diff options
| author | Casper <me@skylarcloud.xyz> | 2024-12-18 15:21:28 -0700 |
|---|---|---|
| committer | Casper <me@skylarcloud.xyz> | 2024-12-18 15:21:28 -0700 |
| commit | 1cb78494f3022fe9d808d070507bddf552c64753 (patch) | |
| tree | 5c827daee442e211941bed7cc89decc95f8efbd7 | |
Initial commit, new repo
55 files changed, 1530 insertions, 0 deletions
diff --git a/3isec/3isec-setup.sls b/3isec/3isec-setup.sls new file mode 100644 index 0000000..7e5b8df --- /dev/null +++ b/3isec/3isec-setup.sls @@ -0,0 +1,23 @@ +/etc/pki/rpm-gpg/RPM-GPG-KEY-unman: + file.managed: + - source: salt://keys/RPM-GPG-KEY-unman + - user: root + - group: root + - mode: 777 + +/etc/yum.repos.d/3isec-dom0.repo: + file.managed: + - source: salt://3isec/3isec.repo + - user: root + - group: root + - mode: 777 + +'sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-unman': + cmd.run + +dom0--install-3isec-manager: + pkg.installed: + - pkgs: + - 3isec-qubes-task-manager + + diff --git a/3isec/3isec-setup.top b/3isec/3isec-setup.top new file mode 100644 index 0000000..8b2aee4 --- /dev/null +++ b/3isec/3isec-setup.top @@ -0,0 +1,3 @@ +user: + dom0: + - 3isec.3isec-setup diff --git a/3isec/3isec.repo b/3isec/3isec.repo new file mode 100644 index 0000000..d26827c --- /dev/null +++ b/3isec/3isec.repo @@ -0,0 +1,8 @@ +[3isec-dom0-current] +name = 3isec Qubes Dom0 Repository (updates) +baseurl = https://qubes.3isec.org/rpm/r$releasever/current/dom0/fc37 +skip_if_unavailable=False +enabled = 1 +metadata_expire = 6h +gpgcheck = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-unman diff --git a/README.org b/README.org new file mode 100644 index 0000000..8177d78 --- /dev/null +++ b/README.org @@ -0,0 +1,38 @@ +#+title: README +#+OPTIONS: num:nil toc:nil +* Installation +1. Setup salt user-dirs +2. Clone my repo +3. Move it to dom0 +4. Change your username + There's a variable in //wm/wm-setup.sls/ that you should change to match your username. That file needs to write files to your home directory in dom0, and needs the username for those paths. +* Features +** 3isec +Sets up the 3isec repository and graphical installer. I use this for sys-mullvad. +** Chromium +Creates /tmpl-chromium/ and /web-yt/. I usually avoid Chromium, but YouTube performs better on it than Librewolf, so I use it for that. + +Blueman is installed in /tmpl-chromium/ so it's easy to pass your bluetooth controller to /web-yt/ and listen with bluetooth headphones. +** Emacs +Creates /tmpl-emacs/ and two app qubes, /emacs-org/ and /emacs-salt/, with Doom Emacs' dependencies. I do all of my personal organization in Emacs org-mode, and /emacs-salt/ is for editing my saltstack configuration. + +It also places two scripts in dom0, //usr/bin/fetch-salt-from-emacs/ and //usr/bin/push-salt-to-emacs/. Run these as root in dom0 to easily move your repo back and forth as you please. +** Email +Creates /tmpl-email/ and two app qubes, /email-personal/ and /email-work/, with Thunderbird. Networked over /sys-mullvad/ +** IRC +Creates /tmpl-irc/ and /irc/ with Hexchat installed, for chatting on IRC over Tor. +** SSH +Creates /tmpl-ssh/ and /ssh-vps/, simple qubes to ssh into my VPS with. +** Torrenting +Creates /tmpl-torrenting/ and /bitz/ with qBitTorrent installed, for torrenting over /sys-mullvad/. +** Web +Creates /tmpl-web/ and a few /web-XXX/ qubes, with Librewolf and networked over /sys-mullvad/. +** WM +This does many things to set up a convenient i3 environment. +- Installs a few packages in dom0 +- Moves my i3 config into place +- Prioritizes xfce4-terminal and st in //usr/bin/qubes-i3-sensible-terminal/ +- Moves my xrandr screenlayout in place +- Moves my nitrogen wallpaper files in place +- Enables tap-to-click and natural scrolling +- Replaces dmenu with rofi diff --git a/bashrc-sync.sls b/bashrc-sync.sls new file mode 100644 index 0000000..56b0872 --- /dev/null +++ b/bashrc-sync.sls @@ -0,0 +1,10 @@ +'rm /home/skylar/.bashrc': + cmd.run +/home/skylar/.bashrc: + file.managed: + - source: salt://dots/.bashrc +'sudo rm /root/.bashrc': + cmd.run +/root/.bashrc: + file.managed: + - source: salt://dots/.bashrc diff --git a/bluetooth-pkgs.sls b/bluetooth-pkgs.sls new file mode 100644 index 0000000..cdcdcac --- /dev/null +++ b/bluetooth-pkgs.sls @@ -0,0 +1,4 @@ +bluetooth-install-packages: + pkg.installed: + - pkgs: + - blueman diff --git a/chromium/create-chromium-qubes.top b/chromium/create-chromium-qubes.top new file mode 100644 index 0000000..7242c42 --- /dev/null +++ b/chromium/create-chromium-qubes.top @@ -0,0 +1,7 @@ +user: + dom0: + - chromium.qvm-app + - chromium.qvm-tmpl + tmpl-chromium: + - chromium.tmpl-pkgs + - bluetooth-pkgs diff --git a/chromium/qvm-app.sls b/chromium/qvm-app.sls new file mode 100644 index 0000000..2e415df --- /dev/null +++ b/chromium/qvm-app.sls @@ -0,0 +1,14 @@ +chromium--create-youtube-qube: + qvm.vm: + - name: web-yt + - present: + - template: tmpl-chromium + - label: blue + - prefs: + - label: blue + - netvm: sys-mullvad + - features: + - set: + - menu-items: chromium.desktop xfce4-terminal.desktop thunar.desktop + - require: + - qvm: chromium--create-template diff --git a/chromium/qvm-tmpl.sls b/chromium/qvm-tmpl.sls new file mode 100644 index 0000000..657b47f --- /dev/null +++ b/chromium/qvm-tmpl.sls @@ -0,0 +1,4 @@ +chromium--create-template: + qvm.clone: + - name: tmpl-chromium + - source: debian-12-minimal diff --git a/chromium/tmpl-pkgs.sls b/chromium/tmpl-pkgs.sls new file mode 100644 index 0000000..41282e1 --- /dev/null +++ b/chromium/tmpl-pkgs.sls @@ -0,0 +1,13 @@ +chromium--install-apps: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-mgmt-salt-vm-connector + - qubes-core-agent-networking + - qubes-core-agent-thunar + - qubes-usb-proxy + - pulseaudio-qubes + - xfce4-terminal + - chromium-common + - chromium-driver + - chromium diff --git a/dots/.bashrc b/dots/.bashrc new file mode 100644 index 0000000..eb63c13 --- /dev/null +++ b/dots/.bashrc @@ -0,0 +1,36 @@ +# .bashrc + +# Source global definitions +if [ -f /etc/bashrc ]; then + . /etc/bashrc +fi + +# User specific environment +if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]] +then + PATH="$HOME/.local/bin:$HOME/bin:$PATH" +fi +export PATH + +# Uncomment the following line if you don't like systemctl's auto-paging feature: +# export SYSTEMD_PAGER= + +# User specific aliases and functions + +alias rm='rm -i' +alias cp='cp -i' +alias mv='mv -i' + +alias qinst='sudo qubes-dom0-update' +alias qctl='sudo qubesctl' +alias qctla='sudo qubesctl state.apply' +alias qctlas='sudo qubesctl state.sls' +alias qctlaa='sudo qubesctl --all state.apply' +qctlat () +{ + sudo qubesctl --targets="$1" state.apply +} + +set -o vi +export VISUAL=vim +export EDITOR="$VISUAL" diff --git a/dots/90-touchpad.conf b/dots/90-touchpad.conf new file mode 100644 index 0000000..4cdbb23 --- /dev/null +++ b/dots/90-touchpad.conf @@ -0,0 +1,8 @@ +Section "InputClass" + Identifier "touchpad" + MatchIsTouchpad "on" + Driver "libinput" + Option "Tapping" "on" + Option "NaturalScrolling" "on" + Option "TappingButtonMap" "lrm" +EndSection diff --git a/dots/default-screenlayout.sh b/dots/default-screenlayout.sh new file mode 100644 index 0000000..c397c21 --- /dev/null +++ b/dots/default-screenlayout.sh @@ -0,0 +1,2 @@ +#!/bin/sh +xrandr --output eDP-1 --mode 1920x1080 --pos 1920x0 --rotate normal --output HDMI-1 --primary --mode 1920x1080 --pos 0x0 --rotate normal --output DP-1 --off --output DP-2 --off --output DP-3 --off --output DP-4 --off diff --git a/dots/doom-emacs/config.el b/dots/doom-emacs/config.el new file mode 100644 index 0000000..3879b4b --- /dev/null +++ b/dots/doom-emacs/config.el @@ -0,0 +1,94 @@ +;;; $DOOMDIR/config.el -*- lexical-binding: t; -*- + +;; Place your private configuration here! Remember, you do not need to run 'doom +;; sync' after modifying this file! + + +;; Some functionality uses this to identify you, e.g. GPG configuration, email +;; clients, file templates and snippets. It is optional. +;; (setq user-full-name "John Doe" +;; user-mail-address "john@doe.com") + +;; Doom exposes five (optional) variables for controlling fonts in Doom: +;; +;; - `doom-font' -- the primary font to use +;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable) +;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for +;; presentations or streaming. +;; - `doom-symbol-font' -- for symbols +;; - `doom-serif-font' -- for the `fixed-pitch-serif' face +;; +;; See 'C-h v doom-font' for documentation and more examples of what they +;; accept. For example: +;; +;;(setq doom-font (font-spec :family "Fira Code" :size 12 :weight 'semi-light) +;; doom-variable-pitch-font (font-spec :family "Fira Sans" :size 13)) +;; +;; If you or Emacs can't find your font, use 'M-x describe-font' to look them +;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to +;; refresh your font settings. If Emacs still can't find your font, it likely +;; wasn't installed correctly. Font issues are rarely Doom issues! + +;; There are two ways to load a theme. Both assume the theme is installed and +;; available. You can either set `doom-theme' or manually load a theme with the +;; `load-theme' function. This is the default: +(setq doom-theme 'doom-gruvbox) + +;; This determines the style of line numbers in effect. If set to `nil', line +;; numbers are disabled. For relative line numbers, set this to `relative'. +(setq display-line-numbers-type 'relative) + +;; If you use `org' and don't want your org files in the default location below, +;; change `org-directory'. It must be set before org loads! +(setq org-directory "~/Documents/org/") + +;; Whenever you reconfigure a package, make sure to wrap your config in an +;; `after!' block, otherwise Doom's defaults may override your settings. E.g. +;; +;; (after! PACKAGE +;; (setq x y)) +;; +;; The exceptions to this rule: +;; +;; - Setting file/directory variables (like `org-directory') +;; - Setting variables which explicitly tell you to set them before their +;; package is loaded (see 'C-h v VARIABLE' to look up their documentation). +;; - Setting doom variables (which start with 'doom-' or '+'). +;; +;; Here are some additional functions/macros that will help you configure Doom. +;; +;; - `load!' for loading external *.el files relative to this one +;; - `use-package!' for configuring packages +;; - `after!' for running code after a package has loaded +;; - `add-load-path!' for adding directories to the `load-path', relative to +;; this file. Emacs searches the `load-path' when you load packages with +;; `require' or `use-package'. +;; - `map!' for binding new keys +;; +(use-package osm + :bind ("C-c m" . osm-prefix-map) ;; Alternatives: `osm-home' or `osm' + + :custom + ;; Take a look at the customization group `osm' for more options. + (osm-server 'default) ;; Configure the tile server + (osm-copyright t) ;; Display the copyright information + + :config + + ;; Add custom servers, see also https://github.com/minad/osm/wiki + ;; (osm-add-server 'myserver + ;; :name "My tile server" + ;; :group "Custom" + ;; :description "Tiles based on aerial images" + ;; :url "https://myserver/tiles/%z/%x/%y.png?apikey=%k") +) + +;; +;; To get information about any of these functions/macros, move the cursor over +;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k'). +;; This will open documentation for it, including demos of how they are used. +;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces, +;; etc). +;; +;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how +;; they are implemented. diff --git a/dots/doom-emacs/custom.el b/dots/doom-emacs/custom.el new file mode 100644 index 0000000..6965532 --- /dev/null +++ b/dots/doom-emacs/custom.el @@ -0,0 +1,14 @@ +(custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(auth-source-save-behavior nil) + '(org-agenda-files '("~/Documents/org/todo.org")) + '(package-selected-packages '(osm))) +(custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) diff --git a/dots/doom-emacs/init.el b/dots/doom-emacs/init.el new file mode 100644 index 0000000..40b62c0 --- /dev/null +++ b/dots/doom-emacs/init.el @@ -0,0 +1,193 @@ +;;; init.el -*- lexical-binding: t; -*- + +;; This file controls what Doom modules are enabled and what order they load +;; in. Remember to run 'doom sync' after modifying it! + +;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's +;; documentation. There you'll find a link to Doom's Module Index where all +;; of our modules are listed, including what flags they support. + +;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or +;; 'C-c c k' for non-vim users) to view its documentation. This works on +;; flags as well (those symbols that start with a plus). +;; +;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its +;; directory (for easy access to its source code). + +(doom! :input + ;;bidi ; (tfel ot) thgir etirw uoy gnipleh + ;;chinese + ;;japanese + ;;layout ; auie,ctsrnm is the superior home row + + :completion + ;;company ; the ultimate code completion backend + (corfu +orderless) ; complete with cap(f), cape and a flying feather! + ;;helm ; the *other* search engine for love and life + ;;ido ; the other *other* search engine... + ;;ivy ; a search engine for love and life + vertico ; the search engine of the future + + :ui + ;;deft ; notational velocity for Emacs + doom ; what makes DOOM look the way it does + doom-dashboard ; a nifty splash screen for Emacs + ;;doom-quit ; DOOM quit-message prompts when you quit Emacs + (emoji +unicode) ; 🙂 + hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW + ;;indent-guides ; highlighted indent columns + ;;ligatures ; ligatures and symbols to make your code pretty again + ;;minimap ; show a map of the code on the side + modeline ; snazzy, Atom-inspired modeline, plus API + ;;nav-flash ; blink cursor line after big motions + ;;neotree ; a project drawer, like NERDTree for vim + ophints ; highlight the region an operation acts on + (popup +defaults) ; tame sudden yet inevitable temporary windows + ;;tabs ; a tab bar for Emacs + ;;treemacs ; a project drawer, like neotree but cooler + ;;unicode ; extended unicode support for various languages + (vc-gutter +pretty) ; vcs diff in the fringe + vi-tilde-fringe ; fringe tildes to mark beyond EOB + ;;window-select ; visually switch windows + workspaces ; tab emulation, persistence & separate workspaces + zen ; distraction-free coding or writing + + :editor + (evil +everywhere); come to the dark side, we have cookies + file-templates ; auto-snippets for empty files + fold ; (nigh) universal code folding + ;;(format +onsave) ; automated prettiness + ;;god ; run Emacs commands without modifier keys + ;;lispy ; vim for lisp, for people who don't like vim + ;;multiple-cursors ; editing in many places at once + ;;objed ; text object editing for the innocent + ;;parinfer ; turn lisp into python, sort of + ;;rotate-text ; cycle region at point between text candidates + snippets ; my elves. They type so I don't have to + word-wrap ; soft wrapping with language-aware indent + + :emacs + dired ; making dired pretty [functional] + electric ; smarter, keyword-based electric-indent + ;;eww ; the internet is gross + ;;ibuffer ; interactive buffer management + undo ; persistent, smarter undo for your inevitable mistakes + vc ; version-control and Emacs, sitting in a tree + + :term + eshell ; the elisp shell that works everywhere + ;;shell ; simple shell REPL for Emacs + ;;term ; basic terminal emulator for Emacs + vterm ; the best terminal emulation in Emacs + + :checkers + syntax ; tasing you for every semicolon you forget + (spell +flyspell) ; tasing you for misspelling mispelling + ;;grammar ; tasing grammar mistake every you make + + :tools + ;;ansible + ;;biblio ; Writes a PhD for you (citation needed) + ;;collab ; buffers with friends + ;;debugger ; FIXME stepping through code, to help you add bugs + ;;direnv + ;;docker + ;;editorconfig ; let someone else argue about tabs vs spaces + ;;ein ; tame Jupyter notebooks with emacs + (eval +overlay) ; run code, run (also, repls) + lookup ; navigate your code and its documentation + ;;lsp ; M-x vscode + magit ; a git porcelain for Emacs + ;;make ; run make tasks from Emacs + ;;pass ; password manager for nerds + pdf ; pdf enhancements + ;;prodigy ; FIXME managing external services & code builders + ;;terraform ; infrastructure as code + ;;tmux ; an API for interacting with tmux + ;;tree-sitter ; syntax and parsing, sitting in a tree... + ;;upload ; map local to remote projects via ssh/ftp + + :os + (:if (featurep :system 'macos) macos) ; improve compatibility with macOS + ;;tty ; improve the terminal Emacs experience + + :lang + ;;agda ; types of types of types of types... + ;;beancount ; mind the GAAP + ;;(cc +lsp) ; C > C++ == 1 + ;;clojure ; java with a lisp + ;;common-lisp ; if you've seen one lisp, you've seen them all + ;;coq ; proofs-as-programs + ;;crystal ; ruby at the speed of c + ;;csharp ; unity, .NET, and mono shenanigans + ;;data ; config/data formats + ;;(dart +flutter) ; paint ui and not much else + ;;dhall + ;;elixir ; erlang done right + ;;elm ; care for a cup of TEA? + emacs-lisp ; drown in parentheses + ;;erlang ; an elegant language for a more civilized age + ;;ess ; emacs speaks statistics + ;;factor + ;;faust ; dsp, but you get to keep your soul + ;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER) + ;;fsharp ; ML stands for Microsoft's Language + ;;fstar ; (dependent) types and (monadic) effects and Z3 + ;;gdscript ; the language you waited for + ;;(go +lsp) ; the hipster dialect + ;;(graphql +lsp) ; Give queries a REST + ;;(haskell +lsp) ; a language that's lazier than I am + ;;hy ; readability of scheme w/ speed of python + ;;idris ; a language you can depend on + json ; At least it ain't XML + ;;(java +lsp) ; the poster child for carpal tunnel syndrome + ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) + ;;julia ; a better, faster MATLAB + ;;kotlin ; a better, slicker Java(Script) + latex ; writing papers in Emacs has never been so fun + ;;lean ; for folks with too much to prove + ;;ledger ; be audit you can be + ;;lua ; one-based indices? one-based indices + markdown ; writing docs for people to ignore + ;;nim ; python + lisp at the speed of c + ;;nix ; I hereby declare "nix geht mehr!" + ;;ocaml ; an objective camel + org ; organize your plain life in plain text + ;;php ; perl's insecure younger brother + ;;plantuml ; diagrams for confusing people more + ;;graphviz ; diagrams for confusing yourself even more + ;;purescript ; javascript, but functional + ;;python ; beautiful is better than ugly + ;;qt ; the 'cutest' gui framework ever + ;;racket ; a DSL for DSLs + ;;raku ; the artist formerly known as perl6 + ;;rest ; Emacs as a REST client + ;;rst ; ReST in peace + ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} + ;;(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() + ;;scala ; java, but good + ;;(scheme +guile) ; a fully conniving family of lisps + sh ; she sells {ba,z,fi}sh shells on the C xor + ;;sml + ;;solidity ; do you need a blockchain? No. + ;;swift ; who asked for emoji variables? + ;;terra ; Earth and Moon in alignment for performance. + ;;web ; the tubes + ;;yaml ; JSON, but readable + ;;zig ; C, but simpler + + :email + ;;(mu4e +org +gmail) + ;;notmuch + ;;(wanderlust +gmail) + + :app + ;;calendar + ;;emms + ;;everywhere ; *leave* Emacs!? You must be joking + ;;irc ; how neckbeards socialize + ;;(rss +org) ; emacs as an RSS reader + + :config + ;;literate + (default +bindings +smartparens)) diff --git a/dots/doom-emacs/packages.el b/dots/doom-emacs/packages.el new file mode 100644 index 0000000..d754109 --- /dev/null +++ b/dots/doom-emacs/packages.el @@ -0,0 +1,51 @@ +;; -*- no-byte-compile: t; -*- +;;; $DOOMDIR/packages.el + +;; To install a package with Doom you must declare them here and run 'doom sync' +;; on the command line, then restart Emacs for the changes to take effect -- or +;; use 'M-x doom/reload'. + + +;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror: +(package! salt-mode) +(package! i3wm-config-mode) + +;; To install a package directly from a remote git repo, you must specify a +;; `:recipe'. You'll find documentation on what `:recipe' accepts here: +;; https://github.com/radian-software/straight.el#the-recipe-format +;; (package! another-package +;; :recipe (:host github :repo "username/repo")) + +;; If the package you are trying to install does not contain a PACKAGENAME.el +;; file, or is located in a subdirectory of the repo, you'll need to specify +;; `:files' in the `:recipe': +;; (package! this-package +;; :recipe (:host github :repo "username/repo" +;; :files ("some-file.el" "src/lisp/*.el"))) + +;; If you'd like to disable a package included with Doom, you can do so here +;; with the `:disable' property: +;; (package! builtin-package :disable t) + +;; You can override the recipe of a built in package without having to specify +;; all the properties for `:recipe'. These will inherit the rest of its recipe +;; from Doom or MELPA/ELPA/Emacsmirror: +;; (package! builtin-package :recipe (:nonrecursive t)) +;; (package! builtin-package-2 :recipe (:repo "myfork/package")) + +;; Specify a `:branch' to install a package from a particular branch or tag. +;; This is required for some packages whose default branch isn't 'master' (which +;; our package manager can't deal with; see radian-software/straight.el#279) +;; (package! builtin-package :recipe (:branch "develop")) + +;; Use `:pin' to specify a particular commit to install. +;; (package! builtin-package :pin "1a2b3c4d5e") + + +;; Doom's packages are pinned to a specific commit and updated from release to +;; release. The `unpin!' macro allows you to unpin single packages... +;; (unpin! pinned-package) +;; ...or multiple packages +;; (unpin! pinned-package another-pinned-package) +;; ...Or *all* packages (NOT RECOMMENDED; will likely break things) +;; (unpin! t) diff --git a/dots/i3-config b/dots/i3-config new file mode 100644 index 0000000..6d49f0c --- /dev/null +++ b/dots/i3-config @@ -0,0 +1,299 @@ +# This file has been auto-generated by i3-config-wizard(1). +# It will not be overwritten, so edit it as you like. +# +# Should you change your keyboard layout some time, delete +# this file and re-run i3-config-wizard(1). +# + +# i3 config file (v4) +# +# Please see http://i3wm.org/docs/userguide.html for a complete reference! + +set $mod Mod4 + +# Font for window titles. Will also be used by the bar unless a different font +# is used in the bar {} block below. +# This font is widely installed, provides lots of unicode glyphs, right-to-left +# text rendering and scalability on retina/hidpi displays (thanks to pango). +font pango:DejaVu Sans Mono 16 + +# The combination of xss-lock, nm-applet and pactl is a popular choice, so +# they are included here as an example. Modify as you see fit. + +# xss-lock grabs a logind suspend inhibit lock and will use i3lock to lock the +# screen before suspend. Use loginctl lock-session to lock your screen. +exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock --nofork + +bindsym XF86AudioRaiseVolume exec --no-startup-id amixer -q sset Master 4%+ unmute +bindsym XF86AudioLowerVolume exec --no-startup-id amixer -q sset Master 4%- unmute +# amixer doesn't unmute properly +bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle +bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle + +# use these keys for focus, movement, and resize directions when reaching for +# the arrows is not convenient +set $up k +set $down j +set $left h +set $right l + +client.background dom0 #32302f +client.focused dom0 #522702 #643002 #ffffff #a6907d +client.focused_inactive dom0 #522702 #361a01 #ffffff #a6907d +client.unfocused dom0 #522702 #361a01 #999999 #a6907d +client.urgent dom0 #666666 #a6907d #ce0000 #a6907d + +client.background red #cc241d +client.focused red #e53b27 #e53b27 #ffffff #f19b90 +client.focused_inactive red #e53b27 #902519 #ffffff #f19b90 +client.unfocused red #e53b27 #902519 #999999 #f19b90 +client.urgent red #e53b27 #f19b90 #ce0000 #f19b90 + + +client.background orange #d79921 +client.focused orange #d05f03 #d05f03 #ffffff #daa67e +client.focused_inactive orange #d05f03 #7b3702 #ffffff #daa67e +client.unfocused orange #d05f03 #7b3702 #999999 #daa67e +client.urgent orange #d05f03 #daa67e #ce0000 #daa67e + +client.background yellow #fabd2f +client.focused yellow #999b00 #999b00 #ffffff #cacb7c +client.focused_inactive yellow #999b00 #666700 #ffffff #cacb7c +client.unfocused yellow #999b00 #666700 #999999 #cacb7c +client.urgent yellow #999b00 #cacb7c #ce0000 #cacb7c + +client.background green #98971a +client.focused green #04af5b #04af5b #ffffff #7dd5aa +client.focused_inactive green #04af5b #02713b #ffffff #7dd5aa +client.unfocused green #04af5b #02713b #999999 #7dd5aa +client.urgent green #04af5b #7dd5aa #ce0000 #7dd5aa + +client.background gray #92837a +client.focused gray #8c959f #8c959f #ffffff #c3c8cd +client.focused_inactive gray #8c959f #676d75 #ffffff #c3c8cd +client.unfocused gray #8c959f #676d75 #999999 #c3c8cd +client.urgent gray #8c959f #c3c8cd #ce0000 #c3c8cd + +client.background blue #458588 +client.focused blue #3384d6 #3384d6 #ffffff #95bee8 +client.focused_inactive blue #3384d6 #1f5082 #ffffff #95bee8 +client.unfocused blue #3384d6 #1f5082 #999999 #95bee8 +client.urgent blue #3384d6 #95bee8 #ce0000 #95bee8 + +client.background purple #b16286 +client.focused purple #8f5cbe #8f5cbe #ffffff #c6abdd +client.focused_inactive purple #8f5cbe #5c3e78 #ffffff #c6abdd +client.unfocused purple #8f5cbe #5c3e78 #999999 #c6abdd +client.urgent purple #8f5cbe #c6abdd #ce0000 #c6abdd + +client.background black #282828 +client.focused black #595959 #595959 #ffffff #a3a3a3 +client.focused_inactive black #595959 #3a3a3a #ffffff #a3a3a3 +client.unfocused black #595959 #3a3a3a #999999 #a3a3a3 +client.urgent black #595959 #a3a3a3 #ce0000 #a3a3a3 + +gaps inner 20 +set $mode_gaps Gaps: (o) outer, (i) inner +set $mode_gaps_outer Outer Gaps +|-|0 (local), Shift + +|-|0 (global) +set $mode_gaps_inner Inner Gaps +|-|0 (local), Shift + +|-|0 (global) +bindsym $mod+Shift+g mode "$mode_gaps" + +mode "$mode_gaps" { + bindsym o mode "$mode_gaps_outer" + bindsym i mode "$mode_gaps_inner" + bindsym Return mode "default" + bindsym Escape mode "default" +} +mode "$mode_gaps_inner" { + bindsym plus gaps inner current plus 5 + bindsym minus gaps inner current minus 5 + bindsym 0 gaps inner current set 0 + + bindsym Shift+plus gaps inner all plus 5 + bindsym Shift+minus gaps inner all minus 5 + bindsym Shift+0 gaps inner all set 0 + + bindsym Return mode "default" + bindsym Escape mode "default" +} +mode "$mode_gaps_outer" { + bindsym plus gaps outer current plus 5 + bindsym minus gaps outer current minus 5 + bindsym 0 gaps outer current set 0 + + bindsym Shift+plus gaps outer all plus 5 + bindsym Shift+minus gaps outer all minus 5 + bindsym Shift+0 gaps outer all set 0 + + bindsym Return mode "default" + bindsym Escape mode "default" +} + +# Use Mouse+$mod to drag floating windows to their wanted position +floating_modifier $mod + +# start a terminal in the domain of the currently active window +bindsym $mod+Return exec qubes-i3-sensible-terminal +bindsym $mod+Shift+Return exec xfce4-terminal + +# kill focused window +bindsym $mod+q kill + +# start dmenu (a program launcher) +bindsym $mod+d exec --no-startup-id i3-dmenu-desktop --dmenu="dmenu -i -nb #d2d2d2 -nf #000000 -sb #63a0ff" + +bindsym $mod+Shift+d exec rofi -show + +# change focus +bindsym $mod+$left focus left +bindsym $mod+$down focus down +bindsym $mod+$up focus up +bindsym $mod+$right focus right + +# move focused window +bindsym $mod+Shift+$left move left +bindsym $mod+Shift+$down move down +bindsym $mod+Shift+$up move up +bindsym $mod+Shift+$right move right + +# split in horizontal orientation +bindsym $mod+period split h + +# split in vertical orientation +bindsym $mod+v split v + +# enter fullscreen mode for the focused container +bindsym $mod+f fullscreen toggle + +# change container layout (stacked, tabbed, toggle split) +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +bindsym $mod+e layout toggle split + +# toggle tiling / floating +bindsym $mod+Shift+space floating toggle + +# change focus between tiling / floating windows +bindsym $mod+space focus mode_toggle + +# focus next window (cycle) right +bindsym $mod+Tab focus right + +# focus next window (cycle) down +bindsym $mod+Shift+Tab focus down + +# Disable scratchpad shortcuts +# move the currently focused window to the scratchpad +bindsym $mod+Shift+minus move scratchpad + +# Show the next scratchpad window or hide the focused scratchpad window. +# If there are multiple scratchpad windows, this command cycles through them. +bindsym $mod+minus scratchpad show + +# Define names for default workspaces for which we configure key bindings later on. +# We use variables to avoid repeating the names in multiple places. +set $ws1 "1" +set $ws2 "2" +set $ws3 "3" +set $ws4 "4" +set $ws5 "5" +set $ws6 "6" +set $ws7 "7" +set $ws8 "8" +set $ws9 "9" +set $ws10 "10" + +# switch to workspace +bindsym $mod+1 workspace number $ws1 +bindsym $mod+2 workspace number $ws2 +bindsym $mod+3 workspace number $ws3 +bindsym $mod+4 workspace number $ws4 +bindsym $mod+5 workspace number $ws5 +bindsym $mod+6 workspace number $ws6 +bindsym $mod+7 workspace number $ws7 +bindsym $mod+8 workspace number $ws8 +bindsym $mod+9 workspace number $ws9 +bindsym $mod+0 workspace number $ws10 + +bindsym $mod+Shift+1 move container to workspace $ws1 +bindsym $mod+Shift+2 move container to workspace $ws2 +bindsym $mod+Shift+3 move container to workspace $ws3 +bindsym $mod+Shift+4 move container to workspace $ws4 +bindsym $mod+Shift+5 move container to workspace $ws5 +bindsym $mod+Shift+6 move container to workspace $ws6 +bindsym $mod+Shift+7 move container to workspace $ws7 +bindsym $mod+Shift+8 move container to workspace $ws8 +bindsym $mod+Shift+9 move container to workspace $ws9 +bindsym $mod+Shift+10 move container to workspace $ws10 + +# reload the configuration file +bindsym $mod+Shift+c reload +# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) +bindsym $mod+Shift+r restart +# exit i3 (logs you out of your X session) +bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" + +mode "resize" { + # These bindings trigger as soon as you enter the resize mode + + # Pressing left will shrink the window’s width. + # Pressing right will grow the window’s width. + # Pressing up will shrink the window’s height. + # Pressing down will grow the window’s height. + bindsym $left resize shrink width 10 px or 10 ppt + bindsym $down resize grow height 10 px or 10 ppt + bindsym $up resize shrink height 10 px or 10 ppt + bindsym $right resize grow width 10 px or 10 ppt + + # back to normal: Enter or Escape or Mod1+r + bindsym Return mode "default" + bindsym Escape mode "default" + bindsym Mod1+r mode "default" +} + +bindsym $mod+r mode "resize" + +exec ~/.screenlayout/home.sh +exec nitrogen --restore + +# Start i3bar to display a workspace bar (plus the system information i3status +# finds out, if available) +bar { + status_command qubes-i3status + colors { + background #3c3836 + statusline #fbf1c7 + + #class #border #backgr #text + focused_workspace #d79921 #d79921 #fbf1c7 + active_workspace #333333 #888888 #f5f5f5 + inactive_workspace #d79921 #3c3836 #fbf1c7 + urgent_workspace #bd2727 #e79e27 #333333 + } +} + +# Avoids screen size fingerprinting +for_window [title="Tor Browser"] floating enable + +# Make sure all xdg autostart entries are started, this is (among other things) +# necessary to make sure transient vm's come up +exec --no-startup-id qubes-i3-xdg-autostart + +# Switch capslock to escape +exec xmodmap -e "clear lock" #disable caps lock switch +exec xmodmap -e "keysym Caps_Lock = Escape" #set caps_lock as escape + +# Focus to urgent window +bindsym $mod+x [urgent=latest] focus + +# Move back and forth to last workspace +bindsym $mod+z workspace back_and_forth + +# Enable connected but disable outputs +bindsym XF86Display exec --no-startup-id xrandr --auto + +# Lock screen shortcut +bindsym Control+Mod1+l exec --no-startup-id i3lock -f -c ff0000 + +# Execute org-capture in 'emacs-org' +bindsym $mod+c exec qvm-run emacs-org 'emacsclient --eval '(+org-capture/open-frame INITIAL-INPUT-KEY)' diff --git a/dots/nitrogen/bg-saved.cfg b/dots/nitrogen/bg-saved.cfg new file mode 100644 index 0000000..4c05aef --- /dev/null +++ b/dots/nitrogen/bg-saved.cfg @@ -0,0 +1,9 @@ +[xin_0] +file=/home/skylar/Pictures/wallpaper.png +mode=3 +bgcolor=#000000 + +[xin_1] +file=/home/skylar/Pictures/wallpaper.png +mode=3 +bgcolor=#000000 diff --git a/dots/nitrogen/wallpaper.png b/dots/nitrogen/wallpaper.png Binary files differnew file mode 100644 index 0000000..c3e4d98 --- /dev/null +++ b/dots/nitrogen/wallpaper.png diff --git a/dots/rofi-config.rasi b/dots/rofi-config.rasi new file mode 100644 index 0000000..bc422c9 --- /dev/null +++ b/dots/rofi-config.rasi @@ -0,0 +1 @@ +@theme "/usr/share/rofi/themes/gruvbox-dark-soft.rasi" diff --git a/emacs/create-emacs-qubes.top b/emacs/create-emacs-qubes.top new file mode 100644 index 0000000..c8a31cf --- /dev/null +++ b/emacs/create-emacs-qubes.top @@ -0,0 +1,7 @@ +user: + dom0: + - emacs.qvm-app + - emacs.qvm-tmpl + - emacs.emacs-scripts + tmpl-emacs: + - emacs.tmpl-pkgs diff --git a/emacs/emacs-scripts.sls b/emacs/emacs-scripts.sls new file mode 100644 index 0000000..4722aaa --- /dev/null +++ b/emacs/emacs-scripts.sls @@ -0,0 +1,10 @@ +emacs--move-scripts: + file.managed: + - user: root + - group: root + - mode: 777 + - names: + - /usr/bin/fetch-salt-from-emacs: + - source: salt://scripts/fetch-salt-from-emacs.sh + - /usr/bin/push-salt-to-emacs: + - source: salt://scripts/push-salt-to-emacs.sh diff --git a/emacs/git-doom-install.sls b/emacs/git-doom-install.sls new file mode 100644 index 0000000..40d88bd --- /dev/null +++ b/emacs/git-doom-install.sls @@ -0,0 +1,6 @@ +'git clone --depth 1 https://github.com/hlissner/doom-emacs /home/user/.emacs.d': + cmd.run +'/home/user/.emacs.d/bin/doom install --env --config --install --fonts --force': + cmd.run +'/home/user/.emacs.d/bin/doom sync --doomdir ~/.doom.d --emacsdir ~/.emacs.d -u': + cmd.run diff --git a/emacs/qvm-app.sls b/emacs/qvm-app.sls new file mode 100644 index 0000000..ba3b9f9 --- /dev/null +++ b/emacs/qvm-app.sls @@ -0,0 +1,23 @@ +emacs--create-salt-qube: + qvm.vm: + - name: emacs-salt + - present: + - template: tmpl-emacs + - label: purple + - features: + - set: + - menu-items: emacs.desktop + - require: + - qvm: emacs--create-template + +emacs--create-org-qube: + qvm.vm: + - name: emacs-org + - present: + - template: tmpl-emacs + - label: green + - features: + - set: + - menu-items: emacs.desktop + - require: + - qvm: emacs--create-template diff --git a/emacs/qvm-tmpl.sls b/emacs/qvm-tmpl.sls new file mode 100644 index 0000000..5b6772d --- /dev/null +++ b/emacs/qvm-tmpl.sls @@ -0,0 +1,4 @@ +emacs--create-template: + qvm.clone: + - name: tmpl-emacs + - source: fedora-40-minimal diff --git a/emacs/tmpl-pkgs.sls b/emacs/tmpl-pkgs.sls new file mode 100644 index 0000000..739d458 --- /dev/null +++ b/emacs/tmpl-pkgs.sls @@ -0,0 +1,21 @@ +emacs--install-apps: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-mgmt-salt-vm-connector + - qubes-core-agent-networking + - qubes-core-agent-thunar + - polkit + - curl + - git + - clang + - emacs + - ripgrep + - fd-find + - pandoc + - ShellCheck + - cmake + - libtool + - salt-lint + - graphviz + - ledger diff --git a/email/create-email-qubes.top b/email/create-email-qubes.top new file mode 100644 index 0000000..18879cb --- /dev/null +++ b/email/create-email-qubes.top @@ -0,0 +1,6 @@ +user: + dom0: + - email.qvm-app + - email.qvm-tmpl + tmpl-email: + - email.tmpl-pkgs diff --git a/email/qvm-app.sls b/email/qvm-app.sls new file mode 100644 index 0000000..a262a39 --- /dev/null +++ b/email/qvm-app.sls @@ -0,0 +1,27 @@ + email--create-work-app-qube: + qvm.vm: + - name: email-work + - present: + - template: tmpl-email + - label: blue + - prefs: + - netvm: sys-mullvad + - features: + - set: + - menu-items: thunar.desktop thunderbird.desktop + - require: + - qvm: email--create-template + + email--create-personal-app-qube: + qvm.vm: + - name: email-personal + - present: + - template: tmpl-email + - label: yellow + - prefs: + - netvm: sys-mullvad + - features: + - set: + - menu-items: thunar.desktop thunderbird.desktop + - require: + - qvm: email--create-template diff --git a/email/qvm-tmpl.sls b/email/qvm-tmpl.sls new file mode 100644 index 0000000..2d24c08 --- /dev/null +++ b/email/qvm-tmpl.sls @@ -0,0 +1,5 @@ +email--create-template: + qvm.clone: + - name: tmpl-email + - source: debian-12-minimal + diff --git a/email/tmpl-pkgs.sls b/email/tmpl-pkgs.sls new file mode 100644 index 0000000..501810c --- /dev/null +++ b/email/tmpl-pkgs.sls @@ -0,0 +1,13 @@ +email--install-apps: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-mgmt-salt-vm-connector + - qubes-core-agent-networking + - qubes-core-agent-thunar + - qubes-gpg-split + - qubes-pdf-converter + - qubes-img-converter + - qubes-menus + - thunderbird-qubes + - thunderbird diff --git a/install-templates.sls b/install-templates.sls new file mode 100644 index 0000000..bf5f7b4 --- /dev/null +++ b/install-templates.sls @@ -0,0 +1,5 @@ +install-necessary-templates: + qvm.template_installed: + - name: debian-12-minimal + - name: debian-12-xfce + - name: fedora-40-minimal diff --git a/irc/create-irc-qubes.top b/irc/create-irc-qubes.top new file mode 100644 index 0000000..4cfe250 --- /dev/null +++ b/irc/create-irc-qubes.top @@ -0,0 +1,6 @@ +user: + dom0: + - irc.qvm-app + - irc.qvm-tmpl + tmpl-irc: + - irc.tmpl-pkgs diff --git a/irc/qvm-app.sls b/irc/qvm-app.sls new file mode 100644 index 0000000..081b5c6 --- /dev/null +++ b/irc/qvm-app.sls @@ -0,0 +1,12 @@ +irc--create-app-qube: + qvm.vm: + - name: irc + - present: + - template: tmpl-irc + - label: orange + - netvm: sys-whonix + - features: + - set: + - menu-items: io.github.Hexchat.desktop + - require: + - qvm: irc--create-template diff --git a/irc/qvm-tmpl.sls b/irc/qvm-tmpl.sls new file mode 100644 index 0000000..f5a3e3c --- /dev/null +++ b/irc/qvm-tmpl.sls @@ -0,0 +1,4 @@ +irc--create-template: + qvm.clone: + - name: tmpl-irc + - source: debian-12-minimal diff --git a/irc/tmpl-pkgs.sls b/irc/tmpl-pkgs.sls new file mode 100644 index 0000000..f483b6c --- /dev/null +++ b/irc/tmpl-pkgs.sls @@ -0,0 +1,8 @@ +irc--install-apps: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-mgmt-salt-vm-connector + - qubes-core-agent-networking + - qubes-core-agent-thunar + - hexchat diff --git a/keys/RPM-GPG-KEY-unman b/keys/RPM-GPG-KEY-unman new file mode 100644 index 0000000..5649e7a --- /dev/null +++ b/keys/RPM-GPG-KEY-unman @@ -0,0 +1,203 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: Hostname: +Version: Hockeypuck 2.2 + +xsFNBFdt07cBEADGBsfWMKLODNkW8ro4ltREGK7KVgI1ETvgc1inGa79lW33F5/z +cP8vwVTwn1ntb6hFvQPDkrU2ewy0pYyXahSRPKsGn8ldKzjA5O/iACkpLdEgl8// +3xw5XUKF16KO16w/OdcfR+6bxveMN4tr5yxEFSkpoviLzJdCcOfduaLlKijGsDhW +Ay36UWrbNiV5HsplM3hQy6CTjYe1/1psvf0B1QM7OXJMKgGtY6BSDoZ8etnhVYHy +/yGSDuof2cx9WTX3hnkX9db1YucSwUHq2BVqpjv5osUilEjMNPcMybpxv4UHZ25k +kh73QEqrwMhodFvwBW6M3h5nG7YbgBFPMMftVJExpbvwoKxFVclY0u+oGCxvxE2f +X5vA418ehF8ILN8NJA5DVv38bVN7SG1w7PUcpXuG1GL3SP7gDqdEJ2MOqIqSokAw +uMtDo3pRBkrVjbIxiJ1z37fVcl17ZI6s/Fg3IEd61VAgwObD5mOEmkJt1m8tsqGx +iVdr16yR7LfdBXZplCDBYzRcWlslSbSwG7878bLJoc05eXxgr8jq3nlRYbCjXgHM +FnfDVLbeyyfyGNqA5AMlQB9o5Iv12iHFuN9z15Ie6d2ds59Cw5d5SOyya9vLUIfD +W+V5ypCW/4sf1w8KQhPUu49OLwgcyeXPismEpSj3XIPF0LUFFrfAbPHlMQARAQAB +zTl1bm1hbiAoUXViZXMgT1Mgc2lnbmluZyBrZXkpIDx1bm1hbkB0aGlyZGV5ZXNl +Y3VyaXR5Lm9yZz7CwXcEEwEIACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AF +Ald0ZXgACgkQiz8w+cjAwu/cmw/+LLkkSf0QfiSiKhqWQiXFRYngKxAAaiLZV3kc +LCQsZeg7eS8GZYJx19vplBhpGarPGw0REZrvPMfZBcK1YKM7Dt7VfUv49Cd3jPb0 +7W6pMfOOcuQO1UV1mqskziWvW1ooikc/HUJA2kIoTzxr0McFySPdoKtH8MsoEecK +fMqYIjNp31w6JEsQRVzNVmaVrEj8+w1e6miVNpKvokMSNF/x44tpt/Y2C4g1Gxw6 +lPZYunJsTJK69taJbVDVCRvwwhJwHwbIqJWNIpoVDOpZjOvQlz0GPjTiBrA15AtG +eU6NmMJ5qc9Sw/l3gTfh5SCANo5Q/7s+CX5xFpeGwJx6YDpjZCvR78SGi5cjetmT +iWC1coGxjSSoqJb4T1Kbv/ErJellN1MO6+zmioCgx84qJjU3SuqNKdmc3hWRlbCS +CrwKcVZnjLRmlI7XygndpPB9hM/GB9Wn5+/5j0IFmeCECUtzEmod2l+vTUeutReb +uR+/1FD/p7NL8VfA/tq4d6GTSr6vYSYIL89PpO8Sh5G5PsahjATkv/yUJDmtT+14 +nkV+HmQfvT9xrV9tvKbLWcv1RTQf+j3Lk2fXyjxbLsDXIBB2/FfZEFE9E/2uA+Zm +y/o5wkG+xe4Vlx4eRoEM7SLJoXUxkVVAi26sAmYYAh+LkvcAy1IzYaTkS2hU+3Rm +iemoD4fOwU0EV3BtIwEQAL3DM3RBLdxEe3PK8sK0PjZPrCeB/aflFoQxAKMOweYc +P72ipuCfuKa3Zxxd6o2OfiuO5w9JPn5s92vCbL8fZpBJ7SAF5TNOGESBUI18lGVB +Ib/PCz2kN1qkTPDIKnxoDKW0AEna12LgzhTQBPThXX37bx3UlH5uMRZUYF+wl/wf +D1UaFaY7EwObNQL9WQzMV7AkhIoA8XKyK2cNsOL5S87eLpWwffjaE8oZKcYNIPq0 +x6DuiOuAPLnc7eUDqogjo0suN10uGnvaOvlWIwly8/8XRwKPHOVlDHU4kEtMnbfb +PXNaFrABrF/ApeaOxg1JSSHOPdzqI5ifscAYYXr5xREn5Hh+Se7o1I8zXyHXPd/R +TulFykbdmat9w0kVLgor4ahfQeoCj0PwbANlrk1tburh2r16CzeR30sNAcuJqKLK +wmjfdjPPBwCqLZbIQIDtpJ/4tSx8l1TWJ04JSQeQqJZkUpqnOMJup8Baktzbznpy +9ac30aHpWL95VXI7hCGa0kbhi7yeDFbLJuMhIli8z5aDRKbT18M3bgoOMWgkFKxi +2JMDRbchdsu5bS4GjUnovkq5HxqFI6SRh1TEflqBGiGaBPmCT3d9OTZeyK1y/j7N +2dh/3d9Z6dmYs+ppG3749kg0rYpdl3kqHUxlNABuJKcaPQdNJuDnnPMc+6b0Z8pj +ABEBAAHCw5sEGAEIACYCGwIWIQRLH0AN8lZRtTxBQbOLPzD5yMDC7wUCZcPGvgUJ +EtOYmwIpwV0gBBkBCAAGBQJXcG0jAAoJEP3RuCRHMbNs6CwP/AnUBcsrvYLskStJ +7c75vsM1IUQ60gYd8HR2kLAlaG5kkdMVrH7J2lkDZYMoT0ZBV2jpMTe6DpSl6+51 +t0VCrxYjRAt0xCkchNtFrWmbFlbzX8SjdLxuQboH171vYboVS580mK2SNnExif57 +mga0sfMc9nPOpzwzqlt2h0q4wbOANPUv7Hz0Vb8IawWoppR8ztif2zj4NxzFAbw4 +LloxFlllinbqtTatFn962naz86owCalopxqqJt+fGw4aFFwL7Q0vAJoBO94WooEQ +4a5YfiICF02RszOm/LkI/uMGlekhRXek97BKWD5fv7KjCLYexFF2Vnzjr2nzi7gW +vO0bVlFeVGY6NfT+2Pv+NFapeDLOJe1488eeXpF5T0iBERh42f3PwGPMaLCvmgCp +s6u4h5YBiohpsjuYv5mYok9CwEquOPKG86iBfPtLkcXf4I3rkjwYteed2WyCTnpQ +RuHMzeI19WOs/bFuNPCXiRVVAn1KB/mHQKIxZKutcEZMgAtD//ruhTTvsUBSloDS +b/3efm2cZHrix6TjrePbji5nFq7FMClP2Ro1u0wAZURkhzDKEkXC94RhUXO0HukU +QwFzNRXyVVV8jmTGGiuqO8Q3cijmFO054tDxiLD6V5BRnxyQOeQdyxNI8rFEIF4H +Qn/I28HAl/KDXWcRSMUG2jD5jIGNCRCLPzD5yMDC7xzuD/0XCguuOkzYKPTVcFZ2 +IlY8iH+EqRLt1v4+JqOeYPVVoIMsenPqwT4ycr3VhFWSDW/O/Ce8WXIoQt9yHmRO +W3EDqkkV7ejBe345pwUI4dbnLLGFhFyE2JbLJ5tj+rkl2LImbYxSLQc+zdWIQUkK +FErXoHemXSwA+rTfdxYZBAUczhOf7sx6NQZWUGU5SC4p6gonG6chZXMCPeU+REZd +u5dk3zjc0HDnroB/apPcup/peOREP0aCojuvsOqX0QH9wOakMd0AX7/JeDn72xEn +A6kh0UxR8Ct9UDl4SXz5him9kx1Qw9XmwSoN+vNeqQllaWHi2TgL66rAiTlJ741J +PeG0IjbNNUvekU+c15ze5SnSqIvVKU3b5/zjlppjv6bjGfQW2qtmtOyHu4ts8vd+ +nW/PZy9nRTSnAew9YbKEzH/I6rX87t7q8gs7NFLi7gZCLaQTL4PIPxPxlRvosvnO +m+3IeKe6Q84Z751PbYoNE45Y9GE1oHpxebuFewaJJaPNzrTtEEPNkDEok+uAbfET +AmaXM9CGnEOSSg7XbnJXiOdO9KH3jMqNhYxq3IBdwWCK4PA7hNilA4oxy9VsU8OM +Cwa9GybLMFUpWpeAJK0FYXuKXFb5+MlWCqLBu1xrJtiIHihls0fYsc1pBkad2M0p +YHuGhiN5TQ7kZezNPLsLwd1A08LDmwQYAQgAJgIbAhYhBEsfQA3yVlG1PEFBs4s/ +MPnIwMLvBQJisIy8BQkPEQcZAinBXSAEGQEIAAYFAldwbSMACgkQ/dG4JEcxs2zo +LA/8CdQFyyu9guyRK0ntzvm+wzUhRDrSBh3wdHaQsCVobmSR0xWsfsnaWQNlgyhP +RkFXaOkxN7oOlKXr7nW3RUKvFiNEC3TEKRyE20WtaZsWVvNfxKN0vG5BugfXvW9h +uhVLnzSYrZI2cTGJ/nuaBrSx8xz2c86nPDOqW3aHSrjBs4A09S/sfPRVvwhrBaim +lHzO2J/bOPg3HMUBvDguWjEWWWWKduq1Nq0Wf3radrPzqjAJqWinGqom358bDhoU +XAvtDS8AmgE73haigRDhrlh+IgIXTZGzM6b8uQj+4waV6SFFd6T3sEpYPl+/sqMI +th7EUXZWfOOvafOLuBa87RtWUV5UZjo19P7Y+/40Vql4Ms4l7Xjzx55ekXlPSIER +GHjZ/c/AY8xosK+aAKmzq7iHlgGKiGmyO5i/mZiiT0LASq448obzqIF8+0uRxd/g +jeuSPBi1553ZbIJOelBG4czN4jX1Y6z9sW408JeJFVUCfUoH+YdAojFkq61wRkyA +C0P/+u6FNO+xQFKWgNJv/d5+bZxkeuLHpOOt49uOLmcWrsUwKU/ZGjW7TABlRGSH +MMoSRcL3hGFRc7Qe6RRDAXM1FfJVVXyOZMYaK6o7xDdyKOYU7Tni0PGIsPpXkFGf +HJA55B3LE0jysUQgXgdCf8jbwcCX8oNdZxFIxQbaMPmMgY0JEIs/MPnIwMLvHQMP +/1SavRFz1Sf2SgJCCaGP3tY6NmG4o5U/HIbPDKMxizSKLelI1hjFRDuY7pezJwOz +RjCy1RnQa1qcXp5s4dkXW9DCndFj3Ma4FXeAsajkDoVZwJtaOHrjT2Ep7cm1KIgQ +454RX/BxzYGIZ+PYNY6L/TreDMF+vBGZsJqjn9JrD7KF97sGZOd6hiPMds1O137G +ENPTJtMy+8weRHsBrPLvN+XU51CF+L5PY1ZFl2wpZXXalCjwNN5MhRBQqnqmZsxr +NjHm5XoeUKjgzH4DTPcgGh2Wf9CgTYaWmGqfW8aQlaYQDSDaBwxFp/NnnERjlYeI +Hh+EnaQz/GOP9cFSkFJfZHXeS9zppgFNcoKfLoJSYXIumCk+Hy51AtrNsCy7BN1I +1WSqAmxX8x/2icy8y8C4FkwT0TLNMrzk7QdRlWPU1g0g2x1iIWHWoet0A3REYmSQ +4p+ti2X/cRH4wjo94e5qPxqRASabK+zrm2rfxUEGdiMikJuapUkAn98rC4hoGgJO +dMoO4y6YtVPFk6WdRcn+4G939IRd3lO450OLD/Nu1HRdossyGaVDBftcWJY9GatO +wSvzCW57ARPx96TEyiwzxwzCfjdqAJzUiN8HqkY/ULIKg3pPcSc1y7xTGhgKOmaI +dmDeYrATZwOzla8C37c7HDDUiIgApSbb+yI1l6yFSkGbwsObBBgBCAAmAhsCFiEE +Sx9ADfJWUbU8QUGziz8w+cjAwu8FAl74ptIFCQtNQ68CKcFdIAQZAQgABgUCV3Bt +IwAKCRD90bgkRzGzbOgsD/wJ1AXLK72C7JErSe3O+b7DNSFEOtIGHfB0dpCwJWhu +ZJHTFax+ydpZA2WDKE9GQVdo6TE3ug6UpevudbdFQq8WI0QLdMQpHITbRa1pmxZW +81/Eo3S8bkG6B9e9b2G6FUufNJitkjZxMYn+e5oGtLHzHPZzzqc8M6pbdodKuMGz +gDT1L+x89FW/CGsFqKaUfM7Yn9s4+DccxQG8OC5aMRZZZYp26rU2rRZ/etp2s/Oq +MAmpaKcaqibfnxsOGhRcC+0NLwCaATveFqKBEOGuWH4iAhdNkbMzpvy5CP7jBpXp +IUV3pPewSlg+X7+yowi2HsRRdlZ8469p84u4FrztG1ZRXlRmOjX0/tj7/jRWqXgy +ziXtePPHnl6ReU9IgREYeNn9z8BjzGiwr5oAqbOruIeWAYqIabI7mL+ZmKJPQsBK +rjjyhvOogXz7S5HF3+CN65I8GLXnndlsgk56UEbhzM3iNfVjrP2xbjTwl4kVVQJ9 +Sgf5h0CiMWSrrXBGTIALQ//67oU077FAUpaA0m/93n5tnGR64sek463j244uZxau +xTApT9kaNbtMAGVEZIcwyhJFwveEYVFztB7pFEMBczUV8lVVfI5kxhorqjvEN3Io +5hTtOeLQ8Yiw+leQUZ8ckDnkHcsTSPKxRCBeB0J/yNvBwJfyg11nEUjFBtow+YyB +jQkQiz8w+cjAwu+WTg/+IcA9FSTy7HT5cgcvn3hTudf2a1DlUbK30UdqevMi17zO +sSbSZbo2nXc6kfp9ZJn4QVgF/8t0QDVmHqfTwwAFLz290sTXvKLEJ1Hki1U2OpXl +gfNn0m/9LfOw8VBBxfy8aqONU1zCR3BZf0g8a4dCU0l92qyfmV4pFX4fbmtu/kXN +fVBa5Z0OI/PvLduFxGvUJQ0AlRKP6TgbMOmMtj59aTeq0XL6cdj4FpY6Z3mPC1Yn +FhCVC2CePCSQNedDWX/NEkjUa+3xMaYklTUHj5ngKEJJI+Bslb8sbD85DVn7aI2Z +iuOYMq3FtTcYQo+E7mjCDZF3W76MM62rxOW+7YAfGhCBqL9REP69VDJDoLG1hGMs +amrW3LHps0AjZUrZ8V5N5nZ7B6HvfHiUq0ERiyxsvKGsbCYi1PcuL4fzBj/bLkLG +6HiLhqi9xp7+3vNJM9xrwkSowjQCwPvjFr45EzU8NwuIfhY/PYzjHXy4nGgtrRb0 +RHzVMBryJameOe3Qowyy2htq7dpXQBJD7w3WfHAN5m2u+INR+umsrICJdD0bQibH +/qZG0QQ5IF5P5jdO0rBFbkQpeEeUicnrMRuefMU96B7LckPDWFdBf3UgNUAG6GRT +PJjGsWOZQAYetnKRWix+Bd315qgQ1OSQxcOZiBnE0amRjD1rIHLuVDwd4ctJQW7C +w5sEGAEIACYCGwIWIQRLH0AN8lZRtTxBQbOLPzD5yMDC7wUCXRNa6wUJB4q4yAIp +wV0gBBkBCAAGBQJXcG0jAAoJEP3RuCRHMbNs6CwP/AnUBcsrvYLskStJ7c75vsM1 +IUQ60gYd8HR2kLAlaG5kkdMVrH7J2lkDZYMoT0ZBV2jpMTe6DpSl6+51t0VCrxYj +RAt0xCkchNtFrWmbFlbzX8SjdLxuQboH171vYboVS580mK2SNnExif57mga0sfMc +9nPOpzwzqlt2h0q4wbOANPUv7Hz0Vb8IawWoppR8ztif2zj4NxzFAbw4LloxFlll +inbqtTatFn962naz86owCalopxqqJt+fGw4aFFwL7Q0vAJoBO94WooEQ4a5YfiIC +F02RszOm/LkI/uMGlekhRXek97BKWD5fv7KjCLYexFF2Vnzjr2nzi7gWvO0bVlFe +VGY6NfT+2Pv+NFapeDLOJe1488eeXpF5T0iBERh42f3PwGPMaLCvmgCps6u4h5YB +iohpsjuYv5mYok9CwEquOPKG86iBfPtLkcXf4I3rkjwYteed2WyCTnpQRuHMzeI1 +9WOs/bFuNPCXiRVVAn1KB/mHQKIxZKutcEZMgAtD//ruhTTvsUBSloDSb/3efm2c +ZHrix6TjrePbji5nFq7FMClP2Ro1u0wAZURkhzDKEkXC94RhUXO0HukUQwFzNRXy +VVV8jmTGGiuqO8Q3cijmFO054tDxiLD6V5BRnxyQOeQdyxNI8rFEIF4HQn/I28HA +l/KDXWcRSMUG2jD5jIGNCRCLPzD5yMDC7xpBD/kBrRjaIhYf9sbHKcnJIf8Hjegg +yL+IzCOU9oh9kHLL0I/I6QB76TiLiFB0TJqrZ/hqcxlCwOQdUJugApaLJXqiJdaZ +wdvYCPk6l0QIcUrLSqAFArzmceQWy6sZgVkAMOBDr77ll1R2bHNXuWmxRGDpho+b +RjA9wYr5GrSIPMjjb6iB/ZafNIpol6ImYY7vj0ubr0tHMNNoQSUToGMrlcwL/tOc +OW82jxn1IoOBBeVFCst3TzBgwrEf1zI2W/iN+PJvC0cmwKre0XXKIsy2WZJyt+Tu +75YzBJmChtNTbWsh7lgGzxkicXxX02YmVdgklhPMapsUQTlLGQ6eZP3QAInvndbU +ByOyD0QDMx1MX3Ho6+bgo7w2T9G76QS3QP4vYewc+eejygx6AnVDg+iGFwyasptz +cSM3M4tN6QWkzXJqku7/9Q7GS9eGkCu5ZQyIGR874yAro2hqHDuDy/EZy8t0jxri +qq3WfcddoItTs9UdfEYe9xuxOMb/o5ojC9+LoByrXmWUHz3hzMWpvhci3C0pFFln +un9dfpbzatTO3JqsbIDBtMsyk9AUuHOX3p/9FDsKgTjO+xgBAssa2devVdi0fEZ0 ++aAKhPv2Mw4ZDpC5ETrZtX0rfqjVfYhG8ctdbafPSZSIjZh+QzKqo7Pl8lLXxZfm +3HVO7HeB2pvzvZ7dfcLDmwQYAQgAJgIbAhYhBEsfQA3yVlG1PEFBs4s/MPnIwMLv +BQJbRnB0BQkFqLZRAinBXSAEGQEIAAYFAldwbSMACgkQ/dG4JEcxs2zoLA/8CdQF +yyu9guyRK0ntzvm+wzUhRDrSBh3wdHaQsCVobmSR0xWsfsnaWQNlgyhPRkFXaOkx +N7oOlKXr7nW3RUKvFiNEC3TEKRyE20WtaZsWVvNfxKN0vG5BugfXvW9huhVLnzSY +rZI2cTGJ/nuaBrSx8xz2c86nPDOqW3aHSrjBs4A09S/sfPRVvwhrBaimlHzO2J/b +OPg3HMUBvDguWjEWWWWKduq1Nq0Wf3radrPzqjAJqWinGqom358bDhoUXAvtDS8A +mgE73haigRDhrlh+IgIXTZGzM6b8uQj+4waV6SFFd6T3sEpYPl+/sqMIth7EUXZW +fOOvafOLuBa87RtWUV5UZjo19P7Y+/40Vql4Ms4l7Xjzx55ekXlPSIERGHjZ/c/A +Y8xosK+aAKmzq7iHlgGKiGmyO5i/mZiiT0LASq448obzqIF8+0uRxd/gjeuSPBi1 +553ZbIJOelBG4czN4jX1Y6z9sW408JeJFVUCfUoH+YdAojFkq61wRkyAC0P/+u6F +NO+xQFKWgNJv/d5+bZxkeuLHpOOt49uOLmcWrsUwKU/ZGjW7TABlRGSHMMoSRcL3 +hGFRc7Qe6RRDAXM1FfJVVXyOZMYaK6o7xDdyKOYU7Tni0PGIsPpXkFGfHJA55B3L +E0jysUQgXgdCf8jbwcCX8oNdZxFIxQbaMPmMgY0JEIs/MPnIwMLvEEgQAI/RLP+a +x1JOTt+zZ8k11ToB3MVnUdLh3VIyvPJVh5PtWtjz627ISHNW/PmZcBr4/AhGprV6 +46a5nwzsTBz/cBrpxXYqUhhr2DD65A2y0xiqpBAxZdLUIzcFLF7Kc+A4dyYhWFCN +fW1Nv/33uKKeIpryZ5mt0t59jYWWmBfOTamYA3OjKaOpCw7AbK9q32oQcpbzdslY +tBnS8tcV5UPwCrqpWLP7GUVmCzrwEVEIogFB1VjB230jx/ZX/WyOlQtblWti4m7Y +gRsMNEeVS4PenGs2z4hEaz3FJAeeixCBvBlql+DADt6r0RuUdChfLmHZWvFUygsR +jwIRczaBrvKwdMTJBX7OJFGqNq47OhrJtjfx/Kot/KUnA5NB8ZyseHmhWYZeC14F +H4oKN5eSsCfWjf7nRN0jTPRReUwkbvcS9SDuIRW8C0xhTN6k9XMyB1c18eVdQYA+ +8nI5sr7AUjdnK6QGJYcxRwZLQ08pjJBnOUsl6Hz/6TMK3LoDPwiw7aWoLXC+ffol +lOZgpqHo0VpmGqrMcc6mYzuPMc97/8Y8Jj3Hue9/mf+wLJFAdxWh6iv6OQ9/BJqi +nqSV1DehO0iJq9vh65AX+HLhai+ZHnxGXXLa8YJPun3oVPpAh46O+CV/eIz4unxj ++QlwDbEhfvQ3FHHD4yH8vpNvsfsvq8XubJ5lwsOEBBgBCAAPBQJXcG0jAhsCBQkD +x60AAikJEIs/MPnIwMLvwV0gBBkBCAAGBQJXcG0jAAoJEP3RuCRHMbNs6CwP/AnU +BcsrvYLskStJ7c75vsM1IUQ60gYd8HR2kLAlaG5kkdMVrH7J2lkDZYMoT0ZBV2jp +MTe6DpSl6+51t0VCrxYjRAt0xCkchNtFrWmbFlbzX8SjdLxuQboH171vYboVS580 +mK2SNnExif57mga0sfMc9nPOpzwzqlt2h0q4wbOANPUv7Hz0Vb8IawWoppR8ztif +2zj4NxzFAbw4LloxFlllinbqtTatFn962naz86owCalopxqqJt+fGw4aFFwL7Q0v +AJoBO94WooEQ4a5YfiICF02RszOm/LkI/uMGlekhRXek97BKWD5fv7KjCLYexFF2 +Vnzjr2nzi7gWvO0bVlFeVGY6NfT+2Pv+NFapeDLOJe1488eeXpF5T0iBERh42f3P +wGPMaLCvmgCps6u4h5YBiohpsjuYv5mYok9CwEquOPKG86iBfPtLkcXf4I3rkjwY +teed2WyCTnpQRuHMzeI19WOs/bFuNPCXiRVVAn1KB/mHQKIxZKutcEZMgAtD//ru +hTTvsUBSloDSb/3efm2cZHrix6TjrePbji5nFq7FMClP2Ro1u0wAZURkhzDKEkXC +94RhUXO0HukUQwFzNRXyVVV8jmTGGiuqO8Q3cijmFO054tDxiLD6V5BRnxyQOeQd +yxNI8rFEIF4HQn/I28HAl/KDXWcRSMUG2jD5jIGNNLMQAMOru/lvoeGdyCwmHVl7 +wozzlB6oy0bDDcYV2RF4aelfZA9kgmMotnjhdSGWO7JrEZXfz8jb8mFgaWsL7h6V +YnSGxn9MhhXZSklLkoeL9QWV2NcN0e6U3Zzh9ifbLx81ZzK86QuR+WcvhjS4AOFy +wy5XsD0Jptv5Sehw2ZvegLuY18G5/KPqJOeowLwY6sU/uZDDLuKmsoyFoTf5ooev +5VkJ/pUQ5Ini3TQHBKP3sqZeHvrp8KyTj6HhiqsS4377f38VrIxzemOfshxO3//F +54N8OF6maFw6EghWtfovS/RvQ7RfuauMREFvNtu/d9CduF9+nj+Z0HCOThRd5tII +wQMavEfSaUlXRstuJD/LhKEqA1avMUW5hqOLZLPfS0D3BJ7T6Y1k8ojlbLtRHS/1 +747QT4Um/Onwsj/97TEYNQyHRdo4GsIuTg6QfkJR6HEQUDHtFijpe6JrHiek0bwv +0lqzW0T9DopUGtOmPkr7L8LP+MXfbxP9niPmnCWil0hHqUmPErEGAVdWThBcQ231 +t0n1wsGbA40sCV79QbQ8h3DfVtwkTSq/lFsT7n10+HcCkNUYfPJQDwVHjWioOYJy +wG8gDo80MTHPX3mp5JCJJLfVV6B5yT/yskJba2+X79BxLx3vUO9wPWgMqZW3EGY6 +5+l1xaDgR4MfKNAIakNFiB2+zsFNBFdt07cBEADDWvc1A07fW09p42vorKLvvQyW +WUFZeOi8djMu/NBVaFlshY3er19OE5cmy4ZQ9544OD0AKO8UPdPQUUqisQpHW8KC +Xx2DQtRSHznVfvXGsMmiJecQXPwew9PtjXc0XO91tLLYpDXZ5EtZS+Kw9U47FDIf +/K6IlMzcHFPLSLpbsNlPo4qmzydkCy90qeLiHLBm+I+yn/c1LT1cPSblLHARZETR +a+FPBFozOM1wZtYxUQhmfxCOm9iPFuU4ytkZiV0dYMK/H+oEiaooq4ygKsauJHO6 +bjhZZEVwJJ7ufe2k9XjQaUD6jF9CvUv75z0lKo1mC2UOPmI12GU6YNfLZKMRsg59 +4xrhZb/jZ3C9r90ijHo5jeE8m/tfOBqnA2eU/dV1l41dhc+1IBbaKiz7URuREDwD +JRKLbShzWjoBLHccvAn/BtROfAVaVbTxmNanWA+eQIzmgRq3WA81tollnGka/JzC +aerq/Yc6yLm2EsEbyShx+ZO/3vjCyaKGZCReyEML280JOyYKdw3CuAC1xyXaazR5 +dQTgfi+b8wlwC/ueOMMDIKbQoxLqywtauCtwoN7t+hFUU6pJlAE3coZduHKB7wvJ +MB1EDEDlE0BItOk2Tmy3oNkDD5DBuVG9wbvuwJcu1EAKWCu0i5mps8PX6BuISq0N +zeGBud6FCjkYMcrfZQARAQABwsFfBBgBCAAJBQJXbdO3AhsMAAoJEIs/MPnIwMLv +BTsP/ix8mwYnBrkJb5ESCAAWvWM/xqC98OxsxMc253VlsPcIGONGcJXwroDgx3kW +RL0ov2Kvj1d1EyViZr8YdzeGKXEBNVumgWk9yC09OhzUILn3NwhbPXj0Gc0UyKOA +tdxaYVfuAIYE58gCnLkTcHW/0BsH9bFBC4Pdj7gRLW/batV50XbJ6Z3B0Lo+vszr +zXHlz8ah7cOA3Dc2dws9q57AIylHeEnv4edzGQocJKdePPe1yGwE20xrjeovQ37X +s8N5LmL6Zt4dUJ1wDSh0M6/GFuadkh058R2LvIV/gaisgaJXYVVnAila4Q0B+kq2 +YuAdtv5szrEChXwn6XSVAIT7xb6tJhGo3/kcaPf8HKt7xBj55yc1fHsREQn41vXA +4v/uwb256SHYpGSYS1xqvPzV4vCvtlcC1FuR87klV0nu96rllfTlzKTZ4dBohrEe +Q0/AUIFfC0zufQl32OGWFiHT+QpR9X2HoXPyP/GQjP0FfBraLfxFsU8t3cQgUj9m +eCHWmah+WglIqfdOi1rY6HafWArf3/acio7gNYaCmhyGn/C/DNqgxROTqCw3KwIf +ZvkK1UEZrRR2jBXHo/OUi50MPNz1LDAR9JnQ1GIjWkZ1okLNfyNYiSjreqdP9ozR +8ewmsaBKF6s57vaP123K/tkoOg+vl2pj05huvOzsO9dNYXad +=oPon +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts/fetch-salt-from-emacs.sh b/scripts/fetch-salt-from-emacs.sh new file mode 100644 index 0000000..9e64de8 --- /dev/null +++ b/scripts/fetch-salt-from-emacs.sh @@ -0,0 +1,13 @@ +#!/usr/bin/bash +if [ "$EUID" -ne 0 ] + then echo "Please run as root" + exit +fi +qvm-run emacs-salt 'mv /home/user/Documents/salt-repo/.git /tmp/salt.git' +qvm-run emacs-salt 'cd /home/user/Documents && tar -cf /tmp/salt.tar salt-repo' +qvm-run emacs-salt 'mv /tmp/salt.git /home/user/Documents/salt-repo/.git' +qvm-run --pass-io emacs-salt 'cat /tmp/salt.tar' > /tmp/salt.tar && qvm-run emacs-salt 'rm /tmp/salt.tar' +rm -fr /root/user_salt.bak +mv /srv/user_salt /root/user_salt.bak +cd /tmp && tar -xf /tmp/salt.tar +mv /tmp/salt-repo /srv/user_salt diff --git a/scripts/push-salt-to-emacs.sh b/scripts/push-salt-to-emacs.sh new file mode 100755 index 0000000..c9e6bba --- /dev/null +++ b/scripts/push-salt-to-emacs.sh @@ -0,0 +1,11 @@ +#!/usr/bin/bash +if [ "$EUID" -ne 0 ] + then echo "Please run as root" + exit +fi +qvm-copy-to-vm emacs-salt /srv/user_salt +qvm-run emacs-salt 'mv /home/user/Documents/salt-repo/.git /tmp/salt.git' +qvm-run emacs-salt 'rm -fr /home/user/Documents/salt-repo/*' +qvm-run emacs-salt 'mv /tmp/salt.git /home/user/Documents/salt-repo/.git' +qvm-run emacs-salt 'mv /home/user/QubesIncoming/dom0/user_salt/* /home/user/Documents/salt-repo/' +qvm-run emacs-salt 'rm -fr /home/user/QubesIncoming/dom0/user_salt' diff --git a/scripts/qubes-i3-sensible-terminal b/scripts/qubes-i3-sensible-terminal new file mode 100644 index 0000000..5311dc1 --- /dev/null +++ b/scripts/qubes-i3-sensible-terminal @@ -0,0 +1,35 @@ +#!/usr/bin/bash +# Slightly modified from original to prioritize xfce4-terminal and st + +run_terminal=' +for t in "$TERMINAL" xfce4-terminal st x-terminal-emulator urxvt rxvt termit terminator Eterm aterm gnome-terminal konsole roxterm termite lxterminal mate-terminal terminology xterm; do + command -v "$t" > /dev/null 2>&1 && exec "$t"; +done +' + +get_id() { + local id=$(xprop -root _NET_ACTIVE_WINDOW) + echo ${id##* } # extract id +} + +get_vm() { + local id=$(get_id) + local vm=$(xprop -id $id | grep '_QUBES_VMNAME(STRING)') + local vm=${vm#*\"} # extract vmname + echo ${vm%\"*} # extract vmname +} + +main() { + local vm=$(get_vm) + if [[ -n "$vm" ]]; then + if command -v qrexec-client >/dev/null; then + qrexec-client -e -d "$vm" DEFAULT:"bash -c '$run_terminal'" + else + qvm-run "$vm" qvm-run "$vm" "bash -c '$run_terminal'" + fi + else # run terminal in dom0 + exec bash -c "$run_terminal" + fi +} + +main diff --git a/ssh/create-ssh-qube.top b/ssh/create-ssh-qube.top new file mode 100644 index 0000000..9672258 --- /dev/null +++ b/ssh/create-ssh-qube.top @@ -0,0 +1,6 @@ +user: + dom0: + - ssh.qvm-app + - ssh.qvm-tmpl + tmpl-ssh: + - ssh.tmpl-pkgs diff --git a/ssh/qvm-app.sls b/ssh/qvm-app.sls new file mode 100644 index 0000000..aa5430f --- /dev/null +++ b/ssh/qvm-app.sls @@ -0,0 +1,11 @@ +ssh--create-app-qube: + qvm.vm: + - name: ssh-vps + - present: + - template: tmpl-ssh + - label: blue + - features: + - set: + - menu-items: + - require: + - qvm: ssh--create-template diff --git a/ssh/qvm-tmpl.sls b/ssh/qvm-tmpl.sls new file mode 100644 index 0000000..ca88c47 --- /dev/null +++ b/ssh/qvm-tmpl.sls @@ -0,0 +1,5 @@ +ssh--create-template: + qvm.clone: + - name: tmpl-ssh + - source: debian-12-minimal + diff --git a/ssh/tmpl-pkgs.sls b/ssh/tmpl-pkgs.sls new file mode 100644 index 0000000..35aeca8 --- /dev/null +++ b/ssh/tmpl-pkgs.sls @@ -0,0 +1,10 @@ +ssh--install-apps: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-mgmt-salt-vm-connector + - qubes-core-agent-networking + - qubes-gpg-split + - qubes-menus + - xfce4-terminal + - ssh @@ -0,0 +1,19 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : +# +# 1) Intial Setup: sync any modules, etc +# --> qubesctl saltutil.sync_all +# +# 2) Initial Key Import: +# --> qubesctl state.sls salt.gnupg +# +# 3) Highstate will execute all states +# --> qubesctl state.highstate +# +# 4) Highstate test mode only. Note note all states seem to conform to test +# mode and may apply state anyway. Needs more testing to confirm or not! +# --> qubesctl state.highstate test=True + +# === User Defined Salt States ================================================ +user: + dom0: + - install-templates diff --git a/torrenting/create-torrenting-qubes.top b/torrenting/create-torrenting-qubes.top new file mode 100644 index 0000000..d9704d5 --- /dev/null +++ b/torrenting/create-torrenting-qubes.top @@ -0,0 +1,6 @@ +user: + dom0: + - torrenting.qvm-app + - torrenting.qvm-tmpl + tmpl-torrenting: + - torrenting.tmpl-pkgs diff --git a/torrenting/qvm-app.sls b/torrenting/qvm-app.sls new file mode 100644 index 0000000..d4b9da1 --- /dev/null +++ b/torrenting/qvm-app.sls @@ -0,0 +1,15 @@ +torrenting--create-app-qube: + qvm.vm: + - name: bitz + - present: + - template: tmpl-torrenting + - label: red + - prefs: + - label: red + - netvm: sys-mullvad + - features: + - set: + - menu-items: org.qbittorrent.qBittorrent.desktop thunar.desktop xfce4-terminal.desktop + - require: + - qvm: torrenting--create-template + diff --git a/torrenting/qvm-tmpl.sls b/torrenting/qvm-tmpl.sls new file mode 100644 index 0000000..b521c3a --- /dev/null +++ b/torrenting/qvm-tmpl.sls @@ -0,0 +1,5 @@ +torrenting--create-template: + qvm.clone: + - name: tmpl-torrenting + - source: debian-12-minimal + diff --git a/torrenting/tmpl-pkgs.sls b/torrenting/tmpl-pkgs.sls new file mode 100644 index 0000000..d6aadaf --- /dev/null +++ b/torrenting/tmpl-pkgs.sls @@ -0,0 +1,9 @@ +torrenting--install-apps: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-core-agent-networking + - qubes-core-agent-thunar + - qubes-mgmt-salt-vm-connector + - qbittorrent + diff --git a/web/create-web-qubes.top b/web/create-web-qubes.top new file mode 100644 index 0000000..445ebc1 --- /dev/null +++ b/web/create-web-qubes.top @@ -0,0 +1,6 @@ +user: + dom0: + - web.qvm-app + - web.qvm-tmpl + tmpl-web: + - web.tmpl-pkgs diff --git a/web/qvm-app.sls b/web/qvm-app.sls new file mode 100644 index 0000000..75a7f02 --- /dev/null +++ b/web/qvm-app.sls @@ -0,0 +1,70 @@ +web--create-browsing-qube: + qvm.vm: + - name: browsing-dvm + - present: + - template: tmpl-web + - label: yellow + - prefs: + - netvm: sys-mullvad + - template_for_dispvms: True + - features: + - set: + - menu-items: librewolf.desktop xfce4-terminal.desktop thunar.desktop + - require: + - qvm: web--create-template + +browsing-features_dvm: + qvm.features: + - name: browsing-dvm + - disable: + - service.cups + - service.cups-browsed + - service.tinyproxy + - set: + - menu-items: "librewolf.desktop xfce4-terminal.desktop thunar.desktop" + - appmenus-dispvm: True + +web--create-banking-qube: + qvm.vm: + - name: web-banking + - present: + - template: tmpl-web + - label: blue + - prefs: + - label: blue + - netvm: sys-mullvad + - features: + - set: + - menu-items: librewolf.desktop xfce4-terminal.desktop thunar.desktop + - require: + - qvm: web--create-template + +web--create-work-qube: + qvm.vm: + - name: web-work + - present: + - template: tmpl-web + - label: blue + - prefs: + - label: blue + - netvm: sys-mullvad + - features: + - set: + - menu-items: librewolf.desktop xfce4-terminal.desktop thunar.desktop + - require: + - qvm: web--create-template + +web--create-shopping-qube: + qvm.vm: + - name: web-shopping + - present: + - template: tmpl-web + - label: blue + - prefs: + - label: blue + - netvm: sys-mullvad + - features: + - set: + - menu-items: librewolf.desktop xfce4-terminal.desktop thunar.desktop + - require: + - qvm: web--create-template diff --git a/web/qvm-tmpl.sls b/web/qvm-tmpl.sls new file mode 100644 index 0000000..1a06153 --- /dev/null +++ b/web/qvm-tmpl.sls @@ -0,0 +1,4 @@ +web--create-template: + qvm.clone: + - name: tmpl-web + - source: debian-12-minimal diff --git a/web/tmpl-pkgs.sls b/web/tmpl-pkgs.sls new file mode 100644 index 0000000..f02112a --- /dev/null +++ b/web/tmpl-pkgs.sls @@ -0,0 +1,30 @@ +web--tmpl-pkgs: + pkg.installed: + - pkgs: + - qubes-core-agent-passwordless-root + - qubes-mgmt-salt-vm-connector + - qubes-core-agent-networking + - qubes-core-agent-thunar + - pulseaudio-qubes + +{% if grains['os_family']|lower == 'debian' %} + +extrepo: + pkg.installed + +'http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf': + cmd.run + +{% else %} + +'dnf config-manager --add-repo https://rpm.librewolf.net/librewolf-repo.repo': + cmd.run + +{% endif %} + +librewolf-updated: + pkg.uptodate: + - refresh: True + +librewolf: + pkg.installed diff --git a/wm/wm-setup.sls b/wm/wm-setup.sls new file mode 100644 index 0000000..e4864f5 --- /dev/null +++ b/wm/wm-setup.sls @@ -0,0 +1,81 @@ +# Set user_name to your username in dom0 +{% set user_name = 'skylar' %} + +wm--install-wm-pkgs: + pkg.installed: + - pkgs: + - i3 + - i3-settings-qubes + - nitrogen + - arandr + - rofi + - zenity + - dunst + +'mkdir /home/{{ user_name }}/.config/i3': + cmd.run: + - creates: /home/{{ user_name }}/.config/i3/ +/home/{{ user_name }}/.config/i3/config: + file.managed: + - source: salt://dots/i3-config + - user: root + - group: root + - mode: 777 + +'sudo mv /usr/bin/qubes-i3-sensible-terminal /usr/bin/qubes-i3-sensible-terminal-default': + cmd.run: + - creates: /usr/bin/qubes-i3-sensible-terminal-default +/usr/bin/qubes-i3-sensible-terminal: + file.managed: + - source: salt://scripts/qubes-i3-sensible-terminal + - user: root + - group: root + - mode: 777 + +'mkdir /home/{{ user_name }}/.screenlayout': + cmd.run: + - creates: /home/{{ user_name }}/.config/i3/ +/home/{{ user_name }}/.screenlayout/home.sh: + file.managed: + - source: salt://dots/default-screenlayout.sh + - user: root + - user: root + - mode: 777 + +'mkdir /home/{{ user_name }}/.config/nitrogen': + cmd.run: + - creates: /home/{{ user_name }}/.config/i3/ +/home/{{ user_name }}/.config/nitrogen/bg-saved.cfg: + file.managed: + - source: salt://dots/nitrogen/bg-saved.cfg + - user: root + - group: root + - mode: 777 + +/home/{{ user_name }}/Pictures/wallpaper.png: + file.managed: + - source: salt://dots/nitrogen/wallpaper.png + +/etc/X11/xorg.conf.d/90-touchpad.conf: + file.managed: + - source: salt://dots/90-touchpad.conf + - user: root + - group: root + - mode: 777 + +'sudo mv /usr/bin/dmenu /usr/bin/dmenu-unlinked': + cmd.run: + - creates: /usr/bin/dmenu-unlinked +'sudo ln -s /usr/bin/rofi /usr/bin/dmenu': + cmd.run: + - creates: /usr/bin/dmenu +'mkdir /home/{{ user_name }}/.config/rofi': + cmd.run: + - creates: /home/{{ user_name }}/.config/rofi/ +/home/{{ user_name }}/.config/rofi/config.rasi: + file.managed: + - source: salt://dots/rofi-config.rasi + - user: root + - group: root + - mode: 777 + diff --git a/wm/wm-setup.top b/wm/wm-setup.top new file mode 100644 index 0000000..ade0aa7 --- /dev/null +++ b/wm/wm-setup.top @@ -0,0 +1,3 @@ +user: + dom0: + - wm.wm-setup |
