From: Ian Kelling <ian@iankelling.org>
Date: Thu, 21 Oct 2021 21:36:13 +0000 (-0400)
Subject: various improvements
X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=d203832393dcdc1842f28e4fc09747c58b9363d2;p=distro-setup

various improvements
---

diff --git a/.bash_profile b/.bash_profile
index 09b0001..ce98e54 100644
--- a/.bash_profile
+++ b/.bash_profile
@@ -35,6 +35,5 @@ HISTIGNORE='pass *:[ ]*:otp *:oathtool *'
 
 
 [[ -f ~/.bashrc ]] && . ~/.bashrc
-
 # ensure no bad programs appending to this file will have an affect
 return 0
diff --git a/.gitconfig b/.gitconfig
index 8c769ea..a5bc2ef 100644
--- a/.gitconfig
+++ b/.gitconfig
@@ -67,3 +67,18 @@ prompt = false
 autoSetupRebase = always
 [push]
 default = simple
+
+# this is because on sending email, i got this prompt:
+#     The Cc list above has been expanded by additional
+#     addresses found in the patch commit message. By default
+#     send-email prompts before sending whenever this occurs.
+#     This behavior is controlled by the sendemail.confirm
+#     configuration setting.
+
+#     For additional information, run 'git send-email --help'.
+#     To retain the current behavior, but squelch this message,
+#     run 'git config --global sendemail.confirm auto'.
+
+# Send this email? ([y]es|[n]o|[e]dit|[q]uit|[a]ll): y
+[sendemail]
+	confirm = auto
diff --git a/bk-backup b/bk-backup
index 114a015..3621e76 100755
--- a/bk-backup
+++ b/bk-backup
@@ -22,6 +22,7 @@ esac
 if $restore; then
   set -x
   for ncdir in /var/www/ncexpertpath /var/www/ncninja; do
+    ncbase=${ncdir##*/}
     ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on ||: # might not be running
     rsync -ra /p/bkbackup/$ncbase/ root@$host:$ncdir  || ret=$?
     # https://docs.nextcloud.com/server/20/admin_manual/configuration_server/occ_command.html#maintenance-commands-label
@@ -41,7 +42,7 @@ if [[ $HOSTNAME == $MAIL_HOST ]]; then
     ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --on
     rsync -ra --exclude=testignore --delete root@$host:$ncdir/{config,data,themes} /p/bkbackup/$ncbase || ret=$?
     ssh root@$host sudo -u www-data php $ncdir/occ -q maintenance:mode --off
-    if (( $ret )); then
+    if (( ret )); then
        echo "$0: error: failed rsync $ncdir"
        ret=1
     fi
diff --git a/brc2 b/brc2
index 9dab446..c59e06a 100644
--- a/brc2
+++ b/brc2
@@ -116,6 +116,10 @@ mkschroot() {
       -f) force=true; shift ;;
       -s)
         sources="$2"
+        if [[ ! -s $sources ]]; then
+          echo mkschroot: error: sources file $sources does not exist or is empty
+          return 1
+        fi
         shift 2
         ;;
     esac
@@ -440,12 +444,12 @@ lipush() {
   a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
   ret=0
   for h in li je bk; do
-    m rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$?
+    m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$?
     # only li is debian10
     p[0]=/a/opt/emacs-ubuntu20.04
     p[1]=/a/opt/emacs-ubuntu20.04-nox
   done
-  m rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
+  m s rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
   return $ret
 }
 bkpush() { # no emacs. for running faster.
@@ -597,7 +601,7 @@ chrome() {
     cmd=chromium
   else
     cd /
-    cmd="schroot -c buster chromium"
+    cmd="schroot -c bullseye chromium"
     CHROMIUM_FLAGS='--enable-remote-extensions' $cmd &r
   fi
 }
@@ -919,6 +923,10 @@ gse() {
       --suppress-cc=self "$@"
 }
 
+gup() { /a/f/gnulib/build-aux/gnupload "$@"; }
+
+dejagnu() { /a/opt/dejagnu/dejagnu "$@"; }
+
 hstatus() {
   # do git status on published repos.
   c /a/bin/githtml
@@ -1666,7 +1674,7 @@ path-add --end $HOME/.cargo/bin
 if type -P rg &>/dev/null; then
   # --no-messages because of annoying errors on broken symlinks
   rg() { command rg --no-messages -L -i -M 300 --no-ignore "$@" || return $?; }
-#fails if not exist. ignore
+  #fails if not exist. ignore
   complete -r rg 2>/dev/null ||:
 else
   alias rg=grr
diff --git a/distro-end b/distro-end
index 3471fc2..0dc9410 100755
--- a/distro-end
+++ b/distro-end
@@ -1335,8 +1335,8 @@ sgo schrootupdate.timer
 # for my roommate
 case $distro in
   trisquel)
-    m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/buster.list/BUSTER_FREE \
-      debian buster firefox-esr pulseaudio chromium anki
+    m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/bullseye.list/BULLSEYE_FREE \
+      debian bullseye firefox-esr pulseaudio chromium anki
     case $(debian-codename) in
       etiona|nabia)
         # we have a lot of t8 stuff, useful to have
diff --git a/epanic-clean b/epanic-clean
index b2d6b41..dfc10f3 100755
--- a/epanic-clean
+++ b/epanic-clean
@@ -29,6 +29,13 @@ main() {
   if [[ ! -s /var/log/exim4/paniclog ]]; then
     return 0
   fi
+
+  # seems to randomly be caused by
+  # Starting exim4-base housekeeping, exim4-base.service
+  regex="^[^ ]* 00:00:0.* Failed writing transport results to pipe: Broken pipe$"
+  grep "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive
+  sed -i "/$regex/d" /var/log/exim4/paniclog
+
   while read -r service regex; do
     found=false
     wipe=true
diff --git a/filesystem/usr/local/bin/abrowser b/filesystem/usr/local/bin/abrowser
index 2b727bb..cd33b6b 100755
--- a/filesystem/usr/local/bin/abrowser
+++ b/filesystem/usr/local/bin/abrowser
@@ -16,9 +16,9 @@ PATH=$tmp
 # causes a new browser window to open, even if normally it would open a
 # new tab
 
-# abrowser is 2 releases behind, so prefer firefox for now
+# prefer abrowser
 if type -P firefox &>/dev/null; then
-  firefox "$@"
-else
   abrowser "$@"
+else
+  firefox "$@"
 fi
diff --git a/i3-sway/common.conf b/i3-sway/common.conf
index b39cb74..5860ee4 100644
--- a/i3-sway/common.conf
+++ b/i3-sway/common.conf
@@ -8,6 +8,7 @@ set $mod Mod4
 
 bindsym $mod+2 exec "pavucontrol"
 bindsym $mod+3 exec "abrowser"
+#bindsym $mod+3 exec "abrowser -no-remote -P sfw"
 bindsym $mod+4 exec "abrowser -no-remote -P firefox-main-profile"
 bindsym $mod+5 exec "/usr/local/bin/start-tor-browser"
 bindsym $mod+6 exec "/a/bin/redshift.sh"
diff --git a/input-setup b/input-setup
index 211f12d..f3678b0 100755
--- a/input-setup
+++ b/input-setup
@@ -74,7 +74,9 @@ fi
 
 case $type in
   model01)
-    # original saved with: xkbcomp $DISPLAY /a/c/flidas-2017-12.xkb
+    # original saved with:
+    # setxkbmap -layout us -variant intl
+    # xkbcomp $DISPLAY /a/c/etiona-2021-intl.xkb
     xkbcomp /a/c/model01.xkb $DISPLAY
     ;;
   laptop)
diff --git a/mail-setup b/mail-setup
index 57d5753..4784468 100755
--- a/mail-setup
+++ b/mail-setup
@@ -972,6 +972,76 @@ dovecot_lmtp:
   envelope_to_add
 EOF
 
+i /etc/exim4/conf.d/transport/30_smarthost_dkim <<'EOF'
+# ian: this is remote_smtp_smarthost plus the dkim parts from remote_smtp
+
+smarthost_dkim:
+  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+  driver = smtp
+  multi_domain
+.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+.endif
+  hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
+        {\
+        ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
+        }\
+        {} \
+      }
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+  hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+  hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+  tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
+  tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOST
+.endif
+.ifdef REMOTE_SMTP_HEADERS_REWRITE
+  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+.endif
+.ifdef REMOTE_SMTP_RETURN_PATH
+  return_path = REMOTE_SMTP_RETURN_PATH
+.endif
+.ifdef REMOTE_SMTP_HELO_DATA
+  helo_data=REMOTE_SMTP_HELO_DATA
+.endif
+.ifdef TLS_DH_MIN_BITS
+tls_dh_min_bits = TLS_DH_MIN_BITS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+.endif
+.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+  headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+.endif
+.ifdef DKIM_DOMAIN
+dkim_domain = DKIM_DOMAIN
+.endif
+.ifdef DKIM_SELECTOR
+dkim_selector = DKIM_SELECTOR
+.endif
+.ifdef DKIM_PRIVATE_KEY
+dkim_private_key = DKIM_PRIVATE_KEY
+.endif
+.ifdef DKIM_CANON
+dkim_canon = DKIM_CANON
+.endif
+.ifdef DKIM_STRICT
+dkim_strict = DKIM_STRICT
+.endif
+.ifdef DKIM_SIGN_HEADERS
+dkim_sign_headers = DKIM_SIGN_HEADERS
+.endif
+EOF
+
+
 cat >/etc/exim4/update-exim4.conf.conf  <<'EOF'
 # default stuff, i havent checked if its needed
 dc_minimaldns='false'
@@ -1773,11 +1843,11 @@ EOF
     ncbase=${ncdir##*/}
     m cd /var/www
     if [[ ! -e $ncdir/index.php ]]; then
-      # as of march 14 2021, user_external is broken for nextcloud 21
-      # https://github.com/nextcloud/user_external/issues/165
-      #file=latest.zip
-      file=latest-20.zip
+      # if we wanted to only install a specific version, use something like
+      # file=latest-22.zip
+      file=latest.zip
       m wget -nv -N https://download.nextcloud.com/server/releases/$file
+      m rm -rf nextcloud
       m unzip -q $file
       m rm -f $file
       m chown -R www-data.www-data nextcloud
@@ -1785,6 +1855,8 @@ EOF
       m cd $ncdir
       m sudo -u www-data php occ  maintenance:install --database sqlite --admin-user iank --admin-pass $nextcloud_admin_pass
     fi
+    # note, strange this happend where updater did not increment the version var,
+    # mine was stuck on 20. I manually updated it.
     m cd $ncdir/config
     if [[ ! -e config.php-orig ]]; then
       m cp -a config.php config.php-orig
@@ -2013,6 +2085,11 @@ EOF
   # ** $MAIL_HOST|bk)
   $MAIL_HOST|bk)
 
+    cat >>/etc/exim4/conf.d/main/000_local <<EOF
+# je.b8.nz will run out of memory with freshclam
+av_scanner = clamd:/var/run/clamav/clamd.ctl
+EOF
+
     cat >> /etc/exim4/conf.d/data_local_acl <<'EOF'
 deny
   malware = */defer_ok
@@ -2021,9 +2098,6 @@ deny
 EOF
 
     cat >/etc/exim4/conf.d/main/000_local-nn <<EOF
-# je.b8.nz will run out of memory with freshclam
-av_scanner = clamd:/var/run/clamav/clamd.ctl
-
 # MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
 # smarthost config type, not sure.
 # failing message on mail-tester.com:
@@ -2045,6 +2119,21 @@ MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem
 MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem
 EOF
 
+    i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF'
+gnusmarthost:
+  debug_print = "R: smarthost for $local_part@$domain"
+  driver = manualroute
+  domains = ! +local_domains
+# send most mail through eggs, helps fsfs sender reputation.
+# uncomment and optionally move to 188 file to send through my own servers again
+#  senders = *@gnu.org
+  transport = smarthost_dkim
+  route_list = * fencepost.gnu.org::587 byname
+  host_find_failed = ignore
+  same_domain_copy_routing = yes
+  no_more
+EOF
+
     /a/exe/cedit defaultnn /etc/hosts <<'EOF' || [[ $? == 1 ]]
 10.173.8.1 defaultnn.b8.nz
 EOF
@@ -2112,10 +2201,9 @@ EOF
     # and also have mail.iankelling.org whitelisted as a relay domain.
     # I could avoid that if I changed this to submit to 587 with a
     # password like a standard mua.
-    i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF'
-# smarthost for fsf mail
+    i /etc/exim4/conf.d/router/188_exim4-config_smarthost <<'EOF'
 # ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and
-# replaced DCsmarthost with mail.fsf.org
+# replaced DCsmarthost with hostname
 fsfsmarthost:
   debug_print = "R: smarthost for $local_part@$domain"
   driver = manualroute
@@ -2138,16 +2226,6 @@ posteosmarthost:
   same_domain_copy_routing = yes
   no_more
 
-gnusmarthost:
-  debug_print = "R: smarthost for $local_part@$domain"
-  driver = manualroute
-  domains = ! +local_domains
-  senders = *@gnu.org
-  transport = remote_smtp_smarthost
-  route_list = * fencepost.gnu.org::587 byname
-  host_find_failed = ignore
-  same_domain_copy_routing = yes
-  no_more
 EOF
 
     # Greping /etc/exim4, unqualified mails this would end up as
@@ -2254,11 +2332,16 @@ EOF
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 dc_other_hostnames='je.b8.nz'
 EOF
+    echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
+    echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
     echo|i /etc/exim4/conf.d/rcpt_local_acl
     echo|i /etc/exim4/conf.d/router/880_universal_forward
     ;;
   # ** not MAIL_HOST|bk|je
   *)
+
+    echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
+    echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
     echo|i /etc/exim4/conf.d/rcpt_local_acl
 
     # catches things like cronjob email
diff --git a/mailtest-check b/mailtest-check
index 69e6997..5b08cf8 100755
--- a/mailtest-check
+++ b/mailtest-check
@@ -111,9 +111,12 @@ for folder in ${folders[@]}; do
           # debugging
           # e results = ${!results[@]}
           missing=()
-          for t in DKIM_SIGNED DKIM_VALID{,_AU,_EF} SPF_HELO_PASS SPF_PASS TVD_SPACE_RATIO; do
+          for t in DKIM_SIGNED DKIM_VALID{,_AU,_EF} SPF_HELO_PASS SPF_PASS TVD_SPACE_RATIO RCVD_IN_DNSWL_MED; do
             if [[ ${results[$t]} ]]; then
               unset "results[$t]"
+            elif [[ $t == RCVD_IN_DNSWL_MED && $from == *@je.b8.nz ]]; then
+              # eggs has RCVD_IN_DNSWL_MED, je.b8.nz doesnt go through there
+              :
             elif [[ $t == DKIM_VALID_EF && $from == *@[^.]*.[^.]*.[^.]* ]]; then
               :
               # third level domains dont hit this. its because
diff --git a/pkgs b/pkgs
index 95bf287..258d779 100644
--- a/pkgs
+++ b/pkgs
@@ -103,6 +103,9 @@ p3=(
   exim4-doc-html
   exfat-fuse
   exfat-utils
+  expect
+  # for ftp upload dejagnu test
+  libdate-manip-perl libemail-messageid-perl
   fakeroot
   fail2ban
   fdupes
@@ -174,6 +177,8 @@ p3=(
   nagstamon
   namazu2
   ncdu
+  # gnupload dependency
+  ncftp
   nginx-doc
   nmap
   obs-studio
diff --git a/subdir_files/.config/i3/config b/subdir_files/.config/i3/config
index 759310f..0ecc163 100644
--- a/subdir_files/.config/i3/config
+++ b/subdir_files/.config/i3/config
@@ -8,6 +8,7 @@ set $mod Mod4
 
 bindsym $mod+2 exec "pavucontrol"
 bindsym $mod+3 exec "abrowser"
+#bindsym $mod+3 exec "abrowser -no-remote -P sfw"
 bindsym $mod+4 exec "abrowser -no-remote -P firefox-main-profile"
 bindsym $mod+5 exec "/usr/local/bin/start-tor-browser"
 bindsym $mod+6 exec "/a/bin/redshift.sh"
diff --git a/subdir_files/.config/sway/config b/subdir_files/.config/sway/config
index 7e44092..f0e45c4 100644
--- a/subdir_files/.config/sway/config
+++ b/subdir_files/.config/sway/config
@@ -8,6 +8,7 @@ set $mod Mod4
 
 bindsym $mod+2 exec "pavucontrol"
 bindsym $mod+3 exec "abrowser"
+#bindsym $mod+3 exec "abrowser -no-remote -P sfw"
 bindsym $mod+4 exec "abrowser -no-remote -P firefox-main-profile"
 bindsym $mod+5 exec "/usr/local/bin/start-tor-browser"
 bindsym $mod+6 exec "/a/bin/redshift.sh"
diff --git a/subdir_files/sieve/liststest.sieve b/subdir_files/sieve/liststest.sieve
index 0e44307..98881aa 100644
--- a/subdir_files/sieve/liststest.sieve
+++ b/subdir_files/sieve/liststest.sieve
@@ -128,7 +128,6 @@ if anyof (
   header :contains "list-id" "<gnu-prog.gnu.org>",
   header :contains "list-id" "<www-discuss.gnu.org>",
   header :contains "list-id" "<gnu-community-private.gnu.org>",
-  header :contains "list-id" "<gnu-system-discuss.gnu.org>",
   header :contains "list-id" "<gvc.gnu.org>",
   header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
   header :contains "list-id" "<gnu-misc-discuss.gnu.org>",