add rudimentary nextcloud docs with drop-off link sharing instructions

TODO.md

@@ -1,4 +1,4 @@
 # General
 - [ ] create a script as a wrapper to these docs similar to tldr/kb
-- [ ] create wrapper script for md to html export
+- [X] create wrapper script for md to html export
       - Maybe usage of bundestag wrapper scrips?

docs/ChromecastGoogleTV.md

@@ -0,0 +1,44 @@
+# Chromecast with GoogleTV
+While being a great SmartTV replacement the default set-up does not allow for much customization and has annoying ads included.
+## Changing the Default Launcher
+You will need:
+- A Chromecast with GoogleTV
+- A Laptop with `adb` installed. (On Arch: part of the `android-tools` package)
+- A Laptop with Thunderbolt or USB-C which allows for high power throughput to power the Chromecast as well as connect via ADB.
+
+Google, being Google, does not allow for the disabling of Ads in their default Launcher.
+This is a tutorial on how you can disable the default launcher and replace it with one of your choice.
+We're assuming you're using a Chromecast with Google TV similar to [this one](https://www.digitec.ch/de/s1/product/google-chromecast-mit-google-tv-4k-google-assistant-streaming-media-player-14676764).
+
+### Download a Launcher of your choice
+Go to the Google Play Store and choose any Launcher you would like to use. Good ones are FLauncher or Launchy for a more minimalistic approach.
+Ensure that the Launcher is installed and working before proceeding.
+
+### Enable Developer Options
+Go to `Settings -> Device -> About -> Build` and press the main button about 10 times until a Dialog pops up claiming you're now a developer.
+
+### Connect your Laptop
+Plug the Power Cord of the Chromecast into your Laptop. You will most likely require a USB-C to USB-C cable instead of the included USB-A to USB-C one. The Chromecast should now be able to boot up without the low-power warning. If you're getting the low-power warning you cannot continue and might require a different laptop with better Thunderbolt/USB-C support.
+
+On the chromecast there should now pop-up a dialog asking whether you want to trust the connected device. Trust it.
+
+### Disable the Default Launcher via ADB
+
+On your Laptop, open a terminal and ensure that you can find the chromecast via `adb devices -l`. One device should be listed.
+
+Then, use these commands:
+```sh
+adb shell pm disable-user --user 0 com.google.android.apps.tv.launcherx
+adb shell pm disable-user --user 0 com.google.android.tungsten.setupwraith
+```
+This should have disabled the default launcher. When pressing home, a dialogue should pop up asking for a new default Launcher if multiple are installed.
+
+Your WiFi Credentials might be forgotten for some reason after these steps.
+You can just re-add them in your settings and they should persist from now on.
+
+### Re-Enable the Default Launcher via ADB
+In case you want to revert these changes you can use these commands to do so:
+```sh
+adb shell pm enable com.google.android.apps.tv.launcherx
+adb shell pm enable com.google.android.tungsten.setupwraith
+```

docs/GIT.md

@@ -0,0 +1,114 @@
+# General
+
+GIT is a version control software, that allows you to save the progress of software/text/whatever development.
+It is probably best know from GitHub, but we will show how to set up your own GIT instance and how to use it.
+
+## Installing GIT
+
+### What you need
+
+1. A working server, being it self-hosted at home or a remote instance, called REMOTE in the following
+2. A local machine that you develop whatever on, called LOCAL in the following
+
+### Installing GIT
+
+On the LOCAL machine, use your favorite package manager, for example
+
+```sh
+pacman -S git
+```
+
+The same holds for the REMOTE machine, but here I would advice, to use some LTS distro, so probably
+
+```sh
+sudo apt install git
+```
+
+### Setting up the Server
+
+First we have to add the git-user on the REMOTE, give him a password and enable ssh logins.
+
+```sh
+sudo adduser git
+su git
+passwd
+cd
+mkdir .ssh & chmod 700 .ssh
+touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
+```
+Now add the ssh public keys of your LOCAL machine to the `authorized_keys` file on the REMOTE.
+For this on the LOCAL machine generate a key-pair using `ssh-keygen -t rsa` if you don't have one yet.
+Then copy the content of `LOCAL/.ssh/id_rsa.pub` to the `REMOTE/.ssh/authorized_keys` file.
+
+## New Repository
+
+To initialize a repository on the REMOTE server we have to create a new folder and tell git to track this folder.
+This has to be done once for every new repository.
+
+```sh
+cd
+mkdir NewRepo.git
+cd NewRepo.git
+git init --bare
+```
+
+On the LOCAL machine we then have to create a folder and tell git to sync this with the server.
+We will assume that `REMOTE` is either the IP or the domain-name of the REMOTE instance.
+
+```sh
+cd project
+git init
+git add .
+git commit -m 'Initial commit'
+git remote add origin git@REMOTE:/home/git/NewRepo.git
+git push origin master
+```
+
+## Using Git
+
+To now sync this folder to other devices use
+
+```sh
+git clone git@gitserver:/home/git/NewRepo.git
+cd project
+```
+
+To update the repository go to the folder, add the necessary files using `git add <FILES>` and then commit them using `git commit -m '<MESSAGE>`. These steps can be done as one using
+
+```sh
+git commit -am 'Fix for README file'
+```
+
+Now push it to the server using `git push origin master`.
+
+### Branches
+
+To create a new branch, use `git checkout -b <BRANCHNAME>`.
+To push this to the remote location, use `git push origin <BRANCHNAME>`.
+
+## Configuration
+
+### Pass integration
+pass is a CLI password manager. It allows for git integration.
+First, install `pass-git-helper` from the AUR
+```sh
+paru -S pass-git-helper
+```
+Set pass as your credential helper in git:
+```sh
+git config --global credential.helper /usr/bin/pass-git-helper
+```
+In `~/.config/pass-git-helper/git-pass-mapping.ini`, create rules in the following way:
+
+```ini
+[github.com]
+target=dev/github
+
+[*.fooo-bar.*]
+target=dev/fooo-bar
+```
+
+
+## Further Info
+
+- [Git Website](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server)

docs/LaptopSetup.md

@@ -0,0 +1,25 @@
+# LaptopSetup
+
+General Tips and tricks for setting up Laptops in particular. Assuming Arch Linux/systemd.
+
+## Power/Hibernation
+
+We want to not edit pacman-provided files but provide drop-ins.
+Hence create the folder `/etc/systemd/logind.conf.d` if not already present.
+
+All the following settings will be written into `/etc/systemd/logind.conf.d/logind.conf`
+
+### Let DWM handle PowerOff
+
+```conf
+[Login]
+HandlePowerKey=ignore
+```
+
+### Hibernate on Lid close
+
+```conf
+[Login]
+HandleLidSwitch=hibernate
+HandleLidSwitchExternalPower=hibernate
+```

docs/Searx.md

@@ -0,0 +1,113 @@
+# Searx on Arch
+This tutorial is on how to install Searx on Arch servers.
+On Debian or other distros lacking morty, filtron, and searx in their repos the guide giving by the Searx devs themselves is fine but you will have to rely on Python VENVs and updating is difficult/tedious.
+
+For this tutorial we will follow the recommended setup of installing morty and filtron alongside searx for a more secure setup.
+
+For this tutorial we are assuming you already have nginx set up, a SSL certificate for the domain you want to use, and the domain we use as a dummy is `example.com`.
+
+## Installation
+Switch to a non-root user with sudo rights for an AUR manager:
+```sh
+su - alex
+paru -S morty-git filtron-git searx
+```
+
+## Configuration
+### Services
+#### Morty
+First we need a morty secret key which should be base64 encoded:
+```sh
+openssl rand -hex 16 | base64
+```
+
+Edit the `ExecStart` in `/usr/lib/systemd/system/morty.service`:
+```ini
+ExecStart=/usr/bin/morty -listen 127.0.0.1:3000 -key '<your_key_here>' -timeout 5
+```
+and add
+```ini
+Environment=DEBUG=false
+```
+
+We also need to add this to our `/etc/searx/settings.yml`:
+```yml
+result_proxy:
+	url: example.com/morty/
+	key: !!binary "<your_key_here>"
+```
+
+### Filtron
+Should be good with defaults
+
+### Searx
+### Sytemd
+Adjust your service file for searx (`/etc/uwsgi/searx.ini`) to include
+```ini
+# comment out the http-socket line
+http = 127.0.0.1:8888
+
+env = LANG=C.UTF-8
+env = LANGUAGE=C.UTF-8
+env = LC_ALL=C.UTF-8
+
+# OPTIONAl and does nothing if disable-logging = true
+logger = systemd
+```
+
+#### settings.yml
+Change the following lines in `/etc/searx/settings.yml`
+```yml
+server:
+	image_proxy: True
+	http_protocol_version: "1.1"
+
+ui:
+	theme_args:
+		oscar-style: logicodev-dark
+
+# Ensure that this is also set to something, should be done automatically by the PKGBUILD for searx
+server:
+	secret_key: "<ensure_this_is_set_to_something_secure>"
+```
+
+#### Nginx
+
+In the appropriate `server{ listen 443 ssl; }` section of your nginx setup add the following:
+Where `MINOR_VERSION` should be `11` for example for python 3.11, adjust appropriately.
+```nginx
+location /searx/static/ {
+	alias /usr/lib/python3.<MINOR VERSION>/site-packages/searx/static/;
+}
+location /morty {
+	proxy_pass         http://127.0.0.1:3000/;
+
+	proxy_set_header   Host             $host;
+	proxy_set_header   Connection       $http_connection;
+	proxy_set_header   X-Real-IP        $remote_addr;
+	proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+	proxy_set_header   X-Scheme         $scheme;
+}
+location /searx{
+    proxy_pass         http://127.0.0.1:4004/;
+
+    proxy_set_header   Host             $host;
+    proxy_set_header   Connection       $http_connection;
+    proxy_set_header   X-Real-IP        $remote_addr;
+    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Scheme         $scheme;
+    proxy_set_header   X-Script-Name    /searx;
+}
+```
+
+Verify via `nginx -t`, then we are ready to start our services.
+
+```sh
+systemctl daemon-reload
+sysetmctl restart nginx
+systemctl enable --now morty
+systemctl enable --now filtron
+systemctl enable --now uwsgi@searx
+```
+
+You should now be able to use searx @ https://example.com/searx

docs/ServerSetup.md

@@ -0,0 +1,63 @@
+
+# PreRequisites
+
+1. A domain name provider ([EPIK](epik.com), etc)
+2. A VPS provider ([vultr](vultr.com), etc)
+
+# Set DNS Records
+
+1. Get the IP of your server from your VPS provider.
+2. Enable Reverse DNS for IPv6
+3. Enter the IP in to the DNS system interface of you DNS provider.
+	- Enable IPv4 and IPv6 this way.
+
+# Server
+
+- `ssh-copy-id root@domain.xyz`
+- Edit /etc/ssh/sshd_config : `UsePAM no` and `PasswordAuthentication no` and restart ssh using `systemctl reload sshd`
+- `apt update; apt upgrade` and delete scetchy line from `.bashrc`.
+- install webserver stuff `apt install nginx python3-certbot-nginx rsync`
+
+# Website
+
+- In `/etc/nginx/sites-available` copy `default` to `domainname`.
+- Here change the root line to `root /PATH/TO/WEBSITE`
+- Change the `server_name` line to `server_name HOSTNAME.xyz www.HOSTNAME.xyz`
+- Copy this file to make the mail server and change `root` again to something relatable like `root /var/www/mail`.
+- Change the `server_name` to mail.HOSTNAME.xyz and www.mail.HOSTNAME.xyz
+- Now link both files to `/etc/nginx/sites-enabled/` using `ln -s /etc/nginx/sites-available/mail /etc/nginx/sites-enabled/`
+- Create the directories with `mkdir -p /var/www/domainname /var/www/mail` and add a `index.html` to both of them.
+
+
+## RSYNC command
+`rsync -uvrP --delete-after LOCAL root@HOSTNAME.xyz:/var/www/name/`
+
+## CERTBOT
+
+Run `certbot --nginx` and follow the hints on the screen.
+It guides you quite detailed through the procedure.
+Make sure that in the end you select the port-forwarding.
+
+## MAIL
+
+Use `emailwiz` from `lukesmith.xyz/emailwiz.sh` and run using `internet page` and replace guest.guest with domainname
+
+Copy the output to the txt records on epik.com with mail._domainkey.HOSTNAME.xyz
+
+Add the wanted user using `useradd -G mail -m username` and add password use `passwd username`
+
+To enable the email to pass, you need to set the firewall correctly.
+Next to the ports listed below, sometimes port 25 can be probelmatic.
+Make sure to use `ufw` to open these ports and also use your VPS interface to open these ports if necessary.
+
+| Server            | Protocol | Port | Handshake | Role     |
+| :---              | :---     | :--- | :---      | :---     |
+| mail.HOSTNAME.xyz | SMTP     | 587  | STARTLS   | Outgoing |
+| mail.HOSTNAME.xyz | IMAP     | 993  | TSL/SSL   | Incoming |
+
+Also set the MX records on you dns service provider and let it point to `mail.HOSTNAME.xyz`.
+
+# Possible Hickups on the way
+
+- If you had that domain already set up on a server with a different IP address, you have to clean out your local `.ssh/known_hosts` before you can connect using `ssh`.
+- Make sure that the config files for nginx include `listen 80; listen [::]:80;`, otherwise the certbot install will fail.

docs/anki_sync_server.md

@@ -0,0 +1,102 @@
+# Anki Sync Server
+With the new versions of Anki, `anki` now provides an integrated sync-server feature, allowing for up-to-date scheduler versions as long as anki on the server is also updated regularly.
+Other implementations such as [Anki Sync Server](https://github.com/dsnopek/anki-sync-server) might be less resource intensive but need to be updated separately to allow for newer scheduler versions.
+This requires quite a bit of memory, but a lot if it is shared. If you run anything else using python (very likely), running this sync server in addition should maybe require an additional 100-200M.
+
+## Installation
+Install anki: `paru -S anki`
+
+We're assuming here that you are running the latest Anki on your server, however you manage to do that (some distros are quite conservative with their anki versions). On Arch, I currently maintain the `anki` and `anki-qt5` packages in the AUR so they should be up-to-date.
+
+## Reverse Proxy using nginx
+Anki creates a sync server locally on 0.0.0.0:8080. We want to put this behind a reverse proxy for convenience.
+Create a new `server{}` section in your nginx setup. Recommended is a new file in `/etc/nginx/sites-available/anki_sync_server`
+
+```nginx
+server {
+	server_name anki.<yourdomain.tld>;
+	listen 80;
+	client_max_body_size 500M;
+	location / {
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header Host $host;
+
+		proxy_pass http://0.0.0.0:8080;
+
+		proxy_buffering off;
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+}
+```
+Some of these settings are a bit overkill for anki, but are good defaults for modern web applications behind a reverse proxy.
+
+Link to enabled sites:
+```
+ln -s /etc/nginx/sites-available/anki_sync_server /etc/nginx/sites-enabled/
+```
+
+Check whether the syntax is good via `nginx -t` and if so, restart nginx `systemctl restart nginx`.
+This is still unencrypted. Using certbot you can now deploy certificates
+```sh
+certbot --nginx -d anki.<yourdomain.tld>
+```
+If everything goes good you should be able to verify in `/etc/nginx/sites-available/anki_sync_server`.
+
+##  Create a user and service
+Personally, I see this sync data as a kind of database and would like to store it in `/var/lib` because of this.
+For security we should start anki as a separate user with write permissions confined to `/var/lib/anki`.
+Create a user:
+
+```sh
+useradd -b /var/lib/ -s /usr/bin/nologin anki
+mkdir /var/lib/anki
+chown -R /var/lib/anki anki:anki
+```
+
+Using systemd, create a service file: `/etc/systemd/system/anki_sync_server.service`:
+
+```ini
+[Unit]
+Description=Personal Anki Sync Server
+After=network.target
+
+[Service]
+ExecStart=anki --syncserver
+Restart=always
+User=anki
+Group=anki
+Environment=SYNC_BASE="/var/lib/anki"
+Environment=MAX_SYNC_PAYLOAD_MEGS=500
+Environment=SYNC_USER1=<name1>:<password1>
+Environment=SYNC_USER2=<name2>:<password2>
+
+[Install]
+WantedBy=multi-user.target
+```
+
+You can create additional users using the `SYNC_USER<i>` environment variables. This stores the passwords in plain text on the machine so is less than optimal.
+
+TODO: can we somehow store these env vars securely?
+
+You should now be able to start your sync server via `systemctl start anki_sync_server.service`.
+If everything looks good in the journal, you can `sytemctl renable anki_sync_server`.
+
+
+## Connecting from your Client
+### Desktop
+1. Go to: `Tools -> Preferences -> Syncing`
+2. Logout
+3. set "Self-hosted-sync-server" to `https://anki.<yourdomain.tld>`
+5. Restart anki
+6. Click on `Sync` and login using your `<name1>` and `<password1>` which you set in the service file.
+
+## Ankidroid
+1. Go to: `Settings -> Advanced -> Custom sync server`
+2. Set the sync url to: `https://anki.<yourdomain.tld>`
+3. Set the media sync url to `https://anki.<yourdomain.tld>/msync`
+4. Click on the sync icon in the main top-bar. Login using your `<name1>` and `<password1>` you set in the service file.
+
+## More info
+See https://docs.ankiweb.net/sync-server.html

docs/beancount.md

@@ -0,0 +1,3 @@
+# BEANCOUNT
+
+ TBD

docs/calDAV.md

@@ -0,0 +1,172 @@
+# CalDAV Server with Calcurse
+
+### Goal
+
+- Set up a own caldav server which allows to sync [calcurse](https://www.calcurse.org/) with your other devices.
+
+### Software used
+
+- A current debian install is assumed, using nginx as its sever. Tested on debian 11.
+- [Baikal](https://sabre.io/baikal/)
+    - Other more light weight setups possible, see [Radicale](https://radicale.org/v3.html) or [carldav](https://github.com/ksokol/carldav). Did not work with calcurse directly. Planned for the future, as it does not require a php environment.
+- [Davx^5 Android](https://www.davx5.com/)
+
+### Install
+
+1. Make sure all the dependencies are installed
+
+```sh
+sudo apt-get install nginx php-fpm php-sqlite3 composer php-xml php-curl -y
+```
+
+2. Go to your sources directory. Here it is assumed to be `/opt/src/` and install Baikal. Default port is 9999, so adjust it to your wishes. Assumed to be 9999 throughout this write-up.
+
+```sh
+cd /opt/src
+git clone https://github.com/sabre-io/baikal
+cd baikal
+composer install
+```
+3. Make the baikal directory writable by the websever process. This is strictly necessary for `Specfic` and `config`.
+
+```sh
+chown -R www-data:www-data Specific config
+```
+
+I found an issue, that maybe got solved by owning the whole baikal directory. So in case you find yourself with an error related to write-permission denials, run
+
+```sh
+sudo chown -R www-data:www-data .
+```
+
+### Server Config
+
+1. Create the corresponding nginx config for the page.
+
+```sh
+cd /etc/nginx/sites-available
+touch baikal.site
+```
+
+2. Copy the following config. Adjust the `root /opt/src/baikal/html` path for your install and make sure that the correct php-version. (See `php --version`).
+
+```sh
+server {
+
+    listen 9999 default_server;
+
+    root /opt/src/baikal/html;
+    dav_methods PUT DELETE MKCOL COPY MOVE;
+
+    index index.php index.html index.htm index.nginx-debian.html;
+    server_name _;
+
+    rewrite ^/.well-known/caldav /dav.php redirect;
+    rewrite ^/.well-known/carddav /dav.php redirect;
+    charset utf-8;
+
+    location ~ /(\.ht|Core|Specific|config) {
+        deny all;
+        return 404;
+    }
+    location ~ ^(.+.php)(.*)$ {
+        try_files $fastcgi_script_name =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_split_path_info ^(.+.php)(.*)$;
+	    fastcgi_pass unix:/run/php/php7.4-fpm.sock; #Adjust here for your version
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+
+    location ~ /.ht {
+        deny all;
+    }
+
+}
+```
+
+3. Link the available site to the enabled ones
+
+```sh
+ln -s /etc/nginx/sites-available/baikal.site /etc/nginx/sites-enabled/
+```
+
+4. Restart nginx after testing the config files
+
+```sh
+nginx -t
+systemctl restart nginx
+```
+
+5. Check if baikal is running on `<hostname/ip>:9999`.
+
+### Baikal Config
+
+1. Follow the setup guide, setting the time-zone, and enable the `basic` authentication type. If wanted, it is possible to send invite emails for upcoming events to its participants. If you are interested in this, check the web, as I did not go down that path.
+
+2. Continue and select the SQLite data base and continue. If you have specific reasons to use SQL, you can do this with
+
+```sh
+mysql -u root -p
+```
+
+and then create a new baikal data-base.
+
+```sql
+CREATE DATABASE baikal;
+CREATE USER 'baikal'@'localhost' IDENTIFIED BY '<YOUR BEST PASSWORD123>';
+GRANT ALL PRIVILEGES ON baikal.* TO 'baikal'@'localhost';
+FLUSH PRIVILEGES;
+```
+Add your selection of host, name and username to the page and continue. We assume a SQLite database.
+
+3. We now log in to baikal using the admin user. Now we can create users. We create a `testuser` under the mail address `test@testing.ts`. Now we can adjust the default calender or add more calenders if we like. We can also enable or disable todo-sync or note-syncing.
+
+### Calcurse Config
+
+1. Make sure `calcurse-caldav` is available as a command .
+2. Copy the config and adjust
+
+```sh
+[General]
+### Adjust here when you also want to sync todo's and notes! (cal, todo, note)
+SyncFilter = cal
+DryRun = No
+Verbose = Yes
+
+AuthMethod = basic
+Hostname = IPADRESS:9999
+
+#Path = /dav.php/calendars/<username>/<calender-name>
+Path = /dav.php/calendars/test/default
+
+InsecureSSL = No
+# I run this on a local server, which does not have https enabled.
+# If you enable https on the baikal page, which is highly recommended when running it open to the web, change this to Yes
+HTTPS = No
+
+[Auth]
+#Username = <username>
+Username = test
+#Either use plaintext password (not recommended...) or add your password to your CLI password manager (pass) under baikal/username
+#Password = testpassword1234
+PasswordCommand = pass baikal/username
+```
+3. Save and run `calcurse-caldav --init=two-way`. Other initialisation options exists and are explained [here](https://www.calcurse.org/files/calcurse-caldav.html). This does the initial sync between your baikal instance and calcurse.
+
+4. For future sync, either
+    - set up a post-save and/or start hook running `calcurse-caldav`
+    - just run `calcurse-caldav` everytime you like to have things synced.
+
+### Android
+
+Some calendars have build in caldav support. For those follow their procedure.
+If not, we can use Davx^5. Get it from F-Droid and drop in your URL, username and password. Set up a sync period and select the calendar in your calendar app.
+In theory it is also possible to sync your address book.
+
+
+### Future:
+
+- Use some other caldav server, which might be more light weight.
+- Test the note and todo sync
+- Test the address-book sync, maybe with [abook](https://abook.sourceforge.io/)

docs/docker.md

@@ -0,0 +1,34 @@
+# Docker
+General tips and tricks around docker, as it's usage has become unavoidable.
+
+## Docker compose as systemd services
+You will be able to start any docker compose program via `systemctl start docker-compose@<program>`.
+
+Create the file `/etc/systemd/system/docker-compose@.service` with the following content:
+```ini
+[Unit]
+Description=%i service with docker compose
+PartOf=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+WorkingDirectory=/etc/docker/compose/%i
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose stop
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Create directories as necessary and place your `docker-compose.yml` in an appropriately named folder (as an example: "myprogram") in `/etc/docker/compose`.
+Ergo: Your docker-compose.yml should be in `/etc/docker/compose/myprogram/docker-compose.yml`.
+
+Reload the daemon and start your service:
+```sh
+systemctl daemon-reload
+sysetmctl start docker-compose@myprogram
+```
+More ideas:
+https://gist.github.com/mosquito/b23e1c1e5723a7fd9e6568e5cf91180f

docs/johntheripper.md

@@ -0,0 +1,41 @@
+# JohnTheRipper
+
+This is a bunch of scripts to crack a bunch of different passwords offline
+
+## Installation
+
+```sh
+git clone https://github.com/magnumripper/JohnTheRipper.git
+cd JohnTheRipper/src
+./configure && make
+```
+
+## Usage
+
+### For pdfs
+
+1. Create a hash of the pdf you want to open
+
+	```sh
+	cd JohnTheRipper/run
+	./pdf2john.pl <pdf file> > <output file>
+	```
+	The output file will be a hash file of the meta info of the pdf.
+	Will be refered to by hash-file from now on.
+
+2. Crack the hash
+
+	```sh
+	cd JohnTheRipper/run
+	./john <hash file>
+	```
+3. Retrieve the password
+
+	```sh
+	cd JohnTheRipper/run
+	./john --show <hash file>
+	```
+	The password will be dispalyed the format of `<path-to-pdf>:password`
+	```sh
+	/root/user/secred.pdf:54321
+	```

docs/luks2.md

@@ -0,0 +1,219 @@
+# LUKS2 fully encrypted Arch-Linux
+
+As the Key-derivation functions for LUKS1 are lacking but GRUB normally only supports LUKS1, additional steps are required to get a working fully encrypted LUKS2 encrypted hard drive.
+The basic process is similar to a LUKS1 encrypted hard-drive but afterwards before the reboot into your installed OS additional measures need to be taken.
+This works only with UEFI-systems.
+
+In this tutorial we're assuming you want to install everything to /dev/sda and an ext4 FS.
+BTRFS requires additional steps to my knowledge.
+
+# Boot into ISO, create LVM and mount
+
+We want two partitions: sda1: 500M, sda2: a lvm container for the rest for your encrypted hard-drive.
+Create partition table via `cfdisk` or similar tools.
+Note: for BIOS systems a dummy 1M parition would be also required. For UEFI this is not needed.
+
+## Create LVM
+```sh
+cryptsetup luksFormat /dev/sda2
+cryptsetup open /dev/sda2 cryptlvm
+pvcreate /dev/mapper/cryptlvm
+vgcreate vg /dev/mapper/crypylvm
+```
+
+Create your wanted partitions. Ergo something similar to:
+```sh
+lvcreate -L 8G vg -n swap
+lvcreate -L 32G vg -n root
+lvcreate -l 100%FREE vg -n home
+```
+and mkfs them:
+```sh
+mkfs.ext4 /dev/vg/root
+mkfs.ext4 /dev/vg/home
+mkswap /dev/vg/swap
+```
+and finally mount them. EFI should be mounted to `/mnt/efi`
+
+
+```sh
+mount /dev/vg/root /mnt
+mount --mkdir /dev/vg/home /mnt/home
+swapon /dev/vg/swap
+
+mount --mkdir /dev/sda2 /mnt/efi
+```
+
+## Continue with your normal Arch install:
+Note the lack of grub in the pacstrap, we will build this later
+```sh
+pacstrap -K /mnt base base-devel git linux linux-firmware lvm2 efibootmgr networkmanager neovim ...
+genfstab -U /mnt >> /mnt/etc/fstab
+arch-chroot /mnt
+echo YourHostName > /etc/hostname
+nvim /etc/locale.gen
+locale-gen
+ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
+hwclock --systohc
+passwd
+```
+
+## Edit /etc/mkinitcpio.conf to support encryption
+In `/etc/mkinitcpio.conf` edit the HOOKS to include these highlighted ones as well:
+```/etc/mkinitcpio.conf
+HOOKS=(base __udev__ autodetect modconf kms keyboard keymap consolefont block __encrypt__ __lvm2__ filesystems fsck)
+```
+and rebuild initramfs:
+```sh
+mkinitcpio -P
+```
+
+## Create new user, download AUR helper, and install grub-improved-luks2-git
+```sh
+useradd -m -G wheel alex
+passwd alex
+```
+Give him sudo permissions:
+in `/etc/sudoers` add:
+```/etc/sudoers
+%wheel ALL=(ALL) ALL
+```
+Now install paru or equivalent AUR helper:
+```sh
+su - alex
+git clone https://aur.archlinux.org/paru
+cd paru
+makepkg -si
+paru -S grub-improved-luks2-git
+```
+
+We now have a patched GRUB installed and can continue as if we would encrypt using LUKS1 for now:
+
+## Edit /etc/default/grub and grub-install
+Get encrypted partition UUID into the /etc/default/grub via
+```sh
+ls -l /dev/disk/by-uuid >> /etc/default/grub
+```
+and adjust two things in the file:
+```/etc/default/grub
+GRUB_ENABLE_CRYPTODISK=y
+```
+and add to `GRUB_CMDLINE_LINUX`: (can have multiple, space-separated arguments so don't delete anything if it's there, just add.)
+```/etc/default/grub
+GRUB_CMDLINE_LINUX="cryptdevice=UUID=device-UUID:cryptlvm"
+```
+and replace "device-UUID" with the uuid we got for `/dev/sda2` from the previous `ls` command. Of course remove all the trailing `ls` output.
+
+```sh
+grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
+grub-mkconfig -o /boot/grub/grub.cfg
+```
+
+## LUKS2 support
+Now create an additional file in `/boot/grub/grub-pre.cfg` with the follwing content:
+
+```/boot/grub/grub-pre.cfg
+set crypto_uuid=device-UUID
+cryptomount -u $crypto_uuid
+set root=lvm/vg-root
+set prefix=($root)/boot/grub
+insmod normal
+normal
+```
+and replace device-UUID with the same device-UUID as before, (again, a `ls -l /dev/disk/by-uuid >> /boot/grub/grub-pre.cfg` can help here to get the UUID for `/dev/sda2`)
+
+Now we can overwrite our previously generated grubx64.efi with a luks2 compatible one:
+```sh
+grub-mkimage -p /boot/grub -O x86_64-efi -c /boot/grub/grub-pre.cfg -o /tmp/grubx64.efi lvm luks2 part_gpt cryptodisk gcry_rijndael argon2 gcry_sha256 ext2
+install -v /tmp/grubx64.efi /efi/EFI/GRUB/grubx64.efi
+```
+We should now be done. `exit`, `umount -R /mnt`, and `reboot` into GRUB to see whether everything worked.
+This still requires you to enter your passphrase twice but can be alleviated just as with the LUKS1 case:
+
+## Only enter the password once
+Create a keyfile:
+```sh
+dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock
+chmod 600 /crypto_keyfile.bin
+cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
+```
+Add this to the initramfs:
+```/etc/mkinitcpio.conf
+FILES=("/crypto_keyfile.bin")
+```
+And rebuld via
+```sh
+mkinitcpio -P
+```
+
+And add this file to the `GRUB_CMDLINE_LINUX` in `/etc/default/grub`:
+```/etc/default/grub
+GRUB_CMDLINE_LINE="... cryptkey=rootfs:/crypto_keyfile.bin"
+```
+And again rebuild GRUB
+```sh
+grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
+grub-mkconfig -o /boot/grub/grub.cfg
+grub-mkimage -p /boot/grub -O x86_64-efi -c /boot/grub/grub-pre.cfg -o /tmp/grubx64.efi lvm luks2 part_gpt cryptodisk gcry_rijndael argon2 gcry_sha256 ext2
+install -v /tmp/grubx64.efi /efi/EFI/GRUB/grubx64.efi
+```
+
+# Auto-decrypt additional encrypted hard-drives on bootup
+You can decrypt additional hard-drives automatically. For this we will use `/etc/crypttab` as well as `/etc/fstab`. This requires systemd to work.
+
+Create your additional encrypted hard-drives if not already existant:
+```sh
+cryptsetup luksFormat /dev/sdX
+cryptsetup open /dev/sdX YourDiskNameHere
+mkfs.ext4 /dev/mapper/YourDiskNameHere
+```
+If you do not wish to have to enter the additional password on boot-up you will have to create a keyfile like we did for our /dev/sda2 above.
+Of course this will lessen security as any additional hard-drives can also be decrypted if `/dev/sda2` has been decrypted or cracked.
+
+Systemd can autodetec keys in `/etc/cryptsetup-keys.d` if they have the pattern `YourDiskNameHere.key`. Create this directory if not already present:
+```sh
+mkdir /etc/cryptsetup-keys.d
+```
+Add an additional keyfile to your newly created encrypted hard-drive:
+```sh
+dd bs=512 count=4 if=/dev/random of=/etc/cryptsetup-keys.d/YourDiskNameHere.key iflag=fullblock
+chmod 600 /etc/cryptsetup-keys.d/YourDiskNameHere.key
+cryptsetup luksAddKey /dev/sdX /etc/cryptsetup-keys.d/YourDiskNameHere.key
+```
+
+Get the UUID of your new hard-drive via `ls -l /dev/disk/by-uuid` and edit `/etc/crypttab`:
+```/etc/crypttab
+YourDiskNameHere	UUID=TheUUIDYouJustGot	/etc/crypsetp-keys.d/YourDiskNameHere.key
+```
+If you use `/etc/cryptsetup-keys.d` and name your keys `YourDiskNameHere.key` you could leave out the third column as this is automatically tested for.
+
+after a `systemctl daemon-reload` you should now be able to start a service called `systemd-cryptsetup@YourDiskNameHere`.
+You can verify this via a `systemctl start systemd-cryptsetup@YourDiskNameHere`.
+You should not require to enter a password now.
+
+If everything works we can now modify the `/etc/fstab` for the automatic mounting. This is done like any unencrypted hard-drive by appending:
+```/etc/fstab
+/dev/mapper/YourDiskNameHere	/YourMountPoint	ext4	defaults	0	2
+```
+Your encrypted drive should now automount on boot-up without an additional password-prompt.
+
+# NOT TESTED, assumed to be the same as the LUKS1 case
+## Use swap for hibernations
+Add the `resume` hook in `/etc/mkinitcpio.conf`:
+```/etc/mkinitcpio.conf
+HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block encrypt lvm2 __resume__ filesystems fsck)
+```
+and rebuild via `mkinitcpio -P`.
+
+Then: add to the `GRUB_CMDLINE_LINUX` in `/etc/default/grub`:
+```/etc/default/grub
+GRUB_CMDLINE_LINUX="... resume=/dev/vg/swap"
+```
+and rebuild GRUB.
+
+```sh
+grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
+grub-mkconfig -o /boot/grub/grub.cfg
+grub-mkimage -p /boot/grub -O x86_64-efi -c /boot/grub/grub-pre.cfg -o /tmp/grubx64.efi lvm luks2 part_gpt cryptodisk gcry_rijndael argon2 gcry_sha256 ext2
+install -v /tmp/grubx64.efi /efi/EFI/GRUB/grubx64.efi
+```

docs/matlab.md

@@ -0,0 +1,63 @@
+# matlab
+
+## Installation via AUR
+
+### PKGBUILD
+Download PKGBUILD: `paru -G matlab`
+
+### Licenses
+- Go to [License center](https://www.mathworks.com/licensecenter) on mathworks
+- On install and activate tab; select (or create) an appropriate license
+- Navigate to download the license file and the file installation key
+- Download the **license file** and put the file in the repository
+- Copy and paste the **file installation key** in a plain text file
+
+## create Tarball
+
+Check, that `libselinux` and `libxcrypt-compat` are installed. Otherwise the installer will exit with error code 42 and no further instructions.
+```sh
+paru -S --asdeps libselinux libxcrypt-compat
+```
+
+Then:
+-  [Download the matlab installer](https://www.mathworks.com/downloads)
+-  Unpack and launch the installer
+-  After logging in and accepting license; select `Advanced Options > I want to download without installing` from the top dropdown menu.
+-  Set the download location to an empty directory called `matlab`
+-  Select the toolboxes you want.
+
+After downloading; from the parent directory; do
+```sh
+tar cf matlab.tar matlab
+```
+to create the tarball. The folder here called `matlab` usually is given the download-time as it's name. Rename to `matlab` before compressing.
+
+Move the matlab.tar to the repository.
+Adjust the `pkgver` and `release` vars in the `PKGBUILD` to reflect current release.
+Run `makepkg -si` to install.
+
+### mv cannot stat error
+In the case of an error in the form of:
+`mv: cannot stat 'dependency_links.txt'$'\n''PKG-INFO'$'\n''SOURCES.txt'$'\n''top_level.txt': No such file or directory`
+Edit line 207 of the `PKGBUILD` to include `ls -d` instead of just `ls`.
+
+## Configuration
+### fix graphics driver with intel
+
+In the case of `libGL error: failed to open iris:`:
+
+Add to the `matlab` script (`sudo nvim $(which matlab)`) at the top:
+```sh
+export MESA_LOADER_DRIVER_OVERRIDE=i965
+```
+
+### HiDPI Fix
+In Matlab:
+```m
+s = settings;s.matlab.desktop.DisplayScaleFactor
+s.matlab.desktop.DisplayScaleFactor.PersonalValue = 2
+```
+This value can be a float.
+
+### Fonts malformed
+Set Aliasing to true under `Preferences->MATLAB->Fonts` and reboot.

docs/neomutt.md

@@ -0,0 +1,173 @@
+# Neomutt
+
+
+## Markdown to HTML rendering
+To write more normie-friendly emails, non-plain-text emails are probably better.
+For this, a conversion from Markdown to HTML with Mathjax support seems best.
+It supports all the bells and whistles of markdown (images, links, code, italics, bold) as well as mathemtical formulas in LaTex notation using Mathjax.
+
+### Configuration
+
+The conversion is done via pandoc using templates.
+Ensure `pandoc` is installed. (`which pandoc || sudo pacman -S pandoc`)
+
+Add to your muttrc (either in `~/.mutt/muttrc` or `~/.config/mutt/muttrc`. From now on assuming `~/.config/mutt` as config folder)
+
+```muttrc
+macro compose m \
+"<enter-command>set pipe_decode<enter>\
+<pipe-message>pandoc -f gfm -t plain -o /tmp/msg.txt<enter>\
+<pipe-message>pandoc -s --self-contained -o /tmp/msg.html --resource-path ~/.config/mutt/templates/ --template email<enter>\
+<enter-command>unset pipe_decode<enter>\
+<attach-file>/tmp/msg.txt<enter>\
+<attach-file>/tmp/msg.html<enter>\
+<tag-entry><previous-entry><tag-entry><group-alternatives>" \
+"Convert markdown to HTML5 and plaintext alternative content types"
+```
+
+Create a folder called `templates`: `mkdir -p ~/.config/mutt/templates`
+and create a file called `email.html` in this folder with the following content:
+```html
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang$" xml:lang="$lang$"$if(dir)$ dir="$dir$"$endif$>
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+  <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+  <script type="text/javascript" id="MathJax-script" async
+    src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js">
+  </script>
+  <style>
+    $styles.html()$
+  </style>
+$for(css)$
+  <link rel="stylesheet" href="$css$" />
+$endfor$
+  <!--[if lt IE 9]>
+    <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
+  <![endif]-->
+$for(header-includes)$
+  $header-includes$
+$endfor$
+</head>
+<body>
+  $body$
+  $for(include-after)$
+  $include-after$
+  $endfor$
+</body>
+</html>
+```
+
+### Usage
+
+To use this, write your email as usual and afterwards, press `m` on the created file in neomutt.
+This will generate a combined file for plaintext fallback in case of unsupported HTML rendering.
+
+For now, also delete the still present plaintext file with `D`.
+Your email should now be ready to be sent.
+
+For writing formulas, just use latex syntax in the normal `$` delimiters.
+Be careful on inline formulas, here a whitespace between the leading `$` and the formula breaks the rendering!
+
+## File Size
+
+Since Mathjax is creating a binary for the rendering of the math syntax which is embedded in the html, the file sizes are usually around 1 MB.
+This is not necessary when no LaTeX syntax is used.
+Create a second macro for which you use a different template, that excludes the mathjax script.
+This way you can create smaller emails with pure markdown syntax and when necessary can send mathematical formulas, resulting in larger mails.
+
+For this add the following to the muttrc:
+```muttrc
+macro compose l \
+"<enter-command>set pipe_decode<enter>\
+<pipe-message>pandoc -f gfm -t plain -o /tmp/msg.txt<enter>\
+<pipe-message>pandoc -s --self-contained -o /tmp/msg.html --resource-path ~/.config/mutt/templates/ --template email_pure<enter>\
+<enter-command>unset pipe_decode<enter>\
+<attach-file>/tmp/msg.txt<enter>\
+<attach-file>/tmp/msg.html<enter>\
+<tag-entry><previous-entry><tag-entry><group-alternatives>" \
+"Convert markdown to HTML5 and plaintext alternative content types"
+```
+
+Further create a new file called `email_pure.html` in `mutt/templates` with the following content:
+```html
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang$" xml:lang="$lang$"$if(dir)$ dir="$dir$"$endif$>
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+  <style>
+    $styles.html()$
+  </style>
+$for(css)$
+  <link rel="stylesheet" href="$css$" />
+$endfor$
+  <!--[if lt IE 9]>
+    <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
+  <![endif]-->
+$for(header-includes)$
+  $header-includes$
+$endfor$
+</head>
+<body>
+  $body$
+  $for(include-after)$
+  $include-after$
+  $endfor$
+</body>
+</html>
+```
+## Khard Adress Book integration
+Sadly, khard does not have a great TUI as abook, but it benefits from being able to sync with CardDav servers like Nextcloud.
+
+For seamless integration such as adding emails and autocompleting from the address book, add the following to your muttrc (either in `~/.mutt/muttrc` or `~/.config/mutt/muttrc`. From now on assuming `~/.config/mutt` as config folder)
+```muttrc
+set query_command = "echo %s | xargs khard email --parsable --"
+macro index,pager a \
+  "<pipe-message>khard add-email<return>" \
+  "add the sender email address to khard"
+```
+For syncing with CardDav servers like Nextcloud look into [NextCloud](./nextcloud.md).
+
+## abook Adress Book integration
+
+Add  the following to the muttrc. The first line set the default query to use abook, while the second line allows us to quickly add the sender of a mail that we currently read to the adress book using `A`.
+
+```sh
+set query_command= "abook --mutt-query '%s'"
+macro index,pager  A "<pipe-message>abook --add-email-quiet<return>" "Add this sender to Abook"
+bind editor        <Tab> complete-query
+```
+To use abook for composing messages, we can just start a new mail, using `m`.
+Now press `Ctrl + t`. This pulls up a list of abook, which we now can navigate using the arrow keys.
+If you have found the recipient of choice, press enter.
+Sending a mail to more recipients, you can tag them using `t` in that list.
+Having selected all, press `;m` to save them and press enter.
+
+You can also search the query from abook. Having pressed `Ctrl+t`, press `/` to search.
+
+## Signature and GPG
+
+To sign and/or encrypt your mails via GPG, set the following in the muttrc:
+```sh
+set crypt_use_gpgme=yes
+set postpone_encrypt = yes
+set pgp_self_encrypt = yes
+set crypt_use_pka = no
+set crypt_autosign = no
+set crypt_autoencrypt = no
+set crypt_autopgp = yes
+set pgp_sign_as=0x12345678
+```
+
+The last line is the key id of the key you want to use for signing - which can be extracted from `gpg --keyid-format 0xlong -K --fingerprint`.
+
+To send an encrypted message, import the public key of the recipient using `gpg --import <keyfile>` or `gpg --auto-key-locate keyserver --locate-keys user@example.net`
+To bring up the `pgp` menu in mutt, press `p` before sending the mail.
+Then select encryption, and select the recipient from the list.
+
+
+
+TODO: delete plaintext attachment after HTML creation
+TODO: remove `tmp` files after sending

docs/nextcloud.md

@@ -0,0 +1,31 @@
+#Nextcloud
+## Installation
+We're assuming an Arch Linux installation, but the steps should be similar for other distributions.
+There are two possible ways to serve Nextclouds PHP code: uWSGI and PHP-FPM.
+We'll be using PHP-FPM as this is the recommended way and nginx is easier to setup with it, especially if you wish to enable additional plugins such as LDAP.
+
+TODO
+
+## Setup a drop-off folder in Nextcloud
+
+1. Create a folder in Nextcloud, e.g. `Drop-off`.
+2. Click on the share icon and under share link select "File-drop". This will create a link that you can share with others.
+3. Optional: If you want to password protect the link, click on "Advanced settings" under the Sharing tab for the folder detailsand use a password of your choice.
+
+### Human-readable link with redirect
+If you want a nice human-readable link you can use your own nginx for this.
+Add to your existant server block with port 443 in `/etc/nginx/sites-available/nextcloud` or your domain of choice with the following content:
+
+```nginx
+location /dropoff {
+	return 301 <your nextcloud share link>;
+}
+```
+
+## Sync contacts with khard
+TODO
+
+See [neomutt.md](./neomutt.md) for more details on how to use khard with neomutt for autocompletion.
+
+## Sync Calendar with Calcurse
+TODO

docs/nvidia.md

@@ -0,0 +1,46 @@
+# Nvidia
+
+Good luck.
+## Installation
+
+Arch: install the `nvidia` package.
+
+## Configuration
+
+### Minimal xorg setup for only running on Nvidia GPU
+
+This minimal configuration should get you started. Add this in `/etc/X11/xorg.conf.d` in a file similar to `10-nvidia-drm-outputclass.conf`
+
+```xf86config
+Section "OutputClass"
+    Identifier "intel"
+    MatchDriver "i915"
+    Driver "modesetting"
+EndSection
+
+Section "OutputClass"
+    Identifier "nvidia"
+    MatchDriver "nvidia-drm"
+    Driver "nvidia"
+    Option "AllowEmptyInitialConfiguration"
+    Option "PrimaryGPU" "yes"
+    ModulePath "/usr/lib/nvidia/xorg"
+    ModulePath "/usr/lib/xorg/modules"
+EndSection
+```
+
+### Scaling without overscan on PRIME displays
+If you cannot use `xrandr --scale ` without leading to over/underscan you need to adjust a kernel parameter:
+
+create a file in `/etc/modprobe.d` (for example called `nvidia-drm-nomodeset.conf`) with the following content.
+
+```xf86config
+options nvidia-drm modeset=1
+```
+
+and rebuild your kernel via
+```sh
+sudo mkinitcpio -P
+```
+
+After a reboot this should enable scaling for PRIME displays.

docs/pass.md

@@ -0,0 +1,82 @@
+# Pass
+
+Pass is a password manager that follows the UNIX philosophy of doing one thing and doing it well. It is designed to be simple and easy to use, while still being secure and flexible.
+It is basically just a simple shell-script, working on files.
+The main idea is to have a bunch of gpg encrypted files, storing the passwords.
+These files can then be synced using your favourite way, being it git, syncthing or anything else.
+Or just kept locally on your machine.
+In the end - its just a file, or a bunch of them.
+
+This allows you to not rely on the good security practice of a large company, which is a primary target for attacks.
+
+Pass has several very useful extensions, allowing easy access, generation of OTP for 2FA and more.
+
+## Install
+
+### Generate a gpg key
+
+1. If you already have a gpg key, you are done here. If not, lets generate a key:
+
+```sh
+gpg --full-gen-key
+```
+2. Select your key type (if no idea what, choose RSA).
+3. Select a 4096 bit long key
+4. Your key should not expire. So select the corresponding option (usually 0)
+5. Name your key and add an email. This email does not have to be your real one, but this key can also be used to sign/encrypt mails. If this is your plan, choose the mail address you plan to use with this key.
+6. Add a password to the key (keep blank for an empty password)
+
+
+### Install on Arch
+
+```sh
+pacman -S pass pass-otp
+```
+
+### Setup
+
+1. We want to set up pass. For this we run the following command. This tells pass to use the gpg key connected to the email address given.
+
+```sh
+pass init <email_used_for_gpg_key>
+```
+
+### Usage
+
+1. **Adding passwords**. To do this, type the following command. Here we use a name to identify which password this is. Usually this is the service/website/program/file/... this password is used for. If several accounts exists for one service, one can also created nested structure like `serviceA/account1` and `serviceA/account2`. This will just create a folder called `serviceA` and put the corresponding files in there. After running below command, it asks you to type the password you want to store.
+
+```sh
+pass add <name_linked_to_password>
+```
+
+2. **Retrieving the password**. To look up the password, simply run the command below. It may be that a prompt asks you to type in your GPG key-pair password.
+
+```sh
+pass <name_linked_to_password>
+```
+
+### Quality of life improvements
+
+1. **passmenu**. If you use `dmenu`, install [this](https://tools.suckless.org/dmenu/scripts/passmenu2) script to enable a dmenu friendly list. Just type a substring of the file name, and this script copies the contents to your clipboard. For OTP this automatically generates the code and copies it to your clipboard. If the file contains two lines, the second line is copied in to your selection. This is useful to store user names or similar information. Bind this script to a keyboard shortcut for actual usability.
+
+2. **One Time Passwords/Multi Factor Authentication**. Most of the time you get a QR code that you should scan with something like microsoft authenticator. Save this qr code as an image, and run it through `zbarimg` (Installed via `pacman -S zbar`). This returns an uri starting `otpauth://...`. Create a new "password" using `pass otp add <otp_password_file>`, and paste the uri as the password. Now run `pass otp <otp_password_file>`. This generates the one time password. Again, this works with passmenu script above. Maybe you have to change the script linked to adjust to your naming convention of otp files.
+
+3. **Syncing**: Usually you want to have your passwords in more than one place. Laptop and Phone are a very common setup. For android you have several options.
+   The most straight forward, and probably safest way, is to copy the files to your device and also copy over the private key.
+   This key is then imported in to an app like [OpenKeyChain](https://www.openkeychain.org/). Now you can open these files using this app.
+   But this comes with a harsh drawback on usability.
+   Another setup would be a private git repo, which you can clone to different devices.
+   Again, on android [Password Store](https://passwordstore.app/) is a very powerful tool, which allows you to auto-insert in browsers and also generate the OTP.
+   To set up a git sync, you enable it with pass using `pass git init`. Then add the remote repo as origin using `pass git remote add origin user@service:pos`.
+   Now this is set up and `pass git push` auto-commits and pushes to the remote repo. `pass git pull` pulls from there.
+   In Password Store you can now clone from this repo and use the key you imported to OpenKeyChain to decrypt the passwords!
+   On iOS I don't know of a similar setup, but am happy to take in recommendations!
+
+
+### Useful commands
+
+- `pass list` : Shows the folder structure of all stored passwords
+- `pass grep <...>` : Searches for a files including the search string when decrypted
+- `pass edit <...>` : If a password changed, this allows to edit the file.
+- `pass generate <...>` : In need of a new password? Just let pass generate a secure one
+- You are able to use pass in a script, for example to enter secret information automatically without keeping it in clear text.

docs/php.md

@@ -0,0 +1,64 @@
+# PHP
+An easily integratable language for dynamic HTML with read/write file access possible on the server side.
+
+# Installation
+As always, we're assuming Debian + Nginx for this.
+
+```sh
+apt update
+apt install php php-fpm
+```
+`php-fpm` should automatically enable it's service.
+Verify via `systemctl status php7.3-fpm.service`
+
+# Setup
+Check whether you want to use a TCP connection or a UNIX socket for php connections.
+The default and recommended way is TCP/IP.
+
+## TCP/IP
+You can edit the IP and port of the connection in `/etc/php/7.3/fpm/pool.d/www.conf`
+The default is:
+```
+listen = 127.0.0.1:9000
+```
+
+## Socket
+For socket, use:
+```
+listen = run/php/php7.3-fpm.sock
+```
+
+## Nginx
+To enable nginx to talk to php add the following to your website config:
+```nginx
+location ~ \.php${
+	include snippets/fastcgi-php.conf
+	fastcgi_pass 127.0.0.1:9000;
+}
+```
+replace TCP/IP address with the appropriate socket file if that's your preferred setup.
+Afterwards, since you've modified the nginx config, this of course requires a `systemctl restart nginx`.
+Tip: `nginx -t` let's you verify your syntx without killing the running nginx instance, leading to a smoother switchover.
+
+Create a file in the root dir for your website (so probably somwhere in `/var/www/`) ending in `.php` with the content:
+```php
+<?php
+	phpinfo();
+```
+
+And visit `example.com/file.php` to see whether it worked.
+You should get a screen with a lot of information about your php installation.
+
+## File writing permissions
+Per default PHP is unable to read or write to your server drive.
+It is best for this to re-own any directories where php will be writing to to the user and group `www-data`.
+Thus a
+```sh
+chown -R www-data:www-data <dir>
+chmod -R 744 <dir>
+```
+should be a good starting-off point.
+Files only need to have permissions of `644` of course so maybe change that as well.
+
+# Learning PHP
+If you're completely new to php [w3schools' course](https://www.w3schools.com/php) is probably a good starting point.

docs/qutebrowser.md

@@ -20,11 +20,54 @@ qutebrowser --nowindow ':adblock-update;;later 10000 download-clear'
 ```
 will update the adblock lists without starting a qutebrowser window.
 
+## Setting spellcheck languages
+This is a bit more involved since it requires a script that can only be found in the source code of qutebrowser.
+1. Download the qutebrowser source code: `git clone https://github.com/qutebrowser/qutebrowser`
+2. `cd qutebrowser`
+3. Install the wanted languages e.g. `python -m scripts.dictcli install en-GB`
+4. set spellcheck to the wanted languages in qutebrowser.
+   Qutebrowser can also use multiple languages by parsing a list:
+   `:set spellcheck.languages '["en-GB", "de-DE"]'`
+
 ## Greasemonkey scripts
 
-To add scripts such as 4chanX to qutebrowser add the Js file to `${XDG_DATA_HOME:-$HOME/.local/share}/qutebrowser/greasemonkey`. For 4chanX this would be:
+To add scripts such as 4chanX to qutebrowser add the Js file to `${XDG_DATA_HOME:-$HOME/.local/share}/qutebrowser/greasemonkey`.
+
+### 4chanX
+
+For 4chanX this would be:
 
 ```sh
 wget -P ${XDG_DATA_HOME:-$HOME/.local/share}/qutebrowser/greasemonkey https://www.4chan-x.net/builds/4chan-X.user.js
 ```
 followed by a `:greasemonkey-reload` in qutebrowser to activate the newly added Java scripts.
+
+### Skip Youtube Ads
+
+Automatically mute, speed up (at least 10x) and skip video ads on youtube.
+There are multiple versions out there that try to accomplish the same thing.
+Various versions can be found in [this github issue thread](https://github.com/qutebrowser/qutebrowser/issues/6480#issuecomment-876759237).
+For me personally version 1.0.0 seems to work best.
+Thus, create a file in `${XDG_DATA_HOME:-$HOME/.local/share}/qutebrowser/greasemonkey` with the following content:
+
+```js
+// ==UserScript==
+// @name         Auto Skip YouTube Ads
+// @version      1.0.0
+// @description  Speed up and skip YouTube ads automatically
+// @author       jso8910
+// @match        *://*.youtube.com/*
+// @exclude      *://*.youtube.com/subscribe_embed?*
+// ==/UserScript==
+setInterval(() => {
+    const btn = document.querySelector('.videoAdUiSkipButton,.ytp-ad-skip-button')
+    if (btn) {
+        btn.click()
+    }
+    const ad = [...document.querySelectorAll('.ad-showing')][0];
+    if (ad) {
+        document.querySelector('video').playbackRate = 10;
+    }
+}, 50)
+```
+followed by a `:greasemonkey-reload` in qutebrowser.

docs/rainloop.md

@@ -0,0 +1,105 @@
+# General
+
+[Rainloop](https://www.rainloop.net/) is a web-based email client that works with your local install of dovecot etc. Its easy to install and use.
+
+# Setting up LEMP Stack
+
+1. `apt install mariadb-server`
+2. `systemctl enable mysql`
+3. `apt install php php7.3-fpm php7.3-mysql -y`
+4. `systemctl enable php7.3-fpm` To test the php setup add the following to your site-available nginx folder. Restart nginx using `systemctl restart nginx` and add a new page called `index.php` to your homepage directory with `<?php phpinfo();?>` as the only content. If the php install worked fine, this will show you the installed php packages. Delete this afterwords.
+
+
+
+```
+	   location ~ \.php$ {
+      		include snippets/fastcgi-php.conf;
+      		fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+		}
+```
+
+# Installing rainloop
+
+1. `apt install php7.3-{curl,xml}`
+2. `wget http://www.rainloop.net/repository/webmail/rainloop-community-latest.zip`
+3. `mkdir /var/www/html/rainloop`
+4. `unzip rainloop-community-latest.zip -d /var/www/html/rainloop/`
+5. `find /var/www/html/rainloop/ -type d -exec chmod 755 {} \;`
+6. `find /var/www/html/rainloop/ -type f -exec chmod 644 {} \;`
+7. `chown -R www-data.www-data /var/www/html/rainloop/`
+8. Edit the `nginx` entry for the webmail : `vim /etc/nginx/sites-available/rainloop.conf`. Make sure that the `php` version you installed above matches the php version in line 20. It also should match the php version of the LEMP stack. Also change the hostname accordingly.
+```sh
+	server {
+ 		listen 80;
+
+	server_name webmail.hostname.xyz;
+	root /var/www/html/rainloop;
+
+        access_log /var/log/rainloop/access.log;
+        error_log /var/log/rainloop/error.log;
+
+	index index.php;
+
+	location / {
+		try_files $uri $uri/ /index.php?$query_string;
+	}
+
+	location ~ \.php$ {
+            fastcgi_index index.php;
+            fastcgi_split_path_info ^(.+\.php)(.*)$;
+            fastcgi_keep_conn on;
+      	    fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ 	}
+        location ~ /\.ht {
+            deny all;
+    }
+	location ^~ /data {
+	    deny all;
+	}
+}
+```
+10. `mkdir /var/log/rainloop`
+11. `nginx -t`
+12. `ln -s /etc/nginx/sites-available/rainloop.conf /etc/nginx/sites-enabled/`
+13. `systemctl reload nginx`
+
+# Configure RainLoop
+
+1. Go to `http:/webmail.hostname.xyz/?admin`. Here a webinterface should pop up (If not - ty to check the php install - all same versions? Is php accessible? Are the permissions set correctly?
+2. Log in using `admin` and `12345`. Strongly recommend to change that one as soon as you log in. This can be done under `Security` in the left menu.
+3. Under `Domains` add your local domains, ports and authentication method and delete the defaults.
+4. Now you should be able to log in to the client on `webmail.hostname.xyz` using your email address and password.
+
+# Add database for contacts
+
+1. `mysql -uroot -p`
+2. Add a database (copy paste each single line - change `rainlooppassword` to something proper
+```sh
+
+create database rainloopdb;
+GRANT ALL PRIVILEGES ON rainloopdb.* TO 'rainloopuser'@'localhost' IDENTIFIED BY 'rainlooppassword';
+flush privileges;
+quit
+```
+3. Go to the admin panel to `Contacts` and activate the data base
+4. Select storage `mysql` and choose as DSN `mysql:host=localhost;port=3306;dbname=rainloopdb`. The user name is `rainloopuser` and the password the password you used to set up the database.
+
+# Certbot
+
+Give the webmail client proper security using `certbot --nginx` to extend your certificate.
+
+# Increasing the upload limit
+
+To increase the maximal upload through the rainloop interface to 100 MB, we do:
+
+1. `vim /etc/php/7.3/fpm/php.ini`
+   - Set `upload_max_filesize` to `100M`
+   - Set `post_max_size` to `100M`
+2. `systemctl restart php7.3-fpm`
+3. `vim /etc/nginx/nginx.conf`
+   - Set `client_max_body_size` to `100M`
+4. `systemctl restart nginx`
+5. Go to `http:/webmail.hostname.xyz/?admin` and under `General` set `Upload size limit` to `100M`
+   - Here you can also see if the php settings worked out.

docs/restic.md

@@ -0,0 +1,117 @@
+# Restic
+
+Resitc is an encrypted, compressed and easily usable backup system.
+
+## Install Requirements
+
+- Only need to install restic on the **local** machine! All the other stuff is just ssh. The server is used as a network attached disk.
+- Upside: minimal work on the server
+- Downside: No easy way to check online for this
+
+```sh
+pacman -S restic
+```
+
+## Setup
+
+To set up a repository, the name of a backup unit in restic, run on your local machine
+
+```sh
+ restic -r sftp:user@backupserver.lan:/backups/machine_id init
+```
+
+This initializes (same way as git) the server side under the path `/backups/machine_id`.
+
+You can also initalize it with a different local path (i.e. Harddrive) using
+
+```sh
+restic init --repo /path/backups
+```
+
+For more details, [RTFM](https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#sftp).
+
+## Backup Methods
+
+To back up your system, you can use restic_files and the following command
+
+```sh
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" --files-from ~/.config/restic/restic_files --no-scan backup
+```
+
+`restic_files` is just a file containing the *patterns* or *paths* of the things to back up.
+You can also use the usual ssh config for using specific hostnames, users and ports.
+You can automate this using a simple cron-job, which runs with the regularity you like.
+The `--no-scan` option is useful to save some I/O overhead.
+For more details, [RTFM](https://restic.readthedocs.io/en/latest/040_backup.html).
+
+## Restoring from Backups
+
+To restore a full backup, run
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" --verbose restore SNAPSHOTNUMBER --target /your/fav/path
+```
+
+The snapshot number is the snapshot id you want to restore to, which you get by using
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" snapshots
+```
+
+This gives you a list of the snapshots with the dates and id's.
+
+You can use `--exclude` and `--include` for the specific inclusion/exclusion of single files or folders. This allows to restore **single files**.
+Here the files/folders have to be given using the path inside the snapshots. If you dont remember them, use `restic -r ..... ls latests` or `restic -r ... find filename`.
+
+You can also mount the snapshots using
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" mount /your/fav/mountpoint
+```
+With this, you can browse the different snapshots. For this [`fusermount`](https://archlinux.org/packages/extra/x86_64/fuse2/) has to be installed.
+
+For more details, [RTFM](https://restic.readthedocs.io/en/latest/050_restore.html).
+
+## Keeping an overview
+
+You can **list** all snapshots using
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" snapshots
+```
+
+You should regularly **check the health** of your backups! This can be done by
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" check
+```
+This however just checks if the structure is okay. If you want to check, if all the data files are unmodified and in tact, this can be done using
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" check --read-data
+```
+This however might take some time.
+
+
+If you want to **remove** some files from the snapshots, you can use
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" rewrite --exclude /path/to/wrongly/added/file SNAPSHOTNUMBER
+```
+
+[RTFM](https://restic.readthedocs.io/en/latest/045_working_with_repos.html) for more info.
+
+If you want to remove complete snapshots, either because they are old enough that you dont care anymore, or for other reasons, this can be done using
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" forget SNAPSHOTNUMBER
+```
+To also delte the data that is not needed anymore by any snapshot, run
+
+```
+restic -r sftp:user@backupserver.lan:/backups/machine_id --password-command "pass homeserver/restic/T490" prune
+```
+
+To combine both, use the `--prune` flag for the `forget` command.
+See [here](https://restic.readthedocs.io/en/latest/060_forget.html) for more info.
+The selection can be automated using `--keep-last` and `--keep-{hourly, daily, weekly, monthly, yearly}` flags to the `forget` command. For details see [here](https://restic.readthedocs.io/en/latest/060_forget.html#removing-snapshots-according-to-a-policy).

docs/ssh.md

@@ -1,6 +1,4 @@
 # General
-
-SSH is a helper utensil to connnect to remote servers.
 The basic syntax is
 ```
 ssh user@domain
@@ -51,19 +49,27 @@ If you need to connect to an access server before connecting to the actual serve
 
 ```
 IgnoreUnknown AddKeysToAgent,UseKeychain
+```
 
 ## All EXEMPLUM-COMPANY
+```
 Host EXEMP*
   User username
   IdentityFile ~/.ssh/id_rsa
   AddKeysToAgent yes
   UseKeychain yes
+```
 
 ## Access server
+
+```
 Host EXEMPaccess
   HostName login.example.com
+```
 
 ## Working server
+
+```
 Host EXEMPwork
   HostName work.example.com
   proxycommand ssh -CW %h:%p EXEMPaccess ## access server

index.md

@@ -2,14 +2,39 @@
 Install instructions, configuration methods and much more for the setup of an usefull operating system.
 Happy to accept pull requests for new topics!
 
-# Programs
-
+# Desktop Programs
+- [Laptop Setup](docs/LaptopSetup.md) General tips and tricks around the quirks of Arch on a Laptop.
 - [qutebrowser](docs/qutebrowser.md)
-    A highly customizable keyboard focused webbrowser using vim bindings
+    highly customizable keyboard focused webbrowser using vim bindings
 - [vimwiki](docs/vimwiki.md)
-    A wiki script for vim
-- [weechat](docs/weechat.md) A TUI client for matrix
+    wiki script for vim
+- [weechat](docs/weechat.md) TUI client for matrix
+- [git](docs/GIT.md) version control software
+- [neomutt](docs/neomutt.md) highly customizable TUI email client
+- [nvidia](docs/nvidia.md) Various recommendations for setting up NVIDIA drivers
+- [matlab](docs/matlab.md) A proprietary but extensive python alternative with integrated IDE
+- [JohnTheRipper](docs/johntheripper.md) A password cracker
+- [pass](docs/pass.md) A password manager
+- [beancount](docs/beancount.md) A ledger for text-file bookkeeping with a lot of features
+- [LUKS2 fully encrypted drive](docs/luks2.md) A fully encrypted hard-drive tutorial using a strong KDF and GRUB via grub-improved-luks2-git
+- [restic backup](docs/restic.md) A backup software
+
+# Server
+- [server](docs/ServerSetup.md) short guide for hosting a server
+- [php](docs/php.md) short guide for getting php up and running with nginx
 - [ssh](docs/ssh.md) ssh configuration
+- [git](docs/GIT.md) version control software
+- [rainloop](docs/rainloop.md) webbased email client
+- [anki sync server](docs/anki_sync_server.md) personal sync server for anki, a spaced repetition learning program
+- [docker](docs/docker.md) General tips and tricks around the container manager
+- [Searx](docs/Searx.md) A meta searchengine which respects privacy. Arch setup guide.
+- [Nextcloud](docs/Nextcloud.md) A self-hosted cloud solution. Installation (on Arch), configuration, and usage tips.
+
+=======
+- [calcurse sync](docs/calDAV.md) Sync calcurse with you phone etc.
+
+# Other
+- [Chromecast with Google TV](docs/ChromecastGoogleTv.md) a neat way to disable the built-in launcher and it's baked-in ads.
 
 # Admin