Update scripts and deploy with gnu stow

stow/etc/dconf/db/local.d/99-hartmanlab

@@ -0,0 +1,75 @@
+#/etc/dconf/db/local.d/99-hartmanlab
+
+[org/mate/desktop/background]
+primary-color='rgb(59,110,165)'
+color-shading-type='solid'
+picture-filename=''
+
+[org/mate/desktop/font-rendering]
+antialiasing='rgba'
+hinting='slight'
+
+[org/mate/desktop/media-handling]
+automount=false
+automount-open=false
+autorun-never=true
+
+[org/mate/desktop/interface]
+gtk-decoration-layout='menu:minimize,maximize,close'
+font-name='Liberation Sans 10'
+monospace-font-name='Liberation Mono 10'
+document-font-name='Liberation Sans 10'
+enable-animations=false
+gtk-enable-animations=false
+gtk-theme='BlueMenta'
+
+[org/mate/screensaver]
+lock-enabled=false
+
+[org/mate/panel/general]
+default-layout='hartmanlab'
+toplevel-id-list=['bottom']
+
+[org/mate/panel/objects/clock/prefs]
+format='12-hour'
+
+[org/mate/panel/toplevels/bottom]
+orientation='bottom'
+y-bottom=0
+
+[org/mate/mate-menu]
+applet-text=''
+plugins-list=['places','system_management', 'newpane', 'applications', 'newpane', 'recent']
+
+[org/mate/mate-menu/plugins/applications]
+last-active-tab=1
+
+[org/mate/mate-menu/plugins/places]
+show-computer=false
+
+[org/mate/mate-menu/plugins/system_management]
+show-control-center=false
+show-lock-screen=true
+show-package-manager=false
+show-quit=false
+show-terminal=true
+
+[org/mate/marco/general]
+compositing-manager=false
+action-double-click-titlebar='toggle_maximize'
+button-layout='menu:minimize,maximize,close'
+num-workspaces=4
+theme='BlueMenta'
+titlebar-font='Liberation Sans Bold 11'
+
+[org/mate/caja/desktop]
+font='Liberation Sans 10'
+
+[org/mate/caja/preferences]
+always-use-location-entry=true
+default-folder-viewer='list-view'
+show-backup-files=true
+
+[org/mate/notification-daemon]
+popup-location='bottom_right'
+theme='slider'

stow/etc/dconf/db/local.d/locks/99-hartmanlab

@@ -0,0 +1,2 @@
+#/etc/dconf/db/local.db/locks/99-hartmanlab
+/org/mate/mate-menu/plugins-list

stow/etc/fail2ban/jail.local

@@ -0,0 +1,11 @@
+[DEFAULT]
+bantime = 30m
+bantime.multipliers = 1 2 4 8 16 32 64
+findtime  = 60m
+maxretry = 3
+ignoreip = 127.0.0.0/8 10.0.0.0/8 138.26.0.0/16 
+banaction = iptables-multiport
+
+[sshd]
+enabled = true
+port = ssh

stow/etc/fstab

@@ -0,0 +1,18 @@
+# /etc/fstab
+#
+# Accessible filesystems, by reference, are maintained under '/dev/disk'
+# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
+#
+UUID=c6c096c8-d635-4890-a080-5de8c88b5441       /                               ext4    defaults 1 1
+UUID=1C8B-AF1E                                  /boot/efi                       vfat    umask=0077,shortname=winnt 0 0
+UUID=32e4f38a-8097-433b-878f-2096f9cad6d5       swap                            swap    defaults 0 0
+UUID=d9f4c4c5-41d5-463d-abf9-b2070e5d3acc       /mnt/array                      btrfs   defaults,compress=zstd:2,x-gvfs-hide,nofail,x-systemd.device-timeout=180s,discard=async,X-fstrim.notrim 0 0
+UUID=d9f4c4c5-41d5-463d-abf9-b2070e5d3acc       /mnt/data                       btrfs   defaults,subvol=data,compress=zstd:2,x-gvfs-show,nofail,x-systemd.device-timeout=180s,discard=async,X-fstrim.notrim 0 0
+UUID=8d4bf94c-f307-40b1-8315-5b15f041c120       /mnt/backup                     btrfs   defaults,compress=zstd:2,nofail,discard=async,X-fstrim.notrim 0 0
+#UUID=6E323E4F323E1C91                          /media/ext1                     ntfs-3g defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0
+#UUID=8433-7BB5                                 /media/ext2                     vfat    defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0
+#UUID=F474B7AA74B76DCC                          /media/ext3                     ntfs-3g defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0
+#UUID=12C23AD8C23AC031                          /media/ext4                     ntfs-3g defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0
+#UUID=829AF4939AF484C7                          /media/ext5                     ntfs-3g defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0
+#UUID=0628B809375069C3                          /media/ext6                     ntfs-3g defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0
+#UUID=686A557F6A554B48                          /media/ext7                     ntfs-3g defaults,user,nofail,x-systemd.device-timeout=1,uid=root,gid=smbgrp,dmask=002,fmask=002 0 0

stow/etc/samba/smb.conf

@@ -0,0 +1,22 @@
+[global]
+workgroup = WORKGROUP
+server string = Samba Server %v
+netbios name = hartmanlab
+security = user
+map to guest = bad user
+dns proxy = no
+#============================ Share Definitions ============================== 
+[data]
+path = /mnt/data
+valid users = @smbgrp
+browseable = yes
+writeable = yes
+guest ok = no
+
+
+# Special homes share (do not edit!)
+[homes]
+comment = Home Directories
+browseable = yes
+valid users = %S
+writeable = yes

stow/etc/ssh/sshd_config

@@ -0,0 +1,137 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin no
+#StrictModes yes
+MaxAuthTries 4
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile      .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication yes
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials no
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
+# problems.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+GatewayPorts yes
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+ClientAliveInterval 7200
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+PermitTunnel yes
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+# override default of no subsystems
+Subsystem       sftp    /usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server

stow/usr/share/glib-2.0/schemas/50-tweaks.gschema.override

@@ -0,0 +1,23 @@
+[org.mate.panel.general]
+default-layout='redmond'
+
+[org.mate.desktop.font-rendering]
+antialiasing='rgba'
+hinting='slight'
+
+#[org.mate.desktop.interface]
+#font-name='Liberation Sans 10'
+#document-font-name='Liberation Sans 10'
+#monospace-font-name='Liberation Mono 10'
+
+[org.mate.Marco.general]
+side-by-side-tiling=true
+num-workspaces=2
+compositing-manager=false
+
+[org.mate.media-handling]
+automount=false
+automount-open=false
+
+[org.mate.screensaver]
+lock-enabled=false

stow/usr/share/mate-panel/layouts/hartmanlab.layout

@@ -0,0 +1,72 @@
+#/usr/share/mate-panel/layouts/hartmanlab.layout
+
+[Toplevel bottom]
+expand=true
+orientation=bottom
+size=24
+
+[Object mate-menu]
+object-type=applet
+toplevel-id=bottom
+locked=true
+position=0
+applet-iid=MateMenuAppletFactory::MateMenuApplet
+
+[Object separator]
+object-type=separator
+toplevel-id=bottom
+locked=true
+position=30
+
+[Object firefox]
+object-type=launcher
+toplevel-id=bottom
+locked=true
+position=40
+launcher-location=/usr/share/applications/firefox.desktop
+
+[Object mate-terminal]
+object-type=launcher
+toplevel-id=bottom
+locked=true
+position=64
+launcher-location=/usr/share/applications/mate-terminal.desktop
+
+[Object caja]
+object-type=launcher
+toplevel-id=bottom
+locked=true
+position=88
+launcher-location=/usr/share/applications/caja-browser.desktop
+
+[Object window-list]
+object-type=applet
+toplevel-id=bottom
+locked=true
+position=112
+applet-iid=WnckletFactory::WindowListApplet
+
+[Object workspace-switcher]
+object-type=applet
+toplevel-id=bottom
+locked=true
+panel-right-stick=true
+position=20
+applet-iid=WnckletFactory::WorkspaceSwitcherApplet
+
+[Object notification-area]
+object-type=applet
+toplevel-id=bottom
+locked=true
+panel-right-stick=true
+position=10
+applet-iid=NotificationAreaAppletFactory::NotificationArea
+
+[Object clock]
+object-type=applet
+toplevel-id=bottom
+locked=true
+panel-right-stick=true
+position=0
+applet-iid=ClockAppletFactory::ClockApplet
+

stow/usr/share/smartmontools/smartd_warning.d/99-smartd-notify-all

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# Notify all users on S.M.A.R.T errors
+# Place in /usr/share/smartmontools/smartd_warning.d/ or use "DEVICESCAN -m @smartd-notify-all" in /etc/smartd.conf
+# Copyright 2021-2025 Bryan C. Roessler
+# Licensed under the Apache License, Version 2.0
+IFS=$'\n'
+for LINE in $(w -hs); do
+    USER=$(echo "$LINE" | awk '{print $1}')
+    USER_ID=$(id -u "$USER")
+    DISP_ID=$(echo "$LINE" | awk '{print $8}')
+    sudo su "$USER" DISPLAY="$DISP_ID" DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/"$USER_ID"/bus notify-send "S.M.A.R.T Error ($SMARTD_FAILTYPE) $SMARTD_MESSAGE" --icon=dialog-warning
+done