_khfix_common() {
local host ip port
- read -r host ip port < <(timeout 1 ssh -oBatchMode=yes -oControlMaster=no -oControlPath=/ -v $1 |& sed -rn "s/debug1: Connecting to ([^ ]+) \[([^\]*)] port ([0-9]+).*/\1 \2 \3/p" || [[ $? == 124 ]])
+ read -r host ip port < <(timeout -s 9 2 ssh -oBatchMode=yes -oControlMaster=no -oControlPath=/ -v $1 |& sed -rn "s/debug1: Connecting to ([^ ]+) \[([^\]*)] port ([0-9]+).*/\1 \2 \3/p" || [[ $? == 124 ]])
if [[ ! $ip ]]; then
echo "khfix: ssh failed"
return 1
fi
echo "khfix: removing key for $ip_entry"
ssh-keygen -R "$ip_entry" -f $(readlink -f ~/.ssh/known_hosts)
+ rootsshsync
}
khfix() { # known hosts fix
_khfix_common "$@" || return 1
exiqgrep -i | xargs exim -Mrm
}
+econfdevnew() {
+ rm -rf /tmp/edev
+ mkdir -p /tmp/edev/etc
+ cp -ra /etc/exim4 /tmp/edev/etc
+ cp -ra /etc/alias* /tmp/edev/etc
+ find /tmp/edev/etc/exim4 -type f -execdir sed -i "s,/etc/,/tmp/edev/etc/,g" '{}' +
+ econfdev
+}
+econfdev() {
+ update-exim4.conf -d /tmp/edev/etc/exim4 -o /tmp/edev/e.conf
+}
+
+
# shellcheck disable=SC2032
f() {
/usr/bin/nagstamon &
}
+nmt() {
+ s nmtui-connect "$@"
+}
+
nopanic() {
# shellcheck disable=SC2024
sudo tee -a /var/log/exim4/paniclog-archive </var/log/exim4/paniclog; sudo truncate -s0 /var/log/exim4/paniclog
if [[ $(systemctl is-active systemd-resolved ||:) != inactive ]]; then
m sudo systemctl restart systemd-resolved
fi
+ if type -P resolvectl &>/dev/null; then
+ resolvectl flush-caches
+ fi
}
rmstrips() {
EOF
}
+# usage mkschroot [-] distro codename packages
+# - means no piping in of sources.list
mkschroot() {
+ local force=false
+ while [[ $1 == -* ]]; do
+ case $1 in
+ -f) force=true; shift ;;
+ -s)
+ sources="$2"
+ shift 2
+ ;;
+ esac
+ done
distro=$1
shift
case $distro in
;;
esac
n=$1
+
shift
- if schroot -l | grep -xFq chroot:$n; then
+ if ! $force && schroot -l | grep -xFq chroot:$n; then
echo "$0: $n schroot already installed, skipping"
return 0
fi
preserve-environment=true
users=$USER,user2
EOF
- if [[ -e $d/bin ]]; then
- sudo chroot $d apt-get update
- sudo chroot $d DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade --purge --auto-remove
- cd; sudo schroot -c $n -- DEBIAN_FRONTEND=noninteractive apt-get install --allow-unauthenticated -y ${apps[@]}
- else
+ cd
+ if [[ ! -e $d/bin ]]; then
sudo mkdir -p $d
# resolvconf otherwise schroot fails with
# cp: not writing through dangling symlink '/var/run/schroot/mount/flidas-7a2362e0-81b3-4848-92c1-610203ef5976/etc/resolv.conf'
sudo debootstrap --exclude=resolvconf $n $d $repo
- cd
- if (( ${#apps[@]} )); then
- sudo schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
- fi
fi
+ if [[ $sources ]]; then
+ sudo install -m 644 $sources $d/etc/apt/sources.list
+ fi
+ sudo chroot $d apt-get update
+ sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
+ sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
sudo cp -P {,$d}/etc/localtime
}
(( $# == 1 )) || return 1
cur="$(awk '$2 == "/bu/mnt" {print $1}' /proc/mounts)"
if [[ $cur ]]; then
- if [[ $cur != "$host:/bu/md" ]]; then
+ if [[ $cur == "$host:/bu/md" ]]; then
+ return 0
+ else
fusermount -u /bu/mnt
fi
- else
- sshfs $host:/bu/md /bu/mnt
fi
+ sshfs $host:/bu/md /bu/mnt
ser start exim4
}
bu() {
# todo: make sm pull/push use systemd instead of the journal cat command
bbk() { # btrbk wrapper
-
+ local ret=0
c /
local active=true
systemctl is-active btrbk.timer || active=false
# Note, an alternative without systemd would be something like ts.
# Note, I tried using systemd-cat, but this seems obviously better,
# and that seemed to have a problem exiting during a systemctl daemon-reload
- local cmd_name ret jr_pid s
+ local cmd_name jr_pid s
ret=0
cmd_name=${1##*/}
cmd=$1
kill $jr_pid &>/dev/null ||:
unset jr_pid
fg &>/dev/null ||:
- return $ret
}
# service run, and watch the output
srun() {
cmd=chromium
else
cd /
- cmd="schroot -c stretch chromium"
+ cmd="schroot -c buster chromium"
CHROMIUM_FLAGS='--enable-remote-extensions' $cmd &r
fi
}
to "$*"
t s lunch
t in -a "$*"
- m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/\./ /')" +%s) + 60*45 )) )
- t s w
-}
-tlo() {
- t s lunch
- t in -a "$*"
- m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/\./ /')" +%s) + 60*45 )) )
+ m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/[_.]/ /g')" +%s) + 60*45 )) )
t s w
}
# use * instead of -r since that does sorted order
ssh root@iankelling.org "cd $d/#$1; grep '\<iank.*' *" | cut --complement -c12-16
}
+myjab() {
+ c /p/c/.purple/logs/jabber/iank@fsf.org/office@conference.fsf.org.chat
+ for x in *.html; do html2text -o ${x%.html}.txt $x; done;
+ grep -A1 ') iank:' *.txt | sed -r 's/^(.{10})[^ ]*\.txt:\(?([^ ]*)[[:space:]](..). iank:/\1_\2_\3/;s/^[^ ]*\.txt-//;/^--$/d;s/^[^ ]*\.txt:\((.{2}).(.{2}).(.{4}) (.{8}) (.{2})\)?/\3-\1-\2_\4_\5/' | sed -n 'x;1d;0~2{G;s/\n/ /;p};${x;p}'
+ }
allmyirc() {
local d
d=/var/lib/znc/moddata/log/iank/freenode
--exclude='/etc/exim4/passwd*'
--exclude='/etc/exim4/*.pem'
$fs/ / )
- echo "${cmd[*]}"
+ echo "${cmd[@]@Q}"
while read -r line; do
file="${line:12}"
case $file in
# A = preserve acls
# X = preserve extended attributes
# i = itemize
- done < <(${cmd[@]})
+ done < <("${cmd[@]}")
fi
if [[ -e $dir/subdir_files ]]; then
esac
f=/etc/apparmor.d/abstractions/nameservice
-if [[ -e $f ]] && ! grep -q /etc/nsswitch/nsswitch.conf $f; then
+if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then
sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f
sudo sed -i '/\/etc\/nsswitch.conf/a /etc/basic-nsswitch/nsswitch.conf r,' $f
if sytemctl is-enabled apparmor; then
if isdeb && [[ $(debian-codename) == nabia ]]; then
sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF'
Explanation: libkf5* are for konsole libilmbase* are needed for emacs
-Package: libkf5solid5 libkf5solid5-data libilmbase-dev libilmbase24 ansible unrar-free genisoimage pidgin pidgin-* libpurple0 linux-doc p7zip genisoimage mumble hplip cups-filters libcupsfilters1 libfontembed1 cups-filters-core-drivers tor lightdm mate-desktop-environment mate-desktop-environment-* mate-menus mate-panel mate-panel-* mate-session-manager libmate-* libgoa-* ubuntu-mate-default-settings mate-control-center mate-control-center-common gir1.2-matemenu-* lightdm-gtk-greeter liblightdm-gobject-* firefox
+Package: libkf5solid5 libkf5solid5-data libilmbase-dev libilmbase24 ansible unrar-free pidgin pidgin-* libpurple0 linux-doc p7zip mumble hplip cups-filters libcupsfilters1 libfontembed1 cups-filters-core-drivers lightdm mate-desktop-environment mate-desktop-environment-* mate-menus mate-panel mate-panel-* mate-session-manager libmate-* libgoa-* ubuntu-mate-default-settings mate-control-center mate-control-center-common gir1.2-matemenu-* lightdm-gtk-greeter liblightdm-gobject-* firefox libfdk-aac1
Pin: release n=focal,o=Ubuntu
Pin-Priority: 500
EOF
sudo mkdir -p $dir
fi
+case $HOSTNAME in
+ kd)
+ tu /etc/fstab <<'EOF'
+/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0
+EOF
+ if ! mountpoint /d &>/dev/null; then
+ sudo mkdir /d
+ if [[ -d /mnt/r7/d ]]; then
+ sudo mount /d
+ fi
+ fi
+ ;;
+esac
+
+
##### setup email
primary-setup
/a/exe/ssh-emacs-setup
fi
+if [[ $HOSTNAME == kd ]] && ! mountpoint /d &>/dev/null; then
+ cat <<'EOFOUTER'
+# if this is a fresh reinstall, need to run something like this
+# to restore data:
+mkdir /mnt/r7/btrbk
+btrbk archive /mnt/rust1/btrbk /mnt/r7/btrbk
+btrfs sub snap /mnt/r7/btrbk/LATEST /mnt/r7/d
+mount /d
+EOFOUTER
+fi
+
echo 0 >~/.local/distro-begin
echo "$0: $(date): ending now"
codename_compat=$(debian-codename-compat)
pending_reboot=false
sed="sed --follow-symlinks"
+
+# when we schroot, it will fail if we are in a directory that doesnt exist in the chroot
+cd /
+
## template:
# case $distro in
# esac
esac
# 2020-03-03 old file
-rm -fv /etc/apt/preferences.d/radicale
+s rm -fv /etc/apt/preferences.d/radicale
######### end universal pinned packages ######
### system76 things ###
case $HOSTNAME in
sy)
# note, i stored the initial popos packages at /a/bin/data/popos-pkgs
- if [[ ! -d /etc/apt/sources.list.d/system76.list ]]; then
+ if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
# https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
sd /etc/apt/sources.list.d/system76.list <<EOF
deb http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
;;
esac
+# ppa:obsproject/obs-studio
+if [[ ! -d /etc/apt/sources.list.d/obs.list ]]; then
+ # https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
+ sd /etc/apt/sources.list.d/obs.list <<EOF
+deb http://ppa.launchpad.net/obsproject/obs-studio/ubuntu $codename_compat main
+deb-src http://ppa.launchpad.net/obsproject/obs-studio/ubuntu $codename_compat main
+EOF
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BC7345F522079769F5BBE987EFC71127F425E228
+ p update
+fi
+
+case $codename in
+ etiona)
+ sd /etc/apt/preferences.d/obs <<EOF
+Package: libfdk-aac1
+Pin: release n=bionic
+Pin-Priority: 500
+EOF
+ sd /etc/apt/preferences.d/chromium <<EOF
+Package: chromium-*
+Pin: release n=bionic
+Pin-Priority: 500
+EOF
+
+ ;;
+esac
+
+
##### begin automatic upgrades (after checkrestart has been installed) ####
# if apt-config-auto-update is installed,
#seru start psd
+# old filename
+sudo rm -fv /etc/systemd/resolved.conf.d/iank.conf
+
# website is dead june 14 2019. back in october, but meh
sudo rm -fv /etc/apt/sources.list.d/iridium-browser.list
# case $distro in
# for my roommate
case $distro in
trisquel)
- m mkschroot debian buster firefox-esr pulseaudio chromium anki
+ m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/buster.list/BUSTER_FREE \
+ debian buster firefox-esr pulseaudio chromium anki
case $(debian-codename) in
etiona|nabia)
# we have a lot of t8 stuff, useful to have
- mkschroot trisquel flidas
+ m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/flidas.list/FLIDAS \
+ trisquel flidas
tu /nocow/schroot/flidas/etc/sudoers <<EOF
$USER ALL=(ALL) NOPASSWD: ALL
Defaults env_keep += SUDOD
Defaults always_set_home
Defaults !umask
-EOF
- sd /nocow/schroot/flidas/etc/apt/sources.list <<'EOF'
-deb http://mirror.fsf.org/trisquel/ flidas main
-deb-src http://mirror.fsf.org/trisquel/ flidas main
-
-deb http://mirror.fsf.org/trisquel/ flidas-updates main
-deb-src http://mirror.fsf.org/trisquel/ flidas-updates main
-
-deb http://archive.trisquel.info/trisquel/ flidas-security main
-deb-src http://archive.trisquel.info/trisquel/ flidas-security main
-
-# Uncomment this lines to enable the backports optional repository
-deb http://mirror.fsf.org/trisquel/ flidas-backports main
-deb-src http://mirror.fsf.org/trisquel/ flidas-backports main
EOF
sd /nocow/schroot/flidas//etc/locale.gen <<'EOF'
en_US.UTF-8 UTF-8
tdir=/d/tor
;;
*)
- tdir=/nocow/user
+ tdir=/nocow/user/tor
;;
esac
# in /var/lib/transmission-daemon to /d/tor
s usermod --home /d/tor debian-transmission
sgo transmission-daemon-nn
+
;;
esac
exit 0
fi
-wipe=false
+regex="malware acl condition"
+found=false
+wipe=true
while read -r d1 d2; do
+ found=true
tmptime=$(date -d "$d1 $d2" +%s)
# dont consider every matching line, just those in > 60 second intervals
if [[ ! $logtime ]]; then
sec_max=$((logtime + 60))
jmin="$(date -d @$sec_min "+%F %H:%M:%S")"
jmax="$(date -d @$sec_max "+%F %H:%M:%S")"
- if journalctl -S "$jmin" -U "$jmax" \
- | awk '$6 == "spamd:" && $7 == "restarting"' | grep . &>/dev/null; then
- wipe=true
+ if ! journalctl -u clamav-daemon -S "$jmin" -U "$jmax" \
+ | grep 'Starting Clam AntiVirus userspace daemon' &>/dev/null; then
+ wipe=false
break
fi
-done < <(awk '/spam acl condition/ {print $1,$2}' /var/log/exim4/paniclog)
-if $wipe; then
- regex="^$(date -d @$logtime "+%F %H:%M" )|^${jmin%:*}|^${jmax%:*}"
+done < <(awk "/$regex/ "'{print $1,$2}' /var/log/exim4/paniclog)
+if $found && $wipe; then
grep -E "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive
sed -ri "/$regex/d" /var/log/exim4/paniclog
fi
--- /dev/null
+# if this happens, probably some bad dns or something on faiserver,
+# if you cant figure it out, uncomment this
+# Debug: 6
+# then try again, but it logs so much, you dont
+# want to leave it enabled.
+
+# p update
+# Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
+# 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# Err:2 http://archive.ubuntu.com/ubuntu focal-security InRelease
+# 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# Hit:3 http://http.us.debian.org/debian buster InRelease
+# Hit:4 http://mirror.fsf.org/trisquel etiona InRelease
+# Hit:5 http://http.us.debian.org/debian buster-updates InRelease
+# Hit:6 http://mirror.fsf.org/trisquel etiona-updates InRelease
+# Err:7 http://archive.ubuntu.com/ubuntu focal-updates InRelease
+# 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# Hit:8 http://mirror.fsf.org/trisquel etiona-backports InRelease
+# Err:9 http://archive.ubuntu.com/ubuntu focal-backports InRelease
+# 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# Hit:10 http://security.debian.org buster/updates InRelease
+# Hit:11 http://us.archive.ubuntu.com/ubuntu bionic InRelease
+# Hit:12 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
+# Hit:13 http://us.archive.ubuntu.com/ubuntu bionic-security InRelease
+# Hit:14 http://archive.trisquel.info/trisquel etiona-security InRelease
+# Reading package lists... Done
+# W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-security/InRelease 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease 500 Connection failure: Address family not supported by protocol [IP: 10.2.0.3 3142]
+# W: Some index files failed to download. They have been ignored, or old ones used instead.
# locally for 10 minutes. Also, using newer option based on man apt.conf.
#
# Once when I was testing, it seemed I needed to have it output
-# DIRECT after toutputing the proxy url
+# DIRECT after outputing the proxy url
+
+# note, the url we are trying to fetch is $1
+
+# note, if there is a problem, some ways to debug:
+# first,
+# edit /etc/apt/apt.conf.d/02proxy
+# add, remove the autodetec
+# Acquire::http::proxy "http://CacheServerIp:3142";
+# see the /var/log/apt-cacher-ng logs
+# read
+# file:///usr/share/doc/apt-cacher-ng/html/index.html
+
proxy_host=faiserver
proxy_port=3142
proxy_url=http://$proxy_host:$proxy_port/
# in case.
LLMNR=no
MulticastDNS=no
-DNSOverTLS=yes
+Domains=fsf.org gnu.org
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
-BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/nn-resolv:/etc/nsswitch:norbind
+BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
[Install]
WantedBy=multi-user.target
ExecStop=/bin/kill -s STOP $MAINPID
PrivateNetwork=true
Nice=19
-BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/nn-resolv:/etc/nsswitch:norbind
+BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
[Install]
WantedBy=multi-user.target
# -allow-downgrade good enough?
#rm -f {/p/c/firefox-main-profile,/p/c/firefox-main-profile,/p/c/firefox-vpn2-profile,/mnt/z/firefox-vpn-profile}/compatibility.ini
+# --allow-downgrade
+# ^ useful option for when the browser refuses to run, but it always
+# causes a new browser window to open, even if normally it would open a
+# new tab
+
# abrowser is 2 releases behind, so prefer firefox for now
if type -P firefox &>/dev/null; then
- firefox -allow-downgrade "$@"
+ firefox "$@"
else
- abrowser -allow-downgrade "$@"
+ abrowser "$@"
fi
# trying to use them, within a few minute of the last time this
# ran. Very strange, dunno why, but rsync won't do anything unless these
# changed, so that should fix it.
-rsync -t --chmod=755 --chown=root:root /a/bin/log-quiet/log-once switch-mail-host btrbk-run mount-latest-subvol \
+/a/bin/log-quiet/setup
+rsync -t --chmod=755 --chown=root:root switch-mail-host btrbk-run mount-latest-subvol \
check-subvol-stale system-status myi3status mailtest-check /usr/local/bin
rsync -t --chmod=755 --chown=root:root /a/bin/errhandle/err /usr/local/lib
[Service]
Type=oneshot
-ExecStart=/a/exe/install-my-scripts
-ExecStart=/a/bin/log-quiet/sysd-mail-once btrbk /usr/local/bin/btrbk-run -q --cron
-ExecStart=/bin/sleep 1
-ExecStart=/a/exe/install-my-scripts
+ExecStartPre=/a/exe/install-my-scripts
+ExecStart=/usr/local/bin/sysd-mail-once btrbk /usr/local/bin/btrbk-run -q --cron
+ExecStartPost=/bin/sleep 1
+ExecStartPost=/a/exe/install-my-scripts
target_preserve_min 2h
rate_limit no
-volume /mnt/r6
+volume /mnt/r7
subvolume d
-target send-receive /mnt/rust/btrbk
+target send-receive /mnt/rust1/btrbk
+target send-receive /mnt/rust2/btrbk
--- /dev/null
+SHELL=/bin/bash
+PATH=/usr/bin:/bin:/usr/local/bin:/a/exe:/a/bin/fai
+MAILTO=root
+0 7 * * 1,2,3,4,5 iank failmail wrt-setup -y
+45 7 * * 1,2,3,4,5 iank failmail wrt-setup -z
+0 7 * * 0,6 iank failmail wrt-setup -y
+0 11 * * 0,6 iank failmail wrt-setup -z
fi
# light version of exim does not have sasl auth support.
-pi-nostart exim4 exim4-daemon-heavy spamassassin openvpn unbound
+pi-nostart exim4 exim4-daemon-heavy spamassassin openvpn unbound clamav-daemon
# note: pyzor debian readme says you need to run some initialization command
# but its outdated.
-pi spf-tools-perl p0f postgrey pyzor razor jq moreutils clamav-daemon
-
+pi spf-tools-perl p0f postgrey pyzor razor jq moreutils
+# bad packages that sometimes get automatically installed
+pu openresolv resolvconf
soff openvpn
if [[ $(debian-codename) == etiona ]]; then
# ip6tables stopped loading on boot. openvpn has reduced capability set,
# so running iptables as part of openvpn startup wont work. This should do it.
- # Im sure there is a better way, but this works fine. running as a systemd
- # unit, yes returns 1, broken pipe.
- yes no | pi iptables-persistent || [[ $? == 141 || ${PIPESTATUS[1]} == 0 ]]
+ pi iptables-persistent
cat >/etc/iptables/rules.v6 <<'EOF'
*mangle
COMMIT
# this is just a bug fix for trisquel.
f=/etc/apparmor.d/usr.sbin.unbound
-if [[ $f ]]; then
- line="/usr/sbin/unbound flags=(attach_disconnected) {"
- if ! grep -qFx "$line" $f; then
- badline="/usr/sbin/unbound {"
- if ! grep -qFx "$badline" $f; then
- err expected line in $f not found
- fi
- sed -i "s,^$badline$,$line," $f
+line="/usr/sbin/unbound flags=(attach_disconnected) {"
+if ! grep -qFx "$line" $f; then
+ badline="/usr/sbin/unbound {"
+ if ! grep -qFx "$badline" $f; then
+ err expected line in $f not found
+ fi
+ sed -i "s,^$badline$,$line," $f
+ if systemctl is-active apparmor &>/dev/null; then
m systemctl reload apparmor
fi
fi
QUEUEINTERVAL='30m'
COMMONOPTIONS='-C /etc/exim4/my.conf'
UPEX4OPTS='-o /etc/exim4/my.conf'
+#E4BCD_PANICLOG_NOISE='malware acl condition: clamd /var/run/clamav/clamd\.ctl : unable to connect to UNIX socket'
EOF
i /etc/exim4/trusted_configs <<'EOF'
/etc/exim4/my.conf
# keep your dkim signature intact but add list- headers.
DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
-av_scanner = clamd:/var/run/clamav/clamd.ctl
-
domainlist local_hostnames = ! je.b8.nz : ! bk.b8.nz : *.b8.nz : b8.nz
hostlist iank_trusted = <; \\
add_header = X-Spam_report: $spam_report
add_header = X-Spam_action: $spam_action
-
-deny
- malware = */defer_ok
- !condition = ${if match {$malware_name}{\N^Heuristic\N}}
- message = This message was detected as possible malware ($malware_name).
-
warn
condition = ${if def:malware_name}
remove_header = Subject:
if [[ $HOSTNAME == bk ]]; then
- # avoid prompt
- export DEBIAN_FRONTEND=noninteractive
# zip according to /installer
# which requires adding a line to /usr/local/lib/roundcubemail/config/config.inc.php
# $config['enable_installer'] = true;
[Install]
WantedBy=timers.target
EOF
+ systemctl enable --now $ncbase.timer
i /usr/local/bin/ncup <<'EOFOUTER'
#!/bin/bash
if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
# ** $MAIL_HOST|bk)
$MAIL_HOST|bk)
+
+ cat >> /etc/exim4/conf.d/data_local_acl <<'EOF'
+deny
+ malware = */defer_ok
+ !condition = ${if match {$malware_name}{\N^Heuristic\N}}
+ message = This message was detected as possible malware ($malware_name).
+EOF
+
cat >/etc/exim4/conf.d/main/000_local-nn <<EOF
+# je.b8.nz will run out of memory with freshclam
+av_scanner = clamd:/var/run/clamav/clamd.ctl
+
# MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
# smarthost config type, not sure.
# failing message on mail-tester.com:
$MAIL_HOST|bk)
if ! systemctl is-active clamav-daemon >/dev/null; then
sstart clamav-daemon
- # checking a log, clamav took 27 seconds to start.
- # we get paniclog entries if its not available
- m sleep 30
+ # note, this will cause paniclog entries because it takes like 45
+ # seconds for clamav to start, i use ./epanic-clean to remove
+ # them.
fi
;;&
$MAIL_HOST|bk|je)
gnome-screenshot
grepmail
guvcview
+ # for my / office hp printers
+ hplip
hunspell
i3lock
info
inotify-tools
+ ipcalc
iputils-tracepath
iperf3
iproute2-doc
ncdu
nginx-doc
nmap
+ obs-studio
offlineimap
oathtool
opendkim-tools
require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ];
if anyof (
- address :regex "to" "^testignore@"
- ) {
- fileinto :create "l/testignore";
- stop;
- }
+ address :regex "to" "^testignore@"
+ ) {
+ fileinto :create "l/testignore";
+ stop;
+}
if anyof (
- header :contains "list-id" "<debian-security-announce.lists.debian.org>",
- header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
- ) {
- fileinto :create "sec";
- stop;
- }
+ header :contains "list-id" "<debian-security-announce.lists.debian.org>",
+ header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
+ ) {
+ fileinto :create "sec";
+ stop;
+}
if anyof (
- header :regex "list-id" "forum.members.fsf.org>"
- ) {
- fileinto :create "fsfmembers";
- stop;
- }
+ header :regex "list-id" "forum.members.fsf.org>"
+ ) {
+ fileinto :create "fsfmembers";
+ stop;
+}
if anyof (
- header :contains "list-id" "<mentors.lists.outreachy.org>"
- ) {
- fileinto :create "l/outreachy-mentors";
- stop;
- }
+ header :contains "list-id" "<mentors.lists.outreachy.org>"
+ ) {
+ fileinto :create "l/outreachy-mentors";
+ stop;
+}
if anyof (
- header :contains "list-id" "<bbdb-info.lists.sourceforge.net>",
- header :contains "list-id" "<bug-bash.gnu.org>",
- header :contains "list-id" "<bug-gnu-emacs.gnu.org>",
- header :contains "list-id" "<debian-backports.lists.debian.org>",
- header :contains "list-id" "<debian-security-announce.lists.debian.org>",
- header :contains "list-id" "<debian-user.lists.debian.org>",
- header :contains "list-id" "<debian-devel.lists.debian.org>",
- header :contains "list-id" "<ding.gnus.org>",
- header :contains "list-id" "<emacs-devel.gnu.org>",
- header :contains "list-id" "<emacs-orgmode.gnu.org>",
- header :contains "list-id" "<git.vger.kernel.org>",
- header :contains "list-id" "<help-bash.gnu.org>",
- header :contains "list-id" "<help-gnu-emacs.gnu.org>",
- header :contains "list-id" "<hyperkitty-devel.lists.fedorahosted.org>",
- header :contains "list-id" "<ipxe-devel.lists.ipxe.org>",
- header :contains "list-id" "<kplug-list.kernel-panic.org>",
- header :contains "list-id" "<kplug-newbie.kernel-panic.org>",
- header :contains "list-id" "<libreplanet-discuss.libreplanet.org>",
- header :contains "list-id" "<linux-btrfs.vger.kernel.org>",
- header :contains "list-id" "<linux-fai.uni-koeln.de>",
- header :contains "list-id" "<license-discuss.lists.opensource.org>",
- header :contains "list-id" "<seagl_organize.googlegroups.com>",
- header :contains "list-id" "<linux-fai-devel.uni-koeln.de>",
- header :contains "list-id" "<linux-libre.fsfla.org>",
- header :contains "list-id" "<maru-os-dev.googlegroups.com>",
- header :contains "list-id" "<mediawiki-l.lists.wikimedia.org>",
- header :contains "list-id" "<pywikibot.lists.wikimedia.org>",
- header :contains "list-id" "<pywikipedia-l.lists.wikimedia.org>",
- header :contains "list-id" "<unison-hackers.lists.seas.upenn.edu>",
- header :contains "list-id" "<unison-users.yahoogroups.com>",
- header :contains "list-id" "<whispersystems.lists.riseup.net>",
- header :contains "list-id" "<wikitech-l.lists.wikimedia.org>",
- header :contains "list-id" "<xapian-devel.lists.xapian.org>",
- header :contains "list-id" "<kdeconnect.kde.org>",
- header :contains "list-id" "<mu-discuss.googlegroups.com>",
- header :contains "list-id" "<<devel.mediagoblin.org>",
- header :contains "list-id" "<maru-os.googlegroups.com>",
- header :contains "list-id" "<listhelper-moderate.nongnu.org>",
- header :contains "list-id" "<coreboot.coreboot.org>",
- header :contains "list-id" "<mailman-users.python.org>",
- header :contains "list-id" "<duplicity-talk.nongnu.org>",
- header :contains "list-id" "<qemu-devel.nongnu.org>",
- header :contains "list-id" "<exim-dev.exim.org>",
- header :contains "list-id" "<exim-users.exim.org>",
- header :contains "list-id" "<octave-maintainers.gnu.org>",
- header :contains "list-id" "<discuss-gnuradio.gnu.org>",
- header :contains "list-id" "<seabios.seabios.org>",
- header :contains "list-id" "<freetype-devel.nongnu.org>",
- header :contains "list-id" "<mailman-developers.python.org>",
- header :contains "list-id" "<linux-raid.vger.kernel.org>",
- header :contains "list-id" "<mailop.mailop.org>",
- header :contains "list-id" "<xmonad.haskell.org>") {
- if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
- set :lower "listname" "${1}";
- fileinto :create "l/${listname}";
- stop;
- }
- }
+ header :contains "list-id" "<bbdb-info.lists.sourceforge.net>",
+ header :contains "list-id" "<bug-bash.gnu.org>",
+ header :contains "list-id" "<bug-gnu-emacs.gnu.org>",
+ header :contains "list-id" "<debian-backports.lists.debian.org>",
+ header :contains "list-id" "<debian-security-announce.lists.debian.org>",
+ header :contains "list-id" "<debian-user.lists.debian.org>",
+ header :contains "list-id" "<debian-devel.lists.debian.org>",
+ header :contains "list-id" "<ding.gnus.org>",
+ header :contains "list-id" "<emacs-devel.gnu.org>",
+ header :contains "list-id" "<emacs-orgmode.gnu.org>",
+ header :contains "list-id" "<git.vger.kernel.org>",
+ header :contains "list-id" "<fail2ban-users.lists.sourceforge.net>",
+ header :contains "list-id" "<help-bash.gnu.org>",
+ header :contains "list-id" "<help-gnu-emacs.gnu.org>",
+ header :contains "list-id" "<hyperkitty-devel.lists.fedorahosted.org>",
+ header :contains "list-id" "<ipxe-devel.lists.ipxe.org>",
+ header :contains "list-id" "<kplug-list.kernel-panic.org>",
+ header :contains "list-id" "<kplug-newbie.kernel-panic.org>",
+ header :contains "list-id" "<libreplanet-discuss.libreplanet.org>",
+ header :contains "list-id" "<linux-btrfs.vger.kernel.org>",
+ header :contains "list-id" "<linux-fai.uni-koeln.de>",
+ header :contains "list-id" "<license-discuss.lists.opensource.org>",
+ header :contains "list-id" "<seagl_organize.googlegroups.com>",
+ header :contains "list-id" "<linux-fai-devel.uni-koeln.de>",
+ header :contains "list-id" "<linux-libre.fsfla.org>",
+ header :contains "list-id" "<maru-os-dev.googlegroups.com>",
+ header :contains "list-id" "<mediawiki-l.lists.wikimedia.org>",
+ header :contains "list-id" "<pywikibot.lists.wikimedia.org>",
+ header :contains "list-id" "<pywikipedia-l.lists.wikimedia.org>",
+ header :contains "list-id" "<unison-hackers.lists.seas.upenn.edu>",
+ header :contains "list-id" "<unison-users.yahoogroups.com>",
+ header :contains "list-id" "<whispersystems.lists.riseup.net>",
+ header :contains "list-id" "<wikitech-l.lists.wikimedia.org>",
+ header :contains "list-id" "<xapian-devel.lists.xapian.org>",
+ header :contains "list-id" "<kdeconnect.kde.org>",
+ header :contains "list-id" "<mu-discuss.googlegroups.com>",
+ header :contains "list-id" "<<devel.mediagoblin.org>",
+ header :contains "list-id" "<maru-os.googlegroups.com>",
+ header :contains "list-id" "<listhelper-moderate.nongnu.org>",
+ header :contains "list-id" "<coreboot.coreboot.org>",
+ header :contains "list-id" "<mailman-users.python.org>",
+ header :contains "list-id" "<duplicity-talk.nongnu.org>",
+ header :contains "list-id" "<qemu-devel.nongnu.org>",
+ header :contains "list-id" "<exim-dev.exim.org>",
+ header :contains "list-id" "<exim-users.exim.org>",
+ header :contains "list-id" "<octave-maintainers.gnu.org>",
+ header :contains "list-id" "<discuss-gnuradio.gnu.org>",
+ header :contains "list-id" "<seabios.seabios.org>",
+ header :contains "list-id" "<freetype-devel.nongnu.org>",
+ header :contains "list-id" "<mailman-developers.python.org>",
+ header :contains "list-id" "<linux-raid.vger.kernel.org>",
+ header :contains "list-id" "<mailop.mailop.org>",
+ header :contains "list-id" "<xmonad.haskell.org>") {
+ if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
+ set :lower "listname" "${1}";
+ fileinto :create "l/${listname}";
+ stop;
+ }
+}
if anyof (
- header :contains "list-id" "<websites.lists.fedoraproject.org>",
- header :contains "list-id" "<docs.lists.fedoraproject.org>",
- header :contains "list-id" "<users.lists.fedoraproject.org>") {
- if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
- set :lower "listname" "${1}";
- fileinto :create "l/fedora.${listname}";
- stop;
- }
- }
+ header :contains "list-id" "<websites.lists.fedoraproject.org>",
+ header :contains "list-id" "<docs.lists.fedoraproject.org>",
+ header :contains "list-id" "<users.lists.fedoraproject.org>") {
+ if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
+ set :lower "listname" "${1}";
+ fileinto :create "l/fedora.${listname}";
+ stop;
+ }
+}
if anyof (
- header :contains "list-id" "<license-review.lists.opensource.org>"
- ) {
- fileinto :create "l/license-discuss";
- stop;
- }
+ header :contains "list-id" "<license-review.lists.opensource.org>"
+ ) {
+ fileinto :create "l/license-discuss";
+ stop;
+}
if anyof (
- header :contains "list-id" "<~sircmpwn/sr.ht-discuss.lists.sr.ht>"
- ) {
- fileinto :create "l/sr.ht-discuss";
- stop;
- }
+ header :contains "list-id" "<~sircmpwn/sr.ht-discuss.lists.sr.ht>"
+ ) {
+ fileinto :create "l/sr.ht-discuss";
+ stop;
+}
if anyof (
- header :contains "list-id" "<lt.lists.liberationtech.org>"
- ) {
- fileinto :create "l/liberationtech";
- stop;
- }
+ header :contains "list-id" "<lt.lists.liberationtech.org>"
+ ) {
+ fileinto :create "l/liberationtech";
+ stop;
+}
if anyof (
- header :contains "list-id" "<activists_masspirates.org.lists.mayfirst.org>",
- header :contains "list-id" "<gnu-prog-discuss.gnu.org>",
- header :contains "list-id" "<gnu-prog.gnu.org>",
- header :contains "list-id" "<www-discuss.gnu.org>",
- header :contains "list-id" "<gnu-community-private.gnu.org>",
- header :contains "list-id" "<gnu-system-discuss.gnu.org>",
- header :contains "list-id" "<gvc.gnu.org>",
- header :contains "list-id" "<discuss.blu.org>",
- header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
- header :contains "list-id" "<gnu-misc-discuss.gnu.org>",
- header :contains "list-id" "<Spdx-legal.lists.spdx.org>",
- header :contains "list-id" "<info-gnu.gnu.org>",
- header :contains "list-id" "<discussion.lists.fsfe.org>",
- header :contains "list-id" "<gnu-system-discuss.gnu.org>",
- header :contains "from" "<general-info@artisansasylum.com>",
- header :contains "list-id" "<discuss.lists.blu.org>",
- header :contains "list-id" "<spdx.lists.spdx.org>"
- ) {
- fileinto :create "community";
- stop;
- }
+ header :contains "list-id" "<gnu-prog-discuss.gnu.org>",
+ header :contains "list-id" "<gnu-prog.gnu.org>",
+ header :contains "list-id" "<www-discuss.gnu.org>",
+ header :contains "list-id" "<gnu-community-private.gnu.org>",
+ header :contains "list-id" "<gnu-system-discuss.gnu.org>",
+ header :contains "list-id" "<gvc.gnu.org>",
+ header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
+ header :contains "list-id" "<gnu-misc-discuss.gnu.org>",
+ header :contains "list-id" "<Spdx-legal.lists.spdx.org>",
+ header :contains "list-id" "<info-gnu.gnu.org>",
+ header :contains "list-id" "<gnu-system-discuss.gnu.org>",
+ header :contains "list-id" "<spdx.lists.spdx.org>"
+ ) {
+ fileinto :create "community";
+ stop;
+}
+
+if anyof (
+ header :contains "list-id" "<gnhlug-discuss@mail.gnhlug.org>",
+ header :contains "list-id" "<discussion.lists.fsfe.org>",
+ header :contains "list-id" "<activists_masspirates.org.lists.mayfirst.org>",
+ header :contains "list-id" "<discuss.blu.org>",
+ header :contains "list-id" "<spdx.lists.spdx.org>"
+ ) {
+ fileinto :create "2community";
+ stop;
+}
if allof (
- address :is "from" "mailman-owner@zope.org",
- header :is "subject" "zope.org mailing list memberships reminder"
- ) {
- discard;
- stop;
- }
+ address :is "from" "mailman-owner@zope.org",
+ header :is "subject" "zope.org mailing list memberships reminder"
+ ) {
+ discard;
+ stop;
+}
require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ];
if anyof (
- address :regex "to" "^testignore@"
- ) {
- fileinto :create "l/testignore";
- stop;
- }
+ address :regex "to" "^testignore@"
+ ) {
+ fileinto :create "l/testignore";
+ stop;
+}
if anyof (
- header :contains "list-id" "<debian-security-announce.lists.debian.org>",
- header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
- ) {
- fileinto :create "sec";
- stop;
- }
+ header :contains "list-id" "<debian-security-announce.lists.debian.org>",
+ header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
+ ) {
+ fileinto :create "sec";
+ stop;
+}
if anyof (
- header :regex "list-id" "forum.members.fsf.org>"
- ) {
- fileinto :create "fsfmembers";
- stop;
- }
+ header :regex "list-id" "forum.members.fsf.org>"
+ ) {
+ fileinto :create "fsfmembers";
+ stop;
+}
if anyof (
- header :contains "list-id" "<mentors.lists.outreachy.org>"
- ) {
- fileinto :create "l/outreachy-mentors";
- stop;
- }
+ header :contains "list-id" "<mentors.lists.outreachy.org>"
+ ) {
+ fileinto :create "l/outreachy-mentors";
+ stop;
+}
if anyof (
- header :contains "list-id" "<bbdb-info.lists.sourceforge.net>",
- header :contains "list-id" "<bug-bash.gnu.org>",
- header :contains "list-id" "<bug-gnu-emacs.gnu.org>",
- header :contains "list-id" "<debian-backports.lists.debian.org>",
- header :contains "list-id" "<debian-security-announce.lists.debian.org>",
- header :contains "list-id" "<debian-user.lists.debian.org>",
- header :contains "list-id" "<debian-devel.lists.debian.org>",
- header :contains "list-id" "<ding.gnus.org>",
- header :contains "list-id" "<emacs-devel.gnu.org>",
- header :contains "list-id" "<emacs-orgmode.gnu.org>",
- header :contains "list-id" "<git.vger.kernel.org>",
- header :contains "list-id" "<help-bash.gnu.org>",
- header :contains "list-id" "<help-gnu-emacs.gnu.org>",
- header :contains "list-id" "<hyperkitty-devel.lists.fedorahosted.org>",
- header :contains "list-id" "<ipxe-devel.lists.ipxe.org>",
- header :contains "list-id" "<kplug-list.kernel-panic.org>",
- header :contains "list-id" "<kplug-newbie.kernel-panic.org>",
- header :contains "list-id" "<libreplanet-discuss.libreplanet.org>",
- header :contains "list-id" "<linux-btrfs.vger.kernel.org>",
- header :contains "list-id" "<linux-fai.uni-koeln.de>",
- header :contains "list-id" "<license-discuss.lists.opensource.org>",
- header :contains "list-id" "<seagl_organize.googlegroups.com>",
- header :contains "list-id" "<linux-fai-devel.uni-koeln.de>",
- header :contains "list-id" "<linux-libre.fsfla.org>",
- header :contains "list-id" "<maru-os-dev.googlegroups.com>",
- header :contains "list-id" "<mediawiki-l.lists.wikimedia.org>",
- header :contains "list-id" "<pywikibot.lists.wikimedia.org>",
- header :contains "list-id" "<pywikipedia-l.lists.wikimedia.org>",
- header :contains "list-id" "<unison-hackers.lists.seas.upenn.edu>",
- header :contains "list-id" "<unison-users.yahoogroups.com>",
- header :contains "list-id" "<whispersystems.lists.riseup.net>",
- header :contains "list-id" "<wikitech-l.lists.wikimedia.org>",
- header :contains "list-id" "<xapian-devel.lists.xapian.org>",
- header :contains "list-id" "<kdeconnect.kde.org>",
- header :contains "list-id" "<mu-discuss.googlegroups.com>",
- header :contains "list-id" "<<devel.mediagoblin.org>",
- header :contains "list-id" "<maru-os.googlegroups.com>",
- header :contains "list-id" "<listhelper-moderate.nongnu.org>",
- header :contains "list-id" "<coreboot.coreboot.org>",
- header :contains "list-id" "<mailman-users.python.org>",
- header :contains "list-id" "<duplicity-talk.nongnu.org>",
- header :contains "list-id" "<qemu-devel.nongnu.org>",
- header :contains "list-id" "<exim-dev.exim.org>",
- header :contains "list-id" "<exim-users.exim.org>",
- header :contains "list-id" "<octave-maintainers.gnu.org>",
- header :contains "list-id" "<discuss-gnuradio.gnu.org>",
- header :contains "list-id" "<seabios.seabios.org>",
- header :contains "list-id" "<freetype-devel.nongnu.org>",
- header :contains "list-id" "<mailman-developers.python.org>",
- header :contains "list-id" "<linux-raid.vger.kernel.org>",
- header :contains "list-id" "<mailop.mailop.org>",
- header :contains "list-id" "<xmonad.haskell.org>") {
- if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
- set :lower "listname" "${1}";
- fileinto :create "l/${listname}";
- stop;
- }
- }
+ header :contains "list-id" "<bbdb-info.lists.sourceforge.net>",
+ header :contains "list-id" "<bug-bash.gnu.org>",
+ header :contains "list-id" "<bug-gnu-emacs.gnu.org>",
+ header :contains "list-id" "<debian-backports.lists.debian.org>",
+ header :contains "list-id" "<debian-security-announce.lists.debian.org>",
+ header :contains "list-id" "<debian-user.lists.debian.org>",
+ header :contains "list-id" "<debian-devel.lists.debian.org>",
+ header :contains "list-id" "<ding.gnus.org>",
+ header :contains "list-id" "<emacs-devel.gnu.org>",
+ header :contains "list-id" "<emacs-orgmode.gnu.org>",
+ header :contains "list-id" "<git.vger.kernel.org>",
+ header :contains "list-id" "<fail2ban-users.lists.sourceforge.net>",
+ header :contains "list-id" "<help-bash.gnu.org>",
+ header :contains "list-id" "<help-gnu-emacs.gnu.org>",
+ header :contains "list-id" "<hyperkitty-devel.lists.fedorahosted.org>",
+ header :contains "list-id" "<ipxe-devel.lists.ipxe.org>",
+ header :contains "list-id" "<kplug-list.kernel-panic.org>",
+ header :contains "list-id" "<kplug-newbie.kernel-panic.org>",
+ header :contains "list-id" "<libreplanet-discuss.libreplanet.org>",
+ header :contains "list-id" "<linux-btrfs.vger.kernel.org>",
+ header :contains "list-id" "<linux-fai.uni-koeln.de>",
+ header :contains "list-id" "<license-discuss.lists.opensource.org>",
+ header :contains "list-id" "<seagl_organize.googlegroups.com>",
+ header :contains "list-id" "<linux-fai-devel.uni-koeln.de>",
+ header :contains "list-id" "<linux-libre.fsfla.org>",
+ header :contains "list-id" "<maru-os-dev.googlegroups.com>",
+ header :contains "list-id" "<mediawiki-l.lists.wikimedia.org>",
+ header :contains "list-id" "<pywikibot.lists.wikimedia.org>",
+ header :contains "list-id" "<pywikipedia-l.lists.wikimedia.org>",
+ header :contains "list-id" "<unison-hackers.lists.seas.upenn.edu>",
+ header :contains "list-id" "<unison-users.yahoogroups.com>",
+ header :contains "list-id" "<whispersystems.lists.riseup.net>",
+ header :contains "list-id" "<wikitech-l.lists.wikimedia.org>",
+ header :contains "list-id" "<xapian-devel.lists.xapian.org>",
+ header :contains "list-id" "<kdeconnect.kde.org>",
+ header :contains "list-id" "<mu-discuss.googlegroups.com>",
+ header :contains "list-id" "<<devel.mediagoblin.org>",
+ header :contains "list-id" "<maru-os.googlegroups.com>",
+ header :contains "list-id" "<listhelper-moderate.nongnu.org>",
+ header :contains "list-id" "<coreboot.coreboot.org>",
+ header :contains "list-id" "<mailman-users.python.org>",
+ header :contains "list-id" "<duplicity-talk.nongnu.org>",
+ header :contains "list-id" "<qemu-devel.nongnu.org>",
+ header :contains "list-id" "<exim-dev.exim.org>",
+ header :contains "list-id" "<exim-users.exim.org>",
+ header :contains "list-id" "<octave-maintainers.gnu.org>",
+ header :contains "list-id" "<discuss-gnuradio.gnu.org>",
+ header :contains "list-id" "<seabios.seabios.org>",
+ header :contains "list-id" "<freetype-devel.nongnu.org>",
+ header :contains "list-id" "<mailman-developers.python.org>",
+ header :contains "list-id" "<linux-raid.vger.kernel.org>",
+ header :contains "list-id" "<mailop.mailop.org>",
+ header :contains "list-id" "<xmonad.haskell.org>") {
+ if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
+ set :lower "listname" "${1}";
+ fileinto :create "l/${listname}";
+ stop;
+ }
+}
if anyof (
- header :contains "list-id" "<websites.lists.fedoraproject.org>",
- header :contains "list-id" "<docs.lists.fedoraproject.org>",
- header :contains "list-id" "<users.lists.fedoraproject.org>") {
- if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
- set :lower "listname" "${1}";
- fileinto :create "l/fedora.${listname}";
- stop;
- }
- }
+ header :contains "list-id" "<websites.lists.fedoraproject.org>",
+ header :contains "list-id" "<docs.lists.fedoraproject.org>",
+ header :contains "list-id" "<users.lists.fedoraproject.org>") {
+ if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
+ set :lower "listname" "${1}";
+ fileinto :create "l/fedora.${listname}";
+ stop;
+ }
+}
if anyof (
- header :contains "list-id" "<license-review.lists.opensource.org>"
- ) {
- fileinto :create "l/license-discuss";
- stop;
- }
+ header :contains "list-id" "<license-review.lists.opensource.org>"
+ ) {
+ fileinto :create "l/license-discuss";
+ stop;
+}
if anyof (
- header :contains "list-id" "<~sircmpwn/sr.ht-discuss.lists.sr.ht>"
- ) {
- fileinto :create "l/sr.ht-discuss";
- stop;
- }
+ header :contains "list-id" "<~sircmpwn/sr.ht-discuss.lists.sr.ht>"
+ ) {
+ fileinto :create "l/sr.ht-discuss";
+ stop;
+}
if anyof (
- header :contains "list-id" "<lt.lists.liberationtech.org>"
- ) {
- fileinto :create "l/liberationtech";
- stop;
- }
+ header :contains "list-id" "<lt.lists.liberationtech.org>"
+ ) {
+ fileinto :create "l/liberationtech";
+ stop;
+}
if anyof (
- header :contains "list-id" "<activists_masspirates.org.lists.mayfirst.org>",
- header :contains "list-id" "<gnu-prog-discuss.gnu.org>",
- header :contains "list-id" "<gnu-prog.gnu.org>",
- header :contains "list-id" "<www-discuss.gnu.org>",
- header :contains "list-id" "<gnu-community-private.gnu.org>",
- header :contains "list-id" "<gnu-system-discuss.gnu.org>",
- header :contains "list-id" "<gvc.gnu.org>",
- header :contains "list-id" "<discuss.blu.org>",
- header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
- header :contains "list-id" "<gnu-misc-discuss.gnu.org>",
- header :contains "list-id" "<Spdx-legal.lists.spdx.org>",
- header :contains "list-id" "<info-gnu.gnu.org>",
- header :contains "list-id" "<discussion.lists.fsfe.org>",
- header :contains "list-id" "<gnu-system-discuss.gnu.org>",
- header :contains "from" "<general-info@artisansasylum.com>",
- header :contains "list-id" "<discuss.lists.blu.org>",
- header :contains "list-id" "<spdx.lists.spdx.org>"
- ) {
- fileinto :create "community";
- stop;
- }
+ header :contains "list-id" "<gnu-prog-discuss.gnu.org>",
+ header :contains "list-id" "<gnu-prog.gnu.org>",
+ header :contains "list-id" "<www-discuss.gnu.org>",
+ header :contains "list-id" "<gnu-community-private.gnu.org>",
+ header :contains "list-id" "<gnu-system-discuss.gnu.org>",
+ header :contains "list-id" "<gvc.gnu.org>",
+ header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
+ header :contains "list-id" "<gnu-misc-discuss.gnu.org>",
+ header :contains "list-id" "<Spdx-legal.lists.spdx.org>",
+ header :contains "list-id" "<info-gnu.gnu.org>",
+ header :contains "list-id" "<gnu-system-discuss.gnu.org>",
+ header :contains "list-id" "<spdx.lists.spdx.org>"
+ ) {
+ fileinto :create "community";
+ stop;
+}
+
+if anyof (
+ header :contains "list-id" "<gnhlug-discuss@mail.gnhlug.org>",
+ header :contains "list-id" "<discussion.lists.fsfe.org>",
+ header :contains "list-id" "<activists_masspirates.org.lists.mayfirst.org>",
+ header :contains "list-id" "<discuss.blu.org>",
+ header :contains "list-id" "<spdx.lists.spdx.org>"
+ ) {
+ fileinto :create "2community";
+ stop;
+}
if allof (
- address :is "from" "mailman-owner@zope.org",
- header :is "subject" "zope.org mailing list memberships reminder"
- ) {
- discard;
- stop;
- }
+ address :is "from" "mailman-owner@zope.org",
+ header :is "subject" "zope.org mailing list memberships reminder"
+ ) {
+ discard;
+ stop;
+}
bbk_args="-s $old_host"
old_shell="ssh $old_host"
# tests ssh connection
- old_hostname=$($old_shell hostname)
+ if ! old_hostname=$($old_shell hostname); then
+ echo "retrying failed $old_shell with -v"
+ $old_shell -v hostname
+ exit 1
+ fi
;;
*)
err invalid first argument
exit $ret
fi
-m $old_shell /a/exe/primary-setup $new_hostname
+if ! m $old_shell /a/exe/primary-setup $new_hostname; then
+ ret=$?
+ err "failed \$old_shell primary-setup \$new_hostname. fix and rerun switch-mail-host"
+ exit $ret
+fi
e Running main btrbk
m btrbk-run -v $bbk_args $incremental_arg -m /o || ret=$?
exit $ret
fi
-m $new_shell /a/exe/primary-setup localhost
+# once I accidentally accepted incoming mail on old host. I used this script to copy over that mail:
+#
+# die=false; for d in o.leaf.2021-05-29T10:02:08-0400/m/{4e,md,4e2}/{,l/}!(*myarchive)/new; do if $die; then break; fi; find $d -type f -mtime -5 | while read -r f; do dir="${f%new/*}"; dir="btrbk/o.20210530T000011-0400/${dir#*/}"; fname="${f##*/}"; [[ -e $dir/new/$fname || -e $dir/cur/$fname ]] && continue; if ! e cp -a $f /${dir#*/*/}new; then echo failed cp; die=true; break; fi ; done; done
+
+# once I accidentally sent mail from non-main mail host. to copy into the main mail host's sent dir, cd into dir of non-mail mail host Sent/cur, then
+#
+# shopt -s nullglob; find . -type f -mtime -2 | while read -r f; do a=( /m/4e/Sent/cur/${f%,*}* ); if (( ${#a[@]} )); then e exists $a; else m cp -a $f /m/4e/Sent/cur; fi; done
+
+if ! m $new_shell /a/exe/primary-setup localhost; then
+ ret=$?
+ err "failed final primary-setup, just fix and rerun: $new_shell /a/exe/primary-setup localhost"
+ exit $ret
+fi
m exit 0
done
fi
-
- ## Clean the paniclog, but only up to 4 times per day, or else we
- ## should investigate.
- loglog=/tmp/panicloglog-$(date --rfc-3339=date)
- if [[ -s $loglog ]]; then
- spamcount=$(stat -c%s $loglog)
- else
- spamcount=0
- fi
- if (( spamcount <= 4 )); then
- if grep -q 'spam acl condition' /var/log/exim4/paniclog &>/dev/null; then
- printf . >>$loglog
- fi
- /a/bin/distro-setup/epanic-clean
- fi
+ /a/bin/distro-setup/epanic-clean
if [[ -s /var/log/exim4/paniclog ]]; then
chars+=("PANIC!")
# to a trusted one.
if [[ -e /etc/NetworkManager/conf.d/dns.conf ]]; then
- rm -f /etc/NetworkManager/conf.d/dns.conf
+ rm -fv /etc/NetworkManager/conf.d/dns.conf
if [[ $(systemctl is-active NetworkManager) == active ]]; then
- systemctl restart NetworkManager
+ m systemctl restart NetworkManager
fi
fi
+rm -f /etc/systemd/resolved.conf.d/untrusted-network.conf
+
dhclient_restart=false
# man dhclient.conf
if ! grep -qP '\bdomain-name-servers\b' /etc/dhcp/dhclient.conf; then
sed -i 's/^ *request/request domain-name-servers,/' /etc/dhcp/dhclient.conf
dhclient_restart=true
+ e $0: dhclient_restart=true
fi
# rm -f /run/systemd/resolved.conf.d/*$gateway_if*
- if $dhclient_restart && grep -Pq '^ *auto ($gateway_if|.* $gateway_if( |$))' /etc/network/interfaces; then
+ if $dhclient_restart && grep -Pq "^ *auto ($gateway_if|.* $gateway_if( |$))" /etc/network/interfaces; then
m ifdown $gateway_if
m ifup $gateway_if
fi
# at least on systemd 237 ifupdown it sets a global and this is not needed
systemd-resolve --interface=$gateway_if --revert
+else
+ e $0: no gateway_if found
fi
reresolv
read -r _ ver _ < <(systemd-resolve --version)
-
-servers=(1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001)
+# removes malware and adult content
servers=(1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003)
-# first version that supports this syntax
-if (( ver >= 239 )); then
- servers=(${servers[@]/%/#cloudflare-dns.com})
-fi
+
+servers=(1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001s)
+
+## trying out google
+#servers=(8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844)
+
# https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
[Resolve]
DNS=${servers[@]}
-Domains=~. b8.nz
+Domains=b8.nz
DNSOverTLS=yes
EOF
# rm -f /run/systemd/resolved.conf.d/*$gateway_if*
- if $dhclient_restart && grep -Pq '^ *auto ($gateway_if|.* $gateway_if( |$))' /etc/network/interfaces; then
+ if $dhclient_restart && grep -Pq "^ *auto ($gateway_if|.* $gateway_if( |$))" /etc/network/interfaces; then
m ifdown $gateway_if
m ifup $gateway_if
fi
iankelling.org / git / distro-setup / commitdiff