X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;h=6b977839c870f2a4d37c0ae8bc3a3cc31aebe250;hb=d7551546ac323c5d4b49370c885646bcf96e959f;hp=af437b337aadb2cbbd1da504d237f4427fea8f87;hpb=7d9ec600a5ed9f88b85e02a27ee017b85721a6ac;p=distro-setup

diff --git a/brc2 b/brc2
index af437b3..6b97783 100644
--- a/brc2
+++ b/brc2
@@ -35,7 +35,6 @@ esac
 # generated instead of dynamic for the benefit of shellcheck
 #for x in /a/bin/distro-functions/src/* /a/bin/!(githtml)/*-function?(s); do echo source $x ; done
 source /a/bin/distro-functions/src/identify-distros
-source /a/bin/distro-functions/src/package-manager-abstractions
 source /a/bin/log-quiet/logq-function
 # for x in /a/bin/bash_unpublished/source-!(.#*); do echo source $x; done
 source /a/bin/bash_unpublished/source-semi-priv
@@ -170,8 +169,10 @@ EOF
   fi
   sudo chroot $d apt-get update
   sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
-  sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
   sudo cp -P {,$d}/etc/localtime
+  if (( ${#apps[@]} )); then
+    sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+  fi
 }
 
 
@@ -283,6 +284,26 @@ aclear() {
   system-status _
 }
 
+alerts() {
+  find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f
+}
+ralerts() { # remote alerts
+  local ret shell
+  # this list is duplicated in check-remote-mailqs
+  for h in bk je li frodo kwwg x3wg x2wg kdwg sywg; do
+    echo $h:
+    shell="ssh $h"
+    if [[ $HOSTNAME == "${h%wg}" ]]; then
+      shell=
+    fi
+    ret=0
+    $shell find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f || ret=$?
+    if (( ret )); then
+      echo ret:$ret
+    fi
+  done
+}
+
 ap() {
   # pushd in case current directory has an ansible.cfg file
   pushd /a/xans >/dev/null
@@ -360,6 +381,22 @@ bigclock() {
 
 nnn() { /a/opt/nnn -H "$@"; }
 
+locat() { # log-once cat
+  local files
+  ngset
+  files=(/var/local/cron-errors/* /home/iank/cron-errors/* /sysd-mail-once-state/*)
+  case ${#files[@]} in
+    0) : ;;
+    1)
+      echo ${files[0]}
+      head ${files[0]}
+      ;;
+    *)
+      head ${files[@]}
+      ;;
+  esac
+  ngreset
+}
 
 # duplicated somewhat below.
 jrun() { # journal run. run args, log to journal, tail and grep the journal.
@@ -427,12 +464,12 @@ lipush() {
   # note, i had --delete-excluded, but that deletes all files in --exclude-from on
   # the remote site, which doesn't make sense, so not sure why i had it.
   local p a
-  p=(/a/opt/{emacs-debian10{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
+  p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
   a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
   ret=0
   for h in li je bk; do
     m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$?
-    # only li is debian10
+    # only li is debian11
     p[0]=/a/opt/emacs-ubuntu20.04
     p[1]=/a/opt/emacs-ubuntu20.04-nox
   done
@@ -631,6 +668,9 @@ digme() {
   digdiff @ns{1,2}.iankelling.org "$@"
 }
 
+tsr() { # ts run
+  "$@" |& ts || return $?
+}
 
 dup() {
   local ran_d
@@ -639,20 +679,20 @@ dup() {
   case $PS1 in
     *[\ \]]D\ *)
       pushd /
-      /b/ds/distro-begin || return $?
-      /b/ds/distro-end || return $?
+      /b/ds/distro-begin |& ts || return $?
+      /b/ds/distro-end |& ts || return $?
       popd
       ran_d=true
       ;;&
     *[\ \]]DB\ *)
       pushd /
-      /b/ds/distro-begin || return $?
+      /b/ds/distro-begin |& ts || return $?
       popd
       ran_d=true
       ;;
     *[\ \]]DE\ *)
       pushd /
-      /b/ds/distro-end || return $?
+      /b/ds/distro-end |& ts || return $?
       popd
       ran_d=true
       ;;&
@@ -1019,11 +1059,11 @@ wghole() {
   local host ipsuf umask_orig
   host=$1
   ipsuf=$2
-  mkdir -p /p/c/machine_specific/$host/filesystem/etc/{wireguard,network/interfaces.d}
+  mkdir -p /p/c/machine_specific/$host/filesystem/etc/wireguard
   cd /p/c/machine_specific/$host/filesystem/etc/wireguard
   umask_orig=$(umask)
   umask 0077
-  wg genkey | tee $host-priv.key | wg pubkey > $host-pub.key
+  wg genkey | tee hole-priv.key | wg pubkey > hole-pub.key
   cat >wghole.conf <<EOF
 [Interface]
 # contents hole-priv.key
@@ -1057,24 +1097,40 @@ lom() {
   local l base
   if [[ $1 == /* ]]; then
     base=${1##*/}
-    if mountpoint /mnt/$base; then
+    if mountpoint -q /mnt/$base; then
       return 0
     fi
-    l=$(sudo losetup -f)
-    sudo losetup $l $1
-    if ! sudo cryptsetup luksOpen $l $base; then
-      sudo losetup -d $l
-      return 1
+    l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+    if [[ ! $l ]]; then
+      l=$(sudo losetup -f)
+      m sudo losetup $l $1
+    fi
+    if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! sudo cryptsetup luksOpen $l $base; then
+        m sudo losetup -d $l
+        return 1
+      fi
     fi
-    sudo mkdir -p /mnt/$base
-    sudo mount /dev/mapper/$base /mnt/$base
-    sudo chown $USER:$USER /mnt/$base
+    m sudo mkdir -p /mnt/$base
+    m sudo mount /dev/mapper/$base /mnt/$base
+    m sudo chown $USER:$USER /mnt/$base
   else
     base=$1
-    sudo umount /mnt/$base
-    l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
-    sudo cryptsetup luksClose /dev/mapper/$base || return 1
-    sudo losetup -d $l
+    if mountpoint /mnt/$base &>/dev/null; then
+      m sudo umount /mnt/$base
+    fi
+    if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
+        echo lom: failed cryptsetup luksClose /dev/mapper/$base
+        return 1
+      fi
+    fi
+    l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}')
+    if [[ $l ]]; then
+      m sudo losetup -d $l
+    else
+      echo lom: warning: no loopback device found
+    fi
   fi
 }
 
@@ -1228,6 +1284,9 @@ ngo() {
 otp() {
   oathtool --totp -b "$*" | xclip -selection clipboard
 }
+j() {
+  "$@" |& pee "xclip -r -selection clipboard"
+}
 
 
 pakaraoke() {
@@ -1287,7 +1346,7 @@ pumpa() {
   # other tiling window managers in giving up on setting it at all
   #
   xprop -root -remove _NET_WORKAREA
-  command pumpa &r
+  command pumpa & r
 }
 
 # reviewboard, used at my old job
@@ -1432,7 +1491,6 @@ testmail() {
 # always run this first, edit the test files, then run the following
 testsieve() {
   sieve-filter ~/sieve/maintest.sieve ${1:-INBOX} delete 2> >(head; tail) >/tmp/testsieve.log  && sed -rn '/^Performed actions:/,/^[^ ]/{/^ /p}' /tmp/testsieve.log | sort | uniq -c
-  _dosieve
 }
 runsieve() {
   c ~/sieve; cp personal{test,}.sieve; cp lists{test,}.sieve; cp personalend{test,}.sieve
@@ -1440,6 +1498,62 @@ runsieve() {
   sed -r '/^info: filtering:/{h;d};/^info: msgid=$/N;/^info: msgid=.*left message in mailbox [^ ]+$/d;/^info: msgid=/{H;g};/^info: message kept in source mailbox.$/d' /tmp/testsieve.log
 }
 
+# usage:
+# alertme SUBJECT
+# printf "subject\nbody\n" | alertme
+alertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+daylertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: daylerts@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: daylerts@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+
+# alert when a page goes live. not urgent.
+alert200() {
+  url="$1"
+  tmpdir="$(mktemp -d)"
+  cd $tmpdir
+  while true; do
+    if torsocks wget -q "$url"; then
+      alertme $tmpdir
+    fi
+    sleep 600 + $(( RANDOM % 300 ))
+  done
+}
+
+
 # mail related
 testexim() {
   # testmail above calls sendmail, which is a link to exim/postfix.
@@ -1490,13 +1604,26 @@ tm() {
   (sleep $(calc "$* * 60") && mpv --no-config --volume 50 /a/bin/data/alarm.mp3) > /dev/null 2>&1 &
 }
 
-trg() { transmission-remote-gtk&r; }
+trg() { transmission-remote-gtk & r; }
 trc() {
   # example, set global upload limit to 100 kilobytes:
   # trc -u 100
   TR_AUTH=":$(jq -r .profiles[0].password ~/.config/transmission-remote-gtk/config.json)" transmission-remote transmission.lan -ne "$@"
 }
 
+trysleep() {
+  retries="$1"
+  sleepsecs="$2"
+  shift 2
+  for (( i=0; i < retries - 1; i++ )); do
+    if "$@"; then
+      return 0
+    fi
+    sleep $sleepsecs
+  done
+  "$@"
+}
+
 
 tu() {
   local s
@@ -1521,11 +1648,11 @@ enn() {
 
 sdnbash() { # systemd namespace bash
   local unit=$1
-  m sudo nsenter -t $(systemctl status $unit | sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value $unit') -n -m sudo -u $USER -i bash
 }
 
 mailnnbash() {
-  m sudo nsenter -t $(systemctl status mailnn| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value mailnn') -n -m sudo -u $USER -i bash
 }
 
 mailvpnbash() {
@@ -1536,17 +1663,26 @@ eximbash() {
 }
 spamnn() {
   local spamdpid
-  spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  spamdpid=$(systemctl show --property MainPID --value spamassassin)
   m sudo nsenter -t $spamdpid -n -m sudo -u Debian-exim spamassassin "$@"
 }
 unboundbash() {
   m sudo nsenter -t $(systemctl status unbound| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
-  }
+}
 
 mailnncheck() {
-  local pid ns mailnn
-  for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
-    pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  local p pid ns mailnn
+  # mailvpn would belong on the list if using openvpn
+  for p in mailnn unbound dovecot spamassassin exim4 radicale; do
+    case $p in
+      exim4|radicale)
+        pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
+        ;;
+      *)
+        pid=$(s systemctl show --property MainPID --value $p)
+        ;;
+    esac
+    echo p=$p pid=$pid
     if [[ ! $pid ]]; then
       echo failed to find pid for $p
       continue
@@ -1571,10 +1707,10 @@ vpncmd() {
   m sudo -E env "PATH=$PATH" nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n -m "$@"
 }
 vpnf() {
-  vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn &r
+  vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn & r
 }
 vpn2f() {
-  vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 &r
+  vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 & r
 }
 
 vpni() {
@@ -1606,6 +1742,80 @@ vpn() {
   sudo systemd-tty-ask-password-agent
 }
 
+# systemctl is-enabled / status / cat says nothing, instead theres
+# some obscure symlink. paths copied from man systemd.unit.
+# possibly also usefull, but incomplete, doesnt show units not loaded in memory:
+# seru list-dependencies --reverse --all UNIT
+sysd-deps() {
+  local f
+  local -a dirs search
+  ngset
+
+  case $1 in
+    u)
+      search=(
+        ~/.config/systemd/user.control/*
+        $XDG_RUNTIME_DIR/systemd/user.control/*
+        $XDG_RUNTIME_DIR/systemd/transient/*
+        $XDG_RUNTIME_DIR/systemd/generator.early/*
+        ~/.config/systemd/user/*
+        /etc/systemd/user/*
+        $XDG_RUNTIME_DIR/systemd/user/*
+        /run/systemd/user/*
+        $XDG_RUNTIME_DIR/systemd/generator/*
+        ~/.local/share/systemd/user/*
+        /usr/lib/systemd/user/*
+        $XDG_RUNTIME_DIR/systemd/generator.late/*
+      )
+      ;;
+    *)
+      search=(
+        /etc/systemd/system.control/*
+        /run/systemd/system.control/*
+        /run/systemd/transient/*
+        /run/systemd/generator.early/*
+        /etc/systemd/system/*
+        /etc/systemd/systemd.attached/*
+        /run/systemd/system/*
+        /run/systemd/systemd.attached/*
+        /run/systemd/generator/*
+        /lib/systemd/system/*
+        /run/systemd/generator.late/*
+      )
+      ;;
+  esac
+  for f in "${search[@]}"; do
+    [[ -d $f ]] || continue
+    case $f in
+      *.requires|*.wants)
+        dirs+=("$f")
+        ;;
+    esac
+  done
+  # dirs is just so we write out the directory names, ls does it when there is 2 or more dirs.
+  case ${#dirs[@]} in
+    1)
+      echo "${dirs[0]}:"
+      ll "${dirs[@]}"
+      ;;
+    0) : ;;
+    *)
+      ll "${dirs[@]}"
+      ;;
+  esac
+  ngreset
+}
+
+fixvpndns() {
+  local link istls
+  read _ link _ istls < <(resolvectl dnsovertls tunfsf)
+  case $istls in
+    yes|no) : ;;
+    *) echo fixvpndns error: unexpected istls value: $istls >&2; return 1 ;;
+  esac
+  s busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager SetLinkDNSOverTLS is $link no
+}
+
 vpnoff() {
   [[ $1 ]] || { echo need arg; return 1; }
   if [[ -e /lib/systemd/system/openvpn-client@.service ]]; then
@@ -1616,10 +1826,10 @@ vpnoff() {
   sudo systemctl stop $vpn_service@$1
 }
 vpnoffc() { # vpn off client
-  ser stop openvpn-nn@client
+  ser stop openvpn-client-tr@client
 }
 vpnc() {
-  ser start openvpn-nn@client
+  ser start openvpn-client-tr@client
 }