X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;h=e392cf5c0a56d56b882bdb126aa7ff5c01185428;hb=802e885e3e7fa3857f8bc4f54c261d5ca76f2454;hp=6f0d016b935c58b2dd6a4605097317ca893fd6dc;hpb=7b47d6a266340223e78317cfe0570868f45a4cad;p=distro-setup

diff --git a/brc2 b/brc2
index 6f0d016..e392cf5 100644
--- a/brc2
+++ b/brc2
@@ -169,8 +169,10 @@ EOF
   fi
   sudo chroot $d apt-get update
   sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
-  sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
   sudo cp -P {,$d}/etc/localtime
+  if (( ${#apps[@]} )); then
+    sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+  fi
 }
 
 
@@ -282,6 +284,26 @@ aclear() {
   system-status _
 }
 
+alerts() {
+  find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f
+}
+ralerts() { # remote alerts
+  local ret shell
+  # this list is duplicated in check-remote-mailqs
+  for h in bk je li frodo kwwg x3wg x2wg kdwg sywg; do
+    echo $h:
+    shell="ssh $h"
+    if [[ $HOSTNAME == "${h%wg}" ]]; then
+      shell=
+    fi
+    ret=0
+    $shell find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f || ret=$?
+    if (( ret )); then
+      echo ret:$ret
+    fi
+  done
+}
+
 ap() {
   # pushd in case current directory has an ansible.cfg file
   pushd /a/xans >/dev/null
@@ -359,6 +381,22 @@ bigclock() {
 
 nnn() { /a/opt/nnn -H "$@"; }
 
+locat() { # log-once cat
+  local files
+  ngset
+  files=(/var/local/cron-errors/* /home/iank/cron-errors/* /sysd-mail-once-state/*)
+  case ${#files[@]} in
+    0) : ;;
+    1)
+      echo ${files[0]}
+      head ${files[0]}
+      ;;
+    *)
+      head ${files[@]}
+      ;;
+  esac
+  ngreset
+}
 
 # duplicated somewhat below.
 jrun() { # journal run. run args, log to journal, tail and grep the journal.
@@ -464,24 +502,23 @@ EOF
   done
 }
 bindpushb8() {
-  dsign iankelling.org expertpathologyreview.com zroe.org amnimal.ninja
   lipush
   for h in li bk; do
     m sl $h <<'EOF'
 source ~/.bashrc
-m dnsup
 m dnsb8
 EOF
   done
 }
 
 dnsup() {
-  conflink
+  conflink -f
   m ser reload bind9
 }
 dnsb8() {
   local f=/var/lib/bind/db.b8.nz
   ser stop bind9
+  sleep 1
   sudo rm -fv $f.jnl
   sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
   ser restart bind9
@@ -630,6 +667,9 @@ digme() {
   digdiff @ns{1,2}.iankelling.org "$@"
 }
 
+tsr() { # ts run
+  "$@" |& ts || return $?
+}
 
 dup() {
   local ran_d
@@ -638,20 +678,20 @@ dup() {
   case $PS1 in
     *[\ \]]D\ *)
       pushd /
-      /b/ds/distro-begin || return $?
-      /b/ds/distro-end || return $?
+      /b/ds/distro-begin |& ts || return $?
+      /b/ds/distro-end |& ts || return $?
       popd
       ran_d=true
       ;;&
     *[\ \]]DB\ *)
       pushd /
-      /b/ds/distro-begin || return $?
+      /b/ds/distro-begin |& ts || return $?
       popd
       ran_d=true
       ;;
     *[\ \]]DE\ *)
       pushd /
-      /b/ds/distro-end || return $?
+      /b/ds/distro-end |& ts || return $?
       popd
       ran_d=true
       ;;&
@@ -1034,8 +1074,8 @@ Address = 10.8.0.$ipsuf/24
 PostUp = ping -c1 10.8.0.1 ||:
 
 [Peer]
-# li
-PublicKey = zePGl7LoS3iv6ziTI/k8BMh4L3iL3K2t9xJheMR4hQA=
+# li. called wgmail on that server
+PublicKey = CTFsje45qLAU44AbX71Vo+xFJ6rt7Cu6+vdMGyWjBjU=
 AllowedIPs = 10.8.0.0/24
 Endpoint = 72.14.176.105:1194
 PersistentKeepalive = 25
@@ -1043,7 +1083,7 @@ EOF
   umask $umask_orig
   # old approach. systemd seems to work fine and cleaner.
   rm -f ../network/interfaces.d/wghole
-  cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wghole.conf <<EOF || [[ $? == 1 ]]
+  cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf <<EOF || [[ $? == 1 ]]
 [Peer]
 PublicKey = $(cat hole-pub.key)
 AllowedIPs = 10.8.0.$ipsuf/32
@@ -1056,26 +1096,40 @@ lom() {
   local l base
   if [[ $1 == /* ]]; then
     base=${1##*/}
-    if mountpoint /mnt/$base; then
+    if mountpoint -q /mnt/$base; then
       return 0
     fi
-    l=$(sudo losetup -f)
-    sudo losetup $l $1
-    if ! sudo cryptsetup luksOpen $l $base; then
-      sudo losetup -d $l
-      return 1
+    l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+    if [[ ! $l ]]; then
+      l=$(sudo losetup -f)
+      m sudo losetup $l $1
+    fi
+    if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! sudo cryptsetup luksOpen $l $base; then
+        m sudo losetup -d $l
+        return 1
+      fi
     fi
-    sudo mkdir -p /mnt/$base
-    sudo mount /dev/mapper/$base /mnt/$base
-    sudo chown $USER:$USER /mnt/$base
+    m sudo mkdir -p /mnt/$base
+    m sudo mount /dev/mapper/$base /mnt/$base
+    m sudo chown $USER:$USER /mnt/$base
   else
     base=$1
     if mountpoint /mnt/$base &>/dev/null; then
-      sudo umount /mnt/$base
+      m sudo umount /mnt/$base
+    fi
+    if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
+        echo lom: failed cryptsetup luksClose /dev/mapper/$base
+        return 1
+      fi
+    fi
+    l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}')
+    if [[ $l ]]; then
+      m sudo losetup -d $l
+    else
+      echo lom: warning: no loopback device found
     fi
-    l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
-    sudo cryptsetup luksClose /dev/mapper/$base || return 1
-    sudo losetup -d $l
   fi
 }
 
@@ -1229,6 +1283,9 @@ ngo() {
 otp() {
   oathtool --totp -b "$*" | xclip -selection clipboard
 }
+j() {
+  "$@" |& pee "xclip -r -selection clipboard"
+}
 
 
 pakaraoke() {
@@ -1288,7 +1345,7 @@ pumpa() {
   # other tiling window managers in giving up on setting it at all
   #
   xprop -root -remove _NET_WORKAREA
-  command pumpa &r
+  command pumpa & r
 }
 
 # reviewboard, used at my old job
@@ -1433,7 +1490,6 @@ testmail() {
 # always run this first, edit the test files, then run the following
 testsieve() {
   sieve-filter ~/sieve/maintest.sieve ${1:-INBOX} delete 2> >(head; tail) >/tmp/testsieve.log  && sed -rn '/^Performed actions:/,/^[^ ]/{/^ /p}' /tmp/testsieve.log | sort | uniq -c
-  _dosieve
 }
 runsieve() {
   c ~/sieve; cp personal{test,}.sieve; cp lists{test,}.sieve; cp personalend{test,}.sieve
@@ -1441,6 +1497,62 @@ runsieve() {
   sed -r '/^info: filtering:/{h;d};/^info: msgid=$/N;/^info: msgid=.*left message in mailbox [^ ]+$/d;/^info: msgid=/{H;g};/^info: message kept in source mailbox.$/d' /tmp/testsieve.log
 }
 
+# usage:
+# alertme SUBJECT
+# printf "subject\nbody\n" | alertme
+alertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+daylertme() {
+  if [[ -t 0 ]]; then
+    exim -t <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $*
+EOF
+  else
+    read sub
+    { cat <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $sub
+
+EOF
+      cat
+    } | exim -t
+  fi
+}
+
+# alert when a page goes live. not urgent.
+alert200() {
+  url="$1"
+  tmpdir="$(mktemp -d)"
+  cd $tmpdir
+  while true; do
+    if torsocks wget -q "$url"; then
+      alertme $tmpdir
+    fi
+    sleep $(( 600 + RANDOM % 300 ))
+  done
+}
+
+
 # mail related
 testexim() {
   # testmail above calls sendmail, which is a link to exim/postfix.
@@ -1491,7 +1603,7 @@ tm() {
   (sleep $(calc "$* * 60") && mpv --no-config --volume 50 /a/bin/data/alarm.mp3) > /dev/null 2>&1 &
 }
 
-trg() { transmission-remote-gtk&r; }
+trg() { transmission-remote-gtk & r; }
 trc() {
   # example, set global upload limit to 100 kilobytes:
   # trc -u 100
@@ -1535,22 +1647,28 @@ enn() {
 
 sdnbash() { # systemd namespace bash
   local unit=$1
-  m sudo nsenter -t $(systemctl status $unit | sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash
 }
 
 mailnnbash() {
-  m sudo nsenter -t $(systemctl status mailnn| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash
 }
 
 mailvpnbash() {
   m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
 }
 eximbash() {
-  m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
+  local pid
+  pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1)
+  if [[ ! $pid ]]; then
+    echo "eximbash: failed to find exim pid. systemctl -n 30 status exim4:"
+    systemctl status exim4
+  fi
+  m sudo nsenter -t $pid -n -m
 }
 spamnn() {
   local spamdpid
-  spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  spamdpid=$(systemctl show --property MainPID --value spamassassin)
   m sudo nsenter -t $spamdpid -n -m sudo -u Debian-exim spamassassin "$@"
 }
 unboundbash() {
@@ -1558,9 +1676,18 @@ unboundbash() {
 }
 
 mailnncheck() {
-  local pid ns mailnn
-  for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
-    pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  local p pid ns mailnn
+  # mailvpn would belong on the list if using openvpn
+  for p in mailnn unbound dovecot spamassassin exim4 radicale; do
+    case $p in
+      exim4|radicale)
+        pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
+        ;;
+      *)
+        pid=$(s systemctl show --property MainPID --value $p)
+        ;;
+    esac
+    echo p=$p pid=$pid
     if [[ ! $pid ]]; then
       echo failed to find pid for $p
       continue
@@ -1585,10 +1712,10 @@ vpncmd() {
   m sudo -E env "PATH=$PATH" nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n -m "$@"
 }
 vpnf() {
-  vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn &r
+  vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn & r
 }
 vpn2f() {
-  vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 &r
+  vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 & r
 }
 
 vpni() {
@@ -1620,6 +1747,11 @@ vpn() {
   sudo systemd-tty-ask-password-agent
 }
 
+fixu() {
+  ls -lad /run/user/1000
+  s chmod 700 /run/user/1000; s chown iank.iank /run/user/1000
+}
+
 # systemctl is-enabled / status / cat says nothing, instead theres
 # some obscure symlink. paths copied from man systemd.unit.
 # possibly also usefull, but incomplete, doesnt show units not loaded in memory: