hrcat() { local f; for f; do [[ -f $f ]] || continue; hr; echo "$f"; cat "$f"; done }
+
+nebulaup() {
+ pushd /a/opt
+ p=/slackhq/nebula/releases/;
+ up=https://github.com/$(curl -s https://github.com$p| grep -o $p'download/[^/]*/nebula-linux-amd64[^"]*' | head -n1)
+ if wget -nv -N "$up" |& grep . &>/dev/null || [[ ! -e /a/opt/nebula/nebula ]]; then
+ mkdir -p /a/opt/nebula
+ tar -C /a/opt/nebula -zxf nebula-linux-amd64.tar.gz
+ fi
+ popd
+}
+
# get latest hub and run it
# main command to use:
# hub pull-request --no-edit
# note, i had --delete-excluded, but that deletes all files in --exclude-from on
# the remote site, which doesn't make sense, so not sure why i had it.
local p a
- p=(/a/opt/{emacs-debian10{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
+ p=(/a/opt/{emacs-debian10{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /a/opt/nebula)
a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
ret=0
for h in li je bk; do
idle_time=$idle_limit
id=999
while id $((++id)) &>/dev/null; do
- new_idle_time=$(su -c xprintidle $(id -nu $id) 2>/dev/null) ||:
+ new_idle_time=$(sudo -u \#$id xprintidle 2>/dev/null) ||:
if [[ $new_idle_time && $new_idle_time -lt $idle_time ]]; then
idle_time=$new_idle_time
fi
#### setup passwordless sudo
+
+tu /etc/sudoers <<EOF
+$USER ALL=(ALL) NOPASSWD: ALL
+Defaults env_keep += SUDOD
# always_set_home
# makes ubuntu be like debian
# https://unix.stackexchange.com/a/91572
-
+Defaults always_set_home
# umask: default setting is to have minimum umask of 0022
# This lets us have user-specific umasks which are more permissive.
# I did this for transmission and set it's umask gecos on install,
# see there for more info.
-
-tu /etc/sudoers <<EOF
-$USER ALL=(ALL) NOPASSWD: ALL
-Defaults env_keep += SUDOD
-Defaults always_set_home
Defaults !umask
+# i use sudo in cronjobs, it spams the logs rather uselessly
+# https://stackoverflow.com/questions/14277116/suppress-log-entry-for-single-sudo-commands
+Defaults:root,iank !log_allowed, !pam_session
EOF
# EOF
+if [[ -e /etc/nebula-host.crt ]]; then
+ r=0
+ ser status nebula &>/dev/null || r=$?
+ if (( r == 4 )); then
+ ser daemon-reload
+ fi
+ sgo nebula
+fi
+
+
###### begin website setup
case $HOSTNAME in
li|bk|je)
m cp /p/.linphonerc-initial ~/.linphonerc
fi
+# linphone in t10 wont do dns with systemd-resolved or something
+s teeu /etc/hosts <<'EOF'
+74.94.156.215 watson.fsf.org
+EOF
+
+
### begin spd install
if mountpoint /p &>/dev/null; then
dynhost=i.b8.nz
;;
*)
- exit 0
+ return 0
;;
esac
fi
if ! $up4 && ! $up6; then
- exit 0
+ return 0
fi
# note, a simpler way to do this would be to ssh and use
sed -i 's/^server .*/server bk.b8.nz/' $f
nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
- exit
- # # persistent initial setup for this:
- # # create files in /a/c/machine_specific/vps/filesystem/etc/bind
- # # note, conflink also does some group ownership stuff.
- mkc /p/c/machine_specific/vps/filesystem/etc/bind
- sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
- user=$(id -un)
- sudo chown $user:$user *
-
-
- f=key.b8.nz
- cat >$f <<EOF
-key b8.nz. {
-algorithm HMAC-SHA512;
-secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
-};
-EOF
-
- chmod 640 [kK]*
-
- # push here?
- #myunison -ob li
- #ssh li conflink
- ssh li.b8.nz systemctl reload bind9
-
-
- # b8.nz has address 65.96.178.16
- # b8.nz has IPv6 address 2601:197:600:6efb:82fa:5bff:fe1c:6ecf
}
-# check if FD 0 (standard input) is a TTY.
-# simple way to see if this is a cronjob. not sure if its the best way.
-if test -t 0; then
- main
-else
+if [[ $INVOCATION_ID ]]; then
# this is to prevent systemd from filling up the journal
for (( runcount=0; runcount < 100; runcount++ )); do
main
sleep 30
done
+else
+ main
fi
+
+
+
+
+
+exit 0
+
+
+# # # persistent initial setup for this:
+# # # create files in /a/c/machine_specific/vps/filesystem/etc/bind
+# # # note, conflink also does some group ownership stuff.
+# mkc /p/c/machine_specific/vps/filesystem/etc/bind
+# sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
+# user=$(id -un)
+# sudo chown $user:$user *
+
+
+# f=key.b8.nz
+# cat >$f <<EOF
+# key b8.nz. {
+# algorithm HMAC-SHA512;
+# secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
+# };
+# EOF
+
+# chmod 640 [kK]*
+
+# # push here?
+# #myunison -ob li
+# #ssh li conflink
+# ssh li.b8.nz systemctl reload bind9
+
+
+# # b8.nz has address 65.96.178.16
+# # b8.nz has IPv6 address 2601:197:600:6efb:82fa:5bff:fe1c:6ecf
--- /dev/null
+[Unit]
+Description=nebula
+Wants=basic.target
+After=basic.target network.target
+Before=ssh.service
+
+[Service]
+SyslogIdentifier=nebula
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStart=/a/opt/nebula/nebula -config /etc/nebula-config.yml
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
idle_limit=$((1000 * 60 * 45))
-idle_time=$(su -c xprintidle $(id -nu 1000) 2>/dev/null) ||:
+idle_time=$(sudo -u '#1000' xprintidle 2>/dev/null) ||:
if [[ $idle_time && $idle_limit -lt $idle_time ]]; then
btrbk run
fi
signing-party
sipcalc
socat
+ # add-apt-repository
+ software-properties-common
sqlite3-doc
squashfs-tools
strace
bindsym $mod+Shift+p restart
-# bar {
-# #status_command i3status
-# #status_command /usr/local/bin/myi3status
-# mode hide
-# hidden_state hide
+bar {
+status_command i3status
+#status_command /usr/local/bin/myi3status
+mode hide
+hidden_state hide
# font pango:monospace 14
-# }
+}
iankelling.org / git / distro-setup / commitdiff