remove `wireguard` config

.config/ImageMagick-6/policy.xml

@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+  <!ELEMENT policymap (policy)*>
+  <!ATTLIST policymap xmlns CDATA #FIXED ''>
+  <!ELEMENT policy EMPTY>
+  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
+    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
+    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
+]>
+<!--
+  Configure ImageMagick policies.
+
+  Domains include system, delegate, coder, filter, path, or resource.
+
+  Rights include none, read, write, execute and all.  Use | to combine them,
+  for example: "read | write" to permit read from, or write to, a path.
+
+  Use a glob expression as a pattern.
+
+  Suppose we do not want users to process MPEG video images:
+
+    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+  Here we do not want users reading images from HTTP:
+
+    <policy domain="coder" rights="none" pattern="HTTP" />
+
+  The /repository file system is restricted to read only.  We use a glob
+  expression to match all paths that start with /repository:
+
+    <policy domain="path" rights="read" pattern="/repository/*" />
+
+  Lets prevent users from executing any image filters:
+
+    <policy domain="filter" rights="none" pattern="*" />
+
+  Any large image is cached to disk rather than memory:
+
+    <policy domain="resource" name="area" value="1GP"/>
+
+  Use the default system font unless overwridden by the application:
+
+    <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
+
+  Define arguments for the memory, map, area, width, height and disk resources
+  with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
+  for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+  exceeds policy maximum so memory limit is 1GB).
+
+  Rules are processed in order.  Here we want to restrict ImageMagick to only
+  read or write a small subset of proven web-safe image types:
+
+    <policy domain="delegate" rights="none" pattern="*" />
+    <policy domain="filter" rights="none" pattern="*" />
+    <policy domain="coder" rights="none" pattern="*" />
+    <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
+-->
+<policymap>
+  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+  <policy domain="resource" name="memory" value="8GiB"/>
+  <policy domain="resource" name="map" value="8GiB"/>
+  <policy domain="resource" name="width" value="16KP"/>
+  <policy domain="resource" name="height" value="16KP"/>
+  <!-- <policy domain="resource" name="list-length" value="128"/> -->
+  <policy domain="resource" name="area" value="128MP"/>
+  <policy domain="resource" name="disk" value="8GiB"/>
+  <!-- <policy domain="resource" name="file" value="768"/> -->
+  <!-- <policy domain="resource" name="thread" value="4"/> -->
+  <!-- <policy domain="resource" name="throttle" value="0"/> -->
+  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
+  <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+  <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+  <!-- <policy domain="cache" name="synchronize" value="True"/> -->
+  <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+  <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+  <!-- <policy domain="system" name="shred" value="2"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- <policy domain="system" name="font" value="/path/to/font.ttf"/> -->
+  <!-- <policy domain="system" name="pixel-cache-memory" value="anonymous"/> -->
+  <!-- <policy domain="system" name="shred" value="2"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- not needed due to the need to use explicitly by mvg: -->
+  <!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
+  <!-- use curl -->
+  <policy domain="delegate" rights="none" pattern="URL" />
+  <policy domain="delegate" rights="none" pattern="HTTPS" />
+  <policy domain="delegate" rights="none" pattern="HTTP" />
+  <!-- in order to avoid to get image with password text -->
+  <policy domain="path" rights="none" pattern="@*"/>
+  <!-- disable ghostscript format types -->
+  <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="PS2" />
+  <policy domain="coder" rights="none" pattern="PS3" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <!-- <policy domain="coder" rights="none" pattern="PDF" /> -->
+  <policy domain="coder" rights="none" pattern="XPS" />
+</policymap>

.config/NetworkManager/system-connections/padova.nmconnection

@@ -0,0 +1,14 @@
+[connection]
+id=padova
+type=wireguard
+
+[wireguard]
+private-key=uMO9gueZJbKmtKB8tYUeBUKsXyW1x3NMdQEmmZi18kY=
+
+[wireguard-peer.RHnIFqRJ89F9x/TsOSMWnCqGURAqmrqP3hgIeCTvCRQ=]
+endpoint=159.69.193.33:1194
+allowed-ips=10.200.200.0/24
+
+[ipv4]
+address1=10.200.200.2/32
+method=manual

.config/fontconfig/fonts.conf

@@ -1,9 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
 <fontconfig> 
-	<match>
-		<edit name="pixelsize"><double>18</double></edit>
-	</match>
 	<alias>
 		<family>monospace</family>
 		<prefer><family>Agave</family></prefer>

.config/foot/foot.ini

@@ -1,3 +1,7 @@
+[main]
+dpi-aware=no
+font=monospace:size=13
+
 [colors]
 foreground=e3e0e1
 background=292526

.config/fuzzel/fuzzel.ini

@@ -1,4 +1,6 @@
 [main]
+dpi-aware=no
+font=monospace:size=13
 icons-enabled=no
 width=72
 

.config/mako/config

@@ -1 +1,11 @@
-invisible=1
+font=monospace 13
+background-color=#e3e0e1
+text-color=#292526
+border-size=1
+border-color=#6185ff
+icons=0
+format=%s\n%b
+anchor=bottom-right
+
+[urgency=critical]
+border-color=#ff404f

.config/sway/bin/status.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+printf "{\"version\":1}\n"
+printf "[\n"
+while true
+do
+	printf [
+	printf "{\"full_text\":\"%s\"},"\
+		"$(swaymsg -t get_inputs | jq -Mcj '
+			[.[]
+			| select(.type == "keyboard")][0]
+			| .xkb_active_layout_name')"\
+		"$(cat /sys/class/power_supply/BAT0/capacity)"\
+		"$(date +%c)"
+	printf ],
+	timeout 1 swaymsg -t subscribe '["input"]' >/dev/null
+done
+

.config/sway/config

@@ -16,12 +16,29 @@ bindsym $mod+w exec firefox
 bindsym $mod+shift+w exec thunderbird
 # start menu
 bindsym $mod+space exec fuzzel
-bindsym $mod+home exec footclient nmtui
-bindsym $mod+o exec fuzzel_do.sh
+bindsym $mod+home exec nmcli -g "type,name,active" connection show \
+	| awk -P 'BEGIN{FS=":"}{printf($3=="yes")?"* %s\\n":"  %s\\n",$2}' \
+	| fuzzel -d \
+	| awk -P '{printf($1=="*")?"nmcli connection down \\"%s\\"":"nmcli connection up \\"%s\\"",substr($0,3)}' \
+	| sh \
+	| xargs -tI{} notify-send "{}"
+bindsym $mod+shift+home exec footclient nmtui
+bindsym $mod+o exec find -not -path "*/.*" \
+	| fuzzel -d \
+	| xargs -I{} xdg-open "{}"
+bindsym $mod+shift+o exec find -L -type d \
+	| fuzzel -d \
+	| xargs -I{} footclient -D "{}"
+bindsym $mod+insert exec lsblk -nrpo"name,type,mountpoint" \
+	| awk -P '$2=="part"{printf"%-12s %s\\n",$1,$3}' \
+	| fuzzel -d \
+	| awk -P '{printf($2=="")?"udisksctl mount -b %s":"udisksctl unmount -b %s",$1}' \
+	| sh \
+	| xargs -I{} notify-send "{}"
 # notifications
 bindsym $mod+x exec makoctl dismiss
 bindsym $mod+shift+x exec makoctl dismiss -a
-bindsym $mod+z exec makoctl restore
+bindsym --to-code $mod+z exec makoctl restore
 # kill window
 bindsym $mod+q kill
 # move focus
@@ -75,32 +92,32 @@ bindsym $mod+f fullscreen toggle
 bindsym $mod+shift+f floating toggle
 bindsym $mod+g focus mode_toggle
 bindsym $mod+shift+g sticky toggle
-bindsym $mod+period move scratchpad
-bindsym $mod+shift+period scratchpad show
+bindsym $mod+period scratchpad show
+bindsym $mod+shift+period move scratchpad
 # mouse
 floating_modifier $mod normal
 # laptop
 bindsym XF86AudioRaiseVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+;\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
 bindsym XF86AudioLowerVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-;\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
 bindsym XF86AudioMute exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle;\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
 bindsym XF86AudioMicMute exec wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle;\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_source "$(wpctl get-volume @DEFAULT_AUDIO_SOURCE@)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_source "$(wpctl get-volume @DEFAULT_AUDIO_SOURCE@)"
 bindsym XF86MonBrightnessUp exec brightnessctl set "+1%";\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
 bindsym XF86MonBrightnessDown exec brightnessctl set "1%-";\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
 bindsym shift+XF86MonBrightnessUp exec brightnessctl set "+10%";\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
 bindsym shift+XF86MonBrightnessDown exec brightnessctl set "10%-";\
-	exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
+	exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
 # screenshots
 bindsym print exec grim - | wl-copy
 
 # mark mode ####################################################################
-set $mark_mode "mark"
+set $mark_mode "mark [abc]"
 mode $mark_mode {
 	bindsym a mark --toggle a, mode default
 	bindsym b mark --toggle b, mode default
@@ -113,7 +130,7 @@ mode $mark_mode {
 bindsym $mod+m mode $mark_mode
 
 # tab mode #####################################################################
-set $tab_mode "tab"
+set $tab_mode "tab [abc]"
 mode $tab_mode {
 	bindsym a [con_mark="a"] focus, mode default
 	bindsym b [con_mark="b"] focus, mode default
@@ -151,6 +168,9 @@ output * {
 	adaptive_sync on
 }
 
+# font
+font monospace 13
+
 # border
 default_border normal 1
 default_floating_border normal 1
@@ -168,8 +188,7 @@ focus_wrapping yes
 
 # statusbar ####################################################################
 bar {
-	# status_command ~/src/swaystatus/build/swaystatus
-	status_command statusline.sh
+	status_command ~/.config/sway/bin/status.sh
 	separator_symbol " | "
 	colors {
 		background $bg

.config/wireguard/README

@@ -1,15 +0,0 @@
-quickstart
-
-	sudo apt install wireguard-tools
-
-
-serverside configuration
-
-	sudo sysctl -w net.ipv4.ip_forward=1
-	sudo sed -i "s/^#net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 1/" /etc/sysctl.conf
-
-
-generating keys
-
-	wg genkey > client.key
-	wg pubkey < client.key > client.pub

.config/wireguard/client.conf

@@ -1,9 +0,0 @@
-[Interface]
-Address = 10.200.200.2/32
-PrivateKey = <client private key>
-
-[Peer]
-PublicKey = <server public key>
-Endpoint = <server ip>:1194
-AllowedIPs = 0.0.0.0/0, ::/0
-

.config/wireguard/server.conf

@@ -1,15 +0,0 @@
-[Interface]
-Address = 10.200.200.1/24
-ListenPort = 1194
-PrivateKey = <server private key>
-
-PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <interface name> -j MASQUERADE
-PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o i -j ACCEPT; iptables -t nat -D POSTROUTING -o <interface name> -j MASQUERADE
-
-[Peer]
-PublicKey = <client public key>
-AllowedIPs = 10.200.200.2/32
-
-[Peer]
-PublicKey = <client public key>
-AllowedIPs = 10.200.200.3/32

.config/zathura/zathurarc

@@ -28,3 +28,4 @@ set index-fg "#ff3e8b"
 set index-bg "#e3e0e1"
 set index-active-fg "#e3e0e1"
 set index-active-bg "#ff3e8b"
+set font "monospace 13"

.local/bin/fuzzel_do.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-cmd=$(/usr/bin/fuzzel --dmenu --prompt "\$ ") || exit
-sel=$($cmd | /usr/bin/fuzzel --dmenu) || exit
-
-exec $(/usr/bin/fuzzel --dmenu --prompt "\$1 $sel < ") "$sel" || exit

.local/bin/statusline.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-printf "{\"version\":1}\n"
-printf "[\n"
-while true
-do
-	printf "["
-	printf "{\"full_text\":\"%s\"}," "$(makoctl list | jq -r '.data[][0].summary.data | select(type == "string")')"
-	printf "{\"full_text\":\"%s\"}," "$(swaymsg -t get_inputs | jq -r '[.[] | select(.type == "keyboard")][0] | .xkb_active_layout_name')"
-	printf "{\"full_text\":\"%s\"}," "$(cat /sys/class/power_supply/BAT0/capacity)"
-	printf "{\"full_text\":\"%s\"}," "$(date +%c)"
-	printf "],"
-	sleep 0.1
-done

README.md

@@ -55,9 +55,10 @@ sudo apt install libreoffice-l10n-sl
 sudo apt install cups
 sudo apt install simple-scan
 # pdf processing
+sudo apt install qpdf
 sudo apt install imagemagick
 sudo apt install ocrmypdf
-sudo apt install qpdf
 # remote desktop
 sudo apt install remmina
+sudo apt install wireguard-tools
 ```