seb/dotfiles
1
1
Fork 0
mirror of https://github.com/sebaschi/dotfiles.git synced 2025-12-29 10:18:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: seb:b3e943ea9152776a23db9914ebf23e52e96d8cc2
Branches Tags
seb:main
...
compare: seb:main
Branches Tags
seb:main

26 Commits
b3e943ea91 ... main

Author SHA1 Message Date
Sebastian Lenzlinger
a2ac456f72 Remove superfluous changelog and todos file 2025-12-04 00:54:39 +01:00
Sebastian Lenzlinger
04a07210a4 Don't hard code nu shell path for ghostty 2025-12-04 00:38:37 +01:00
Sebastian Lenzlinger
8ef6a87ba1 Add new lib for shell 2025-12-04 00:34:50 +01:00
Sebastian Lenzlinger
7c30e64c4b Misc updates 
modified:   README.md
	modified:   bash/dot-bashrc
	modified:   git/dot-config/git/config
	new file:   helix/dot-config/helix/config.toml
	modified:   pet/dot-config/pet/snippet.toml
	renamed:    run.sh -> setup.sh
 2025-12-03 22:33:58 +01:00
Sebastian Lenzlinger
6475b15d70 Source hcloud bash completions in bashrc 2025-07-15 11:10:55 +02:00
Sebastian Lenzlinger
36a3766aef Update global git ignore 2025-06-23 23:31:42 +02:00
Sebastian Lenzlinger
0a392b6252 Update gitignore 2025-06-23 23:28:16 +02:00
Sebastian Lenzlinger
3540c154e6 New global gitignore 2025-06-23 23:26:44 +02:00
Sebastian Lenzlinger
45b952f37a More stow refactoring; now actually including bashrc 2025-06-18 14:36:56 +02:00
Sebastian Lenzlinger
4a425ec8f1 Update: git global config 2025-06-18 11:45:28 +02:00
Sebastian Lenzlinger
4b3a47a17f Update README.md 
README.md is changed to reflect that GNU stow is used.
 2025-06-18 11:40:49 +02:00
Sebastian Lenzlinger
84b20638f3 FIX: Make run.sh actually follow task-file pattern 2025-06-18 11:40:20 +02:00
Sebastian Lenzlinger
a4f2cff5f3 Create pet package: holds both config AND snippets for convenciance:) 2025-06-18 11:25:58 +02:00
Sebastian Lenzlinger
c074cfa3e0 Make ghostty config stowable 2025-06-18 01:44:25 +02:00
Sebastian Lenzlinger
cb481919c9 Move old scripts into resources; They have no active use currently but good to keep for reference 2025-06-18 01:29:54 +02:00
Sebastian Lenzlinger
c86bf33b0d Start keeping track of todos 2025-06-18 01:28:32 +02:00
Sebastian Lenzlinger
e947a9d04e Some more refactoring for GNU stow (git, vim and tmux) 2025-06-18 01:26:52 +02:00
Sebastian Lenzlinger
5508cfe264 Ad run.sh as top level taskfile. Currently just to bootstrap getting gnu stow 2025-06-18 01:17:23 +02:00
Sebastian Lenzlinger
f4cae0306f Make stow verbose in stowrc 2025-06-18 00:44:31 +02:00
Sebastian Lenzlinger
fad2c8b5dc Fix awk error in tasklib.sh by renaming 'func' variable 
The variable name 'func' is a reserved builtin in gawk, causing
errors when running `./task help`. Renamed to 'funcname' to avoid
the conflict.
 2025-06-18 00:41:35 +02:00
Sebastian Lenzlinger
854126bb4b Add some shell functions as shellib for task files 2025-06-18 00:29:11 +02:00
Sebastian Lenzlinger
7925f873a8 Add kanidm-eval example config and task file! 2025-06-18 00:11:45 +02:00
Sebastian Lenzlinger
a91fb3f595 Remove old nvim config hierarchy 2025-06-16 17:24:47 +02:00
Sebastian Lenzlinger
aaad05e9a5 Refactor to work with GNU stow. 2025-06-16 17:18:27 +02:00
Sebastian Lenzlinger
70eb8c8308 Add: rewrite script in python using click. 2025-04-15 17:43:26 +02:00
Sebastian Lenzlinger
00ac22e726 Add subcommand install_vim_neovim. 
Installs vim config as neovim config. I.e. to use vimscript instead of lua as config for neovim.
 2025-04-15 11:33:20 +02:00
54 changed files with 4025 additions and 285 deletions
Expand all files Collapse all files

49
README.md
View File

@@ -1,51 +1,38 @@
# Dotfiles
A collection of configuration files for various tools and applications I use, with an installation script to easily set them up on new systems.
Personal dotfiles and more
## Installation
### Clone the repository
Install [GNU stow](https://gnu.org/software/stow/).
You **will** want a version >= 8. September 2024! See [here](https://cgit.git.savannah.gnu.org/cgit/stow.git/tree/NEWS).
This is so `dot-*` named files (or dirs) are handled correctly!
See `run.sh`. Use it as taskfile to install stow.
Then, to make sure that stow is correctly handling `dot-*` named dirs, run
```bash
git clone git@github.com:sebaschi/dotfiles.git ~/.dotfiles
stow --dotfiles --verbose stow
```
{
This installs the `dot-stowrc` and global ignore list.
### Install configurations
The `dot-install` script can be used to install specific configurations or all of them at once:
```bash
# Install everything
~/.dotfiles/dot-install all
# Install specific configurations
~/.dotfiles/dot-install git nvim tmux
# Install only bash aliases
~/.dotfiles/dot-install bash:aliases
## Installing configs
```sh
stow <config-pkg-name>
```
Run `~/.dotfiles/dot-install` without arguments to see all available options.
## Testing
A test script is included to verify the installation script works correctly:
```bash
~/.dotfiles/test-dot-install
`<config-pkg-name>` is just one of the directories of this repo.
To see what the effect would be without applying anything (dry-run):
```sh
stow -n <config-pkg-name>
```
This runs the installation in an isolated environment to ensure all symlinks are correctly created.
Nothing fancy, just creates mock home in `/tmp` and changes some envars used by the install script.
The "Testing" amounts to check symlinks exist. This is mostly usefull once extended to detect config packages (just the directories containing an a config), to remind me to add a function for it in `dot-install`.
## Included Configurations
* **Shells**: Bash, Fish, Zsh
* **Terminal**: Tmux, Zellij, Ghostty
* **Editors**: Vim, Neovim (with lazy.nvim)
* **Tools**: Git, Starship prompt, Borg backup
* **Tools**: Git, Starship prompt, Borg backup, Fossil (**TODO**)
* **Utilities**: Rsync filters
## Tools Tools

7
bash/dot-bash_logout Normal file
View File

@@ -0,0 +1,7 @@
# ~/.bash_logout: executed by bash(1) when login shell exits.
# when leaving the console clear the screen to increase privacy
if [ "$SHLVL" = 1 ]; then
[ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
fi

161
bash/dot-bashrc Normal file
View File

@@ -0,0 +1,161 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='eza --color'
alias dir='dir --color'
alias vdir='vdir --color'
# using ugrep instead of grep
alias grep='ug -G --color'
alias fgrep='ug -F --color'
alias egrep='ug -E --color'
fi
# colored GCC warnings and errors
export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -hF'
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# Source bash env list
source $HOME/.local/share/bash/bash_env
# Pet snippet manager
# register previous command
function prev() {
PREV=$(echo $(history | tail -n2 | head -n1) | sed 's/[0-9]* //')
sh -c "pet new $(printf %q "$PREV")"
}
# TODO if [ -d ~/.bashrc.d ]; then
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
. "$HOME/.cargo/env"
# Starship init
eval "$(starship init bash)"
# Homebrew
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
# Pagers
#export PAGER="$(which moar)"
# export MANPAGER="$PAGER"
# Github CLI aliases
alias ghce="gh copilot explain"
alias ghcs="gh copilot suggest"
# Util Aliases
# broot does this now
# alias fcd='cd "$(dirname "$(fzf)")"'
alias st='systemctl-tui'
alias task='./task.py'
# BEGIN hcloud
source <(hcloud completion bash)
# END hcloud
source /home/seb/.config/broot/launcher/bash/br
[ -f "/home/seb/.ghcup/env" ] && . "/home/seb/.ghcup/env" # ghcup-env
alias nodeman='ssh hwsec nodeman'

0
bash/bash_aliases → bash/dot-local/share/bash/bash_aliases
View File

0
bash/bash_completion → bash/dot-local/share/bash/bash_completion
View File

0
bash/bash_env → bash/dot-local/share/bash/bash_env
View File

0
bash/bash_functions → bash/dot-local/share/bash/bash_functions
View File

2
ghostty/config → ghostty/dot-config/ghostty/config
View File

@@ -7,7 +7,7 @@ window-width = 140
window-height = 35
window-save-state = always
auto-update = download
command = /home/linuxbrew/.linuxbrew/bin/nu
# command = /home/linuxbrew/.linuxbrew/bin/nu
keybind = ctrl+shift+l=goto_split:right
keybind = ctrl+shift+h=goto_split:left
keybind = ctrl+shift+j=goto_split:bottom

9
git/dot-config/git/config Normal file
View File

@@ -0,0 +1,9 @@
[user]
name = Sebastian Lenzlinger
email = s.m.lenzlinger@student.vu.nl
[init]
defaultBranch = devel
[core]
editor = nvim
[gpg "ssh"]
allowedSignersFile = /home/seb/.ssh/allowed_signers

17
git/dot-config/git/ignore Normal file
View File

@@ -0,0 +1,17 @@
.claude/
.claude
.claude/**
Claude.md
*.o
*.log
cache/
logs/
build/
# Python stuff
__pycache__/
*.pyc
# Environement/ 12 Factor
.env

10
git/gitconfig
View File

@@ -1,10 +0,0 @@
[user]
email = 74497638+sebaschi@users.noreply.github.com
name = Sebastian Lenzlinger
[http]
sslVerify = false
[filter "lfs"]
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process
required = true

4
gtk-3.0/dot-config/gtk-3.0/README.md Normal file
View File

@@ -0,0 +1,4 @@
# `lm-xia-cinnamon-1.css`
**Issue**: When tab switching windows in "show window" mode, it was hard to tell which window was the active window.
This gtk css config manages to give active windows a boarder, and additionally creates a shadow when tabbing through windows, where the non active windows are darker/dimmed

120
gtk-3.0/dot-config/gtk-3.0/lm-xia-cinnamon-1.css Normal file
View File

@@ -0,0 +1,120 @@
/* Active window colors */
@define-color active_window_bg_color @theme_selected_bg_color;
@define-color active_window_fg_color @theme_selected_fg_color;
/* Inactive window colors */
@define-color inactive_window_fg_color @theme_unfocused_fg_color;
@define-color inactive_window_bg_color @theme_unfocused_bg_color;
headerbar {
box-shadow: none;
}
headerbar:not(:backdrop),
headerbar:not(:backdrop) button:not(:backdrop) {
color: @active_window_fg_color;
background-color: @active_window_bg_color;
background-image: none;
border-color: @active_window_bg_color;
text-shadow: none;
-gtk-icon-shadow: none;
}
headerbar:backdrop,
headerbar:backdrop button:backdrop {
color: @inactive_window_fg_color;
background-color: @inactive_window_bg_color;
background-image: none;
border-color: @inactive_window_bg_color;
}
/* Disables the circle image around the close button,
as well the "shadow" image of inactive window icons
for Mint-Y-Legacy themes.
*/
headerbar button.titlebutton,
.titlebar button.titlebutton {
background-image: none;
}
headerbar button.titlebutton:not(:backdrop) {
color: @active_window_fg_color;
}
headerbar button.titlebutton:backdrop {
color: @inactive_window_fg_color;
}
/* Hover over icons will invert the image with a square image. */
headerbar button.titlebutton:hover:not(:backdrop){
color: @active_window_bg_color;
background-image: -gtk-gradient(radial, center center, 0, center center, 0.8, to(@active_window_fg_color), to(transparent));
}
headerbar button:hover:not(:backdrop){
color: @active_window_bg_color;
background-color: @active_window_fg_color;
}
/* Clicking an icon will change the hover representation from circle to square. */
headerbar button.titlebutton:active:not(:backdrop) {
color: @active_window_bg_color;
background-image: -gtk-gradient(radial, center center, 0, center center, 0.5, to(@active_window_fg_color), to(transparent));
}
/* Hover over icons will invert the image with a square image. */
headerbar button.titlebutton:hover:backdrop {
color: @inactive_window_bg_color;
background-image: -gtk-gradient(radial, center center, 0, center center, 0.8, to(@inactive_window_fg_color), to(transparent));
}
headerbar button:hover:backdrop {
color: @inactive_window_bg_color;
background-color: @inactive_window_fg_color;
}
/* Clicking an icon will change the hover representation from circle to square. */
headerbar button.titlebutton:active:backdrop {
color: @inactive_window_bg_color;
background-image: -gtk-gradient(radial, center center, 0, center center, 0.5, to(@inactive_window_fg_color), to(transparent));
}
/* Prevent dark squares appearing around unfocused
OSD app icons in new Mint-Y themes. */
.titlebar button.titlebutton.maximize:hover,
.titlebar button.titlebutton.minimize:hover,
.titlebar button.titlebutton.close:hover {
background-image: none;
}
/* Hover over the window close button makes it RED */
.titlebar button.titlebutton.close:hover {
background-color: #fc4f4f;
color: white;
}
/* Makes the border of the active window the same color as the selected theme's bg color and adds a black border on the inactive windows*/
.ssd decoration {
box-shadow: 0 1px 1px rgba(0, 0, 0, 0.16), 0 0 0 1px @active_window_bg_color;
border: none;
}
.ssd decoration:backdrop {
box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.16), 0 0 0 1px #000000;
}
/* Uncomment this section to increase the size of the icons. */
/*
headerbar {
min-height: 36px;
}
headerbar button.titlebutton,
headerbar button.titlebutton image {
min-width: 30px;
min-height: 30px;
-gtk-icon-transform: scale(1.5);
background-size: 28px 28px;
}
*/

5
helix/dot-config/helix/config.toml Normal file
View File

@@ -0,0 +1,5 @@
theme = "yellowed"
[editor.cursor-shape]
insert = "bar"

317
kanidm-eval/dot-config/eval_quickstart.md Normal file
View File

@@ -0,0 +1,317 @@
::: {#mdbook-help-container}
::: {#mdbook-help-popup}
## Keyboard shortcuts {#keyboard-shortcuts .mdbook-help-title}
<div>
Press [←]{.kbd} or [→]{.kbd} to navigate between chapters
Press [S]{.kbd} or [/]{.kbd} to search in the book
Press [?]{.kbd} to show this help
Press [Esc]{.kbd} to hide this help
</div>
:::
:::
::: {#body-container}
::: {#sidebar-resize-handle .sidebar-resize-handle}
::: sidebar-resize-indicator
:::
:::
::: {#page-wrapper .page-wrapper}
::: page
::: {#menu-bar-hover-placeholder}
:::
::: {#menu-bar .menu-bar .sticky}
::: left-buttons
- Auto
- Light
- Rust
- Coal
- Navy
- Ayu
:::
# Kanidm Administration {#kanidm-administration .menu-title}
::: right-buttons
[](print.html "Print this book"){aria-label="Print this book"}
[](https://github.com/kanidm/kanidm "Git repository"){aria-label="Git repository"}
[](https://github.com/kanidm/kanidm/edit/master/book/src/evaluation_quickstart.md "Suggest an edit"){aria-label="Suggest an edit"}
:::
:::
::: {#search-wrapper .hidden}
::: {#searchresults-outer .searchresults-outer .hidden}
::: {#searchresults-header .searchresults-header}
:::
:::
:::
::: {#content .content}
::: {role="main"}
# [Evaluation Quickstart](#evaluation-quickstart){.header}
This section will guide you through a quick setup of Kanidm for
evaluation. It\'s recommended that for a production deployment you
follow the steps in the [installation
chapter](installing_the_server.html) instead as there are a number of
security considerations you should be aware of for production
deployments.
## [Requirements](#requirements){.header}
The only thing you\'ll need for this is Docker, Podman, or a compatible
containerd environment installed and running.
## [Get the software](#get-the-software){.header}
``` bash
docker pull docker.io/kanidm/server:latest
```
## [Create your configuration](#create-your-configuration){.header}
Create `server.toml`. The important parts are the `domain` and `origin`.
For this example, if you use `localhost` and `https://localhost:8443`
this will match later commands.
``` toml
# The server configuration file version.
version = "2"
# The webserver bind address. Requires TLS certificates.
# If the port is set to 443 you may require the
# NET_BIND_SERVICE capability.
# Defaults to "127.0.0.1:8443"
bindaddress = "[::]:8443"
#
# The read-only ldap server bind address. Requires
# TLS certificates. If set to 636 you may require
# the NET_BIND_SERVICE capability.
# Defaults to "" (disabled)
# ldapbindaddress = "[::]:3636"
#
# The path to the kanidm database.
db_path = "/data/kanidm.db"
#
# If you have a known filesystem, kanidm can tune the
# database page size to match. Valid choices are:
# [zfs, other]
# If you are unsure about this leave it as the default
# (other). After changing this
# value you must run a vacuum task.
# - zfs:
# * sets database pagesize to 64k. You must set
# recordsize=64k on the zfs filesystem.
# - other:
# * sets database pagesize to 4k, matching most
# filesystems block sizes.
# db_fs_type = "zfs"
#
# The number of entries to store in the in-memory cache.
# Minimum value is 256. If unset
# an automatic heuristic is used to scale this.
# You should only adjust this value if you experience
# memory pressure on your system.
# db_arc_size = 2048
#
# TLS chain and key in pem format. Both must be present.
# If the server receives a SIGHUP, these files will be
# re-read and reloaded if their content is valid.
tls_chain = "/data/chain.pem"
tls_key = "/data/key.pem"
#
# The log level of the server. May be one of info, debug, trace
#
# NOTE: this can be overridden by the environment variable
# `KANIDM_LOG_LEVEL` at runtime
# Defaults to "info"
# log_level = "info"
#
# The DNS domain name of the server. This is used in a
# number of security-critical contexts
# such as webauthn, so it *must* match your DNS
# hostname. It is used to create
# security principal names such as `william@idm.example.com`
# so that in a (future) trust configuration it is possible
# to have unique Security Principal Names (spns) throughout
# the topology.
#
# ⚠️ WARNING ⚠️
#
# Changing this value WILL break many types of registered
# credentials for accounts including but not limited to
# webauthn, oauth tokens, and more.
# If you change this value you *must* run
# `kanidmd domain rename` immediately after.
domain = "idm.example.com"
#
# The origin for webauthn. This is the url to the server,
# with the port included if it is non-standard (any port
# except 443). This must match or be a descendent of the
# domain name you configure above. If these two items are
# not consistent, the server WILL refuse to start!
# origin = "https://idm.example.com"
origin = "https://idm.example.com:8443"
# HTTPS requests can be reverse proxied by a loadbalancer.
# To preserve the original IP of the caller, these systems
# will often add a header such as "Forwarded" or
# "X-Forwarded-For". Some other proxies can use the PROXY
# protocol v2 header.
# This setting allows configuration of the list of trusted
# IPs or IP ranges which can supply this header information,
# and which format the information is provided in.
# Defaults to "none" (no trusted sources)
# Only one option can be used at a time.
# [http_client_address_info]
# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
# # OR
# x-forward-for = ["127.0.0.1", "127.0.0.0/8"]
# LDAPS requests can be reverse proxied by a loadbalancer.
# To preserve the original IP of the caller, these systems
# can add a header such as the PROXY protocol v2 header.
# This setting allows configuration of the list of trusted
# IPs or IP ranges which can supply this header information,
# and which format the information is provided in.
# Defaults to "none" (no trusted sources)
# [ldap_client_address_info]
# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
[online_backup]
# The path to the output folder for online backups
path = "/data/kanidm/backups/"
# The schedule to run online backups (see https://crontab.guru/)
# every day at 22:00 UTC (default)
schedule = "00 22 * * *"
# four times a day at 3 minutes past the hour, every 6th hours
# schedule = "03 */6 * * *"
# We also support non standard cron syntax, with the following format:
# sec min hour day of month month day of week year
# (it's very similar to the standard cron syntax, it just allows to specify the seconds
# at the beginning and the year at the end)
# Number of backups to keep (default 7)
# versions = 7
```
## [Start the container](#start-the-container){.header}
First we create a docker volume to store the data, then we start the
container.
``` bash
docker volume create kanidmd
docker create --name kanidmd \
-p '443:8443' \
-p '636:3636' \
-v kanidmd:/data \
docker.io/kanidm/server:latest
```
## [Copy the configuration to the container](#copy-the-configuration-to-the-container){.header}
``` bash
docker cp server.toml kanidmd:/data/server.toml
```
## [Generate evaluation certificates](#generate-evaluation-certificates){.header}
``` bash
docker run --rm -i -t -v kanidmd:/data \
docker.io/kanidm/server:latest \
kanidmd cert-generate
```
## [Start Kanidmd Container](#start-kanidmd-container){.header}
``` bash
docker start kanidmd
```
## [Recover the Admin Role Passwords](#recover-the-admin-role-passwords){.header}
The `admin` account is used to configure Kanidm itself.
``` bash
docker exec -i -t kanidmd \
kanidmd recover-account admin
```
The `idm_admin` account is used to manage persons and groups.
``` shell
docker exec -i -t kanidmd \
kanidmd recover-account idm_admin
```
## [Setup the client configuration](#setup-the-client-configuration){.header}
This happens on your computer, not in the container.
``` toml
# ~/.config/kanidm
uri = "https://localhost:8443"
verify_ca = false
```
## [Check you can login](#check-you-can-login){.header}
``` bash
kanidm login --name idm_admin
```
## [Create an account for yourself](#create-an-account-for-yourself){.header}
``` shell
kanidm person create <your username> <Your Displayname>
```
## [Set up your account credentials](#set-up-your-account-credentials){.header}
``` shell
kanidm person credential create-reset-token <your username>
```
Then follow the presented steps.
## [What next?](#what-next){.header}
You\'ll probably want to set it up properly, so that other computers can
access it, so [choose a domain name](choosing_a_domain_name.html) and
complete the full server installation.
Alternatively you might like to try configurig one of these:
- [OAuth2](./integrations/oauth2.html) for web services
- [PAM and nsswitch](./integrations/pam_and_nsswitch.html) for
authentication to Linux systems
- [Replication](repl/), if one Kanidm instance isn\'t enough
:::
[](introduction_to_kanidm.html "Previous chapter"){.mobile-nav-chapters
.previous rel="prev" aria-label="Previous chapter"
aria-keyshortcuts="Left"}
[](supported_features.html "Next chapter"){.mobile-nav-chapters .next
rel="next prefetch" aria-label="Next chapter" aria-keyshortcuts="Right"}
::: {style="clear: both"}
:::
:::
:::
[](introduction_to_kanidm.html "Previous chapter"){.nav-chapters
.previous rel="prev" aria-label="Previous chapter"
aria-keyshortcuts="Left"}
[](supported_features.html "Next chapter"){.nav-chapters .next
rel="next prefetch" aria-label="Next chapter" aria-keyshortcuts="Right"}
:::
:::

481
kanidm-eval/dot-config/evaluation_quickstart.html Normal file
View File

@@ -0,0 +1,481 @@
<!DOCTYPE HTML>
<html lang="en" class="light sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Evaluation Quickstart - Kanidm Administration</title>
<!-- Custom HTML head -->
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="css/variables.css">
<link rel="stylesheet" href="css/general.css">
<link rel="stylesheet" href="css/chrome.css">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "";
const default_light_theme = "light";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('light')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Kanidm Administration</h1>
<div class="right-buttons">
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/kanidm/kanidm" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/kanidm/kanidm/edit/master/book/src/evaluation_quickstart.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<style>
.mdbook-alerts {
padding: 8px 16px;
margin-bottom: 16px;
border-left: 0.25em solid var(--mdbook-alerts-color);
}
.mdbook-alerts > *:first-child {
margin-top: 0;
}
.mdbook-alerts > *:last-child {
margin-bottom: 0;
}
.mdbook-alerts-title {
display: flex;
font-weight: 600;
align-items: center;
line-height: 1;
color: var(--mdbook-alerts-color);
text-transform: capitalize;
}
.mdbook-alerts-icon {
display: inline-block;
width: 1em;
height: 1em;
margin-right: 0.2em;
background-color: currentColor;
-webkit-mask: no-repeat center / 100%;
mask: no-repeat center / 100%;
-webkit-mask-image: var(--mdbook-alerts-icon);
mask-image: var(--mdbook-alerts-icon);
}
.mdbook-alerts-note {
--mdbook-alerts-color: rgb(9, 105, 218);
/* https://icon-sets.iconify.design/material-symbols/info-outline-rounded/ */
--mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 17q.425 0 .713-.288T13 16v-4q0-.425-.288-.712T12 11q-.425 0-.712.288T11 12v4q0 .425.288.713T12 17m0-8q.425 0 .713-.288T13 8q0-.425-.288-.712T12 7q-.425 0-.712.288T11 8q0 .425.288.713T12 9m0 13q-2.075 0-3.9-.788t-3.175-2.137q-1.35-1.35-2.137-3.175T2 12q0-2.075.788-3.9t2.137-3.175q1.35-1.35 3.175-2.137T12 2q2.075 0 3.9.788t3.175 2.137q1.35 1.35 2.138 3.175T22 12q0 2.075-.788 3.9t-2.137 3.175q-1.35 1.35-3.175 2.138T12 22m0-2q3.35 0 5.675-2.325T20 12q0-3.35-2.325-5.675T12 4Q8.65 4 6.325 6.325T4 12q0 3.35 2.325 5.675T12 20m0-8"%2F%3E%3C%2Fsvg%3E');
}
.mdbook-alerts-tip {
--mdbook-alerts-color: rgb(26, 127, 55);
/* https://icon-sets.iconify.design/material-symbols/lightbulb-outline-rounded/ */
--mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 22q-.825 0-1.412-.587T10 20h4q0 .825-.587 1.413T12 22m-3-3q-.425 0-.712-.288T8 18q0-.425.288-.712T9 17h6q.425 0 .713.288T16 18q0 .425-.288.713T15 19zm-.75-3q-1.725-1.025-2.738-2.75T4.5 9.5q0-3.125 2.188-5.312T12 2q3.125 0 5.313 2.188T19.5 9.5q0 2.025-1.012 3.75T15.75 16zm.6-2h6.3q1.125-.8 1.738-1.975T17.5 9.5q0-2.3-1.6-3.9T12 4Q9.7 4 8.1 5.6T6.5 9.5q0 1.35.613 2.525T8.85 14M12 14"%2F%3E%3C%2Fsvg%3E');
}
.mdbook-alerts-important {
--mdbook-alerts-color: rgb(130, 80, 223);
/* https://icon-sets.iconify.design/material-symbols/chat-info-outline-rounded/ */
--mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 7q.425 0 .713-.288T13 6q0-.425-.288-.712T12 5q-.425 0-.712.288T11 6q0 .425.288.713T12 7m0 8q.425 0 .713-.288T13 14v-4q0-.425-.288-.712T12 9q-.425 0-.712.288T11 10v4q0 .425.288.713T12 15m-6 3l-2.3 2.3q-.475.475-1.088.213T2 19.575V4q0-.825.588-1.412T4 2h16q.825 0 1.413.588T22 4v12q0 .825-.587 1.413T20 18zm-.85-2H20V4H4v13.125zM4 16V4z"%2F%3E%3C%2Fsvg%3E');
}
.mdbook-alerts-warning {
--mdbook-alerts-color: rgb(154, 103, 0);
/* https://icon-sets.iconify.design/material-symbols/warning-outline-rounded/ */
--mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M2.725 21q-.275 0-.5-.137t-.35-.363q-.125-.225-.137-.488t.137-.512l9.25-16q.15-.25.388-.375T12 3q.25 0 .488.125t.387.375l9.25 16q.15.25.138.513t-.138.487q-.125.225-.35.363t-.5.137zm1.725-2h15.1L12 6zM12 18q.425 0 .713-.288T13 17q0-.425-.288-.712T12 16q-.425 0-.712.288T11 17q0 .425.288.713T12 18m0-3q.425 0 .713-.288T13 14v-3q0-.425-.288-.712T12 10q-.425 0-.712.288T11 11v3q0 .425.288.713T12 15m0-2.5"%2F%3E%3C%2Fsvg%3E');
}
.mdbook-alerts-caution {
--mdbook-alerts-color: rgb(207, 34, 46);
/* https://icon-sets.iconify.design/material-symbols/brightness-alert-outline-rounded/ */
--mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 17q.425 0 .713-.288T13 16q0-.425-.288-.712T12 15q-.425 0-.712.288T11 16q0 .425.288.713T12 17m0-4q.425 0 .713-.288T13 12V8q0-.425-.288-.712T12 7q-.425 0-.712.288T11 8v4q0 .425.288.713T12 13m-3.35 7H6q-.825 0-1.412-.587T4 18v-2.65L2.075 13.4q-.275-.3-.425-.662T1.5 12q0-.375.15-.737t.425-.663L4 8.65V6q0-.825.588-1.412T6 4h2.65l1.95-1.925q.3-.275.663-.425T12 1.5q.375 0 .738.15t.662.425L15.35 4H18q.825 0 1.413.588T20 6v2.65l1.925 1.95q.275.3.425.663t.15.737q0 .375-.15.738t-.425.662L20 15.35V18q0 .825-.587 1.413T18 20h-2.65l-1.95 1.925q-.3.275-.662.425T12 22.5q-.375 0-.737-.15t-.663-.425zm.85-2l2.5 2.5l2.5-2.5H18v-3.5l2.5-2.5L18 9.5V6h-3.5L12 3.5L9.5 6H6v3.5L3.5 12L6 14.5V18zm2.5-6"%2F%3E%3C%2Fsvg%3E');
}
</style>
<h1 id="evaluation-quickstart"><a class="header" href="#evaluation-quickstart">Evaluation Quickstart</a></h1>
<p>This section will guide you through a quick setup of Kanidm for evaluation. It's recommended that
for a production deployment you follow the steps in the
<a href="installing_the_server.html">installation chapter</a> instead as there are a number of security
considerations you should be aware of for production deployments.</p>
<h2 id="requirements"><a class="header" href="#requirements">Requirements</a></h2>
<p>The only thing you'll need for this is Docker, Podman, or a compatible containerd environment
installed and running.</p>
<h2 id="get-the-software"><a class="header" href="#get-the-software">Get the software</a></h2>
<pre><code class="language-bash">docker pull docker.io/kanidm/server:latest
</code></pre>
<h2 id="create-your-configuration"><a class="header" href="#create-your-configuration">Create your configuration</a></h2>
<p>Create <code>server.toml</code>. The important parts are the <code>domain</code> and <code>origin</code>. For this example, if you
use <code>localhost</code> and <code>https://localhost:8443</code> this will match later commands.</p>
<pre><code class="language-toml"># The server configuration file version.
version = "2"
# The webserver bind address. Requires TLS certificates.
# If the port is set to 443 you may require the
# NET_BIND_SERVICE capability.
# Defaults to "127.0.0.1:8443"
bindaddress = "[::]:8443"
#
# The read-only ldap server bind address. Requires
# TLS certificates. If set to 636 you may require
# the NET_BIND_SERVICE capability.
# Defaults to "" (disabled)
# ldapbindaddress = "[::]:3636"
#
# The path to the kanidm database.
db_path = "/data/kanidm.db"
#
# If you have a known filesystem, kanidm can tune the
# database page size to match. Valid choices are:
# [zfs, other]
# If you are unsure about this leave it as the default
# (other). After changing this
# value you must run a vacuum task.
# - zfs:
# * sets database pagesize to 64k. You must set
# recordsize=64k on the zfs filesystem.
# - other:
# * sets database pagesize to 4k, matching most
# filesystems block sizes.
# db_fs_type = "zfs"
#
# The number of entries to store in the in-memory cache.
# Minimum value is 256. If unset
# an automatic heuristic is used to scale this.
# You should only adjust this value if you experience
# memory pressure on your system.
# db_arc_size = 2048
#
# TLS chain and key in pem format. Both must be present.
# If the server receives a SIGHUP, these files will be
# re-read and reloaded if their content is valid.
tls_chain = "/data/chain.pem"
tls_key = "/data/key.pem"
#
# The log level of the server. May be one of info, debug, trace
#
# NOTE: this can be overridden by the environment variable
# `KANIDM_LOG_LEVEL` at runtime
# Defaults to "info"
# log_level = "info"
#
# The DNS domain name of the server. This is used in a
# number of security-critical contexts
# such as webauthn, so it *must* match your DNS
# hostname. It is used to create
# security principal names such as `william@idm.example.com`
# so that in a (future) trust configuration it is possible
# to have unique Security Principal Names (spns) throughout
# the topology.
#
# ⚠️ WARNING ⚠️
#
# Changing this value WILL break many types of registered
# credentials for accounts including but not limited to
# webauthn, oauth tokens, and more.
# If you change this value you *must* run
# `kanidmd domain rename` immediately after.
domain = "idm.example.com"
#
# The origin for webauthn. This is the url to the server,
# with the port included if it is non-standard (any port
# except 443). This must match or be a descendent of the
# domain name you configure above. If these two items are
# not consistent, the server WILL refuse to start!
# origin = "https://idm.example.com"
origin = "https://idm.example.com:8443"
# HTTPS requests can be reverse proxied by a loadbalancer.
# To preserve the original IP of the caller, these systems
# will often add a header such as "Forwarded" or
# "X-Forwarded-For". Some other proxies can use the PROXY
# protocol v2 header.
# This setting allows configuration of the list of trusted
# IPs or IP ranges which can supply this header information,
# and which format the information is provided in.
# Defaults to "none" (no trusted sources)
# Only one option can be used at a time.
# [http_client_address_info]
# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
# # OR
# x-forward-for = ["127.0.0.1", "127.0.0.0/8"]
# LDAPS requests can be reverse proxied by a loadbalancer.
# To preserve the original IP of the caller, these systems
# can add a header such as the PROXY protocol v2 header.
# This setting allows configuration of the list of trusted
# IPs or IP ranges which can supply this header information,
# and which format the information is provided in.
# Defaults to "none" (no trusted sources)
# [ldap_client_address_info]
# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
[online_backup]
# The path to the output folder for online backups
path = "/data/kanidm/backups/"
# The schedule to run online backups (see https://crontab.guru/)
# every day at 22:00 UTC (default)
schedule = "00 22 * * *"
# four times a day at 3 minutes past the hour, every 6th hours
# schedule = "03 */6 * * *"
# We also support non standard cron syntax, with the following format:
# sec min hour day of month month day of week year
# (it's very similar to the standard cron syntax, it just allows to specify the seconds
# at the beginning and the year at the end)
# Number of backups to keep (default 7)
# versions = 7
</code></pre>
<h2 id="start-the-container"><a class="header" href="#start-the-container">Start the container</a></h2>
<p>First we create a docker volume to store the data, then we start the container.</p>
<pre><code class="language-bash">docker volume create kanidmd
docker create --name kanidmd \
-p '443:8443' \
-p '636:3636' \
-v kanidmd:/data \
docker.io/kanidm/server:latest
</code></pre>
<h2 id="copy-the-configuration-to-the-container"><a class="header" href="#copy-the-configuration-to-the-container">Copy the configuration to the container</a></h2>
<pre><code class="language-bash">docker cp server.toml kanidmd:/data/server.toml
</code></pre>
<h2 id="generate-evaluation-certificates"><a class="header" href="#generate-evaluation-certificates">Generate evaluation certificates</a></h2>
<pre><code class="language-bash">docker run --rm -i -t -v kanidmd:/data \
docker.io/kanidm/server:latest \
kanidmd cert-generate
</code></pre>
<h2 id="start-kanidmd-container"><a class="header" href="#start-kanidmd-container">Start Kanidmd Container</a></h2>
<pre><code class="language-bash">docker start kanidmd
</code></pre>
<h2 id="recover-the-admin-role-passwords"><a class="header" href="#recover-the-admin-role-passwords">Recover the Admin Role Passwords</a></h2>
<p>The <code>admin</code> account is used to configure Kanidm itself.</p>
<pre><code class="language-bash">docker exec -i -t kanidmd \
kanidmd recover-account admin
</code></pre>
<p>The <code>idm_admin</code> account is used to manage persons and groups.</p>
<pre><code class="language-shell">docker exec -i -t kanidmd \
kanidmd recover-account idm_admin
</code></pre>
<h2 id="setup-the-client-configuration"><a class="header" href="#setup-the-client-configuration">Setup the client configuration</a></h2>
<p>This happens on your computer, not in the container.</p>
<pre><code class="language-toml"># ~/.config/kanidm
uri = "https://localhost:8443"
verify_ca = false
</code></pre>
<h2 id="check-you-can-login"><a class="header" href="#check-you-can-login">Check you can login</a></h2>
<pre><code class="language-bash">kanidm login --name idm_admin
</code></pre>
<h2 id="create-an-account-for-yourself"><a class="header" href="#create-an-account-for-yourself">Create an account for yourself</a></h2>
<pre><code class="language-shell">kanidm person create &lt;your username&gt; &lt;Your Displayname&gt;
</code></pre>
<h2 id="set-up-your-account-credentials"><a class="header" href="#set-up-your-account-credentials">Set up your account credentials</a></h2>
<pre><code class="language-shell">kanidm person credential create-reset-token &lt;your username&gt;
</code></pre>
<p>Then follow the presented steps.</p>
<h2 id="what-next"><a class="header" href="#what-next">What next?</a></h2>
<p>You'll probably want to set it up properly, so that other computers can access it, so
<a href="choosing_a_domain_name.html">choose a domain name</a> and complete the full server installation.</p>
<p>Alternatively you might like to try configurig one of these:</p>
<ul>
<li><a href="./integrations/oauth2.html">OAuth2</a> for web services</li>
<li><a href="./integrations/pam_and_nsswitch.html">PAM and nsswitch</a> for authentication to Linux systems</li>
<li><a href="repl/">Replication</a>, if one Kanidm instance isn't enough</li>
</ul>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="introduction_to_kanidm.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="supported_features.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="introduction_to_kanidm.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="supported_features.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="elasticlunr.min.js"></script>
<script src="mark.min.js"></script>
<script src="searcher.js"></script>
<script src="clipboard.min.js"></script>
<script src="highlight.js"></script>
<script src="book.js"></script>
<!-- Custom JS scripts -->
<script src="mermaid.min.js"></script>
<script src="mermaid-init.js"></script>
</div>
</body>
</html>

2
kanidm-eval/dot-config/kanidm Normal file
View File

@@ -0,0 +1,2 @@
uri = "https://localhost:8443"
verify_ca = false

171
kanidm-eval/dot-config/tasks Executable file
View File

@@ -0,0 +1,171 @@
#!/usr/bin/env bash
# Source the task library for help functionality
TASKLIB_PATH="${TASKLIB_PATH:-${HOME}/.local/lib/shellib/tasklib.sh}"
if [[ -f "$TASKLIB_PATH" ]]; then
source "$TASKLIB_PATH"
fi
# Configuration variables with defaults
# URLs and remote resources
KANIDM_SERVER_CONFIG_URL="${KANIDM_SERVER_CONFIG_URL:-https://raw.githubusercontent.com/kanidm/kanidm/master/examples/server.toml}"
KANIDM_DOCKER_IMAGE="${KANIDM_DOCKER_IMAGE:-docker.io/kanidm/server:latest}"
# File paths
SERVER_CONFIG_FILE="${SERVER_CONFIG_FILE:-server.toml}"
SERVER_LOCALHOST_CONFIG="${SERVER_LOCALHOST_CONFIG:-server_localhost.toml}"
CLIENT_CONFIG_FILE="${CLIENT_CONFIG_FILE:-./kanidm}"
# Container and volume settings
CONTAINER_NAME="${CONTAINER_NAME:-kanidmd}"
VOLUME_NAME="${VOLUME_NAME:-kanidmd}"
CONTAINER_DATA_PATH="${CONTAINER_DATA_PATH:-/data}"
# Network settings
HTTPS_PORT="${HTTPS_PORT:-8443}"
LDAP_PORT="${LDAP_PORT:-3636}"
KANIDM_URI="${KANIDM_URI:-https://localhost:8443}"
# Domain settings
ORIGINAL_DOMAIN="${ORIGINAL_DOMAIN:-idm.example.com}"
TARGET_DOMAIN="${TARGET_DOMAIN:-localhost}"
# Account names
ADMIN_ACCOUNT="${ADMIN_ACCOUNT:-admin}"
IDM_ADMIN_ACCOUNT="${IDM_ADMIN_ACCOUNT:-idm_admin}"
# Package lists
FEDORA_SYSTEM_DEPS="${FEDORA_SYSTEM_DEPS:-systemd-devel sqlite-devel openssl-devel pam-devel clang lld}"
FEDORA_WEBUI_DEPS="${FEDORA_WEBUI_DEPS:-perl-FindBin perl-File-Compare}"
fedora_build_notes () {
# Usage: Display build requirements and notes for Fedora systems
echo "NOTE: clang and lld are required to build Kanidm for performance"
echo "Rustup toolchain is needed"
}
install_system_lib_deps_fedora () {
# Usage: Install system library dependencies required for building Kanidm on Fedora
dnf install ${FEDORA_SYSTEM_DEPS}
}
install_webui_additional_pkgs () {
# Usage: Install additional packages required for the Kanidm web UI on Fedora
dnf install ${FEDORA_WEBUI_DEPS}
}
get_server_dev_config () {
# Usage: Download the example server configuration file from the Kanidm repository
wget "${KANIDM_SERVER_CONFIG_URL}"
}
make_localhost_config () {
# Usage: Create a localhost version of the server config by replacing the domain
if [[ -f "${SERVER_CONFIG_FILE}" ]];then
sed "s/${ORIGINAL_DOMAIN}/${TARGET_DOMAIN}/g" "${SERVER_CONFIG_FILE}" > "${SERVER_LOCALHOST_CONFIG}"
else
echo "First get example ${SERVER_CONFIG_FILE}!"
fi
}
get_the_software () {
# Usage: Pull the Kanidm Docker image using podman
podman pull "${KANIDM_DOCKER_IMAGE}"
}
create_eval_config () {
# Usage: Download and configure the server config file for evaluation
get_server_dev_config && make_localhost_config
}
create_kanidmd_volume () {
# Usage: Create a podman volume for persistent Kanidm data storage
# First create volume for the data!
podman volume create "${VOLUME_NAME}"
}
start_eval_container () {
# Usage: Create the Kanidm container with proper ports and volume mappings
create_kanidmd_volume && podman create --name "${CONTAINER_NAME}" \
-p "${HTTPS_PORT}:${HTTPS_PORT}" \
-p "${LDAP_PORT}:${LDAP_PORT}" \
-v "${VOLUME_NAME}:${CONTAINER_DATA_PATH}" \
"${KANIDM_DOCKER_IMAGE}"
}
copy_config_to_container () {
# Usage: Copy the localhost configuration file into the container
podman cp "${SERVER_LOCALHOST_CONFIG}" "${CONTAINER_NAME}:${CONTAINER_DATA_PATH}/${SERVER_CONFIG_FILE}"
}
generate_eval_certs () {
# Usage: Generate self-signed certificates for the evaluation server
podman run --rm -i -t -v "${VOLUME_NAME}:${CONTAINER_DATA_PATH}" \
"${KANIDM_DOCKER_IMAGE}" \
kanidmd cert-generate
}
recover_admin_pw () {
# Usage: Recover/reset the admin account password
podman exec -i -t "${CONTAINER_NAME}" \
kanidmd recover-account "${ADMIN_ACCOUNT}"
}
recover_idm_admin_pw () {
# Usage: Recover/reset the idm_admin account password
podman exec -i -t "${CONTAINER_NAME}" \
kanidmd recover-account "${IDM_ADMIN_ACCOUNT}"
}
setup_eval_client_config () {
# Usage: Create a client configuration file for connecting to the evaluation server
cat <<EOF > "${CLIENT_CONFIG_FILE}"
uri = "${KANIDM_URI}"
verify_ca = false
EOF
}
check_can_login () {
# Usage: Test if the kanidm client can login to the server
if ! command -v kanidm > /dev/null; then
echo "First install kanidm client tools!"
else
kanidm login --name "${IDM_ADMIN_ACCOUNT}"
fi
}
create_account () {
# Usage: Create a new user account in Kanidm
# Usage:
# kanidm person create <username> <Display Name>
echo "Implement create_account"
}
setup_account_credentials () {
# Usage: Set up credentials for a user account
# Usage:
# kanidm person credential create-reset-token <username>
echo "Implement setup_account_credentials"
}
help() {
# Usage: Show this help message
if declare -f show_task_help >/dev/null 2>&1; then
show_task_help "$0"
else
echo "Task library not found. Available tasks:"
declare -F | awk '{print $3}' | grep -v '^_' | sort
fi
}
# make it runnable
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
if [[ $# -eq 0 ]] || [[ "$1" == "help" ]] || [[ "$1" == "--help" ]] || [[ "$1" == "-h" ]]; then
help
else
"$@"
fi
fi

0
nvim/.gitignore → neovim/.gitignore vendored
View File

0
nvim/init.lua → neovim/dot-config/init.lua
View File

0
nvim/lazyvim.json → neovim/dot-config/lazyvim.json
View File

0
nvim/lua/config/autocmds.lua → neovim/dot-config/lua/config/autocmds.lua
View File

0
nvim/lua/config/keymaps.lua → neovim/dot-config/lua/config/keymaps.lua
View File

0
nvim/lua/config/lazy.lua → neovim/dot-config/lua/config/lazy.lua
View File

0
nvim/lua/config/options.lua → neovim/dot-config/lua/config/options.lua
View File

0
nvim/lua/plugins/example.lua → neovim/dot-config/lua/plugins/example.lua
View File

0
nvim/lua/plugins/glow.lua → neovim/dot-config/lua/plugins/glow.lua
View File

3
neovim/dot-config/stylua.toml Normal file
View File

@@ -0,0 +1,3 @@
indent_type = "Spaces"
indent_width = 4
column_width = 120

15
nvim/.neoconf.json
View File

@@ -1,15 +0,0 @@
{
"neodev": {
"library": {
"enabled": true,
"plugins": true
}
},
"neoconf": {
"plugins": {
"lua_ls": {
"enabled": true
}
}
}
}

201
nvim/LICENSE
View File

@@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

4
nvim/README.md
View File

@@ -1,4 +0,0 @@
# 💤 LazyVim
A starter template for [LazyVim](https://github.com/LazyVim/LazyVim).
Refer to the [documentation](https://lazyvim.github.io/installation) to get started.

3
nvim/stylua.toml
View File

@@ -1,3 +0,0 @@
indent_type = "Spaces"
indent_width = 2
column_width = 120

37
pet/dot-config/pet/config.toml Normal file
View File

@@ -0,0 +1,37 @@
[GHEGist]
Public = false
access_token = ""
auto_sync = false
base_url = ""
file_name = ""
gist_id = ""
upload_url = ""
[General]
Backend = "gist"
Cmd = []
Color = false
Column = 40
Editor = "sensible-editor"
Format = "[$description]: $command $tags"
SelectCmd = "fzf --ansi --layout=reverse --border --height=90% --pointer=* --cycle --prompt=Snippets:"
SnippetDirs = []
SnippetFile = "/home/seb/.config/pet/snippet.toml"
SortBy = ""
[Gist]
Public = false
access_token = ""
auto_sync = false
file_name = "pet-snippet.toml"
gist_id = ""
[GitLab]
ID = ""
Url = ""
Visibility = "private"
access_token = ""
auto_sync = false
file_name = "pet-snippet.toml"
skip_ssl = false

5
pet/dot-config/pet/notes.md Normal file
View File

@@ -0,0 +1,5 @@
# IMPORTANT
The two `prev.{bash, zsh}` functions need to go into `.bashrc` or `.zshrc` respectively.
The `pet-slect.*` need to be put in the rc EXACTLY AS IS!!!. Else the keys aren't rebound.
Those files are taken from [this](https://github.com/knqyf263/pet) Readme. As such,
that repos license might apply!

2073
pet/dot-config/pet/pet-repo-README.md Normal file
View File

File diff suppressed because one or more lines are too long

6
pet/dot-config/pet/pre-select.bash Normal file
View File

@@ -0,0 +1,6 @@
function pet-select() {
BUFFER=$(pet search --query "$READLINE_LINE")
READLINE_LINE=$BUFFER
READLINE_POINT=${#BUFFER}
}
bind -x '"\C-x\C-r": pet-select'

8
pet/dot-config/pet/pre-select.zsh Normal file
View File

@@ -0,0 +1,8 @@
function pet-select() {
BUFFER=$(pet search --query "$LBUFFER")
CURSOR=$#BUFFER
zle redisplay
}
zle -N pet-select
stty -ixon
bindkey '^s' pet-select

4
pet/dot-config/pet/prev.bash Normal file
View File

@@ -0,0 +1,4 @@
function prev() {
PREV=$(echo `history | tail -n2 | head -n1` | sed 's/[0-9]* //')
sh -c "pet new `printf %q "$PREV"`"
}

4
pet/dot-config/pet/prev.zsh Normal file
View File

@@ -0,0 +1,4 @@
function prev() {
PREV=$(fc -lrn | head -n 1)
sh -c "pet new `printf %q "$PREV"`"
}

12
pet/dot-config/pet/snippet.toml Normal file
View File

@@ -0,0 +1,12 @@
[[Snippets]]
Description = "Get root shell while preserving environment variables."
Output = ""
Tag = ["superuser", "bash", "sh", "envvar"]
command = "sudo -E --shell"
[[Snippets]]
Description = "Preprocess slabinfo header so that columns align correctly"
Output = ""
Tag = []
command = "sed 's/# //' /proc/slabinfo | column -t"

13
pijul/config.toml Normal file
View File

@@ -0,0 +1,13 @@
colors = "always"
pager = "always"
unrecorded_changes = 1
[author]
name = "sebaschi"
full_name = "Sebastian Lenzlinger"
email = "eswer@eswo.ch"
key_path = "/home/seb/.ssh/id_ed25519.pub"
[ignore_kinds]
rust = ["target", "*.perf"]
python = [ "dist", "build", "eggs", "__pycache__"]

24
resources/PYTHON-INSTALL-IMPROVEMENTS.md Normal file
View File

@@ -0,0 +1,24 @@
# Python Dot-Install Improvements
## Key Improvements
1. Centralized config registry system that makes adding new configs much easier
2. Each config only needs to be registered once with its source, destination, and optional post-actions
3. XDG_CONFIG_HOME is properly used if available
4. Directory creation is handled automatically as part of the installation process
5. Commands are generated dynamically from the registry
6. Maintains the same command structure as the original script
## Adding New Configurations
To add a new configuration, simply register it using the `register_config` function:
```python
register_config(
'new_config', # Name
DOTFILES_DIR / "path" / "to" / "file", # Source path (or list of paths)
CONFIG_DIR / "destination" / "path", # Destination path (or list of paths)
[optional_post_action_functions], # Optional post-installation actions
"Description of this configuration" # Description (for help text)
)
```

30
dot-install → resources/dot-install
View File

@@ -85,7 +85,6 @@ add_source_to_bashrc() {
fi
}
# Install bash aliases
install_bash_aliases() {
echo "Installing bash aliases..."
@@ -94,7 +93,6 @@ install_bash_aliases() {
add_source_to_bashrc "bash_aliases"
}
# Install bash completion
install_bash_completion() {
echo "Installing bash completion..."
@@ -103,7 +101,6 @@ install_bash_completion() {
add_source_to_bashrc "bash_completion"
}
# Install bash environment
install_bash_env() {
echo "Installing bash environment..."
@@ -112,7 +109,6 @@ install_bash_env() {
add_source_to_bashrc "bash_env"
}
# Install bash functions
install_bash_functions() {
echo "Installing bash functions..."
@@ -121,7 +117,6 @@ install_bash_functions() {
add_source_to_bashrc "bash_functions"
}
# Install fedora aliases
install_bash_fedora() {
echo "Installing fedora aliases..."
@@ -130,7 +125,6 @@ install_bash_fedora() {
add_source_to_bashrc "fedora_aliases"
}
# Install bash configuration (all components)
install_bash() {
echo "Installing all bash configuration..."
@@ -144,7 +138,6 @@ install_bash() {
link_file "$CONFIG_DIR/bash" "$HOME/.bash_dir"
}
# Install borg backup profiles
install_borg() {
echo "Installing borg backup profiles..."
@@ -152,7 +145,6 @@ install_borg() {
link_file "$DOTFILES_DIR/borg-backup-profiles" "$CONFIG_DIR/borg"
}
# Install fish configuration
install_fish() {
echo "Installing fish configuration..."
@@ -160,7 +152,6 @@ install_fish() {
link_file "$DOTFILES_DIR/fish" "$CONFIG_DIR/fish"
}
# Install ghostty configuration
install_ghostty() {
echo "Installing ghostty configuration..."
@@ -168,14 +159,12 @@ install_ghostty() {
link_file "$DOTFILES_DIR/ghostty" "$CONFIG_DIR/ghostty"
}
# Install git configuration
install_git() {
echo "Installing git configuration..."
link_file "$DOTFILES_DIR/git/gitconfig" "$HOME/.gitconfig"
}
# Install neovim configuration
install_nvim() {
echo "Installing neovim configuration..."
@@ -183,14 +172,12 @@ install_nvim() {
link_file "$DOTFILES_DIR/nvim" "$CONFIG_DIR/nvim"
}
# Install rsync filter rules
install_rsync() {
echo "Installing rsync filter rules..."
link_file "$DOTFILES_DIR/sync-filter-fedora/dot-rsync-filter-home" "$HOME/.rsync-filter-home"
}
# Install starship configuration
install_starship() {
echo "Installing starship configuration..."
@@ -198,14 +185,12 @@ install_starship() {
link_file "$DOTFILES_DIR/dot-config/starship.toml" "$CONFIG_DIR/starship.toml"
}
# Install tmux configuration
install_tmux() {
echo "Installing tmux configuration..."
link_file "$DOTFILES_DIR/tmux/tmux.conf" "$HOME/.tmux.conf"
}
# Install vim configuration
install_vim() {
echo "Installing vim configuration..."
@@ -215,7 +200,6 @@ install_vim() {
link_file "$DOTFILES_DIR/vim/initvim" "$HOME/.vim/init.vim"
}
# Install zellij configuration
install_zellij() {
echo "Installing zellij configuration..."
@@ -223,14 +207,20 @@ install_zellij() {
link_file "$DOTFILES_DIR/dot-config/zellij.kdl" "$CONFIG_DIR/zellij/config.kdl"
}
# Install zsh configuration
install_zsh() {
echo "Installing zsh configuration..."
link_file "$DOTFILES_DIR/zsh/zshrc" "$HOME/.zshrc"
}
# Install all packages
# Install vimconfig as config for neovim
install_vim_neovim() {
echo "Installing init.vim as config for *neovim*"
ensure_dir "$CONFIG_DIR/nvim"
link_file "$DOTFILES_DIR/vim/initvim" "$CONFIG_DIR/nvim/init.vim"
}
install_all() {
install_bash
install_borg
@@ -246,7 +236,6 @@ install_all() {
install_zsh
}
# Parse command line arguments
if [ $# -eq 0 ]; then
usage
fi
@@ -264,6 +253,7 @@ for arg in "$@"; do
ghostty) install_ghostty ;;
git) install_git ;;
nvim) install_nvim ;;
vimnvim) install_vim_neovim ;;
rsync) install_rsync ;;
starship) install_starship ;;
tmux) install_tmux ;;
@@ -275,4 +265,4 @@ for arg in "$@"; do
esac
done
echo "Installation complete!"
echo "Installation complete!"

354
resources/dot-install.py Executable file
View File

@@ -0,0 +1,354 @@
#!/usr/bin/env python3
"""
dot-install: Create symlinks for dotfiles configurations
"""
import os
import sys
import click
import shutil
from pathlib import Path
# Global variables
DOTFILES_DIR = Path(__file__).resolve().parent
CONFIG_DIR = Path(os.environ.get('XDG_CONFIG_HOME', '')) if os.environ.get('XDG_CONFIG_HOME') else Path.home() / ".config"
# Config registry to hold all configurations
CONFIG_REGISTRY = {}
def register_config(name, src_paths, dest_paths, post_actions=None, description=None):
"""Register a configuration in the central registry"""
if not isinstance(src_paths, list):
src_paths = [src_paths]
if not isinstance(dest_paths, list):
dest_paths = [dest_paths]
CONFIG_REGISTRY[name] = {
'src_paths': src_paths,
'dest_paths': dest_paths,
'post_actions': post_actions or [],
'description': description or f"Install {name} configuration"
}
# Helper functions
def ensure_dir(directory):
"""Create directory if it doesn't exist"""
if not directory.exists():
directory.mkdir(parents=True)
click.echo(f"Created directory: {directory}")
def link_file(src, dest):
"""Create a symlink and handle existing files"""
# Check if destination already exists
if dest.exists():
if dest.is_symlink():
# If it's already a symlink, check if it points to our file
if dest.resolve() == src.resolve():
click.echo(f"Link already exists: {dest} -> {src}")
return
else:
click.echo(f"Removing existing link: {dest}")
dest.unlink()
else:
# If it's a regular file or directory
backup = Path(f"{dest}.bak")
click.echo(f"Backing up existing file: {dest} -> {backup}")
shutil.move(dest, backup)
# Create the symlink
dest.symlink_to(src)
click.echo(f"Created link: {dest} -> {src}")
def add_source_to_bashrc(file):
"""Add source command to bashrc if needed"""
bashrc = Path.home() / ".bashrc"
config_path = f"$HOME/.config/bash/{file}"
if bashrc.exists():
with open(bashrc, 'r') as f:
content = f.read()
if f"source {config_path}" not in content:
click.echo(f"Adding source command for {file} to .bashrc")
with open(bashrc, 'a') as f:
f.write(f"\n[ -f {config_path} ] && source {config_path}\n")
else:
click.echo(f"Warning: {bashrc} does not exist. You'll need to manually source {file}.")
def install_config(name):
"""Install a configuration from the registry"""
if name not in CONFIG_REGISTRY:
click.echo(f"Unknown configuration: {name}")
return
cfg = CONFIG_REGISTRY[name]
click.echo(f"Installing {name} configuration...")
# Ensure directories exist for all destination paths
for dest in cfg['dest_paths']:
ensure_dir(dest.parent)
# Create symlinks
for src, dest in zip(cfg['src_paths'], cfg['dest_paths']):
link_file(src, dest)
# Run any post-installation actions
for action in cfg['post_actions']:
action()
# Register bash components
def register_bash_configs():
# Bash aliases
register_config(
'bash:aliases',
DOTFILES_DIR / "bash" / "bash_aliases",
CONFIG_DIR / "bash" / "bash_aliases",
[lambda: add_source_to_bashrc("bash_aliases")],
"Install bash aliases"
)
# Bash completion
register_config(
'bash:completion',
DOTFILES_DIR / "bash" / "bash_completion",
CONFIG_DIR / "bash" / "bash_completion",
[lambda: add_source_to_bashrc("bash_completion")],
"Install bash completion"
)
# Bash environment
register_config(
'bash:env',
DOTFILES_DIR / "bash" / "bash_env",
CONFIG_DIR / "bash" / "bash_env",
[lambda: add_source_to_bashrc("bash_env")],
"Install bash environment"
)
# Bash functions
register_config(
'bash:functions',
DOTFILES_DIR / "bash" / "bash_functions",
CONFIG_DIR / "bash" / "bash_functions",
[lambda: add_source_to_bashrc("bash_functions")],
"Install bash functions"
)
# Fedora aliases
register_config(
'bash:fedora',
DOTFILES_DIR / "bash" / "fedora_aliases",
CONFIG_DIR / "bash" / "fedora_aliases",
[lambda: add_source_to_bashrc("fedora_aliases")],
"Install fedora aliases"
)
# Full bash (meta-configuration)
register_config(
'bash',
[], # No direct files, will call each component
[], # No direct destinations
[
lambda: install_config('bash:aliases'),
lambda: install_config('bash:completion'),
lambda: install_config('bash:env'),
lambda: install_config('bash:functions'),
lambda: install_config('bash:fedora'),
lambda: link_file(CONFIG_DIR / "bash", Path.home() / ".bash_dir")
],
"Install all bash configuration"
)
# Register all other configurations
def register_all_configs():
register_bash_configs()
# Borg backup profiles
register_config(
'borg',
DOTFILES_DIR / "borg-backup-profiles",
CONFIG_DIR / "borg",
description="Install borg backup profiles"
)
# Fish shell
register_config(
'fish',
DOTFILES_DIR / "fish",
CONFIG_DIR / "fish",
description="Install fish shell configuration"
)
# Ghostty terminal
register_config(
'ghostty',
DOTFILES_DIR / "ghostty",
CONFIG_DIR / "ghostty",
description="Install ghostty terminal configuration"
)
# Git
register_config(
'git',
DOTFILES_DIR / "git" / "gitconfig",
Path.home() / ".gitconfig",
description="Install git configuration"
)
# Neovim
register_config(
'nvim',
DOTFILES_DIR / "nvim",
CONFIG_DIR / "nvim",
description="Install neovim configuration"
)
# Rsync filter rules
register_config(
'rsync',
DOTFILES_DIR / "sync-filter-fedora" / "dot-rsync-filter-home",
Path.home() / ".rsync-filter-home",
description="Install rsync filter rules"
)
# Starship prompt
register_config(
'starship',
DOTFILES_DIR / "dot-config" / "starship.toml",
CONFIG_DIR / "starship.toml",
description="Install starship prompt configuration"
)
# Tmux
register_config(
'tmux',
DOTFILES_DIR / "tmux" / "tmux.conf",
Path.home() / ".tmux.conf",
description="Install tmux configuration"
)
# Vim
register_config(
'vim',
[
DOTFILES_DIR / "vim" / "vimrc",
DOTFILES_DIR / "vim" / "initvim"
],
[
Path.home() / ".vimrc",
Path.home() / ".vim" / "init.vim"
],
description="Install vim configuration"
)
# Vim config as neovim config
register_config(
'vimnvim',
DOTFILES_DIR / "vim" / "initvim",
CONFIG_DIR / "nvim" / "init.vim",
description="Install vim config as config for neovim"
)
# Zellij
register_config(
'zellij',
DOTFILES_DIR / "dot-config" / "zellij.kdl",
CONFIG_DIR / "zellij" / "config.kdl",
description="Install zellij configuration"
)
# Zsh
register_config(
'zsh',
DOTFILES_DIR / "zsh" / "zshrc",
Path.home() / ".zshrc",
description="Install zsh configuration"
)
# All (meta-configuration)
all_configs = [
'bash', 'borg', 'fish', 'ghostty', 'git', 'nvim',
'rsync', 'starship', 'tmux', 'vim', 'zellij', 'zsh'
]
register_config(
'all',
[],
[],
[lambda cfg=cfg: install_config(cfg) for cfg in all_configs],
"Install all configurations"
)
# Register all configurations
register_all_configs()
# Main CLI command group
@click.group(invoke_without_command=True)
@click.pass_context
def cli(ctx):
"""Create symlinks for dotfiles configurations"""
# If no subcommand is provided, show help
if ctx.invoked_subcommand is None:
click.echo(ctx.get_help())
# Dynamically create commands for each configuration
for name, cfg in CONFIG_REGISTRY.items():
# Skip bash sub-commands to handle them specially
if ':' in name:
continue
# Create a command function dynamically
def make_command(name=name):
@cli.command(name=name)
def cmd():
install_config(name)
cmd.__doc__ = cfg['description']
return cmd
# Add the command to the CLI
make_command()
# Create bash command group
@cli.group()
def bash():
"""Bash configuration files"""
pass
# Create bash subcommands
for name, cfg in CONFIG_REGISTRY.items():
if name.startswith('bash:'):
sub_name = name.split(':')[1]
def make_subcommand(name=name, sub_name=sub_name):
@bash.command(name=sub_name)
def cmd():
install_config(name)
cmd.__doc__ = cfg['description']
return cmd
make_subcommand()
# Add bash "all" command
@bash.command('all')
def bash_all():
"""Install all bash configurations"""
install_config('bash')
if __name__ == "__main__":
cli()

0
test-dot-install → resources/test-dot-install
View File

45
setup.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/bin/bash
source ./shellib/dot-local/lib/shellib/tasklib.sh
get_gnu_stow_latest_tar_gz() {
wget --secure-protocol=auto https://ftpmirror.gnu.org/gnu/stow/stow-latest.tar.gz || {
echo "Error: Failed to download GNU Stow" >&2
return 1
}
}
unpack_stow_tar_gz_archive() {
if [[ ! -f "stow-latest.tar.gz" ]]; then
echo "Error: stow-latest.tar.gz not found" >&2
return 1
fi
tar xvf stow-latest.tar.gz
}
install_stow_latest_from_source() {
local stow_dir=$(find . -name "stow-*" -type d | head -1)
if [[ -z "$stow_dir" ]]; then
echo "Error: Stow source directory not found" >&2
return 1
fi
cd "$stow_dir" || return 1
./configure --prefix="$HOME/.local" || return 1
make || return 1
make install || return 1
cd - > /dev/null
}
install_gnu_stow() {
if grep -q 'ID=fedora' /etc/os-release 2>/dev/null; then
sudo dnf install -y stow
else
get_gnu_stow_latest_tar_gz && \
unpack_stow_tar_gz_archive && \
install_stow_latest_from_source
fi
}
"@"

12
shellib/dot-local/lib/shellib/libseb.sh Normal file
View File

@@ -0,0 +1,12 @@
log() {
# Write msg to stderr.
# Taken from https://github.com/oils-for-unix/oils/blob/master/stdlib/osh/two.sh
echo "$@" >&2
}
die() {
# Write error msg with script name and exit with status 1.
# Taken from https://github.com/oils-for-unix/oils/blob/master/stdlib/osh/two.sh
log "$@: fatal $@"
exit 1
}

74
shellib/dot-local/lib/shellib/tasklib.sh Normal file
View File

@@ -0,0 +1,74 @@
#!/usr/bin/env bash
# Task library - provides help functionality for task files
# List all functions defined in the current environment
list_functions() {
declare -F | awk '{print $3}'
}
# Extract usage information from a function
get_function_usage() {
local func_name="$1"
local file="${2:-$0}"
# Get the function definition and extract Usage: comments
awk -v funcname="$func_name" '
/^[[:space:]]*'"$func_name"'[[:space:]]*\(\)/ {
in_func = 1
next
}
in_func && /^[[:space:]]*}[[:space:]]*$/ {
in_func = 0
}
in_func && /^[[:space:]]*#[[:space:]]*Usage:/ {
sub(/^[[:space:]]*#[[:space:]]*/, "", $0)
print $0
}
' "$file"
}
# Display help for all functions in a task file
show_task_help() {
local file="${1:-$0}"
local func_list=$(list_functions | sort)
echo "Available tasks:"
echo "================"
echo
for funcname in $func_list; do
# Skip internal functions and the help function itself
if [[ ! "$funcname" =~ ^(_|show_task_help|list_functions|get_function_usage) ]]; then
local usage=$(get_function_usage "$funcname" "$file")
if [[ -n "$usage" ]]; then
printf "%-30s %s\n" "$funcname" "- $usage"
else
printf "%-30s\n" "$funcname"
fi
fi
done
echo
echo "Run any task by calling it directly: ./tasks <task_name>"
}
# Alternative: Show detailed help for a specific function
show_function_help() {
local func_name="$1"
local file="${2:-$0}"
if ! declare -f "$func_name" >/dev/null 2>&1; then
echo "Error: Function '$func_name' not found" >&2
return 1
fi
echo "Help for: $func_name"
echo "==================="
local usage=$(get_function_usage "$func_name" "$file")
if [[ -n "$usage" ]]; then
echo "$usage"
else
echo "No usage information available"
fi
}

0
dot-config/starship.toml → starship/dot-config/starship.toml
View File

23
stow/dot-stow-global-ignore Normal file
View File

@@ -0,0 +1,23 @@
# Comments and blank lines are allowed.
RCS
.+,v
CVS
\.\#.+ # CVS conflict files / emacs lock files
\.cvsignore
\.svn
_darcs
\.hg
\.git
\.gitignore
\.gitmodules
.+~ # emacs backup files
\#.*\# # emacs autosave files
^/README.*
^/LICENSE.*
^/COPYING

5
stow/dot-stowrc Normal file
View File

@@ -0,0 +1,5 @@
--dotfiles
--dir=${HOME}/dotfiles
--target=${HOME}
--no-folding
--verbose

0
tmux/tmux.conf → tmux/dot-config/tmux/tmux.conf
View File

0
vim/vimrc → vim/dot-vimrc
View File

0
dot-config/zellij.kdl → zellij/dot-config/zellij.kdl
View File