├── .github └── FUNDING.yml ├── .gitignore ├── asns ├── myspace ├── apple ├── twitter ├── facebook ├── linkedin └── microsoft ├── pf ├── private ├── martians └── pf.conf ├── apparmor.cfg ├── scripts ├── dnsmasq-dhcp.sh ├── macos-dns.sh ├── split-rom.sh ├── dig.sh ├── rename.py ├── pcap.sh ├── openssl.cnf ├── pf-blocklist.sh ├── pki.sh ├── updateAndroid.sh └── iptables.sh ├── gtk-bookmarks ├── lighttpd ├── magnet.luau ├── upload.py ├── lighttpd.conf └── index.html ├── wvdial.conf ├── xsession ├── pythonrc ├── curlrc ├── gtk-settings.ini ├── network-interfaces ├── domains ├── misc ├── twitter ├── reddit ├── pinterest ├── tiktok ├── tlds ├── mozilla ├── social ├── apple ├── facebook ├── providers └── google ├── README.md ├── gitconfig ├── gpg-agent.conf ├── openvpn ├── client.ovpn └── server.ovpn ├── install.openbsd ├── ntp.conf ├── torrc ├── prosody.cfg.lua ├── LICENSE ├── muttrc ├── ssh_config ├── doas.conf ├── tmux.conf ├── sshd_config ├── privoxy ├── config └── user.action ├── hostapd.conf ├── grub ├── sudoers ├── sysctl.conf ├── install.debian ├── gpg.conf ├── st.patch ├── dnsmasq.conf ├── dnscrypt-proxy.toml ├── vimrc ├── dwm.patch ├── zones ├── pubkey.asc ├── thunderbird.user.js ├── firefox.user.js └── zshrc /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [drduh] 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | *.apk 3 | *.csr 4 | *.key 5 | *.pem 6 | *.tmp 7 | *.zip 8 | update_verifier/ 9 | venv/ 10 | -------------------------------------------------------------------------------- /asns/myspace: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/asns/myspace 2 | # https://bgp.he.net/search?search%5Bsearch%5D=myspace 3 | AS33739 4 | -------------------------------------------------------------------------------- /asns/apple: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/asns/apple 2 | # https://bgp.he.net/search?search%5Bsearch%5D=apple+inc 3 | AS2709 4 | AS6185 5 | AS714 6 | -------------------------------------------------------------------------------- /pf/private: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/pf/private 2 | #0.0.0.0/8 3 | #100.64.0.0/10 4 | #127.0.0.0/8 5 | 10.0.0.0/8 6 | 172.16.0.0/12 7 | 192.168.0.0/16 8 | -------------------------------------------------------------------------------- /asns/twitter: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/asns/twitter 2 | # https://bgp.he.net/search?search%5Bsearch%5D=twitter 3 | AS13414 4 | AS35995 5 | AS54888 6 | AS63179 7 | -------------------------------------------------------------------------------- /asns/facebook: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/asns/facebook 2 | # https://bgp.he.net/search?search%5Bsearch%5D=facebook 3 | AS32934 4 | AS54115 5 | AS63293 6 | AS34825 7 | AS149642 8 | -------------------------------------------------------------------------------- /apparmor.cfg: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/apparmor.cfg 2 | # /etc/default/grub.d/apparmor.cfg 3 | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" 4 | -------------------------------------------------------------------------------- /scripts/dnsmasq-dhcp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # https://github.com/drduh/config/blob/main/scripts/dnsmasq-dhcp.sh 3 | touch /var/log/dnsmasq-dhcp 4 | echo "$(date) -- ${1} ${2} ${3} ${4}" >> /var/log/dnsmasq-dhcp 5 | -------------------------------------------------------------------------------- /gtk-bookmarks: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/gtk-bookmarks 2 | # ~/.config/gtk-4.0/bookmarks 3 | file:///home/user/Desktop 4 | file:///home/user/Documents 5 | file:///home/user/Pictures 6 | file:///home/user/Downloads 7 | -------------------------------------------------------------------------------- /lighttpd/magnet.luau: -------------------------------------------------------------------------------- 1 | -- https://github.com/drduh/config/blob/master/lighttpd/magnet.luau 2 | -- https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_magnet 3 | lighty.content = {{ filename = "/var/www/index.html" }} 4 | lighty.header["Content-Type"] = "text/html" 5 | return 200 6 | -------------------------------------------------------------------------------- /asns/linkedin: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/asns/linkedin 2 | # https://bgp.he.net/search?search%5Bsearch%5D=linkedin 3 | AS137709 4 | AS30427 5 | AS202745 6 | AS13443 7 | AS132466 8 | AS14413 9 | AS197612 10 | AS197613 11 | AS20049 12 | AS20366 13 | AS40793 14 | AS55163 15 | -------------------------------------------------------------------------------- /scripts/macos-dns.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/macos-dns.sh 3 | sudo scutil << EOF 4 | get State:/Network/Service/gpd.pan/DNS 5 | d.remove SearchDomains 6 | d.remove ServerAddress 7 | d.add ServerAddresses * 127.0.0.1 ::1 8 | set State:/Network/Service/gpd.pan/DNS 9 | exit 10 | EOF 11 | -------------------------------------------------------------------------------- /wvdial.conf: -------------------------------------------------------------------------------- 1 | ; https://github.com/drduh/config/blob/master/wvdial.conf 2 | ; https://linux.die.net/man/5/wvdial.conf 3 | [Dialer Defaults] 4 | Init1 = ATZ 5 | Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 6 | Modem Type = Analog Modem 7 | Baud = 460800 8 | New PPPD = yes 9 | Modem = /dev/ttyUSB0 10 | ISDN = 0 11 | Phone = *99# 12 | Password = { } 13 | Username = { } 14 | -------------------------------------------------------------------------------- /xsession: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # https://github.com/drduh/config/blob/main/xsession 3 | # https://manpages.debian.org/bookworm/x11-common/Xsession.5.en.html 4 | set -x 5 | [ -f ~/.fehbg ] && /bin/sh ~/.fehbg & 6 | #xidle & 7 | #xinput --set-prop 10 'libinput Accel Speed' 0.5 8 | xset b off 9 | xsetroot -name "$(date '+%A %j') | $(uname -sv) " 10 | exec /usr/local/bin/dwm 11 | -------------------------------------------------------------------------------- /pythonrc: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/pythonrc 2 | from pprint import pprint as p 3 | import json 4 | import urllib as u 5 | import base64 6 | import datetime 7 | import itertools 8 | import os 9 | import pdb 10 | import random 11 | import re 12 | import string 13 | import sys 14 | import time 15 | import yaml 16 | from dateutil.tz import tzutc 17 | true = True 18 | false = False 19 | null = None 20 | -------------------------------------------------------------------------------- /pf/martians: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/pf/martians 2 | # https://en.wikipedia.org/wiki/Reserved_IP_addresses 3 | #10.0.0.0/8 4 | #172.16.0.0/12 5 | 0.0.0.0/8 6 | 100.64.0.0/10 7 | 127.0.0.0/8 8 | 169.254.0.0/16 9 | 192.0.0.0/24 10 | 192.0.2.0/24 11 | 192.168.0.0/16 12 | 233.252.0.0/24 13 | 192.88.99.0/24 14 | 198.18.0.0/15 15 | 198.51.100.0/24 16 | 203.0.113.0/24 17 | 224.0.0.0/3 18 | 224.0.0.0/4 19 | 240.0.0.0/4 20 | -------------------------------------------------------------------------------- /curlrc: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/curlrc 2 | # https://curl.haxx.se/docs/manpage.html 3 | # https://www.useragents.me 4 | #verbose 5 | #max-time = 90 6 | #proxy = "127.0.0.1:5555" 7 | #socks5 = "127.0.0.1:9150" 8 | user-agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 9 | ipv4 10 | progress-bar 11 | referer = ";auto" 12 | remote-time 13 | show-error 14 | -------------------------------------------------------------------------------- /gtk-settings.ini: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/gtk-settings.ini 2 | # ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/.config/gtk-4.0/settings.ini 3 | # ~/.config/gtk-4.0/settings.ini 4 | [Settings] 5 | gtk-application-prefer-dark-theme=1 6 | gtk-enable-animations=0 7 | gtk-enable-primary-paste=0 8 | gtk-font-name=Ubuntu Sans 24 9 | gtk-primary-button-warps-slider=false 10 | gtk-recent-files-limit=0 11 | gtk-recent-files-max-age=0 12 | -------------------------------------------------------------------------------- /network-interfaces: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/network-interfaces 2 | auto lo 3 | iface lo inet loopback 4 | 5 | auto eno0 6 | #allow-hotplug eno0 7 | iface eno0 inet static 8 | address 10.8.1.10 9 | netmask 255.255.255.0 10 | gateway 10.8.1.1 11 | 12 | #auto wlp5s0 13 | allow-hotplug wlp5s0 14 | iface wlp5s0 inet dhcp 15 | #address 192.168.1.2 16 | #netmask 255.255.255.0 17 | #gateway 192.168.1.1 18 | wpa-ssid ssid 19 | wpa-psk ,password$ 20 | -------------------------------------------------------------------------------- /domains/misc: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/misc 2 | address=/ddg.co/ 3 | address=/duck.com/ 4 | address=/ddg.gg/ 5 | address=/indeed.com/ 6 | address=/doordash.com/ 7 | address=/duckduckgo.com/ 8 | address=/force.com/ 9 | address=/hrblock.com/ 10 | address=/kaptcha.com/ 11 | address=/myportfolio.com/ 12 | address=/nordvpn.com/ 13 | address=/overwolf.com/ 14 | address=/salesforceliveagent.com/ 15 | address=/sumologic.com/ 16 | address=/yahoo.com/ 17 | address=/yandex.com/ 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Miscellaneous scripts and program configuration files used in: 2 | 3 | - [YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) 4 | - [macOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide) 5 | - [pwd.sh](https://github.com/drduh/pwd.sh) 6 | - [Purse](https://github.com/drduh/Purse) 7 | - [PC-Engines-APU-Router-Guide](https://github.com/drduh/PC-Engines-APU-Router-Guide) 8 | - [Debian-Privacy-Server-Guide](https://github.com/drduh/Debian-Privacy-Server-Guide) 9 | -------------------------------------------------------------------------------- /gitconfig: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/gitconfig 2 | [user] 3 | name = drduh 4 | email = github@duh.to 5 | signingkey = "0xFF3E7D88647EBCDB" 6 | [core] 7 | repositoryformatversion = 0 8 | filemode = true 9 | bare = false 10 | logallrefupdates = true 11 | pager = less -XRF 12 | [remote "origin"] 13 | #url = https://github.com/drduh/config 14 | url = git@github.com:drduh/config.git 15 | fetch = +refs/heads/*:refs/remotes/origin/* 16 | [branch "main"] 17 | remote = origin 18 | merge = refs/heads/main 19 | -------------------------------------------------------------------------------- /gpg-agent.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/gpg-agent.conf 2 | # https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html 3 | enable-ssh-support 4 | ttyname $GPG_TTY 5 | default-cache-ttl 60 6 | max-cache-ttl 120 7 | pinentry-program /usr/bin/pinentry-curses 8 | #pinentry-program /usr/bin/pinentry-gnome3 9 | #pinentry-program /usr/bin/pinentry-tty 10 | #pinentry-program /usr/bin/pinentry-x11 11 | #pinentry-program /usr/local/bin/pinentry-curses 12 | #pinentry-program /usr/local/bin/pinentry-mac 13 | #pinentry-program /opt/homebrew/bin/pinentry-mac 14 | -------------------------------------------------------------------------------- /openvpn/client.ovpn: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/openvpn/client.ovpn 2 | # https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage 3 | client 4 | remote 1.2.3.4 443 5 | proto udp 6 | nobind 7 | tls-version-min 1.2 8 | tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 9 | ncp-ciphers AES-256-GCM 10 | cipher AES-256-GCM 11 | auth SHA512 12 | tls-crypt ta.key 13 | remote-cert-tls server 14 | remote-cert-eku "TLS Web Server Authentication" 15 | dev tun 16 | tun-ipv6 17 | redirect-gateway 18 | dhcp-option DNS 10.8.0.1 19 | persist-tun 20 | persist-key 21 | ping 60 22 | ping-restart 120 23 | ping-timer-rem 24 | verb 3 25 | -------------------------------------------------------------------------------- /asns/microsoft: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/asns/microsoft 2 | # https://bgp.he.net/search?search%5Bsearch%5D=microsoft 3 | AS12076 4 | AS13399 5 | AS13811 6 | AS14719 7 | AS17345 8 | AS20046 9 | AS200517 10 | AS22692 11 | AS23468 12 | AS25796 13 | AS26222 14 | AS30135 15 | AS30575 16 | AS31792 17 | AS32476 18 | AS3598 19 | AS36006 20 | AS395496 21 | AS395524 22 | AS395851 23 | AS396463 24 | AS397466 25 | AS397996 26 | AS398575 27 | AS398656 28 | AS400572 29 | AS40066 30 | AS5761 31 | AS6182 32 | AS6194 33 | AS6291 34 | AS63314 35 | AS6584 36 | AS8068 37 | AS8069 38 | AS8070 39 | AS8071 40 | AS8072 41 | AS8073 42 | AS8074 43 | AS8075 44 | -------------------------------------------------------------------------------- /domains/twitter: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/twitter 2 | address=/ads-twitter.com/ 3 | address=/periscope.tv/ 4 | address=/pscp.tv/ 5 | address=/t.co/ 6 | address=/tweetdeck.com/ 7 | address=/tweetmeme.com/ 8 | address=/twimg.com/ 9 | address=/twimg0-0.akamaihd.net/ 10 | address=/twitpic.com/ 11 | address=/twitter-badges.s3.amazonaws.com/ 12 | address=/twitter.co/ 13 | address=/twitter.com.edgekey.net/ 14 | address=/twitter.com/ 15 | address=/twitter.org/ 16 | address=/twitterinc.com/ 17 | address=/twitteroauth.com/ 18 | address=/twitterstat.us/ 19 | address=/twittter.com/ 20 | address=/twtrdns.net/ 21 | address=/twttr.com/ 22 | address=/x.com/ 23 | -------------------------------------------------------------------------------- /install.openbsd: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/install.openbsd 2 | adb 3 | arpwatch 4 | bash 5 | chirp 6 | curl 7 | dnsmasq 8 | ent 9 | feh 10 | firefox 11 | flashrom 12 | free 13 | gimp 14 | git 15 | gnupg 16 | htop 17 | imagemagick 18 | iperf 19 | libreoffice 20 | minetest 21 | mpv 22 | mupdf 23 | mutt 24 | nmap 25 | openra 26 | p5-Image-ExifTool 27 | pciutils 28 | pcsc-tools 29 | pdfid 30 | pfstat 31 | pftop 32 | poppler-utils 33 | pv 34 | py3-pip 35 | rsync 36 | rtl-sdr 37 | scrot 38 | sleuthkit 39 | thunderbird 40 | tree 41 | tshark 42 | unzip 43 | usbutils 44 | vim 45 | vnstat 46 | wireshark 47 | xclip 48 | xdotool 49 | youtube-dl 50 | zeek 51 | zsh 52 | -------------------------------------------------------------------------------- /scripts/split-rom.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/split-rom.sh 3 | cd build/util/nvramtool || exit 1 4 | ./nvramtool -C ../../coreboot.rom -w bluetooth=Disable 5 | ./nvramtool -C ../../coreboot.rom -w gfx_uma_size=224M 6 | ./nvramtool -C ../../coreboot.rom -w wlan=Disable 7 | ./nvramtool -C ../../coreboot.rom -w wwan=Disable 8 | cd ../.. || exit 1 9 | rm -f coreboot-bottom.rom coreboot-top.rom 10 | dd if=coreboot.rom of=coreboot-bottom.rom bs=1M count=8 11 | dd if=coreboot.rom of=coreboot-top.rom bs=1M skip=8 12 | mkdir -p "${HOME}/build/coreboot/write/$(date +%F)" 13 | mv ./*.rom "${HOME}/build/coreboot/write/$(date +%F)" 14 | -------------------------------------------------------------------------------- /ntp.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/ntp.conf 2 | # server 3 | driftfile /var/lib/ntpsec/ntp.drift 4 | leapfile /usr/share/zoneinfo/leap-seconds.list 5 | tos maxclock 11 6 | tos minclock 6 minsane 4 7 | pool 0.north-america.pool.ntp.org iburst 8 | pool 1.north-america.pool.ntp.org iburst 9 | pool 2.north-america.pool.ntp.org iburst 10 | pool 3.north-america.pool.ntp.org iburst 11 | server 0.us.pool.ntp.org 12 | server 1.us.pool.ntp.org 13 | server 2.us.pool.ntp.org 14 | server 3.us.pool.ntp.org 15 | restrict default kod nomodify noquery limited 16 | restrict 127.0.0.1 17 | #restrict 192.168.1.1 18 | # client 19 | server 192.168.1.1 iburst 20 | restrict 127.0.0.1 21 | restrict ::1 22 | restrict default noquery nomodify 23 | -------------------------------------------------------------------------------- /openvpn/server.ovpn: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/openvpn/server.ovpn 2 | # https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage 3 | port 443 4 | proto udp 5 | tls-version-min 1.2 6 | tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 7 | ncp-ciphers AES-256-GCM 8 | cipher AES-256-GCM 9 | auth SHA512 10 | remote-cert-eku "TLS Web Client Authentication" 11 | dev tun 12 | topology subnet 13 | server 10.8.0.0 255.255.255.0 14 | route 10.8.0.0 255.255.255.0 15 | push "dhcp-option DNS 10.8.0.1" 16 | server-ipv6 2001:db8:123::/64 17 | push "route-ipv6 2000::/3" 18 | duplicate-cn 19 | float 20 | mssfix 1400 21 | persist-key 22 | persist-tun 23 | ping 60 24 | ping-restart 1800 25 | ca /etc/pki/chain.pem 26 | cert /etc/pki/server.pem 27 | key /etc/pki/server.key 28 | dh /etc/pki/dh.pem 29 | tls-crypt /etc/pki/ta.key 30 | log-append /var/log/openvpn.log 31 | verb 3 32 | -------------------------------------------------------------------------------- /torrc: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/torrc 2 | # https://www.torproject.org/docs/tor-manual.html 3 | #User _tor 4 | #User debian-tor 5 | #PublishServerDescriptor 0 6 | ORPort 9999 7 | ExtORPort auto 8 | ExitPolicy reject *:* 9 | BridgeRelay 1 10 | #ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy 11 | ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy 12 | ServerTransportListenAddr obfs4 0.0.0.0:10022 13 | SocksPort 127.0.0.1:9049 14 | SocksPort 127.0.0.1:9050 15 | DNSPort 127.26.255.1:53 16 | AccountingMax 100 GBytes 17 | AccountingStart month 3 15:00 18 | RelayBandwidthRate 750 KBytes 19 | RelayBandwidthBurst 2 MBytes 20 | Log notice file /var/log/tor/notices.log 21 | #Log debug file /var/log/tor/debug.log 22 | #Nickname ididnteditheconfig 23 | #ContactInfo Random Person 24 | #ControlPort 9051 25 | #CookieAuthentication 1 26 | #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C 27 | #HiddenServiceDir /var/lib/tor/hidden_service/ 28 | #HiddenServicePort 80 127.0.0.1:80 29 | -------------------------------------------------------------------------------- /domains/reddit: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/reddit 2 | #address=/redd.it/ 3 | #address=/reddit-image.s3.amazonaws.com/ 4 | #address=/reddit-stream.com/ 5 | #address=/reddit-uploaded-media.s3-accelerate.amazonaws.com/ 6 | #address=/reddit-uploaded-video.s3-accelerate.amazonaws.com/ 7 | #address=/reddit.com/ 8 | #address=/reddit.map.fastly.net/ 9 | #address=/redditblog.com/ 10 | #address=/redditgifts.com/ 11 | #address=/redditinc.com/ 12 | #address=/redditmail.com/ 13 | #address=/redditmedia.com/ 14 | #address=/redditstatic.com/ 15 | #address=/redditstatus.com/ 16 | #address=/reddituploads.com/ 17 | address=/a-thumbs-redditmedia-com.cdn.ampproject.org/ 18 | address=/alb.reddit.com/ 19 | address=/amp-reddit-com.cdn.ampproject.org/ 20 | address=/diagnostics.redditmedia.com/ 21 | address=/e.reddit.com/ 22 | address=/events.reddit.com/ 23 | address=/events.redditmedia.com/ 24 | address=/gql.reddit.com/ 25 | address=/oops.redditmedia.com/ 26 | address=/pixel.redditmedia.com/ 27 | address=/w3-reporting-nel.reddit.com/ 28 | address=/w3-reporting.reddit.com/ 29 | -------------------------------------------------------------------------------- /prosody.cfg.lua: -------------------------------------------------------------------------------- 1 | -- https://github.com/drduh/config/blob/master/prosody.cfg.lua 2 | -- https://prosody.im/doc/configure 3 | modules_enabled = { 4 | "roster"; 5 | "saslauth"; 6 | "tls"; 7 | "private"; 8 | "posix"; 9 | "dialback"; 10 | } 11 | log = { 12 | debug = "/var/log/prosody/prosody.log"; 13 | error = "/var/log/prosody/prosody.err"; 14 | } 15 | admins = { "admin@example.com" } 16 | allow_registration = false 17 | authentication = "internal_hashed" 18 | daemonize = true 19 | c2s_require_encryption = true 20 | s2s_require_encryption = true 21 | s2s_secure_auth = false 22 | pidfile = "/var/run/prosody/prosody.pid" 23 | VirtualHost "example.com" 24 | ssl = { 25 | key = "/etc/pki/xmpp-key.pem"; 26 | certificate = "/etc/pki/xmpp-cert.pem"; 27 | dhparam = "/etc/pki/dh.pem"; 28 | depth = "1"; 29 | protocols = "tlsv1_2"; 30 | ciphers = "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4"; 31 | } 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 drduh 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /muttrc: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/muttrc 2 | # https://linux.die.net/man/5/muttrc 3 | set hostname = "github.duh.to" 4 | set realname = "github@duh.to" 5 | set from = "" 6 | set imap_user = "github@duh.to" 7 | set imap_pass = 'xxx' 8 | set smtp_pass = 'xxx' 9 | set folder = "imaps://imap.gmail.com:993/" 10 | set smtp_url = "smtp://github@duh.to@smtp.gmail.com:587/" 11 | set trash = "imaps://imap.gmail.com/[Gmail]/Trash" 12 | set edit_headers = yes 13 | set editor = "vim" 14 | set hidden_host 15 | set include = yes 16 | set mail_check = 120 17 | set postponed = "+[Gmail]/Drafts" 18 | set record = "+[Gmail]/Sent Mail" 19 | set sort = reverse-threads 20 | set sort_aux = last-date-received 21 | set sort_browser = reverse-date 22 | set spoolfile = "+INBOX" 23 | set ssl_force_tls = yes 24 | set ssl_starttls = yes 25 | set timeout = 60 26 | set user_agent = no 27 | set certificate_file = ~/.mutt/certificates 28 | set header_cache = ~/.mutt/cache/headers 29 | set message_cachedir = ~/.mutt/cache/messages 30 | alternative_order text/enriched text/plain text/html 31 | hdr_order Date From To Cc 32 | my_hdr User-Agent: 33 | push 34 | #source ~/.mutt/solarized.muttrc 35 | -------------------------------------------------------------------------------- /domains/pinterest: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/pinterest 2 | address=/ads.pinterest.com/ 3 | address=/akapinimg.net/ 4 | address=/ct.pinterest.com/ 5 | address=/log.pinterest.com/ 6 | address=/pin.it/ 7 | address=/pinimg.com.cdn.cloudflare.net/ 8 | address=/pinimg.com.edgekey.net/ 9 | address=/pinimg.com/ 10 | address=/pinterest.at/ 11 | address=/pinterest.ca/ 12 | address=/pinterest.ch/ 13 | address=/pinterest.cl/ 14 | address=/pinterest.co.kr/ 15 | address=/pinterest.co.uk/ 16 | address=/pinterest.com.au/ 17 | address=/pinterest.com.edgekey.net/ 18 | address=/pinterest.com.mx/ 19 | address=/pinterest.com/ 20 | address=/pinterest.de/ 21 | address=/pinterest.dk/ 22 | address=/pinterest.es/ 23 | address=/pinterest.et.e.sparkpost.com/ 24 | address=/pinterest.fr/ 25 | address=/pinterest.global.map.fastly.net/ 26 | address=/pinterest.ie/ 27 | address=/pinterest.info/ 28 | address=/pinterest.it/ 29 | address=/pinterest.jp/ 30 | address=/pinterest.map.fastly.net/ 31 | address=/pinterest.net/ 32 | address=/pinterest.nz/ 33 | address=/pinterest.ph/ 34 | address=/pinterest.pt/ 35 | address=/pinterest.ru/ 36 | address=/pinterest.se/ 37 | address=/pinterestcareers.com/ 38 | address=/pinterestmail.com/ 39 | address=/widgets.pinterest.com/ 40 | -------------------------------------------------------------------------------- /scripts/dig.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/dig.sh 3 | # https://en.wikipedia.org/wiki/List_of_DNS_record_types 4 | pause="1" 5 | server="1.1.1.1" 6 | types="""A # 32-bit ipv4 7 | AAAA # 128-bit ipv6 8 | CNAME # canonical 9 | MX # mail exchange 10 | NS # name server 11 | PTR # pointer 12 | SOA # zone authority 13 | SRV # service locator 14 | TXT # text 15 | DNSKEY # dnssec key 16 | DS # dnssec signer 17 | NSEC # dnssec nonexistence 18 | NSEC3 # dnssec nonexistence 19 | NSEC3PARAM # dnssec nonexistence 20 | RRSIG # dnssec signature 21 | AFSDB # distributed fs 22 | CAA # acceptable cert authorities 23 | CERT # certificate 24 | DHCID # dhcp 25 | DNAME # delegation name 26 | HINFO # host information 27 | LOC # location 28 | NAPTR # naming auth pointer 29 | TLSA # dane association 30 | """ 31 | 32 | for type in ${types} ; do 33 | if [[ ${type} =~ [A-Z] ]] ; then 34 | printf "\n%s: " "${type}" 35 | dig @${server} +short \ 36 | $(printf "%s" "${type}" | sed "s/\ \ \#.*//g") "${1}" 2>/dev/null 37 | sleep "${pause}" 38 | fi 39 | done 40 | -------------------------------------------------------------------------------- /ssh_config: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/ssh_config 2 | # https://linux.die.net/man/5/ssh_config 3 | #Host router 4 | # IdentityFile ~/.ssh/router 5 | # HostName 192.168.1.1 6 | # Port 2400 7 | # User sysadm 8 | Host gitlab.com 9 | User git 10 | ControlMaster no 11 | IdentitiesOnly yes 12 | IdentityFile ~/.ssh/gitlab 13 | Host github.com 14 | User git 15 | ControlMaster no 16 | IdentitiesOnly yes 17 | IdentityFile ~/.ssh/github 18 | MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com 19 | Host * 20 | #ControlMaster auto 21 | #ControlPath ~/.ssh/master-%r@%h:%p 22 | #ControlPersist 300 23 | AddressFamily inet 24 | HashKnownHosts yes 25 | VisualHostKey yes 26 | PasswordAuthentication no 27 | ChallengeResponseAuthentication no 28 | StrictHostKeyChecking ask 29 | VerifyHostKeyDNS yes 30 | ForwardAgent no 31 | ForwardX11 no 32 | ForwardX11Trusted no 33 | ServerAliveInterval 300 34 | ServerAliveCountMax 2 35 | Ciphers aes256-gcm@openssh.com 36 | MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com 37 | KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 38 | HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 39 | -------------------------------------------------------------------------------- /doas.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/doas.conf 2 | # https://man.openbsd.org/doas.conf 3 | permit persist :wheel 4 | permit nopass :wheel cmd cu args -r -s 115200 -l cuaU0 5 | permit nopass :wheel cmd dhclient args em0 6 | permit nopass :wheel cmd disklabel args -h sd0 7 | permit nopass :wheel cmd disklabel args -h sd1 8 | permit nopass :wheel cmd disklabel args -h sd2 9 | permit nopass :wheel cmd fw_update 10 | permit nopass :wheel cmd mount 11 | permit nopass :wheel cmd netstat args -an 12 | permit nopass :wheel cmd pfctl args -s state 13 | permit nopass :wheel cmd pfctl args -f /etc/pf.conf 14 | permit nopass :wheel cmd pkg_add 15 | permit nopass :wheel cmd pkg_check 16 | permit nopass :wheel cmd rcctl args restart dnsmasq 17 | permit nopass :wheel cmd rcctl args restart privoxy 18 | permit nopass :wheel cmd reboot 19 | permit nopass :wheel cmd route args add default 192.168.1.1 20 | permit nopass :wheel cmd route args delete default 21 | permit nopass :wheel cmd sh args /etc/netstart 22 | permit nopass :wheel cmd syspatch 23 | permit nopass :wheel cmd sysupgrade args -s 24 | permit nopass :wheel cmd sysupgrade args -sn 25 | permit nopass :wheel cmd tcpdump args -ni pflog0 26 | permit nopass :wheel cmd tcpdump args -qni pflog0 27 | permit nopass :wheel cmd umount 28 | permit nopass keepenv root 29 | -------------------------------------------------------------------------------- /tmux.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/tmux.conf 2 | # https://man.openbsd.org/man1/tmux.1 3 | unbind % 4 | bind-key C-a last-window 5 | bind-key C-n next-window 6 | bind-key h select-pane -L 7 | bind-key j select-pane -D 8 | bind-key k select-pane -U 9 | bind-key l select-pane -R 10 | bind r source-file ~/.tmux.conf 11 | bind | split-window -h 12 | bind - split-window -v 13 | set -g base-index 1 14 | set -g clock-mode-color color33 15 | set -g default-terminal "screen-256color" 16 | set -g display-panes-active-color color33 17 | set -g display-panes-color color166 18 | set -g history-limit 15000 19 | set -g message-style fg=color166,bg=color235 20 | set -g mode-keys vi 21 | set -g pane-active-border-style fg=color240 22 | set -g pane-base-index 1 23 | set -g pane-border-style fg=color235 24 | set -g prefix ` 25 | set -g status-interval 20 26 | set -g status-left " " 27 | set -g status on 28 | set -g status-bg default 29 | set -g status-right-length 80 30 | set -g status-right " #h \ 31 | #[bg=default]#[fg=color166]#(uptime|sed -e 's/.*: //g' -e 's/ //g') \ 32 | #[bg=default]#[fg=color33]%Y.%m.%d %H:%M " 33 | set -g status-style fg=color136,bg=default 34 | set -g window-status-bell-style fg=color235,bg=color160 35 | set -g window-status-current-format "#[bg=color4] #W " 36 | set -g window-status-format "#W" 37 | set -g window-status-style fg=color244,bg=default 38 | -------------------------------------------------------------------------------- /sshd_config: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/sshd_config 2 | # https://linux.die.net/man/5/sshd_config 3 | #ListenAddress 0.0.0.0 4 | #Port 2400 # /etc/systemd/system/sockets.target.wants/ssh.socket 5 | AddressFamily inet 6 | HostKey /etc/ssh/ssh_host_key 7 | AllowUsers sysadm proxy 8 | Ciphers aes256-gcm@openssh.com 9 | MACs hmac-sha2-512-etm@openssh.com 10 | KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 11 | HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 12 | RekeyLimit 1G 1H 13 | SyslogFacility AUTH 14 | LogLevel VERBOSE 15 | LoginGraceTime 30s 16 | MaxStartups 1 17 | MaxSessions 2 18 | MaxAuthTries 2 19 | ClientAliveInterval 30 20 | ClientAliveCountMax 20 21 | PermitRootLogin no 22 | StrictModes yes 23 | PubkeyAuthentication yes 24 | AuthorizedKeysFile %h/.ssh/authorized_keys 25 | IgnoreRhosts yes 26 | PasswordAuthentication no 27 | PermitEmptyPasswords no 28 | HostbasedAuthentication no 29 | ChallengeResponseAuthentication no 30 | Compression delayed 31 | AllowAgentForwarding no 32 | AllowTcpForwarding no 33 | X11Forwarding no 34 | GatewayPorts no 35 | PermitTunnel no 36 | UseDNS no 37 | PrintMotd no 38 | PrintLastLog yes 39 | PermitUserEnvironment no 40 | #Subsystem sftp /usr/lib/sftp-server 41 | #Subsystem sftp /usr/libexec/sftp-server 42 | #TrustedUserCAKeys /etc/ssh/ca.pub 43 | #Match User proxy 44 | # AllowTcpForwarding yes 45 | -------------------------------------------------------------------------------- /privoxy/config: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/privoxy/config 2 | # https://www.privoxy.org/user-manual/config.html 3 | #forward-socks5t / 127.0.0.1:9050 . 4 | #forward / parent-proxy.example.org:8080 5 | #forward :443 . 6 | #listen-address 192.168.1.1:8118 7 | confdir /etc/privoxy 8 | logdir /var/log/privoxy 9 | logfile logfile 10 | 11 | actionsfile default.action 12 | actionsfile match-all.action 13 | actionsfile user.action 14 | filterfile default.filter 15 | filterfile user.filter 16 | 17 | accept-intercepted-requests 1 18 | tolerate-pipelining 1 19 | keep-alive-timeout 10 20 | socket-timeout 10 21 | 22 | debug 1 # Log the destination for each request. See also debug 1024. 23 | debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. 24 | debug 4096 # Startup banner and warnings. 25 | debug 8192 # Non-fatal errors 26 | #debug 2 # show each connection status 27 | #debug 4 # show tagging-related messages 28 | #debug 8 # show header parsing 29 | #debug 16 # log all data written to the network 30 | #debug 32 # debug force feature 31 | #debug 64 # debug regular expression filters 32 | #debug 128 # debug redirects 33 | #debug 256 # debug GIF de-animation 34 | #debug 512 # Common Log Format 35 | #debug 2048 # CGI user interface 36 | #debug 32768 # log all data read from the network 37 | #debug 65536 # Log the applying actions 38 | -------------------------------------------------------------------------------- /hostapd.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/hostapd.conf 2 | # https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf 3 | ssid2=P"myAP" 4 | wpa_passphrase=mySecret123 5 | interface=wlan0 6 | driver=nl80211 7 | # 802.11a (Wi-Fi 2) (5 GHz) 8 | #hw_mode=a 9 | # 802.11g (Wi-Fi 3) (2.4 GHz) 10 | hw_mode=g 11 | # 802.11n (Wi-Fi 4) (MIMO) 12 | ieee80211n=1 13 | # 802.11ac (Wi-Fi 5) (more MIMO) 14 | ieee80211ac=1 15 | # 802.11ax (Wi-Fi 6) (OFDMA) 16 | #ieee80211ax=1 17 | # 802.11be (Wi-Fi 7) 18 | #ieee80211be=1 19 | # Select channel automatically (requires ACS) 20 | channel=0 21 | # WPA-3 22 | ieee80211w=2 23 | # 802.11d (additional regulatory domains) 24 | ieee80211d=1 25 | # Country 26 | country_code=US 27 | #require_he=1 28 | # Client isolation 29 | ap_isolate=1 30 | # HT capabilities (20 MHz for 2.4 GHz) 31 | ht_capab=[HT20] 32 | # VHT (802.11ac, 5 GHz) 33 | vht_capab=[VHT20] 34 | # Management Frame Protection for SAE (WPA3) 35 | sae_require_mfp=1 36 | # WPA only (no WEP) 37 | auth_algs=1 38 | # WPA2/3 only 39 | wpa=2 40 | # Key management 41 | group_cipher=CCMP 42 | #group_mgmt_cipher=BIP-GMAC-256 43 | rsn_pairwise=CCMP 44 | #wpa_pairwise=CCMP 45 | wpa_pairwise=GCMP-256 46 | wpa_gmk_rekey=14400 47 | wpa_group_rekey=3600 48 | #wpa_key_mgmt=WPA-EAP-SUITE-B-192 49 | #wpa_key_mgmt=WPA-EAP-SHA256 50 | #wpa_key_mgmt=WPA-PSK-SHA256 51 | wpa_key_mgmt=SAE 52 | wpa_disable_eapol_key_retries=1 53 | # Stations must know SSID 54 | #ignore_broadcast_ssid=1 55 | # QoS 56 | #wmm_enabled=1 57 | -------------------------------------------------------------------------------- /domains/tiktok: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/tiktok 2 | address=/atomile.com/ 3 | address=/bytedance.com/ 4 | address=/bytefcdn-oversea.com/ 5 | address=/bytefcdn-ttpeu.com/ 6 | address=/byteglb.com/ 7 | address=/byteigtm.com/ 8 | address=/byteimg.com/ 9 | address=/byteoversea.com.edgekey.net/ 10 | address=/byteoversea.com/ 11 | address=/byteoversea.net/ 12 | address=/bytetcdn.com/ 13 | address=/ibyteimg.com/ 14 | address=/ipstatp.com/ 15 | address=/isnssdk.com/ 16 | address=/muscdn.com/ 17 | address=/musemuse.cn/ 18 | address=/musical.ly/ 19 | address=/musically.ly/ 20 | address=/pstatp.com/ 21 | address=/qlivecdn.com/ 22 | address=/rocket-cdn.com/ 23 | address=/sgsnssdk.com/ 24 | address=/tiktok.bytedance.map.fastly.net/ 25 | address=/tiktok.com.bytewlb.akadns.net/ 26 | address=/tiktok.com/ 27 | address=/tiktok.in/ 28 | address=/tiktokcdn-com.akamaized.net/ 29 | address=/tiktokcdn-com.akamized.net/ 30 | address=/tiktokcdn-eu.com/ 31 | address=/tiktokcdn-eu.net/ 32 | address=/tiktokcdn-in.com/ 33 | address=/tiktokcdn-us.com/ 34 | address=/tiktokcdn.com/ 35 | address=/tiktokd.org/ 36 | address=/tiktokglobalshop.com/ 37 | address=/tiktokglobalshopv.com/ 38 | address=/tiktokmusic.app/ 39 | address=/tiktokshop.com/ 40 | address=/tiktokstaticb.com/ 41 | address=/tiktokv.com.edgekey.net/ 42 | address=/tiktokv.com/ 43 | address=/tiktokv.eu/ 44 | address=/tiktokv.us/ 45 | address=/tlivecdn.com/ 46 | address=/tlivepush.com/ 47 | address=/ttapis.com/ 48 | address=/ttdns2.com/ 49 | address=/ttlivecdn.com/ 50 | address=/ttoversea.net/ 51 | address=/ttoverseaus.net/ 52 | address=/ttwstatic.com/ 53 | address=/worldfcdn.com/ 54 | address=/worldfcdn2.com/ 55 | -------------------------------------------------------------------------------- /grub: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/grub 2 | #GRUB_TERMINAL=serial 3 | #GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" 4 | GRUB_GFXMODE=2560x1440 5 | GRUB_DEFAULT=0 6 | GRUB_RECORDFAIL_TIMEOUT=1 7 | GRUB_TIMEOUT=1 8 | GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` 9 | GRUB_CMDLINE_LINUX="oops=panic" 10 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX randomize_kstack_offset=on" 11 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1" 12 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX lockdown=confidentiality" 13 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge" 14 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1" 15 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0" 16 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on" 17 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none" 18 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1" 19 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet loglevel=0" 20 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off" 21 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on" 22 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on" 23 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx=off tsx_async_abort=full,nosmt" 24 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt" 25 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=full,force" 26 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force" 27 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force" 28 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_cpu=off" 29 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=on" 30 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma" 31 | GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ipv6.disable=1" 32 | -------------------------------------------------------------------------------- /sudoers: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/sudoers 2 | # https://www.sudo.ws/docs/man/sudoers.man/ 3 | Defaults env_reset 4 | Defaults mail_badpass 5 | Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 6 | Defaults use_pty 7 | 8 | root ALL=(ALL:ALL) ALL 9 | sysadm ALL=(ALL:ALL) ALL 10 | 11 | Cmnd_Alias NP = \ 12 | /bin/dmesg, \ 13 | /bin/mount /dev/[a-z0-9]*, \ 14 | /bin/umount /mnt/[a-z]*, \ 15 | /sbin/cryptsetup luksClose /dev/mapper/*, \ 16 | /sbin/cryptsetup luksOpen /dev/*, \ 17 | /sbin/dhclient [a-z0-9]*, \ 18 | /sbin/fdisk -l, \ 19 | /sbin/ip route add default via 192.168.1.1 dev wlp2s0, \ 20 | /sbin/wpa_supplicant -Dnl80211 -iwlp2s0 -cwpa.conf, \ 21 | /usr/bin/apt autoclean, \ 22 | /usr/bin/apt autoremove, \ 23 | /usr/bin/apt dist-upgrade, \ 24 | /usr/bin/apt update, \ 25 | /usr/bin/apt upgrade, \ 26 | /usr/bin/apt -y upgrade, \ 27 | /usr/bin/lsof -Pni, \ 28 | /usr/bin/minicom -D /dev/ttyUSB0, \ 29 | /usr/bin/screen /dev/ttyUSB0 115200 8n1, \ 30 | /usr/bin/tail -F /var/log/dnsmasq, \ 31 | /usr/bin/tail -F /var/log/privoxy/logfile, \ 32 | /usr/bin/tee /sys/class/backlight/*/brightness, \ 33 | /usr/bin/vim /etc/privoxy/user.action, \ 34 | /usr/sbin/dmidecode -s bios-version, \ 35 | /usr/sbin/ntpdate -uv 192.168.1.1, \ 36 | /usr/sbin/reboot now, \ 37 | /usr/sbin/route add -net 10.8.1.1 netmask 255.255.255.0 gw 192.168.1.1, \ 38 | /usr/sbin/service dnsmasq restart, \ 39 | /usr/sbin/service networking restart, \ 40 | /usr/sbin/service ntp restart, \ 41 | /usr/sbin/service ntpsec restart, \ 42 | /usr/sbin/service privoxy restart, \ 43 | /usr/sbin/shutdown -h now 44 | 45 | sysadm ALL=(ALL) NOPASSWD:NP 46 | #sysadm ALL=(ALL) NOPASSWD:ALL 47 | 48 | #@includedir /etc/sudoers.d 49 | -------------------------------------------------------------------------------- /lighttpd/upload.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # https://github.com/drduh/config/blob/master/lighttpd/upload.py 3 | # Simple file uploader 4 | # Put into /var/www/cgi-bin/, make executable and enable CGI 5 | 6 | import cgi 7 | import os 8 | 9 | CHUNK_SIZE = 100000 10 | UPLOAD = "/var/www/upload/" 11 | 12 | HEADER = """ 13 | %s 14 | 33 |
""" 34 | ERROR = """ 35 |

Error: %s

36 |
""" 37 | SUCCESS = """ 38 |

Saved %s

39 |

Upload another file

40 |

Download files

41 | """ 42 | 43 | 44 | def main(): 45 | """File uploader static pages and form handler.""" 46 | print(HEADER % "File upload") 47 | 48 | form = cgi.FieldStorage() 49 | ff = form["file"] 50 | fl = ff.file 51 | fn = ff.filename 52 | 53 | if not fn: 54 | print(ERROR % "No file selected") 55 | return 56 | 57 | with open( 58 | os.path.join( 59 | UPLOAD, os.path.basename(fn)), "wb") as out: 60 | while True: 61 | content = fl.read(CHUNK_SIZE) 62 | if not content: 63 | break 64 | out.write(content) 65 | 66 | print(SUCCESS % (fn, fn)) 67 | 68 | if __name__ == "__main__": 69 | main() 70 | -------------------------------------------------------------------------------- /domains/tlds: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/tlds 2 | address=/ad/ 3 | address=/ax/ 4 | address=/bar/ 5 | address=/bat/ 6 | address=/beta/ 7 | address=/bid/ 8 | address=/biz/ 9 | address=/buzz/ 10 | address=/cf/ 11 | address=/cim/ 12 | address=/click/ 13 | address=/club/ 14 | address=/cm/ 15 | address=/cn/ 16 | address=/coim/ 17 | address=/com1/ 18 | address=/comc/ 19 | address=/comhttps/ 20 | address=/comp/ 21 | address=/comr/ 22 | address=/date/ 23 | address=/desi/ 24 | address=/dk/ 25 | address=/download/ 26 | address=/ecom/ 27 | address=/email/ 28 | address=/events/ 29 | address=/exe/ 30 | address=/fit/ 31 | address=/ga/ 32 | address=/gdn/ 33 | address=/gom/ 34 | address=/gq/ 35 | address=/guru/ 36 | address=/internal/ 37 | address=/irg/ 38 | address=/key/ 39 | address=/kr/ 40 | address=/life/ 41 | address=/link/ 42 | address=/loan/ 43 | address=/local/ 44 | address=/localdomain/ 45 | address=/marketing/ 46 | address=/md/ 47 | address=/men/ 48 | address=/mil/ 49 | address=/ml/ 50 | address=/mobi/ 51 | address=/mom/ 52 | address=/mp/ 53 | address=/news/ 54 | address=/no/ 55 | address=/ocm/ 56 | address=/okinawa/ 57 | address=/om/ 58 | address=/onion/ 59 | address=/online/ 60 | address=/ooo/ 61 | address=/page/ 62 | address=/pdf/ 63 | address=/pl/ 64 | address=/plus/ 65 | address=/racing/ 66 | address=/reise/ 67 | address=/review/ 68 | address=/rocks/ 69 | address=/ru/ 70 | address=/ryukyu/ 71 | address=/sex/ 72 | address=/shop/ 73 | address=/sys/ 74 | address=/tel/ 75 | address=/tk/ 76 | address=/tokyo/ 77 | address=/top/ 78 | address=/trade/ 79 | address=/tw/ 80 | address=/undefined/ 81 | address=/vip/ 82 | address=/wang/ 83 | address=/webcam/ 84 | address=/website/ 85 | address=/win/ 86 | address=/work/ 87 | address=/works/ 88 | address=/world/ 89 | address=/wow/ 90 | address=/xin/ 91 | address=/xml/ 92 | address=/xxx/ 93 | address=/yokohama/ 94 | -------------------------------------------------------------------------------- /domains/mozilla: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/mozilla 2 | # https://support.mozilla.org/en-US/kb/domains-allow-firefox 3 | #address=/allizom.org/ 4 | #address=/atp.fox/ 5 | #address=/firefox.com-v2.edgesuite.net/ 6 | #address=/firefox.com/ 7 | #address=/firefoxusercontent.com/ 8 | #address=/getfirefox.com/ 9 | #address=/hg-edge-mozilla.fastly-edge.com/ 10 | #address=/mdnplay.dev/ 11 | #address=/moz.works/ 12 | #address=/mozaws.net/ 13 | #address=/mozgcp.net/ 14 | #address=/mozilla.com/ 15 | #address=/mozilla.net/ 16 | #address=/mozilla.org.cdn.cloudflare.net/ 17 | #address=/mozilla.org/ 18 | #address=/mozilla-backup.org/ 19 | #address=/mozilla-download.fastly-edge.com/ 20 | #address=/thunderbird.net/ 21 | address=/accounts.firefox.com/ 22 | address=/aus5.mozilla.org/ 23 | address=/blocked.cdn.mozilla.net/ 24 | address=/blocklist.addons.mozilla.org/ 25 | address=/crash-stats.mozilla.com/ 26 | address=/detectportal.firefox.com/ 27 | address=/dynamicua.cdn.mozilla.net/ 28 | address=/experiments.mozilla.org/ 29 | address=/fhr.cdn.mozilla.net/ 30 | address=/firefox-api-proxy.cdn.mozilla.net/ 31 | address=/firefox-settings-attachments.cdn.mozilla.net/ 32 | address=/getpocket-cdn.prod.mozaws.net/ 33 | address=/getpocket.cdn.mozilla.net/ 34 | address=/getpocket.com/ 35 | address=/img-getpocket.cdn.mozilla.net/ 36 | address=/input.mozilla.org/ 37 | address=/install.mozilla.org/ 38 | address=/mozit.cloud/ 39 | address=/mozorg.cdn.mozilla.net/ 40 | address=/mz.la/ 41 | address=/normandy.cdn.mozilla.net/ 42 | address=/services.mozilla.com/ 43 | address=/snippets.cdn.mozilla.net/ 44 | address=/stage.mozaws.net/ 45 | address=/sumo.mozilla.net/ 46 | address=/sync.services.mozilla.com/ 47 | address=/tbpl.mozilla.org/ 48 | address=/telemetry-experiment.cdn.mozilla.net/ 49 | address=/telemetry.mozilla.org/ 50 | address=/tracking-protection.cdn.mozilla.net/ 51 | address=/versioncheck-bg.addons.mozilla.org/ 52 | -------------------------------------------------------------------------------- /scripts/rename.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | """ 3 | https://github.com/drduh/config/blob/main/scripts/rename.py 4 | 5 | Random rename of files at path. 6 | """ 7 | 8 | import os 9 | import random 10 | import string 11 | import sys 12 | 13 | CHARSET = string.ascii_lowercase 14 | 15 | 16 | def confirmation(path): 17 | """Ask for confirmation.""" 18 | if input(f"Rename '{path}'? ").lower().startswith("y"): 19 | return True 20 | return False 21 | 22 | 23 | def rename(path, length=8): 24 | """Find and rename files in path, normalize extensions. 25 | 26 | Args: 27 | path: string, directory with files to rename 28 | length: int, length of renamed filename. 29 | """ 30 | target = os.listdir(path) 31 | print(f"Renaming {len(target)} files ...") 32 | 33 | for item in target: 34 | ext = os.path.splitext(item)[1].lower() 35 | if ext == ".jpeg": 36 | ext = ".jpg" 37 | rand = "".join(random.sample(CHARSET, length)) + ext 38 | 39 | if not os.path.isfile(path + rand): 40 | os.rename(os.path.join(path, item), 41 | os.path.join(path, rand)) 42 | print(f"Renamed {item} to {rand}") 43 | else: 44 | print(f"{path} {rand} already exists!") 45 | 46 | 47 | def main(argv): 48 | """Main function.""" 49 | if len(argv) < 2: 50 | argv.append(".") 51 | 52 | path = os.path.abspath(argv[1]) 53 | if not os.path.isdir(path): 54 | print(f"Path '{path}' does not exist!") 55 | return 56 | 57 | length = 8 58 | if len(sys.argv) > 2: 59 | length = argv[2] 60 | 61 | if int(length) > len(CHARSET): 62 | print(f"Length cannot exceed {len(CHARSET)}!") 63 | return 64 | 65 | if confirmation(path): 66 | rename(path, int(length)) 67 | 68 | 69 | if __name__ == "__main__": 70 | main(sys.argv) 71 | -------------------------------------------------------------------------------- /pf/pf.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/pf.conf 2 | # https://man.openbsd.org/pf.conf.5 3 | ext = "em0" 4 | red = "em1" 5 | blue = "em2" 6 | green = "em3" 7 | wifi = "athn0" 8 | vpn = "tun0" 9 | ntp_server = "192.168.1.1" 10 | routers = "{ 10.8.1.1, 172.16.1.1, 192.168.1.1 }" 11 | table persist file "/etc/pf/blocklist" 12 | table persist file "/etc/pf/martians" 13 | table persist file "/etc/pf/private" 14 | set block-policy drop 15 | set state-policy if-bound 16 | set debug info 17 | set loginterface $ext 18 | set optimization normal 19 | set limit { states 30000, table-entries 250000 } 20 | set skip on lo0 21 | block quick from any to lo0:network 22 | block log quick from to any 23 | block log quick from any to 24 | antispoof quick for { $ext $red $blue $green $wifi } 25 | match in all scrub (no-df random-id max-mss 1440) 26 | match out on egress inet from !(egress:network) to any nat-to (egress:0) 27 | #match in on { $red $blue $green $wifi } inet proto { tcp udp } to any port 53 rdr-to 192.168.1.1 28 | #match in on { $red $blue $green $wifi } inet proto udp to any port 123 rdr-to 192.168.1.1 29 | pass out quick proto udp from $ext to $ntp_server port 123 30 | block in log quick from no-route to any 31 | block in log inet from any to localhost 32 | block in log quick on egress from to any 33 | block return out log quick on egress from any to 34 | block log all 35 | pass in quick on { $red $blue $green $wifi $vpn } inet keep state 36 | #rdr on $ext inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080 37 | pass out quick on $ext proto { tcp, udp, icmp } from $ext to any keep state 38 | #pass out proto tcp from $ext to any port 43 keep state 39 | #pass out proto tcp from $ext to any port 80 keep state 40 | #pass out proto tcp from $ext to any port 443 keep state 41 | #pass out proto tcp from $ext to $routers port 22 keep state 42 | #pass out proto udp from $ext to $routers port 53 keep state 43 | #pass quick inet proto tcp from any port 67:68 to any port 67:68 keep state flags S/SA 44 | -------------------------------------------------------------------------------- /domains/social: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/social 2 | address=/alexa.com/ 3 | address=/alwaysdata.net/ 4 | address=/asapp.com/ 5 | address=/bufferapp.com/ 6 | address=/campaign-archive.com/ 7 | address=/darkreader.github.io/ 8 | address=/darkreader.org/ 9 | address=/digg.com/ 10 | address=/diggstatic.com/ 11 | address=/discord.com/ 12 | address=/discord.gg/ 13 | address=/discord.me/ 14 | address=/discord.media/ 15 | address=/discordapp.com/ 16 | address=/discordapp.net/ 17 | address=/discordstatus.com/ 18 | address=/disqus.com/ 19 | address=/disquscdn.com/ 20 | address=/ea.com/ 21 | address=/eidos.com/ 22 | address=/espn.com/ 23 | address=/external-users.gog.com/ 24 | address=/foursquare.com/ 25 | address=/galaxy-log.gog.com/ 26 | address=/gameplayapi.intel.com/ 27 | address=/getsocial.io/ 28 | address=/gravatar.com/ 29 | address=/hellobar.com/ 30 | address=/helpscout.net/ 31 | address=/hootsuite.com/ 32 | address=/ibyteimg.com/ 33 | address=/influenster.com/ 34 | address=/insights-collector.gog.com/ 35 | address=/licdn.com/ 36 | address=/lithium.com/ 37 | address=/muscdn.com/ 38 | address=/myspace.com/ 39 | address=/myspacecdn.com/ 40 | address=/norton.com/ 41 | address=/notifications-pusher.gog.com/ 42 | address=/oxiapps.com/ 43 | address=/paradox-interactive.com/ 44 | address=/paradoxplaza.com/ 45 | address=/pixel.wp.com/ 46 | address=/presence.gog.com/ 47 | address=/pstatp.com/ 48 | address=/pushbullet.com/ 49 | address=/quora.com/ 50 | address=/quoracdn.net/ 51 | address=/seal.globalsign.com/ 52 | address=/seal.godaddy.com/ 53 | address=/seal.verisign.com/ 54 | address=/services.fandom.com/ 55 | address=/sgizmo.com/ 56 | address=/shareaholic.com/ 57 | address=/shareaholic.net/ 58 | address=/sharethis.com/ 59 | address=/smg.com/ 60 | address=/socialannex.com/ 61 | address=/socialreach.com/ 62 | address=/spot.im/ 63 | address=/steambroadcast.akamaized.net/ 64 | address=/stores-counters.wix.com/ 65 | address=/stumble-upon.com/ 66 | address=/stumbleupon.com/ 67 | address=/sustatic.com/ 68 | address=/teamspeak.com/ 69 | address=/telemetry-in.battle.net/ 70 | address=/telemetry.ros.rockstargames.com/ 71 | address=/track.ultimate-guitar.com/ 72 | address=/tumblr.com/ 73 | address=/udc.yahoo.com/ 74 | address=/unity3d.com/ 75 | address=/vk.com/ 76 | address=/vsco.co/ 77 | address=/weheartit.com/ 78 | address=/whicdn.com/ 79 | -------------------------------------------------------------------------------- /sysctl.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/sysctl.conf 2 | # https://sysctl-explorer.net/ 3 | #kernel.modules_disabled = 1 4 | #net.ipv4.ip_forward = 1 5 | #user.max_user_namespaces = 0 6 | dev.tty.ldisc_autoload = 0 7 | dev.tty.legacy_tiocsti = 0 8 | fs.protected_fifos = 2 9 | fs.protected_hardlinks = 1 10 | fs.protected_regular = 2 11 | fs.protected_symlinks = 1 12 | fs.suid_dumpable = 0 13 | kernel.core_uses_pid = 1 14 | kernel.dmesg_restrict = 1 15 | kernel.kexec_load_disabled = 1 16 | kernel.kptr_restrict = 2 17 | kernel.perf_event_paranoid = 3 18 | kernel.printk = 3 3 3 3 19 | kernel.randomize_va_space = 2 20 | kernel.sysrq = 4 21 | kernel.unprivileged_bpf_disabled = 1 22 | kernel.unprivileged_userns_clone = 0 23 | kernel.yama.ptrace_scope = 3 24 | net.core.bpf_jit_harden = 2 25 | net.ipv4.conf.all.accept_redirects = 0 26 | net.ipv4.conf.all.accept_source_route = 0 27 | net.ipv4.conf.all.log_martians = 1 28 | net.ipv4.conf.all.rp_filter = 1 29 | net.ipv4.conf.all.secure_redirects = 0 30 | net.ipv4.conf.all.send_redirects = 0 31 | net.ipv4.conf.all.shared_media = 0 32 | net.ipv4.conf.default.accept_redirects = 0 33 | net.ipv4.conf.default.accept_source_route = 0 34 | net.ipv4.conf.default.log_martians = 1 35 | net.ipv4.conf.default.rp_filter = 1 36 | net.ipv4.conf.default.secure_redirects = 0 37 | net.ipv4.conf.default.send_redirects = 0 38 | net.ipv4.conf.default.shared_media = 0 39 | net.ipv4.icmp_echo_ignore_all = 1 40 | net.ipv4.icmp_echo_ignore_broadcasts = 1 41 | net.ipv4.icmp_ignore_bogus_error_responses = 1 42 | net.ipv4.tcp_dsack = 0 43 | net.ipv4.tcp_rfc1337 = 1 44 | net.ipv4.tcp_sack = 0 45 | net.ipv4.tcp_syncookies = 1 46 | net.ipv4.tcp_timestamps = 0 47 | net.ipv6.conf.all.accept_ra = 0 48 | net.ipv6.conf.all.accept_redirects = 0 49 | net.ipv6.conf.all.accept_source_route = 0 50 | net.ipv6.conf.all.forwarding = 0 51 | net.ipv6.conf.all.use_tempaddr = 2 52 | net.ipv6.conf.default.accept_ra = 0 53 | net.ipv6.conf.default.accept_ra_defrtr = 0 54 | net.ipv6.conf.default.accept_ra_pinfo = 0 55 | net.ipv6.conf.default.accept_ra_rtr_pref = 0 56 | net.ipv6.conf.default.accept_redirects = 0 57 | net.ipv6.conf.default.accept_source_route = 0 58 | net.ipv6.conf.default.autoconf = 0 59 | net.ipv6.conf.default.dad_transmits = 0 60 | net.ipv6.conf.default.max_addresses = 1 61 | net.ipv6.conf.default.router_solicitations = 0 62 | net.ipv6.conf.default.use_tempaddr = 2 63 | net.ipv6.conf.eth0.accept_ra_rtr_pref = 0 64 | vm.unprivileged_userfaultfd = 0 65 | -------------------------------------------------------------------------------- /lighttpd/lighttpd.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/lighttpd/lighttpd.conf 2 | # https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/master/entry/doc/config/lighttpd.conf 3 | server.modules = ( 4 | "mod_access", 5 | "mod_accesslog", 6 | "mod_alias", 7 | "mod_cgi", 8 | "mod_magnet", 9 | # "mod_openssl", 10 | # "mod_setenv", 11 | ) 12 | #server.bind = "10.8.1.1" 13 | #server.bind = "192.168.0.1" 14 | #$SERVER["socket"] == "172.16.1.1:80" {} 15 | server.bind = "127.0.0.1" 16 | server.port = 80 17 | server.range-requests = "disable" 18 | server.follow-symlink = "disable" 19 | server.document-root = "/var/www" 20 | server.errorlog = "/var/log/lighttpd/error.log" 21 | #server.reject-expect-100-with-417 = "disable" 22 | server.tag = "server" 23 | server.max-connections = 100 24 | server.max-read-idle = 15 25 | #server.max-request-size = 1 26 | server.max-write-idle = 15 27 | server.upload-dirs = ("/var/www/upload") 28 | static-file.etags = "disable" 29 | #static-file.exclude-extensions = ( ".py", ".pl", ".fcgi" ) 30 | accesslog.filename = "/var/log/lighttpd/access.log" 31 | cgi.assign = ( ".py" => "/usr/bin/python3" ) 32 | #debug.log-file-not-found = "enable" 33 | #debug.log-response-header = "enable" 34 | #debug.log-request-header = "enable" 35 | #dir-listing.activate = "enable" 36 | index-file.names = ( "index.html" ) 37 | url.access-deny = ( "~", ".inc" ) 38 | mimetype.assign = ( 39 | ".html" => "text/html", 40 | ".htm" => "text/html", 41 | ".txt" => "text/plain", 42 | ".gif" => "image/gif", 43 | ".jpg" => "image/jpg", 44 | ".png" => "image/png", 45 | ".py" => "text/x-python", 46 | ".pyc" => "application/x-python-code", 47 | ".pyo" => "application/x-python-code", 48 | ) 49 | #$SERVER["socket"] == ":443" { 50 | # ssl.engine = "enable" 51 | # ssl.pemfile = "/etc/lighttpd/lighttpd.pem" 52 | # ssl.ca-file = "/etc/lighttpd/chain.pem" 53 | # ssl.verifyclient.activate = "enable" 54 | # ssl.verifyclient.enforce = "enable" 55 | # ssl.verifyclient.username = "Root CA" 56 | #} 57 | #$HTTP["url"] !~ "^/public/(.*)$" { 58 | # $SERVER["socket"] != ":443" { 59 | # magnet.attract-physical-path-to = ("/etc/lighttpd/magnet.luau" ) 60 | # } 61 | #} 62 | -------------------------------------------------------------------------------- /scripts/pcap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/pcap.sh 3 | # 4 | # Cycles tcpflow output through foremost to recover jpg files, 5 | # then executes python script to generate gallery pages and index. 6 | # 7 | # For example, capture HTTP traffic and pass it to tcpflow: 8 | # cd ~/pcap && tcpdump -U tcp port 80 -w - | tcpflow -r - 9 | # 10 | # Then in another shell, run this script: 11 | # ./pcap.sh 12 | 13 | set -o errtrace 14 | set -o nounset 15 | set -o pipefail 16 | 17 | #set -x # uncomment to debug 18 | 19 | umask 077 20 | 21 | foremost="$(command -v foremost)" # path to foremost 22 | python="$(command -v python)" # path to python 23 | gallery="/home/drduh/gallery.py" # path to python gallery script 24 | output="/home/drduh/www" # path to write jpgs 25 | tcpflow="/home/drduh/pcap" # path to where tcpflow is writing 26 | pause=60 # seconds between each run 27 | 28 | 29 | sanity_check() { 30 | # Ensure foremost and required directories exist and are sane. 31 | 32 | if [[ -z ${foremost} && ! -x ${foremost} ]] ; then 33 | printf "foremost is not available" ; exit 1 34 | fi 35 | 36 | if [[ ! -d ${tcpflow} && "${tcpflow}" != "/" ]] ; then 37 | printf "${tcpflow} does not exist" ; exit 1 38 | fi 39 | 40 | if [[ ! -d ${output} ]] ; then 41 | printf "${output} does not exist" ; exit 1 42 | fi 43 | 44 | if [[ ! -f ${gallery} ]] ; then 45 | printf "${gallery} does not exist" ; exit 1 46 | fi 47 | } 48 | 49 | 50 | sanity_check 51 | 52 | 53 | while : ; do 54 | date 55 | 56 | # Clear out any previous foremost output 57 | rm -r "${tcpflow}/output" 2>/dev/null 58 | 59 | if [[ "$(ls -A ${tcpflow})" ]] ; then 60 | cd ${tcpflow} && \ 61 | ${foremost} -i * &>/dev/null 62 | 63 | if [[ -d ${tcpflow}/output/jpg ]] ; then 64 | printf "Found $(ls -l ${tcpflow} | wc -l) jpgs from foremost" 65 | 66 | for filename in $(find ${tcpflow}/output/jpg/ -type f -name "*.jpg") ; do 67 | # add random number to filename as it can repeat in foremost output 68 | cp "$filename" "${output}/$RANDOM-$(basename $filename)" 69 | done 70 | 71 | printf "Updating gallery pages ..." 72 | ${python} ${gallery} 73 | 74 | else 75 | printf "No new jpgs from foremost" 76 | fi 77 | 78 | # Clear out any tcpflow for next run 79 | rm -r "${tcpflow:?}/*" &>/dev/null 80 | else 81 | printf "No new input from tcpflow" 82 | fi 83 | 84 | printf "Sleeping for ${pause} seconds\n" 85 | sleep ${pause} 86 | done 87 | -------------------------------------------------------------------------------- /install.debian: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/install.debian 2 | adb 3 | alsa-utils 4 | apparmor 5 | apparmor-utils 6 | apt 7 | apt-transport-https 8 | at 9 | auditd 10 | autoconf 11 | base58 12 | binwalk 13 | bsdmainutils 14 | build-essential 15 | chkrootkit 16 | cmake 17 | cmus 18 | cpufrequtils 19 | cryptsetup 20 | curl 21 | dcraw 22 | debsecan 23 | debsums 24 | dirmngr 25 | dnsmasq 26 | dnsutils 27 | efitools 28 | evince 29 | feh 30 | ffmpeg 31 | file 32 | firejail 33 | flashrom 34 | flatpak 35 | flex 36 | fonts-inconsolata 37 | foremost 38 | gcc 39 | geeqie 40 | genisoimage 41 | gimp 42 | git 43 | gnat 44 | gnome-tweaks 45 | gnupg-agent 46 | gnupg2 47 | gnutls-bin 48 | html2text 49 | htop 50 | imagemagick 51 | iotop 52 | iperf 53 | iptables 54 | iptables-persistent 55 | iw 56 | kdenlive 57 | kiwix 58 | libclang-dev 59 | libevent-dev 60 | libimage-exiftool-perl 61 | libncurses5-dev 62 | libnftables-dev 63 | libnl-3-dev 64 | libnl-genl-3-dev 65 | libpcap-dev 66 | libpcre3-dev 67 | libpcsclite-dev 68 | libreoffice 69 | libseccomp-dev 70 | libsodium-dev 71 | libssl-dev 72 | libusb-dev 73 | libx11-dev 74 | libxft-dev 75 | libxinerama-dev 76 | libxrandr-dev 77 | llvm-dev 78 | lshw 79 | lsof 80 | m4 81 | macchanger 82 | make 83 | minicom 84 | mpv 85 | mupdf 86 | ncal 87 | net-tools 88 | netcat-openbsd 89 | nmap 90 | ntp 91 | ntpdate 92 | oathtool 93 | openssl 94 | p11-kit 95 | paperkey 96 | parted 97 | pciutils 98 | pcsc-tools 99 | pcscd 100 | pkg-config 101 | poppler-utils 102 | printer-driver-brlaser 103 | privoxy 104 | pv 105 | pylint 106 | python3-bpfcc 107 | python3-flask 108 | python3-gnupg 109 | python3-pil 110 | python3-pip 111 | python3-psutil 112 | python3-pyscard 113 | python3-scapy 114 | python3-venv 115 | python3-watchdog 116 | qemu-system-x86 117 | qpdf 118 | qrencode 119 | rename 120 | rfkill 121 | rkhunter 122 | rng-tools-debian 123 | rsync 124 | rtl-sdr 125 | scdaemon 126 | screenfetch 127 | scrot 128 | secure-delete 129 | selinux-basics 130 | selinux-policy-default 131 | shellcheck 132 | signify-openbsd 133 | signify-openbsd-keys 134 | smartmontools 135 | speedtest-cli 136 | ssh 137 | sshfs 138 | sslscan 139 | strace 140 | stunnel 141 | sudo 142 | swig 143 | tcpdump 144 | tcpflow 145 | thunderbird 146 | tmux 147 | traceroute 148 | tree 149 | tshark 150 | unzip 151 | upower 152 | vim 153 | virt-manager 154 | vlc 155 | wget 156 | whois 157 | wireshark 158 | xbacklight 159 | xclip 160 | xdotool 161 | xorg 162 | yubikey-manager 163 | yubikey-personalization 164 | zbar-tools 165 | zlib1g-dev 166 | zsh 167 | -------------------------------------------------------------------------------- /gpg.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/gpg.conf 2 | # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html 3 | # 'gpg --version' to get capabilities 4 | # Use AES256, 192, or 128 as cipher 5 | personal-cipher-preferences AES256 AES192 AES 6 | # Use SHA512, 384, or 256 as digest 7 | personal-digest-preferences SHA512 SHA384 SHA256 8 | # Use ZLIB, BZIP2, ZIP, or no compression 9 | personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed 10 | # Default preferences for new keys 11 | default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed 12 | # SHA512 as digest to sign keys 13 | cert-digest-algo SHA512 14 | # SHA512 as digest for symmetric ops 15 | s2k-digest-algo SHA512 16 | # AES256 as cipher for symmetric ops 17 | s2k-cipher-algo AES256 18 | # UTF-8 support for compatibility 19 | charset utf-8 20 | # No comments in messages 21 | no-comments 22 | # No version in output 23 | no-emit-version 24 | # Disable banner 25 | no-greeting 26 | # Long key id format 27 | keyid-format 0xlong 28 | # Display UID validity 29 | list-options show-uid-validity 30 | verify-options show-uid-validity 31 | # Display all keys and their fingerprints 32 | with-fingerprint 33 | # Display key origins and updates 34 | #with-key-origin 35 | # Cross-certify subkeys are present and valid 36 | require-cross-certification 37 | # Enforce memory locking to avoid accidentally swapping GPG memory to disk 38 | require-secmem 39 | # Disable caching of passphrase for symmetrical ops 40 | no-symkey-cache 41 | # Output ASCII instead of binary 42 | armor 43 | # Enable smartcard 44 | use-agent 45 | # Disable recipient key ID in messages (WARNING: breaks Mailvelope) 46 | throw-keyids 47 | # Default key ID to use (helpful with throw-keyids) 48 | #default-key 0xFF00000000000001 49 | #trusted-key 0xFF00000000000001 50 | # Group recipient keys (preferred ID last) 51 | #group keygroup = 0xFF00000000000003 0xFF00000000000002 0xFF00000000000001 52 | # Keyserver URL 53 | #keyserver hkps://keys.openpgp.org 54 | #keyserver hkps://keys.mailvelope.com 55 | #keyserver hkps://keyserver.ubuntu.com:443 56 | #keyserver hkps://pgpkeys.eu 57 | #keyserver hkps://pgp.circl.lu 58 | #keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion 59 | # Keyserver proxy 60 | #keyserver-options http-proxy=http://127.0.0.1:8118 61 | #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 62 | # Enable key retrieval using WKD and DANE 63 | #auto-key-locate wkd,dane,local 64 | #auto-key-retrieve 65 | # Trust delegation mechanism 66 | #trust-model tofu+pgp 67 | # Show expired subkeys 68 | #list-options show-unusable-subkeys 69 | # Verbose output 70 | #verbose 71 | -------------------------------------------------------------------------------- /domains/apple: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/apple 2 | # https://support.apple.com/en-us/101555 3 | address=/aaplimg.com/ 4 | address=/apple-cloudkit.com/ 5 | address=/apple-dns.cn/ 6 | address=/apple-dns.net/ 7 | address=/apple-finance.query.yahoo.com/ 8 | address=/apple-icloud.cn/ 9 | address=/apple-livephotoskit.com/ 10 | address=/apple-mapkit.com/ 11 | address=/apple-relay.cloudflare.com/ 12 | address=/apple-relay.fastly-edge.com/ 13 | address=/apple.co/ 14 | address=/apple.com.akadns.net/ 15 | address=/apple.com.c.footprint.net/ 16 | address=/apple.com.cn/ 17 | address=/apple.com.edgekey.net.globalredir.akadns.net/ 18 | address=/apple.com.edgekey.net/ 19 | address=/apple.com.edgesuite.net/ 20 | address=/apple.com/ 21 | address=/apple.net/ 22 | address=/apple.news/ 23 | address=/apple/ 24 | address=/appleicloud.cn/ 25 | address=/appleid.cdn-apple.com.akadns.net/ 26 | address=/apzones.com/ 27 | address=/blobstore-apple.com.akadns.net/ 28 | address=/cddbp.net/ 29 | address=/cdn-apple.com.akadns.net/ 30 | address=/cdn-apple.com/ 31 | address=/courier-push-apple.com.akadns.net/ 32 | address=/courier-push-applecom.akadns.net/ 33 | address=/courier-sandbox-push-apple.com.akadns.net/ 34 | address=/courier-sandbox-push-applecom.akadns.net/ 35 | address=/edge-itunes-apple.com.akadns.net/ 36 | address=/ess-apple.com.akadns.net/ 37 | address=/gc-apple.com.akadns.net/ 38 | address=/gcsis-applecom.akadns.net/ 39 | address=/guzzoni-apple.com.akadns.net/ 40 | address=/iadsdk.apple.com/ 41 | address=/icloud-apple.cn/ 42 | address=/icloud-content.com/ 43 | address=/icloud.apple/ 44 | address=/icloud.ch/ 45 | address=/icloud.com.akadns.net/ 46 | address=/icloud.com.cn/ 47 | address=/icloud.com/ 48 | address=/icloud.de/ 49 | address=/icloud.ee/ 50 | address=/icloud.fi/ 51 | address=/icloud.fr/ 52 | address=/icloud.hu/ 53 | address=/icloud.ie/ 54 | address=/icloud.is/ 55 | address=/icloud.jp/ 56 | address=/icloud.lv/ 57 | address=/icloud.net.cn/ 58 | address=/icloud.om/ 59 | address=/icloud.org/ 60 | address=/icloud.pt/ 61 | address=/icloud.ro/ 62 | address=/icloud.se/ 63 | address=/icloud.si/ 64 | address=/icloud.sk/ 65 | address=/icloud.vn/ 66 | address=/iphone.com/ 67 | address=/itunes-apple.com.akadns.net/ 68 | address=/itunes-nocookie.com/ 69 | address=/itunes.com/ 70 | address=/itunesradio.com/ 71 | address=/ls-apple.com.akadns.net/ 72 | address=/me.com.akadns.net/ 73 | address=/me.com/ 74 | address=/metrics.icloud.com/ 75 | address=/mzstatic.com/ 76 | address=/networking.apple/ 77 | address=/oa-apple.com.akadns.net/ 78 | address=/origin-apple.com.akadns.net/ 79 | address=/push-apple.com.akadns.net/ 80 | address=/safebrowsing.apple/ 81 | address=/seed-siri-apple.com.akadns.net/ 82 | address=/siri.com/ 83 | address=/smoot-applecom.akadns.net/ 84 | address=/wwwitunes.com/ 85 | -------------------------------------------------------------------------------- /st.patch: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/st.patch 2 | # Run 'make' before applying with 'patch < st.patch' then run 'make' again 3 | --- a/config.h 2022-01-11 00:00:00 4 | +++ b/config.h 2022-01-11 00:00:01 5 | @@ -5,8 +5,8 @@ 6 | * 7 | * font: see http://freedesktop.org/software/fontconfig/fontconfig-user.html 8 | */ 9 | -static char *font = "Liberation Mono:pixelsize=12:antialias=true:autohint=true"; 10 | -static int borderpx = 2; 11 | +static char *font = "Inconsolata:pixelsize=24:antialias=true:autohint=true"; 12 | +static int borderpx = 24; 13 | 14 | /* 15 | * What program is execed by st depends of these precedence rules: 16 | @@ -95,44 +95,32 @@ 17 | 18 | /* Terminal colors (16 first used in escape sequence) */ 19 | static const char *colorname[] = { 20 | - /* 8 normal colors */ 21 | - "black", 22 | - "red3", 23 | - "green3", 24 | - "yellow3", 25 | - "blue2", 26 | - "magenta3", 27 | - "cyan3", 28 | - "gray90", 29 | - 30 | - /* 8 bright colors */ 31 | - "gray50", 32 | - "red", 33 | - "green", 34 | - "yellow", 35 | - "#5c5cff", 36 | - "magenta", 37 | - "cyan", 38 | - "white", 39 | - 40 | - [255] = 0, 41 | - 42 | - /* more colors can be added after 255 to use with DefaultXX */ 43 | - "#cccccc", 44 | - "#555555", 45 | - "gray90", /* default foreground colour */ 46 | - "black", /* default background colour */ 47 | + "#073642", 48 | + "#dc322f", 49 | + "#859900", 50 | + "#b58900", 51 | + "#268bd2", 52 | + "#d33682", 53 | + "#2aa198", 54 | + "#eee8d5", 55 | + "#002b36", 56 | + "#cb4b16", 57 | + "#586e75", 58 | + "#657b83", 59 | + "#839496", 60 | + "#6c71c4", 61 | + "#93a1a1", 62 | + "#fdf6e3", 63 | }; 64 | 65 | - 66 | /* 67 | * Default colors (colorname index) 68 | * foreground, background, cursor, reverse cursor 69 | */ 70 | -unsigned int defaultfg = 258; 71 | -unsigned int defaultbg = 259; 72 | -unsigned int defaultcs = 256; 73 | -static unsigned int defaultrcs = 257; 74 | +unsigned int defaultfg = 12; 75 | +unsigned int defaultbg = 8; 76 | +unsigned int defaultcs = 14; 77 | +static unsigned int defaultrcs = 15; 78 | 79 | /* 80 | * Default shape of cursor 81 | 82 | --- a/config.mk 2022-01-11 00:00:00 83 | +++ b/config.mk 2022-01-11 00:00:01 84 | @@ -31,5 +31,15 @@ 85 | # `$(PKG_CONFIG) --libs fontconfig` \ 86 | # `$(PKG_CONFIG) --libs freetype2` 87 | 88 | +CFLAGS = -std=c99 -Wno-deprecated-declarations -Os ${INCS} ${CPPFLAGS} \ 89 | + -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -O3 -pipe \ 90 | + -Wpedantic -Wall -Wextra -Wconversion -Wsign-conversion \ 91 | + -Wformat -Wformat-security -Werror=format-security \ 92 | + -Wstack-protector -fstack-protector-all \ 93 | + --param ssp-buffer-size=1 \ 94 | + -fasynchronous-unwind-tables \ 95 | + -fexceptions -fpie -fpic \ 96 | + -ftrapv -flto -fvisibility=hidden 97 | + 98 | # compiler and linker 99 | -# CC = c99 100 | +CC = c99 101 | -------------------------------------------------------------------------------- /scripts/openssl.cnf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/openssl.cnf 2 | # https://github.com/openssl/openssl/blob/master/apps/openssl.cnf 3 | [ req ] 4 | prompt = no 5 | default_bits = 4096 6 | default_keyfile = local.key 7 | default_md = sha384 8 | distinguished_name = req_distinguished_name 9 | req_extensions = req_ext 10 | 11 | [ req_distinguished_name ] 12 | commonName = example.local 13 | 14 | [ req_ext ] 15 | subjectAltName = @alt_names 16 | 17 | [ alt_names ] 18 | DNS.1 = example.local 19 | 20 | [ ca ] 21 | default_ca = CA_default 22 | 23 | [ CA_default ] 24 | dir = ./demoCA # Where everything is kept 25 | certs = $dir/certs # Where the issued certs are kept 26 | crl_dir = $dir/crl # Where the issued crl are kept 27 | database = $dir/index.txt # database index file 28 | new_certs_dir = $dir/newcerts # default place for new certs 29 | certificate = $dir/cacert.pem # The CA certificate 30 | serial = $dir/serial # The current serial number 31 | crlnumber = $dir/crlnumber # the current crl number 32 | crl = $dir/crl.pem # The current CRL 33 | private_key = $dir/private/cakey.pem # The private key 34 | RANDFILE = $dir/private/.rand # private random number file 35 | x509_extensions = usr_cert # The extensions to add to the cert 36 | name_opt = ca_default # Subject Name options 37 | cert_opt = ca_default # Certificate field options 38 | default_days = 365 # how long to certify for 39 | default_crl_days = 30 # how long before next CRL 40 | default_md = default # use public key default MD 41 | preserve = no # keep passed DN ordering 42 | policy = policy_match 43 | 44 | [ policy_match ] 45 | commonName = supplied 46 | countryName = optional 47 | emailAddress = optional 48 | organizationName = optional 49 | organizationalUnitName = optional 50 | stateOrProvinceName = optional 51 | 52 | [ policy_anything ] 53 | commonName = supplied 54 | countryName = optional 55 | emailAddress = optional 56 | localityName = optional 57 | organizationName = optional 58 | organizationalUnitName = optional 59 | stateOrProvinceName = optional 60 | 61 | [ v3_ca ] 62 | authorityKeyIdentifier = keyid:always,issuer 63 | basicConstraints = critical,CA:true 64 | subjectKeyIdentifier = hash 65 | #keyUsage = cRLSign, keyCertSign 66 | 67 | [ tls_client ] 68 | basicConstraints = CA:FALSE 69 | extendedKeyUsage = clientAuth 70 | keyUsage = digitalSignature, keyEncipherment, dataEncipherment 71 | nsCertType = client 72 | 73 | [ tls_server ] 74 | basicConstraints = CA:FALSE 75 | extendedKeyUsage = serverAuth 76 | keyUsage = digitalSignature, keyEncipherment 77 | nsCertType = server 78 | subjectKeyIdentifier = hash 79 | -------------------------------------------------------------------------------- /scripts/pf-blocklist.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/pf-blocklist.sh 3 | # 4 | # Downloads IP addresses and ranges for blocking with PF: 5 | # 1) Published lists of ad/malware hosts 6 | # 2) Organizational Autonomous System (AS) assignments 7 | # (Requires https://github.com/drduh/config/tree/main/asns/*) 8 | # 3) Country AS assignments 9 | # (Requires https://github.com/drduh/config/tree/main/zones) 10 | 11 | #set -x 12 | 13 | dns=1.1.1.1 14 | custom=pf-custom.$(date +%F) 15 | threats=pf-threats.$(date +%F) 16 | zones=pf-zones.$(date +%F) 17 | blocklist=pf-blocklist.$(date +%F) 18 | doas whoami >/dev/null || exit 1 19 | 20 | printf "Current rules: " 21 | doas pfctl -t blocklist -T show | wc -l 22 | 23 | action="" 24 | while [[ -z "${action}" ]] ; 25 | do read -n 1 -p "Continue? (y/n) " action 26 | done 27 | printf "\n" 28 | 29 | if [[ "${action}" =~ ^([yY])$ ]] ; then 30 | rm $custom $threats $zones $blocklist 2>/dev/null 31 | touch $custom $threats $zones 32 | 33 | printf "Checking threats ..." 34 | curl -sq \ 35 | "https://pgl.yoyo.org/adservers/iplist.php?ipformat=&showintro=0&mimetype=plaintext" \ 36 | "https://www.binarydefense.com/banlist.txt" \ 37 | "https://rules.emergingthreats.net/blockrules/compromised-ips.txt" \ 38 | "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" \ 39 | "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset" \ 40 | "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset" \ 41 | "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset" \ 42 | "https://isc.sans.edu/api/threatlist/shodan/shodan.txt" | \ 43 | grep -Ev "^192\.168\.|^10\.|172\.16\.|127\.0\.0\.0|0\.0\.0\.0|^#|#$" | \ 44 | grep -E "^[0-9]" >> $threats 45 | wc -l $threats 46 | 47 | # https://bgp.he.net/ 48 | # https://github.com/drduh/config/tree/main/asns/* 49 | printf "Checking asns ..." 50 | for asn in $(find ../asns -type f) ; do 51 | printf "# $asn\n" >> $custom 52 | for nb in $(grep -v "^#" $asn) ; do 53 | printf " $nb" 54 | whois -h whois.radb.net !g$nb | tr " " "\n" | \ 55 | grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}\/[0-9]+" >> $custom 56 | done 57 | done 58 | wc -l $custom 59 | 60 | # https://www.ipdeny.com/ipblocks/ 61 | # https://github.com/drduh/config/tree/main/zones 62 | printf "Checking zones ..." 63 | for zone in $(grep -v "^#" ../zones | sed "s/\ \ \#.*//g") ; do 64 | printf " $zone" 65 | curl -sq \ 66 | "https://www.ipdeny.com/ipblocks/data/countries/$zone.zone" >> $zones 67 | done 68 | wc -l $zones 69 | 70 | sort $custom $threats $zones | uniq > $blocklist 71 | wc -l $blocklist 72 | 73 | if [[ ! -s $blocklist ]] ; then 74 | printf "Error: empty blocklist\n" ; exit 1 75 | fi 76 | 77 | doas cp -v /etc/pf/blocklist /etc/pf/blocklist.$(date +%F) && \ 78 | doas cp -v ./$blocklist /etc/pf/blocklist 79 | doas pfctl -f /etc/pf.conf 80 | printf "\nnew rules: " 81 | doas pfctl -t blocklist -T show | wc -l 82 | 83 | else 84 | printf "\ntesting blocked sites ...\n" 85 | for ws in $(/bin/ls ../asns) ; do 86 | printf "\n$ws.com: " 87 | curl -v \ 88 | https://$(dig a $ws.com @$dns +short|head -n1) 2>&1 | \ 89 | grep "Permission denied" || printf "BLOCK FAILED" 90 | done 91 | fi 92 | -------------------------------------------------------------------------------- /domains/facebook: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/facebook 2 | address=/accountkit.com/ 3 | address=/acebook.com/ 4 | address=/atdmt.com/ 5 | address=/atlassolutions.com/ 6 | address=/cdninstagram.com/ 7 | address=/faacebook.com/ 8 | address=/faceb.us/ 9 | address=/facebbook.com/ 10 | address=/faceboik.com/ 11 | address=/facebolk.com/ 12 | address=/faceboo.com/ 13 | address=/facebook-dns.com/ 14 | address=/facebook-hardware.com/ 15 | address=/facebook-studio.com/ 16 | address=/facebook-web-clients.appspot.com/ 17 | address=/facebook.be/ 18 | address=/facebook.co/ 19 | address=/facebook.com.au/ 20 | address=/facebook.com.edgekey.net/ 21 | address=/facebook.com.edgesuite.net/ 22 | address=/facebook.com.mx/ 23 | address=/facebook.com/ 24 | address=/facebook.de/ 25 | address=/facebook.dk/ 26 | address=/facebook.es/ 27 | address=/facebook.fr/ 28 | address=/facebook.is/ 29 | address=/facebook.it/ 30 | address=/facebook.jp/ 31 | address=/facebook.mx/ 32 | address=/facebook.net.edgekey.net/ 33 | address=/facebook.net/ 34 | address=/facebook.nl/ 35 | address=/facebook.no/ 36 | address=/facebook.org/ 37 | address=/facebook.se/ 38 | address=/facebook.us/ 39 | address=/facebookcareers.com/ 40 | address=/facebookenterprise.com/ 41 | address=/facebookmail.com/ 42 | address=/facebookrecruiting.com/ 43 | address=/facebookstudy.com/ 44 | address=/facebookthreads.com/ 45 | address=/facebookvirtualassistant.com/ 46 | address=/faceobok.com/ 47 | address=/fb.audio/ 48 | address=/fb.com/ 49 | address=/fb.de/ 50 | address=/fb.fr/ 51 | address=/fb.gg/ 52 | address=/fb.me/ 53 | address=/fb.watch/ 54 | address=/fbcdn-photos-a.akamaihd.net/ 55 | address=/fbcdn-profile-a.akamaihd.net/ 56 | address=/fbcdn-sphotos-a.akamaihd.net/ 57 | address=/fbcdn.com/ 58 | address=/fbcdn.net/ 59 | address=/fbe2e.com/ 60 | address=/fbexternal-a.akamaihd.net/ 61 | address=/fbinfra.net/ 62 | address=/fbpigeon.com/ 63 | address=/fbsbx.com.online-metrix.net/ 64 | address=/fbsbx.com/ 65 | address=/fbstatic-a.akamaihd.net/ 66 | address=/fbsv.net/ 67 | address=/fbthirdpartypixel.com/ 68 | address=/fburl.com/ 69 | address=/fbwat.ch/ 70 | address=/frebasics.org/ 71 | address=/freebasics.com/ 72 | address=/freebasics.org/ 73 | address=/giphy.com/ 74 | address=/giphy.map.fastly.net/ 75 | address=/giphyscripts.s3.amazonaws.com/ 76 | address=/ig.me/ 77 | address=/igsonar.com/ 78 | address=/inatagram.com/ 79 | address=/instagram.com/ 80 | address=/instagram.net/ 81 | address=/instagramstatic-a.akamaihd.net.edgesuite.net/ 82 | address=/instagramstatic-a.akamaihd.net/ 83 | address=/internet.org/ 84 | address=/libra.org/ 85 | address=/m-freeway.com/ 86 | address=/m.me/ 87 | address=/messages-facebook.com/ 88 | address=/messenger.com/ 89 | address=/messengerkids.com/ 90 | address=/meta.ai/ 91 | address=/meta.com/ 92 | address=/msngr.com/ 93 | address=/oculus.com/ 94 | address=/oculus.immo/ 95 | address=/oculusvr.com/ 96 | address=/parse.com/ 97 | address=/pingback.giphy.com/ 98 | address=/snapchat.com/ 99 | address=/tfbnw.net/ 100 | address=/thefaceboock.com/ 101 | address=/thefacebook.com/ 102 | address=/thefacebook.dk/ 103 | address=/thefacebook.me/ 104 | address=/thefacebook.vn/ 105 | address=/threads.net/ 106 | address=/wa.me/ 107 | address=/whatsapp.com/ 108 | address=/whatsapp.net/ 109 | address=/wit.ai/ 110 | address=/workplace.com/ 111 | address=/www-facebook-com.cdn.ampproject.org/ 112 | -------------------------------------------------------------------------------- /lighttpd/index.html: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | Upload File 8 | 9 | 44 | 70 | 71 |
72 |
75 | 76 | 77 |
78 |

Download files

79 | 80 |

81 |

82 |

83 |

84 |

85 |

86 |

87 |

88 | 89 |

90 |

91 |

92 |
93 | 94 | -------------------------------------------------------------------------------- /scripts/pki.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/pki.sh 3 | # https://tools.ietf.org/html/rfc5280 4 | # Generates RSA PKI with root, server and client certificates 5 | 6 | #set -x # uncomment to debug 7 | set -o errtrace 8 | set -o nounset 9 | set -o pipefail 10 | 11 | umask 077 12 | 13 | # Directory to save output materials 14 | readonly MATS="pki" 15 | 16 | # Path to openssl binary 17 | #readonly OPENSSL="/opt/homebrew/bin/openssl" 18 | readonly OPENSSL="/usr/bin/openssl" 19 | 20 | # Path to openssl configuration 21 | readonly OPENSSL_CONF="./openssl.cnf" 22 | 23 | # Days to self-sign CA for (1 year - 15 days) 24 | readonly CA_DAYS="350" 25 | 26 | # Days to sign leaf certificates 27 | readonly CERT_DAYS="90" 28 | 29 | # Key size (RSA) 30 | readonly KEYSIZE="4096" 31 | 32 | # Signing algo 33 | readonly DEFAULT_MD="sha384" 34 | 35 | # Serial number size (in bytes) 36 | readonly SERIAL_SIZE=32 37 | 38 | if [[ ! -x ${OPENSSL} ]] ; then 39 | printf "need ${OPENSSL}\n" ; exit 1 40 | fi 41 | 42 | if [[ ! -f ${OPENSSL_CONF} ]] ; then 43 | printf "need ${OPENSSL_CONF}\n" ; exit 1 44 | fi 45 | 46 | fail () { 47 | # Print an error in red and exit. 48 | tput setaf 1 ; printf "\nERROR: %s\n" "${1}" ; tput sgr0 49 | exit 1 50 | } 51 | 52 | # Generate random common name strings or set custom ones 53 | readonly RAND_FUNC="$(LC_ALL=C tr -dc '[:upper:]' < /dev/urandom | fold -w 6 | head -1)" 54 | for cn in CA SERVER CLIENT ; do 55 | export ${cn}="${cn}-${RAND_FUNC}" 56 | #CA="My CA" 57 | #SERVER="My Server" 58 | #CLIENT="My Client" 59 | done 60 | 61 | # Prepare output directory 62 | mkdir -p ${MATS} >/dev/null 63 | 64 | # Generate keys 65 | for key in ca server client ; do 66 | if [[ ! -f "${MATS}/${key}.key" ]] ; then 67 | ${OPENSSL} genrsa -out ${MATS}/${key}.key ${KEYSIZE} 68 | fi 69 | done 70 | 71 | # Self-sign authority certificate 72 | ${OPENSSL} req -new -x509 -days ${CA_DAYS} -${DEFAULT_MD} \ 73 | -subj "/CN=${CA}" \ 74 | -config ${OPENSSL_CONF} -extensions v3_ca \ 75 | -set_serial "0x$(${OPENSSL} rand -hex ${SERIAL_SIZE})" \ 76 | -key ${MATS}/ca.key -out ${MATS}/ca.pem || \ 77 | fail "failed to sign certificate authority" 78 | 79 | # Create server request 80 | ${OPENSSL} req -new -${DEFAULT_MD} -subj "/CN=${SERVER}" \ 81 | -key ${MATS}/server.key -out ${MATS}/server.csr 82 | 83 | # Sign server certificate 84 | ${OPENSSL} x509 -req -days ${CERT_DAYS} -${DEFAULT_MD} \ 85 | -extfile ${OPENSSL_CONF} -extensions tls_server \ 86 | -set_serial "0x$(${OPENSSL} rand -hex ${SERIAL_SIZE})" \ 87 | -CA ${MATS}/ca.pem -CAkey ${MATS}/ca.key \ 88 | -in ${MATS}/server.csr -out ${MATS}/server.pem 2>/dev/null 89 | 90 | # Create client request 91 | ${OPENSSL} req -new -${DEFAULT_MD} -subj "/CN=${CLIENT}" \ 92 | -key ${MATS}/client.key -out ${MATS}/client.csr 93 | 94 | # Sign client certiicate 95 | ${OPENSSL} x509 -req -days ${CERT_DAYS} -${DEFAULT_MD} \ 96 | -extfile ${OPENSSL_CONF} -extensions tls_client \ 97 | -set_serial "0x$(${OPENSSL} rand -hex ${SERIAL_SIZE})" \ 98 | -CA ${MATS}/ca.pem -CAkey ${MATS}/ca.key \ 99 | -in ${MATS}/client.csr -out ${MATS}/client.pem 2>/dev/null 100 | 101 | # Print materials 102 | for cert in ca server client ; do 103 | printf "\n**** %s ****\n" "${cert}" 104 | ${OPENSSL} x509 -subject -issuer -enddate -serial \ 105 | -fingerprint -sha256 -noout -in ${MATS}/${cert}.pem 106 | printf "*%.0s" {1..16} 107 | done 108 | 109 | -------------------------------------------------------------------------------- /dnsmasq.conf: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/dnsmasq.conf 2 | # https://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html 3 | #dhcp-range=172.16.1.2,172.16.1.15,20h 4 | #dhcp-option=option:router,172.16.1.1 5 | #dhcp-option=option:ntp-server,192.168.1.1 6 | #dhcp-script=/etc/dnsmasq-dhcp.sh 7 | #listen-address=127.0.0.1,172.16.1.1,192.168.1.1 8 | listen-address=127.0.0.1 9 | bogus-priv 10 | cache-size=2000 11 | domain-needed 12 | no-poll 13 | no-resolv 14 | rebind-localhost-ok 15 | stop-dns-rebind 16 | log-facility=/var/log/dnsmasq 17 | log-dhcp 18 | log-queries 19 | #addn-hosts=/etc/dns-blocklist 20 | #address=/local.upload/192.168.1.1 21 | #address=/#/# # block all 22 | #address=/#/127.0.0.1 # block A queries 23 | #address=/#/:: # block AAAA queries 24 | # Specific resolvers for domains 25 | #server=/android.com/8.8.8.8 26 | #server=/blogspot.com/8.8.4.4 27 | #server=/go.dev/8.8.8.8 28 | #server=/google.com/8.8.8.8 29 | #server=/googleapis.com/8.8.8.8 30 | #server=/googlehosted.com/8.8.8.8 31 | #server=/googleusercontent.com/8.8.8.8 32 | #server=/googlevideo.com/8.8.4.4 33 | #server=/ggpht.com/8.8.4.4 34 | #server=/gstatic.com/8.8.4.4 35 | #server=/pki.goog/8.8.4.4 36 | #server=/youtube.com/8.8.4.4 37 | #server=/ytimg.com/8.8.4.4 38 | #server=/aiv-cdn.net/1.0.0.1 39 | #server=/akadns.net/1.1.1.1 40 | #server=/akamai.net/9.9.9.11 41 | #server=/akamaiedge.net/149.112.112.11 42 | #server=/apple.com/208.67.220.220 43 | #server=/cdn-apple.com/208.67.220.220 44 | #server=/ls-apple.com.akadns.net/208.67.220.220 45 | #server=/cloudflare.com/1.1.1.3 46 | #server=/cloudflare.net/1.1.1.3 47 | #server=/cloudflarestorage.com/1.0.0.3 48 | #server=/cloudfront.net/1.0.0.3 49 | #server=/comcast.net/75.75.75.75 50 | #server=/digicert.com/4.2.2.2 51 | #server=/fastly.net/4.2.2.2 52 | #server=/firefox.com/4.2.2.4 53 | #server=/github.com/1.0.0.3 54 | #server=/githubcopilot.com/1.0.0.3 55 | #server=/githubassets.com/1.1.1.3 56 | #server=/githubusercontent.com/1.1.1.3 57 | #server=/ntp.org/4.2.2.2 58 | #server=/sectigo.com/8.8.4.4 59 | #server=/startpage.com/8.8.4.4 60 | #server=/thawte.com/8.8.8.8 61 | #server=/usertrust.com/8.8.8.8 62 | #server=/vzwwo.com/9.9.9.9 63 | #server=/weather.gov/1.0.0.2 64 | #server=/yahoodns.net/1.0.0.3 65 | # Local resolver 66 | #server=192.168.1.1 67 | # localhost port 5300 68 | #server=127.0.0.1#5300 69 | #server=/onion/127.0.0.1#5300 70 | # Google 71 | #server=8.8.4.4 72 | #server=8.8.8.8 73 | # OpenDNS 74 | #server=208.67.220.220 75 | #server=208.67.222.222 76 | #server=208.67.220.123 # family 77 | #server=208.67.222.123 78 | # Cloudflare 79 | #server=1.0.0.1 80 | #server=1.1.1.1 81 | #server=1.0.0.2 # security 82 | #server=1.1.1.2 83 | #server=1.0.0.3 # family 84 | #server=1.1.1.3 85 | # L3 86 | #server=4.2.2.1 87 | #server=4.2.2.2 88 | #server=4.2.2.3 89 | #server=4.2.2.4 90 | #server=4.2.2.5 91 | #server=4.2.2.6 92 | #server=209.244.0.3 93 | #server=209.244.0.4 94 | # Quad9 95 | # https://www.quad9.net/service/service-addresses-and-features/ 96 | #server=9.9.9.9 # filter-pri 97 | #server=149.112.112.9 98 | #server=149.112.112.112 99 | #server=9.9.9.11 # filter-ecs-pri 100 | #server=149.112.112.11 101 | #server=9.9.9.10 # nofilter-pri 102 | #server=149.112.112.10 103 | #server=9.9.9.12 # nofilter-ecs-pri 104 | #server=149.112.112.12 105 | # Alternate DNS 106 | #server=76.76.19.19 107 | #server=76.223.122.150 108 | # Control D 109 | #server=76.76.2.0 110 | #server=76.76.10.0 111 | # Clean Browsing 112 | #server=185.228.168.9 113 | #server=185.228.169.9 114 | #server=185.228.168.168 # family 115 | #server=185.228.169.168 116 | # dns0.eu 117 | #server=185.253.5.0 118 | #server=193.110.81.0 119 | #server=185.253.5.1 # family 120 | #server=193.110.81.1 121 | #server=185.253.5.9 # filter 122 | #server=193.110.81.9 123 | # Verisign 124 | #server=64.6.64.6 125 | #server=64.6.65.6 126 | # Hurricane Electric 127 | #server=74.82.42.42 128 | # UncensoredDNS 129 | #server=91.239.100.100 130 | # Quad 101 (TWNIC) 131 | #server=101.101.101.101 132 | -------------------------------------------------------------------------------- /dnscrypt-proxy.toml: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/dnscrypt-proxy.toml 2 | # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml 3 | #dnscrypt_ephemeral_keys = true 4 | #offline_mode = false 5 | #tls_cipher_suite = [52393] # TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 6 | listen_addresses = ['127.0.0.1:5300'] 7 | max_clients = 250 8 | ipv4_servers = true 9 | ipv6_servers = false 10 | dnscrypt_servers = true 11 | doh_servers = false 12 | odoh_servers = false 13 | require_dnssec = false 14 | require_nolog = true 15 | require_nofilter = true 16 | disabled_server_names = [] 17 | 18 | block_ipv6 = true 19 | block_unqualified = true 20 | block_undelegated = true 21 | reject_ttl = 10 22 | 23 | force_tcp = false 24 | http3 = false 25 | http3_probe = false 26 | 27 | timeout = 5000 28 | keepalive = 30 29 | cert_refresh_delay = 240 30 | 31 | tls_disable_session_tickets = true 32 | bootstrap_resolvers = ['9.9.9.11:53', '8.8.8.8:53'] 33 | ignore_system_dns = false 34 | netprobe_timeout = 60 35 | netprobe_address = '9.9.9.9:53' 36 | 37 | cache = true 38 | cache_size = 4096 39 | cache_min_ttl = 2400 40 | cache_max_ttl = 86400 41 | cache_neg_min_ttl = 60 42 | cache_neg_max_ttl = 600 43 | 44 | forwarding_rules = 'forwarding-rules.txt' 45 | log_level = 2 46 | log_file = 'dnscrypt.log' 47 | 48 | log_files_max_size = 10 49 | log_files_max_age = 30 50 | log_files_max_backups = 10 51 | [query_log] 52 | file = 'query.log' 53 | [nx_log] 54 | file = 'nx.log' 55 | [blocked_names] 56 | blocked_names_file = 'blocklist.txt' 57 | log_file = 'blocked.log' 58 | #[blocked_ips] 59 | # blocked_ips_file = 'ip-blocklist.txt' 60 | # log_file = 'ip-blocked.log' 61 | # 62 | #[sources] 63 | # [sources.public-resolvers] 64 | # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] 65 | # cache_file = 'public-resolvers.md' 66 | # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 67 | # refresh_delay = 72 68 | # prefix = '' 69 | # [sources.relays] 70 | # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md'] 71 | # cache_file = 'relays.md' 72 | # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 73 | # refresh_delay = 72 74 | # prefix = '' 75 | # [sources.quad9-resolvers] 76 | # urls = ['https://www.quad9.net/quad9-resolvers.md'] 77 | # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' 78 | # cache_file = 'quad9-resolvers.md' 79 | # prefix = 'quad9-' 80 | # 81 | # https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md 82 | #[static] 83 | # [static.quad9-dnscrypt-ip4-filter-ecs-pri-1] 84 | # stamp = 'sdns://AQMAAAAAAAAADTkuOS45LjExOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA' 85 | # [static.quad9-dnscrypt-ip4-filter-ecs-pri-2] 86 | # stamp = 'sdns://AQMAAAAAAAAAEzE0OS4xMTIuMTEyLjExOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA' 87 | # [static.quad9-dnscrypt-ip4-filter-pri-1] 88 | # stamp = 'sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0' 89 | # [static.quad9-dnscrypt-ip4-filter-pri-2] 90 | # stamp = 'sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0' 91 | # [static.quad9-dnscrypt-ip4-filter-pri-3] 92 | # stamp = 'sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ' 93 | # [static.quad9-dnscrypt-ip4-nofilter-ecs-pri-1] 94 | # stamp = 'sdns://AQYAAAAAAAAADTkuOS45LjEyOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA' 95 | # [static.quad9-dnscrypt-ip4-nofilter-ecs-pri-2] 96 | # stamp = 'sdns://AQYAAAAAAAAAEzE0OS4xMTIuMTEyLjEyOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA' 97 | -------------------------------------------------------------------------------- /vimrc: -------------------------------------------------------------------------------- 1 | " https://github.com/drduh/config/blob/main/vimrc 2 | " https://vimhelp.org/vim_faq.txt.html 3 | set nocompatible 4 | filetype plugin indent on 5 | syntax on 6 | noremap ; : 7 | noremap 8 | noremap 9 | noremap :tabNext 10 | noremap :tabnext 11 | noremap :tabnew 12 | noremap :nohlsearch 13 | noremap :quit! 14 | noremap :set list! 15 | noremap exec :!./% 16 | noremap ws :%s/\s\+$// 17 | noremap s :setlocal spell! 18 | noremap t o=strftime("%F %H:%M:%S ") 19 | set autoindent " copy indent from current line 20 | set cursorline " underline cursor line 21 | set expandtab " use spaces instead of tabs 22 | set gdefault " use g flag to search/replace 23 | set hidden " switch buffers without saving 24 | set hlsearch " highlight searches 25 | set ignorecase " ignore case when searching 26 | set incsearch " dynamic pattern highlighting 27 | set lazyredraw " no re-draw on untyped commands 28 | set linebreak " break on breakat chars 29 | set magic " magic search strings 30 | set noeol " no newline at eof 31 | set noerrorbells " disable error bells 32 | set nomodeline " disable mode lines 33 | set nostartofline " do not reset cursor to line start when moving 34 | set noswapfile " no swap files 35 | set number " enable line numbers 36 | set paste " always use paste mode 37 | set relativenumber " use line numbers relative to cursor 38 | set showcmd " show partial command as it is typed 39 | set showmatch " show matching brackets 40 | set showmode " show current mode 41 | set smartcase " do not ignore capital letter search 42 | set title " set window title 43 | set ttyfast " optimize for fast terminal connections 44 | set wildmenu " enhanced completion 45 | set wrap " wrap lines 46 | set backspace =2 " intuitive backspacing in insert mode 47 | set cmdheight =2 " never prompt for enter or command 48 | set encoding =utf-8 nobomb " use utf-8 wo bom 49 | set history =200 " line history 50 | set laststatus =2 " always show status line 51 | set scrolloff =3 " scroll 3 lines before horizontal border 52 | set shiftwidth =2 " set tab to 2 spaces 53 | set shortmess =atsI " mute intro message 54 | set softtabstop =2 " make tabs as wide as two spaces 55 | set tabpagemax =2 " maximum 2 tabs 56 | set tabstop =2 " make tabs as wide as two spaces 57 | set updatetime =2000 " write every 2 seconds 58 | set backupdir =~/.vim/backup " backup 59 | set directory =~/.vim/swap " swap 60 | set undodir =~/.vim/undo " undo 61 | set statusline = " set status line 62 | set statusline +=\ 0x%04B\ %* " character under cursor 63 | set statusline +=%#LineNr#%= " spacer 64 | set statusline +=\ %F " file path 65 | set statusline +=\%m\ %* " file mode 66 | set statusline +=\ %{WC()}\ " number of words 67 | set statusline +=\%l/%L\ " number of lines 68 | set viminfo ="" " disable viminfo 69 | "set viminfo ='10 " edited files 70 | "set viminfo +=/10 " pattern items 71 | "set viminfo +=n~/.vim/info " viminfo file name 72 | let g:wc ='' 73 | function WC() 74 | return g:wc 75 | endfunction 76 | function UpdateWordCount() 77 | let lnum=1 78 | let n=0 79 | while lnum<=line('$') 80 | let lnum=lnum+1 81 | let n=n+len(split(getline(lnum))) 82 | endwhile 83 | let g:wc=n 84 | endfunction 85 | augroup WordCounter 86 | au! CursorHold,CursorHoldI * call UpdateWordCount() 87 | augroup END 88 | hi Normal ctermfg=14 ctermbg=8 89 | hi LineNr ctermfg=10 ctermbg=0 90 | hi Comment ctermfg=9 ctermbg=0 91 | hi StatusLine ctermfg=0 ctermbg=3 92 | hi clear SpellBad 93 | hi SpellBad ctermbg=10 94 | autocmd BufRead,InsertLeave * match ExtraWhitespace /\s\+$/ 95 | highlight ExtraWhitespace ctermbg=red 96 | "colorscheme solarized 97 | -------------------------------------------------------------------------------- /dwm.patch: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/master/dwm.patch 2 | # Run 'make' before applying 'patch < dwm.patch' then 'make' again 3 | --- a/config.h Sun Jan 01 00:00:00 2022 4 | +++ b/config.h Sun Jan 01 00:00:01 2022 5 | @@ -1,17 +1,17 @@ 6 | /* See LICENSE file for copyright and license details. */ 7 | 8 | /* appearance */ 9 | static const unsigned int borderpx = 1; /* border pixel of windows */ 10 | static const unsigned int snap = 32; /* snap pixel */ 11 | static const int showbar = 1; /* 0 means no bar */ 12 | static const int topbar = 1; /* 0 means bottom bar */ 13 | -static const char *fonts[] = { "monospace:size=10" }; 14 | -static const char dmenufont[] = "monospace:size=10"; 15 | -static const char col_gray1[] = "#222222"; 16 | -static const char col_gray2[] = "#444444"; 17 | -static const char col_gray3[] = "#bbbbbb"; 18 | -static const char col_gray4[] = "#eeeeee"; 19 | -static const char col_cyan[] = "#005577"; 20 | +static const char *fonts[] = { "Inconsolata:size=18" }; 21 | +static const char dmenufont[] = "Inconsolata:size=18"; 22 | +static const char col_gray1[] = "#002b36"; 23 | +static const char col_gray2[] = "#002b36"; 24 | +static const char col_gray3[] = "#93a1a1"; 25 | +static const char col_gray4[] = "#93a1a1"; 26 | +static const char col_cyan[] = "#002b36"; 27 | static const char *colors[][3] = { 28 | /* fg bg border */ 29 | [SchemeNorm] = { col_gray3, col_gray1, col_gray2 }, 30 | @@ -19,28 +43,27 @@ 31 | }; 32 | 33 | /* tagging */ 34 | -static const char *tags[] = { "1", "2", "3", "4", "5", "6", "7", "8", "9" }; 35 | +static const char *tags[] = { 36 | + "sun", "mercury", "venus", "earth", "mars", 37 | + "jupiter", "saturn", "uranus", "neptune" 38 | +}; 39 | 40 | -static const Rule rules[] = { 41 | - /* xprop(1): 42 | - * WM_CLASS(STRING) = instance, class 43 | - * WM_NAME(STRING) = title 44 | - */ 45 | - /* class instance title tags mask isfloating monitor */ 46 | - { "Gimp", NULL, NULL, 0, 1, -1 }, 47 | - { "Firefox", NULL, NULL, 1 << 8, 0, -1 }, 48 | +static Rule rules[] = { 49 | + /* class instance title tags mask isfloating monitor */ 50 | + { NULL, NULL, NULL, 0, False, -1 }, 51 | }; 52 | 53 | /* layout(s) */ 54 | static const float mfact = 0.55; /* factor of master area size [0.05..0.95] */ 55 | static const int nmaster = 1; /* number of clients in master area */ 56 | -static const int resizehints = 1; /* 1 means respect size hints in tiled resizals */ 57 | +static const int resizehints = 0; /* 1 means respect size hints in tiled resizals */ 58 | 59 | static const Layout layouts[] = { 60 | - /* symbol arrange function */ 61 | - { "[]=", tile }, /* first entry is default */ 62 | - { "><>", NULL }, /* no layout function means floating behavior */ 63 | - { "[M]", monocle }, 64 | + /* symbol arrange function */ 65 | + { "[tile]", tile }, 66 | + { "[float]", NULL }, 67 | + { "[full]", monocle }, 68 | + { "[grid]", grid}, 69 | }; 70 | 71 | /* key definitions */ 72 | @@ -76,6 +99,7 @@ 73 | { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, 74 | { MODKEY, XK_f, setlayout, {.v = &layouts[1]} }, 75 | { MODKEY, XK_m, setlayout, {.v = &layouts[2]} }, 76 | + { MODKEY, XK_g, setlayout, {.v = &layouts[3]} }, 77 | { MODKEY, XK_space, setlayout, {0} }, 78 | { MODKEY|ShiftMask, XK_space, togglefloating, {0} }, 79 | { MODKEY, XK_0, view, {.ui = ~0 } }, 80 | 81 | --- a/config.mk Sun Jan 01 00:00:00 2022 82 | +++ b/config.mk Sun Jan 01 00:00:01 2022 83 | @@ -26,13 +24,16 @@ 84 | 85 | # flags 86 | CPPFLAGS = -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_C_SOURCE=200809L -DVERSION=\"${VERSION}\" ${XINERAMAFLAGS} 87 | -#CFLAGS = -g -std=c99 -pedantic -Wall -O0 ${INCS} ${CPPFLAGS} 88 | -CFLAGS = -std=c99 -pedantic -Wall -Wno-deprecated-declarations -Os ${INCS} ${CPPFLAGS} 89 | +CFLAGS = -std=c99 -Wno-deprecated-declarations -Os ${INCS} ${CPPFLAGS} \ 90 | + -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -O3 -pipe \ 91 | + -Wpedantic -Wall -Wextra -Wconversion -Wsign-conversion \ 92 | + -Wformat -Wformat-security -Werror=format-security \ 93 | + -Wstack-protector -fstack-protector-all \ 94 | + --param ssp-buffer-size=1 \ 95 | + -fasynchronous-unwind-tables \ 96 | + -fexceptions -fpie -fpic \ 97 | + -ftrapv -flto -fvisibility=hidden 98 | + 99 | LDFLAGS = ${LIBS} 100 | 101 | -# Solaris 102 | -#CFLAGS = -fast ${INCS} -DVERSION=\"${VERSION}\" 103 | -#LDFLAGS = ${LIBS} 104 | - 105 | -# compiler and linker 106 | CC = cc 107 | -------------------------------------------------------------------------------- /domains/providers: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/providers 2 | # https://lots-project.com/ 3 | # for x in $(curl -s "https://lots-project.com/" | grep href | \ 4 | # sed -e "s/..a>$//g" -e "s/.*>//g" -e "s/\*\.//g" | sort | uniq) ; \ 5 | # do printf "address=/$x/\n" ; done 6 | #address=/amazonaws.com/ 7 | #address=/blogspot.com/ 8 | #address=/docs.google.com/ 9 | #address=/docusign.com/ 10 | #address=/dropbox.com/ 11 | #address=/github.com/ 12 | #address=/github.io/ 13 | #address=/gitlab.com/ 14 | #address=/googleusercontent.com/ 15 | #address=/icloud.com/ 16 | #address=/raw.githubusercontent.com/ 17 | #address=/reddit.com/ 18 | #address=/sites.google.com/ 19 | #address=/slack-files.com/ 20 | #address=/slack.com/ 21 | #address=/storage.googleapis.com/ 22 | #address=/wordpress.com/ 23 | #address=/youtube.com/ 24 | #address=/zendesk.com/ 25 | address=/000webhostapp.com/ 26 | address=/12ft.io/ 27 | address=/1drv.com/ 28 | address=/1drv.ms/ 29 | address=/4sync.com/ 30 | address=/anonfiles.com/ 31 | address=/api.telegram.org/ 32 | address=/app.milanote.com/ 33 | address=/appdomain.cloud/ 34 | address=/appspot.com/ 35 | address=/archive.org/ 36 | address=/archive.ph/ 37 | address=/atlassian.net/ 38 | address=/attachment.outlook.live.net/ 39 | address=/attachments.office.net/ 40 | address=/axshare.com/ 41 | address=/azureedge.net/ 42 | address=/azurefd.net/ 43 | address=/azurestaticapps.net/ 44 | address=/azurewebsites.net/ 45 | address=/backblazeb2.com/ 46 | address=/beautiful.ai/ 47 | address=/bit.ly/ 48 | address=/bitbucket.io/ 49 | address=/bitbucket.org/ 50 | address=/blob.core.windows.net/ 51 | address=/box.com/ 52 | address=/cdn.discordapp.com/ 53 | address=/cdn.fbsbx.com/ 54 | address=/clbin.com/ 55 | address=/clickfunnels.com/ 56 | address=/cloudapp.azure.com/ 57 | address=/cloudapp.net/ 58 | address=/cloudfront.net/ 59 | address=/cloudwaysapps.com/ 60 | address=/codepen.io/ 61 | address=/codesandbox.io/ 62 | address=/csb.app/ 63 | address=/ct.sendgrid.net/ 64 | address=/cutt.ly/ 65 | address=/digitaloceanspaces.com/ 66 | address=/discord.com/ 67 | address=/doc.clickup.com/ 68 | address=/docsend.com/ 69 | address=/dogechain.info/ 70 | address=/doubleclick.net/ 71 | address=/drive.google.com/ 72 | address=/dropmark.com/ 73 | address=/duckdns.org/ 74 | address=/easywp.com/ 75 | address=/evernote.com/ 76 | address=/express.adobe.com/ 77 | address=/facebook.com/ 78 | address=/feedproxy.google.com/ 79 | address=/filebin.net/ 80 | address=/filecloudonline.com/ 81 | address=/filetransfer.io/ 82 | address=/firebaseapp.com/ 83 | address=/firebasestorage.googleapis.com/ 84 | address=/fleek.co/ 85 | address=/format.com/ 86 | address=/forms.office.com/ 87 | address=/fyi.to/ 88 | address=/genius.com/ 89 | address=/gitee.com/ 90 | address=/glitch.me/ 91 | address=/godaddysites.com/ 92 | address=/gofile.io/ 93 | address=/googleweblight.com/ 94 | address=/graph.microsoft.com/ 95 | address=/herokuapp.com/ 96 | address=/hostingerapp.com/ 97 | address=/i.imgur.com/ 98 | address=/ideone.com/ 99 | address=/inmotionhosting.com/ 100 | address=/instagram.com/ 101 | address=/ix.io/ 102 | address=/linodeobjects.com/ 103 | address=/lnkd.in/ 104 | address=/localhost.run/ 105 | address=/mediafire.com/ 106 | address=/mega.nz/ 107 | address=/my.visme.co/ 108 | address=/mybluehost.me/ 109 | address=/mybluemix.net/ 110 | address=/myportfolio.com/ 111 | address=/mystrikingly.com/ 112 | address=/nethunt.com/ 113 | address=/netlify.app/ 114 | address=/ngrok.io/ 115 | address=/nimbusweb.me/ 116 | address=/notion.site/ 117 | address=/notion.so/ 118 | address=/nt.embluemail.com/ 119 | address=/on.aws/ 120 | address=/ondigitalocean.app/ 121 | address=/onedrive.live.com/ 122 | address=/onenoteonlinesync.onenote.com/ 123 | address=/oraclecloud.com/ 124 | address=/pagecloud.com/ 125 | address=/pages.dev/ 126 | address=/parg.co/ 127 | address=/paste.ee/ 128 | address=/pastebin.com/ 129 | address=/pastebin.pl/ 130 | address=/pastetext.net/ 131 | address=/pastie.org/ 132 | address=/pcloud.com/ 133 | address=/plesk.page/ 134 | address=/rb.gy/ 135 | address=/rebrand.ly/ 136 | address=/rentry.co/ 137 | address=/repl.co/ 138 | address=/requestbin.net/ 139 | address=/rf.gd/ 140 | address=/s.id/ 141 | address=/sendspace.com/ 142 | address=/sharepoint.com/ 143 | address=/siasky.net/ 144 | address=/slab.com/ 145 | address=/spark.adobe.com/ 146 | address=/sprunge.us/ 147 | address=/stonly.com/ 148 | address=/sway.office.com/ 149 | address=/t.co/ 150 | address=/t.m1.email.samsung.com/ 151 | address=/telegra.ph/ 152 | address=/teletype.in/ 153 | address=/termbin.com/ 154 | address=/textbin.net/ 155 | address=/tinyurl.com/ 156 | address=/track.adform.net/ 157 | address=/transfer.sh/ 158 | address=/translate.goog/ 159 | address=/trello.com/ 160 | address=/trycloudflare.com/ 161 | address=/tumblr.com/ 162 | address=/twitter.com/ 163 | address=/typeform.com/ 164 | address=/ufile.io/ 165 | address=/viewer.joomag.com/ 166 | address=/wasabisys.com/ 167 | address=/web.app/ 168 | address=/web.core.windows.net/ 169 | address=/webflow.io/ 170 | address=/weebly.com/ 171 | address=/wetransfer.com/ 172 | address=/wixsite.com/ 173 | address=/workers.dev/ 174 | address=/workflowy.com/ 175 | address=/wtools.io/ 176 | address=/www.canva.com/ 177 | address=/www.surveycake.com/ 178 | address=/www.uplooder.net/ 179 | address=/xiti.com/ 180 | address=/zerobin.net/ 181 | -------------------------------------------------------------------------------- /zones: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/zones 2 | # https://ipdeny.com/ipblocks/ 3 | #us # UNITED STATES 4 | af # AFGHANISTAN 5 | al # ALBANIA 6 | dz # ALGERIA 7 | as # AMERICAN SAMOA 8 | ad # ANDORRA 9 | ao # ANGOLA 10 | ai # ANGUILLA 11 | aq # ANTARCTICA 12 | ag # ANTIGUA AND BARBUDA 13 | ar # ARGENTINA 14 | am # ARMENIA 15 | aw # ARUBA 16 | au # AUSTRALIA 17 | at # AUSTRIA 18 | az # AZERBAIJAN 19 | bs # BAHAMAS 20 | bh # BAHRAIN 21 | bd # BANGLADESH 22 | bb # BARBADOS 23 | by # BELARUS 24 | be # BELGIUM 25 | bz # BELIZE 26 | bj # BENIN 27 | bm # BERMUDA 28 | bt # BHUTAN 29 | bo # BOLIVIA 30 | ba # BOSNIA AND HERZEGOVINA 31 | bw # BOTSWANA 32 | br # BRAZIL 33 | io # BRITISH INDIAN OCEAN TERRITORY 34 | bn # BRUNEI DARUSSALAM 35 | bg # BULGARIA 36 | bf # BURKINA FASO 37 | bi # BURUNDI 38 | kh # CAMBODIA 39 | cm # CAMEROON 40 | ca # CANADA 41 | cv # CAPE VERDE 42 | ky # CAYMAN ISLANDS 43 | cf # CENTRAL AFRICAN REPUBLIC 44 | td # CHAD 45 | cl # CHILE 46 | cn # CHINA 47 | cc # COCOS (KEELING) ISLANDS 48 | co # COLOMBIA 49 | km # COMOROS 50 | cg # CONGO 51 | cd # CONGO, THE DEMOCRATIC REPUBLIC OF THE 52 | ck # COOK ISLANDS 53 | cr # COSTA RICA 54 | ci # COTE D'IVOIRE 55 | hr # CROATIA 56 | cu # CUBA 57 | cy # CYPRUS 58 | cz # CZECH REPUBLIC 59 | dk # DENMARK 60 | dj # DJIBOUTI 61 | dm # DOMINICA 62 | do # DOMINICAN REPUBLIC 63 | ec # ECUADOR 64 | eg # EGYPT 65 | sv # EL SALVADOR 66 | gq # EQUATORIAL GUINEA 67 | er # ERITREA 68 | ee # ESTONIA 69 | et # ETHIOPIA 70 | fk # FALKLAND ISLANDS MALVI 71 | fo # FAROE ISLANDS 72 | fj # FIJI 73 | fi # FINLAND 74 | fr # FRANCE 75 | gf # FRENCH GUIANA 76 | pf # FRENCH POLYNESIA 77 | ga # GABON 78 | gm # GAMBIA 79 | ge # GEORGIA 80 | de # GERMANY 81 | gh # GHANA 82 | gi # GIBRALTAR 83 | gr # GREECE 84 | gl # GREENLAND 85 | gd # GRENADA 86 | gp # GUADELOUPE 87 | gu # GUAM 88 | gt # GUATEMALA 89 | gw # GUINEA-BISSAU 90 | gn # GUINEA 91 | gy # GUYANA 92 | ht # HAITI 93 | va # HOLY SEE VATICAN CITY ST 94 | hn # HONDURAS 95 | hk # HONG KONG 96 | hu # HUNGARY 97 | is # ICELAND 98 | in # INDIA 99 | id # INDONESIA 100 | ir # IRAN, ISLAMIC REPUBLIC OF 101 | iq # IRAQ 102 | ie # IRELAND 103 | im # ISLE OF MAN 104 | il # ISRAEL 105 | it # ITALY 106 | jm # JAMAICA 107 | jp # JAPAN 108 | je # JERSEY 109 | jo # JORDAN 110 | kz # KAZAKHSTAN 111 | ke # KENYA 112 | ki # KIRIBATI 113 | kp # KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF 114 | kr # KOREA, REPUBLIC OF 115 | kw # KUWAIT 116 | kg # KYRGYZSTAN 117 | ax # LAND ISLANDS 118 | la # LAO PEOPLE'S DEMOCRATIC REPUBLIC 119 | lv # LATVIA 120 | lb # LEBANON 121 | ls # LESOTHO 122 | lr # LIBERIA 123 | ly # LIBYAN ARAB JAMAHIRIYA 124 | li # LIECHTENSTEIN 125 | lt # LITHUANIA 126 | lu # LUXEMBOURG 127 | mo # MACAO 128 | mk # MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF 129 | mg # MADAGASCAR 130 | mw # MALAWI 131 | my # MALAYSIA 132 | mv # MALDIVES 133 | ml # MALI 134 | mt # MALTA 135 | mh # MARSHALL ISLANDS 136 | mq # MARTINIQUE 137 | mr # MAURITANIA 138 | mu # MAURITIUS 139 | yt # MAYOTTE 140 | mx # MEXICO 141 | fm # MICRONESIA, FEDERATED STATES OF 142 | md # MOLDOVA, REPUBLIC OF 143 | mc # MONACO 144 | mn # MONGOLIA 145 | me # MONTENEGRO 146 | ms # MONTSERRAT 147 | ma # MOROCCO 148 | mz # MOZAMBIQUE 149 | mm # MYANMAR 150 | na # NAMIBIA 151 | nr # NAURU 152 | np # NEPAL 153 | nl # NETHERLANDS 154 | nc # NEW CALEDONIA 155 | nz # NEW ZEALAND 156 | ni # NICARAGUA 157 | ng # NIGERIA 158 | ne # NIGER 159 | nu # NIUE 160 | nf # NORFOLK ISLAND 161 | mp # NORTHERN MARIANA ISLANDS 162 | no # NORWAY 163 | om # OMAN 164 | pk # PAKISTAN 165 | pw # PALAU 166 | ps # PALESTINIAN TERRITORY, OCCUPIED 167 | pa # PANAMA 168 | pg # PAPUA NEW GUINEA 169 | py # PARAGUAY 170 | pe # PERU 171 | ph # PHILIPPINES 172 | pl # POLAND 173 | pt # PORTUGAL 174 | pr # PUERTO RICO 175 | qa # QATAR 176 | re # REUNION 177 | ro # ROMANIA 178 | ru # RUSSIAN FEDERATION 179 | rw # RWANDA 180 | kn # SAINT KITTS AND NEVIS 181 | lc # SAINT LUCIA 182 | pm # SAINT PIERRE AND MIQUELON 183 | vc # SAINT VINCENT AND THE GRENADINES 184 | ws # SAMOA 185 | sm # SAN MARINO 186 | st # SAO TOME AND PRINCIPE 187 | sa # SAUDI ARABIA 188 | sn # SENEGAL 189 | rs # SERBIA 190 | sc # SEYCHELLES 191 | sl # SIERRA LEONE 192 | sg # SINGAPORE 193 | sk # SLOVAKIA 194 | si # SLOVENIA 195 | sb # SOLOMON ISLANDS 196 | so # SOMALIA 197 | za # SOUTH AFRICA 198 | es # SPAIN 199 | lk # SRI LANKA 200 | sd # SUDAN 201 | sr # SURINAME 202 | sz # SWAZILAND 203 | se # SWEDEN 204 | ch # SWITZERLAND 205 | sy # SYRIAN ARAB REPUBLIC 206 | tw # TAIWAN 207 | tj # TAJIKISTAN 208 | tz # TANZANIA, UNITED REPUBLIC OF 209 | th # THAILAND 210 | tl # TIMOR-LESTE 211 | tg # TOGO 212 | tk # TOKELAU 213 | to # TONGA 214 | tt # TRINIDAD AND TOBAGO 215 | tn # TUNISIA 216 | tr # TURKEY 217 | tm # TURKMENISTAN 218 | tc # TURKS AND CAICOS ISLANDS 219 | tv # TUVALU 220 | ug # UGANDA 221 | ua # UKRAINE 222 | ae # UNITED ARAB EMIRATES 223 | gb # UNITED KINGDOM 224 | um # UNITED STATES MINOR OUTLYING ISLANDS 225 | uy # URUGUAY 226 | uz # UZBEKISTAN 227 | vu # VANUATU 228 | ve # VENEZUELA 229 | vn # VIET NAM 230 | vg # VIRGIN ISLANDS, BRITISH 231 | vi # VIRGIN ISLANDS, U.S. 232 | wf # WALLIS AND FUTUNA 233 | ye # YEMEN 234 | zm # ZAMBIA 235 | zw # ZIMBABWE 236 | -------------------------------------------------------------------------------- /scripts/updateAndroid.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/updateAndroid.sh 3 | # Download and verify APK files (requires Android Studio). 4 | 5 | #set -x # uncomment to debug 6 | set -o errtrace 7 | set -o nounset 8 | set -o pipefail 9 | 10 | apksigner="$(command -v apksigner || command -v \ 11 | ${HOME}/Library/Android/sdk/build-tools/36.1.0/apksigner)" 12 | 13 | certAegis="c6db80a8e14e5230c1de8415ef820d13dc901d8fe33cf3acb57b6862d858a823" 14 | certFairEmail="e02067249f5a350e0ec703fe9df4dd682e0291a09f0c2e041050bbe7c064f5c9" 15 | certFirefox="a78b62a5165b4494b2fead9e76a280d22d937fee6251aece599446b2ea319b04" 16 | certFossify="affdb124d3f4720c2f98dbca9eacba0514fba4306e20a2786c861c3c0d6ff292" 17 | certKiwix="6dfbfc62e16587a78aa2d9585ae9bb7f6973c2bf84034b7b90101a401409f5aa" 18 | certNetGuard="e4a260a2dce7b7af23ee919c489e15fd0102b93f9e7c9d82b09c0b395000e4d4" 19 | certNewPipe="cb84069bd68116bafae5ee4ee5b08a567aa6d898404e7cb12f9e756df5cf5cab" 20 | certOsmand="d192f4fffff2fae37f2821e4ca44f4cbe2483e7ffa24a8472043f685dd5bed27" 21 | certProton="dcc9439ec1a6c6a8d0203f3423ee42bcc8b970628e53cb73a0393f398dd5b853" 22 | certSignal="4be4f6cd5be844083e900279dc822af65a547fecc26aba7ff1f5203a45518cd8" 23 | 24 | gitRepos="https://api.github.com/repos" 25 | gitRepoAegis="${gitRepos}/beemdevelopment/Aegis" 26 | gitRepoCalendar="${gitRepos}/FossifyOrg/Calendar" 27 | gitRepoFairEmail="${gitRepos}/M66B/FairEmail" 28 | gitRepoGallery="${gitRepos}/FossifyOrg/Gallery" 29 | gitRepoKiwix="${gitRepos}/kiwix/kiwix-android" 30 | gitRepoNetGuard="${gitRepos}/M66B/NetGuard" 31 | gitRepoNewPipe="${gitRepos}/TeamNewPipe/NewPipe" 32 | gitRepoProton="${gitRepos}/ProtonMail/android-mail" 33 | gitUrl="https://github.com" 34 | 35 | urlFirefox="https://archive.mozilla.org/pub/fenix/releases" 36 | urlOsmand="https://download.osmand.net/releases" 37 | urlSignal="https://updates.signal.org/android/latest.json" 38 | 39 | 40 | fail() { 41 | # Print error string in red and exit. 42 | tput setaf 1 ; printf "FAIL: %s\n" "${1}" ; tput sgr0 43 | exit 1 44 | } 45 | 46 | printLoad() { 47 | # Print loading string in blue. 48 | tput setaf 4 ; printf "LOAD: %s\n" "${1}" ; tput sgr0 49 | } 50 | 51 | printRelease() { 52 | # Print release string in yellow. 53 | tput setaf 3 ; printf "VERS: %s\n" "${1}" ; tput sgr0 54 | } 55 | 56 | printValid() { 57 | # Print validation string in green. 58 | tput setaf 2 ; printf "PASS: %s\n" "${1}" ; tput sgr0 59 | } 60 | 61 | download() { 62 | # Download and save file, or exit on error. 63 | curl --connect-timeout 5 -sLfO "${1}" || \ 64 | fail "could not download '${1}'" 65 | } 66 | 67 | verify() { 68 | # Verify signature with apksigner or exit on fail. 69 | "${apksigner}" verify --verbose --print-certs "${1}" 2>/dev/null | \ 70 | grep -q "${2}" || fail "could not verify '${1}'" 71 | } 72 | 73 | getReleaseGit() { 74 | # Get and parse latest Git release information. 75 | json=$(curl -s "${1}/releases/latest") || \ 76 | fail "could not get release" 77 | if ! jq -e '.assets | length > 0' >/dev/null <<< "${json}" ; then 78 | fail "no release found" ; fi 79 | jq -r '.assets[0] | 80 | [.uploader.login, .name, .browser_download_url, 81 | (.download_count|tostring), .updated_at] | @tsv' <<< "${json}" 82 | } 83 | 84 | getPackageGit() { 85 | # Download and verify latest Git release package. 86 | IFS=$'\t' read -r \ 87 | author package url count mtime < <(getReleaseGit "${1}") 88 | printRelease "${package} (${author}@${mtime}, ${count} downloads)" 89 | if [[ ! -f "${package}" ]] ; then 90 | printLoad "${package}" ; download "${url}" ; fi 91 | verify "${package}" "${2}" && printValid "${package}" 92 | } 93 | 94 | updateAegis() { 95 | getPackageGit "${gitRepoAegis}" "${certAegis}" 96 | } 97 | 98 | updateCalendar() { 99 | getPackageGit "${gitRepoCalendar}" "${certFossify}" 100 | } 101 | 102 | updateFairEmail() { 103 | getPackageGit "${gitRepoFairEmail}" "${certFairEmail}" 104 | } 105 | 106 | updateGallery() { 107 | getPackageGit "${gitRepoGallery}" "${certFossify}" 108 | } 109 | 110 | updateKiwix() { 111 | getPackageGit "${gitRepoKiwix}" "${certKiwix}" 112 | } 113 | 114 | updateNetGuard() { 115 | getPackageGit "${gitRepoNetGuard}" "${certNetGuard}" 116 | } 117 | 118 | updateNewPipe() { 119 | getPackageGit "${gitRepoNewPipe}" "${certNewPipe}" 120 | } 121 | 122 | updateProton() { 123 | getPackageGit "${gitRepoProton}" "${certProton}" 124 | } 125 | 126 | updateFirefox() { 127 | version=$(curl -s "${urlFirefox}/" | \ 128 | grep -Eo "[0-9]{1,}.[0-9]{1,}.[0-9]{1,}" | grep -v b | sort -V | tail -1) 129 | apkPath="fenix-${version}-android-arm64-v8a" 130 | package="fenix-${version}.multi.android-arm64-v8a.apk" 131 | if [[ ! -f "${package}" ]] ; then 132 | printLoad "${package}" 133 | curl -sLfO "${urlFirefox}/${version}/android/${apkPath}/${package}" || \ 134 | fail "could not download Firefox" 135 | fi 136 | verify "${package}" "${certFirefox}" && printValid "${package}" 137 | } 138 | 139 | updateOsmand() { 140 | package=$(curl -s "${urlOsmand}/" | \ 141 | grep -Eo "net.osmand-[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}.apk" | \ 142 | sort -V | tail -1) 143 | if [[ ! -f "${package}" ]] ; then 144 | printLoad "${package}" 145 | curl -sLfO "${urlOsmand}/${package}" || \ 146 | fail "could not download '${package}'" 147 | fi 148 | verify "${package}" "${certOsmand}" && printValid "${package}" 149 | } 150 | 151 | updateSignal() { 152 | version=$(curl -s "${urlSignal}" | jq -r '.url') 153 | package=$(basename "${version}") 154 | if [[ ! -f "${package}" ]] ; then 155 | printLoad "${package}" 156 | curl -sLfO "${version}" || \ 157 | fail "could not download '${package}'" 158 | fi 159 | verify "${package}" "${certSignal}" && printValid "${package}" 160 | } 161 | 162 | updateAllGit() { 163 | # Update packages from Git. 164 | updateAegis 165 | updateCalendar 166 | updateFairEmail 167 | updateGallery 168 | updateKiwix 169 | updateNetGuard 170 | updateNewPipe 171 | updateProton 172 | } 173 | 174 | updateAllUrl() { 175 | # Update packages from Urls. 176 | updateFirefox 177 | updateOsmand 178 | updateSignal 179 | } 180 | 181 | checkConnection() { 182 | # Check connectivity to Git or exit. 183 | curl -sI "${gitUrl}" >/dev/null || \ 184 | fail "could not reach '${gitUrl}'" 185 | } 186 | 187 | main() { 188 | # Main function. 189 | checkConnection 190 | updateAllGit 191 | updateAllUrl 192 | } 193 | 194 | main 195 | -------------------------------------------------------------------------------- /pubkey.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFdE39sBEADZr+hufjP1PsFbN+KRhg7POinQuQQgELpp5PPqXA0FZDYzNoFq 4 | rPo3dNeQ0DAPMHVllrcE8FbYgIdfobT1Xv0csDijCyv3z8ZOVnJ36R/f1mucVcas 5 | euUJ1Pi6iC9pjEXjxGaz812oWUrGCsZnqaEzaXe6HM4HAzFydo8WaNZt2VI9A5Cx 6 | sul+t2uEvT2MsylPhDD0DKBa1MJLwlrhE7YnEI26XsJoONLoZ5T3KmvK0q8Q9fAK 7 | Vb4wdOv2KKgYNnfD0/qonzt52BdVtOOsh4R52X12wkXheRawHAl2IdyeyX4NaLC1 8 | qgGYRBQre7ufp6EHej9Hol7o7k4a9gnBRfuyFAj5Z5LUV7345qMnq14228eE00N4 9 | jOXNBNLT2QNtqUIgHFkC26VdQwDPUdNOHXBk/5Z+aIRCUbdgyXkSkJ4iSOPyoolq 10 | Q8xbJorqyLh4sclBYoXgekCZW2IK2yOFlSve81xM9P3Hov6HdeygA4nj42rWitqx 11 | 64grsDmNynbjCHlev7DWpDfxQRf9OSGppUjSGqTsh+lN2vnOLwe85Bgh4gMW555m 12 | zvV/UUko3t+mPMR/2jf4a6XWePAUJvTQKMR+8YJk2ARWl+Zrk5bA9sR8BdmidUUd 13 | cahcedvbw5oKwV1rJKHpIU1Ivy0Q7wEEEszfkVIs+ij/94fD7+XrnHWLNwARAQAB 14 | tBNEciBEdWggPGRvY0BkdWgudG8+iQI3BBMBCgAhBQJXRN/bAhsDBQsJCAcDBRUK 15 | CQgLBRYCAwEAAh4BAheAAAoJEP8+fYhkfrzbYv0QAK2X2a/jG7w8GyCHx9rxQU7K 16 | kSAFR80HfKlmOm9sUlCH++zVBNqI+VurU9K/p1QYq03cZm5q5/kuyXIiC5NATTxx 17 | zLFhGv0E4fsp+3q85c0rTqHDlG5Y8YE4UTPCVpOJ0JCelHudDRgycoxfB4RZSdzG 18 | kUca2SPofP/Zuy7XrszJ5P4eVipdiTdUQk4MFpbW9HKMW1TSpJlZz4ggPe3qSOdi 19 | QJx+NcwSttZp72g0gxqdYdx6OTNpiPecckuiL3dt1bV+9u+uT7z5DqvFlhmb5kPk 20 | dr+09yiFMKTjyEcdSB+/ux+hASBKMWGDqpCEGofYgcLzYCcbhVABCDkq8yv5DFfB 21 | IDmE/fX1NRKGPRBoHBadVMpaoFjdDv9Glu8iK/6UWY1h1LqdRv3gU3EH7Ixy8kmb 22 | 7UmFJ9E/UwEAFQrdcUBMxRdhiODzJX6MASgkiDDLYpQzw4yJOzgXO/8dAtGpzQUP 23 | 6HveP9gnJpANctsAKv61P2uQTIoV10eMcGWP5kQIcyXyw6Ys9+3bO5gbAGelfG0U 24 | f8XcrgGmP5m9AHjjKitYi1ZMpz9FD1h5QyxoXwDsHQaaqzN+TxHpBOD7EY9QtRuY 25 | Tf1a3xiVBeB+JTvzyQkJQLJQlvVGzQv4131NlgAgVTtDBc5Et/s8djY/b4jUU4Oq 26 | vuIBJT+iWmgwh+q5ygbxuQINBFdE4hkBEACwpBlBeSdR/Uv71QZr9k1hNLVLVgos 27 | gPRy3RiJsqItuWDTNKOc1tZ7rc3us7qEFgwC0utgGds+Njz+emBDLMf6XQJMwrfB 28 | L7LMpS1P1wZwLq7c9l5nf1IMMtrjcZSMbHCf2ICve4/ROKN8lx8qOESSSmWq7pir 29 | XdgYIgaJWt0iYIm2oDoZ7r6X5L82FLt469/hOtK0B+/Nvw70fxogDKyzbkKkxmC5 30 | vdig8A+ZUn7LzZvVVs6qox2xw7fJ5VsQknkunqyX5WcfKxwZ5vifa3Lzd7meAAnh 31 | ZD0SW9+VgAyNaIGquNTXxQH+XSaig2cRJHo94oMLcN+zCWGGWNpk08yfKoKZIqnH 32 | sv+QrafraDdMfY8kWSQ4Oq1SmtaJypma7pHMY2jksE2r80K/jsPAjR3ue9ROdhkk 33 | /o79QRIsz+XNvFF9gKaAhNE0BDKlXkaLpE0NaobejX5TdgtEeBvNEdeDyDX6ueXL 34 | NJ/uwaLo5y/WpDJgYNGpXj9c37e07j/uAtguUO9Yg/9mAtphD8HJH+QyycaSyir2 35 | eJImbZhSfkgddKPMHhNluFdLg3aPhsh4J3oPVYPeflcP0mPYtFG6FUO0k5gsRiIy 36 | CW3Hh9mtap0B3w0PvHRhPLSoVWX4ZaAURQeJeGCoHkq9LhBdopv81hqTFQo7iaOd 37 | 0Qq6aOOtPD6AYwARAQABiQQ+BBgBCgAJBQJXROIZAhsCAikJEP8+fYhkfrzbwV0g 38 | BBkBCgAGBQJXROIZAAoJEL7Po8GuGR0V3owP/0uE+/ubbeWzLmHqfyJZVKfQbTOq 39 | RjGCu3s/1DQiG6ZXELQeL8KjZMKVAoUs/InrOE4P16irOY4vCBveDxwUixCZ463/ 40 | yd7atQkR8lvhq+HOrKkl7vU1vPb/UntwyFU9k1M5/Bk1bLOruFAD3JNBDt+Szr2S 41 | xMR1z2sIPda3j9OFWhX3kksdVfNluyIUsXLLIEaengDBMu/Li/Fbbn17Bkq45pyH 42 | JaJX0PkH2LxPlZTwOOr9iWJ612Yr7l7hupyJ9lS8tWnLbCgLrtrvmVnrAVJoDzp/ 43 | 3yLdUwqgHZIwnDe+5AydEY8WPwTHQiWWTqMdQqVmQQA60o6SSxkZ7nHSN56PQwmq 44 | rzb5xl3AeW04y0C2yidrR305xvEVc1a3SRJV+PMlzsAcNUuu7kAzpnRWwTwX9DEK 45 | V8HdU3F8KrLNvBkR95YrQ4mFc240qZWfOlR5wkGAmzeAaW1RxTVyYmkgJykb4psq 46 | DkTyFe1ieCwQa9u1M6N9PTmi20Mi30ZmDvOZPTFqt6IAnWGGellqcBmysr+L4obr 47 | /KChJBUIyWhDQfyMVug3V5nPaRx8BdoY1iHZ0LTynBwEyOgovpyos2tgcOD+JGhX 48 | 3EqzmrGd7O5xktAuSCRasnbfyy4pn7ntfvwnw8QphZr8hCcgOqsUHHssPfkwncjA 49 | Tyyz09cm7zoaY0OLkcMP/22auf2kWTiv1UPWj9EjKaK4yUH44xNsHXAX6uuSUSkM 50 | QxFqFtkZBhq2gIGMUOmvkANtrls3LpbjfdS4tbp9fMZKnBWyhEl39EJ5UypH0DmH 51 | WQgb24G6AREg1kwuu+eds0crSPuJnHq8ZrhAIvBvRtfGjl7imJlYVKARA97wiNgT 52 | jGVQ1tJ0B85QNFpdvj0DBoVjh4ST0uahsBU0GNLF65GD+pZsbqxUFUz1jo1KpqgP 53 | oC0I9KGRjouu0kNQXwzUawBs/+WC2uVon4g0g1cLdil3RLC2cI8Ynv7gez+050M0 54 | ifXrvr9hLDkiIrZV/fVOZjvZoX8Iu45CvT6jGN5GnPy1+TRlXScbEPCekWXASZnC 55 | wVXdQbNp4aPin5HW0+kBzgE7RhEmC2fWTJzLK0pBeR38Cap+eJg/a7k3azh91taM 56 | cdbGrVQ5ce82AJLTRYPN5+ucVLyl/ORv9DudBma3OTj0+8th9qATv4eCimV7hb/w 57 | BcCa4JjSG/ebpXra2TN2ai8KuSKB/9755LlkpagjukqDJ+yAdZk6OGj35I22kFZU 58 | PqKZofETUu/GITk/gVCRZznCZgaR5wrOXpKPt5FKaFfHU13/v1suopNXPGs8Sexl 59 | J93QwKtUwOaiH/zxHIrmR1lI1WA77zntglG9oDPodOnbXunsG9vroQHa0jey7Wmp 60 | uQINBFdE478BEACi0zCE22P77+yL7UE7pQzjXntRKtHC+718LH11V2wcLzVmXHwW 61 | rYvydZlQph8UEGc962EBzpBIm5w/u+AXaR9UYf3LMXq1p75HHmdzQSkmu4AMqMa1 62 | 9ms2jYBBY9UHdICxSTNrxBwEsGWNA2u8YVQZU8QgEWsFpQqzvy/wn9LK7PLAbObM 63 | XMlNf9jEKvjmN7cnID6GFju03+t1H7iQyaor0MjnHvrNjo5Q4ni9ae7qPaXi2UTk 64 | QA24kj6L2nbToGm7CICpIgEMu1BMhh6FeSHDmmcqVgfjiu+dK9s1/q0t7cw1BRUp 65 | 3aox9XbvG2LmjB8o7EzWbVZEURXc2ZeWhW9NpB+2dxK1V5T8KrafJuoR+Gs6T7O5 66 | eajZKgymgU1Lb1+tbZTCT7aEuIvbvzz2NRLQeaDKVcnayBPXug49bnzTe7ASbp5z 67 | R8g+lXhAii43iZ51ushd/Bt0DFxj7zL5O5/+gXr85JxpNplLw/B0idBvWywanVJY 68 | 0kWmrTWKjNR14zlivxeV6e2rYbP4Q/rjL0AyVAzwi1IPBxS1F0mqyJ88SIEFue8s 69 | SNy7XSk31V6JznjG35p7zrFeTE49IhWrYoFHdapBbDzyPKMWp0Z8jeO+AqsSzp+N 70 | EWbWqf/dxjJX3eXlKuLUbAVfYef5mmUlGhea7wS9RIxc4hpqk2DnP06P4wARAQAB 71 | iQIfBBgBCgAJBQJXROO/AhsMAAoJEP8+fYhkfrzbRc8P/i5Ig58QeEFioTG59pd7 72 | 9dlrtLzzm+/2iwwEgfgTLQwMka/kr9dIXoC0jBxAoBtR/k58V3Ix5mLzlvqxY3RU 73 | ZZD659jMXZF6PTWb5USgkApmsVQONjvpM/4yxv9I+v6dw41ZZa2qiL3esnneYa9G 74 | U+dNU4z0wdHppc/FcJP0d0zDHRcnBClAZ3s2ytrHp4K7H1LFZ76ERqky6A7Qm1Ep 75 | HHhzJWHZyzK7kz2g/RGKQv3MkfEIOW5JWIcxj7foDtWjUYe0TYg63CvZrsEIJp1W 76 | T7tNj+UjjRYyLYco3tie1w+2Rc0n7kugC4w/k1yTkHW1M+sIHHNtv4aWWKq62GPe 77 | YHW4T5r0MHZ8zFHkLsM+WcS+6O8wFsMX02LhV68QXjFC9L3qAkvvJaGwjmDMA67d 78 | hn+TXlZ9oI4b3VIWyZn8dCujLP/pdAboacWkawOcGorL8r9eazk2Opdz/P4ROno5 79 | E0B6/PKZQHXlsKe1nWdekpb3adMc+Q+C2yX3O49zyer9+lCGXfmF8ZFpV/kMu/wi 80 | VZF60+jqNnYjB4JPp4I3Voq1UB7moRsY0tnXG1lmOJ2roMQ7WPjpEWImMfPq9xlQ 81 | Ca2NKOp9Nya8KdRb3KPbTOvVAz0SRdB3mks7d/LYMShrCmtK3Cu6q41lHc45hijq 82 | 0LzjuzP+b83gliXXDa05Mg7EuQINBFdE5YgBEADFnZr64TzpvTTgNtxrrx3s83Hq 83 | jRdF7oKrTw5IH5JtYFpySuVqNwHqdlYO2njtyz8mL+rvyJnfRlgqHKmV+oxidxPP 84 | z/QRsYZFvQtU1ZK8ZOefh9kG62XU00EXwQ04uEdDNhmJmovUQEbntekGQvWV9PmN 85 | sUgS6zLEO+JmoEpklqkOyolL2GpqQiMsPqVU5K7ByQXGU0gkvtQb6ViVdLIdZUsr 86 | eM0d3gVJREHdEY7MFgYQXctapl9N9kAVpLeamGffNSG32WQ0iAMPaYRlCNAT46P7 87 | nwwjUKoOEIQRPN95MxKGAMRXCXtiqF++EtGvYLRNtqzIQCot3XBtog+V5of9o5E0 88 | I+45Qub0cCTYHfwavINZbcZEtIRr8YRhZk2qI7qqz+CntheGHYpCb6D4+AQeyDyc 89 | smeUTU/Tl9oqJJupA9nmWWPKqlkhc/Vu1epWs0ZgS/GRmDdKX/ts5c4OP+ubecVm 90 | ho0jupg3N2w8SG9gHdmpcjU4lfQ80fkd9B+KoDIwGHNazDhyV4DEIh8nzGQ7WJzI 91 | a8Jy3o5fvMqnAYlszQF7DUYNvy2HRT5SEdBdnzENrBT19GhzPbsJf/MZHzS9jBP6 92 | +dPRk8Wt+MKBJXLxsd3ILuEuh0chnsKF5aQgJ5XKjq/RAidT1JvMW+V5J8Gyyr3+ 93 | zeBewlDZOylqtcvYQQARAQABiQIfBBgBCgAJBQJXROWIAhsgAAoJEP8+fYhkfrzb 94 | yKIP/2lYcgZBzNcek6QCrHuBdACuKJY3jRwTUiYsxmOcKHnfDEENAaO2B6njCvj4 95 | YtM+hLE5QVfq7WKPDZjNrWutz+di/4K+bpdgAp972GOiKfpIwJ/V0m0Gln1DfkCI 96 | l7uJd+K0UfcKvOnsEbxfACZ2rc93VlIYcAEtn/l8rpcvt+0jpVbxDH2YWuLmWezi 97 | sYVj8qo3t1VmaCcjswBeaHzA45YEOmhajGp870pUUMJzYuCOxTAzsZhjO16yfBfv 98 | 1A5BaLoPbzW2Ez72oEeFTTFH6zlYHFIb2nIPWpLrAThtX8xkORatytXCf2d4a0eJ 99 | coYb9bI9OdSyi3Iv1hdIUT/BIHtnRebpUk1XJkw22n+UVjMSsjpw7ms7BzXIQTSj 100 | bxfnVP4h6OduvNb9WBuOJ2O5rTBaKcvuJG1D0xz+wS/tdKRu1cdFlvCcf5rEfuij 101 | lkxga8VpbYVBJMFAk+qHWp+shj3pqwOSN9e+Wppahvpj6z5ZGbvO12y8n4vU32Uc 102 | fqdveIY3HegciB57mssGASEIXJnAcDKwbwxg8GYMyGrDjqdmFjRfxvwjs68kbhU+ 103 | LbFwsyoXcrK1qgT5hUaadX1ZiVnlP0YtmM/fEHsBBO/HfgpMz+wZn8JZEIZ9lmgd 104 | 2Xvy39FDD+4NCd0krpasCWKJTbo4Q4Sn+JLc+3Ee5DA5g/3D 105 | =NpfQ 106 | -----END PGP PUBLIC KEY BLOCK----- 107 | -------------------------------------------------------------------------------- /scripts/iptables.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # https://github.com/drduh/config/blob/main/scripts/iptables.sh 3 | set -o errtrace 4 | set -o nounset 5 | set -o pipefail 6 | PATH="/sbin" 7 | EXT=enp1s0 8 | INT=enp2s0 9 | DMZ=enp3s0 10 | LAB=enp4s0 11 | WIFI=wlp5s0 12 | #DOCK=docker0 13 | #VIR=virbr0 14 | INT_NET=172.16.1.0/24 15 | DMZ_NET=10.8.1.0/24 16 | LAB_NET=10.4.1.0/24 17 | WIFI_NET=192.168.1.0/24 18 | #DOCK_NET=172.17.0.0/24 19 | #VIR_NET=192.168.122.229/24 20 | echo "Flushing rules" 21 | iptables -F 22 | iptables -t nat -F 23 | iptables -t mangle -F 24 | iptables -X 25 | iptables -Z 26 | iptables -P INPUT DROP 27 | iptables -P OUTPUT DROP 28 | iptables -P FORWARD DROP 29 | echo "Allow loopback" 30 | iptables -A INPUT -i lo -j ACCEPT 31 | iptables -A OUTPUT -o lo -j ACCEPT 32 | echo "Drop invalid states" 33 | iptables -A INPUT -m conntrack --ctstate INVALID -j DROP 34 | iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP 35 | iptables -A FORWARD -m conntrack --ctstate INVALID -j DROP 36 | echo "Allow established and related connections" 37 | iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 38 | iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 39 | iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 40 | #echo "Allow ping replies" 41 | #iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT 42 | echo "Allow DHCP" 43 | iptables -I INPUT -i $INT -p udp -m udp --dport 67 -m conntrack --ctstate NEW -j ACCEPT 44 | iptables -I INPUT -i $DMZ -p udp -m udp --dport 67 -m conntrack --ctstate NEW -j ACCEPT 45 | iptables -I INPUT -i $LAB -p udp -m udp --dport 67 -m conntrack --ctstate NEW -j ACCEPT 46 | iptables -I INPUT -i $WIFI -p udp -m udp --dport 67 -m conntrack --ctstate NEW -j ACCEPT 47 | #iptables -I INPUT -i $VIR -p udp -m udp --dport 67 -m conntrack --ctstate NEW -j ACCEPT 48 | #echo "Allow NTP" 49 | #iptables -I INPUT -i $INT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 50 | #iptables -I INPUT -i $DMZ -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 51 | #iptables -I INPUT -i $LAB -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 52 | #iptables -I INPUT -i $WIFI -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 53 | #echo "Allow iperf from local Ethernet" 54 | #iptables -A INPUT -i $INT -s $INT_NET -p tcp --dport 5001 -m conntrack --ctstate NEW -j ACCEPT 55 | echo "Allow SSH from local Ethernet" 56 | iptables -A INPUT -i $INT -s $INT_NET -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 57 | echo "Allow DNS (UDP and TCP for large replies)" 58 | iptables -A INPUT -i $INT -s $INT_NET -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 59 | iptables -A INPUT -i $INT -s $INT_NET -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 60 | iptables -A INPUT -i $DMZ -s $DMZ_NET -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 61 | iptables -A INPUT -i $DMZ -s $DMZ_NET -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 62 | iptables -A INPUT -i $LAB -s $LAB_NET -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 63 | iptables -A INPUT -i $LAB -s $LAB_NET -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 64 | iptables -A INPUT -i $WIFI -s $WIFI_NET -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 65 | iptables -A INPUT -i $WIFI -s $WIFI_NET -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 66 | echo "Intercept HTTP traffic to Privoxy" 67 | iptables -A INPUT -i $INT -s $INT_NET -p tcp --dport 8118 -m conntrack --ctstate NEW -j ACCEPT 68 | iptables -A INPUT -i $DMZ -s $DMZ_NET -p tcp --dport 8118 -m conntrack --ctstate NEW -j ACCEPT 69 | iptables -A INPUT -i $LAB -s $LAB_NET -p tcp --dport 8118 -m conntrack --ctstate NEW -j ACCEPT 70 | iptables -A INPUT -i $WIFI -s $WIFI_NET -p tcp --dport 8118 -m conntrack --ctstate NEW -j ACCEPT 71 | iptables -t nat -A PREROUTING -i $INT -p tcp --dport 80 -j DNAT --to-destination 10.8.1.1:8118 72 | iptables -t nat -A PREROUTING -i $DMZ -p tcp --dport 80 -j DNAT --to-destination 172.16.1.1:8118 73 | iptables -t nat -A PREROUTING -i $LAB -p tcp --dport 80 -j DNAT --to-destination 10.4.1.1:8118 74 | iptables -t nat -A PREROUTING -i $WIFI -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8118 75 | #echo "Allow Vault" 76 | #iptables -A OUTPUT -o $DOCK -d $DOCK_NET -p tcp --dport 8200 -j ACCEPT 77 | echo "Allow all outgoing" 78 | iptables -A OUTPUT -o $EXT -p tcp -d 0.0.0.0/0 -j ACCEPT 79 | iptables -A OUTPUT -o $EXT -p udp -d 0.0.0.0/0 -j ACCEPT 80 | #iptables -A OUTPUT -o $EXT -p icmp -d 0.0.0.0/0 -j ACCEPT 81 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -j ACCEPT 82 | #echo "Allow outgoing SSH" 83 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT 84 | #echo "Allow outgoing DNS" 85 | #iptables -A OUTPUT -o $EXT -d 1.0.0.1 -p udp --dport 53 -j ACCEPT 86 | #iptables -A OUTPUT -o $EXT -d 1.1.1.1 -p udp --dport 53 -j ACCEPT 87 | #iptables -A OUTPUT -o $EXT -d 4.2.2.2 -p udp --dport 53 -j ACCEPT 88 | #iptables -A OUTPUT -o $EXT -d 8.8.4.4 -p udp --dport 53 -j ACCEPT 89 | #iptables -A OUTPUT -o $EXT -d 8.8.8.8 -p udp --dport 53 -j ACCEPT 90 | #iptables -A OUTPUT -o $EXT -d 9.9.9.9 -p udp --dport 53 -j ACCEPT 91 | #echo "Allow outgoing HTTP" 92 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT 93 | #echo "Allow outgoing HTTPS" 94 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -p tcp --dport 443 -j ACCEPT 95 | #echo "Allow outgoing SMTP" 96 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -p tcp --dport 465 -j ACCEPT 97 | #echo "Allow outgoing IMAP" 98 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -p tcp --dport 993 -j ACCEPT 99 | #echo "Allow outgoing HKP" 100 | #iptables -A OUTPUT -o $EXT -d 0.0.0.0/0 -p tcp --dport 11371 -j ACCEPT 101 | #echo "Allow outgoing NTP" 102 | #iptables -A OUTPUT -o $EXT -d 192.168.0.1 -p udp --dport 123 -j ACCEPT 103 | #echo "Allow outgoing WHOIS lookups" 104 | #iptables -A OUTPUT -o $EXT -p tcp --dport 43 -j ACCEPT 105 | echo "Allow traffic from the firewall to local networks" 106 | iptables -A OUTPUT -o $INT -d $INT_NET -j ACCEPT 107 | iptables -A OUTPUT -o $DMZ -d $DMZ_NET -j ACCEPT 108 | iptables -A OUTPUT -o $LAB -d $LAB_NET -j ACCEPT 109 | iptables -A OUTPUT -o $WIFI -d $WIFI_NET -j ACCEPT 110 | #iptables -A OUTPUT -o $VIR -d $VIR_NET -j ACCEPT 111 | echo "Enable network address translation" 112 | iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE 113 | iptables -A FORWARD -o $EXT -i $INT -s $INT_NET -m conntrack --ctstate NEW -j ACCEPT 114 | iptables -A FORWARD -o $EXT -i $DMZ -s $DMZ_NET -m conntrack --ctstate NEW -j ACCEPT 115 | iptables -A FORWARD -o $EXT -i $LAB -s $LAB_NET -m conntrack --ctstate NEW -j ACCEPT 116 | iptables -A FORWARD -o $EXT -i $WIFI -s $WIFI_NET -m conntrack --ctstate NEW -j ACCEPT 117 | #iptables -A FORWARD -o $EXT -i $VIR -s $VIR_NET -m conntrack --ctstate NEW -j ACCEPT 118 | #iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65 119 | echo "Do not reply with Destination Unreachable messages" 120 | iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP 121 | echo "Log all dropped packets" 122 | iptables -A INPUT -m limit --limit 3/sec -j LOG --log-level debug --log-prefix "DROPIN>" 123 | iptables -A OUTPUT -m limit --limit 3/sec -j LOG --log-level debug --log-prefix "DROPOUT>" 124 | iptables -A FORWARD -m limit --limit 3/sec -j LOG --log-level debug --log-prefix "DROPFWD>" 125 | -------------------------------------------------------------------------------- /thunderbird.user.js: -------------------------------------------------------------------------------- 1 | // https://github.com/drduh/config/blob/main/thunderbird.user.js 2 | // https://kb.mozillazine.org/Mail_and_news_settings 3 | // https://www.enigmail.net/index.php/en/user-manual/advanced-operations 4 | //user_pref("extensions.enigmail.mimeHashAlgorithm", 5); // SHA-512 5 | //user_pref("mail.showCondensedAddresses", false); 6 | //user_pref("mail.SpellCheckBeforeSend", false); 7 | //user_pref("mail.openpgp.allow_external_gnupg", true); 8 | //user_pref("mail.phishing.detection.enabled", false); 9 | //user_pref("network.trr.bootstrapAddress", "9.9.9.9"); 10 | //user_pref("network.trr.custom_uri", "Quad9"); 11 | //user_pref("network.trr.mode", 2); 12 | //user_pref("network.trr.uri", "https://dns.quad9.net:5053/dns-query"); 13 | user_pref("app.normandy.api_url", ""); 14 | user_pref("app.normandy.enabled", false); 15 | user_pref("app.shield.optoutstudies.enabled", false); 16 | user_pref("app.update.auto", false); 17 | user_pref("app.update.background.scheduling.enabled", false); 18 | user_pref("breakpad.reportURL", ""); 19 | user_pref("browser.display.use_document_fonts", 0); 20 | user_pref("browser.eme.ui.enabled", false); 21 | user_pref("browser.ping-centre.telemetry", false); 22 | user_pref("browser.safebrowsing.downloads.enabled", false); 23 | user_pref("browser.safebrowsing.downloads.remote.enabled", false); 24 | user_pref("browser.safebrowsing.downloads.remote.url", ""); 25 | user_pref("browser.safebrowsing.malware.enabled", false); 26 | user_pref("browser.safebrowsing.phishing.enabled", false); 27 | user_pref("browser.search.suggest.enabled", false); 28 | user_pref("browser.search.update", false); 29 | user_pref("browser.send_pings", false); 30 | user_pref("calendar.extract.service.enabled", false); 31 | user_pref("calendar.timezone.local", "UTC"); 32 | user_pref("calender.integration.notify", false); 33 | user_pref("datareporting.healthreport.uploadEnabled", false); // disable technical and interaction data collection 34 | user_pref("datareporting.policy.dataSubmissionEnabled", false); // disable crash reports 35 | user_pref("dom.disable_window_move_resize", true); 36 | user_pref("dom.enable_performance", false); 37 | user_pref("dom.enable_resource_timing", false); 38 | user_pref("dom.event.clipboardevents.enabled", false); 39 | user_pref("dom.forms.autocomplete.experimental", false); 40 | user_pref("dom.popup_allowed_events", ""); 41 | user_pref("dom.push.enabled", false); 42 | user_pref("dom.push.userAgentID", ""); 43 | user_pref("dom.webaudio.enabled", false); 44 | user_pref("dom.webnotifications.enabled", false); 45 | user_pref("extensions.cardbook.useOnlyEmail", true); 46 | user_pref("extensions.enigmail.addHeaders", false); 47 | user_pref("extensions.enigmail.agentAdditionalParam", "--no-emit-version --no-comments"); 48 | user_pref("extensions.enigmail.keyRefreshOn", false); 49 | user_pref("extensions.enigmail.protectedSubjectText", ""); 50 | user_pref("extensions.enigmail.useDefaultComment", true); 51 | user_pref("extensions.getAddons.cache.enabled", false); 52 | user_pref("general.useragent.override", ""); 53 | user_pref("general.warnOnAboutConfig", false); 54 | user_pref("geo.enabled", false); 55 | user_pref("geo.provider.use_corelocation", false); 56 | user_pref("geo.provider.use_geoclue", false); 57 | user_pref("geo.provider.use_gpsd", false); 58 | user_pref("gfx.downloadable_fonts.disable_cache", true); 59 | user_pref("gfx.font_rendering.graphite.enabled", false); 60 | user_pref("gfx.font_rendering.opentype_svg.enabled", false); 61 | user_pref("javascript.enabled", false); 62 | user_pref("javascript.options.asmjs", false); 63 | user_pref("javascript.options.baselinejit", false); 64 | user_pref("javascript.options.ion", false); 65 | user_pref("javascript.options.jit_trustedprincipals", true); 66 | user_pref("javascript.options.wasm", false); 67 | user_pref("keyword.enabled", false); 68 | user_pref("layout.css.visited_links_enabled", false); 69 | user_pref("mail.SpellCheckBeforeSend", true); 70 | user_pref("mail.biff.play_sound", false); 71 | user_pref("mail.biff.show_alert", false); // disable pop-up new message alerts 72 | user_pref("mail.chat.enabled", false); 73 | user_pref("mail.chat.notification_info", 2); 74 | user_pref("mail.cloud_files.enabled", false); 75 | user_pref("mail.cloud_files.learn_more_url", ""); 76 | user_pref("mail.collect_addressbook", false); 77 | user_pref("mail.collect_email_address_outgoing", false); 78 | user_pref("mail.compose.add_link_preview", false); // disable pasted URL previews 79 | user_pref("mail.compose.attachment_reminder", false); // disable attachment reminder 80 | user_pref("mail.compose.autosaveinterval", 10); // save drafts every 10 minutes 81 | user_pref("mail.compose.big_attachments.notify", true); 82 | user_pref("mail.compose.big_attachments.threshold_kb", 5120); 83 | user_pref("mail.compose.warn_public_recipients.aggressive", true); 84 | user_pref("mail.default_html_action", 1); // send as plain-text 85 | user_pref("mail.default_send_format", 1); 86 | user_pref("mail.display_glyph", false); 87 | user_pref("mail.html_compose", false); 88 | user_pref("mail.identity.default.compose_html", false); 89 | user_pref("mail.identity.id1.header.InReplyTo", ""); 90 | user_pref("mail.identity.id1.header.References", ""); 91 | user_pref("mail.identity.id1.headers", ""); 92 | user_pref("mail.imap.mime_parts_on_demand", true); 93 | user_pref("mail.imap.ssl.show_insecure_images", false); 94 | user_pref("mail.inline_attachments", false); 95 | user_pref("mail.instrumentation.askUser", false); 96 | user_pref("mail.instrumentation.postUrl", ""); 97 | user_pref("mail.instrumentation.userOptedIn", false); 98 | user_pref("mail.mdn.report.enabled", false); // disable return receipts 99 | user_pref("mail.openMessageBehavior.version", 1); 100 | user_pref("mail.prompt_purge_threshhold", false); // don't compact folders to save space 101 | user_pref("mail.provider.enabled", false); 102 | user_pref("mail.rights.override", true); // disable rights notification 103 | user_pref("mail.sanitize_date_header", true); 104 | user_pref("mail.save_msg_filename_underscores_for_space", true); 105 | user_pref("mail.shell.checkDefaultClient", false); 106 | user_pref("mail.shell.checkDefaultMail", false); 107 | user_pref("mail.smtpserver.default.hello_argument", "[127.0.0.1]"); 108 | user_pref("mail.spam.version", 1); 109 | user_pref("mail.store_conversion_enabled", true); 110 | user_pref("mail.suppress_content_language", true); 111 | user_pref("mailnews.auto_config.addons_url",""); 112 | user_pref("mailnews.auto_config.fetchFromExchange.enabled", false); 113 | user_pref("mailnews.auto_config.fetchFromISP.enabled", false); 114 | user_pref("mailnews.auto_config.fetchFromISP.sendEmailAddress", false); 115 | user_pref("mailnews.auto_config.guess.enabled", false); 116 | user_pref("mailnews.auto_config_url", ""); 117 | user_pref("mailnews.display.date_senders_timezone", false); 118 | user_pref("mailnews.display.disallow_mime_handlers", 3); 119 | user_pref("mailnews.display.html_as", 3); // 0: normal; 1: plaintext; 2: source; 3: sanitize 120 | user_pref("mailnews.display.original_date", false); 121 | user_pref("mailnews.display.prefer_plaintext", true); 122 | user_pref("mailnews.downloadToTempFile", false); // disable "Allow antivirus clients to quarantine ..." 123 | user_pref("mailnews.headers.showSender", true); 124 | user_pref("mailnews.headers.showUserAgent", true); 125 | user_pref("mailnews.headers.sendUserAgent", false); 126 | user_pref("mailnews.message_display.allow_plugins", false); 127 | user_pref("mailnews.message_display.disable_remote_image", true); 128 | user_pref("mailnews.reply_header_authorwrotesingle", "#1 wrote:"); 129 | user_pref("mailnews.reply_header_type", 1); 130 | user_pref("mailnews.reply_in_default_charset", true); 131 | user_pref("mailnews.send_default_charset", "UTF-8"); 132 | user_pref("mailnews.sendformat.auto_downgrade", false); 133 | user_pref("mailnews.sendformat.auto_downgrade", true); 134 | user_pref("mailnews.start_page.enabled", false); 135 | user_pref("mailnews.start_page.url", ""); 136 | user_pref("mailnews.start_page_override.mstone", "ignore"); 137 | user_pref("mailnews.use_received_date", "true"); 138 | user_pref("mailnews.view_default_charset", "UTF-8"); 139 | user_pref("mathml.disabled", true); 140 | user_pref("media.autoplay.blocking_policy", 2); 141 | user_pref("media.autoplay.default", 5); 142 | user_pref("media.eme.enabled", false); 143 | user_pref("media.gmp-provider.enabled", false); 144 | user_pref("media.hardware-video-decoding.enabled", false); 145 | user_pref("media.navigator.enabled", false); 146 | user_pref("media.peerconnection.enabled", false); 147 | user_pref("messenger.conversations.autoAcceptChatInvitations", false); 148 | user_pref("messenger.options.filterMode", 0); 149 | user_pref("messenger.startup.action", 0); 150 | user_pref("messenger.status.awayWhenIdle", false); 151 | user_pref("messenger.status.reportIdle", false); 152 | user_pref("network.IDN_show_punycode", true); 153 | user_pref("network.cookie.cookieBehavior", 2); // 0: all cookies allowed; 1: no 3p cookies; 2: disable cookies 154 | user_pref("network.dns.disableIPv6", true); 155 | user_pref("network.dns.disablePrefetch", true); 156 | user_pref("network.gio.supported-protocols", ""); 157 | user_pref("network.http.referer.XOriginPolicy", 2); 158 | user_pref("network.http.sendRefererHeader", 0); 159 | user_pref("network.http.speculative-parallel-limit", 0); 160 | user_pref("network.notify.IPv6", false); 161 | user_pref("network.predictor.cleaned-up", true); 162 | user_pref("network.predictor.enabled", false); 163 | user_pref("network.prefetch-next", false); 164 | user_pref("network.proxy.socks_remote_dns", true); 165 | user_pref("pdfjs.enableScripting", false); 166 | user_pref("permissions.default.image", 2); // block all images 167 | user_pref("places.history.enabled", false); 168 | user_pref("privacy.clearOnShutdown.cache", true); 169 | user_pref("privacy.clearOnShutdown.cookies", true); 170 | user_pref("privacy.clearOnShutdown.downloads", true); 171 | user_pref("privacy.clearOnShutdown.formdata", true); 172 | user_pref("privacy.clearOnShutdown.history", true); 173 | user_pref("privacy.clearOnShutdown.offlineApps", true); 174 | user_pref("privacy.clearOnShutdown.sessions", true); 175 | user_pref("privacy.clearOnShutdown.siteSettings", true); 176 | user_pref("privacy.sanitize.sanitizeOnShutdown", true); 177 | user_pref("privacy.trackingprotection.enabled", true); 178 | user_pref("purple.conversations.im.send_typing", false); 179 | user_pref("purple.logging.log_chats", false); 180 | user_pref("purple.logging.log_ims", false); 181 | user_pref("purple.logging.log_system", false); 182 | user_pref("rss.display.prefer_plaintext", true); 183 | user_pref("rss.message.loadWebPageOnSelect", 0); 184 | user_pref("security.OCSP.require", true); 185 | user_pref("security.cert_pinning.enforcement_level", 2); 186 | user_pref("security.external_protocol_requires_permission", true); 187 | user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); 188 | user_pref("security.tls.enable_0rtt_data", false); 189 | user_pref("security.tls.version.min", 3); 190 | user_pref("signon.formlessCapture.enabled", false); 191 | user_pref("svg.disabled", true); 192 | user_pref("toolkit.coverage.endpoint.base", ""); 193 | user_pref("toolkit.coverage.opt-out", true); 194 | user_pref("toolkit.telemetry.archive.enabled", false); 195 | user_pref("toolkit.telemetry.bhrPing.enabled", false); 196 | user_pref("toolkit.telemetry.coverage.opt-out", true); 197 | user_pref("toolkit.telemetry.enabled", false); 198 | user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); 199 | user_pref("toolkit.telemetry.infoURL", ""); 200 | user_pref("toolkit.telemetry.newProfilePing.enabled", false); 201 | user_pref("toolkit.telemetry.prompted", 2); 202 | user_pref("toolkit.telemetry.rejected", true); 203 | user_pref("toolkit.telemetry.server", ""); 204 | user_pref("toolkit.telemetry.server", "data:,"); 205 | user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); 206 | user_pref("toolkit.telemetry.unified", false); 207 | user_pref("toolkit.telemetry.updatePing.enabled", false); 208 | user_pref("ui.prefersReducedMotion", 1); 209 | user_pref("ui.systemUsesDarkTheme", 1); 210 | user_pref("webgl.disabled", true); 211 | -------------------------------------------------------------------------------- /domains/google: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/domains/google 2 | #address=/1e100.net/ 3 | #address=/accounts.google.com/ 4 | #address=/android.com/ 5 | #address=/app/ 6 | #address=/appspot.com/ 7 | #address=/blog.google/ 8 | #address=/blogger.com/ 9 | #address=/blogspot.ae/ 10 | #address=/blogspot.al/ 11 | #address=/blogspot.am/ 12 | #address=/blogspot.ba/ 13 | #address=/blogspot.be/ 14 | #address=/blogspot.bg/ 15 | #address=/blogspot.bj/ 16 | #address=/blogspot.ca/ 17 | #address=/blogspot.cf/ 18 | #address=/blogspot.ch/ 19 | #address=/blogspot.cl/ 20 | #address=/blogspot.co.at/ 21 | #address=/blogspot.co.id/ 22 | #address=/blogspot.co.il/ 23 | #address=/blogspot.co.ke/ 24 | #address=/blogspot.co.nz/ 25 | #address=/blogspot.co.uk/ 26 | #address=/blogspot.co.za/ 27 | #address=/blogspot.com.ar/ 28 | #address=/blogspot.com.au/ 29 | #address=/blogspot.com.br/ 30 | #address=/blogspot.com.by/ 31 | #address=/blogspot.com.co/ 32 | #address=/blogspot.com.cy/ 33 | #address=/blogspot.com.ee/ 34 | #address=/blogspot.com.eg/ 35 | #address=/blogspot.com.es/ 36 | #address=/blogspot.com.mt/ 37 | #address=/blogspot.com.ng/ 38 | #address=/blogspot.com.tr/ 39 | #address=/blogspot.com.uy/ 40 | #address=/blogspot.com/ 41 | #address=/blogspot.cv/ 42 | #address=/blogspot.cz/ 43 | #address=/blogspot.de/ 44 | #address=/blogspot.dk/ 45 | #address=/blogspot.fi/ 46 | #address=/blogspot.fr/ 47 | #address=/blogspot.gr/ 48 | #address=/blogspot.hk/ 49 | #address=/blogspot.hr/ 50 | #address=/blogspot.hu/ 51 | #address=/blogspot.ie/ 52 | #address=/blogspot.in/ 53 | #address=/blogspot.is/ 54 | #address=/blogspot.it/ 55 | #address=/blogspot.jp/ 56 | #address=/blogspot.kr/ 57 | #address=/blogspot.li/ 58 | #address=/blogspot.lt/ 59 | #address=/blogspot.lu/ 60 | #address=/blogspot.md/ 61 | #address=/blogspot.mk/ 62 | #address=/blogspot.mr/ 63 | #address=/blogspot.mx/ 64 | #address=/blogspot.my/ 65 | #address=/blogspot.nl/ 66 | #address=/blogspot.no/ 67 | #address=/blogspot.pe/ 68 | #address=/blogspot.pt/ 69 | #address=/blogspot.qa/ 70 | #address=/blogspot.re/ 71 | #address=/blogspot.ro/ 72 | #address=/blogspot.rs/ 73 | #address=/blogspot.ru/ 74 | #address=/blogspot.se/ 75 | #address=/blogspot.sg/ 76 | #address=/blogspot.si/ 77 | #address=/blogspot.sk/ 78 | #address=/blogspot.sn/ 79 | #address=/blogspot.td/ 80 | #address=/blogspot.tw/ 81 | #address=/blogspot.ug/ 82 | #address=/blogspot.vn/ 83 | #address=/capitalg.com/ 84 | #address=/chrome.cn/ 85 | #address=/chrome.com/ 86 | #address=/chrome.org/ 87 | #address=/chromebook.com/ 88 | #address=/chromecast.com/ 89 | #address=/chromium.org/ 90 | #address=/chronicle.security/ 91 | #address=/codespot.com/ 92 | #address=/csi.gstatic.com/ 93 | #address=/feedproxy.google.com/ 94 | #address=/forms.gle/ 95 | #address=/g.cn/ 96 | #address=/g.co/ 97 | #address=/g.page/ 98 | #address=/ggpht.cn/ 99 | #address=/ggpht.com/ 100 | #address=/gle/ 101 | #address=/gmail.com.cn/ 102 | #address=/gmail.com/ 103 | #address=/golang.com/ 104 | #address=/goo.gl/ 105 | #address=/goog/ 106 | #address=/google.ac/ 107 | #address=/google.ad/ 108 | #address=/google.ae/ 109 | #address=/google.al/ 110 | #address=/google.am/ 111 | #address=/google.as/ 112 | #address=/google.at/ 113 | #address=/google.az/ 114 | #address=/google.ba/ 115 | #address=/google.be/ 116 | #address=/google.bf/ 117 | #address=/google.bg/ 118 | #address=/google.bi/ 119 | #address=/google.bj/ 120 | #address=/google.bs/ 121 | #address=/google.bt/ 122 | #address=/google.by/ 123 | #address=/google.ca/ 124 | #address=/google.cat/ 125 | #address=/google.cc/ 126 | #address=/google.cd/ 127 | #address=/google.cf/ 128 | #address=/google.cg/ 129 | #address=/google.ch/ 130 | #address=/google.ci/ 131 | #address=/google.cl/ 132 | #address=/google.cm/ 133 | #address=/google.cn/ 134 | #address=/google.co.ao/ 135 | #address=/google.co.bw/ 136 | #address=/google.co.bz/ 137 | #address=/google.co.ck/ 138 | #address=/google.co.cr/ 139 | #address=/google.co.id/ 140 | #address=/google.co.il/ 141 | #address=/google.co.in/ 142 | #address=/google.co.jp/ 143 | #address=/google.co.ke/ 144 | #address=/google.co.kr/ 145 | #address=/google.co.ls/ 146 | #address=/google.co.ma/ 147 | #address=/google.co.mz/ 148 | #address=/google.co.nz/ 149 | #address=/google.co.pn/ 150 | #address=/google.co.th/ 151 | #address=/google.co.tz/ 152 | #address=/google.co.ug/ 153 | #address=/google.co.uk/ 154 | #address=/google.co.uz/ 155 | #address=/google.co.ve/ 156 | #address=/google.co.vi/ 157 | #address=/google.co.za/ 158 | #address=/google.co.zm/ 159 | #address=/google.co.zw/ 160 | #address=/google.co/ 161 | #address=/google.com.af/ 162 | #address=/google.com.ag/ 163 | #address=/google.com.ai/ 164 | #address=/google.com.ar/ 165 | #address=/google.com.au/ 166 | #address=/google.com.bd/ 167 | #address=/google.com.bh/ 168 | #address=/google.com.bn/ 169 | #address=/google.com.bo/ 170 | #address=/google.com.br/ 171 | #address=/google.com.bz/ 172 | #address=/google.com.co/ 173 | #address=/google.com.cu/ 174 | #address=/google.com.cy/ 175 | #address=/google.com.do/ 176 | #address=/google.com.ec/ 177 | #address=/google.com.eg/ 178 | #address=/google.com.et/ 179 | #address=/google.com.fj/ 180 | #address=/google.com.gh/ 181 | #address=/google.com.gi/ 182 | #address=/google.com.gt/ 183 | #address=/google.com.hk/ 184 | #address=/google.com.jm/ 185 | #address=/google.com.kh/ 186 | #address=/google.com.kw/ 187 | #address=/google.com.lb/ 188 | #address=/google.com.lc/ 189 | #address=/google.com.ly/ 190 | #address=/google.com.mm/ 191 | #address=/google.com.mt/ 192 | #address=/google.com.mx/ 193 | #address=/google.com.my/ 194 | #address=/google.com.na/ 195 | #address=/google.com.nf/ 196 | #address=/google.com.ng/ 197 | #address=/google.com.ni/ 198 | #address=/google.com.np/ 199 | #address=/google.com.om/ 200 | #address=/google.com.pa/ 201 | #address=/google.com.pe/ 202 | #address=/google.com.pg/ 203 | #address=/google.com.ph/ 204 | #address=/google.com.pk/ 205 | #address=/google.com.pr/ 206 | #address=/google.com.py/ 207 | #address=/google.com.qa/ 208 | #address=/google.com.sa/ 209 | #address=/google.com.sb/ 210 | #address=/google.com.sg/ 211 | #address=/google.com.sl/ 212 | #address=/google.com.sv/ 213 | #address=/google.com.tj/ 214 | #address=/google.com.tr/ 215 | #address=/google.com.tw/ 216 | #address=/google.com.ua/ 217 | #address=/google.com.uy/ 218 | #address=/google.com.vc/ 219 | #address=/google.com.vn/ 220 | #address=/google.com/ 221 | #address=/google.cv/ 222 | #address=/google.cx/ 223 | #address=/google.cz/ 224 | #address=/google.de/ 225 | #address=/google.dj/ 226 | #address=/google.dk/ 227 | #address=/google.dm/ 228 | #address=/google.dz/ 229 | #address=/google.ee/ 230 | #address=/google.es/ 231 | #address=/google.eu/ 232 | #address=/google.fi/ 233 | #address=/google.fm/ 234 | #address=/google.fr/ 235 | #address=/google.ga/ 236 | #address=/google.ge/ 237 | #address=/google.gf/ 238 | #address=/google.gg/ 239 | #address=/google.gl/ 240 | #address=/google.gm/ 241 | #address=/google.gp/ 242 | #address=/google.gr/ 243 | #address=/google.gy/ 244 | #address=/google.hn/ 245 | #address=/google.hr/ 246 | #address=/google.ht/ 247 | #address=/google.hu/ 248 | #address=/google.ie/ 249 | #address=/google.im/ 250 | #address=/google.in/ 251 | #address=/google.io/ 252 | #address=/google.iq/ 253 | #address=/google.is/ 254 | #address=/google.it/ 255 | #address=/google.je/ 256 | #address=/google.jo/ 257 | #address=/google.kg/ 258 | #address=/google.ki/ 259 | #address=/google.kz/ 260 | #address=/google.la/ 261 | #address=/google.li/ 262 | #address=/google.lk/ 263 | #address=/google.lt/ 264 | #address=/google.lu/ 265 | #address=/google.lv/ 266 | #address=/google.md/ 267 | #address=/google.me/ 268 | #address=/google.mg/ 269 | #address=/google.mk/ 270 | #address=/google.ml/ 271 | #address=/google.mn/ 272 | #address=/google.ms/ 273 | #address=/google.mu/ 274 | #address=/google.mv/ 275 | #address=/google.mw/ 276 | #address=/google.ne/ 277 | #address=/google.net/ 278 | #address=/google.nf/ 279 | #address=/google.nl/ 280 | #address=/google.no/ 281 | #address=/google.nr/ 282 | #address=/google.nu/ 283 | #address=/google.org/ 284 | #address=/google.pl/ 285 | #address=/google.pn/ 286 | #address=/google.ps/ 287 | #address=/google.pt/ 288 | #address=/google.ro/ 289 | #address=/google.rs/ 290 | #address=/google.ru/ 291 | #address=/google.rw/ 292 | #address=/google.sc/ 293 | #address=/google.se/ 294 | #address=/google.sh/ 295 | #address=/google.si/ 296 | #address=/google.sk/ 297 | #address=/google.sm/ 298 | #address=/google.sn/ 299 | #address=/google.so/ 300 | #address=/google.sr/ 301 | #address=/google.st/ 302 | #address=/google.td/ 303 | #address=/google.tg/ 304 | #address=/google.tk/ 305 | #address=/google.tl/ 306 | #address=/google.tm/ 307 | #address=/google.tn/ 308 | #address=/google.to/ 309 | #address=/google.tt/ 310 | #address=/google.us/ 311 | #address=/google.vg/ 312 | #address=/google.vu/ 313 | #address=/google.ws/ 314 | #address=/google/ 315 | #address=/googleapis.cn/ 316 | #address=/googleapis.com/ 317 | #address=/googlearth.com.cn/ 318 | #address=/googlearth.com/ 319 | #address=/googleblog.com/ 320 | #address=/googlecapital.com/ 321 | #address=/googlecode.com/ 322 | #address=/googledownloads.cn/ 323 | #address=/googleearth.cn/ 324 | #address=/googleearth.com.cn/ 325 | #address=/googleearth.com/ 326 | #address=/googlegroups.com/ 327 | #address=/googlehosted.com 328 | #address=/googlemail.com.cn/ 329 | #address=/googlemail.com/ 330 | #address=/googlemaps.cn/ 331 | #address=/googlemaps.com.cn/ 332 | #address=/googlemaps.com/ 333 | #address=/googlemember.com/ 334 | #address=/googlemembers.com/ 335 | #address=/googleoptimize.com/ 336 | #address=/googleplay.com/ 337 | #address=/googlescholar.cn/ 338 | #address=/googlescholar.com.cn/ 339 | #address=/googlescholar.com/ 340 | #address=/googlesource.com/ 341 | #address=/googletranslate.com/ 342 | #address=/googleusercontent.cn/ 343 | #address=/googleusercontent.com/ 344 | #address=/googlevideo.cn/ 345 | #address=/googlevideo.com.cn/ 346 | #address=/googlevideo.com/ 347 | #address=/googleweblight.in/ 348 | #address=/googlezip.net/ 349 | #address=/gstatic.cn/ 350 | #address=/gstatic.com/ 351 | #address=/gstatic.org/ 352 | #address=/gv.com/ 353 | #address=/gvt0.com/ 354 | #address=/gvt1.com/ 355 | #address=/gvt2.com/ 356 | #address=/gvt3.com/ 357 | #address=/localguidesconnect.com/ 358 | #address=/madewithcode.com/ 359 | #address=/oo.gl/ 360 | #address=/pagespeedmobilizer.com/ 361 | #address=/panoramio.com/ 362 | #address=/picasa.com/ 363 | #address=/pki.goog/ 364 | #address=/recaptcha.net/ 365 | #address=/sketchup.com/ 366 | #address=/telephony.goog/ 367 | #address=/urchin.com/ 368 | #address=/virustotal.com/ 369 | #address=/web.app/ 370 | #address=/withgoogle.com/ 371 | #address=/withyoutube.com/ 372 | #address=/youtu.be/ 373 | #address=/youtube-nocookie.com/ 374 | #address=/youtube.be/ 375 | #address=/youtube.cn/ 376 | #address=/youtube.co.uk/ 377 | #address=/youtube.com/ 378 | #address=/youtube.de/ 379 | #address=/youtube.fr/ 380 | #address=/youtube.nl/ 381 | #address=/youtube.pl/ 382 | #address=/youtubeeducation.com/ 383 | #address=/youtubegaming.com/ 384 | #address=/yt.be/ 385 | #address=/ytimg.com/ 386 | address=/2mdn-cn.net/ 387 | address=/2mdn.net/ 388 | address=/466453.com/ 389 | address=/abc.xyz/ 390 | address=/admob-cn.com/ 391 | address=/admob.com/ 392 | address=/adsense.com/ 393 | address=/adservice.google.com/ 394 | address=/advertisercommunity.com/ 395 | address=/adwords.com/ 396 | address=/agoogleaday.com/ 397 | address=/ai.google/ 398 | address=/ampproject.net.cn/ 399 | address=/ampproject.org.cn/ 400 | address=/ampproject.org/ 401 | address=/analytics.google.com/ 402 | address=/app-measurement-cn.com/ 403 | address=/bdn.dev/ 404 | address=/blogpsot.com/ 405 | address=/chart.googleapis.com/ 406 | address=/chromeexperiments.com/ 407 | address=/clouderrorreporting.googleapis.com/ 408 | address=/cobrasearch.com/ 409 | address=/com.google/ 410 | address=/contributor.google.com/ 411 | address=/crashlytics.com/ 412 | address=/dartsearch-cn.net/ 413 | address=/domains.google/ 414 | address=/doubleclick-cn.net/ 415 | address=/doubleclick.cn/ 416 | address=/doubleclick.com/ 417 | address=/doubleclick.net/ 418 | address=/doubleclickbygoogle.com/ 419 | address=/elgoog.im/ 420 | address=/feedburner.com/ 421 | address=/firebase.googleapis.com/ 422 | address=/firebaseio.com/ 423 | address=/firebaselogging-pa.googleapis.com/ 424 | address=/firebaseremoteconfig.googleapis.com/ 425 | address=/firehunt.com/ 426 | address=/foofle.com/ 427 | address=/froogle.com/ 428 | address=/g.cn/ 429 | address=/g.co/ 430 | address=/gexperiments1.com/ 431 | address=/gexperiments2.com/ 432 | address=/gexperiments3.com/ 433 | address=/gexperiments4.com/ 434 | address=/gg.google.com/ 435 | address=/ggogle.com/ 436 | address=/ggoogle.com/ 437 | address=/ggpht.cn/ 438 | address=/gkecnapps.cn/ 439 | address=/gmodules.com/ 440 | address=/gogle.com/ 441 | address=/gogole.com/ 442 | address=/googel.com/ 443 | address=/googil.com/ 444 | address=/googke.com/ 445 | address=/googl.com/ 446 | address=/google-analytics-cn.com/ 447 | address=/google-analytics.com/ 448 | address=/googleadapis.l.google.com/ 449 | address=/googleadservices-cn.com/ 450 | address=/googleadservices.com/ 451 | address=/googleanalytics.com/ 452 | address=/googleapis-cn.com/ 453 | address=/googleapis.cn/ 454 | address=/googleapps-cn.com/ 455 | address=/googleapps.com.cn/ 456 | address=/googleapps.com/ 457 | address=/googlebot.com/ 458 | address=/googlecnapps.cn/ 459 | address=/googlecommerce.com/ 460 | address=/googledownloads.cn/ 461 | address=/googledrive.com.cn/ 462 | address=/googledrive.com/ 463 | address=/googlee.com/ 464 | address=/googleflights-cn.net/ 465 | address=/googleoptimize-cn.com/ 466 | address=/googleoptimize.com/ 467 | address=/googlepagecreator.com/ 468 | address=/googlesandbox-cn.com/ 469 | address=/googlesyndication-cn.com/ 470 | address=/googlesyndication.cn/ 471 | address=/googlesyndication.com.cn/ 472 | address=/googlesyndication.com/ 473 | address=/googletagmanager-cn.com/ 474 | address=/googletagmanager.com/ 475 | address=/googletagservices-cn.com/ 476 | address=/googletagservices.com/ 477 | address=/googletraveladservices-cn.com/ 478 | address=/googlevads-cn.com/ 479 | address=/googleweblight.com/ 480 | address=/googlezip.net/ 481 | address=/googlr.com/ 482 | address=/goolge.com/ 483 | address=/gooogle.com/ 484 | address=/gstatic-cn.com/ 485 | address=/gstatic.cn/ 486 | address=/gstaticadssl.l.google.com/ 487 | address=/gvt1-cn.com/ 488 | address=/gvt2-cn.com/ 489 | address=/id.google.com/ 490 | address=/igoogle.com/ 491 | address=/imasdk.googleapis.com/ 492 | address=/keyhole.com/ 493 | address=/like.com/ 494 | address=/localhost.com/ 495 | address=/mail-ads.google.com/ 496 | address=/mail.googlecom/ 497 | address=/maps.googlecom/ 498 | address=/metric.gstatic.com/ 499 | address=/mtalk.google.com/ 500 | address=/ogs.google.com/ 501 | address=/play.google.com/ 502 | address=/plus.google.com/ 503 | address=/plus.l.google.com/ 504 | address=/plus.sandbox.google.com/ 505 | address=/plusone.google.com/ 506 | address=/recaptcha-cn.net/ 507 | address=/recaptcha.net.cn/ 508 | address=/safebrowsing.googleapis.com/ 509 | address=/waze.com/ 510 | address=/whatbrowser.org/ 511 | address=/widevine.cn/ 512 | -------------------------------------------------------------------------------- /firefox.user.js: -------------------------------------------------------------------------------- 1 | // https://github.com/drduh/config/blob/main/firefox.user.js 2 | //user_pref("browser.newtabpage.enabled", false); // blank new tab page 3 | //user_pref("browser.privatebrowsing.autostart", true); // private browsing mode only; may break sites 4 | //user_pref("browser.quitShortcut.disabled", true); // disable control-q to quit 5 | //user_pref("browser.safebrowsing.malware.enabled", false); // disable safebrowsing 6 | //user_pref("browser.safebrowsing.phishing.enabled", false); // disable safebrowsing 7 | //user_pref("browser.startup.homepage_override.buildID", "20181001000000"); 8 | //user_pref("browser.startup.page", 0); // 0: blank; 1: home; 2: last visited; 3: resume last 9 | //user_pref("browser.uidensity", 1); // reduce UI empty space 10 | //user_pref("browser.urlbar.autoFill", false); 11 | //user_pref("browser.urlbar.maxRichResults", 0); 12 | //user_pref("browser.urlbar.suggest.bookmark", false); 13 | //user_pref("browser.urlbar.suggest.engines", false); 14 | //user_pref("browser.urlbar.suggest.history", false); 15 | //user_pref("browser.urlbar.suggest.openpage", false); 16 | //user_pref("device.sensors.enabled", false); // disable device sensors 17 | //user_pref("dom.enable_performance", false); // disable DOM timing; may break sites 18 | //user_pref("dom.security.https_only_mode", true); 19 | //user_pref("extensions.blocklist.enabled", false); // disable extension blacklisting (includes revocations) 20 | //user_pref("extensions.systemAddon.update.enabled", false); 21 | //user_pref("extensions.systemAddon.update.url", ""); 22 | //user_pref("full-screen-api.enabled", false); // disable fullscreen 23 | //user_pref("gfx.downloadable_fonts.enabled", false); 24 | //user_pref("gfx.downloadable_fonts.fallback_delay", -1); 25 | //user_pref("gfx.font_rendering.graphite.enabled", false); 26 | //user_pref("gfx.font_rendering.opentype_svg.enabled", false); 27 | //user_pref("gfx.xrender.enabled", true); // may improve performance 28 | //user_pref("javascript.enabled", false); // disable javascript; will break sites 29 | //user_pref("layout.css.devPixelsPerPx", "1.5"); // increase UI size 30 | //user_pref("layout.css.visited_links_enabled", false); 31 | //user_pref("mathml.disabled", true); // disable Mathematical Markup Language 32 | //user_pref("media.ondevicechange.enabled", false); // disable media devices change detection 33 | //user_pref("media.video_stats.enabled", false); // disable video statistics 34 | //user_pref("media.webspeech.synth.enabled", false); // disable speech synthesis 35 | //user_pref("network.cookie.cookieBehavior", 1); // block third-party cookies 36 | //user_pref("network.http.referer.XOriginPolicy", 1); // only send Referer to same domain; may break sites 37 | //user_pref("network.http.referer.defaultPolicy", 0); // 0: no-ref; 1: same-origin; 2: strict-origin; 3: no-downgrade; may break sites 38 | //user_pref("network.http.referer.trimmingPolicy", 2); // trim Refer to scheme, host, port only; may break sites 39 | //user_pref("network.http.sendRefererHeader", 0); // send Referer; 0: never; 1: clicks; 2: links and images; may break sites 40 | //user_pref("network.proxy.allow_bypass", false); 41 | //user_pref("network.proxy.socks", "127.0.0.1"); 42 | //user_pref("network.proxy.socks_port", 5555); 43 | //user_pref("network.trr.bootstrapAddress", "9.9.9.9"); 44 | //user_pref("network.trr.custom_uri", "Quad9"); 45 | //user_pref("network.trr.mode", 2); 46 | //user_pref("network.trr.uri", "https://dns.quad9.net:5053/dns-query"); 47 | //user_pref("permissions.memory_only", true); // disable storing permission changes to disk 48 | //user_pref("privacy.fingerprintingProtection.pbmode", true); 49 | //user_pref("privacy.resistFingerprinting", true); // enable strict fingerprinting resistance features; may break sites 50 | //user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // disable mozAddonManager 51 | //user_pref("privacy.resistFingerprinting.letterboxing", true); // letterbox window 52 | //user_pref("privacy.sanitize.sanitizeOnShutdown", true); // clear history on exit 53 | //user_pref("privacy.window.maxInnerHeight", 900); 54 | //user_pref("privacy.window.maxInnerWidth", 1600); 55 | //user_pref("security.dialog_enable_delay", 1000); // ms delay on dialogs 56 | //user_pref("svg.disabled", true); // disable SVG (Scalable Vector Graphics) 57 | //user_pref("ui.use_standins_for_native_colors", true); // disable exposing system colors to canvas 58 | //user_pref("webgl.disabled", true); // disable WebGL (Web Graphics Library) 59 | //user_pref("webgl.enable-debug-renderer-info", false); // do not expose graphics driver information 60 | //user_pref("webgl.enable-webgl2", false); 61 | user_pref("accessibility.browsewithcaret", true); 62 | user_pref("accessibility.typeaheadfind", true); // enable page search by typing 63 | user_pref("accessibility.typeaheadfind.flashBar", 0); 64 | user_pref("app.normandy.api_url", ""); 65 | user_pref("app.normandy.enabled", false); 66 | user_pref("app.normandy.first_run", false); 67 | user_pref("app.shield.optoutstudies.enabled", false); // disable studies 68 | user_pref("app.update.suppressPrompts", true); 69 | user_pref("breakpad.reportURL", ""); // disable crash reports 70 | user_pref("browser.aboutConfig.showWarning", false); 71 | user_pref("browser.bookmarks.max_backups", 0); 72 | user_pref("browser.bookmarks.restore_default_bookmarks", false); 73 | user_pref("browser.cache.disk.enable", false); // disable disk cache 74 | user_pref("browser.contentHandlers.types.0.uri", ""); 75 | user_pref("browser.ctrlTab.recentlyUsedOrder", false); // control-tab cycles tabs 76 | user_pref("browser.dictionaries.download.url", ""); 77 | user_pref("browser.disableResetPrompt", true); 78 | user_pref("browser.discovery.enabled", false); // disable extension recommendations 79 | user_pref("browser.display.use_document_fonts", 0); // disable web pages picking fonts 80 | user_pref("browser.download.always_ask_before_handling_new_types", true); 81 | user_pref("browser.download.autohideButton", false); 82 | user_pref("browser.download.forbid_open_with", true); // disable Open With dialog 83 | user_pref("browser.download.manager.addToRecentDocs", false); // disable adding to recent documents 84 | user_pref("browser.download.useDownloadDir", false); // always prompt for download location 85 | user_pref("browser.formfill.enable", false); // disable auto-completion 86 | user_pref("browser.geolocation.warning.infoURL", ""); 87 | user_pref("browser.helperApps.deleteTempFileOnExit", true); 88 | user_pref("browser.link.open_newwindow", 3); // open new windows in tabs instead 89 | user_pref("browser.link.open_newwindow.restriction", 0); 90 | user_pref("browser.ml.chat.enabled", false); 91 | user_pref("browser.newtabpage.activity-stream.default.sites", ""); 92 | user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); 93 | user_pref("browser.newtabpage.activity-stream.showSponsored", false); 94 | user_pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false); 95 | user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); 96 | user_pref("browser.newtabpage.activity-stream.telemetry", false); 97 | user_pref("browser.newtabpage.enabled", false); // blank new tab 98 | user_pref("browser.newtabpage.remote", false); 99 | user_pref("browser.pagethumbnails.capturing_disabled", true); 100 | user_pref("browser.ping-centre.production.endpoint", ""); 101 | user_pref("browser.ping-centre.staging.endpoint", ""); 102 | user_pref("browser.places.speculativeConnect.enabled", false); 103 | user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); 104 | user_pref("browser.safebrowsing.downloads.enabled", false); 105 | user_pref("browser.safebrowsing.downloads.remote.enabled", false); 106 | user_pref("browser.search.suggest.enabled", false); 107 | user_pref("browser.search.update", false); 108 | user_pref("browser.search.widget.inNavBar", true); // move search bar to toolbar 109 | user_pref("browser.sessionstore.interval", 30000); 110 | user_pref("browser.sessionstore.max_tabs_undo", 0); // disable recently closed tabs 111 | user_pref("browser.sessionstore.privacy_level", 2); // disable session restore 112 | user_pref("browser.sessionstore.resume_from_crash", false); 113 | user_pref("browser.shell.checkDefaultBrowser", false); // disable default check 114 | user_pref("browser.shell.shortcutFavicons", false); // disable shortcuts favicons 115 | user_pref("browser.startup.homepage", "about:blank"); 116 | user_pref("browser.startup.homepage_override.mstone", "ignore"); // disable welcome pages 117 | user_pref("browser.tabs.crashReporting.sendReport", false); 118 | user_pref("browser.tabs.hoverPreview.enabled", false); 119 | user_pref("browser.tabs.searchclipboardfor.middleclick", false); // disable open url tab with middle click 120 | user_pref("browser.uitour.enabled", false); // disable UI tour 121 | user_pref("browser.uitour.url", ""); 122 | user_pref("browser.urlbar.addons.featureGate", false); 123 | user_pref("browser.urlbar.amp.featureGate", false); 124 | user_pref("browser.urlbar.fakespot.featureGate", false); 125 | user_pref("browser.urlbar.mdn.featureGate", false); 126 | user_pref("browser.urlbar.pocket.featureGate", false); 127 | user_pref("browser.urlbar.showSearchTerms.enabled", false); 128 | user_pref("browser.urlbar.speculativeConnect.enabled", false); 129 | user_pref("browser.urlbar.suggest.searches", false); 130 | user_pref("browser.urlbar.suggest.topsites", false); 131 | user_pref("browser.urlbar.trending.featureGate", false); 132 | user_pref("browser.urlbar.trimURLs", false); // do not trim url prefix 133 | user_pref("browser.urlbar.weather.featureGate", false); 134 | user_pref("browser.urlbar.wikipedia.featureGate", false); 135 | user_pref("browser.urlbar.yelp.featureGate", false); 136 | user_pref("browser.xul.error_pages.expert_bad_cert", true); 137 | user_pref("captivedetect.canonicalURL", ""); // disable captive portal helper 138 | user_pref("clipboard.autocopy", false); // disable automatic clipboard selection 139 | user_pref("datareporting.healthreport.infoURL", ""); 140 | user_pref("datareporting.healthreport.service.firstRun", false); 141 | user_pref("datareporting.healthreport.uploadEnabled", false); 142 | user_pref("datareporting.policy.dataSubmissionEnabled", false); 143 | user_pref("devtools.debugger.force-local", true); // disable remote debugging 144 | user_pref("devtools.devedition.promo.url", ""); 145 | user_pref("devtools.onboarding.telemetry.logged", true); 146 | user_pref("devtools.screenshot.audio.enabled", false); 147 | user_pref("devtools.theme", "dark"); 148 | user_pref("dom.disable_window_move_resize", true); 149 | user_pref("dom.event.clipboardevents.enabled", false); // limit clipboard API 150 | user_pref("dom.event.contextmenu.enabled", false); // disable web page control over right-click context 151 | user_pref("dom.forms.autocomplete.formautofill", true); 152 | user_pref("dom.popup_allowed_events", "click dblclick"); // limit pop-up triggers 153 | user_pref("dom.push.enabled", false); // disable push notifications 154 | user_pref("dom.push.userAgentID", ""); // remove push notification subscriptions 155 | user_pref("dom.webaudio.enabled", false); // disable web audio 156 | user_pref("dom.webgpu.enabled", false); // disable GPU access 157 | user_pref("dom.webnotifications.enabled", false); // disable web notifications 158 | user_pref("extensions.enabledScopes", 5); // limit extensions to profile and application directories 159 | user_pref("extensions.formautofill.addresses.enabled", false); 160 | user_pref("extensions.formautofill.creditCards.enabled", false); 161 | user_pref("extensions.getAddons.showPane", false); 162 | user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); 163 | user_pref("extensions.postDownloadThirdPartyPrompt", false); 164 | user_pref("extensions.webcompat-reporter.enabled", false); 165 | user_pref("gecko.handlerService.migrated", true); 166 | user_pref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); 167 | user_pref("general.warnOnAboutConfig", false); // disable about:config warning 168 | user_pref("geo.enabled", false); // no geo-location 169 | user_pref("geo.provider.use_corelocation", false); // disable geo on mac 170 | user_pref("geo.provider.use_geoclue", false); // disable geo on linux 171 | user_pref("gfx.webgpu.force-enabled", false); // disable GPU access 172 | user_pref("identity.fxaccounts.enabled", false); // disable Firefox accounts sync 173 | user_pref("javascript.options.asmjs", false); 174 | user_pref("javascript.options.baselinejit", false); // disable JS JIT; may break sites 175 | user_pref("javascript.options.ion", false); // disable JS Ion; may break sites 176 | user_pref("javascript.options.jit_trustedprincipals", true); 177 | user_pref("javascript.options.wasm", false); // disable webassembly 178 | user_pref("keyword.enabled", false); // do not submit invalid URLs to search engine 179 | user_pref("layout.spellcheckDefault", 0); // spell-check; 0: none; 1: multi-line; 2: multi- and single-line 180 | user_pref("media.autoplay.default", 2); // HTML5 media - 0: allow; 1: block; 2: prompt 181 | user_pref("media.eme.enabled", false); // disable EME (Encryption Media Extension) 182 | user_pref("media.gmp-provider.enabled", false); // disable GMP (Gecko Media Plugins) 183 | user_pref("media.memory_cache_max_size", 65536); 184 | user_pref("media.navigator.enabled", false); // disable media device enumeration 185 | user_pref("media.peerconnection.enabled", false); // disable WebRTC (Real Time Comm) 186 | user_pref("media.peerconnection.ice.default_address_only", true); 187 | user_pref("media.peerconnection.ice.no_host", true); 188 | user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); 189 | user_pref("network.IDN_show_punycode", true); // reduce phishing risk 190 | user_pref("network.auth.subresource-http-auth-allow", 1); // disable non-secure authentication 191 | user_pref("network.captive-portal-service.enabled", false); // disable captive portal helper 192 | user_pref("network.connectivity-service.enabled", false); // disable network connectivity checks 193 | user_pref("network.dns.blockDotOnion", true); // reject onion domains 194 | user_pref("network.dns.disableIPv6", true); // disable IPv6 195 | user_pref("network.dns.disablePrefetch", true); // disable DNS prefetch 196 | user_pref("network.dns.disablePrefetchFromHTTPS", true); 197 | user_pref("network.file.disable_unc_paths", true); // disable Uniform Naming Convention paths 198 | user_pref("network.gio.supported-protocols", ""); // disable Gvfs/GIO 199 | user_pref("network.http.referer.XOriginTrimmingPolicy", 2); 200 | user_pref("network.http.referer.spoofSource", false); 201 | user_pref("network.http.speculative-parallel-limit", 0); // disable speculative loading 202 | user_pref("network.httpredirection-limit", 5); // limit HTTP redirects 203 | user_pref("network.manage-offline-status", false); // do not monitor OS connection state 204 | user_pref("network.predictor.enable-prefetch", false); // disable prefetching 205 | user_pref("network.predictor.enabled", false); // disable "Necko" predictive service 206 | user_pref("network.prefetch-next", false); // disable link prefetching 207 | user_pref("network.proxy.http", "127.0.0.1"); // proxy on localhost 208 | user_pref("network.proxy.http_port", 8118); // privoxy on port 8118 209 | user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); 210 | user_pref("network.proxy.share_proxy_settings", true); 211 | user_pref("network.proxy.socks_remote_dns", true); 212 | user_pref("network.proxy.ssl", "127.0.0.1"); 213 | user_pref("network.proxy.ssl_port", 8118); // privoxy on port 8118 214 | user_pref("network.proxy.type", 1); // 1: manual; 2: PAC; 4: WPAD 215 | user_pref("pdfjs.enableScripting", false); 216 | user_pref("permissions.manager.defaultsUrl", ""); 217 | user_pref("pref.browser.homepage.disable_button.current_page", false); 218 | user_pref("pref.privacy.disable_button.cookie_exceptions", false); 219 | user_pref("privacy.fingerprintingProtection", true); // more compatible than resistFingerprinting 220 | user_pref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CSSPrefersColorScheme"); // dark mode support 221 | user_pref("privacy.resistFingerprinting.pbmode", true); 222 | user_pref("privacy.resistFingerprinting.target_video_res", 2160); // default to high-res videos 223 | user_pref("privacy.trackingprotection.enabled", true); // https://wiki.mozilla.org/Security/Tracking_protection 224 | user_pref("privacy.trackingprotection.introCount", 20); 225 | user_pref("privacy.userContext.enabled", true); // enable container tabs 226 | user_pref("privacy.userContext.ui.enabled", true); // enable container tabs ui 227 | user_pref("security.OCSP.require", true); // hard-fail on ocsp unreachable 228 | user_pref("security.cert_pinning.enforcement_level", 2); // strict PKP enforcement 229 | user_pref("security.csp.reporting.enabled", false); 230 | user_pref("security.ssl.require_safe_negotiation", true); 231 | user_pref("security.ssl.require_safe_negotiation", true); // require secure renegotiation 232 | user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); 233 | user_pref("security.tls.enable_0rtt_data", false); // disable TLS1.3 0-RTT 234 | user_pref("security.tls.version.min", 3); // minimum TLS 1.2 235 | user_pref("signon.autofillForms", false); 236 | user_pref("signon.formlessCapture.enabled", false); 237 | user_pref("signon.management.page.breach-alerts.enabled", false); 238 | user_pref("signon.rememberSignons", false); // disable saving passwords 239 | user_pref("startup.homepage_override_url", ""); 240 | user_pref("startup.homepage_welcome_url", ""); 241 | user_pref("startup.homepage_welcome_url.additional", ""); 242 | user_pref("toolkit.coverage.endpoint.base", ""); 243 | user_pref("toolkit.coverage.opt-out", true); // disable telemetry coverage 244 | user_pref("toolkit.crashreporter.infoURL", ""); 245 | user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); 246 | user_pref("toolkit.telemetry.archive.enabled", false); 247 | user_pref("toolkit.telemetry.bhrPing.enabled", false); 248 | user_pref("toolkit.telemetry.coverage.opt-out", true); // disable telemetry coverage 249 | user_pref("toolkit.telemetry.enabled", false); // disable telemetry 250 | user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); 251 | user_pref("toolkit.telemetry.infoURL", ""); 252 | user_pref("toolkit.telemetry.newProfilePing.enabled", false); 253 | user_pref("toolkit.telemetry.previousBuildID", ""); 254 | user_pref("toolkit.telemetry.prompted", 2); 255 | user_pref("toolkit.telemetry.rejected", true); 256 | user_pref("toolkit.telemetry.reportingpolicy.firstRun", false); 257 | user_pref("toolkit.telemetry.server", "data:,"); 258 | user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); 259 | user_pref("toolkit.telemetry.unified", false); // disable telemetry 260 | user_pref("toolkit.telemetry.updatePing.enabled", false); 261 | user_pref("toolkit.winRegisterApplicationRestart", false); // disable session restore 262 | user_pref("ui.key.menuAccessKey", 0); // disable Alt key for menu 263 | user_pref("ui.systemUsesDarkTheme", 1); 264 | -------------------------------------------------------------------------------- /privoxy/user.action: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/privoxy/user.action 2 | # https://www.privoxy.org/user-manual/actions-file.html 3 | # http://config.privoxy.org/show-url-info 4 | {{alias}} 5 | upgrade = -block +redirect{s@http://@https://@} 6 | unblock = -block -redirect 7 | 8 | { +block{all} } 9 | . # block all requests 10 | 11 | { +block{social} } 12 | .discord. 13 | .disqus. 14 | .gravatar. 15 | .licdn. 16 | .linkedin. 17 | .myspace. 18 | .tiktok. 19 | .tiktokcdn. 20 | .twimg. 21 | .twitter. 22 | .twttr. 23 | .x. 24 | 25 | { +block{facebook} } 26 | .cdninstagram. 27 | .facebook*. 28 | .fb. 29 | .fbstatic*. 30 | .instagr.am 31 | .fbcdn*. 32 | .fbinfra. 33 | .fbsbx. 34 | .fbsv. 35 | .fburl. 36 | .tfbnw. 37 | .thefacebook. 38 | fb*.akamaihd.net 39 | 40 | { +block{ads and trackers} } 41 | .google-analytics. 42 | .qualtrics.com 43 | ad. 44 | adnxs. 45 | adsrv. 46 | ads. 47 | analytics. 48 | appdynamics. 49 | banner. 50 | banners. 51 | beacon. 52 | click. 53 | clickmeter. 54 | count. 55 | counter. 56 | creatives. 57 | location. 58 | metric. 59 | metrics. 60 | mmetrics. 61 | oas. 62 | oascentral. 63 | pixel. 64 | seal. 65 | seals. 66 | smartadserver. 67 | smetrics. 68 | stats. 69 | tag. 70 | telemetry. 71 | track. 72 | tracker. 73 | tracking. 74 | trk. 75 | 76 | { upgrade{tlds} } 77 | #.com 78 | #.net 79 | #.org 80 | #.edu 81 | #.ai 82 | #.co.uk 83 | #.org.uk 84 | #.ac.jp 85 | #.ac.uk 86 | #.co 87 | #.dev 88 | #.fyi 89 | #.gg 90 | #.info 91 | #.io 92 | #.mil 93 | #.tech 94 | #.us 95 | 96 | { upgrade{patterns} } 97 | #.*air.com 98 | #.*api.com 99 | #.*assets.com 100 | #.*bakery.com 101 | #.*bookgroup.com 102 | #.*books.com 103 | #.*cafe.com 104 | #.*carservice.com 105 | #.*cdn.com 106 | #.*cdn.net 107 | #.*chronicle.com 108 | #.*cloud.com 109 | #.*club.com 110 | #.*coffee.com 111 | #.*contenthub.com 112 | #.*films.com 113 | #.*flights.com 114 | #.*food.com 115 | #.*grill.com 116 | #.*history.org 117 | #.*hotsauce.com 118 | #.*img.com 119 | #.*labs.com 120 | #.*media.com 121 | #.*monthly.com 122 | #.*museum.com 123 | #.*networks.com 124 | #.*news.com 125 | #.*park.com 126 | #.*realty.com 127 | #.*static.com 128 | #.*store.us 129 | #.*talk.com 130 | #.*tavern.com 131 | #.*times.com 132 | #.*watch.com 133 | #.*weekly.com 134 | #.*wiki.com 135 | #.akadns.net 136 | #.akadns88.net 137 | #.akam.net 138 | #.akamai.com 139 | #.akamai.net 140 | #.akamaiedge.net 141 | #.akamaihd.net 142 | #.akamaitech.net 143 | #.akamaized.net 144 | #.azure. 145 | #.azureedge.net 146 | #.bootstrapcdn.com 147 | #.cloudflare. 148 | #.cloudfront.net 149 | #.cloudinary.com 150 | #.datatables.net 151 | #.edgekey.net 152 | #.edgesuite.net 153 | #.fastly.com 154 | #.fastly.net 155 | #.fastlydns.net 156 | #.jsdelivr.net 157 | #.mywebsitebuilder.com 158 | #.oraclecloud.com 159 | #.s3 160 | #.salesforce-sites.com 161 | #.scene7.com 162 | #.shop.app 163 | #.shopify.com 164 | #.shopifyapps.com 165 | #.shopifycdn. 166 | #.shopifycs.com 167 | #.shopifyinc.com 168 | #.shopifysvc.com 169 | #.static.pub 170 | #.statically.io 171 | #.website-files.com 172 | #api. 173 | #app. 174 | #assets*. 175 | #blog. 176 | #book. 177 | #cdn. 178 | #cdnjs. 179 | #cloudinary. 180 | #community. 181 | #content. 182 | #data. 183 | #developers. 184 | #docs. 185 | #documentation. 186 | #download. 187 | #form. 188 | #forum. 189 | #forums. 190 | #git. 191 | #gitlab. 192 | #images. 193 | #js. 194 | #login. 195 | #media. 196 | #mirror*. 197 | #modules. 198 | #order. 199 | #pages.dev # Cloudflare Pages 200 | #pay. 201 | #pictures. 202 | #places. 203 | #ppa. 204 | #services. 205 | #shop. 206 | #static. 207 | #store. 208 | #support. 209 | #tech. 210 | #wiki. 211 | 212 | { upgrade{github} } 213 | .github.blog 214 | .github.com 215 | .githubcopilot.com 216 | .github.io 217 | .githubapp.com 218 | .githubassets.com 219 | .githubusercontent.com 220 | .gh.io 221 | 222 | { upgrade{apple} } 223 | .aaplimg.com 224 | .apple.com 225 | .apple.map.fastly.net 226 | .cdn-apple.com 227 | .dsce9.akamaiedge.net 228 | .dsct.akamaiedge.net 229 | .ls-apple.com.akadns.net 230 | 231 | { upgrade{amazon} } 232 | #.a.co 233 | #.a2z.com 234 | #.amazonaws.com 235 | #.amazonforum.com 236 | #.amazontrust.com 237 | #.awswaf.com 238 | #.payments-amazon.com 239 | #.primevideo.com 240 | .amazon.com 241 | .awsstatic.com 242 | .awswaf.com 243 | .images-amazon.com 244 | .media-amazon.com 245 | .ssl-images-amazon.com 246 | 247 | { upgrade{google} } 248 | #accounts.google.com 249 | .go.dev 250 | .goo.gl 251 | .google 252 | .google. 253 | .googleapis.com 254 | .googleblog.com 255 | .googlecode.com 256 | .googlemail.com 257 | .googlesource.com 258 | .googleusercontent.com 259 | .googlevideo.com 260 | .youtu.be 261 | .youtube-dl.org 262 | .youtube-nocookie.com 263 | .youtube.com 264 | .ytimg.com 265 | calendar.google.com 266 | dl.google.com 267 | docs.google.com 268 | drive.google.com 269 | mail.google.com 270 | maps.google.com 271 | maps.googleapis.com 272 | meet.google.com 273 | photos.google.com 274 | voice.google.com 275 | www.google.com 276 | 277 | { upgrade{mozilla} } 278 | .mozaws.net 279 | .mozilla.net 280 | .mozilla.org 281 | .mozillafoundation.org 282 | .mozillazine.org 283 | .thunderbird.net 284 | 285 | { upgrade{steam} } 286 | .steamcommunity.com 287 | .steamcontent.com # streams 288 | .steamdb.info 289 | .steamdeck.com 290 | .steamgames.com 291 | .steamos.cloud 292 | .steampowered.com 293 | .steamserver.net 294 | .steamstatic.com 295 | images.steamusercontent.com 296 | steamuserimages-a.akamaihd.net 297 | 298 | { upgrade{everything else} } 299 | .3m.com 300 | .acm.org 301 | .adafruit.com 302 | .adblockplus.org 303 | .admin.ch 304 | .adtidy.org 305 | .adyen.com 306 | .ae.com 307 | .aexp-static.com 308 | .aexp.com 309 | .aftership.com 310 | .airtable.com 311 | .algolia. 312 | .alienvault.com 313 | .alpinelinux.org 314 | .amd.com 315 | .americanbar.org 316 | .americanexpress.com 317 | .amiunique.org 318 | .amsat.org 319 | .amsecusa.com 320 | .amzn.to 321 | .anaconda.com 322 | .anaconda.org 323 | .android.com 324 | .annualcreditreport.com 325 | .anthropic.com 326 | .ap.org 327 | .apache.org 328 | .apc.com 329 | .appimage.org 330 | .arcgis.com 331 | .arcgisonline.com 332 | .archive.is 333 | .archive.org 334 | .archive.ph 335 | .archlinux.org 336 | .arduino.cc 337 | .arm.com 338 | .arrl.org 339 | .arstechnica.com 340 | .arstechnica.net 341 | .arubanetworks.com 342 | .arxiv.org 343 | .askubuntu.com 344 | .asrock.com 345 | .asus.com 346 | .atl-paas.net # atlassian 347 | .atlasofsurveillance.org 348 | .atlassian.com 349 | .atlassian.net 350 | .auspost.com.au 351 | .auth0.com 352 | .authorize.net 353 | .autocheck.com 354 | .autotrader.com 355 | .awesomeopensource.com 356 | .azureedge.net 357 | .azurestandard.com 358 | .badssl.com 359 | .bankofamerica.com 360 | .barrons.com 361 | .basher.it 362 | .bbc.co.uk 363 | .bbc.com 364 | .bbystatic.com 365 | .beamng.com 366 | .benjaminmoore.com 367 | .benq.com 368 | .berkeley.edu 369 | .bestbuy.com 370 | .bhphoto.com 371 | .bhphotovideo.com 372 | .bigcommerce.com 373 | .binarydefense.com 374 | .bitbucket.org 375 | .blackhat.com 376 | .bleepingcomputer.com 377 | .bleepstatic.com 378 | .blogblog.com 379 | .blogger.com 380 | .bloglovin.com 381 | .blogspot. 382 | .blu-ray.com 383 | .bmj.com 384 | .bootc.net 385 | .boum.org 386 | .box.com 387 | .box.net 388 | .boxcdn.net 389 | .boxcloud.com 390 | .brave.com 391 | .brew.sh 392 | .bringatrailer.com 393 | .broadcom.com 394 | .brother-usa.com 395 | .bsigroup.com 396 | .buildkite.com 397 | .businesswire.com 398 | .byexamples.com 399 | .bytebucket.org 400 | .ca.gov 401 | .cambridge.org 402 | .camelcamelcamel.com 403 | .canadapost.ca 404 | .canarytokens.org 405 | .canon.com 406 | .canonical.com 407 | .capitalone.com 408 | .capitalone360.com 409 | .captcha-delivery.com 410 | .cbc.ca 411 | .ccc.de 412 | .cdc.gov 413 | .cdn-redfin.com 414 | .celestrak.com 415 | .centos.org 416 | .ch.ch 417 | .chase.com 418 | .chatgpt.com 419 | .chewy.com 420 | .chromium.org 421 | .chrono24.com 422 | .cia.gov 423 | .cisco.com 424 | .cisecurity.org 425 | .citizenlab.ca 426 | .claude.ai 427 | .clojure.org 428 | .cloudflareregistrar.com 429 | .cloudflarestorage.com 430 | .cnet.com 431 | .codeberg.org 432 | .codecov.io 433 | .coderpad.io 434 | .colorado.gov 435 | .colostate.edu 436 | .comcast.com 437 | .comcast.net 438 | .congress.gov 439 | .coreboot.org 440 | .coredump.cx 441 | .cornell.edu 442 | .costco.com 443 | .cpb.gov 444 | .cpubenchmark.net 445 | .craigslist.org 446 | .creativecommons.org 447 | .criterion.com 448 | .crowdsupply.com 449 | .crt.sh 450 | .crucial.com 451 | .cryptography.io 452 | .cryptographyengineering.com 453 | .cryptomuseum.com 454 | .cs.cornell.edu 455 | .ctfassets.net 456 | .ctftime.org 457 | .custhelp.com 458 | .cve.org 459 | .cvedetails.com 460 | .cypherpunks.ca 461 | .darkreading.com 462 | .db.tt 463 | .dd-wrt.com 464 | .debian-administration.org 465 | .debian.net 466 | .debianforum.de 467 | .dell.com 468 | .denon.com 469 | .dev.to 470 | .dhs.gov 471 | .die.net 472 | .digicert.com 473 | .digikey.com 474 | .digitalgov.gov 475 | .digitalocean.com 476 | .discourse-cdn.com 477 | .distrowatch.com 478 | .docker.com 479 | .dockerstatic.com 480 | .docker.io 481 | .documentcloud.org 482 | .documentfoundation.org 483 | .docusign.com 484 | .docusign.net 485 | .doi.org 486 | .dolby.com 487 | .dp.la 488 | .dropbox.com 489 | .dropboxatwork.com 490 | .dropboxteam.com 491 | .duo.com 492 | .duosecurity.com 493 | .ebay.com 494 | .ebaycdn.net 495 | .ebaydesc.com 496 | .ebayimg.com 497 | .ebayrtm.com 498 | .ebaystatic.com 499 | .ecfr.gov 500 | .edx-cdn.org 501 | .edx.org 502 | .eff.org 503 | .ehi.com 504 | .elsevier.com 505 | .elsevierhealth.com 506 | .emacswiki.org 507 | .emergingthreats.net 508 | .enterprise.com 509 | .eoportal.org 510 | .epicgames.com 511 | .equifax.com 512 | .esa.int 513 | .eso.org 514 | .etrade.com 515 | .etrade.net 516 | .etsy.com 517 | .etsystatic.com 518 | .eventbrite.com 519 | .expedia.com 520 | .experian.com 521 | .export.gov 522 | .f-droid.org 523 | .faircode.eu 524 | .fanboy.co.nz 525 | .fandom.com 526 | .fast.com 527 | .fbi.gov 528 | .fbinaa.org 529 | .fccid.io 530 | .fda.gov 531 | .fedex.com 532 | .fedoraproject.org 533 | .ffmpeg.org 534 | .fidelity.com 535 | .finviz.com 536 | .flathub.org 537 | .flatpak.org 538 | .flicker.com 539 | .flickr.com 540 | .flickr.net 541 | .flightradar24.com 542 | .forbes.com 543 | .fourseasons.com 544 | .freebsd.org 545 | .freebsdfoundation.org 546 | .freedesktop.org 547 | .freedomhouse.org 548 | .freelists.org 549 | .fsdn.com # sourceforge 550 | .fsf.org 551 | .ft.com 552 | .ftc.gov 553 | .fwupd.org 554 | .garmin.com 555 | .geeqie.org 556 | .gentoo.org 557 | .geojson.org 558 | .gfycat.com 559 | .ggpht.com 560 | .ghcr.io 561 | .gimp.org 562 | .giphy.com 563 | .git-scm.com 564 | .gitlab.com 565 | .gitlab.io 566 | .gizmodo.com 567 | .gmail.com 568 | .gnome.org 569 | .gnu.org 570 | .gnupg.net 571 | .gnupg.org 572 | .go.dev 573 | .gobyexample.com 574 | .godoc.org 575 | .gofundme.com 576 | .gog-statics.com 577 | .gog.com 578 | .gohugo.io 579 | .golang.com 580 | .golang.org 581 | .golangci-lint.run 582 | .goteleport.com 583 | .governmentattic.org 584 | .gparted.org 585 | .grapheneos.org 586 | .greenhouse.io 587 | .gstatic.com 588 | .guim.co.uk 589 | .gvt0.com 590 | .gvt1.com 591 | .gvt2.com 592 | .gvt3.com 593 | .happycow.net 594 | .harvard.edu 595 | .hashicorp.com 596 | .hathitrust.org 597 | .haxx.se 598 | .hbr.org 599 | .hcaptcha.com 600 | .he.net 601 | .heinz.com 602 | .hetzner.cloud 603 | .hetzner.com 604 | .hf.co 605 | .hf.space 606 | .hhkeyboard.us 607 | .hireright.com 608 | .homedepot.com 609 | .house.gov 610 | .houzz.com 611 | .hps.org 612 | .huggingface.co 613 | .hybrid-analysis.com 614 | .iacr.org 615 | .iana.org 616 | .ibm.com 617 | .icanhazip.com 618 | .icann.org 619 | .icannwiki.org 620 | .icmconference.org 621 | .id.me 622 | .ieee.org 623 | .ietf.org 624 | .ifixit.com 625 | .ign.com 626 | .imdb.com 627 | .imfreedom.org 628 | .imgbox.com 629 | .imgix.net 630 | .imgur.com 631 | .intel.com 632 | .invidious.io 633 | .ipdeny.com 634 | .irs.gov 635 | .isc.org 636 | .itsfoss.com 637 | .ixquick.com 638 | .jhu.edu 639 | .jobvite.com 640 | .jquery.com 641 | .jsononline.com 642 | .jstor.org 643 | .justdeleteme.xyz 644 | .justice.gov 645 | .jwplatform.com 646 | .kali.org 647 | .kde.org 648 | .kdenlive.org 649 | .keepassxc.org 650 | .kernel.org 651 | .keybase.io 652 | .keylength.com 653 | .khanacademy.org 654 | .kiwix.org 655 | .knowyourmeme.com 656 | .kubernetes.io 657 | .last.fm 658 | .launchpad.net 659 | .lenovo.com 660 | .letsencrypt.org 661 | .levels.fyi 662 | .lever.co 663 | .lexisnexis.com 664 | .lexus.com 665 | .lg.com 666 | .libreoffice.org 667 | .libssh.org 668 | .lighttpd.net 669 | .lineageos.com 670 | .lineageos.org 671 | .linux-audit.com 672 | .linuxforums.org 673 | .linuxjournal.com 674 | .linuxquestions.org 675 | .list-manage.com 676 | .litmos.com 677 | .lkml.org 678 | .llvm.org 679 | .lobste.rs 680 | .loc.gov 681 | .logicalincrements.com 682 | .loopnet.com 683 | .lots-project.com 684 | .lucid.co 685 | .lutris.net 686 | .lwn.net 687 | .lww.com 688 | .macmillan.com 689 | .mail-archive.com 690 | .mailbox.org 691 | .mamba.pm 692 | .manjaro.org 693 | .mapgeo.io 694 | .mapquest.com 695 | .marc.info 696 | .marketwatch.com 697 | .martinlogan.com 698 | .mastodon.social 699 | .mastodon.world 700 | .mathopolis.com 701 | .mathoverflow.com 702 | .mathsisfun.com 703 | .matrix.org 704 | .matterport.com 705 | .maxar.com 706 | .mayoclinic.org 707 | .mcgill.ca 708 | .mechanix.com 709 | .mediawiki.org 710 | .medium.com 711 | .meetup.com 712 | .meetupstatic.com 713 | .merriam-webster.com 714 | .metafilter.com 715 | .milwaukeetool.com 716 | .mit.edu 717 | .mitre.org 718 | .monoprice.com 719 | .morganstanley.com 720 | .morganstanleyclientserv.com 721 | .mqcdn.com # mapquest 722 | .msi.com 723 | .muckrack.com 724 | .muckrock.com 725 | .mullvad.net 726 | .mwl.io 727 | .namecheap.com 728 | .narescue.com 729 | .nasa.gov 730 | .nationalacademies.org 731 | .nature.com 732 | .nc-img.com 733 | .netdna-ssl.com 734 | .netguard.me 735 | .netify.ai 736 | .newegg.com 737 | .neweggimages.com 738 | .newpipe.net 739 | .nextdoor.com 740 | .nexusmods.com 741 | .nginx.org 742 | .nh.us 743 | .nhs.uk 744 | .nih.gov 745 | .nixos.org 746 | .noaa.gov 747 | .nodejs.org 748 | .nordstrom.com 749 | .noscript.net 750 | .npr.org 751 | .nro.net 752 | .nsf.gov 753 | .ntppool.org 754 | .nvidia.com 755 | .nypost.com 756 | .nyt.com 757 | .nytimes.com 758 | .obdev.at 759 | .oclc.org 760 | .octocaptcha.com 761 | .okstate.edu 762 | .okta.com 763 | .oktacdn.com 764 | .ollama.com 765 | .oneplus.com 766 | .onerng.info 767 | .ontrac.com 768 | .openai.com 769 | .opencensus.io 770 | .openpgp.org 771 | .openra.net 772 | .openshot.org 773 | .openssl.org 774 | .openstreetmap.org 775 | .opensuse.org 776 | .openvpn.net 777 | .openvpn.org 778 | .openwall.com 779 | .openwebui.com 780 | .openwrt.org 781 | .opnsense.org 782 | .optionstrat.com 783 | .optoutprescreen.com 784 | .osmand.net 785 | .ovh.com 786 | .ovh.net 787 | .ovh.us 788 | .ovhcloud.com 789 | .owasp.org 790 | .pages.dev 791 | .panasonic.com 792 | .pandoc.org 793 | .parallels.com 794 | .pastebin.com 795 | .patagonia.com 796 | .patreon.com 797 | .patreonusercontent.com 798 | .paypal.com 799 | .paypalobjects.com 800 | .pcengines.ch 801 | .pcmag.com 802 | .pcpartpicker.com 803 | .petfinder.com 804 | .pewresearch.org 805 | .pfsense.org 806 | .phoronix.com 807 | .phoronix.net 808 | .phys.org 809 | .pi-hole.net 810 | .pinboard.in 811 | .pinimg.com 812 | .pinterest. 813 | .plos.org 814 | .plosone.org 815 | .podman.io 816 | .popular.pics 817 | .porsche.com 818 | .posteo.de 819 | .princeton.edu 820 | .privacyguides.org 821 | .privacyguides.net 822 | .privacyguidesusercontent.com 823 | .privoxy.org 824 | .propublica.org 825 | .proton.me 826 | .publicsuffix.org 827 | .purpleair.com 828 | .pypi.org 829 | .python.org 830 | .pythonhosted.org 831 | .pytorch.org 832 | .quad9.net 833 | .qubes-os.org 834 | .qz.com 835 | .radb.net 836 | .radeon.com 837 | .radioreference.com 838 | .raspberrypi.com 839 | .raspberrypi.org 840 | .readthedocs.io 841 | .realtor.com 842 | .recaptcha.net 843 | .redcross.org 844 | .redd.it 845 | .reddit.com 846 | .redditmedia.com 847 | .redditstatic.com 848 | .reddituploads.com 849 | .redfin.com 850 | .redhat.com 851 | .rei.com 852 | .rentalcars.com 853 | .reolink.com 854 | .reolink.us 855 | .republicoftea.com 856 | .researchgate.net 857 | .reshade.me 858 | .reuters.com 859 | .ripe.net 860 | .riseup.net 861 | .rottentomatoes.com 862 | .rsaconference.com 863 | .rtings.com 864 | .rubygems.org 865 | .rust-lang.org 866 | .rustup.rs 867 | .sagepub.com 868 | .samsung.com 869 | .sans.edu 870 | .sans.org 871 | .satnogs.org 872 | .schwab.com 873 | .sciencedirect.com 874 | .scotusblog.com 875 | .scribd.com 876 | .scribdassets.com 877 | .se.com 878 | .sec.gov 879 | .sec.report 880 | .securelist.com 881 | .senate.gov 882 | .serverfault.com 883 | .shellcheck.net 884 | .shipstation.com 885 | .shodan.io 886 | .signal.org 887 | .singleplatform.com 888 | .slack-edge.com 889 | .slack-imgs.com 890 | .slack.com 891 | .slideshare.net 892 | .smallstep.com 893 | .smapi.io 894 | .snapcraft.io 895 | .someonewhocares.org 896 | .sony.com 897 | .soundcloud.com 898 | .sourceforge.io 899 | .sourceforge.net 900 | .space.com 901 | .spacetelescope.org 902 | .spaceweather.com 903 | .spaceweathergallery2.com 904 | .spacex.com 905 | .sparkfun.com 906 | .splunk.com 907 | .squarespace-cdn.com 908 | .squarespace.com 909 | .ssllabs.com 910 | .sstatic.net 911 | .stackauth.com 912 | .stackexchange.com 913 | .stackoverflow.com 914 | .startpage.com 915 | .state.gov 916 | .static-bluray.com 917 | .static.pub 918 | .staticflickr.com 919 | .statuspage.io 920 | .stlouisfed.org 921 | .streamable.com 922 | .stunnel.org 923 | .suckless.org 924 | .sunrise-sunset.org 925 | .superuser.com 926 | .sudo.ws 927 | .suse.com 928 | .swappa.com 929 | .sweetwater.com 930 | .sysctl-explorer.net 931 | .tableau.com 932 | .tableausoftware.com 933 | .tacdn.com # tripadvisor 934 | .tails.net 935 | .target.com 936 | .targetimg1.com 937 | .taxfoundation.org 938 | .techradar.com 939 | .terraform.io 940 | .thdstatic.com 941 | .theguardian.com 942 | .thehomedepot.com 943 | .theverge.com 944 | .threatpost.com 945 | .time.gov 946 | .tldp.org 947 | .tomshardware.com 948 | .tonic.to 949 | .torproject.org 950 | .toyota.com 951 | .tp-link.com 952 | .tractorsupply.com 953 | .tradingview.com 954 | .transunion.com 955 | .travel-assets.com 956 | .tripadvisor.com 957 | .trmm.net 958 | .tuta.com 959 | .twitch.tv 960 | .ubuntuforums.org 961 | .ubuntuhandbook.org 962 | .uefi.org 963 | .ui.com 964 | .umu.se 965 | .undeadly.org 966 | .unicef.org 967 | .unix.com 968 | .unsplash.com 969 | .ups.com 970 | .usembassy.gov 971 | .userbenchmark.com 972 | .usgs.gov 973 | .usps.com 974 | .utah.gov 975 | .vanguard.com 976 | .vaultproject.io 977 | .verisign.com 978 | .verizon.com 979 | .verizonwireless.com 980 | .vermont.gov 981 | .vgcontent.info 982 | .vgdynamic.info 983 | .videolan.org 984 | .vimeo.com 985 | .vimeocdn.com 986 | .visa.com 987 | .virustotal.com 988 | .vmware.com 989 | .voidlinux.org 990 | .vt.edu 991 | .w.org 992 | .w1.fi 993 | .w3.org 994 | .w3schools.com 995 | .walmart.com 996 | .walmartimages.com 997 | .weather.gov 998 | .whispersystems.org 999 | .whitehouse.gov 1000 | .whois.com 1001 | .whonix.org 1002 | .wikibooks.org 1003 | .wikidata.org 1004 | .wikihow.com 1005 | .wikimedia.org 1006 | .wikimediafoundation.org 1007 | .wikinews.org 1008 | .wikipedia.org 1009 | .wikiquote.org 1010 | .wikisource.org 1011 | .wikiversity.org 1012 | .wikivoyage.org 1013 | .wiktionary.org 1014 | .wiley.com 1015 | .wired.com 1016 | .wireshark.org 1017 | .wix.com 1018 | .wixsite.com 1019 | .wixstatic.com 1020 | .wiz.io 1021 | .wordpress.com 1022 | .wordpress.org 1023 | .worldmarket.com 1024 | .wp.com 1025 | .wp.org 1026 | .wsj.com 1027 | .xcp-ng.org 1028 | .xda-developers.com 1029 | .xfinity.com 1030 | .xfree86.org 1031 | .xmpp.org 1032 | .xubuntu.org 1033 | .yahoo. 1034 | .yahooapis.com 1035 | .ycombinator.com 1036 | .yelp.com 1037 | .yelpcdn.com 1038 | .yimg.com # yahoo 1039 | .yoyo.org 1040 | .yp.to 1041 | .yubico.com 1042 | .zdassets.com # zendesk 1043 | .zdnet.com 1044 | .zendesk.com 1045 | .zojirushi.com 1046 | .zoom.us 1047 | .zoominfo.com 1048 | 1.1.1.1 1049 | cdimage.debian.org 1050 | cdn.openbsd.org 1051 | cdnjs.cloudflare.com 1052 | challenges.cloudflare.com # cloudflare captcha 1053 | cr.yp.to 1054 | cvsweb.openbsd.org 1055 | debian.org 1056 | developer.chrome.com 1057 | ftp.openbsd.org 1058 | lists.debian.org 1059 | man.openbsd.org 1060 | openbsd.org 1061 | release.debian.org 1062 | security-tracker.debian.org 1063 | wiki.debian.org 1064 | www.debian.org 1065 | www.openbsd.org 1066 | 1067 | { unblock{local} } 1068 | #127.0.0.1:8080 1069 | #localhost:8080 1070 | #127.0.0.1 1071 | #10.0. 1072 | #172.16. 1073 | #192.168. 1074 | 1075 | { unblock{infra} } 1076 | .amazontrust.com 1077 | .arpa 1078 | .example.com 1079 | .gov 1080 | .lencr.org 1081 | .ocsp.sectigo.com 1082 | .openh264.org 1083 | .pki.goog 1084 | .ss2.us 1085 | .ssl.com 1086 | .ubuntu.com 1087 | cacerts. 1088 | certs.apple.com 1089 | crl. 1090 | crt.sectigo.com 1091 | crt.usertrust.co 1092 | myspeed. 1093 | ntp.org 1094 | ocsp. 1095 | ocsp2.apple.com 1096 | ocsp2.globalsign.com 1097 | status.geotrust.com 1098 | status.rapidssl.com 1099 | status.thawte.com 1100 | zerossl.ocsp.sectigo.com 1101 | 1102 | { unblock{speedtest} } 1103 | .speedtest.net 1104 | speedtest. 1105 | myspeed. 1106 | 1107 | { unblock{steam} } 1108 | ping.archlinux.org/nm-check.txt 1109 | test.steampowered.com/204 1110 | 1111 | { unblock{android} } 1112 | connectivitycheck.gstatic.com/generate_204 1113 | 1114 | #{+hide-user-agent{Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36}} 1115 | #/ 1116 | 1117 | #{+set-image-blocker{http://10.8.1.1/}} 1118 | #/.*.[jpg|jpeg|gif|png|webp]$ 1119 | -------------------------------------------------------------------------------- /zshrc: -------------------------------------------------------------------------------- 1 | # https://github.com/drduh/config/blob/main/zshrc 2 | umask 077 3 | autoload -U colors && colors 4 | autoload -U compinit && compinit 5 | 6 | bindkey "^[[1;5C" vi-forward-word 7 | bindkey "^[[1;3C" forward-word 8 | bindkey "^[[1;5D" vi-backward-word 9 | bindkey "^[[1;3D" backward-word 10 | 11 | export today="$(date +%F)" 12 | export ts="$(date +%s)" 13 | export PS1="%{$fg[red]%}%h %{$fg[yellow]%}%~ %{$reset_color%}% " 14 | export SPROMPT="$fg[red]%R$reset_color did you mean $fg[green]%r?$reset_color " 15 | export NETWORK="$(ip a | sed -n '/state UP/ s/.: //p' | sed 's/:.*//g')" 16 | export ROOT="$(command -v sudo || command -v doas)" 17 | export HISTFILE="${HOME}/.histfile" 18 | export HISTSIZE=200 19 | export SAVEHIST=${HISTSIZE} 20 | 21 | #export http_proxy="127.0.0.1:8118" 22 | #export https_proxy="127.0.0.1:8118" 23 | #export http_proxy="http://127.0.0.1:8118" 24 | #export https_proxy="http://127.0.0.1:8118" 25 | 26 | LANG="en_US.UTF-8" 27 | export LC_ADDRESS=${LANG} 28 | export LC_ALL=${LANG} 29 | export LC_COLLATE=${LANG} 30 | export LC_CTYPE=${LANG} 31 | export LC_IDENTIFICATION=${LANG} 32 | export LC_MEASUREMENT=${LANG} 33 | export LC_MESSAGES=${LANG} 34 | export LC_MONETARY=${LANG} 35 | export LC_NAME=${LANG} 36 | export LC_PAPER=${LANG} 37 | export LC_TELEPHONE=${LANG} 38 | export LC_TIME=${LANG} 39 | export LESS="-FRX" 40 | export LESSCHARSET="utf-8" 41 | export LESSHISTFILE=- 42 | export LESSSECURE=1 43 | export GOPATH="${HOME}/go" 44 | export GOBIN="${HOME}/go/bin" 45 | export PYTHONSTARTUP="${HOME}/.pythonrc" 46 | #export TZ="UTC" 47 | 48 | setopt alwaystoend 49 | setopt autocd 50 | setopt autopushd 51 | setopt completeinword 52 | setopt correct 53 | setopt extendedglob 54 | setopt extendedhistory 55 | setopt histignorealldups 56 | setopt histignorespace 57 | setopt histreduceblanks 58 | setopt listtypes 59 | setopt nobeep 60 | setopt nocaseglob 61 | setopt noclobber 62 | setopt nullglob 63 | 64 | zstyle ":completion:*" auto-description "specify %d" 65 | zstyle ":completion:*" cache-path "${HOME}/.zsh_cache" 66 | zstyle ":completion:*" completer _expand _complete _correct _approximate 67 | zstyle ":completion:*" file-sort modification reverse 68 | zstyle ":completion:*" format "completing %d" 69 | zstyle ":completion:*" group-name "" 70 | zstyle ":completion:*" hosts off 71 | zstyle ":completion:*" list-colors "=(#b) #([0-9]#)*=36=31" 72 | zstyle ":completion:*" menu select=long-list select=0 73 | zstyle ":completion:*" use-cache on 74 | zstyle ":completion:*" verbose yes 75 | zstyle ":completion:*:kill:*" command "ps -u ${USER} -o pid,%cpu,tty,cputime,cmd" 76 | 77 | alias -g G="| grep -i" 78 | alias -g H="| head" 79 | alias -g L="| less" 80 | alias -g S="| sort" 81 | alias -g T="| tail" 82 | alias -g U="| uniq" 83 | alias -g V="| vim -" 84 | alias -g XC="| xclip -i" 85 | alias -g XP="| xclip -o" 86 | alias l="ls -ltrhsa" 87 | alias ls="ls -lha" 88 | alias lo="libreoffice" 89 | alias logs="journalctl --follow" 90 | alias t="tail -f" 91 | alias v="vim -p" 92 | alias cat="cat -t" 93 | alias cp="cp -i" 94 | alias mv="mv -i" 95 | alias rebootfw="systemctl reboot --firmware-setup" 96 | alias rm="rm -i" 97 | alias audio="pgrep pulseaudio||pulseaudio &;pacmd list-sinks|egrep '\*|card:'" 98 | alias audio_set="pacmd set-default-sink ${1}" 99 | alias bim="vim" 100 | alias bios="${ROOT} dmidecode -s bios-version" 101 | alias blk="lsblk -e 7 -o name,fstype,size,fsused,label,partlabel,mountpoint,parttype" 102 | alias boots="journalctl --list-boots" 103 | alias card-status="gpg --card-status" 104 | alias cr="firejail --dbus-user=none chromium --enable-unveil --incognito --no-referrers --no-pings --no-experiments --disable-translate --dns-prefetch-disable --disable-background-mode --no-first-run --no-default-browser-check --ssl-version-min=tls1.2" 105 | alias d="du -hd1 ." 106 | alias dif="diff" 107 | alias dimages="docker images --format '{{.Repository}}-{{.Tag}}' | sort" 108 | alias dmsg="${ROOT} dmesg -wHT" 109 | alias et="exiftool" 110 | alias feh="feh --auto-rotate --auto-zoom --draw-filename --recursive --scale-down --image-bg black --verbose" 111 | alias ff="firefox --ProfileManager --no-remote" 112 | #alias ff="/Applications/Firefox.app/Contents/MacOS/firefox --ProfileManager --no-remote" 113 | alias fonts="fc-list : family | sort" 114 | alias fre="free -h" 115 | alias ftb="firejail --profile=firejailed-tor-browser ${HOME}/Browser/start-tor-browser" 116 | alias gitadd="git add" 117 | alias gitcommit="git commit" 118 | alias gitdiff="git diff" 119 | alias gitpull="git pull" 120 | alias gitpush="git push" 121 | alias gitreset="git reset --hard origin/main" 122 | alias gitstatus="git status" 123 | alias goinit="go mod init main && go mod tidy" 124 | alias gorun="go run ." 125 | alias gp="for r in */.git ; do ( cd \$r/.. && git pull ; ) ; done" 126 | alias grep="grep --color --text" 127 | alias grepv="grep --invert-match" 128 | alias html="html2text | tr -d '^I' | sed '/^[[:space:]]*$/d'" 129 | alias kiwix-serve="docker run -v ${HOME}/kiwix:/data -p 8080:8080 ghcr.io/kiwix/kiwix-serve '*.zim'" 130 | alias mailo="virsh --connect qemu:///system start 'openbsd' && sleep 10 && ssh -Y virtual -t thunderbird && virsh --connect qemu:///system shutdown 'openbsd'" 131 | alias mnt="${ROOT} mount -o uid=1000 ${1}" 132 | alias off="${ROOT} shutdown -h now" 133 | alias ollamaDocker="docker exec ollama ollama" 134 | alias oath="oathtool --totp=sha1 --base32" 135 | function oath_lowsec_a { oath "$(cat ${HOME}/secrets/a)" } 136 | function oath_lowsec_b { oath "$(cat ${HOME}/secrets/b)" } 137 | alias oath_a="ykman oath accounts code a" 138 | alias oath_b="ykman oath accounts code b" 139 | alias p="python3" 140 | alias pkg-info="apt-cache show" 141 | alias proc="ps axjf" 142 | alias rebootfw="systemctl reboot --firmware-setup" 143 | alias resize_view="xrandr --output Virtual1 --mode 1600x1200" 144 | alias sb="mokutil --sb-state" 145 | alias setcap_net="${ROOT} setcap cap_net_raw=eip ${1}" 146 | alias slow_startup="systemd-analyze blame" 147 | alias start_ollama="docker run --network=host -d --gpus=all -v ollama:/root/.ollama -p 11434:11434 --name ollama ollama/ollama" 148 | alias start_webui="docker run --network=host -d -p 3000:8080 --add-host=host.docker.internal:host-gateway -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:latest" 149 | alias tb="thunderbird --ProfileManager --no-remote" 150 | alias test_sound="aplay -d 0 /usr/share/sounds/alsa/Front_Center.wav" 151 | alias update="sudo apt update && sudo apt -y upgrade" 152 | alias utc="date -u '+%Y.%m.%dT%H:%M'" 153 | alias vm="virt-manager" 154 | alias vnc_start="x0vncserver -passwordfile ~/.vnc/passwd -display :0" 155 | alias vnc_tv="ssh -Y tv -t remmina -c /home/media/.local/share/remmina/group_vnc_quick-connect_127-0-0-1-5900.remmina" 156 | alias wifi="${ROOT} wpa_cli status" 157 | alias wifich="iwlist ${NETWORK} channel | sed -n '/Current/ s/.*://p'" 158 | alias wifi_scan="nmcli -f all dev wifi || ${ROOT} iwlist ${NETWORK} scan | grep -A5 Cell" 159 | alias x="startx" 160 | alias yt="youtube-dl --restrict-filenames --no-overwrites --write-info-json --write-thumbnail --no-call-home --force-ipv4 --format 'best[height<=720]'" 161 | alias yt_max="youtube-dl --restrict-filenames --no-overwrites --write-info-json --write-thumbnail --no-call-home --force-ipv4" 162 | 163 | alias x230_read_bot="flashrom -c 'MX25L6406E/MX25L6408E' -p linux_spi:dev=/dev/spidev0.0,spispeed=512 -r bottom.rom.${today}" 164 | alias x230_read_top="flashrom -c 'MX25L3206E/MX25L3208E' -p linux_spi:dev=/dev/spidev0.0,spispeed=512 -r top.rom.${today}" 165 | alias x230_write_bot="flashrom -c 'MX25L6406E/MX25L6408E' -p linux_spi:dev=/dev/spidev0.0,spispeed=512 -w coreboot-bottom.rom" 166 | alias x230_write_top="flashrom -c 'MX25L3206E/MX25L3208E' -p linux_spi:dev=/dev/spidev0.0,spispeed=512 -w coreboot-top.rom" 167 | 168 | alias ..="cd .." 169 | alias ...="cd ../.." 170 | alias ....="cd ../../.." 171 | alias .....="cd ../../../.." 172 | 173 | function days_until { 174 | echo $(( ($(date -d "${1}" +%s) - $(date +%s)) / 86400 )) } 175 | 176 | function dedupe { 177 | time find "${@}" ! -empty -type f -exec md5sum {} + | \ 178 | sort | uniq -w32 -dD } 179 | 180 | function dedupe_fast { 181 | time find "${@}" ! -empty -type f -exec crc32 {} + | \ 182 | sort | uniq -w8 -D } 183 | 184 | function dns_cf { 185 | curl -H "Accept: application/dns-json" \ 186 | "https://1.1.1.1/dns-query?name=${1}" } 187 | 188 | function domain { # truncate to top level domain 189 | awk -S -F "." '!/^\s*$/{print ( $(NF-1)"."$(NF) )}' "${1}" } 190 | 191 | function gas { # get CIDRs for AS number 192 | whois -h whois.radb.net '!g'${1} } 193 | 194 | function getGoes { 195 | curl -s -o "geo.${1}.$(date -u '+%Y%m%dT%H:%M').jpg" \ 196 | "https://cdn.star.nesdis.noaa.gov/GOES18/ABI/SECTOR/${1}/GEOCOLOR/latest.jpg" } 197 | 198 | function gpg_restart { 199 | pkill "gpg|pinentry|ssh-agent" 200 | eval $(gpg-agent --daemon --enable-ssh-support) } 201 | 202 | function grepAddr { 203 | grep -Eo \ 204 | "([0-9]{1,3}\.){3}[0-9]{1,3}" "${@}" } 205 | 206 | function grepUrl { 207 | grep -Eo \ 208 | "(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]" "${@}" } 209 | 210 | function adbpkg { 211 | for p in $(adb shell pm list package|awk -S -F "package:" '{print $2}'); \ 212 | do echo -n "$p: " 213 | adb shell dumpsys package $p | \ 214 | grep -i versionname | \ 215 | awk -S -F "=" '{print $2}' 216 | done > adb.pkg.${today} } 217 | 218 | function audit_getcap { 219 | getcap -r ${1:=.} 2> /dev/null } 220 | 221 | function audit_setuid { 222 | find ${1:=.} -type f -perm -04000 -ls 2> /dev/null } 223 | 224 | function b { 225 | echo ${1:=100} | \ 226 | sudo tee /sys/class/backlight/amdgpu_bl1/brightness } 227 | 228 | function backup { 229 | cp -v "${1}" "${1}.${ts}" } 230 | 231 | function bat { 232 | upower -i /org/freedesktop/UPower/devices/battery_BAT0 | \ 233 | grep -E "state|to\ full|percentage" || apm } 234 | 235 | function calc { 236 | awk -S "BEGIN { print "$*" }" } 237 | 238 | function calc_grow { 239 | printf "%s at %s for %s:\n" \ 240 | "${1:-100}" "${2:-1.10}" "${3:-10}" 241 | awk -S -v p="${1:-100}" -v rate="${2:-1.10}" -v y="${3:-10}" \ 242 | 'BEGIN {for (i=0; i<=y; i++) {b = p * rate; p = b; print i ": " p }}' } 243 | 244 | function calc_percent () { 245 | for i in {-9..9}; do 246 | p=$((${1} * i / 100)) 247 | v=$((${1} + p)) 248 | if [ "$i" -lt 0 ]; then 249 | printf "%s%%: %s\n" "${i}" "${v}" 250 | else 251 | printf "+%s%%: %s\n" "${i}" "${v}" 252 | fi 253 | done } 254 | 255 | function cert { 256 | cn="${1:-${ts}}" 257 | expire="${2:-8}" 258 | openssl req -new \ 259 | -newkey rsa:4096 -nodes \ 260 | -subj "/CN=${cn}" \ 261 | -x509 -sha512 -days "${expire}" \ 262 | -keyout "s.${cn}.pem" -out "s.${cn}.crt" 263 | openssl x509 -in "s.${cn}.crt" -noout \ 264 | -subject -issuer -dates -serial 265 | for ft in \-sha1 \-sha256 \-sha512 ; do \ 266 | openssl x509 -in "s.${cn}.crt" -noout \ 267 | -fingerprint ${ft} | tr -d ":" ; done } 268 | 269 | function cidr { 270 | whois -h "whois.arin.net" -- \ 271 | "n + $(curl -s https://icanhazip.com/)" | \ 272 | grep "CIDR:" } 273 | 274 | function colours { 275 | for i in {001..255} ; do \ 276 | printf "\x1b[38;5;${i}m${i}\n" | \ 277 | tr "\n" " " ; done | fold -w 255 } 278 | 279 | function convertEpoch { 280 | date -r "${1}" '+%m/%d/%Y-%H:%M:%S' } 281 | 282 | function convertSecs { 283 | ((h=${1}/3600)) ; ((m=(${1}%3600)/60)) ; ((s=${1}%60)) 284 | printf "${1} seconds is %02d hours, %02d minutes and %02d seconds\n" \ 285 | ${h} ${m} ${s} } 286 | 287 | function dump_arp { 288 | ${ROOT} tcpdump -eni ${NETWORK} -w arp-${ts}.pcap \ 289 | "ether proto 0x0806" } 290 | 291 | function dump_icmp { 292 | ${ROOT} tcpdump -ni ${NETWORK} -w icmp-${ts}.pcap \ 293 | "icmp" } 294 | 295 | function dump_pflog { 296 | ${ROOT} tcpdump -ni pflog0 -w pflog-${ts}.pcap \ 297 | "not icmp6 and not host ff02::16 and not host ff02::d" } 298 | 299 | function dump_syn { 300 | ${ROOT} tcpdump -ni ${NETWORK} -w syn-${ts}.pcap \ 301 | "tcp[13] & 2 != 0" } 302 | 303 | function dump_udp { 304 | ${ROOT} tcpdump -ni ${NETWORK} -w udp-${ts}.pcap \ 305 | "udp and not port 443" } 306 | 307 | function dump_dns { 308 | tshark -i ${NETWORK} -Y "dns.flags.response == 1" -Tfields \ 309 | -e frame.time_delta -e dns.qry.name -e dns.a -Eseparator=, } 310 | 311 | function dump_http { 312 | tshark -i ${NETWORK} -Y "http.request or http.response" -Tfields \ 313 | -e ip.dst -e http.request.full_uri -e http.request.method \ 314 | -e http.response.code -e http.response.phrase -Eseparator=, } 315 | 316 | function dump_ssl { 317 | tshark -i ${NETWORK} -Y "ssl.handshake.certificate" -Tfields \ 318 | -e ip.src -e x509sat.uTF8String -e x509sat.printableString \ 319 | -e x509sat.universalString -e x509sat.IA5String \ 320 | -e x509sat.teletexString -Eseparator=, } 321 | 322 | function e { 323 | printf "%s entropy bits in %s characters at %s length\n" \ 324 | $(awk -S -v c="${1}" -v l="${2}" "BEGIN { print log(c^l)/log(2) }") \ 325 | "${1}" "${2}" } 326 | 327 | function encrypt { # list preferred id last 328 | output="${HOME}/$(basename ${1}).${today}.enc" 329 | gpg --armor --encrypt \ 330 | --output "${output}" \ 331 | -r "0xFF00000000000000" \ 332 | -r "yubikey@example" \ 333 | "${1}" && echo "${1} -> ${output}" } 334 | 335 | function f { 336 | find . -iname "*${1}*" } 337 | 338 | function fail { 339 | tput setaf 1 ; printf "ERROR: %s\n" "${1}" ; tput sgr0 } 340 | 341 | function fd { 342 | find . -iname "*${1}*" -type d } 343 | 344 | function firefoxHistory { 345 | sqlite3 "${1:=places.sqlite}" ".mode line" \ 346 | "select title, url, datetime(last_visit_date/1000000, 'unixepoch') \ 347 | as visit from moz_places order by last_visit_date desc;" } 348 | 349 | function length { 350 | awk -S -v len="${1:=80}" 'length($0) > len' } 351 | 352 | function lock { 353 | date 354 | xhost &>/dev/null || return 355 | (sleep 1 ; slock) 2>/dev/null & 356 | sleep 1 ; systemctl suspend } 357 | 358 | function log { 359 | jq -c -n --arg t "$(date +%s)" --arg e "${1}" --arg m "${2}" \ 360 | '{"time": $t, "event": $e, "message": $m}' } 361 | 362 | function md { 363 | mkdir -p "${1:-${today}}" && cd "${1:-${today}}" } 364 | 365 | function mem { 366 | ps -eo rss,pid,euser,args:100 --sort "%mem" | grep -i "${@}" | \ 367 | awk -S '{printf $1/1024 "MB"; $1=""; print }' } 368 | 369 | function myip { 370 | curl -s "https://icanhazip.com/" || \ 371 | curl -s "https://am.i.mullvad.net/ip" || \ 372 | dig @resolver1.opendns.com ANY myip.opendns.com +short } 373 | 374 | function pdf { 375 | mupdf -r 180 -C FDF6E3 "${1}" } 376 | 377 | function percentDiff { 378 | printf "%s%% diff between %s and %s\n" \ 379 | $(awk -S -v x="${1}" -v y="${2}" "BEGIN { print (y-x)/x * 100 }") \ 380 | "${1}" "${2}" } 381 | 382 | function png2jpg { 383 | for png in $(find . -type f -name "*.png") ; do 384 | image="${png%.*}" 385 | convert "${image}.png" "${image}.jpg" ; done } 386 | 387 | function pong { 388 | ping -D -c5 -i.1 "${1:-1.1.1.1}" } 389 | 390 | function newlineToComma { 391 | sed -z 's/\n/,/g' ${1} } 392 | 393 | function noComment { 394 | grep -ve "^#" "${1}" } 395 | 396 | function nonlocal { 397 | egrep -ve "^#|^255.255.255.255|^127.|^0.|^::1|^ff..::|^fe80::" "${1}" | \ 398 | egrep -e "[1,2]|::" } 399 | 400 | function nxdomains { 401 | for x in $(${ROOT} grep NXDOMAIN /var/log/dnsmasq | \ 402 | awk '{print $6}' | sort | uniq) ; do printf "0.0.0.0 $x\n" ; done } 403 | 404 | function pass { 405 | LC_ALL=C tr -dc "A-Z2-9" < /dev/urandom | \ 406 | tr -d "IOS5U7T" | \ 407 | fold -w ${PASS_FOLD:-4} | \ 408 | paste -sd ${PASS_DELIM:--} - | \ 409 | head -c ${PASS_LENGTH:-29} 410 | echo } 411 | 412 | function rand { 413 | for item in \ 414 | '[:digit:]' '[:upper:]' \ 415 | '[:xdigit:]' '[:alnum:]' '[:graph:]' ; do \ 416 | LC_ALL=C tr -dc "${item}" < /dev/urandom | \ 417 | fold -w 64 | head -n 3 | \ 418 | sed "-es/./ /"{1..64..16} ; done } 419 | 420 | function randMac { 421 | openssl rand -hex 6 | sed "s/\(..\)/\1:/g; s/.$//" } 422 | 423 | function resizeFirefox { 424 | xdotool windowsize \ 425 | $(xdotool search --name firefox | tail -n1) 1366 768 } 426 | 427 | function reveal { 428 | output=$(echo "${1}" | rev | cut -c16- | rev) 429 | gpg --decrypt --output ${output} "${1}" \ 430 | && echo "${1} -> ${output}" } 431 | 432 | function rs { 433 | rsync --verbose --archive --human-readable \ 434 | --progress --stats --ipv4 --compress \ 435 | --log-file=$(mktemp) "${@}" } 436 | 437 | function secret { 438 | output="${HOME}/$(basename ${1}).${today}.enc" 439 | gpg --armor --symmetric \ 440 | --output ${output} \ 441 | "${1}" && echo "${1} -> ${output}" } 442 | 443 | function sortAddr { 444 | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n "${@}" } 445 | 446 | function sortLength { 447 | awk -S '{print length, $0}' | sort -n | cut -d " " -f2- } 448 | 449 | function srl { 450 | doas cu -r -s 115200 -l cuaU0 2>/dev/null || \ 451 | sudo minicom -D /dev/ttyUSB0 2>/dev/null || \ 452 | printf "serial console disconnected\n" } 453 | 454 | function stringLower { 455 | printf "${1}" | tr '[:upper:]' '[:lower:]' | tr -d ':' } 456 | 457 | function topHistory { 458 | history 1 | awk -S '{CMD[$2]++;count++;}END { 459 | for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a;}' | \ 460 | column -c3 -s " " -t | sort -nr | nl | head -n25 } 461 | 462 | function topSize { 463 | du -hd1 . | awk '{printf "%s %08.2f\t%s\n", 464 | index("KMG", substr($1, length($1))), 465 | substr($1, 0, length($1)-1), $0}' | 466 | sort -r | cut -f2,3 } 467 | 468 | function username { # "username 8" - generate 8 usernames 469 | for i in {1..${1}} ; do 470 | printf "%s%s\n" \ 471 | "$(awk -S 'length > 2 && length < 12 {print(tolower($0))}' \ 472 | /usr/share/dict/words | grep -v "'" | sort -R | head -n2 | \ 473 | tr "\n" "_" | iconv -f utf-8 -t ascii//TRANSLIT)" \ 474 | "$(tr -dc "[:digit:]" < /dev/urandom | fold -w 4 | head -1)" 475 | done } 476 | 477 | function versionFirefox { 478 | curl "https://www.firefox.com/en-US/firefox/notes/" -v 2>&1 | \ 479 | grep "location" | sed 's/.*firefox.//g' | sed 's/.release.*//g' } 480 | 481 | function versionThunderbird { 482 | curl "https://www.thunderbird.net/en-US/thunderbird/releases/atom.xml" -v 2>&1 | \ 483 | grep "releasenotes" | sed 's/.*thunderbird.//g' | sed 's/.release.*//g' | \ 484 | uniq | head -1 } 485 | 486 | function vpn { 487 | ssh -C -N -L 5555:127.0.0.1:8118 vpn } 488 | 489 | function zshaddhistory { 490 | whence "${${(z)1}[1]}" >| /dev/null || return 1 491 | local line cmd 492 | line=${1%%$'\n'} 493 | cmd=${line%% *} 494 | [[ ${#line} -ge 5 \ 495 | && ${cmd} != (apm|apt-cache|b|base64|bzip2|cal|calc|cat|cd|chmod|convert|cp|curl|cvs|date|df|dig|dimages|disklabel|dmesg|doas|download|du|e|egrep|enc|ent|et|exiftool|f|fdisk|feh|ffplay|file|firejail|gimp|git|gpg|grep|hdiutil|head|hostname|ifconfig|kill|less|libreoffice|lp|ls|mail|make|man|mem|mkdir|mnt|mount|mpv|mv|myip|nc|nvtop|openssl|patch|pdf|pdfinfo|pgrep|ping|pkg_info|pkill|proc|ps|pylint|rand|rand_pass|rm|rsync|scp|screenfetch|scrot|set|sha256|secret|sort|srm|ssh|ssh-keygen|startx|stat|strip|sudo|sysctl|tar|tmux|top|umount|uname|unzip|upload|uptime|useradd|vlc|vi|vim|wc|wget|which|whoami|whois|wireshark|xclip|xxd|ykman|yt|./pwd.sh|./purse.sh) 496 | ]] 497 | } 498 | 499 | function zzz { 500 | /usr/sbin/zzz 2>/dev/null || \ 501 | systemctl suspend } 502 | 503 | function distanceKmToMi { 504 | printf "%s km is %s mi\n" "${1:-100}" \ 505 | $(awk -S -v f="${1:-100}" \ 506 | 'BEGIN { printf "%.2f\n", f*0.6214 }') } 507 | 508 | function distanceMiToKm { 509 | printf "%s mi is %s km\n" "${1:-100}" \ 510 | $(awk -S -v f="${1:-100}" \ 511 | 'BEGIN { printf "%.2f\n", f*1.609344 }') } 512 | 513 | function tempCtoF { 514 | printf "%sc is %sf\n" "${1:-100}" \ 515 | $(awk -S -v c="${1:-100}" \ 516 | 'BEGIN { printf "%.2f\n", (c*9/5)+32 }') } 517 | 518 | function tempFtoC { 519 | printf "%sf is %sc\n" "${1:-100}" \ 520 | $(awk -S -v f="${1:-100}" \ 521 | 'BEGIN { printf "%.2f\n", (f-32)*5/9 }') } 522 | 523 | function volumeFlozToMl { 524 | printf "%s fl oz is %s ml\n" "${1:-100}" \ 525 | $(awk -S -v f="${1:-100}" \ 526 | 'BEGIN { printf "%.2f\n", f*28.413 }') } 527 | 528 | function weightKgToLbg { 529 | printf "%s kg is %s lb\n" "${1:-100}" \ 530 | $(awk -S -v f="${1:-100}" \ 531 | 'BEGIN { printf "%.2f\n", f*2.2046226218 }') } 532 | 533 | function weightLbToKg { 534 | printf "%s lb is %s kg\n" "${1:-100}" \ 535 | $(awk -S -v f="${1:-100}" \ 536 | 'BEGIN { printf "%.2f\n", f*0.45359237 }') } 537 | 538 | function path { 539 | if [[ -d "${1}" ]] ; then 540 | if [[ -z "${PATH}" ]] ; then 541 | export PATH="${1}" 542 | else 543 | export PATH="${PATH}:${1}" 544 | fi 545 | fi 546 | } 547 | 548 | export PATH="" 549 | path "/usr/local/sbin" 550 | path "/usr/local/bin" 551 | path "/usr/sbin" 552 | path "/usr/bin" 553 | path "/sbin" 554 | path "/bin" 555 | path "/usr/local/go/bin" 556 | #path "${HOME}/.local/bin" 557 | #path "${HOME}/.docker/bin/" 558 | #path "/opt/homebrew/bin" 559 | #path "/usr/games" 560 | #path "/usr/X11R6/bin" 561 | 562 | #export PASS_DELIM="-" 563 | #export PASS_FOLD=6 564 | #export PASS_LENGTH=34 565 | 566 | #export PWDSH_CLIP="xclip" 567 | #export PWDSH_CLIP_ARGS="-i -selection clipboard" 568 | #export PWDSH_DEST="screen" 569 | #export PWDSH_TIME=5 570 | #export PWDSH_COMMENT="pwd.sh ${HOST} ${today}" 571 | #export PWDSH_DAILY=1 572 | #export PWDSH_COPY=1 573 | #export PWDSH_ECHO="*" 574 | #export PWDSH_LEN=20 575 | #export PWDSH_SAFE="safe" 576 | #export PWDSH_INDEX="pwd.index" 577 | #export PWDSH_BACKUP="pwd.${HOST}.${today}.${ts}.tar" 578 | #export PWDSH_CHARS="A-Z0-9!?" 579 | #export PWDSH_PEPPER="${HOME}/pwd.pepper" 580 | 581 | #export PURSE_CLIP=${PWDSH_CLIP} 582 | #export PURSE_CLIP_ARGS=${PWDSH_CLIP_ARGS} 583 | #export PURSE_DEST=${PWDSH_DEST} 584 | #export PURSE_TIME=${PWDSH_TIME} 585 | #export PURSE_COMMENT="purse ${HOST} ${today}" 586 | #export PURSE_DAILY=${PWDSH_DAILY} 587 | #export PURSE_COPY=${PWDSH_COPY} 588 | #export PURSE_ECHO=${PWDSH_ECHO} 589 | #export PURSE_LEN=${PWDSH_LEN} 590 | #export PURSE_SAFE=${PWDSH_SAFE} 591 | #export PURSE_INDEX="purse.index" 592 | #export PURSE_BACKUP="purse.${HOST}.${today}.${ts}.tar" 593 | #export PURSE_CHARS=${PWDSH_CHARS} 594 | #export PURSE_ENCIX=1 595 | 596 | #export HOMEBREW_CASK_OPTS=--require-sha 597 | #export HOMEBREW_NO_ANALYTICS=1 598 | #export HOMEBREW_NO_AUTO_UPDATE=1 599 | #export HOMEBREW_NO_INSECURE_REDIRECT=1 600 | 601 | #export VAULT_ADDR="http://127.0.0.1:8200" 602 | #export VAULT_ADDR="https://vault.local:8200" 603 | 604 | #export GNUPGHOME="${HOME}/.gnupg" 605 | #export GPG_TTY="$(tty)" 606 | #export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) 607 | #gpgconf --launch gpg-agent 608 | #gpg-connect-agent updatestartuptty /bye >/dev/null 609 | 610 | # https://github.com/drduh/gone 611 | export gone_proto="http" 612 | export gone_host="127.0.0.1" 613 | export gone_port="8080" 614 | export gone_auth="mySecret" 615 | export gone_header="X-Auth" 616 | export gone_server="${gone_proto}://${gone_host}:${gone_port}" 617 | export gone_cmd="curl -s -H '${gone_header}: ${gone_auth}' ${gone_server}" 618 | 619 | alias goneList="${gone_cmd}/list | jq" 620 | alias goneStat="${gone_cmd}/heartbeat | jq" 621 | alias goneStatic="${gone_cmd}/static | jq" 622 | alias goneRandom="${gone_cmd}/random/" 623 | alias goneRandomCoin="${gone_cmd}/random/coin" 624 | alias goneRandomNumber="${gone_cmd}/random/number" 625 | 626 | function gonePut { 627 | curl -s -F "file=@${1}" -F "downloads=${2:-3}" -F "duration=${3:-20m}" \ 628 | -H "${gone_header}: ${gone_auth}" "${gone_server}/upload" | jq} 629 | 630 | function goneGet { 631 | curl -s -H "${gone_header}: ${gone_auth}" \ 632 | "${gone_server}/download/${1}" } 633 | 634 | function goneMsg { 635 | curl -s -H "${gone_header}: ${gone_auth}" \ 636 | -F "message=${1}" "${gone_server}/msg" } 637 | --------------------------------------------------------------------------------