Added xinitrc, ssh, and i3 pages, small modifications throughout
This commit is contained in:
parent
c03c40bdbb
commit
8eed5c29b0
24
Bashrc.wiki
24
Bashrc.wiki
|
@ -1,2 +1,26 @@
|
|||
=Bashrc=
|
||||
|
||||
Current configuration can always be found at https://git.thurstylark.com/vcsh/bashrc.git
|
||||
|
||||
----
|
||||
|
||||
==Prompt==
|
||||
|
||||
----
|
||||
|
||||
==Profile==
|
||||
|
||||
----
|
||||
|
||||
==Weechat==
|
||||
|
||||
The alias portion of my [[Weechat]] configuration is set in the .bashrc like so:
|
||||
|
||||
{{{class="prettyprint"
|
||||
# If you don't have weechat installed, connect to the existing tmux session through mosh
|
||||
[[ ! -s /usr/bin/weechat ]] && alias weechat='mosh vps -- tmux attach -dt weechat'
|
||||
# If you are thurstylark-vps, connect to the existing tmux session locally
|
||||
[[ "$HOSTNAME" = "thurstylark-vps" ]] && alias weechat='tmux attach -dt weechat'
|
||||
}}}
|
||||
|
||||
For more info, see the [[Weechat]] page.
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
=CGit=
|
||||
|
||||
Current configuration can always be found at https://git.thurstylark.com/cgit.git/tree
|
||||
|
||||
===Push To Deploy===
|
||||
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
=SSH=
|
||||
|
||||
----
|
||||
|
||||
==User-Specific Client Config==
|
||||
|
||||
Most directives that can be set in the system-wide client configuration can be set by each user in `~/.ssh/config`. This snippit contains a collection of my most used options:
|
||||
|
||||
{{{class="prettyprint"
|
||||
SendEnv LC_* # Send all LC env vars to the host
|
||||
AddKeysToAgent yes # If asked to unlock a password-protected private
|
||||
# key, automatically add that key to the ssh-agent
|
||||
# so you no longer need to reenter the password
|
||||
# again this session
|
||||
|
||||
# Example Host Definition
|
||||
Host foo # Arbitrary String. Use this definition by running `ssh foo`
|
||||
HostName foo.bar.com # Actual DNS Hostname or IP address of the server
|
||||
Port 12345 # Port number to connect to
|
||||
User thurstylark # Username on the server to connect as
|
||||
IdentityFile ~/.ssh/id_rsa # Private key to use for authentication
|
||||
ServerAliveInterval 300 # Interval in seconds before a keepalive packet is sent to the server
|
||||
ServerAliveCountMax 3 # Declare the connection dead after no response to this many keepalive packets
|
||||
HostKeyAlgorithms ssh-dss # Use ssh-dss for host-key algorithm checking (ssh-dss is insecure. Use something else)
|
||||
KexAlgorithms +kex # Add 'kex' to the list of Key Exchange Algorithms available for use.
|
||||
StrictHostKeyChecking no # Turn off Strict Host Key Checking for only this host (insecure)
|
||||
UserKnownHostsFile /dev/null # Discard this hosts host key instead of storing in ~/.ssh/known_hosts (not recommended)
|
||||
VisualHostKey yes # Always use randomart in place of host key sums
|
||||
}}}
|
||||
|
||||
===Directive Notes===
|
||||
|
||||
* `Host`
|
||||
* Can also refer to an actual hostname. See "Host-Specific Keys" below.
|
||||
* `ServerAliveInterval` and `ServerAliveCountMax`
|
||||
* It's common for a firewall to cause problems keeping connections open, so tweaking these settings can help. See "Broken Pipe Remedy" below.
|
||||
* `HostKeyAlgorithms`
|
||||
* ssh-dss is less secure than the alternatives/defaults. Only use this if necessary.
|
||||
* `KexAlgorithms`
|
||||
* I use this to add `diffie-hellman-group1-sha1` to the available Key Exchange Algorithms for connecting to older hardware that doesn't accept any currently allowed kex algorithms. Diffie Hellman is quite insecure, so please use caution.
|
||||
* `StrictHostKeyChecking`
|
||||
* Several servers I connect to are descrete servers, but they all are accessed through a single IP Address with a randomized port number. This allows me to continue connecting to the host without stopping to delete a line from `~/.ssh/known_hosts` before connecting.
|
||||
|
||||
|
||||
===Host-Specific Keys===
|
||||
|
||||
User-specific ssh configs make it stupid easy to create several keys for several different uses. For instance, this allows you to have a separate key for each service that you use, and allows you less headache should one key be compromised.
|
||||
|
||||
For example: Github allows you to push to your remote repositories over ssh by adding a public key to your account. Ideally, you should create a keypair for this specific purpose, and name it something like 'github'. Then you can add something like this to your `~/.ssh/config`:
|
||||
|
||||
{{{class="prettyprint"
|
||||
host github.com
|
||||
IdentityFile ~/.ssh/github
|
||||
}}}
|
||||
|
||||
Now, when your repo's origin url is set to something like `git@github.com:username/reponame.git`, ssh will automatically use your github key instead of needing to specify it in the command, or using your username and password with HTTPS every time.
|
||||
|
||||
===Broken Pipe Remedy===
|
||||
|
||||
Often times a firewall or inconsistent connection can cause an ssh connection to be closed prematurely and give a "Write Failed: broken pipe" error message. Some firewalls are configured to close connections that have sent no data after a certain interval, thus causing a broken pipe error when the connection was otherwise healthy. This can usually be solved by sending data through the connection before that interval is up, thus resetting the firewall's timer.
|
||||
|
||||
The `ServerAliveInterval` option sends a keepalive packet if no data has been received within the interval specified. All the keepalive packet does is request a response from the server to verify the connection is still good. By default, this option is disabled.
|
||||
|
||||
Additionally, the `ServerAliveCountMax` option specifies the number of keepalive packets that may be sent without a response before ssh terminates the connection. By default this is set to `3`, but if your connection is unreliable, you can set this higher to give your server a better chance at responding the next time a keepalive packet is sent.
|
||||
|
||||
It is important to note that messages sent by the `TTYKeepAlive` option are not sent through the encrypted channel and can be spoofed, but the "server alive" messages are sent through the encrypted channel and cannot be spoofed. Do not use `TTYKeepAlive` messages for determining the quality or security of a connection! See `ssh-config(5)` for more info.
|
||||
|
||||
----
|
||||
|
||||
==SSH Host Configuration==
|
||||
|
||||
===Google Authenticator===
|
||||
|
||||
|
|
@ -7,3 +7,4 @@ Just a little Linode VPS running Arch, but it's a powerful little sucker.
|
|||
* [[Cgit]]
|
||||
* Apache
|
||||
* [[Weechat]]
|
||||
* Custom Repo
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
=Weechat=
|
||||
|
||||
Current configuration can always be found at https://git.thurstylark.com/vcsh/weechat.git
|
||||
|
||||
Requirements:
|
||||
|
||||
* Not dependent on graphical session (terminal-based client)
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
=Xinitrc=
|
||||
|
||||
Source: https://git.thurstylark.com/vcsh/xinitrc.git
|
||||
|
||||
----
|
||||
|
||||
==srandrd==
|
||||
|
||||
----
|
||||
|
||||
==Screen Locker==
|
||||
|
||||
----
|
||||
|
||||
==NumLock==
|
||||
|
||||
----
|
||||
|
||||
==ssh-agent==
|
||||
|
||||
----
|
||||
|
||||
|
|
@ -0,0 +1,142 @@
|
|||
=i3 Configuration=
|
||||
|
||||
Source: https://git.thurstylark.com/vcsh/i3.git
|
||||
|
||||
==j4-make-config==
|
||||
|
||||
The final config that actually is read by i3 is created using j4-make-config. This is done in the [[Xinitrc]].
|
||||
|
||||
Simple usage:
|
||||
|
||||
{{{class="prettyprint"
|
||||
j4-make-config -a $(hostname).config archlinux
|
||||
}}}
|
||||
|
||||
This creates `~/.config/i3/config` by merging `~/.config/i3/config.base` and `~/.config/i3/$HOSTNAME.config`, and adds the 'archlinux' theme (included with j4-make-config). Optionally, you can add `-r` to tell i3 to reload the config after `j4-make-config` has completed.
|
||||
|
||||
Since using `j4-make-config`, the command for reloading the config has been changed to the following:
|
||||
|
||||
{{{class="prettyprint"
|
||||
# rebuild and reload the configuration file
|
||||
bindsym $mod+Shift+c exec "j4-make-config -r -a $HOSTNAME.config archlinux"
|
||||
}}}
|
||||
|
||||
===Reference===
|
||||
|
||||
https://github.com/okraits/j4-make-config
|
||||
|
||||
----
|
||||
|
||||
==Media Keys==
|
||||
|
||||
===Volume===
|
||||
|
||||
This differs depending on if you're using ALSA or Pulseaudio. Thus, I include these instructions in the host-specific configs instead of the base config
|
||||
|
||||
ALSA:
|
||||
{{{class="prettyprint"
|
||||
# Alsa Volume controls
|
||||
bindsym XF86AudioRaiseVolume exec --no-startup-id amixer set Master 5%+ #increase sound volume
|
||||
bindsym XF86AudioLowerVolume exec --no-startup-id amixer set Master 5%- #decrease sound volume
|
||||
bindsym XF86AudioMute exec --no-startup-id amixer set Master toggle # mute sound
|
||||
}}}
|
||||
|
||||
PulseAudio:
|
||||
{{{class="prettyprint"
|
||||
# PulseAudio Volume controls
|
||||
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5% #increase sound volume
|
||||
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5% #decrease sound volume
|
||||
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound
|
||||
}}}
|
||||
|
||||
===Brightness===
|
||||
|
||||
Brightness can be universal unless the utility for changing brightness differs between machines, so this snippit lives in the base config.
|
||||
|
||||
{{{class="prettyprint"
|
||||
# Sreen brightness controls (requires light(1) from the AUR)
|
||||
bindsym XF86MonBrightnessUp exec light -A 10 # increase screen brightness
|
||||
bindsym XF86MonBrightnessDown exec light -U 10 # decrease screen brightness
|
||||
}}}
|
||||
|
||||
===Playhead Control===
|
||||
|
||||
This also is universal if the same tool is being used across hosts. I use `playerctl` mainly for its compatibility with Spotify's Linux client.
|
||||
|
||||
{{{class="prettyprint"
|
||||
# Music Player controls
|
||||
bindsym XF86AudioPlay exec --no-startup-id playerctl play-pause
|
||||
bindsym XF86AudioNext exec --no-startup-id playerctl next
|
||||
bindsym XF86AudioPrev exec --no-startup-id playerctl previous
|
||||
}}}
|
||||
|
||||
===References===
|
||||
|
||||
https://wiki.archlinux.org/index.php/Extra_keyboard_keys
|
||||
https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture#Keyboard_volume_control
|
||||
https://wiki.archlinux.org/index.php/PulseAudio#Keyboard_volume_control
|
||||
https://wiki.archlinux.org/index.php/Backlight
|
||||
https://wiki.archlinux.org/index.php/Spotify#Global_media_hotkeys
|
||||
|
||||
|
||||
----
|
||||
|
||||
==Screen Locker==
|
||||
|
||||
The screen locker is already set up in [[Xinitrc]], so all that is necessary in the i3 config is to set the key combination that should spawn `xautolock -locknow`.
|
||||
|
||||
{{{class="prettyprint"
|
||||
# Ctrl+Alt+L to lock the screen
|
||||
# Locker is set in ~/.xinitrc
|
||||
bindsym Mod1+Control+l exec "xautolock -locknow"
|
||||
}}}
|
||||
|
||||
----
|
||||
|
||||
==i3Bar==
|
||||
|
||||
This is another host-specific configuration, since `bar {}` has host-specific options apart from just the i3status config. It also includes the `j4-make-config` theme placeholder, since the theme definitions for the bar are separate from the main config.
|
||||
|
||||
I'll only demonstrate the most complicated of my current i3bar configuration. The rest can be viewed on the git repo.
|
||||
|
||||
{{{class="prettyprint"
|
||||
bar {
|
||||
status_command i3status -c ~/.config/i3/status/$HOSTNAME.config
|
||||
tray_output primary
|
||||
output eDP1 # Which display should i3bar be bound to?
|
||||
# $i3-theme-bar
|
||||
}
|
||||
}}}
|
||||
|
||||
----
|
||||
|
||||
==i3Status==
|
||||
|
||||
Most of the i3Status configuration is pretty standard, and is well documented by [[https://i3wm.org/i3status/manpage.html|the upstream docs]], so I'll only document the specific directives I crafted/modified myself
|
||||
|
||||
===Volume===
|
||||
|
||||
This directive chooses ALSA by default, PulseAudio can be specified by adding `device = "pulse"` to the end of this directive.
|
||||
|
||||
{{{class="prettyprint"
|
||||
volume master {
|
||||
format = "🔈%volume" # U+1F508
|
||||
format_muted = "🔇" # U+1F507
|
||||
}
|
||||
}}}
|
||||
|
||||
===SPVPN===
|
||||
|
||||
This is a simple pidfile watcher used with one of my [[VPN]] configurations that gets started with systemd.
|
||||
|
||||
{{{class="prettyprint"
|
||||
run_watch SPVPN {
|
||||
pidfile = "/var/run/spvpn@*.pid"
|
||||
}
|
||||
}}}
|
||||
|
||||
----
|
||||
|
||||
==Nagbar==
|
||||
|
||||
The nagbar is intensely annoying to encounter mainly because you can only use the mouse for interacting with it. It has been removed from my config altogether, and I plan on replacing it with dmenu in the future.
|
23
index.wiki
23
index.wiki
|
@ -4,18 +4,29 @@
|
|||
|
||||
* [[Vimwiki]] -- This very wiki, and how it's hosted
|
||||
* [[Eudyptula Challenge]]
|
||||
* Cgit -- Configuration and hosting of [[https://git.thurstylark.com/|git.thurstylark.com]]
|
||||
* [[Automating Android App Builds]] -- Doccumentation of my setup for building AsteroidOS Sync from https://www.github.com/asteroidos/AsteroidOSSync
|
||||
* [[Cgit]] -- Configuration and hosting of [[https://git.thurstylark.com/|git.thurstylark.com]]
|
||||
* [[Automating Android App Builds]] -- Documentation of my setup for building AsteroidOS Sync from https://www.github.com/asteroidos/AsteroidOSSync
|
||||
|
||||
===Dotfiles===
|
||||
|
||||
* [[Bashrc]]
|
||||
* Tmux
|
||||
* [[i3]]
|
||||
* Vimrc
|
||||
* [[Xinitrc]] -- Includes `srandrd` and X screen locker configuration
|
||||
* Pkglists
|
||||
* [[SSH]]
|
||||
|
||||
===Misc.===
|
||||
|
||||
* st
|
||||
* VPN
|
||||
|
||||
=== Reference ===
|
||||
|
||||
* [[Thurstylark-VPS]] -- All the services and little tweaks unique to my VPS
|
||||
* [[LetsEncrypt]] -- Usage of certbot, and relevant info for Apache configuration
|
||||
|
||||
===Dotfiles===
|
||||
|
||||
* [[Bashrc]]
|
||||
|
||||
=== General ===
|
||||
|
||||
* [[Tasks]] -- Things to be done
|
||||
|
|
Loading…
Reference in New Issue