ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDX42yru/h6r6UDRy/VwVZjcYEmNLG5/SUjv7xwu43OaW0wL+uHYg2rkfn4Ygh5o1I5pgBh2SWg8TeWuVGhgL1SCuBzzeai/+58Sny065Qak+D2WjVOuRonRelh+CBA5EpNZPuiWQkoWdf9NACTBCbS2Zu7r8OOgRqu/ruaDNePlG5+U0Wlpy3oBnpbzQiuSA3AKMW30fsCJtOBjz5qQaiPbYEKJy3AOvtbq10wliKx9TpsTzrq8dKWs7PLhZnzqVCsaq6D95IzjqXcSpx4Cga5bn+YEuAnJQ53PGA5eO+hpz6HDmawTbJlaV/Dufb9bJ/ZZy1DXzs07yWRtTEY54/X ian@iankelling.org
EOF
-
-# todo update this and hostname depending on host
+# https://tools.bitfolk.com/wiki/IPv6
cat >/etc/network/interfaces <<EOF
auto lo
iface lo inet loopback
cat >/etc/hostname <<EOF
$host
EOF
+
+# from fai/fai/config/scripts/FAIBASE/10-misc
+
+TIMEZONE=US/Eastern
+echo $TIMEZONE >/etc/timezone
+if [[ -L /etc/localtime ]]; then
+ ln -sf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
+else
+ cp -f /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
+fi
+
+
+echo $0 SUCCESS
destroy
rescue
+
sudo -i
mkdir -p /root/.ssh
chmod 700 /root/.ssh
cat >/root/.ssh/authorized_keys <<'EOF'
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDX42yru/h6r6UDRy/VwVZjcYEmNLG5/SUjv7xwu43OaW0wL+uHYg2rkfn4Ygh5o1I5pgBh2SWg8TeWuVGhgL1SCuBzzeai/+58Sny065Qak+D2WjVOuRonRelh+CBA5EpNZPuiWQkoWdf9NACTBCbS2Zu7r8OOgRqu/ruaDNePlG5+U0Wlpy3oBnpbzQiuSA3AKMW30fsCJtOBjz5qQaiPbYEKJy3AOvtbq10wliKx9TpsTzrq8dKWs7PLhZnzqVCsaq6D95IzjqXcSpx4Cga5bn+YEuAnJQ53PGA5eO+hpz6HDmawTbJlaV/Dufb9bJ/ZZy1DXzs07yWRtTEY54/X ian@iankelling.org
EOF
+
apt update
-apt -y install openssh-server
+if [[ -e /usr/sbin/sshd ]]; then
+ systemctl restart ssh
+else
+ apt -y install openssh-server
+fi
##### in another terminal ######
-host=je
-scp /b/ds/bitfolk* root@$host.b8.nz:
-ssh root@$host ./bitfolk-rescue-install $host
+h=bk
+
+scp -pr --chown=root:root /p/c/machine_specific/$h/filesystem/etc/ssh/ root@$h.b8.nz:/etc/ssh
+
+scp /b/ds/bitfolk* root@$h.b8.nz:
+
+# initially saved via:
+# mkc /p/c/machine_specific/$h/filesystem/etc/ssh/
+# rsync -a root@$h:/etc/ssh/ssh_host* .
+ssh root@$h ./bitfolk-rescue-install $h
### back to the 1st terminal
-poweroff
boot
-# press ctrl ]
+# after boot, press ctrl ]
exit
-jepush
-# todo: lets copy the host keys around so we dont have to do this.
-khfix je
-sl root@je /a/bin/ds/distro-begin
+h=bk
+${h}push
+sl root@$h /a/bin/ds/distro-begin
-# todo, fix it so i can ssh to
-sl je /a/bin/ds/distro-begin
-sl je /a/bin/ds/distro-end
+sl $h /a/bin/ds/dall
host=$1
cp /root/bitfolk-chroot-install /mnt
+mkdir -p /mnt/etc/ssh
+cp -a /etc/ssh/ssh_host* /mnt/etc/ssh
chroot . /bitfolk-chroot-install $host
poweroff
-boot
#!/bin/bash
+# usage: $0 [restore]
+
if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
;;
esac
+# last checked 2022-03 version 23
+# https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html
if $restore; then
set -x
for ncdir in /var/www/ncexpertpath /var/www/ncninja; do
ncbase=${ncdir##*/}
ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on ||: # might not be running
- rsync -ra /p/bkbackup/$ncbase/ root@$host:$ncdir || ret=$?
+ rsync -ravhi --numeric-ids /p/bkbackup/$ncbase/ root@$host:$ncdir || ret=$?
# https://docs.nextcloud.com/server/20/admin_manual/configuration_server/occ_command.html#maintenance-commands-label
ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:data-fingerprint
- ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on
+ ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --off
done
- rsync -ravi /p/bkbackup/m root@$host:/
+ # the dovecot thing is not needed afaik, just a good practice.
+ ssh root@$host systemctl stop dovecot
+ rsync -ravi --numeric-ids /p/bkbackup/m root@$host:/
+ ssh root@$host systemctl start dovecot
exit 0
fi
if [[ $HOSTNAME == $MAIL_HOST ]]; then
mkdir -p /p/bkbackup
for ncdir in /var/www/ncexpertpath /var/www/ncninja; do
- if [[ ! -d $ncdir ]]; then
- continue
- fi
ncbase=${ncdir##*/}
mkdir -p /p/bkbackup/$ncbase
ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on
- rsync -ra --exclude=testignore --delete root@$host:$ncdir/{config,data,themes} /p/bkbackup/$ncbase || ret=$?
+ rsync --numeric-ids -ra --delete root@$host:$ncdir/{config,data,themes} /p/bkbackup/$ncbase || ret=$?
ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --off
if (( ret )); then
echo "$0: error: failed rsync $ncdir"
ret=1
fi
done
- rsync -ra --delete root@$host:/m /p/bkbackup
+ rsync --numeric-ids -ra --delete root@$host:/m /p/bkbackup
fi
exit $ret
}
-
sd() {
sudo dd status=none of="$1"
}
s service $2 $1
fi
}
+serstat() {
+ systemctl -n 40 status "$@"
+}
+
seru() { systemctl --user "$@"; }
# like restart, but do nothing if its not already started
srestart() {
if [[ $- == *i* ]]; then
+
+ case $HOSTNAME in
+ bk|je|li)
+ if [[ $EUID == 1000 ]]; then
+ system-status _ ||:
+ fi
+ ;;
+ esac
+
+
# this needs to come before next ps1 stuff
# this stuff needs bash 4, feb 2009,
# old enough to no longer condition on $BASH_VERSION anymore
sdnbash() { # systemd namespace bash
local unit=$1
- m sudo nsenter -t $(systemctl show --property MainPID --value $unit') -n -m sudo -u $USER -i bash
+ m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash
}
mailnnbash() {
- m sudo nsenter -t $(systemctl show --property MainPID --value mailnn') -n -m sudo -u $USER -i bash
+ m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash
}
mailvpnbash() {
m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
}
eximbash() {
- m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
+ local pid
+ pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1)
+ if [[ ! $pid ]]; then
+ echo "eximbash: failed to find exim pid. systemctl -n 30 status exim4:"
+ systemctl status exim4
+ fi
+ m sudo nsenter -t $pid -n -m
}
spamnn() {
local spamdpid
sudo systemd-tty-ask-password-agent
}
-ufix() {
+fixu() {
ls -lad /run/user/1000
s chmod 700 /run/user/1000; s chown iank.iank /run/user/1000
}
--- /dev/null
+#!/bin/bash
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
+readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_dir="${this_file%/*}"
+cd "$this_dir"
+./distro-begin
+./distro-end
/^127\.0\.1\.1/d
EOF
-if bitfolk; then
- sudo systemctl disable systemd-networkd
-fi
-
##### exit first stage if running as root
if [[ $EUID == 0 ]]; then
+ if [[ ! -e /home/iank/.ssh/authorized_keys && ! -L /home/iank/.ssh/authorized_keys ]]; then
+ sudo -u iank mkdir -p /home/iank/.ssh
+ chmod 0700 /home/iank/.ssh
+ sudo -u iank ln -sf /p/c/machine_specific/vps/subdir_files/.ssh/authorized_keys /home/iank/.ssh
+ fi
echo "$0: running as root. exiting now that users are setup"
exit 0
fi
case $HOSTNAME in
bk)
sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf
+ soff systemd-resolved
+ ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
+ sgo bind9
+ # cautious measure to make sure bind is up
+ sleep 1
;;
*)
# default is
;;
esac
-
+if bitfolk; then
+ sudo systemctl disable systemd-networkd
+fi
##### setup email
primary-setup
# nfs server
pi-nostart nfs-kernel-server
+# todo, this is old, probably needs removing
if [[ $HOSTNAME == tp ]]; then
sd /etc/wireguard/wg0.conf <<EOF
[Interface]
- targets:
- kdwg:9101
- sywg:9101
- # - frodo:9101
- - kwwg:9101
- - x3wg:9101
+ - kwwg:9101
+ - x3wg:9101
# - x2wg:9101
+# - frodo:9101
# there is also the absent() function, but i didnt see a way to make that work
- alert: mysers_units_missing
expr: |-
- count(up{job="node"}) by (instance) * 3 unless count(node_systemd_unit_state{name=~"(systemstatus|btrfsmaintstop|dynamicipupdate).service",state="active"}) by (instance)
+ count(up{job="node"} == 1) by (instance) * 3 unless
+ count(node_systemd_unit_state{name=~"(systemstatus|btrfsmaintstop|dynamicipupdate).service",state="active"}) by (instance)
+ for: 20m
+ labels:
+ severity: warn
+
+ - alert: epanicclean_not_active
+ expr: |-
+ node_systemd_unit_state{name="epanicclean.service",state="active"} != 1
+ for: 20m
+ labels:
+ severity: warn
+
+ - alert: epanicclean_missing
+ expr: |-
+ count(up{job=~"node|tlsnode"} == 1) by (instance) unless
+ count(node_systemd_unit_state{job=~"node|tlsnode",name="epanicclean.service",state="active"}) by (instance)
for: 20m
labels:
severity: warn
labels:
severity: day
+ - alert: mailtest_check_vps
+ expr: |-
+ time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 12
+ labels:
+ severity: day
+ annotations:
+ summary: '12 minutes down'
+
+ # 42 mins: enough for a 30 min queue run plus 12
+ - alert: mailtest_check_vps
+ expr: |-
+ time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 42
+ labels:
+ severity: prod
+ annotations:
+ summary: '42 minutes down'
- - alert: mailtest_check
+ - alert: mailtest_check_mailhost
expr: |-
- time() - mailtest_check_last_usec > 60 * 12
+ time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 12
labels:
severity: day
annotations:
summary: '12 minutes down'
# 42 mins: enough for a 30 min queue run plus 12
- - alert: mailtest_check
+ - alert: mailtest_check_mailhost
expr: |-
- time() - mailtest_check_last_usec > 60 * 42
+ time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 42
labels:
severity: prod
annotations:
- summary: '43 minutes down'
+ summary: '42 minutes down'
+
- alert: 1pmtest
expr: hour() == 17 and minute() < 5
summary: Prometheus daily test alert
-
-# alternate expression, to calculate if the alert would have fired is:
+#### Inhibit notes ####
+## Example of expressions to detect if the target_down alert
+# fired in the last 24 hours. Initially, I thought his could
+# be an alert which inhibits up_resets, but eventually I figured
+# that doesn't make much sense, and the idea of using an alert
+# that is not an indication of something wrong, only inhibits another
+# alert, I think works better to integrate directly into the
+# alert it would inhibit, this may mean a recording rule. That avoids
+# an alert we have to ignore or filter out.
+#
+# Alternate expression, to calculate if the alert would have fired is:
# min_over_time(sum_over_time(up[30m])[1d:]) == 0
# where 30m matches the for: time in target_down
#
-# sum_over_time is not needed, just convenience for graphing
- - alert: target_down_inhibitor
- expr: |-
- sum_over_time(ALERTS{alertname="target_down"}[1d])
- labels:
- severity: ignore
- annotations:
- summary: alert that indicates target_down alert fired in the last day
- description: "VALUE = {{ $value }}"
+# Note: for graphing, surround in the expression in sum_over_time()
+# ALERTS{alertname="target_down",alertstate="firing"}[1d]
+#### end Inhibit notes ####
-# For targets where we alert except for longer downtimes, we
+
+# For targets where we alert only on long downtimes, we
# still want to know if it is going down many times for short times over
# a long period of time. But ignore reboots.
#
# avg_over_time(node_systemd_unit_state{name="dynamicipupdate.service",state="active"}[1d]) < .95
- alert: up_resets
expr: |-
- resets(up[3d]) - changes(node_boot_time_seconds[3d]) > 15
+ resets(up[2d]) - changes(node_boot_time_seconds[2d]) > 12
labels:
severity: warn
annotations:
- summary: "Target has gone down {{ $value }} times in 3 days, > 15"
-
+ summary: "Target has gone down {{ $value }} times in 2 days, > 12"
# https://awesome-prometheus-alerts.grep.to/rules
-
# todo, we should probably group the prometheus alerts that indicate a
# host-local problem.
# eg, set a label alert-group: local-prom, then make a receiver that
[Service]
Type=simple
-ExecStart=/usr/local/bin/sysd-mail-once -3 epanic-clean /usr/local/bin/epanic-clean
+ExecStart=/usr/local/bin/epanic-clean
Restart=always
RestartSec=600
+++ /dev/null
-#!/bin/sh
-# using bin/sh for speed since the script is very simpl.e
-
-# these system76 systems have garbled display with konsole
-# and some other apps like mumble. something about the intel
-# graphics i think.
-case $HOSTNAME in
- sy|bo)
- exec sakura "$@"
- ;;
- *)
- exec konsole "$@"
- ;;
-esac
bindsym $mod+Shift+m border toggle
bindsym $mod+j exec emacsclient -c
-bindsym $mod+k exec myterm
+bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
# note default is 27% on my system76. not sure if these
# keybinds will screw up other laptop brightness keys.
--- /dev/null
+# https://forums.linuxmint.com/viewtopic.php?f=208&t=224942#p1197049
+# prevents konsole from being borderline unusable on system76 intel graphics + i3
+Section "Device"
+ Identifier "Intel Graphics"
+ Driver "intel"
+ Option "TearFree" "true"
+EndSection
$MAIL_HOST|bk)
local_mx=mail.iankelling.org
# ||: is to allow for temporary connection issues.
- rsync ${opt[@]} -ogtL --chown=root:Debian-exim --chmod=640 \
+ rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# todo: add a prometheus alert for dovecot.
+
# todo: handle errors like this:
# Mar 02 12:44:26 kw systemd[1]: exim4.service: Found left-over process 68210 (exim4) in control group while starting unit. Ignoring.
# Mar 02 12:44:26 kw systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
# todo: run mailping test after running, or otherwise
# clear out terminal alert
-# todo: reinstall bk with bigger filesystem
-
# todo: on bk, dont send email if mailvpn is not up
# todo: mailtest-check should check on bk too
fi
# light version of exim does not have sasl auth support.
-pi-nostart exim4 exim4-daemon-heavy spamassassin openvpn unbound clamav-daemon wireguard
+pi-nostart exim4 exim4-daemon-heavy spamassassin unbound clamav-daemon wireguard
# note: pyzor debian readme says you need to run some initialization command
# but its outdated.
pi spf-tools-perl p0f postgrey pyzor razor jq moreutils certbot fail2ban
+case $HOSTNAME in
+ je) : ;;
+ # not included due to using wireguard: openvpn
+ *) pi wget git unzip iptables ;;
+esac
# bad packages that sometimes get automatically installed
pu openresolv resolvconf
i /etc/systemd/system/wg-quick@wgmail.service.d/override.conf <<EOF
[Unit]
Requires=mailnn.service
-After=network.target mailnn.service
JoinsNamespaceOf=mailnn.service
BindsTo=mailnn.service
StartLimitIntervalSec=0
# NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
m /a/exe/vpn-mk-client-cert -b mailclient -n mail li.iankelling.org
fi
-case $HOSTNAME in
- bk)
- if [[ ! -e /etc/openvpn/client/mail.conf ]]; then
- echo "$0: error: first, on a system with /p/c/filesystem, run mail-setup, or the vpn-mk-client-cert line above this err" 2>&2
- exit 1
- fi
- ;;
-esac
+
+# With openvpn, I didn't get around to persisting the openvpn
+# cert/configs into /p/c/machine_specific/bk, so I had this case to
+# manually get the cert. However, we aren't using openvpn anymore, so it
+# is commented out.
+#
+# case $HOSTNAME in
+# bk)
+# if [[ ! -e /etc/openvpn/client/mail.conf ]]; then
+# echo "$0: error: first, on a system with /p/c/filesystem, run mail-setup, or the vpn-mk-client-cert line above this err" 2>&2
+# exit 1
+# fi
+# ;;
+# esac
m rsync -aiSAX --chown=root:root --chmod=g-s /a/bin/ds/mail-cert-cron /usr/local/bin
-----END DH PARAMETERS-----
EOF
{
+
if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
cat <<'EOF'
ssl_cert = </etc/exim4/fullchain.pem
ssl_key = </etc/exim4/privkey.pem
EOF
else
+ # We have a lets encrypt hooks that puts things here.
+ # This is just for bk, which uses the vpn cert in exim
+ # for sending mail, but the local hostname cert for
+ # dovecot.
cat <<'EOF'
ssl_cert = </etc/exim4/exim.crt
ssl_key = </etc/exim4/exim.key
EOF
fi
+
cat <<'EOF'
# https://ssl-config.mozilla.org
ssl = required
#### begin dl roundcube
# note, im r2e subbed to https://github.com/roundcube/roundcubemail/releases.atom
v=1.4.13; f=roundcubemail-$v-complete.tar.gz
- cd /a/opt
+ cd /root
if [[ -e $f ]]; then
timestamp=$(stat -c %Y $f)
else
fwrite(STDOUT, ";\n");
EOF
m php tmp.php >config.php
- m rm tmp.php
+ m rm -f tmp.php
m sudo -u www-data php $ncdir/occ maintenance:update:htaccess
list=$(sudo -u www-data php $ncdir/occ --output=json_pretty app:list)
# user_external not compaible with nc 23
EOF
fi
EOFOUTER
+ chmod +x /usr/local/bin/ncup
mkdir -p /var/www/cron-errors
chown www-data.www-data /var/www/cron-errors
i /etc/cron.d/$ncbase <<EOF
-PATH=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/bin
+PATH=/usr/sbin:/sbin:/usr/bin:/bin:/usr/local/bin
SHELL=/bin/bash
# https://docs.nextcloud.com/server/20/admin_manual/configuration_server/background_jobs_configuration.html
*/5 * * * * www-data php -f $ncdir/cron.php --define apc.enable_cli=1 |& log-once nccron
;;
*)
dirs=()
- for d in /d /m /media /mnt /nocow /o /p /q; do
+ for d in /a /d /m /media /mnt /nocow /o /p /q; do
if [[ -d $d ]]; then
dirs+=($d)
fi
m systemctl daemon-reload
fi
+sysd-prom-fail-install epanicclean
m systemctl --now enable epanicclean
case $HOSTNAME in
sre mailcert.timer
case $HOSTNAME in
- bk)
- # todo, this should be done in distro-begin
- soff systemd-resolved
- ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
- ;;&
$MAIL_HOST|bk)
m systemctl --now enable mailnn mailnnroute
;;&
case $HOSTNAME in
- $MAIL_HOST|bk|je) : ;;
+ $MAIL_HOST|bk|je|li)
+ # on li, these are never started, except $vpnser
+ :
+ ;;
*)
soff radicale mailclean.timer dovecot spamassassin $vpnser mailnn clamav-daemon
;;
cat >/etc/cron.d/mailtest <<EOF
SHELL=/bin/bash
PATH=/usr/bin:/bin:/usr/local/bin
-MAILTO=daylerts@iankelling.org
+MAILTO=daylert@iankelling.org
*/5 * * * * $u send-test-forward |& log-once send-test-forward
*/10 * * * * root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod
*/5 * * * * root timeout 290 mailtest-check slow |& log-once -4 mailtest-check
# if a bounce happened yesterday, dont let it slip through the cracks
-8 1 * * * root export MAILTO=alerts@iankelling.org; awk '\$5 == "**"' /var/log/exim4/mainlog.1
+8 1 * * * root export MAILTO=alerts@iankelling.org; [[ -s /var/log/exim4/mainlog.1 ]] && awk '\$5 == "**"' /var/log/exim4/mainlog.1
EOF
m sudo rsync -ahhi --chown=root:root --chmod=0755 \
/b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
cat >/usr/local/bin/send-test-forward <<'EOF'
#!/bin/bash
olds=(
-$(/sbin/exiqgrep -o 260 -i -r '^(testignore@(iankelling\.org|zroe\.org|expertpathologyreview\.com|amnimal\.ninja|je\.b8\.nz)|jtuttle@gnu\.org)$')
+$(/usr/sbin/exiqgrep -o 260 -i -r '^(testignore@(iankelling\.org|zroe\.org|expertpathologyreview\.com|amnimal\.ninja|je\.b8\.nz)|jtuttle@gnu\.org)$')
)
if (( ${#olds[@]} )); then
- /sbin/exim -Mrm "${olds[@]}" >/dev/null
+ /usr/sbin/exim -Mrm "${olds[@]}" >/dev/null
fi
EOF
for test_from in ${test_froms[@]}; do
# packages with the same name across distros.
p1=(
+ bind9-host
cryptsetup
lvm2
mbuffer
htop
iptables
mailutils
+ nano
nmon
needrestart
ntp
fi
chown -R root:root /root/.ssh
-rsync -t --chmod=755 --chown=root:root /a/bin/ds/hssh /usr/local/bin
+rsync -tp --chmod=755 --chown=root:root /a/bin/ds/hssh /usr/local/bin
if [[ -e /a/opt/btrbk/ssh_filter_btrbk.sh ]]; then
install /a/opt/btrbk/ssh_filter_btrbk.sh /usr/local/bin
bindsym $mod+Shift+m border toggle
bindsym $mod+j exec emacsclient -c
-bindsym $mod+k exec myterm
+bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
# note default is 27% on my system76. not sure if these
# keybinds will screw up other laptop brightness keys.
bindsym $mod+Shift+m border toggle
bindsym $mod+j exec emacsclient -c
-bindsym $mod+k exec myterm
+bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
# note default is 27% on my system76. not sure if these
# keybinds will screw up other laptop brightness keys.
if [ -z "$BASH_VERSION" ]; then echo "error: shell is not bash" >&2; exit 1; fi
+if [[ $EUID != 1000 ]]; then
+ echo "$0: error, expected to be user 1000"
+ exit 1
+fi
+
source /a/bin/errhandle/err
status_file=/dev/shm/iank-status
printf "%s\n" "$*"
fi
}
+p() { printf "%s\n" "$*"; }
# log-once COUNT NAME [MESSAGE]
lo() {
if type -p ifne &>/dev/null; then
write-status() {
chars=("${first_chars[@]}")
-
services=( epanicclean )
case $HOSTNAME in
bk|je|li) : ;;
btrfsmaintstop
dynamicipupdate
)
+ bads=()
+ if systemctl show -p SubState --value ${services[@]} | egrep -v '^(running|)$' &>/dev/null; then
+ for s in ${services[@]}; do
+ if [[ $(systemctl show -p SubState --value $s 2>&1) != running ]]; then
+ bads+=($s)
+ fi
+ done
+ chars+=(MYSERS)
+ fi
+ p ${bads[*]} | lo -240 mysers
;;
esac
- bads=()
- if systemctl show -p SubState --value ${services[@]} | egrep -v '^(running|)$' &>/dev/null; then
- for s in ${services[@]}; do
- if [[ $(systemctl show -p SubState --value $s 2>&1) != running ]]; then
- bads+=($s)
- fi
- done
- chars+=(MYSERS)
-
- fi
- lo -240 mysers ${bads[*]}
-
- services=(
- prometheus-node-exporter
- prometheus-alertmanager
- prometheus
- )
case $HOSTNAME in
kd)
+ services=(
+ prometheus-node-exporter
+ prometheus-alertmanager
+ prometheus
+ )
bads=()
if systemctl show -p SubState --value ${services[@]} | egrep -v '^(running|)$' &>/dev/null; then
for s in ${services[@]}; do
done
chars+=(PROM)
fi
- lo -240 prom ${bads[*]}
+ p ${bads[*]} | lo -240 prom
;;
esac
- # clock us out in timetrap if are idle too long
- if [[ -e /p/.timetrap.db ]]; then
- export DISPLAY=:0
- if type -p xprintidle &>/dev/null && xidle=$(xprintidle 2>/dev/null); then
- if [[ $xidle == [0-9]* ]]; then
- sheet=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;")
- idle=300000
- if [[ $sheet == w ]]; then
- idle=900000
- fi
- if [[ $sheet && $xidle -gt $idle ]]; then
- timetrap out
- fi
+
+ if [[ -e /a/bin/bash_unpublished/source-state ]]; then
+ # /a gets remounted due to btrbk, ignore error code for file doesnt exist
+ source /a/bin/bash_unpublished/source-state || [[ $? == 1 ]]
+ fi
+ if [[ $MAIL_HOST == "$HOSTNAME" ]]; then
+
+ bouncemsg=
+ glob=(/m/md/bounces/new/*)
+ if [[ -e ${glob[0]} ]]; then
+ chars+=(BOUNCE)
+ bouncemsg="message in /m/md/bounces/new"
+ fi
+ p $bouncemsg | loday -1 bounce
+ # emails without the S (seen) flag. this only checks the last flag,
+ # but its good enough for me.
+ glob=(/m/md/alerts/{new,cur}/!(*,S))
+ if [[ -e ${glob[0]} ]]; then
+ chars+=(A)
+ fi
+
+ glob=(/m/md/daylert/{new,cur}/!(*,S))
+ if [[ -e ${glob[0]} ]]; then
+ chars+=(DAY)
+ fi
+
+ bbkmsg=
+ if [[ $(systemctl is-active btrbk.timer) != active ]]; then
+ chars+=(BTRBK.TIMER)
+ bbkmsg="not enabled"
+ fi
+ p "$bbkmsg" | lo -480 btrbk.timer
+
+ ## check if last snapshot was within an hour
+ vol=o
+ # this section generally copied from btrbk scripts, but
+ # this part modified to speed things up by about half a second.
+ # I'm not sure if its quite as reliable, but it looks pretty safe.
+ # Profiled it using time and also adding to the top of the file:
+ # set -x
+ # PS4='+ $(date "+%2N") '
+ # allow failure in case there are no snapshots yet.
+ # shellcheck disable=SC2012
+ shopt -u nullglob
+ files=(/mnt/root/btrbk/$vol.20*)
+ shopt -s nullglob
+ snaps=()
+ if (( ${#files[@]} )); then
+ snaps=($(ls -1avdr "${files[@]}" 2>/dev/null |head -n1 || : ))
+ fi
+ now=$(date +%s)
+ maxtime=0
+ for s in ${snaps[@]}; do
+ file=${s##*/}
+ t=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${file#$vol.}) +%s)
+ if (( t > maxtime )); then
+ maxtime=$t
fi
+ done
+ snapshotmsg=
+ if (( maxtime < now - 4*60*60 )); then
+ chars+=(OLD-SNAP)
+ snapshotmsg="/o snapshot older than 4 hours"
fi
- fi
+ p "$snapshotmsg" | lo -1 old-snapshot
+
+
+ # commented out, only using timetrap retrospectively.
+ # # clock us out in timetrap if are idle too long
+ # if [[ -e /p/.timetrap.db ]]; then
+ # export DISPLAY=:0
+ # if type -p xprintidle &>/dev/null && xidle=$(xprintidle 2>/dev/null); then
+ # if [[ $xidle == [0-9]* ]]; then
+ # sheet=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;")
+ # idle=300000
+ # if [[ $sheet == w ]]; then
+ # idle=900000
+ # fi
+ # if [[ $sheet && $xidle -gt $idle ]]; then
+ # timetrap out
+ # fi
+ # fi
+ # fi
+ # fi
+ fi
if ip l show tunfsf &>/dev/null; then
# this is for tracking dns over tls issue, which
if [[ $(find /var/mail -type f \! -empty -print -quit) ]]; then
var_mail_msg="message in /var/mail"
fi
- loday -1 var_mail $var_mail_msg
-
- bouncemsg=
- glob=(/m/md/bounces/new/*)
- if [[ -e ${glob[0]} ]]; then
- chars+=(BOUNCE)
- bouncemsg="message in /m/md/bounces/new"
- fi
- loday -1 bounce $bouncemsg
- # emails without the S (seen) flag. this only checks the last flag,
- # but its good enough for me.
- glob=(/m/md/alerts/{new,cur}/!(*,S))
- if [[ -e ${glob[0]} ]]; then
- chars+=(A)
- fi
-
- glob=(/m/md/daylert/{new,cur}/!(*,S))
- if [[ -e ${glob[0]} ]]; then
- chars+=(DAY)
- fi
+ p $var_mail_msg | loday -1 var_mail
tmp=(/var/local/cron-errors/mailtest-check*)
case $HOSTNAME in
# No point in emailing about the mailq on a host where we don't
# check email.
- $MAIL_HOST|bk)
- loday -120 qlen $qmsg
+ $MAIL_HOST)
+ p $qmsg | loday -120 qlen
;;
esac
# leave it up to epanic-clean to send email notification
fi
- if [[ -e /a/bin/bash_unpublished/source-state ]]; then
- # /a gets remounted due to btrbk, ignore error code for file doesnt exist
- source /a/bin/bash_unpublished/source-state || [[ $? == 1 ]]
- fi
- if [[ $MAIL_HOST == "$HOSTNAME" ]]; then
- bbkmsg=
- if [[ $(systemctl is-active btrbk.timer) != active ]]; then
- chars+=(BTRBK.TIMER)
- bbkmsg="not enabled"
- fi
- lo -480 btrbk.timer $bbkmsg
-
- ## check if last snapshot was within an hour
- vol=o
- # this section generally copied from btrbk scripts, but
- # this part modified to speed things up by about half a second.
- # I'm not sure if its quite as reliable, but it looks pretty safe.
- # Profiled it using time and also adding to the top of the file:
- # set -x
- # PS4='+ $(date "+%2N") '
- # allow failure in case there are no snapshots yet.
- # shellcheck disable=SC2012
- shopt -u nullglob
- files=(/mnt/root/btrbk/$vol.20*)
- shopt -s nullglob
- snaps=()
- if (( ${#files[@]} )); then
- snaps=($(ls -1avdr "${files[@]}" 2>/dev/null |head -n1 || : ))
- fi
- now=$(date +%s)
- maxtime=0
- for s in ${snaps[@]}; do
- file=${s##*/}
- t=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${file#$vol.}) +%s)
- if (( t > maxtime )); then
- maxtime=$t
- fi
- done
- snapshotmsg=
- if (( maxtime < now - 4*60*60 )); then
- chars+=(OLD-SNAP)
- snapshotmsg="/o snapshot older than 4 hours"
- fi
- lo -1 old-snapshot $snapshotmsg
- fi
-
if [[ ! -e $status_file || -w $status_file ]]; then
if [[ -e /a/bin/bash_unpublished/source-state ]]; then
cat /a/bin/bash_unpublished/source-state >$status_file
echo "ps_char=\"${chars[*]} \$ps_char\"" >>$status_file
fi
fi
-
}
# use this if we want to do something just once per minute
first_chars=()
iankelling.org / git / distro-setup / commitdiff