various fixes

diff --git a/brc b/brc
index 97f5c34c5a65391ec6dd61e60fe0c97a719820b6..a00bb8d747eef173e5b45869d5eccf80f432c5e0 100644 (file)
--- a/brc
+++ b/brc
@@ -2813,7 +2813,7 @@ serj() {
   tmpstr=$(jobs 2>/dev/null)
   mapfile -t jobs_out <<<"$tmpstr"
   found_job=false
-  regex="^[^[:space:]]+[[:space:]]+Running[[:space:]]+ journalctl --since=now -qn2 -f -u $service &"
+  regex="^[^[:space:]]+[[:space:]]+Running[[:space:]]+journalctl --since=now -qn2 -f -u $service &"
   for line in "${jobs_out[@]}"; do
     if [[ $line =~ $regex ]]; then
       found_job=true
@@ -2821,7 +2821,10 @@ serj() {
   done
 
   if ! $found_job; then
-    journalctl --since=now -qn2 -f -u "$service" &
+    # without eval, jobs output will include literal "$service". We
+    # could match that, but then we can run serj on different services
+    # in the same terminal.
+    eval "journalctl --since=now -qn2 -f -u $service &"
     sleep 3
   fi
   if [[ $EUID == 0 ]]; then

diff --git a/brc2 b/brc2
index 8379eabd1cb7779d8ecd8e88de599d07b02903dc..ce21d4f1fe1aeafb495ae948d297650d8f09efbd 100644 (file)
--- a/brc2
+++ b/brc2
@@ -270,9 +270,8 @@ mkschroot() {
     esac
   done
   n=$1
-  shift
-  codename=$1
-  shift
+  codename=$2
+  shift 2
 
   case $codename in
     aramo|ecne|nabia|etiona)
@@ -286,9 +285,11 @@ mkschroot() {
       ;;
   esac
 
-  if ! $force && schroot -l | grep -xFq chroot:$n; then
-    echo "$0: $n schroot already installed, skipping"
-    return 0
+  if ! $force; then
+    if schroot -l | grep -xFq chroot:$n || [[ -s /etc/schroot/chroot.d/$n.conf ]]; then
+      echo "$0: $n schroot already exists, skipping"
+      return 0
+    fi
   fi
   apps=($@)
   if [[ ! $d ]]; then
@@ -5189,7 +5190,7 @@ gwentmp() {
 chro-pull() {
   local pull_host="$1"
   scp -ra --delete iank@$pull_host:.config/chromium /home/iank/.config
-  }
+}
 
 export BASEFILE_DIR=/a/bin/fai-basefiles
 

diff --git a/distro-end b/distro-end
index 4ab5b46c6f6c5a39d3a49ec6b30f2191619a4fd6..a0fcf8808fdd29974ab458113a60ada6c532d883 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -1554,7 +1554,14 @@ case $HOSTNAME in
   $d_host)
     # to persist upload/dl metadata. initially, moved all the stuff
     # in /var/lib/transmission-daemon to /d/tor
-    s usermod --home /d/tor debian-transmission
+
+    transmission_home=$(eval echo ~debian-transmission)
+    if [[ $transmission_home != /d/tor ]]; then
+      if ser is-active transmission-daemon-nn &>/dev/null; then
+        ser stop transmission-daemon-nn
+      fi
+      s usermod --home /d/tor debian-transmission
+    fi
     sgo transmission-daemon-nn
     ;;
   *)
@@ -1602,6 +1609,7 @@ EOF
     fi
     d=$f/.config/transmission-remote-gtk
     sudo -u $u mkdir -p $d
+    d_host_suffix=$(awk '$2 == "'$d_host'" {print $1}' /p/c/host-info)
     # i tried setting hostname to transmission.b8.nz, so i could dynamically change where
     # this connects to, but it said some 421 denied error when I did that. Then it
     # froze X when i ran it under strace. Whatever.
@@ -1610,7 +1618,7 @@ EOF
   "profiles" : [
       {
       "profile-name" : "Default",
-      "hostname" : "10.174.2.2",
+      "hostname" : "10.174.$d_host_suffix.2",
       "rpc-url-path" : "/transmission/rpc",
       "username" : "",
       "password" : "$rpc_pass",
@@ -1977,8 +1985,8 @@ fi
 case $HOSTNAME in
   $d_host)
     # Font awesome is needed for the alertmanager ui.
-    pi prometheus-alertmanager prometheus fonts-font-awesome
-    /a/f/ans/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus
+    pi prometheus-blackbox-exporter prometheus-alertmanager prometheus fonts-font-awesome
+    s /a/f/ans/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus
 
     # make it available for other machines
     rsync -a /usr/local/bin/amtool /a/opt/bin
@@ -2202,27 +2210,6 @@ EOF
 # Remove dep that came in with desktop to fix associations.
 m pu transmission-gtk
 
-f=/home/iank/Videos
-case $HOSTNAME in
-  $d_host)
-    if [[ ! -L $f || $(readlink $f) != /d/vidshare ]]; then
-      fs=($f/*)
-      if (( ${#fs[@]} >= 1 )); then
-        echo "$0: I wanted to make a link $f -> /d/vidshare, but $f is not empty. Please do something with its contents. ll $f:"
-        ll $f
-        exit 1
-      fi
-      lnf -T /d/vidshare $f
-    fi
-    ;;
-  *)
-    if [[ -L $f && $(readlink $f) == /d/vidshare ]]; then
-      rm -f $f
-      mkdir $f
-    fi
-    ;;
-esac
-
 # # Based on guix manual instructions, also added code to profile.
 # # disabled since i'm not using it now.
 # pi nscd

diff --git a/filesystem/etc/apparmor.d/local/transmission-daemon b/filesystem/etc/apparmor.d/local/transmission-daemon
new file mode 100644 (file)
index 0000000..ca4a68a
--- /dev/null
+++ b/filesystem/etc/apparmor.d/local/transmission-daemon
@@ -0,0 +1,2 @@
+owner /d/tor/** rw,
+owner /nocow/user/tor/** rw,

diff --git a/filesystem/etc/systemd/system/navidrome.service b/filesystem/etc/systemd/system/navidrome.service
index a6382315a17802b26d566fe6a5fb6639e885c368..e51224b69fb7c8c328bde4c4a1401ce94e58c96f 100644 (file)
--- a/filesystem/etc/systemd/system/navidrome.service
+++ b/filesystem/etc/systemd/system/navidrome.service
@@ -10,7 +10,7 @@ WantedBy=multi-user.target
 User=iank
 Group=iank
 Type=simple
-ExecStart=/i/navidrome/navidrome --configfile "/i/navidrome/navidrome.toml"
+ExecStart=/i/navidrome/navidrome --nobanner --configfile "/i/navidrome/navidrome.toml"
 WorkingDirectory=/i/navidrome
 TimeoutStopSec=20
 KillMode=process

diff --git a/filesystem/etc/systemd/system/transmission-daemon-nn.service b/filesystem/etc/systemd/system/transmission-daemon-nn.service
index 0d0cd40f86de4d9a261eef1528e12382a5cde4c3..0843fc266076da885c7aa005a83789d896a80eff 100644 (file)
--- a/filesystem/etc/systemd/system/transmission-daemon-nn.service
+++ b/filesystem/etc/systemd/system/transmission-daemon-nn.service
@@ -7,13 +7,21 @@ JoinsNamespaceOf=openvpn-client-tr@client.service
 
 [Service]
 User=debian-transmission
-Type=notify
+# The default is broken due to apparmor it seems
+# https://github.com/transmission/transmission/issues/6991
+#Type=notify
+Type=simple
 ExecStart=/usr/bin/transmission-daemon -f --log-error
 ExecReload=/bin/kill -s HUP $MAINPID
-ExecStop=/bin/kill -s STOP $MAINPID
 PrivateNetwork=true
 Nice=19
 BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
 
+
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+ProtectSystem=true
+PrivateTmp=true
+
 [Install]
 WantedBy=multi-user.target

diff --git a/filesystem/usr/local/bin/switch-mail-host b/filesystem/usr/local/bin/switch-mail-host
index 58a84a7aeb743f2d2085498b74df807723762fce..7165acf2ff808028ada3bb54160c46a37b9cb851 100755 (executable)
--- a/filesystem/usr/local/bin/switch-mail-host
+++ b/filesystem/usr/local/bin/switch-mail-host
@@ -312,7 +312,7 @@ if ! $mail_only; then
 
 # Try to prevent emacs from saving stale data it has in memory to disk. eg: files, recentf list, etc.
 # But if emacs ignores the signal, let it live.
-pkill -xf 'emacs( --daemon| -f znc-all)' ||:
+pkill -xf 'emacs --daemon' ||:
 
 if [[ -e /p/profanity-here ]]; then
   systemctl disable --now profanity

diff --git a/pkgs b/pkgs
index 36281ce365c52338b279cc87811c02f2676a7d69..dc10690c66eec589fcc5102bf934bae7767bf296 100644 (file)
--- a/pkgs
+++ b/pkgs
@@ -139,6 +139,8 @@ p3=(
   duplicity
   elinks
   evince
+  # used by digikam, it complains in stdout if its not there.
+  exiftool
   exim4-doc-html
   exfat-fuse
   # was exfat-utils before aramo
@@ -282,6 +284,7 @@ p3=(
   rygel
   sakura
   schroot
+  secure-delete
   shellcheck
   # for sig2dot
   signing-party