# This works in addition to HISTCONTROL to do more flexible things
# it could also do the same things as HISTCONTROL and thus replace it,
# but meh. dunno why, but just " *" does glob expansion, so use [ ] to avoid it.
-HISTIGNORE='pass *:otp *:oathtool *:histrm *'
+HISTIGNORE='pass *:otp *:oathtool *:histrm *:h *'
# note: duplicated in /a/bin/ds/filesystem/etc/profile.d/environment.sh
umask 022
--- /dev/null
+filesystem/usr/local/bin
\ No newline at end of file
mns-setup $ns
pid=$(servicepid $unit)
+ # i can't remember the exact reason i started exporting, but it does keep the
+ # environment vars perfectly accurate, whereas sudo -E does not quite. Although,
+ # we could just set those explicity, PATH is the main one. It also
+ # seems less secure since another process could modify the temp file.
tmpf=$(mktemp --tmpdir $unit.XXXXXXXXXX)
export -p >$tmpf
printf "%s " "${@@Q}" >>$tmpf
}
-mnsr() { # mns run
+mnsr() { # mns run (as normal user)
local ns=$1
+ local -a cmd
shift
- mns $ns sudo -u iank -E env "PATH=$PATH" "$@"
+ if [[ $1 ]]; then
+ cmd=("$@")
+ else
+ cmd=(bash)
+ fi
+ mns $ns sudo -u iank -E env "PATH=$PATH" "${cmd[@]}"
}
-mnsnonetr() {
+mnsnonetroot() {
ns=$1
lomh
if ! s ip netns list | grep -Fx nonet &>/dev/null; then
case $distro in
trisquel|ubuntu)
m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/bookworm.list/BOOKWORM_FREE \
- debian bookworm chromium
+ debian bookworm chromium fonts-noto-color-emoji
;;
debian)
- pi chromium
+ # fonts are for emojis, which tend to get used as buttons on the web.
+ pi chromium fonts-noto-color-emoji
;;
esac
### end gh ####
+##### begin docker install
+if ! pcheck "$@"; then
+ # https://docs.docker.com/engine/install/ubuntu/
+ # Add Docker's official GPG key:
+ sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+ sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+ # Add the repository to Apt sources:
+ echo \
+ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+ $(debian-codename-compat) stable" | \
+ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+ p update
+
+
+ # docker eats up a fair amount of cpu when doing nothing, so don't enable it unless
+ # we really need it.
+ pi-nostart docker-ce
+
+fi
+##### end docker install #####
+
# remove trisquel banner. it is cool but takes up too much space.
sudo rm -f /etc/update-motd.d/01-banner
b=firefox
fi
+tag=abrowser
+if (( $# >= 1 )); then
+ tag=$tag"${@:$#}"
+fi
+
# spawn and mark if we dont have a mark already
-if ! i3-focus-maybe abrowser; then
+if ! i3-focus-maybe $tag; then
i3-msg "workspace 2"
i3-split-maybe
for (( i=0; i < 15; i++ )); do
sleep 1
- if i3-msg "[workspace=__focused__ class=\"$b\" instance=\"Navigator\" window_role=\"browser\"] mark abrowser"; then
+ if i3-msg "[workspace=__focused__ class=\"$b\" instance=\"Navigator\" window_role=\"browser\"] mark $tag"; then
break
fi
done
# SPDX-License-Identifier: GPL-3.0-or-later
this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-readonly this_file
+readonly this_file this_dir="${this_file%/*}"
+
cd /
[[ $EUID == 0 ]] || exec sudo -E "$this_file" "$@"
set -e; . /usr/local/lib/bash-bear; set +e
shopt -s nullglob
+source "$this_dir/umount-funcs"
+
usage() {
cat <<EOF
Usage: ${0##*/} [OPTIONS] [SUBVOLUMES]
tu /etc/fstab <<<"$l"
done
}
-pid-check() {
- for p in ${pids}; do
- for m in ${my_pids[@]}; do
- if (( p == m )); then
- echo "$0: error: pids to kill includes our pid or a parent. ps output:" >&2
- ps -f -p $p
- exit 1
- fi
- done
- done
-}
-kill-dir() {
- for sig; do
- echo kill-dir $sig
- found_pids=false
- if pids=$(timeout 4 lsof -t $dir); then
- found_pids=true
- timeout 4 lsof -w $dir
- pid-check
- kill -$sig $pids
- fi
- # fuser will find open sockets that lsof won't, for example from gpg-agent.
- # note: -v shows kernel processes, which then doesn't return true when we want
- if pids=$(timeout 4 fuser -m $dir 2>/dev/null); then
- pid-check
- found_pids=true
- fuser -$sig -mvk $dir
- fi
- sleep .5
- if ! $found_pids; then
- return 0
- fi
- done
- return 1
-}
-umount-kill() {
- dir=$1
- if mountpoint -q $dir; then
- if m umount -R $dir; then
- unmounted+=($dir)
- else
- if ! kill-dir TERM TERM TERM INT INT HUP HUP TERM TERM TERM INT INT HUP HUP; then
- if $force; then kill-dir KILL; fi
- fi
- if m umount -R $dir; then
- unmounted+=($dir)
- else
- echo "$0: failed to umount $dir"
- umount_ret=false
- ret=1
- fi
- fi
- fi
-}
# duplicated in check-subvol
# Reassign $1 var from /dev/dm- to corresponding /dev/mapper/
##### end setup fstab for subvols we care about ######
-### begin get pids that this program depends on so we dont kill them
-my_pids=($$ $PPID)
-loop_limit=30
-count=0
-while [[ ${my_pids[-1]} != 1 && ${my_pids[-1]} != "${my_pids[-2]}" && $count -lt $loop_limit ]]; do
- count=$((count + 1))
- p=$(ps -p ${my_pids[-1]} -o ppid=)
- if [[ $p == 0 || ! $p ]]; then
- break
- fi
- my_pids+=($p)
-done
-### end get pids that this program depends on so we dont kill them
for vol in ${all_vols[@]}; do
d=/$vol
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-hn=$(hostname -f)
+hn=$(hostname)
source /a/bin/bash_unpublished/source-state
d() {
switch-mail-host
)
for f in ${install_bin_files[@]}; do
- if ! diff -q /a/bin/ds/$f /usr/local/bin/$f; then
+ if ! diff -q /a/bin/ds/filesystem/usr/local/bin/$f /usr/local/bin/$f; then
uninstalled-file-die $f
fi
done
--- /dev/null
+#!/bin/bash
+
+# meant to be sourced
+
+if ! type -p m &>/dev/null; then
+ m() {
+ printf "$0:${SSH_CLIENT:+ $HOSTNAME:} %s\n" "$*"
+ "$@"
+ }
+fi
+get-my-pids() {
+ if (( ${#my_pids[@]} )); then
+ return 0
+ fi
+ my_pids=($$ $PPID)
+ loop_limit=30
+ count=0
+ while [[ ${my_pids[-1]} != 1 && ${my_pids[-1]} != "${my_pids[-2]}" && $count -lt $loop_limit ]]; do
+ count=$((count + 1))
+ p=$(ps -p ${my_pids[-1]} -o ppid=)
+ if [[ $p == 0 || ! $p ]]; then
+ break
+ fi
+ my_pids+=($p)
+ done
+}
+pid-check() {
+ get-my-pids
+ for p in ${pids}; do
+ for m in ${my_pids[@]}; do
+ if (( p == m )); then
+ echo "$0: error: pids to kill includes our pid or a parent. ps output:" >&2
+ ps -f -p $p
+ exit 1
+ fi
+ done
+ done
+}
+kill-dir() {
+ for sig; do
+ echo kill-dir $sig
+ found_pids=false
+ if pids=$(timeout 4 lsof -t $dir); then
+ found_pids=true
+ timeout 4 lsof -w $dir
+ pid-check
+ kill -$sig $pids
+ fi
+ # fuser will find open sockets that lsof won't, for example from gpg-agent.
+ # note: -v shows kernel processes, which then doesn't return true when we want
+ if pids=$(timeout 4 fuser -m $dir 2>/dev/null); then
+ pid-check
+ found_pids=true
+ fuser -$sig -mvk $dir
+ fi
+ sleep .5
+ if ! $found_pids; then
+ return 0
+ fi
+ done
+ return 1
+}
+
+# leaf function. others are just used by this one.
+umount-kill() {
+ dir=$1
+ if mountpoint -q $dir; then
+ if m umount -R $dir; then
+ unmounted+=($dir)
+ else
+ if ! kill-dir TERM TERM TERM INT INT HUP HUP TERM TERM TERM INT INT HUP HUP; then
+ if $force; then kill-dir KILL; fi
+ fi
+
+ if m umount -R $dir; then
+ unmounted+=($dir)
+ else
+ echo "$0: failed to umount $dir"
+ umount_ret=false
+ ret=1
+ fi
+ fi
+ fi
+}
# it suddenly started working again.
#bindsym $mod+3 exec "abrowser 2>&1 >/tmp/l"
#bindsym $mod+3 exec "abrowser -no-remote -P sfw"
-bindsym $mod+4 $ex "i3-split-maybe"; exec "abrowser -no-remote -P firefox-main-profile"
+bindsym $mod+4 $ex "i3-abrowser -no-remote -P firefox-main-profile"
bindsym $mod+5 $ex "/a/bin/ds/stream-interlude"
bindsym $mod+6 $ex "i3-split-maybe"; exec "/usr/local/bin/start-tor-browser"
bindsym $mod+7 $ex "/a/bin/ds/myx"
#bindsym $mod+shift+e
bindsym $mod+r $ex "/a/bin/ds/xl"
+bindsym $mod+backslash $ex "gnome-screenshot"
+
bindsym $mod+t $ex "i3-set-layout splitv"
bindsym $mod+g $ex "i3-set-layout tabbed"
bindsym $mod+Shift+d move container to workspace 3
bindsym $mod+d workspace 3
-bindsym $mod+Shift+fq move container to workspace 2
+bindsym $mod+Shift+f move container to workspace 2
bindsym $mod+f workspace 2
bindsym $mod+Shift+z move container to workspace 5
-ifconfig-push 10.5.5.3 255.255.255.0
+ifconfig-push 10.5.5.7 255.255.255.0
+++ /dev/null
-ifconfig-push 10.5.5.7 255.255.255.0
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.3 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.7 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.3.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.7.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
+++ /dev/null
-[Unit]
-Description=OpenVPN tunnel for %I
-After=syslog.target network-online.target
-Wants=network-online.target
-Documentation=man:openvpn(8)
-Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
-Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
-Requires=iptables.service
-
-[Service]
-Type=notify
-RuntimeDirectory=openvpn-client
-RuntimeDirectoryMode=0710
-WorkingDirectory=/etc/openvpn/client
-ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
-# todo, try reenabling this from the default openvpn,
-# it was disabled so we could do bind mounts as a command,
-# but now systemd handles it
-#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-LimitNPROC=10
-# DeviceAllow=/dev/null rw
-# DeviceAllow=/dev/net/tun rw
-
-# we use .1 to make this be on a different network than kd, so that we can
-# talk to transmission on kd from remote host, and still use this
-# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.7 start %i
-ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
-# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.7.1 dev veth1-client
-ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
-PrivateNetwork=true
-BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
-
-[Install]
-WantedBy=multi-user.target
x_offset=$primary_x
left_right_arg=--right-of
- # This one is temporarily on the left. uncomment and move into conditional
- # when it isn't anymore.
- # [[ $secondary_out == DP-1 && $(edid card1-DP-1 ) == f3364bc6c1 ]]
+ # dp-1 moves from left to right sometimes, i just move it out of the
+ # conditional and comment it as needed.
if [[ $secondary_out == HDMI2 && $(edid card0-HDMI-A-2) == 192efbdcef ]] || \
+ [[ $secondary_out == DP-1 && $(edid card1-DP-1 ) == f3364bc6c1 ]] || \
[[ $secondary_out == HDMI-1 && $(edid card1-HDMI-A-1 ) == 7c58f9ac1e ]] || \
[[ $secondary_out == DP-2 && $(edid card1-DP-2 ) == 0c35564b67 ]]; then
left_right_arg=--left-of
debconf-doc
devscripts
dillo
+ digikam
+ # used by digikam for icons
+ breeze-icon-theme
dirmngr
dos2unix
dosfstools
units
uuid-runtime
vlc
+ # vlc stdout complains that it doesn't find a file from this package.
+ libvdpau-va-gl1
wamerican-huge
wireless-tools
w3m
+++ /dev/null
-#!/bin/bash
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-# restricted ssh does not allow arguments, but they exist in $SSH_ORIGINAL_COMMAND
-# debug
-dfile=/tmp/rshiank
-date >>$dfile
-echo SSH_ORIGINAL_COMMAND: $SSH_ORIGINAL_COMMAND >>$dfile
-
-if [[ ! $SSH_ORIGINAL_COMMAND ]]; then
- echo "no SSH_ORIGINAL_COMMAND" >&2
- exit 1
-fi
-
-mapfile -t cmds <<'EOF'
-# allow rsyncing into my ~/tmp
-rsync --server -re.iLsfxCIvu --log-format=X --partial . /home/iank/tmp
-EOF
-mapfile -t regex_cmds <<'EOF'
-EOF
-
-allow=false
-for c in "${regex_cmds[@]}"; do
- if [[ $c == \#* ]]; then continue; fi
- if [[ $SSH_ORIGINAL_COMMAND =~ $c ]]; then
- allow=true
- break
- fi
-done
-if ! $allow; then
- for c in "${cmds[@]}"; do
- # echo "c $c" # debug
- if [[ $c == \#* ]]; then continue; fi
- if [[ $SSH_ORIGINAL_COMMAND == "$c" ]]; then
- allow=true
- break
- fi
- done
-fi
-if $allow; then
- eval $SSH_ORIGINAL_COMMAND || exit $?
-else
- echo "rshiank: failed command: $SSH_ORIGINAL_COMMAND" | tee -a $dfile
-fi
player-operation-mode=pseudo-gui
replaygain=track
+# by default mpv does not hardware decode, but the distro package has
+# /etc/mpv/mpv.conf : hwdec=vaapi that makes android videos black and
+# white on one of my computers. vlc uses this library, which works on
+# that computer, so going with that for now. This config file overrides
+# the /etc one.
+hwdec=vdpau
+
# use --profile d
[d]
loop-file=inf
iankelling.org / git / distro-setup / commitdiff