# but meh. dunno why, but just " *" does glob expansion, so use [ ] to avoid it.
HISTIGNORE='pass *:[ ]*:otp *:oathtool *'
-case $EUID in
- 0)
- if [[ ! -e /run/no_root_ssh_agent ]]; then
- export SSH_AGENT_LAUNCHER=openssh SSH_AUTH_SOCK=/run/openssh_agent
- fi
- ;;
-esac
#### begin section that works with sl() function to return from
# noninteractive ssh shells, or tty. tty because often i
# * functions
-
ccomp() { # copy completion
local src=$1
local c
if [[ $EUID != 0 || $1 == -* ]]; then
# shellcheck disable=SC2034
SUDOD="$PWD" command sudo -i "$@"
+ DID_SUDO=true
else
"$@"
fi
command ssh "${args[@]}" "$remote" LC_USEBASHRC=t bash
fi
fi
-
# this function inspired from https://github.com/Russell91/sshrc
}
+
slr() {
sl --rsync "$@"
}
if [[ ! $SSH_CLIENT && $MAIL_HOST != "$HOSTNAME" ]]; then
ps_char="@ $ps_char"
fi
+ # We could test if sudo is active with sudo -nv
+ # but then we get an email and log of lots of failed sudo commands.
+ # We could turn those off, but seems better not to.
+ if [[ $EUID != 0 ]] && [[ $DID_SUDO ]]; then
+ ps_char="SUDO $ps_char"
+ fi
PS1="${PS1%"${PS1#*[wW]}"} \[$ps_color\]$ps_char\[$term_nocolor\] "
# set titlebar. instead, using more advanced
install-my-scripts
# todo: consider changing this to srun and having the args come
# from a file like /etc/default/btrbk, like is done in exim
- jrun btrbk-run "$@"
+ s jrun btrbk-run "$@"
if $active; then
if (( ret )); then
echo bbk: WARNING: btrbk.timer not restarted due to failure
# it does sudo ssh, that will leave a process around that we can't kill
# and it will leave the unit hanging around in a failed state needing manual
# killing of the process.
- m s systemd-run --uid $(id -u) --gid $(id -g) --unit "$cmd_name" --wait --collect "$cmd" "${@:2}" || ret=$?
+ m s systemd-run --uid $(id -u) --gid $(id -g) \
+ -E SSH_AUTH_SOCK=/run/openssh_agent \
+ --unit "$cmd_name" --wait --collect "$cmd" "${@:2}" || ret=$?
# This justs lets the journal output its last line
# before the prompt comes up.
sleep .5
}
sm() {
+ local tmp keyhash
c /
# run latest
+ keyhash=$(s ssh-keygen -lf /root/.ssh/home | awk '{print $2}')
+ tmp=$(s ssh-add -l | awk '$2 == "'$keyhash'"')
+ if [[ ! $tmp ]]; then
+ s ssh-add /root/.ssh/home
+ fi
install-my-scripts
s jrun switch-mail-host "$@"
return $ret
}
mygajim() {
+ local now time time_sec
+ now=$(date +%s)
sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank' and jid_id = 17;" | while read -r time l; do
- echo $(date +%F.%R -d @$time) "$l"; done
+ echo $(date +%F.%R -d @$time) "$l"
+ time_sec=${time%%.*}
+ # only look at the last 18 days. generally just use this for timesheet.
+ if (( time_sec < now - 60 * 60 * 24 * 18 )); then break; fi
+ done
}
net-dev-info() {
if type -P rg &>/dev/null; then
rg() { command rg -L -i -M 300 --no-ignore "$@"; }
- complete -r rg
+#fails if not exist. ignore
+ complete -r rg 2>/dev/null ||:
else
alias rg=grr
fi
fi
;;&
kw|x2|x3|sy)
- if $at_work && ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then
- home=iank.vpn.office.fsf.org
+ if $at_work; then
+ if ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then
+ home=iank.vpn.office.fsf.org
+ else
+ home=i.b8.nz
+ fi
else
home=b8.nz
fi
+# false positive
^/var/lib/nfs/etab \(deleted\)$
+# According to the file, this is a helper that checks if a
+# unattended-upgrade is in progress and waits until it exists.
+# It seems to get hit more often than it should, doesnt seem
+# important to restart.
+^/usr/share/unattended-upgrades/unattended-upgrade-shutdown\(| .*\)$
sudo /usr/sbin/update-initramfs -u -k all
fi
- # initram auth keys get setup with rootsshsync
+ # initram auth keys get setup with rootsshsync later on.
$script_dir/rootsshsync
- # then for remote unlock, ssh and do this once per crypt disk:
+
+ ### To do a remote unlock: ssh and do this once per crypt disk:
# echo -n PASS >/lib/cryptsetup/passfifo
# or for buster+
# cryptroot-unlock
# this needs to be before installing pacserve so we have gpg conf.
conflink
rootsshsync
+if [[ -e /etc/rootsudoenv ]]; then
+ source /etc/rootsudoenv
+fi
###### bash environment setup
set +x
err-catch
$interactive || set -x
-# remove old lines, todo: remove this when all systems are updated. 2021-09-03
-tu /etc/sudoers
-
##### use systemd-resolved for glibc resolutions
pi libnss-resolve
# case $distro in
# esac
+# get sudo pass cached right away
+if ! sudo -nv 2>/dev/null; then
+ sudo -v
+fi
# old repo. remove when all machines updated
sudo rm -fv /etc/apt/sources.list.d/wireguard-ubuntu-wireguard-bionic.list
Pin-Priority: 500
EOF
p install btrfs-progs
- ;;
+ ;;
esac
######### end universal pinned packages ######
### system76 things ###
-# case $HOSTNAME in
-# sy)
-# # note, i stored the initial popos packages at /a/bin/data/popos-pkgs
-# if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
-# # https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
-# sd /etc/apt/sources.list.d/system76.list <<EOF
-# deb http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
-# deb-src http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
-# EOF
-# s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5D1F3A80254F6AFBA254FED5ACD442D1C8B7748B
-# p update
-# sd /etc/apt/preferences.d/system76 <<'EOF'
-# Package: *
-# Pin: release o=LP-PPA-system76-dev-stable
-# Pin-Priority: 1001
-# EOF
-# pi system76-driver
-# fi
-# ;;
-# esac
+case $HOSTNAME in
+ sy)
+ # note, i stored the initial popos packages at /a/bin/data/popos-pkgs
+ if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
+ # https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
+ sd /etc/apt/sources.list.d/system76.list <<EOF
+deb http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
+deb-src http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
+EOF
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5D1F3A80254F6AFBA254FED5ACD442D1C8B7748B
+ p update
+ # https://support.system76.com/articles/install-ubuntu/
+ # but i'm hoping this is not needed
+ # sd /etc/apt/preferences.d/system76 <<'EOF'
+ # Package: *
+ # Pin: release o=LP-PPA-system76-dev-stable
+ # Pin-Priority: 1001
+ # EOF
+ pi system76-driver system76-firmware-cli
+ # if you get a notice about a firmware update, the notifier on i3
+ # is too dumb to do anything when you click it. so to see
+ # a changelog, cd to
+ # /var/cache/system76-firmware-daemon
+ # extract the xz files there, one will contain a changelog.
+ # then to install an update:
+ # s system76-firmware-cli schedule
+ fi
+ ;;
+esac
# ppa:obsproject/obs-studio
if [[ ! -d /etc/apt/sources.list.d/obs.list ]]; then
};
EOF
-# old names, too verbose
-sudo rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot
+# old files
+sudo rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot /etc/cron.d/myupgrade
-sd /etc/cron.d/myupgrade <<'EOF'
-# Setup reboots when running outdated stuff, unattended upgrades happen
-# at 6 am + rand(60 min).
+# myupgrade cron exists in /etc/cron.d/ian
-# default is /bin/sh
-SHELL=/bin/bash
-# default is /usr/bin:/bin
-PATH=/usr/bin:/bin:/usr/local/bin
-0 7 * * * iank myupgrade-iank |& log-once -1 myupgrade
-20 7 * * * root myupgrade |& log-once -1 myupgrade
-# maybe try this again sometime. it needs updating to be like
-# myupgrade.
-#0 * * * * root mycheckrestart |& log-once -1 mycheckrestart
-EOF
##### end automatic upgrades ####
dnsb8
fi
;;&
- bk|je)
+ bk)
+ # i just dont feel like setting up a special purpose ssh key to do this automatically.
+ end_msg <<'EOF'
+# run this once for bk on local machine:
+/a/exe/vpn-mk-client-cert -c bk.b8.nz -b expertpath -n mail li.iankelling.org
+EOF
+ end
+ ;;
+ je)
end
;;
li)
case $codename in
etiona|nabia)
pi arbtt
- seru enable arbtt
- seru start arbtt
+ # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
+ # Failed to connect to bus: No such file or directory
+ lnf -T /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
+ # allow failure
+ seru start arbtt ||:
;;
esac
fi
# its disabled. note: it leaves around dnsmasq instances even
# if you stop it. what the hell systemd?
soff libvirt-guests
-# allow user to run vms, from debian handbook
-for x in iank user2; do s usermod -a -G libvirt,kvm $x; done
+# allow user to run vms, from debian handbook. libvirt-qemu
+# based on https://www.whonix.org/wiki/KVM#First-time_User.3F
+for x in iank user2; do s usermod -a -G libvirt,kvm,libvirt-qemu $x; done
pi --no-install-recommends kdeconnect
sgo dynamicipupdate.timer
+sgo epanicclean.timer
# stop autopoping windows when i plug in an android phone.
pi tor
m /a/bin/buildscripts/tor-browser
+# one root command needed to install
+s ln -sf /a/opt/tor-browser_en-US/Browser/start-tor-browser /usr/local/bin
+
# nfs server
pi-nostart nfs-kernel-server
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
debug=false
if [[ $1 ]]; then
debug=true
fi
-if [[ $EUID != 0 ]]; then
- s=sudo
-fi
-
-if [[ ! -s /var/log/exim4/paniclog ]]; then
- exit 0
-fi
d() {
if $debug; then
printf "%s\n" "$*"
- fi
- }
+ fi
+}
-while read -r service regex; do
- found=false
- wipe=true
- d "$service $regex"
- while read -r d1 d2; do
- d "$d1 $d2"
- found=true
- tmptime=$(date -d "$d1 $d2" +%s)
- # dont consider every matching line, just those in > 60 second intervals
- if [[ ! $logtime ]]; then
- logtime=$tmptime
- elif (( tmptime > logtime + 60 )); then
- logtime=$tmptime
- else
- continue
- fi
- sec_min=$((logtime - 60))
- sec_max=$((logtime + 60))
- jmin="$(date -d @$sec_min "+%F %H:%M:%S")"
- jmax="$(date -d @$sec_max "+%F %H:%M:%S")"
- description=$(systemctl cat $service | sed -rn 's/^ *Description=(.*)/\1/p')
- jrregex="^Starting $description"
- if [[ $service == spamassassin ]]; then
- jrregex+="\|^spamd: restarting"
- fi
- d "jrregex=$jrregex jmin=$jmin jmax=$jmax"
- # the sed clears out the initial time and process+pid
- if ! journalctl -u $service -S "$jmin" -U "$jmax" \
- | sed -r 's/^([^[:space:]]*[[:space:]]+){5}//' | grep "$jrregex" &>/dev/null; then
- wipe=false
- break
- fi
- done < <(awk "/$regex/ "'{print $1,$2}' /var/log/exim4/paniclog)
- if $found && $wipe; then
- d "wiping $regex"
- if [[ ! -w /var/log/exim4/paniclog-archive ]]; then
- $s touch /var/log/exim4/paniclog-archive
- $s chgrp adm /var/log/exim4/paniclog-archive
- $s chmod 664 /var/log/exim4/paniclog-archive
- fi
- grep -E "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive
- $s sed -ri "/$regex/d" /var/log/exim4/paniclog
+main() {
+ if [[ ! -s /var/log/exim4/paniclog ]]; then
+ return 0
fi
-done <<'EOF'
+ while read -r service regex; do
+ found=false
+ wipe=true
+ d "$service $regex"
+ while read -r d1 d2; do
+ d "$d1 $d2"
+ found=true
+ tmptime=$(date -d "$d1 $d2" +%s)
+ # dont consider every matching line, just those in > 60 second intervals
+ if [[ ! $logtime ]]; then
+ logtime=$tmptime
+ elif (( tmptime > logtime + 60 )); then
+ logtime=$tmptime
+ else
+ continue
+ fi
+ sec_min=$((logtime - 60))
+ sec_max=$((logtime + 60))
+ jmin="$(date -d @$sec_min "+%F %H:%M:%S")"
+ jmax="$(date -d @$sec_max "+%F %H:%M:%S")"
+ description=$(systemctl cat $service | sed -rn 's/^ *Description=(.*)/\1/p')
+ jrregex="^Starting $description"
+ if [[ $service == spamassassin ]]; then
+ jrregex+="\|^spamd: restarting"
+ fi
+ d "jrregex=$jrregex jmin=$jmin jmax=$jmax"
+ # the sed clears out the initial time and process+pid
+ if ! journalctl -u $service -S "$jmin" -U "$jmax" \
+ | sed -r 's/^([^[:space:]]*[[:space:]]+){5}//' | grep "$jrregex" &>/dev/null; then
+ wipe=false
+ break
+ fi
+ done < <(awk "/$regex/ "'{print $1,$2}' /var/log/exim4/paniclog)
+ if $found && $wipe; then
+ d "wiping $regex"
+ if [[ ! -w /var/log/exim4/paniclog-archive ]]; then
+ touch /var/log/exim4/paniclog-archive
+ chgrp adm /var/log/exim4/paniclog-archive
+ chmod 664 /var/log/exim4/paniclog-archive
+ fi
+ grep -E "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive
+ sed -ri "/$regex/d" /var/log/exim4/paniclog
+ fi
+ done <<'EOF'
clamav-daemon malware acl condition
spamassassin spam acl condition
EOF
+}
+
+if [[ $INVOCATION_ID ]]; then
+ # this is to prevent systemd from filling up the journal
+ for (( runcount=0; runcount < 100; runcount++ )); do
+ main
+ sleep 30
+ done
+else
+ main
+fi
+# default is /bin/sh
SHELL=/bin/bash
-PATH=/usr/bin:/bin:/usr/local/bin:/a/exe
+# default is /usr/bin:/bin
+PATH=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/bin:/a/exe
MAILTO=root
*/10 * * * * root rootsshsync |& log-once -15 rootsshsync
# If theres any logged errors we didnt handle in 4 days, maybe we accidentally missed them,
4 9 * * 5 root /a/bin/ds/check-stale-alerts
4 15 * * 5 iank /a/bin/ds/mailclean
14 * * * * root /a/bin/ds/bk-backup |& log-once -24 bk-backup
+0 7 * * * iank failmail myupgrade-iank
+20 7 * * * root myupgrade |& log-once -1 myupgrade
+# maybe try this again sometime. it needs updating to be like
+# myupgrade.
+#0 * * * * root mycheckrestart |& log-once -1 mycheckrestart
fi
fi
# and it seems that if we log into mate, it screws up the systemd env var anyways.
-_tmp=$(pgrep -a '^ssh-agent$' | sed -r 's/.*-a *([^ ]+).*/\1/')
-if test "_$tmp" && [ "$_tmp" != "$SSH_AUTH_SOCK" ]; then
- export SSH_AUTH_SOCK="$_tmp"
-fi
+for _file in $(pgrep -a '^ssh-agent$' | sed -r 's/.*-a *([^ ]+).*/\1/'); do
+ if test -O "$_file"; then
+ export SSH_AUTH_SOCK="$_file"
+ break
+ fi
+done
# background:
--- /dev/null
+[Unit]
+Description=epanic-clean
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/sysd-mail-once -3 epanic-clean /usr/local/bin/epanic-clean
--- /dev/null
+[Unit]
+Description=epanic-clean
+
+[Timer]
+# for initial run. required.
+OnActiveSec=10
+# for subsequent runs.
+OnUnitInactiveSec=30
+
+[Install]
+WantedBy=timers.target
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+# Note: running this inside a cronjob, it wont mail any output if we end
+# up rebooting from this script.
+
if [ -z "$BASH_VERSION" ]; then echo "error: shell is not bash" >&2; exit 1; fi
source /usr/local/lib/err
pre="${0##*/}:"
+PATH="/sbin:$PATH"
m() { printf "$pre %s\n" "$*"; "$@"; }
e() { printf "$pre %s\n" "$*"; }
err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
"$@" |& systemd-cat -t myupgrade
}
+## temporary
+case $HOSTNAME in
+ kd)
+ exit 0
+ ;;
+esac
if checkrestart -b /a/bin/ds/checkrestart-blacklist -p -t &>/dev/null; then
exit 0
hn=$(hostname -f)
-l() {
- "$@" |& systemd-cat -t myupgrade-iank
-}
-l /a/bin/buildscripts/rust
+/a/bin/buildscripts/rust
has_x=false
for pkg in xorg wayland; do
done
if $has_x; then
- l /a/bin/buildscripts/tor-browser
- l /a/bin/buildscripts/misc
+ /a/bin/buildscripts/tor-browser
+ /a/bin/buildscripts/misc
fi
systemctl is-active btrbk.service
mkdir -p /mnt/root/btrbk && date +%z && df --output=size,pcent / | tail -n1
DISPLAY=:0 xprintidle
+rsync --server --sender -logDtprRe.iLsfxC . /usr/local/./bin/mount-latest-subvol /usr/local/./bin/check-subvol-stale /usr/local/./lib/err
+rsync --server --sender -logDtpre.iLsfxC . /usr/local/lib/err
+rsync --server --sender -logDtpre.iLsfxC . /usr/local/bin/mount-latest-subvol /usr/local/bin/check-subvol-stale
+scp -f /a/bin/distro-setup/btrbk-run
# mount-latest-remote
timeout -s 9 600 /usr/local/bin/mount-latest-subvol
rsync --server -OtpRe.LsfxC . /usr/local
bindsym $mod+j exec emacsclient -c
bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
-
+# note default is 27% on my system76. not sure if these
+# keybinds will screw up other laptop brightness keys.
+bindsym XF86MonBrightnessUp exec brightnessctl s +5%
+bindsym XF86MonBrightnessDown exec brightnessctl s 5%-
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
/a/bin/log-quiet/setup
rsync -t --chmod=755 --chown=root:root switch-mail-host btrbk-run mount-latest-subvol \
check-subvol-stale system-status myi3status mailtest-check \
+ epanic-clean \
/a/bin/log-quiet/sysd-mail-once hssh \
btrfsmaint \
dynamic-ip-update \
#!/bin/bash
-#https://askubuntu.com/questions/942366/how-to-disable-sleep-suspend-at-login-screen
sudo xhost +si:localuser:lightdm # grants localuser rights to X session
sudo su lightdm -s /bin/bash <<'EOF'
-/usr/bin/xset -dpms
-/usr/bin/xset s off
+
+xset dpms 0 0 120
+
EOF
+
+
+# i wanted the system to stop going to sleep, so
+# I did this,
+#https://askubuntu.com/questions/942366/how-to-disable-sleep-suspend-at-login-screen
+#/usr/bin/xset -dpms
+#/usr/bin/xset s off
+
+# but then i started auto rebooting and found that the
+# screen doesnt go into power save mode, so copied xset dpms 0 0 120 from here
+# https://itectec.com/ubuntu/ubuntu-how-to-control-lightdm-power-saving-preferences/
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-export SSH_CONFIG_FILE_OVERRIDE=/root/.ssh/confighome
u=$(id -nu 1000)
# after my internet was down for a bit:
# NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
m /a/exe/vpn-mk-client-cert -b mailclient -n mail li.iankelling.org
- m /a/exe/vpn-mk-client-cert -c bk.b8.nz -b expertpath -n mail li.iankelling.org
fi
case $HOSTNAME in
bk)
binutils-doc
bind9-doc
bind9utils
+ # for system76 laptop with i3 keybind.
+ brightnessctl
build-essential
bwm-ng
ccache
# -t times, so it won't rewrite the file every time,
# -L resolve links
rsync --exclude=/h --exclude=/h.pub --exclude /config --exclude /confighome -rtL --delete $user_ssh_dir/ /root/.ssh
-rsync -tL $user_ssh_dir/config /root/.ssh/confighome
-cp -a /q/root/h{,.pub} /root/.ssh
-### The h key is like the home key, but only a whitelist of commands allowed, and
-# not encrypted, so cron and whatnot can use it.
-# For any interactive ssh command we want to run as root that is not in that
-# whitelist, we need to ssh -F $HOME/.ssh/confighome
-### I run a separate ssh-agent for root where I add keys without
-# confirm. This the root ssh-agent is only available
-# to root, and it allows us to have a working ssh when X isnt available,
-# eg, in an ssh shell. confirm for regular user provides some protection
-# that a rouge user program cant use my ssh key.
-sed 's,^IdentityFile ~/\.ssh/home$,IdentityFile ~/\.ssh/h,;s,^AddKeysToAgent confirm,AddKeysToAgent yes,' /root/.ssh/confighome >/root/.ssh/config
+if [[ -e /q/root/h ]]; then
+ cp -a /q/root/h{,.pub} /root/.ssh
+fi
+
+if [[ -e $user_ssh_dir/config ]]; then
+ ### The h key is like the home key, but only a whitelist of commands allowed, and
+ # not encrypted, so cron and whatnot can use it.
+ # For any interactive ssh command we want to run as root that is not in that
+ # whitelist, we need to ssh -F $HOME/.ssh/confighome
+ ### I run a separate ssh-agent for root where I add keys without
+ # confirm. This the root ssh-agent is only available
+ # to root, and it allows us to have a working ssh when X isnt available,
+ # eg, in an ssh shell. confirm for regular user provides some protection
+ # that a rouge user program cant use my ssh key.
+ sed 's,^AddKeysToAgent confirm,AddKeysToAgent yes,' $user_ssh_dir/config >/root/.ssh/confighome
+ sed 's,^IdentityFile ~/\.ssh/home$,IdentityFile ~/\.ssh/h,' /root/.ssh/confighome >/root/.ssh/config
+fi
chown -R root:root /root/.ssh
# notably: installs hssh
/a/exe/install-my-scripts
-install /a/opt/btrbk/ssh_filter_btrbk.sh /usr/local/bin
-systemctl enable --now ssh-agent-root
+if [[ -e /a/opt/btrbk/ssh_filter_btrbk.sh ]]; then
+ install /a/opt/btrbk/ssh_filter_btrbk.sh /usr/local/bin
+fi
+
+if [[ -e /etc/systemd/system/ssh-agent-root.service ]]; then
+ systemctl enable --now ssh-agent-root
+fi
d=/etc/initramfs-tools
if [[ -e $d ]] && ! diff -q /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys &>/dev/null; then
bindsym $mod+j exec emacsclient -c
bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
-
+# note default is 27% on my system76. not sure if these
+# keybinds will screw up other laptop brightness keys.
+bindsym XF86MonBrightnessUp exec brightnessctl s +5%
+bindsym XF86MonBrightnessDown exec brightnessctl s 5%-
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
bindsym $mod+j exec emacsclient -c
bindsym $mod+k exec konsole
bindsym $mod+l exec dmenu_run
-
+# note default is 27% on my system76. not sure if these
+# keybinds will screw up other laptop brightness keys.
+bindsym XF86MonBrightnessUp exec brightnessctl s +5%
+bindsym XF86MonBrightnessDown exec brightnessctl s 5%-
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
#keyserver hkp://keyserver.pgp.com
#keyserver hkp://ipv4.pool.sks-keyservers.net
#keyserver hkp://keys.gnupg.net
-keyserver hkp://keyserver.ubuntu.com
+#keyserver hkp://keyserver.ubuntu.com
#keyserver hkp://keyring.debian.org
#keyserver keyserver.ubuntu.com
# more secure hkps, but had problems with my gpg version
-#keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver hkps://hkps.pool.sks-keyservers.net
### begin things added by enigmail
cert-digest-algo SHA256
exit $1
}
+
restore_new_btrbk=false
restore_old_btrbk=false
err-cleanup() {
new_host=$2
bbk_args="-t $new_host"
new_shell="ssh -F $HOME/.ssh/confighome root@$new_host"
+ $new_shell -v hostname
new_hostname=$($new_shell hostname)
;;
pull)
# No point in emailing about the mailq on a host where we don't
# check email.
$MAIL_HOST|bk)
- lo -10 qlen $qmsg
+ lo -120 qlen $qmsg
;;
esac
done
fi
- /a/bin/distro-setup/epanic-clean
-
if [[ -s /var/log/exim4/paniclog ]]; then
chars+=("PANIC!")
tail -n 20 /var/log/exim4/paniclog | lo -1 paniclog
chars+=("BTRBK.TIMER")
bbkmsg="btrbk.timer not enabled"
fi
- lo -60 btrbk.timer $bbkmsg
+ lo -960 btrbk.timer $bbkmsg
## check if last snapshot was within an hour
vol=o
maxtime=$t
fi
done
- if (( maxtime < now - 2*60*60 )); then
+ if (( maxtime < now - 4*60*60 )); then
chars+=("OLD-SNAP")
- snapshotmsg="/o snapshot older than 2 hours"
+ snapshotmsg="/o snapshot older than 4 hours"
fi
lo -1 old-snapshot $snapshotmsg
fi
iankelling.org / git / distro-setup / commitdiff