hello: 'defaultnn.b8.nz'
alertmanager_route:
receiver: defaultreceiver
+ repeat_interval: 7d
alertmanager_receivers:
- name: defaultreceiver
email_configs:
g -n "$@"
}
-gh() {
- # i got an error, gh not found when doing a pull request, it seems like it wants itself in it\'s path.
- local _oldpath="$PATH"
- PATH="$PATH:$HOME/node_modules/.bin"
- command gh "$@"
- PATH="$_oldpath"
-}
-
gmacs() {
# quit will prompt if the program crashes.
gdb -ex=r -ex=quit --args emacs "$@"; r;
EOF
if [[ -e $d/bin ]]; then
sudo chroot $d apt-get update
- sudo chroot $d apt-get -y dist-upgrade --purge --auto-remove
- cd; sudo schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+ sudo chroot $d DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade --purge --auto-remove
+ cd; sudo schroot -c $n -- DEBIAN_FRONTEND=noninteractive apt-get install --allow-unauthenticated -y ${apps[@]}
else
sudo mkdir -p $d
# resolvconf otherwise schroot fails with
# at least in flidas, things rely on gpg being gpg1
gpg() {
- command gpg2 "$@"
+ if type -P gpg2 &>/dev/null; then
+ command gpg2 "$@"
+ else
+ command gpg "$@"
+ fi
}
gse() {
mo() { xset dpms force off; } # monitor off
+mpvd() {
+ mpv --profile=d "$@";
+}
+mpvs() {
+ mpv --profile=s "$@";
+}
+
myirc() {
if [[ ! $1 ]]; then
set -- fsf-office
# /etc/default/exim4
#
# to specify recipients other than those in to, cc, bcc, you can use the cli args, eg:
- # exim -i 'test@zroe.org, t2@zroe.org' <<'EOF'
- #
+ # exim -t 'test@zroe.org, t2@zroe.org' <<'EOF'
#
+ # -t = get recipient from header
exim -d -t <<'EOF'
From: i@dmarctest.b8.nz
To: mailman@dev.fsf.org
path-add --end $HOME/.cargo/bin
if type -P rg &>/dev/null; then
- rg() { command rg -i -M 200 "$@"; }
+ rg() { command rg -i -M 200 --no-ignore "$@"; }
complete -r rg
else
alias rg=grr
local root="$1"
local targets=()
if [[ $2 ]]; then
- targets=( "$2"/!(.git|..|.) )
+ targets=( "$2"/!(.git|..|.|.#*) )
else
- for f in "$1"/!(.git|..|.); do
+ for f in "$1"/!(.git|..|.|.#*); do
if [[ -d $f ]]; then targets+=("$f"); fi
done
fi
if [[ -e $dir/subdir_files ]]; then
m subdir-link-r $dir/subdir_files
fi
- local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
+ local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.|.#*) )
(( ${#x[@]} >= 1 )) || continue
m lnf ${x[@]} ~
done
m s systemctl restart $service
fi
done
-
}
user=$(id -un)
iank)
/a/bin/ds/install-my-scripts
files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
+ /p/c/machine_specific/*/filesystem/etc/openvpn/client/*.key
/p/c/filesystem/etc/openvpn/client/*.key
/p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
- /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
)
if [[ -e ${files[0]} ]]; then
chmod 600 ${files[@]}
# recommends gets us geoclue (for darkening automatically at night i assume),
# which recommends modemmanager, which is annoying to fix for the model01 keyboard.
- pi --no-install-recommends gtk-redshift
+ # commented because I dont use it much, and in nabia its named changed to redshift-gtk
+ #pi --no-install-recommends gtk-redshift
##### setup X autostart
# install for multiple display managers in case we use one
sudo mkdir -p $dir/PostLogin
sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
sudo mkdir -p /etc/lightdm/lightdm.conf.d
+ # etiona lightdm.log:
+ # [SeatDefaults] is now called [Seat:*], please update this configuration
sudo dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
-[SeatDefaults]
+[Seat:*]
display-setup-script=/a/bin/ds/lightdm-start
session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
EOF
pi debootstrap
######### begin universal pinned packages ######
case $(debian-codename) in
- etiona|flidas)
+ nabia|etiona|flidas)
sd /etc/apt/preferences.d/etiona-buster <<EOF
Package: *
Pin: release n=buster
p update
fi
+
+
+ sd /etc/apt/preferences.d/nabia-etiona <<'EOF'
+Package: *
+Pin: release n=nabia*,o=Trisquel
+Pin-Priority: -100
+EOF
+
+ f=/etc/apt/sources.list.d/nabia.list
+ t=$(mktemp)
+ cat >$t <<'EOF'
+deb http://mirror.fsf.org/trisquel/ nabia main
+deb-src http://mirror.fsf.org/trisquel/ nabia main
+
+deb http://mirror.fsf.org/trisquel/ nabia-updates main
+deb-src http://mirror.fsf.org/trisquel/ nabia-updates main
+
+deb http://archive.trisquel.info/trisquel/ nabia-security main
+deb-src http://archive.trisquel.info/trisquel/ nabia-security main
+
+# Uncomment this lines to enable the backports optional repository
+deb http://mirror.fsf.org/trisquel/ nabia-backports main
+deb-src http://mirror.fsf.org/trisquel/ nabia-backports main
+EOF
+ if ! diff -q $t $f; then
+ sudo dd if=$t of=$f 2>/dev/null
+ p update
+ fi
+
# for ziva
#p install --no-install-recommends minetest/buster libleveldb1d/buster libncursesw6/buster libtinfo6/buster
f=/etc/apt/sources.list.d/buster.list
# todo: figure out mate for buster
# pi task-gnome-desktop
;;
- bionic)
-
- pi xorg lightdm mate-desktop-environment mate-desktop-environment-extras mate-indicator-applet anacron
+ bionic|focal)
+ # i had installing mate-indicator-applet, but im not sure why so i removed
+ pi xorg lightdm mate-desktop-environment mate-desktop-environment-extras anacron
# pi gnome-core
# # apt-get update periodically fails with an appstream error.
# by default, it sleeps when not logged in to x/wayland and on ac power.
# stop that.
-
if id -u gdm &>/dev/null; then
sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
m systemctl --user stop gvfs-daemon
m systemctl --user disable gvfs-daemon
fi
+ ;;&
+ focal)
+ # lightdm startup fails without this. on etiona, we got unity-greeter installed automatically,
+ # it would probably work on nabia too, but google just lead me to this and it works fine.
+ pi lightdm-gtk-greeter
+ # ok, this is really weird
+ # normally this file has
+ cat >/etc/X11/Xsession.d/99x11-common_start <<'EOF'
+# this is very odd.
+# this file normally just has: exec $STARTUP
+# but then ~/.xsession-errors
+# says $STARTUP is not found, which appears to be the real
+# error, but normal bash doesnt operate that way.
+# https://bugs.launchpad.net/ubuntu/+source/im-config/+bug/1879352
+eval exec $STARTUP
+EOF
;;
esac
pi gnupg-doc
fi
-# abrowser is not in etiona yet, abrowser version is 68,
-# abrowser won't run on a firefox profile that was on firefox
-# version 70. firefox in ubuntu is at version 70.
-# have to rm compabibility.ini to even try downgrade.
-pi firefox
-sudo update-alternatives --set x-www-browser /usr/bin/abrowser
+
+case $distro in
+ trisquel)
+ case $codename in
+ nabia)
+ # abrowser not available yet
+ pi firefox
+ ;;
+ *)
+ # firefox would work here too, apt would select abrowser.
+ # and the update-alternatives thing i think is becuz firefox is
+ # generally available before abrowser and this helps fix things
+ # up when we have both.
+ pi abrowser
+ sudo update-alternatives --set x-www-browser /usr/bin/abrowser
+ ;;
+ esac
+ ;;
+ ubuntu)
+ pi firefox
+ ;;
+ debian)
+ pi firefox-esr
+ ;;
+esac
+
+# newer distros just use adb for package name it seems
+case $codename_compat in
+ bionic|stretch)
+ pi android-tools-adbd
+ ;;
+esac
+
+
+case $codename_compat in
+ bionic)
+ pi python-vte
+ ;;
+ *)
+ pi reportbug-gtk
+ ;;
+esac
+
+# not packaged in newer distros it seems
+case $codename_compat in
+ bionic|buster|stretch)
+ pi dtrx
+ ;;
+esac
+
# TODO: some of the X programs can be removed from pall when using wayland
if [[ -e /p/c/machine_specific/$HOSTNAME/etc/openvpn/client/hole.crt ]]; then
sgo openvpn-client@hole
- fi
+fi
if [[ $HOSTNAME == frodo ]]; then
vpn-mk-client-cert -b frodo -n hole iankelling.org
# also, i assume syncing this between machines somehow messed up the data.
if mountpoint /p &>/dev/null; then
case $codename in
- etiona)
+ etiona|nabia)
pi arbtt
seru enable arbtt
seru start arbtt
perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
m sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]}
# newer distro had gpg2 as default, older one, flidas, need to make it that way
- gpgpath=$(which gpg2)
- if [[ $x ]]; then
+ gpgpath=$(which gpg2) ||:
+ if [[ $gpgpath ]]; then
sudo mkdir -p /usr/local/spdhackfix
s lnf -T $gpgpath /usr/local/spdhackfix/gpg
fi
trisquel)
m mkschroot debian buster firefox-esr pulseaudio chromium anki
case $(debian-codename) in
- etiona)
+ etiona|nabia)
+ # we have a lot of t8 stuff, useful to have
mkschroot trisquel flidas
tu /nocow/schroot/flidas/etc/sudoers <<EOF
$USER ALL=(ALL) NOPASSWD: ALL
### printer setup
-pi cups hplip
+pi cups
+
sudo gpasswd -a $USER lpadmin # based on ubuntu wiki
# goto http://127.0.0.1:631
# administration tab, add new printer button.
*) e unrar-free ;;
esac
-case $distro in
- trisquel|ubuntu)
- # for gui bug reporting
- e python-vte
- ;;
- debian)
- e reportbug-gtk
- ;;
- # no equivalent in other distros:
-esac
-
case $distro in
arch) e nfs-utils ;;
trisquel|ubuntu|debian) e nfs-common ;;
# /a/bin/buildscripts/pumpa ;;
esac
-case $distro in
- debian) e adb ;;
- debian|trisquel|ubuntu) e android-tools-adbd ;;
- # todo: not sure this is needed anymore, or if trisqel etc works even
- # debian) e android-tools-adbd/unstable ;;
- arch) e android-tools ;;
- # other distros unknown
-esac
-
-
case $distro in
debian|trisquel|ubuntu)
e libosinfo-bin;
source ~/.bashrc
fqdn=$(hostname -f)
+domaintmp=${fqdn#*.}
+hostnametmp=${fqdn%%.*}
+# i for internet
+fqdn=${hostnametmp}i.${domaintmp}
up4=false
case $gateway in
10.2.0.1)
- dynhost=b8.nz
+ dynhost=i.b8.nz
;;
*)
exit 0
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+# todo: remove old files from bk:/m/md/expertpathologyreview.com/testignore/cur
+
# todo: run mailping test after running, or otherwise
# clear out terminal alert
# todo: reinstall bk with bigger filesystem
-# todo: monitor for msft unblock, and then remove on bk:
-# /etc/exim4/conf.d/router/190_msft
-# dnslookup_msft
-# domains = hotmail.com : live.com : msn.com : passport.com : outlook.com
-
-
# todo: on bk, dont send email if mailvpn is not up
# todo: disable postgrey
# # lines 2+: append to hold space
# echo "bind txt record: remember to truncate $domain so its relative to the bind zone"
# cat <<EOF
-# li._domainkey.$domain TXT (
+# a._domainkey.$domain TXT (
# "v=DKIM1\059 k=rsa\059 p=$(openssl rsa -in $domain-private.pem -pubout |&sed -rn '${x;s/\n//g;s/^(.*)(.{240}$)/\1"\n"\2/p};3,$H')" )
# EOF
# # sed explanation: skip the first few lines, then put them into the hold space, then
EOF
fi
-pi spf-tools-perl p0f postgrey pyzor razor jq moreutils clamav-daemon
-
# light version of exim does not have sasl auth support.
pi-nostart exim4 exim4-daemon-heavy spamassassin openvpn unbound
+
# note: pyzor debian readme says you need to run some initialization command
# but its outdated.
+pi spf-tools-perl p0f postgrey pyzor razor jq moreutils clamav-daemon
+
soff openvpn
# more verbose logs
MAIN_LOG_SELECTOR = +all
+# Based on spec, seems like a good idea to be nice.
+smtp_return_error_details = true
# normally empty, I set this so I can set the envelope address
# when doing mail redelivery to invoke filters. Also allows
av_scanner = clamd:/var/run/clamav/clamd.ctl
+domainlist local_hostnames = ! je.b8.nz : ! bk.b8.nz : *.b8.nz : b8.nz
+
hostlist iank_trusted = <; \\
# veth0
10.173.8.1 ; \\
EOF
rm -fv /etc/exim4/rcpt_local_acl # old path
-cat >/etc/exim4/conf.d/rcpt_local_acl <<'EOF'
-# i had a thing here so alerts would only come from
-# authed hosts. I ditched it, but leaving this here since
-# I might add somethign later.
-EOF
i /etc/exim4/conf.d/local_deny_exceptions_acl <<'EOF'
# This acl already exists in rcpt, this just makes it more widespread.
dc_relay_nets=''
CFILEMODE='644'
dc_use_split_config='true'
-dc_local_interfaces=''
dc_mailname_in_oh='true'
EOF
{ cat <<EOF
# https://ssl-config.mozilla.org
ssl = required
-ssl_cert = </etc/exim4/exim.crt
-ssl_key = </etc/exim4/exim.key
+ssl_cert = </etc/exim4/fullchain.pem
+ssl_key = </etc/exim4/privkey.pem
# this is the same as the certbot list, in my cert cronjob, I check if that has changed upstream.
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_protocols = TLSv1.2
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# note: some things we don't set that are here by default because they are unused.
+dc_local_interfaces=''
dc_eximconfig_configtype='internet'
dc_localdelivery='dovecot_lmtp'
EOF
*.posteo.de
EOF
+ # cron email from smarthost hosts will automatically be to
+ # USER@FQDN. I redirect that to alerts@, on the smarthosts, but in
+ # case that doesn't work, we still want to accept that mail, but not
+ # from any host except the smarthosts. local_hostnames and this rule
+ # is for that purpose.
+ i /etc/exim4/conf.d/rcpt_local_acl <<'EOF'
+deny
+ !authenticated = *
+ domains = +local_hostnames
+ message = no relay
+EOF
+ echo|i /etc/exim4/conf.d/router/880_universal_forward
+
# for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
# and also have mail.iankelling.org whitelisted as a relay domain.
# I could avoid that if I changed this to submit to 587 with a
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# man page: is used to build the local_domains list, together with "localhost"
# this is duplicated in a later router.
-dc_other_hostnames='iankelling.org;zroe.org;r2e.iankelling.org'
+dc_other_hostnames='iankelling.org;zroe.org;r2e.iankelling.org;!je.b8.nz;!bk.b8.nz;*.b8.nz;b8.nz'
EOF
## we use this host to monitor MAIL_HOST and host a mail server for someone
bk)
+ echo|i /etc/exim4/conf.d/rcpt_local_acl
+ echo|i /etc/exim4/conf.d/router/880_universal_forward
+
echo amnimal.ninja > /etc/mailname
/a/exe/cedit nn /etc/hosts <<'EOF' || [[ $? == 1 ]]
dc_other_hostnames='je.b8.nz'
EOF
+ echo|i /etc/exim4/conf.d/rcpt_local_acl
+ echo|i /etc/exim4/conf.d/router/880_universal_forward
+
;;
# ** not MAIL_HOST|bk|je
*)
+ echo|i /etc/exim4/conf.d/rcpt_local_acl
+
+ # catches things like cronjob email
+ i /etc/exim4/conf.d/router/880_universal_forward <<'EOF'
+universal_forward:
+ driver = redirect
+ domains = +local_domains
+ data = alerts@iankelling.org
+EOF
+
+
for unit in ${nn_progs[@]}; do
f=/etc/systemd/system/$unit.service.d/nn.conf
rm -fv $f
echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# If theres like a temporary problem where mail gets sent to
+# one of these hosts, if exim isnt listening, it will be a temporary error
+# instead of a permanent 5xx.
+dc_local_interfaces='127.0.0.1;::1'
dc_eximconfig_configtype='smarthost'
dc_smarthost='$smarthost'
EOF
for r in $($spamcpre spamc -y <"$latest" |sed 's/,/ /g'); do
case $r in
# we have a new domain, ignore this.
- FROM_FMBLA_NEWDOM*) : ;;
+ # it seems like some versions of spamassassin do BODY_SINGLE_WORD, others dont, we dun care.
+ BODY_SINGLE_WORD|FROM_FMBLA_NEWDOM*) : ;;
SPF_HELO_NEUTRAL)
# some of my domains use neutral spf, treat them the same.
results[SPF_HELO_PASS]=t
# debugging
# e results = ${!results[@]}
missing=()
- for t in BODY_SINGLE_WORD DKIM_SIGNED DKIM_VALID{,_AU,_EF} SPF_HELO_PASS SPF_PASS TVD_SPACE_RATIO; do
+ for t in DKIM_SIGNED DKIM_VALID{,_AU,_EF} SPF_HELO_PASS SPF_PASS TVD_SPACE_RATIO; do
if [[ ${results[$t]} ]]; then
unset "results[$t]"
elif [[ $t == DKIM_VALID_EF && $from == *@[^.]*.[^.]*.[^.]* ]]; then
### begin check if leaf is different, delete it if not ###
if [[ -e /a/opt/btrfs-snapshots-diff/btrfs-snapshots-diff.py ]]; then
source /a/bin/distro-functions/src/package-manager-abstractions
- pi python-jmespath # dependency
+ #pi python-jmespath # dependency of btrfs-snapshots-diff
+ # todo: need python3 port of btrfs-snapshots-diff, py2 no exist on nabia
parentid=$(btrfs sub show $leaf | awk '$1 == "Parent" && $2 == "UUID:" {print $3}')
bsubs=(/mnt/root/btrbk/$vol.*)
bsub=
# libterm-readkey-perl for rt cli tool
# fonts pkgs are an attempt to get less block characters
# gnat-5 & ccache is for coreboot
-# python-dnspython is needed by some ansible module and 3 is
-# for when ansible becomes py3.
+# gnat-5 doesnt exist in nabia, might not even be needed for coreboot anymore so removed it
+# python3-dnspython is needed by some ansible module
+
+
+
p3=(
at
adb
dillo
dirmngr
dnsutils
- python-dnspython
python3-dnspython
- dtrx
duplicity
- eclipse
elinks
etckeeper
evince
gdb-doc
geoip-bin
geoip-database
- geoip-database-extra
gimp
git-doc
git-email
gitk
glibc-doc
goaccess
- gnat-5
gnome-screenshot
grepmail
guvcview
pixz
pry
pv
- python-autopep8
+ python3-autopep8
python3-doc
qemu-user-static
qrencode
xscreensaver-gl
xscreensaver-gl-extra
global
- python-pygments
+ python3-pygments
)
# shellcheck disable=SC2034
# fi
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- m sudo systemctl start openvpn-client@hole
- m sudo systemctl enable openvpn-client@hole
-else
- m sudo systemctl stop openvpn-client@hole
- m sudo systemctl disable openvpn-client@hole
-fi
-
m /a/exe/mail-setup
exit 0
#loop=inf
-
#pause
+#save-position-on-quit
#loop-file=inf
loop-file=no
-shuffle
volume=50
-#save-position-on-quit
# use --profile d
[d]
loop-file=inf
shuffle
#vo=gpu
+
+[s]
+shuffle
--- /dev/null
+[DEFAULT]
+from = rss2email@iankelling.org
iankelling.org / git / distro-setup / commitdiff