From: Ian Kelling
Date: Mon, 22 Apr 2024 04:24:05 +0000 (-0400)
Subject: unify dns related config, change some dns settings
X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=c91604aff2ce49bd4ce9b429b9e738286a319923;p=distro-setup
unify dns related config, change some dns settings
---
diff --git a/brc b/brc
index 2ffd91c..5105c59 100644
--- a/brc
+++ b/brc
@@ -2139,7 +2139,7 @@ pkx() { # package extract
c "$(mktemp -d)"
pkg=$1
# shellcheck disable=SC2012
- cached=$(ls -t /var/cache/apt/archives/${pkg}_* | tail -n1 2>/dev/null) ||:
+ cached=$(ls -t /var/cache/apt/archives/${pkg}_* 2>/dev/null | tail -n1 2>/dev/null) ||:
if [[ $cached ]]; then
m cp $cached .
else
@@ -2900,6 +2900,7 @@ nonet() {
}
m() { printf "%s\n" "$*"; "$@"; }
+m2() { printf "%s\n" "$*" >&2; "$@"; }
# update file. note: duplicated in mail-setup.
# updates $ur u result to true or false
diff --git a/brc2 b/brc2
index aa370ac..9e2b548 100644
--- a/brc2
+++ b/brc2
@@ -840,6 +840,7 @@ mpvrpc-loadfile() {
# q quit
# ret next
#
+# todo: enter should also unpause
beetag() {
local last_genre_i fstring tag id char new_item char_i genre tag remove doplay i j random path
local do_rare_genres read_wait help line lsout tmp ls_line skip_lookback
@@ -2055,6 +2056,7 @@ apache-apply() {
}
# strip out the apache license from a file.
apache-strip() {
+ # shellcheck disable=SC2044 # meh
for f in $(find . -type f -maxdepth 1); do if head -n1 "$f"| grep -E '^#!/bin/bash\b' &>/dev/null; then { head -n 20 $f | tac | sed '/^# limitations under the License.$/,/^# Copyright.*Ian Kelling$/d' | tac; tail -n+21 $f; } |sponge $f; fi ; done
}
@@ -2628,19 +2630,52 @@ wgkey() {
umask $umask_orig
}
-declare -A vpn_ips
-vpn_ips[kd]=2
-# note: 1, 4, 5 are occupied by mail wireguard
-vpn_ips[x3]=8
-vpn_ips[sy]=12
-vpn_ips[x2]=13
-vpn_ips[kw]=27
-vpn_ips[bo]=28
-vpn_ips[frodo]=34
-vpn_ips[s23b]=49
+host-info-update() {
+
+ local -A vpn_ips host_ips host_macs nonvpn_ips
+ local -a root_hosts nonroot_hosts
+
+ # the hosts with no mac
+ root_hosts=( bk je li b8.nz )
+ for h in ${root_hosts[@]}; do
+ root_hosts+=(${h}ex)
+ done
+ root_hosts+=(cmc)
+
+ while read -r ip host mac opts; do
+ if [[ $ip == *#* || ! $host ]]; then continue; fi
+ if [[ $opts == vpn ]]; then
+ vpn_ips[$host]=$ip
+ else
+ nonvpn_ips[$host]=$ip
+ fi
+
+
+ if [[ $opts == user=root ]]; then
+ root_hosts+=($host i$host)
+ else
+ nonroot_hosts+=($host i$host)
+ fi
+
+ host_ips[$host]=$ip
+ host_macs[$host]=$mac
+ done
>$tmpf </dev/null; then
- xrandr --auto
-else
+if [[ $output ]]; then
xrandr --output $output --off
sleep 2
xrandr --output $output --right-of eDP1 --mode 3840x2160
@@ -37,4 +34,7 @@ else
# if the workspace is already there, this will fail
i3-msg '[workspace="'$i'"]' move workspace to output $output ||:
done
+else
+ xrandr --auto
+
fi
diff --git a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 94%
rename from machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service
index e96fdd7..9a5afec 100644
--- a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -24,10 +24,10 @@ LimitNPROC=10
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.34 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.29 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.34.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.29.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
diff --git a/machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 93%
rename from machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service
index f6ac66a..dae65d4 100644
--- a/machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -24,10 +24,10 @@ LimitNPROC=10
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.27 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.3 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.27.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.3.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
diff --git a/machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 93%
rename from machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service
index d6010de..f85639d 100644
--- a/machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -24,10 +24,10 @@ LimitNPROC=10
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.12 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.7 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.12.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.7.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
diff --git a/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service
deleted file mode 100644
index d16312d..0000000
--- a/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ /dev/null
@@ -1,36 +0,0 @@
-[Unit]
-Description=OpenVPN tunnel for %I
-After=syslog.target network-online.target
-Wants=network-online.target
-Documentation=man:openvpn(8)
-Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
-Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
-Requires=iptables.service
-
-[Service]
-Type=notify
-RuntimeDirectory=openvpn-client
-RuntimeDirectoryMode=0710
-WorkingDirectory=/etc/openvpn/client
-ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
-# todo, try reenabling this from the default openvpn,
-# it was disabled so we could do bind mounts as a command,
-# but now systemd handles it
-#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-LimitNPROC=10
-# DeviceAllow=/dev/null rw
-# DeviceAllow=/dev/net/tun rw
-
-# we use .1 to make this be on a different network than kd, so that we can
-# talk to transmission on kd from remote host, and still use this
-# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.13 start %i
-ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
-# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.13.1 dev veth1-client
-ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
-PrivateNetwork=true
-BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
-
-[Install]
-WantedBy=multi-user.target
diff --git a/machine_specific/bo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/x2w/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 100%
rename from machine_specific/bo/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/x2w/filesystem/etc/systemd/system/openvpn-client-tr@.service
diff --git a/mail-setup b/mail-setup
index e15a31e..3ac3476 100755
--- a/mail-setup
+++ b/mail-setup
@@ -3344,6 +3344,12 @@ EOF
# This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
echo iankelling.org > /etc/mailname
+ # mail default domain.
+ u /etc/mailutils.conf <<'EOF'
+address {
+ email-domain iankelling.org;
+};
+EOF
# mail.iankelling.org so local imap clients can connect with tls and
# when they happen to not be local.
diff --git a/mount-latest-subvol b/mount-latest-subvol
index 1f4229e..433c7c2 100644
--- a/mount-latest-subvol
+++ b/mount-latest-subvol
@@ -267,7 +267,7 @@ fi
# fa=(/mnt/root/btrbk/ar.*); f=${fa[0]}
# if [[ -e $f ]]; then
# fstab <