commit a1522f978419b7013afe996fb6afea547e640b3d Author: Mike Gerwitz Date: Mon Sep 9 00:10:05 2013 -0400 Initial commit of many files; many more to come diff --git a/.Xresources b/.Xresources new file mode 100644 index 0000000..5f8252c --- /dev/null +++ b/.Xresources @@ -0,0 +1,49 @@ +! urxvt configuration + +! font +urxvt.font: xft:Monospace:pixelsize=10:antialias=true:hinting=true +urxvt.boldFont: xft:Monospace:pixelsize=10:bold:antialias=true:hinting=true +urxvt.letterSpace: -1.5 +urxvt.lineSpace: -2 + +! misc +urxvt.scrollBar: false +urxvt.visualBell: true +urxvt.modifier: alt + + +!!! colors (based on Tango Icon Theme color scheme) +*background: Black +*foreground: #babdb6 + +! black +*color0: #2e3436 +*color8: #555753 + +! red +*color1: #a40000 +*color9: #cc0000 + +! green +*color2: #4e9a06 +*color10: #73d216 + +! yellow +*color3: #c4a000 +*color11: #edd400 + +! blue +*color4: #3465a4 +*color12: #729fcf + +! magenta +*color5: #75507b +*color13: #ad7fa8 + +! cyan +*color6: turquoise4 +*color14: cyan3 + +! white +*color7: #babdb6 +*color15: #d3d7cf diff --git a/.gvimrc b/.gvimrc new file mode 100644 index 0000000..df9f8ee --- /dev/null +++ b/.gvimrc @@ -0,0 +1,35 @@ +" vi: set tw=0 +" +" Mike Gerwitz's personal gvim configuration +" +" Copyright (C) 2013 Mike Gerwitz +" +" This program is free software: you can redistribute it and/or modify +" it under the terms of the GNU General Public License as published by +" the Free Software Foundation, either version 3 of the License, or +" (at your option) any later version. +" +" This program is distributed in the hope that it will be useful, +" but WITHOUT ANY WARRANTY; without even the implied warranty of +" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +" GNU General Public License for more details. +" +" You should have received a copy of the GNU General Public License +" along with this program. If not, see . +" +" Most configuration options are within ~/.vimrc---these are only the +" options that apply to the GTK+ software gvim. +" " + +set guifont=Droid\ Sans\ Mono\ 8 + +" remove all those annoying GUI options that take up space +set guioptions= + +" I do not prefer slate on a terminal, so this is set only for gvim +color slatemg + +" There is rarely a time where I use gvim and do not want to strip trailing +" whitespace or retab. If I do not want this, I do not use gvim. +autocmd BufWrite * :silent! :%s:\(\S\+\)\?\s\+$:\1:g +autocmd BufWrite * silent :retab diff --git a/.screen/cpufan b/.screen/cpufan new file mode 100755 index 0000000..65d85e3 --- /dev/null +++ b/.screen/cpufan @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Display speed of CPU fan +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Why? Primarily for tweaking BIOS configuration for fan speed to quiet a +# noisy fan or to see the fan speed when logging in remotely so as not to +# annoy people who may be physically present and wonder why the PC is +# preparing for takeoff. +# +# One day, fans will not exist within most home PCs. +## + +sensors | grep fan1 | awk '{print "\005{+ .y}", $2, "rpm\005{-}"}' diff --git a/.screen/getip b/.screen/getip new file mode 100755 index 0000000..00a7a9a --- /dev/null +++ b/.screen/getip @@ -0,0 +1,25 @@ +#!/bin/sh +# +# Displays first match of non-localhost IP +# +# Copyright (C) 2011 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +## + +# display first non-localhost IP +ifconfig \ + | grep -m1 -oP 'inet addr:[^ ]+(?. +# +# This utility uses fetchmail in order to check for new messages. Please +# configure your ~/.fetchmailrc file appropriately. +## + +uptime \ + | grep -o 'average:.*' \ + | cut -d' ' -f2 \ + | sed 's/,$//' \ + | awk '{print "\005{+ .y}", $1, "\005{-}"}' + diff --git a/.screen/mail b/.screen/mail new file mode 100755 index 0000000..3ace8ff --- /dev/null +++ b/.screen/mail @@ -0,0 +1,70 @@ +#!/bin/sh +# +# Unread E-mail screen status indicator +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Unread e-mails will be displayed in the following format: +# [X X X unread!X] +# +# This utility uses fetchmail in order to check for new messages. Please +# configure your ~/.fetchmailrc file appropriately. +## + +pidfile=~/.screen/.mail.pid +curpid="$( cat "$pidfile" )" + +# kill any existing instances and replace (to ensure that code changes take +# effect) +[ "$curpid" ] && kill "$curpid" +echo "$$" > "$pidfile" + +# this will be displayed until the first time the mail is received +echo "\005{+ mw}(...)\005{-}" + +# continue looping while parent (screen) process is still running +parent="$PPID" +while [ "$( ps | grep $parent)" ]; do + fetchmail -t1 -c 2>/dev/null \ + | sed 's/^\([0-9]\+\).*(\([0-9]\+\) seen).*$/\1 \2/' \ + | awk ' + BEGIN { + count=0 + total=0 + printf "%s", "\005{+ mw}[\005{+b}" + } + { + total += total + ( $1 - $2 ) + count += $1 + printf "%d ", total + } + END { + printf "%s", "\005{-}unread]\005{-}" + + if ( count > 100 ) + printf "%s%d%s", "\005{+ my}!", count, "\005{-}" + + printf "\n" + + if ( total > 0 ) + print "mail" > "/tmp/.keyind" + else + print "" > "/tmp/.keyind" + }' + + sleep 30 +done + diff --git a/.screen/secstat b/.screen/secstat new file mode 100755 index 0000000..3e1eb7a --- /dev/null +++ b/.screen/secstat @@ -0,0 +1,30 @@ +#!/bin/sh +# +# Indicator for status of encrypted directory mount +# +# Copyright (C) 2012 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# The rationale behind this color scheme is that the system is unlikely to +# function properly (for standard use) if the directory is not mounted. For +# example, I symlink ~/.mozilla into this directory so that my sync'd +# data---containing browsing habits and years worth of bookmarks---is not +# available when I am not physically present at the PC. +## + +color=r +[ -f ~/.enc/.available ] && color=m + +echo -n "\005{+ ."$color"}*\005{-}" diff --git a/.screen/ssh-agent-key b/.screen/ssh-agent-key new file mode 100755 index 0000000..abe28e6 --- /dev/null +++ b/.screen/ssh-agent-key @@ -0,0 +1,38 @@ +#!/bin/sh +# +# SSH key indicator for ssh-agent +# +# Copyright (C) 2012 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# The rationale behind the coloring is simply that, without the key in the +# agent, I will be prompted for passwords for (depending on location) +# numerous boxes---a frustrating task. However, the reverse coloring would +# be equally applicable---remote systems are more vulnerable if someone has +# access to your agent. I take precautions to make the latter incredibly +# difficult. +## + +. ~/.ssh/.agent +keys="$( ssh-add -L | grep ^ssh | wc -l )" + +# green if keys exist in agent, otherwise yellow +color=g +[ "$keys" -eq 0 ] && color=y + +# red if agent is not started +[ -z "$SSH_AGENT_PID" ] && color=r + +echo -n "\005{+ ."$color"}*\005{-}" diff --git a/.screen/weather b/.screen/weather new file mode 100755 index 0000000..0d6cad4 --- /dev/null +++ b/.screen/weather @@ -0,0 +1,79 @@ +#!/bin/bash +# +# Retrieves and formats current weather +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# In order to prevent the screen session from hanging due to network latency +# or a slow weather server, it is highly recommended that a cron job or some +# other task be used to populate /tmp/.weather with the output of the +# weather command. Should a file be empty or non-existant, the script will +# fall back to querying realtime. +## + +export -n HTTP_PROXY http_proxy + +# fall back to realtime weather data if no cache is available +wdata=/tmp/.weather +data="$( + if [ -s "$wdata" ]; then + cat /tmp/.weather + else + weather -i "${WEATHER_METAR:-kbuf}" + fi \ + | sed 's/^ \+//g' +)" + +weather_temp="$( echo "$data" \ + | grep ^Temp \ +)" +weather_f="$( echo "$weather_temp" \ + | grep -oP '[0-9\.-]+ F' \ + | cut -d' ' -f1 \ +)" +weather_c="$( echo "$weather_temp" \ + | grep -oP '[0-9\.-]+ C' \ + | cut -d' ' -f1 \ +)" +wind="$( grep -o '[0-9]\+ MPH' <<< "$data" \ + | tr '\n' '-' \ + | sed 's/-$//;s/ \?MPH-/-/' \ +)" + +# remove decimal +chk="$( echo "$weather_f" | cut -d. -f1 )" + +# determine color based on temperature +color='.' +if [ $chk -gt 89 ]; then + color=r +elif [ $chk -gt 69 ]; then + color=y +elif [ $chk -gt 39 ]; then + color=d +elif [ $chk -gt 9 ]; then + color=b +else + color=m # purple with my color scheme +fi + +# if it's sunny, make the status brighter +echo "$data" | grep -qP 'sunny|(mostly )?clear|partly cloudy' && { + color=$( echo $color | tr '[:lower:]' '[:upper:]' ) +} + +echo -e "\005{+ .$color}${weather_f}F/${weather_c}C $wind\005{-}" + diff --git a/.screen/wireless-signal b/.screen/wireless-signal new file mode 100755 index 0000000..bf978e6 --- /dev/null +++ b/.screen/wireless-signal @@ -0,0 +1,43 @@ +#!/bin/sh +# +# Displays wireless signal strength for the given interface +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +## + +iface="$1" + +iwconfig "$iface" \ + | grep -o 'Link Quality=[^ ]\+' \ + | cut -d'=' -f2 \ + | awk -F/ ' + { + quality = ($1 / $2 * 100); + color = "."; + + if ( quality >= 75 ) + color = "g"; + else if ( quality >= 50 ) + color = "y"; + else if ( quality < 25 ) + { + color = "r"; + } + + printf "\005{+ .m}%s:\005{-}\005{+ .%c}%d%%\005{-}", \ + "'$1'", color, quality; + } + ' diff --git a/.screenrc b/.screenrc new file mode 100644 index 0000000..a73e84d --- /dev/null +++ b/.screenrc @@ -0,0 +1,63 @@ +# personal screenrc - mikegerwitz +# +# This configuration file is provided in the hope that it will be helpful in +# configuring your own software, but WITHOUT ANY WARRANTY. Please be mindful of +# what is executing on your system. + +# +# backtick commands +# +backtick 1 1 1 date '+%Y-%m-%d %H:%M:%S' +backtick 2 303 303 .screen/getip +backtick 3 999999 999999 whoami + +backtick 50 59 59 .screen/ssh-agent-key +backtick 51 59 59 .screen/secstat + +backtick 100 3 3 .screen/load-avg +backtick 101 0 0 .screen/mail +backtick 102 287 287 .screen/weather + + +# +# vim-style keybindings +# +bind j focus down +bind k focus up +bindkey ^b mapnotnext +bindkey -k k2 screen htop +bindkey -k k3 screen $EDITOR +bindkey -k k4 screen mutt + +# +# general options +# +startup_message off +compacthist off +altscreen on +fit + +attrcolor b ".i" +termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm' +defbce "on" + +# memory is cheap +defscrollback 10000 + + +# +# status lines +# +hardstatus alwayslastline +caption always "%{= kw}%-Lw%{=r}%n*%f %t%{-}%+Lw %= %{+b}%3`@%H %2`%{-}%{-}" +hardstatus string "%{= kw}%{+b}Happy Hacking%{-}%50`%51` %= %101` %100` %102` %1`%{-}" +sorendition "= kW" + + +# +# source any local configs at the end of all this so that the settings in there +# will override the settings here (this is needed, for example, because I have +# certain status indicators that I may use at work that differ from my personal +# PC) +# +source .screenrc-local diff --git a/.vimrc b/.vimrc new file mode 100644 index 0000000..df6c600 --- /dev/null +++ b/.vimrc @@ -0,0 +1,201 @@ +" vi: set tw=0 +" +" Mike Gerwitz's personal vim configuration +" +" Copyright (C) 2013 Mike Gerwitz +" +" This program is free software: you can redistribute it and/or modify +" it under the terms of the GNU General Public License as published by +" the Free Software Foundation, either version 3 of the License, or +" (at your option) any later version. +" +" This program is distributed in the hope that it will be useful, +" but WITHOUT ANY WARRANTY; without even the implied warranty of +" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +" GNU General Public License for more details. +" +" You should have received a copy of the GNU General Public License +" along with this program. If not, see . +" +" Refactoring needed. +" " + +" pathogen +call pathogen#runtime_append_all_bundles() + +" general configuration options +set ai +set autochdir +set backspace=indent,eol,start +set backupdir=~/.vim-tmp,~/.tmp,~/tmp,/var/tmp,/tmp +set directory=~/.vim-tmp,~/.tmp,~/tmp,/var/tmp,/tmp +set et +set exrc +set fdm=marker +set history=9000 +set hlsearch +set incsearch +set number +set ruler +set sessionoptions=curdir,folds,globals,help,localoptions,options,resize,tabpages,winpos,winsize +set scrolloff=4 +set spelllang=en_us +set spellfile=~/.vim/spellfile/common.add,~/.vim/spellfile/dev.add +set sw=4 +set t_Co=256 +set title +set ts=4 +set tw=80 +set undolevels=3000 +set updatecount=50 +set visualbell +syn on + +" BASH-like tab completion +set wildmenu +set winminheight=0 +set wildmode=longest,list,full + +" enable filetype plugins +filetype on +filetype plugin on + +" show whitespace characters +set list listchars=tab:>-,trail:•,precedes:• + +" printing +set printfont=:h8 +set printoptions=paper:letter,number:y,syntax:y,left:15pc +nmap ps :set printoptions+=duplex:short +nmap pS :set printoptions-=duplex:short + +" closetag.vim +let b:unaryTagsStack='' +au FileType html,xml,xslt,xsd source ~/.vim/plugin/closetag.vim + +" abbreviations +iab __NAME Mike Gerwitz +iab __UN mikegerwitz +iab __EMAIL mike@mikegerwitz.com + +" save a generic session in case of an oopsie +au BufWrite * silent :call WriteSessAuto() +au BufWrite * silent :call WriteSessAuto() + +function! WriteSessAuto() + " one capital letter for the Sessname global so that we can store it in the + " session file + let filename = '~/.vimsess-' . + \ ( !exists( 'g:Sessname' ) || ( empty( g:Sessname ) ) + \ ? 'autosave' : (g:Sessname) + \ ) + + exec 'mksession! ' . filename +endfunction + +" custom statusline +set statusline=%<%f\ %h%m%r%=[%n]\ \%-14.([%b:%B]\ \ %l,%c%V%)\ %P + +" make the C-e and C-y mappings less painful +nnoremap 3 +nnoremap 3 +" +" redraw +nmap R :redraw! + +" nohlsearch shortcut +nmap h :silent :nohlsearch + +" for MultipleSearch +let g:MultipleSearchMaxColors = 10 + +" toggle cursorline/cursorcolumn +nmap c :set cursorline! cursorcolumn! +nmap C :set cursorcolumn! + +" omnicomplete +set ofu=syntaxcomplete#Complete +autocmd FileType python set omnifunc=pythoncomplete#Complete +autocmd FileType javascript set omnifunc=javascriptcomplete#CompleteJS +autocmd FileType html set omnifunc=htmlcomplete#CompleteTags +autocmd FileType css set omnifunc=csscomplete#CompleteCSS +autocmd FileType xml,xsd,xslt set omnifunc=xmlcomplete#CompleteTags +autocmd FileType php set omnifunc=phpcomplete#CompletePHP +autocmd FileType c set omnifunc=ccomplete#Complete + + +" maps +"""""" +" easy window switching +map j_ +map k_ + +" easy common alignments +map = :Align = :set et +map > :Align => :set et +map A :Align AS :set et + + +" focus fold +" map zO zMzo + +" easy maximize window +map _k4+j +map + +" toggle above fold +map zK zkza`` +" toggle below field +map zJ zjza`` + +" comment out selected lines +map c :s/^/\/\// +" remove comments +map x :s/^\/\/// + +" CommandT +let g:CommandTMaxFiles=100000 +map t :CommandT ~/gitrepos +map T :CommandTFlush:CommandT ~/gitrepos + +map Hr :SearchReset:nohlsearch +map HR :SearchBuffersReset:nohlsearch +map vs :source ~/.vimrc +map gs :source ~/.vimrc:source ~/.gvimrc +map ss :setlocal spell spelllang=en_us +map S :setlocal nospell +map p :set paste +map P :set nopaste + +" obnoxious mail ending chars (e.g. mutt) +map M :%s/=\n//g + +" git blame history made easy +map gb :%!git blame -- % +map g< ^"byt :exe '%!git blame '.@b.'^ -- %' +map g. ^"byt :exe '%!git log -p '.@b.'^..'.@b + +" snippets +function! ReloadSnippets( snippets_dir, ft ) + if strlen( a:ft ) == 0 + let filetype = "_" + else + let filetype = a:ft + endif + + call ResetAllSnippets() + call GetSnippets( a:snippets_dir, filetype ) +endfunction + +" reload snippets +nmap rs :call ReloadSnippets(snippets_dir, &filetype) + +" move single line of nested XML onto multiple lines and indent +map xj ^f>a>>$F<xJ ^f/ldF AO + +" xmllint +map xl :%!xmllint --format - + +" system-specific configuration +source ~/.vimrc-local diff --git a/.xinitrc b/.xinitrc new file mode 100644 index 0000000..efb6c88 --- /dev/null +++ b/.xinitrc @@ -0,0 +1,18 @@ +setxkbmap -option ctrl:nocaps +xmodmap ~/.xmodmap +xset mouse 5/0.1 +xsetroot -cursor_name arrow + +# .Xresources is managed by software (e.g. Puppet) whereas .Xresources-local +# may contain any system-specific configuration +xrdb -merge ~/.Xresources +test -f ~/.Xresources-local && xrdb -merge ~/.Xresources-local + +# .xprofile is *not* managed by software (such as Puppet) and may therefore +# be used for system-specific configuration +test -f ~/.xprofile && source ~/.xprofile + +# screensaver can be disabled by creating ~/.noscreensaver (not managed) +test -f ~/.noscreensaver || xscreensaver & + +exec xmonad diff --git a/.xscreensaver b/.xscreensaver new file mode 100644 index 0000000..ec928fb --- /dev/null +++ b/.xscreensaver @@ -0,0 +1,22 @@ + +splash: false +mode: blank + +timeout: 0:01:00 +fade: true +unfade: false +lock: true +lockTimeout: 0:00:05 +passwdTimeout: 0:00:03 + +dpmsEnabled: true +dpmsQuickOff: false +dpmsStandby: 0:05:00 +dpmsStandby: 0:10:00 +dpmsOff: 0:30:00 + +timestamp: true +verbose: false +captureStderr: true + +pointerHysteresis: 10 diff --git a/desktop-bin/enc-setup b/desktop-bin/enc-setup new file mode 100755 index 0000000..2486cdd --- /dev/null +++ b/desktop-bin/enc-setup @@ -0,0 +1,97 @@ +#!/bin/bash +# +# Set up encrypted directory ~/.enc +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# This encrypted directory strikes a balance between a full encrypted home +# directory (a feature provided by many modern GNU/Linux distributions) and +# privacy: Specifically, most files are configuration and do not really need +# to be private (indeed, many of them are even in my public repository). +# +# This expects that the ~/.enc{,-data} directories have already been created +# when the system was set up. Any data in either of the directories will be +# copied into the final, encrypted directory, with the ~/.enc-data contents +# taking precedence in the event of a filename conflict. +## + +encdatadir="$HOME/.enc-data" +encdatadirtmp="$HOME/.enc-data.tmp" +encdir="$HOME/.enc" +readyfile=".ready" + +# graceful exit if we've already been set up +[ -e "$encdatadir/$readyfile" ] && { + echo "$encdir is already set up." + exit +} + +# do not allow this action to be performed over SSH or while sshd is running +# and tell the user to ensure that all running processes are trusted (no +# keyloggers, etc) +[ "$1" != --shutit ] && pgrep '^sshd?$' &>/dev/null && { + echo "fatal: please disable SSH and close all connections" >&2 + echo "fatal: and then verify all running processes" >&2 + echo "fatal: (or pass --shutit if you're confident)" >&2 + exit 1 +} + +# allows glob to match dotfiles +shopt -s dotglob || { + echo "fatal: failed to enable dotglob" >&2 + exit 1 +} + +# move the existing dir so that we can copy the files back in after (just in +# case files were created in anticipation); also copy over existing .enc dir +# contents, having .enc-data contents take precedence +[ -e "$encdatadir" ] && { + mv -v "$encdatadir" "$encdatadirtmp" \ + && cp -rnv "$encdir"/* "$encdatadirtmp/" \ + && mkdir -v "$encdatadir" \ + || exit $? +} + +# proceed (the nonempty options ignores the fact that ~/.enc---out mount +# point---is likely not empty) +echo "creating $encdatadir -> $encdir..." +encfs "$encdatadir" "$encdir" -ononempty \ + || { + err=$? + echo "fatal: failed!" >&2 + exit $err + } + +# this file will be copied into the encrypted dir and is an easy mount check +# for scripts +touch "$encdatadirtmp/.available" + +# mark as complete (yes, we intend to put this directly into the encrypted +# data dir) +date +%s > "$encdatadir/$readyfile" + +# copy previous data into the newly mounted and decrypted directory +mv -v "$encdatadirtmp"/* "$encdir/" \ + && find "$encdatadirtmp" -type f -exec shred -fuvz {} \; \ + && rm -rfv "$encdatadirtmp" \ + || { + err=$? + echo "fatal: $encdatadir created, but data copy failed" >&2 + echo "fatal: please copy $encdatadirtmp/* manually" >&2 + echo "fatal: and then shred its contents" >&2 + } + +echo Setup complete. diff --git a/desktop-bin/resec b/desktop-bin/resec new file mode 100755 index 0000000..a8fb6e0 --- /dev/null +++ b/desktop-bin/resec @@ -0,0 +1,70 @@ +#!/bin/bash +# +# Forcefully unmount ~/.enc and run any hooks +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# This script mercilessly unmounts ~/.enc by killing any processes that are +# using files within it, running hooks both before and after. The preunmount +# hook has the chance to abort or delay the operation (delay by re-invoking +# this script). +# +# Run this as root to be certain that unmount will succeed. +## + +encpath="$HOME/.enc" +avail="$encpath/.available" +preunmount="$encpath/.preunmount" +postunmount="$encpath/.postunmount" + +# if not mounted, then abort +[ -e "$avail" ] || exit + +# execute pre-mount script to allow system-specific preparation +[ -x "$preunmount" ] && { + "$preunmount" || { + err=$? + echo "fatal: $preunmount failed!" >&2 + exit $err + } +} + +# kill anything using this process, attempting to do so gracefully first by +# giving them some time to handle SIGTERM, after which we force any +# remaining processes to terminate +s=5 +fuser -Mm "$encpath" -k -TERM \ + && echo "Waiting $s seconds for above processes to terminate (SIGTERM)..." \ + && sleep "$s" \ + && echo "Terminating any remaining processes (SIGKILL)..." \ + && fuser -Mm "$encpath" -k -KILL + +# now that no processes are using the directory, unmount +fusermount -u "$encpath" \ + && { + [ ! -x "$postunmount" ] || "$postunmount" || { + err=$? + echo "warning: unmounted, but $postunmount failed!" + exit $err + } + } \ + || { + err=$? + echo "fatal: umount failed!" + exit $? + } + +echo "$encpath unmounted." diff --git a/desktop-bin/unsec b/desktop-bin/unsec new file mode 100755 index 0000000..fe17d5a --- /dev/null +++ b/desktop-bin/unsec @@ -0,0 +1,59 @@ +#!/bin/bash +# +# Decrypt ~/.enc and run any hooks +# +# Copyright (C) 2013 Mike Gerwitz +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Prompts to decrypt the encrypted directory after first running a premount +# script. Should the script succeed, mounting proceeds, after which a +# postmount script is run. In the event that the latter fails, the mount +# point will remain mounted, so any abort operations must occur in premount. +## + +avail="$HOME/.enc/.available" +premount="$HOME/.enc/.premount" +postmount="$HOME/.enc/.postmount" + +# enc-setup creates .available within the encrypted directory; if it's +# available, then ~/.enc-data is already mounted +[ -e "$avail" ] && exit + +# execute pre-mount script to allow system-specific preparation (note that +# this premount script exists within the mount point, meaning it'll be +# hidden as soon as the mount succeeds) +[ -x "$premount" ] && { + "$premount" || { + err=$? + echo "fatal: $premount failed!" >&2 + exit $err + } +} + +# mount the directory understanding that ~/.enc is very likely non-empty (to +# provide ``secured'' defaults +encfs ~/.enc-data ~/.enc -ononempty \ + && { + [ ! -x "$postmount" ] || "$postmount" || { + err=$? + echo "warning: mounted, but $postmount failed!" + exit $err + } + } \ + || { + err=$? + echo "fatal: mount failed" + exit $err + }