From: Ian Kelling Date: Fri, 3 Jul 2020 21:28:54 +0000 (-0400) Subject: ton of updates X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=08100f5cf2b310f3362741fb2343e4848ec56ce6;p=distro-setup ton of updates --- diff --git a/.inputrc b/.inputrc index fba266e..7518b31 100644 --- a/.inputrc +++ b/.inputrc @@ -56,7 +56,8 @@ set mark-symlinked-directories on "\e,": yank-nth-arg "\C-f": menu-complete -"\C-b": menu-complete-backward +# might be nice to bind this to tomsething, but not sure what: menu-complete-backward +"\C-b": copy-region-as-kill # arrow keys. for other terminals, see http://unix.stackexchange.com/questions/10806/how-to-change-previous-next-word-shortcut-in-bash # this can be conditioned based on the term, see the term keyword in diff --git a/brc b/brc index b881920..c815ffd 100644 --- a/brc +++ b/brc @@ -121,6 +121,11 @@ fi export INFOPATH=$PATH:/usr/local/info:/usr/info:/usr/local/lib/info:/usr/lib/info:/usr/local/gnu/info:/usr/local/gnu/lib/info:/usr/gnu/info:/usr/gnu/lib/info:/opt/gnu/info:/usr/share/info:/usr/share/lib/info:/usr/local/share/info:/usr/local/share/lib/info:/usr/gnu/lib/emacs/info:/usr/local/gnu/lib/emacs/info:/usr/local/lib/emacs/info:/usr/local/emacs/info:.: +# for openwrt system that has no stty, this is easier than +# guarding every time i use it. +if ! type -p stty >/dev/null; then + stty() { :; } +fi if [[ $- == *i* ]]; then # for readline-complete.el if [[ $RLC_INSIDE_EMACS ]]; then @@ -171,9 +176,10 @@ export PROFILE_TASKS_TASK_OUTPUT_LIMIT=100 # i for insensitive. the rest from # X means dont remove the current screenworth of output upon exit # R means to show colors n things -export LESS=RXi +export LESS=RXij12 export SYSTEMD_LESS=$LESS +export NNN_COLORS=2136 # * include files @@ -305,7 +311,7 @@ cf() { } caf() { # shellcheck disable=SC2033 - find -L $1 -type f -not \( -name .svn -prune -o -name .git -prune \ + find -L "$@" -type f -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ -o -name .undo-tree-history -prune \) \ -exec bash -c '. ~/.bashrc; hr; echo "$1"; hr; cat "$1"' _ {} \; 2>/dev/null @@ -329,6 +335,16 @@ ccat () { # config cat. see a config without extra lines. grep '^\s*[^;[:space:]#]' "$@" || [[ $? == 1 ]] } +chrbind() { + local d + for d in dev proc sys; do + [[ -d $d ]] + if ! mountpoint $d &>/dev/null; then + mount -o bind /$d $d + fi + done +} + _cdiff-prep() { # join options which are continued to multiples lines onto one line @@ -494,7 +510,7 @@ ediff() { # mail related etail() { - tail -F /var/log/exim4/mainlog -n 200 + tail -F /var/log/exim4/mainlog -n 200 "$@" } eless() { less /var/log/exim4/mainlog @@ -651,8 +667,7 @@ rg() { } hr() { # horizontal row. used to break up output - - printf "$(tput setaf 5)█$(tput sgr0)%.0s" $(eval echo "{1..${COLUMNS:-60}}") + printf "$(tput setaf 5 2>/dev/null ||:)█$(tput sgr0 2>/dev/null||:)%.0s" $(eval echo "{1..${COLUMNS:-60}}") echo } @@ -783,7 +798,7 @@ lower() { # make first letter of filenames lowercase. k() { # history search - grep -P --binary-files=text "$@" ${HISTFILE:-~/.bash_history} | tail -n 80 || [[ $? == 1 ]]; + grep -iP --binary-files=text "$@" ${HISTFILE:-~/.bash_history} | tail -n 80 || [[ $? == 1 ]]; } ks() { # history search @@ -814,6 +829,14 @@ mkt() { # mkdir and touch file # shellcheck disable=SC2032 mkdir() { command mkdir -p "$@"; } +nags() { + # https://github.com/HenriWahl/Nagstamon/issues/357 + if ! pgrep -f /usr/lib/notification-daemon/notification-daemon >/dev/null; then + /usr/lib/notification-daemon/notification-daemon & + fi + /usr/bin/nagstamon & +} + nopanic() { # shellcheck disable=SC2024 sudo tee -a /var/log/exim4/paniclog-archive /dev/null & @@ -996,6 +1004,9 @@ sb() { # sudo bash -c } complete -F _root_command s sb +sd() { + sudo dd of="$1" 2>/dev/null +} ser() { local s; [[ $EUID != 0 ]] && s=sudo @@ -1204,7 +1215,7 @@ uptime() { if type -p uprecords &>/dev/null; then uprecords -B else - uptime + command uptime fi } @@ -1233,6 +1244,17 @@ vmunshare() { vm-set-listen $1 127.0.0.1 } +myiwscan() { + # find input, copy to pattern space, when we find the first field, print the copy in different order without newlines. + # instead of using labels, we could just match a line and group, eg: /signal:/,{s/signal:(.*)/\1/h} + sudo iw dev wls1 scan | sed -rn " +s/^\Wcapability: (.*)/\1/;Ta;h;b +:a;s/^\Wsignal: -([^.]+).*/\1/;Tb;H;b +# padded to min width of 20 +:b;s/\WSSID: (.*)/\1 /;T;s/^(.{20}(.*[^ ])?) */\1/;H;g;s/(.*)\n(.*)\n(.*)/\2 \3 \1/gp;b +"|sort -r +} + # * misc stuff diff --git a/brc2 b/brc2 index eb8c06f..472718e 100644 --- a/brc2 +++ b/brc2 @@ -39,11 +39,37 @@ source /a/bin/log-quiet/logq-function # * functions +# clock back in to timetrack from last entry +tback() { + sqlite3 /p/.timetrap.db "update entries set end = NULL where id = (select max(id) from entries);" +} # todo, update this complete -F _longopt la lower low rlt rld rl lld ts ll dircp ex fcp fct fpst gr +abrowserrmcompat() { + local f + ngset + f=(/p/c/firefox*/compatibility.ini) + if (( ${#f[@]} )); then + rm ${f[@]} + fi + ngreset +} +ngset() { + if shopt nullglob >/dev/null; then + ngreset=false + else + shopt -s nullglob + ngreset=true + fi +} +ngreset() { + if $ngreset; then + shopt -u nullglob + fi +} anki() { if which anki &>/dev/null; then @@ -54,17 +80,17 @@ anki() { } acat() { - shopt -s nullglob - hrcat /m/md/alerts/new/* /m/md/alerts/cur/* - shopt -u nullglob + ngset + hrcat /m/md/alerts/new/* + ngreset + hr; echo bk; hr + ssh bk.b8.nz "shopt -s nullglob; hrcat /m/md/INBOX/new/* /m/md/INBOX/cur/*" } aclear() { - shopt -s nullglob - files=(/m/md/alerts/new/* /m/md/alerts/cur/*) - if (( ${#files[@]} )); then - rm -f ${files[@]} - fi - shopt -u nullglob + ngset + rm -f /m/md/alerts/new/* + ngreset + ssh bk.b8.nz "shopt -s nullglob; rm -f /m/md/INBOX/new/* /m/md/INBOX/cur/*" system-status _ } @@ -75,7 +101,7 @@ ap() { popd >/dev/null } aw() { - pushd /a/work/ansible-configs >/dev/null + pushd /a/work/ans >/dev/null time ansible-playbook -v -i inventory adhoc.yml "$@" popd >/dev/null } @@ -92,21 +118,33 @@ astudio() { /a/opt/android-studio/bin/studio.sh "$@" &r; } +# note, to check for glue records +# First, find some the .org nameservers: +# dig +trace iankelling.org +# then, query one: +# dig ns1.iankelling.org @b0.org.afilias-nst.org. + +# Now, compare for a domain that does have glue records setup (note the A +# and AAAA records in ADDITIONAL SECTION, those are glue records like the +# one I'm asking for): + +# $ dig ns1.gnu.org @b0.org.afilias-nst.org. + bindpush() { lipush || return 1 - for h in li l2; do + for h in li; do sl $h <<'EOF' || return 1 set -e +source ~/.bashrc conflink f=/var/lib/bind/db.b8.nz ser stop bind9 sudo rm -fv $f.jnl -sudo install -m 644 -o bind -g bind /p/c/machine_specific/linode/bind-initial/db.b8.nz $f +sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f ser restart bind9 EOF done } - bbk() { # btrbk wrapper c / @@ -187,10 +225,10 @@ lipush() { # note, i had --delete-excluded, but that deletes all files in --exclude-from on # the remote site, which doesn't make sense, so not sure why i had it. local p a - p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/linode{,.hosts} /a/opt/{emacs-debianstable,mu}) + p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /a/opt/{emacs-debianstable,mu}) a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 - m rsync "$@" $a ${p[@]} /p/c/machine_specific/l2 root@l2.b8.nz:/ || ret=$? + m rsync "$@" $a ${p[@]} /p/c/machine_specific/bk root@bk.b8.nz:/ || ret=$? m rsync "$@" $a ${p[@]} /p/c/machine_specific/li root@li.b8.nz:/ || ret=$? m rsync "$@" -ahviSAXPH root@iankelling.org:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$? return $ret @@ -200,6 +238,7 @@ lipushnoe() { # noe = noemacs. for running faster. --exclude-from=/p/c/li-rsync-excludes /a/bin /a/exe /a/h /a/c /p/c/machine_specific/li root@li:/ } + #### begin bitcoin related things btc() { local f=/etc/bitcoin/bitcoin.conf @@ -590,6 +629,34 @@ hstatus() { done } +# work log +wlog() { + local day now i + now=$(date +%s) + for (( i=0; i<30; i++ )); do + day=$( date +%F -d @$((now - 86400*i )) ) + date "+%a %b %d" -d @$((now - 86400*i )) | tr '\n' ' ' + /a/opt/timetrap/bin/t d -ftotal -s $day -e $day all -m '^w|lunch$' + done +} +to() { t out -a "$@"; } +ti() { t in -a "$@"; } +tl() { + to "$*" + t s lunch + t in -a "$*" + m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/\./ /')" +%s) + 60*45 )) ) + t s w +} +tlo() { + t s lunch + t in -a "$*" + m t out -a $(date +%F.%T -d @$(( $(date -d "$(echo $*|sed 's/\./ /')" +%s) + 60*45 )) ) + t s w +} + +arbttlog() { arbtt-dump "$@" | grep -v '( )\|Current Desktop' | less; } + idea() { /a/opt/idea-IC-163.7743.44/bin/idea.sh "$@" &r } @@ -597,7 +664,7 @@ idea() { ilog() { chan=${1:-#fsfsys} # use * instead of -r since that does sorted order - ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/$chan && hr && for x in *; do echo \$x; cat \$x; hr; done" | less +G + ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/$chan && hr && for x in *; do echo \$x; sed \"s/^./\${x%log}/\" \$x; hr; done" | less +G } o() { @@ -655,6 +722,22 @@ lom() { fi } +# mu personality. for origina, just run mp. for 2, run mp 2. +# this is partly duplicated in mail-setup +mp() { + killall mu ||: + suf=$1 + set -- /m/mucache ~/.cache/mu /m/.mu ~/.mu + while (($#)); do + target=$1$suf + f=$2 + shift 2 + if [[ -e $f && ! -L $f ]]; then + rm -rf $f + fi + m ln -sf -T $target $f + done +} mbenable() { local mb=$1 @@ -666,6 +749,21 @@ mbenable() { m /a/exe/lnf /m/.mu ~ mu index --maildir=/m/4e } +mb2enable() { + local mb + for mb; do + dst=/m/4e2/$mb + link=/m/md/$mb + src=/m/md/$mb + if [[ ! -e $src || -L $src ]]; then + src=/m/4e/$mb + fi + [[ -e $src ]] || { echo "src:$src does not exist"; return 1; } + m mv -T $src $dst + m ln -sf -T $dst $link + done + #mu index --maildir=/m/4e +} mbdisable() { local mb=$1 dst=/m/md/$mb @@ -688,7 +786,8 @@ mo() { xset dpms force off; } # monitor off myirc() { chan=${1:-fsf-office} # use * instead of -r since that does sorted order - ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/#$chan; grep '\/dev/null || [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then # this will fail is dnsmasq is failed hr; m ser status dnsmasq | cat || : - f=/var/run/dnsmasq/resolv.conf + f=/etc/dnsmasq.conf hr; echo $f:; ccat $f hr; m grr '^ *(servers-file|server) *=|^ *no-resolv *$' /etc/dnsmasq.conf /etc/dnsmasq.d f=/etc/dnsmasq-servers.conf @@ -818,10 +917,10 @@ rcat() { reresolv() { sudo nscd -i hosts if [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then - sudo systemctl restart dnsmasq + m sudo systemctl restart dnsmasq fi if [[ $(systemctl is-active systemd-resolved ||:) != inactive ]]; then - sudo systemctl restart systemd-resolved + m sudo systemctl restart systemd-resolved fi } @@ -947,7 +1046,7 @@ sl() { # inspired from https://github.com/Russell91/sshrc - local now args remote dorsync haveinfo tmpa sshinfo tmp tmp2 type info_sec + local now args remote dorsync haveinfo tmpa sshinfo tmp tmp2 type info_sec force_rsync declare -a args tmpa now=$(date +%s) @@ -957,12 +1056,26 @@ sl() { # [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname # [command] + # ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] + # [-D [bind_address:]port] [-E log_file] [-e escape_char] + # [-F configfile] [-I pkcs11] [-i identity_file] + # [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] + # [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] + # [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] + + force_rsync=false + if [[ $1 == --rsync ]]; then + force_rsync=true + shift + fi + while [[ $1 ]]; do case "$1" in - -[1246AaCfGgKkMNnqsTtVvXxYy]) + # note we dont support things like -4oOption + -[46AaCfGgKkMNnqsTtVvXxYy]*) args+=("$1"); shift ;; - -[bcDEeFIiLlmOopQRSWw]*) + -[bcDEeFIiJLlmOopQRSWw]*) # -oOption etc is valid if (( ${#1} >= 3 )); then args+=("$1"); shift @@ -985,7 +1098,11 @@ sl() { tmpa=(/p/sshinfo/???????????"$remote") sshinfo=${tmpa[0]} if [[ -e $sshinfo ]]; then - haveinfo=true + if $force_rsync; then + rm -f $sshinfo + else + haveinfo=true + fi fi if $haveinfo; then tmp=${sshinfo[0]##*/} @@ -1045,6 +1162,9 @@ sl() { fi fi } +slr() { + sl --rsync "$@" +} sss() { # ssh solo sl -oControlMaster=no -oControlPath=/ "$@" } diff --git a/btrbk-run b/btrbk-run index 16dbcaf..a83e21d 100644 --- a/btrbk-run +++ b/btrbk-run @@ -38,11 +38,6 @@ EOF exit $1 } -rsync-dirs() { - local host=$1 - local path=$2 - m rsync $dry_run_arg -ahi --relative --delete "$path" "root@$host:/" -} pre="${0##*/}: " @@ -175,23 +170,13 @@ if [[ ! -v targets && ! $source ]]; then targets=($home x3) ;; x2|x3) - targets=($home kw) - ;; - tp) - # kd disabled temporarily while its hot and i plan to work on it. - #targets=(frodo kd) - targets=(frodo x2.b8.nz) - #targets=(frodo) - # might not be connected to the vpn - if timeout -s 9 6 ssh kw :; then - targets+=(kw) - fi + targets=($home kw.office.fsf.org) ;; kd) - targets=(frodo tp) + targets=(frodo x2.b8.nz) # might not be connected to the vpn - if timeout -s 9 6 ssh kw :; then - targets+=(kw) + if timeout -s 9 6 ssh kw.office.fsf.org :; then + targets+=(kw.office.fsf.org) fi ;; frodo) @@ -220,30 +205,34 @@ if [[ ${mountpoints[0]} ]]; then done else # set default mountpoints - case $HOSTNAME in - frodo) - prospective_mps=(/i) - ;; - *) - prospective_mps=(/a /q) - if [[ $source ]]; then - source_state="$(ssh $source cat /a/bin/bash_unpublished/source-state)" - eval "$source_state" - source_host="$(ssh $source cat /etc/hostname)" - if [[ $source_host == "$MAIL_HOST" ]]; then - prospective_mps+=(/o) - fi - else - if [[ $HOSTNAME == "$MAIL_HOST" ]]; then - if [[ $HOST2 && $HOST2 != "$HOSTNAME" ]]; then - echo "skipping /o because HOST2 is not us" - else + if [[ ${targets[0]} == tp ]]; then + prospective_mps=(/a) + else + case $HOSTNAME in + frodo) + prospective_mps=(/i) + ;; + *) + prospective_mps=(/a /q) + if [[ $source ]]; then + source_state="$(ssh $source cat /a/bin/bash_unpublished/source-state)" + eval "$source_state" + source_host="$(ssh $source cat /etc/hostname)" + if [[ $source_host == "$MAIL_HOST" ]]; then prospective_mps+=(/o) fi + else + if [[ $HOSTNAME == "$MAIL_HOST" ]]; then + if [[ $HOST2 && $HOST2 != "$HOSTNAME" ]]; then + echo "skipping /o because HOST2 is not us" + else + prospective_mps+=(/o) + fi + fi fi - fi - ;; - esac + ;; + esac + fi for mp in ${prospective_mps[@]}; do # default mountpoints to sync if [[ -e /nocow/btrfs-stale/$mp ]]; then e "warning: $mp stale, not adding to default mountpoints" @@ -287,8 +276,6 @@ if ! $pull_reexec && [[ $source ]] && $pulla ; then fi - - if ! which btrbk &>/dev/null; then die "error: no btrbk binary found" fi @@ -394,7 +381,7 @@ fi vol=/mnt/root for m in ${mountpoints[@]}; do - sub=${m##*/} + sub=${m#/} if [[ $source ]]; then cat >>/etc/btrbk.conf </dev/null; then for tg in ${targets[@]}; do case $tg in - li|lk) + tp) + dirs=(/p/c/machine_specific/tp) for x in /p/c/machine_specific/*.hosts; do if grep -qxF $tg $x; then - dir=${x%.hosts} - rsync-dirs $tg $dir + dirs+=(${x%.hosts}) fi done + m rsync -aSAXPH --specials --devices --delete --relative ${dirs[@]} root@$tg:/ ;; esac done diff --git a/check-remote-mailqs b/check-remote-mailqs index 5277809..f7d00c0 100755 --- a/check-remote-mailqs +++ b/check-remote-mailqs @@ -10,7 +10,7 @@ shopt -s nullglob shopt -s dotglob -for h in tp.b8.nz vpn1 x2 x3.b8.nz frodo.b8.nz kd.b8.nz kw iankelling.org l2.b8.nz; do +for h in tp.b8.nz vpn1 x2 x3.b8.nz frodo.b8.nz kd.b8.nz kw iankelling.org bk.b8.nz; do if [[ $HOSTNAME == "${h%%.*}" ]]; then continue fi diff --git a/check-stale-alerts b/check-stale-alerts new file mode 100755 index 0000000..1bb73e5 --- /dev/null +++ b/check-stale-alerts @@ -0,0 +1,11 @@ +#!/bin/bash +if [[ ! -e /dev/shm/iank-status ]]; then + exit 0 +fi +eval $(< /dev/shm/iank-status) + +if [[ $HOSTNAME != "$MAIL_HOST" ]]; then + exit 0 +fi +find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -mtime +4 +ssh bk.b8.nz find /m/md/INBOX/new /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -mtime +1 diff --git a/distro-begin b/distro-begin index 4a071e4..619cc25 100755 --- a/distro-begin +++ b/distro-begin @@ -97,19 +97,19 @@ source $script_dir/pkgs set +x source /a/bin/distro-functions/src/identify-distros $interactive || set -x -for f in kd x2 x3 frodo tp li l2 demohost kw; do +for f in kd x2 x3 frodo tp li bk demohost kw; do eval "$f() { [[ $HOSTNAME == $f ]]; }" done codename=$(debian-codename) has_wayland() { has_monitor && [[ $codename == buster ]]; } has_x() { has_monitor && [[ $codename != buster ]]; } -has_monitor() { ! linode ; } -linode() { l2 || li; } +has_monitor() { ! vps ; } +vps() { bk || li; } # linode actually has btrfs now, but we dont do anything with it. -has_btrfs() { ! linode; } -home_network() { ! linode && ! kw; } -has_p() { ! linode; } -encrypted() { true; } +has_btrfs() { ! vps; } +home_network() { ! vps && ! tp; } +has_p() { ! vps && ! tp; } +encrypted() { ! bk; } shopt -s extglob export GLOBIGNORE="*/.:*/.." umask 022 @@ -250,8 +250,8 @@ EOF done ###### do conflink -# linode needs bind group before conflink -if linode; then +# vps needs bind group before conflink +if vps; then pi-nostart bind9 fi # this needs to be before installing pacserve so we have gpg conf. @@ -365,10 +365,15 @@ esac # convenient to just do all file linking in one place sudo /a/exe/lnf -T /a/bin /b sudo /a/exe/lnf -T /a/f /f +sudo /a/exe/lnf -T /var/log/exim4 /el +sudo /a/exe/lnf -T /a/f/ans /c sudo /a/exe/lnf -T /nocow/t /t if has_p; then lnf -T /p/News ~/News fi +dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history) +sudo mkdir -p ${dirs[@]} +sudo chmod 600 ${dirs[@]} sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \ /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root /a/bin/ds/install-my-scripts # needed for rootsshsync cronjob @@ -377,7 +382,6 @@ sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root - #### arch specific early packages case $(distro-name) in arch) @@ -423,14 +427,12 @@ EOF frodo:/k /kr nfs noauto 0 0 EOF fi - sudo mkdir -p /q /i/{w,k} + sudo mkdir -p /i/{w,k} for dir in /{i,w,k}; do if mountpoint $dir; then continue; fi # already mounted sudo mkdir -p $dir sudo chown $USER:$USER $dir done - # not needed for all hosts, but rather just keep it uniform - sudo mkdir -p /mnt/iroot # debian auto mounting of multi-disk encrypted btrfs is busted. It is # in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab, # based on 3 of those, it creates .device units for /dev/mapper/dev... @@ -443,7 +445,7 @@ EOF [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -for dir in /i /mnt/iroot /k /kr /w; do +for dir in /i /k /kr /w; do if ! mountpoint $dir &>/dev/null && \ awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then @@ -569,6 +571,7 @@ EOF sudo mkdir -p /etc/lightdm/lightdm.conf.d sudo dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF' [SeatDefaults] +display-setup-script=/a/bin/ds/lightdm-start session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh EOF diff --git a/distro-end b/distro-end index 20ca7dc..cc593e2 100755 --- a/distro-end +++ b/distro-end @@ -46,9 +46,6 @@ sudo() { printf "$pre %s\n" "$*" SUDOD="$PWD" command sudo "$@"; } -sd() { - sudo dd of="$1" 2>/dev/null -} m() { printf "$pre %s\n" "$*"; "$@"; } e() { printf "$pre %s\n" "$*"; } err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; } @@ -72,7 +69,7 @@ sudo debconf-set-selections <$t </dev/null; then + sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing' + m systemctl --user stop gvfs-daemon + m systemctl --user disable gvfs-daemon + fi ;; esac @@ -746,11 +756,11 @@ sudo rm -fv /etc/apt/sources.list.d/iridium-browser.list # fi ### end vpn server setup - ##### rss2email -# note, see bashrc for more documentation. -pi rss2email -sd /etc/systemd/system/rss2email.service <<'EOF' +if mountpoint /p &>/dev/null; then + # note, see bashrc for more documentation. + pi rss2email + sd /etc/systemd/system/rss2email.service <<'EOF' [Unit] Description=rss2email After=multi-user.target @@ -763,7 +773,7 @@ Type=oneshot # we pass options to use different location. ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run EOF -sd /etc/systemd/system/rss2email.timer <<'EOF' + sd /etc/systemd/system/rss2email.timer <<'EOF' [Unit] Description=rss2email @@ -776,35 +786,8 @@ OnUnitInactiveSec=300 [Install] WantedBy=timers.target EOF -sudo systemctl daemon-reload - - -######### begin pump.io periodic backup ############# -if [[ $HOSTNAME == frodo ]]; then - sd /etc/systemd/system/pumpbackup.service <<'EOF' -[Unit] -Description=pump li backup -After=multi-user.target - -[Service] -User=iank -Type=oneshot -ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup -EOF - sd /etc/systemd/system/pumpbackup.timer <<'EOF' -[Unit] -Description=pump li backup hourly - -[Timer] -OnCalendar=hourly - -[Install] -WantedBy=timers.target -EOF - ser daemon-reload - sgo pumpbackup.timer + sudo systemctl daemon-reload fi -######### end pump.io periodic backup ############# ######### begin irc periodic backup ############# @@ -841,11 +824,15 @@ pi-nostart openvpn # pi-nostart does not disable ser disable openvpn + if [[ -e /p/c/gen-fsf-vpn ]]; then /p/c/gen-fsf-vpn fi -m /a/bin/distro-setup/radicale-setup +if mountpoint /o &>/dev/null; then + m /a/bin/distro-setup/radicale-setup +fi + ############# begin syncthing setup ########### @@ -923,17 +910,15 @@ fi ####### begin misc packages ########### -sudo debconf-set-selections </dev/null; then + case $codename in + etiona) + pi arbtt + seru enable arbtt + seru start arbtt + ;; + esac +fi m primary-setup @@ -967,26 +953,30 @@ fi ### begin spd install -pi libswitch-perl libdigest-md5-file-perl libgnupg-interface-perl -t=$(mktemp) -m wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb -sudo dpkg -i $t -m rm $t -# this guesses at the appropriate directory, adjust if needed -perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*) -m sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]} -# newer distro had gpg2 as default, older one, flidas, need to make it that way -gpgpath=$(which gpg2) -if [[ $x ]]; then - sudo mkdir -p /usr/local/spdhackfix - s lnf -T $gpgpath /usr/local/spdhackfix/gpg +if mountpoint /p &>/dev/null; then + pi libswitch-perl libdigest-md5-file-perl libgnupg-interface-perl + t=$(mktemp) + m wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb + sudo dpkg -i $t + m rm $t + # this guesses at the appropriate directory, adjust if needed + perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*) + m sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]} + # newer distro had gpg2 as default, older one, flidas, need to make it that way + gpgpath=$(which gpg2) + if [[ $x ]]; then + sudo mkdir -p /usr/local/spdhackfix + s lnf -T $gpgpath /usr/local/spdhackfix/gpg + fi fi ### end spd install # nagstamon setting which were set through the ui +# monitor url https://klaxon.fsf.org/cgi-bin +# monitor url cgi https://klaxon.fsf.org/cgi-bin # in filters tab: -# all unknown sources +# all unknown services # all warning services # acknowledged hosts & services # hosts & services down for maintenence @@ -1099,8 +1089,7 @@ sgo schrootupdate.timer # for my roommate case $distro in trisquel) - # cant do buster due to old gpg - m mkschroot debian stretch firefox-esr pulseaudio chromium + m mkschroot debian buster firefox-esr pulseaudio chromium ;; debian) pi chromium @@ -1419,7 +1408,7 @@ pi smartmontools sched="-s (S/../.././02|L/../../6/03)" sudo sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\ DEVICESCAN -a -o on -S on -n standby,q $sched \ --m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf +-m root@mail.iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf # in the default configuration of at least ubuntu 14.04, resolvconf is # configured to order any nameservers associated with tun* or tap* @@ -1437,11 +1426,29 @@ DEVICESCAN -a -o on -S on -n standby,q $sched \ ########### misc stuff -if ! type -p t &>/dev/null; then - pi ruby-dev libsqlite3-dev - gem install --user timetrap + +if [[ ! -e ~/.local/bin/pip ]]; then + tmp=$(mktemp) + wget -O$tmp https://bootstrap.pypa.io/get-pip.py + python3 $tmp --user + hash -r fi + +### begin timetrap setup +if mountpoint /p &>/dev/null; then + mkdir -p ~/.timetrap/ + ln -sf /a/opt/timetrap_formatters ~/.timetrap/formatters + if ! type -p t &>/dev/null; then + pi ruby-dev libsqlite3-dev + gem install --user timetrap + fi +fi +### end timetrap setup + +# leftover cleanup for t9 +pu resolvconf + case $codename in # needed for debootstrap scripts for fai since fai requires debian flidas) @@ -1490,7 +1497,7 @@ pi desktop-file-utils m /a/bin/distro-setup/mymimes -sgo dynamicipupdate +sgo dynamicipupdate.timer # stop autopoping windows when i plug in an android phone. @@ -1561,7 +1568,28 @@ m /a/bin/buildscripts/tor-browser # nfs server pi-nostart nfs-kernel-server - +# wireguard +if [[ ! -e /etc/apt/sources.list.d/wireguard-ubuntu-wireguard-bionic.list ]]; then + sudo add-apt-repository -y ppa:wireguard/wireguard + sudo apt-get update + pi wireguard +fi +if [[ $HOSTNAME == tp ]]; then + sd /etc/wireguard/wg0.conf </dev/null | grep -qFx '[10.0.0.1]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn'; then - # we are on home network - cur4="$(host -4 b8.nz iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')" + + +read -r _ _ gateway _ < <(ip -4 route get $(dig +short iankelling.org | tail -1)) + +case $gateway in + 10.2.0.1) + dynhost=b8.nz + ;; + 10.0.0.1) + dynhost=t.b8.nz + ;; + *) + exit 0 + ;; +esac + +if timeout -s 9 5 ssh-keyscan -p 2220 -t rsa $gateway 2>/dev/null | grep -qFx "[$gateway]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn"; then + # we are on a home network + cur4="$(dig +short $dynhost @iankelling.org | tail -1)" if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then - up4=true + up4=true # update ipv4 fi fi fi @@ -52,18 +68,16 @@ EOF if $up4; then cat >>$f <>$f <>$f <&2' ERR +if [[ ! -e /dev/shm/iank-status ]]; then + exit 0 +fi +eval $(< /dev/shm/iank-status) + +if [[ $HOSTNAME != "$MAIL_HOST" || $HOST2 && $HOST2 != "$HOSTNAME" ]]; then + exit 0 +fi + lock_file=/tmp/check-lets-encrypt-ssl-settings if [[ -e $lock_file ]]; then - exit 0 + exit 0 fi d=/a/opt/certbot gitget https://github.com/certbot/certbot.git $d &>/tmp/${0##*/}.log cd $d -f=certbot-apache/certbot_apache/options-ssl-apache.conf -out=$(git log -p --since 2016-08-14 $f) +f=certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf +out=$(git log -p --since 2020-04-06 $f) if [[ $out ]]; then - cat <$_sysenv + grep -o '^[^=]*' $_sysenv | sort > $_sysenvnames + env -0 | grep -zo '^[^=]*' | xargs -0 printf "%s\n" | sort | \ + comm --nocheck-order -13 - $_sysenvnames >$_unsetnames + while read -r unsetname; do + while read -r sysenv; do + case "$sysenv" in + "$unsetname"*) eval export "$sysenv" ;; + esac + done < $_sysenv + done < $_unsetnames + rm -f $_tmpf +fi +# and it seems that if we log into mate, it screws up the systemd env var anyways. +_tmp=$(pgrep -a '^ssh-agent$' | sed -r 's/.*-a *([^ ]+).*/\1/') +if test "_$tmp" && [ "$_tmp" != "$SSH_AUTH_SOCK" ]; then + export SSH_AUTH_SOCK="$_tmp" +fi # background: diff --git a/filesystem/usr/share/X11/xorg.conf.d/10-slimblade.conf b/filesystem/usr/share/X11/xorg.conf.d/10-slimblade.conf new file mode 100644 index 0000000..519bd64 --- /dev/null +++ b/filesystem/usr/share/X11/xorg.conf.d/10-slimblade.conf @@ -0,0 +1,10 @@ +Section "InputClass" + Identifier "Kensington Kensington Slimblade Trackball" + MatchProduct "Kensington Kensington Slimblade Trackball" + MatchIsPointer "on" + MatchDevicePath "/dev/input/event*" + Driver "libinput" + Option "ButtonMapping" "1 8 3 4 5 6 7 2 9" + Option "ScrollButton" "8" + Option "ScrollMethod" "button" +EndSection diff --git a/fsf-vpn-dns-cleanup b/fsf-vpn-dns-cleanup index d9e755c..55d3074 100755 --- a/fsf-vpn-dns-cleanup +++ b/fsf-vpn-dns-cleanup @@ -4,7 +4,7 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR if ! echo | /a/exe/cedit fsf /etc/dnsmasq-servers.conf; then - if systemctl is-active dnsmasq >/dev/null; then + if systemctl is-active dnsmasq | grep -xF active &>/dev/null; then nscd -i hosts systemctl restart dnsmasq fi diff --git a/i3-sway/common.conf b/i3-sway/common.conf index f5f7d21..e44baf5 100644 --- a/i3-sway/common.conf +++ b/i3-sway/common.conf @@ -1,6 +1,9 @@ ####### DO NOT EDIT LIVE CONFIG. generated from /a/bin/distro-setup/i3-sway/gen ####### - +# https://i3wm.org/docs/userguide.html#keybindings +#To get the current mapping of your keys, use xmodmap -pke. To +#interactively enter a key and see what keysym it is configured to, use +#xev. set $mod Mod4 bindsym $mod+2 exec "pavucontrol" @@ -9,7 +12,9 @@ bindsym $mod+4 exec "x-www-browser -no-remote -P firefox-main-profile" bindsym $mod+5 exec "/a/bin/redshift.sh" bindsym $mod+equal exec "t s w; t in" bindsym $mod+Home exec "t out" -bindsym $mod+End exec "t s x; t in x" +#bindsym $mod+End exec "t s x; t in" +bindsym $mod+grave exec "t s lunch; t in; t out -a '45 minutes from now'" + bindsym $mod+w focus parent bindsym $mod+e fullscreen toggle @@ -78,3 +83,8 @@ font pango:monospace 8 #hide_edge_borders smart #exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd + +# Start clipster daemon +exec --no-startup-id /a/opt/clipster/clipster -d +# shortcut to selection widget (primary) +bindsym $mod+End exec /a/opt/clipster/clipster -sp diff --git a/keyscript-on b/keyscript-on index 6307b36..36e37f7 100755 --- a/keyscript-on +++ b/keyscript-on @@ -22,8 +22,6 @@ if [[ ! -e /tmp/keyscript-off ]]; then fi else x=decrypt_keyctl - # old name. can remove this sometime after aug 2019 - $sed -i "s#/root/keyscript-manual,#${x},#" /etc/crypttab if grep -q "${x}," /etc/crypttab; then $sed -i "s#${x},#/root/keyscript,#" /etc/crypttab update-initramfs -u diff --git a/laptop-btrbk b/laptop-btrbk new file mode 100755 index 0000000..b88d931 --- /dev/null +++ b/laptop-btrbk @@ -0,0 +1,14 @@ +#!/bin/bash +# Copyright (C) 2019 Ian Kelling +# SPDX-License-Identifier: AGPL-3.0-or-later + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR + +idle_limit=$((1000 * 60 * 45)) +idle_time=$(sudo -u '#1000' xprintidle 2>/dev/null) ||: +if [[ $idle_time && $idle_limit -lt $idle_time ]]; then + btrbk run +fi diff --git a/lightdm-start b/lightdm-start new file mode 100755 index 0000000..efa5876 --- /dev/null +++ b/lightdm-start @@ -0,0 +1,8 @@ +#!/bin/bash + +#https://askubuntu.com/questions/942366/how-to-disable-sleep-suspend-at-login-screen +sudo xhost +si:localuser:lightdm # grants localuser rights to X session +sudo su lightdm -s /bin/bash <<'EOF' +/usr/bin/xset -dpms +/usr/bin/xset s off +EOF diff --git a/machine_specific/btrbk.hosts b/machine_specific/btrbk.hosts index f39aaf7..3e987fa 100644 --- a/machine_specific/btrbk.hosts +++ b/machine_specific/btrbk.hosts @@ -1,6 +1,5 @@ kd kw x2 -tp x3 frodo diff --git a/machine_specific/linode.hosts b/machine_specific/vps.hosts similarity index 50% rename from machine_specific/linode.hosts rename to machine_specific/vps.hosts index 9d2158e..71ca7da 100644 --- a/machine_specific/linode.hosts +++ b/machine_specific/vps.hosts @@ -1,2 +1,2 @@ li -l2 +bk diff --git a/machine_specific/linode/filesystem/etc/bind/named.conf.local b/machine_specific/vps/filesystem/etc/bind/named.conf.local similarity index 100% rename from machine_specific/linode/filesystem/etc/bind/named.conf.local rename to machine_specific/vps/filesystem/etc/bind/named.conf.local diff --git a/mail-cert-cron b/mail-cert-cron new file mode 100755 index 0000000..731621b --- /dev/null +++ b/mail-cert-cron @@ -0,0 +1,50 @@ +#!/bin/bash +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + + +f=/a/bin/bash_unpublished/source-state +if [[ -e $f ]]; then + source $f +fi +case $HOSTNAME in + $MAIL_HOST) + local_mx=mail.iankelling.org + mkdir -p /etc/letsencrypt/live/$local_mx + chmod 700 /etc/letsencrypt/live + rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/" + # allow for temporary connection issues + ${rsync_common}fullchain.pem /etc/exim4/exim.crt ||: + ${rsync_common}privkey.pem /etc/exim4/exim.key ||: + if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then + echo "$0: error!: cert rsync failed and it will expire in less than 3 days" + exit 1 + fi + ;; + bk) + # the folder name depended on what the fqdn was when we got the initial + # cert. + ledir=/etc/letsencrypt/live/$(cat /etc/mailname) + if [[ ! -d $ledir ]]; then + ledir=/etc/letsencrypt/live/$(hostname -f) + fi + + fullchain=$ledir/fullchain.pem + if ! diff -q $fullchain /etc/exim4/exim.crt &>/dev/null; then + install -m 644 $fullchain /etc/exim4/exim.crt + install -m 640 -g Debian-exim $ledir/privkey.pem /etc/exim4/exim.key + fi + if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt >/dev/null; then + echo "$0: error!: cert rsync failed and it will expire in less than 3 days" >&2 + exit 1 + fi + ;; +esac + +# note: exim spec, 5.3 command line option -bd says that all files except +# .include "are reread each time they are used." + + +exit 0 diff --git a/mail-setup b/mail-setup index 301fd77..5b8cdf7 100755 --- a/mail-setup +++ b/mail-setup @@ -48,11 +48,11 @@ EOF # we could also just use 127.0.0.1 with no ssl, but todo: disable that in dovecot, so mail is secure from local programs. # # hamburger -> preferences -> preferences -> advanced tab -> config editor button -> security.ssl.enable_ocsp_must_staple = false -# background: ovecot does not yet have ocsp stapling support +# background: dovecot does not yet have ocsp stapling support # reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921 # # for phone, k9mail, same thing but username alerts, pass in ivy-pass. -# also, l2.b8.nz for secondary alerts, username is iank. same alerts pass. +# also, bk.b8.nz for secondary alerts, username is iank. same alerts pass. # fetching mail settings: folder poll frequency 10 minutes ####### @@ -63,12 +63,14 @@ EOF # # for other hosts, each one get\'s their own password. # # for generating secure pass, and storing for server too: # f=$(mktemp) -# I use $HOSTNAME as username +# host=tp # apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f -# s sed -i "/^$HOSTNAME:/d" /p/c/filesystem/etc/exim4/passwd -# echo "$HOSTNAME:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd -# reference: exim4_passwd_client(5) -# echo "mail.iankelling.org:$HOSTNAME:$(<$f)" > /p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client +# s sed -i "/^$host:/d" /p/c/filesystem/etc/exim4/passwd +# echo "$host:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd +# #reference: exim4_passwd_client(5) +# dir=/p/c/machine_specific/$host/filesystem/etc/exim4 +# mkdir -p $dir +# echo "mail.iankelling.org:$host:$(<$f)" > $dir/passwd.client # # then run this script # # dovecot password, i just need 1 as I\'m the only user @@ -87,8 +89,15 @@ EOF # # this has several bugs addressed in comments, but it was helpful # # https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4 -# openssl genrsa -out $domain-private.pem 2048 -outform PEM -# openssl rsa -in $domain-private.pem -out $domain.pem -pubout -outform PEM +# openssl genrsa -out $domain-private.pem 2048 +# Then, to get the public key strings to put in bind: +# +# sed explanation: skip the first few lines, then put them into the hold space, then +# on the last line, back to the patern space, remove the newlines, then add a newline +# at the last char - 240, because bind txt records need strings <=255 chars, +# other dkim stuff at the begining is is 25 chars, and the pubkey is 393, so this +# leaves us a bit of extra room at the end and a bunch at the beginning. +# # # selector is needed for having multiple keys for one domain. # # I dun do that, so just use a static one: li # echo "txt record name: li._domainkey.$domain" @@ -98,8 +107,11 @@ EOF # # Join and print all but first and last line. # # last line: swap hold & pattern, remove newlines, print. # # lines 2+: append to hold space -# echo "txt record contents:" -# echo "v=DKIM1; k=rsa; p=$(sed -n '${x;s/\n//gp};2,$H' $domain.pem)" +# echo "bind txt record contents:" +# cat </etc/apt/preferences.d/spamassassin <<'EOF' +Package: spamassassin sa-compile spamc +Pin: release n=focal,o=Ubuntu +Pin-Priority: 500 +EOF +fi + + ## * Install packages # light version of exim does not have sasl auth support. -pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn +pi exim4 exim4-daemon-heavy spamassassin spf-tools-perl openvpn p0f postgrey pyzor razor +# note: pyzor debian readme says you need to run some initialization command +# but its outdated. if [[ $(debian-codename) == etiona ]]; then # ip6tables stopped loading on boot. openvpn has reduced capability set, @@ -202,7 +226,7 @@ uhome=$(eval echo ~$u) ### * user forward file case $HOSTNAME in - $MAIL_HOST|l2) + $MAIL_HOST|bk) # afaik, these will get ignored on MAIL_HOST because they are routing to my own # machine, but rm them is safer rm -fv $uhome/.forward /root/.forward @@ -241,9 +265,35 @@ EOF systemctl daemon-reload +# * postgrey + + +cat >> /etc/default/postgrey <<'EOF' +POSTGREY_OPTS="--exim --unix=/var/run/postgrey/postgrey.sock --retry-window=4 --max-age=60" +EOF # * spamassassin +cat >/etc/sysctl.d/80-iank-mail.conf <<'EOF' +# see exim spec +net.netfilter.nf_conntrack_tcp_timeout_close_wait = 120 +EOF +sysctl -p + +cat >/etc/spamassassin/mylocal.cf <<'EOF' +# the normal local.cf has a bunch of upstream stuff i dont want to mess with + +# /usr/share/doc/exim4-base/README.Debian.gz: +# SpamAssassin's default report should not be used in a add_header +# statement since it contains empty lines. (This triggers e.g. Amavis' +# warning "BAD HEADER SECTION, Improper folded header field made up +# entirely of whitespace".) This is a safe, terse alternative: +clear_report_template +report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN +internal_networks 85.119.83.50 2001:ba8:1f1:f0c9::2 209.51.188.13 2001:470:142::13 +EOF + + if [[ $HOSTNAME == "$MAIL_HOST" ]]; then m systemctl stop spamassassin m systemctl disable spamassassin @@ -305,41 +355,13 @@ if [[ -e /p/c/filesystem ]]; then # systemd, buuut it can remake the tun device unexpectedly, i got this in the log # after my internet was down for a bit: # NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. - m /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org + m /a/exe/vpn-mk-client-cert -b mailclient -n mail -s /b/ds/mail-route li.iankelling.org fi fi +rsync -aiSAX --chown=root:root --chmod=g-s /a/bin/ds/mail-cert-cron /usr/local/bin -f=/usr/local/bin/mail-cert-cron -cat >$f <<'EOF' -#!/bin/bash -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" - -f=/a/bin/bash_unpublished/source-state -if [[ -e $f ]]; then - source $f -fi -if [[ $HOSTNAME != "$MAIL_HOST" ]]; then - exit 0 -fi -local_mx=mail.iankelling.org -mkdir -p /etc/letsencrypt/live/$local_mx -chmod 700 /etc/letsencrypt/live -rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/" -# allow for temporary connection issues -${rsync_common}fullchain.pem /etc/exim4/exim.crt ||: -${rsync_common}privkey.pem /etc/exim4/exim.key ||: -if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/exim.crt; then - echo "$0: error!: cert rsync failed and it will expire in less than 3 days" - exit 1 -fi -exit 0 -EOF -m chmod 755 $f cat >/etc/systemd/system/mailcert.service <<'EOF' [Unit] @@ -451,9 +473,12 @@ DKIM_SELECTOR = li # from comments in # https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4 - -# The file is based on the outgoing domain-name in the from-header. +# and its best for this to align https://tools.ietf.org/html/rfc7489#page-8 +# There could be some circumstance when the +# from: isnt our domain, but the envelope sender is +# and so still want to sign, but I cant think of any case. DKIM_DOMAIN = \${lc:\${domain:\$h_from:}} +# The file is based on the outgoing domain-name in the from-header. # sign if key exists DKIM_PRIVATE_KEY = \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}} @@ -491,15 +516,17 @@ rm -fv /etc/exim4/data_local_acl # old path cat >/etc/exim4/conf.d/data_local_acl <<'EOF' # Except for the "condition =", this was # a comment in the check_data acl. The comment about this not -# being suitable is mostly bs. The only thing related I found was to +# being suitable has been changed in newer exim versions. The only thing +# related I found was to # add the condition =, cuz spamassassin has problems with big # messages and spammers don't bother with big messages, # but I've increased the size from 10k # suggested in official docs, and 100k in the wiki example because # those docs are rather old and I see a 110k spam message # pretty quickly looking through my spam folder. + warn - condition = ${if < {$message_size}{2000K}} + condition = ${if < {$message_size}{5000K}} spam = Debian-exim:true add_header = X-Spam_score: $spam_score\n\ X-Spam_score_int: $spam_score_int\n\ @@ -573,7 +600,29 @@ fsfsmarthost: domains = ! +local_domains senders = *@fsf.org transport = remote_smtp_smarthost - route_list = * mail.fsf.org byname + route_list = * mail.fsf.org::587 byname + host_find_failed = ignore + same_domain_copy_routing = yes + no_more + +posteosmarthost: + debug_print = "R: smarthost for $local_part@$domain" + driver = manualroute + domains = ! +local_domains + senders = *@posteo.net + transport = remote_smtp_smarthost + route_list = * posteo.de::587 byname + host_find_failed = ignore + same_domain_copy_routing = yes + no_more + +gnusmarthost: + debug_print = "R: smarthost for $local_part@$domain" + driver = manualroute + domains = ! +local_domains + senders = *@gnu.org + transport = remote_smtp_smarthost + route_list = * fencepost.gnu.org::587 byname host_find_failed = ignore same_domain_copy_routing = yes no_more @@ -704,7 +753,7 @@ EOF # * if MAIL_HOST case $HOSTNAME in - $MAIL_HOST|l2) + $MAIL_HOST|bk) dovecot-setup m systemctl enable dovecot m systemctl restart dovecot @@ -718,6 +767,9 @@ EOF CHECK_RCPT_VERIFY_SENDER = true # These seem like a good idea and have stoped spammers on my server CHECK_DATA_VERIFY_HEADER_SENDER = true +# default config comment says: If you enable this, you might reject legitimate mail, +# but eggs has had this a long time, so that seems unlikely. +CHECK_DATA_VERIFY_HEADER_SYNTAX = true CHECK_RCPT_SPF = true CHECK_RCPT_REVERSE_DNS = true CHECK_MAIL_HELO_ISSUED = true @@ -725,6 +777,10 @@ CHECK_MAIL_HELO_ISSUED = true # enable 587 in addition to the default 25, so that # i can send mail where port 25 is firewalled by isp daemon_smtp_ports = 25 : 587 +# default of 25, can get stuck when catching up on mail +smtp_accept_max = 200 +smtp_accept_reserve = 50 +smtp_reserve_hosts = <; 85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; 209.51.188.13 ; 2001:470:142::13 EOF m systemctl enable mailclean.timer @@ -772,7 +828,7 @@ EOF # man page: is used to build the local_domains list, together with "localhost" # iank.bid is for testing # mail.iankelling.org is for machines i own -dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;!l2.b8.nz;*.b8.nz;b8.nz' +dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;!bk.b8.nz;*.b8.nz;b8.nz' EOF @@ -828,7 +884,7 @@ EOF # https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html - d=/etc/systemd/system/openvpn@mail.service.d + d=/etc/systemd/system/$vpn_ser@mail.service.d m mkdir -p $d cat >$d/override.conf <<'EOF' [Service] @@ -837,10 +893,9 @@ Restart=always RestartSec=1 [Unit] -# StartLimitIntervalSec in recent systemd versions -StartLimitInterval=0 +StartLimitIntervalSec=0 EOF - if ! systemctl cat openvpn@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then + if ! systemctl cat $vpn_ser@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then # needed for the above config to go into effect m systemctl daemon-reexec fi @@ -885,12 +940,12 @@ EOF ;;& ## we use this host to monitor MAIL_HOST - l2) + bk) cat >>/etc/exim4/update-exim4.conf.conf </etc/cron.d/mailtest <>/etc/cron.d/mailtest </usr/local/bin/send-test-forward </dev/null; then + continue fi @@ -341,44 +342,4 @@ for vol in q a o i; do done -### disabled -if [[ $HOSTNAME == kdxxxxxxxxx ]]; then - # partitioned it with fai partitioner outside of fai, - # because it\'s worth it to have 1% space reserved for boot and - # swap partitions in case I ever want to boot off those drives. - # as root: - # . /a/bin/fai/fai-wrapper - # eval-fai-classfile /a/bin/fai/fai/config/class/51-multi-boot - # fai-setclass ROTATIONAL - # export LUKS_DIR=/q/root/luks/ - # # because the partition nums existed already - # fai-setclass REPARTITION - # /a/bin/fai/fai/config/hooks/partition.DEFAULT - - devs=( - ata-TOSHIBA_MD04ACA500_84REK6NTFS9A-part1 - ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 - ata-TOSHIBA_MD04ACA500_8471K430FS9A-part1 - ata-TOSHIBA_MD04ACA500_8481K493FS9A-part1 - ) - first=true - for dev in ${devs[@]}; do - if $first; then - first=false - tu /etc/fstab </dev/null +} +td() { /a/opt/timetrap/bin/t d -ftotal all -m '^w|x$' "$@"; } main() { @@ -24,10 +32,28 @@ main() { # clocked in or out? cursheet=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;") - : ${cursheet:=out} + + if [[ $cursheet ]]; then + if i3-msg -t get_bar_config bar-0 | grep '"mode":"dock"' &>/dev/null; then + i3-msg -q 'bar mode hide' + fi + else + if i3-msg -t get_bar_config bar-0 | grep '"mode":"hide"' &>/dev/null; then + i3-msg -q 'bar mode dock' + fi + cursheet=out + fi # maybe sometime show work and x separate - today=$(t today -ftotal all) + if newer 3; then + today=$(< /tmp/timetraptoday) + elif newer 10; then + today=$(< /tmp/timetraptoday) + td -s today >/tmp/timetraptoday & + else + today=$(td -s today) + echo "$today" >/tmp/timetraptoday + fi # hours remaining in the day: @@ -38,9 +64,9 @@ main() { if [[ -e $cache ]]; then eval $(<$cache) else - week=$(t display -ftotal -s '8 days ago' -e 'yesterday' all) + week=$(td -s '8 days ago' -e 'yesterday') printf 'week="%s"\n' "$week" >$cache - week4=$(t display -ftotal -s '29 days ago' -e 'yesterday' all) + week4=$(td -s '29 days ago' -e 'yesterday') printf 'week4="%s"\n' "$week4" >>$cache fi # weekly work+study in the last 4 weeks, not counting today. @@ -59,7 +85,7 @@ done_today=($today + .05) /1; today_left * .8 + done_today; done_today; ($week + .05) /1; -($week4 + .05) /1"|bc)) +($week4 + .05) /4"|bc)) printf "[ { \"full_text\": \"" if [[ $ps_char ]]; then printf "%s| " "$ps_char" diff --git a/mymimes b/mymimes index 4c5c298..8109459 100755 --- a/mymimes +++ b/mymimes @@ -16,7 +16,7 @@ echo x-scheme-handler/mailto=emacsmail.desktop >>/etc/xdg/defaults.list # https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-1.0.html # https://wiki.debian.org/MIME # https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html -cp /etc/xdg/defaults.list /etc/xdg/mimapps.list +cp /etc/xdg/defaults.list /etc/xdg/mimeapps.list for f in /usr/share/applications/!(defaults).list; do cp /etc/xdg/defaults.list /etc/xdg/${f##*/} diff --git a/pkgs b/pkgs index 29e3045..b36efb3 100644 --- a/pkgs +++ b/pkgs @@ -57,6 +57,8 @@ p3=( apt-rdepends apt-show-versions aptitude-doc-en + # dictionary / thesaurus + artha asciidoc backupninja bash-doc @@ -65,14 +67,17 @@ p3=( binutils-doc bind9-doc bind9utils + build-essential bwm-ng ccache cloc cpulimit cron debian-archive-keyring + debug-me debootstrap debconf-doc + devscripts dillo dirmngr dnsutils @@ -84,6 +89,8 @@ p3=( elinks etckeeper evince + fakeroot + fail2ban fdupes feh filelight @@ -102,6 +109,7 @@ p3=( gdb-doc geoip-bin geoip-database + geoip-database-extra git-doc git-email git-svn @@ -114,6 +122,7 @@ p3=( guvcview hunspell i3lock + info inotify-tools iputils-tracepath iperf3 @@ -138,6 +147,7 @@ p3=( mps-youtube mpv mumble + mupdf nagstamon namazu2 ncdu @@ -155,6 +165,7 @@ p3=( perl-doc pianobar pinentry-tty + pinentry-gtk2 pidgin pidgin-otr pry @@ -177,6 +188,7 @@ p3=( squashfs-tools strace subversion + swaks swh-plugins tar-doc tcpdump diff --git a/primary-setup b/primary-setup index df30f29..4c7aecc 100755 --- a/primary-setup +++ b/primary-setup @@ -25,26 +25,28 @@ if [[ $1 ]]; then source /a/bin/bash_unpublished/source-state fi -if [[ $HOSTNAME == "$MAIL_HOST" ]]; then - # arbtt disabled for now - #DISPLAY=:0 arbtt-capture --sample-rate=10 & - m sudo systemctl start rss2email.timer - m sudo systemctl enable rss2email.timer - m sudo systemctl start btrbk.timer - m sudo systemctl enable btrbk.timer +if dpkg -s rss2email &>/dev/null; then + if [[ $HOSTNAME == "$MAIL_HOST" ]]; then + # arbtt disabled for now + #DISPLAY=:0 arbtt-capture --sample-rate=10 & + m sudo systemctl start rss2email.timer + m sudo systemctl enable rss2email.timer + m sudo systemctl start btrbk.timer + m sudo systemctl enable btrbk.timer -else - m sudo systemctl stop rss2email.timer - m sudo systemctl stop rss2email.service - m sudo systemctl disable rss2email.timer - # arbtt disabled for now - # for ((i=0; i<10; i++)); do - # killall arbtt-capture || break - # sleep 1 - # if [[ $i == 9 ]]; then - # exit 1 - # fi - # done + else + m sudo systemctl stop rss2email.timer + m sudo systemctl stop rss2email.service + m sudo systemctl disable rss2email.timer + # arbtt disabled for now + # for ((i=0; i<10; i++)); do + # killall arbtt-capture || break + # sleep 1 + # if [[ $i == 9 ]]; then + # exit 1 + # fi + # done + fi fi if dpkg -s radicale &>/dev/null; then diff --git a/radicale-setup b/radicale-setup index 1d0ca16..657a0e9 100755 --- a/radicale-setup +++ b/radicale-setup @@ -9,6 +9,11 @@ else trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR fi +if ! mountpoint /o; then + echo "error /o is not a mountpoint" >&2 + exit 1 +fi + source /a/bin/bash_unpublished/source-state source /a/bin/distro-functions/src/package-manager-abstractions # davdroid setup instructions at the bottom @@ -28,7 +33,7 @@ source /a/bin/distro-functions/src/package-manager-abstractions vpn_ser=openvpn-client if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then - vpn_ser=openvpn + vpn_ser=openvpn fi d=/etc/systemd/system/radicale.service.d @@ -52,10 +57,10 @@ pi-nostart radicale IFS=:; read -r _ _ uid _ < <(getent passwd radicale ); unset IFS IFS=:; read -r _ _ gid _ < <(getent group radicale ); unset IFS if [[ $uid != 609 ]]; then - systemctl stop radicale ||: - usermod -u 609 radicale - groupmod -g 609 radicale - usermod -g 609 radicale + systemctl stop radicale ||: + usermod -u 609 radicale + groupmod -g 609 radicale + usermod -g 609 radicale fi log_p=/var/log/radicale [[ -d $log_p ]] || log_p= @@ -76,17 +81,17 @@ find /o/radicale -xdev -exec chgrp -h 609 {} + sed -ri 's/^\s*#+\s*(ENABLE_RADICALE\s*=\s*yes\s*)/\1/' /etc/default/radicale setini() { - key="$1" value="$2" section="$3" - file="/etc/radicale/config" - sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file" + key="$1" value="$2" section="$3" + file="/etc/radicale/config" + sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file" } # comments say default is 0.0.0.0:5232 setini hosts 10.8.0.4:5232 server if [[ $HOSTNAME == $MAIL_HOST ]]; then - systemctl start radicale - systemctl enable radicale + systemctl start radicale + systemctl enable radicale fi # disable power management feature, set to 240 min sync interval, diff --git a/subdir_files/.config/i3/config b/subdir_files/.config/i3/config index 14b6924..b62b5e5 100644 --- a/subdir_files/.config/i3/config +++ b/subdir_files/.config/i3/config @@ -1,6 +1,9 @@ ####### DO NOT EDIT LIVE CONFIG. generated from /a/bin/distro-setup/i3-sway/gen ####### - +# https://i3wm.org/docs/userguide.html#keybindings +#To get the current mapping of your keys, use xmodmap -pke. To +#interactively enter a key and see what keysym it is configured to, use +#xev. set $mod Mod4 bindsym $mod+2 exec "pavucontrol" @@ -9,7 +12,9 @@ bindsym $mod+4 exec "x-www-browser -no-remote -P firefox-main-profile" bindsym $mod+5 exec "/a/bin/redshift.sh" bindsym $mod+equal exec "t s w; t in" bindsym $mod+Home exec "t out" -bindsym $mod+End exec "t s x; t in x" +#bindsym $mod+End exec "t s x; t in" +bindsym $mod+grave exec "t s lunch; t in; t out -a '45 minutes from now'" + bindsym $mod+w focus parent bindsym $mod+e fullscreen toggle @@ -78,6 +83,11 @@ font pango:monospace 8 #hide_edge_borders smart #exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd + +# Start clipster daemon +exec --no-startup-id /a/opt/clipster/clipster -d +# shortcut to selection widget (primary) +bindsym $mod+End exec /a/opt/clipster/clipster -sp # exit i3 (logs you out of your X session) bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" diff --git a/subdir_files/.config/sakura/sakura.conf b/subdir_files/.config/sakura/sakura.conf index 1fb5215..3081b59 100644 --- a/subdir_files/.config/sakura/sakura.conf +++ b/subdir_files/.config/sakura/sakura.conf @@ -62,3 +62,6 @@ decrease_font_size_key=minus fullscreen_key=F11 set_colorset_accelerator=5 icon_file=terminal-tango.svg +use_fading=false +scrollable_tabs=true +word_chars=-,./?%&#_~: diff --git a/subdir_files/.config/sway/config b/subdir_files/.config/sway/config index 7f9c2dc..928bb05 100644 --- a/subdir_files/.config/sway/config +++ b/subdir_files/.config/sway/config @@ -1,6 +1,9 @@ ####### DO NOT EDIT LIVE CONFIG. generated from /a/bin/distro-setup/i3-sway/gen ####### - +# https://i3wm.org/docs/userguide.html#keybindings +#To get the current mapping of your keys, use xmodmap -pke. To +#interactively enter a key and see what keysym it is configured to, use +#xev. set $mod Mod4 bindsym $mod+2 exec "pavucontrol" @@ -9,7 +12,9 @@ bindsym $mod+4 exec "x-www-browser -no-remote -P firefox-main-profile" bindsym $mod+5 exec "/a/bin/redshift.sh" bindsym $mod+equal exec "t s w; t in" bindsym $mod+Home exec "t out" -bindsym $mod+End exec "t s x; t in x" +#bindsym $mod+End exec "t s x; t in" +bindsym $mod+grave exec "t s lunch; t in; t out -a '45 minutes from now'" + bindsym $mod+w focus parent bindsym $mod+e fullscreen toggle @@ -78,6 +83,11 @@ font pango:monospace 8 #hide_edge_borders smart #exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd + +# Start clipster daemon +exec --no-startup-id /a/opt/clipster/clipster -d +# shortcut to selection widget (primary) +bindsym $mod+End exec /a/opt/clipster/clipster -sp # exit sway (logs you out of your Wayland session) bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit' diff --git a/subdir_files/.gnupg/gpg.conf b/subdir_files/.gnupg/gpg.conf index 6759281..172e3a0 100644 --- a/subdir_files/.gnupg/gpg.conf +++ b/subdir_files/.gnupg/gpg.conf @@ -2,7 +2,7 @@ # gpg -k # for aur, automatically dl & add gpg keys. -keyserver-options auto-key-retrieve +#keyserver-options auto-key-retrieve # start gpg agent on login use-agent diff --git a/subdir_files/.local/share/kxmlgui5/konsole/sessionui.rc b/subdir_files/.local/share/kxmlgui5/konsole/sessionui.rc index 76153ed..079fdef 100644 --- a/subdir_files/.local/share/kxmlgui5/konsole/sessionui.rc +++ b/subdir_files/.local/share/kxmlgui5/konsole/sessionui.rc @@ -1,43 +1,43 @@ - + - + - + - - + + - - + + - + - - - - + + + + - - - + + + - - + + - - - + + + - - + + - - + + @@ -56,8 +56,9 @@ - - - + + + + diff --git a/subdir_files/sieve/lists.sieve b/subdir_files/sieve/lists.sieve index 5ff6a68..940f61d 100644 --- a/subdir_files/sieve/lists.sieve +++ b/subdir_files/sieve/lists.sieve @@ -113,6 +113,12 @@ if anyof ( fileinto :create "l/sr.ht-discuss"; stop; } +if anyof ( + header :contains "list-id" "" + ) { + fileinto :create "l/liberationtech"; + stop; + } if anyof ( diff --git a/subdir_files/sieve/liststest.sieve b/subdir_files/sieve/liststest.sieve index 5ff6a68..940f61d 100644 --- a/subdir_files/sieve/liststest.sieve +++ b/subdir_files/sieve/liststest.sieve @@ -113,6 +113,12 @@ if anyof ( fileinto :create "l/sr.ht-discuss"; stop; } +if anyof ( + header :contains "list-id" "" + ) { + fileinto :create "l/liberationtech"; + stop; + } if anyof ( diff --git a/system-status b/system-status index 57fd824..3d5b40e 100644 --- a/system-status +++ b/system-status @@ -33,13 +33,18 @@ write-status() { chars=("${first_chars[@]}") # clock us out in timetrap if are idle too long - export DISPLAY=:0 - if type -p xprintidle &>/dev/null; then - xidle=$(xprintidle) - if [[ $xidle == [0-9]* ]]; then - now=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;") - if [[ $now && $xidle -gt 300000 ]]; then - timetrap out + if [[ -e /p/.timetrap.db ]]; then + export DISPLAY=:0 + if type -p xprintidle &>/dev/null && xidle=$(xprintidle 2>/dev/null); then + if [[ $xidle == [0-9]* ]]; then + sheet=$(sqlite3 /p/.timetrap.db "select sheet from entries where end is NULL;") + idle=300000 + if [[ $sheet == w ]]; then + idle=900000 + fi + if [[ $sheet && $xidle -gt $idle ]]; then + timetrap out + fi fi fi fi @@ -78,7 +83,7 @@ write-status() { case $HOSTNAME in # No point in emailing about the mailq on a host where we don't # check email. - $MAIL_HOST|l2) + $MAIL_HOST|bk) lo -1 qlen $qmsg ;; esac