X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;h=02aa77f694d82e89289ce521761cd37978b0b8fb;hb=205510f1ebae68147df7c73bc71c692fd03ff045;hp=9bc89d5158c499ff9892e08c26e1f193f5dcc690;hpb=0249e646cbed14fc191827f95a05044287d419ad;p=distro-setup

diff --git a/brc2 b/brc2
index 9bc89d5..02aa77f 100644
--- a/brc2
+++ b/brc2
@@ -12,6 +12,8 @@ source /a/bin/distro-setup/path-add-function
 path-add /a/exe
 # add this with absolute paths as needed for better security
 #path-add --end /path/to/node_modules/.bin
+## for yarn, etc
+#path-add --end /usr/lib/node_modules/corepack/shims/
 
 # pip3 --user things go here:
 path-add --end ~/.local/bin
@@ -169,8 +171,10 @@ EOF
   fi
   sudo chroot $d apt-get update
   sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
-  sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
   sudo cp -P {,$d}/etc/localtime
+  if (( ${#apps[@]} )); then
+    sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+  fi
 }
 
 
@@ -379,6 +383,22 @@ bigclock() {
 
 nnn() { /a/opt/nnn -H "$@"; }
 
+locat() { # log-once cat
+  local files
+  ngset
+  files=(/var/local/cron-errors/* /home/iank/cron-errors/* /sysd-mail-once-state/*)
+  case ${#files[@]} in
+    0) : ;;
+    1)
+      echo ${files[0]}
+      head ${files[0]}
+      ;;
+    *)
+      head ${files[@]}
+      ;;
+  esac
+  ngreset
+}
 
 # duplicated somewhat below.
 jrun() { # journal run. run args, log to journal, tail and grep the journal.
@@ -484,27 +504,26 @@ EOF
   done
 }
 bindpushb8() {
-  dsign iankelling.org expertpathologyreview.com zroe.org amnimal.ninja
   lipush
   for h in li bk; do
     m sl $h <<'EOF'
 source ~/.bashrc
-m dnsup
 m dnsb8
 EOF
   done
 }
 
 dnsup() {
-  conflink
+  conflink -f
   m ser reload bind9
 }
 dnsb8() {
   local f=/var/lib/bind/db.b8.nz
-  ser stop bind9
-  sudo rm -fv $f.jnl
-  sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
-  ser restart bind9
+  m ser stop bind9
+  m sleep 1
+  m sudo rm -fv $f.jnl
+  m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
+  m ser restart bind9
 }
 dnsecgen() {
   # keys generated like this
@@ -954,10 +973,9 @@ hstatus() {
 # work log
 wlog() {
   local day now i
-  now=$(date +%s)
   for (( i=0; i<60; i++ )); do
-    day=$( date +%F -d @$((now - 86400*i )) )
-    date "+%a %b %d" -d @$((now - 86400*i )) | tr '\n' ' '
+    day=$( date +%F -d @$((EPOCHSECONDS - 86400*i )) )
+    date "+%a %b %d" -d @$((EPOCHSECONDS - 86400*i )) | tr '\n' ' '
     /a/opt/timetrap/bin/t d -ftotal -s $day -e $day all -m '^w|lunch$'
   done
 }
@@ -1057,8 +1075,8 @@ Address = 10.8.0.$ipsuf/24
 PostUp = ping -c1 10.8.0.1 ||:
 
 [Peer]
-# li
-PublicKey = zePGl7LoS3iv6ziTI/k8BMh4L3iL3K2t9xJheMR4hQA=
+# li. called wgmail on that server
+PublicKey = CTFsje45qLAU44AbX71Vo+xFJ6rt7Cu6+vdMGyWjBjU=
 AllowedIPs = 10.8.0.0/24
 Endpoint = 72.14.176.105:1194
 PersistentKeepalive = 25
@@ -1066,7 +1084,7 @@ EOF
   umask $umask_orig
   # old approach. systemd seems to work fine and cleaner.
   rm -f ../network/interfaces.d/wghole
-  cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wghole.conf <<EOF || [[ $? == 1 ]]
+  cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf <<EOF || [[ $? == 1 ]]
 [Peer]
 PublicKey = $(cat hole-pub.key)
 AllowedIPs = 10.8.0.$ipsuf/32
@@ -1079,26 +1097,40 @@ lom() {
   local l base
   if [[ $1 == /* ]]; then
     base=${1##*/}
-    if mountpoint /mnt/$base; then
+    if mountpoint -q /mnt/$base; then
       return 0
     fi
-    l=$(sudo losetup -f)
-    sudo losetup $l $1
-    if ! sudo cryptsetup luksOpen $l $base; then
-      sudo losetup -d $l
-      return 1
+    l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+    if [[ ! $l ]]; then
+      l=$(sudo losetup -f)
+      m sudo losetup $l $1
+    fi
+    if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! sudo cryptsetup luksOpen $l $base; then
+        m sudo losetup -d $l
+        return 1
+      fi
     fi
-    sudo mkdir -p /mnt/$base
-    sudo mount /dev/mapper/$base /mnt/$base
-    sudo chown $USER:$USER /mnt/$base
+    m sudo mkdir -p /mnt/$base
+    m sudo mount /dev/mapper/$base /mnt/$base
+    m sudo chown $USER:$USER /mnt/$base
   else
     base=$1
     if mountpoint /mnt/$base &>/dev/null; then
-      sudo umount /mnt/$base
+      m sudo umount /mnt/$base
+    fi
+    if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
+        echo lom: failed cryptsetup luksClose /dev/mapper/$base
+        return 1
+      fi
+    fi
+    l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}')
+    if [[ $l ]]; then
+      m sudo losetup -d $l
+    else
+      echo lom: warning: no loopback device found
     fi
-    l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
-    sudo cryptsetup luksClose /dev/mapper/$base || return 1
-    sudo losetup -d $l
   fi
 }
 
@@ -1201,8 +1233,7 @@ allmyirc() {
 }
 
 mygajim() {
-  local now time time_sec time_pretty
-  now=$(date +%s)
+  local time time_sec time_pretty
   sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank' and jid_id = 17;" | while read -r time l; do
     case $time in
       16*) : ;;
@@ -1215,7 +1246,7 @@ mygajim() {
     echo $time_pretty "$l"
     time_sec=${time%%.*}
     # only look at the last 18 days. generally just use this for timesheet.
-    if (( time_sec < now - 60 * 60 * 24 * 18 )); then break; fi
+    if (( time_sec < EPOCHSECONDS - 60 * 60 * 24 * 18 )); then break; fi
   done
 }
 
@@ -1252,6 +1283,9 @@ ngo() {
 otp() {
   oathtool --totp -b "$*" | xclip -selection clipboard
 }
+j() {
+  "$@" |& pee "xclip -r -selection clipboard"
+}
 
 
 pakaraoke() {
@@ -1456,7 +1490,6 @@ testmail() {
 # always run this first, edit the test files, then run the following
 testsieve() {
   sieve-filter ~/sieve/maintest.sieve ${1:-INBOX} delete 2> >(head; tail) >/tmp/testsieve.log  && sed -rn '/^Performed actions:/,/^[^ ]/{/^ /p}' /tmp/testsieve.log | sort | uniq -c
-  _dosieve
 }
 runsieve() {
   c ~/sieve; cp personal{test,}.sieve; cp lists{test,}.sieve; cp personalend{test,}.sieve
@@ -1464,6 +1497,62 @@ runsieve() {
   sed -r '/^info: filtering:/{h;d};/^info: msgid=$/N;/^info: msgid=.*left message in mailbox [^ ]+$/d;/^info: msgid=/{H;g};/^info: message kept in source mailbox.$/d' /tmp/testsieve.log
 }
 
+# usage:
+# alertme SUBJECT
+# printf "subject\nbody\n" | alertme
+alertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+daylertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+
+# alert when a page goes live. not urgent.
+alert200() {
+  url="$1"
+  tmpdir="$(mktemp -d)"
+  cd $tmpdir
+  while true; do
+    if torsocks wget -q "$url"; then
+      alertme $tmpdir
+    fi
+    sleep $(( 600 + RANDOM % 300 ))
+  done
+}
+
+
 # mail related
 testexim() {
   # testmail above calls sendmail, which is a link to exim/postfix.
@@ -1558,22 +1647,28 @@ enn() {
 
 sdnbash() { # systemd namespace bash
   local unit=$1
-  m sudo nsenter -t $(systemctl status $unit | sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash
 }
 
 mailnnbash() {
-  m sudo nsenter -t $(systemctl status mailnn| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash
 }
 
 mailvpnbash() {
   m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
 }
 eximbash() {
-  m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
+  local pid
+  pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1)
+  if [[ ! $pid ]]; then
+    echo "eximbash: failed to find exim pid. systemctl -n 30 status exim4:"
+    systemctl status exim4
+  fi
+  m sudo nsenter -t $pid -n -m
 }
 spamnn() {
   local spamdpid
-  spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  spamdpid=$(systemctl show --property MainPID --value spamassassin)
   m sudo nsenter -t $spamdpid -n -m sudo -u Debian-exim spamassassin "$@"
 }
 unboundbash() {
@@ -1581,9 +1676,18 @@ unboundbash() {
 }
 
 mailnncheck() {
-  local pid ns mailnn
-  for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
-    pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  local p pid ns mailnn
+  # mailvpn would belong on the list if using openvpn
+  for p in mailnn unbound dovecot spamassassin exim4 radicale; do
+    case $p in
+      exim4|radicale)
+        pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
+        ;;
+      *)
+        pid=$(s systemctl show --property MainPID --value $p)
+        ;;
+    esac
+    echo p=$p pid=$pid
     if [[ ! $pid ]]; then
       echo failed to find pid for $p
       continue
@@ -1643,6 +1747,11 @@ vpn() {
   sudo systemd-tty-ask-password-agent
 }
 
+fixu() {
+  ls -lad /run/user/1000
+  s chmod 700 /run/user/1000; s chown iank.iank /run/user/1000
+}
+
 # systemctl is-enabled / status / cat says nothing, instead theres
 # some obscure symlink. paths copied from man systemd.unit.
 # possibly also usefull, but incomplete, doesnt show units not loaded in memory: