Added xinitrc, ssh, and i3 pages, small modifications throughout

This commit is contained in:
David Thurstenson 2017-02-15 18:08:32 -06:00
parent c03c40bdbb
commit 8eed5c29b0
8 changed files with 284 additions and 6 deletions

View File

@ -1,2 +1,26 @@
=Bashrc=
Current configuration can always be found at https://git.thurstylark.com/vcsh/bashrc.git
----
==Prompt==
----
==Profile==
----
==Weechat==
The alias portion of my [[Weechat]] configuration is set in the .bashrc like so:
{{{class="prettyprint"
# If you don't have weechat installed, connect to the existing tmux session through mosh
[[ ! -s /usr/bin/weechat ]] && alias weechat='mosh vps -- tmux attach -dt weechat'
# If you are thurstylark-vps, connect to the existing tmux session locally
[[ "$HOSTNAME" = "thurstylark-vps" ]] && alias weechat='tmux attach -dt weechat'
}}}
For more info, see the [[Weechat]] page.

View File

@ -1,5 +1,6 @@
=CGit=
Current configuration can always be found at https://git.thurstylark.com/cgit.git/tree
===Push To Deploy===

74
SSH.wiki Normal file
View File

@ -0,0 +1,74 @@
=SSH=
----
==User-Specific Client Config==
Most directives that can be set in the system-wide client configuration can be set by each user in `~/.ssh/config`. This snippit contains a collection of my most used options:
{{{class="prettyprint"
SendEnv LC_* # Send all LC env vars to the host
AddKeysToAgent yes # If asked to unlock a password-protected private
# key, automatically add that key to the ssh-agent
# so you no longer need to reenter the password
# again this session
# Example Host Definition
Host foo # Arbitrary String. Use this definition by running `ssh foo`
HostName foo.bar.com # Actual DNS Hostname or IP address of the server
Port 12345 # Port number to connect to
User thurstylark # Username on the server to connect as
IdentityFile ~/.ssh/id_rsa # Private key to use for authentication
ServerAliveInterval 300 # Interval in seconds before a keepalive packet is sent to the server
ServerAliveCountMax 3 # Declare the connection dead after no response to this many keepalive packets
HostKeyAlgorithms ssh-dss # Use ssh-dss for host-key algorithm checking (ssh-dss is insecure. Use something else)
KexAlgorithms +kex # Add 'kex' to the list of Key Exchange Algorithms available for use.
StrictHostKeyChecking no # Turn off Strict Host Key Checking for only this host (insecure)
UserKnownHostsFile /dev/null # Discard this hosts host key instead of storing in ~/.ssh/known_hosts (not recommended)
VisualHostKey yes # Always use randomart in place of host key sums
}}}
===Directive Notes===
* `Host`
* Can also refer to an actual hostname. See "Host-Specific Keys" below.
* `ServerAliveInterval` and `ServerAliveCountMax`
* It's common for a firewall to cause problems keeping connections open, so tweaking these settings can help. See "Broken Pipe Remedy" below.
* `HostKeyAlgorithms`
* ssh-dss is less secure than the alternatives/defaults. Only use this if necessary.
* `KexAlgorithms`
* I use this to add `diffie-hellman-group1-sha1` to the available Key Exchange Algorithms for connecting to older hardware that doesn't accept any currently allowed kex algorithms. Diffie Hellman is quite insecure, so please use caution.
* `StrictHostKeyChecking`
* Several servers I connect to are descrete servers, but they all are accessed through a single IP Address with a randomized port number. This allows me to continue connecting to the host without stopping to delete a line from `~/.ssh/known_hosts` before connecting.
===Host-Specific Keys===
User-specific ssh configs make it stupid easy to create several keys for several different uses. For instance, this allows you to have a separate key for each service that you use, and allows you less headache should one key be compromised.
For example: Github allows you to push to your remote repositories over ssh by adding a public key to your account. Ideally, you should create a keypair for this specific purpose, and name it something like 'github'. Then you can add something like this to your `~/.ssh/config`:
{{{class="prettyprint"
host github.com
IdentityFile ~/.ssh/github
}}}
Now, when your repo's origin url is set to something like `git@github.com:username/reponame.git`, ssh will automatically use your github key instead of needing to specify it in the command, or using your username and password with HTTPS every time.
===Broken Pipe Remedy===
Often times a firewall or inconsistent connection can cause an ssh connection to be closed prematurely and give a "Write Failed: broken pipe" error message. Some firewalls are configured to close connections that have sent no data after a certain interval, thus causing a broken pipe error when the connection was otherwise healthy. This can usually be solved by sending data through the connection before that interval is up, thus resetting the firewall's timer.
The `ServerAliveInterval` option sends a keepalive packet if no data has been received within the interval specified. All the keepalive packet does is request a response from the server to verify the connection is still good. By default, this option is disabled.
Additionally, the `ServerAliveCountMax` option specifies the number of keepalive packets that may be sent without a response before ssh terminates the connection. By default this is set to `3`, but if your connection is unreliable, you can set this higher to give your server a better chance at responding the next time a keepalive packet is sent.
It is important to note that messages sent by the `TTYKeepAlive` option are not sent through the encrypted channel and can be spoofed, but the "server alive" messages are sent through the encrypted channel and cannot be spoofed. Do not use `TTYKeepAlive` messages for determining the quality or security of a connection! See `ssh-config(5)` for more info.
----
==SSH Host Configuration==
===Google Authenticator===

View File

@ -7,3 +7,4 @@ Just a little Linode VPS running Arch, but it's a powerful little sucker.
* [[Cgit]]
* Apache
* [[Weechat]]
* Custom Repo

View File

@ -1,5 +1,7 @@
=Weechat=
Current configuration can always be found at https://git.thurstylark.com/vcsh/weechat.git
Requirements:
* Not dependent on graphical session (terminal-based client)

23
Xinitrc.wiki Normal file
View File

@ -0,0 +1,23 @@
=Xinitrc=
Source: https://git.thurstylark.com/vcsh/xinitrc.git
----
==srandrd==
----
==Screen Locker==
----
==NumLock==
----
==ssh-agent==
----

142
i3.wiki Normal file
View File

@ -0,0 +1,142 @@
=i3 Configuration=
Source: https://git.thurstylark.com/vcsh/i3.git
==j4-make-config==
The final config that actually is read by i3 is created using j4-make-config. This is done in the [[Xinitrc]].
Simple usage:
{{{class="prettyprint"
j4-make-config -a $(hostname).config archlinux
}}}
This creates `~/.config/i3/config` by merging `~/.config/i3/config.base` and `~/.config/i3/$HOSTNAME.config`, and adds the 'archlinux' theme (included with j4-make-config). Optionally, you can add `-r` to tell i3 to reload the config after `j4-make-config` has completed.
Since using `j4-make-config`, the command for reloading the config has been changed to the following:
{{{class="prettyprint"
# rebuild and reload the configuration file
bindsym $mod+Shift+c exec "j4-make-config -r -a $HOSTNAME.config archlinux"
}}}
===Reference===
https://github.com/okraits/j4-make-config
----
==Media Keys==
===Volume===
This differs depending on if you're using ALSA or Pulseaudio. Thus, I include these instructions in the host-specific configs instead of the base config
ALSA:
{{{class="prettyprint"
# Alsa Volume controls
bindsym XF86AudioRaiseVolume exec --no-startup-id amixer set Master 5%+ #increase sound volume
bindsym XF86AudioLowerVolume exec --no-startup-id amixer set Master 5%- #decrease sound volume
bindsym XF86AudioMute exec --no-startup-id amixer set Master toggle # mute sound
}}}
PulseAudio:
{{{class="prettyprint"
# PulseAudio Volume controls
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5% #increase sound volume
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5% #decrease sound volume
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound
}}}
===Brightness===
Brightness can be universal unless the utility for changing brightness differs between machines, so this snippit lives in the base config.
{{{class="prettyprint"
# Sreen brightness controls (requires light(1) from the AUR)
bindsym XF86MonBrightnessUp exec light -A 10 # increase screen brightness
bindsym XF86MonBrightnessDown exec light -U 10 # decrease screen brightness
}}}
===Playhead Control===
This also is universal if the same tool is being used across hosts. I use `playerctl` mainly for its compatibility with Spotify's Linux client.
{{{class="prettyprint"
# Music Player controls
bindsym XF86AudioPlay exec --no-startup-id playerctl play-pause
bindsym XF86AudioNext exec --no-startup-id playerctl next
bindsym XF86AudioPrev exec --no-startup-id playerctl previous
}}}
===References===
https://wiki.archlinux.org/index.php/Extra_keyboard_keys
https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture#Keyboard_volume_control
https://wiki.archlinux.org/index.php/PulseAudio#Keyboard_volume_control
https://wiki.archlinux.org/index.php/Backlight
https://wiki.archlinux.org/index.php/Spotify#Global_media_hotkeys
----
==Screen Locker==
The screen locker is already set up in [[Xinitrc]], so all that is necessary in the i3 config is to set the key combination that should spawn `xautolock -locknow`.
{{{class="prettyprint"
# Ctrl+Alt+L to lock the screen
# Locker is set in ~/.xinitrc
bindsym Mod1+Control+l exec "xautolock -locknow"
}}}
----
==i3Bar==
This is another host-specific configuration, since `bar {}` has host-specific options apart from just the i3status config. It also includes the `j4-make-config` theme placeholder, since the theme definitions for the bar are separate from the main config.
I'll only demonstrate the most complicated of my current i3bar configuration. The rest can be viewed on the git repo.
{{{class="prettyprint"
bar {
status_command i3status -c ~/.config/i3/status/$HOSTNAME.config
tray_output primary
output eDP1 # Which display should i3bar be bound to?
# $i3-theme-bar
}
}}}
----
==i3Status==
Most of the i3Status configuration is pretty standard, and is well documented by [[https://i3wm.org/i3status/manpage.html|the upstream docs]], so I'll only document the specific directives I crafted/modified myself
===Volume===
This directive chooses ALSA by default, PulseAudio can be specified by adding `device = "pulse"` to the end of this directive.
{{{class="prettyprint"
volume master {
format = "🔈%volume" # U+1F508
format_muted = "🔇" # U+1F507
}
}}}
===SPVPN===
This is a simple pidfile watcher used with one of my [[VPN]] configurations that gets started with systemd.
{{{class="prettyprint"
run_watch SPVPN {
pidfile = "/var/run/spvpn@*.pid"
}
}}}
----
==Nagbar==
The nagbar is intensely annoying to encounter mainly because you can only use the mouse for interacting with it. It has been removed from my config altogether, and I plan on replacing it with dmenu in the future.

View File

@ -4,18 +4,29 @@
* [[Vimwiki]] -- This very wiki, and how it's hosted
* [[Eudyptula Challenge]]
* Cgit -- Configuration and hosting of [[https://git.thurstylark.com/|git.thurstylark.com]]
* [[Automating Android App Builds]] -- Doccumentation of my setup for building AsteroidOS Sync from https://www.github.com/asteroidos/AsteroidOSSync
* [[Cgit]] -- Configuration and hosting of [[https://git.thurstylark.com/|git.thurstylark.com]]
* [[Automating Android App Builds]] -- Documentation of my setup for building AsteroidOS Sync from https://www.github.com/asteroidos/AsteroidOSSync
===Dotfiles===
* [[Bashrc]]
* Tmux
* [[i3]]
* Vimrc
* [[Xinitrc]] -- Includes `srandrd` and X screen locker configuration
* Pkglists
* [[SSH]]
===Misc.===
* st
* VPN
=== Reference ===
* [[Thurstylark-VPS]] -- All the services and little tweaks unique to my VPS
* [[LetsEncrypt]] -- Usage of certbot, and relevant info for Apache configuration
===Dotfiles===
* [[Bashrc]]
=== General ===
* [[Tasks]] -- Things to be done