# see comments in brc2 sl() function for background.
if [[ $SSH_CONNECTION ]] \
&& [[ $BRC != t ]]; then
+ brc() {
+ export BRC=t
+ source ~/.bashrc
+ }
return 0
else
~/.local/distro-begin: distro-begin mail-setup /a/bin/buildscripts/emacs ssh-emacs-setup
distro-begin
-~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc
+~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc /p/c/gen-fsf-vpn
distro-end
done
}
-
ediff() {
[[ ${#@} == 2 ]] || { echo "error: ediff requires 2 arguments"; return 1; }
emacs --eval "(ediff-files \"$1\" \"$2\")"
local active=true
systemctl is-active btrbk.timer || active=false
if $active; then
- ser disable btrbk.timer
+ ser stop btrbk.timer
fi
- if systemctl is-active btrbk.service; then
- $active && ser enable btrbk.timer
+ if [[ $(systemctl is-active btrbk.service ||:) != inactive ]]; then
echo "cron btrbk is already running"
+ if $active; then ser start btrbk.timer; fi
return 1
fi
# run latest
jrun -p btrbk btrbk-run "$@"
if $active; then
if (( $ret )); then
- echo bbk: WARNING: btrbk.timer not reenabled due to failure
+ echo bbk: WARNING: btrbk.timer not restarted due to failure
else
- ser enable btrbk.timer
+ ser start btrbk.timer
fi
fi
return $ret
m s nscd -i hosts
f=/etc/resolv.conf
echo $f:; ccat $f
- # this will fail is dnsmasq is failed
- hr; m ser status dnsmasq | cat || :
hr; s ss -lpn 'sport = 53'
- #hr; echo dnsmasq is $(systemctl is-active dnsmasq)
- f=/var/run/dnsmasq/resolv.conf
- hr; echo $f:; ccat $f
- hr; m grr '^ *(servers-file|server) *=|^ *no-resolv *$' /etc/dnsmasq.conf /etc/dnsmasq.d
- f=/etc/dnsmasq-servers.conf
- hr; echo $f:; ccat $f
+ if systemctl is-enabled dnsmasq &>/dev/null || [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then
+ # this will fail is dnsmasq is failed
+ hr; m ser status dnsmasq | cat || :
+ f=/var/run/dnsmasq/resolv.conf
+ hr; echo $f:; ccat $f
+ hr; m grr '^ *(servers-file|server) *=|^ *no-resolv *$' /etc/dnsmasq.conf /etc/dnsmasq.d
+ f=/etc/dnsmasq-servers.conf
+ hr; echo $f:; ccat $f
+ fi
+ if systemctl is-enabled systemd-resolved &>/dev/null || [[ $(systemctl is-active systemd-resolved ||:) != inactive ]]; then
+ hr; m ser status systemd-resolved | cat || :
+ hr; m systemd-resolve --status
+ fi
+
}
rcat() {
resolvcat | less
}
reresolv() {
sudo nscd -i hosts
- sudo systemctl restart dnsmasq
+ #sudo systemctl restart dnsmasq
}
# only run on MAIL_HOST. simpler to keep this on one system.
tp)
# kd disabled temporarily while its hot and i plan to work on it.
#targets=(frodo kd)
- targets=(frodo x3.b8.nz)
+ #targets=(frodo x2.b8.nz)
+ targets=(frodo)
# might not be connected to the vpn
- if timeout -s 9 10 ssh kw :; then
+ if timeout -s 9 6 ssh kw :; then
targets+=(kw)
fi
;;
kd)
targets=(frodo tp)
# might not be connected to the vpn
- if timeout -s 9 10 ssh kw :; then
+ if timeout -s 9 6 ssh kw :; then
targets+=(kw)
fi
;;
-
if ! which btrbk &>/dev/null; then
die "error: no btrbk binary found"
fi
for h in ${targets[@]}; do
if zone=$(ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then
# This is a separate ssh because xprintidle can fail and thats ok.
- if $cron && idle_ms=$(ssh $h DISPLAY=:0 xprintidle); then
+ if $cron && idle_ms=$(timeout -s 9 6 ssh $h DISPLAY=:0 xprintidle); then
if (( idle_ms < min_idle_ms )); then
# Ignore this host. i sometimes use a non-main machine for
fi
if [[ $source ]]; then
- m mount-latest-subvol $verbose_arg
+ m mount-latest-subvol
else
m /a/exe/mount-latest-remote ${targets[@]}
fi
echo "$0: error could not find root subvol mount for $dev" >&2
exit 1
fi
- svp=$root_dir/$subvol_dir
+ svp=$root_dir/$subvol_dir # subvolume path
d "svp=$svp # subvolume path"
snaps=($root_dir/btrbk/$subvol_dir.20*) # Assumes we are in the 21st century.
f=${s##*/}
unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s)
printf "%s %s\n" $unix_time $s
- done | sort -r | head -n 1 | awk '{print $2}'
+ # sort will fail
+ done | sort -r | head -n 1 | awk '{print $2}' || [[ ${PIPESTATUS[1]} == 2 ]]
)
if [[ ! $last_snap ]]; then
# should not happen.
##### end special extra stuff #####
- if [[ -e /etc/openvpn ]]; then
- sudo bash -c 'shopt -s nullglob && cd /etc/openvpn && for f in client/* server/*; do ln -sf $f .; done'
- fi
-
m sudo -H -u user2 "${BASH_SOURCE[0]}"
f=/a/bin/distro-setup/system-status
### make ssh interactive shell run better. for when running line interactively line by line
sudo bash -c '/a/exe/ssh-emacs-setup'
-if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
##### setup error handling
interactive=true # set this to false to force set -x
[[ $- == *i* ]] || interactive=false
pi rsync
- # from /usr/share/doc/dropbear-initramfs/README.initramfs.gz
- tmp=$(mktemp)
- while read -r m _; do /sbin/modinfo -F filename "$m"; done </proc/modules | \
- sed -nr "s@^/lib/modules/$(uname -r)/kernel/drivers/net(/.*)?/([^/]+)\.ko\$@\2@p" \
- | sudo dd of=$tmp
- if ! diff -q /etc/initramfs-tools/modules $tmp &>/dev/null; then
- sudo dd if=$tmp of=/etc/initramfs-tools/modules
+ ## /usr/share/doc/dropbear-initramfs/README.initramfs.gz
+ ## claims we need to do this. but it works fine without it.
+ # tmp=$(mktemp)
+ # while read -r m _; do /sbin/modinfo -F filename "$m"; done </proc/modules | \
+ # sed -nr "s@^/lib/modules/$(uname -r)/kernel/drivers/net(/.*)?/([^/]+)\.ko\$@\2@p" \
+ # | sudo dd of=$tmp
+ # if ! diff -q /etc/initramfs-tools/modules $tmp &>/dev/null; then
+ # sudo dd if=$tmp of=/etc/initramfs-tools/modules
+ # sudo /usr/sbin/update-initramfs -u -k all
+ # fi
+ #
+ ## if we were creating an intall for a different machine needing different modules, we could include them all like this:
+ ## find /lib/modules/*/kernel/drivers/net /lib/modules/*/kernel/net -type f -name '*.ko' -printf "%f\n" | sed 's/.ko$//' | sort -u >/etc/initramfs-tools/modules
+
+ # this is here to cleanup the leftover from the comments above. remove it eventually.
+ if [[ -s /etc/initramfs-tools/modules ]]; then
+ sudo truncate -s0 /etc/initramfs-tools/modules
sudo /usr/sbin/update-initramfs -u -k all
fi
+
# initram auth keys get setup with rootsshsync
$script_dir/rootsshsync
# then for remote unlock, ssh and do this once per crypt disk:
esac
fi
-if has_x; then
+if has_monitor; then
+
+ # sway not packaged for t9, not bothering to build it yet since
+ # i3 doesnt seem to tear and stutter on video anymore.
+ if [[ $codename == buster ]]; then
+ pi sway xwayland
+ fi
+
+
###### install X
pi i3
- if isarch; then
- # xorg-xmessage for displaying error messages.
- # optional dependency in arch, standard elsewhere.
- pi xorg-server xorg-xmessage xorg-xsetroot xorg-xinit
- fi
##### install xinput
case $(distro-name) in
trisquel|ubuntu|debian)
pi xinput
;;
- arch)
- pi xorg-xinput
- ;;
esac
- #### install redshift
- case $(distro-name) in
- trisquel|ubuntu|debian)
- # recommends gets us geoclue (for darkening automatically at night i assume),
- # which recommends modemmanager, which is annoying to fix for the model01 keyboard.
- pi --no-install-recommends gtk-redshift
- ;;&
- arch)
- pi redshift
- ;;&
- esac
+ # recommends gets us geoclue (for darkening automatically at night i assume),
+ # which recommends modemmanager, which is annoying to fix for the model01 keyboard.
+ pi --no-install-recommends gtk-redshift
##### setup X autostart
# todo, figure this out for arch if we ever try out gnome.
[SeatDefaults]
session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
EOF
-fi
-### install and configure wayland
-if has_wayland; then
- pi sway xwayland
+
# originally used xkbcomp, documented in input-setup.sh, this doesnt
# work under wayland, but its still useful for creating the config,
# then modifying the system files.
sudo sed -i.orig '/key *<KPMU> *{/,/}/s/KP_Multiply/underscore/g' /usr/share/X11/xkb/symbols/keypad
-fi
-##### basic graphical packages
-if has_monitor; then
+ ##### basic graphical packages
pi konsole suckless-tools
fi
+
##### install emacs
if $emacs; then
if isarch; then
#!/bin/bash
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
-if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
+export BRC=t; if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
### setup
source /a/bin/errhandle/err
EOF
- ;;
+ ;;&
+ etiona)
+ sd /etc/apt/preferences.d/etiona-bionic <<'EOF'
+Package: *
+Pin: release n=bionic
+Pin-Priority: -100
+
+Package: firefox gnome-screenshot gnome-icon-theme libnautilus-extension1a gnome-settings-daemon nautilus yelp gnome-settings-daemon-schemas nautilus-data ubuntu-wallpapers gnome-control-center gnome-control-center-data gnome-control-center-faces libsnapd-glib1 ubuntu-wallpapers-bionic gir1.2-snapd-1 ubuntu-drivers-common ubuntu-docs libyelp0
+Pin: release n=bionic
+Pin-Priority: 500
+EOF
+ ;;&
*)
if isdeb; then
pi debian-goodies shellcheck
######### end irc periodic backup #############
-case $distro in
- debian|trisquel|ubuntu)
- # suggests resolvconf package. installing it here is redundant, but make sure anyways.
- # todo: check other distros to make sure it\'s installed
- pi-nostart openvpn resolvconf
- # pi-nostart does not disable
- ser disable openvpn
- ;;
- *) pi openvpn;;
-esac
+pi-nostart openvpn
+# pi-nostart does not disable
+ser disable openvpn
+
+/p/c/gen-fsf-vpn
m /a/bin/distro-setup/radicale-setup
# for my roommate
case $distro in
trisquel)
+ # cant do buster due to old gpg
m mkschroot debian stretch firefox-esr pulseaudio chromium
;;
debian)
########### misc stuff
-pi-nostart network-manager
-# make networkmanager use resolvconf instead of its own dnsmasq which
-# conflicts with the normal dnsmasq package.
-f=/etc/NetworkManager/NetworkManager.conf
-m=$(md5sum $f)
-sudo sed -ri '/ *\[main\]/,/^ *\[[^]]+\]/{/^\s*dns[[:space:]=]/d}' $f
-sudo sed -ri '/ *\[main\]/a dns=default' $f
-if [[ $m != $(md5sum $f) ]]; then
- srestart NetworkManager
-fi
+case $(debian-codename) in
+ # needed for debootstrap scripts for fai since fai requires debian
+ flidas)
+ pi dnsmasq
+ pi-nostart network-manager
+ # make networkmanager use resolvconf instead of its own dnsmasq which
+ # conflicts with the normal dnsmasq package.
+ f=/etc/NetworkManager/NetworkManager.conf
+ m=$(md5sum $f)
+ sudo sed -ri '/ *\[main\]/,/^ *\[[^]]+\]/{/^\s*dns[[:space:]=]/d}' $f
+ sudo sed -ri '/ *\[main\]/a dns=default' $f
+ if [[ $m != $(md5sum $f) ]]; then
+ srestart NetworkManager
+ fi
+ # networkmanager has this nasty behavior on flidas: if the machine
+ # crashes with dnsmasq running, on subsequent boot, it adds an entry to
+ # resolvconf for 127.0.0.1 in some stupid attempt to restore
+ # nameservers.
+ # This can be manually fixed by stoping dnsmasq,
+ # then based on whats in /run/dnsmasq/, i see we can run
+ # s resolvconf -d NetworkManager
+ # oh ya, and stoping NetworkManager leaves this crap behind without cleaning it up.
+ ser disable NetworkManager
+ ;;
+esac
# make my /etc/fonts/conf.d/ get used.
# I have a new sans-serif font there because the default one
# nfs server
pi-nostart nfs-kernel-server
-# networkmanager has this nasty behavior on flidas: if the machine
-# crashes with dnsmasq running, on subsequent boot, it adds an entry to
-# resolvconf for 127.0.0.1 in some stupid attempt to restore
-# nameservers.
-# This can be manually fixed by stoping dnsmasq,
-# then based on whats in /run/dnsmasq/, i see we can run
-# s resolvconf -d NetworkManager
-# oh ya, and stoping NetworkManager leaves this crap behind without cleaning it up.
-ser disable NetworkManager
if [[ $HOSTNAME == frodo ]]; then
cmd="sudo /usr/sbin/checkrestart -p"
if [[ $($cmd | sed '/^Found 0 processes using old versions of upgraded files$/d' | wc -l) != 0 ]]; then
- $cmd -v | pee cat "wall -n"
+ $cmd | pee cat wall
fi
# no automatic reboot for these hosts
if [[ -e $f ]]; then
source $f
fi
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- local_mx=mail.iankelling.org
- mkdir -p /etc/letsencrypt/live/$local_mx
- chmod 700 /etc/letsencrypt/live
- rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
- ${rsync_common}fullchain.pem /etc/exim4/exim.crt
- ret=$?
- ${rsync_common}privkey.pem /etc/exim4/exim.key
- new_ret=$?
- if [[ $ret != $new_ret ]]; then
- echo "$0: error: differing rsync returns, $ret, $new_ret"
- exit 1
- fi
+if [[ $HOSTNAME != "$MAIL_HOST" ]]; then
+ exit 0
fi
-if [[ $new_ret != 0 ]]; then
- if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then
- echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
- exit 1
- fi
+local_mx=mail.iankelling.org
+mkdir -p /etc/letsencrypt/live/$local_mx
+chmod 700 /etc/letsencrypt/live
+rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
+# allow for temporary connection issues
+${rsync_common}fullchain.pem /etc/exim4/exim.crt ||:
+${rsync_common}privkey.pem /etc/exim4/exim.key ||:
+if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then
+ echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
+ exit 1
fi
exit 0
EOF
# The file is based on the outgoing domain-name in the from-header.
DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
# sign if key exists
-DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
+DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
# most of the ones that gmail seems to use.
# Exim has horrible default of signing unincluded
/^127\.0\.1\.1.* mail\.iankelling\.org\b/{p;d}
/^127\.0\.1\.1 /s/ *$/ mail.iankelling.org/
EOF
+
+ # note: systemd-resolved will consult /etc/hosts, dnsmasq wont. this assumes
+ # weve configured this file in dnsmasq if we are using it.
/a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]]
server=/mail.iankelling.org/127.0.1.1
EOF
if systemctl is-active dnsmasq >/dev/null; then
m systemctl restart dnsmasq
- m nscd -i hosts
fi
+ m nscd -i hosts
# I used to use debconf-set-selections + dpkg-reconfigure,
# which then updates this file
;;
# * not MAIL_HOST
*) # $HOSTNAME != $MAIL_HOST
- # remove mail. 2 lines to properly remove whitespace
+ # remove mail. uses 2 lines to properly remove whitespace
sed -ri -f - /etc/hosts <<'EOF'
s#^(127\.0\.1\.1 .*) +mail\.iankelling\.org$#\1#
s#^(127\.0\.1\.1 .*)mail\.iankelling\.org +(.*)#\1\2#
echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
if systemctl is-active dnsmasq >/dev/null; then
- m nscd -i hosts
m systemctl restart dnsmasq # reload does not ensure new config is used
fi
+ m nscd -i hosts
m systemctl disable mailclean.timer &>/dev/null ||:
m systemctl stop mailclean.timer &>/dev/null ||:
m usermod -u 608 Debian-exim
m groupmod -g 608 Debian-exim
m usermod -g 608 Debian-exim
- m find / /nocow -xdev -uid $uid -exec chown -h 608 {} +
- m find / /nocow -xdev -gid $gid -exec chgrp -h 608 {} +
+ m find / /nocow -path ./var/tmp -prune -o -xdev -uid $uid -execdir chown -h 608 {} +
+ m find / /nocow -path ./var/tmp -prune -o -xdev -gid $gid -execdir chgrp -h 608 {} +
fi
dillo
dirmngr
dnsutils
- dnsmasq
python-dnspython
python3-dnspython
dtrx
cd $(dirname $0)
teeu /etc/ssh/ssh_config 'SendEnv INSIDE_EMACS BRC COLUMNS'
+## note, duplicated in /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank
teeu /etc/ssh/sshd_config 'AcceptEnv INSIDE_EMACS BRC COLUMNS'
# get rid of useless motd stuff
sed -i --follow-symlinks 's/^\s*PrintLastLog .*/PrintLastLog no/' /etc/ssh/sshd_config
header :contains "list-id" "<freetype-devel.nongnu.org>",
header :contains "list-id" "<mailman-developers.python.org>",
header :contains "list-id" "<mailop.mailop.org>",
+ header :contains "list-id" "<linux-raid.vger.kernel.org>",
header :contains "list-id" "<xmonad.haskell.org>") {
if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
set :lower "listname" "${1}";
header :contains "list-id" "<discussion.lists.fsfe.org>",
header :contains "list-id" "<gnu-system-discuss.gnu.org>",
header :contains "from" "<general-info@artisansasylum.com>",
+ header :contains "list-id" "<discuss.lists.blu.org>",
header :contains "list-id" "<spdx.lists.spdx.org>"
) {
fileinto :create "community";
header :contains "list-id" "<seabios.seabios.org>",
header :contains "list-id" "<freetype-devel.nongnu.org>",
header :contains "list-id" "<mailman-developers.python.org>",
+ header :contains "list-id" "<linux-raid.vger.kernel.org>",
header :contains "list-id" "<mailop.mailop.org>",
header :contains "list-id" "<xmonad.haskell.org>") {
if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
header :contains "list-id" "<discussion.lists.fsfe.org>",
header :contains "list-id" "<gnu-system-discuss.gnu.org>",
header :contains "from" "<general-info@artisansasylum.com>",
+ header :contains "list-id" "<discuss.lists.blu.org>",
header :contains "list-id" "<spdx.lists.spdx.org>"
) {
fileinto :create "community";
iankelling.org / git / distro-setup / commitdiff