diff --git a/.requirements/configure.mk b/.requirements/configure.mk index 79288532..c5d7376d 100644 --- a/.requirements/configure.mk +++ b/.requirements/configure.mk @@ -2,6 +2,9 @@ .PHONY: configure.harden configure.harden: ## Harden local configuration sudo ufw enable || true + sudo ufw allow ssh comment 'ssh' || true + sudo ufw allow proto tcp from 192.168.0.0/24 port 24800 to 192.168.0.0/24 port 24800 comment 'barrier-kvm' || true + sudo ufw allow proto tcp from port 8123 to port 8123 comment 'home-assistant' || true sudo systemctl disable lightdm.service || true sudo systemctl disable lightdm || true sudo systemctl set-default multi-user.target || true diff --git a/.requirements/firefox.txt b/.requirements/firefox.txt index 9e44cc39..8ddb4d9f 100644 --- a/.requirements/firefox.txt +++ b/.requirements/firefox.txt @@ -1,14 +1,25 @@ -https://s3.amazonaws.com/onelogin-downloads/extensions/firefox/onelogin.xpi -https://addons.mozilla.org/firefox/downloads/file/3657084/lastpass_password_manager-4.58.0.4-an+fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3492484/tree_style_tab_-3.3.5-fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3484647/privacy_badger-2020.1.13-an+fx.xpi +# Broken +# https://addons.mozilla.org/firefox/downloads/file/3502765/vimium_ff-1.65.1-fx.xpi +# https://addons.mozilla.org/firefox/downloads/file/3500160/dark_reader-4.8.9-an+fx.xpi # https://addons.mozilla.org/firefox/downloads/file/3474268/ghostery_privacy_ad_blocker-8.4.6-an+fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3498086/ublock_origin-1.24.4-an+fx.xpi + +# Not installed +# https://s3.amazonaws.com/onelogin-downloads/extensions/firefox/onelogin.xpi +# https://addons.mozilla.org/firefox/downloads/file/3657084/lastpass_password_manager-4.58.0.4-an+fx.xpi # https://addons.mozilla.org/firefox/downloads/file/3054598/video_downloadhelper-7.3.7-fx.xpi # https://addons.mozilla.org/firefox/downloads/file/3442258/https_everywhere-2019.11.7-an+fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3500160/dark_reader-4.8.9-an+fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3401561/stylus-1.5.6-fx.xpi +# https://addons.mozilla.org/firefox/downloads/file/3384741/remove_fbclid_and_utm-1.0-fx.xpi + +# Installed +# https://addons.mozilla.org/firefox/downloads/file/3484647/privacy_badger-2020.1.13-an+fx.xpi +# https://addons.mozilla.org/firefox/downloads/file/3498086/ublock_origin-1.24.4-an+fx.xpi # https://addons.mozilla.org/firefox/downloads/file/3495605/noscript_security_suite-11.0.13-an+fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3502765/vimium_ff-1.65.1-fx.xpi # https://addons.mozilla.org/firefox/downloads/file/3401561/stylus-1.5.6-fx.xpi -# https://addons.mozilla.org/firefox/downloads/file/3384741/remove_fbclid_and_utm-1.0-fx.xpi +# https://addons.mozilla.org/firefox/downloads/file/3884195/sidebery-4.10.0-fx.xpi +# https://addons.mozilla.org/firefox/downloads/file/3594370/epubreader-2.0.13-fx.xpi +# https://addons.mozilla.org/firefox/downloads/file/3904618/dark_reader-4.9.45-an+fx.xpi +https://addons.mozilla.org/firefox/downloads/file/3811501/tab_reloader_page_auto_refresh-0.3.7-fx.xpi +https://addons.mozilla.org/firefox/downloads/file/3898202/vimium_ff-1.67.1-fx.xpi +https://addons.mozilla.org/firefox/downloads/file/3907697/firefox_multi_account_containers-8.0.6-fx.xpi +https://addons.mozilla.org/firefox/downloads/file/3723251/temporary_containers-1.9.2-fx.xpi +https://addons.mozilla.org/firefox/downloads/file/3897820/i_dont_care_about_cookies-3.3.6-an+fx.xpi diff --git a/.requirements/lint.mk b/.requirements/lint.mk index 6775c713..2715860f 100644 --- a/.requirements/lint.mk +++ b/.requirements/lint.mk @@ -44,19 +44,30 @@ FIND_FILES_ALL=( \ LINT_SH_ALL=$(FIND_FILES_ALL) | $(XARGS_SHELLCHECK) XARGS_SHELLCHECK = xargs -0 --no-run-if-empty shellcheck --external-sources -AWK_LINT=$(shell command -v awk-lint >/dev/null 2>&1 && echo awk-lint || echo "echo '\n\ta b c\td ef\n\ng' | awk -f") -AWK_FILES=$(shell grep \ - --recursive \ - --files-with-match \ - '^\#!\/usr\/bin\/awk' \ -) +ifneq (,$(wildcard utils/.local/bin/awk-lint)) +AWK_LINT=utils/.local/bin/awk-lint +else ifneq (,$(shell command -v awk-lint 2>/dev/null)) +AWK_LINT=awk-lint +endif .PHONY: lint-awk lint-awk: $(AWK_FILES) - -.PHONY: $(AWK_FILES) -$(AWK_FILES): - @$(AWK_LINT) "$(@)" +ifeq (,$(AWK_LINT)) + @echo "Helper script 'lint-awk' missing; cannot continue." + @exit 1 +else + grep \ + --recursive \ + --binary-files=without-match \ + --files-with-match \ + '^\#!\/usr\/bin\/awk' \ + --null \ + | xargs -0 \ + -n 1 \ + --no-run-if-empty \ + $(AWK_LINT) \ + ; +endif .PHONY: lint lint: lint-awk ## Run the linter against all files diff --git a/shells/.config/ssh/config b/shells/.config/ssh/config index ac8879d5..23a2fbea 100755 --- a/shells/.config/ssh/config +++ b/shells/.config/ssh/config @@ -1,5 +1,6 @@ Include ~/.local/share/ssh/config Host * - IdentityFile ~/.local/share/ssh/keys/id_rsa + AddKeysToAgent yes + IdentityFile ~/.config/ssh/keys/id_rsa UserKnownHostsFile ~/.cache/ssh_known_hosts diff --git a/shells/.config/user-dirs.dirs b/shells/.config/user-dirs.dirs index 1b51271d..570e2d72 100644 --- a/shells/.config/user-dirs.dirs +++ b/shells/.config/user-dirs.dirs @@ -11,8 +11,8 @@ XDG_DESKTOP_DIR="$HOME/.local/share/desktop" XDG_DOWNLOAD_DIR="$HOME/.local/share/downloads" XDG_TEMPLATES_DIR="$HOME/.config/templates" XDG_PUBLICSHARE_DIR="$HOME/.local/share/public" -XDG_DOCUMENTS_DIR="$HOME/media/documents" -XDG_MUSIC_DIR="$HOME/media/audio/music" -XDG_PICTURES_DIR="$HOME/media/pictures" +XDG_DOCUMENTS_DIR="$HOME/library/document" +XDG_MUSIC_DIR="$HOME/library/audio/music" +XDG_PICTURES_DIR="$HOME/library/image" XDG_STATE_HOME="$HOME/.local/var" -XDG_VIDEOS_DIR="$HOME/media/video" +XDG_VIDEOS_DIR="$HOME/library/video" diff --git a/shells/.local/bin/firefox b/shells/.local/bin/firefox new file mode 100755 index 00000000..47f4f43d --- /dev/null +++ b/shells/.local/bin/firefox @@ -0,0 +1,5 @@ +#!/bin/sh +_command=$(command-shadowed -v "${0}") +private_directory="${XDG_CONFIG_HOME:-${HOME}/.config}/mozilla" +[ -d "${private_directory}" ] || mkdir -p "${private_directory}" +firejail --private="${private_directory}" "${_command}" "${@}" diff --git a/shells/.local/bin/thunderbird b/shells/.local/bin/thunderbird new file mode 100755 index 00000000..47f4f43d --- /dev/null +++ b/shells/.local/bin/thunderbird @@ -0,0 +1,5 @@ +#!/bin/sh +_command=$(command-shadowed -v "${0}") +private_directory="${XDG_CONFIG_HOME:-${HOME}/.config}/mozilla" +[ -d "${private_directory}" ] || mkdir -p "${private_directory}" +firejail --private="${private_directory}" "${_command}" "${@}" diff --git a/shells/.local/bin/awk-lint b/utils/.local/bin/awk-lint similarity index 94% rename from shells/.local/bin/awk-lint rename to utils/.local/bin/awk-lint index 914a5fbf..510d25a4 100755 --- a/shells/.local/bin/awk-lint +++ b/utils/.local/bin/awk-lint @@ -1,5 +1,5 @@ #!/bin/sh -set -eau +set -aeu file=${1} echo ' BEGIN {