sle() { # sl emacs
local f=/home/iank/.emacs.d/init.el
- sl --sl-test-cmd ". /etc/os-release ; printf %s \${VERSION//[^a-zA-Z0-9]/}; test -e $f && stat -c%Y $f" --sl-test-hook slemacs "$@"
+ sl --sl-test-cmd "sed -rn '/^VERSION=/{s/^.*=//;s/[^[:alnum:]]//gp}' /etc/os-release; test -e $f && stat -c%Y $f" --sl-test-hook slemacs "$@"
}
ccomp ssh sle
ap() {
# pushd in case current directory has an ansible.cfg file
pushd /a/xans >/dev/null
- ansible-playbook -v -l ${1:- $(hostname -f)} site.yml
+ ansible-playbook -v -i ${1:- $(hostname -f)}, site.yml
popd >/dev/null
}
aw() {
# $ dig ns1.gnu.org @b0.org.afilias-nst.org.
-# todo: make sm pull/push use systemd instead of the journal cat command
bbk() { # btrbk wrapper
local ret=0
c /
if [[ $cmd != /* ]]; then
cmd=$(type -P "$cmd")
fi
+ #note date format for since is date '+%F %T'
# -q = quiet
- journalctl -qn2 -f -u "$cmd_name" &
- # Trial and error of time needed to avoid missing initial lines.
- # .5 was not reliable. 1 was not reliable. 2 was not reliable
- sleep 4
+ journalctl --since=now -qn2 -f -u "$cmd_name" &
jr_pid=$!
# note, we could have a version that does system --user, but if for example
# it does sudo ssh, that will leave a process around that we can't kill
# set day start for use in other programs.
# expected to do be in a format like 830, or 800 or 1300.
ds() {
+ local regex
+ regex='[0-9]?[0-9]?[0-9][0-9]'
if [[ $1 ]]; then
+ if [[ ! $1 =~ $regex ]]; then
+ echo "ds: error. expected \$1 to match $regex, got \$1: $1"
+ return 1
+ fi
echo $1 >/b/data/daystart
else
cat /b/data/daystart
# https://www.gnu.org/licenses/license-recommendations.en.html. They
# recommend that small programs, < 300 lines, be licensed under the
# Apache License 2.0. This file contains or is part of one or more small
-# programs. If a small program grows beyond 300 lines, I plan to switch
-# its license to GPL.
+# programs. If a small program grows beyond 300 lines, I plan to change
+# to a recommended GPL license.
# Copyright 2024 Ian Kelling
host-info-all() {
host-info-update
+
bindpushb8
- ssh li.b8.nz conflink
+ # for wireguard configs
+ ssh iank@li.b8.nz conflink
wrt-setup
}
-# if you change a host's ip, then run
-# bindpushb8
-# wrt-setup
+
+
+
+## for updating host info like ip, location, update /p/c/host-info and
+## host_info below. the host_info array should probably be in its own
+## file that gets sourced so that it can be more easily updated.
+
+# todo: this is so long that it becomes confusing,
+# try to split it up.
+#
+# To make some changes take effect, run host-info-all.
host-info-update() {
- local -A vpn_ips host_ips host_macs nonvpn_ips all_ips
+ local -A vpn_ips host_ips host_macs portfw_ips nonvpn_ips all_ips
local -a root_hosts nonroot_hosts
# the hosts with no mac
all_ips[$host]=$ip
if $vpn; then
+ portfw_ips[$host]=$ip
vpn_ips[$host]=$ip
else
nonvpn_ips[$host]=$ip
# hosts is that it is for the User part, the IdentityFile part is
# redundant to *.b8.nz. Also note ${host}i, we only setup those for vpn hosts, but there is no harm in overspecifying here.
root_hosts+=($host ${host}i $host.b8.nz ${host}i.b8.nz)
+ root_hosts_a[$host]=t # a for associative array
else
nonroot_hosts+=($host ${host}i)
fi
-
host_ips[$host]=$ip
- host_macs[$host]=$mac
+ if [[ $mac ]]; then
+ host_macs[$host]=$mac
+ fi
+
done </p/c/host-info
{
for host in ${!vpn_ips[@]}; do
ipsuf=${vpn_ips[$host]}
cat <<EOF
-Host ${host}i
-Hostname b8.nz
+Host ${host}i ${host}i.b8.nz
Port $((2200 + ipsuf))
-
EOF
done
HostKeyAlias $host.b8.nz
EOF
done
- } | cedit /p/c/subdir_files/.ssh/config || [[ $? == 1 ]]
+ } | cedit -e /p/c/subdir_files/.ssh/config-static
{
# hack to please emacs parser
ipsuf=${vpn_ips[$host]}
i_port=$(( 2200 + ipsuf ))
cat <<EOF
- config redirect
- option name ssh$host
- option src wan
- option src_dport $i_port
- option dest_port 22
- option dest_ip \$l.$ipsuf
- option dest lan
- config rule
- option src wan
- option target ACCEPT
- option dest_port $i_port
+config redirect
+option name ssh$host
+option src wan
+option src_dport $i_port
+option dest_port 22
+option dest_ip \$l.$ipsuf
+option dest lan
+config rule
+option src wan
+option target ACCEPT
+option dest_port $i_port
EOF
done
echo "EOF"
# shellcheck disable=SC2016 # shellcheck doesnt know this is sed
sedi '/edits below here are made automatically/,$d' /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf
for host in ${!vpn_ips[@]}; do
- if [[ ${root_ips[$host]} ]]; then
+ if [[ ${root_hosts_a[$host]} ]]; then
# root machines dont actually need vpn, but
# the classification still helps with other
# configurations.
fi
ipsuf=${vpn_ips[$host]}
wghole $host $ipsuf
- sd /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/$host <<EOF
+ u /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/$host <<EOF
ifconfig-push 10.5.5.${vpn_ips[$host]} 255.255.255.0
EOF
u /a/bin/ds/machine_specific/$host/filesystem/etc/systemd/system/openvpn-client-tr@.service <<EOF
{
echo "cat <<EOF"
- for host in ${!host_ips[@]}; do
+ for host in ${!host_macs[@]}; do
ipsuf=${host_ips[$host]}
echo "dhcp-host=${host_macs[$host]},set:$host,\$l.$ipsuf,$host"
done
echo "EOF"
} | u /p/c/dnsmasq-data
+
b8_ip=$(dig +short b8.nz @iankelling.org | tail -1)
if [[ ! $b8_ip ]]; then
echo "$0: error: got empty b8.nz ip. returning 1"
${host}wg A 10.8.0.$ipsuf
${host}vp A 10.5.5.$ipsuf
${host}tr A 10.174.$ipsuf.2
+${host}i A $b8_ip
EOF
done
- } | cedit vpn-ips-update /p/c/machine_specific/vps/bind-initial/db.b8.nz ||:
+ } | cedit -e vpn-ips-update /p/c/machine_specific/vps/bind-initial/db.b8.nz
echo checking for stray files:
/p/c/machine_specific filesystem/etc/wireguard/wghole.conf
EOF
- files=(/b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/* )
+ files=( /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/* )
for f in "${files[@]}"; do
- host=${f##/*}
+ host=${f##*/}
if [[ ! ${vpn_ips[$host]} ]]; then
e rm $f
e ssh root@li.b8.nz rm -f $f
fi
done
+ tmpf=$(mktemp)
+ {
+ printf "%s" "Host * "
+ sed -n '/^Host /h;/^IdentityFile .*\/home/{g;s/^Host//;s/ / !/gp}' /p/c/subdir_files/.ssh/config-static | tr '\n' ' '
+ echo
+ echo "IdentityFile ~/.ssh/work"
+ } >$tmpf
+ cedit -e work-identity /p/c/subdir_files/.ssh/config-static <$tmpf
+ rm -f $tmpf
+
+ ### begin focus on hosts file update ###
+ #
+ # This started as its own function, but it actually
+ # needed to alter the ssh config, so combined it.
+ #
+ # background: This is finally doing dynamic ip resolution via the hosts
+ # file. I considered detecting where each host was dynamically or
+ # something, but ultimately decided to mostly avoid that, other than
+ # detecting the status of the current machine I'm on. I want to be able
+ # to move it around without having to manually type much of anything.
+ local -a host_domain_suffix hosts
+ local -A ip_to_hosts
+ local suf ip i host at_home suf_from_here
+
+ source /p/c/domain-info
+
+ at_home=false
+ if ip n | grep -q "10.2.0.1 .* b4:75:0e:fd:06:4a"; then
+ at_home=true
+ fi
+
+ for i in ${host_domain_suffix[@]}; do
+ if [[ $i == *.* ]]; then
+ suf=$i
+ continue
+ fi
+ hosts+=($i)
+ if [[ $i == "$HOSTNAME" ]]; then
+ unset "portfw_ips[$i]"
+ continue
+ fi
+
+ suf_from_here=$suf
+ if ! $at_home && [[ $suf == .b8.nz || $suf == [wc].b8.nz ]]; then
+ suf_from_here=i.b8.nz
+ else
+ unset "portfw_ips[$i]"
+ fi
+
+ ip=$(getent ahostsv4 "$i$suf_from_here" | awk '{ print $1 }' | head -n1) ||:
+ if [[ ! $ip ]]; then
+ if [[ $suf == .office.fsf.org ]]; then
+ suf_from_here=wg.b8.nz
+ ip=$(getent ahostsv4 "$i$suf_from_here" | awk '{ print $1 }' | head -n1) ||:
+ fi
+ if [[ ! $ip ]]; then
+ echo error: failed to get ip of "$i$suf_from_here"
+ return 1
+ fi
+ fi
+ ip_to_hosts[$ip]+=" $i"
+ done
+
+ for ip in "${!ip_to_hosts[@]}"; do
+ echo "$ip${ip_to_hosts[$ip]}"
+ done | s cedit -e hosts-file-up /etc/hosts
+ for host in ${hosts[@]}; do
+ echo $host
+ done >/p/c/subdir_files/.dsh/group/btrbk
+ ### end focus on hosts file update ###
+
+
+ # note: note sure if this is a great way to check.
+ # todo: think about it
+
+ if $at_home; then
+ # possible that in the future we want to create
+ # a dynamic file here, and then we can move the cat
+ # command above out of the conditional
+ rsync -a /p/c/subdir_files/.ssh/config-static ~/.ssh/config
+ else
+ for host in ${!portfw_ips[@]}; do
+ ipsuf=${portfw_ips[$host]}
+ cat <<EOF
+Host ${host}
+Port $((2200 + ipsuf))
+EOF
+ done > ~/.ssh/config-dynamic
+ cat /p/c/subdir_files/.ssh/config-static ~/.ssh/config-dynamic >~/.ssh/config
+ fi
}
# usage host ipsuf [extrahost]
pushd /home/iank/.local/share/profanity/chatlogs/iank_at_fsf.org/rooms/office_at_conference.fsf.org
logs=(*)
logcount=${#logs[@]}
- if (( logcount > 15 )); then
- i=$(( logcount - 15 ))
+ if (( logcount > 16 )); then
+ i=$(( logcount - 16 ))
else
i=0
fi
fi
[[ $1 ]] || { echo need arg; return 1; }
- journalctl --unit=$vpn_service@$1 -f -n0 &
- # sometimes the journal doesnt open until after the vpn output
- # has happened. hoping this fixes that.
- sleep 1
+ journalctl --since=now --unit=$vpn_service@$1 -f -n0 &
sudo systemctl start $vpn_service@$1
# sometimes the ask-password agent does not work and needs a delay.
sleep .5
fi
}
-# unmute
+# unmute desktop output
um() {
- local sink card
+ local sink card sedcmd
sink=$(pactl get-default-sink)
if [[ $sink == auto_null ]]; then
# guessing there is just one with an off profile. otherwise we will
# need some other solution, like storing the card identifier that we
- # muted with nap.
- card=$(pacmd list-cards | sed -n '/^[[:space:]]*index:/{s/^[[:space:]]*index://;h};/^[[:space:]]*active profile: <off>$/{g;p;q}')
+ # muted with nap. Or, we could so some hakery with
+ # pactl -f json.
+ sedcmd='/^[[:space:]]*index:/{s/^[[:space:]]*index://;h};/^[[:space:]]*active profile: <off>$/{g;p;q}'
+ card=$(pacmd list-cards | sed -n "$sedcmd")
m pacmd set-card-profile "$card" output:analog-stereo
fi
units "tempF($1)" tempC
}
-# requires dns/firewall setup first
+# note: requires dns setup of live.iankelling.org, & if i'm home, port
+# forwarding in wrt-setup-local. todo: automate that.
local-icecast() {
web-conf -e ian@iankelling.org -f 8000 - apache2 live.iankelling.org <<'EOF'
<Location "/fsf.webm">
done
}
+opensslcertinfo() {
+ openssl x509 -txt -in "$@"
+}
+
+# dsh on btrbk hosts
+dsb() {
+ :
+}
+
+# dsh a file and run it
+dsa() {
+ local ret file
+ if ! parallel -j 10 scp x {}:/tmp <~/.dsh/group/btrbk; then
+ echo parallel scp failed. dsa returning $ret
+ fi
+ dsh -g btrbk
+}
+
+# temporary
+zmqsend() {
+ /nocow/t/ffmpeg-release/ffmpeg-7.0.1/tools/zmqsend "$@"
+}
+
+ffg() { /nocow/t/ffmpeg-release/ffmpeg-7.0.1/tools/graph2dot -o /tmp/g.tmp && dot -Tpng /tmp/g.tmp -o /tmp/g.png && feh /tmp/g.png; }
export BASEFILE_DIR=/a/bin/fai-basefiles