various fixes

diff --git a/brc2 b/brc2
index 93a141e49d84605d6da437faf82d1c67c5641eb7..d8a0358bbfab74bcabe5610208bcece1cb07039a 100644 (file)
--- a/brc2
+++ b/brc2
@@ -833,7 +833,9 @@ rcat() {
 }
 reresolv() {
   sudo nscd -i hosts
-  #sudo systemctl restart dnsmasq
+  if [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then
+    sudo systemctl restart dnsmasq
+  fi
 }
 
 # only run on MAIL_HOST. simpler to keep this on one system.

diff --git a/check-subvol-stale b/check-subvol-stale
index 8e7d7547457a4e02f01efeaf4720f4a9bf9a699a..4f489e7c9f0d6100ddd6341029da049c7c063dc0 100644 (file)
--- a/check-subvol-stale
+++ b/check-subvol-stale
@@ -17,7 +17,7 @@
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[@]}" >&2' ERR
 
 shopt -s nullglob
 
@@ -137,7 +137,7 @@ for d; do
       unix_time=$(date -d $(sed -r  's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s)
       printf "%s %s\n" $unix_time $s
       # sort will fail
-    done | sort -r | head -n 1 | awk '{print $2}' || [[ ${PIPESTATUS[1]} == 2 ]]
+    done | sort -r | head -n 1 | awk '{print $2}' || [[ ${PIPESTATUS[1]} == 141 ]]
            )
   if [[ ! $last_snap ]]; then
     # should not happen.

diff --git a/distro-end b/distro-end
index 875aab595d6076bc4c9438675206843329cc5c1c..b62e1ff453201d751d84d1d89cd3004053ab105b 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -642,7 +642,7 @@ case $codename_compat in
     m systemctl --user disable gvfs-daemon
     # apt-get update periodically fails with an appstream error.
     # this removes gnome-core, but its just a package for dependencies
-    p remove appstream
+    p -y remove appstream
     ;;
 esac
 

diff --git a/filesystem/etc/cron.d/ian b/filesystem/etc/cron.d/ian
index 76dfa4e19bb3bbfd8cb305851147fd6826bbc13b..5545e139b99fc46e46c6f76b0838f49b832a60ec 100644 (file)
--- a/filesystem/etc/cron.d/ian
+++ b/filesystem/etc/cron.d/ian
@@ -5,4 +5,4 @@ PATH=/usr/bin:/bin:/usr/local/bin:/a/exe
 * * * * *   iank system-status |& log-once system-status
 # If theres any logged errors we didnt handle in 4 days, maybe we accidentally missed them,
 # so report if we did
-4 9 * * 5   root find /var/local/cron-errors /home/iank/cron-errors -type f -mtime +4
+4 9 * * 5   root find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -mtime +4

diff --git a/mail-setup b/mail-setup
index 443bc748f4bd16a6cda6e0e97781b3ffb5aa2642..575511dcf36bd94718271078ae17183351c44212 100755 (executable)
--- a/mail-setup
+++ b/mail-setup
@@ -479,6 +479,17 @@ deny
   !authenticated = *
   domains = mail.iankelling.org
 EOF
+
+# This acl already exists in rcpt, this just makes it more widespread.
+# See the comment there for its rationale. The reason it needs to be
+# more widespread is that I've turned on sender verification, but cron
+# emails can fail sender verification since I may be in a network that
+# doesn't have my local dns.
+cat >/etc/exim4/conf.d/local_deny_exceptions_acl <<'EOF'
+accept
+  authenticated = *
+EOF
+
 rm -fv /etc/exim4/data_local_acl # old path
 cat >/etc/exim4/conf.d/data_local_acl <<'EOF'
 # Except for the "condition =", this was
@@ -708,7 +719,7 @@ EOF
     cat >>/etc/exim4/conf.d/main/000_local <<EOF
 # recommended if dns is expected to work
 CHECK_RCPT_VERIFY_SENDER = true
-# seems like a good idea
+# These seem like a good idea and have stoped spammers on my server
 CHECK_DATA_VERIFY_HEADER_SENDER = true
 CHECK_RCPT_SPF = true
 CHECK_RCPT_REVERSE_DNS = true
@@ -798,6 +809,7 @@ MAIN_HARDCODE_PRIMARY_HOSTNAME = mail.iankelling.org
 # options exim has to avoid having to alter the default config files
 CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl
 CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl
+LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE = /etc/exim4/conf.d/local_deny_exceptions_acl
 
 
 # testing dmarc
@@ -990,6 +1002,8 @@ PATH=/usr/bin:/bin:/usr/local/bin
 */10 * * * *   root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod
 */5 * * * *   $u mailtest-check |& log-once -1 mailtest-check
 EOF
+    m sudo rsync -ahhi --chown=root:root --chmod=0755 \
+      /b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
     ;;&
   $MAIL_HOST)
     test_from=ian@iankelling.org
@@ -998,8 +1012,6 @@ EOF
     cat >>/etc/cron.d/mailtest <<EOF
 2   * * * *   $u check-remote-mailqs |& log-once check-remote-mailqs
 EOF
-    m sudo rsync -ahhi --chown=root:root --chmod=0755 \
-      /b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
     ;;&
   l2)
     test_from=iank@l2.b8.nz

diff --git a/mount-latest-subvol b/mount-latest-subvol
index ded8ee931e0e306d46bcec7d9000754bad185605..0a606268543196aa4dcb7a40d6a000b03b69ebde 100644 (file)
--- a/mount-latest-subvol
+++ b/mount-latest-subvol
@@ -236,7 +236,8 @@ for vol in q a o i; do
   fi
 
   if [[ $vol == q ]]; then
-    systemctl --user stop arbtt
+    # allow to fail, user might not be logged in
+    sudo -u iank systemctl --user stop arbtt ||:
   fi
   umount_ret=true
   unmounted=()

diff --git a/schrootupdate b/schrootupdate
index 54354026b7ecb514e714e4b4ff3c5a893bf4ba81..b50c2a1606dad088288bcdc7653d6642cb175879 100755 (executable)
--- a/schrootupdate
+++ b/schrootupdate
@@ -7,7 +7,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 for n in stretch; do
   if [[ -e /etc/schroot/chroot.d/$n.conf ]]; then
-    cd
+    cd /
     schroot -c $n -- apt-get -y dist-upgrade --purge --auto-remove
   fi
 done