dissimulo
a45f89b187
The previous snapshot of settings.json was a verbatim dump from one
Mastodon-server install — it carried allowlist entries that won't
match anywhere else and a lot of narrow rules already subsumed by
broader wildcards.
Removed (server-specific, dead weight on other hosts):
- /home/mastodon/* paths and Mastodon .env.production sed/chmod/chown
- signers.online and auto.signers.online curl/openssl probes
- mastodon-web / mastodon-streaming / mastodon-sidekiq journalctl
- n8n journalctl, windmill journalctl + binary
- /usr/local/bin/fail2ban-ignoreip and the hardcoded IP 76.95.82.63
- nslookup signers.live, nginx site-availables grep with literal paths
- /var/log/nginx/access.log* zcat probes (path-specific)
- StatusReactions / status_quoted grep over Mastodon's frontend tree
Removed (redundant, covered by broader wildcard already in the list):
- All narrow Bash(systemctl <verb>:*) entries — Bash(systemctl:*) covers
- All narrow Bash(git ...) entries — Bash(git:*) covers
- All narrow Bash(curl ...) probes — Bash(curl:*) covers
- Bash(rkhunter --update), Bash(rkhunter --propupd) — Bash(rkhunter:*) covers
- Bash(sysctl -a) — Bash(sysctl:*) covers
Kept: tmux/git/curl/sudo/find/ls/cat plus generic system-admin verbs
(systemctl, sysctl, crontab, iptables, ufw, firewall-cmd, fail2ban-client,
apt/apt-get/dpkg, mount, netstat, openssl, lsmod, last, nginx, redis-cli,
rkhunter, aideinit, getent, sqlite3, dig, ulimit, getenforce, aa-status)
plus Read(//home/**), Read(//opt/**), Read(//etc/nginx/sites-{enabled,available}/**).
Net: 5004 -> 1434 bytes (57 lines), still valid JSON, behavior on a
fresh host is identical for the kept verbs and tighter for the dropped
ones (host-specific allows just won't match anything anyway).
If you re-run install.sh on this host, the slim version replaces the
fat one; the fat one survives in ~/.drunkendotfiles.bak.<ts>/ for
recovery.
drunkendotfiles
dissimulo's dotfiles. A fork of skwp/dotfiles (YADR) with personal
configs layered on top: a custom tmux setup, irssi, fonts, GTK themes, and
assorted ~/.local/bin/ helpers.
Upstream YADR hasn't been updated in a long time; this fork refreshes it and adds machine-wide customizations.
Install
One-liner:
curl -fsSL https://gitea.dlw.la/dissimulo/drunkendotfiles/raw/branch/drunkendotfiles/install.sh | bash
Or clone first:
git clone --recurse-submodules https://gitea.dlw.la/dissimulo/drunkendotfiles.git ~/.yadr
~/.yadr/install.sh
--recurse-submodules matters: Prezto lives in zsh/prezto as a git
submodule. Without it, ~/.zshrc fails on startup with a missing
~/.zprezto/runcoms/zshrc. (If you already cloned without it,
cd ~/.yadr && git submodule update --init --recursive catches you up.)
The installer:
- Clones this repo to
~/.yadr - Runs YADR's native
rake installfor vim/prezto/plugins - Deploys the personal dotfiles on top of
$HOME, moving any collisions to~/.drunkendotfiles.bak.<timestamp>/ - Installs Claude Code (Anthropic's CLI) if it
isn't already on the machine — set
DRUNKENDOTFILES_SKIP_CLAUDE=1to skip this step
Requires git, rake (ruby), and curl.
Upgrading
Two things can be refreshed independently.
Pull new drunkendotfiles changes
cd ~/.yadr && git pull --recurse-submodules
That gets you any new config changes, tmux tweaks, helper scripts, etc. pushed to this repo, plus any bumps to the Prezto submodule pointer. Vim plugins are not touched — see below.
Refresh YADR plugins
cd ~/.yadr && rake update
rake update walks through YADR's plugin managers (Vim-plug for vim, the
Prezto submodule for zsh) and pulls down the latest versions of each.
Run this every so often, or after pulling drunkendotfiles changes that
modify the plugin list (vim/.vundles, vim/after/.vundles.after, or
the modules list in zsh/prezto-override/zpreztorc).
Redeploy personal dotfiles
If a git pull touched personal dotfiles at the repo root (e.g. a new
.tmux.conf or a new .local/bin/ helper) and you want those changes
deployed to $HOME:
~/.yadr/install.sh
It's idempotent — any files in $HOME that would be overwritten get
moved to ~/.drunkendotfiles.bak.<timestamp>/ first.
Full refresh in one shot
cd ~/.yadr && git pull && rake update && ./install.sh
What's included
On top of stock YADR:
.tmux.conf— real file (not the YADR symlink), with internal/public IP in the status bar and 80k-line scrollback.local/bin/tmux-ip— helper used by.tmux.conf; prefers a DigitalOcean reserved/floating IP if the host is a droplet with one attached, falls back to public egress (ipify) and then first local IP.irssi/— IRC client config (no credentials committed).fonts/— Inconsolata, Menlo-Powerline, mensch-Powerline, monof55/56.themes/— BlackMATE v2 / v2.2 / "The Blues" GNOME metathemes- Shell RCs (
.bashrc,.profile,.zshenv.backup,.zshrc.backup, etc.) - X/WM configs (
.xscreensaver,.xmodmap,.xsnowrc,.weatherspect,.fehbg) - Misc:
.rainbow_config.json(rainbowstream),.nanorc,.selected_editor,.mplayer/config,.jigdo-lite
Upstream
Base is skwp/dotfiles (YADR — Yet Another Dotfiles Repo). All credit
for the vim/zsh/tmux/irb foundations goes to Yan Pritzker and YADR
contributors. This repo tracks a snapshot of upstream master at
630d39f (the last commit there as of this fork).
To refresh from upstream later:
cd ~/.yadr
git remote add upstream https://github.com/skwp/dotfiles.git
git fetch upstream
# then rebase or merge upstream/master into drunkendotfiles as needed
License
YADR content is under YADR's license (upstream). Personal additions in this fork are released under the same terms.