diff options
Diffstat (limited to 'etc')
24 files changed, 340 insertions, 0 deletions
diff --git a/etc/hosts b/etc/hosts new file mode 100644 index 0000000..d1c9cc3 --- /dev/null +++ b/etc/hosts @@ -0,0 +1,8 @@ +10.0.1.1 hades.home.arpa +10.0.1.101 zeta.home.arpa +10.0.1.102 demeter.home.arpa +10.0.1.103 asteria.home.arpa +10.0.3.1 eos.home.arpa +10.0.3.101 zeta.home.arpa +10.0.3.102 demeter.home.arpa +10.0.3.103 asteria.home.arpa diff --git a/etc/iked.conf b/etc/iked.conf new file mode 100644 index 0000000..05e05ea --- /dev/null +++ b/etc/iked.conf @@ -0,0 +1,15 @@ +ikev2 'hades' active esp \ + from dynamic to 10.0.1.0/24 \ + peer hades.rak.ac \ + srcid '/CN=asteria.rak.ac' \ + dstid '/CN=hades.rak.ac' \ + request address 10.0.1.103 \ + iface dummy0 + +ikev2 'eos' active esp \ + from dynamic to 10.0.3.0/24 \ + peer eos.rak.ac \ + srcid '/CN=asteria.rak.ac' \ + dstid '/CN=eos.rak.ac' \ + request address 10.0.3.103 \ + iface dummy0 diff --git a/etc/mpd.conf b/etc/mpd.conf new file mode 100644 index 0000000..163e377 --- /dev/null +++ b/etc/mpd.conf @@ -0,0 +1,43 @@ +music_directory "/var/lib/mpd/music" +playlist_directory "/var/lib/mpd/playlists" +db_file "/var/lib/mpd/tag_cache" +state_file "/var/lib/mpd/state" +sticker_file "/var/lib/mpd/sticker.sql" +filesystem_charset "UTF-8" + +user "mpd" +bind_to_address "any" +auto_update "yes" + +input { + plugin "curl" +} + +audio_output { + type "alsa" + name "DigiHug USB Audio" + device "hw:CARD=Audio,DEV=0" + mixer_type "none" + enabled "no" +} +audio_output { + type "pulse" + name "My Pulse Output" + server "127.0.0.1" + mixer_type "hardware" +} +audio_output { + type "fifo" + name "my_fifo" + path "/tmp/mpd.fifo" + format "44100:16:2" +} +audio_output { + type "httpd" + name "HTTP stream" + bind_to_address "10.0.1.103" + port "6688" + quality "5" + always_on "yes" + tags "yes" +} diff --git a/etc/network-setup.sh b/etc/network-setup.sh new file mode 100755 index 0000000..bdcfed5 --- /dev/null +++ b/etc/network-setup.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +cd $(dirname $0) +sudo cp systemd/resolved.conf /etc/systemd +test -f /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf || sudo ln -s ~rak/.config/wpa_supplicant /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf +sudo systemctl enable wpa_supplicant@wlp3s0.service +sudo systemctl enable systemd-networkd +sudo systemctl restart wpa_supplicant@wlp3s0.service +sudo systemctl restart systemd-networkd +echo "If it works, then purge ifupdown" diff --git a/etc/networkd-dispatcher/carrier.d/run-he-ipv6-update.sh b/etc/networkd-dispatcher/carrier.d/run-he-ipv6-update.sh new file mode 100755 index 0000000..e88437f --- /dev/null +++ b/etc/networkd-dispatcher/carrier.d/run-he-ipv6-update.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +if test $IFACE = "he-ipv6" -a $AdministrativeState = "configured"; then + systemctl restart he-ipv6-update.service +fi diff --git a/etc/resolv.conf b/etc/resolv.conf new file mode 100755 index 0000000..eacbeb7 --- /dev/null +++ b/etc/resolv.conf @@ -0,0 +1,6 @@ +#!/bin/sh + +sudo systemctl enable systemd-resolved.service +sudo systemctl start systemd-resolved.service +sudo rm /etc/resolv.conf +sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf diff --git a/etc/schroot/experimental.sources.list b/etc/schroot/experimental.sources.list new file mode 100644 index 0000000..29aa5d0 --- /dev/null +++ b/etc/schroot/experimental.sources.list @@ -0,0 +1,2 @@ +deb http://localhost:9999/debian experimental main +deb-src http://localhost:9999/debian experimental main diff --git a/etc/schroot/schroot.conf b/etc/schroot/schroot.conf new file mode 100644 index 0000000..04d80a4 --- /dev/null +++ b/etc/schroot/schroot.conf @@ -0,0 +1,47 @@ +# schroot chroot definitions. +# See schroot.conf(5) for complete documentation of the file format. + +[sid-snap] +type=lvm-snapshot +description=Debian sid LVM snapshot +groups=sbuild,root +root-users=rak +root-groups=root,sbuild +source-root-users=rak +device=/dev/tosh/sid_amd64_chroot +lvm-snapshot-options=--size 5G +aliases=unstable,unstable-amd64,default + +[experimental-snap] +type=lvm-snapshot +description=Debian experimental LVM snapshot +groups=sbuild,root +root-users=rak +root-groups=root,sbuild +source-root-users=rak +device=/dev/tosh/sid_amd64_chroot +lvm-snapshot-options=--size 5G +aliases=experimental,experimental-amd64 + +[stretch-snap] +type=lvm-snapshot +description=Debian stretch LVM snapshot +groups=sbuild,root +root-users=rak +root-groups=root,sbuild +source-root-users=rak +device=/dev/tosh/stretch_amd64_chroot +lvm-snapshot-options=--size 5G +aliases=stretch,stretch-amd64 + +[anki] +type=lvm-snapshot +profile=desktop +preserve-environment=true +description=Anki chroot +groups=sbuild,root +root-users=rak +root-groups=root,sbuild +source-root-users=rak +device=/dev/tosh/anki +lvm-snapshot-options=--size 3G diff --git a/etc/schroot/setup.d/60append-apt-sources b/etc/schroot/setup.d/60append-apt-sources new file mode 100755 index 0000000..c98b8ce --- /dev/null +++ b/etc/schroot/setup.d/60append-apt-sources @@ -0,0 +1,34 @@ +#!/bin/sh +# https://www.pseudorandom.co.uk/2007/sbuild/ +# /etc/schroot/setup.d/60append-apt-sources + +AUTH_VERBOSITY="verbose" + +if [ $1 = "setup-start" ] || [ $1 = "setup-recover" ]; then + + NAME=$(echo "${CHROOT_NAME}" | sed -e 's/-[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]-[a-z0-9][a-z0-9][a-z0-9][a-z0-9]-[a-z0-9][a-z0-9][a-z0-9][a-z0-9]-[a-z0-9][a-z0-9][a-z0-9][a-z0-9]-[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]//g') + + EXTRA_APT_SOURCES="/etc/schroot/sources.list.d/${NAME}.sources.list" + APT_PREFS="/etc/schroot/sources.list.d/${NAME}.preferences" + + if [ "$AUTH_VERBOSITY" = "verbose" ]; then + echo "Checking for auxiliary apt sources in $EXTRA_APT_SOURCES" >&2 + fi + if [ -e "$EXTRA_APT_SOURCES" ]; then + if [ "$AUTH_VERBOSITY" = "verbose" ]; then + echo "... extra apt sources found" >&2 + fi + cat "$EXTRA_APT_SOURCES" >> "${CHROOT_PATH}/etc/apt/sources.list" + fi + + if [ "$AUTH_VERBOSITY" = "verbose" ]; then + echo "Checking for apt preferences in $APT_PREFS" >&2 + fi + if [ -e "$APT_PREFS" ]; then + if [ "$AUTH_VERBOSITY" = "verbose" ]; then + echo "... apt preferences found" >&2 + fi + install -m644 "$APT_PREFS" "${CHROOT_PATH}/etc/apt/preferences" + fi + +fi diff --git a/etc/schroot/setup.d/80append-apt-sources b/etc/schroot/setup.d/80append-apt-sources new file mode 100755 index 0000000..953a5b1 --- /dev/null +++ b/etc/schroot/setup.d/80append-apt-sources @@ -0,0 +1,13 @@ +#!/bin/sh +# /etc/schroot/setup.d/80apt-get-update + +EXTRA_APT_SOURCES="/etc/schroot/sources.list.d/${CHROOT_NAME}.sources.list" +APT_PREFS="/etc/schroot/sources.list.d/${CHROOT_NAME}.preferences" + +if [ -f "EXTRA_APT_SOURCES" -a $1 = "setup-start" ]; then + if : || [ "$AUTH_VERBOSITY" = "verbose" ]; then + chroot "${CHROOT_PATH}" apt-get update >&2 || true + else + chroot "${CHROOT_PATH}" apt-get update >/dev/null || true + fi +fi diff --git a/etc/smtpd.conf b/etc/smtpd.conf new file mode 100644 index 0000000..4cf1486 --- /dev/null +++ b/etc/smtpd.conf @@ -0,0 +1,23 @@ +table aliases file:/etc/aliases +table secrets file:/etc/smtpd.conf.auth + +action "local" forward-only alias <aliases> +action "relay-rak" relay host smtp+tls://asteria@smtp.rak.ac:587 auth <secrets> +action "relay-alumni" relay host smtp+tls://alumni@smtp.gmail.com:587 auth <secrets> +action "relay-gmail" relay host smtp+tls://gmail@smtp.gmail.com:587 auth <secrets> +action "relay-socs" relay host smtp+tls://socs@mail.cs.mcgill.ca:587 auth <secrets> +action "relay-queensu" relay host smtp+tls://queensu@smtp.office365.com:587 \ + auth <secrets> mail-from "9rak@queensu.ca" + +match for local action "local" +match from mail-from "@rak.ac" for any action "relay-rak" +match from mail-from "@ryanak.ca" for any action "relay-rak" +match from mail-from "@debian.org" for any action "relay-rak" +match from mail-from "@gmail.com" for any action "relay-gmail" +match from mail-from "@cs.queensu.ca" for any action "relay-gmail" +match from mail-from "@queensu.ca" for any action "relay-queensu" +match from mail-from regex "ryanakca@(kubuntu.org|ubuntu.com)" for any action "relay-rak" +match from mail-from regex "rkavanagh?@(cs|alumni)\.cmu\.edu" for any action "relay-alumni" +match from mail-from regex "(ryank|rkavanagh)@cs\.mcgill\.ca" for any action "relay-socs" + +match from local for any action "relay-rak" diff --git a/etc/systemd/network/10-wlp3s0.network b/etc/systemd/network/10-wlp3s0.network new file mode 100644 index 0000000..65dfd51 --- /dev/null +++ b/etc/systemd/network/10-wlp3s0.network @@ -0,0 +1,5 @@ +[Match] +Name=wlp3s0 + +[Network] +DHCP=yes diff --git a/etc/systemd/network/20-dummy1.netdev b/etc/systemd/network/20-dummy1.netdev new file mode 100644 index 0000000..318bb09 --- /dev/null +++ b/etc/systemd/network/20-dummy1.netdev @@ -0,0 +1,3 @@ +[NetDev] +Name=dummy1 +Kind=dummy diff --git a/etc/systemd/network/20-dummy1.network b/etc/systemd/network/20-dummy1.network new file mode 100644 index 0000000..41bf4be --- /dev/null +++ b/etc/systemd/network/20-dummy1.network @@ -0,0 +1,6 @@ +[Match] +Name=dummy1 +Unmanaged=yes + +[Network] +Domains=~home.arpa diff --git a/etc/systemd/network/20-dummy3.netdev b/etc/systemd/network/20-dummy3.netdev new file mode 100644 index 0000000..c9fa450 --- /dev/null +++ b/etc/systemd/network/20-dummy3.netdev @@ -0,0 +1,3 @@ +[NetDev] +Name=dummy3 +Kind=dummy diff --git a/etc/systemd/network/20-dummy3.network b/etc/systemd/network/20-dummy3.network new file mode 100644 index 0000000..e0d4be5 --- /dev/null +++ b/etc/systemd/network/20-dummy3.network @@ -0,0 +1,6 @@ +[Match] +Name=dummy3 +Unmanaged=yes + +[Network] +Domains=~home.arpa diff --git a/etc/systemd/network/25-he-ipv6.netdev b/etc/systemd/network/25-he-ipv6.netdev new file mode 100644 index 0000000..b2d2047 --- /dev/null +++ b/etc/systemd/network/25-he-ipv6.netdev @@ -0,0 +1,10 @@ +[NetDev] +Name=he-ipv6 +Kind=sit +MTUBytes=1480 + +[Tunnel] +Local=192.168.1.103 +Remote=209.51.161.14 +TTL=255 +Independent=true diff --git a/etc/systemd/network/25-he-ipv6.network b/etc/systemd/network/25-he-ipv6.network new file mode 100644 index 0000000..6ce754f --- /dev/null +++ b/etc/systemd/network/25-he-ipv6.network @@ -0,0 +1,9 @@ +[Match] +Name=he-ipv6 + +[Network] +Gateway=2001:470:1f06:1d3::1 +Address=2001:470:1f06:1d3::2/64 +Address=2001:470:89ac:3::1/64 +DNS=2001:470:20::2 +BindCarrier=wlp3s0 enp5s0 diff --git a/etc/systemd/resolved.conf b/etc/systemd/resolved.conf new file mode 100644 index 0000000..b40f8c0 --- /dev/null +++ b/etc/systemd/resolved.conf @@ -0,0 +1,34 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# Entries in this file show the compile time defaults. Local configuration +# should be created by either modifying this file, or by creating "drop-ins" in +# the resolved.conf.d/ subdirectory. The latter is generally recommended. +# Defaults can be restored by simply deleting this file and all drop-ins. +# +# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config. +# +# See resolved.conf(5) for details. + +[Resolve] +# Some examples of DNS servers which may be used for DNS= and FallbackDNS=: +# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com +# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google +# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net +#DNS= +FallbackDNS=1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google +Domains=rak.ac +#DNSSEC=yes +#DNSOverTLS=no +#MulticastDNS=yes +LLMNR=no +#Cache=yes +#CacheFromLocalhost=no +#DNSStubListener=yes +#DNSStubListenerExtra= +#ReadEtcHosts=yes +#ResolveUnicastSingleLabel=no diff --git a/etc/systemd/system/fix-f4-led.service b/etc/systemd/system/fix-f4-led.service new file mode 100644 index 0000000..87ccb0f --- /dev/null +++ b/etc/systemd/system/fix-f4-led.service @@ -0,0 +1,11 @@ +# Enable with +# systemctl enable --now fix-f4-led.service +[Unit] +Description=Fix F4 LED on Thinkpad + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "echo 0 > /sys/class/leds/platform::micmute/brightness" + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service new file mode 100644 index 0000000..e265b60 --- /dev/null +++ b/etc/systemd/system/he-ipv6-update.service @@ -0,0 +1,26 @@ +[Unit] +Description=Update he-ipv6 tunnel end point +After=network-online.target + +[Service] +Type=oneshot +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807" +# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +NoNewPrivileges=yes +PermissionsStartOnly=true +# Prevent access to /dev +PrivateDevices=yes +# Use dedicated /tmp +PrivateTmp=yes +PrivateUsers=true +# Hide user homes +ProtectHome=yes +# Prevent loading or reading kernel modules +ProtectKernelModules=yes +# Prevent altering kernel tunables +ProtectKernelTunables=yes +# strict or full, see docs +ProtectSystem=strict + +[Install] +WantedBy=network-online.target diff --git a/etc/systemd/system/var-lib-mpd-music.automount b/etc/systemd/system/var-lib-mpd-music.automount new file mode 100644 index 0000000..7314a79 --- /dev/null +++ b/etc/systemd/system/var-lib-mpd-music.automount @@ -0,0 +1,9 @@ +[Unit] +Description=Automount /var/lib/mpd/music + +[Automount] +Where=/var/lib/mpd/music +DirectoryMode=0555 + +[Install] +WantedBy=multi-user.target mpd.service diff --git a/etc/systemd/system/var-lib-mpd-music.mount b/etc/systemd/system/var-lib-mpd-music.mount new file mode 100644 index 0000000..bab6239 --- /dev/null +++ b/etc/systemd/system/var-lib-mpd-music.mount @@ -0,0 +1,11 @@ +[Unit] +Description=MPD music mount +Requires=zfs-mount.service + +[Mount] +What=/media/t/music_clean +Where=/var/lib/mpd/music +Options=bind,ro + +[Install] +WantedBy=multi-user.target diff --git a/etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf b/etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf new file mode 120000 index 0000000..69979cf --- /dev/null +++ b/etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf @@ -0,0 +1 @@ +/home/rak/.config/wpa_supplicant.conf
\ No newline at end of file |