create-dirs \ + https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim' + +# certificates +mkdir /var/www/htdocs/mail.qassemha.com +mkdir /var/www/htdocs/qassemha.com +certbot certonly --webroot -w /var/www/htdocs/mail.qassemha.com -d mail.qassemha.com +certbot certonly --webroot -w /var/www/htdocs/qassemha.com -d qassemha.com +echo "/usr/bin/certbot renew --quiet" > /etc/monthly.local + +# smptd +cp /etc/mail/smtpd.conf /etc/mail/smtpd.conf.default +cat > /etc/mail/smtpd.conf <<EOL +pki mail.afify.dev cert "/etc/letsencrypt/live/mail.afify.dev/fullchain.pem" +pki mail.afify.dev key "/etc/letsencrypt/live/mail.afify.dev/privkey.pem" + +table aliases file:/etc/mail/aliases +table creds passwd:/etc/mail/credentials +table vusers file:/etc/mail/virtuals + +filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" +filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s" +filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s" + +filter rspamd proc-exec "/usr/local/libexec/smtpd/filter-rspamd" + +listen on all mask-src tls pki mail.afify.dev +listen on all mask-src port submission tls-require pki mail.afify.dev auth <creds> + +action receive maildir "/var/vmail/afify.dev/%{dest.user:lowercase}" virtual <vusers> +action send relay + +match from any for domain "afify.dev" action receive +match auth from any for any action send +EOL +smtpctl encrypt example_password1 >> /etc/mail/credentials +echo "hassan@afify.dev:\$2b\$09\$5kCjHz8BDAiCTL/N56lIKuT213ViSSZZSVjtj1ww.2HZkg.9opqrS:vmail:2000:2000:/var/vmail/afify.dev/hassan::userdb_mail=maildir:/var/vmail/afify.dev/hassan" >> /etc/mail/credentials +chmod 0440 /etc/mail/credentials +chown _smtpd:_dovecot /etc/mail/credentials +mkdir /var/vmail +useradd -c "Virtual Mail Account" -d /var/vmail -s /sbin/nologin -u 2000 -g =uid -L staff vmail +chown vmail:vmail /var/vmail +echo "abuse@qassemha.com: admin@qassemha.com +hostmaster@qassemha.com: admin@qassemha.com +postmaster@qassemha.com: admin@qassemha.com +webmaster@qassemha.com: admin@qassemha.com +admin@qassemha.com: vmail +info@qassemha.com: vmail" > /etc/mail/virtuals + +printf "\ndovecot:\\\\ +\t:openfiles-cur=1024:\\\\ +\t:openfiles-max=2048:\\\\ +\t:tc=daemon:\n" >> /etc/login.conf +cap_mkdb /etc/login.conf + +cat > "/etc/dovecot/local.conf" <<EOL +auth_mechanisms = plain +first_valid_uid = 2000 +first_valid_gid = 2000 +hostname = mail.afify.dev +mail_location = maildir:/var/vmail/%d/%n +mail_plugin_dir = /usr/local/lib/dovecot +managesieve_notify_capability = mailto +managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve +mbox_write_locks = fcntl +mmap_disable = yes +namespace inbox { + inbox = yes + location = + mailbox Archive { + auto = subscribe + special_use = \Archive + } + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + mailbox Junk { + auto = subscribe + special_use = \Junk + } + mailbox Sent { + auto = subscribe + special_use = \Sent + } + mailbox Trash { + auto = subscribe + special_use = \Trash + } + prefix = +} +passdb { + args = scheme=CRYPT username_format=%u /etc/mail/credentials + driver = passwd-file + name = +} +plugin { + imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve + imapsieve_mailbox1_causes = COPY + imapsieve_mailbox1_name = Junk + imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_from = Junk + imapsieve_mailbox2_name = * + sieve = file:~/sieve;active=~/.dovecot.sieve + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment + sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve + sieve_plugins = sieve_imapsieve sieve_extprograms +} +protocols = imap sieve +service imap-login { + inet_listener imap { + port = 0 + } +} +service managesieve-login { + inet_listener sieve { + port = 4190 + } + inet_listener sieve_deprecated { + port = 2000 + } +} +ssl = required +ssl_cert = </etc/letsencrypt/live/mail.afify.dev/fullchain.pem +ssl_key = </etc/letsencrypt/live/mail.afify.dev/privkey.pem +# ssl_dh = </etc/dovecot/dh.pem +userdb { + args = username_format=%u /etc/mail/credentials + driver = passwd-file + name = +} +protocol imap { + mail_plugins = " imap_sieve" +} +EOL + +# comment all content +/etc/dovecot/conf.d/10-ssl.conf +#ssl_cert = </etc/ssl/dovecotcert.pem +#ssl_key = </etc/ssl/private/dovecot.pem + +cat > /usr/local/lib/dovecot/sieve/report-ham.sieve <<EOL +require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"]; + +if environment :matches "imap.mailbox" "*" { + set "mailbox" "\${1}"; +} +if string "\${mailbox}" "Trash" { + stop; +} +if environment :matches "imap.user" "*" { + set "username" "\${1}"; +} +pipe :copy "sa-learn-ham.sh" [ "\${username}" ]; +EOL +cat > /usr/local/lib/dovecot/sieve/report-spam.sieve <<EOL +require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"]; +if environment :matches "imap.user" "*" { + set "username" "\${1}"; +} +pipe :copy "sa-learn-spam.sh" [ "\${username}" ]; +EOL +cd /usr/local/lib/dovecot/sieve/ || exit +sievec report-ham.sieve +sievec report-spam.sieve +echo "#!/bin/sh +exec /usr/local/bin/rspamc -d \"\${1}\" learn_ham" > sa-learn-ham.sh +echo "#!/bin/sh +exec /usr/local/bin/rspamc -d \"\${1}\" learn_spam" > sa-learn-spam.sh +chmod 0755 sa-learn-ham.sh +chmod 0755 sa-learn-spam.sh + +# Rspamd +mkdir /etc/mail/dkim +cd /etc/mail/dkim || exit +openssl genrsa -out qassemha.com.key 2048 +openssl rsa -in qassemha.com.key -pubout -out public.key +chmod 0440 qassemha.com.key +chown root:_rspamd qassemha.com.key + +# DNS +CNAME mail afify.dev +MX mail.afify.dev 10 +TXT "v=spf1 mx -all" +TXT mail._domainkey "v=DKIM1;k=rsa;p=" +TXT _dmarc "v=DMARC1;p=none;pct=100;rua=mailto:postmaster@qassemha.com" + +cat > "/etc/rspamd/local.d/dkim_signing.conf" <<EOL +allow_username_mismatch = true; +domain { + afify.dev { + path = "/etc/mail/dkim/afify.dev.key"; + selector = "mail"; + } +} +EOL + +rcctl enable smtpd redis rspamd dovecot php80_fpm +rcctl start smtpd redis rspamd dovecot php80_fpm +rcctl restart smtpd redis rspamd dovecot php80_fpm + +# ssh +cd "$HOME/.ssh" && ssh-keygen -t ed25519 -C "hassan@afify.dev" -i +echo "" > /home/hassan/.ssh/authorized_keys +echo "" > /etc/ssh/sshd_config + + +# httpd +rcctl enable httpd +rcctl start httpd +chown -R www:www /var/www/ +find /var/www/ -type d -exec chmod 774 {} \; +find /var/www/ -type f -exec chmod 664 {} \; +cp -r /var/www/phpMyAdmin/ /var/www/httpd/${domain_public} +echo " +# server "qassemha.com" { +# listen on * port 80 +# root "/htdocs/qassemha.com/public" +# } + +server "qassemha.com" { + listen on * tls port 443 + directory index "index.php" + root "/htdocs/qassemha.com/public" + + connection max request body 5242880 + connection max requests 1000 + connection request timeout 3600 + connection timeout 3600 + + location "/uploads" { + block drop +# block return 301 "/index.php" + } + + tls { + certificate "/etc/letsencrypt/live/qassemha.com/fullchain.pem" + key "/etc/letsencrypt/live/qassemha.com/privkey.pem" + } + + location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } +}" >> /etc/httpd.conf + +# php +rcctl enable php80_fpm +rcctl start php80_fpm +cd /etc/php-8.0 && ln -s ../php-8.0.sample/*.ini . +echo "" >> /etc/php-fpm.conf +echo "" >> /etc/php-8.0.ini + +# mariadb +mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql +mysql_install_db +rcctl enable mysqld +rcctl start mysqld +mysql_secure_installation +mysql -u root -p +``` +CREATE USER 'hassan'@'localhost' IDENTIFIED BY 'password'; +ALTER USER 'hassan'@'localhost' IDENTIFIED BY 'new_password'; +GRANT ALL PRIVILEGES ON *.* TO 'hassan'@'localhost'; +FLUSH PRIVILEGES; +CREATE DATABASE "${DBNAME}"; +``` diff --git a/.scripts/rfkill_status.sh b/.scripts/rfkill_status.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ "$(uname)" = "Linux" ]; then + [ "$(rfkill -rn | awk '/wlan/ {print $4}')" = "blocked" ] && result="" + [ "$(rfkill -rn | awk '/bluetooth/ {print $4}')" = "blocked" ] && result=$result" " + printf "%s" "$result" +fi diff --git a/.scripts/update.sh b/.scripts/update.sh @@ -0,0 +1,6 @@ +#!/bin/sh +[ "$USER" != "root" ] && echo "Must run as root." && exit 1 +case $(uname) in + Linux) xbps-install -Syu && xbps-remove -Ooy;; + OpenBSD) fw_update && sysupgrade -s && pkg_add -Uu && pkg_delete -a && pkg_check;; +esac diff --git a/.scripts/volume_control b/.scripts/volume_control @@ -0,0 +1,33 @@ +#!/bin/sh + +[ "$(uname)" = "OpenBSD" ] && master=$(mixerctl -n outputs.master) \ + && left_master=$(echo "$master" | awk -F, '{print $1}') + + inc_vol(){ + case $(uname) in + Linux) pactl set-sink-volume 0 +5% ;; + OpenBSD) mixerctl outputs.master=$(($left_master + 10)) ;; + esac + } + + dec_vol(){ + case $(uname) in + Linux) pactl set-sink-volume 0 -5% ;; + OpenBSD) mixerctl outputs.master=$(($left_master - 10)) ;; + esac + } + + mute(){ + case $(uname) in + Linux) pactl set-sink-mute 0 toggle ;; + OpenBSD) [ "$(mixerctl -n outputs.hp_sense)" = "plugged" ] \ + && mixerctl -t outputs.hp_mute \ + || mixerctl -t outputs.master.mute ;; + esac + } + +case $1 in + inc) inc_vol ;; + dec) dec_vol ;; + mute_t) mute ;; +esac diff --git a/.xinitrc b/.xinitrc @@ -0,0 +1,14 @@ +#!/bin/sh + +hdmi_active=$(xrandr | grep "^HDMI.* connected") +dp_active=$(xrandr | grep ".*DP.* connect" | awk '{print $1}') +[ -n "$hdmi_active" ] && xrandr --output "$dp_active" --off && \ + xrandr --output "$hdmi_active" --auto +exec xbacklight -set 20 & +exec wsconsctl keyboard.backlight=0 & +exec redshift -P -O 3000 -m randr & +exec xsetroot -solid black & +exec slstatus & +exec setxkbmap -option caps:none & +exec xbanish -m ne & +exec dwm