From: Ian Kelling Date: Mon, 1 Aug 2022 13:24:31 +0000 (-0400) Subject: lots of updates, some t11 stuff X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=ce4cacd36c5b5babeea85d0f93771017e6169180;p=distro-setup lots of updates, some t11 stuff --- diff --git a/.bashrc b/.bashrc index 2c14100..35db9ac 100644 --- a/.bashrc +++ b/.bashrc @@ -29,7 +29,7 @@ HISTCONTROL=ignoredups # This works in addition to HISTCONTROL to do more flexible things # it could also do the same things as HISTCONTROL and thus replace it, # but meh. dunno why, but just " *" does glob expansion, so use [ ] to avoid it. -HISTIGNORE='pass *:[ ]*:otp *:oathtool *:histrm *:k *:ks *:ksu *' +HISTIGNORE='pass *:[ ]*:otp *:oathtool *:histrm *' #### begin section that works with sl() function to return from diff --git a/.gitconfig b/.gitconfig index 47ab26a..d15ab89 100644 --- a/.gitconfig +++ b/.gitconfig @@ -65,7 +65,7 @@ prompt = false # or git checkout -b my-branch origin/whatever # autoSetupMerge = always -# git pull always does rebase by default +# make git pull always rebase by default autoSetupRebase = always [push] default = simple diff --git a/brc b/brc index c9cd4fc..fdd8e2c 100644 --- a/brc +++ b/brc @@ -683,7 +683,7 @@ chrbind() { chumount() { local d # dev/pts needed for pacman signature check - for d in dev proc sys dev/pts; do + for d in dev/pts dev proc sys; do [[ -d $d ]] if mountpoint $d &>/dev/null; then m s umount $d @@ -816,7 +816,10 @@ digdiff() { dt() { date "+%A, %B %d, %r" "$@" } -ccomp date dt +dtr() { + date -R "$@" +} +ccomp date dt dtr dus() { # du, sorted, default arg of du -sh ${@:-*} | sort -h @@ -824,7 +827,7 @@ dus() { # du, sorted, default arg of ccomp du dus -e() { echo "$@"; } +e() { printf "%s\n" "$@"; } # echo args ea() { @@ -860,7 +863,11 @@ ediff() { etail() { tail -F /var/log/exim4/mainlog -n 200 "$@" } -ccomp tail etail +etail2() { + tail -F /var/log/exim4/mymain -n 200 "$@" +} + +ccomp tail etail etail2 # print exim old pids eoldpids() { @@ -960,6 +967,14 @@ faf() { # find all files. use -L to follow symlinks -o -name .undo-tree-history -prune \) -type f 2>/dev/null } +# full path without resolving symlinks +fp() { + local dir base + base="${1##*/}" + dir="${1%$base}" + printf "%s/%s\n" $(cd $dir; pwd) "$base" +} + # mail related frozen() { diff --git a/brc2 b/brc2 index 336d938..7b98ad9 100644 --- a/brc2 +++ b/brc2 @@ -148,6 +148,13 @@ rsync -rptL --delete --filter=". /b/ds/sl/rsync-filter" /a/opt/emacs-trisquel8-n EOF } +rm-docker-iptables() { + s iptables -S | gr docker | gr -- -A | sed 's/-A/-D/'| while read -r l; do sudo iptables $l; done + s iptables -S -t nat | gr docker | gr -- -A | sed 's/-A/-D/'| while read -r l; do sudo iptables -t nat $l; done + s iptables -S | gr docker | gr -- -N | sed 's/-N/-X/'| while read -r l; do sudo iptables $l; done + s iptables -S -t nat | gr docker | gr -- -N | sed 's/-N/-X/'| while read -r l; do sudo iptables -t nat $l; done +} + # usage mkschroot [-] distro codename packages # - means no piping in of sources.list mkschroot() { @@ -388,11 +395,15 @@ bbk() { # btrbk wrapper if $active; then ser stop btrbk.timer fi - if [[ $(systemctl is-active btrbk.service ||:) != inactive ]]; then - echo "cron btrbk is already running" - if $active; then ser start btrbk.timer; fi - return 1 - fi + btrbk_is_active=$(systemctl is-active btrbk.service ||:) + case $btrbk_is_active in + inactive|failed) : ;; + *) + echo "bbk: error: systemctl is-active btrbk.service output: $btrbk_is_active" + if $active; then ser start btrbk.timer; fi + return 1 + ;; + esac # run latest install-my-scripts # todo: consider changing this to srun and having the args come @@ -1172,16 +1183,18 @@ mnsnonet() { lom() { + # l = the loopback device local l base if [[ $1 == /* ]]; then base=${1##*/} + fs_file=$1 if mns $base mountpoint -q /mnt/$base; then return 0 fi - l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:) + l=$(losetup -j $fs_file | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:) if [[ ! $l ]]; then l=$(sudo losetup -f) - m sudo losetup $l $1 + m sudo losetup $l $fs_file fi if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then if ! sudo cryptsetup luksOpen $l $base; then @@ -1204,7 +1217,7 @@ lom() { return 1 fi fi - l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}') + l=$(losetup -l --noheadings | awk '$6 ~ /\/'$base'$/ {print $1}') if [[ $l ]]; then m sudo losetup -d $l else @@ -1275,6 +1288,16 @@ mbdisable() { mv -T $src $dst set +x } +mb2disable() { + local mb=$1 + dst=/m/md/$mb + src=/m/4e2/$mb + set -x + [[ -e $src ]] || { set +x; return 1; } + if [[ -L $dst ]]; then rm $dst; fi + mv -T $src $dst + set +x +} mdt() { @@ -1580,10 +1603,6 @@ spd() { PATH=/usr/local/spdhackfix:$PATH command spd "$@" } -spend() { - sudo systemctl suspend -} - spamf() { # spamtest on FILE local spamcpre spamdpid @@ -1683,6 +1702,46 @@ alert200() { done } +# alert on changes to a webpage (just the base page that curl gets) +# usage: weblert URL [SUBJECT...] +weblert() { + local u old new quiet + quiet=false + case $1 in + # dont send a diff of the html. some html is not very readable + -q) quiet=true + shift + ;; + esac + u="$1" + shift + subject="${*:-weblert}" + old=$(curl -s "$u") ||: + while true; do + new=$(curl -s "$u") ||: + if [[ $old && $new ]]; then + if [[ $new != "$old" ]]; then + if $quiet; then + echo | daylertme "$subject" + else + diff <(printf "%s\n" "$old") <(printf "%s\n" "$new") | daylertme "$subject" ||: + fi + fi + old="$new" + fi + sleep $(( 60 + RANDOM % 120 )) + done +} + +torshell() { + # per man torsocks + source `type -p torsocks` on +} + +eless2() { + less /var/log/exim4/mymain +} + # mail related testexim() { @@ -1776,18 +1835,52 @@ enn() { m s nsenter -t $pid -n -m $ecmd "$@" } +# get pid of systemd service +servicepid() { + local pid unit + unit="$1" + pid=$(systemctl show --property MainPID --value "$unit") + case $pid in + [1-9]*) : ;; + *) + # 0 or empty. This file includes the MainPid, so I expect we + # could just get this in the first place, but i don't know if that + # is always the case. + pid=$(head -n1 /sys/fs/cgroup/systemd/system.slice/${unit%.service}.service/cgroup.procs) + ;; + esac + if [[ $pid ]]; then + printf "%s\n" "$pid" + else + return 1 + fi +} + sdnbash() { # systemd namespace bash - local unit=$1 - m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash + local unit pid + unit=$1 + pid=$(servicepid $unit) + m sudo nsenter -t $pid -n -m sudo -u $USER -i bash } -mailnnbash() { - m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash +sdncmd() { # systemd namespace cmd + local unit pid + unit=$1 + shift + pid=$(servicepid $unit) + m sudo nsenter -t $pid -n -m sudo -u $USER -i "$@" } -mailvpnbash() { - m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash + +mailnnbash() { + sdnbash mailnn } + +# we use wireguard now, use mailnnbash. +# mailvpnbash() { +# m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash +# } + eximbash() { local pid pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) @@ -1806,16 +1899,24 @@ unboundbash() { m sudo nsenter -t $(systemctl status unbound| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash } +nmtc() { + s nmtui-connect "$@" +} + mailnncheck() { local p pid ns mailnn # mailvpn would belong on the list if using openvpn for p in mailnn unbound dovecot spamassassin exim4 radicale; do - case $p in - exim4|radicale) - pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}') - ;; + + + pid=$(systemctl show --property MainPID --value $unit) + case $pid in + [1-9]*) : ;; *) - pid=$(s systemctl show --property MainPID --value $p) + # 0 or empty. This file includes the MainPid, so I expect we + # could just get this in the first place, but i don't know if + # that is always the case. + pid=$(head -n1 /sys/fs/cgroup/systemd/system.slice/${unit%.service}.service/cgroup.procs) ;; esac echo p=$p pid=$pid @@ -2109,7 +2210,9 @@ path-add --end $HOME/.cargo/bin if type -P rg &>/dev/null; then # --no-messages because of annoying errors on broken symlinks - rg() { command rg --no-messages -L -i -M 300 --no-ignore "$@" || return $?; } + # -z = search .gz etc files + # -. = search dotfilesq + rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore "$@" || return $?; } #fails if not exist. ignore complete -r rg 2>/dev/null ||: else diff --git a/btrbk-run b/btrbk-run index 1137a72..b3a3207 100644 --- a/btrbk-run +++ b/btrbk-run @@ -79,7 +79,7 @@ fi early=false # quit early, just btrbk, no extra remounting etc. cron=false orig_args=("$@") -temp=$(getopt -l cron,pull-reexec,help ceil:m:npqs:t:vh "$@") || usage 1 +temp=$(getopt -l cron,pull-reexec,help ceil:m:npqrs:t:vh "$@") || usage 1 eval set -- "$temp" while true; do case $1 in @@ -99,6 +99,7 @@ while true; do -n) dry_run=true; dry_run_arg=-n; shift ;; -p) progress_arg="--progress"; shift ;; --pull-reexec) pull_reexec=true; shift ;; + -r) archive=false; shift ;; -q) verbose=false; verbose_arg=; progress_arg=; shift ;; # source host to receive a backup from -s) @@ -172,7 +173,7 @@ if [[ ! -v targets && ! $source ]]; then targets=(frodo.b8.nz) case $HOSTNAME in - kw) + x2|kw) at_work=true ;;& x2|x3|sy|bo) @@ -193,18 +194,18 @@ if [[ ! -v targets && ! $source ]]; then fi ;;& kw) - targets+=($home x3) + targets+=($home x2.office.fsf.org) ;; x2|x3|sy|bo) targets+=($home) if $at_work; then - targets+=(kw.office.fsf.org x2.b8.nz) + targets+=(x2.office.fsf.org x2.b8.nz) else - targets+=(kw.b8.nz) + targets+=(x2wg.b8.nz) fi ;; kd) - targets+=(x2.b8.nz kw.b8.nz) + targets+=(x2wg.b8.nz x3.b8.nz) if ping -q -c1 -w1 sy.b8.nz &>/dev/null; then targets+=(sy.b8.nz) else @@ -265,7 +266,7 @@ else fi # note: put q last just in case its specific retention options were to # affect other config sections. I havent tested if that is the case. - prospective_mps+=(/a /q) + prospective_mps+=(/a /ar /qr /q) ;; esac fi @@ -319,7 +320,7 @@ if ! $pull_reexec && [[ $source ]] && $pulla ; then fi -if ! which btrbk &>/dev/null; then +if ! command -v btrbk &>/dev/null; then die "error: no btrbk binary found" fi # if our mountpoints are from stale snapshots, @@ -327,7 +328,7 @@ fi check-subvol-stale ${mountpoints[@]} || die "found stale mountpoints in ${mountpoints[*]}" # for an initial run, btrbk requires the dir to exist. -mkdir -p /mnt/root/btrbk +mkdir -p /mnt/{root,o}/btrbk local_zone=$(date +%z) if [[ $source ]]; then @@ -344,7 +345,7 @@ else sshfail=() min_idle_ms=$((1000 * 60 * 15)) for h in ${targets[@]}; do - if remote_info=( $(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z && df --output=size,pcent / | tail -n1") ); then + if remote_info=( $(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk /mnt/o/btrbk && date +%z && df --output=size,pcent / | tail -n1") ); then zone=${remote_info[0]} root_size=${remote_info[1]} percent_used=${remote_info[2]%%%} @@ -441,8 +442,16 @@ incremental strict EOF fi -vol=/mnt/root for m in ${mountpoints[@]}; do + case $m in + /o) + vol=/mnt/o + ;; + *) + vol=/mnt/root + ;; + esac + sub=${m#/} if [[ $source ]]; then cat >>/etc/btrbk.conf <$tmp; then - if diff -q $mnt/btrfs-dev-stats $tmp; then - diff -u $mnt/btrfs-dev-stats $tmp | mail -s "$HOSTNAME: error: btrfs dev stats -c $mnt" root@localhost - cat $tmp >$mnt/btrfs-dev-stats + tmp=$(mktemp) + # if mnt is /, avoid making a buggy looking path + stats_path=${mnt%/}/btrfs-dev-stats + if [[ ! -e $stats_path ]]; then + btrfs dev stats -c $mnt >$stats_path ||: # populate initial reading + elif ! btrfs dev stats -c $mnt >$tmp; then + if ! diff -q $stats_path $tmp; then + exim -t <$stats_path fi fi rm -f $tmp diff --git a/check-subvol-stale b/check-subvol-stale index a3d0149..f012c4f 100644 --- a/check-subvol-stale +++ b/check-subvol-stale @@ -27,8 +27,9 @@ usage: $0 SUBVOL_MOUNTPOINT... | -p SUBVOL_PATH... In git this is not not executable because it's meant to be installed using ./install-my-scripts -If latest subvols \$@ are not mounted, print a message, and print -the unstale subvol name into /nocow/btrfs-stale/\$subvol +Print the unstale subvol name into /nocow/btrfs-stale/\$subvol + +If latest subvols \$@ are not mounted, print a message to terminal. Fresh is opposite of stale. To be fresh, either SUBVOL_MOUNTPOINT is a snapshot of the latest, or the latest snapshot is snapshot of @@ -83,6 +84,7 @@ d() { } # duplicated in mount-latest-sub +# Reassign $1 var from /dev/dm- to corresponding /dev/mapper/ mapper-dev() { local mapdev local -n devref=$1 diff --git a/distro-begin b/distro-begin index 25247dc..a0e9b07 100755 --- a/distro-begin +++ b/distro-begin @@ -377,6 +377,14 @@ if bitfolk; then sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts fi +if isdeb && [[ $(debian-codename) == nabia ]]; then + sudo dd of=/etc/apt/preferences.d/aramo-jammy-missing <<'EOF' +Package: linux-libc-dev libmysqlclient21 +Pin: release n=jammy,o=Ubuntu +Pin-Priority: 500 +EOF +fi + # libfdk just has some patent worries. # https://www.gnu.org/licenses/license-list.en.html#fdk if isdeb && [[ $(debian-codename) == nabia ]]; then @@ -614,7 +622,7 @@ case $HOSTNAME in /dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0 EOF if ! mountpoint /d &>/dev/null; then - sudo mkdir /d + sudo mkdir -p /d if [[ -d /mnt/r7/d ]]; then sudo mount /d fi diff --git a/distro-end b/distro-end index e8e3ee0..54321bf 100755 --- a/distro-end +++ b/distro-end @@ -43,7 +43,7 @@ end() { } pre="${0##*/}:" sudo() { - printf "$pre %s\n" "$*" + printf "$pre sudo %s\n" "$*" SUDOD="$PWD" command sudo "$@"; } m() { printf "$pre %s\n" "$*"; "$@"; } @@ -155,10 +155,12 @@ esac # fi + + pi debootstrap ######### begin universal pinned packages ###### case $(debian-codename) in - nabia|etiona|flidas) + etiona|flidas|nabia|aramo) sudo rm -fv /etc/apt/preferences.d/etiona-buster sd /etc/apt/preferences.d/trisquel-debian <$t <<'EOF' -deb http://http.us.debian.org/debian buster main -deb-src http://http.us.debian.org/debian buster main - -deb http://security.debian.org/ buster/updates main -deb-src http://security.debian.org/ buster/updates main - -deb http://http.us.debian.org/debian buster-updates main -deb-src http://http.us.debian.org/debian buster-updates main - -deb http://http.debian.net/debian buster-backports main -deb-src http://http.debian.net/debian buster-backports main -EOF - ;; bullseye) cat >$t <<'EOF' EOF @@ -484,6 +471,34 @@ Pin: release n=bionic,o=Ubuntu Pin-Priority: -100 EOF + ;;& + nabia) + sd /etc/apt/preferences.d/aramo-nabia <<'EOF' +Package: * +Pin: release n=aramo*,o=Trisquel +Pin-Priority: -100 +EOF + f=/etc/apt/sources.list.d/aramo.list + t=$(mktemp) + cat >$t <<'EOF' +deb http://mirror.fsf.org/trisquel/ aramo main +deb-src http://mirror.fsf.org/trisquel/ aramo main + +deb http://mirror.fsf.org/trisquel/ aramo-updates main +deb-src http://mirror.fsf.org/trisquel/ aramo-updates main + +deb http://archive.trisquel.info/trisquel/ aramo-security main +deb-src http://archive.trisquel.info/trisquel/ aramo-security main + +# Uncomment this lines to enable the backports optional repository +deb http://mirror.fsf.org/trisquel/ aramo-backports main +deb-src http://mirror.fsf.org/trisquel/ aramo-backports main +EOF + if ! diff -q $t $f; then + sudo dd if=$t of=$f 2>/dev/null + p update + fi + ;;& *) if isdeb; then @@ -492,7 +507,11 @@ EOF ;; esac - +case $codename_compat in + jammy) + s systemctl enable ssh-agent-iank + ;; +esac case $codename_compat in focal) @@ -533,6 +552,14 @@ EOF Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3 Pin: release o=Debian*,n=bullseye Pin-Priority: 500 +EOF + ;; + aramo) + # obs dependency not in trisquel + sd /etc/apt/preferences.d/obs < - Options +FollowSymLinks +Multiviews +Indexes + +# this doesn't exactly fit with the documentation. +# We need location / to do an auth, it cant be done outside, +# in order to pass on X-Remote-User. And we need +# the other location in order to remove the /radicale/ for +# requests which have it. This could be done with a rewrite, +# but i just get something working and call it a day. + + AllowOverride None - AuthType basic + AuthType Basic AuthName "Authentication Required" # setup one time, with root:www-data, 640 AuthUserFile "/etc/caldav-htpasswd" Require valid-user + RequestHeader set X-Remote-User expr=%{REMOTE_USER} + + + Options +FollowSymLinks +Multiviews -Indexes RequestHeader set X-Script-Name /radicale/ RequestHeader set X-Remote-User expr=%{REMOTE_USER} ProxyPass "http://10.8.0.4:5232/" retry=0 @@ -974,6 +1012,10 @@ EOF # and choose lightdm. # ;; + jammy) + # not yet bothering with mate + pi lightdm-gtk-greeter + ;; esac diff --git a/distro-pkgs b/distro-pkgs index fb20b0f..7139931 100755 --- a/distro-pkgs +++ b/distro-pkgs @@ -88,12 +88,6 @@ case $distro in # flidas is missing dependency gnome-panel. others unknown esac -case $distro in - trisquel|ubuntu|debian) e ack-grep ;; - arch|fedora) e ack ;; - # fedora unknown -esac - case $distro in debian) e cpio-doc ;; @@ -196,3 +190,9 @@ case $distro in arch) e spacefm ;; esac + + +case $(debian-codename) in + aramo) + e ncal ;; +esac diff --git a/filesystem/etc/apt/apt.conf.d/02proxy b/filesystem/etc/apt/apt.conf.d/02proxy index bc8df27..b8d4feb 100644 --- a/filesystem/etc/apt/apt.conf.d/02proxy +++ b/filesystem/etc/apt/apt.conf.d/02proxy @@ -39,3 +39,12 @@ # misc settings not worth making another settings file APT::AutoRemove::SuggestsImportant "false"; + +# https://discourse.ubuntu.com/t/phased-updates-in-apt-in-21-04/20345 +# interesting, but so far it has caused breakage: +# p -y build-dep emacs +# The following packages have unmet dependencies: +# libsystemd-dev : Depends: libsystemd0 (= 249.11-0ubuntu3) but 249.11-0ubuntu3.4 is to be installed +# 249.11-0ubuntu3.4 for libsystemd-dev was phased, while libsystemd0 wasn't + +APT::Get::Always-Include-Phased-Updates "true"; diff --git a/filesystem/etc/profile.d/environment.sh b/filesystem/etc/profile.d/environment.sh index d5c7e57..80a1d5a 100644 --- a/filesystem/etc/profile.d/environment.sh +++ b/filesystem/etc/profile.d/environment.sh @@ -10,7 +10,8 @@ if [ -f $HOME/path-add-function ]; then path-add --end /snap/bin - for p in $HOME/.gem/ruby/*/bin; do + # ~/.local is newer, eg ruby 3.0+ + for p in $HOME/.gem/ruby/*/bin $HOME/.local/share/gem/ruby/*/bin; do path-add --ifexists --end $p done diff --git a/filesystem/etc/systemd/resolved.conf.d/zziank.conf b/filesystem/etc/systemd/resolved.conf.d/zziank.conf index bce0966..0c0c2e5 100644 --- a/filesystem/etc/systemd/resolved.conf.d/zziank.conf +++ b/filesystem/etc/systemd/resolved.conf.d/zziank.conf @@ -4,4 +4,5 @@ # in case. LLMNR=no MulticastDNS=no -Domains=fsf.org gnu.org +# this can be useful when working not on the vpn +#Domains=fsf.org gnu.org diff --git a/filesystem/etc/systemd/system/ssh-agent-iank.service b/filesystem/etc/systemd/system/ssh-agent-iank.service new file mode 100644 index 0000000..17d077c --- /dev/null +++ b/filesystem/etc/systemd/system/ssh-agent-iank.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenSSH Agent for root +Documentation=man:ssh-agent(1) + +[Service] +User=iank +Environment=DISPLAY=:0 +ExecStart=/usr/bin/ssh-agent -a /run/user/1000/openssh_agent + +[Install] +WantedBy=multi-user.target diff --git a/filesystem/usr/local/bin/spend b/filesystem/usr/local/bin/spend new file mode 100755 index 0000000..5c6b3fe --- /dev/null +++ b/filesystem/usr/local/bin/spend @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl suspend diff --git a/hssh b/hssh deleted file mode 100755 index a239bfe..0000000 --- a/hssh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -# restricted ssh does not allow arguments, but they exist in $SSH_ORIGINAL_COMMAND -# debug -dfile=/tmp/hssh-debug-$(id -u) -date >>$dfile -echo SSH_ORIGINAL_COMMAND: $SSH_ORIGINAL_COMMAND >>$dfile - -if [[ ! $SSH_ORIGINAL_COMMAND ]]; then - echo "no SSH_ORIGINAL_COMMAND" >&2 - exit 1 -fi - -mapfile -t cmds <<'EOF' -# btrbk-run -date +%z -cat /a/bin/bash_unpublished/source-state -cat /etc/hostname -ps --no-headers -o comm 1 -systemctl is-active btrbk.service -mkdir -p /mnt/root/btrbk && date +%z && df --output=size,pcent / | tail -n1 -DISPLAY=:0 xprintidle -rsync --server --sender -logDtprRe.iLsfxC . /usr/local/./bin/mount-latest-subvol /usr/local/./bin/check-subvol-stale /usr/local/./lib/err -rsync --server --sender -logDtpre.iLsfxC . /usr/local/lib/err -rsync --server --sender -logDtpre.iLsfxC . /usr/local/bin/mount-latest-subvol /usr/local/bin/check-subvol-stale -scp -f /a/bin/distro-setup/btrbk-run -# mount-latest-remote -timeout -s 9 600 /usr/local/bin/mount-latest-subvol -rsync --server -OtpRe.LsfxC . /usr/local -/usr/local/bin/mail-backup-clean -/usr/local/bin/check-mailq -find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f -EOF - -allow=false -for c in "${cmds[@]}"; do - # echo "c $c" # debug - if [[ $c == \#* ]]; then continue; fi - if [[ $SSH_ORIGINAL_COMMAND == "$c" ]]; then - allow=true - break - fi -done -if $allow; then - eval $SSH_ORIGINAL_COMMAND || exit $? -else - f=/usr/local/bin/ssh_filter_btrbk.sh - if [[ ! -e $f ]]; then - f=/a/opt/btrbk/ssh_filter_btrbk.sh - fi - $f --target --delete --source --info || exit $? -fi diff --git a/install-my-scripts b/install-my-scripts index dd52266..42332c1 100755 --- a/install-my-scripts +++ b/install-my-scripts @@ -57,6 +57,7 @@ rsync -t --chmod=755 --chown=root:root switch-mail-host btrbk-run mount-latest-s ip6tables-exim \ exim-nn-iptables \ check-crypttab \ + /a/bin/cedit/cedit \ /usr/local/bin rsync -t --chmod=755 --chown=root:root /a/bin/errhandle/err /usr/local/lib diff --git a/lightdm-start b/lightdm-start index 55fe9b0..6c239e9 100755 --- a/lightdm-start +++ b/lightdm-start @@ -1,11 +1,9 @@ #!/bin/bash -sudo xhost +si:localuser:lightdm # grants localuser rights to X session -sudo su lightdm -s /bin/bash <<'EOF' - -xset dpms 0 0 120 - -EOF +# sudo xhost +si:localuser:lightdm # grants localuser rights to X session +# sudo su lightdm -s /bin/bash <<'EOF' +# xset dpms 0 0 120 +# EOF # i wanted the system to stop going to sleep, so diff --git a/machine_specific/kd/filesystem/etc/cron.d/kd b/machine_specific/kd/filesystem/etc/cron.d/kd index 206c365..41de0d9 100644 --- a/machine_specific/kd/filesystem/etc/cron.d/kd +++ b/machine_specific/kd/filesystem/etc/cron.d/kd @@ -4,11 +4,20 @@ MAILTO=root 0 6 * * 1,2,3,4,5 root failmail wrt-setup -y 45 7 * * 1,2,3,4,5 root failmail wrt-setup -z 0 9 * * 1,2,3,4,5 root failmail wrt-setup -y -10 21 * * 1,2,3,4,5 root failmail wrt-setup -z +# old rule, 9:10 +#10 21 * * 1,2,3,4,5 root failmail wrt-setup -z +0 17 * * 1,2,3,4,5 root failmail wrt-setup -z + +# new 5pm rule +0 6 * * 0,7 root failmail wrt-setup -y +0 17 * * 0,7 root failmail wrt-setup -z + # saturday morning -0 6 * * 6 root failmail wrt-setup -y +# old +#0 6 * * 6 root failmail wrt-setup -y # sunday evening -10 21 * * 0 root failmail wrt-setup -z +# old +#10 21 * * 0 root failmail wrt-setup -z # old rules, weekends allow only morning. #0 7 * * 0,6 root failmail wrt-setup -y Reading git-diff-tree failed