if [[ -s $bashrc_dir/path-add-function ]]; then
source $bashrc_dir/path-add-function
if [[ $SSH_CLIENT ]]; then
- # [[ -d /home/iank/.iank/e/e ]] mounts it unnecessarily, so use this.
- if grep -qF /home/iank/.iank/e/e /etc/auto.iank /etc/exports &>/dev/null; then
+ if grep -qF /home/iank/.iank/e/e /etc/exports &>/dev/null; then
export EMACSDIR=/home/iank/.iank/e/e
fi
path-add $bashrc_dir
}
ccomp rsync rsd rsa rst rsu
+# find programs listening on a port
+ssp() {
+ local port=$1
+ # to figure out these args, i had to look at the man page from git version, as of 2022-04.
+ s ss -lpn state listening sport = $port
+}
+
resolvcat() {
local f
if [[ $(systemctl is-active nscd ||:) != inactive ]]; then
fi
f=/etc/resolv.conf
echo $f:; ccat $f
- hr; s ss -lpn 'sport = 53'
+ hr; s ss -lpn sport = 53
if systemctl is-enabled dnsmasq &>/dev/null || [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then
# this will fail is dnsmasq is failed
hr; m ser status dnsmasq | cat || :
path-add --ifexists --end /a/opt/adt-bundle*/tools /a/opt/adt-bundle*/platform-tools
path-add --ifexists --end /a/opt/scancode-toolkit-3.10.
+case $HOSTNAME in
+ sy|bo)
+ # https://askubuntu.com/questions/1254544/vlc-crashes-when-opening-any-file-ubuntu-20-04
+ if grep -qE '^VERSION_CODENAME="(nabia|focal)"' /etc/os-release &>/dev/null; then
+ export MESA_LOADER_DRIVER_OVERRIDE=i965
+ fi
+ ;;
+esac
+
export WCDHOME=/a
# note, i had --delete-excluded, but that deletes all files in --exclude-from on
# the remote site, which doesn't make sense, so not sure why i had it.
local p a
- p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
+ # excluding emacs for now
+ #p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
+ p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
ret=0
for h in li je bk; do
m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$?
- # only li is debian11
- p[0]=/a/opt/emacs-ubuntu20.04
- p[1]=/a/opt/emacs-ubuntu20.04-nox
+ ## only li is debian11
+ #p[0]=/a/opt/emacs-trisuqel10
+ #p[1]=/a/opt/emacs-trisquel10-nox
done
m s rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
return $ret
done
}
+allmygajim() {
+ sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank'" | less
+}
+
gajlogs() {
sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs" | less
}
else
if [[ -s $statefile ]]; then
logsec=$(date +%s -d "$(head -n1 $statefile | awk '{print $1,$2}')")
- if (( logsec < EPOCHSECONDS - 60*60*20 )); then
- echo $0: host $h ssh /usr/local/bin/check-mailq fail for over 20 hours
+ case h in
+ frodo)
+ hours=200
+ ;;
+ *)
+ hours=20
+ ;;
+ esac
+ if (( logsec < EPOCHSECONDS - 60*60*hours )); then
+ echo $0: host $h ssh /usr/local/bin/check-mailq fail for over $hours hours
fi
fi
printf "%s\n" "$c" | ts "%F %T" >> $statefile
sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts
fi
-# firefox exists but is 2 versions outdated
+# libfdk just has some patent worries.
+# https://www.gnu.org/licenses/license-list.en.html#fdk
if isdeb && [[ $(debian-codename) == nabia ]]; then
sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF'
-Package: unrar-free firefox libfdk-aac1 ansible
+Package: libfdk-aac1
Pin: release n=focal,o=Ubuntu
Pin-Priority: 500
EOF
Pin-Priority: -100
EOF
-
fi
EOF
;;
nabia)
+ # note, to get the latest, it would be n=bullseye*
+ # but that has conflicting package versions, so this does the old one.
+ # I only use it for special rare purposes. Just keep in mind it is an
+ # outdated insecure version.
sd /etc/apt/preferences.d/chromium-bullseye <<EOF
Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
-Pin: release o=Debian*,n=bullseye*
+Pin: release o=Debian*,n=bullseye
Pin-Priority: 500
EOF
;;
- name: standard
rules:
-## uncomment for testing an alert firing
+# ## uncomment for testing an alert firing
# - alert: test-alert4
# expr: vector(1)
-# # expr: nonexistent_metric
# for: 0m
# labels:
# severity: day
labels:
severity: prod
+# 17 minutes: if we reboot causing 1 send to fail, thats 10 minutes. we
+# test this every 5 minutes, so thats 15 minutes at most.
- alert: mailtest_check_vps
expr: |-
- time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 12
+ time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 17
labels:
severity: day
annotations:
- summary: '12 minutes down'
+ summary: '17 minutes down'
- alert: mailtest_check_unexpected_spamd_vps
expr: |-
- alert: mailtest_check_mailhost
expr: |-
- time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 12
+ time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 17
labels:
severity: day
annotations:
- summary: '12 minutes down'
+ summary: '17 minutes down'
# 20 minutes. just allow for more due to prod alert.
- alert: mailtest_check_gnu_mailhost
--- /dev/null
+# This is very strange. perhaps the initramfs ssh daemon was still
+# holding open the port somehow.
+#
+# Apr 26 07:26:32 x2 systemd[1]: Starting OpenBSD Secure Shell server...
+# Apr 26 07:26:33 x2 sshd[1256]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
+# Apr 26 07:26:33 x2 sshd[1256]: error: Bind to port 22 on :: failed: Address already in use.
+# Apr 26 07:26:33 x2 sshd[1256]: fatal: Cannot bind any address.
+# Apr 26 07:26:33 x2 systemd[1]: ssh.service: Main process exited, code=exited, status=255/EXCEPTION
+# Apr 26 07:26:33 x2 systemd[1]: ssh.service: Failed with result 'exit-code'.
+# Apr 26 07:26:33 x2 systemd[1]: Failed to start OpenBSD Secure Shell server.
+
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+Restart=always
+RestartSec=20
+
+ExecStopPost=+/usr/bin/ss -lpn state listening sport = 22
# random keybind, feel free to change
bindsym $mod+Shift+m border toggle
+# toggle tiling / floating
+bindcode $mod+Shift+65 floating toggle
+
+# change focus between tiling / floating windows
+bindcode $mod+65 focus mode_toggle
+# Use Mouse+$mod to drag floating windows to their wanted position
+floating_modifier $mod
+
bindsym $mod+j exec emacsclient -c
bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
# todo: run mailping test after running, or otherwise
# clear out terminal alert
-# todo: on bk, dont send email if mailvpn is not up
-
-# todo: mailtest-check should check on bk too
-
# todo: disable postgrey
# todo: in testforward-check, we should also look
EOF
rm -fv /etc/exim4/data_local_acl # old path
+
i /etc/exim4/conf.d/data_local_acl <<'EOF'
# Except for the "condition =", this was
# a comment in the check_data acl. The comment about this not
warn
!hosts = +iank_trusted
+ # They dont send spam, but needed this because
+ # smarthosts connect with residential ips and thus get flagged as spam.
+ !authenticated = plain_server:login_server
condition = ${if < {$message_size}{5000K}}
spam = Debian-exim:true
add_header = X-Spam_score_int: $spam_score_int
add_header = X-Spam_action: $spam_action
warn
+ !authenticated = plain_server:login_server
condition = ${if def:malware_name}
remove_header = Subject:
add_header = Subject: [Clamav warning: $malware_name] $h_subject
# note: cronjob "ian" also does some important monitoring
# todo: this will sometimes cause an alert because mailtest-check will run
# before we have setup network namespace and spamassassin
- cat >/etc/cron.d/mailtest <<EOF
+ i /etc/cron.d/mailtest <<EOF
SHELL=/bin/bash
PATH=/usr/bin:/bin:/usr/local/bin
MAILTO=daylert@iankelling.org
*/5 * * * * $u send-test-forward |& log-once send-test-forward
*/10 * * * * root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod
-# todo: delete, this is old
-#*/5 * * * * root timeout 290 mailtest-check slow |& log-once -1 mailtest-check
# if a bounce happened yesterday, dont let it slip through the cracks
8 1 * * * root export MAILTO=alerts@iankelling.org; [[ -s /var/log/exim4/mainlog.1 ]] && awk '\$5 == "**"' /var/log/exim4/mainlog.1
EOF
m sudo rsync -ahhi --chown=root:root --chmod=0755 \
/b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
- cat >/etc/systemd/system/mailtest-check.service <<'EOF'
+ i /etc/systemd/system/mailtest-check.service <<'EOF'
[Unit]
Description=mailtest-check
After=local-fs.target
froms=(ian@iankelling.org z@zroe.org testignore@je.b8.nz iank@gnu.org)
;;
je)
- froms=(ian@iankelling.org z@zroe.org testignore@expertpathologyreview.com testignore@amnimal.ninja)
+ froms=(ian@iankelling.org z@zroe.org iank@gnu.org testignore@amnimal.ninja)
folders=(/m/md/je.b8.nz/testignore)
;;
*)
umount $d
fi
done
+cd /
umount /mnt/tmptimer
# random keybind, feel free to change
bindsym $mod+Shift+m border toggle
+# toggle tiling / floating
+bindcode $mod+Shift+65 floating toggle
+
+# change focus between tiling / floating windows
+bindcode $mod+65 focus mode_toggle
+# Use Mouse+$mod to drag floating windows to their wanted position
+floating_modifier $mod
+
bindsym $mod+j exec emacsclient -c
bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
# random keybind, feel free to change
bindsym $mod+Shift+m border toggle
+# toggle tiling / floating
+bindcode $mod+Shift+65 floating toggle
+
+# change focus between tiling / floating windows
+bindcode $mod+65 focus mode_toggle
+# Use Mouse+$mod to drag floating windows to their wanted position
+floating_modifier $mod
+
bindsym $mod+j exec emacsclient -c
bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
## begin check on btrbk
-age_limit_sec=$(( 60 * 60 * 74 )) # 74 hours
+age_limit_sec=$(( 60 * 60 * 24 * 7 )) # 7 days.
for prefix in root boot; do
if [[ $prefix == boot ]]; then
# its not uncommon for the /boot subvol to have no changes, and thus
# no new backups for 10 days or so. todo: instead of this error
# prone check, we should make it so the ziva computer will
# touch a file on our computer whenever btrbk succeeds
- age_limit_sec=$(( age_limit_sec + 60* 60 * 24 * 15 ))
+ age_limit_sec=$(( age_limit_sec + 60* 60 * 24 * 35 ))
fi
vol=${prefix}_ubuntubionic
snaps=(/mnt/r7/amy/$prefix/btrbk/${vol}.20*)
iankelling.org / git / distro-setup / commitdiff