# noninteractive ssh shells, or tty. tty because often i
# use it when something is going and io is slow and my bashrc
# is too slow.
-if [[ $SSH_CONNECTION && $LC_USEBASHRC != t || $TERM == linux ]]; then
+if [[ $LC_USEBASHRC != t && ( $SSH_CONNECTION || $TERM == linux ) ]]; then
# Here we did not opt-in to running our .bashrc file so we just
# return, but we still setup a function to source it without returning
# so if we want it we don't have to restart our ssh connection.
bu() {
fusermount -u /bu/mnt
}
+
eqgo() {
enn -M $(exiqgrep -i)
}
+eqgo1() {
+ enn -M $(exiqgrep -i|h1)
+}
+
gnupload(){
/a/f/gnulib/build-aux/gnupload "$@"
fi
journalctl -qn2 -f -u "$cmd_name" &
# Guess of time needed to avoid missing initial lines.
- # .5 was not reliable.
- sleep 1
+ # .5 was not reliable. 1 was not reliable
+ sleep 2
# We kill this in prompt-command for the case that we ctrl-c the
# systemd-cat. i dont know any way to trap ctrl-c and still run the
# normal action for it. There might be a way, unsure.
unit=$1
journalctl -qn2 -f -u $unit &
systemctl start $unit
- sleep .5
+ sleep 2
kill $jr_pid &>/dev/null ||:
unset jr_pid
fg &>/dev/null ||:
p[0]=/a/opt/emacs-ubuntu20.04
p[1]=/a/opt/emacs-ubuntu20.04-nox
done
- m rsync "$@" -ahviSAXPH root@li:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
+ m rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
return $ret
}
bkpush() { # no emacs. for running faster.
# use * instead of -r since that does sorted order
ssh root@iankelling.org "cd $d/#$1; grep '\<iank.*' *" | cut --complement -c12-16
}
-myjab() {
+mypidgin() {
c /p/c/.purple/logs/jabber/iank@fsf.org/office@conference.fsf.org.chat
for x in *.html; do html2text -o ${x%.html}.txt $x; done;
grep -A1 ') iank:' *.txt | sed -r 's/^(.{10})[^ ]*\.txt:\(?([^ ]*)[[:space:]](..). iank:/\1_\2_\3/;s/^[^ ]*\.txt-//;/^--$/d;s/^[^ ]*\.txt:\((.{2}).(.{2}).(.{4}) (.{8}) (.{2})\)?/\3-\1-\2_\4_\5/' | sed -n 'x;1d;0~2{G;s/\n/ /;p};${x;p}'
- }
+}
allmyirc() {
local d
d=/var/lib/znc/moddata/log/iank/freenode
ssh root@iankelling.org "cd $d; find . -mtime -60 -type f -exec grep '\<iank.*' {} +" | sed -r 's,^..([^/]*)/(.{11})(.{5})(.{8}).,\2\4 \1,' | sort
}
+mygajim() {
+ sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank' and jid_id = 17;" | while read -r time l; do
+ echo $(date +%F.%R -d @$time) "$l"; done
+}
+
net-dev-info() {
e "lspci -nnk|gr -iA2 net"
lspci -nnk|gr -iA2 net
path-add --end $HOME/.cargo/bin
if type -P rg &>/dev/null; then
- rg() { command rg -i -M 300 --no-ignore "$@"; }
+ rg() { command rg -L -i -M 300 --no-ignore "$@"; }
complete -r rg
else
alias rg=grr
### end options parsing
# note, this test succeeds if not installed
-if [[ /a/opt/btrbk/btrbk -nt /usr/sbin/btrbk ]]; then
+if [[ /a/opt/btrbk/btrbk -nt /usr/btrbk ]]; then
+ if [[ -e /b/distro-functions/src/package-manager-abstractions ]]; then
+ . /b/distro-functions/src/package-manager-abstractions
+ pi asciidoctor
+ fi
cd /a/opt/btrbk
+ m make
m sudo make install
fi
sshfail=()
min_idle_ms=$((1000 * 60 * 15))
for h in ${targets[@]}; do
- if zone=$(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then
+ if remote_info=( $(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z && df --output=size,pcent / | tail -n1") ); then
+ zone=${remote_info[0]}
+ root_size=${remote_info[1]}
+ percent_used=${remote_info[2]%%%}
+
+ if (( ${#remote_info[@]} != 3 )); then
+ die "error: didnt get 3 fields in test ssh to target $h. investigate"
+ fi
+
+
+ # we may be booted into a bootstrap fs or something
+ min_root_kb=$(( 1024 * 1024 * 200 )) # 200 gb
+ if (( root_size < min_root_kb )); then
+ continue
+ fi
+
+ if (( percent_used >= 98 )); then
+ die "error: filesystem on target $h is $percent_used % full"
+ fi
+
# This is a separate ssh because xprintidle can fail and thats ok.
if $cron && idle_ms=$(timeout -s 9 6 ssh $h DISPLAY=:0 xprintidle); then
if (( idle_ms < min_idle_ms )); then
idle_time=$idle_limit
id=999
while id $((++id)) &>/dev/null; do
- new_idle_time=$(sudo -u \#$id xprintidle 2>/dev/null) ||:
+ new_idle_time=$(su -c xprintidle $(id -nu $id) 2>/dev/null) ||:
if [[ $new_idle_time && $new_idle_time -lt $idle_time ]]; then
idle_time=$new_idle_time
fi
fi
}
+
+usage() {
+ cat <<EOF
+Usage: ${0##*/} args
+Do btrfs maintence or stop if xprintidle shows a user
+
+force Run regardless of user idle status
+check Only check if an existing maintence should be cancelled due to
+ nonidle user. Also, runs in a loop every 20 seconds for 10
+ minutes.
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+ exit $1
+}
+
+
force=false
check=false
if [[ $1 ]]; then
;;
*)
echo "$0: error: unexpected arg" >&2
- exit 1
+ usage 1
;;
esac
fi
-idle=true
-if ! $force; then
- check-idle
-fi
-
-fnd="findmnt --types btrfs --noheading"
-for x in $($fnd --output "SOURCE" --nofsroot | sort -u); do
- mnt=$($fnd --output "TARGET" --first-only --source $x)
- [[ $mnt ]] || continue
- if ! $idle; then
- btrfs scrub cancel $mnt &>/dev/null ||:
- continue
- fi
- if $check; then
- continue
+main() {
+ idle=true
+ if ! $force; then
+ check-idle
fi
- # for comparing before and after balance.
- # the log is already fairly verbose, so commented.
- # e btrfs filesystem df $mnt
- # e df -H $mnt
- if btrfs filesystem df $mnt | grep -q "Data+Metadata"; then
- for usage in $dusage; do
- e btrfs balance start -dusage=$usage -musage=$usage $mnt
- done
- else
- e btrfs balance start -dusage=0 $mnt
- for usage in $dusage; do
- e btrfs balance start -dusage=$usage $mnt
- done
- e btrfs balance start -musage=0 $mnt
- for usage in $musage; do
- e btrfs balance start -musage=$usage $mnt
- done
- fi
- # e btrfs filesystem df $mnt
- # e df -H $mnt
- date=$(
- btrfs scrub status $mnt | \
- sed -rn 's/^\s*scrub started at (.*) and finished.*/\1/p'
- )
- if [[ $date ]]; then
- date=$(date --date="$date" +%s)
- # if date is sooner than 90 days ago
- # the wiki recommends 30 days or so, but
- # it makes the comp lag like shit for a day,
- # so I'm going with 90 days.
- if (( date > $(date +%s) - 60*60*24*30 )); then
- echo "cron: skiping scrub of $mnt"
+ fnd="findmnt --types btrfs --noheading"
+ for x in $($fnd --output "SOURCE" --nofsroot | sort -u); do
+ mnt=$($fnd --output "TARGET" --first-only --source $x)
+ [[ $mnt ]] || continue
+
+ if ! $idle; then
+ btrfs scrub cancel $mnt &>/dev/null ||:
continue
fi
- fi
- e btrfs scrub start -Bd $mnt
-done
+ if $check; then
+ continue
+ fi
+
+ # for comparing before and after balance.
+ # the log is already fairly verbose, so commented.
+ # e btrfs filesystem df $mnt
+ # e df -H $mnt
+ if btrfs filesystem df $mnt | grep -q "Data+Metadata"; then
+ for usage in $dusage; do
+ e btrfs balance start -dusage=$usage -musage=$usage $mnt
+ done
+ else
+ e btrfs balance start -dusage=0 $mnt
+ for usage in $dusage; do
+ e btrfs balance start -dusage=$usage $mnt
+ done
+ e btrfs balance start -musage=0 $mnt
+ for usage in $musage; do
+ e btrfs balance start -musage=$usage $mnt
+ done
+ fi
+ # e btrfs filesystem df $mnt
+ # e df -H $mnt
+ date=$(
+ btrfs scrub status $mnt | \
+ sed -rn 's/^\s*scrub started at (.*) and finished.*/\1/p'
+ )
+ if [[ $date ]]; then
+ date=$(date --date="$date" +%s)
+ # if date is sooner than 90 days ago
+ # the wiki recommends 30 days or so, but
+ # it makes the comp lag like shit for a day,
+ # so I'm going with 90 days.
+ if (( date > $(date +%s) - 60*60*24*30 )); then
+ echo "cron: skiping scrub of $mnt"
+ continue
+ fi
+ fi
+ e btrfs scrub start -Bd $mnt
+ done
+}
+
+if $check; then
+ # this is to prevent systemd from filling up the journal
+ for (( runcount=0; runcount < 90; runcount++ )); do
+ main
+ sleep 20
+ done
+else
+ main
+fi
m s chmod g+w $f
fi
sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
- if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
- s chgrp www-data /etc/davpass
+ if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then
+ s chgrp www-data /etc/caldav-htpasswd
fi
if [[ -e /var/lib/znc ]] && getent group znc; then
s chown -R znc:znc /var/lib/znc
if isdeb && [[ $(debian-codename) == nabia ]]; then
sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF'
Explanation: libkf5* are for konsole libilmbase* are needed for emacs
-Package: libkf5solid5 libkf5solid5-data libilmbase-dev libilmbase24 ansible unrar-free pidgin pidgin-* libpurple0 linux-doc p7zip mumble hplip cups-filters libcupsfilters1 libfontembed1 cups-filters-core-drivers lightdm mate-desktop-environment mate-desktop-environment-* mate-menus mate-panel mate-panel-* mate-session-manager libmate-* libgoa-* ubuntu-mate-default-settings mate-control-center mate-control-center-common gir1.2-matemenu-* lightdm-gtk-greeter liblightdm-gobject-* firefox libfdk-aac1
+Package: libilmbase-dev libilmbase24 unrar-free pidgin pidgin-* libpurple0 linux-doc p7zip mumble lightdm mate-desktop-environment mate-desktop-environment-* mate-menus mate-panel mate-panel-* mate-session-manager libmate-* ubuntu-mate-default-settings mate-control-center mate-control-center-common gir1.2-matemenu-* lightdm-gtk-greeter liblightdm-gobject-* firefox libfdk-aac1
Pin: release n=focal,o=Ubuntu
Pin-Priority: 500
EOF
fi
+# to test when these become available in trisquel, copy the package list, remove the * chars, repaplace PACKAGES below
+# for x in PACKAGES do hr; e $x; if [[ $x == *- ]]; then s="^$x"; dpkg -l "$x*" | sed '0,/^+++/d'; else s="^$x\$"; fi; aptitude search "~O Trisquel ~n $s"; done
+
#### setup firefox backport
## ian: disabled. backports are not being published atm due to rust packaging issue
######### end universal pinned packages ######
### system76 things ###
-case $HOSTNAME in
- sy)
- # note, i stored the initial popos packages at /a/bin/data/popos-pkgs
- if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
- # https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
- sd /etc/apt/sources.list.d/system76.list <<EOF
-deb http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
-deb-src http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
-EOF
- s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5D1F3A80254F6AFBA254FED5ACD442D1C8B7748B
- p update
- sd /etc/apt/preferences.d/system76 <<'EOF'
-Package: *
-Pin: release o=LP-PPA-system76-dev-stable
-Pin-Priority: 1001
-EOF
- pi system76-driver
- fi
- ;;
-esac
+# case $HOSTNAME in
+# sy)
+# # note, i stored the initial popos packages at /a/bin/data/popos-pkgs
+# if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
+# # https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
+# sd /etc/apt/sources.list.d/system76.list <<EOF
+# deb http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
+# deb-src http://ppa.launchpad.net/system76-dev/stable/ubuntu $codename_compat main
+# EOF
+# s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5D1F3A80254F6AFBA254FED5ACD442D1C8B7748B
+# p update
+# sd /etc/apt/preferences.d/system76 <<'EOF'
+# Package: *
+# Pin: release o=LP-PPA-system76-dev-stable
+# Pin-Priority: 1001
+# EOF
+# pi system76-driver
+# fi
+# ;;
+# esac
# ppa:obsproject/obs-studio
if [[ ! -d /etc/apt/sources.list.d/obs.list ]]; then
sudo rm -fv /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
ser reload apache2
+ a2enmod -q proxy proxy_http
domain=cal.iankelling.org
web-conf -f 10.8.0.4:5232 - apache2 $domain <<'EOF'
+# https://radicale.org/2.1.html
#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
-<Location />
- Options +FollowSymLinks +Multiviews +Indexes
- AllowOverride None
- AuthType basic
- AuthName "Authentication Required"
- # setup one time, with root:www-data, 640
- AuthUserFile "/etc/caldav-htpasswd"
- Require valid-user
+<Location /radicale/>
+ Options +FollowSymLinks +Multiviews +Indexes
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/caldav-htpasswd"
+ Require valid-user
+ RequestHeader set X-Script-Name /radicale/
+ RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+ ProxyPass "http://10.8.0.4:5232/" retry=0
+ ProxyPassReverse "http://10.8.0.4:5232/"
</Location>
EOF
# nginx version of above would be:
# https://bugs.launchpad.net/ubuntu/+source/im-config/+bug/1879352
eval exec $STARTUP
EOF
+ # also, gdm wayland was default, had to do
+ # dpkg-reconfigure gdm3
+ # and choose lightdm.
+ #
;;
esac
# Remove dep that came in with desktop to fix associations.
m pu transmission-gtk
+case $HOSTNAME in
+ kd)
+ lnf -T /d/vidshare /home/iank/Videos
+ ;;
+esac
# # Based on guix manual instructions, also added code to profile.
# # disabled since i'm not using it now.
#!/bin/bash
source ~/.bashrc
-fqdn=$(hostname -f)
-domaintmp=${fqdn#*.}
-hostnametmp=${fqdn%%.*}
-# i for internet
-fqdn=${hostnametmp}i.${domaintmp}
-
-up4=false
-
-read -r _ _ gateway _ < <(ip -4 route get 85.119.83.50)
-
-case $gateway in
- 10.2.0.1)
- dynhost=i.b8.nz
- ;;
- *)
- exit 0
- ;;
-esac
-
-if timeout -s 9 5 ssh-keyscan -p 2220 -t rsa $gateway 2>/dev/null | grep -qFx "[$gateway]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn"; then
- # we are on a home network
- cur4="$(dig +short $dynhost @iankelling.org | tail -1)"
- if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then
- if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
- up4=true # update ipv4
+main() {
+
+ fqdn=$(hostname -f)
+ domaintmp=${fqdn#*.}
+ hostnametmp=${fqdn%%.*}
+ # i for internet
+ fqdn=${hostnametmp}i.${domaintmp}
+
+ up4=false
+
+ read -r _ _ gateway _ < <(ip -4 route get 85.119.83.50)
+
+ case $gateway in
+ 10.2.0.1)
+ dynhost=i.b8.nz
+ ;;
+ *)
+ exit 0
+ ;;
+ esac
+
+ if timeout -s 9 5 ssh-keyscan -p 2220 -t rsa $gateway 2>/dev/null | grep -qFx "[$gateway]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn"; then
+ # we are on a home network
+ cur4="$(dig +short $dynhost @iankelling.org | tail -1)"
+ if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then
+ if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
+ up4=true # update ipv4
+ fi
fi
fi
-fi
-# may not be set yet so allow fail
-cur6="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||:
+ # may not be set yet so allow fail
+ cur6="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||:
-up6=false
+ up6=false
-out6=$(curl -s6 https://iankelling.org/cgi/pubip) ||: # failure allowed if we have no ipv6
+ out6=$(curl -s6 https://iankelling.org/cgi/pubip) ||: # failure allowed if we have no ipv6
-if [[ $out6 ]]; then
- dev=$(ip -o a show to $out6 | awk '{print $2}')
- # we use slaac with privacy extension, so get our less private more permanent address
- mac=$(cat /sys/class/net/$dev/address)
+ if [[ $out6 ]]; then
+ dev=$(ip -o a show to $out6 | awk '{print $2}')
+ # we use slaac with privacy extension, so get our less private more permanent address
+ mac=$(cat /sys/class/net/$dev/address)
- IFS=: read -a f <<<$mac; set -- ${f[@]}
- ip6=${out6%:*:*:*:*}:$(printf %x $((0x$1 + 2)))$2:$3'ff:fe'$4:$5$6
- # in case we aren't using slaac
- if ! ip a | grep "^ *inet6 $ip6/" &>/dev/null; then
- ip6=$out6
+ IFS=: read -a f <<<$mac; set -- ${f[@]}
+ ip6=${out6%:*:*:*:*}:$(printf %x $((0x$1 + 2)))$2:$3'ff:fe'$4:$5$6
+ # in case we aren't using slaac
+ if ! ip a | grep "^ *inet6 $ip6/" &>/dev/null; then
+ ip6=$out6
+ fi
fi
-fi
-if [[ $cur6 != $ip6 ]]; then
- up6=true
-fi
+ if [[ $cur6 != $ip6 ]]; then
+ up6=true
+ fi
-if ! $up4 && ! $up6; then
- exit 0
-fi
+ if ! $up4 && ! $up6; then
+ exit 0
+ fi
-# note, a simpler way to do this would be to ssh and use
-# "${SSH_CLIENT%% *}
-# to update bind if needed.
+ # note, a simpler way to do this would be to ssh and use
+ # "${SSH_CLIENT%% *}
+ # to update bind if needed.
-f=$(mktemp)
-cat >>$f <<EOF
+ f=$(mktemp)
+ cat >>$f <<EOF
server iankelling.org
zone b8.nz
EOF
-if $up4; then
- cat >>$f <<EOF
+ if $up4; then
+ cat >>$f <<EOF
update delete $dynhost. A
update add $dynhost. 300 A $ip4
EOF
-fi
+ fi
-if $up6; then
- if [[ $ip6 ]]; then
- cat >>$f <<EOF
+ if $up6; then
+ if [[ $ip6 ]]; then
+ cat >>$f <<EOF
update delete $fqdn. AAAA
update add $fqdn. 60 AAAA $ip6
EOF
- else
- cat >>$f <<EOF
+ else
+ cat >>$f <<EOF
update delete $fqdn. AAAA
EOF
+ fi
fi
-fi
-cat >>$f <<EOF
+ cat >>$f <<EOF
show
send
answer
quit
EOF
-nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
-sed -i 's/^server .*/server bk.b8.nz/' $f
-nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
+ nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
+ sed -i 's/^server .*/server bk.b8.nz/' $f
+ nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
-exit
+ exit
-# # persistent initial setup for this:
-# # create files in /a/c/machine_specific/vps/filesystem/etc/bind
-# # note, conflink also does some group ownership stuff.
-mkc /p/c/machine_specific/vps/filesystem/etc/bind
-sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
-user=$(id -un)
-sudo chown $user:$user *
+ # # persistent initial setup for this:
+ # # create files in /a/c/machine_specific/vps/filesystem/etc/bind
+ # # note, conflink also does some group ownership stuff.
+ mkc /p/c/machine_specific/vps/filesystem/etc/bind
+ sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
+ user=$(id -un)
+ sudo chown $user:$user *
-f=key.b8.nz
-cat >$f <<EOF
+ f=key.b8.nz
+ cat >$f <<EOF
key b8.nz. {
algorithm HMAC-SHA512;
secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
};
EOF
-chmod 640 [kK]*
+ chmod 640 [kK]*
+
+ # push here?
+ #myunison -ob li
+ #ssh li conflink
+ ssh li.b8.nz systemctl reload bind9
-# push here?
-#myunison -ob li
-#ssh li conflink
-ssh li systemctl reload bind9
+ # b8.nz has address 65.96.178.16
+ # b8.nz has IPv6 address 2601:197:600:6efb:82fa:5bff:fe1c:6ecf
+}
-# b8.nz has address 65.96.178.16
-# b8.nz has IPv6 address 2601:197:600:6efb:82fa:5bff:fe1c:6ecf
+# check if FD 0 (standard input) is a TTY.
+# simple way to see if this is a cronjob. not sure if its the best way.
+if test -t 0; then
+ main
+else
+ # this is to prevent systemd from filling up the journal
+ for (( runcount=0; runcount < 100; runcount++ )); do
+ main
+ sleep 30
+ done
+fi
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+if [[ $EUID != 0 ]]; then
+ s=sudo
+fi
if [[ ! -s /var/log/exim4/paniclog ]]; then
exit 0
fi
done < <(awk "/$regex/ "'{print $1,$2}' /var/log/exim4/paniclog)
if $found && $wipe; then
+ if [[ ! -w /var/log/exim4/paniclog-archive ]]; then
+ $s touch /var/log/exim4/paniclog-archive
+ $s chgrp adm /var/log/exim4/paniclog-archive
+ $s chmod 664 /var/log/exim4/paniclog-archive
+ fi
grep -E "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive
- sed -ri "/$regex/d" /var/log/exim4/paniclog
+ $s sed -ri "/$regex/d" /var/log/exim4/paniclog
fi
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
idle_limit=$((1000 * 60 * 45))
-idle_time=$(sudo -u '#1000' xprintidle 2>/dev/null) ||:
+idle_time=$(su -c xprintidle $(id -nu 1000) 2>/dev/null) ||:
if [[ $idle_time && $idle_limit -lt $idle_time ]]; then
btrbk run
fi
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+# todo: if we fail in the middle and rerun we can mistakenly
+# have reload=false.
+
# todo: auto restart of je on checkrestart
# todo: run mailping test after running, or otherwise
# sudo -u radicale radicale -D -f
# created password file with:
- # htpasswd -c /etc/davpass dav
+ # htpasswd -c /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd
+ # chmod 640 /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd
+ # # setup chgrp www-data in ./conflink
pi-nostart radicale
# comments say default is 0.0.0.0:5232
m setini hosts 10.8.0.4:5232 server
+ # https://radicale.org/2.1.html
+ m setini type http_x_remote_user auth
+
# disable power management feature, set to 240 min sync interval,
# so it shouldn't be bad.
sstart mailclean.timer
;;&
$MAIL_HOST)
- sstart radicale
+ # < 2.1 (eg: in t9), uses a different data format which required manual
+ # migration. dont start if we are running an old version.
+ if dpkg --compare-versions $(dpkg -s radicale | awk '$1 == "Version:" { print $2 }') ge 2.1; then
+ sstart radicale
+ fi
;;&
esac
etckeeper
evince
exim4-doc-html
+ exfat-fuse
+ exfat-utils
fakeroot
fail2ban
fdupes
fonts-thai-tlwg-otf
xfonts-intl-asian
fonts-sil-lateef
+ gajim
gawk-doc
# gcc suggests
make manpages-dev autoconf automake libtool flex bison
hplip
hunspell
i3lock
+ iotop
info
inotify-tools
ipcalc
iputils-tracepath
iperf3
iproute2-doc
+ irqbalance
jq
kid3-qt
kid3-cli
reportbug
rfkill
rng-tools
+ rygel
sakura
schroot
shellcheck
[DEFAULT]
from = rss2email@iankelling.org
+# exim delay_warning_condition, this prevents warnings
+bonus-header = 'Precedence: list'
DNSOverTLS=yes
EOF
+mkdir -p /etc/NetworkManager/conf.d
cat >/etc/NetworkManager/conf.d/dns.conf <<'EOF'
[main]
dns=none
iankelling.org / git / distro-setup / commitdiff