sudo mount /i
fi
;;
- frodo)
- sudo /a/exe/teeu /etc/fstab <<'EOF'
-/dev/mapper/crypt_dev_ata-ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1 /i btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvol=i 0 0
-EOF
- if ! mountpoint /i &>/dev/null; then
- sudo mkdir -p /i
- if [[ -d /mnt/i/i ]]; then
- sudo mount /i
- fi
- fi
- ;;
esac
if bitfolk; then
######### begin irc periodic backup #############
-if [[ $HOSTNAME == frodo ]]; then
+if [[ $HOSTNAME == kd ]]; then
sd /etc/systemd/system/ircbackup.service <<'EOF'
[Unit]
Description=irc li backup
[Service]
User=iank
Type=oneshot
-ExecStart=/usr/local/bin/sysd-mail-once irc-backup rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /k/irclogs
+ExecStart=/usr/local/bin/sysd-mail-once irc-backup rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /p/irc-backup
EOF
sd /etc/systemd/system/ircbackup.timer <<'EOF'
[Unit]
############# begin syncthing setup ###########
case $HOSTNAME in
- kd|frodo)
+ kd)
f=/usr/share/keyrings/syncthing-archive-keyring.gpg
if [[ ! -e $f ]]; then
s curl -s -o $f https://syncthing.net/release-key.gpg
p update
fi
pi syncthing
- ;;&
- frodo)
- m lnf -T /w/syncthing /home/iank/.config/syncthing
- ser daemon-reload # syncthing likely not properly packaged
- sgo syncthing@iank # runs as iank
- ;;
- kd)
# 1003 just happens to be what was on my system
if ! getent passwd ziva; then
####### begin transmission
case $HOSTNAME in
- frodo)
- tdir=/i/k
- ;;
kd)
tdir=/d/tor
;;
# limitations under the License.
-# no screensaver for htpc machine
-if [[ $HOSTNAME != frodo ]]; then
- /usr/share/xscreensaver/xscreensaver-wrapper.sh &
-fi
+# no screensaver for htpc machine. but we have no htpc machine atm
+
+# if [[ $HOSTNAME != htpc ]]; then
+# /usr/share/xscreensaver/xscreensaver-wrapper.sh &
+# fi
--- /dev/null
+[Unit]
+Description=OpenVPN tunnel for %I
+After=syslog.target network-online.target
+Wants=network-online.target
+Documentation=man:openvpn(8)
+Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+Requires=iptables.service
+
+[Service]
+Type=notify
+RuntimeDirectory=openvpn-client
+RuntimeDirectoryMode=0710
+WorkingDirectory=/etc/openvpn/client
+ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
+# todo, try reenabling this from the default openvpn,
+# it was disabled so we could do bind mounts as a command,
+# but now systemd handles it
+#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+LimitNPROC=10
+# DeviceAllow=/dev/null rw
+# DeviceAllow=/dev/net/tun rw
+
+# we use .1 to make this be on a different network than kd, so that we can
+# talk to transmission on kd from remote host, and still use this
+# vpn.
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.34 start %i
+ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
+# allow wireguard network to connect
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.34.1 dev veth1-client
+ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
+PrivateNetwork=true
+BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+ifconfig-push 10.5.5.34 255.255.255.0
iankelling.org / git / distro-setup / commitdiff