sync dotfiles with mac

crontab/bespin.crontab

@@ -5,6 +5,6 @@
 # DOW (day of week): 0-6 or Sun-Sat
 #
 # MIN   HR  DOM   MONTH   DOW   CMD
-  5     3   *     *       *     /home/charles/pod-private-wiki/utils-backup/wikidb_dump.sh
+  3     3   *     *       *     /home/charles/pod-private-wiki/utils-backup/wikidb_dump.sh
   6     3   *     *       *     /home/charles/pod-private-wiki/utils-backup/wikifiles_dump.sh
-
+  12    3   *     *       *     bash -c '/usr/bin/test -d /media/charles/usb && /bin/ls -1 -t /home/charles/backups | /usr/bin/head -n1 | /usr/bin/xargs -IREPL cp -r /home/charles/backups/REPL /media/charles/usb/backups/.'

crontab/lars.sudo.crontab

@@ -0,0 +1,8 @@
+# MIN: 0-59
+# HOUR: 0-23
+# DOM (day of month): 1-31
+# MONTH: 1-12 or Jan-Dec
+# DOW (day of week): 0-6 or Sun-Sat
+#
+# MIN   HR  DOM   MONTH   DOW   CMD
+  3     2   *     *       Sun   cd /home/charles/pod-gollyx-mongo/d-mongodb/ && ./make_mongo_pem.sh

dotfiles/.aliases

@@ -10,6 +10,17 @@ git() {
 }
 
 
+alias gemini-flash='gemini --model gemini-3-flash-preview'
+alias gemini-pro='gemini --model gemini-3-pro-preview'
+
+alias claude-haiku='claude --model claude-haiku-4-5'
+alias claude-sonnet='claude --model claude-sonnet-4-6'
+
+alias claude-deep='ANTHROPIC_BASE_URL="https://api.deepseek.com/anthropic" ANTHROPIC_AUTH_TOKEN="$DEEPSEEK_API_KEY" ANTHROPIC_MODEL="deepseek-chat" ANTHROPIC_DEFAULT_HAIKU_MODEL="deepseek-chat" API_TIMEOUT_MS=600000 claude'
+# Also need to add:
+# export CLAUDE_CODE_MAX_TOKENS=4000
+# export CLAUDE_CODE_COMPACT_LEVEL=aggressive
+
 # lazy af
 # -------
 alias mk='make'
@@ -20,12 +31,16 @@ alias ipy='ipython --pylab'
 alias ip="curl -4 icanhazip.com"
 alias ipaddr="curl -4 icanhazip.com"
 
+# uuid generator
+alias uuid="uuidgen"
 
 # python stuff
 # ------------
 # https://unix.stackexchange.com/a/459586
 alias vp="[ -d vp ] || virtualenv -p python3 vp && source vp/bin/activate"
-
+if [[ "${HOSTNAME}" == "burro" ]]; then
+    alias vpp="[ -d vpp ] || virtualenv --python ${HOME}/.pyenv/versions/pypy3.9-7.3.9/bin/pypy3 vpp && source vpp/bin/activate"
+fi
 
 # one-letter aliases
 # ---------------
@@ -62,34 +77,24 @@ alias mv='mv -i'
 # ls aliases
 # --------------------
 # Detect which `ls` flavor is in use
-
-LS=$(which ls)
-if $LS --color > /dev/null 2>&1; then # GNU `ls`
-    colorflag="--color"
-    export LS_COLORS='no=00:fi=00:di=01;31:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.ogg=01;35:*.mp3=01;35:*.wav=01;35:'
-    groupflag="--group-directories-first"
-else # macOS `ls`
-    colorflag="-G"
-    export LSCOLORS='BxBxhxDxfxhxhxhxhxcxcx'
-    groupflag="--group-directories-first"
-fi
+# https://gist.github.com/skyzyx/3438280b18e4f7c490db8a2a2ca0b9da
 
 
+LSBIN=$(which ls)
 
-alias ls="$LS -1 ${colorflag} ${groupflag}"
+# the --color flag works with either verison of ls
+alias ls='$LSBIN -lh --color'
 alias sl='ls'
 
-
-
 # List all files colorized in long format
-alias l="$LS -lhAF ${colorflag}"
+alias l="ls -lhAF --color"
 alias ll="l"
 
 # List all files colorized in long format, including dot files
 alias la="l -a"
 
 # List only directories
-alias lsd="$LS -lF ${colorflag} | grep --color=never '^d'"
+alias lsd="ls -lF --color | grep --color=never '^d'"
 
 
 alias lr='ls -r' # reverse
@@ -122,13 +127,79 @@ alias c='clear'
 
 
 
-# socks proxy thru charlesreid1
-# (forwards http traffic thru charlesreid1 port 8080)
+# socks proxy thru seawater for private wiki access
+# (use with foxyproxy, point to localhost:5778)
 # ---------------
-alias socks='ssh -fN -D 8080 charles@charlesreid1.com'
+alias socks='ssh -D 5778 -p 5778 charles@charlesreid1.party -f -N'
 
 
 
+# tinc vpn
+# ---------------
+
+alias seawatervpn="seawatervpn"
+function seawatervpn() {
+  ssh-agent > ~/ssh.file # env vars in ssh.file
+  chmod +x ~/ssh.file # execute file
+  ~/ssh.file > /dev/null
+  rm -f ~/ssh.file
+  export IP="192.168.30.1"
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
+}
+
+alias randalvpn="randalvpn"
+function randalvpn() {
+  ssh-agent > ~/ssh.file # env vars in ssh.file
+  chmod +x ~/ssh.file # execute file
+  ~/ssh.file > /dev/null
+  rm -f ~/ssh.file
+  export IP="192.168.30.10"
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
+}
+
+alias mayavpn="mayavpn"
+function mayavpn() {
+  ssh-agent > ~/ssh.file # env vars in ssh.file
+  chmod +x ~/ssh.file # execute file
+  ~/ssh.file > /dev/null
+  rm -f ~/ssh.file
+  export IP="192.168.30.20"
+  ssh -Y charles@${IP} # the actual ssh call
+}
+
+alias bearvpn="bearvpn"
+function bearvpn() {
+  ssh-agent > ~/ssh.file # env vars in ssh.file
+  chmod +x ~/ssh.file # execute file
+  ~/ssh.file > /dev/null
+  rm -f ~/ssh.file
+  export IP="192.168.30.40"
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
+}
+
+alias emmettvpn="emmettvpn"
+function emmettvpn() {
+  ssh-agent > ~/ssh.file # env vars in ssh.file
+  chmod +x ~/ssh.file # execute file
+  ~/ssh.file > /dev/null
+  rm -f ~/ssh.file
+  export IP="192.168.30.55"
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
+}
+
+# Local machines
+# ---------------
+
+alias randal="randal"
+function randal() {
+  ssh-agent > ~/ssh.file # env vars in ssh.file
+  chmod +x ~/ssh.file # execute file
+  ~/ssh.file > /dev/null
+  rm -f ~/ssh.file
+  export IP="192.168.0.10"
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
+}
+
 # Remote machines
 # ---------------
 
@@ -149,27 +220,27 @@ function bear() {
   ~/ssh.file > /dev/null
   rm -f ~/ssh.file
   export IP="173.255.249.79"
-  ssh -Y charles@${IP} # the actual ssh call
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
 }
 
-alias bespin="bespin"
-function bespin() {
+alias emmett="emmett"
+function emmett() {
   ssh-agent > ~/ssh.file # env vars in ssh.file
   chmod +x ~/ssh.file # execute file
   ~/ssh.file > /dev/null
   rm -f ~/ssh.file
-  export IP="bespin"
-  ssh -Y charles@${IP} # the actual ssh call
+  export IP="173.255.252.181"
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
 }
 
-alias dorky="dorky"
-function dorky() {
+alias seawater="seawater"
+function seawater() {
   ssh-agent > ~/ssh.file # env vars in ssh.file
   chmod +x ~/ssh.file # execute file
   ~/ssh.file > /dev/null
   rm -f ~/ssh.file
   export IP="charlesreid1.party"
-  ssh -Y charles@${IP} # the actual ssh call
+  ssh -p 5778 -Y charles@${IP} # the actual ssh call
 }
 
 

dotfiles/.bash_profile

@@ -5,6 +5,7 @@
 # to add your own non-committed machine-specific settings,
 # use ~/.extra
 
+
 # Must
 EDITOR="vim"
 GIT_EDITOR="vim"
@@ -16,6 +17,7 @@ PAGER="most"
 GOROOT=$HOME/go
 GOPATH=$HOME/go
 
+
 # Set $PATH here
 PATH="${HOME}/scripts:${PATH}"
 PATH="/usr/local/bin:$PATH"
@@ -23,43 +25,29 @@ PATH="/usr/local/sbin:${PATH}" # homebrew admin tools
 PATH="${PATH}:${GOROOT}/bin"
 PATH="/usr/local/opt/coreutils/libexec/gnubin:${PATH}"
 PATH="${HOME}/bin:${PATH}"
-if [[ ("$HOSTNAME" == "seawater") || ("$HOSTNAME" == "bascom") ]]; then
-    PATH="${HOME}/bin/elasticsearch-5.4.2/bin:${PATH}"
 
-    # assume-role cli util:
-    # Add homebrew-installed ruby to path:
-    # (WARNING: THIS CAN CAUSE PROBLEMS!)
-    export PATH="/usr/local/opt/ruby/bin:$PATH"
+# claude code
+export PATH="$HOME/.local/bin:$PATH"
+export ANTHROPIC_DEFAULT_OPUS_MODEL="claude-opus-4-6"
+export ANTHROPIC_MODEL="claude-opus-4-6"
 
-    # Add homebrew-ruby-gem-installed packages to path:
-    export PATH="/usr/local/lib/ruby/gems/2.6.0/bin:$PATH"
+# gemini
+source $HOME/.gemini_api_key
+
+# deepseek
+source $HOME/.deepseek_api_key
 
-    # aws - load config file when using assume-role
-    export AWS_SDK_LOAD_CONFIG="1"
-fi
 
 # Tell git not to look for getext.sh
 # since pyenv has trouble with that
 export GIT_INTERNAL_GETTEXT_TEST_FALLBACKS=1
 
-if [[ "$HOSTNAME" == "bascom" ]]; then
-    # git tab completion
-    source ${HOME}/.git-completion.bash
-fi
-
-# goenv installer
-export GOENV_ROOT="$HOME/.goenv"
-export PATH="$GOENV_ROOT/bin:$PATH"
-
-# Only enable this if you are using go.
-# This will add half a second every time you
-# open a new shell.
-#eval "$(goenv init -)"
 
 # pyenv installer
 # https://github.com/pyenv/pyenv-installer
 export PYENV_ROOT="$HOME/.pyenv"
 export PATH="$PYENV_ROOT/bin:$PATH"
+eval "$(pyenv init --path)"
 eval "$(pyenv init -)"
 
 export PATH
@@ -89,34 +77,26 @@ PROMPT_COMMAND='history -a;history -n'
 # don't try to autocomplete commands when tab is pressed and line is empty
 shopt -s no_empty_cmd_completion
 
-if [[ "$HOSTNAME" == "bascom" ]]; then
-    # aws cli tab-completion
-    # https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-completion.html
-    complete -C "$(pyenv which aws_completer)" aws
-fi
-
-
-
 #############################
 # ssh-agent setup
-SSH_ENV="$HOME/.ssh/agent-environment"
-
-function start_agent {
-    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
-    chmod 600 "${SSH_ENV}"
-    . "${SSH_ENV}" > /dev/null
-    /usr/bin/ssh-add;
-}
-
-# Source SSH settings, if applicable
-if [ -f "${SSH_ENV}" ]; then
-    . "${SSH_ENV}" > /dev/null
-    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
-        start_agent;
-    }
-else
-    start_agent;
-fi
+### SSH_ENV="$HOME/.ssh/agent-environment"
+###
+### function start_agent {
+###     /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
+###     chmod 600 "${SSH_ENV}"
+###     . "${SSH_ENV}" > /dev/null
+###     /usr/bin/ssh-add;
+### }
+###
+### # Source SSH settings, if applicable
+### if [ -f "${SSH_ENV}" ]; then
+###     . "${SSH_ENV}" > /dev/null
+###     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
+###         start_agent;
+###     }
+### else
+###     start_agent;
+### fi
 
 
 #############################
@@ -140,9 +120,7 @@ if [ -f /etc/bash_completion ]; then
 	source /etc/bash_completion;
 fi;
 
-if [[ "$HOSTNAME" == "bascom" ]]; then
-    # Enable tab completion for `g` by marking it as an alias for `git`
-    if type _git &> /dev/null && [ -f /usr/local/etc/bash_completion.d/git-completion.bash ]; then
-    	complete -o default -o nospace -F _git g;
-    fi;
-fi
+# shut up
+touch ${HOME}/.hushlogin
+export BASH_SILENCE_DEPRECATION_WARNING=1
+export FILTER_BRANCH_SQUELCH_WARNING=1

dotfiles/.bash_prompt

@@ -41,24 +41,14 @@ else
 	white="\e[1;37m";
 fi;
 
-if [[ "${HOSTNAME}" == "rojo" ]]; then
+if [[ "${HOSTNAME}" == "bear" ]]; then
     userStyle="${red}"
-elif [[ "${HOSTNAME}" == "jupiter" ]]; then
-    userStyle="${green}"
-elif [[ "${HOSTNAME}" == "krash" ]]; then
-    userStyle="${cyan}"
-elif [[ "${HOSTNAME}" == "bear" ]]; then
-    userStyle="${red}"
-elif [[ "${HOSTNAME}" == "bespin" ]]; then
+elif [[ "${HOSTNAME}" == "randal" ]]; then
     userStyle="${purple}"
-elif [[ "${HOSTNAME}" == "dorky" ]]; then
-    userStyle="${yellow}"
 elif [[ "${HOSTNAME}" == "emmett" ]]; then
-    userStyle="${yellow}"
-elif [[ "${HOSTNAME}" == "dudley" ]]; then
-    userStyle="${orange}"
-elif [[ "${HOSTNAME}" == "lars" ]]; then
-    userStyle="${white}"
+    userStyle="${green}"
+elif [[ "${HOSTNAME}" == "seawater" ]]; then
+    userStyle="${green}"
 else
     userStyle="${yellow}"
 fi

dotfiles/.bashrc

@@ -1 +1,3 @@
 [ -n "$PS1" ] && source ~/.bash_profile;
+## uh... maybe just this?
+#source ~/.bash_profile

dotfiles/.functions

@@ -5,11 +5,6 @@ function mkd() {
 	mkdir -p "$@" && cd "$_";
 }
 
-# Change working directory to the top-most Finder window location
-function cdf() { # short for `cdfinder`
-	cd "$(osascript -e 'tell app "Finder" to POSIX path of (insertion location as alias)')";
-}
-
 # Create a .tar.gz archive, using `zopfli`, `pigz` or `gzip` for compression
 function targz() {
 	local tmpFile="${@%/}.tar";
@@ -58,14 +53,6 @@ function fs() {
 	fi;
 }
 
-# Use Git’s colored diff when available
-hash git &>/dev/null;
-if [ $? -eq 0 ]; then
-	function diff() {
-		git diff --no-index --color-words "$@";
-	}
-fi;
-
 # Create a data URL from a file
 function dataurl() {
 	local mimeType=$(file -b --mime-type "$1");
@@ -84,24 +71,6 @@ function server() {
 	python -c $'import SimpleHTTPServer;\nmap = SimpleHTTPServer.SimpleHTTPRequestHandler.extensions_map;\nmap[""] = "text/plain";\nfor key, value in map.items():\n\tmap[key] = value + ";charset=UTF-8";\nSimpleHTTPServer.test();' "$port";
 }
 
-# Start a PHP server from a directory, optionally specifying the port
-# (Requires PHP 5.4.0+.)
-function phpserver() {
-	local port="${1:-4000}";
-	local ip=$(ipconfig getifaddr en1);
-	sleep 1 && open "http://${ip}:${port}/" &
-	php -S "${ip}:${port}";
-}
-
-# Compare original and gzipped file size
-function gz() {
-	local origsize=$(wc -c < "$1");
-	local gzipsize=$(gzip -c "$1" | wc -c);
-	local ratio=$(echo "$gzipsize * 100 / $origsize" | bc -l);
-	printf "orig: %d bytes\n" "$origsize";
-	printf "gzip: %d bytes (%2.2f%%)\n" "$gzipsize" "$ratio";
-}
-
 # Syntax-highlight JSON strings or files
 # Usage: `json '{"foo":42}'` or `echo '{"foo":42}' | json`
 function json() {
@@ -160,16 +129,6 @@ function getcertnames() {
 	fi;
 }
 
-# `s` with no arguments opens the current directory in Sublime Text, otherwise
-# opens the given location
-function s() {
-	if [ $# -eq 0 ]; then
-		subl .;
-	else
-		subl "$@";
-	fi;
-}
-
 # `v` with no arguments opens the current directory in Vim, otherwise opens the
 # given location
 function v() {

dotfiles/.gvimrc

@@ -1,6 +1,3 @@
-" Use the Solarized Dark theme
-set background=dark
-colorscheme solarized
 " Use 14pt Monaco
 set guifont=Monaco:h14
 " Don’t blink cursor in normal mode

dotfiles/.tmux.conf

@@ -15,10 +15,11 @@
 set -g default-terminal "screen-256color"
 set-option -g default-terminal screen-256color
 
-# Use C-a, since it's on the home row and easier to hit than C-b
-set-option -g prefix C-a
-unbind C-a
-bind C-a send-prefix
+# Use C-t instead
+set-option -g prefix C-t
+unbind C-t
+bind C-t send-prefix
+
 
 # Set parent terminal title to reflect current window in tmux session
 set -g set-titles on
@@ -44,7 +45,7 @@ bind enter next-layout
 
 # use vim-like keys for splits and windows
 # 
-#   Control-A plus:
+#   Control-T plus:
 # 
 #   s = horizontal split
 #   v = vertical split
@@ -59,52 +60,55 @@ bind h select-pane -L
 bind j select-pane -D
 bind k select-pane -U
 bind l select-pane -R
-bind C-h select-pane -L
-bind C-l select-pane -R
 
 # smart pane switching with awareness of vim splits
+# (these interfere with the often-used Control-L shortcut
+# to clear the screen, so that gets really annoying.)
 # 
-# Control plus:
+# Control then:
 # 
 #   h = pick left pane
-#   j = pick left pane
-#   k = pick left pane
-#   l = pick left pane
-#   \ = pick another pane (?)
+#   j = pick down pane
+#   k = pick up pane
+#   l = pick right pane
 #
-bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-h) || tmux select-pane -L"
-bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-j) || tmux select-pane -D"
-bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-k) || tmux select-pane -U"
-bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-l) || tmux select-pane -R"
-bind -n C-\ run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys 'C-\\') || tmux select-pane -l"
+# bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-h) || tmux select-pane -L"
+# bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-j) || tmux select-pane -D"
+# bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-k) || tmux select-pane -U"
+# bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iqE '(^|\/)vim$' && tmux send-keys C-l) || tmux select-pane -R"
 
-# Control-A then Control-L clears the screen
-bind C-l send-keys 'C-l'
-
-# Control-A then Control-O swaps out windows in their respective positions
+# Control-T then Control-O swaps out windows in their respective positions
 bind C-o rotate-window
 
-# Control-A plus + makes existing windows have horizontal layout
-bind + select-layout main-horizontal
+# Control-T then + makes existing windows have vertical layout
+bind + select-layout main-vertical
 
-# Control-A plus = makes existing windows have vertical layout
-bind = select-layout main-vertical
+# Control-T then = makes existing windows have horizontal layout
+bind = select-layout main-horizontal
+
+# Control-T Control-N makes a new window in the path of the current pane
+bind C-n new-window -c '#{pane_current_path}'
 
 ## (no idea what this does)
 #set-window-option -g other-pane-height 25
 #set-window-option -g other-pane-width 80
 
-# Control-A plus [ or ] moves into copy mode or paste mode
+# Control-T plus [ or ] moves into copy mode or paste mode
 bind [ copy-mode
 bind ] paste-buffer
 
 # (no idea)
 set-window-option -g display-panes-time 1500
 
-# Control-A plus | or _ splits panes vertically (|) or horizontally (_)
+# Control-T plus | or _ splits panes vertically (|) or horizontally (_)
+# (this is better than using percent, but now we've got muscle memory for %)
 bind | split-window -h -c "#{pane_current_path}"
 bind _ split-window -v -c "#{pane_current_path}"
 
+# because we were using this before
+bind % split-window -h -c "#{pane_current_path}"
+
+
 # Status Bar
 set-option -g status-interval 1
 set-option -g status-left ''
@@ -120,6 +124,7 @@ set -g visual-activity on
 
 # Allow the arrow key to be used immediately after changing windows
 set-option -g repeat-time 0
+
 # Set up easy go-to sessions with shortcuts 
 bind s source-file ~/.tmux.session1
 

dotfiles/.vimrc

@@ -152,7 +152,7 @@ let &guicursor = &guicursor . ",a:blinkon0"
 "
 "  now you need to "infect" yourself
 "  (questionable word choices...)
-execute pathogen#infect()
+" execute pathogen#infect()
 
 
 
@@ -184,20 +184,24 @@ let g:go_fmt_command = "goimports"
 " don't move comment hashtag to the first column.
 " smartindent is unnecessary for python anyway.
 " http://stackoverflow.com/questions/2063175/vim-insert-mode-comments-go-to-start-of-line
-au! FileType python setl nosmartindent
+au! FileType python setl textwidth=0 nosmartindent
 
 " golang
 " see https://github.com/paulswanson/congo/blob/master/congo.sh
 " ------------------------
-au BufRead,BufNewFile *.go set noexpandtab
+au BufRead,BufNewFile *.go set textwidth=0 noexpandtab
 
 " Makefiles
 " ------------------------
-au BufRead,BufNewFile Makefile*,*.make,*.mk set noexpandtab
+au BufRead,BufNewFile Makefile*,*.make,*.mk set textwidth=0 noexpandtab
 
 " C++
 " ------------------------
-au BufRead,BufNewFile *.cpp,*.cxx,*.cc,*.c,*.h,*.hpp,*.hxx,*.hh set tabstop=4 shiftwidth=4 softtabstop=4 nowrap
+au BufRead,BufNewFile *.cpp,*.cxx,*.cc,*.c,*.h,*.hpp,*.hxx,*.hh set textwidth=0 tabstop=4 shiftwidth=4 softtabstop=4 nowrap
+
+" shell scripts
+" ------------------------
+au BufRead,BufNewFile *.sh set textwidth=0 noexpandtab
 
 " Snakemake files: Snakefile, .rule, .snake, .settings, .smk
 " ------------------------
@@ -217,6 +221,10 @@ function! DisableIndentY()
         set indentexpr&
 endfunction
 
+" Javascript
+" -------------------------
+au BufRead,BufNewFile *.js,*.javascript set textwidth=0 tabstop=2 shiftwidth=2 softtabstop=2 nowrap
+
 
 
 " ------------------------
@@ -240,18 +248,19 @@ set textwidth=115
 " above directive will auto-wrap
 " your text as you type it, and may
 " end up driving you mad.
+" Set textwidth to 0 or a different number for known (code) filetypes.
 
-" > Bugbear's documentation explains 88 vs 80:
-" > "it's like highway speed limits, we won't bother
-" > you if you overdo it by a few km/h".
-"
-" Turn character 80/88 red
-" (for visibility conforming to
-"  coding standards)
-" https://stackoverflow.com/questions/23246962/vim-highlight-a-single-character-at-column-80#23247938
-hi Bang ctermfg=red guifg=red
-"match Bang /\%>87v.*\%<89v/
-match Bang /\%>79v.*\%<81v/
+""" " > Bugbear's documentation explains 88 vs 80:
+""" " > "it's like highway speed limits, we won't bother
+""" " > you if you overdo it by a few km/h".
+""" "
+""" " Turn character 80/88 red
+""" " (for visibility conforming to
+""" "  coding standards)
+""" " https://stackoverflow.com/questions/23246962/vim-highlight-a-single-character-at-column-80#23247938
+""" hi Bang ctermfg=red guifg=red
+""" "match Bang /\%>87v.*\%<89v/
+""" match Bang /\%>79v.*\%<81v/
 
 
 
@@ -331,25 +340,25 @@ function! DisableIndent()
         set indentexpr&
 endfunction
 
-" fix latex highlighting in markdown
-function! MathAndLiquid()
-    "" Define certain regions
-    " Block math. Look for "$$[anything]$$"
-    syn region math start=/\$\$/ end=/\$\$/
-    " inline math. Look for "$[not $][anything]$"
-    syn match math_block '\$[^$].\{-}\$'
-
-    " Fenced code blocks, used in GitHub Flavored Markdown (GFM)
-    syn region highlight_block start='```' end='```'
-
-    "" Actually highlight those regions.
-    hi link math Statement
-    hi link math_block Function
-    hi link highlight_block Function
-endfunction
-
-" Call everytime we open a Markdown file
-autocmd BufRead,BufNewFile,BufEnter *.md,*.markdown call MathAndLiquid()
+""" " fix latex highlighting in markdown
+""" function! MathAndLiquid()
+"""     "" Define certain regions
+"""     " Block math. Look for "$$[anything]$$"
+"""     syn region math start=/\$\$/ end=/\$\$/
+"""     " inline math. Look for "$[not $][anything]$"
+"""     syn match math_block '\$[^$].\{-}\$'
+""" 
+"""     " Fenced code blocks, used in GitHub Flavored Markdown (GFM)
+"""     syn region highlight_block start='```' end='```'
+""" 
+"""     "" Actually highlight those regions.
+"""     hi link math Statement
+"""     hi link math_block Function
+"""     hi link highlight_block Function
+""" endfunction
+""" 
+""" " Call everytime we open a Markdown file
+""" autocmd BufRead,BufNewFile,BufEnter *.md,*.markdown call MathAndLiquid()
 
 
 
@@ -533,53 +542,26 @@ noremap <Leader>W :w !sudo tee % > /dev/null<cr>
 " ----------------------------
 " colorrrzzzzz
 " ----------------------------
-
+
+""" set background=dark
+""" 
+""" set t_Co=256
+""" 
+""" function! BgToggle()
+"""   if &background == "light"
+"""     execute ":set background=dark"
+"""   else
+"""     execute ":set background=light"
+"""   endif
+""" endfunction
 """ nnoremap <F5> :call BgToggle()<cr>
-
-set t_Co=256
-
-function! BgToggle()
-  if &background == "light"
-    execute ":set background=dark"
-  else
-    execute ":set background=light"
-  endif
-endfunction
-nnoremap <F5> :call BgToggle()<cr>
-
-" to install vim-colors-solarized plugin:
-" git clone git://github.com/altercation/vim-colors-solarized.git ~/.vim/bundle/vim-colors-solarized
-"
-let g:solarized_termcolors=256
-
-"" If the following line is commented out,
-"" F5/background toggle will change from
-"" dark to light. If the line is enabled,
-"" the background color will remain the same
-"" dark default terminal backgorund color.
-"let g:solarized_termtrans = 1
-"
-let g:solarized_degrade = 0
-let g:solarized_bold = 1
-let g:solarized_underline = 1
-let g:solarized_italic = 1
-let g:solarized_contrast = "normal"
-let g:solarized_visibility= "normal"
-
-" install solarized by getting the
-" solarized color scheme in vim format
-" (solarized.vim) from here:
-"
-" wget https://raw.githubusercontent.com/altercation/vim-colors-solarized/master/colors/solarized.vim -O ~/.vim/colors/solarized.vim
-"
-" put it in ~/.vim/colors/solarized.vim
 
 
 " more color schemes:
 "colorscheme blue
 "colorscheme darkblue
 "colorscheme default
-"colorscheme delek
+"colorscheme delek
 colorscheme desert " <-- old standby
 "colorscheme elflord
 "colorscheme evening
@@ -610,7 +592,20 @@ nnoremap <S-L> :join<CR>
 " move up and down n lines
 map <S-j> 7j
 map <S-k> 7k
+
+" Bubble text up/down
+" Single line:
+nmap <C-k> ddkP
+nmap <C-j> ddp
+" Multiple lines:
+vmap <C-k> xkP`[V`]
+vmap <C-j> xp`[V`]
 
 " -----------------------------
 " Jedi Autocomplete Plugin
-" -----------------------------
+" -----------------------------
+"let g:jedi#auto_initialization = 0
+
+"" -----------------------
+""  Black shortcut
+"" -----------------------

dotfiles/diff_dotfiles.sh

@@ -4,7 +4,7 @@
 #find . -type f -maxdepth 1 -name ".*" | xargs -t -n1 -I% diff % ~/%
 
 # The (more careful) loop version:
-for file in $(find . -type f -maxdepth 1 -name ".*"); do
+for file in $(find . -maxdepth 1 -type f  -name ".*"); do
     if [[ -f ~/$file ]]; then
         echo "------------"
         echo "$file exists in home directory, calculating diff..."

firewall/bear_ufw.sh

@@ -1,39 +0,0 @@
-#!/bin/bash
-#
-# Set up the ufw firewall for bear.
-# 22 - ssh
-# 80 - http
-# 443 - https
-# 8080, 8888, 8000 - for something to use
-
-if [ "$(id -u)" != "0" ]; then
-    echo ""
-    echo ""
-    echo "This script must be run as root!"
-    echo ""
-    echo ""
-    exit 1;
-fi
-
-set -x
-
-# Start by setting defaults on ufw
-ufw --force reset
-ufw default deny incoming
-ufw default allow outgoing
-ufw allow 22
-ufw allow 80
-ufw allow 443
-ufw --force enable
-
-# allow ufw to nat connections from
-# external interface to internal 
-# (docker) interfaces
-sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
-ufw reload
-
-# enable packet masquerading so we can
-# get the real IP of clients inside
-# docker containers.
-iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE
-

firewall/bespin_iptables_pihole_tinc.sh

@@ -0,0 +1,119 @@
+#!/bin/bash
+set -e
+
+ipt="sudo /sbin/iptables"
+
+# Set default policies
+$ipt -P INPUT DROP
+$ipt -P FORWARD DROP
+$ipt -P OUTPUT ACCEPT
+
+# Flush and clear everything
+$ipt -t nat -F
+$ipt -t mangle -F
+$ipt -F
+$ipt -X
+
+# Name of main ethernet connection device
+ETH="wlan0"
+# Name of PIA VPN tunnel device
+PIATUN="tun1"
+# Name of tinc tunnel device
+TINCTUN="master"
+# Name of loopback interface for PiHole DNS server
+PHDNS="lo:1"
+
+########### LOOPBACK ##########
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A INPUT -i lo:1 -j ACCEPT
+
+########### INCOMING ##########
+# Allow any established connection to come in or out
+$ipt -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+########### PING ##############
+# Allow incoming ping requests
+$ipt -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+
+########### SSH ###############
+# Allow incoming SSH sessions, new or established
+$ipt -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+# Allow incoming SSH traffic, if part of established conversation
+$ipt -A INPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
+
+########### TINC ##############
+# Allow incoming VPN sessions destined for 655, new or established
+$ipt -A INPUT -p udp --dport 655 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+# Allow incoming VPN traffic coming from 655, part of established conversation
+$ipt -A INPUT -p udp --sport 655 -m conntrack --ctstate ESTABLISHED -j ACCEPT
+
+########### HTTP/HTTPS ########
+# Allow incoming HTTP/HTTPS traffic, part of established conversation
+$ipt -A INPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
+$ipt -A INPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
+
+# Allow incoming HTTP/HTTPS requests from tinc tunnel
+$ipt -A INPUT -p tcp -i ${TINCTUN} --dport 80 -j ACCEPT
+$ipt -A INPUT -p tcp -i ${TINCTUN} --dport 443 -j ACCEPT
+
+# Allow incoming HTTP/HTTPS requests from local ethernet
+$ipt -A INPUT -p tcp -i ${ETH} --dport 80 -j ACCEPT
+$ipt -A INPUT -p tcp -i ${ETH} --dport 443 -j ACCEPT
+
+########### PIHOLE UI #########
+# Allow incoming requests to 8888/8443 via tinc tunnel
+$ipt -A INPUT -p tcp -i ${TINCTUN} --dport 8888 -j ACCEPT
+$ipt -A INPUT -p tcp -i ${TINCTUN} --dport 8443 -j ACCEPT
+
+########### TELEMETRY #########
+# Allow node exporter traffic from source port 9100
+$ipt -A INPUT -p tcp --dport 9100 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+$ipt -A INPUT -p tcp --sport 9100 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+# Allow cadvisor on port 8080
+$ipt -A INPUT -p tcp --dport 8080 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+$ipt -A INPUT -p tcp --sport 8080 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+# Allow nginx on port 9113
+$ipt -A INPUT -p tcp --dport 9113 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+$ipt -A INPUT -p tcp --sport 9113 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+
+########### DHCP ##############
+# Allow any DHCP traffic to come in or out
+$ipt -A INPUT  -p udp --dport 67:68 --sport 67:68 -j ACCEPT
+$ipt -A OUTPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
+
+########### DNS ###############
+PROTOCOLS="tcp udp"
+for prot in $PROTOCOLS; do
+    # General DNS Traffic:
+    # Allow incoming DNS traffic coming from 53, part of established conversation
+    $ipt -A INPUT  -p $prot --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+    # PiHole self-accept traffic from port 53
+    $ipt -A INPUT -p $prot -i ${PHDNS} --dport 53 -j ACCEPT
+
+    # # PiHole DNS (lo:1) <-> PIA VPN Tunnel (tun0):
+    # # PiHole can always send DNS queries out through tunnel
+    # $ipt -A FORWARD -p $prot -i ${PHDNS} -o ${PIATUN} --dport 53 -j ACCEPT
+    # # Responses to PiHole can always return via tunnel
+    # $ipt -A FORWARD -p $prot -i ${PIATUN} -o ${PHDNS} --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+    # PiHole DNS (lo:1) <-> ethernet
+    # PiHole can always send DNS queries out through tunnel
+    $ipt -A FORWARD -p $prot -i ${PHDNS} -o ${ETH} --dport 53 -j ACCEPT
+    # Responses to PiHole can always return via ethernet
+    $ipt -A FORWARD -p $prot -i ${ETH} -o ${PHDNS} --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+done
+
+# # Enable logging
+# $ipt -N LOGGING
+# $ipt -A INPUT -j LOGGING
+# $ipt -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "iptables dropped: " --log-level 4
+# $ipt -A LOGGING -j DROP
+
+# Make rules persistent
+sudo netfilter-persistent save
+
+# Restore docker iptables rules
+sudo service docker restart

tasks/secrets/ch4zm_gen_ssh_keys.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+# 
+# this is where you would add any
+# pre-baked public keys.
+set -x
+
+yes | ssh-keygen -f $HOME/.ssh/id_rsa_ch4zm -t rsa -N ''
+chmod 700 $HOME/.ssh
+touch $HOME/.ssh/authorized_keys
+chmod 600 $HOME/.ssh/authorized_keys