1 * obs/i3 keybind reminders
5 s+space: float a window & make it sticky to keep streaming it while I use another workspace
7 obof/obon # turn on/off automatic obs scene switching
12 If you are viewing a tall window and want to show it to the audience,
13 go to the preview (click if the red lines aren't there), press
14 ctrl-f. Then reset with ctrl-r. If the source has a custom transform,
15 the procedure is different: first do ctrl-shift-c to copy the transform,
16 then ctrl-f, ten ctrl-shift-v to restore the transform.
18 ** i3 keybinds to remember
20 shift+g i3 auto-layout-toggle
23 shift+6 [class="Emacs" title="^(?!#[a-zA-Z][a-zA-Z-]*$)"] move workspace current
24 shift+w fullscreen toggle
25 space toggle window float (useful for obs, keeping window visible)
28 equal $ex "dunstctl close-all"
31 # change focus between tiling / floating windows
32 shift+65 focus mode_toggle
34 * TODO : Galene LibreJS
37 ** TODO add logcheck as a todo item in the prometheus project
42 No cli interface, but should be easily scriptable.
47 strange thing: they don't allow strangers to file bugs. need to
48 investigate how the distributed bug tracking works in practice.
50 missing javascript license, but doesn't look hard to fix.
52 *** probably not good programs
55 barely maintained https://github.com/MichaelMure/git-bug
56 Not librejs marked. ReactJS webpack crap.
66 Their own use as bug tracker is not well maintained (it has spam
67 bugs). https://rt.bestpractical.com/
70 can of worms. no easy interface.
74 javascript heavy, issues as git commits opens up a lot of questions &
75 problems that are unanswered by their documentation. It explicitly says
76 it doesn't support rewriting history, no, I think we ought to have
81 *** dead distributed projects
83 git-issue 2022 https://github.com/dspinellis/git-issue
84 sciit 2021 https://gitlab.com/sciit/sciit
85 bug 2019 https://github.com/driusan/bug
86 git-dit 2020 https://github.com/neithernut/git-dit
87 issue 2020 (unclear/unreliable distribution method) https://github.com/marekjm/issue
88 bugseverwhere 2017 https://gitlab.com/bugseverywhere/bugseverywhere
89 deft 2011 https://github.com/npryce/deft
92 * TODO add integrity check for backups
93 * TODO revisit missing backups script
94 * TODO test irc instant message notification in emacs bar
98 wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq &&\
101 cat /a/f/ans/roles/prom/files/simple/etc/prometheus/rules/fsf.yml | yq '.groups[].rules[] | select(.alert).alert'
102 cat /a/f/ans/roles/prom/files/simple/etc/prometheus/rules/fsf.yml | yq '.groups[].rules[] | select(.alert).expr |@uri'
103 cat /a/f/ans/roles/prom/files/simple/etc/prometheus/rules/fsf.yml | yq '.groups[].rules[] | select(.alert).alert = "RedirectMatch \"^/f/" + .alert + "$\"" + " \"/graph?g0.expr=" + (.expr |@uri) | .alert + "&g0.tab=1\""' >/tmp/fsf-redirs.conf
107 * TODO check if wildebeest firewall rule for outbound ssh can go into ansible
109 * TODO check/fix enhanced tracking protection civicrm payment failure
113 p install tigervnc-scraping-server
116 generated the pass by running vncpasswd
118 /usr/bin/X0tigervnc -display :0 -localhost=0 -AcceptSetDesktopSize=0 -rfbport 5900 -PasswordFile /home/iank/.vnc/passwd -SecurityTypes VncAuth,TLSVnc
120 xtigervncviewer -SecurityTypes VncAuth,TLSVnc -passwd /home/iank/.vnc/passwd bow:0
122 there's a wrapper script x0tigervncserver which puts it in the background, which I'd like to use, but I need the AcceptSetDesktopSize to avoid remote screen resolution being resized. looks like I can do that with an option:
125 /usr/share/perl5/TigerVNC/Config.pm
128 just need to test out the perl syntax, and set it in
133 * TODO make sure we are watching SMART stats on community0p
140 http://127.0.0.1/nagios4/
143 /etc/nagios4/nagios.cfg
146 https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/config.html
147 nrpe is used to run processes on a monitored machine and get back data.
149 FSF uses check-mk for that now, but check-mk stopped working that way in
150 newer versions, now it wants to replace nagios entirely. We don't want that.
154 * TODO setup public inbox
156 * TODO patch gnu upload manual
158 to say about the fencepost debug file,
159 and to say about signing old key with new key,
160 and to not send mime signatures
161 and something else i wrote about before in an email.
164 * TODO ansiblize the gnu.org watchdog
167 * TODO make a libreplanet page documenting our discourse freedom fixes
169 * TODO alert when exim leaves around old processes
170 there is a message in the journal on restart.
171 logcheck could help here?
173 * TODO write alert for prometheus not running,
175 * TODO get logcheck working
176 * TODO redirect info@h-node.org
177 to where, is this old?
180 * TODO improve rt workflow
182 https://rt.gnu.org/Ticket/Update.html?Action=Comment&DefaultStatus=resolved&id=1767459
183 javascript:self.location=self.location+'&Status=resolved;Action=Take;id=1431087'
184 javascript:self.location=self.location+'&DefaultStatus=resolved;Action=Comment'
185 https://rt.gnu.org/Ticket/Display.html?id=1767459
186 https://rt.gnu.org/Ticket/Update.html?Action=Comment&DefaultStatus=resolved&id=1767459
188 * TODO email a patch to civicrm to increase bounce count
189 to 2 on ones that are normally 1, because of problems like this:
190 https://www.bleepingcomputer.com/news/google/gmail-hit-by-a-second-outage-within-a-single-day/
191 * TODO remove autofs stuff from gnuhope
192 * TODO get german server up and running
193 * TODO fix rt cc's etc
195 Thanks for connecting the dots here.
197 When people are CC'd on RT queue messages they get the original
198 message without ever seeing the RT queue id number. And then later
199 when the subject line is changed or whatever that comes back with an
200 RT queue number. But when I searched my mailbox for parts of that
201 subject line I couldn't find anything to connect it to. I knew that
202 it might or might not contain the RT number but couldn't find anything
203 by the pieces of it. This is a place where RT could be nicer.
205 Another problem is that if someone is CC'd on an RT message and RT
206 replies then it appears to me that it comes directly to me and I don't
207 see anyone else having been CC'd on the message. This is a routine
208 thing where Karl and I might both be on a CC. Then later I
209 subsequently feel I need to forward the message to Karl (or whomever)
210 so that they are not left out of the conversation. And sometimes they
211 have been copied on the reply and sometimes they have not been. This
212 is very confusing to me and another area where RT could be nicer.
214 In any case, thanks for updating me on the connection. Now I know
215 what was going on there. Thanks! :-)
219 * TODO make ./update-zone easier
220 it can easily detect changed files with git and update those,
221 prompting to ask if the zones are right. Also, the log cat it does
222 is broken and should be fixed.
223 * TODO make cronjob to clear old duplicates in email sql table
225 * TODO look into List-Unsubscribe header for fsf newsletters
226 its an email address, i think we aren't processing it
227 My main objection was that the data requirement was extremely broad,
228 which they mostly addressed.
230 However, I have other big objections to this license.
232 1. Probably 99% of free software which is designed to be a service does
233 not implement data export functionality required by this license. Doing
234 so would often require hundreds of hours or programming.
236 2. You may submit data to a remote program, but the computing done is
239 “any data that is an input to or an output
240 from the Work, where the presence of the data is necessary for
241 substantially identical use of the Work in an equivalent context chosen
242 by the Recipient, and ... (some condition) or has been assigned to the
245 Imagine a dating website software. You input your profile, output is:
246 every profile with a score of how well they match to you, however, you
247 only get displayed the top X matches.
250 * TODO check vault backport sources/preferences into ansible
251 * TODO fix emacs outline mode
252 to deal with the fact that comments get indented then not recognized
254 * TODO alert for spammers on lists0p
255 * TODO fix ticket about duplicate changes happening when running ansible
256 https://rt.gnu.org/Ticket/Display.html?id=1409745
257 * TODO mail reliability
258 ** get alerts when mail system fails
261 * prometheus / ansible
265 This prints all vars, despite google saying otherwise.
269 ** TODO standardize on whether to use = or list item in yml
272 Node exporter can do tls & basic auth, but it is not worth it.
273 Better to just make an iptables rule to disallow all but the
274 prometheus server, and maybe some other ips used for testing.
276 *** for running scripts and exporting results, there are multiple ways
277 https://utcc.utoronto.ca/~cks/space/blog/sysadmin/PrometheusScriptExporterWhy
279 pushgateway: seems best to avoid this, prometheus doesnt recommend it
280 unless the service is not tied to the specific host, afaik, all ours
282 related: https://github.com/aecolley/client_bash
284 node exporters textfile collector: you run a cronjob and output to the
285 textfile. Use this for anything that you specifically want to collect
286 less than a 2 mins apart, prometheus considers metrics 5+ minutes old to
288 https://github.com/prometheus/node_exporter
290 https://github.com/adhocteam/script_exporter
291 https://github.com/ricoberger/script_exporter
293 a few other ways are listed here:
294 https://nsrc.org/workshops/2021/sanog37/nmm/netmgmt/en/prometheus/ex-custom-metrics.htm
297 https://github.com/prometheus-community/node-exporter-textfile-collector-scripts
298 https://prometheus.io/docs/instrumenting/exporters/
300 only exim exporters found on google:
301 https://github.com/gvengel/exim_exporter
302 https://github.com/fstab/exim_prometheus_exporter
304 useful for converting nagios check plugins to prometheus:
305 https://www.howtoforge.com/tutorial/write-a-custom-nagios-check-plugin/
308 useful general info to keep in mind:
309 https://prometheus.io/docs/concepts/metric_types/
310 https://prometheus.io/docs/concepts/data_model/
311 https://prometheus.io/docs/concepts/jobs_instances/
312 especially the example section:
313 https://prometheus.io/docs/instrumenting/exposition_formats/#text-format-details
314 for a boolean metric, 0 for false, 1 for true.
315 https://www.robustperception.io/booleans-logic-and-math
318 * TODO when lp registration form is going up,
319 make sure there is an opt-out for getting emails
320 * TODO fix topic in #fsf, etc to say how to identify fsf staff
323 * TODO make bash history writes and reads immediately for fsf
325 * TODO fix whitespace in work code
326 Note, I have changes in my local wtf to deal with this:
327 https://github.com/dlenski/wtf/issues/17
330 remove trailing whitespace, add final newline if needed
332 Done by the following command: this lists all files except .git, and
333 ignored files, then ignores symlnks and files that grep finds to be
334 binary, then runs wtf.py on them, https://github.com/dlenski/wtf .
336 git ls-files --exclude-standard -cmo --no-empty-directory | \
337 while read f; do if [[ -L $f ]] || ! grep -Iq . "$f"; then continue; fi; wtf.py -i -E lf "$f"; done
339 Note, to avoid these in the first place, in emacs I have in my config
340 (ws-butler-global-mode), and (setq mode-require-final-newline t)
343 ** TODO I should also research how this is done in vim, and
344 maybe add a commit hook to at least warn people
347 * TODO locale in ansible
348 commit a7cbf81b9710030bb0a07e4fe0c5ce6279a0f46f
349 Author: Andrew Engelbrecht <andrew@fsf.org>
350 Date: Tue Jan 23 18:10:44 2018 -0500
352 added /etc/default/locale
354 this is needed to set a proper locale for things like postgres
358 $ cat files/common/etc/default/locale
359 # File generated by update-locale
364 I think LANG should be set as it is, but not LC_ALL.
367 https://wiki.debian.org/Locale
369 "End users should never set LC_ALL, at least not permanently"
371 "Using LC_ALL is strongly discouraged as it overrides everything. Please use it only when testing and never set it in a startup file. "
373 I've found LC_ALL to cause problems for me in the past when testing it
376 * TODO review sshd config in ansible
377 rwp reported it has bad settings, like allowing X forwarding
379 * TODO make ticket for alert on eggs spamassin
382 https://libreboot.org/docs/hardware/kgpe-d16.html
383 2MiB flash chips are included by default, on these boards. It’s on a
384 P-DIP 8 slot (SPI chip). The flash chip can be upgraded to higher sizes:
385 4MiB, 8MiB or 16MiB. With at least 8MiB, you could feasibly fit a
386 compressed linux+initramfs image (BusyBox+Linux system) into CBFS and
387 boot that, loading it into memory.
390 https://www.flashrom.org/Technology#DIP8:_Dual_In-line_Package.2C_8_pins
394 https://www.digikey.com/products/en/integrated-circuits-ics/memory/774?k=&pkeyword=&sv=0&pv16=6547&sf=1&FV=ffe00306%2C2380414%2C23805db%2C23805dc%2C23805dd%2C23805de%2C23805df%2C23805e0%2C1fec000a%2C1fec000b%2C1fec000d%2C1fec000e%2C1fec0011%2C1fec0012%2C1fec0015%2C1fec0006%2C1fec0009&quantity=&ColumnSort=0&page=1&pageSize=25
396 https://www.digikey.com/products/en/integrated-circuits-ics/memory/774?k=&pkeyword=&sv=0&pv142=391&pv142=1639&pv142=1640&pv142=1641&pv142=1642&pv142=1643&pv142=1644&pv142=1645&pv142=1646&pv142=1647&pv142=1648&pv142=1651&pv142=1615&pv142=1616&pv142=1688&pv142=392&pv142=1708&pv142=1709&pv142=1710&pv142=1711&pv142=1712&pv142=1713&pv142=1714&pv142=1716&pv142=1718&pv142=1719&pv142=1484&pv142=1044&pv142=1499&pv142=1500&pv142=1501&pv142=1502&pv142=1503&pv142=1504&pv142=1505&pv142=1506&pv142=1507&pv142=1727&pv2043=6&pv2043=11&pv2043=9&pv2043=10&pv2043=21&pv2043=14&pv2043=13&pv2043=17&pv2043=18&pv16=12930&pv16=6547&sf=1&FV=ffe00306&quantity=&ColumnSort=0&page=1&pageSize=25
402 * TODO put approveGoodRevs into git from directory
403 * TODO complete alyssa's intern projects
404 * TODO update general-audit
405 with the +30 day thing for people who need recon,
406 and make sure to account for this member who intentionally has multiple
408 https://rt.gnu.org/Ticket/Display.html?id=1147159
410 (later: dunno what this is talking about)
411 * TODO put /usr/local/bin/mysql-postrotate.sh in ansible if it fixes
412 the postrotate problem. on my.fsf.org
414 * TODO ansible improvements
416 document the emails I sent to emba, asking for them to sign the machine
417 use policy, and handing off the vm.
419 document how to change volunteer keys
421 document how to change the list of files for volunteers
423 document how to change the list of files/folders that is exported for volunteers
426 /a/work/ansible-configs/roles/kvmhost-ceph/files/usr/local/bin/create-vm-ceph-luks.sh
427 should also be in ansible.
429 * TODO periodically search for emails that got no response and follow up
430 * nonfree fsf firmware
434 fiber optical converter
435 smart switch in data center
436 bios of a few machines we havnt upgraded yet
438 * TODO fix rss feed from header in r2e is FSF blogs: <author>
442 todo: fix archive command to add -verbose, send to a log in /home/mharc/log, rotate that log,
443 search that log for indexing errors.
445 todo: look into fixing the negative number error
448 */15 * * * * mharc /home/mharc/bin/web-archive >/dev/null 2>&1
450 */15 * * * * mharc /home/mharc/bin/web-archive -verbose &> /home/mharc/log/web-archive-test2.log
452 mharc is used to configure namazu.
454 Alias /archive/html /home/mharc/html
455 ScriptAlias /archive/cgi-bin/ /home/mharc/cgi-bin/
457 a typical query url looks like this:
458 https://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=test&submit=Search%21&idxname=gforth&max=20&result=normal&sort=score
461 mknmz command compiles the index into NMZ.* files in the current
462 directory, or the -O directory
465 Warning: Non-zero exit status returned from "/usr/bin/mknmz --mhonarc -f /home/mharc/cgi-bin/mknmzrc -T /home/mharc/cgi-bin/template -O /home/mharc/html/qemu-devel -Y --quiet /home/mharc/html/qemu-devel/2017-11": 256
468 /usr/bin/mknmz --mhonarc -f /home/mharc/cgi-bin/mknmzrc -T /home/mharc/cgi-bin/template -O /home/mharc/html/qemu-devel -Y /home/mharc/html/qemu-devel
471 Cgnu-reindex-failure of commit-gnuradio
472 ^Cgnu-reindex-failure of commit-grub
473 ^Cgnu-reindex-failure of commit-hurd
477 Reminder from John: rms will undermine and confuse ppl on things we do with gnu.
479 * TODO look into more appropriately / rt bounces
480 * TODO read about gnu webmasters
481 https://www.gnu.org/server/standards/README.webmastering.html
482 https://www.gnu.org/server/standards/README.editors.html
483 https://www.gnu.org/server/fsf-html-style-sheet.html
485 * TODO get notification on new tickets in sysadmin
486 because sometimes i want them. sometimes i won't.
487 * TODO file debian bug for exim dmarc
488 the default signed headers breaks debian mailing lists,
489 so change the default to what google uses
490 * bootloader / coreboot notes
492 https://unix.stackexchange.com/questions/190865/is-it-possible-to-add-some-pxe-network-boot-option-to-grub
493 (07:02:41 PM) sudoman: http://ipxe.org/embed
495 https://www.coreboot.org/IPXE
496 seems to have a bunch of outdated build options, I skipped those.
497 Also, using cbfstool from that page appears to build the same image
498 as selecting equivalent options in the ncurses menu and just building
501 for building coreboot, followed instructions plus
502 left default 2mb flash size based on googling and finding https://libreboot.org/docs/hardware/kgpe-d16.html
504 output of coreboot build is
507 to install new rom, using flashrom from latest libreboot-util release,
508 sudo ./flashrom -p internal -w ./coreboot.rom
510 coreboot wiki says you can call buildgcc directly, but that doesn't build
511 everything you need, so it's a bunch of horseshit.
514 print info about a rom:
515 ./build/cbfstool ./build/coreboot.rom print
517 flashing from office beaglebone
518 ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=2048K -w ROMFILE
520 ** seabios boot order
522 usefull command to have around:
523 screen /dev/ttyUSB1 115200
525 # https://www.seabios.org/Runtime_config
528 cd coreboot/utils/cbmem
530 sudo ./cbmem -c |tee c
532 # https://www.coreboot.org/SeaBIOS
536 https://libreboot.org/docs/#version
539 find appropriate rom, get size via
540 apt-get install flashrom
541 flashrom -p internal -V
543 if error, reboot, add kernel arg iomem=relaxed
545 download and extract from http://mirrors.mit.edu/libreboot/stable/20160907/rom/grub/
546 eg. depending on rom size,
547 wget http://mirrors.mit.edu/libreboot/stable/20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz
549 http://mirrors.mit.edu/libreboot/stable/20160907/libreboot_r20160907_util.tar.xz
553 find probably x200_8mb_usqwerty_vesafb.rom (depending on size determined
554 earlier). rename it libreboot.rom.
556 get the mac address of eth0 or equivalent
558 move libreboot.rom to the following folder; this is where the executable for ich9gen is located:
560 mv libreboot_r20160907_grub_x200_8mb/x200_8mb_usqwerty_vesafb.rom libreboot_r20160907_util/ich9deblob/x86_64/libreboot.rom
563 ./ich9gen --macaddress XX:XX:XX:XX:XX:XX
564 replace 8m with correct rom size,
565 dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc
566 mv libreboot.rom ../..
568 sudo ./flash update libreboot.rom
569 # equivalent flashrom command:
570 flashrom -p internal -w libreboot.rom
572 Ocassionally, coreboot changes the name of a given board. If flashrom complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command:
574 $ sudo ./flash forceupdate libreboot.rom
576 You will see the flashrom program running for a little while, and you might see errors, but if it says Verifying flash... VERIFIED at the end, then it’s flashed, and should boot. If you see errors, try again (and again, and again). The message, Chip content is identical to the requested image is also an indication of a successful installation.
582 backup-scripts on vcs and /root on monolith
583 backups go to /backup and
584 whizbackup exclude files are in /backup on monolith
586 * TODO put this transaction note somewhere
587 5th payment failure, recurring contribution will get marked as
588 cancelled, and we tell tc, or else they keep trying forever
592 ** TODO update https://libreboot.org/docs/install/index.html,
595 put the actual complete error for seo.
597 ** TODO document some lower proprity todos from john's meeting
599 ** TODO make emacs meetup mailing list
600 ** TODO follow up on slides email
601 ** TODO send out command to technical-discuss to archive panic logs instead of delete
602 ** TODO fix mu4e~view-browse-url-from-binding
603 it's broken for rt tickets
604 ** TODO delete creds from this file which are in firefox
605 ** TODO learn screen or the other one
606 ** TODO new staff checklist, any new items to add?
607 ** TODO think about rt priority system.
608 there are tags, tags in subject, and priority field
609 ** TODO brains page review
611 how to handle different kinds of rt tickets.
614 wishlist page, be familiar with it
615 ** TODO record how staff use irc
616 andrew wants to try quasl irc client,
617 ruben uses weechat + addon + android client.
618 ** TODO add my jabber contact info to my webpage
619 ** TODO Add a link to donate to the FSF or join as a member to your email signature, and your RT signature.
620 ** TODO sub to https://gluestick.office.fsf.org/recentchanges/index.atom
621 and https://brains.fsf.org/wiki/blogs/johns/
623 ** TODO add spd setup to new host automation
624 ** TODO Move tarantula:/nfs-root/NEW_HOST/root/.ssh/authorized_keys to authorized_keys.disabled
625 on all workstations, assuming nothing has gone wrong by doing it on
629 convert ipv6 ip to /64 in back
631 ip64() { IFS=: read -a ipa <<<$ip; ip=; for x in ${ipa[@]:0:4}; do [[ $x ]] || break; ip+=$x:; done; ip+=:/64; }
633 to run cfengine manually, either run on the target host:
634 cfagent --verbose --no-splay
635 or from the cfengine server,
636 ssh faiserver0 cfrun HOSTNAME
638 server form factors we have: supermicro 825, 113, 213
640 jeanie answers info@fsf.org and membership@fsf.org
642 fsf financial year starts oct 1st.
644 amt: pre-civicrm logmember database. might still be used for some financial
645 stuff. For access, ssh to amt.fsf.org, use history to connect to mysql
646 and mysql history to look up someone if needed.
649 ** drupal access from cli
651 sudoman: iank: if you ever need to get access to drupal from the command line, you can do this:
652 (02:00:21 PM) sudoman: cd /var/www/site_name ; drush uli admin
653 (02:00:36 PM) sudoman: then edit the url, if necessary, replacing "default" with "example.com" and put that in a url bar
656 ** searching talos licenses
658 /a/opt/talos-openbmc ALERT! $ git grep -E -i -e '^ *license *=' --and --not -e '= *["'"'"']\(? *(Apache-2.0|L?GPL[v-]?[123]\.[01]\+?|L?GPL[v-]?[123]\+?|MIT|BSD-[234]-Clause|BSD|CC-BY-3.0|X11|MPL-1.1|MIT-X|EPL-1.0|PSF|Artistic-2.0|Apache-2|ISC|MPL-2.0|Zlib|ClArtistic|copyleft-next-0.3.0|Artistic-1.0 \| GPL.*|IPL-1.0|SPL-1.0|NTP|BSD-0-Clause|SSPL-1|CC-BY-SA-3.0|BSL-1.0|gnuplot|PHP-3.0|GPL-2.0-with-OpenSSL-exception|tcl|openssl|OFL-1.1|IPA||SGI-1|BitstreamVera|netperf|iozone3|\$\{LICENSE_DEFAULT\} & BSD-2-Clause|MPLv1.1|zsh|ImageMagick|HDF5|GPL-2.0-with-GCC-exception|Artistic-1.0\|GPL.*|AGPL-3.0|Python-2.0|PD & MIT|MPL-1|GFDL-1.2|Artisticv1 \| GPLv1+|\(Apache-2.0|LGPL|PSFv2|Ruby|GPL|GPL-3.0-with-GCC-exception|MIT-style|FreeType|Khronos|nbench-byte|PD|radvd|Apache-2.0|Artisticv1 \| GPL.*|openldap|MIT license|CPL-1.0|BSD-1-Clause|ZPL-2.1|Artistic-1.0|read-edid|MIT license|Xdebug|ManishSingh)( *[|&]|["'"'"']$)' > /t/talos-openbmc
662 ** misc services/ hosts
665 for workstations: home directories and root filesystems. served over
666 nfs. also, dhcp server.
668 @fsf.org email: mail.fsf.org
670 main office ip. we have 14 static ips at the office, we don't use all of them.
673 rt version: it's shown in login screen,
675 full text search was released on 4.4.2
680 /var/www/ConfigAndLog
683 also in the admin panel now
684 root@crmserver2p:/var/www/drupal-and-civi/sites/all# cat ./modules/civicrm/civicrm-version.php
687 crmserver1d / mysqlserver2d
688 crmserver2d (no pii in this one, for volunteers to use)
690 mysqlserver1p: civicrm db
692 drupal users. through here you can masquerade, and also find people
694 https://my.fsf.org/admin/people
696 to go from a civi user page to a drupal user page, there is a field on
697 the civi page called "CiviCRM ID / User ID" with a value like: 198055 /
699 the second number should be a link to their drupal profile.
711 sysadmin-nonrt@gnu.org
712 technical-discuss@fsf.org
717 mail.fsf.org:/etc/aliases-fsf.org
724 /usr/lib/mailman/Mailman/Cgi/subscribe.py
726 /usr/share/doc/exim4-base/spec.txt.gz
728 It is usually a good idea to test a new configuration for syntactic #
729 correctness before installing it (for example, by running the command #
730 "exim -C /config/file.new -bV
732 in debian, config file used is first found of:
733 CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
734 on newer than fsf systems, exim's generated config is
735 /var/lib/exim4/config.autogenerated
736 to view it after preprocessor/include file parsing (introduced in a ver sometime after flidas)
739 s exim4 -bP configure_file
740 to view the options it's actually using, including defaults not
741 mentioned in the config, run this. however, it does not show acl's, and
742 i'm not sure what else it doesn't show
743 { eval exim\ -bP\ {,routers}\; ; eval exim\ -bP\ {transports,authenticators}\; | sed '/^[^=]*:$/b;s/^/ /'; } >/tmp/x
746 force retry of all queued messages:
747 exiqgrep -i | xargs exim -M
749 smtp protocol overview
750 https://cr.yp.to/smtp/mail.html
751 interesting reference:
752 https://mailinabox.email/static/architecture.svg
753 https://bitlair.nl/Projects/Mailserver_with_Debian,_Exim,_spamassassin,_greylistd,_DKIM,_SRS,_SPF,_DMARC,_forwarding,_LDAP,_dovecot,_LMTP,_disk_crypto
754 https://github.com/andryyy/mailcow
758 # describes what all the exim processes are doing
760 # list of messages in queue
765 # delete messages from queue, matching receiever
766 exiqgrep -r edward@gnu.org -i| xargs exim -Mrm
768 exim -Mvl id #view the message log for message id
769 exim -Mvh id #view message id's headers
770 exim -Mvb id #view message id's body
772 mailman won't let you post to subscribe unless you get first, and within a certain
775 # look for exim log failures
776 zgrep ' ==\|\*\*' mainlog*gz | sed -r 's/^mainlog.//' | sort -g | less
779 <= message arrival. following address is the envelope sender address
780 (= message fakereject
781 => normal message delivery
782 -> additional address in same delivery
783 >> cutthrough message delivery
784 *> delivery suppressed by -N
785 ** delivery failed; address bounced
786 == delivery deferred; temporary problem
788 A authenticator name (and optional id and sender)
789 C SMTP confirmation on delivery
790 command list for “no mail in SMTP session”
791 CV certificate verification status
792 D duration of “no mail in SMTP session”
793 DN distinguished name from peer certificate
794 DS DNSSEC secured lookups
795 DT on => lines: time taken for a delivery
796 F sender address (on delivery lines)
797 H host name and IP address
798 I local interface used
799 K CHUNKING extension used
800 id message id for incoming message
801 P on <= lines: protocol used
802 on => and ** lines: return path
803 PRDR PRDR extension used
804 PRX on <= and => lines: proxy address
805 Q alternate queue name
806 QT on => lines: time spent on queue so far
807 on “Completed” lines: time spent on queue
808 R on <= lines: reference for local bounce
809 on => >> ** and == lines: router name
810 S size of message in bytes
811 SNI server name indication from TLS client hello
812 ST shadow transport name
813 T on <= lines: message subject (topic)
814 on => ** and == lines: transport name
815 U local user or RFC 1413 identity
821 then manually enter smtp commands
822 http://www.samlogic.net/articles/smtp-commands-reference.htm
823 see below, org mode section on simulating messages.
825 testing routers, transport, rewrite, etc:
827 $ exim -bt -f iank@fsf.org x@gmail.com
828 R: smarthost for x@gmail.com
830 router = fsfsmarthost, transport = remote_smtp_smarthost
831 host mail.fsf.org [209.51.188.13]
833 clear out retry database:
834 s exim_tidydb -t 0m /var/spool/exim4 retry
835 note: m is for minutes, it could be d for days, it doesnt matter
837 clear out specific host in retry database:
838 s exim_dumpdb /var/spool/exim4 retry | gr some_host
839 # copy first space delimited word
840 s exim_fixdb /var/spool/exim4 retry
841 # paste, enter, d, enter
845 for testing expansions:
851 /usr/share/doc/exim4-base/README.Debian.gz
852 /usr/share/doc/exim4-base/spec.txt.gz
855 also see brc file for testing exim.
858 dpatch patch-template -p 85-CVE_string2019 "string2019" \
859 < string.patch >debian/patches/85_CVE-string2019.dpatch
860 fakeroot debian/rules binary
864 I've setup my own strict dmarc domain, I'm using:
868 ** simulating messages
872 logwrite = test is good
874 for example, to test a failing dmarc message, run this on lists2d.fsf.org
876 while read -r line; do
879 done <<'EOF'| exim -d+all -bhc 127.0.0.1
881 mail from:<mailman@lists.dev.fsf.org>
882 rcpt to:<ian@iankelling.org>
884 From: i@dmarctest.b8.nz
885 To: mailman@dev.fsf.org
886 Subject: Testing Exim
888 This is a test message.
893 while read -r line; do
896 done <<'EOF'| exim -d+all -bhc 127.0.0.1
898 mail from:<qemu-devel-bounces+testignore=je.b8.nz@nongnu.org>
899 rcpt to:<testignore@je.b8.nz>
901 From: ian@iankelling.org
902 To: testignore@je.b8.nz
903 Subject: Testing Exim
905 This is a test message.
912 ** sending to not all mx hosts for yahoo
915 exim -bem /tmp/t '${lookup dnsdb{>:mxh=yahoo.com}}'
917 exim -bem /tmp/t '${lookup dnsdb {>:a=${lookup dnsdb{>:mxh=yahoo.com}}}}'
919 # setting ip list to a var
921 set acl_m_yahoomx = ${lookup dnsdb {>:a=${lookup dnsdb{>:mxh=yahoo.com}}}}
923 # random int generated based on the message, modulo length of the list
924 exim -bem /tmp/t '${eval10: $received_time % ${listcount:00:11:22:33}}'
926 # picking from the list
927 exim -be '${listextract{0}{00:11:22}'
928 exim -be '${listextract{1}{00:11:22}'
931 # length of dns list:
932 exim -bem /tmp/t '${listcount:${sg{${lookup dnsdb{>:,#mx=yahoo.com}}}{[^:]+#}{}}}'
933 # exim -be '${reduce {${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}{0}{${eval:$value + 1}}}' # old exim way
934 # random time rotating per message number modulo length of dns list
935 exim -bem /tmp/t '${eval10:($tod_epoch / 100000 + $received_time) % ${listcount:${sg{${lookup dnsdb{>:,#mx=yahoo.com}}}{[^:]+#}{}}}}'
936 # pick 1 from mx list
937 exim -be '${listextract{1}{${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}}'
938 exim -be '${extract{1}{:}{${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}}'
939 # pick random from mx list
940 exim -bem /tmp/t '${extract{${eval10:($tod_epoch / 100000 + $received_time) % ${reduce {${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}{0}{${eval:$value + 1}}} + 1}}{:}{${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}}'
941 # a record list of fsf.org
942 exim -be '${lookup dnsdb{>: a=fsf.org }}'
944 exim -bem /tmp/t '${reduce {${lookup dnsdb{>: a=${extract{${eval10:($tod_epoch / 100000 + $received_time) % ${reduce {${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}{0}{${eval:$value + 1}}} + 1}}{:}{${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}} }}}{0}{${if gt {$item}{$value} {$item}{$value}}}}'
945 # max a record of random mx
947 # a record list from mx
948 exim -bem /tmp/t '${sort{${lookup dnsdb{>: a=${extract{${eval10:($tod_epoch / 100000 + $received_time) % ${reduce {${sg{${lookup dnsdb{>:,#mx=yahoo.com}}}{[^:]+#}{}}}{0}{${eval:$value + 1}}}}}{:}{${sg{${lookup dnsdb{>:mx=yahoo.com}}}{[^:]+ }{}}}} }}}{le}{$item}}'
951 # length of a record list:
952 exim -be '${reduce { }{0}{${eval:$value + 1}}}'
953 # pick 1 from a record list
954 exim -be '${extract{0}{:}{${sort{${lookup dnsdb{>: a=fsf.org }}}{le}{$item}}}}'
955 # pick random from a record list
956 exim -be '${extract{0}{:}{${sort{${lookup dnsdb{>: a=fsf.org }}}{le}{$item}}}}'
959 ** TODO figure out how the exim queue works, so many -qG processes
960 after just barely starting exim, and they seem to hang around long after
961 processing the queue. why?
964 * spamassassin reference
966 /usr/share/spamassassin
969 in t9, the manual lists default plugins. grepping, i see an additional
971 Mail::SpamAssassin::Plugin::Rule2XSBody
973 todo: port over training info?
977 The following code adds the same keys with a high trust level in your trustdb (not the same as signing someone's key).
979 for k in $(gpg --import fsf-keyring |& sed -rn 's,^gpg: key (.*):.*,\1,p'); do
980 gpg --fingerprint -k $k | sed -nr 's, ,,g;s,$,:6:,;s,.*print=,,p;'; done | gpg --import-ownertrust
983 ** license request on bug tracker
987 I see you have no LICENSE file for this project.
989 I suggest releasing the code under the GPLv3 or AGPLv3 license so that
990 people are encouraged to make improvements and contribute them. Without
991 a license, sharing the code or any changes is a violation of copyright
1001 default hosts is /etc/ansible/hosts
1004 https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html
1006 With until, the default value for “retries” is 3 and “delay” is 5.
1007 https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
1009 to test commands locally, run apx (bashrc)
1010 and put something like this in /a/x.yml
1016 shell: sleep 10 && touch /tmp/t2
1021 shell: sleep 2 && touch /tmp/t1
1027 https://github.com/ansible/ansible/issues/44272
1031 ** asterisk debugging commands
1032 see calls as they are made, etc:
1035 from the asterisk shell, not sure what these do.
1038 * lists / mailman reference
1041 /var/lib/mailman/bin# ./list_lists | grep test
1043 usr/lib/mailman/Mailman/Handlers/AvoidDuplicates.py
1045 elif ccaddrs.has_key(r.lower()):
1046 del ccaddrs[r.lower()]
1048 usr/lib/mailman/Mailman/Utils.py
1049 def IsDMARCProhibited(mlist, email):
1051 https://en.wikipedia.org/wiki/DMARC
1052 https://tools.ietf.org/html/rfc7489#section-3
1053 https://dmarc.org/wiki/FAQ#senders
1055 https://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
1056 https://www.ietf.org/rfc/rfc4871.txt
1059 newlist -q mailman ian@iankelling.org jetdirpAbsEtpiHa
1062 install mailman, follow
1063 https://www.gnu.org/software/mailman/mailman-install/node16.html
1064 better format /usr/share/doc/mailman/mailman-install.txt.gz
1065 it implies you can follow this,
1066 http://www.exim.org/howto/mailman21.html
1067 but the mailman docs seem to cover it better.
1069 /usr/lib/mailman/Mailman/mm_cfg.py
1070 MTA=None # Misnomer, suppresses alias output on newlist
1073 web-conf -p 80 apache2 x2.office.fsf.org
1076 /etc/apache2/sites-enabled/x2.office.fsf.org.conf
1078 Include /etc/mailman/apache.conf
1084 http://localhost/cgi-bin/mailman/admin/mailman/members
1087 tee -a /etc/exim4/conf.d/main/000_localmacros <<'EOF'
1088 # Home dir for your Mailman installation -- aka Mailman's prefix
1090 MAILMAN_HOME=/var/lib/mailman
1091 MAILMAN_WRAP=MAILMAN_HOME/mail/mailman
1093 # User and group for Mailman, should match your --with-mail-gid
1094 # switch to Mailman's configure script.
1099 s dd of=/etc/exim4/conf.d/router/099_exim4-config_mailman <<'EOF'
1102 require_files = MAILMAN_HOME/lists/$local_part/config.pck
1103 local_part_suffix_optional
1104 local_part_suffix = -admin : -bounces : -bounces+* : \
1105 -confirm : -confirm+* : \
1107 -owner : -request : \
1108 -subscribe : -unsubscribe
1109 transport = mailman_transport
1112 s dd of=/etc/exim4/conf.d/transport/29_exim4-config_mailman <<'EOF'
1115 command = MAILMAN_WRAP \
1116 '${if def:local_part_suffix \
1117 {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
1120 current_directory = MAILMAN_HOME
1121 home_directory = MAILMAN_HOME
1123 group = MAILMAN_GROUP
1126 ** testing for dmarc strict senders
1128 wget -m ftp://lists.gnu.org/info-gnu
1129 cd lists.gnu.org/info-gnu
1130 sed -rn '/^From: /{s/.*@([^> ]*).*/\1/' * | sort -u | while -read -r l; do host -t txt _dmarc.$l; done