Compare commits
12 Commits
ed8ca9bfaf
...
2839b2640a
Author | SHA1 | Date |
---|---|---|
urosm | 2839b2640a | |
urosm | da292d7446 | |
urosm | e99bcb1353 | |
urosm | 5a7d93c11d | |
urosm | 68dd1c5660 | |
urosm | b1973a2d4c | |
urosm | d384b9c805 | |
urosm | 33b2bcadcc | |
urosm | 287f2d519d | |
urosm | 43617b7c80 | |
urosm | 015049acc1 | |
urosm | 9daf13a81e |
|
@ -0,0 +1,99 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE policymap [
|
||||
<!ELEMENT policymap (policy)*>
|
||||
<!ATTLIST policymap xmlns CDATA #FIXED ''>
|
||||
<!ELEMENT policy EMPTY>
|
||||
<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
|
||||
name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
|
||||
stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
|
||||
]>
|
||||
<!--
|
||||
Configure ImageMagick policies.
|
||||
|
||||
Domains include system, delegate, coder, filter, path, or resource.
|
||||
|
||||
Rights include none, read, write, execute and all. Use | to combine them,
|
||||
for example: "read | write" to permit read from, or write to, a path.
|
||||
|
||||
Use a glob expression as a pattern.
|
||||
|
||||
Suppose we do not want users to process MPEG video images:
|
||||
|
||||
<policy domain="delegate" rights="none" pattern="mpeg:decode" />
|
||||
|
||||
Here we do not want users reading images from HTTP:
|
||||
|
||||
<policy domain="coder" rights="none" pattern="HTTP" />
|
||||
|
||||
The /repository file system is restricted to read only. We use a glob
|
||||
expression to match all paths that start with /repository:
|
||||
|
||||
<policy domain="path" rights="read" pattern="/repository/*" />
|
||||
|
||||
Lets prevent users from executing any image filters:
|
||||
|
||||
<policy domain="filter" rights="none" pattern="*" />
|
||||
|
||||
Any large image is cached to disk rather than memory:
|
||||
|
||||
<policy domain="resource" name="area" value="1GP"/>
|
||||
|
||||
Use the default system font unless overwridden by the application:
|
||||
|
||||
<policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
|
||||
|
||||
Define arguments for the memory, map, area, width, height and disk resources
|
||||
with SI prefixes (.e.g 100MB). In addition, resource policies are maximums
|
||||
for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
|
||||
exceeds policy maximum so memory limit is 1GB).
|
||||
|
||||
Rules are processed in order. Here we want to restrict ImageMagick to only
|
||||
read or write a small subset of proven web-safe image types:
|
||||
|
||||
<policy domain="delegate" rights="none" pattern="*" />
|
||||
<policy domain="filter" rights="none" pattern="*" />
|
||||
<policy domain="coder" rights="none" pattern="*" />
|
||||
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||
-->
|
||||
<policymap>
|
||||
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
|
||||
<policy domain="resource" name="memory" value="8GiB"/>
|
||||
<policy domain="resource" name="map" value="8GiB"/>
|
||||
<policy domain="resource" name="width" value="16KP"/>
|
||||
<policy domain="resource" name="height" value="16KP"/>
|
||||
<!-- <policy domain="resource" name="list-length" value="128"/> -->
|
||||
<policy domain="resource" name="area" value="128MP"/>
|
||||
<policy domain="resource" name="disk" value="8GiB"/>
|
||||
<!-- <policy domain="resource" name="file" value="768"/> -->
|
||||
<!-- <policy domain="resource" name="thread" value="4"/> -->
|
||||
<!-- <policy domain="resource" name="throttle" value="0"/> -->
|
||||
<!-- <policy domain="resource" name="time" value="3600"/> -->
|
||||
<!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
|
||||
<!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
|
||||
<!-- <policy domain="path" rights="none" pattern="@*" /> -->
|
||||
<!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
|
||||
<!-- <policy domain="cache" name="synchronize" value="True"/> -->
|
||||
<!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
|
||||
<!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
|
||||
<!-- <policy domain="system" name="shred" value="2"/> -->
|
||||
<!-- <policy domain="system" name="precision" value="6"/> -->
|
||||
<!-- <policy domain="system" name="font" value="/path/to/font.ttf"/> -->
|
||||
<!-- <policy domain="system" name="pixel-cache-memory" value="anonymous"/> -->
|
||||
<!-- <policy domain="system" name="shred" value="2"/> -->
|
||||
<!-- <policy domain="system" name="precision" value="6"/> -->
|
||||
<!-- not needed due to the need to use explicitly by mvg: -->
|
||||
<!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
|
||||
<!-- use curl -->
|
||||
<policy domain="delegate" rights="none" pattern="URL" />
|
||||
<policy domain="delegate" rights="none" pattern="HTTPS" />
|
||||
<policy domain="delegate" rights="none" pattern="HTTP" />
|
||||
<!-- in order to avoid to get image with password text -->
|
||||
<policy domain="path" rights="none" pattern="@*"/>
|
||||
<!-- disable ghostscript format types -->
|
||||
<policy domain="coder" rights="none" pattern="PS" />
|
||||
<policy domain="coder" rights="none" pattern="PS2" />
|
||||
<policy domain="coder" rights="none" pattern="PS3" />
|
||||
<policy domain="coder" rights="none" pattern="EPS" />
|
||||
<!-- <policy domain="coder" rights="none" pattern="PDF" /> -->
|
||||
<policy domain="coder" rights="none" pattern="XPS" />
|
||||
</policymap>
|
|
@ -0,0 +1,14 @@
|
|||
[connection]
|
||||
id=padova
|
||||
type=wireguard
|
||||
|
||||
[wireguard]
|
||||
private-key=uMO9gueZJbKmtKB8tYUeBUKsXyW1x3NMdQEmmZi18kY=
|
||||
|
||||
[wireguard-peer.RHnIFqRJ89F9x/TsOSMWnCqGURAqmrqP3hgIeCTvCRQ=]
|
||||
endpoint=159.69.193.33:1194
|
||||
allowed-ips=10.200.200.0/24
|
||||
|
||||
[ipv4]
|
||||
address1=10.200.200.2/32
|
||||
method=manual
|
|
@ -1,9 +1,6 @@
|
|||
<?xml version="1.0"?>
|
||||
<!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
|
||||
<fontconfig>
|
||||
<match>
|
||||
<edit name="pixelsize"><double>18</double></edit>
|
||||
</match>
|
||||
<alias>
|
||||
<family>monospace</family>
|
||||
<prefer><family>Agave</family></prefer>
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
[main]
|
||||
dpi-aware=no
|
||||
font=monospace:size=13
|
||||
|
||||
[colors]
|
||||
foreground=e3e0e1
|
||||
background=292526
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
[main]
|
||||
dpi-aware=no
|
||||
font=monospace:size=13
|
||||
icons-enabled=no
|
||||
width=72
|
||||
|
||||
|
|
|
@ -1 +1,11 @@
|
|||
invisible=1
|
||||
font=monospace 13
|
||||
background-color=#e3e0e1
|
||||
text-color=#292526
|
||||
border-size=1
|
||||
border-color=#6185ff
|
||||
icons=0
|
||||
format=%s\n%b
|
||||
anchor=bottom-right
|
||||
|
||||
[urgency=critical]
|
||||
border-color=#ff404f
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/sh
|
||||
|
||||
printf "{\"version\":1}\n"
|
||||
printf "[\n"
|
||||
while true
|
||||
do
|
||||
printf [
|
||||
printf "{\"full_text\":\"%s\"},"\
|
||||
"$(swaymsg -t get_inputs | jq -Mcj '
|
||||
[.[]
|
||||
| select(.type == "keyboard")][0]
|
||||
| .xkb_active_layout_name')"\
|
||||
"$(cat /sys/class/power_supply/BAT0/capacity)"\
|
||||
"$(date +%c)"
|
||||
printf ],
|
||||
timeout 1 swaymsg -t subscribe '["input"]' >/dev/null
|
||||
done
|
||||
|
|
@ -16,12 +16,29 @@ bindsym $mod+w exec firefox
|
|||
bindsym $mod+shift+w exec thunderbird
|
||||
# start menu
|
||||
bindsym $mod+space exec fuzzel
|
||||
bindsym $mod+home exec footclient nmtui
|
||||
bindsym $mod+o exec fuzzel_do.sh
|
||||
bindsym $mod+home exec nmcli -g "type,name,active" connection show \
|
||||
| awk -P 'BEGIN{FS=":"}{printf($3=="yes")?"* %s\\n":" %s\\n",$2}' \
|
||||
| fuzzel -d \
|
||||
| awk -P '{printf($1=="*")?"nmcli connection down \\"%s\\"":"nmcli connection up \\"%s\\"",substr($0,3)}' \
|
||||
| sh \
|
||||
| xargs -tI{} notify-send "{}"
|
||||
bindsym $mod+shift+home exec footclient nmtui
|
||||
bindsym $mod+o exec find -not -path "*/.*" \
|
||||
| fuzzel -d \
|
||||
| xargs -I{} xdg-open "{}"
|
||||
bindsym $mod+shift+o exec find -L -type d \
|
||||
| fuzzel -d \
|
||||
| xargs -I{} footclient -D "{}"
|
||||
bindsym $mod+insert exec lsblk -nrpo"name,type,mountpoint" \
|
||||
| awk -P '$2=="part"{printf"%-12s %s\\n",$1,$3}' \
|
||||
| fuzzel -d \
|
||||
| awk -P '{printf($2=="")?"udisksctl mount -b %s":"udisksctl unmount -b %s",$1}' \
|
||||
| sh \
|
||||
| xargs -I{} notify-send "{}"
|
||||
# notifications
|
||||
bindsym $mod+x exec makoctl dismiss
|
||||
bindsym $mod+shift+x exec makoctl dismiss -a
|
||||
bindsym $mod+z exec makoctl restore
|
||||
bindsym --to-code $mod+z exec makoctl restore
|
||||
# kill window
|
||||
bindsym $mod+q kill
|
||||
# move focus
|
||||
|
@ -75,32 +92,32 @@ bindsym $mod+f fullscreen toggle
|
|||
bindsym $mod+shift+f floating toggle
|
||||
bindsym $mod+g focus mode_toggle
|
||||
bindsym $mod+shift+g sticky toggle
|
||||
bindsym $mod+period move scratchpad
|
||||
bindsym $mod+shift+period scratchpad show
|
||||
bindsym $mod+period scratchpad show
|
||||
bindsym $mod+shift+period move scratchpad
|
||||
# mouse
|
||||
floating_modifier $mod normal
|
||||
# laptop
|
||||
bindsym XF86AudioRaiseVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+;\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
|
||||
bindsym XF86AudioLowerVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-;\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
|
||||
bindsym XF86AudioMute exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle;\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_sink "$(wpctl get-volume @DEFAULT_AUDIO_SINK@)"
|
||||
bindsym XF86AudioMicMute exec wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle;\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:audio_source "$(wpctl get-volume @DEFAULT_AUDIO_SOURCE@)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:audio_source "$(wpctl get-volume @DEFAULT_AUDIO_SOURCE@)"
|
||||
bindsym XF86MonBrightnessUp exec brightnessctl set "+1%";\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
bindsym XF86MonBrightnessDown exec brightnessctl set "1%-";\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
bindsym shift+XF86MonBrightnessUp exec brightnessctl set "+10%";\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
bindsym shift+XF86MonBrightnessDown exec brightnessctl set "10%-";\
|
||||
exec notify-send -e -t 1000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
exec notify-send -e -t 2000 -h string:x-canonical-private-synchronous:brightness "Brightness: $(brightnessctl get)"
|
||||
# screenshots
|
||||
bindsym print exec grim - | wl-copy
|
||||
|
||||
# mark mode ####################################################################
|
||||
set $mark_mode "mark"
|
||||
set $mark_mode "mark [abc]"
|
||||
mode $mark_mode {
|
||||
bindsym a mark --toggle a, mode default
|
||||
bindsym b mark --toggle b, mode default
|
||||
|
@ -113,7 +130,7 @@ mode $mark_mode {
|
|||
bindsym $mod+m mode $mark_mode
|
||||
|
||||
# tab mode #####################################################################
|
||||
set $tab_mode "tab"
|
||||
set $tab_mode "tab [abc]"
|
||||
mode $tab_mode {
|
||||
bindsym a [con_mark="a"] focus, mode default
|
||||
bindsym b [con_mark="b"] focus, mode default
|
||||
|
@ -151,6 +168,9 @@ output * {
|
|||
adaptive_sync on
|
||||
}
|
||||
|
||||
# font
|
||||
font monospace 13
|
||||
|
||||
# border
|
||||
default_border normal 1
|
||||
default_floating_border normal 1
|
||||
|
@ -168,8 +188,7 @@ focus_wrapping yes
|
|||
|
||||
# statusbar ####################################################################
|
||||
bar {
|
||||
# status_command ~/src/swaystatus/build/swaystatus
|
||||
status_command statusline.sh
|
||||
status_command ~/.config/sway/bin/status.sh
|
||||
separator_symbol " | "
|
||||
colors {
|
||||
background $bg
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
quickstart
|
||||
|
||||
sudo apt install wireguard-tools
|
||||
|
||||
|
||||
serverside configuration
|
||||
|
||||
sudo sysctl -w net.ipv4.ip_forward=1
|
||||
sudo sed -i "s/^#net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 1/" /etc/sysctl.conf
|
||||
|
||||
|
||||
generating keys
|
||||
|
||||
wg genkey > client.key
|
||||
wg pubkey < client.key > client.pub
|
|
@ -1,9 +0,0 @@
|
|||
[Interface]
|
||||
Address = 10.200.200.2/32
|
||||
PrivateKey = <client private key>
|
||||
|
||||
[Peer]
|
||||
PublicKey = <server public key>
|
||||
Endpoint = <server ip>:1194
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
[Interface]
|
||||
Address = 10.200.200.1/24
|
||||
ListenPort = 1194
|
||||
PrivateKey = <server private key>
|
||||
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <interface name> -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o i -j ACCEPT; iptables -t nat -D POSTROUTING -o <interface name> -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
PublicKey = <client public key>
|
||||
AllowedIPs = 10.200.200.2/32
|
||||
|
||||
[Peer]
|
||||
PublicKey = <client public key>
|
||||
AllowedIPs = 10.200.200.3/32
|
|
@ -28,3 +28,4 @@ set index-fg "#ff3e8b"
|
|||
set index-bg "#e3e0e1"
|
||||
set index-active-fg "#e3e0e1"
|
||||
set index-active-bg "#ff3e8b"
|
||||
set font "monospace 13"
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
cmd=$(/usr/bin/fuzzel --dmenu --prompt "\$ ") || exit
|
||||
sel=$($cmd | /usr/bin/fuzzel --dmenu) || exit
|
||||
|
||||
exec $(/usr/bin/fuzzel --dmenu --prompt "\$1 $sel < ") "$sel" || exit
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
printf "{\"version\":1}\n"
|
||||
printf "[\n"
|
||||
while true
|
||||
do
|
||||
printf "["
|
||||
printf "{\"full_text\":\"%s\"}," "$(makoctl list | jq -r '.data[][0].summary.data | select(type == "string")')"
|
||||
printf "{\"full_text\":\"%s\"}," "$(swaymsg -t get_inputs | jq -r '[.[] | select(.type == "keyboard")][0] | .xkb_active_layout_name')"
|
||||
printf "{\"full_text\":\"%s\"}," "$(cat /sys/class/power_supply/BAT0/capacity)"
|
||||
printf "{\"full_text\":\"%s\"}," "$(date +%c)"
|
||||
printf "],"
|
||||
sleep 0.1
|
||||
done
|
|
@ -55,9 +55,10 @@ sudo apt install libreoffice-l10n-sl
|
|||
sudo apt install cups
|
||||
sudo apt install simple-scan
|
||||
# pdf processing
|
||||
sudo apt install qpdf
|
||||
sudo apt install imagemagick
|
||||
sudo apt install ocrmypdf
|
||||
sudo apt install qpdf
|
||||
# remote desktop
|
||||
sudo apt install remmina
|
||||
sudo apt install wireguard-tools
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue