X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;h=346f8da55bb9abd998ad2ace1e66f889e0aff691;hb=fde3746c622eb042ce1fd051cdfea2f9a247cd53;hp=d374c52537cdba929355a7f0abf7955ed1d25134;hpb=253530bdfb6da78f7b33f7af11a031359f02ef84;p=distro-setup diff --git a/brc2 b/brc2 index d374c52..346f8da 100644 --- a/brc2 +++ b/brc2 @@ -6,7 +6,12 @@ # * settings -HISTFILE=$HOME/.bh +if [[ $LESSHISTFILE == - ]]; then + HISTFILE= + c() { cd "$@"; } +elif [[ $HISTFILE ]]; then + HISTFILE=$HOME/.bh +fi source /a/bin/distro-setup/path-add-function path-add /a/exe @@ -20,6 +25,7 @@ path-add --end ~/.local/bin path-add --ifexists --end /a/work/libremanage path-add --ifexists --end /a/opt/adt-bundle*/tools /a/opt/adt-bundle*/platform-tools path-add --ifexists --end /a/opt/scancode-toolkit-3.10. +path-add --ifexists --end /p/bin case $HOSTNAME in sy|bo) @@ -85,6 +91,8 @@ multimic() { pactl load-module module-remap-source source_name=iancombine master=ianinput.monitor source_properties=device.description=iancombine } +# h ssh test +# For testing restrictive ssh. hstest() { install-my-scripts d=$(mktemp -d) @@ -92,13 +100,26 @@ hstest() { s command ssh -F $d/config -i /q/root/h "$@" } -hrtest() { +# h rsync test +# For testing restrictive rsync +hrtest() { # install-my-scripts d=$(mktemp -d) sed '/^ *IdentityFile/d' ~/.ssh/config >$d/config s rsync -e "ssh -F $d/config -i /q/root/h" "$@" } +# rsync as root and avoid the default restrictive h key & config. +rootrsync() { + s rsync -e "ssh -F /root/.ssh/confighome" "$@" +} + +zcheck() { + s ssh bow DISPLAY=:0 scrot /tmp/oegu.jpg + s scp bow:/tmp/oegu.jpg /t + s ssh bow rm /tmp/oegu.jpg + feh /t/oegu.jpg + } slemacs() { local arg rtime v @@ -146,6 +167,13 @@ rsync -rptL --delete --filter=". /b/ds/sl/rsync-filter" /a/opt/emacs-trisquel8-n EOF } +rm-docker-iptables() { + s iptables -S | gr docker | gr -- -A | sed 's/-A/-D/'| while read -r l; do sudo iptables $l; done + s iptables -S -t nat | gr docker | gr -- -A | sed 's/-A/-D/'| while read -r l; do sudo iptables -t nat $l; done + s iptables -S | gr docker | gr -- -N | sed 's/-N/-X/'| while read -r l; do sudo iptables $l; done + s iptables -S -t nat | gr docker | gr -- -N | sed 's/-N/-X/'| while read -r l; do sudo iptables -t nat $l; done +} + # usage mkschroot [-] distro codename packages # - means no piping in of sources.list mkschroot() { @@ -255,10 +283,10 @@ tback() { # s sshfs bu@$host:/bu/home/md /bu/mnt -o reconnect,ServerAliveInterval=20,ServerAliveCountMax=30 -o allow_other eqgo() { - enn -M $(exiqgrep -i) + enn -M $(exiqgrep -i -r.\*) } eqgo1() { - enn -M $(exiqgrep -i|h1) + enn -M $(exipick -i -r.\*|h1) } @@ -386,11 +414,15 @@ bbk() { # btrbk wrapper if $active; then ser stop btrbk.timer fi - if [[ $(systemctl is-active btrbk.service ||:) != inactive ]]; then - echo "cron btrbk is already running" - if $active; then ser start btrbk.timer; fi - return 1 - fi + btrbk_is_active=$(systemctl is-active btrbk.service ||:) + case $btrbk_is_active in + inactive|failed) : ;; + *) + echo "bbk: error: systemctl is-active btrbk.service output: $btrbk_is_active" + if $active; then ser start btrbk.timer; fi + return 1 + ;; + esac # run latest install-my-scripts # todo: consider changing this to srun and having the args come @@ -450,7 +482,7 @@ jrun() { # journal run. run args, log to journal, tail and grep the journal. journalctl -qn2 -f -u "$cmd_name" & # Guess of time needed to avoid missing initial lines. # .5 was not reliable. 1 was not reliable. 2 was not reliable - sleep 3 + sleep 4 # We kill this in prompt-command for the case that we ctrl-c the # systemd-cat. i dont know any way to trap ctrl-c and still run the # normal action for it. There might be a way, unsure. @@ -482,7 +514,7 @@ srun() { fg &>/dev/null ||: } -sm() { +sm() { # switch mail host local tmp keyhash c / # run latest @@ -495,6 +527,19 @@ sm() { s jrun switch-mail-host "$@" return $ret } +sh2() { # switch host2 + local tmp keyhash + c / + # run latest + keyhash=$(s ssh-keygen -lf /root/.ssh/home | awk '{print $2}') + tmp=$(s ssh-add -l | awk '$2 == "'$keyhash'"') + if [[ ! $tmp ]]; then + s ssh-add /root/.ssh/home + fi + install-my-scripts + s jrun switch-host2 "$@" + return $ret +} # shellcheck disable=SC2120 lipush() { @@ -558,7 +603,7 @@ dnsb8() { local f=/var/lib/bind/db.b8.nz m ser stop named m sleep 1 - m sudo rm -fv $f.jnl + m sudo rm -fv $f.jnl $f.signed.jnl m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f m ser restart named } @@ -1074,9 +1119,11 @@ jrf() { journalctl -n 200 -f "$@" ; } ccomp journalctl jtail jr jrf -kff() { # keyboardio firmware flash - pushd /a/bin/distro-setup/Arduino/Model01-Firmware - yes $'\n' | make flash +kff() { # keyboardio firmware flash. you must hold down the tilde key + pushd /a/opt/Model01-Firmware + # if we didn't want this yes hack, then remove "shell read" from + # /a/opt/Kaleidoscope/etc/makefiles/sketch.mk + yes $'\n' | VERBOSE=1 make flash popd } @@ -1151,26 +1198,36 @@ mns() { # mount namespace m sudo -E /usr/bin/nsenter --mount=/root/mount_namespaces/$ns "$@" } +mnsr() { # mns run + local ns=$1 + shift + mns $ns sudo -u iank -E env "PATH=$PATH" "$@" +} + mnsnonet() { ns=$1 + lomh if ! s ip netns list | grep -Fx nonet &>/dev/null; then s ip netns add nonet fi mns $ns --net=/var/run/netns/nonet sudo -E -u iank /bin/bash + lomh } lom() { + # l = the loopback device local l base if [[ $1 == /* ]]; then base=${1##*/} + fs_file=$1 if mns $base mountpoint -q /mnt/$base; then return 0 fi - l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:) + l=$(losetup -j $fs_file | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:) if [[ ! $l ]]; then l=$(sudo losetup -f) - m sudo losetup $l $1 + m sudo losetup $l $fs_file fi if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then if ! sudo cryptsetup luksOpen $l $base; then @@ -1181,6 +1238,7 @@ lom() { m sudo mkdir -p /mnt/$base m mns $base mount /dev/mapper/$base /mnt/$base m mns $base chown $USER:$USER /mnt/$base + lomh else base=$1 if mns $base mountpoint /mnt/$base &>/dev/null; then @@ -1192,7 +1250,7 @@ lom() { return 1 fi fi - l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}') + l=$(losetup -l --noheadings | awk '$6 ~ /\/'$base'$/ {print $1}') if [[ $l ]]; then m sudo losetup -d $l else @@ -1263,6 +1321,16 @@ mbdisable() { mv -T $src $dst set +x } +mb2disable() { + local mb=$1 + dst=/m/md/$mb + src=/m/4e2/$mb + set -x + [[ -e $src ]] || { set +x; return 1; } + if [[ -L $dst ]]; then rm $dst; fi + mv -T $src $dst + set +x +} mdt() { @@ -1272,9 +1340,77 @@ mdt() { mo() { xset dpms force off; } # monitor off +mpvgpu() { + # seems to be the best gpu decoding on my nvidia 670. + # vlc gets similar or better framerate, but is much darker output on my test movie at least. + + + case $HOSTNAME in + kd) + echo 0f | sudo tee -a /sys/kernel/debug/dri/0/pstate + ;; + esac + # going back to the default slow clock, and slower fan: + # echo 07 | sudo tee -a /sys/kernel/debug/dri/0/pstate + if [[ $DISPLAY ]]; then + mpv --vo=vdpau --hwdec=auto "$@" + else + # waylandvk seems to work the same + mpv --gpu-context=wayland --hwdec=auto + fi +} + mpvd() { mpv --profile=d "$@"; } +# mpv all media files in . or $1 +mpvm() { + local -a extensions arg + # get page source of https://en.wikipedia.org/w/index.php?title=Video_file_format&action=edit + # into /a/x.log, then + # grep '^| *\.' /a/x.log | sed 's/| *//;s/,//g' + extensions=( + .webm + .mkv + .flv + .flv + .vob + .ogv .ogg + .drc + .gif + .gifv + .mng + .avi + .MTS .M2TS .TS + .mov .qt + .wmv + .yuv + .rm + .rmvb + .viv + .asf + .amv + .mp4 .m4p .m4v + .mpg .mp2 .mpeg .mpe .mpv + .mpg .mpeg .m2v + .m4v + .svi + .3gp + .3g2 + .mxf + .roq + .nsv + ) + arg=("(" -iname "*${extensions[0]}") + for (( i=1 ; i < ${#extensions[@]}; i++ )); do + arg+=(-o -iname "*${extensions[i]}") + done + arg+=(")") + dir=${1:-.} + # debug: + #find $dir "${arg[@]}" -size +200k + find $dir "${arg[@]}" -size +200k -exec mpv --profile=d '{}' + +} mpvs() { mpv --profile=s "$@"; } @@ -1429,6 +1565,7 @@ rebr() { } +r2e() { command r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg "$@"; } # only run on MAIL_HOST. simpler to keep this on one system. r2eadd() { # usage: name url # initial setup of rss2email: @@ -1447,7 +1584,6 @@ r2eadd() { # usage: name url # get up to date and dont send old entries now: r2e run --no-send $1 } -r2e() { command r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg "$@"; } rspicy() { # usage: HOST DOMAIN # connect to spice vm remote host. use vspicy for local host @@ -1520,10 +1656,6 @@ spd() { PATH=/usr/local/spdhackfix:$PATH command spd "$@" } -spend() { - sudo systemctl suspend -} - spamf() { # spamtest on FILE local spamcpre spamdpid @@ -1610,19 +1742,71 @@ EOF fi } -# alert when a page goes live. not urgent. +# alert when a page goes live. alert200() { + local quiet url tmpdir + quiet=false + case $1 in + # dont send a diff of the html. some html is not very readable + -q) quiet=true + shift + ;; + esac url="$1" tmpdir="$(mktemp -d)" cd $tmpdir while true; do - if torsocks wget -q "$url"; then - alertme $tmpdir + if wget -q "$url"; then + if $quiet; then + echo | daylert 200 + else + alertme $tmpdir + fi + fi + sleep $(( 120 + RANDOM % 300 )) + done +} + +# alert on changes to a webpage (just the base page that curl gets) +# usage: weblert URL [SUBJECT...] +weblert() { + local u old new quiet + quiet=false + case $1 in + # dont send a diff of the html. some html is not very readable + -q) quiet=true + shift + ;; + esac + u="$1" + shift + subject="${*:-weblert}" + old=$(curl -s "$u") ||: + while true; do + new=$(curl -s "$u") ||: + if [[ $old && $new ]]; then + if [[ $new != "$old" ]]; then + if $quiet; then + echo | daylertme "$subject" + else + diff <(printf "%s\n" "$old") <(printf "%s\n" "$new") | daylertme "$subject" ||: + fi + fi + old="$new" fi - sleep $(( 600 + RANDOM % 300 )) + sleep $(( 60 + RANDOM % 120 )) done } +torshell() { + # per man torsocks + source `type -p torsocks` on +} + +eless2() { + less /var/log/exim4/mymain +} + # mail related testexim() { @@ -1642,10 +1826,9 @@ testexim() { # # -t = get recipient from header exim -d -t <<'EOF' -From: i@dmarctest.b8.nz -To: mailman@dev.fsf.org +From: root@$(hostname-f) +To: root@$(hostname-f) Subject: test2 -Reply-to: rtest@iankelling.org This is a test message. EOF @@ -1716,18 +1899,79 @@ enn() { m s nsenter -t $pid -n -m $ecmd "$@" } +# get pid of systemd service +servicepid() { + local pid unit dir + unit="$1" + pid=$(systemctl show --property MainPID --value "$unit") + case $pid in + [1-9]*) : ;; + *) + + dir=/sys/fs/cgroup/system.slice + if [[ ! -d $dir ]]; then + # t10 and older directory. + dir=/sys/fs/cgroup/systemd/system.slice + fi + + # 0 or empty. This file includes the MainPid, so I expect we + # could just get this in the first place, but i don't know if that + # is always the case. + pid=$(head -n1 $dir/${unit%.service}.service/cgroup.procs) + ;; + esac + if [[ $pid ]]; then + printf "%s\n" "$pid" + else + return 1 + fi +} + sdnbash() { # systemd namespace bash - local unit=$1 - m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash + local unit pid + if (( $# != 1 )); then + echo $0: error wrong number of args >&2 + return 1 + fi + unit=$1 + pid=$(servicepid $unit) + m sudo nsenter -t $pid -n -m sudo -u $USER -i bash } -mailnnbash() { - m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash +sdnbashroot() { # systemd namespace bash + local unit pid + if (( $# != 1 )); then + echo $0: error wrong number of args >&2 + return 1 + fi + unit=$1 + pid=$(servicepid $unit) + m sudo nsenter -t $pid -n -m bash } -mailvpnbash() { - m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash + +sdncmd() { # systemd namespace cmd + local unit pid + if (( $# <= 2 )); then + echo $0: error wrong number of args >&2 + return 1 + fi + unit=$1 + shift + pid=$(servicepid $unit) + m sudo nsenter -t $pid -n -m sudo -u $USER -i "$@" } + + +mailnnbash() { + sdnbash mailnn +} + +# we use wireguard now, use mailnnbash. +# mailvpnbash() { +# m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash +# } + eximbash() { local pid pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) @@ -1746,30 +1990,27 @@ unboundbash() { m sudo nsenter -t $(systemctl status unbound| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash } +nmtc() { + s nmtui-connect "$@" +} + mailnncheck() { - local p pid ns mailnn + local unit pid ns mailnn # mailvpn would belong on the list if using openvpn - for p in mailnn unbound dovecot spamassassin exim4 radicale; do - case $p in - exim4|radicale) - pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}') - ;; - *) - pid=$(s systemctl show --property MainPID --value $p) - ;; - esac - echo p=$p pid=$pid + for unit in mailnn unbound dovecot spamassassin exim4 radicale; do + pid=$(servicepid $unit) + echo debug: unit=$unit pid=$pid if [[ ! $pid ]]; then - echo failed to find pid for $p + echo failed to find pid for unit=$unit continue fi if ! ns=$(s readlink /proc/$pid/ns/net); then - echo failed to find ns for $p pid=$pid + echo failed to find ns for unit=$unit pid=$pid continue fi if [[ $mailnn ]]; then if [[ $ns != "$mailnn" ]]; then - echo "$p ns $ns != $mailnn" + echo "$unit ns $ns != $mailnn" fi else mailnn=$ns @@ -1782,16 +2023,6 @@ mailnncheck() { vpncmd() { m sudo -E env "PATH=$PATH" nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n "$@" } -vpnf() { - sudo -v - vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn & - sleep 5 - r -} -vpn2f() { - sudo -v - vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 & r -} vpni() { vpncmd sudo -u iank env "PATH=$PATH" "$@" @@ -1823,8 +2054,12 @@ vpn() { } fixu() { + local stats ls -lad /run/user/1000 - s chmod 700 /run/user/1000; s chown iank.iank /run/user/1000 + stats=$(stat -c%a-%g-%u /run/user/1000) + if [[ $stats != 700-1000-1000 ]]; then + m s chmod 700 /run/user/1000; m s chown iank.iank /run/user/1000 + fi } # systemctl is-enabled / status / cat says nothing, instead theres @@ -2015,6 +2250,7 @@ if [[ "$SUDOD" ]]; then unset SUDOD elif [[ -d /a ]] && [[ $PWD == "$HOME" ]] && [[ $- == *i* ]]; then cd /a + OLDPWD= fi @@ -2044,7 +2280,9 @@ path-add /usr/local/go/bin # I have both because I was trying to solve an issue that # turned out to be unrelated. # ARDUINO_PATH=/a/opt/Arduino/build/linux/work -export ARDUINO_PATH=/a/opt/arduino-1.8.15 + +## i should have documented this... +# based on https://github.com/keyboardio/Kaleidoscope export KALEIDOSCOPE_DIR=/a/opt/Kaleidoscope # They want to be added to the start, but i think @@ -2056,7 +2294,9 @@ path-add --end $HOME/.cargo/bin if type -P rg &>/dev/null; then # --no-messages because of annoying errors on broken symlinks - rg() { command rg --no-messages -L -i -M 300 --no-ignore "$@" || return $?; } + # -z = search .gz etc files + # -. = search dotfilesq + rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore-parent --no-ignore-vcs -g '!.git' -g '!auto-save-list' -g '!.savehist' "$@" || return $?; } #fails if not exist. ignore complete -r rg 2>/dev/null ||: else