X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;h=6988b81fd4a062c8d78657894b35cbfd4f5100a6;hb=6d5461af9e4266473dd5c53863b7c97e254d8348;hp=aa370ac58b5ce13a74a9172c5760a367e7e3e471;hpb=7f94df0eb6002f4fd05ab3fc2d61e94a92ef5a1a;p=distro-setup

diff --git a/brc2 b/brc2
index aa370ac..6988b81 100644
--- a/brc2
+++ b/brc2
@@ -840,6 +840,7 @@ mpvrpc-loadfile() {
 # q quit
 # ret next
 #
+# todo: enter should also unpause
 beetag()  {
   local last_genre_i fstring tag id char new_item char_i genre tag remove doplay i j random path
   local do_rare_genres read_wait help line lsout tmp ls_line skip_lookback
@@ -1791,21 +1792,13 @@ bindpush() {
   dsign iankelling.org expertpathologyreview.com zroe.org amnimal.ninja
   lipush
   for h in li bk; do
-    e sshing $h
-    ssh $h.b8.nz <<'EOF'
-source ~/.bashrc
-m dnsup
-EOF
+    m ssh $h.b8.nz dnsup
   done
 }
 bindpushb8() {
   lipush
   for h in li bk; do
-    e sshing $h
-    ssh $h.b8.nz <<'EOF'
-source ~/.bashrc
-m dnsb8
-EOF
+    m ssh $h.b8.nz dnsb8
   done
 }
 
@@ -1816,8 +1809,18 @@ dnsup() {
 dnsb8() {
   local f=/var/lib/bind/db.b8.nz
   m ser stop named
-  m sleep 1
-  m sudo rm -fv $f.jnl $f.signed.jnl
+  # jbk is like a temp file. dunno if removing it helps
+
+  i=0
+  while pgrep '^named$' &>/dev/null; do
+    sleep .5
+    i=$(( i + 1 ))
+    if (( i > 100 )); then
+      echo "dnsb8: error: timeout waiting for named to exit"
+      return 1
+    fi
+  done
+  m sudo rm -fv $f.jnl $f.signed.jnl $f.jbk
   m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
   m ser restart named
 }
@@ -2055,6 +2058,7 @@ apache-apply() {
 }
 # strip out the apache license from a file.
 apache-strip() {
+  # shellcheck disable=SC2044 # meh
   for f in $(find . -type f -maxdepth 1); do if head -n1 "$f"| grep -E '^#!/bin/bash\b' &>/dev/null; then { head -n 20 $f | tac | sed '/^# limitations under the License.$/,/^# Copyright.*Ian Kelling$/d' | tac; tail -n+21 $f; } |sponge $f; fi ; done
 }
 
@@ -2570,10 +2574,13 @@ ilog-local() {
   done
 }
 ilog() {
-  local chan
+  local chan tmpf
+  tmpf=$(mktemp)
   chan="${1:-#fsfsys}"
   # use * instead of -r since that does sorted order
-  sl root@iankelling.org ilog-local "$chan" | less +G
+  sl root@li.b8.nz ilog-local "$chan" > $tmpf
+  less +G $tmpf
+  rm -f $tmpf
 }
 
 o() {
@@ -2628,19 +2635,120 @@ wgkey() {
   umask $umask_orig
 }
 
-declare -A vpn_ips
-vpn_ips[kd]=2
-# note: 1, 4, 5 are occupied by mail wireguard
-vpn_ips[x3]=8
-vpn_ips[sy]=12
-vpn_ips[x2]=13
-vpn_ips[kw]=27
-vpn_ips[bo]=28
-vpn_ips[frodo]=34
-vpn_ips[s23b]=49
+host-info-all() {
+  host-info-update
+  bindpushb8
+  wrt-setup
+}
+
+
+# if you change a host's ip, then run
+# bindpushb8
+# wrt-setup
+host-info-update() {
+
+  local -A vpn_ips host_ips host_macs nonvpn_ips all_ips
+  local -a root_hosts nonroot_hosts
+
+  # the hosts with no mac
+  root_hosts=( bk je li b8.nz )
+  for h in ${root_hosts[@]}; do
+    root_hosts+=(${h}ex)
+  done
+  root_hosts+=(cmc)
+
+  while read -r ip host mac opts; do
+    if [[ $ip == *#*  || ! $host ]]; then continue; fi
+
+    # opt parsing
+    vpn=false
+    root=false
+    for opt in $opts; do
+      case $opt in
+        user=root)
+          root=true
+          ;;
+        vpn)
+          vpn=true
+          ;;
+      esac
+    done
+
+    all_ips[$host]=$ip
+    if $vpn; then
+      vpn_ips[$host]=$ip
+    else
+      nonvpn_ips[$host]=$ip
+    fi
+    if $root; then
+      # note: the reason we have b8.nz suffix here but not for non_root
+      # hosts is that it is for the User part, the IdentityFile part is
+      # redundant to *.b8.nz. Also note ${host}i, we only setup those for vpn hosts, but there is no harm in overspecifying here.
+      root_hosts+=($host ${host}i $host.b8.nz ${host}i.b8.nz)
+    else
+      nonroot_hosts+=($host ${host}i)
+    fi
+
+    host_ips[$host]=$ip
+    host_macs[$host]=$mac
+  done </p/c/host-info
+
+  {
+    cat <<EOF
+Host ${nonroot_hosts[@]}
+User iank
+IdentityFile ~/.ssh/home
+
+Host ${root_hosts[@]}
+IdentityFile ~/.ssh/home
+
+EOF
+    for host in ${!vpn_ips[@]}; do
+      ipsuf=${vpn_ips[$host]}
+      cat <<EOF
+Host ${host}i
+Hostname b8.nz
+Port $((2200 + ipsuf))
+
+EOF
+    done
+
+    # convenience of one auth key entry
+    for host in ${!all_ips[@]}; do
+      cat <<EOF
+Host $host ${host}i $host.b8.nz ${host}i.b8.nz
+HostKeyAlias $host.b8.nz
+EOF
+    done
+  } | cedit /p/c/subdir_files/.ssh/config || [[ $? == 1 ]]
+
+  {
+    echo "cat <<EOF"
+    for host in ${!vpn_ips[@]}; do
+      ipsuf=${vpn_ips[$host]}
+      i_port=$(( 2200 + ipsuf ))
+      cat <<EOF
+config redirect
+ option name ssh$host
+ option src              wan
+ option src_dport        $i_port
+ option dest_port        22
+ option dest_ip          \$l.$ipsuf
+ option dest             lan
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        $i_port
+EOF
+    done
+    echo "EOF"
+  } >/p/c/cmc-firewall-data
+
 
-vpn-ips-update() {
   local host ipsuf f files
+
+  # shellcheck disable=SC2016 # shellcheck doesnt know this is sed
+  sedi '/edits below here are made automatically/,$d' /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf
   for host in ${!vpn_ips[@]}; do
     ipsuf=${vpn_ips[$host]}
     wghole $host $ipsuf
@@ -2685,15 +2793,35 @@ EOF
   done
 
   {
-    for host in ${!vpn_ips[@]}; do
-      ipsuf=${vpn_ips[$host]}
-      cat <<EOF
-local-data-ptr: "10.2.0.$ipsuf $host.b8.nz"
-EOF
+    echo "cat <<EOF"
+    for host in ${!host_ips[@]}; do
+      ipsuf=${host_ips[$host]}
+      # shellcheck disable=SC2016 # intentional
+      echo 'local-data-ptr: "$l.'$ipsuf $host.b8.nz'"'
     done
-  } | u /b/ds/ptr-data
+    echo "EOF"
+  } | u /p/c/ptr-data
 
   {
+    echo "cat <<EOF"
+    for host in ${!host_ips[@]}; do
+      ipsuf=${host_ips[$host]}
+      echo "dhcp-host=${host_macs[$host]},set:$host,\$l.$ipsuf,$host"
+    done
+    echo "EOF"
+  } | u /p/c/dnsmasq-data
+
+  b8_ip=$(dig +short b8.nz @iankelling.org | tail -1)
+  if [[ ! $b8_ip ]]; then
+    echo "$0: error: got empty b8.nz ip. returning 1"
+    return 1
+  fi
+  {
+    echo "@	A	$b8_ip"
+    for host in ${!nonvpn_ips[@]}; do
+      ipsuf=${nonvpn_ips[$host]}
+      echo "$host	A	10.2.0.$ipsuf"
+    done
     for host in ${!vpn_ips[@]}; do
       ipsuf=${vpn_ips[$host]}
       cat <<EOF
@@ -2708,16 +2836,16 @@ EOF
 
   echo checking for stray files:
 
-  initial_dir=$PWD
+  initial_dir="$PWD"
   cd /a/bin/ds/machine_specific
   ngset
   files=( */filesystem/etc/systemd/system/openvpn-client-tr@.service )
   ngreset
-  cd $initial_dir
+  cd "$initial_dir"
   for f in "${files[@]}"; do
     host=${f%%/*}
     if [[ ! ${vpn_ips[$host]} ]]; then
-      e /a/bin/ds/machine_specific/$host/filesystem/etc/systemd/system/openvpn-client-tr@.service
+      e rm /a/bin/ds/machine_specific/$host/filesystem/etc/systemd/system/openvpn-client-tr@.service
     fi
   done
 
@@ -2729,8 +2857,7 @@ EOF
   for f in "${files[@]}"; do
     host=${f%%/*}
     if [[ ! ${vpn_ips[$host]} ]]; then
-      e /p/c/machine_specific/$host/filesystem/etc/wireguard/wghole.conf
-      e cedit -s $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf '<<<""'
+      e rm /p/c/machine_specific/$host/filesystem/etc/wireguard/wghole.conf
     fi
   done
 }
@@ -4127,13 +4254,18 @@ monero() {
 }
 
 
+# grep + find
+gef() {
+  faf | grep -E "$@" ||:
+  rgv "$@"
+}
+
 # rg my main files
 rgm() {
   rg "$@" /p/w.org /a/t.org /a/work.org /b
 }
 
 # re all my files more expansively
-
 rem() {
   local paths
   paths="/p/c /b/"
@@ -4416,7 +4548,7 @@ hssh-update() {
   case $HOSTNAME in
     sy|kd)
       hosts=(
-        kd x3.office.fsf.org syw
+        kd.b8.nz x3.office.fsf.org syw x2.b8.nz
       )
       ;;
     x3)