From: Ian Kelling <ian@iankelling.org> Date: Mon, 27 Jan 2020 22:43:26 +0000 (-0500) Subject: etiona and more use of l2 for mail monitoring X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=69760a2f197de6f02029d9da6344e09ef7572af7;p=distro-setup etiona and more use of l2 for mail monitoring --- diff --git a/Makefile b/Makefile index eeb913a..3c19e63 100644 --- a/Makefile +++ b/Makefile @@ -3,5 +3,5 @@ all: ~/.local/distro-begin ~/.local/distro-end ~/.local/distro-begin: distro-begin mail-setup /a/bin/buildscripts/emacs ssh-emacs-setup distro-begin -~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc /p/c/gen-fsf-vpn +~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc distro-end diff --git a/brc b/brc index a85cd66..08ad406 100644 --- a/brc +++ b/brc @@ -985,6 +985,7 @@ ser() { $s service $2 $1 fi } +seru() { systemctl --user "$@"; } # like restart, but do nothing if its not already started srestart() { local service=$1 @@ -1022,6 +1023,11 @@ sgo() { # service go ser enable $service fi } +soff() { # service go + service=$1 + ser stop $service + ser disable $service +} sgu() { systemctl list-unit-files | rg "$@" @@ -1145,21 +1151,15 @@ tx() { # toggle set -x, and the prompt so it doesnt spam if [[ $- == *x* ]]; then set +x PROMPT_COMMAND=prompt-command - # disabled due to issue on stretch, running ll we get error. something - # about the DEBUG trap is broken - # if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then - # trap 'settitle "$BASH_COMMAND"' DEBUG - # fi + if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then + trap 'settitle "$BASH_COMMAND"' DEBUG + fi else # normally, i would just execute these commands in the function. # however, DEBUG is not inherited, so we need to run it outside a function. # And we want to run set -x afterwards to avoid spam, so we cram everything # in here, and then it will run after this function is done. - #PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1="\w \$ "; set -x' - - unset PROMPT_COMMAND - PS1="\w \$ " - set -x + PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1="\w \$ "; set -x' fi } @@ -1308,17 +1308,27 @@ if [[ $- == *i* ]]; then ps_char="@ $ps_char" fi PS1="${PS1%"${PS1#*[wW]}"} \[$ps_color\]$ps_char\[$term_nocolor\] " + + # set titlebar + #echo -ne "$title_escape ${PWD/#$HOME/~} \007" + } PROMPT_COMMAND=prompt-command + if [[ $TERM == screen* ]]; then + _title_escape="\033]..2;" + else + _title_escape="\033]0;" + fi + settitle () { - if [[ $TERM == screen* ]]; then - local title_escape="\033]..2;" - else - local title_escape="\033]0;" - fi - if [[ $0 != prompt-command ]]; then - echo -ne "$title_escape$USER@$HOSTNAME ${PWD/#$HOME/~} " + # this makes it so we show the current command if + # one is running, otherwise, show nothing + if [[ $1 == prompt-command ]]; then + set -- + fi + if [[ ${#BASH_ARGC[@]} == 1 ]]; then + echo -ne "$_title_escape ${PWD/#$HOME/~} " printf "%s" "$*" echo -ne "\007" fi @@ -1327,12 +1337,11 @@ if [[ $- == *i* ]]; then # for titlebar. # condition from the screen man page i think. # note: duplicated in tx() - # disabled. see note in tx - # if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then - # trap 'settitle "$BASH_COMMAND"' DEBUG - # else - # trap DEBUG - # fi + if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then + trap 'settitle "$BASH_COMMAND"' DEBUG + else + trap DEBUG + fi fi diff --git a/brc2 b/brc2 index cdac34b..93a141e 100644 --- a/brc2 +++ b/brc2 @@ -615,7 +615,9 @@ ilog() { } o() { - if type gvfs-open &> /dev/null ; then + if type gio &> /dev/null ; then + gio open "$@" + elif type gvfs-open &> /dev/null ; then gvfs-open "$@" else xdg-open "$@" @@ -716,6 +718,9 @@ net-dev-info() { nk() { ser stop NetworkManager + ser disable NetworkManager + ser stop NetworkManager-wait-online.service + ser disable NetworkManager-wait-online.service ser stop dnsmasq sudo resolvconf -d NetworkManager ser start dnsmasq @@ -1266,7 +1271,7 @@ reset-konsole() { } reset-sakura() { - while -r read k v; do + while read -r k v; do # shellcheck disable=SC2154 setini $k $v sakura /a/c/subdir_files/.config/sakura/sakura.conf done <<'EOF' @@ -1304,7 +1309,8 @@ EOF # * stuff that makes sense to be at the end if [[ "$SUDOD" ]]; then - cd "$SUDOD" + # allow failure, for example if we are sudoing into a user with diffferent/lesser permissions. + cd "$SUDOD" ||: unset SUDOD elif [[ -d /a ]] && [[ $PWD == "$HOME" ]] && [[ $- == *i* ]]; then cd /a diff --git a/btrbk-run b/btrbk-run index 6836382..dde230e 100644 --- a/btrbk-run +++ b/btrbk-run @@ -161,8 +161,8 @@ if [[ ! -v targets && ! $source ]]; then fi ;;& kw|x2|x3) - if $at_work && ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then - home=iank.vpn.office.fsf.org + if $at_work && ping -q -c1 -w1 iank.vpn2.office.fsf.org &>/dev/null; then + home=iank.vpn2.office.fsf.org else home=b8.nz fi @@ -304,7 +304,7 @@ else sshfail=() min_idle_ms=$((1000 * 60 * 15)) for h in ${targets[@]}; do - if zone=$(ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then + if zone=$(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then # This is a separate ssh because xprintidle can fail and thats ok. if $cron && idle_ms=$(timeout -s 9 6 ssh $h DISPLAY=:0 xprintidle); then if (( idle_ms < min_idle_ms )); then diff --git a/conflink b/conflink index 69b6a6e..710e626 100755 --- a/conflink +++ b/conflink @@ -90,6 +90,9 @@ common-file-setup() { etc/dnsmasq.d/*) restart_services+=(dnsmasq) ;; + etc/systemd/resolved.conf.d/*) + restart_services+=(systemd-resolved) + ;; esac # Previously did this with tar, but it doesn't # update directory permissions. @@ -117,7 +120,7 @@ common-file-setup() { fi for service in ${restart_services[@]}; do if systemctl is-active $service >/dev/null; then - m s systemctl reload $service + m s systemctl restart $service fi done @@ -161,7 +164,6 @@ case $user in if [[ -e /var/lib/znc ]] && getent group znc; then s chown -R znc:znc /var/lib/znc fi - /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log f=/etc/prometheus-htpasswd if [[ -e $f ]]; then s chmod 640 $f /etc/prometheus-pass diff --git a/desktop-20-autostart.sh b/desktop-20-autostart.sh index 69f455f..8dc4ed6 100755 --- a/desktop-20-autostart.sh +++ b/desktop-20-autostart.sh @@ -13,6 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log + + # first 2 alternatives showed under ubuntu 14.04, second 2 under arch at 11/2015 if [[ $1 ]]; then right_monitor_rotation=left @@ -25,32 +28,11 @@ if ! xout="$(xrandr)"; then # under wayland exit 0 fi -xe() { echo "$xout"; } -x=$(xe | grep -Ec '^(DisplayPort-[0123]|DVI-0|DP-[1234]|DVI-I-1) connected') -if (( x > 2 )); then - left=$(xe | sed -rn 's/^(DVI[^ ]+) connected .*/\1/p') - dps=( $(xe | sed -rn 's/^(DP-[01234]|DisplayPort-[01234]) connected .*/\1/p') ) - - middle=${dps[1]} - right=${dps[0]} - # on older distros, i needed to swap middle and right. - - - xrandr --output $left --mode 2560x1600 --pos 0x0 --rotate left \ - --output $middle --mode 2560x1600 --pos 1600x0 --rotate left \ - --output $right --mode 2560x1600 --pos 3200x0 --rotate $right_monitor_rotation -elif (( x == 2 )); then - # 3rd monitor not working atm, so doing this. - left=$(xe | sed -rn 's/^(DVI[^ ]+) connected .*/\1/p') - middle=$(xe | sed -rn 's/^(DP-[01234]|DisplayPort-[01234]) connected .*/\1/p') - xrandr --output $left --mode 2560x1600 --pos 0x0 --rotate left \ - --output $middle --mode 2560x1600 --pos 1600x0 --rotate left - +if echo "$xout" | grep "^HDMI-1 connected" &>/dev/null; then + # this command created by using arandr and then clicking save, copying the result. + xrandr --output VGA-1 --off --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output eDP-1 --off fi /a/bin/distro-setup/input-setup m -if isarch; then - pulseaudio --start -fi -#indicator-kdeconnect -date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log +echo -n "ending " >> /tmp/desktop-20-autostart-log +date "+%A, %B %d, %r, %S seconds" >> /tmp/desktop-20-autostart-log diff --git a/distro-begin b/distro-begin index 16d3359..290b14d 100755 --- a/distro-begin +++ b/distro-begin @@ -54,6 +54,7 @@ if ! $interactive; then fi source /a/bin/errhandle/err +mkdir -p ~/.local err-cleanup() { echo 1 >~/.local/distro-begin } @@ -255,6 +256,7 @@ if linode; then fi # this needs to be before installing pacserve so we have gpg conf. conflink +rootsshsync ###### bash environment setup set +x @@ -341,7 +343,7 @@ pi ${p1[@]} ######## fix evbug bug ###### case $(debian-codename-compat) in - xenial) + xenial|bionic) # noticed in flidas. dunno if it affects any others #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553 #https://wiki.debian.org/KernelModuleBlacklisting @@ -550,8 +552,15 @@ if has_monitor; then pi --no-install-recommends gtk-redshift ##### setup X autostart - # todo, figure this out for arch if we ever try out gnome. # install for multiple display managers in case we use one + dir=/etc/X11/xinit/xinitrc.d/ + sudo mkdir -p $dir + sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir + s teeu /etc/systemd/logind.conf <<'EOF' +HandleLidSwitch= +EOF + + # this works on dir=/etc/gdm3 sudo mkdir -p $dir/PostLogin sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default diff --git a/distro-end b/distro-end index 0c6b463..875aab5 100755 --- a/distro-end +++ b/distro-end @@ -166,9 +166,21 @@ sgo certbotmail.timer ######### begin flidas pinned packages ###### case $(debian-codename) in + etiona|flidas) + sd /etc/apt/preferences.d/etiona-buster <<EOF +Package: * +Pin: release n=buster +Pin-Priority: -100 + +Package: * +Pin: release n=buster-updates +Pin-Priority: -100 +EOF + ;;& # needed for debootstrap scripts for fai since fai requires debian flidas) - curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add - + # moved to fai + #curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add - sd /etc/apt/preferences.d/flidas-xenial <<EOF Package: * Pin: release a=xenial @@ -193,7 +205,8 @@ deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main EOF if ! apt-key list | grep /C0B21F32 &>/dev/null; then - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 + # moved to fai + #sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 sd /etc/apt/preferences.d/flidas-bionic <<EOF Package: * Pin: release a=bionic @@ -290,16 +303,6 @@ Pin-Priority: 1005 EOF - sd /etc/apt/preferences.d/flidas-buster <<EOF -Package: * -Pin: release n=buster -Pin-Priority: -100 - -Package: * -Pin: release n=buster-updates -Pin-Priority: -100 -EOF - # dont use buster because it causes dist-upgrade to think its downgrading # packages while really just reinstalling the same version. f=/etc/apt/apt.conf.d/01iank @@ -311,22 +314,6 @@ EOF f=/etc/apt/sources.list.d/buster.list sudo rm -fv $f - # t=$(mktemp) - # cat >$t <<EOF - # deb http://http.us.debian.org/debian buster main - # deb-src http://http.us.debian.org/debian buster main - - # deb http://security.debian.org/ buster/updates main - # deb-src http://security.debian.org/ buster/updates main - - # deb http://http.us.debian.org/debian buster-updates main - # deb-src http://http.us.debian.org/debian buster-updates main - # EOF - # if ! diff -q $t $f; then - # s cp $t $f - # s chmod 644 $f - # p update - # fi # newer version needed for false positive in checkrestart. # I did buster at first, but other problem above with having @@ -364,6 +351,34 @@ EOF ;;& etiona) + + f=/etc/apt/sources.list.d/buster.list + t=$(mktemp) + cat >$t <<EOF +deb http://http.us.debian.org/debian buster main +deb-src http://http.us.debian.org/debian buster main + +deb http://security.debian.org/ buster/updates main +deb-src http://security.debian.org/ buster/updates main + +deb http://http.us.debian.org/debian buster-updates main +deb-src http://http.us.debian.org/debian buster-updates main +EOF + if ! diff -q $t $f; then + curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | sudo apt-key add - + curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | sudo apt-key add - + s cp $t $f + s chmod 644 $f + p update + fi + if [[ ! -e /usr/share/debootstrap/scripts/buster ]]; then + t=$(mktemp -d) + cd $t + m aptitude download debootstrap/buster + m ex ./* + sudo cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts + fi + sd /etc/apt/preferences.d/etiona-bionic <<'EOF' Package: * Pin: release n=bionic @@ -437,8 +452,7 @@ case $HOSTNAME in l2) # setup let's encrypt cert m web-conf apache2 l2.b8.nz - sudo rm -fv /etc/apache2/sites-enabled/l2.b8.nz{,-redir}.conf - ser reload apache2 + # And leave apache running so renewals can happen. s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt if [[ ! -L /etc/exim4/exim.key ]]; then s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key @@ -624,8 +638,11 @@ case $codename_compat in # by default, it sleeps when not logged in to x/wayland and on ac power. # stop that. sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing' - systemctl --user stop gvfs-daemon - systemctl --user disable gvfs-daemon + m systemctl --user stop gvfs-daemon + m systemctl --user disable gvfs-daemon + # apt-get update periodically fails with an appstream error. + # this removes gnome-core, but its just a package for dependencies + p remove appstream ;; esac @@ -695,22 +712,22 @@ sudo rm -fv /etc/apt/sources.list.d/iridium-browser.list # done # key already exists, so this won't generate one, just the configs. -m vpn-server-setup -rds -sudo tee -a /etc/openvpn/server/server.conf <<'EOF' -push "dhcp-option DNS 10.0.0.1" -push "route 10.0.0.0 255.255.0.0" -client-connect /a/bin/distro-setup/vpn-client-connect -EOF -sudo sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf - -if [[ $HOSTNAME == tp ]]; then - if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then - vpn_service=openvpn-server@server - else - vpn_service=openvpn@server - fi - sgo $vpn_service -fi +# m vpn-server-setup -rds +# sudo tee -a /etc/openvpn/server/server.conf <<'EOF' +# push "dhcp-option DNS 10.0.0.1" +# push "route 10.0.0.0 255.255.0.0" +# client-connect /a/bin/distro-setup/vpn-client-connect +# EOF +# sudo sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf + +# if [[ $HOSTNAME == tp ]]; then +# if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then +# vpn_service=openvpn-server@server +# else +# vpn_service=openvpn@server +# fi +# sgo $vpn_service +# fi ### end vpn server setup @@ -808,7 +825,9 @@ pi-nostart openvpn # pi-nostart does not disable ser disable openvpn -/p/c/gen-fsf-vpn +if [[ -e /p/c/gen-fsf-vpn ]]; then + /p/c/gen-fsf-vpn +fi m /a/bin/distro-setup/radicale-setup @@ -908,8 +927,8 @@ m reset-xscreensaver # pi libxss-dev # dependency based on build failure # cabal update # cabal install --upgrade-dependencies --force-reinstalls arbtt -# also, i assume syncing this between machines somehow messed thin -#lnf -T /m/arbtt-capture.log ~/.arbtt/capture.log +# also, i assume syncing this between machines somehow messed up the data. + m primary-setup @@ -1309,6 +1328,11 @@ m /a/bin/buildscripts/rust m /a/bin/buildscripts/misc pi-nostart virtinst virt-manager +soff libvirtd +# i cant if this is whats causing it to start even though +# its disabled. note: it leaves around dnsmasq instances even +# if you stop it. what the hell systemd? +soff libvirt-guests # allow user to run vms, from debian handbook for x in iank user2; do s usermod -a -G libvirt,kvm $x; done @@ -1389,6 +1413,13 @@ case $(debian-codename) in flidas) pi dnsmasq pi-nostart network-manager + # i hate networkmanager. noo, of course disabling it doesnt work + # unless you add a hack. found this by doing + # systemd-analyze dot > x.dot + # less x.dot + # /networkman + soff NetworkManager + soff NetworkManager-wait-online.service # make networkmanager use resolvconf instead of its own dnsmasq which # conflicts with the normal dnsmasq package. f=/etc/NetworkManager/NetworkManager.conf @@ -1410,6 +1441,12 @@ case $(debian-codename) in ;; esac +# I have no use for avahi, +# had to run this twice when doing manually, i dunno why +soff avahi-daemon ||: +sleep 1 +soff avahi-daemon + # make my /etc/fonts/conf.d/ get used. # I have a new sans-serif font there because the default one # displays l and I as the same char, grrrrr. diff --git a/filesystem/etc/X11/Xsession.d/98iank b/filesystem/etc/X11/Xsession.d/98iank index efbdd98..01f2af7 100644 --- a/filesystem/etc/X11/Xsession.d/98iank +++ b/filesystem/etc/X11/Xsession.d/98iank @@ -4,7 +4,3 @@ if [[ $HOSTNAME != frodo ]]; then /usr/share/xscreensaver/xscreensaver-wrapper.sh & fi - -# if [[ $HOSTNAME == $MAIL_HOST ]]; then -# arbtt-capture --sample-rate=10 & -# fi diff --git a/filesystem/etc/profile.d/environment.sh b/filesystem/etc/profile.d/environment.sh index 96f0271..38a775f 100644 --- a/filesystem/etc/profile.d/environment.sh +++ b/filesystem/etc/profile.d/environment.sh @@ -65,6 +65,8 @@ if [ -f /etc/fedora-release ]; then fi fi + + # background: # ubuntu has 002 for non-system users, debian has 022. 002 makes groups # be rw instead of r. diff --git a/filesystem/etc/systemd/logind.conf.d/iank.conf b/filesystem/etc/systemd/logind.conf.d/iank.conf new file mode 100644 index 0000000..dc58951 --- /dev/null +++ b/filesystem/etc/systemd/logind.conf.d/iank.conf @@ -0,0 +1,3 @@ +# See logind.conf(5) for details. +[Login] +HandleLidSwitch=ignore diff --git a/filesystem/etc/systemd/resolved.conf.d/iank.conf b/filesystem/etc/systemd/resolved.conf.d/iank.conf new file mode 100644 index 0000000..323c406 --- /dev/null +++ b/filesystem/etc/systemd/resolved.conf.d/iank.conf @@ -0,0 +1,6 @@ +[Resolve] +# i had an issue where i changed dns on wrt, but it started randomly +# going back to the old dns. dunno why. just disabling these things +# in case. +LLMNR=no +MulticastDNS=no diff --git a/i3-sway/common.conf b/i3-sway/common.conf index c511dbc..341613f 100644 --- a/i3-sway/common.conf +++ b/i3-sway/common.conf @@ -72,3 +72,5 @@ font pango:monospace 8 # todo: only available in newer i3n #hide_edge_borders smart + +#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd diff --git a/i3-sway/i3.conf b/i3-sway/i3.conf index 35cf00b..1107e7b 100644 --- a/i3-sway/i3.conf +++ b/i3-sway/i3.conf @@ -2,3 +2,9 @@ bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" bindsym $mod+Shift+p restart + +bar { +status_command i3status +mode hide +hidden_state hide +} diff --git a/input-setup b/input-setup index 6c94a54..211f12d 100755 --- a/input-setup +++ b/input-setup @@ -15,19 +15,10 @@ set -x # See the License for the specific language governing permissions and # limitations under the License. -# set to oppsite if the order is flipped. -k2flip=true -if $k2flip; then - k2inorder=false -else - k2inorder=true -fi - type=model01 case $1 in l) type=laptop ;; - k) type=kinesis ;; m) type=model01 ;; esac @@ -35,13 +26,19 @@ esac mi() { xinput --get-feedbacks "$1" | grep "threshold" xinput --get-feedbacks "$1" | grep "accelNum\|accelDenom" - xinput --list-props "$1" | grep "Device Accel Profile\|Device Accel Constant Deceleration\|Device Accel Velocity Scaling" + xinput --list-props "$1" } ms() { xinput --set-ptr-feedback "$1" $2 ${3%/*} ${3#*/} + # running newer system that uses libinput and has far less + # customizability. I havent yet determined the best settings here. + if xinput --list-props "$1" | grep "libinput Accel Speed" &>/dev/null; then + xinput --set-prop "$1" "libinput Accel Speed" 1 + else xinput --set-prop "$1" 'Device Accel Profile' $4 xinput --set-prop "$1" 'Device Accel Constant Deceleration' $5 xinput --set-prop "$1" 'Device Accel Velocity Scaling' $6 + fi mi "$1" } set_device_id() { @@ -79,7 +76,6 @@ case $type in model01) # original saved with: xkbcomp $DISPLAY /a/c/flidas-2017-12.xkb xkbcomp /a/c/model01.xkb $DISPLAY - . /a/bin/bash_unpublished/duplicity-gpg-agent-setup ;; laptop) xkbcomp /a/c/x2.xkb $DISPLAY diff --git a/mail-route b/mail-route index a1c1b47..599c9d3 100755 --- a/mail-route +++ b/mail-route @@ -6,6 +6,8 @@ # http://www.apache.org/licenses/LICENSE-2.0 +set -x +exec &> >(logger) # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/mail-setup b/mail-setup index b045484..443bc74 100755 --- a/mail-setup +++ b/mail-setup @@ -21,6 +21,8 @@ else err "no err tracing script found" exit 1 fi +source /a/bin/distro-functions/src/identify-distros + [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" if [[ ! $SUDO_USER ]]; then @@ -51,7 +53,7 @@ EOF # reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921 # # for phone, k9mail, same thing but username alerts, pass in ivy-pass. -# also, l2.b8.nz for secondary alerts +# also, l2.b8.nz for secondary alerts, username is iank. same alerts pass. # fetching mail settings: folder poll frequency 10 minutes ####### @@ -172,6 +174,22 @@ smarthost="$mxhost::$mxport" ## * Install packages # light version of exim does not have sasl auth support. pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn + +if [[ $(debian-codename) == etiona ]]; then + # ip6tables stopped loading on boot. openvpn has reduced capability set, + # so running iptables as part of openvpn startup wont work. This should do it. + # todo: im sure there is a better way. + yes no | pi iptables-persistent || [[ $? == 141 ]] + cat >/etc/iptables/rules.v6 <<'EOF' +*nat +*mangle +*filter +COMMIT +EOF + # load it now. + ip6tables -S &>/dev/null +fi + # our nostart pi fails to avoid enabling sudo systemctl disable openvpn @@ -526,11 +544,17 @@ dovecot_lmtp: batch_max = 200 EOF +# this avoids some error. i cant remember what. todo: +# test it out and document why/if its needed. cat >/etc/exim4/host_local_deny_exceptions <<'EOF' mail.fsf.org *.posteo.de EOF +# for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org. +# and also have mail.iankelling.org whitelisted as a relay domain. +# I could avoid that if I changed this to submit to 587 with a +# password like a standard mua. cat >/etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF' # smarthost for fsf mail # ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and @@ -583,12 +607,16 @@ dovecot-setup() { for f in /p/c/subdir_files/sieve/*sieve /a/c/subdir_files/sieve/*sieve; do m sudo -u $u /a/exe/lnf -T $f $uhome/sieve/${f##*/} done + + # If we changed 90-sieve.conf and removed the active part of the # sieve option, we wouldn\'t need this, but I\'d rather not modify a # default config if not needed. This won\'t work as a symlink in /a/c # unfortunately. - if [[ -e $uhome/sieve/personal.sieve ]]; then - m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve + m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve + + if [[ ! -e $uhome/sieve/personal.sieve ]]; then + touch $uhome/sieve/personal{,end}{,test}.sieve fi # we set this later in local.conf @@ -668,11 +696,34 @@ EOF # * if MAIL_HOST case $HOSTNAME in - $MAIL_HOST) + $MAIL_HOST|l2) dovecot-setup + m systemctl enable dovecot + m systemctl restart dovecot + cat >>/etc/exim4/update-exim4.conf.conf <<EOF +# note: some things we don't set that are here by default because they are unused. +dc_eximconfig_configtype='internet' +dc_localdelivery='dovecot_lmtp' +EOF + cat >>/etc/exim4/conf.d/main/000_local <<EOF +# recommended if dns is expected to work +CHECK_RCPT_VERIFY_SENDER = true +# seems like a good idea +CHECK_DATA_VERIFY_HEADER_SENDER = true +CHECK_RCPT_SPF = true +CHECK_RCPT_REVERSE_DNS = true +CHECK_MAIL_HELO_ISSUED = true +EOF + + m systemctl enable mailclean.timer + m systemctl start mailclean.timer + + ;;& + $MAIL_HOST) # ** exim + # todo, these pem files look old and useless. whats going on sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 \ /p/c/filesystem/etc/exim4/passwd /p/c/filesystem/etc/exim4/*.pem /etc/exim4/ @@ -706,21 +757,11 @@ EOF # file, so I've saved that into ./mail-notes.conf. cat >>/etc/exim4/update-exim4.conf.conf <<EOF -# note: some things we don't set that are here by default because they are unused. - -dc_eximconfig_configtype='internet' - # man page: is used to build the local_domains list, together with "localhost" # iank.bid is for testing # mail.iankelling.org is for machines i own -dc_other_hostnames='*.iankelling.org;iankelling.org;*iank.bid;iank.bid;*zroe.org;zroe.org;*.b8.nz;b8.nz' +dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;$HOSTNAME.b8.nz;b8.nz' -# from man page: -# Is a list of domains for which we accept mail from anywhere on the Internet but which are not delivered locally, e.g. -# because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS. -# todo: we should not accept from anywhere, only the mx for fsf. -dc_relay_domains='*.fsf.org;fsf.org' -dc_localdelivery='dovecot_lmtp' EOF @@ -743,8 +784,6 @@ EOF # i can send mail where port 25 is firewalled by isp daemon_smtp_ports = 25 : 587 - - # failing message on mail-tester.com: # We check if there is a server (A Record) behind your hostname kd. # You may want to publish a DNS record (A type) for the hostname kd or use a different hostname in your mail software @@ -761,14 +800,6 @@ CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl -# recommended if dns is expected to work -CHECK_RCPT_VERIFY_SENDER = true -# seems like a good idea -CHECK_DATA_VERIFY_HEADER_SENDER = true -CHECK_RCPT_SPF = true -CHECK_RCPT_REVERSE_DNS = true -CHECK_MAIL_HELO_ISSUED = true - # testing dmarc #dmarc_tld_file = /etc/public_suffix_list.dat EOF @@ -806,12 +837,8 @@ EOF fi - m systemctl enable mailclean.timer - m systemctl start mailclean.timer m systemctl restart $vpn_ser@mail m systemctl enable $vpn_ser@mail - m systemctl enable dovecot - m systemctl restart dovecot ;; # * not MAIL_HOST *) # $HOSTNAME != $MAIL_HOST @@ -850,14 +877,11 @@ EOF ;;& ## we use this host to monitor MAIL_HOST l2) - dovecot-setup - m systemctl enable dovecot - m systemctl restart dovecot + cat >>/etc/exim4/update-exim4.conf.conf <<EOF # man page: is used to build the local_domains list, together with "localhost" # mail.iankelling.org is for machines i own dc_other_hostnames='l2.b8.nz' -dc_localdelivery='dovecot_lmtp' EOF # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere # is no good. @@ -964,14 +988,14 @@ SHELL=/bin/bash PATH=/usr/bin:/bin:/usr/local/bin */5 * * * * $u send-test-forward |& log-once send-test-forward */10 * * * * root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod +*/5 * * * * $u mailtest-check |& log-once -1 mailtest-check EOF ;;& $MAIL_HOST) test_from=ian@iankelling.org - test_to=iank@posteo.de + test_to=testignore@l2.b8.nz cat >>/etc/cron.d/mailtest <<EOF -*/5 * * * * $u mailtest-check |& log-once -1 mailtest-check 2 * * * * $u check-remote-mailqs |& log-once check-remote-mailqs EOF m sudo rsync -ahhi --chown=root:root --chmod=0755 \ diff --git a/mailtest-check b/mailtest-check index 91cf8cd..7adec92 100755 --- a/mailtest-check +++ b/mailtest-check @@ -20,30 +20,29 @@ if [[ ! $1 && $- != *i* ]]; then fi -folders=(/m/md/l/testignore{,2}/new) -find ${folders[@]} -type f -mtime +1 -delete - -for folder in ${folders[@]}; do - cd $folder - last_sec=0 - for file in *; do - if [[ $file -nt $latest ]]; then - latest=$file - fi - done - - if [[ $latest ]]; then - last_sec=$(awk '/^Subject: / {print $3}' $latest) - fi +folder=/m/md/l/testignore/new +find $folder -type f -mtime +1 -delete - now=$(date +%s) - limit=$(( now - 60 * min_limit )) - if (( last_sec <= limit )); then - echo $HOSTNAME mailtest failure - touch /nocow/user/mailtest-failure - break - else - rm -f /nocow/user/mailtest-failure +cd $folder +last_sec=0 +for file in *; do + if [[ $file -nt $latest ]]; then + latest=$file fi done + +if [[ $latest ]]; then + last_sec=$(awk '/^Subject: / {print $3}' $latest) +fi + +now=$(date +%s) +limit=$(( now - 60 * min_limit )) + +if (( last_sec <= limit )); then + echo $HOSTNAME mailtest failure + touch /nocow/user/mailtest-failure + break +else + rm -f /nocow/user/mailtest-failure +fi diff --git a/mount-latest-subvol b/mount-latest-subvol index 49dfac7..ded8ee9 100644 --- a/mount-latest-subvol +++ b/mount-latest-subvol @@ -235,6 +235,9 @@ for vol in q a o i; do continue fi + if [[ $vol == q ]]; then + systemctl --user stop arbtt + fi umount_ret=true unmounted=() for dir in $(echo $d ${binds[*]}\ |tac -s\ ); do @@ -328,6 +331,10 @@ for vol in q a o i; do for dir in $d ${binds[@]}; do m mnt $dir done + if [[ $vol == q ]]; then + # maybe this will fail if X is not running + systemctl --user start arbtt ||: + fi stale_dir=/nocow/btrfs-stale rm -f $stale_dir/$d diff --git a/subdir_files/.config/i3/config b/subdir_files/.config/i3/config index e448679..3d6d055 100644 --- a/subdir_files/.config/i3/config +++ b/subdir_files/.config/i3/config @@ -72,7 +72,15 @@ font pango:monospace 8 # todo: only available in newer i3n #hide_edge_borders smart + +#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd # exit i3 (logs you out of your X session) bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" bindsym $mod+Shift+p restart + +bar { +status_command i3status +mode hide +hidden_state hide +} diff --git a/subdir_files/.config/sway/config b/subdir_files/.config/sway/config index b81cad5..2715465 100644 --- a/subdir_files/.config/sway/config +++ b/subdir_files/.config/sway/config @@ -72,6 +72,8 @@ font pango:monospace 8 # todo: only available in newer i3n #hide_edge_borders smart + +#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd # exit sway (logs you out of your Wayland session) bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit' diff --git a/subdir_files/.config/systemd/user/arbtt.service b/subdir_files/.config/systemd/user/arbtt.service new file mode 100644 index 0000000..5ac2c44 --- /dev/null +++ b/subdir_files/.config/systemd/user/arbtt.service @@ -0,0 +1,11 @@ +[Unit] +Description=arbtt + +[Service] +Type=simple +ExecStart=/usr/bin/arbtt-capture --sample-rate=15 +Environment="DISPLAY=:0" +Restart=always + +[Install] +WantedBy=default.target diff --git a/subdir_files/sieve/lists.sieve b/subdir_files/sieve/lists.sieve index 6c09b2f..35a2355 100644 --- a/subdir_files/sieve/lists.sieve +++ b/subdir_files/sieve/lists.sieve @@ -1,5 +1,13 @@ require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ]; +if anyof ( + address :regex "to" "^testignore@" + ) { + fileinto :create "l/testignore"; + stop; + } + + if anyof ( header :contains "list-id" "<debian-security-announce.lists.debian.org>", header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>" @@ -71,8 +79,8 @@ if anyof ( header :contains "list-id" "<seabios.seabios.org>", header :contains "list-id" "<freetype-devel.nongnu.org>", header :contains "list-id" "<mailman-developers.python.org>", - header :contains "list-id" "<mailop.mailop.org>", header :contains "list-id" "<linux-raid.vger.kernel.org>", + header :contains "list-id" "<mailop.mailop.org>", header :contains "list-id" "<xmonad.haskell.org>") { if header :regex "list-id" "<([a-z_0-9-]+)[.@]" { set :lower "listname" "${1}"; diff --git a/subdir_files/sieve/liststest.sieve b/subdir_files/sieve/liststest.sieve index c69155c..35a2355 100644 --- a/subdir_files/sieve/liststest.sieve +++ b/subdir_files/sieve/liststest.sieve @@ -1,5 +1,13 @@ require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ]; +if anyof ( + address :regex "to" "^testignore@" + ) { + fileinto :create "l/testignore"; + stop; + } + + if anyof ( header :contains "list-id" "<debian-security-announce.lists.debian.org>", header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"