I guess I play GA now

.bashrc

@@ -0,0 +1,106 @@
+#
+# ~/.bashrc
+#
+
+# If not running interactively, don't do anything
+[[ $- != *i* ]] && return
+
+# alias ls='ls --color=auto'
+# PS1='[\u@\h \W]\$ '
+
+export QT_IM_MODULE=fcitx
+export QT_IM_MODULES="wayland;fcitx;ibus"
+export GTK_IM_MODULE=fcitx
+export XMODIFIERS=@im=fcitx
+
+#jewtube-related
+function yts { yt-dlp --get-title --get-duration --get-id ytsearch10:"'$*'"; }
+function ytl { echo https://inv.riverside.rocks/watch?v=$1; }
+function ytv { echo https://inv.riverside.rocks/watch?v=$(yt-dlp --get-id ytsearch:"'$*'"); }
+function ytl2 { echo https://youtube.com/watch?v=$1; }
+function vid { vlc "https://inv.riverside.rocks/latest_version?id=$1&itag=22&local=true"; }
+#honorary jewtube
+function nts { yt-dlp --get-title --get-duration --get-id nicosearch10:"$*"; }
+
+#manga
+alias mdesu='/home/wisknort/tinker/md/mdesu/mdesu'
+alias mangadex='~/tinker/md/md.sh'
+alias md='mangadex generate_link'
+alias mds='mangadex search'
+alias mdi='mangadex information'
+alias mdc='mangadex chapter_information'
+alias mdl='mangadex download'
+alias mdu='mangadex update_from_v3_to_v5'
+
+#strong utils
+source ~/tinker/tinyscripts/creds_getter.sh
+function lyrics { python ~/tinker/lyrics-fetcher/getlyrics.py $@; }
+function pulsemagix { ~/pulsemagix.sh $*; }
+alias search=~/tinker/tinyscripts/search.sh
+alias gitmk="git push -o repo.private=false -u master master"
+alias wpfx='WINEPREFIX="$(pwd)/wpfx" wine'
+alias wpfx2='WINEPREFIX="$(pwd)/wpfx2" wine'
+function update { scp -r * root@jasmine:"$(cat .update)"; }
+function makepkgi { a="$(pwd)"; mkdir -p "/tmp/negros/src/$(basename "$a")"; cp PKGBUILD /tmp/negros/; cp -r ./. "/tmp/negros/src/$(basename "$a")/"; cd /tmp/negros/; rm "src/$(basename "$a")/PKGBUILD" "src/$(basename "$a")"/*.tar.zst; makepkg -${1:-R}; cp *.tar.zst "$a"; cd "$a"; rm -rf /tmp/negros/; }
+#image shitposting
+function catbox
+{
+	if [ "$1" = '-t' ]; then
+		shift
+		curl https://litterbox.catbox.moe/resources/internals/api.php -F time=12h -F reqtype="@$*"
+	else
+		curl -F fileToUpload="@$*" -F reqtype=fileupload https://catbox.moe/user/api.php
+	fi
+	echo ""
+}
+alias shitpost="~/tinker/tinyscripts/shitpost.sh"
+function cheat { curl "cheat.sh/$*"; }
+function unroll { magick $1 -layers CompareAny blah.png; }
+function ga
+{
+	PROG=sxiv
+	TARGET=~/Games/img.silvie.org/docs/cdn/deck-builder/
+	BLOB=$TARGET/search.json
+	if [ $1 == -r ]; then PROG=ristretto; shift; fi
+	if [ $1 == -i ]; then PROG=; shift; fi
+	if grep -Eq '[0-9a-zA-Z]{10}' <<< "$1"; then id=$1 # This format is fucking shit, just randomly capital letters on one in 50 cards.
+	else name="$*"; fi
+	
+	if [ $id -a $PROG ]; then $PROG $TARGET$id.jpg; return; fi # Can skip the search.json lookup (not really necessary)
+	if [ -z $id ]; then data=`jq '.[]|select(.n=="'"$name"'")' < $BLOB`; fi
+	if [ -z $PROG ]; then jq <<< "$data"; return; fi
+	$PROG $TARGET`jq -r .u <<< "$data"`.jpg
+}
+
+#fun
+function space { python -c "print(\" \".join(\"$*\"))"; }
+function cap { python -c "a=\"$*\"; print(\"\".join([a[i].lower() if i%2 else a[i].upper() for i in range(len(a))]))"; }
+function vandalise { rev <<< $*; }
+function xyzzy { echo "Nothing happens."; }
+alias pentest="curl -H 'user-agent:rakkatakkamuthafakka'"
+
+#fedi
+alias fedifind="python ~/tinker/fedi/fedi_finder.py -c ~/tinker/fedi/misc/userids"
+function fedidl { a=$(curl -sLH "Accept:application/activity+json" $1 | jq -r '.attachment[] | .url'); if [ "$2" = "-p" ]; then echo $a; else wget $a; fi; }
+alias att="~/tinker/fedi/get_attachments.sh"
+function fedii { curl -sLH "Accept:application/activity+json" $1 | jq; }
+function mxc { [ -z $INSTANCE ] && creds matrix harpy; echo "https://$INSTANCE/_matrix/media/v3/download/$*"; }
+
+#low-frequency
+eval "$(thefuck --alias)"
+alias dedupe='python ~/deduper.py'
+alias tra="traceroute -6"
+function tapas { wget $(curl $1 | grep -oE data-src=\".+\" | grep -oE h.+g); }
+function mnotif { [ -z $1 ] && jq -r 'keys | .[]' < ~/tinker/matrix/matrix.conf; [ -z $1 ] || curl https://$(jq -r ".$1.instance" < ~/tinker/matrix/matrix.conf)/_matrix/client/r0/notifications -H "Authorization:Bearer $(jq -r ".$1.access_token" < ~/tinker/matrix/matrix.conf)" | jq '.notifications | .[] | (.room_id+", "+(.ts | tostring)+", "+.event.sender+": "+.event.content.body),""'; }
+function tlcard { a="$*"; read oid lang <<< "$(curl -s "https://api.scryfall.com/cards/named?fuzzy=${a/ /+}" | jq -r '.oracle_id+" "+(["en","ja"]-[.lang])[0]')"; curl -s "https://api.scryfall.com/cards/search?order=released&q=oracleid:$oid+lang:$lang&unique=prints" | jq -r '.data[0] | .printed_name // .name, .printed_type_line // .type_line, .printed_text // .oracle_text'; }
+function waypon { sudo rc-service waycontainer start; WAYLAND_DISPLAY=wayland-1 waydroid show-full-ui; }
+function video_extract { ffmpeg -ss $1 -to $2 -i $3 $4; }
+function reread_rss { sqlite3 ~/.local/share/liferea/liferea.db 'select items.title,parent_node_id,node.title from items join node on parent_node_id=node.node_id where date > '`date +%s`"-${1:-86400} and parent_node_id<>'bfqeltc' order by date desc;"; }
+function cover_fix { if [ -z "`ls cover_large* 2>/dev/null`" ]; then rename cover cover_large *; fi; magick cover_large* -resize $1x$1 cover.png; }
+
+#deprecated
+#function nhen { echo https://nhentai.net/g/$1; }
+#alias genyprox="mitmproxy --mode socks5 --listen-port 8050"
+#alias genyprox2="mitmproxy --mode socks5 --listen-port 8051"
+#alias ztr="sudo rc-service zerotier-one restart"
+#function zino { curl -iX PUT 'http://conduit.rakka.tk/_matrix/client/r0/rooms/!bXiARHQYqPBOdJRzTd:matrix.org/send/m.room.message/'$1 -H "Authorization:Bearer $TOKE" --json "{\"msgtype\":\"m.text\",\"body\":\"$(cat)\"}" && echo ''; }

creds_getter.sh

@@ -1,6 +1,7 @@
 function _scan_config
 {
-	c="$HOME/.config/"; i=0 # for funny wc -l
+	c="$HOME/.config/"
+	i=0 # funny wc -l
 	while read dirname; do
 		if [ -d "$c$dirname" -a -a "$c$dirname/accounts" ]; then
 			dirs[$i]="$dirname"

ga_silvie_to_cockatrice.sh

@@ -0,0 +1,55 @@
+# Only really need to remove sets.*. head/cards get reinitialised anyway, 05 only gets written once so always reinits, and pics basically doesn't change unless it's broken.
+rm -r head.xml cards.xml sets.csv sets.xml 05.ga.xml pics
+
+echo '<?xml version="1.0" encoding="UTF-8"?>
+<cockatrice_carddatabase version="4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<info>
+		<author>Zergling_man</author>
+		<createdAt>'"`date -Iseconds`"'</createdAt>
+		<sourceUrl>https://github.com/ItsSilvie/img.silvie.org/</sourceUrl>
+		<sourceVersion>'"`git log | head -n 1 | awk '{ print $2 }'`"'</sourceVersion>
+	</info>
+<sets>' > head.xml
+echo '</sets>
+<cards>' > cards.xml
+
+for id in `jq -r '.[]|.u' < search.json`; do
+jq -r '"	<card>
+		<name>"+.name+"</name>
+		<text>"+.effect_raw+"</text>
+		<prop>"+if .power==null and (.life//.durability)==null then "" else "
+			<pt>"+(.power//""|tostring)+"/"+((.life//.durability//"")|tostring)+"</pt>" end+"
+			<type>"+({"null":"","false":"Slow ","true":"Fast "}[.speed|tostring])+(.types|join(" "))+" - "+(.subtypes|join(" "))+"</type>
+			<maintype>"+.types[0]+"</maintype>
+			<cmc>"+((.cost_reserve//.cost_memory)|tostring)+"</cmc>
+			<manacost>"+((.cost_reserve//.cost_memory)|tostring)+"</manacost>"+if .elements==["NORM"] then "" else "
+			<colors>"+(.elements|map({"NORM":"","WATER":"U","FIRE":"R","WIND":"G","EXALTED":"W","ARCANE":"B","ASTRA":"B","CRUX":"B","EXIA":"B","LUXEM":"B","NEOS":"B","TERA":"B","UMBRA":"B"}[.])|join(""))+"</colors>
+			<coloridentity>"+(.elements|map({"NORM":"","WATER":"U","FIRE":"R","WIND":"G","EXALTED":"W","ARCANE":"B","ASTRA":"B","CRUX":"B","EXIA":"B","LUXEM":"B","NEOS":"B","TERA":"B","UMBRA":"B"}[.])|join(""))+"</coloridentity>" end+"
+		</prop>
+		"+(.editions|map("<set rarity=\""+["common","uncommon","rare","mythic","special","bonus","mythic","mythic","mythic"][.rarity-1]+"\">"+.set.prefix+"</set>")|join("
+		"))+"
+		<tablerow>"+if (.cost_memory != null) then "1" else "2" end+"</tablerow>
+	</card>"' < $id.json >> cards.xml
+	IFS=, read set name <<< "`jq -r '.editions[0].set.prefix+","+.name' < $id.json`"
+	install -d "pics/$set"
+	cp $id.jpg "pics/$set/$name.jpg"
+	jq -r '.editions[]|.set|.prefix+","+.name+","+.release_date' < $id.json >> sets.csv
+done
+
+cat sets.csv | sort | uniq > sets2.csv
+mv sets2.csv sets.csv
+
+while read line; do
+	IFS=, read pfx name date <<< "$line"
+	echo '<set>
+	<name>'"$pfx"'</name>
+	<longname>'"$name"'</longname>
+	<settype>Grand Archive</settype>
+	<releasedate>'"`date -d $date -I`"'</releasedate>
+</set>' >> sets.xml
+done < sets.csv
+
+echo '</cards>
+</cockatrice_carddatabase>' >> cards.xml
+
+cat head.xml sets.xml cards.xml > 05.ga.xml

mkcerts.sh

@@ -19,7 +19,7 @@ function hex2bin { cat | sed 's/\([0-9a-f]\{2\}\)/\\\\\\x\1/g' | xargs printf; }
 
 # UTILS
 
-function getCAURLs
+function get_CA_URLs
 {
 	declare -A CAs
 	CAs[LE]=https://acme-v02.api.letsencrypt.org/directory
@@ -31,11 +31,13 @@ function getCAURLs
 	CAs[sslcom_ecc]=https://acme.ssl.com/sslcom-dv-ecc
 	CAs[jewgle]=https://dv.acme-v02.api.pki.goog/directory
 	CAs[jewgletest]=https://dv.acme-v02.test-api.pki.goog/directory
-	endpoints=$(curl -s ${CAs[$1]})
+	CA=$1
-	export endpoints # I don't know if this works
+	endpoints=$(curl -s ${CAs[$CA]})
+	export CA
+	export endpoints # I don't know if this works, or if it matters
 } # $1=LE
 
-function readACME
+function read_ACME
 {
 	# Extract signature info from key:
 	read hex exp <<< $(openssl rsa -in account.key -noout -text | tr -d ': \r\n' | sed -E 's/^.*modulus00([a-f0-9]+)publicExponent[0-9]+\(0x([0-9a-f]+)\).*$/\1 \2/')
@@ -48,16 +50,16 @@ function readACME
 	thumb=$(echo -n "$jerk" | tr -d ' ' | short256 | hex2bin | b64u) # How many times can you b64 a bowl of ramen before it begins questioning its existence
 }
 
-function loadkid
+function load_kid
 {
 	kid=$1
-	if [ -z "$kid" -a -e "kid" ]; then kid=$(cat kid); fi
+	if [ -z "$kid" -a -e "$CA.kid" ]; then kid=$(cat $CA.kid); fi
 	if [ -n "$kid" ]; then
 		sig='{"alg": "RS256", "kid": "'$kid'"}'
 	fi
 }
 
-function getNonce
+function get_nonce
 {
 	# Get a nonce (nigger):
 	nonce_resp=$1
@@ -67,86 +69,137 @@ function getNonce
 	grep -i 'replay-nonce' <<< "$nonce_resp" | tr -d "\r" | grep -Eo '[0-9a-zA-Z_\-]+$' # Fucking Windows line endings
 }
 
+# ZONEFILE UTILS
+function czf { sed -i '/_ACME-CHALLENGE/d' "$1"; } # clear zone file
+function szf # setup zone file
+{
+	file=$1
+	shift
+	for tok in $@; do
+		echo _ACME-CHALLENGE	300	TXT	$(echo -n "$tok.$thumb" | short256 | hex2bin | b64u) >> $file
+	done
+}
+function usoa # update SOA
+{
+	inc=$(grep -Eo 'SOA	[^	]+	[^	]+	[0-9]+' $1 | grep -Eo '[0-9]+$')
+	sed -i 's/SOA\t\([^\t]*\)\t\([^\t]*\)\t[0-9]*/SOA	\1	\2	'$((inc+1))'/' $1
+}
+
 # CHALLENGES
 
-function order
+function complete_challenges
 {
-	readACME # get thumb. It fucks up sig but I don't care, sendreq fixes it.
+	read_ACME # get thumb. It fucks up sig but I don't care, send_req fixes it.
-	declare -a urls
+	declare -A chals toks
-	i=0
+	urls=$(jq -r '.[]' <<< "$1")
-	doms=$(jq -r '.[]' <<< "$1")
+	while read url; do
-	while read dom; do
+		read dom chalurl tok <<< "$(send_req $url | jq -r '.identifier.value+" "+(.challenges | .[] | select(.type == "dns-01") | .url+" "+.token)')"
-		urls[$i]=$(challenge "$(sendreq $dom)") # this is meant to be signed but it seems to work without it...? But sign it just in case it's a test-only thing.
+		chals[$dom]="${chals[$dom]}$(base64 -w 0 <<< "$chalurl");"
-		i=$((i+1))
+		toks[$dom]="${toks[$dom]}$(base64 -w 0 <<< "$tok");"
-	done <<< "$doms"
+	done <<< "$urls"
-	systemctl reload named # Actually update DNS for real final7
+	for dom in ${!toks[@]}; do
-	sleep 120 # Wait for DNS to update. Generally it won't have been requested in ages so it won't be in any caches.
+		apply_challenge $dom ${toks[$dom]}
-	for url in ${urls[@]}; do
-		sendreq $url '{}' | jq '(.validationRecord | map(.hostname) | join(" "))+" "+.status' # need empty dict to tell server to validate challenge, empty body only checks status. Just another certified ACME moment.
 	done
-	sleep 30 # Wait for challenges to complete - the previous call can return before the challenge completes.
+	systemctl reload named # Actually update DNS for real final7
-	for url in ${urls[@]}; do
+	declare -a pending pending2
-		sendreq $url | jq '(.validationRecord | map(.hostname) | join(" "))+" "+.status'
+	for dom in ${!chals[@]}; do
+		IFS=';' read -a chalurls <<< ${chals[$dom]}
+		for chalurl in ${chalurls[@]}; do
+			sleep 1 # Spam a bit less
+			rurl=$(base64 -d <<< $chalurl)
+			send_req $rurl '{}' > /dev/null # need empty dict to tell server to validate challenge, empty body only checks status. Just another certified ACME moment.
+			pending+=("$rurl")
+		done
+	done
+	# now we wait for validations
+	echo "beginning validation" >&2
+	echo "pending list contains: ${pending[@]}" >&2
+	dirty=1
+	timer=10
+	backoff=1
+	tick=0
+	while [ $dirty -gt 0 ]; do
+		dirty=0
+		for url in ${pending[@]}; do
+			sleep 1
+			echo "checking $url" >&2
+			oof=$(send_req $url)
+			oof2=$(jq -r .status <<< "$oof")
+			nonce=$(get_nonce) # For some reason checking status doesn't come back with a nonce, or comes back with same nonce.
+			if [ $oof2 != valid ]; then dirty=1; pending2+=("$url"); echo -n "in" >&2; fi
+			echo "valid" >&2
+		done
+		pending=("${pending2[@]}")
+		pending2=()
+		echo "sleeping for $timer" >&2
+		sleep $timer # This gets slower each iteration, to spam the server less
+		timer=$(($timer+$backoff))
+		tick=$(($tick+1))
+		echo "tick: $tick, backoff: $backoff" >&2
+		if [ $tick -ge $backoff ]; then tick=0; backoff=$(($backoff+1)); fi
 	done
 }
 
-function challenge
+function apply_challenge
 {
-	read dom url tok <<< $(jq -r '.identifier.value+" "+(.challenges | .[] | select(.type == "dns-01") | .url+" "+.token)' <<< "$1")
+	echo "applying challenge for $1: $2" >&2
-	tik=$(echo -n "$tok.$thumb" | short256 | hex2bin | b64u)
+	dnsname="/var/named/$(ifsrev $1 .).zone"
-	dnsname="/var/named/$(ifsrev $dom .).zone"
+	czf $dnsname
-	inc=$(grep -Eo 'SOA	[^	]+	[^	]+	[0-9]+' $dnsname | grep -Eo '[0-9]+$')
+	szf $dnsname $(tr ';' '\n' <<< $2 | base64 -d | tr '\n' ' ') # Actually update the DNS
-	if ! grep -i _ACME-CHALLENGE $dnsname > /dev/null; then echo >> $dnsname; echo "_ACME-CHALLENGE	300	TXT	aa" >> $dnsname; fi
+	usoa $dnsname # And don't forget to update the SOA number
-	sed -i -e 's/^_ACME-CHALLENGE	300	TXT	.*$/_ACME-CHALLENGE	300	TXT	'$tik'/' -e 's/SOA\t\([^\t]*\)\t\([^\t]*\)\t[0-9]*/SOA	\1	\2	'$((inc+1))'/' $dnsname # Actually update the DNS
-	echo $url # Then give back the verification URL to be used later
 }
 
 # CORE ACTIONS
 
-function genACMEkey { openssl genrsa -traditional 2048 > account.key; }
+function gen_ACME_key { openssl genrsa -traditional 2048 > account.key; }
 
-function registerAcc
+function register_acc
 {
 	# Create account:
-	readACME
+	read_ACME
 	url=$(echo $endpoints | jq -r .newAccount)
-	req='{"termsOfServiceAgreed": true, "contact": ["mailto:zerglingman@fedora.email"]}'
+	req='{"termsOfServiceAgreed": true, "contact": ["mailto:zerglingman@fedora.email"], "externalAccountBinding":"zerglingman@fedora.email"}'
-	out=$(sendreq "$url" "$req" yes)
+	out=$(send_req "$url" "$req" yes)
+	echo $out >&2
 	loc=$(grep -i 'location' <<< "$out" | grep -io http.*$)
-	loadkid $loc
+	load_kid $loc
 	echo $loc
 }
 
-function getcert
+function get_cert
 {
 	conf=$1
 	shift
 	url=$(echo $endpoints | jq -r .newOrder)
 	req='{"identifiers": ['
 	for n in $@; do
-		req=$req'{"type": "dns", "value": "'$n'"}, '
+		req=$req'{"type": "dns", "value": "'$n'"}, {"type": "dns", "value": "*.'$n'"}, ' # Do not put wildcard domains in; this will do it automatically. You still need to put them in the nuconf.
 	done
 	req=${req:0:-2}']}'
-	order=$(sendreq $url "$req")
+	order=$(send_req $url "$req" yes)
+	headers=$(sed -n 1,/^$/p <<< "$order")
+	order=$(sed 1,/^$/d <<< "$order")
 	# I can just access the headers lol
-	orderurl=$(grep -i location <<< "$req_heads" | grep -io http.*$)
+	# No I can't, assfucked by subshells again
+	orderurl=$(grep -i location <<< "$headers" | grep -io http.*$)
+	echo "order URL is: $orderurl" >&2
 	auths=$(jq '.authorizations' <<< "$order")
 	finalise=$(jq -r '.finalize' <<< "$order")
-	order "$auths"
+	complete_challenges "$auths"
 	openssl req -new -key live.key -out live.csr -sha256 -noenc -config $conf -outform DER
 	# I guess I should just include the conf file
-	sendreq $finalise '{"csr":"'$(cat live.csr | b64u)'"}'
+	send_req $finalise '{"csr":"'$(cat live.csr | b64u)'"}'
-	certurl=$(sendreq $orderurl | jq -r .certificate)
+	certurl=$(send_req $orderurl | jq -r .certificate)
 	curl $certurl > out.crt
 }
 
 # SERVER COMMUNICATION
 
-function sendreq
+function send_req
 {
-	loadkid # Just to make sure the sig is set correctly. It won't overwrite it unless it should be.
+	load_kid # Just to make sure the sig is set correctly. It won't overwrite it unless it should be.
 	url=$1; if [ -n "$2" ]; then req=$(b64u <<< "$2"); else req=""; fi
-	if [ -z "$nonce" ]; then nonce=$(getNonce); fi
+	if [ -z "$nonce" ]; then nonce=$(get_nonce); fi
 	data=$(jq '.+{"nonce":"'$nonce'","url":"'$url'"}' <<< "$sig" | tr -d '\r\n' | tr -s ' ' ' ' | sed -e 's/{ /{/g' -e 's/ }/}/g') # Keys don't need to be sorted here, but they still are.
 	# I don't know why the URL has to be in the body that is sent to the URL.
 	# ACME is a terrible protocol.
@@ -156,14 +209,14 @@ function sendreq
 	req_resp=$(curl -isH "Content-type:application/jose+json" $url --data "$mexican" | tr -d "\r") # Here is the line that does the work
 	req_heads=$(sed -n 1,/^$/p <<< "$req_resp")
 	req_resp=$(sed 1,/^$/d <<< "$req_resp")
-	nonce=$(getNonce "$req_heads")
+	nonce=$(get_nonce "$req_heads")
-	if [ -n "$3" ]; then echo "$req_heads"; fi
+	if [ -n "$3" ]; then printf "$req_heads"; echo; echo; fi
 	echo $req_resp
 }
 
 # MAIN
 
-getCAURLs $1
+get_CA_URLs $1
 shift
-loadkid
+load_kid
-$*
+$@

nuconf

@@ -0,0 +1,49 @@
+#This bit doesn't work for some reason, it complains about xmppAddr already existing, but then generates errors below because it doesn't exist, so fuck it, magic number.
+#oid_section             = new_oids
+#[ new_oids ]
+# RFC 6120 section 13.7.1.4 defines this OID
+#xmppAddr = 1.3.6.1.5.5.7.8.5
+
+[ req ]
+
+default_bits            = 2048
+distinguished_name      = distinguished_name
+req_extensions          = v3_extensions
+x509_extensions         = v3_extensions
+
+# don't ask about the DN
+prompt = no
+
+[ distinguished_name ]
+
+countryName                     = AU
+stateOrProvinceName             = TAS
+
+commonName                      = rakka.au
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+keyUsage                        = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName                  = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+DNS.0 = rakka.au
+otherName.0 = 1.3.6.1.5.5.7.8.5;UTF8:rakka.au
+
+#Append the following for a server which handles multiple domain names:
+DNS.1 = harpy.faith
+otherName.1 = 1.3.6.1.5.5.7.8.5;UTF8:harpy.faith
+DNS.2 = botegirl.parts
+otherName.2 = 1.3.6.1.5.5.7.8.5;UTF8:botegirl.parts
+
+DNS.3 = *.rakka.au
+otherName.3 = 1.3.6.1.5.5.7.8.5;UTF8:*.rakka.au
+DNS.4 = *.harpy.faith
+otherName.4 = 1.3.6.1.5.5.7.8.5;UTF8:*.harpy.faith
+DNS.5 = *.botegirl.parts
+otherName.5 = 1.3.6.1.5.5.7.8.5;UTF8:*.botegirl.parts

search.sh

@@ -4,6 +4,7 @@ sources[gelb]="https://gelbooru.com/index.php?page=post&s=list&tags="
 sources[wiki]="https://en.wikipedia.org/w/index.php?title=Special:Search&fulltext=Search&ns0=1&go=Go&search="
 sources[gfl]="https://iopwiki.com/index.php?title=Special:Search&go=Go&search="
 sources[nyaa]="https://nyaa.si/?f=0&c=1_2&q="
+sources[nyaa2]="https://nyaa.si/?f=0&c=3_3&q="
 sources[itch]="https://itch.io/search?q="
 sources[bandcamp]="https://bandcamp.com/search?q="
 sources[pip]="https://pypi.org/search/?q="
@@ -11,9 +12,17 @@ sources[fdroid]="https://search.f-droid.org/?lang=en&q="
 sources[wiby]="http://wiby.me/?q="
 sources[arch]="https://wiki.archlinux.org/index.php?go=Go&search="
 sources[mal]="https://myanimelist.net/anime.php?cat=anime&type=0&score=0&status=0&p=0&r=0&sm=0&sd=0&sy=0&em=0&ed=0&ey=0&c%5B%5D=a&c%5B%5D=b&c%5B%5D=c&c%5B%5D=f&q="
+sources[meta]="https://metager.org/meta/meta.ger3?eingabe="
+sources[jaded]="http://thejadednetwork.com/sfx/search/?submitSearch=Search+SFX&x=&keyword="
+sources[vndb]="https://vndb.org/v?sq="
+sources[jeek]="https://www.mojeek.com/search?q="
+sources[dlraw]="https://dlraw.to/search/"
+sources[4get]="https://4get.ca/web?s="
+sources[4geti]="https://4get.ca/images?s="
 #https://apibay.org/q.php?cat=&q=
 #https://apibay.org/t.php?id=
 mag() { echo "magnet:?xt=urn:btih:$1&dn=${*:2}&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.bittor.pw%3A1337%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=udp%3A%2F%2Fbt.xxx-tracker.com%3A2710%2Fannounce&tr=udp%3A%2F%2Fpublic.popcorn-tracker.org%3A6969%2Fannounce&tr=udp%3A%2F%2Feddie4.nl%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Fp4p.arenabg.com%3A1337%2Fannounce&tr=udp%3A%2F%2Ftracker.tiny-vps.com%3A6969%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce"; }
+
 function smolhelp()
 {
 	echo "Known search engines: ${!sources[@]}"

shitpost.sh

@@ -0,0 +1,18 @@
+sp_porn="";
+sp_path="";
+sp_file="";
+while getopts "np:l" o;do case "${o}" in
+	n) sp_porn="nsfw/";;
+	p) sp_path="$OPTARG";;
+	l) sp_file="/home/wisknort/Flashy/Pics/puush/$(ls -t /home/wisknort/Flashy/Pics/puush | head -1)";;
+esac done
+shift $((OPTIND-1))
+if [ -z $sp_file ]; then sp_file="$1"; fi
+if [ -z $sp_path ]; then sp_path=$(basename "$sp_file"); fi
+sp_targ="/static/pics/$sp_porn$sp_path"
+scp "$sp_file" jasmine:"/srv/http$sp_targ"
+ssh jasmine chown http:http "'/srv/http$sp_targ'"
+ssh jasmine chmod 664 "'/srv/http$sp_targ'"
+echo "http://rakka.au$sp_targ" | sed 's/ /%20/g' - -
+
+#desu.si, catbox.moe, bunkr.cr

updateLE.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+function ch { chown $1 $3; chmod $2 $3; }
+
+./mkcerts.sh LE get_cert nuconf rakka.au harpy.faith botegirl.parts
+cp -f out.crt /srv/http/certs/fag.crt
+ch http:http 644 /srv/http/certs/fag.crt
+cp -f out.crt /etc/prosody/certs/harpy.faith/fullchain.pem
+ch prosody:jabber 600 /etc/prosody/certs/harpy.faith/fullchain.pem
+cp -f out.crt /srv/email/certs/fag.crt
+ch root:smtpd 640 /srv/email/certs/fag.crt
+
+./mkcerts.sh LE get_cert nerdconf nerdshope.au
+cp -f out.crt /srv/http/certs/nerd.crt
+ch http:http 644 /srv/http/certs/nerd.crt
+cp -f out.crt /srv/email/certs/nerd.crt
+ch root:smtpd 640 /srv/email/certs/nerd.crt
+
+systemctl reload nginx
+systemctl reload prosody
+systemctl restart smtpd
+systemctl reload dovecot