From: Ian Kelling Date: Mon, 22 Apr 2024 04:24:05 +0000 (-0400) Subject: unify dns related config, change some dns settings X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=c91604aff2ce49bd4ce9b429b9e738286a319923;p=distro-setup unify dns related config, change some dns settings --- diff --git a/brc b/brc index 2ffd91c..5105c59 100644 --- a/brc +++ b/brc @@ -2139,7 +2139,7 @@ pkx() { # package extract c "$(mktemp -d)" pkg=$1 # shellcheck disable=SC2012 - cached=$(ls -t /var/cache/apt/archives/${pkg}_* | tail -n1 2>/dev/null) ||: + cached=$(ls -t /var/cache/apt/archives/${pkg}_* 2>/dev/null | tail -n1 2>/dev/null) ||: if [[ $cached ]]; then m cp $cached . else @@ -2900,6 +2900,7 @@ nonet() { } m() { printf "%s\n" "$*"; "$@"; } +m2() { printf "%s\n" "$*" >&2; "$@"; } # update file. note: duplicated in mail-setup. # updates $ur u result to true or false diff --git a/brc2 b/brc2 index aa370ac..9e2b548 100644 --- a/brc2 +++ b/brc2 @@ -840,6 +840,7 @@ mpvrpc-loadfile() { # q quit # ret next # +# todo: enter should also unpause beetag() { local last_genre_i fstring tag id char new_item char_i genre tag remove doplay i j random path local do_rare_genres read_wait help line lsout tmp ls_line skip_lookback @@ -2055,6 +2056,7 @@ apache-apply() { } # strip out the apache license from a file. apache-strip() { + # shellcheck disable=SC2044 # meh for f in $(find . -type f -maxdepth 1); do if head -n1 "$f"| grep -E '^#!/bin/bash\b' &>/dev/null; then { head -n 20 $f | tac | sed '/^# limitations under the License.$/,/^# Copyright.*Ian Kelling$/d' | tac; tail -n+21 $f; } |sponge $f; fi ; done } @@ -2628,19 +2630,52 @@ wgkey() { umask $umask_orig } -declare -A vpn_ips -vpn_ips[kd]=2 -# note: 1, 4, 5 are occupied by mail wireguard -vpn_ips[x3]=8 -vpn_ips[sy]=12 -vpn_ips[x2]=13 -vpn_ips[kw]=27 -vpn_ips[bo]=28 -vpn_ips[frodo]=34 -vpn_ips[s23b]=49 +host-info-update() { + + local -A vpn_ips host_ips host_macs nonvpn_ips + local -a root_hosts nonroot_hosts + + # the hosts with no mac + root_hosts=( bk je li b8.nz ) + for h in ${root_hosts[@]}; do + root_hosts+=(${h}ex) + done + root_hosts+=(cmc) + + while read -r ip host mac opts; do + if [[ $ip == *#* || ! $host ]]; then continue; fi + if [[ $opts == vpn ]]; then + vpn_ips[$host]=$ip + else + nonvpn_ips[$host]=$ip + fi + + + if [[ $opts == user=root ]]; then + root_hosts+=($host i$host) + else + nonroot_hosts+=($host i$host) + fi + + host_ips[$host]=$ip + host_macs[$host]=$mac + done

>$tmpf </dev/null; then - xrandr --auto -else +if [[ $output ]]; then xrandr --output $output --off sleep 2 xrandr --output $output --right-of eDP1 --mode 3840x2160 @@ -37,4 +34,7 @@ else # if the workspace is already there, this will fail i3-msg '[workspace="'$i'"]' move workspace to output $output ||: done +else + xrandr --auto + fi diff --git a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service similarity index 94% rename from machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service rename to machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service index e96fdd7..9a5afec 100644 --- a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service +++ b/machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service @@ -24,10 +24,10 @@ LimitNPROC=10 # we use .1 to make this be on a different network than kd, so that we can # talk to transmission on kd from remote host, and still use this # vpn. -ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.34 start %i +ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.29 start %i ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules # allow wireguard network to connect -ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.34.1 dev veth1-client +ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.29.1 dev veth1-client ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i PrivateNetwork=true BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind diff --git a/machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service similarity index 93% rename from machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service rename to machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service index f6ac66a..dae65d4 100644 --- a/machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service +++ b/machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service @@ -24,10 +24,10 @@ LimitNPROC=10 # we use .1 to make this be on a different network than kd, so that we can # talk to transmission on kd from remote host, and still use this # vpn. -ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.27 start %i +ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.3 start %i ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules # allow wireguard network to connect -ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.27.1 dev veth1-client +ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.3.1 dev veth1-client ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i PrivateNetwork=true BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind diff --git a/machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service similarity index 93% rename from machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service rename to machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service index d6010de..f85639d 100644 --- a/machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service +++ b/machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service @@ -24,10 +24,10 @@ LimitNPROC=10 # we use .1 to make this be on a different network than kd, so that we can # talk to transmission on kd from remote host, and still use this # vpn. -ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.12 start %i +ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.7 start %i ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules # allow wireguard network to connect -ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.12.1 dev veth1-client +ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.7.1 dev veth1-client ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i PrivateNetwork=true BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind diff --git a/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service deleted file mode 100644 index d16312d..0000000 --- a/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service +++ /dev/null @@ -1,36 +0,0 @@ -[Unit] -Description=OpenVPN tunnel for %I -After=syslog.target network-online.target -Wants=network-online.target -Documentation=man:openvpn(8) -Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage -Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO -Requires=iptables.service - -[Service] -Type=notify -RuntimeDirectory=openvpn-client -RuntimeDirectoryMode=0710 -WorkingDirectory=/etc/openvpn/client -ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf -# todo, try reenabling this from the default openvpn, -# it was disabled so we could do bind mounts as a command, -# but now systemd handles it -#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE -LimitNPROC=10 -# DeviceAllow=/dev/null rw -# DeviceAllow=/dev/net/tun rw - -# we use .1 to make this be on a different network than kd, so that we can -# talk to transmission on kd from remote host, and still use this -# vpn. -ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.13 start %i -ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules -# allow wireguard network to connect -ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.13.1 dev veth1-client -ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i -PrivateNetwork=true -BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind - -[Install] -WantedBy=multi-user.target diff --git a/machine_specific/bo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/x2w/filesystem/etc/systemd/system/openvpn-client-tr@.service similarity index 100% rename from machine_specific/bo/filesystem/etc/systemd/system/openvpn-client-tr@.service rename to machine_specific/x2w/filesystem/etc/systemd/system/openvpn-client-tr@.service diff --git a/mail-setup b/mail-setup index e15a31e..3ac3476 100755 --- a/mail-setup +++ b/mail-setup @@ -3344,6 +3344,12 @@ EOF # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled. echo iankelling.org > /etc/mailname + # mail default domain. + u /etc/mailutils.conf <<'EOF' +address { + email-domain iankelling.org; +}; +EOF # mail.iankelling.org so local imap clients can connect with tls and # when they happen to not be local. diff --git a/mount-latest-subvol b/mount-latest-subvol index 1f4229e..433c7c2 100644 --- a/mount-latest-subvol +++ b/mount-latest-subvol @@ -267,7 +267,7 @@ fi # fa=(/mnt/root/btrbk/ar.*); f=${fa[0]} # if [[ -e $f ]]; then # fstab <