From: Ian Kelling <ian@iankelling.org>
Date: Mon, 27 Jan 2020 22:43:26 +0000 (-0500)
Subject: etiona and more use of l2 for mail monitoring
X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=69760a2f197de6f02029d9da6344e09ef7572af7;p=distro-setup

etiona and more use of l2 for mail monitoring
---

diff --git a/Makefile b/Makefile
index eeb913a..3c19e63 100644
--- a/Makefile
+++ b/Makefile
@@ -3,5 +3,5 @@ all: ~/.local/distro-begin ~/.local/distro-end
 ~/.local/distro-begin: distro-begin mail-setup /a/bin/buildscripts/emacs ssh-emacs-setup
 	distro-begin
 
-~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc /p/c/gen-fsf-vpn
+~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc
 	distro-end
diff --git a/brc b/brc
index a85cd66..08ad406 100644
--- a/brc
+++ b/brc
@@ -985,6 +985,7 @@ ser() {
     $s service $2 $1
   fi
 }
+seru() { systemctl --user "$@"; }
 # like restart, but do nothing if its not already started
 srestart() {
   local service=$1
@@ -1022,6 +1023,11 @@ sgo() { # service go
     ser enable $service
   fi
 }
+soff() { # service go
+  service=$1
+  ser stop $service
+  ser disable $service
+}
 
 sgu() {
   systemctl list-unit-files | rg "$@"
@@ -1145,21 +1151,15 @@ tx() { # toggle set -x, and the prompt so it doesnt spam
   if [[ $- == *x* ]]; then
     set +x
     PROMPT_COMMAND=prompt-command
-    # disabled due to issue on stretch, running ll we get error. something
-    # about the DEBUG trap is broken
-    # if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
-    #   trap 'settitle "$BASH_COMMAND"' DEBUG
-    # fi
+    if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
+      trap 'settitle "$BASH_COMMAND"' DEBUG
+    fi
   else
     # normally, i would just execute these commands in the function.
     # however, DEBUG is not inherited, so we need to run it outside a function.
     # And we want to run set -x afterwards to avoid spam, so we cram everything
     # in here, and then it will run after this function is done.
-    #PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1="\w \$ "; set -x'
-
-    unset PROMPT_COMMAND
-    PS1="\w \$ "
-    set -x
+    PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1="\w \$ "; set -x'
   fi
 }
 
@@ -1308,17 +1308,27 @@ if [[ $- == *i* ]]; then
       ps_char="@ $ps_char"
     fi
     PS1="${PS1%"${PS1#*[wW]}"} \[$ps_color\]$ps_char\[$term_nocolor\] "
+
+    # set titlebar
+    #echo -ne "$title_escape ${PWD/#$HOME/~} \007"
+
   }
   PROMPT_COMMAND=prompt-command
 
+  if [[ $TERM == screen* ]]; then
+    _title_escape="\033]..2;"
+  else
+    _title_escape="\033]0;"
+  fi
+
   settitle () {
-    if [[ $TERM == screen* ]]; then
-      local title_escape="\033]..2;"
-    else
-      local title_escape="\033]0;"
-    fi
-    if [[ $0 != prompt-command ]]; then
-      echo -ne "$title_escape$USER@$HOSTNAME ${PWD/#$HOME/~} "
+    # this makes it so we show the current command if
+    # one is running, otherwise, show nothing
+    if [[ $1 == prompt-command ]]; then
+      set --
+     fi
+    if [[ ${#BASH_ARGC[@]} == 1 ]]; then
+      echo -ne "$_title_escape ${PWD/#$HOME/~} "
       printf "%s" "$*"
       echo -ne "\007"
     fi
@@ -1327,12 +1337,11 @@ if [[ $- == *i* ]]; then
   # for titlebar.
   # condition from the screen man page i think.
   # note: duplicated in tx()
-  # disabled. see note in tx
-  # if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
-  #   trap 'settitle "$BASH_COMMAND"' DEBUG
-  # else
-  #   trap DEBUG
-  # fi
+  if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
+    trap 'settitle "$BASH_COMMAND"' DEBUG
+  else
+    trap DEBUG
+  fi
 
 fi
 
diff --git a/brc2 b/brc2
index cdac34b..93a141e 100644
--- a/brc2
+++ b/brc2
@@ -615,7 +615,9 @@ ilog() {
 }
 
 o() {
-  if type gvfs-open &> /dev/null ; then
+  if type gio &> /dev/null ; then
+    gio open "$@"
+  elif type gvfs-open &> /dev/null ; then
     gvfs-open "$@"
   else
     xdg-open "$@"
@@ -716,6 +718,9 @@ net-dev-info() {
 
 nk() {
   ser stop NetworkManager
+  ser disable NetworkManager
+  ser stop NetworkManager-wait-online.service
+  ser disable NetworkManager-wait-online.service
   ser stop dnsmasq
   sudo resolvconf -d NetworkManager
   ser start dnsmasq
@@ -1266,7 +1271,7 @@ reset-konsole() {
 }
 
 reset-sakura() {
-  while -r read k v; do
+  while read -r k v; do
     # shellcheck disable=SC2154
     setini $k $v sakura /a/c/subdir_files/.config/sakura/sakura.conf
   done <<'EOF'
@@ -1304,7 +1309,8 @@ EOF
 
 # * stuff that makes sense to be at the end
 if [[ "$SUDOD" ]]; then
-  cd "$SUDOD"
+  # allow failure, for example if we are sudoing into a user with diffferent/lesser permissions.
+  cd "$SUDOD" ||:
   unset SUDOD
 elif [[ -d /a ]] && [[ $PWD == "$HOME" ]] && [[ $- == *i* ]]; then
   cd /a
diff --git a/btrbk-run b/btrbk-run
index 6836382..dde230e 100644
--- a/btrbk-run
+++ b/btrbk-run
@@ -161,8 +161,8 @@ if [[ ! -v targets && ! $source ]]; then
       fi
       ;;&
     kw|x2|x3)
-      if $at_work && ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then
-        home=iank.vpn.office.fsf.org
+      if $at_work && ping -q -c1 -w1 iank.vpn2.office.fsf.org &>/dev/null; then
+        home=iank.vpn2.office.fsf.org
       else
         home=b8.nz
       fi
@@ -304,7 +304,7 @@ else
   sshfail=()
   min_idle_ms=$((1000 * 60 * 15))
   for h in ${targets[@]}; do
-    if zone=$(ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then
+    if zone=$(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then
       # This is a separate ssh because xprintidle can fail and thats ok.
       if $cron && idle_ms=$(timeout -s 9 6 ssh $h DISPLAY=:0 xprintidle); then
         if (( idle_ms < min_idle_ms )); then
diff --git a/conflink b/conflink
index 69b6a6e..710e626 100755
--- a/conflink
+++ b/conflink
@@ -90,6 +90,9 @@ common-file-setup() {
           etc/dnsmasq.d/*)
             restart_services+=(dnsmasq)
             ;;
+          etc/systemd/resolved.conf.d/*)
+            restart_services+=(systemd-resolved)
+            ;;
         esac
         # Previously did this with tar, but it doesn't
         # update directory permissions.
@@ -117,7 +120,7 @@ common-file-setup() {
   fi
   for service in ${restart_services[@]}; do
     if systemctl is-active $service >/dev/null; then
-      m s systemctl reload $service
+      m s systemctl restart $service
     fi
   done
 
@@ -161,7 +164,6 @@ case $user in
     if [[ -e /var/lib/znc ]] && getent group znc; then
       s chown -R znc:znc /var/lib/znc
     fi
-    /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
     f=/etc/prometheus-htpasswd
     if [[ -e $f ]]; then
       s chmod 640 $f /etc/prometheus-pass
diff --git a/desktop-20-autostart.sh b/desktop-20-autostart.sh
index 69f455f..8dc4ed6 100755
--- a/desktop-20-autostart.sh
+++ b/desktop-20-autostart.sh
@@ -13,6 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log
+
+
 # first 2 alternatives showed under ubuntu 14.04, second 2 under arch at 11/2015
 if [[ $1 ]]; then
   right_monitor_rotation=left
@@ -25,32 +28,11 @@ if ! xout="$(xrandr)"; then
   # under wayland
   exit 0
 fi
-xe() { echo "$xout"; }
-x=$(xe | grep -Ec '^(DisplayPort-[0123]|DVI-0|DP-[1234]|DVI-I-1) connected')
-if (( x > 2 )); then
-  left=$(xe | sed -rn 's/^(DVI[^ ]+) connected .*/\1/p')
-  dps=( $(xe | sed -rn 's/^(DP-[01234]|DisplayPort-[01234]) connected .*/\1/p') )
-
-  middle=${dps[1]}
-  right=${dps[0]}
-  # on older distros, i needed to swap middle and right.
-
-
-  xrandr --output $left --mode 2560x1600 --pos 0x0 --rotate left \
-         --output $middle --mode 2560x1600 --pos 1600x0 --rotate left \
-         --output $right --mode 2560x1600 --pos 3200x0 --rotate $right_monitor_rotation
-elif (( x == 2 )); then
-  # 3rd monitor not working atm, so doing this.
-  left=$(xe | sed -rn 's/^(DVI[^ ]+) connected .*/\1/p')
-  middle=$(xe | sed -rn 's/^(DP-[01234]|DisplayPort-[01234]) connected .*/\1/p')
-  xrandr --output $left --mode 2560x1600 --pos 0x0 --rotate left \
-         --output $middle --mode 2560x1600 --pos 1600x0 --rotate left
-
+if echo "$xout" | grep "^HDMI-1 connected" &>/dev/null; then
+  # this command created by using arandr and then clicking save, copying the result.
+  xrandr --output VGA-1 --off --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output eDP-1 --off
 fi
 /a/bin/distro-setup/input-setup m
-if isarch; then
-  pulseaudio --start
-fi
 
-#indicator-kdeconnect
-date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log
+echo -n "ending " >> /tmp/desktop-20-autostart-log
+date "+%A, %B %d, %r, %S seconds" >> /tmp/desktop-20-autostart-log
diff --git a/distro-begin b/distro-begin
index 16d3359..290b14d 100755
--- a/distro-begin
+++ b/distro-begin
@@ -54,6 +54,7 @@ if ! $interactive; then
 fi
 source /a/bin/errhandle/err
 
+mkdir -p ~/.local
 err-cleanup() {
   echo 1 >~/.local/distro-begin
 }
@@ -255,6 +256,7 @@ if linode; then
 fi
 # this needs to be before installing pacserve so we have gpg conf.
 conflink
+rootsshsync
 
 ###### bash environment setup
 set +x
@@ -341,7 +343,7 @@ pi ${p1[@]}
 
 ######## fix evbug bug ######
 case $(debian-codename-compat) in
-  xenial)
+  xenial|bionic)
     # noticed in flidas. dunno if it affects any others
     #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
     #https://wiki.debian.org/KernelModuleBlacklisting
@@ -550,8 +552,15 @@ if has_monitor; then
   pi --no-install-recommends gtk-redshift
 
   ##### setup X autostart
-  # todo, figure this out for arch if we ever try out gnome.
   # install for multiple display managers in case we use one
+  dir=/etc/X11/xinit/xinitrc.d/
+  sudo mkdir -p $dir
+  sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir
+  s teeu /etc/systemd/logind.conf <<'EOF'
+HandleLidSwitch=
+EOF
+
+  # this works on
   dir=/etc/gdm3
   sudo mkdir -p $dir/PostLogin
   sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
diff --git a/distro-end b/distro-end
index 0c6b463..875aab5 100755
--- a/distro-end
+++ b/distro-end
@@ -166,9 +166,21 @@ sgo certbotmail.timer
 
 ######### begin flidas pinned packages ######
 case $(debian-codename) in
+  etiona|flidas)
+    sd /etc/apt/preferences.d/etiona-buster <<EOF
+Package: *
+Pin: release n=buster
+Pin-Priority: -100
+
+Package: *
+Pin: release n=buster-updates
+Pin-Priority: -100
+EOF
+    ;;&
   # needed for debootstrap scripts for fai since fai requires debian
   flidas)
-    curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
+    # moved to fai
+    #curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
     sd /etc/apt/preferences.d/flidas-xenial <<EOF
 Package: *
 Pin: release a=xenial
@@ -193,7 +205,8 @@ deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
 EOF
 
     if ! apt-key list | grep /C0B21F32 &>/dev/null; then
-      sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+      # moved to fai
+      #sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
       sd /etc/apt/preferences.d/flidas-bionic <<EOF
 Package: *
 Pin: release a=bionic
@@ -290,16 +303,6 @@ Pin-Priority: 1005
 EOF
 
 
-    sd /etc/apt/preferences.d/flidas-buster <<EOF
-Package: *
-Pin: release n=buster
-Pin-Priority: -100
-
-Package: *
-Pin: release n=buster-updates
-Pin-Priority: -100
-EOF
-
     # dont use buster because it causes dist-upgrade to think its downgrading
     # packages while really just reinstalling the same version.
     f=/etc/apt/apt.conf.d/01iank
@@ -311,22 +314,6 @@ EOF
 
     f=/etc/apt/sources.list.d/buster.list
     sudo rm -fv $f
-    #         t=$(mktemp)
-    #         cat >$t <<EOF
-    # deb http://http.us.debian.org/debian buster main
-    # deb-src http://http.us.debian.org/debian buster main
-
-    # deb http://security.debian.org/ buster/updates main
-    # deb-src http://security.debian.org/ buster/updates main
-
-    # deb http://http.us.debian.org/debian buster-updates main
-    # deb-src http://http.us.debian.org/debian buster-updates main
-    # EOF
-    #         if ! diff -q $t $f; then
-    #           s cp $t $f
-    #           s chmod 644 $f
-    #           p update
-    #         fi
 
     # newer version needed for false positive in checkrestart.
     # I did buster at first, but other problem above with having
@@ -364,6 +351,34 @@ EOF
 
     ;;&
   etiona)
+
+    f=/etc/apt/sources.list.d/buster.list
+    t=$(mktemp)
+    cat >$t <<EOF
+deb http://http.us.debian.org/debian buster main
+deb-src http://http.us.debian.org/debian buster main
+
+deb http://security.debian.org/ buster/updates main
+deb-src http://security.debian.org/ buster/updates main
+
+deb http://http.us.debian.org/debian buster-updates main
+deb-src http://http.us.debian.org/debian buster-updates main
+EOF
+    if ! diff -q $t $f; then
+      curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | sudo apt-key add -
+      curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | sudo apt-key add -
+      s cp $t $f
+      s chmod 644 $f
+      p update
+    fi
+    if [[ ! -e /usr/share/debootstrap/scripts/buster ]]; then
+      t=$(mktemp -d)
+      cd $t
+      m aptitude download debootstrap/buster
+      m ex ./*
+      sudo cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+    fi
+
     sd /etc/apt/preferences.d/etiona-bionic <<'EOF'
 Package: *
 Pin: release n=bionic
@@ -437,8 +452,7 @@ case $HOSTNAME in
   l2)
     # setup let's encrypt cert
     m web-conf apache2 l2.b8.nz
-    sudo rm -fv /etc/apache2/sites-enabled/l2.b8.nz{,-redir}.conf
-    ser reload apache2
+    # And leave apache running so renewals can happen.
     s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt
     if [[ ! -L /etc/exim4/exim.key ]]; then
       s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key
@@ -624,8 +638,11 @@ case $codename_compat in
     # by default, it sleeps when not logged in to x/wayland and on ac power.
     # stop that.
     sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
-    systemctl --user stop gvfs-daemon
-    systemctl --user disable gvfs-daemon
+    m systemctl --user stop gvfs-daemon
+    m systemctl --user disable gvfs-daemon
+    # apt-get update periodically fails with an appstream error.
+    # this removes gnome-core, but its just a package for dependencies
+    p remove appstream
     ;;
 esac
 
@@ -695,22 +712,22 @@ sudo rm -fv /etc/apt/sources.list.d/iridium-browser.list
 # done
 
 # key already exists, so this won't generate one, just the configs.
-m vpn-server-setup -rds
-sudo tee -a /etc/openvpn/server/server.conf <<'EOF'
-push "dhcp-option DNS 10.0.0.1"
-push "route 10.0.0.0 255.255.0.0"
-client-connect /a/bin/distro-setup/vpn-client-connect
-EOF
-sudo sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf
-
-if [[ $HOSTNAME == tp ]]; then
-  if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
-    vpn_service=openvpn-server@server
-  else
-    vpn_service=openvpn@server
-  fi
-  sgo $vpn_service
-fi
+# m vpn-server-setup -rds
+# sudo tee -a /etc/openvpn/server/server.conf <<'EOF'
+# push "dhcp-option DNS 10.0.0.1"
+# push "route 10.0.0.0 255.255.0.0"
+# client-connect /a/bin/distro-setup/vpn-client-connect
+# EOF
+# sudo sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf
+
+# if [[ $HOSTNAME == tp ]]; then
+#   if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
+#     vpn_service=openvpn-server@server
+#   else
+#     vpn_service=openvpn@server
+#   fi
+#   sgo $vpn_service
+# fi
 ### end vpn server setup
 
 
@@ -808,7 +825,9 @@ pi-nostart openvpn
 # pi-nostart does not disable
 ser disable openvpn
 
-/p/c/gen-fsf-vpn
+if [[ -e /p/c/gen-fsf-vpn ]]; then
+  /p/c/gen-fsf-vpn
+fi
 
 m /a/bin/distro-setup/radicale-setup
 
@@ -908,8 +927,8 @@ m reset-xscreensaver
 # pi libxss-dev # dependency based on build failure
 # cabal update
 # cabal install --upgrade-dependencies  --force-reinstalls arbtt
-# also, i assume syncing this between machines somehow messed thin
-#lnf -T /m/arbtt-capture.log ~/.arbtt/capture.log
+# also, i assume syncing this between machines somehow messed up the data.
+
 
 m primary-setup
 
@@ -1309,6 +1328,11 @@ m /a/bin/buildscripts/rust
 m /a/bin/buildscripts/misc
 
 pi-nostart virtinst virt-manager
+soff libvirtd
+# i cant if this is whats causing it to start even though
+# its disabled. note: it leaves around dnsmasq instances even
+# if you stop it. what the hell systemd?
+soff libvirt-guests
 # allow user to run vms, from debian handbook
 for x in iank user2; do s usermod -a -G libvirt,kvm $x; done
 
@@ -1389,6 +1413,13 @@ case $(debian-codename) in
   flidas)
     pi dnsmasq
     pi-nostart network-manager
+    # i hate networkmanager. noo, of course disabling it doesnt work
+    # unless you add a hack. found this by doing
+    # systemd-analyze dot > x.dot
+    # less x.dot
+    # /networkman
+    soff NetworkManager
+    soff NetworkManager-wait-online.service
     # make networkmanager use resolvconf instead of its own dnsmasq which
     # conflicts with the normal dnsmasq package.
     f=/etc/NetworkManager/NetworkManager.conf
@@ -1410,6 +1441,12 @@ case $(debian-codename) in
     ;;
 esac
 
+# I have no use for avahi,
+# had to run this twice when doing manually, i dunno why
+soff avahi-daemon ||:
+sleep 1
+soff avahi-daemon
+
 # make my /etc/fonts/conf.d/ get used.
 # I have a new sans-serif font there because the default one
 # displays l and I as the same char, grrrrr.
diff --git a/filesystem/etc/X11/Xsession.d/98iank b/filesystem/etc/X11/Xsession.d/98iank
index efbdd98..01f2af7 100644
--- a/filesystem/etc/X11/Xsession.d/98iank
+++ b/filesystem/etc/X11/Xsession.d/98iank
@@ -4,7 +4,3 @@
 if [[ $HOSTNAME != frodo ]]; then
   /usr/share/xscreensaver/xscreensaver-wrapper.sh &
 fi
-
-# if [[ $HOSTNAME == $MAIL_HOST ]]; then
-#   arbtt-capture --sample-rate=10 &
-# fi
diff --git a/filesystem/etc/profile.d/environment.sh b/filesystem/etc/profile.d/environment.sh
index 96f0271..38a775f 100644
--- a/filesystem/etc/profile.d/environment.sh
+++ b/filesystem/etc/profile.d/environment.sh
@@ -65,6 +65,8 @@ if [ -f /etc/fedora-release ]; then
   fi
 fi
 
+
+
 # background:
 # ubuntu has 002 for non-system users, debian has 022.  002 makes groups
 # be rw instead of r.
diff --git a/filesystem/etc/systemd/logind.conf.d/iank.conf b/filesystem/etc/systemd/logind.conf.d/iank.conf
new file mode 100644
index 0000000..dc58951
--- /dev/null
+++ b/filesystem/etc/systemd/logind.conf.d/iank.conf
@@ -0,0 +1,3 @@
+# See logind.conf(5) for details.
+[Login]
+HandleLidSwitch=ignore
diff --git a/filesystem/etc/systemd/resolved.conf.d/iank.conf b/filesystem/etc/systemd/resolved.conf.d/iank.conf
new file mode 100644
index 0000000..323c406
--- /dev/null
+++ b/filesystem/etc/systemd/resolved.conf.d/iank.conf
@@ -0,0 +1,6 @@
+[Resolve]
+# i had an issue where i changed dns on wrt, but it started randomly
+# going back to the old dns. dunno why. just disabling these things
+# in case.
+LLMNR=no
+MulticastDNS=no
diff --git a/i3-sway/common.conf b/i3-sway/common.conf
index c511dbc..341613f 100644
--- a/i3-sway/common.conf
+++ b/i3-sway/common.conf
@@ -72,3 +72,5 @@ font pango:monospace 8
 
 # todo: only available in newer i3n
 #hide_edge_borders smart
+
+#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
diff --git a/i3-sway/i3.conf b/i3-sway/i3.conf
index 35cf00b..1107e7b 100644
--- a/i3-sway/i3.conf
+++ b/i3-sway/i3.conf
@@ -2,3 +2,9 @@
 bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
 
 bindsym $mod+Shift+p restart
+
+bar {
+status_command i3status
+mode hide
+hidden_state hide
+}
diff --git a/input-setup b/input-setup
index 6c94a54..211f12d 100755
--- a/input-setup
+++ b/input-setup
@@ -15,19 +15,10 @@ set -x
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# set to oppsite if the order is flipped.
-k2flip=true
-if $k2flip; then
-  k2inorder=false
-else
-  k2inorder=true
-fi
-
 type=model01
 
 case $1 in
   l) type=laptop ;;
-  k) type=kinesis ;;
   m) type=model01 ;;
 esac
 
@@ -35,13 +26,19 @@ esac
 mi() {
   xinput --get-feedbacks "$1" | grep "threshold"
   xinput --get-feedbacks "$1" | grep "accelNum\|accelDenom"
-  xinput --list-props "$1" | grep "Device Accel Profile\|Device Accel Constant Deceleration\|Device Accel Velocity Scaling"
+  xinput --list-props "$1"
 }
 ms() {
   xinput --set-ptr-feedback "$1" $2 ${3%/*} ${3#*/}
+  # running newer system that uses libinput and has far less
+  # customizability. I havent yet determined the best settings here.
+  if xinput --list-props "$1" | grep "libinput Accel Speed" &>/dev/null; then
+    xinput --set-prop "$1" "libinput Accel Speed" 1
+    else
   xinput --set-prop "$1" 'Device Accel Profile'  $4
   xinput --set-prop "$1" 'Device Accel Constant Deceleration' $5
   xinput --set-prop "$1" 'Device Accel Velocity Scaling' $6
+  fi
   mi "$1"
 }
 set_device_id() {
@@ -79,7 +76,6 @@ case $type in
   model01)
     # original saved with: xkbcomp $DISPLAY /a/c/flidas-2017-12.xkb
     xkbcomp /a/c/model01.xkb $DISPLAY
-    . /a/bin/bash_unpublished/duplicity-gpg-agent-setup
     ;;
   laptop)
     xkbcomp /a/c/x2.xkb $DISPLAY
diff --git a/mail-route b/mail-route
index a1c1b47..599c9d3 100755
--- a/mail-route
+++ b/mail-route
@@ -6,6 +6,8 @@
 
 #     http://www.apache.org/licenses/LICENSE-2.0
 
+set -x
+exec &> >(logger)
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/mail-setup b/mail-setup
index b045484..443bc74 100755
--- a/mail-setup
+++ b/mail-setup
@@ -21,6 +21,8 @@ else
   err "no err tracing script found"
   exit 1
 fi
+source /a/bin/distro-functions/src/identify-distros
+
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 if [[ ! $SUDO_USER ]]; then
@@ -51,7 +53,7 @@ EOF
 # reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921
 #
 # for phone, k9mail, same thing but username alerts, pass in ivy-pass.
-# also, l2.b8.nz for secondary alerts
+# also, l2.b8.nz for secondary alerts, username is iank. same alerts pass.
 # fetching mail settings: folder poll frequency 10 minutes
 #######
 
@@ -172,6 +174,22 @@ smarthost="$mxhost::$mxport"
 ## * Install packages
 # light version of exim does not have sasl auth support.
 pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn
+
+if [[ $(debian-codename) == etiona ]]; then
+  # ip6tables stopped loading on boot. openvpn has reduced capability set,
+  # so running iptables as part of openvpn startup wont work. This should do it.
+  # todo: im sure there is a better way.
+  yes no | pi iptables-persistent || [[ $? == 141 ]]
+  cat >/etc/iptables/rules.v6 <<'EOF'
+*nat
+*mangle
+*filter
+COMMIT
+EOF
+  # load it now.
+  ip6tables -S &>/dev/null
+fi
+
 # our nostart pi fails to avoid enabling
 sudo systemctl disable openvpn
 
@@ -526,11 +544,17 @@ dovecot_lmtp:
         batch_max = 200
 EOF
 
+# this avoids some error. i cant remember what. todo:
+# test it out and document why/if its needed.
 cat >/etc/exim4/host_local_deny_exceptions <<'EOF'
 mail.fsf.org
 *.posteo.de
 EOF
 
+# for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
+# and also have mail.iankelling.org whitelisted as a relay domain.
+# I could avoid that if I changed this to submit to 587 with a
+# password like a standard mua.
 cat >/etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF'
 # smarthost for fsf mail
 # ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and
@@ -583,12 +607,16 @@ dovecot-setup() {
   for f in /p/c/subdir_files/sieve/*sieve /a/c/subdir_files/sieve/*sieve; do
     m sudo -u $u /a/exe/lnf -T $f $uhome/sieve/${f##*/}
   done
+
+
   # If we changed 90-sieve.conf and removed the active part of the
   # sieve option, we wouldn\'t need this, but I\'d rather not modify a
   # default config if not needed. This won\'t work as a symlink in /a/c
   # unfortunately.
-  if [[ -e $uhome/sieve/personal.sieve ]]; then
-    m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
+  m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
+
+  if [[ ! -e $uhome/sieve/personal.sieve ]]; then
+    touch $uhome/sieve/personal{,end}{,test}.sieve
   fi
 
   # we set this later in local.conf
@@ -668,11 +696,34 @@ EOF
 
 # * if MAIL_HOST
 case $HOSTNAME in
-  $MAIL_HOST)
+  $MAIL_HOST|l2)
     dovecot-setup
+    m systemctl enable dovecot
+    m systemctl restart dovecot
+    cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# note: some things we don't set that are here by default because they are unused.
+dc_eximconfig_configtype='internet'
+dc_localdelivery='dovecot_lmtp'
+EOF
+    cat >>/etc/exim4/conf.d/main/000_local <<EOF
+# recommended if dns is expected to work
+CHECK_RCPT_VERIFY_SENDER = true
+# seems like a good idea
+CHECK_DATA_VERIFY_HEADER_SENDER = true
+CHECK_RCPT_SPF = true
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_MAIL_HELO_ISSUED = true
+EOF
+
+    m systemctl enable mailclean.timer
+    m systemctl start mailclean.timer
+
+    ;;&
+  $MAIL_HOST)
 
     # ** exim
 
+    # todo, these pem files look old and useless. whats going on
     sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 \
          /p/c/filesystem/etc/exim4/passwd /p/c/filesystem/etc/exim4/*.pem /etc/exim4/
 
@@ -706,21 +757,11 @@ EOF
     # file, so I've saved that into ./mail-notes.conf.
 
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
-# note: some things we don't set that are here by default because they are unused.
-
-dc_eximconfig_configtype='internet'
-
 # man page: is used to build the local_domains list, together with "localhost"
 # iank.bid is for testing
 # mail.iankelling.org is for machines i own
-dc_other_hostnames='*.iankelling.org;iankelling.org;*iank.bid;iank.bid;*zroe.org;zroe.org;*.b8.nz;b8.nz'
+dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;$HOSTNAME.b8.nz;b8.nz'
 
-# from man page:
-# Is  a  list  of  domains for which we accept mail from anywhere on the Internet but which are not delivered locally, e.g.
-# because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS.
-# todo: we should not accept from anywhere, only the mx for fsf.
-dc_relay_domains='*.fsf.org;fsf.org'
-dc_localdelivery='dovecot_lmtp'
 EOF
 
 
@@ -743,8 +784,6 @@ EOF
 # i can send mail where port 25 is firewalled by isp
 daemon_smtp_ports = 25 : 587
 
-
-
 # failing message on mail-tester.com:
 # We check if there is a server (A Record) behind your hostname kd.
 # You may want to publish a DNS record (A type) for the hostname kd or use a different hostname in your mail software
@@ -761,14 +800,6 @@ CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl
 CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl
 
 
-# recommended if dns is expected to work
-CHECK_RCPT_VERIFY_SENDER = true
-# seems like a good idea
-CHECK_DATA_VERIFY_HEADER_SENDER = true
-CHECK_RCPT_SPF = true
-CHECK_RCPT_REVERSE_DNS = true
-CHECK_MAIL_HELO_ISSUED = true
-
 # testing dmarc
 #dmarc_tld_file = /etc/public_suffix_list.dat
 EOF
@@ -806,12 +837,8 @@ EOF
     fi
 
 
-    m systemctl enable mailclean.timer
-    m systemctl start mailclean.timer
     m systemctl restart $vpn_ser@mail
     m systemctl enable $vpn_ser@mail
-    m systemctl enable dovecot
-    m systemctl restart dovecot
     ;;
   # * not MAIL_HOST
   *) # $HOSTNAME != $MAIL_HOST
@@ -850,14 +877,11 @@ EOF
     ;;&
   ## we use this host to monitor MAIL_HOST
   l2)
-    dovecot-setup
-    m systemctl enable dovecot
-    m systemctl restart dovecot
+
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 # man page: is used to build the local_domains list, together with "localhost"
 # mail.iankelling.org is for machines i own
 dc_other_hostnames='l2.b8.nz'
-dc_localdelivery='dovecot_lmtp'
 EOF
     # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
     # is no good.
@@ -964,14 +988,14 @@ SHELL=/bin/bash
 PATH=/usr/bin:/bin:/usr/local/bin
 */5 * * * *   $u send-test-forward |& log-once send-test-forward
 */10 * * * *   root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod
+*/5 * * * *   $u mailtest-check |& log-once -1 mailtest-check
 EOF
     ;;&
   $MAIL_HOST)
     test_from=ian@iankelling.org
-    test_to=iank@posteo.de
+    test_to=testignore@l2.b8.nz
 
     cat >>/etc/cron.d/mailtest <<EOF
-*/5 * * * *   $u mailtest-check |& log-once -1 mailtest-check
 2   * * * *   $u check-remote-mailqs |& log-once check-remote-mailqs
 EOF
     m sudo rsync -ahhi --chown=root:root --chmod=0755 \
diff --git a/mailtest-check b/mailtest-check
index 91cf8cd..7adec92 100755
--- a/mailtest-check
+++ b/mailtest-check
@@ -20,30 +20,29 @@ if [[ ! $1 && $- != *i* ]]; then
 fi
 
 
-folders=(/m/md/l/testignore{,2}/new)
-find ${folders[@]} -type f -mtime +1 -delete
-
-for folder in ${folders[@]}; do
-  cd $folder
-  last_sec=0
-  for file in *; do
-    if [[ $file -nt $latest ]]; then
-      latest=$file
-    fi
-  done
-
-  if [[ $latest ]]; then
-    last_sec=$(awk '/^Subject: / {print $3}' $latest)
-  fi
+folder=/m/md/l/testignore/new
+find $folder -type f -mtime +1 -delete
 
-  now=$(date +%s)
-  limit=$(( now - 60 * min_limit ))
 
-  if (( last_sec <= limit )); then
-    echo $HOSTNAME mailtest failure
-    touch /nocow/user/mailtest-failure
-    break
-  else
-    rm -f /nocow/user/mailtest-failure
+cd $folder
+last_sec=0
+for file in *; do
+  if [[ $file -nt $latest ]]; then
+    latest=$file
   fi
 done
+
+if [[ $latest ]]; then
+  last_sec=$(awk '/^Subject: / {print $3}' $latest)
+fi
+
+now=$(date +%s)
+limit=$(( now - 60 * min_limit ))
+
+if (( last_sec <= limit )); then
+  echo $HOSTNAME mailtest failure
+  touch /nocow/user/mailtest-failure
+  break
+else
+  rm -f /nocow/user/mailtest-failure
+fi
diff --git a/mount-latest-subvol b/mount-latest-subvol
index 49dfac7..ded8ee9 100644
--- a/mount-latest-subvol
+++ b/mount-latest-subvol
@@ -235,6 +235,9 @@ for vol in q a o i; do
     continue
   fi
 
+  if [[ $vol == q ]]; then
+    systemctl --user stop arbtt
+  fi
   umount_ret=true
   unmounted=()
   for dir in $(echo $d ${binds[*]}\ |tac -s\ ); do
@@ -328,6 +331,10 @@ for vol in q a o i; do
   for dir in $d ${binds[@]}; do
     m mnt $dir
   done
+  if [[ $vol == q ]]; then
+    # maybe this will fail if X is not running
+    systemctl --user start arbtt ||:
+  fi
   stale_dir=/nocow/btrfs-stale
   rm -f $stale_dir/$d
 
diff --git a/subdir_files/.config/i3/config b/subdir_files/.config/i3/config
index e448679..3d6d055 100644
--- a/subdir_files/.config/i3/config
+++ b/subdir_files/.config/i3/config
@@ -72,7 +72,15 @@ font pango:monospace 8
 
 # todo: only available in newer i3n
 #hide_edge_borders smart
+
+#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
 # exit i3 (logs you out of your X session)
 bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
 
 bindsym $mod+Shift+p restart
+
+bar {
+status_command i3status
+mode hide
+hidden_state hide
+}
diff --git a/subdir_files/.config/sway/config b/subdir_files/.config/sway/config
index b81cad5..2715465 100644
--- a/subdir_files/.config/sway/config
+++ b/subdir_files/.config/sway/config
@@ -72,6 +72,8 @@ font pango:monospace 8
 
 # todo: only available in newer i3n
 #hide_edge_borders smart
+
+#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
 # exit sway (logs you out of your Wayland session)
 bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
 
diff --git a/subdir_files/.config/systemd/user/arbtt.service b/subdir_files/.config/systemd/user/arbtt.service
new file mode 100644
index 0000000..5ac2c44
--- /dev/null
+++ b/subdir_files/.config/systemd/user/arbtt.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=arbtt
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/arbtt-capture --sample-rate=15
+Environment="DISPLAY=:0"
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/subdir_files/sieve/lists.sieve b/subdir_files/sieve/lists.sieve
index 6c09b2f..35a2355 100644
--- a/subdir_files/sieve/lists.sieve
+++ b/subdir_files/sieve/lists.sieve
@@ -1,5 +1,13 @@
 require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ];
 
+if anyof (
+    address :regex "to" "^testignore@"
+    ) {
+    fileinto :create "l/testignore";
+    stop;
+         }
+
+
 if anyof (
     header :contains "list-id" "<debian-security-announce.lists.debian.org>",
     header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
@@ -71,8 +79,8 @@ if anyof (
     header :contains "list-id" "<seabios.seabios.org>",
     header :contains "list-id" "<freetype-devel.nongnu.org>",
     header :contains "list-id" "<mailman-developers.python.org>",
-    header :contains "list-id" "<mailop.mailop.org>",
     header :contains "list-id" "<linux-raid.vger.kernel.org>",
+    header :contains "list-id" "<mailop.mailop.org>",
     header :contains "list-id" "<xmonad.haskell.org>") {
     if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
         set :lower "listname" "${1}";
diff --git a/subdir_files/sieve/liststest.sieve b/subdir_files/sieve/liststest.sieve
index c69155c..35a2355 100644
--- a/subdir_files/sieve/liststest.sieve
+++ b/subdir_files/sieve/liststest.sieve
@@ -1,5 +1,13 @@
 require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ];
 
+if anyof (
+    address :regex "to" "^testignore@"
+    ) {
+    fileinto :create "l/testignore";
+    stop;
+         }
+
+
 if anyof (
     header :contains "list-id" "<debian-security-announce.lists.debian.org>",
     header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"