iankelling.org / git / distro-setup / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62dede3)
various improvements
authorIan Kelling <ian@iankelling.org>
Sat, 19 Feb 2022 04:10:25 +0000 (23:10 -0500)
committerIan Kelling <ian@iankelling.org>
Sat, 19 Feb 2022 04:10:25 +0000 (23:10 -0500)
.gitconfig patch | blob | history
a/setup.sh [new file with mode: 0755] patch | blob
a/site.yml patch | blob | history
brc patch | blob | history
brc2 patch | blob | history
epanic-clean patch | blob | history
mailtest-check patch | blob | history
system-status patch | blob | history

diff --git a/.gitconfig b/.gitconfig
index a5bc2effc82af985e56d492b57ec853d2c2d29e4..47ab26a3608cf12d1dc586dbc6e67cd5fa700569 100644 (file)
--- a/.gitconfig
+++ b/.gitconfig
@@ -12,6 +12,8 @@ s = status
 ci = commit
 lol = log --graph --pretty=oneline --abbrev-commit --all
 dt = difftool
+# https://stackoverflow.com/questions/17369254/is-there-a-way-to-cause-git-reflog-to-show-a-date-alongside-each-entry
+rl = reflog --format='%C(auto)%h %<|(17)%gd %C(blue)%ci%C(reset) %s'
 
 [core]
 excludesfile = ~/.gitignore_global
diff --git a/a/setup.sh b/a/setup.sh
new file mode 100755 (executable)
index 0000000..4d253b9
--- /dev/null
+++ b/a/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+source /a/bin/errhandle/err
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+# shellcheck source=/a/bin/ds/.bashrc
+export LC_USEBASHRC=t; if [[ -s ~/.bashrc ]]; then . ~/.bashrc; fi
+
+# dependency of node exporter, per README.md
+pi python3-passlib
+
+# after running ansible, run
+# conflink
+# ser restart prometheus
diff --git a/a/site.yml b/a/site.yml
index 12792fd62d0471ab3fe542c7dd18ef54f877fa94..b9a02761b7930cd9b0d4c1dff81a3751388019c9 100644 (file)
--- a/a/site.yml
+++ b/a/site.yml
@@ -1,5 +1,5 @@
 ---
-- hosts: kd.b8.nz
+- hosts: localhost
   roles:
     - role: prom
       tags: a
@@ -35,7 +35,7 @@
       #   key_file: /etc/node_exporter/privkey.pem
       node_exporter_web_listen_address: "127.0.1.1:9100"
       node_exporter_basic_auth_users:
-        prom: incarnadine.bloodied.maker
+        prom: "incarnadine.bloodied.maker"
 
     - role: alertmanager
       alertmanager_smtp:
diff --git a/brc b/brc
index c47fca957f6c178a767369f9ca3e8caa9595155d..a51d7db6c7b6dcf8788106758c1dc8890caf64b1 100644 (file)
--- a/brc
+++ b/brc
@@ -322,8 +322,9 @@ fpst() { # file paste
 }
 
 _khfix_common() {
-  local host ip port
+  local host ip port file key
   read -r host ip port < <(timeout -s 9 2 ssh -oBatchMode=yes -oControlMaster=no -oControlPath=/ -v $1 |& sed -rn "s/debug1: Connecting to ([^ ]+) \[([^\]*)] port ([0-9]+).*/\1 \2 \3/p" ||: )
+  file=$(readlink -f ~/.ssh/known_hosts)
   if [[ ! $ip ]]; then
     echo "khfix: ssh failed"
     return 1
@@ -335,11 +336,17 @@ _khfix_common() {
     ip_entry=$ip
     host_entry=$host
   fi
+  tmpfile=$(mktemp)
   if [[ $host != $ip ]]; then
-    m ssh-keygen -R "$host_entry" -f $(readlink -f ~/.ssh/known_hosts)
-    ll ~/.ssh/known_hosts
+    key=$(ssh-keygen -F "$host_entry" -f $file | sed -r 's/^.*([^ ]+ +[^ ]+) *$/\1/')
+    if [[ $key ]]; then
+      grep -Fv "$key" "$file" | sponge "$file"
+    fi
+  fi
+  key=$(ssh-keygen -F "$ip_entry" -f $file | sed -r 's/^.*([^ ]+ +[^ ]+) *$/\1/')
+  if [[ $key ]]; then
+    grep -Fv "$key" "$file" | sponge "$file"
   fi
-  m ssh-keygen -R "$ip_entry" -f $(readlink -f ~/.ssh/known_hosts)
   ll ~/.ssh/known_hosts
   rootsshsync
 }
diff --git a/brc2 b/brc2
index 9bc89d5158c499ff9892e08c26e1f193f5dcc690..bd959d82dc824b6e597a10df51f9906f2c8633ec 100644 (file)
--- a/brc2
+++ b/brc2
@@ -1079,14 +1079,19 @@ lom() {
   local l base
   if [[ $1 == /* ]]; then
     base=${1##*/}
-    if mountpoint /mnt/$base; then
+    if mountpoint -q /mnt/$base; then
       return 0
     fi
-    l=$(sudo losetup -f)
-    sudo losetup $l $1
-    if ! sudo cryptsetup luksOpen $l $base; then
-      sudo losetup -d $l
-      return 1
+    l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+    if [[ ! $l ]]; then
+      l=$(sudo losetup -f)
+      sudo losetup $l $1
+    fi
+    if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! sudo cryptsetup luksOpen $l $base; then
+        sudo losetup -d $l
+        return 1
+      fi
     fi
     sudo mkdir -p /mnt/$base
     sudo mount /dev/mapper/$base /mnt/$base
@@ -1096,9 +1101,18 @@ lom() {
     if mountpoint /mnt/$base &>/dev/null; then
       sudo umount /mnt/$base
     fi
-    l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
-    sudo cryptsetup luksClose /dev/mapper/$base || return 1
-    sudo losetup -d $l
+    if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+      if ! sudo cryptsetup luksClose /dev/mapper/$base; then
+        echo lom: failed cryptsetup luksClose /dev/mapper/$base
+        return 1
+      fi
+    fi
+    l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+    if [[ $l ]]; then
+      sudo losetup -d $l
+    else
+      echo lom: warning: no loopback device found
+    fi
   fi
 }
 
@@ -1558,11 +1572,11 @@ enn() {
 
 sdnbash() { # systemd namespace bash
   local unit=$1
-  m sudo nsenter -t $(systemctl status $unit | sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value $unit') -n -m sudo -u $USER -i bash
 }
 
 mailnnbash() {
-  m sudo nsenter -t $(systemctl status mailnn| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+  m sudo nsenter -t $(systemctl show --property MainPID --value mailnn') -n -m sudo -u $USER -i bash
 }
 
 mailvpnbash() {
@@ -1573,7 +1587,7 @@ eximbash() {
 }
 spamnn() {
   local spamdpid
-  spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  spamdpid=$(systemctl show --property MainPID --value spamassassin)
   m sudo nsenter -t $spamdpid -n -m sudo -u Debian-exim spamassassin "$@"
 }
 unboundbash() {
@@ -1581,9 +1595,18 @@ unboundbash() {
 }
 
 mailnncheck() {
-  local pid ns mailnn
-  for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
-    pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  local p pid ns mailnn
+  # mailvpn would belong on the list if using openvpn
+  for p in mailnn unbound dovecot spamassassin exim4 radicale; do
+    case $p in
+      exim4|radicale)
+        pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
+        ;;
+      *)
+        pid=$(s systemctl show --property MainPID --value $p)
+        ;;
+    esac
+    echo p=$p pid=$pid
     if [[ ! $pid ]]; then
       echo failed to find pid for $p
       continue
diff --git a/epanic-clean b/epanic-clean
index 354d88b935e10d8b555710b637269e2136e5a0a6..9886cb1228980d1bb1b997efaf82d5166187115f 100755 (executable)
--- a/epanic-clean
+++ b/epanic-clean
@@ -40,6 +40,10 @@ main() {
     sed -i "/$regex/d" $pl
   fi
 
+  # this is a strange message due to running as nonroot
+  # regex='exim user lost privilege for using -C option'
+  # sed -i "/$regex/d" $pl
+
   # seems to randomly be caused by
   # Starting exim4-base housekeeping, exim4-base.service
   regex="^[^ ]* 00:00:0.* Failed writing transport results to pipe: Broken pipe$"
diff --git a/mailtest-check b/mailtest-check
index 466908d30c55a92b32cac3b92f8f0bba1fb30f4a..3fdefffb1050afca706edf6622ee5e061dc33185 100755 (executable)
--- a/mailtest-check
+++ b/mailtest-check
@@ -69,7 +69,7 @@ case $HOSTNAME in
     folders=(/m/md/l/testignore)
     froms=(testignore@je.b8.nz testignore@expertpathologyreview.com testignore@amnimal.ninja ian@iankelling.org z@zroe.org iank@gnu.org)
     if ! $int; then
-      timeout 120 rsync -e "ssh -oIdentitiesOnly=yes -F /dev/null -i /root/.ssh/jtuttle" -t --inplace -r 'jtuttle@fencepost.gnu.org:/home/j/jtuttle/Maildir/new/' /m/md/l/testignore/new
+      timeout 120 rsync --chown iank:iank -e "ssh -oIdentitiesOnly=yes -F /dev/null -i /root/.ssh/jtuttle" -t --inplace -r 'jtuttle@fencepost.gnu.org:/home/j/jtuttle/Maildir/new/' /m/md/l/testignore/new
     fi
     ;;
 esac
diff --git a/system-status b/system-status
index 8e24d8fbadec4d40bbf7e1b1def062ff6dea9621..051de623df85e046d22a01f7d810b2e597f42578 100644 (file)
--- a/system-status
+++ b/system-status
@@ -200,6 +200,7 @@ write-status() {
     done
   fi
 
+#  if [[ $(grep -v "exim user lost privilege for using -C option" /var/log/exim4/paniclog 2>/dev/null ||:) ]]; then
   if [[ -s /var/log/exim4/paniclog ]]; then
     chars+=("PANIC!")
     # leave it up to epanic-clean to send email notification
~16k lines of my .bashrc + lots of my configs