at_home=true
;;
x2|x3|sy|so)
- if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
&& ip n show 10.2.0.1 | grep . &>/dev/null; then
# note: logic duplicated in 11-iank
at_home=true
esac
case $codename_compat in
- jammy)
+ jammy|noble)
s systemctl enable --now ssh-agent-iank
;;
esac
# s fwupdmgr get-updates
# says I have 3 "devices with no available firmware updates"
# if there were updates, install with: s fwupdmgr update
+
+ check_downgrade=false
+ if [[ ! -e /etc/apt/preferences.d/system76-apt-preferences ]]; then
+ check_downgrade=true
+ fi
pi system76-firmware system76-driver fwupd
+ if $check_downgrade && [[ -e /etc/apt/preferences.d/system76-apt-preferences ]]; then
+ # driver installs a preferences file to give s76 packages
+ # priority so we may need to downgrade here.
+ pup --allow-downgrades
+ fi
# system76-driver: on a modern kernel, it seems to mainly just do
# some power settings, I haven't looked entirely through it. it
# might also change fan speed. Of its recommended packages,
ubuntu)
case $codename in
noble)
- # mint firefox has a dependency which is totally not really
- # needed, just some mint branding and maybe a random firefox
- # setting.
- tmpdir="$(mktemp -d)"
- cd "$tmpdir"
- # edited from output of equivs-control ubuntu-system-adjustments
- cat >ubuntu-system-adjustments <<'EOF'
+ if pcheck ubuntu-system-adjustments; then
+ # mint firefox has a dependency which is totally not really
+ # needed, just some mint branding and maybe a random firefox
+ # setting.
+ tmpdir="$(mktemp -d)"
+ # it puts the deb in .., so use a subdir to stay contained
+ mkdir $tmpdir/sub
+ cd "$tmpdir/sub"
+ # edited from output of equivs-control ubuntu-system-adjustments
+ cat >ubuntu-system-adjustments <<'EOF'
Section: misc
Priority: optional
Version: 2030
Package: ubuntu-system-adjustments
Description: ubuntu-system-adjustments-dummy
EOF
- equivs-build ubuntu-system-adjustments
- sudo dpkg -i ubuntu-system-adjustments_2030_all.deb
- rm -rf ./ubuntu-system-adjustments*
- cd
- rm -r "$tmpdir"
+ equivs-build ubuntu-system-adjustments
+ sudo dpkg -i ../ubuntu-system-adjustments_2030_all.deb
+ cd
+ rm -r "$tmpdir"
+ fi
;;
esac
pi firefox
case $(debian-codename) in
aramo)
- tmpdir="$(mktemp -d)"
- cd "$tmpdir"
- # edited from output of equivs-control tox
- cat >tox <<'EOF'
+ if pcheck tox; then
+ tmpdir="$(mktemp -d)"
+ cd "$tmpdir"
+ # edited from output of equivs-control tox
+ cat >tox <<'EOF'
Section: python
Priority: optional
Standards-Version: 3.9.2
Package: tox
Description: tox-dummy
EOF
- equivs-build tox
- sudo dpkg -i tox_1.0_all.deb
- rm -rf ./tox*
- pi beets python3-discogs-client
- cd
- rm -r "$tmpdir"
+ equivs-build tox
+ sudo dpkg -i tox_1.0_all.deb
+ rm -rf ./tox*
+ pi beets python3-discogs-client
+ cd
+ rm -r "$tmpdir"
+ fi
;;
esac
-
targets:
- localhost:9100
+ - sowg:9100
- sywg:9100
- x3wg:9100
if [[ -e /var/local/mail-setup-reload ]]; then
reload=true
fi
-u() { # update file. note: duplicated in brc
+# update file.
+# if the file changed, ur=true, else false.
+# note: duplicated in brc
+u() {
local tmp tmpdir dest="$1"
local base="${dest##*/}"
local dir="${dest%/*}"
esac
-lines=(
- "/etc/resolved-nsswitch/nsswitch.conf r,"
- "/etc/basic-nsswitch/nsswitch.conf r,"
- # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
- # I dont know if this is quite the right fix, but I saw other sockets
- # in the nameservice files that were rw, so figured it was ok to add this and it worked.
- "/run/systemd/resolve/io.systemd.Resolve rw,"
-)
-f=/etc/apparmor.d/abstractions/nameservice
-apparmor_reload=false
-if [[ -e $f ]]; then
- for l in "${lines[@]}"; do
- if ! grep -qF "$l" $f; then
- sudo sed -i "/\/nsswitch.conf/a $l" $f
- apparmor_reload=true
- if ! grep -qF "$l" $f; then
- echo "$0: failed editing $f. investigate"
- exit 1
- fi
- fi
- done
- if $apparmor_reload && systemctl is-active apparmor; then
- m ser reload apparmor
- fi
+u /etc/apparmor.d/abstractions/nameservice.d/iank <<'EOF'
+/etc/resolved-nsswitch/nsswitch.conf r,
+/etc/basic-nsswitch/nsswitch.conf r,
+# Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+# I dont know if this is quite the right fix, but I saw other sockets
+# in the nameservice files that were rw, so figured it was ok to add this and it worked.
+/run/systemd/resolve/io.systemd.Resolve rw,
+EOF
+
+if $ur && systemctl is-active apparmor; then
+ m systemctl reload apparmor
fi
# which will overwrite any existing file
u /etc/default/exim4 <<'EOF'
QUEUERUNNER='combined'
-# note: this is duplicated in brc2, 10m here is -q10m there.
QUEUEINTERVAL='10m'
COMMONOPTIONS='-C /etc/exim4/my.conf'
UPEX4OPTS='-o /etc/exim4/my.conf'
+# in t12 exim, this replaces all the above options
+EXIMSERVICE='-bdf -q10m -C /etc/exim4/my.conf'
# i use epanic-clean for alerting if there are bad paniclog entries
E4BCD_WATCH_PANICLOG='no'
EOF
# limitations under the License.
-# Usage: mail-test-check [slow] [int|nonint]
+# Usage: mailtest-check [slow] [int|nonint]
#
# slow: do slow checks, like spamassassin
#
if [[ ! $spamdpid || ! -d /proc/$spamdpid ]]; then
# try twice in case we are restarting, it happens.
for (( i=0; i<2; i++ )); do
- spamdpid=$(systemctl show --property MainPID --value spamassassin | sed 's/^[10]$//' ||:)
+ spamdpid=$(systemctl show --property MainPID --value $spamd_ser | sed 's/^[10]$//' ||:)
if [[ $spamdpid ]]; then
break
fi
raw_results="$(tail $resultfile | grep -A2 -Fx /usr/local/bin/send-test-forward | tail -n+2 | sed -nr 's/^\([^)]*\) *//;s/=[^, ]*([, ]|$)/ /gp')"
for r in $raw_results; do
case $r in
+ # This came in t12, but its just dkim + spf, and my
+ # systems aren't all t12, so ignore it for now.
+ DMARC_PASS) : ;;
# got this in an update 2022-01. dun care
T_SCC_BODY_TEXT_LINE|SCC_BODY_SINGLE_WORD) : ;;
# we have a new domain, ignore this.
iankelling.org / git / distro-setup / commitdiff