"\e,": yank-nth-arg
"\C-f": menu-complete
-"\C-b": menu-complete-backward
+# might be nice to bind this to tomsething, but not sure what: menu-complete-backward
+"\C-b": copy-region-as-kill
# arrow keys. for other terminals, see http://unix.stackexchange.com/questions/10806/how-to-change-previous-next-word-shortcut-in-bash
# this can be conditioned based on the term, see the term keyword in
export INFOPATH=$PATH:/usr/local/info:/usr/info:/usr/local/lib/info:/usr/lib/info:/usr/local/gnu/info:/usr/local/gnu/lib/info:/usr/gnu/info:/usr/gnu/lib/info:/opt/gnu/info:/usr/share/info:/usr/share/lib/info:/usr/local/share/info:/usr/local/share/lib/info:/usr/gnu/lib/emacs/info:/usr/local/gnu/lib/emacs/info:/usr/local/lib/emacs/info:/usr/local/emacs/info:.:
+# for openwrt system that has no stty, this is easier than
+# guarding every time i use it.
+if ! type -p stty >/dev/null; then
+ stty() { :; }
+fi
if [[ $- == *i* ]]; then
# for readline-complete.el
if [[ $RLC_INSIDE_EMACS ]]; then
# i for insensitive. the rest from
# X means dont remove the current screenworth of output upon exit
# R means to show colors n things
-export LESS=RXi
+export LESS=RXij12
export SYSTEMD_LESS=$LESS
+export NNN_COLORS=2136
# * include files
}
caf() {
# shellcheck disable=SC2033
- find -L $1 -type f -not \( -name .svn -prune -o -name .git -prune \
+ find -L "$@" -type f -not \( -name .svn -prune -o -name .git -prune \
-o -name .hg -prune -o -name .editor-backups -prune \
-o -name .undo-tree-history -prune \) \
-exec bash -c '. ~/.bashrc; hr; echo "$1"; hr; cat "$1"' _ {} \; 2>/dev/null
grep '^\s*[^;[:space:]#]' "$@" || [[ $? == 1 ]]
}
+chrbind() {
+ local d
+ for d in dev proc sys; do
+ [[ -d $d ]]
+ if ! mountpoint $d &>/dev/null; then
+ mount -o bind /$d $d
+ fi
+ done
+}
+
_cdiff-prep() {
# join options which are continued to multiples lines onto one line
# mail related
etail() {
- tail -F /var/log/exim4/mainlog -n 200
+ tail -F /var/log/exim4/mainlog -n 200 "$@"
}
eless() {
less /var/log/exim4/mainlog
}
hr() { # horizontal row. used to break up output
-
- printf "$(tput setaf 5)█$(tput sgr0)%.0s" $(eval echo "{1..${COLUMNS:-60}}")
+ printf "$(tput setaf 5 2>/dev/null ||:)█$(tput sgr0 2>/dev/null||:)%.0s" $(eval echo "{1..${COLUMNS:-60}}")
echo
}
k() { # history search
- grep -P --binary-files=text "$@" ${HISTFILE:-~/.bash_history} | tail -n 80 || [[ $? == 1 ]];
+ grep -iP --binary-files=text "$@" ${HISTFILE:-~/.bash_history} | tail -n 80 || [[ $? == 1 ]];
}
ks() { # history search
# shellcheck disable=SC2032
mkdir() { command mkdir -p "$@"; }
+nags() {
+ # https://github.com/HenriWahl/Nagstamon/issues/357
+ if ! pgrep -f /usr/lib/notification-daemon/notification-daemon >/dev/null; then
+ /usr/lib/notification-daemon/notification-daemon &
+ fi
+ /usr/bin/nagstamon &
+}
+
nopanic() {
# shellcheck disable=SC2024
sudo tee -a /var/log/exim4/paniclog-archive </var/log/exim4/paniclog; sudo truncate -s0 /var/log/exim4/paniclog
}
psg () {
- local x y help
+ local x y help s
help="Usage: psg [--help] GREP_ARGS
grep ps and output in a nice format"
if [[ $1 == --help ]]; then
echo "$help"
return
fi
- x=$(sudo ps -eF)
+ if [[ $EUID != 0 ]]; then
+ s=sudo
+ fi
+ x=$($s ps -eF)
# final grep is because some commands tend to have a lot of trailing spaces
y=$(echo "$x" | grep -iP "$@" | grep -o '.*[^ ]') ||:
if [[ $y ]]; then
pubip6() { curl -6s https://icanhazip.com; }
whatismyip() { pubip; }
-pwgen() {
- # -m = min length
- # -x = max length
- # -t = print pronunciation
- apg -m 14 -x 17 -t
- for (( i=0; i<10; i++ )); do
- shuf -n3 /usr/share/hunspell/en_US.dic | sed 's,/.*,,' | paste -sd . -
-
- done
-}
-
-pwlong() {
- # -M CLN = use Caps, Lowercase, Numbers
- # -n 1 = 1 password
- # -a 1 = use random instead of pronounceable algorithm
- apg -m 50 -x 70 -n 1 -a 1 -M CLN
-}
-
q() { # start / launch a program in the backround and redir output to null
"$@" &> /dev/null &
}
complete -F _root_command s sb
+sd() {
+ sudo dd of="$1" 2>/dev/null
+}
ser() {
local s; [[ $EUID != 0 ]] && s=sudo
if type -p uprecords &>/dev/null; then
uprecords -B
else
- uptime
+ command uptime
fi
}
vm-set-listen $1 127.0.0.1
}
+myiwscan() {
+ # find input, copy to pattern space, when we find the first field, print the copy in different order without newlines.
+ # instead of using labels, we could just match a line and group, eg: /signal:/,{s/signal:(.*)/\1/h}
+ sudo iw dev wls1 scan | sed -rn "
+s/^\Wcapability: (.*)/\1/;Ta;h;b
+:a;s/^\Wsignal: -([^.]+).*/\1/;Tb;H;b
+# padded to min width of 20
+:b;s/\WSSID: (.*)/\1 /;T;s/^(.{20}(.*[^ ])?) */\1/;H;g;s/(.*)\n(.*)\n(.*)/\2 \3 \1/gp;b
+"|sort -r
+}
+
# * misc stuff
# * functions
+# clock back in to timetrack from last entry
+tback() {
+ sqlite3 /p/.timetrap.db "update entries set end = NULL where id = (select max(id) from entries);"
+}
# todo, update this
complete -F _longopt la lower low rlt rld rl lld ts ll dircp ex fcp fct fpst gr
+abrowserrmcompat() {
+ local f
+ ngset
+ f=(/p/c/firefox*/compatibility.ini)
+ if (( ${#f[@]} )); then
+ rm ${f[@]}
+ fi
+ ngreset
+}
+ngset() {
+ if shopt nullglob >/dev/null; then
+ ngreset=false
+ else
+ shopt -s nullglob
+ ngreset=true
+ fi
+}
+ngreset() {
+ if $ngreset; then
+ shopt -u nullglob
+ fi
+}
anki() {
if which anki &>/dev/null; then
}
acat() {
- shopt -s nullglob
- hrcat /m/md/alerts/new/* /m/md/alerts/cur/*
- shopt -u nullglob
+ ngset
+ hrcat /m/md/alerts/new/*
+ ngreset
+ hr; echo bk; hr
+ ssh bk.b8.nz "shopt -s nullglob; hrcat /m/md/INBOX/new/* /m/md/INBOX/cur/*"
}
aclear() {
- shopt -s nullglob
- files=(/m/md/alerts/new/* /m/md/alerts/cur/*)
- if (( ${#files[@]} )); then
- rm -f ${files[@]}
- fi
- shopt -u nullglob
+ ngset
+ rm -f /m/md/alerts/new/*
+ ngreset
+ ssh bk.b8.nz "shopt -s nullglob; rm -f /m/md/INBOX/new/* /m/md/INBOX/cur/*"
system-status _
}
popd >/dev/null
}
aw() {
- pushd /a/work/ansible-configs >/dev/null
+ pushd /a/work/ans >/dev/null
time ansible-playbook -v -i inventory adhoc.yml "$@"
popd >/dev/null
}
/a/opt/android-studio/bin/studio.sh "$@" &r;
}
+# note, to check for glue records
+# First, find some the .org nameservers:
+# dig +trace iankelling.org
+# then, query one:
+# dig ns1.iankelling.org @b0.org.afilias-nst.org.
+
+# Now, compare for a domain that does have glue records setup (note the A
+# and AAAA records in ADDITIONAL SECTION, those are glue records like the
+# one I'm asking for):
+
+# $ dig ns1.gnu.org @b0.org.afilias-nst.org.
+
bindpush() {
lipush || return 1
- for h in li l2; do
+ for h in li; do
sl $h <<'EOF' || return 1
set -e
+source ~/.bashrc
conflink
f=/var/lib/bind/db.b8.nz
ser stop bind9
sudo rm -fv $f.jnl
-sudo install -m 644 -o bind -g bind /p/c/machine_specific/linode/bind-initial/db.b8.nz $f
+sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
ser restart bind9
EOF
done
}
-
bbk() { # btrbk wrapper
c /
# note, i had --delete-excluded, but that deletes all files in --exclude-from on
# the remote site, which doesn't make sense, so not sure why i had it.
local p a
- p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/linode{,.hosts} /a/opt/{emacs-debianstable,mu})
+ p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /a/opt/{emacs-debianstable,mu})
a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
ret=0
- m rsync "$@" $a ${p[@]} /p/c/machine_specific/l2 root@l2.b8.nz:/ || ret=$?
+ m rsync "$@" $a ${p[@]} /p/c/machine_specific/bk root@bk.b8.nz:/ || ret=$?
m rsync "$@" $a ${p[@]} /p/c/machine_specific/li root@li.b8.nz:/ || ret=$?
m rsync "$@" -ahviSAXPH root@iankelling.org:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
return $ret
--exclude-from=/p/c/li-rsync-excludes /a/bin /a/exe /a/h /a/c /p/c/machine_specific/li root@li:/
}
+
#### begin bitcoin related things
btc() {
local f=/etc/bitcoin/bitcoin.conf
done
}
+# work log
+wlog() {
+ local day now i
+ now=$(date +%s)
+ for (( i=0; i<30; i++ )); do
+ day=$( date +%F -d @$((now - 86400*i )) )
+ date "+%a %b %d" -d @$((now - 86400*i )) | tr '\n' ' '
+ /a/opt/timetrap/bin/t d -ftotal -s $day -e $day all -m '^w|lunch$'
+ done
+}
+to() { t out -a "$@"; }
+ti() { t in -a "$@"; }
+tl() {
+ to "$*"
+ t s lunch
+ t in -a "$*"
+ m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/\./ /')" +%s) + 60*45 )) )
+ t s w
+}
+tlo() {
+ t s lunch
+ t in -a "$*"
+ m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/\./ /')" +%s) + 60*45 )) )
+ t s w
+}
+
+arbttlog() { arbtt-dump "$@" | grep -v '( )\|Current Desktop' | less; }
+
idea() {
/a/opt/idea-IC-163.7743.44/bin/idea.sh "$@" &r
}
ilog() {
chan=${1:-#fsfsys}
# use * instead of -r since that does sorted order
- ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/$chan && hr && for x in *; do echo \$x; cat \$x; hr; done" | less +G
+ ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/$chan && hr && for x in *; do echo \$x; sed \"s/^./\${x%log}/\" \$x; hr; done" | less +G
}
o() {
fi
}
+# mu personality. for origina, just run mp. for 2, run mp 2.
+# this is partly duplicated in mail-setup
+mp() {
+ killall mu ||:
+ suf=$1
+ set -- /m/mucache ~/.cache/mu /m/.mu ~/.mu
+ while (($#)); do
+ target=$1$suf
+ f=$2
+ shift 2
+ if [[ -e $f && ! -L $f ]]; then
+ rm -rf $f
+ fi
+ m ln -sf -T $target $f
+ done
+}
mbenable() {
local mb=$1
m /a/exe/lnf /m/.mu ~
mu index --maildir=/m/4e
}
+mb2enable() {
+ local mb
+ for mb; do
+ dst=/m/4e2/$mb
+ link=/m/md/$mb
+ src=/m/md/$mb
+ if [[ ! -e $src || -L $src ]]; then
+ src=/m/4e/$mb
+ fi
+ [[ -e $src ]] || { echo "src:$src does not exist"; return 1; }
+ m mv -T $src $dst
+ m ln -sf -T $dst $link
+ done
+ #mu index --maildir=/m/4e
+}
mbdisable() {
local mb=$1
dst=/m/md/$mb
myirc() {
chan=${1:-fsf-office}
# use * instead of -r since that does sorted order
- ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/#$chan; grep '\<iank.*' *"
+ ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/#$chan; grep '\<iank.*' *" \
+ | cut --complement -c12-16
}
net-dev-info() {
ser disable NetworkManager-wait-online.service
ser stop dnsmasq
sudo resolvconf -d NetworkManager
- ser start dnsmasq
+ # ser start dnsmasq
sudo ifup br0
}
ngo() {
if systemctl is-enabled dnsmasq &>/dev/null || [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then
# this will fail is dnsmasq is failed
hr; m ser status dnsmasq | cat || :
- f=/var/run/dnsmasq/resolv.conf
+ f=/etc/dnsmasq.conf
hr; echo $f:; ccat $f
hr; m grr '^ *(servers-file|server) *=|^ *no-resolv *$' /etc/dnsmasq.conf /etc/dnsmasq.d
f=/etc/dnsmasq-servers.conf
reresolv() {
sudo nscd -i hosts
if [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then
- sudo systemctl restart dnsmasq
+ m sudo systemctl restart dnsmasq
fi
if [[ $(systemctl is-active systemd-resolved ||:) != inactive ]]; then
- sudo systemctl restart systemd-resolved
+ m sudo systemctl restart systemd-resolved
fi
}
# inspired from https://github.com/Russell91/sshrc
- local now args remote dorsync haveinfo tmpa sshinfo tmp tmp2 type info_sec
+ local now args remote dorsync haveinfo tmpa sshinfo tmp tmp2 type info_sec force_rsync
declare -a args tmpa
now=$(date +%s)
# [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname
# [command]
+ # ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
+ # [-D [bind_address:]port] [-E log_file] [-e escape_char]
+ # [-F configfile] [-I pkcs11] [-i identity_file]
+ # [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
+ # [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
+ # [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
+
+ force_rsync=false
+ if [[ $1 == --rsync ]]; then
+ force_rsync=true
+ shift
+ fi
+
while [[ $1 ]]; do
case "$1" in
- -[1246AaCfGgKkMNnqsTtVvXxYy])
+ # note we dont support things like -4oOption
+ -[46AaCfGgKkMNnqsTtVvXxYy]*)
args+=("$1"); shift
;;
- -[bcDEeFIiLlmOopQRSWw]*)
+ -[bcDEeFIiJLlmOopQRSWw]*)
# -oOption etc is valid
if (( ${#1} >= 3 )); then
args+=("$1"); shift
tmpa=(/p/sshinfo/???????????"$remote")
sshinfo=${tmpa[0]}
if [[ -e $sshinfo ]]; then
- haveinfo=true
+ if $force_rsync; then
+ rm -f $sshinfo
+ else
+ haveinfo=true
+ fi
fi
if $haveinfo; then
tmp=${sshinfo[0]##*/}
fi
fi
}
+slr() {
+ sl --rsync "$@"
+}
sss() { # ssh solo
sl -oControlMaster=no -oControlPath=/ "$@"
}
exit $1
}
-rsync-dirs() {
- local host=$1
- local path=$2
- m rsync $dry_run_arg -ahi --relative --delete "$path" "root@$host:/"
-}
pre="${0##*/}: "
targets=($home x3)
;;
x2|x3)
- targets=($home kw)
- ;;
- tp)
- # kd disabled temporarily while its hot and i plan to work on it.
- #targets=(frodo kd)
- targets=(frodo x2.b8.nz)
- #targets=(frodo)
- # might not be connected to the vpn
- if timeout -s 9 6 ssh kw :; then
- targets+=(kw)
- fi
+ targets=($home kw.office.fsf.org)
;;
kd)
- targets=(frodo tp)
+ targets=(frodo x2.b8.nz)
# might not be connected to the vpn
- if timeout -s 9 6 ssh kw :; then
- targets+=(kw)
+ if timeout -s 9 6 ssh kw.office.fsf.org :; then
+ targets+=(kw.office.fsf.org)
fi
;;
frodo)
done
else
# set default mountpoints
- case $HOSTNAME in
- frodo)
- prospective_mps=(/i)
- ;;
- *)
- prospective_mps=(/a /q)
- if [[ $source ]]; then
- source_state="$(ssh $source cat /a/bin/bash_unpublished/source-state)"
- eval "$source_state"
- source_host="$(ssh $source cat /etc/hostname)"
- if [[ $source_host == "$MAIL_HOST" ]]; then
- prospective_mps+=(/o)
- fi
- else
- if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- if [[ $HOST2 && $HOST2 != "$HOSTNAME" ]]; then
- echo "skipping /o because HOST2 is not us"
- else
+ if [[ ${targets[0]} == tp ]]; then
+ prospective_mps=(/a)
+ else
+ case $HOSTNAME in
+ frodo)
+ prospective_mps=(/i)
+ ;;
+ *)
+ prospective_mps=(/a /q)
+ if [[ $source ]]; then
+ source_state="$(ssh $source cat /a/bin/bash_unpublished/source-state)"
+ eval "$source_state"
+ source_host="$(ssh $source cat /etc/hostname)"
+ if [[ $source_host == "$MAIL_HOST" ]]; then
prospective_mps+=(/o)
fi
+ else
+ if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
+ if [[ $HOST2 && $HOST2 != "$HOSTNAME" ]]; then
+ echo "skipping /o because HOST2 is not us"
+ else
+ prospective_mps+=(/o)
+ fi
+ fi
fi
- fi
- ;;
- esac
+ ;;
+ esac
+ fi
for mp in ${prospective_mps[@]}; do # default mountpoints to sync
if [[ -e /nocow/btrfs-stale/$mp ]]; then
e "warning: $mp stale, not adding to default mountpoints"
fi
-
-
if ! which btrbk &>/dev/null; then
die "error: no btrbk binary found"
fi
vol=/mnt/root
for m in ${mountpoints[@]}; do
- sub=${m##*/}
+ sub=${m#/}
if [[ $source ]]; then
cat >>/etc/btrbk.conf <<EOF
volume ssh://$source$vol
if mountpoint $rsync_mountpoint >/dev/null; then
for tg in ${targets[@]}; do
case $tg in
- li|lk)
+ tp)
+ dirs=(/p/c/machine_specific/tp)
for x in /p/c/machine_specific/*.hosts; do
if grep -qxF $tg $x; then
- dir=${x%.hosts}
- rsync-dirs $tg $dir
+ dirs+=(${x%.hosts})
fi
done
+ m rsync -aSAXPH --specials --devices --delete --relative ${dirs[@]} root@$tg:/
;;
esac
done
shopt -s dotglob
-for h in tp.b8.nz vpn1 x2 x3.b8.nz frodo.b8.nz kd.b8.nz kw iankelling.org l2.b8.nz; do
+for h in tp.b8.nz vpn1 x2 x3.b8.nz frodo.b8.nz kd.b8.nz kw iankelling.org bk.b8.nz; do
if [[ $HOSTNAME == "${h%%.*}" ]]; then
continue
fi
--- /dev/null
+#!/bin/bash
+if [[ ! -e /dev/shm/iank-status ]]; then
+ exit 0
+fi
+eval $(< /dev/shm/iank-status)
+
+if [[ $HOSTNAME != "$MAIL_HOST" ]]; then
+ exit 0
+fi
+find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -mtime +4
+ssh bk.b8.nz find /m/md/INBOX/new /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -mtime +1
set +x
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
-for f in kd x2 x3 frodo tp li l2 demohost kw; do
+for f in kd x2 x3 frodo tp li bk demohost kw; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
codename=$(debian-codename)
has_wayland() { has_monitor && [[ $codename == buster ]]; }
has_x() { has_monitor && [[ $codename != buster ]]; }
-has_monitor() { ! linode ; }
-linode() { l2 || li; }
+has_monitor() { ! vps ; }
+vps() { bk || li; }
# linode actually has btrfs now, but we dont do anything with it.
-has_btrfs() { ! linode; }
-home_network() { ! linode && ! kw; }
-has_p() { ! linode; }
-encrypted() { true; }
+has_btrfs() { ! vps; }
+home_network() { ! vps && ! tp; }
+has_p() { ! vps && ! tp; }
+encrypted() { ! bk; }
shopt -s extglob
export GLOBIGNORE="*/.:*/.."
umask 022
done
###### do conflink
-# linode needs bind group before conflink
-if linode; then
+# vps needs bind group before conflink
+if vps; then
pi-nostart bind9
fi
# this needs to be before installing pacserve so we have gpg conf.
# convenient to just do all file linking in one place
sudo /a/exe/lnf -T /a/bin /b
sudo /a/exe/lnf -T /a/f /f
+sudo /a/exe/lnf -T /var/log/exim4 /el
+sudo /a/exe/lnf -T /a/f/ans /c
sudo /a/exe/lnf -T /nocow/t /t
if has_p; then
lnf -T /p/News ~/News
fi
+dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history)
+sudo mkdir -p ${dirs[@]}
+sudo chmod 600 ${dirs[@]}
sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \
/a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob
-
#### arch specific early packages
case $(distro-name) in
arch)
frodo:/k /kr nfs noauto 0 0
EOF
fi
- sudo mkdir -p /q /i/{w,k}
+ sudo mkdir -p /i/{w,k}
for dir in /{i,w,k}; do
if mountpoint $dir; then continue; fi # already mounted
sudo mkdir -p $dir
sudo chown $USER:$USER $dir
done
- # not needed for all hosts, but rather just keep it uniform
- sudo mkdir -p /mnt/iroot
# debian auto mounting of multi-disk encrypted btrfs is busted. It is
# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
# based on 3 of those, it creates .device units for /dev/mapper/dev...
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-for dir in /i /mnt/iroot /k /kr /w; do
+for dir in /i /k /kr /w; do
if ! mountpoint $dir &>/dev/null && \
awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
sudo mkdir -p /etc/lightdm/lightdm.conf.d
sudo dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
[SeatDefaults]
+display-setup-script=/a/bin/ds/lightdm-start
session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
EOF
printf "$pre %s\n" "$*"
SUDOD="$PWD" command sudo "$@";
}
-sd() {
- sudo dd of="$1" 2>/dev/null
-}
m() { printf "$pre %s\n" "$*"; "$@"; }
e() { printf "$pre %s\n" "$*"; }
err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; }
popularity-contest popularity-contest/participate boolean true
EOF
-########### begin section including linode ################
+########### begin section including vps ################
pi ${p2[@]}
;;&
etiona)
+ # for ziva
+ #p install --no-install-recommends minetest/buster libleveldb1d/buster libncursesw6/buster libtinfo6/buster
f=/etc/apt/sources.list.d/buster.list
t=$(mktemp)
cat >$t <<EOF
sudo cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
fi
+ # duplicated in fai. Pin for bionic + ubuntu so that ppas dont get
+ # matched.
sd /etc/apt/preferences.d/etiona-bionic <<'EOF'
Package: *
-Pin: release n=bionic
+Pin: release n=bionic,o=Ubuntu
Pin-Priority: -100
-
EOF
- # Package: firefox gnome-screenshot gnome-icon-theme libnautilus-extension1a gnome-settings-daemon nautilus yelp gnome-settings-daemon-schemas nautilus-data ubuntu-wallpapers gnome-control-center gnome-control-center-data gnome-control-center-faces libsnapd-glib1 ubuntu-wallpapers-bionic gir1.2-snapd-1 ubuntu-drivers-common ubuntu-docs libyelp0
- # Pin: release n=bionic
- # Pin-Priority: 500
+ sd /etc/apt/preferences.d/etiona-sa <<'EOF'
+Package: *
+Pin: release n=bionic,o=Ubuntu
+Pin-Priority: -100
+EOF
;;&
*)
###### begin website setup
case $HOSTNAME in
- li|l2)
+ li|bk)
pi bind9
f=/var/lib/bind/db.b8.nz
if [[ ! -e $f ]]; then
ser stop bind9
sudo rm -fv $f.jnl
- sudo install -m 644 -o bind -g bind /p/c/machine_specific/linode/bind-initial/db.b8.nz $f
+ sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
ser restart bind9
fi
;;&
- l2)
+ bk)
# setup let's encrypt cert
- m web-conf apache2 l2.b8.nz
+ m web-conf apache2 bk.b8.nz
# And leave apache running so renewals can happen.
- s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt
+ s lnf -T /etc/letsencrypt/live/bk.b8.nz/fullchain.pem /etc/exim4/exim.crt
if [[ ! -L /etc/exim4/exim.key ]]; then
- s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key
+ s lnf -T /etc/letsencrypt/live/bk.b8.nz/privkey.pem /etc/exim4/exim.key
mail-setup
fi
end
li)
m /a/h/setup.sh iankelling.org
;;
- tp)
- m /a/h/setup.sh -s b8.nz
- ;;
- *)
- # allow symlinks on non-main hosts so i can host files in arbitrary paths
- m /a/h/setup.sh -s -p 80
- ;;
+ # # i dont work on my website that much, so commented to run these as needed
+ # kd)
+ # m /a/h/setup.sh -s b8.nz
+ # ;;
+ # *)
+ # # allow symlinks on non-main hosts so i can host files in arbitrary paths
+ # m /a/h/setup.sh -s -p 80
+ #;;
esac
m /a/h/build.rb
/a/bin/distro-setup/certbot-renew-hook
EOF
+ # general vpn for as needed use
+ #vpn-server-setup -d -r -4 10.2.2 -p 443 -n hole
+ #vpn-mk-client-cert -s "" -n hole 72.14.176.105
# requested from linode via a support ticket.
# https://www.linode.com/docs/networking/an-overview-of-ipv6-on-linode/
# https://community.openvpn.net/openvpn/wiki/IPv6
# and man openvpn
- m vpn-server-setup -rd 2600:3c00:e000:280::1/64 2600:3c00::f03c:91ff:feb4:0bf3
- sudo tee /etc/openvpn/client-config/mail <<'EOF'
+ m vpn-server-setup -rd 2600:3c00:e000:280::1/64 2600:3c00::f03c:91ff:feb4:0bf3 -n mail
+ sudo tee /etc/openvpn/client-config-mail/mailclient <<'EOF'
ifconfig-push 10.8.0.4 255.255.255.0
ifconfig-ipv6-push 2600:3c00:e000:280::2/64
EOF
########### end section including li/lj ###############
+
#### desktop stuff
case $codename_compat in
xenial)
pi task-mate-desktop
;;
buster)
- # mate doesnt have wayland support yet
- pi task-gnome-desktop
+ # todo: figure out mate for buster
+ # pi task-gnome-desktop
;;
bionic)
# by default, it sleeps when not logged in to x/wayland and on ac power.
# stop that.
- sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
- m systemctl --user stop gvfs-daemon
- m systemctl --user disable gvfs-daemon
+
+ if id -u gdm &>/dev/null; then
+ sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
+ m systemctl --user stop gvfs-daemon
+ m systemctl --user disable gvfs-daemon
+ fi
;;
esac
# fi
### end vpn server setup
-
##### rss2email
-# note, see bashrc for more documentation.
-pi rss2email
-sd /etc/systemd/system/rss2email.service <<'EOF'
+if mountpoint /p &>/dev/null; then
+ # note, see bashrc for more documentation.
+ pi rss2email
+ sd /etc/systemd/system/rss2email.service <<'EOF'
[Unit]
Description=rss2email
After=multi-user.target
# we pass options to use different location.
ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run
EOF
-sd /etc/systemd/system/rss2email.timer <<'EOF'
+ sd /etc/systemd/system/rss2email.timer <<'EOF'
[Unit]
Description=rss2email
[Install]
WantedBy=timers.target
EOF
-sudo systemctl daemon-reload
-
-
-######### begin pump.io periodic backup #############
-if [[ $HOSTNAME == frodo ]]; then
- sd /etc/systemd/system/pumpbackup.service <<'EOF'
-[Unit]
-Description=pump li backup
-After=multi-user.target
-
-[Service]
-User=iank
-Type=oneshot
-ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
-EOF
- sd /etc/systemd/system/pumpbackup.timer <<'EOF'
-[Unit]
-Description=pump li backup hourly
-
-[Timer]
-OnCalendar=hourly
-
-[Install]
-WantedBy=timers.target
-EOF
- ser daemon-reload
- sgo pumpbackup.timer
+ sudo systemctl daemon-reload
fi
-######### end pump.io periodic backup #############
######### begin irc periodic backup #############
# pi-nostart does not disable
ser disable openvpn
+
if [[ -e /p/c/gen-fsf-vpn ]]; then
/p/c/gen-fsf-vpn
fi
-m /a/bin/distro-setup/radicale-setup
+if mountpoint /o &>/dev/null; then
+ m /a/bin/distro-setup/radicale-setup
+fi
+
############# begin syncthing setup ###########
####### begin misc packages ###########
-sudo debconf-set-selections <<EOF
-gdm3 shared/default-x-display-manager select lightdm
-lightdm shared/default-x-display-manager select lightdm
-EOF
-
+# template
case $codename in
flidas)
:
;;
esac
+sudo update-alternatives --set pinentry /usr/bin/pinentry-gtk-2
+
# sakura config is owned by ian
m reset-sakura
# cabal update
# cabal install --upgrade-dependencies --force-reinstalls arbtt
# also, i assume syncing this between machines somehow messed up the data.
-case $codename in
- etiona)
- pi arbtt
- seru enable arbtt
- seru start arbtt
- ;;
-esac
-
+if mountpoint /p &>/dev/null; then
+ case $codename in
+ etiona)
+ pi arbtt
+ seru enable arbtt
+ seru start arbtt
+ ;;
+ esac
+fi
m primary-setup
### begin spd install
-pi libswitch-perl libdigest-md5-file-perl libgnupg-interface-perl
-t=$(mktemp)
-m wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb
-sudo dpkg -i $t
-m rm $t
-# this guesses at the appropriate directory, adjust if needed
-perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
-m sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]}
-# newer distro had gpg2 as default, older one, flidas, need to make it that way
-gpgpath=$(which gpg2)
-if [[ $x ]]; then
- sudo mkdir -p /usr/local/spdhackfix
- s lnf -T $gpgpath /usr/local/spdhackfix/gpg
+if mountpoint /p &>/dev/null; then
+ pi libswitch-perl libdigest-md5-file-perl libgnupg-interface-perl
+ t=$(mktemp)
+ m wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb
+ sudo dpkg -i $t
+ m rm $t
+ # this guesses at the appropriate directory, adjust if needed
+ perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
+ m sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]}
+ # newer distro had gpg2 as default, older one, flidas, need to make it that way
+ gpgpath=$(which gpg2)
+ if [[ $x ]]; then
+ sudo mkdir -p /usr/local/spdhackfix
+ s lnf -T $gpgpath /usr/local/spdhackfix/gpg
+ fi
fi
### end spd install
# nagstamon setting which were set through the ui
+# monitor url https://klaxon.fsf.org/cgi-bin
+# monitor url cgi https://klaxon.fsf.org/cgi-bin
# in filters tab:
-# all unknown sources
+# all unknown services
# all warning services
# acknowledged hosts & services
# hosts & services down for maintenence
# for my roommate
case $distro in
trisquel)
- # cant do buster due to old gpg
- m mkschroot debian stretch firefox-esr pulseaudio chromium
+ m mkschroot debian buster firefox-esr pulseaudio chromium
;;
debian)
pi chromium
sched="-s (S/../.././02|L/../../6/03)"
sudo sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
DEVICESCAN -a -o on -S on -n standby,q $sched \
--m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
+-m root@mail.iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
# in the default configuration of at least ubuntu 14.04, resolvconf is
# configured to order any nameservers associated with tun* or tap*
########### misc stuff
-if ! type -p t &>/dev/null; then
- pi ruby-dev libsqlite3-dev
- gem install --user timetrap
+
+if [[ ! -e ~/.local/bin/pip ]]; then
+ tmp=$(mktemp)
+ wget -O$tmp https://bootstrap.pypa.io/get-pip.py
+ python3 $tmp --user
+ hash -r
fi
+
+### begin timetrap setup
+if mountpoint /p &>/dev/null; then
+ mkdir -p ~/.timetrap/
+ ln -sf /a/opt/timetrap_formatters ~/.timetrap/formatters
+ if ! type -p t &>/dev/null; then
+ pi ruby-dev libsqlite3-dev
+ gem install --user timetrap
+ fi
+fi
+### end timetrap setup
+
+# leftover cleanup for t9
+pu resolvconf
+
case $codename in
# needed for debootstrap scripts for fai since fai requires debian
flidas)
m /a/bin/distro-setup/mymimes
-sgo dynamicipupdate
+sgo dynamicipupdate.timer
# stop autopoping windows when i plug in an android phone.
# nfs server
pi-nostart nfs-kernel-server
-
+# wireguard
+if [[ ! -e /etc/apt/sources.list.d/wireguard-ubuntu-wireguard-bionic.list ]]; then
+ sudo add-apt-repository -y ppa:wireguard/wireguard
+ sudo apt-get update
+ pi wireguard
+fi
+if [[ $HOSTNAME == tp ]]; then
+ sd /etc/wireguard/wg0.conf <<EOF
+[Interface]
+PrivateKey = $(cat /p/c/machine_specific/tp/filesystem/root/wg.key)
+Address = 10.3.0.2/24, fdfd::2/64
+
+[Peer]
+PresharedKey = $(cat /p/c/machine_specific/tp/filesystem/root/wg.psk)
+PublicKey = 9RnAsJB+ISrA/9lmDKBoT08oBiKwzA64exBBj+rO+ng=
+Endpoint = b8.nz:26000
+AllowedIPs = 10.3.0.1/24, fdfd::1/64
+PersistentKeepalive = 20
+EOF
+ sudo systemctl enable wg-quick@wg0
+ sudo systemctl start wg-quick@wg0
+fi
if [[ $HOSTNAME == frodo ]]; then
# nohide = export filesystems mounted deeper than the export point
# 1. it can be mounted with a shorthand of server:/
# 2. exports that are subdirectories of this one will automatically be mounted
tu /etc/exports <<'EOF'
-/k 10.0.0.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
+/k 10.0.0.0/24(rw,nohide,no_root_squash,async,no_subtree_check,insecure)
EOF
sudo exportfs -rav
fi
-
-
-
# if I was going to create a persistent vm, i might do it like this:
# variant=something # from: virt-install --os-variant list
# s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
fqdn=$(hostname -f)
up4=false
-if timeout -s 9 5 ssh-keyscan -p 2220 -t rsa 10.0.0.1 2>/dev/null | grep -qFx '[10.0.0.1]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn'; then
- # we are on home network
- cur4="$(host -4 b8.nz iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')"
+
+
+read -r _ _ gateway _ < <(ip -4 route get $(dig +short iankelling.org | tail -1))
+
+case $gateway in
+ 10.2.0.1)
+ dynhost=b8.nz
+ ;;
+ 10.0.0.1)
+ dynhost=t.b8.nz
+ ;;
+ *)
+ exit 0
+ ;;
+esac
+
+if timeout -s 9 5 ssh-keyscan -p 2220 -t rsa $gateway 2>/dev/null | grep -qFx "[$gateway]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn"; then
+ # we are on a home network
+ cur4="$(dig +short $dynhost @iankelling.org | tail -1)"
if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then
if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
- up4=true
+ up4=true # update ipv4
fi
fi
fi
if $up4; then
cat >>$f <<EOF
-update delete b8.nz. A
-update delete wrt.b8.nz. A
-update add b8.nz. 300 A $ip4
-update add wrt.b8.nz. 300 A $ip4
+update delete $dynhost. A
+update add $dynhost. 300 A $ip4
EOF
fi
if $up6; then
if [[ $HOSTNAME == tp ]]; then
cat >>$f <<EOF
-update delete b8.nz. AAAA
-update add b8.nz. 60 AAAA $ip6
+update delete $dynhost. AAAA
+update add $dynhost. 60 AAAA $ip6
EOF
fi
cat >>$f <<EOF
quit
EOF
-nsupdate -k /p/c/machine_specific/linode/filesystem/etc/bind/Kb8.nz.*.private <$f
-sed -i 's/^server .*/server l2.b8.nz/' $f
-nsupdate -k /p/c/machine_specific/linode/filesystem/etc/bind/Kb8.nz.*.private <$f
+nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
+sed -i 's/^server .*/server bk.b8.nz/' $f
+nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
exit
# # persistent initial setup for this:
-# # create files in /a/c/machine_specific/linode/filesystem/etc/bind
+# # create files in /a/c/machine_specific/vps/filesystem/etc/bind
# # note, conflink also does some group ownership stuff.
-
-mkc /p/c/machine_specific/linode/filesystem/etc/bind
+mkc /p/c/machine_specific/vps/filesystem/etc/bind
sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
user=$(id -un)
sudo chown $user:$user *
#myunison -ob li
#ssh li conflink
ssh li systemctl reload bind9
+
+
+# b8.nz has address 65.96.178.16
+# b8.nz has IPv6 address 2601:197:600:6efb:82fa:5bff:fe1c:6ecf
# Figured I'd leave it as post install so I could adjust the
# detect script easier.
Acquire::http::Proxy-Auto-Detect "/etc/apt/detect-http-proxy";
+
+# misc settings not worth making another settings file
+APT::AutoRemove::SuggestsImportant "false";
--- /dev/null
+Package: minetest minetest* libleveldb1d libncursesw6 libtinfo6
+Pin: release n=buster
+Pin-Priority: 500
* * * * * iank system-status |& log-once system-status
# If theres any logged errors we didnt handle in 4 days, maybe we accidentally missed them,
# so report if we did
-4 9 * * 5 root find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -mtime +4
+4 9 * * 5 root /a/bin/ds/check-stale-alerts
4 15 * * 5 iank /a/bin/ds/mailclean
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+if [[ ! -e /dev/shm/iank-status ]]; then
+ exit 0
+fi
+eval $(< /dev/shm/iank-status)
+
+if [[ $HOSTNAME != "$MAIL_HOST" || $HOST2 && $HOST2 != "$HOSTNAME" ]]; then
+ exit 0
+fi
+
lock_file=/tmp/check-lets-encrypt-ssl-settings
if [[ -e $lock_file ]]; then
- exit 0
+ exit 0
fi
d=/a/opt/certbot
gitget https://github.com/certbot/certbot.git $d &>/tmp/${0##*/}.log
cd $d
-f=certbot-apache/certbot_apache/options-ssl-apache.conf
-out=$(git log -p --since 2016-08-14 $f)
+f=certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
+out=$(git log -p --since 2020-04-06 $f)
if [[ $out ]]; then
- cat <<EOF
+ cat <<EOF
Let's encrypt has new ssl settings. Update your web servers, then
edit the date in $0, and
rm $lock_file
The change is:
$out
EOF
- touch $lock_file
+ touch $lock_file
fi
fi
fi
+# and broken again. see /usr/lib/systemd/user-environment-generators/90gpg-agent
+export GPG_AGENT_INFO=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent:0:1
+
+# and now trisquel9 + mate + i3 has broken ssh agent. I've had to fix
+# ssh or gpg agent like 10 times in different distros, and once again, i
+# randomly figured out this hack because there is no documentation. ssh
+# agent is started by a systemd service, which runs a wrapper script,
+# which adds env vars with some dbus thing. This is too much of a pita
+# to make work in ash/posix. I could just export the agent relevant
+# vars, but it seems like its better to just get whatever is missing,
+# but not override existing things because theres stuff like PWD. This
+# doesn't set SSH_AGENT_PID, but apparently its not needed anymore.
+# Note: what a huge pita to write this in posix shell.
+if test "$EUID" && [ "$EUID" != 0 ]; then
+ _sysenv=$(mktemp)
+ _sysenvnames=$(mktemp)
+ _unsetnames=$(mktemp)
+ systemctl --user show-environment >$_sysenv
+ grep -o '^[^=]*' $_sysenv | sort > $_sysenvnames
+ env -0 | grep -zo '^[^=]*' | xargs -0 printf "%s\n" | sort | \
+ comm --nocheck-order -13 - $_sysenvnames >$_unsetnames
+ while read -r unsetname; do
+ while read -r sysenv; do
+ case "$sysenv" in
+ "$unsetname"*) eval export "$sysenv" ;;
+ esac
+ done < $_sysenv
+ done < $_unsetnames
+ rm -f $_tmpf
+fi
+# and it seems that if we log into mate, it screws up the systemd env var anyways.
+_tmp=$(pgrep -a '^ssh-agent$' | sed -r 's/.*-a *([^ ]+).*/\1/')
+if test "_$tmp" && [ "$_tmp" != "$SSH_AUTH_SOCK" ]; then
+ export SSH_AUTH_SOCK="$_tmp"
+fi
# background:
--- /dev/null
+Section "InputClass"
+ Identifier "Kensington Kensington Slimblade Trackball"
+ MatchProduct "Kensington Kensington Slimblade Trackball"
+ MatchIsPointer "on"
+ MatchDevicePath "/dev/input/event*"
+ Driver "libinput"
+ Option "ButtonMapping" "1 8 3 4 5 6 7 2 9"
+ Option "ScrollButton" "8"
+ Option "ScrollMethod" "button"
+EndSection
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
if ! echo | /a/exe/cedit fsf /etc/dnsmasq-servers.conf; then
- if systemctl is-active dnsmasq >/dev/null; then
+ if systemctl is-active dnsmasq | grep -xF active &>/dev/null; then
nscd -i hosts
systemctl restart dnsmasq
fi
####### DO NOT EDIT LIVE CONFIG. generated from /a/bin/distro-setup/i3-sway/gen #######
-
+# https://i3wm.org/docs/userguide.html#keybindings
+#To get the current mapping of your keys, use xmodmap -pke. To
+#interactively enter a key and see what keysym it is configured to, use
+#xev.
set $mod Mod4
bindsym $mod+2 exec "pavucontrol"
bindsym $mod+5 exec "/a/bin/redshift.sh"
bindsym $mod+equal exec "t s w; t in"
bindsym $mod+Home exec "t out"
-bindsym $mod+End exec "t s x; t in x"
+#bindsym $mod+End exec "t s x; t in"
+bindsym $mod+grave exec "t s lunch; t in; t out -a '45 minutes from now'"
+
bindsym $mod+w focus parent
bindsym $mod+e fullscreen toggle
#hide_edge_borders smart
#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
+
+# Start clipster daemon
+exec --no-startup-id /a/opt/clipster/clipster -d
+# shortcut to selection widget (primary)
+bindsym $mod+End exec /a/opt/clipster/clipster -sp
fi
else
x=decrypt_keyctl
- # old name. can remove this sometime after aug 2019
- $sed -i "s#/root/keyscript-manual,#${x},#" /etc/crypttab
if grep -q "${x}," /etc/crypttab; then
$sed -i "s#${x},#/root/keyscript,#" /etc/crypttab
update-initramfs -u
--- /dev/null
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
+idle_limit=$((1000 * 60 * 45))
+idle_time=$(sudo -u '#1000' xprintidle 2>/dev/null) ||:
+if [[ $idle_time && $idle_limit -lt $idle_time ]]; then
+ btrbk run
+fi
--- /dev/null
+#!/bin/bash
+
+#https://askubuntu.com/questions/942366/how-to-disable-sleep-suspend-at-login-screen
+sudo xhost +si:localuser:lightdm # grants localuser rights to X session
+sudo su lightdm -s /bin/bash <<'EOF'
+/usr/bin/xset -dpms
+/usr/bin/xset s off
+EOF
--- /dev/null
+#!/bin/bash
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+
+f=/a/bin/bash_unpublished/source-state
+if [[ -e $f ]]; then
+ source $f
+fi
+case $HOSTNAME in
+ $MAIL_HOST)
+ local_mx=mail.iankelling.org
+ mkdir -p /etc/letsencrypt/live/$local_mx
+ chmod 700 /etc/letsencrypt/live
+ rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
+ # allow for temporary connection issues
+ ${rsync_common}fullchain.pem /etc/exim4/exim.crt ||:
+ ${rsync_common}privkey.pem /etc/exim4/exim.key ||:
+ if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then
+ echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
+ exit 1
+ fi
+ ;;
+ bk)
+ # the folder name depended on what the fqdn was when we got the initial
+ # cert.
+ ledir=/etc/letsencrypt/live/$(cat /etc/mailname)
+ if [[ ! -d $ledir ]]; then
+ ledir=/etc/letsencrypt/live/$(hostname -f)
+ fi
+
+ fullchain=$ledir/fullchain.pem
+ if ! diff -q $fullchain /etc/exim4/exim.crt &>/dev/null; then
+ install -m 644 $fullchain /etc/exim4/exim.crt
+ install -m 640 -g Debian-exim $ledir/privkey.pem /etc/exim4/exim.key
+ fi
+ if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt >/dev/null; then
+ echo "$0: error!: cert rsync failed and it will expire in less than 3 days" >&2
+ exit 1
+ fi
+ ;;
+esac
+
+# note: exim spec, 5.3 command line option -bd says that all files except
+# .include "are reread each time they are used."
+
+
+exit 0
# we could also just use 127.0.0.1 with no ssl, but todo: disable that in dovecot, so mail is secure from local programs.
#
# hamburger -> preferences -> preferences -> advanced tab -> config editor button -> security.ssl.enable_ocsp_must_staple = false
-# background: ovecot does not yet have ocsp stapling support
+# background: dovecot does not yet have ocsp stapling support
# reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921
#
# for phone, k9mail, same thing but username alerts, pass in ivy-pass.
-# also, l2.b8.nz for secondary alerts, username is iank. same alerts pass.
+# also, bk.b8.nz for secondary alerts, username is iank. same alerts pass.
# fetching mail settings: folder poll frequency 10 minutes
#######
# # for other hosts, each one get\'s their own password.
# # for generating secure pass, and storing for server too:
# f=$(mktemp)
-# I use $HOSTNAME as username
+# host=tp
# apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
-# s sed -i "/^$HOSTNAME:/d" /p/c/filesystem/etc/exim4/passwd
-# echo "$HOSTNAME:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
-# reference: exim4_passwd_client(5)
-# echo "mail.iankelling.org:$HOSTNAME:$(<$f)" > /p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
+# s sed -i "/^$host:/d" /p/c/filesystem/etc/exim4/passwd
+# echo "$host:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
+# #reference: exim4_passwd_client(5)
+# dir=/p/c/machine_specific/$host/filesystem/etc/exim4
+# mkdir -p $dir
+# echo "mail.iankelling.org:$host:$(<$f)" > $dir/passwd.client
# # then run this script
# # dovecot password, i just need 1 as I\'m the only user
# # this has several bugs addressed in comments, but it was helpful
# # https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
-# openssl genrsa -out $domain-private.pem 2048 -outform PEM
-# openssl rsa -in $domain-private.pem -out $domain.pem -pubout -outform PEM
+# openssl genrsa -out $domain-private.pem 2048
+# Then, to get the public key strings to put in bind:
+#
+# sed explanation: skip the first few lines, then put them into the hold space, then
+# on the last line, back to the patern space, remove the newlines, then add a newline
+# at the last char - 240, because bind txt records need strings <=255 chars,
+# other dkim stuff at the begining is is 25 chars, and the pubkey is 393, so this
+# leaves us a bit of extra room at the end and a bunch at the beginning.
+#
# # selector is needed for having multiple keys for one domain.
# # I dun do that, so just use a static one: li
# echo "txt record name: li._domainkey.$domain"
# # Join and print all but first and last line.
# # last line: swap hold & pattern, remove newlines, print.
# # lines 2+: append to hold space
-# echo "txt record contents:"
-# echo "v=DKIM1; k=rsa; p=$(sed -n '${x;s/\n//gp};2,$H' $domain.pem)"
+# echo "bind txt record contents:"
+# cat <<EOF
+# v=DKIM1\059 k=rsa\059 p="string1" "string2"
+# replace strin1 and 2 with
+# openssl rsa -in $domain-private.pem -pubout |&sed -rn '${x;s/\n//g;s/^(.*)(.{240}$)/\1\n\2/p};3,$H'
# # selector was also put into /etc/exim4/conf.d/main/000_local,
# # 2017-02 dmarc policies:
smarthost="$mxhost::$mxport"
+
+if [[ $(debian-codename-compat) == bionic ]]; then
+ cat >/etc/apt/preferences.d/spamassassin <<'EOF'
+Package: spamassassin sa-compile spamc
+Pin: release n=focal,o=Ubuntu
+Pin-Priority: 500
+EOF
+fi
+
+
## * Install packages
# light version of exim does not have sasl auth support.
-pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn
+pi exim4 exim4-daemon-heavy spamassassin spf-tools-perl openvpn p0f postgrey pyzor razor
+# note: pyzor debian readme says you need to run some initialization command
+# but its outdated.
if [[ $(debian-codename) == etiona ]]; then
# ip6tables stopped loading on boot. openvpn has reduced capability set,
### * user forward file
case $HOSTNAME in
- $MAIL_HOST|l2)
+ $MAIL_HOST|bk)
# afaik, these will get ignored on MAIL_HOST because they are routing to my own
# machine, but rm them is safer
rm -fv $uhome/.forward /root/.forward
systemctl daemon-reload
+# * postgrey
+
+
+cat >> /etc/default/postgrey <<'EOF'
+POSTGREY_OPTS="--exim --unix=/var/run/postgrey/postgrey.sock --retry-window=4 --max-age=60"
+EOF
# * spamassassin
+cat >/etc/sysctl.d/80-iank-mail.conf <<'EOF'
+# see exim spec
+net.netfilter.nf_conntrack_tcp_timeout_close_wait = 120
+EOF
+sysctl -p
+
+cat >/etc/spamassassin/mylocal.cf <<'EOF'
+# the normal local.cf has a bunch of upstream stuff i dont want to mess with
+
+# /usr/share/doc/exim4-base/README.Debian.gz:
+# SpamAssassin's default report should not be used in a add_header
+# statement since it contains empty lines. (This triggers e.g. Amavis'
+# warning "BAD HEADER SECTION, Improper folded header field made up
+# entirely of whitespace".) This is a safe, terse alternative:
+clear_report_template
+report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN
+internal_networks 85.119.83.50 2001:ba8:1f1:f0c9::2 209.51.188.13 2001:470:142::13
+EOF
+
+
if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
m systemctl stop spamassassin
m systemctl disable spamassassin
# systemd, buuut it can remake the tun device unexpectedly, i got this in the log
# after my internet was down for a bit:
# NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
- m /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org
+ m /a/exe/vpn-mk-client-cert -b mailclient -n mail -s /b/ds/mail-route li.iankelling.org
fi
fi
+rsync -aiSAX --chown=root:root --chmod=g-s /a/bin/ds/mail-cert-cron /usr/local/bin
-f=/usr/local/bin/mail-cert-cron
-cat >$f <<'EOF'
-#!/bin/bash
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-f=/a/bin/bash_unpublished/source-state
-if [[ -e $f ]]; then
- source $f
-fi
-if [[ $HOSTNAME != "$MAIL_HOST" ]]; then
- exit 0
-fi
-local_mx=mail.iankelling.org
-mkdir -p /etc/letsencrypt/live/$local_mx
-chmod 700 /etc/letsencrypt/live
-rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
-# allow for temporary connection issues
-${rsync_common}fullchain.pem /etc/exim4/exim.crt ||:
-${rsync_common}privkey.pem /etc/exim4/exim.key ||:
-if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then
- echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
- exit 1
-fi
-exit 0
-EOF
-m chmod 755 $f
cat >/etc/systemd/system/mailcert.service <<'EOF'
[Unit]
# from comments in
# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
-
-# The file is based on the outgoing domain-name in the from-header.
+# and its best for this to align https://tools.ietf.org/html/rfc7489#page-8
+# There could be some circumstance when the
+# from: isnt our domain, but the envelope sender is
+# and so still want to sign, but I cant think of any case.
DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
+# The file is based on the outgoing domain-name in the from-header.
# sign if key exists
DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
cat >/etc/exim4/conf.d/data_local_acl <<'EOF'
# Except for the "condition =", this was
# a comment in the check_data acl. The comment about this not
-# being suitable is mostly bs. The only thing related I found was to
+# being suitable has been changed in newer exim versions. The only thing
+# related I found was to
# add the condition =, cuz spamassassin has problems with big
# messages and spammers don't bother with big messages,
# but I've increased the size from 10k
# suggested in official docs, and 100k in the wiki example because
# those docs are rather old and I see a 110k spam message
# pretty quickly looking through my spam folder.
+
warn
- condition = ${if < {$message_size}{2000K}}
+ condition = ${if < {$message_size}{5000K}}
spam = Debian-exim:true
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
domains = ! +local_domains
senders = *@fsf.org
transport = remote_smtp_smarthost
- route_list = * mail.fsf.org byname
+ route_list = * mail.fsf.org::587 byname
+ host_find_failed = ignore
+ same_domain_copy_routing = yes
+ no_more
+
+posteosmarthost:
+ debug_print = "R: smarthost for $local_part@$domain"
+ driver = manualroute
+ domains = ! +local_domains
+ senders = *@posteo.net
+ transport = remote_smtp_smarthost
+ route_list = * posteo.de::587 byname
+ host_find_failed = ignore
+ same_domain_copy_routing = yes
+ no_more
+
+gnusmarthost:
+ debug_print = "R: smarthost for $local_part@$domain"
+ driver = manualroute
+ domains = ! +local_domains
+ senders = *@gnu.org
+ transport = remote_smtp_smarthost
+ route_list = * fencepost.gnu.org::587 byname
host_find_failed = ignore
same_domain_copy_routing = yes
no_more
# * if MAIL_HOST
case $HOSTNAME in
- $MAIL_HOST|l2)
+ $MAIL_HOST|bk)
dovecot-setup
m systemctl enable dovecot
m systemctl restart dovecot
CHECK_RCPT_VERIFY_SENDER = true
# These seem like a good idea and have stoped spammers on my server
CHECK_DATA_VERIFY_HEADER_SENDER = true
+# default config comment says: If you enable this, you might reject legitimate mail,
+# but eggs has had this a long time, so that seems unlikely.
+CHECK_DATA_VERIFY_HEADER_SYNTAX = true
CHECK_RCPT_SPF = true
CHECK_RCPT_REVERSE_DNS = true
CHECK_MAIL_HELO_ISSUED = true
# enable 587 in addition to the default 25, so that
# i can send mail where port 25 is firewalled by isp
daemon_smtp_ports = 25 : 587
+# default of 25, can get stuck when catching up on mail
+smtp_accept_max = 200
+smtp_accept_reserve = 50
+smtp_reserve_hosts = <; 85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; 209.51.188.13 ; 2001:470:142::13
EOF
m systemctl enable mailclean.timer
# man page: is used to build the local_domains list, together with "localhost"
# iank.bid is for testing
# mail.iankelling.org is for machines i own
-dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;!l2.b8.nz;*.b8.nz;b8.nz'
+dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;!bk.b8.nz;*.b8.nz;b8.nz'
EOF
# https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html
- d=/etc/systemd/system/openvpn@mail.service.d
+ d=/etc/systemd/system/$vpn_ser@mail.service.d
m mkdir -p $d
cat >$d/override.conf <<'EOF'
[Service]
RestartSec=1
[Unit]
-# StartLimitIntervalSec in recent systemd versions
-StartLimitInterval=0
+StartLimitIntervalSec=0
EOF
- if ! systemctl cat openvpn@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then
+ if ! systemctl cat $vpn_ser@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then
# needed for the above config to go into effect
m systemctl daemon-reexec
fi
;;&
## we use this host to monitor MAIL_HOST
- l2)
+ bk)
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# man page: is used to build the local_domains list, together with "localhost"
# mail.iankelling.org is for machines i own
-dc_other_hostnames='l2.b8.nz'
+dc_other_hostnames='bk.b8.nz'
EOF
# This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
# is no good.
/^root:/d
EOF
;;
- # not l2 and not MAIL_HOST
+ # not bk and not MAIL_HOST
*)
# * mail monitoring / testing
case $HOSTNAME in
- $MAIL_HOST|l2)
+ $MAIL_HOST|bk)
# note: cronjob "ian" also does some important monitoring
cat >/etc/cron.d/mailtest <<EOF
SHELL=/bin/bash
;;&
$MAIL_HOST)
test_from=ian@iankelling.org
- test_to=testignore@l2.b8.nz
+ test_to=testignore@bk.b8.nz
cat >>/etc/cron.d/mailtest <<EOF
2 * * * * $u check-remote-mailqs |& log-once check-remote-mailqs
EOF
;;&
- l2)
- test_from=iank@l2.b8.nz
+ bk)
+ test_from=iank@bk.b8.nz
test_to=testignore@iankelling.org
;;&
- $MAIL_HOST|l2)
+ $MAIL_HOST|bk)
cat >/usr/local/bin/send-test-forward <<EOFOUTER
#!/bin/bash
/usr/sbin/exim -t <<EOF
target=$1
f=$2
shift 2
- if [[ -e $f && ! -L $f ]]; then
- rm -rf $f
+ if [[ ! -L $f ]]; then
+ if [[ -e $f ]]; then
+ rm -rf $f
+ fi
+ m sudo -u $u ln -sf -T $target $f
fi
- m sudo -u $u ln -sf -T $target $f
done
for vol in q a o i; do
d=/$vol
if ! awk '{print $2}' /etc/fstab | grep -xF $d &>/dev/null; then
+
continue
fi
done
-### disabled
-if [[ $HOSTNAME == kdxxxxxxxxx ]]; then
- # partitioned it with fai partitioner outside of fai,
- # because it\'s worth it to have 1% space reserved for boot and
- # swap partitions in case I ever want to boot off those drives.
- # as root:
- # . /a/bin/fai/fai-wrapper
- # eval-fai-classfile /a/bin/fai/fai/config/class/51-multi-boot
- # fai-setclass ROTATIONAL
- # export LUKS_DIR=/q/root/luks/
- # # because the partition nums existed already
- # fai-setclass REPARTITION
- # /a/bin/fai/fai/config/hooks/partition.DEFAULT
-
- devs=(
- ata-TOSHIBA_MD04ACA500_84REK6NTFS9A-part1
- ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1
- ata-TOSHIBA_MD04ACA500_8471K430FS9A-part1
- ata-TOSHIBA_MD04ACA500_8481K493FS9A-part1
- )
- first=true
- for dev in ${devs[@]}; do
- if $first; then
- first=false
- tu /etc/fstab <<EOF
-/dev/mapper/crypt_dev_$dev /i btrfs noatime,subvol=i,noauto 0 0
-/dev/mapper/crypt_dev_$dev /mnt/iroot btrfs noatime,subvolid=0,noauto 0 0
-EOF
- fi
- tu /etc/crypttab <<EOF
-crypt_dev_$dev /dev/disk/by-id/$dev /q/root/luks/host-kd discard,luks
-EOF
- if [[ ! -e /dev/mapper/crypt_dev_$dev ]]; then
- cryptdisks_start crypt_dev_$dev
- fi
- done
- # note, could do an else here and have some kind of mount for /i
- # on other hosts.
-fi
-
exit $ret
PATH="$PATH:$p"
done
+todaycache=/tmp/timetraptoday
+newer() {
+ if [[ ! -e $todaycache ]]; then
+ return 1
+ fi
+ ! find $todaycache -mmin $1 -type f -exec false {} + &>/dev/null
+}
+td() { /a/opt/timetrap/bin/t d -ftotal all -m '^w|x$' "$@"; }
main() {
# clocked in or out?
cursheet=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;")
- : ${cursheet:=out}
+
+ if [[ $cursheet ]]; then
+ if i3-msg -t get_bar_config bar-0 | grep '"mode":"dock"' &>/dev/null; then
+ i3-msg -q 'bar mode hide'
+ fi
+ else
+ if i3-msg -t get_bar_config bar-0 | grep '"mode":"hide"' &>/dev/null; then
+ i3-msg -q 'bar mode dock'
+ fi
+ cursheet=out
+ fi
# maybe sometime show work and x separate
- today=$(t today -ftotal all)
+ if newer 3; then
+ today=$(< /tmp/timetraptoday)
+ elif newer 10; then
+ today=$(< /tmp/timetraptoday)
+ td -s today >/tmp/timetraptoday &
+ else
+ today=$(td -s today)
+ echo "$today" >/tmp/timetraptoday
+ fi
# hours remaining in the day:
if [[ -e $cache ]]; then
eval $(<$cache)
else
- week=$(t display -ftotal -s '8 days ago' -e 'yesterday' all)
+ week=$(td -s '8 days ago' -e 'yesterday')
printf 'week="%s"\n' "$week" >$cache
- week4=$(t display -ftotal -s '29 days ago' -e 'yesterday' all)
+ week4=$(td -s '29 days ago' -e 'yesterday')
printf 'week4="%s"\n' "$week4" >>$cache
fi
# weekly work+study in the last 4 weeks, not counting today.
today_left * .8 + done_today;
done_today;
($week + .05) /1;
-($week4 + .05) /1"|bc))
+($week4 + .05) /4"|bc))
printf "[ { \"full_text\": \""
if [[ $ps_char ]]; then
printf "%s| " "$ps_char"
# https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-1.0.html
# https://wiki.debian.org/MIME
# https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
-cp /etc/xdg/defaults.list /etc/xdg/mimapps.list
+cp /etc/xdg/defaults.list /etc/xdg/mimeapps.list
for f in /usr/share/applications/!(defaults).list; do
cp /etc/xdg/defaults.list /etc/xdg/${f##*/}
apt-rdepends
apt-show-versions
aptitude-doc-en
+ # dictionary / thesaurus
+ artha
asciidoc
backupninja
bash-doc
binutils-doc
bind9-doc
bind9utils
+ build-essential
bwm-ng
ccache
cloc
cpulimit
cron
debian-archive-keyring
+ debug-me
debootstrap
debconf-doc
+ devscripts
dillo
dirmngr
dnsutils
elinks
etckeeper
evince
+ fakeroot
+ fail2ban
fdupes
feh
filelight
gdb-doc
geoip-bin
geoip-database
+ geoip-database-extra
git-doc
git-email
git-svn
guvcview
hunspell
i3lock
+ info
inotify-tools
iputils-tracepath
iperf3
mps-youtube
mpv
mumble
+ mupdf
nagstamon
namazu2
ncdu
perl-doc
pianobar
pinentry-tty
+ pinentry-gtk2
pidgin
pidgin-otr
pry
squashfs-tools
strace
subversion
+ swaks
swh-plugins
tar-doc
tcpdump
source /a/bin/bash_unpublished/source-state
fi
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- # arbtt disabled for now
- #DISPLAY=:0 arbtt-capture --sample-rate=10 &
- m sudo systemctl start rss2email.timer
- m sudo systemctl enable rss2email.timer
- m sudo systemctl start btrbk.timer
- m sudo systemctl enable btrbk.timer
+if dpkg -s rss2email &>/dev/null; then
+ if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
+ # arbtt disabled for now
+ #DISPLAY=:0 arbtt-capture --sample-rate=10 &
+ m sudo systemctl start rss2email.timer
+ m sudo systemctl enable rss2email.timer
+ m sudo systemctl start btrbk.timer
+ m sudo systemctl enable btrbk.timer
-else
- m sudo systemctl stop rss2email.timer
- m sudo systemctl stop rss2email.service
- m sudo systemctl disable rss2email.timer
- # arbtt disabled for now
- # for ((i=0; i<10; i++)); do
- # killall arbtt-capture || break
- # sleep 1
- # if [[ $i == 9 ]]; then
- # exit 1
- # fi
- # done
+ else
+ m sudo systemctl stop rss2email.timer
+ m sudo systemctl stop rss2email.service
+ m sudo systemctl disable rss2email.timer
+ # arbtt disabled for now
+ # for ((i=0; i<10; i++)); do
+ # killall arbtt-capture || break
+ # sleep 1
+ # if [[ $i == 9 ]]; then
+ # exit 1
+ # fi
+ # done
+ fi
fi
if dpkg -s radicale &>/dev/null; then
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
fi
+if ! mountpoint /o; then
+ echo "error /o is not a mountpoint" >&2
+ exit 1
+fi
+
source /a/bin/bash_unpublished/source-state
source /a/bin/distro-functions/src/package-manager-abstractions
# davdroid setup instructions at the bottom
vpn_ser=openvpn-client
if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
- vpn_ser=openvpn
+ vpn_ser=openvpn
fi
d=/etc/systemd/system/radicale.service.d
IFS=:; read -r _ _ uid _ < <(getent passwd radicale ); unset IFS
IFS=:; read -r _ _ gid _ < <(getent group radicale ); unset IFS
if [[ $uid != 609 ]]; then
- systemctl stop radicale ||:
- usermod -u 609 radicale
- groupmod -g 609 radicale
- usermod -g 609 radicale
+ systemctl stop radicale ||:
+ usermod -u 609 radicale
+ groupmod -g 609 radicale
+ usermod -g 609 radicale
fi
log_p=/var/log/radicale
[[ -d $log_p ]] || log_p=
sed -ri 's/^\s*#+\s*(ENABLE_RADICALE\s*=\s*yes\s*)/\1/' /etc/default/radicale
setini() {
- key="$1" value="$2" section="$3"
- file="/etc/radicale/config"
- sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
+ key="$1" value="$2" section="$3"
+ file="/etc/radicale/config"
+ sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
}
# comments say default is 0.0.0.0:5232
setini hosts 10.8.0.4:5232 server
if [[ $HOSTNAME == $MAIL_HOST ]]; then
- systemctl start radicale
- systemctl enable radicale
+ systemctl start radicale
+ systemctl enable radicale
fi
# disable power management feature, set to 240 min sync interval,
####### DO NOT EDIT LIVE CONFIG. generated from /a/bin/distro-setup/i3-sway/gen #######
-
+# https://i3wm.org/docs/userguide.html#keybindings
+#To get the current mapping of your keys, use xmodmap -pke. To
+#interactively enter a key and see what keysym it is configured to, use
+#xev.
set $mod Mod4
bindsym $mod+2 exec "pavucontrol"
bindsym $mod+5 exec "/a/bin/redshift.sh"
bindsym $mod+equal exec "t s w; t in"
bindsym $mod+Home exec "t out"
-bindsym $mod+End exec "t s x; t in x"
+#bindsym $mod+End exec "t s x; t in"
+bindsym $mod+grave exec "t s lunch; t in; t out -a '45 minutes from now'"
+
bindsym $mod+w focus parent
bindsym $mod+e fullscreen toggle
#hide_edge_borders smart
#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
+
+# Start clipster daemon
+exec --no-startup-id /a/opt/clipster/clipster -d
+# shortcut to selection widget (primary)
+bindsym $mod+End exec /a/opt/clipster/clipster -sp
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
fullscreen_key=F11
set_colorset_accelerator=5
icon_file=terminal-tango.svg
+use_fading=false
+scrollable_tabs=true
+word_chars=-,./?%&#_~:
####### DO NOT EDIT LIVE CONFIG. generated from /a/bin/distro-setup/i3-sway/gen #######
-
+# https://i3wm.org/docs/userguide.html#keybindings
+#To get the current mapping of your keys, use xmodmap -pke. To
+#interactively enter a key and see what keysym it is configured to, use
+#xev.
set $mod Mod4
bindsym $mod+2 exec "pavucontrol"
bindsym $mod+5 exec "/a/bin/redshift.sh"
bindsym $mod+equal exec "t s w; t in"
bindsym $mod+Home exec "t out"
-bindsym $mod+End exec "t s x; t in x"
+#bindsym $mod+End exec "t s x; t in"
+bindsym $mod+grave exec "t s lunch; t in; t out -a '45 minutes from now'"
+
bindsym $mod+w focus parent
bindsym $mod+e fullscreen toggle
#hide_edge_borders smart
#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
+
+# Start clipster daemon
+exec --no-startup-id /a/opt/clipster/clipster -d
+# shortcut to selection widget (primary)
+bindsym $mod+End exec /a/opt/clipster/clipster -sp
# exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
# gpg -k
# for aur, automatically dl & add gpg keys.
-keyserver-options auto-key-retrieve
+#keyserver-options auto-key-retrieve
# start gpg agent on login
use-agent
<!DOCTYPE kpartgui>
-<kpartgui version="24" name="session">
+<kpartgui name="session" version="24">
<MenuBar>
<Menu name="file">
- <Action name="file_save_as" group="session-operations"/>
+ <Action group="session-operations" name="file_save_as"/>
<Separator group="session-operations"/>
- <Action name="file_print" group="session-operations"/>
+ <Action group="session-operations" name="file_print"/>
<Separator group="session-operations"/>
- <Action name="open-browser" group="session-operations"/>
- <Action name="close-session" group="session-tab-operations"/>
+ <Action group="session-operations" name="open-browser"/>
+ <Action group="session-tab-operations" name="close-session"/>
</Menu>
<Menu name="edit">
- <Action name="edit_copy" group="session-edit-operations"/>
- <Action name="edit_paste" group="session-edit-operations"/>
+ <Action group="session-edit-operations" name="edit_copy"/>
+ <Action group="session-edit-operations" name="edit_paste"/>
<Separator group="session-edit-operations"/>
- <Action name="select-all" group="session-edit-operations"/>
+ <Action group="session-edit-operations" name="select-all"/>
<Separator group="session-edit-operations"/>
- <Action name="copy-input-to" group="session-edit-operations"/>
- <Action name="send-signal" group="session-edit-operations"/>
- <Action name="rename-session" group="session-edit-operations"/>
- <Action name="zmodem-upload" group="session-edit-operations"/>
+ <Action group="session-edit-operations" name="copy-input-to"/>
+ <Action group="session-edit-operations" name="send-signal"/>
+ <Action group="session-edit-operations" name="rename-session"/>
+ <Action group="session-edit-operations" name="zmodem-upload"/>
<Separator group="session-edit-operations"/>
- <Action name="edit_find" group="session-edit-operations"/>
- <Action name="edit_find_next" group="session-edit-operations"/>
- <Action name="edit_find_prev" group="session-edit-operations"/>
+ <Action group="session-edit-operations" name="edit_find"/>
+ <Action group="session-edit-operations" name="edit_find_next"/>
+ <Action group="session-edit-operations" name="edit_find_prev"/>
</Menu>
<Menu name="view">
- <Action name="monitor-silence" group="session-view-operations"/>
- <Action name="monitor-activity" group="session-view-operations"/>
+ <Action group="session-view-operations" name="monitor-silence"/>
+ <Action group="session-view-operations" name="monitor-activity"/>
<Separator group="session-view-operations"/>
- <Action name="enlarge-font" group="session-view-operations"/>
- <Action name="shrink-font" group="session-view-operations"/>
- <Action name="set-encoding" group="session-view-operations"/>
+ <Action group="session-view-operations" name="enlarge-font"/>
+ <Action group="session-view-operations" name="shrink-font"/>
+ <Action group="session-view-operations" name="set-encoding"/>
<Separator group="session-view-operations"/>
- <Action name="clear-history" group="session-view-operations"/>
- <Action name="clear-history-and-reset" group="session-view-operations"/>
+ <Action group="session-view-operations" name="clear-history"/>
+ <Action group="session-view-operations" name="clear-history-and-reset"/>
</Menu>
<Menu name="settings">
- <Action name="edit-current-profile" group="session-settings"/>
- <Action name="switch-profile" group="session-settings"/>
+ <Action group="session-settings" name="edit-current-profile"/>
+ <Action group="session-settings" name="switch-profile"/>
</Menu>
</MenuBar>
<Menu name="session-popup-menu">
<Action name="close-session"/>
</Menu>
<ActionProperties scheme="Default">
- <Action shortcut="Ctrl+@" name="open-browser"/>
- <Action shortcut="Ctrl+Shift+R" name="edit_find_next"/>
- <Action shortcut="Ctrl+Shift+E" name="edit_find_prev"/>
+ <Action name="open-browser" shortcut="Ctrl+@"/>
+ <Action name="edit_find_next" shortcut="Ctrl+Shift+R"/>
+ <Action name="edit_find_prev" shortcut="Ctrl+Shift+E"/>
+ <Action name="enlarge-font" shortcut="Ctrl++; "/>
</ActionProperties>
</kpartgui>
fileinto :create "l/sr.ht-discuss";
stop;
}
+if anyof (
+ header :contains "list-id" "<lt.lists.liberationtech.org>"
+ ) {
+ fileinto :create "l/liberationtech";
+ stop;
+ }
if anyof (
fileinto :create "l/sr.ht-discuss";
stop;
}
+if anyof (
+ header :contains "list-id" "<lt.lists.liberationtech.org>"
+ ) {
+ fileinto :create "l/liberationtech";
+ stop;
+ }
if anyof (
chars=("${first_chars[@]}")
# clock us out in timetrap if are idle too long
- export DISPLAY=:0
- if type -p xprintidle &>/dev/null; then
- xidle=$(xprintidle)
- if [[ $xidle == [0-9]* ]]; then
- now=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;")
- if [[ $now && $xidle -gt 300000 ]]; then
- timetrap out
+ if [[ -e /p/.timetrap.db ]]; then
+ export DISPLAY=:0
+ if type -p xprintidle &>/dev/null && xidle=$(xprintidle 2>/dev/null); then
+ if [[ $xidle == [0-9]* ]]; then
+ sheet=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;")
+ idle=300000
+ if [[ $sheet == w ]]; then
+ idle=900000
+ fi
+ if [[ $sheet && $xidle -gt $idle ]]; then
+ timetrap out
+ fi
fi
fi
fi
case $HOSTNAME in
# No point in emailing about the mailq on a host where we don't
# check email.
- $MAIL_HOST|l2)
+ $MAIL_HOST|bk)
lo -1 qlen $qmsg
;;
esac
iankelling.org / git / distro-setup / commitdiff