summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md12
-rwxr-xr-xclients/bscmd.scm83
-rw-r--r--gitolite-admin/README.md1
-rw-r--r--gitolite-admin/conf/gitolite.conf (renamed from conf/gitolite.conf)0
-rw-r--r--gitolite-admin/keydir/cmb.pub (renamed from keydir/cmb.pub)0
-rw-r--r--mpvc/README.md14
-rwxr-xr-xmpvc/mpvc187
-rw-r--r--pulseaudio/README.md5
-rw-r--r--pulseaudio/client.conf36
-rw-r--r--pulseaudio/daemon.conf89
-rw-r--r--pulseaudio/default.pa130
-rw-r--r--pulseaudio/system.pa59
-rw-r--r--remote-emacspeak/README.md7
-rw-r--r--remote-emacspeak/dotemacs4
-rw-r--r--remote-emacspeak/helper-scripts/README.md4
-rwxr-xr-xremote-emacspeak/helper-scripts/esbounce-local4
-rwxr-xr-xremote-emacspeak/helper-scripts/esbounce-lothlorien3
-rwxr-xr-xremote-emacspeak/runit/run6
-rwxr-xr-xremote-emacspeak/servers/lothlorien-espeak13
-rw-r--r--remote-emacspeak/stunnel-emacspeak.conf31
-rw-r--r--server-config/www.the-brannons.com/etc/cgitrc27
-rw-r--r--server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua8
-rw-r--r--server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf95
-rw-r--r--server-config/www.the-brannons.com/etc/lighttpd/mime.conf56
-rwxr-xr-xserver-config/www.the-brannons.com/etc/sv/gitolite/run5
-rw-r--r--server-config/www.the-brannons.com/var/lib/gitolite/.gitolite203
-rw-r--r--server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME1
-rw-r--r--server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL1
-rw-r--r--server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT1
-rw-r--r--server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME1
-rwxr-xr-xserver-config/www.the-brannons.com/var/lib/gitolite/web/git3
31 files changed, 1088 insertions, 1 deletions
diff --git a/README.md b/README.md
index 93e03ad..d8c056e 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,11 @@
-My gitolite repo with access rules and so forth.
+# Random Things
+
+A collection of random scripts, config files, or whatever.
+Some of this won't be usable out of the box, but it is provided for
+demonstrative purposes.
+
+# Notes About My Stack
+
+Some of my scripts use Laurent Bercot's execline language; see [the execline homepage](https://skarnet.org/software/execline/).
+I also use [runit](http://smarden.org/runit/) for service supervision in a lot of places, and in a few
+places I use the chpst tool from runit in contexts other than service supervision.
diff --git a/clients/bscmd.scm b/clients/bscmd.scm
new file mode 100755
index 0000000..8b574c1
--- /dev/null
+++ b/clients/bscmd.scm
@@ -0,0 +1,83 @@
+#!/usr/bin/csi -s
+;;; A tiny little control utility for baresip, written in CHICKEN Scheme.
+;;; This won't work out of the box right now, because the port of
+;;; netstring to CHICKEN 5 hasn't been published.
+;;; Usage:
+;;; bscmd COMMAND [parameter-string]
+;;; bscmd
+;;; With called without arguments, displays the stream of events from baresip.
+
+(import base64 brev (chicken random) json matchable netstring socket)
+
+(define (generate-token) (base64-encode (random-bytes (make-string 9))))
+
+(define (write-object-json-netstring obj . rest) (apply netstring-write (with-output-to-string (fn (json-write obj))) rest))
+
+(define (maybe-cons key value lst)
+ (if value (cons (cons key value) lst) lst))
+
+(define (send-baresip-command command #!key params port token)
+ (let ((obj
+ (maybe-cons 'params params
+ (maybe-cons 'token token
+ `((command . ,command))))))
+ (
+ (if port
+ (cut write-object-json-netstring <> port)
+ write-object-json-netstring)
+ (list->vector obj))))
+
+(define-options (bscmd bscmd.scm)
+ '((host
+ "Hostname or IP address."
+ (default "localhost")
+ (single-char #\H)
+ (value #t))
+ (port
+ "Port where baresip is listening."
+ (default "4444")
+ (single-char #\p)
+ (value #t))))
+
+(define (make-socket h p)
+ (let* ((addrinfo (car (address-information h p)))
+ (sock (socket (addrinfo-family addrinfo) (addrinfo-socktype addrinfo) (addrinfo-protocol addrinfo))))
+ (socket-connect sock (addrinfo-address addrinfo)) sock))
+
+(define (json-netstring-read port)
+ (vector->list (with-input-from-string (netstring-read port) json-read)))
+
+(define (with-baresip-connection proc)
+ (let ((client-socket (make-socket host (string->number port))))
+ (call-with-values (fn (socket-i/o-ports client-socket)) proc)))
+
+(define (process-events handler)
+ (fn
+ (let loop ()
+ (when (handler (json-netstring-read x))
+ (loop)))))
+
+(define (watch-events)
+ (with-baresip-connection (process-events (fn (print x) #t))))
+
+(define (baresip-transact command params)
+ (with-baresip-connection
+ (lambda (inp outp)
+ (let ((token (generate-token)))
+ (send-baresip-command
+ command params: params token: token port: outp)
+ ((process-events
+ (fn
+ (if (aand (assoc "token" x) (string=? token (cdr it)))
+ (begin (print x) #f)
+ #t))) inp outp)))))
+
+(define (main . ignored-args)
+ (match (cdr argument-stragglers)
+ (((? string? command) (? string? params))
+ (baresip-transact command params))
+ (((? string? command)) (print (baresip-transact command #f)))
+ (() (watch-events))
+ (_ (print "Expected: COMMAND PARAMS"))))
+
+(main)
diff --git a/gitolite-admin/README.md b/gitolite-admin/README.md
new file mode 100644
index 0000000..93e03ad
--- /dev/null
+++ b/gitolite-admin/README.md
@@ -0,0 +1 @@
+My gitolite repo with access rules and so forth.
diff --git a/conf/gitolite.conf b/gitolite-admin/conf/gitolite.conf
index ad31626..ad31626 100644
--- a/conf/gitolite.conf
+++ b/gitolite-admin/conf/gitolite.conf
diff --git a/keydir/cmb.pub b/gitolite-admin/keydir/cmb.pub
index 196de6d..196de6d 100644
--- a/keydir/cmb.pub
+++ b/gitolite-admin/keydir/cmb.pub
diff --git a/mpvc/README.md b/mpvc/README.md
new file mode 100644
index 0000000..7324b57
--- /dev/null
+++ b/mpvc/README.md
@@ -0,0 +1,14 @@
+# mpvc: remote control for a long-running mpv process
+
+This is what I use as a media player nowadays.
+To launch the long-running mpv, run `mpvc launch_mpv`.
+Typically I do that from a runit service, so the mpv runs from startup
+to shutdown.
+
+Commands are poorly documented. I use `click` for building the
+interface, so it is at least fairly discoverable.
+
+# Dependencies
+
+* Python 3.6+
+* [click](http://click.pocoo.org/). This is widely available in distros and ports trees. See its [page on repology.org](https://repology.org/project/python:click/versions) if you need help finding it.
diff --git a/mpvc/mpvc b/mpvc/mpvc
new file mode 100755
index 0000000..1f29a54
--- /dev/null
+++ b/mpvc/mpvc
@@ -0,0 +1,187 @@
+#!/usr/bin/env python3
+import io
+import json
+import os
+import socket
+import sys
+import click
+
+
+MPV_SOCKET_PATH = "/tmp/mpvd"
+NEWLINE = b"\n"[0]
+
+
+def terminate_on_failure(response):
+ if response["error"] != "success":
+ sys.stderr.write(f"{response['error']}")
+ sys.stderr.flush()
+ sys.exit(1)
+
+
+def open_socket():
+ the_socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)
+ try:
+ the_socket.connect(MPV_SOCKET_PATH)
+ return the_socket
+ except OSError:
+ the_socket.close()
+ raise
+
+
+def snarf_available(the_socket):
+ buffer = io.BytesIO()
+ received = []
+ while True:
+ chunk = the_socket.recv(65536)
+ buffer.write(chunk)
+ if chunk[-1] != NEWLINE:
+ continue
+ buffer.seek(0)
+ received = [json.loads(x) for x in buffer]
+ buffer.seek(0)
+ buffer.truncate()
+ received = [x for x in received if "request_id" in x]
+ if not received:
+ continue
+ return received[0]
+
+ return {"error": "no data"}
+
+
+def send_command(command, *args):
+ command_json = (
+ json.dumps({"command": [command] + list(args)}).encode("UTF-8") + b"\n"
+ )
+ with open_socket() as the_socket:
+ the_socket.send(command_json)
+ return snarf_available(the_socket)
+
+
+def set_property(property_name, value):
+ return send_command("set_property", property_name, value)
+
+
+def update_playlist_helper(opt, args):
+ if not args:
+ args = [x.rstrip("\n") for x in sys.stdin]
+
+ for entry in args:
+ terminate_on_failure(send_command("loadfile", entry, opt))
+
+
+@click.group()
+def cli():
+ pass
+
+
+def get_property(property_name):
+ return send_command("get_property", property_name)
+
+
+@cli.command(help="Show an mpv property.")
+@click.argument("property_name")
+def prop(property_name):
+ resp = get_property(property_name)
+ terminate_on_failure(resp)
+ print(resp["data"])
+
+
+@cli.command(help="Set or show the volume.")
+@click.argument("new_volume", type=float, required=False, default=None)
+def volume(new_volume):
+ if new_volume is not None:
+ terminate_on_failure(set_property("volume", new_volume))
+ else:
+ current_volume = get_property("volume")
+ terminate_on_failure(current_volume)
+ print(f"Current volume: {current_volume['data']}")
+
+
+@cli.command(help="Stop playback.")
+def stop():
+ terminate_on_failure(send_command("stop"))
+
+
+@cli.command(name="next", help="Jump to the next item in the playlist.")
+def playlist_next():
+ terminate_on_failure(send_command("playlist-next"))
+
+
+@cli.command(name="prev", help="Jump to the previous item in the playlist.")
+def playlist_prev():
+ terminate_on_failure(send_command("playlist-prev"))
+
+
+@cli.command(name="shuffle", help="Shuffle the playlist.")
+def playlist_shuffle():
+ terminate_on_failure(send_command("playlist-shuffle"))
+
+
+@cli.command(name="clear", help="Clear the playlist.")
+def playlist_clear():
+ terminate_on_failure(send_command("playlist-clear"))
+
+
+@cli.command(help="Jump to a specific entry in playlist, or resume playback.")
+@click.argument("playlist_position", required=False, type=int, default=None)
+def play(playlist_position):
+ if playlist_position is not None:
+ terminate_on_failure(set_property("playlist-pos-1", playlist_position))
+ terminate_on_failure(set_property("pause", False))
+
+
+@cli.command(help="Pause playback.")
+def pause():
+ terminate_on_failure(set_property("pause", True))
+
+
+@cli.command(name="list", help="Print the playlist.")
+def cmd_list():
+ resp = send_command("get_property", "playlist")
+ terminate_on_failure(resp)
+ for entry in resp["data"]:
+ char_current = "*" if entry.get("current", None) else " "
+ char_playing = "!" if entry.get("playing", None) else " "
+ print(f"{char_playing}{char_current}{entry['filename']}")
+
+
+@cli.command(help="Start a standalone mpv.")
+def launch_mpv():
+ MPV_NO_VIDEO = ("--no-video",)
+ MPV_COMMAND = (
+ "mpv",
+ "--idle=yes",
+ "--no-terminal",
+ f"--input-ipc-server={MPV_SOCKET_PATH}",
+ ) + MPV_NO_VIDEO
+ os.execvp("mpv", MPV_COMMAND)
+
+
+@cli.command(name="add", help="Append one or more items to the playlist.")
+@click.argument("items", nargs=-1)
+def append_to_playlist(items):
+ update_playlist_helper("append-play", items)
+
+
+@cli.command(name="replace", help="Replace the playlist with the given arguments.")
+@click.argument("items", nargs=-1)
+def replace_playlist(items):
+ update_playlist_helper("replace", items)
+
+
+@cli.command(context_settings=dict(ignore_unknown_options=True))
+@click.argument("amount", type=click.FLOAT)
+@click.option("--absolute/--relative", default=False)
+@click.option("--percent", is_flag=True, default=False)
+def seek(amount, absolute, percent):
+ flag_words = {
+ (False, False): "relative",
+ (False, True): "relative-percent",
+ (True, False): "absolute",
+ (True, True): "absolute-percent",
+ }
+ terminate_on_failure(send_command("seek", amount, flag_words[(absolute, percent)]))
+
+
+if __name__ == "__main__":
+ cli()
diff --git a/pulseaudio/README.md b/pulseaudio/README.md
new file mode 100644
index 0000000..5ece68c
--- /dev/null
+++ b/pulseaudio/README.md
@@ -0,0 +1,5 @@
+# PulseAudio Configuration
+
+Here is my configuration for PulseAudio. I run it as a system-wide
+service. Files in this directory go in /etc/pulse. You may need to
+customize it to taste.
diff --git a/pulseaudio/client.conf b/pulseaudio/client.conf
new file mode 100644
index 0000000..d1652a1
--- /dev/null
+++ b/pulseaudio/client.conf
@@ -0,0 +1,36 @@
+# This file is part of PulseAudio.
+#
+# PulseAudio is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# PulseAudio is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
+
+## Configuration file for PulseAudio clients. See pulse-client.conf(5) for
+## more information. Default values are commented out. Use either ; or # for
+## commenting.
+
+; default-sink =
+; default-source =
+default-server=/var/run/pulse/native
+; default-dbus-server =
+
+autospawn = no
+; autospawn = yes
+; daemon-binary = /usr/bin/pulseaudio
+; extra-arguments = --log-target=syslog
+
+; cookie-file =
+
+; enable-shm = yes
+; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB
+
+; auto-connect-localhost = no
+; auto-connect-display = no
diff --git a/pulseaudio/daemon.conf b/pulseaudio/daemon.conf
new file mode 100644
index 0000000..c96d54a
--- /dev/null
+++ b/pulseaudio/daemon.conf
@@ -0,0 +1,89 @@
+# This file is part of PulseAudio.
+#
+# PulseAudio is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# PulseAudio is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
+
+## Configuration file for the PulseAudio daemon. See pulse-daemon.conf(5) for
+## more information. Default values are commented out. Use either ; or # for
+## commenting.
+
+; daemonize = no
+; fail = yes
+; allow-module-loading = yes
+; allow-exit = yes
+; use-pid-file = yes
+system-instance = yes
+; local-server-type = user
+; enable-shm = yes
+; enable-memfd = yes
+; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB
+; lock-memory = no
+; cpu-limit = no
+
+; high-priority = yes
+; nice-level = -11
+
+; realtime-scheduling = yes
+; realtime-priority = 5
+
+; exit-idle-time = 20
+; scache-idle-time = 20
+
+; dl-search-path = (depends on architecture)
+
+; load-default-script-file = yes
+; default-script-file = /etc/pulse/default.pa
+
+; log-target = auto
+; log-level = notice
+; log-meta = no
+; log-time = no
+; log-backtrace = 0
+
+; resample-method = speex-float-1
+; avoid-resampling = false
+; enable-remixing = yes
+; remixing-use-all-sink-channels = yes
+; enable-lfe-remixing = no
+; lfe-crossover-freq = 0
+
+flat-volumes = no
+
+; rlimit-fsize = -1
+; rlimit-data = -1
+; rlimit-stack = -1
+; rlimit-core = -1
+; rlimit-as = -1
+; rlimit-rss = -1
+; rlimit-nproc = -1
+; rlimit-nofile = 256
+; rlimit-memlock = -1
+; rlimit-locks = -1
+; rlimit-sigpending = -1
+; rlimit-msgqueue = -1
+; rlimit-nice = 31
+; rlimit-rtprio = 9
+; rlimit-rttime = 200000
+
+; default-sample-format = s16le
+; default-sample-rate = 44100
+; alternate-sample-rate = 48000
+; default-sample-channels = 2
+; default-channel-map = front-left,front-right
+
+; default-fragments = 4
+; default-fragment-size-msec = 25
+
+; enable-deferred-volume = yes
+; deferred-volume-safety-margin-usec = 8000
+; deferred-volume-extra-delay-usec = 0
diff --git a/pulseaudio/default.pa b/pulseaudio/default.pa
new file mode 100644
index 0000000..50350f5
--- /dev/null
+++ b/pulseaudio/default.pa
@@ -0,0 +1,130 @@
+#!/usr/bin/pulseaudio -nF
+#
+# This file is part of PulseAudio.
+#
+# PulseAudio is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# PulseAudio is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
+
+# This startup script is used only if PulseAudio is started per-user
+# (i.e. not in system mode)
+
+.fail
+
+### Automatically restore the volume of streams and devices
+load-module module-device-restore
+load-module module-stream-restore
+load-module module-card-restore
+
+### Automatically augment property information from .desktop files
+### stored in /usr/share/application
+load-module module-augment-properties
+
+### Should be after module-*-restore but before module-*-detect
+load-module module-switch-on-port-available
+
+### Load audio drivers statically
+### (it's probably better to not load these drivers manually, but instead
+### use module-udev-detect -- see below -- for doing this automatically)
+#load-module module-alsa-sink
+#load-module module-alsa-source device=hw:1,0
+#load-module module-null-sink
+#load-module module-pipe-sink
+
+### Automatically load driver modules depending on the hardware available
+.ifexists module-udev-detect.so
+load-module module-udev-detect
+.else
+### Use the static hardware detection module (for systems that lack udev support)
+load-module module-detect
+.endif
+
+### Automatically connect sink and source if JACK server is present
+.ifexists module-jackdbus-detect.so
+.nofail
+load-module module-jackdbus-detect channels=2
+.fail
+.endif
+
+### Automatically load driver modules for Bluetooth hardware
+.ifexists module-bluetooth-policy.so
+load-module module-bluetooth-policy
+.endif
+
+.ifexists module-bluetooth-discover.so
+load-module module-bluetooth-discover
+.endif
+
+### Load several protocols
+.ifexists module-esound-protocol-unix.so
+load-module module-esound-protocol-unix
+.endif
+load-module module-native-protocol-unix
+
+### Network access (may be configured with paprefs, so leave this commented
+### here if you plan to use paprefs)
+#load-module module-esound-protocol-tcp
+#load-module module-native-protocol-tcp
+#load-module module-zeroconf-publish
+
+### Load the RTP receiver module (also configured via paprefs, see above)
+#load-module module-rtp-recv
+
+### Load the RTP sender module (also configured via paprefs, see above)
+#load-module module-null-sink sink_name=rtp format=s16be channels=2 rate=44100 sink_properties="device.description='RTP Multicast Sink'"
+#load-module module-rtp-send source=rtp.monitor
+
+### Load additional modules from GSettings. This can be configured with the paprefs tool.
+### Please keep in mind that the modules configured by paprefs might conflict with manually
+### loaded modules.
+.ifexists module-gsettings.so
+.nofail
+load-module module-gsettings
+.fail
+.endif
+
+
+### Automatically restore the default sink/source when changed by the user
+### during runtime
+### NOTE: This should be loaded as early as possible so that subsequent modules
+### that look up the default sink/source get the right value
+load-module module-default-device-restore
+
+### Automatically move streams to the default sink if the sink they are
+### connected to dies, similar for sources
+load-module module-rescue-streams
+
+### Make sure we always have a sink around, even if it is a null sink.
+load-module module-always-sink
+
+### Honour intended role device property
+load-module module-intended-roles
+
+### Automatically suspend sinks/sources that become idle for too long
+# load-module module-suspend-on-idle
+
+### Enable positioned event sounds
+load-module module-position-event-sounds
+
+### Cork music/video streams when a phone stream is active
+load-module module-role-cork
+
+### Modules to allow autoloading of filters (such as echo cancellation)
+### on demand. module-filter-heuristics tries to determine what filters
+### make sense, and module-filter-apply does the heavy-lifting of
+### loading modules and rerouting streams.
+load-module module-filter-heuristics
+load-module module-filter-apply
+
+### Make some devices default
+#set-default-sink output
+#set-default-source input
diff --git a/pulseaudio/system.pa b/pulseaudio/system.pa
new file mode 100644
index 0000000..7e62f09
--- /dev/null
+++ b/pulseaudio/system.pa
@@ -0,0 +1,59 @@
+#!/usr/bin/pulseaudio -nF
+#
+# This file is part of PulseAudio.
+#
+# PulseAudio is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# PulseAudio is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
+
+# This startup script is used only if PulseAudio is started in system
+# mode.
+
+### Automatically restore the volume of streams and devices
+load-module module-device-restore
+load-module module-stream-restore
+load-module module-card-restore
+
+### Automatically load driver modules depending on the hardware available
+.ifexists module-udev-detect.so
+load-module module-udev-detect
+.else
+### Use the static hardware detection module (for systems that lack udev/hal support)
+load-module module-detect
+.endif
+
+### Load several protocols
+.ifexists module-esound-protocol-unix.so
+load-module module-esound-protocol-unix
+.endif
+load-module module-native-protocol-unix
+
+### Automatically restore the default sink/source when changed by the user
+### during runtime
+### NOTE: This should be loaded as early as possible so that subsequent modules
+### that look up the default sink/source get the right value
+load-module module-default-device-restore
+
+### Automatically move streams to the default sink if the sink they are
+### connected to dies, similar for sources
+load-module module-rescue-streams
+
+### Make sure we always have a sink around, even if it is a null sink.
+load-module module-always-sink
+
+### Automatically suspend sinks/sources that become idle for too long
+# load-module module-suspend-on-idle
+
+### Enable positioned event sounds
+load-module module-position-event-sounds
+load-module module-native-protocol-tcp listen=:: auth-cookie=/var/lib/pulse/cookie
+load-module module-native-protocol-tcp listen=0.0.0.0 auth-cookie=/var/lib/pulse/cookie
diff --git a/remote-emacspeak/README.md b/remote-emacspeak/README.md
new file mode 100644
index 0000000..9e4eef0
--- /dev/null
+++ b/remote-emacspeak/README.md
@@ -0,0 +1,7 @@
+# Remote Emacspeak
+
+Here are my configuration files and scripts for remote emacspeak.
+This really deserves a blog post with a walkthrough on how to use it.
+I think it is more secure than some of the other remote emacspeak solutions
+out there. Like remote X, the "server" is the thing with I/O hardware,
+and the "client" is the thing running an application.
diff --git a/remote-emacspeak/dotemacs b/remote-emacspeak/dotemacs
new file mode 100644
index 0000000..1da2636
--- /dev/null
+++ b/remote-emacspeak/dotemacs
@@ -0,0 +1,4 @@
+; A little helper to drop in to ~/.emacs:
+(defun cmb-switch-server (newserver)
+ (dtk-select-server newserver)
+ (dtk-initialize) (dtk-set-rate 449 449))
diff --git a/remote-emacspeak/helper-scripts/README.md b/remote-emacspeak/helper-scripts/README.md
new file mode 100644
index 0000000..3106f52
--- /dev/null
+++ b/remote-emacspeak/helper-scripts/README.md
@@ -0,0 +1,4 @@
+# Helpers
+
+These go in ~/.local/bin, or ~/bin, or wherever you put helper scripts.
+They use emacsclient, so your emacs will need to be set up for that.
diff --git a/remote-emacspeak/helper-scripts/esbounce-local b/remote-emacspeak/helper-scripts/esbounce-local
new file mode 100755
index 0000000..3fc9ed2
--- /dev/null
+++ b/remote-emacspeak/helper-scripts/esbounce-local
@@ -0,0 +1,4 @@
+#!/bin/sh
+# Move speech back to the espeak server on the "local" system, I.E., the
+# one running emacs:
+emacsclient -e '(cmb-switch-server "espeak")'
diff --git a/remote-emacspeak/helper-scripts/esbounce-lothlorien b/remote-emacspeak/helper-scripts/esbounce-lothlorien
new file mode 100755
index 0000000..73a596b
--- /dev/null
+++ b/remote-emacspeak/helper-scripts/esbounce-lothlorien
@@ -0,0 +1,3 @@
+#!/bin/sh
+# Move speech to the lothlorien host.
+emacsclient -e '(cmb-switch-server "lothlorien-espeak")'
diff --git a/remote-emacspeak/runit/run b/remote-emacspeak/runit/run
new file mode 100755
index 0000000..4d03878
--- /dev/null
+++ b/remote-emacspeak/runit/run
@@ -0,0 +1,6 @@
+#!/usr/bin/execlineb
+# On my machines where the speech servers run, I have a runit service
+# under /etc/sv/emacspeak-espeak with this run-script.
+# The server runs under the emacspeaksrv user and needs several different
+# groups:
+cd / chpst -u emacspeaksrv:audio:pulse-access:tls stunnel /etc/stunnel-emacspeak.conf
diff --git a/remote-emacspeak/servers/lothlorien-espeak b/remote-emacspeak/servers/lothlorien-espeak
new file mode 100755
index 0000000..44d9f12
--- /dev/null
+++ b/remote-emacspeak/servers/lothlorien-espeak
@@ -0,0 +1,13 @@
+#!/bin/sh
+# This is the part of the speech server that runs on the machine where emacs
+# and emacspeak run. It should go in the servers/ directory of your
+# emacspeak tree. It's like cloud-espeak and friends, but it uses a
+# TLS connection with a client certificate.
+# I have one of these named for each host where speech is generated.
+#
+# Once it is in place, yuou can use the dtk-select function (C-e d d)
+# from within emacs and pass lothlorien-espeak as the server name to
+# get speech output on lothlorien. Or set the DTK-PROGRAM environment
+# variable.
+#
+exec socat - openssl-connect:lothlorien:2345,cafile=/home/chris/.local/ssl/ca.crt,cert=/home/chris/.local/ssl/beast.pem
diff --git a/remote-emacspeak/stunnel-emacspeak.conf b/remote-emacspeak/stunnel-emacspeak.conf
new file mode 100644
index 0000000..45ef2e2
--- /dev/null
+++ b/remote-emacspeak/stunnel-emacspeak.conf
@@ -0,0 +1,31 @@
+# A stunnel configuration that spawns an emacspeak speech server,
+# waiting for TLS connections on port 2345.
+# I start stunnel with this configuration from runit.
+foreground = yes
+#output = /var/log/stunnel-emacspeak.log
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+#compression = rle
+
+[emacspeak-espeak]
+accept = 2345
+# You can set the cert to a combo *.pem file and omit the key, if you like.
+# Keys are owned by user root, group tls, with 0640 permissions.
+# lothlorien is one of my machines that has I/O hardware connected:
+cert = /etc/ssl/private/lothlorien.crt
+key = /etc/ssl/private/lothlorien.key
+client = no
+
+# To allow anyone to try an ssl connection, use this:
+# But actually don't, because, umm, you will have just given them
+# arbitrary code execution privileges as the emacspeaksrv user on your box.
+# The espeak speech server is literally a TCL REPL, and the speech
+# server "protocol" is just TCL commands. So yeah, don't.
+###verify = 0
+
+# To allow only cert-authorized clients, use something like this instead of the above:
+verify = 2
+CAfile = /etc/ssl/certs/beast.localdomain-ca.crt
+
+exec = /usr/local/lib/emacspeak-servers/espeak
+execargs = /usr/local/lib/emacspeak-servers/espeak
diff --git a/server-config/www.the-brannons.com/etc/cgitrc b/server-config/www.the-brannons.com/etc/cgitrc
new file mode 100644
index 0000000..8c852c1
--- /dev/null
+++ b/server-config/www.the-brannons.com/etc/cgitrc
@@ -0,0 +1,27 @@
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+# For each cgit host the document root contains a /cgit directory with
+# these files: cgit.cgi, cgit.css, and cgit.png.
+clone-prefix=/git
+css=/cgit/cgit.css
+logo=/cgit/cgit.png
+
+# Allow http transport git clone
+#enable-http-clone=0
+
+snapshots=all
+
+# if you do not want that webcrawler (like google) index your site
+robots=noindex, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/cgit/cgit.cgi/
+repo.url=nawp
+repo.path=/var/lib/gitolite/repositories/nawp.git
+repo.desc=NAWP Aint WordPress
+repo.readme=master:README.md
+repo.url=chicken-xml-rpc
+repo.path=/var/lib/gitolite/repositories/chicken-xml-rpc.git
+repo.desc=xml-rpc egg for Chicken 5.x
+repo.url=random-things
+repo.path=/var/lib/gitolite/repositories/random-things.git
+repo.desc=collection of random Chris things
diff --git a/server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua b/server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua
new file mode 100644
index 0000000..b27d95f
--- /dev/null
+++ b/server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua
@@ -0,0 +1,8 @@
+# To the best of my knowledge, the thumbprint doesn't have to be
+# kept secret, so I'll let it all hang out, as it were:
+# Take the thing after /.well-known/acme-challenge/ from the path:
+ challenge = lighty.env["uri.path"]:sub(29)
+ret = challenge .. '.N0Jo0TsZjiLudJJSasZ2ZGMTrMRe6_44SywWheEZTk8'
+lighty.header["Content-Type"] = "text/plain"
+lighty.content = { ret }
+return 200
diff --git a/server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf b/server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf
new file mode 100644
index 0000000..b575a2f
--- /dev/null
+++ b/server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf
@@ -0,0 +1,95 @@
+# This is a minimal example config
+# See /usr/share/doc/lighttpd
+# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
+
+server.bind = "0.0.0.0"
+server.port = 80
+server.username = "_lighttpd"
+server.groupname = "_lighttpd"
+server.document-root = "/srv/http/the-brannons.com"
+server.errorlog = "/var/log/lighttpd/error.log"
+server.modules = (
+ "mod_access",
+ "mod_simple_vhost",
+ "mod_accesslog",
+ "mod_cgi",
+ "mod_fastcgi",
+ "mod_proxy",
+ "mod_rewrite",
+ "mod_openssl"
+)
+server.breakagelog = "/var/log/lighttpd/breakage.log"
+
+$SERVER["socket"] == "[::]:80" {
+}
+
+ssl.pemfile = "/etc/ssl/acme/the-brannons.com/fullchain"
+ssl.privkey = "/etc/ssl/acme/the-brannons.com/privkey"
+$SERVER["socket"] == ":443" {
+ ssl.engine = "enable"
+}
+$SERVER["socket"] == "[::]:443" {
+ ssl.engine = "enable"
+}
+
+dir-listing.activate = "enable"
+index-file.names = ( "index.html" )
+include "mime.conf"
+
+accesslog.filename = "/var/log/lighttpd/access.log"
+
+server.modules += ( "mod_magnet" )
+$HTTP["url"] =~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
+magnet.attract-raw-url-to = ( "/etc/lighttpd/handle-acme.lua" )
+}
+
+simple-vhost.server-root = "/srv/http/"
+simple-vhost.default-host = "default"
+
+$HTTP["url"] =~ "^/cgi-bin" {
+ cgi.assign = ( "" => "" )
+ dir-listing.activate = "disable"
+}
+
+$HTTP["host"] == "blvuug.org" {
+ $HTTP["url"] =~ "^/salmonella" {
+proxy.server = (
+ "" => (
+"blvuug.org" =>
+("host" => "192.168.122.83", "port" => 80)))
+}
+$HTTP["url"] !~ "^/salmonella" {
+proxy.server = (
+ "" => (
+"blvuug.org" =>
+("host" => "10.4.21.2", "port" => 5001)))
+}
+}
+$HTTP["host"] == "salmonella-freebsd-x86-64.call-cc.org" {
+ $HTTP["url"] =~ "^/salmonella" {
+proxy.server = (
+ "" => (
+"salmonella-freebsd-x86-64.call-cc.org" =>
+("host" => "192.168.122.83", "port" => 80)))
+}
+$HTTP["url"] !~ "^/salmonella" {
+ url.access-deny = ("")
+}
+}
+$HTTP["host"] == "bitwarden.number89.net" {
+proxy.server = (
+ "" => (
+"bitwarden.number89.net" =>
+("host" => "10.4.21.3", "port" => 5002)))
+}
+
+cgi.x-sendfile = "enable"
+
+fastcgi.server = ("/git" =>
+(("socket" => "/run/gitolite/gitolite.sock",
+"docroot" => "/var/lib/gitolite/web")))
+
+$HTTP["url"] =~ "^/cgit" {
+ server.indexfiles = ("cgit.cgi")
+ cgi.assign = ("cgit.cgi" => "")
+}
diff --git a/server-config/www.the-brannons.com/etc/lighttpd/mime.conf b/server-config/www.the-brannons.com/etc/lighttpd/mime.conf
new file mode 100644
index 0000000..49a37c7
--- /dev/null
+++ b/server-config/www.the-brannons.com/etc/lighttpd/mime.conf
@@ -0,0 +1,56 @@
+mimetype.use-xattr = "enable"
+mimetype.xattr-name = "user.Content-Type"
+mimetype.assign = ( ".html" => "text/html; charset=utf-8",
+".txt" => "text/plain; charset=utf-8",
+".jpg" => "image/jpeg",
+".png" => "image/png",
+".htm" => "text/html; charset=utf-8",
+".xml" => "text/xml; charset=utf-8",
+".rss20" => "text/xml; charset=utf-8",
+ ".pdf" => "application/pdf",
+ ".sig" => "application/pgp-signature",
+ ".spl" => "application/futuresplash",
+ ".class" => "application/octet-stream",
+ ".ps" => "application/postscript",
+ ".torrent" => "application/x-bittorrent",
+ ".dvi" => "application/x-dvi",
+ ".pac" => "application/x-ns-proxy-autoconfig",
+ ".swf" => "application/x-shockwave-flash",
+ ".tar.gz" => "application/x-tgz",
+ ".tgz" => "application/x-tgz",
+ ".gz" => "application/x-gzip",
+ ".tar" => "application/x-tar",
+ ".zip" => "application/zip",
+ ".mp3" => "audio/mpeg",
+ ".m3u" => "audio/x-mpegurl",
+ ".wma" => "audio/x-ms-wma",
+ ".wax" => "audio/x-ms-wax",
+ ".ogg" => "audio/ogg",
+ ".wav" => "audio/x-wav",
+ ".gif" => "image/gif",
+ ".jpeg" => "image/jpeg",
+ ".xbm" => "image/x-xbitmap",
+ ".xpm" => "image/x-xpixmap",
+ ".xwd" => "image/x-xwindowdump",
+ ".css" => "text/css",
+ ".js" => "text/javascript; charset=utf-8",
+ ".c" => "text/plain; charset=utf-8",
+ ".cpp" => "text/plain; charset=utf-8",
+ ".log" => "text/plain; charset=utf-8",
+ ".conf" => "text/plain; charset=utf-8",
+ ".text" => "text/plain; charset=utf-8",
+ ".dtd" => "text/xml; charset=utf-8",
+ ".mpeg" => "video/mpeg",
+ ".mpg" => "video/mpeg",
+ ".mov" => "video/quicktime",
+ ".qt" => "video/quicktime",
+ ".avi" => "video/x-msvideo",
+ ".asf" => "video/x-ms-asf",
+ ".asx" => "video/x-ms-asf",
+ ".wmv" => "video/x-ms-wmv",
+ ".tbz" => "application/x-bzip-compressed-tar",
+ ".tar.bz2" => "application/x-bzip-compressed-tar",
+ ".bz2" => "application/x-bzip",
+ ".rpm" => "application/x-rpm",
+ # make the default mime type application/octet-stream.
+ "" => "application/octet-stream")
diff --git a/server-config/www.the-brannons.com/etc/sv/gitolite/run b/server-config/www.the-brannons.com/etc/sv/gitolite/run
new file mode 100755
index 0000000..b8207d9
--- /dev/null
+++ b/server-config/www.the-brannons.com/etc/sv/gitolite/run
@@ -0,0 +1,5 @@
+#!/bin/sh
+# You'll want spawn-fcgi and fcgiwrap to run gitolite as cgi.
+install -d --group=gitolite --mode=0755 --owner=gitolite /run/gitolite
+umask 0002
+exec spawn-fcgi -u gitolite -g gitolite -s /run/gitolite/gitolite.sock -n -d / -- /usr/bin/fcgiwrap -f
diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/.gitolite b/server-config/www.the-brannons.com/var/lib/gitolite/.gitolite
new file mode 100644
index 0000000..01e79be
--- /dev/null
+++ b/server-config/www.the-brannons.com/var/lib/gitolite/.gitolite
@@ -0,0 +1,203 @@
+# configuration variables for gitolite
+
+# This file is in perl syntax. But you do NOT need to know perl to edit it --
+# just mind the commas, use single quotes unless you know what you're doing,
+# and make sure the brackets and braces stay matched up!
+
+# (Tip: perl allows a comma after the last item in a list also!)
+
+# HELP for commands can be had by running the command with "-h".
+
+# HELP for all the other FEATURES can be found in the documentation (look for
+# "list of non-core programs shipped with gitolite" in the master index) or
+# directly in the corresponding source file.
+
+%RC = (
+
+ # ------------------------------------------------------------------
+
+ # default umask gives you perms of '0700'; see the rc file docs for
+ # how/why you might change this
+ UMASK => 0027,
+
+ # look for "git-config" in the documentation
+ GIT_CONFIG_KEYS => '',
+
+ # comment out if you don't need all the extra detail in the logfile
+ LOG_EXTRA => 1,
+ # logging options
+ # 1. leave this section as is for 'normal' gitolite logging (default)
+ # 2. uncomment this line to log ONLY to syslog:
+ # LOG_DEST => 'syslog',
+ # 3. uncomment this line to log to syslog and the normal gitolite log:
+ # LOG_DEST => 'syslog,normal',
+ # 4. prefixing "repo-log," to any of the above will **also** log just the
+ # update records to "gl-log" in the bare repo directory:
+ # LOG_DEST => 'repo-log,normal',
+ # LOG_DEST => 'repo-log,syslog',
+ # LOG_DEST => 'repo-log,syslog,normal',
+ # syslog 'facility': defaults to 'local0', uncomment if needed. For example:
+ # LOG_FACILITY => 'local4',
+
+ # roles. add more roles (like MANAGER, TESTER, ...) here.
+ # WARNING: if you make changes to this hash, you MUST run 'gitolite
+ # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
+ ROLES => {
+ READERS => 1,
+ WRITERS => 1,
+ },
+
+ HTTP_ANON_USER => 'anonymous',
+ # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
+ # CACHE => 'Redis',
+
+ # ------------------------------------------------------------------
+
+ # rc variables used by various features
+
+ # the 'info' command prints this as additional info, if it is set
+ # SITE_INFO => 'Please see http://blahblah/gitolite for more help',
+
+ # the CpuTime feature uses these
+ # display user, system, and elapsed times to user after each git operation
+ # DISPLAY_CPU_TIME => 1,
+ # display a warning if total CPU times (u, s, cu, cs) crosses this limit
+ # CPU_TIME_WARN_LIMIT => 0.1,
+
+ # the Mirroring feature needs this
+ # HOSTNAME => "foo",
+
+ # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
+ # CACHE_TTL => 600,
+
+ # ------------------------------------------------------------------
+
+ # suggested locations for site-local gitolite code (see cust.html)
+
+ # this one is managed directly on the server
+ # LOCAL_CODE => "$ENV{HOME}/local",
+
+ # or you can use this, which lets you put everything in a subdirectory
+ # called "local" in your gitolite-admin repo. For a SECURITY WARNING
+ # on this, see http://gitolite.com/gitolite/non-core.html#pushcode
+ # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
+
+ # ------------------------------------------------------------------
+
+ # List of commands and features to enable
+
+ ENABLE => [
+
+ # COMMANDS
+
+ # These are the commands enabled by default
+ 'help',
+ 'desc',
+ 'info',
+ 'perms',
+ 'writable',
+
+ # Uncomment or add new commands here.
+ # 'create',
+ # 'fork',
+ # 'mirror',
+ # 'readme',
+ # 'sskm',
+ # 'D',
+
+ # These FEATURES are enabled by default.
+
+ # essential (unless you're using smart-http mode)
+ 'ssh-authkeys',
+
+ # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz'
+ 'git-config',
+
+ # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
+ 'daemon',
+
+ # creates projects.list file; if you don't use gitweb, comment this out
+ 'gitweb',
+
+ # These FEATURES are disabled by default; uncomment to enable. If you
+ # need to add new ones, ask on the mailing list :-)
+
+ # user-visible behaviour
+
+ # prevent wild repos auto-create on fetch/clone
+ # 'no-create-on-read',
+ # no auto-create at all (don't forget to enable the 'create' command!)
+ # 'no-auto-create',
+
+ # access a repo by another (possibly legacy) name
+ # 'Alias',
+
+ # give some users direct shell access. See documentation in
+ # sts.html for details on the following two choices.
+ # "Shell $ENV{HOME}/.gitolite.shell-users",
+ # 'Shell alice bob',
+
+ # set default roles from lines like 'option default.roles-1 = ...', etc.
+ # 'set-default-roles',
+
+ # show more detailed messages on deny
+ # 'expand-deny-messages',
+
+ # show a message of the day
+ # 'Motd',
+
+ # system admin stuff
+
+ # enable mirroring (don't forget to set the HOSTNAME too!)
+ # 'Mirroring',
+
+ # allow people to submit pub files with more than one key in them
+ # 'ssh-authkeys-split',
+
+ # selective read control hack
+ # 'partial-copy',
+
+ # manage local, gitolite-controlled, copies of read-only upstream repos
+ # 'upstream',
+
+ # updates 'description' file instead of 'gitweb.description' config item
+ # 'cgit',
+
+ # allow repo-specific hooks to be added
+ # 'repo-specific-hooks',
+
+ # performance, logging, monitoring...
+
+ # be nice
+ # 'renice 10',
+
+ # log CPU times (user, system, cumulative user, cumulative system)
+ # 'CpuTime',
+
+ # syntactic_sugar for gitolite.conf and included files
+
+ # allow backslash-escaped continuation lines in gitolite.conf
+ # 'continuation-lines',
+
+ # create implicit user groups from directory names in keydir/
+ # 'keysubdirs-as-groups',
+
+ # allow simple line-oriented macros
+ # 'macros',
+
+ # Kindergarten mode
+
+ # disallow various things that sensible people shouldn't be doing anyway
+ # 'Kindergarten',
+ ],
+
+);
+
+# ------------------------------------------------------------------------------
+# per perl rules, this should be the last line in such a file:
+1;
+
+# Local variables:
+# mode: perl
+# End:
+# vim: set syn=perl:
diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME
new file mode 100644
index 0000000..b62d1f1
--- /dev/null
+++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME
@@ -0,0 +1 @@
+/var/lib/gitolite
diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL
@@ -0,0 +1 @@
+
diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT
new file mode 100644
index 0000000..b53d4b7
--- /dev/null
+++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT
@@ -0,0 +1 @@
+/var/lib/gitolite/repositories
diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME
new file mode 100644
index 0000000..b62d1f1
--- /dev/null
+++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME
@@ -0,0 +1 @@
+/var/lib/gitolite
diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/web/git b/server-config/www.the-brannons.com/var/lib/gitolite/web/git
new file mode 100755
index 0000000..52b2ba5
--- /dev/null
+++ b/server-config/www.the-brannons.com/var/lib/gitolite/web/git
@@ -0,0 +1,3 @@
+#!/usr/bin/execlineb
+# This is executed as a CGI script under fcgiwrap.
+chpst -e /var/lib/gitolite/cgi-environ /usr/lib/gitolite/gitolite-shell