X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;h=7e57ec94117f4b70dc76e50a6a3ebd2736a4cfa6;hb=9c77c557e60d21caceeef1e78e35b35ed968fca9;hp=9fa1010920e6767057a1699531c519423e973d4b;hpb=e958999a4ab6fddd723270b596b4899c0811fa41;p=distro-setup

diff --git a/brc2 b/brc2
index 9fa1010..7e57ec9 100644
--- a/brc2
+++ b/brc2
@@ -6,18 +6,35 @@
 
 # * settings
 
-HISTFILE=$HOME/.bh
+if [[ $LESSHISTFILE == - ]]; then
+  HISTFILE=
+  c() { cd "$@"; }
+elif [[ $HISTFILE ]]; then
+  HISTFILE=$HOME/.bh
+fi
 
 source /a/bin/distro-setup/path-add-function
 path-add /a/exe
 # add this with absolute paths as needed for better security
 #path-add --end /path/to/node_modules/.bin
+## for yarn, etc
+#path-add --end /usr/lib/node_modules/corepack/shims/
 
 # pip3 --user things go here:
 path-add --end ~/.local/bin
 path-add --ifexists --end /a/work/libremanage
 path-add --ifexists --end /a/opt/adt-bundle*/tools /a/opt/adt-bundle*/platform-tools
 path-add --ifexists --end /a/opt/scancode-toolkit-3.10.
+path-add --ifexists --end /p/bin
+
+case $HOSTNAME in
+  sy|bo)
+    # https://askubuntu.com/questions/1254544/vlc-crashes-when-opening-any-file-ubuntu-20-04
+    if grep -qE '^VERSION_CODENAME="(nabia|focal)"' /etc/os-release &>/dev/null; then
+      export MESA_LOADER_DRIVER_OVERRIDE=i965
+    fi
+    ;;
+esac
 
 
 export WCDHOME=/a
@@ -48,6 +65,34 @@ fi
 
 # * functions
 
+multimic() {
+  local i
+  local -a sources
+
+  m pactl unload-module module-loopback
+  m pactl unload-module module-null-sink
+  m pactl unload-module module-remap-source
+
+  sources=($(pacmd list-sources | sed -rn 's/.*name: <([^>]+).*/\1/p'))
+
+  if (( ! $# )); then
+    i=0
+    for s in ${sources[@]}; do
+      e $i $s
+      i=$(( i+1 ))
+    done
+    read -r l
+    set -- $l
+  fi
+  m pactl load-module module-null-sink sink_name=ianinput sink_properties=device.description=ianinputs
+  for i; do
+    m pactl load-module module-loopback source=${sources[i]} sink_dont_move=true sink=ianinput
+  done
+  pactl load-module module-remap-source source_name=iancombine master=ianinput.monitor source_properties=device.description=iancombine
+}
+
+# h ssh test
+# For testing restrictive ssh.
 hstest() {
   install-my-scripts
   d=$(mktemp -d)
@@ -55,13 +100,26 @@ hstest() {
   s command ssh -F $d/config -i /q/root/h "$@"
 }
 
-hrtest() {
+# h rsync test
+# For testing restrictive rsync
+hrtest() { #
   install-my-scripts
   d=$(mktemp -d)
   sed '/^ *IdentityFile/d' ~/.ssh/config >$d/config
   s rsync -e "ssh -F $d/config -i /q/root/h" "$@"
 }
 
+# rsync as root and avoid the default restrictive h key & config.
+rootrsync() {
+  s rsync -e "ssh -F /root/.ssh/confighome" "$@"
+}
+
+zcheck() {
+  ssh bow DISPLAY=:0 scrot /tmp/oegu.jpg
+  scp bow:/tmp/oegu.jpg /t
+  ssh bow rm /tmp/oegu.jpg
+  feh /t/oegu.jpg
+}
 
 slemacs() {
   local arg rtime v
@@ -109,6 +167,13 @@ rsync -rptL --delete --filter=". /b/ds/sl/rsync-filter" /a/opt/emacs-trisquel8-n
 EOF
 }
 
+rm-docker-iptables() {
+  s iptables -S  | gr docker | gr -- -A | sed 's/-A/-D/'| while read -r l; do sudo iptables  $l; done
+  s iptables -S -t nat | gr docker | gr -- -A | sed 's/-A/-D/'| while read -r l; do sudo iptables -t nat $l; done
+  s iptables -S | gr docker | gr -- -N | sed 's/-N/-X/'| while read -r l; do sudo iptables $l; done
+  s iptables -S -t nat | gr docker | gr -- -N | sed 's/-N/-X/'| while read -r l; do sudo iptables -t nat $l; done
+}
+
 # usage mkschroot [-] distro codename packages
 # - means no piping in of sources.list
 mkschroot() {
@@ -169,8 +234,10 @@ EOF
   fi
   sudo chroot $d apt-get update
   sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
-  sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
   sudo cp -P {,$d}/etc/localtime
+  if (( ${#apps[@]} )); then
+    sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+  fi
 }
 
 
@@ -216,10 +283,10 @@ tback() {
 # s sshfs bu@$host:/bu/home/md /bu/mnt -o reconnect,ServerAliveInterval=20,ServerAliveCountMax=30 -o allow_other
 
 eqgo() {
-  enn -M $(exiqgrep -i)
+  enn -M $(exiqgrep -i -r.\*)
 }
 eqgo1() {
-  enn -M $(exiqgrep -i|h1)
+  enn -M $(exipick -i -r.\*|h1)
 }
 
 
@@ -236,19 +303,6 @@ abrowserrmcompat() {
   fi
   ngreset
 }
-ngset() {
-  if shopt nullglob >/dev/null; then
-    ngreset=false
-  else
-    shopt -s nullglob
-    ngreset=true
-  fi
-}
-ngreset() {
-  if $ngreset; then
-    shopt -u nullglob
-  fi
-}
 
 checkre() {
   s checkrestart -b /a/bin/ds/checkrestart-blacklist -pv
@@ -310,7 +364,7 @@ ap() {
 }
 aw() {
   pushd /a/work/ans >/dev/null
-  time ansible-playbook -v -i inventory adhoc.yml "$@"
+  time ansible-playbook -i inventory adhoc.yml "$@"
   popd >/dev/null
 }
 ad() {
@@ -326,6 +380,264 @@ astudio() {
   /a/opt/android-studio/bin/studio.sh "$@" &r;
 }
 
+
+iki() {
+  local url path
+  if [[ $1 ]]; then
+    path="$*"
+  else
+    read -r -p "enter path" path
+  fi
+  url=$(readlink -f "$path")
+  url="https://brains.fsf.org/wiki/${url#*brains/}"
+  url="${url%.mdwn}"
+  echo "$url"
+  # /f/brains/sysadmin/interns/2022/nick_shrader/intro_blog_post.mdwn
+  # becomes
+  # https://brains.fsf.org/wiki/sysadmin/interns/2022/nick_shrader/intro_blog_post
+
+}
+
+# Generate beet smartplaylists for navidrome.
+# for going in the reverse direction, run
+# /b/ds/navidrome-playlist-export
+beetsmartplaylists() {
+  install -m 0700 -d /tmp/ianbeetstmp
+  beet splupdate
+  # kill off any playlists we deleted. they will still need manual
+  # killing from a navidrome client.
+  rm -rf /i/converted/beetsmartplaylists
+  mkdir -p /i/converted/beetsmartplaylists
+  for f in /tmp/ianbeetstmp/*; do
+    sed 's,^/i/m,/i/converted,;s,\.flac$,.mp3,' "$f" >"/i/converted/beetsmartplaylists/${f##*/}"
+    rm "$f"
+  done
+  rmdir /tmp/ianbeetstmp
+}
+
+# Export beets ratings into navidrome
+beetrating() {
+  local tmp tmpfile myuser userid rating path cpath sqlpath
+  # plucked this from the db. im the only user.
+  userid=23cc2eb9-e35e-4811-a0f0-d5f0dd6eb634
+  tmpfile=$(mktemp)
+  beet ls -f '$rating $path' ^genre:spoken-w ^genre:skit rating:2..5 >$tmpfile
+  while read -r rating path; do
+    tmp="/i/converted${path#/i/m}"
+    cpath="${tmp%.*}.mp3" # converted path
+    sqlpath="${cpath//\'/\'\'}"
+    old_rating=$(sqlite3 /i/navidrome/navidrome.db "select rating from annotation inner join media_file on item_id = id where path = '$sqlpath' and item_type = 'media_file';")
+    if [[ $old_rating ]]; then
+      if [[ $old_rating != $rating ]]; then
+        # https://stackoverflow.com/a/50317320
+        m sqlite3 /i/navidrome/navidrome.db "
+update annotation set rating = $rating
+ where item_id in (
+ select media_file.id from annotation inner join media_file on annotation.item_id = media_file.id
+   where media_file.path = '$sqlpath' and annotation.item_type = 'media_file' );"
+      fi
+    else
+      # /a/opt/navidrome/persistence/sql_annotations.go v0.48.0
+      # https://www.sqlite.org/lang_insert.html
+      m sqlite3 /i/navidrome/navidrome.db "insert into annotation select '$(uuidgen)', '$userid', id, 'media_file', 0, NULL, $rating, 0, NULL from media_file where path = '$sqlpath';"
+    fi
+    #sqlite3 /i/navidrome/navidrome.db "select path from annotation inner join media_file on item_id = id where rating = $r;"
+  done <$tmpfile
+}
+
+# Do transcoding and hardlinking of audio files for navidrome.
+#
+# Deletes files in the converted directory which should no longer
+# be there due to a rename of the unconverted file.
+beetconvert() {
+  # directs to avoid printing every file
+  beet convert -y ^genre:spoken-w ^genre:skit ^rating:1 >/dev/null 2> >(grep -v '^convert: Skipping' ||:)
+  local l
+  local -A paths
+  while read -r l; do
+    convertedpath="/i/converted${l#/i/m}"
+    case $convertedpath in
+      *.flac) convertedpath="${convertedpath%.flac}.mp3" ;;
+    esac
+    paths[$convertedpath]=t
+  done < <(beet ls -f '$path' ^genre:spoken-w ^genre:skit ^rating:1)
+  while read -r l; do
+    if [[ ! ${paths[$l]} ]]; then
+      rm -v "$l"
+    fi
+  done < <(find /i/converted -path /i/converted/beetsmartplaylists -prune -o \( -type f -print \))
+}
+
+# tag with beets.
+# usage: beetag QUERY
+# it lists the query, reads an input char for tagging one by one
+# 1-5 = set rating
+# a-z+ = set genre/playlist.
+# enter = next song
+# , = play song
+beetag() {
+  if (( ! $# )); then
+    echo beetag: error expected a query arg >&2
+    return 1
+  fi
+  local last_genre_i fstring tag id char new_item char_i genre tag remove
+  local -a genres pl_tags buttons button_map ids tags
+  local -A button_i
+  genres=(
+    ambient
+    avant
+    blues
+    classical
+    country
+    # like power glove
+    dark-wave
+    hardcore
+    instrumental
+    jazz
+    latin
+    metal
+    musical
+    # mq = mac quale. similar to the mr robot soundtracks.
+    # slow, foreboding. usually electronic.
+    mq
+    noise
+    pop
+    rap
+    rock
+    skit
+    spoken-w
+    techno
+    world
+  )
+  pl_tags=(
+    expl
+    love
+    pump1
+    pumprap
+    rend
+    run
+    sad
+  )
+  last_genre_i=$(( ${#genres[@]} - 1 ))
+  buttons=( {a..z} 0 {6..9} )
+  button_map=(${genres[@]} ${pl_tags[@]})
+  fstring=
+  for tag in "${pl_tags[@]}"; do
+    fstring+="%ifdef{$tag,$tag }"
+  done
+
+  for (( i=0; i<${#buttons[@]}; i++ )); do
+    button_i[${buttons[i]}]=$i
+  done
+  beet ls -f '%ifdef{rating,$rating }'"$fstring"', $genre $artist - $album - $title' "$@"
+  hr
+  mapfile -t ids < <(beet ls -f '$id' "$@")
+  for id in "${ids[@]}"; do
+    lsout="$(beet ls -f '%ifdef{rating,$rating }'"$fstring"', $genre $id $artist - $album - $title' "id:$id")"
+    tags=( ${lsout%%,*} )
+    printf "%s\n" "$lsout"
+    for (( i=0; i<${#button_map[@]}; i++ )); do
+      echo ${buttons[i]} ${button_map[i]}
+    done
+    while true; do
+      read -r -N 1 -s char
+      if [[ $char == $'\n' ]]; then
+        break
+      fi
+      case $char in
+        ,)
+          beet play "id:$id"
+          continue
+          ;;
+        [1-5])
+          beet modify -y "id:$id" rating=$char
+          continue
+          ;;
+      esac
+      char_i=${button_i[$char]}
+      new_item=${button_map[$char_i]}
+      if [[ ! $char_i || ! $new_item ]]; then
+        echo "error: no mapping of input found, try again"
+        continue
+      fi
+      if (( char_i <= last_genre_i )); then
+        m beet modify -y "id:$id" genre=$new_item
+      else
+        remove=false
+        for tag in ${tags[@]}; do
+          if [[ $new_item == "$tag" ]]; then
+            remove=true
+            break
+          fi
+        done
+        if $remove; then
+          m beet modify -y "id:$id" "$new_item!"
+        else
+          m beet modify -y "id:$id" $new_item=t
+        fi
+      fi
+    done
+  done
+
+  # sadpop
+  #
+  # rending:
+  # two dollar guitar: speed
+  # black heard procession
+  # strong enough sheryl crow
+  #
+  #
+}
+
+# escape regex.
+#
+# This is not perfect but generally good enough. It escapes all
+# metachars listed man 3 pcrepattern.
+er() {
+  sed 's/[]\\^$.[|()?*+{}]/[&]/g; s/\^/\\^/g' <<<"$*"
+}
+
+# usage beegenre QUERY
+#
+# beet set genre for QUERY based on existing artist most used genre on
+#
+# inverse of query for each artist found in QUERY. If query starts with
+# "artist:" it is used as the artist instead of each artist in QUERY.
+#
+beegenre() {
+  local artist artregex genre term singleartist
+  local -a artists genres terms
+  singleartist=false
+  case $1 in
+    artist:*)
+      singleartist=true
+      artist="$term"
+      ;;
+  esac
+  if $singleartist; then
+    read count genre < <(beet ls -f '$genre' "$artist" "${@/#/^}" | sort | uniq -c | sort -n | tail -n1) ||:
+    beet modify "$artist" "$@" genre=$genre
+  else
+    while read -r artist; do
+      artregex=$(er "$artist")
+      read count genre < <(beet ls -f '$genre' "artist::^$artregex$" "${@/#/^}" | sort | uniq -c | sort -n | tail -n1) || continue
+      if [[ $count ]]; then
+        artists+=("$artregex")
+        genres+=("$genre")
+        echo "beet modify -y $@ \"artist::^$artist$\" genre=$genre # $count"
+      fi
+    done < <(beet ls -f '$artist' "$@" | sort -u)
+    read -r -N 1 -s -p "Y/n " char
+    case $char in
+      [Yy$'\n'])
+        for (( i=0; i<${#artists[@]}; i++ )); do
+          beet modify -y "$@"  "artist::^${artists[i]}$" genre=${genre[i]}
+        done
+        ;;
+    esac
+  fi
+}
+
 # note, to check for glue records
 # First, find some the .org nameservers:
 # dig +trace iankelling.org
@@ -347,16 +659,20 @@ bbk() { # btrbk wrapper
   if $active; then
     ser stop btrbk.timer
   fi
-  if [[ $(systemctl is-active btrbk.service ||:) != inactive ]]; then
-    echo "cron btrbk is already running"
-    if $active; then ser start btrbk.timer; fi
-    return 1
-  fi
+  btrbk_is_active=$(systemctl is-active btrbk.service ||:)
+  case $btrbk_is_active in
+    inactive|failed) : ;;
+    *)
+      echo "bbk: error: systemctl is-active btrbk.service output: $btrbk_is_active"
+      if $active; then ser start btrbk.timer; fi
+      return 1
+      ;;
+  esac
   # run latest
   install-my-scripts
   # todo: consider changing this to srun and having the args come
   # from a file like /etc/default/btrbk, like is done in exim
-  s jrun btrbk-run "$@"
+  s jdo btrbk-run "$@"
   if $active; then
     if (( ret )); then
       echo bbk: WARNING: btrbk.timer not restarted due to failure
@@ -379,41 +695,107 @@ bigclock() {
 
 nnn() { /a/opt/nnn -H "$@"; }
 
+locat() { # log-once cat
+  local files
+  ngset
+  files=(/var/local/cron-errors/* /home/iank/cron-errors/* /sysd-mail-once-state/*)
+  case ${#files[@]} in
+    0) : ;;
+    1)
+      echo ${files[0]}
+      head ${files[0]}
+      ;;
+    *)
+      head ${files[@]}
+      ;;
+  esac
+  ngreset
+}
 
-# duplicated somewhat below.
-jrun() { # journal run. run args, log to journal, tail and grep the journal.
-  # Note, an alternative without systemd would be something like ts.
-  # Note, I tried using systemd-cat, but this seems obviously better,
-  # and that seemed to have a problem exiting during a systemctl daemon-reload
-  local cmd_name jr_pid s
+scr() {
+  screen -RD "$@"
+}
+
+
+# version of jdo for my non-root user
+jdo() {
+  # comparison of alternative logging methods:
+  #
+  # systemd-run command (what this function does)
+  #
+  # If there is a user prompt, the program will detect that it is not
+  # connected to a terminal and act in a non-interactive way, skipping
+  # the prompt. This has the benefit that you know exactly how the
+  # program will act if you want to move it into a service that runs
+  # automatically.
+  #
+  # If run with sudo and command is a shell script which does a sleep,
+  # it can (sometimes?) output some extra whitespace in front of
+  # messages, more for each subsequent message. This can be avoided by
+  # becoming root first.
+  #
+  # It logs the command's pid and exit code, which is nice.
+  #
+  #
+  ### command |& ts | tee file.log
+  #
+  # If there is a user prompt, like "read -p prompt var", it will hang
+  # without outputting the prompt.
+  #
+  # I've had a few times where ts had an error and I wasn't totally sure
+  # if it was really the command or ts having the problem.
+  #
+  # Sometimes some output will get hidden until you hit enter.
+  #
+  #
+  ### command |& pee cat logger
+  #
+  # This seems to work. I need to test more.
+  #
+  #
+  ### command |& logger -s
+  #
+  # User prompts get confusingly prefixed to earlier output, and all log
+  # entries get prefixed with annoying priority level.
+  #
+  #
+  ### systemd-cat
+  #
+  # Had a few problems. One major one is that it exited in the middle of
+  # a command on systemctl daemon-reload
+  #
+  # Related commands which can log a whole session: script, sudo, screen
+  local cmd cmd_name jr_pid ret
   ret=0
-  cmd_name=${1##*/}
-  cmd=$1
+  cmd="$1"
+  shift
+  cmd_name=${cmd##*/}
   if [[ $cmd != /* ]]; then
-    cmd=$(which $1)
+    cmd=$(type -P "$cmd")
   fi
+  # -q = quiet
   journalctl -qn2 -f -u "$cmd_name" &
-  # Guess of time needed to avoid missing initial lines.
+  # Trial and error of time needed to avoid missing initial lines.
   # .5 was not reliable. 1 was not reliable. 2 was not reliable
-  sleep 3
-  # We kill this in prompt-command for the case that we ctrl-c the
-  # systemd-cat. i dont know any way to trap ctrl-c and still run the
-  # normal action for it. There might be a way, unsure.
+  sleep 4
   jr_pid=$!
   # note, we could have a version that does system --user, but if for example
   # it does sudo ssh, that will leave a process around that we can't kill
   # and it will leave the unit hanging around in a failed state needing manual
   # killing of the process.
-  m s systemd-run --uid $(id -u) --gid $(id -g) \
+  s systemd-run --uid $(id -u) --gid $(id -g) \
     -E SSH_AUTH_SOCK=/run/openssh_agent \
-    --unit "$cmd_name" --wait --collect "$cmd" "${@:2}" || ret=$?
-  # This justs lets the journal output its last line
+    --unit "$cmd_name" --wait --collect "$cmd" "$@" || ret=$?
+  # The sleep lets the journal output its last line
   # before the prompt comes up.
   sleep .5
   kill $jr_pid &>/dev/null ||:
   unset jr_pid
   fg &>/dev/null ||:
+  # this avoids any err-catch
+  (( $ret == 0 )) || return $ret
 }
+
 # service run, and watch the output
 srun() {
   local unit
@@ -427,7 +809,7 @@ srun() {
   fg &>/dev/null ||:
 }
 
-sm() {
+sm() { # switch mail host
   local tmp keyhash
   c /
   # run latest
@@ -437,7 +819,20 @@ sm() {
     s ssh-add /root/.ssh/home
   fi
   install-my-scripts
-  s jrun switch-mail-host "$@"
+  s jdo switch-mail-host "$@"
+  return $ret
+}
+sh2() { # switch host2
+  local tmp keyhash
+  c /
+  # run latest
+  keyhash=$(s ssh-keygen -lf /root/.ssh/home  | awk '{print $2}')
+  tmp=$(s ssh-add -l | awk '$2 == "'$keyhash'"')
+  if [[ ! $tmp ]]; then
+    s ssh-add /root/.ssh/home
+  fi
+  install-my-scripts
+  s jdo switch-host2 "$@"
   return $ret
 }
 
@@ -446,14 +841,16 @@ lipush() {
   # note, i had --delete-excluded, but that deletes all files in --exclude-from on
   # the remote site, which doesn't make sense, so not sure why i had it.
   local p a
-  p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
+  # excluding emacs for now
+  #p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
+  p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
   a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
   ret=0
   for h in li je bk; do
-    m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$?
-    # only li is debian11
-    p[0]=/a/opt/emacs-ubuntu20.04
-    p[1]=/a/opt/emacs-ubuntu20.04-nox
+    m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/
+    ## only li is debian11
+    #p[0]=/a/opt/emacs-trisuqel10
+    #p[1]=/a/opt/emacs-trisquel10-nox
   done
   m s rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
   return $ret
@@ -484,27 +881,26 @@ EOF
   done
 }
 bindpushb8() {
-  dsign iankelling.org expertpathologyreview.com zroe.org amnimal.ninja
   lipush
   for h in li bk; do
     m sl $h <<'EOF'
 source ~/.bashrc
-m dnsup
 m dnsb8
 EOF
   done
 }
 
 dnsup() {
-  conflink
-  m ser reload bind9
+  conflink -f
+  m ser reload named
 }
 dnsb8() {
   local f=/var/lib/bind/db.b8.nz
-  ser stop bind9
-  sudo rm -fv $f.jnl
-  sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
-  ser restart bind9
+  m ser stop named
+  m sleep 1
+  m sudo rm -fv $f.jnl $f.signed.jnl
+  m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
+  m ser restart named
 }
 dnsecgen() {
   # keys generated like this
@@ -706,6 +1102,10 @@ fastboot() {
 
 kdecd() { /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd; }
 
+bat() {
+  cat /sys/class/power_supply/BAT0/capacity
+}
+
 # List of apps to install/update
 # Create from existing manually installed apps by doing
 # fdroidcl update
@@ -953,11 +1353,11 @@ hstatus() {
 
 # work log
 wlog() {
-  local day now i
-  now=$(date +%s)
-  for (( i=0; i<60; i++ )); do
-    day=$( date +%F -d @$((now - 86400*i )) )
-    date "+%a %b %d" -d @$((now - 86400*i )) | tr '\n' ' '
+  local day now i days_back
+  days_back=${1:-16}
+  for (( i=0; i<days_back; i++ )); do
+    day=$( date +%F -d @$((EPOCHSECONDS - 86400*i )) )
+    date "+%a %b %d" -d @$((EPOCHSECONDS - 86400*i )) | tr '\n' ' '
     /a/opt/timetrap/bin/t d -ftotal -s $day -e $day all -m '^w|lunch$'
   done
 }
@@ -1015,9 +1415,11 @@ jrf() { journalctl -n 200 -f "$@" ; }
 
 ccomp journalctl jtail jr jrf
 
-kff() { # keyboardio firmware flash
-  pushd /a/bin/distro-setup/Arduino/Model01-Firmware
-  yes $'\n' | make flash
+kff() { # keyboardio firmware flash. you must hold down the tilde key
+  pushd /a/opt/Model01-Firmware
+  # if we didn't want this yes hack, then remove "shell read" from
+  # /a/opt/Kaleidoscope/etc/makefiles/sketch.mk
+  yes $'\n' | VERBOSE=1 make flash
   popd
 }
 
@@ -1057,8 +1459,8 @@ Address = 10.8.0.$ipsuf/24
 PostUp = ping -c1 10.8.0.1 ||:
 
 [Peer]
-# li
-PublicKey = zePGl7LoS3iv6ziTI/k8BMh4L3iL3K2t9xJheMR4hQA=
+# li. called wgmail on that server
+PublicKey = CTFsje45qLAU44AbX71Vo+xFJ6rt7Cu6+vdMGyWjBjU=
 AllowedIPs = 10.8.0.0/24
 Endpoint = 72.14.176.105:1194
 PersistentKeepalive = 25
@@ -1066,7 +1468,7 @@ EOF
   umask $umask_orig
   # old approach. systemd seems to work fine and cleaner.
   rm -f ../network/interfaces.d/wghole
-  cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wghole.conf <<EOF || [[ $? == 1 ]]
+  cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf <<EOF || [[ $? == 1 ]]
 [Peer]
 PublicKey = $(cat hole-pub.key)
 AllowedIPs = 10.8.0.$ipsuf/32
@@ -1075,31 +1477,68 @@ EOF
 }
 
 
+mns() { # mount namespace
+  ns=$1
+  shift
+  s mkdir -p /root/mount_namespaces
+  if ! sudo mountpoint /root/mount_namespaces >/dev/null; then
+    m sudo mount --bind /root/mount_namespaces /root/mount_namespaces
+  fi
+  m sudo mount --make-private /root/mount_namespaces
+  if [[ ! -e /root/mount_namespaces/$ns ]]; then
+    m sudo touch /root/mount_namespaces/$ns
+  fi
+  if ! sudo mountpoint /root/mount_namespaces/$ns >/dev/null; then
+    m sudo unshare --propagation slave --mount=/root/mount_namespaces/$ns /bin/true
+  fi
+  m sudo -E /usr/bin/nsenter --mount=/root/mount_namespaces/$ns "$@"
+}
+
+mnsr() { # mns run
+  local ns=$1
+  shift
+  mns $ns sudo -u iank -E env "PATH=$PATH" "$@"
+}
+
+mnsnonet() {
+  ns=$1
+  lomh
+  if ! s ip netns list | grep -Fx nonet &>/dev/null; then
+    s ip netns add nonet
+  fi
+  mns $ns --net=/var/run/netns/nonet sudo -E -u iank /bin/bash
+  lomh
+}
+
+
 lom() {
+  # l = the loopback device
   local l base
   if [[ $1 == /* ]]; then
     base=${1##*/}
-    if mountpoint -q /mnt/$base; then
+    fs_file=$1
+    if mns $base mountpoint -q /mnt/$base; then
       return 0
     fi
-    l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+    l=$(losetup -j $fs_file | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
     if [[ ! $l ]]; then
       l=$(sudo losetup -f)
-      m sudo losetup $l $1
+      m sudo losetup $l $fs_file
     fi
     if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
-      if ! sudo cryptsetup luksOpen $l $base; then
+      if ! m sudo cryptsetup luksOpen $l $base; then
         m sudo losetup -d $l
         return 1
       fi
     fi
     m sudo mkdir -p /mnt/$base
-    m sudo mount /dev/mapper/$base /mnt/$base
-    m sudo chown $USER:$USER /mnt/$base
+    m mns $base mount /dev/mapper/$base /mnt/$base
+    m mns $base chown $USER:$USER /mnt/$base
+    lomh
   else
     base=$1
-    if mountpoint /mnt/$base &>/dev/null; then
-      m sudo umount /mnt/$base
+    if mns $base mountpoint /mnt/$base &>/dev/null; then
+      m mns $base umount /mnt/$base
     fi
     if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
       if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
@@ -1107,7 +1546,7 @@ lom() {
         return 1
       fi
     fi
-    l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}')
+    l=$(losetup -l --noheadings | awk '$6 ~ /\/'$base'$/ {print $1}')
     if [[ $l ]]; then
       m sudo losetup -d $l
     else
@@ -1145,38 +1584,60 @@ mp() {
   done
 }
 
-# these might need a mu index or something added.
-mbenable() {
-  local mb=$1
-  dst=/m/4e/$mb
-  src=/m/md/$mb
-  [[ -e $src ]] || { echo "src:$src does not exist"; return 1; }
-  m mv -T $src $dst
-  m ln -s -T $dst $src
-}
-mb2enable() {
-  local mb
-  for mb; do
-    dst=/m/4e2/$mb
-    link=/m/md/$mb
-    src=/m/md/$mb
-    if [[ ! -e $src || -L $src ]]; then
-      src=/m/4e/$mb
+# maildir enable
+mdenable() {
+  local md dst ln_path src two
+
+  two=false
+  case $1 in
+    -2) two=true shift ;;
+  esac
+
+  for md; do
+    src=
+    if $two; then
+      dst=/m/4e2/$md
+    else
+      dst=/m/4e/$md
+    fi
+
+    ln_path=/m/md/$md
+    for d in /m/md/$md /m/4e2/$md; do
+      if [[ -d $d && ! -L $d ]]; then
+        src=$d
+        break
+      fi
+    done
+    if [[ ! $src ]]; then
+      echo "error: could not find $md" >&2
+      return 1
     fi
-    [[ -e $src ]] || { echo "src:$src does not exist"; return 1; }
     m mv -T $src $dst
-    m ln -sf -T $dst $link
+    m ln -sf -T $dst $ln_path
   done
 }
-mbdisable() {
-  local mb=$1
-  dst=/m/md/$mb
-  src=/m/4e/$mb
-  set -x
-  [[ -e $src ]] || { set +x; return 1; }
-  if [[ -L $dst ]]; then rm $dst; fi
-  mv -T $src $dst
-  set +x
+md2enable() {
+  mdenable -2 "$@"
+}
+mddisable() {
+  local md=$1
+  dst=/m/md/$md
+
+  ### begin copied from mdenable, but different d ###
+  for d in /m/4e/$md /m/4e2/$md; do
+    if [[ -d $d && ! -L $d ]]; then
+      src=$d
+      break
+    fi
+  done
+  if [[ ! $src ]]; then
+    echo "error: could not find $md" >&2
+    return 1
+  fi
+  ### end copy from mdenable ###
+
+  if [[ -L $dst ]]; then m rm $dst; fi
+  m mv -T $src $dst
 }
 
 
@@ -1187,9 +1648,80 @@ mdt() {
 
 mo() { xset dpms force off; } # monitor off
 
+mpvgpu() {
+  # seems to be the best gpu decoding on my nvidia 670.
+  # vlc gets similar or better framerate, but is much darker output on my test movie at least.
+
+
+  case $HOSTNAME in
+    kd)
+      echo 0f | sudo tee -a /sys/kernel/debug/dri/0/pstate
+      ;;
+  esac
+  # going back to the default slow clock, and slower fan:
+  # echo 07 | sudo tee -a /sys/kernel/debug/dri/0/pstate
+  if [[ $DISPLAY ]]; then
+    mpv --vo=vdpau --hwdec=auto "$@"
+  else
+    # waylandvk seems to work the same
+    mpv --gpu-context=wayland --hwdec=auto
+  fi
+}
+
 mpvd() {
   mpv --profile=d "$@";
 }
+# mpv all media files in . or $1
+mpvm() {
+  local -a extensions arg
+  # get page source of https://en.wikipedia.org/w/index.php?title=Video_file_format&action=edit
+  # into /a/x.log, then
+  # grep '^| *\.' /a/x.log | sed 's/| *//;s/,//g'
+
+  #  note: to join them together for a regex, do:
+  # old=; for e in ${extensions[@]/./}; do if [[ ! $old ]]; then old=$e; continue; fi; echo -n "$old|"; old=$e; done; echo $e
+  extensions=(
+    .webm
+    .mkv
+    .flv
+    .flv
+    .vob
+    .ogv .ogg
+    .drc
+    .gif
+    .gifv
+    .mng
+    .avi
+    .MTS .M2TS .TS
+    .mov .qt
+    .wmv
+    .yuv
+    .rm
+    .rmvb
+    .viv
+    .asf
+    .amv
+    .mp4 .m4p .m4v
+    .mpg .mp2 .mpeg .mpe .mpv
+    .mpg .mpeg .m2v
+    .m4v
+    .svi
+    .3gp
+    .3g2
+    .mxf
+    .roq
+    .nsv
+  )
+  arg=("(" -iname "*${extensions[0]}")
+  for (( i=1 ; i < ${#extensions[@]}; i++ )); do
+    arg+=(-o -iname "*${extensions[i]}")
+  done
+  arg+=(")")
+  dir=${1:-.}
+  # debug:
+  #find $dir "${arg[@]}" -size +200k
+  find $dir "${arg[@]}" -size +200k -exec mpv --profile=d '{}' +
+}
 mpvs() {
   mpv --profile=s "$@";
 }
@@ -1214,9 +1746,38 @@ allmyirc() {
   ssh root@iankelling.org "cd $d; find . -mtime -60 -type f -exec grep '\<iank.*' {} +" | sed -r 's,^..([^/]*)/(.{11})(.{5})(.{8}).,\2\4 \1,' | sort
 }
 
+# usage: debvm DEBIAN_VERSION RAM_MB
+debvm() {
+  local ver ram fname src
+  ver=$1
+  ram=${2:-2024}
+  # * is because it might have -backports in the name
+  fname=debian-$ver-*nocloud-$(dpkg --print-architecture).qcow2
+  src=/a/opt/roms/$fname
+  if [[ ! -f $src ]]; then
+    echo debvm: not found $src, download from eg: https://cloud.debian.org/images/cloud/buster/latest/
+    return 1
+  fi
+  cp -a $src /t
+  # note, in fai-revm we do this: not sure why, maybe because of br device
+  # --graphics spice,listen=0.0.0.0
+  m s virt-install --osinfo debian11 --rng /dev/urandom -n deb${ver}tmp --import -r $ram --vcpus 2 --disk /t/$fname --graphics spice
+  # note: to ssh into this machine will require host key generation: ssh-keygen -A
+
+  # random: for cvs2git on gnu www, use debian 10. I could use trisquel,
+  # but happen to want to try out the debian cloud images. the upstream
+  # requires python2 and hasn't really changed since the version in d10.
+  #
+  # apt install cvs2git cvs
+  # # 7G was not enough
+  # mount -o mode=1777,nosuid,nodev,size=34G -t tmpfs tmpfs /tmp
+  # cvs2git --encoding utf_8 --fallback-encoding ascii --dumpfile=dump www-rsync/www |& tee /tmp/l
+  ## www-rsync is an rsynced copy of the cvsfrom savannah
+}
+
 mygajim() {
-  local now time time_sec time_pretty
-  now=$(date +%s)
+  local time time_sec time_pretty days
+  days=${1:-16}
   sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank' and jid_id = 17;" | while read -r time l; do
     case $time in
       16*) : ;;
@@ -1229,14 +1790,19 @@ mygajim() {
     echo $time_pretty "$l"
     time_sec=${time%%.*}
     # only look at the last 18 days. generally just use this for timesheet.
-    if (( time_sec < now - 60 * 60 * 24 * 18 )); then break; fi
+    if (( time_sec < EPOCHSECONDS - 60 * 60 * 24 * days )); then break; fi
   done
 }
 
+allmygajim() {
+  sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank'" | less
+}
+
 gajlogs() {
   sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs" | less
 }
 
+
 net-dev-info() {
   e "lspci -nnk|gr -iA2 net"
   lspci -nnk|gr -iA2 net
@@ -1341,6 +1907,7 @@ rebr() {
 }
 
 
+r2e() { command r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg "$@"; }
 # only run on MAIL_HOST. simpler to keep this on one system.
 r2eadd() { # usage: name url
   # initial setup of rss2email:
@@ -1359,7 +1926,6 @@ r2eadd() { # usage: name url
   # get up to date and dont send old entries now:
   r2e run --no-send $1
 }
-r2e() { command r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg "$@"; }
 
 rspicy() { # usage: HOST DOMAIN
   # connect to spice vm remote host. use vspicy for local host
@@ -1432,10 +1998,6 @@ spd() {
   PATH=/usr/local/spdhackfix:$PATH command spd "$@"
 }
 
-spend() {
-  sudo systemctl suspend
-}
-
 spamf() { # spamtest on FILE
   local spamcpre spamdpid
 
@@ -1473,7 +2035,6 @@ testmail() {
 # always run this first, edit the test files, then run the following
 testsieve() {
   sieve-filter ~/sieve/maintest.sieve ${1:-INBOX} delete 2> >(head; tail) >/tmp/testsieve.log  && sed -rn '/^Performed actions:/,/^[^ ]/{/^ /p}' /tmp/testsieve.log | sort | uniq -c
-  _dosieve
 }
 runsieve() {
   c ~/sieve; cp personal{test,}.sieve; cp lists{test,}.sieve; cp personalend{test,}.sieve
@@ -1481,6 +2042,114 @@ runsieve() {
   sed -r '/^info: filtering:/{h;d};/^info: msgid=$/N;/^info: msgid=.*left message in mailbox [^ ]+$/d;/^info: msgid=/{H;g};/^info: message kept in source mailbox.$/d' /tmp/testsieve.log
 }
 
+# usage:
+# alertme SUBJECT
+# printf "subject\nbody\n" | alertme
+alertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+daylertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+
+# alert when a page goes live.
+alert200() {
+  local quiet url tmpdir
+  quiet=false
+  case $1 in
+    # dont send a diff of the html. some html is not very readable
+    -q) quiet=true
+        shift
+        ;;
+  esac
+  url="$1"
+  tmpdir="$(mktemp -d)"
+  cd $tmpdir
+  while true; do
+    if wget -q "$url"; then
+      if $quiet; then
+        echo | daylert 200
+      else
+        alertme $tmpdir
+      fi
+    fi
+    sleep $(( 120 + RANDOM % 300 ))
+  done
+}
+
+# alert on changes to a webpage (just the base page that curl gets)
+# usage: weblert URL [SUBJECT...]
+weblert() {
+  local u old new quiet
+  quiet=false
+  case $1 in
+    # dont send a diff of the html. some html is not very readable
+    -q) quiet=true
+        shift
+        ;;
+  esac
+  u="$1"
+  shift
+  subject="${*:-weblert}"
+  old=$(curl -s "$u") ||:
+  while true; do
+    new=$(curl -s "$u") ||:
+    if [[ $old && $new ]]; then
+      if [[ $new != "$old" ]]; then
+        if $quiet; then
+          echo | daylertme "$subject"
+        else
+          diff <(printf "%s\n" "$old") <(printf "%s\n" "$new") | daylertme "$subject" ||:
+        fi
+      fi
+      old="$new"
+    fi
+    sleep $(( 60 + RANDOM % 120 ))
+  done
+}
+
+torshell() {
+  # per man torsocks
+  source `type -p torsocks` on
+}
+
+eless2() {
+  less /var/log/exim4/mymain
+}
+
+
 # mail related
 testexim() {
   # testmail above calls sendmail, which is a link to exim/postfix.
@@ -1498,16 +2167,29 @@ testexim() {
   #  exim -t 'test@zroe.org, t2@zroe.org'  <<'EOF'
   #
   # -t = get recipient from header
-  exim -d -t <<'EOF'
-From: i@dmarctest.b8.nz
-To: mailman@dev.fsf.org
+  exim -d -t <<EOF
+From: root@$(hostname -f)
+To: root@$(hostname -f)
 Subject: test2
-Reply-to: rtest@iankelling.org
 
 This is a test message.
 EOF
 }
 
+# test bounce exim
+testbexim() {
+  to=$1
+  exim -d -f '<>' $to <<EOF
+From: Mail Delivery System <Mailer-Daemon@gnu.org>
+To: $to
+Subject: Mail delivery failed: returning message to sender
+
+This message was created automatically by mail delivery software.
+EOF
+
+}
+
+
 # toggle keyboard
 tk() {
   # based on
@@ -1573,20 +2255,87 @@ enn() {
   m s nsenter -t $pid -n -m $ecmd "$@"
 }
 
+# get pid of systemd service
+servicepid() {
+  local pid unit dir
+  unit="$1"
+  pid=$(systemctl show --property MainPID --value "$unit")
+  case $pid in
+    [1-9]*) : ;;
+    *)
+
+      dir=/sys/fs/cgroup/system.slice
+      if [[ ! -d $dir ]]; then
+        # t10 and older directory.
+        dir=/sys/fs/cgroup/systemd/system.slice
+      fi
+
+      # 0 or empty.  This file includes the MainPid, so I expect we
+      # could just get this in the first place, but i don't know if that
+      # is always the case.
+      pid=$(head -n1 $dir/${unit%.service}.service/cgroup.procs)
+      ;;
+  esac
+  if [[ $pid ]]; then
+    printf "%s\n" "$pid"
+  else
+    return 1
+  fi
+}
+
 sdnbash() { # systemd namespace bash
-  local unit=$1
-  m sudo nsenter -t $(systemctl show --property MainPID --value $unit') -n -m sudo -u $USER -i bash
+  local unit pid
+  if (( $# != 1 )); then
+    echo $0: error wrong number of args >&2
+    return 1
+  fi
+  unit=$1
+  pid=$(servicepid $unit)
+  m sudo nsenter -t $pid -n -m sudo -u $USER -i bash
 }
 
-mailnnbash() {
-  m sudo nsenter -t $(systemctl show --property MainPID --value mailnn') -n -m sudo -u $USER -i bash
+sdnbashroot() { # systemd namespace bash
+  local unit pid
+  if (( $# != 1 )); then
+    echo $0: error wrong number of args >&2
+    return 1
+  fi
+  unit=$1
+  pid=$(servicepid $unit)
+  m sudo nsenter -t $pid -n -m bash
 }
 
-mailvpnbash() {
-  m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
+
+sdncmd() { # systemd namespace cmd
+  local unit pid
+  if (( $# <= 2 )); then
+    echo $0: error wrong number of args >&2
+    return 1
+  fi
+  unit=$1
+  shift
+  pid=$(servicepid $unit)
+  m sudo nsenter -t $pid -n -m sudo -u $USER -i "$@"
 }
+
+
+mailnnbash() {
+  sdnbash mailnn
+}
+
+# we use wireguard now, use mailnnbash.
+# mailvpnbash() {
+#   m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
+# }
+
 eximbash() {
-  m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
+  local pid
+  pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1)
+  if [[ ! $pid ]]; then
+    echo "eximbash: failed to find exim pid. systemctl -n 30 status exim4:"
+    systemctl status exim4
+  fi
+  m sudo nsenter -t $pid -n -m
 }
 spamnn() {
   local spamdpid
@@ -1597,30 +2346,27 @@ unboundbash() {
   m sudo nsenter -t $(systemctl status unbound| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
 }
 
+nmtc() {
+  s nmtui-connect "$@"
+}
+
 mailnncheck() {
-  local p pid ns mailnn
+  local unit pid ns mailnn
   # mailvpn would belong on the list if using openvpn
-  for p in mailnn unbound dovecot spamassassin exim4 radicale; do
-    case $p in
-      exim4|radicale)
-        pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
-        ;;
-      *)
-        pid=$(s systemctl show --property MainPID --value $p)
-        ;;
-    esac
-    echo p=$p pid=$pid
+  for unit in mailnn unbound dovecot spamassassin exim4 radicale; do
+    pid=$(servicepid $unit)
+    echo debug: unit=$unit pid=$pid
     if [[ ! $pid ]]; then
-      echo failed to find pid for $p
+      echo failed to find pid for unit=$unit
       continue
     fi
     if ! ns=$(s readlink /proc/$pid/ns/net); then
-      echo failed to find ns for $p pid=$pid
+      echo failed to find ns for unit=$unit pid=$pid
       continue
     fi
     if [[  $mailnn ]]; then
       if [[ $ns != "$mailnn" ]]; then
-        echo "$p ns $ns != $mailnn"
+        echo "$unit ns $ns != $mailnn"
       fi
     else
       mailnn=$ns
@@ -1631,13 +2377,7 @@ mailnncheck() {
 
 
 vpncmd() {
-  m sudo -E env "PATH=$PATH" nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n -m "$@"
-}
-vpnf() {
-  vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn & r
-}
-vpn2f() {
-  vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 & r
+  m sudo -E env "PATH=$PATH" nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n "$@"
 }
 
 vpni() {
@@ -1669,6 +2409,15 @@ vpn() {
   sudo systemd-tty-ask-password-agent
 }
 
+fixu() {
+  local stats
+  ls -lad /run/user/1000
+  stats=$(stat -c%a-%g-%u /run/user/1000)
+  if [[ $stats != 700-1000-1000 ]]; then
+    m s chmod 700 /run/user/1000; m s chown iank.iank /run/user/1000
+  fi
+}
+
 # systemctl is-enabled / status / cat says nothing, instead theres
 # some obscure symlink. paths copied from man systemd.unit.
 # possibly also usefull, but incomplete, doesnt show units not loaded in memory:
@@ -1787,7 +2536,15 @@ if [[ -e $f ]]; then
   source $f
 fi
 
-
+electrum() {
+  # https://electrum.readthedocs.io/en/latest/tor.html
+  # https://github.com/spesmilo/electrum-docs/issues/129
+  s rsync -ptog --chown bitcoin:bitcoin ~/.Xauthority /var/lib/bitcoind/.Xauthority
+  sudo -u bitcoin DISPLAY=$DISPLAY XAUTHORITY=/var/lib/bitcoind/.Xauthority /a/opt/electrum-4.2.1-x86_64.AppImage -p socks5:localhost:9050
+}
+monero() {
+  sudo -u bitcoin DISPLAY=$DISPLAY XAUTHORITY=/var/lib/bitcoind/.Xauthority /a/opt/monero-gui-v0.17.3.2/monero-wallet-gui
+}
 
 
 reset-konsole() {
@@ -1814,6 +2571,12 @@ scrollbar true
 EOF
 }
 
+# make a page of links found in the files $@. redirect output
+linkhtml() {
+  gr -oh 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' "$@" | \
+    rev | sort -u | rev | sed 's,.*,<a href="\0">\0</a><br\>,'
+}
+
 reset-xscreensaver() {
   # except for spash, i set these by setting gui options in
   # xscreensaver-command -demo
@@ -1836,6 +2599,10 @@ EOF
 }
 
 
+# very useful, copy directory structure 3 deep. add remove /*/ to change level
+# rsync -aivh  --exclude '/*/*/*/' -f"+ */" -f"- *" SRC DEST
+
+
 # * stuff that makes sense to be at the end
 if [[ "$SUDOD" ]]; then
   # allow failure, for example if we are sudoing into a user with diffferent/lesser permissions.
@@ -1843,6 +2610,7 @@ if [[ "$SUDOD" ]]; then
   unset SUDOD
 elif [[ -d /a ]] && [[ $PWD == "$HOME" ]] && [[ $- == *i* ]]; then
   cd /a
+  OLDPWD=
 fi
 
 
@@ -1872,7 +2640,9 @@ path-add /usr/local/go/bin
 # I have both because I was trying to solve an issue that
 # turned out to be unrelated.
 # ARDUINO_PATH=/a/opt/Arduino/build/linux/work
-export ARDUINO_PATH=/a/opt/arduino-1.8.15
+
+## i should have documented this...
+# based on https://github.com/keyboardio/Kaleidoscope
 export KALEIDOSCOPE_DIR=/a/opt/Kaleidoscope
 
 # They want to be added to the start, but i think
@@ -1884,7 +2654,9 @@ path-add --end $HOME/.cargo/bin
 
 if type -P rg &>/dev/null; then
   # --no-messages because of annoying errors on broken symlinks
-  rg() { command rg --no-messages -L -i -M 300 --no-ignore "$@" || return $?; }
+  # -z = search .gz etc files
+  # -. = search dotfilesq
+  rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore-parent --no-ignore-vcs -g '!.git' -g '!auto-save-list' -g '!.savehist' "$@" || return $?; }
   #fails if not exist. ignore
   complete -r rg 2>/dev/null ||:
 else