From: Ian Kelling Date: Thu, 13 Jun 2024 00:42:37 +0000 (-0400) Subject: various fixes X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=38387a0fbfcc731fbd5785d4c035c5121a4c9281;p=distro-setup various fixes --- diff --git a/btrbk-run b/btrbk-run index 9bd6e9b..fc09657 100644 --- a/btrbk-run +++ b/btrbk-run @@ -103,7 +103,7 @@ set-location() { at_home=true ;; x2|x3|sy|so) - if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ && ip n show 10.2.0.1 | grep . &>/dev/null; then # note: logic duplicated in 11-iank at_home=true diff --git a/distro-end b/distro-end index dcf9198..232170f 100755 --- a/distro-end +++ b/distro-end @@ -333,7 +333,7 @@ EOF esac case $codename_compat in - jammy) + jammy|noble) s systemctl enable --now ssh-agent-iank ;; esac @@ -752,7 +752,17 @@ EOF # s fwupdmgr get-updates # says I have 3 "devices with no available firmware updates" # if there were updates, install with: s fwupdmgr update + + check_downgrade=false + if [[ ! -e /etc/apt/preferences.d/system76-apt-preferences ]]; then + check_downgrade=true + fi pi system76-firmware system76-driver fwupd + if $check_downgrade && [[ -e /etc/apt/preferences.d/system76-apt-preferences ]]; then + # driver installs a preferences file to give s76 packages + # priority so we may need to downgrade here. + pup --allow-downgrades + fi # system76-driver: on a modern kernel, it seems to mainly just do # some power settings, I haven't looked entirely through it. it # might also change fan speed. Of its recommended packages, @@ -934,13 +944,16 @@ case $distro in ubuntu) case $codename in noble) - # mint firefox has a dependency which is totally not really - # needed, just some mint branding and maybe a random firefox - # setting. - tmpdir="$(mktemp -d)" - cd "$tmpdir" - # edited from output of equivs-control ubuntu-system-adjustments - cat >ubuntu-system-adjustments <<'EOF' + if pcheck ubuntu-system-adjustments; then + # mint firefox has a dependency which is totally not really + # needed, just some mint branding and maybe a random firefox + # setting. + tmpdir="$(mktemp -d)" + # it puts the deb in .., so use a subdir to stay contained + mkdir $tmpdir/sub + cd "$tmpdir/sub" + # edited from output of equivs-control ubuntu-system-adjustments + cat >ubuntu-system-adjustments <<'EOF' Section: misc Priority: optional Version: 2030 @@ -948,11 +961,11 @@ Standards-Version: 3.9.2 Package: ubuntu-system-adjustments Description: ubuntu-system-adjustments-dummy EOF - equivs-build ubuntu-system-adjustments - sudo dpkg -i ubuntu-system-adjustments_2030_all.deb - rm -rf ./ubuntu-system-adjustments* - cd - rm -r "$tmpdir" + equivs-build ubuntu-system-adjustments + sudo dpkg -i ../ubuntu-system-adjustments_2030_all.deb + cd + rm -r "$tmpdir" + fi ;; esac pi firefox @@ -1799,22 +1812,24 @@ rm -rf /home/iank/.mpv case $(debian-codename) in aramo) - tmpdir="$(mktemp -d)" - cd "$tmpdir" - # edited from output of equivs-control tox - cat >tox <<'EOF' + if pcheck tox; then + tmpdir="$(mktemp -d)" + cd "$tmpdir" + # edited from output of equivs-control tox + cat >tox <<'EOF' Section: python Priority: optional Standards-Version: 3.9.2 Package: tox Description: tox-dummy EOF - equivs-build tox - sudo dpkg -i tox_1.0_all.deb - rm -rf ./tox* - pi beets python3-discogs-client - cd - rm -r "$tmpdir" + equivs-build tox + sudo dpkg -i tox_1.0_all.deb + rm -rf ./tox* + pi beets python3-discogs-client + cd + rm -r "$tmpdir" + fi ;; esac diff --git a/filesystem/etc/prometheus/file_sd/node.yml b/filesystem/etc/prometheus/file_sd/node.yml index a8c5500..c75839e 100644 --- a/filesystem/etc/prometheus/file_sd/node.yml +++ b/filesystem/etc/prometheus/file_sd/node.yml @@ -1,6 +1,7 @@ - targets: - localhost:9100 + - sowg:9100 - sywg:9100 - x3wg:9100 diff --git a/mail-setup b/mail-setup index eb3689e..c6ce2a5 100755 --- a/mail-setup +++ b/mail-setup @@ -361,7 +361,10 @@ reload=false if [[ -e /var/local/mail-setup-reload ]]; then reload=true fi -u() { # update file. note: duplicated in brc +# update file. +# if the file changed, ur=true, else false. +# note: duplicated in brc +u() { local tmp tmpdir dest="$1" local base="${dest##*/}" local dir="${dest%/*}" @@ -581,30 +584,17 @@ case $HOSTNAME in esac -lines=( - "/etc/resolved-nsswitch/nsswitch.conf r," - "/etc/basic-nsswitch/nsswitch.conf r," - # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101 - # I dont know if this is quite the right fix, but I saw other sockets - # in the nameservice files that were rw, so figured it was ok to add this and it worked. - "/run/systemd/resolve/io.systemd.Resolve rw," -) -f=/etc/apparmor.d/abstractions/nameservice -apparmor_reload=false -if [[ -e $f ]]; then - for l in "${lines[@]}"; do - if ! grep -qF "$l" $f; then - sudo sed -i "/\/nsswitch.conf/a $l" $f - apparmor_reload=true - if ! grep -qF "$l" $f; then - echo "$0: failed editing $f. investigate" - exit 1 - fi - fi - done - if $apparmor_reload && systemctl is-active apparmor; then - m ser reload apparmor - fi +u /etc/apparmor.d/abstractions/nameservice.d/iank <<'EOF' +/etc/resolved-nsswitch/nsswitch.conf r, +/etc/basic-nsswitch/nsswitch.conf r, +# Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101 +# I dont know if this is quite the right fix, but I saw other sockets +# in the nameservice files that were rw, so figured it was ok to add this and it worked. +/run/systemd/resolve/io.systemd.Resolve rw, +EOF + +if $ur && systemctl is-active apparmor; then + m systemctl reload apparmor fi @@ -3084,10 +3074,11 @@ case $HOSTNAME in # which will overwrite any existing file u /etc/default/exim4 <<'EOF' QUEUERUNNER='combined' -# note: this is duplicated in brc2, 10m here is -q10m there. QUEUEINTERVAL='10m' COMMONOPTIONS='-C /etc/exim4/my.conf' UPEX4OPTS='-o /etc/exim4/my.conf' +# in t12 exim, this replaces all the above options +EXIMSERVICE='-bdf -q10m -C /etc/exim4/my.conf' # i use epanic-clean for alerting if there are bad paniclog entries E4BCD_WATCH_PANICLOG='no' EOF diff --git a/mailtest-check b/mailtest-check index fd27ae5..db5df60 100755 --- a/mailtest-check +++ b/mailtest-check @@ -21,7 +21,7 @@ # limitations under the License. -# Usage: mail-test-check [slow] [int|nonint] +# Usage: mailtest-check [slow] [int|nonint] # # slow: do slow checks, like spamassassin # @@ -41,7 +41,7 @@ getspamdpid() { if [[ ! $spamdpid || ! -d /proc/$spamdpid ]]; then # try twice in case we are restarting, it happens. for (( i=0; i<2; i++ )); do - spamdpid=$(systemctl show --property MainPID --value spamassassin | sed 's/^[10]$//' ||:) + spamdpid=$(systemctl show --property MainPID --value $spamd_ser | sed 's/^[10]$//' ||:) if [[ $spamdpid ]]; then break fi @@ -215,6 +215,9 @@ EOF raw_results="$(tail $resultfile | grep -A2 -Fx /usr/local/bin/send-test-forward | tail -n+2 | sed -nr 's/^\([^)]*\) *//;s/=[^, ]*([, ]|$)/ /gp')" for r in $raw_results; do case $r in + # This came in t12, but its just dkim + spf, and my + # systems aren't all t12, so ignore it for now. + DMARC_PASS) : ;; # got this in an update 2022-01. dun care T_SCC_BODY_TEXT_LINE|SCC_BODY_SINGLE_WORD) : ;; # we have a new domain, ignore this.