bin: lock down data folders and provide utilities

.config/shell/functions

@@ -133,7 +133,9 @@ alias sc='sudo systemctl'
 alias sce='sudo systemctl enable --now'
 alias scd='sudo systemctl disable --now'
 scs() {
-	systemctl --user status "*$1*" ||
+	systemctl --user status "$1" 2>/dev/null ||
+		systemctl --user status "*$1*"
+	sudo systemctl status "$1" 2>/dev/null ||
 		sudo systemctl status "*$1*"
 }
 alias scu='systemctl --user'
@@ -184,7 +186,15 @@ alias myip="curl ifconfig.me && println && curl icanhazip.com"
 alias dedup='awk '"'"'!a[$0]++'"'"
 alias lar='last | tac'
 alias lst='( last; last -f /var/log/wtmp.1 ) | grep -v "pts/" | tac | less +G'
-alias hedgedoc="cd '$d4/dev/_forks/hedgedoc' && tmux new-session -d 'yarn run dev' && tmux split-window -h 'nodemon --watch app.js --watch lib --watch locales app.js' && tmux ls && firefox localhost:3000"
+alias hedgedoc="tmux kill-session -t hedgedoc; builtin cd '$d4/dev/_forks/hedgedoc' && tmux new-session -s hedgedoc -d 'yarn run dev' && tmux split-window -h 'nodemon --watch app.js --watch lib --watch locales --watch config.json app.js' && tmux ls"
+
+alias rm='rm -I'
+del() {
+	# TODO create on current partition and clean on reboot via cron
+	trash=/tmp/thrash/
+	#mkdir $trash
+	m "$@" $trash
+}
 
 u() {
 	which pacman-mirrors >/dev/null &&

.local/bin/scripts/lockdown

@@ -0,0 +1,4 @@
+#!/bin/sh
+# Set personal data directories to append-only
+sudo chattr -V +a . *
+sudo chattr -V -a 4-incubator _archive applications

.local/bin/scripts/m

@@ -5,5 +5,12 @@
 for last; do true; done
 checkaccess -w "$@" || elevate=sudo
 ! $elevate test -e "$1" && echo "$1 does not exist" && exit 1
+
+dir="$(dirname "$1")"
+test $(lsattr -d "$dir" | cut -c6) = a && setappend=true
+test -z "$setappend" || sudo chattr -V -a "$dir"
+
 $elevate mkdir -p $(case "$last" in (*/) echo "$last";; (*) dirname "$last";; esac)
 $elevate mv --verbose --interactive "$@"
+
+test -z "$setappend" || sudo chattr -V +a "$dir"