mostly fixes

diff --git a/.gitignore b/.gitignore
index 96e18f74b7f8834aa2e153c0b4646d4990620a52..f703ec9dbb056f482169110ef1e8040373586de3 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@
 /.mblaze/cur
 # bash script for testing things
 /ms
+/ms2

diff --git a/brc b/brc
index 2f9ec574efa6b74a4d2b0cfbf58a6b239302e300..59175d654e14b7f2ef42cae42f109dfa0490700b 100644 (file)
--- a/brc
+++ b/brc
@@ -65,8 +65,6 @@ fi
 
 # * settings
 
-uint_regex='^[0-9]+$'
-
 CDPATH=.
 
 # remove all aliases. aliases provided by the system tend to get in the way,
@@ -335,7 +333,8 @@ mysrc() {
   dir=${path%/*}
   file=${path##*/}
   if [[ -s $path ]]; then
-    # shellcheck disable=SC1090 # this is dynamic, shellcheck can't follow it.
+    # We source several files but only need one for shellcheck.
+    # shellcheck source=/a/c/fsf-script-lib
     source $path
   elif [[ -s $bashrc_dir/$file ]]; then
     # shellcheck disable=SC1090 # this is dynamic, shellcheck can't follow it.
@@ -874,6 +873,10 @@ screenrtp() {
       laptop_x=$(xrandr | awk '$1 == "LVDS-1" {print $4}' | sed 's/x.*//') || { sleep 1; continue; }
       total_x=$(xdpyinfo| awk '$1 == "dimensions:" {print $2}' | sed 's/x.*//') || { sleep 1; continue; }
       screen2_res=$(xrandr | awk '$2 == "connected" && $1 != "LVDS-1" { print $3 }' | sed 's/+.*//')
+      if [[ ! $laptop_x =~ $uint_regex || ! $total_x =~ $uint_regex ]]; then
+        sleep 1
+        continue
+      fi
       if (( laptop_x < total_x )); then
         xoffset=$laptop_x
       fi

diff --git a/distro-end b/distro-end
index 77ff21f0a21821dde7ee81db80492e88c634885e..10c0de0741cc02383737658cbf666a4ee368c906 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -1673,40 +1673,46 @@ rm -rf /home/iank/.mpv
 ## in ubuntu, you can install python3-venv
 
 
-if [[ ! -e ~/.local/bin/pip ]]; then
-  tmp=$(mktemp)
-  wget -O$tmp https://bootstrap.pypa.io/get-pip.py
-  ### begin msg from below without --break-system-package
-  #   error: externally-managed-environment
-
-  # × This environment is externally managed
-  # ╰─> To install Python packages system-wide, try apt install
-  #     python3-xyz, where xyz is the package you are trying to
-  #     install.
-
-  #     If you wish to install a non-Debian-packaged Python package,
-  #     create a virtual environment using python3 -m venv path/to/venv.
-  #     Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
-  #     sure you have python3-full installed.
-
-  #     If you wish to install a non-Debian packaged Python application,
-  #     it may be easiest to use pipx install xyz, which will manage a
-  #     virtual environment for you. Make sure you have pipx installed.
-
-  #     See /usr/share/doc/python3.12/README.venv for more information.
-
-  # note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
-  # hint: See PEP 668 for the detailed specification.
-  ### end msg
-  #
-  ### That stuff doesn't work in trisquel.
-  python3 $tmp --user --break-system-packages
-  hash -r
-  python3 -m pip install --user pipx --break-system-packages
-  # todo: periodically run this:
-  # Upgrade pipx with python3 -m pip install --user --upgrade pipx
-fi
+# if [[ ! -e ~/.local/bin/pip ]]; then
+#   tmp=$(mktemp)
+#   wget -O$tmp https://bootstrap.pypa.io/get-pip.py
+#   ### begin msg from below without
+#   #   error: externally-managed-environment
+
+#   # × This environment is externally managed
+#   # ╰─> To install Python packages system-wide, try apt install
+#   #     python3-xyz, where xyz is the package you are trying to
+#   #     install.
+
+#   #     If you wish to install a non-Debian-packaged Python package,
+#   #     create a virtual environment using python3 -m venv path/to/venv.
+#   #     Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
+#   #     sure you have python3-full installed.
+
+#   #     If you wish to install a non-Debian packaged Python application,
+#   #     it may be easiest to use pipx install xyz, which will manage a
+#   #     virtual environment for you. Make sure you have pipx installed.
+
+#   #     See /usr/share/doc/python3.12/README.venv for more information.
+
+#   # note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
+#   # hint: See PEP 668 for the detailed specification.
+#   ### end msg
+#   #
+#   # The instructions from the message of course dont work in trisquel. I
+#   # tried using --break-system-packages, but then trying to use pipx
+#   # failed with something like: no module ensurepath, and again
+#   # complained that I should install system packages, but this time
+#   # there was no alternative. So, fuck it, just getting the system
+#   # package from ubuntu for now.
+#   python3 $tmp --user
+#   hash -r
+#   python3 -m pip install --user pipx --break-system-packages
+#   # todo: periodically run this:
+#   # Upgrade pipx with python3 -m pip install --user --upgrade pipx
+# fi
 
+pi pipx
 
 # run appimages without manually extracting.
 # https://github.com/AppImage/AppImageKit/wiki/FUSE
@@ -1768,7 +1774,7 @@ esac
 
 
 # I ran this initially to make sure things were working, but don't need it again.
-pipx ensurepath -v
+#pipx ensurepath -v
 #
 # in brackets are nondefault plugins
 pipx install 'beets[lyrics,discogs,mbsync]'

diff --git a/iank-shorewall-fix b/iank-shorewall-fix
new file mode 100755 (executable)
index 0000000..6dc7b95
--- /dev/null
+++ b/iank-shorewall-fix
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -xe
+
+home_ip=108.26.192.250
+a=$(md5sum /etc/shorewall/rules)
+l="ACCEPT  net:$home_ip      fw      tcp     ssh  # iank"
+sed -ri "s/^.*[[:space:]]ssh[[:space:]]*# *iank *$/$l/" /etc/shorewall/rules
+if ! grep -qF $home_ip /etc/shorewall/rules; then
+  echo "
+
+############## ############# ERROR SED FAILED!!!################
+
+"
+fi
+b=$(md5sum /etc/shorewall/rules)
+if [[ $a != "$b" ]]; then
+  echo "diff:$a $b"
+  shorewall restart
+fi

diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/librestation01 b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/librestation01
new file mode 100644 (file)
index 0000000..da55e90
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/librestation01
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.97 255.255.255.0

diff --git a/machine_specific/librestation01/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/librestation01/filesystem/etc/systemd/system/openvpn-client-tr@.service
new file mode 100644 (file)
index 0000000..74f629c
--- /dev/null
+++ b/machine_specific/librestation01/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=OpenVPN tunnel for %I
+After=syslog.target network-online.target
+Wants=network-online.target
+Documentation=man:openvpn(8)
+Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+Requires=iptables.service
+
+[Service]
+Type=notify
+RuntimeDirectory=openvpn-client
+RuntimeDirectoryMode=0710
+WorkingDirectory=/etc/openvpn/client
+ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
+# todo, try reenabling this from the default openvpn,
+# it was disabled so we could do bind mounts as a command,
+# but now systemd handles it
+#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+LimitNPROC=10
+# DeviceAllow=/dev/null rw
+# DeviceAllow=/dev/net/tun rw
+
+# we use .1 to make this be on a different network than kd, so that we can
+# talk to transmission on kd from remote host, and still use this
+# vpn.
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.97 start %i
+ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
+# allow wireguard network to connect
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.97.1 dev veth1-client
+ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
+PrivateNetwork=true
+BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
+
+[Install]
+WantedBy=multi-user.target

diff --git a/shellcheck-this-repo b/shellcheck-this-repo
index 80ec3f71a2aadd05dfb5606f08bc17dc004ad279..089e4f5682e8b7d68ef9dcd80acecb0ea1e6c64c 100755 (executable)
--- a/shellcheck-this-repo
+++ b/shellcheck-this-repo
@@ -23,7 +23,7 @@ declare -a ls_files standard_files
 # used in other files that source them. Using -a like this is the only
 # way to solve it. We can't just -a on everything because then we would
 # get various files I didn't write and that don't pass shellcheck.
-sk -a ${a_files[@]}
+sk ${a_files[@]}
 
 
 tmp=$(git ls-files && git ls-files --others --exclude-standard)
@@ -37,7 +37,7 @@ for f in "${ls_files[@]}"; do
     fi
   done
   if $skip; then continue; fi
-  if sk-p "$f"; then
+  if sk-p "$f" && [[ $f != *.conf ]]; then
     standard_files+=("$f")
   fi
 done