update README.org

It's cleaner for the moment. I'll probably regret this when comitting
to guix for multiple machines. I.e. slightly different configs for
different hardware configurations.

.config/sway/config

@@ -32,9 +32,15 @@ floating_modifier $mod
 bindsym $mod+Shift+q kill
 bindsym $mod+Shift+x exit
 bindsym $mod+Shift+r reload
-bindsym $mod+r resize
+# bindsym $mod+r resize
+bindsym $mod+r mode "resize"
 
-bindsym $mod+Shift+Return exec foot
+bindsym $mod+Shift+Return exec kitty
+
+# change container layout (stacked, tabbed, toggle split)
+bindsym $mod+s layout stacking
+bindsym $mod+w layout tabbed
+bindsym $mod+e layout toggle split
 
 # use vim keys for window movement
 bindsym $mod+h focus left
@@ -59,7 +65,7 @@ bindsym $mod+Shift+k move up 30 px
 bindsym $mod+Shift+l move right 30 px
 
 # split in horizontal orientation
-bindsym $mod+s split h
+# bindsym $mod+s split h
 
 # split in vertical orientation
 bindsym $mod+v split v
@@ -67,10 +73,6 @@ bindsym $mod+v split v
 # enter fullscreen mode for the focused container
 bindsym $mod+f fullscreen toggle
 
-# change container layout (stacked, tabbed, toggle split)
-# bindsym $mod+s layout stacking
-bindsym $mod+w layout tabbed
-
 # toggle tiling / floating
 bindsym $mod+Shift+f floating toggle
 
@@ -113,10 +115,11 @@ set $ws8 "8 "
 # linux - less often used terminals for background processes
 set $ws9 "9 "
 
-assign [class="^Firefox$"] $ws1
-assign [class="^DebugScreen"] $ws3
-assign [class="^Thunderbird$"] $ws4
-assign [class=".*ee.*ass.*"] $ws8
+# find application info with =swaymsg -t get_tree=
+assign [app_id="firefox"] $ws1
+assign [class="Emacs"] $ws2
+assign [title="^DebugScreen"] $ws3
+assign [app_id="org.keepassxc.KeePassXC"] $ws8
 
 # Move specific workspaces to outputs
 workspace $ws0 output $laptop
@@ -138,8 +141,8 @@ bindsym $mod+4 workspace $ws4
 bindsym $mod+5 workspace $ws5
 bindsym $mod+6 workspace 6
 bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace $WS8
-bindsym $mod+9 workspace $WS9
+bindsym $mod+8 workspace $ws8
+bindsym $mod+9 workspace $ws9
 bindsym $mod+0 workspace 10
 
 # Move focused container to workspace
@@ -151,8 +154,8 @@ bindsym $mod+Shift+4 move container to workspace $ws4
 bindsym $mod+Shift+5 move container to workspace $ws5
 bindsym $mod+Shift+6 move container to workspace 6
 bindsym $mod+Shift+7 move container to workspace 7
-bindsym $mod+Shift+8 move container to workspace $WS8
-bindsym $mod+Shift+9 move container to workspace $WS9
+bindsym $mod+Shift+8 move container to workspace $ws8
+bindsym $mod+Shift+9 move container to workspace $ws9
 bindsym $mod+Shift+0 move container to workspace 10
 
 # Bind hotkeys for brightness and volume
@@ -160,6 +163,30 @@ bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
 bindsym --locked XF86MonBrightnessUp exec brightnessctl set 5%+
 bindsym --locked $mod+p exec playerctl play-pause
 
+# resize window (you can also use the mouse for that)
+mode "resize" {
+    # These bindings trigger as soon as you enter the resize mode
+
+    # Pressing left will shrink the window’s width.
+    # Pressing right will grow the window’s width.
+    # Pressing up will shrink the window’s height.
+    # Pressing down will grow the window’s height.
+    bindsym j resize shrink width 10 px or 10 ppt
+    bindsym i resize grow height 10 px or 10 ppt
+    bindsym k resize shrink height 10 px or 10 ppt
+    bindsym l resize grow width 10 px or 10 ppt
+
+    # same bindings, but for the arrow keys
+    bindsym Left resize shrink width 10 px or 10 ppt
+    bindsym Down resize grow height 10 px or 10 ppt
+    bindsym Up resize shrink height 10 px or 10 ppt
+    bindsym Right resize grow width 10 px or 10 ppt
+
+    # back to normal: Enter or Escape
+    bindsym Return mode "default"
+    bindsym Escape mode "default"
+}
+
 # Screenshots
 bindsym Print exec grimshot --notify save output
 bindsym Alt+Print exec grimshot --notify save area
@@ -176,6 +203,7 @@ exec swayidle -w \
 	resume 'swaymsg "output * dpms on"' \
   before-sleep $lock
 
+bindsym Ctrl+Shift+L exec $lock
 # Window rules
 #for_window [title="Firefox — Sharing Indicator"] kill
 for_window [title=".* - mpv$"] floating enable, sticky enable
@@ -186,7 +214,10 @@ exec mako --border-radius=2 --font="Iosevka ss08 10" --max-visible=5 --outer-mar
 exec nm-applet --indicator
 exec udiskie -t
 exec gammastep-indicator -l 50.8643:12.1124 -t 6500:3500 -b 1.0:0.7
+
 exec emacs
+exec firefox
+exec keepassxc
 
 # Set GNOME settings (requires "glib:bin" in Guix)
 exec gsettings set org.gnome.desktop.interface gtk-theme "Matcha-dark-azul"

.config/waybar/config

@@ -1,13 +1,15 @@
 {
     "layer": "bottom",
     "position": "bottom",
-    "height": 24,
+    "height": 20,
 
     // maybe take another look at e.g. https://gitlab.com/wef/dotfiles/-/blob/master/.config/waybar/config
+    // https://github.com/Alexays/Waybar/wiki/Configuration
+    // https://github.com/Alexays/Waybar/wiki/Examples
 
     "modules-left": ["sway/workspaces", "sway/mode"],
-    "modules-center": ["timer", "custom/disk_root", "custom/disk_home", "network"],
-    "modules-right": ["tray", "cpu", "memory", "battery", "clock"],
+    "modules-center": [ "custom/disk_root", "network"],
+    "modules-right": [ "memory", "tray", "battery", "clock", ],
     "sway/mode": {
         "format": " {}"
     },
@@ -16,7 +18,7 @@
         "disable-scroll": true
     },
     "clock": {
-        "format": "{:%b %d %H:%M %p W%U}",
+        "format": "{:%b %d %H:%M KW%U}",
         "tooltip": false
     },
     "battery": {
@@ -62,8 +64,8 @@
 	"exec": "notmuch count tag:flagged OR tag:inbox AND NOT tag:killed"
     },
     "network": {
-	"family": "ipv6",
-	// "interface": "wlp2*", // (Optional) To force the use of this interface
+	// "family": "ipv6",
+	"interface": "wlp3*", // (Optional) To force the use of this interface
 	"format-wifi": "<span color='#589df6'></span> <span color='gray'>{essid}</span> {frequency} <span color='#589df6'>{signaldBm} dB</span> <span color='#589df6'>⇵</span> {bandwidthUpBits}/{bandwidthDownBits}",
 	"format-ethernet": "{ifname}: {ipaddr}/{cidr} ",
 	"format-linked": "{ifname} (No IP) ",
@@ -71,12 +73,12 @@
 	"format-alt": "{ifname}: {ipaddr}/{cidr}",
 	"interval": 5
     },
-    "timer": {
-        "interval": 1,
-        "exec": "~/.config/waybar/timer.sh",
-        "exec-if": "pgrep emacs",
-        "escape": true
-    },
+    //"timer": {
+    //    "interval": 1,
+    //    "exec": "~/.config/waybar/timer.sh",
+    //    "exec-if": "pgrep emacs",
+    //    "escape": true
+    //},
     "idle_inhibitor": {
         "format": "{icon}",
         "format-icons": {

README.org

@@ -1,8 +1,13 @@
 * fschl dotfiles
 
-My personal computing environment.
+part of my personal computing environment. mainly contains
+configuration files for sway, some useful addons and system tools
+(git, terminal, ssh, backup). This repository also has some notes on
+security considerations when setting up a Linux system.
 
-** Features
+The relevant things for my workflows can be found in [[https://git.fschl-co.de/fschl/emacs]].
+
+** (future) Features
 
    - reproducable machine setup (GNU Guix)
    - keyboard-based environment (Sway wm)
@@ -25,33 +30,38 @@ My personal computing environment.
 
 *** SSH key generation
 
-     #+BEGIN_SRC bash
-       # ED25519 keys are favored over RSA keys when backward compatibility ''is not required''.
-       # This is only compatible with OpenSSH 6.5+ and fixed-size (256 bytes).
-       $ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_host_$(date +%Y-%m-%d) -C "Key to HOST for user-xyz"
+ED25519 keys are favored over RSA keys when backward compatibility ''is not required''.
+This is only compatible with OpenSSH 6.5+ and fixed-size (256 bytes).
 
-       # Fallback for really old systems (why do you still have those??)
-       # RSA keys are favored over ECDSA keys when backward compatibility ''is required'',
-       # thus, newly generated keys are always either ED25519 or RSA (NOT ECDSA or DSA).
-       $ ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa_host_$(date +%Y-%m-%d) -C "Key to HOST for user-xyz"
+#+BEGIN_SRC bash
+  $ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_host_$(date +%Y-%m-%d) -C "Key to HOST for user-xyz"
+#+END_SRC
 
-       $ ssh-copy-id -i ~/.ssh/<file>.pub -p 22 user@host
-     #+END_SRC
+Fallback for really old systems (why do you still have those??) RSA
+keys are favored over ECDSA keys when backward compatibility ''is
+required'', thus, newly generated keys are always either ED25519 or
+RSA (NOT ECDSA or DSA).
+
+#+BEGIN_SRC bash
+  $ ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa_host_$(date +%Y-%m-%d) -C "Key to HOST for user-xyz"
+
+  $ ssh-copy-id -i ~/.ssh/<file>.pub -p 22 user@host
+#+END_SRC
 
 *** GnuPG
 
- - https://wiki.mozilla.org/Security/Key_Management
- - https://keyring.debian.org/creating-key.html
- - https://wiki.debian.org/Subkeys
+- https://wiki.mozilla.org/Security/Key_Management
+- https://keyring.debian.org/creating-key.html
+- https://wiki.debian.org/Subkeys
 
-  ~~/.gnupg/gpg.conf~:
-     
-  #+BEGIN_SRC bash
-  personal-digest-preferences SHA512 SHA384
-  cert-digest-algo SHA256
-  default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed
-  keyid-format 0xlong
-  #+END_SRC
+ ~~/.gnupg/gpg.conf~:
+
+ #+BEGIN_SRC bash
+ personal-digest-preferences SHA512 SHA384
+ cert-digest-algo SHA256
+ default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed
+ keyid-format 0xlong
+ #+END_SRC
 
 *** Backup Secure Keys
 
@@ -86,19 +96,26 @@ My personal computing environment.
    - [ ] move to ansible for easier modularization of setup
    - [ ] OR: give GUIX a shot
 
-** Moving to Arch
+** Notes on Arch
 
    - official repository setup: https://wiki.archlinux.org/title/Official_repositories#multilib
      - ~multiplib~ is required for wine
    - Sound troubleshooting: https://wiki.archlinux.org/title/Advanced_Linux_Sound_Architecture/Troubleshooting#HDMI
    - Skype, VSCode: use ~yay~
 
+** TODO Fedora
+
+- fedora project
+- different Desktop/Workstation spins (Gnome, KDE, sway...)
+- =dnf= package manager, install updates on reboot
+- "Atomic Desktop", uses Fedora/RedHat CoreOS with rpm-ostree + flatpaks
+
 ** NEXT Moving to Guix
 
 - btrfs for snapshots, easier backups
 - encrypted =/boot= + =/home= partitions
-- separate subvolumes for =/gnu=, =var=, =swap=
-  
+- separate subvolumes for =/gnu=, =/var=, =swap=
+
 - [ ] MOVE: https://www.draketo.de/software/package-guix.html
 
 *** Disk partitioning
@@ -118,3 +135,18 @@ convert multiple .png files into multipage pdf with downscaling
           -extent 1240x1753 -gravity center \
           -units PixelsPerInch -density 150x150 multipage.pdf
 #+end_src
+
+lower resolution:
+#+begin_src bash
+  convert filePrefix*.png -resize 620x876 \
+          -extent 629x876 -gravity center \
+          -units PixelsPerInch -density 100x100 multipage.pdf
+#+end_src
+
+combine multiple pdf file into one multipage file
+#+begin_src sh
+  gs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=result.pdf sourceFilePrefix-*.pdf
+#+end_src
+
+I read the answer like ImageMagick uses ghostscript internally.
+source: https://stackoverflow.com/questions/14738911/imagemagick-combine-2-generated-pdfs-into-1-multi-page-file

publish.el

@@ -1,126 +0,0 @@
-(require 'package)
-(setq package-archives '(("melpa" . "https://melpa.org/packages/")
-                         ("elpa" . "https://elpa.gnu.org/packages/")))
-
-(package-initialize)
-(unless package-archive-contents
-  (package-refresh-contents))
-
-(setq org-export-with-broken-links 'mark)
-
-(package-install 'htmlize)
-(require 'htmlize)
-
-(package-install 'simple-httpd)
-(package-install 'websocket)
-(package-install 'org-roam)
-(package-install 'org-roam-ui)
-(package-install 'f)
-
-(require 'org-roam)
-(require 'org-roam-ui)
-(require 'ox-publish)
-
-(setq org-export-html-coding-system 'utf-8-unix)
-(setq org-html-doctype "html5")
-(defvar fschlde-html-head "<link type='text/css' rel='stylesheet' href='../css/plain.css'>")
-(setq fschlde-html-footer " <footer>\nfschl.de 2018-2023\n</footer>")
-
-;; following two funcs are taken from
-;; https://www.orgroam.com/manual.html#How-do-I-publish-my-notes-with-an-Internet_002dfriendly-graph_003f
-;; sitemap function for my roam-publish
-(defun roam-sitemap (title list)
-  (concat "#+OPTIONS: ^:nil author:nil html-postamble:nil\n"
-          "#+SETUPFILE: ./simple_inline.theme\n"
-          "#+HTML_HEAD_EXTRA: <link rel=\"stylesheet\" type=\"text/css\" href=\"../css/plain.css\" />\n"
-          "#+TITLE: " title "\n\n"
-          (org-list-to-org list) "\nfile:sitemap.svg"))
-
-(setq my-publish-time 0)   ; see the next section for context
-
-;; 
-(defun roam-publication-wrapper (plist filename pubdir)
-  (org-roam-graph)
-  (org-html-publish-to-html plist filename pubdir)
-  (setq my-publish-time (cadr (current-time))))
-
-(defun org-roam-custom-link-builder (node)
-  (let ((file (org-roam-node-file node)))
-    (concat (file-name-base file) ".html")))
-
-(setq org-roam-graph-link-builder 'org-roam-custom-link-builder)
-
-(add-hook 'org-roam-graph-generation-hook
-          (lambda (dot svg) (if (< (- (cadr (current-time)) my-publish-time) 5)
-                                (progn (copy-file svg "~/projects/blog-fschlde/pkb/sitemap.svg" 't)
-                                       (kill-buffer (file-name-nondirectory svg))
-                                       (setq my-publish-time 0)))))
-
-
-(setq org-publish-project-alist
-      '(("website"
-         :components ("org-journal", "project-notes", "org-sites", "blog-rss",  "blog-images"))
-        ("org-journal"
-         :base-directory "~/Documents/Org/"
-         :base-extension "org"
-         :publishing-directory "~/projects/blog-fschlde/reads/"
-         :recursive nil
-         :publishing-function org-html-publish-to-html
-
-         :headline-levels 4
-         :with-author t
-         :with-creator nil
-         :with-date t
-
-         :with-toc t
-         :with-drawers nil
-
-         :html-link-home "/"
-         :html-head nil ;; cleans up anything that would have been in there.
-         ;; :html-head-extra ,my-blog-extra-head
-         :html-head-include-default-style nil
-         :html-head-include-scripts nil
-
-         ;; :html-preamble my-blog-header
-         ;; :html-postamble ,my-blog-footer
-         )
-        ("project-notes"
-         :base-directory "~/projects/"
-         :base-extension "org"
-         :publishing-directory "~/projects/blog-fschlde/projects/"
-         :recursive nil
-         :publishing-function org-html-publish-to-html
-         :headline-levels 4)
-        ("org-sites"
-         :base-directory "~/projects/fschlde-static/"
-         :base-extension "org\\|css\\|js\\|ico\\|png\\|html"
-         :publishing-directory "~/projects/blog-fschlde/"
-         :recursive t
-         :publishing-function org-publish-attachment
-
-         :html-link-home "/"
-         ;; :html-head ,fschlde-html-head ;; cleans up anything that would have been in there.
-         :html-head-include-default-style nil
-         :html-head-include-scripts nil
-         :with-drawers nil
-         :with-creator nil
-
-         ;; :html-head-extra fschlde-html-head
-         ;; :html-postamble fschlde-html-footer
-         :headline-levels 4)
-        ("roam"
-         :base-directory "~/org-roam/"
-         :auto-sitemap t
-         :recursive nil
-         :base-extension "org"
-         :exclude ".stversions/\\|.stfolder"
-         :sitemap-function roam-sitemap
-         :sitemap-title "Roam Notes"
-         :style "<link rel=\"stylesheet\" href=\"../css/plain.css\" type=\"text/css\">"
-         :publishing-function roam-publication-wrapper
-         :publishing-directory "~/projects/fschlde-static/pkb/"
-         :section-number nil
-         :table-of-contents t
-         )
-        )
-      )

scripts/quicktinc.sh

@@ -1,155 +0,0 @@
-#!/bin/bash
-
-# from https://github.com/j3k0/quicktinc
-
-set -e
-
-IMAGE="fschl/tinc"
-
-function usage() {
-    echo "
-Usage:
-    $0 run --net=<network> - start a container for $network with existing configuration
-
-or create configuration with:
-
-    $0 init [OPTIONS]
-
-Options:
-    --net=NET_NAME           Network name (required)
-    --node=NODE_NAME         Node name (required)
-    --public-ip=PUBLIC_IP    Node's public IP (required)
-    --private-ip=PRIVATE_IP  Node's private IP (required)
-    --connect-to=HOST        Name of another node (optional, repeatable)
-    --interface=tun0         Network interface to create (optional, default=tun0)
-    --config=/etc/tinc       Where to save tinc networks (optional, default=/etc/tinc)
-    --up                     Also start the daemon
-
-Example:
-    $0 --net=demonet --node=node23 --public-ip=8.9.10.11 --private-ip=10.0.0.23 --connect-to=node1 --connect-to=node2
-    $0 -n=demonet -o=node23 -p=8.9.10.11 -v=10.0.0.23 -c=node1 -c=node2
-
-Report bugs to <https://github.com/j3k0/quicktinc>
-"
-    exit 1
-}
-
-function parse_args() {
-    for i in "$@"
-    do
-        case $i in
-            -n=*|--net=*)
-                NET_NAME="${i#*=}"
-                shift # past argument=value
-                ;;
-            -o=*|--node=*)
-                NODE_NAME="${i#*=}"
-                shift # past argument=value
-                ;;
-            -v=*|--private-ip=*)
-                PRIVATE_IP="${i#*=}"
-                shift # past argument=value
-                ;;
-            -p=*|--public-ip=*)
-                PUBLIC_IP="${i#*=}"
-                shift # past argument=value
-                ;;
-            -c=*|--connect-to=*)
-                CONNECT_TO="$CONNECT_TO ${i#*=}"
-                shift # past argument=value
-                ;;
-            -i=*|--interface=*)
-                INTERFACE="${i#*=}"
-                shift # past argument=value
-                ;;
-            -C=*|--config=*)
-                TINC_HOME="${i#*=}"
-                shift # past argument=value
-                ;;
-            *)
-                # unknown option
-                usage
-                ;;
-        esac
-    done
-
-    if [ "_$NET_NAME" = "_" ]; then usage; fi
-    if [ "_$NODE_NAME" = "_" ]; then usage; fi
-    if [ "_$PRIVATE_IP" = "_" ]; then usage; fi
-    if [ "_$PUBLIC_IP" = "_" ]; then usage; fi
-
-    if [ "_$INTERFACE" = "_" ]; then
-        INTERFACE=tun0
-    fi
-
-    if [ "_$TINC_HOME" = "_" ]; then
-        TINC_HOME=/etc/tinc
-    fi
-}
-
-function tinc() {
-    docker run --rm --net=host --device=/dev/net/tun --cap-add NET_ADMIN --volume $TINC_HOME:/etc/tinc $IMAGE -n $NET_NAME "$@"
-}
-
-init_node() {
-    # Initialize configuration file
-    tinc init $NODE_NAME
-
-    # Setup host file
-    # Declare public and private IPs in the host file, CONFIG/NET/hosts/HOST
-    echo "Address = $PUBLIC_IP" >> $TINC_HOME/$NET_NAME/hosts/$NODE_NAME
-    echo "Subnet = $PRIVATE_IP/32" >> $TINC_HOME/$NET_NAME/hosts/$NODE_NAME
-
-    # Tweak the config to add our particular setup
-    tinc add AddressFamily ipv4
-    tinc add Device /dev/net/tun
-    tinc add Interface $INTERFACE
-    if [ "_$CONNECT_TO" != "_" ]; then
-        for i in $CONNECT_TO; do
-            tinc add ConnectTo $i
-        done
-    fi
-
-    # Edit the tinc-up script
-    cat << EOF > $TINC_HOME/$NET_NAME/tinc-up
-#!/bin/sh
-ifconfig \$INTERFACE $PRIVATE_IP netmask 255.255.255.0
-EOF
-
-    cat << EOF > $TINC_HOME/$NET_NAME/tinc-down
-#!/bin/sh
-ifconfig \$INTERFACE down
-EOF
-
-    chmod +x $TINC_HOME/$NET_NAME/tinc-up
-    chmod +x $TINC_HOME/$NET_NAME/tinc-down
-}
-
-run_container() {
-    NAME=tinc_$NET_NAME_$NODE_NAME
-    docker run -d --restart=always --name=$NAME --net=host --device=/dev/net/tun --cap-add NET_ADMIN --volume $TINC_HOME:/etc/tinc $IMAGE -n $NET_NAME start -D
-    echo "Docker container started with name: $NAME"
-}
-
-
-main() {
-    local cmd=$1
-    shift
-
-    if [[ -z "$cmd" ]]; then
-        usage
-    fi
-
-    case "$cmd" in
-        init)
-            parse_args $@
-            init_node
-            ;;
-        run)
-            parse_args $@
-            run_container
-            ;;
-    esac
-}
-
-main "$@"