From 08a8f472e2afcefc8eb9e2f044a9f0acc7341c54 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Mon, 18 Jan 2021 20:24:25 -0500
Subject: [PATCH] various fixes

---
 brc2           | 37 +++++++++++++++++++++++++++++++++----
 btrbk-run      |  4 +++-
 distro-begin   |  4 +++-
 distro-end     | 24 ++++++++++++++++++++----
 mailtest-check |  9 +++++++--
 pkgs           |  1 -
 primary-setup  | 21 +++++++++++++++++----
 rootsshsync    |  3 +++
 8 files changed, 86 insertions(+), 17 deletions(-)

diff --git a/brc2 b/brc2
index 1a80fc6..31de004 100644
--- a/brc2
+++ b/brc2
@@ -283,6 +283,8 @@ jrun() { # journal run. run args, log to journal, tail and grep the journal.
     cmd=$(which $1)
   fi
   journalctl -qn2 -f -u "$cmd_name" &
+  # 1st guess to avoid missing some initial lines.
+  sleep .5
   # We kill this in prompt-command for the case that we ctrl-c the
   # systemd-cat. i dont know any way to trap ctrl-c and still run the
   # normal action for it. There might be a way, unsure.
@@ -852,6 +854,10 @@ idea() {
   /a/opt/idea-IC-163.7743.44/bin/idea.sh "$@" &r
 }
 
+ilogs() {
+  ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/ && hr && for x in \#$1/*; do base=\${x##*/}; files=(); for f in $@; do tmp=\#\$f/\$base; if [[ -e \$tmp ]]; then files+=(\#\$f/\$base); fi; done; sed \"s/^./\${base%log}/\" \${files[@]}|sort -n; hr; done"
+}
+
 ilog() {
   chan=${1:-#fsfsys}
   # use * instead of -r since that does sorted order
@@ -1324,6 +1330,29 @@ eximbash() {
   m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
 }
 
+mailnncheck() {
+  local pid ns mailnn
+  for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
+    pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+    if [[ ! $pid ]]; then
+      echo failed to find pid for $p
+      continue
+    fi
+    if ! ns=$(s readlink /proc/$pid/ns/net); then
+      echo failed to find ns for $p pid=$pid
+      continue
+    fi
+    if [[  $mailnn ]]; then
+      if [[ $ns != "$mailnn" ]]; then
+        echo "$p ns $ns != $mailnn"
+      fi
+    else
+      mailnn=$ns
+    fi
+  done
+
+}
+
 
 vpncmd() {
   m sudo --preserve-env=PATH -E nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n -m "$@"
@@ -1445,12 +1474,12 @@ reset-xscreensaver() {
   cat > /home/iank/.xscreensaver <<'EOF'
 mode:		blank
 dpmsEnabled:	True
-dpmsStandby:	0:02:00
-dpmsSuspend:	0:03:00
+dpmsStandby:	0:07:00
+dpmsSuspend:	0:08:00
 dpmsOff:	0:00:00
-timeout:	0:02:00
+timeout:	0:05:00
 lock:           True
-lockTimeout:	0:03:00
+lockTimeout:	0:06:00
 splash:		False
 EOF
 
diff --git a/btrbk-run b/btrbk-run
index 7de9255..9587ce9 100644
--- a/btrbk-run
+++ b/btrbk-run
@@ -283,7 +283,9 @@ for m in "${mountpoints[@]}"; do
 done
 if ! $pull_reexec && [[ $source ]] && $pulla ; then
   tmpf=$(mktemp)
-  scp $source:/a/bin/distro-setup/btrbk-run $tmpf
+  m rsync -ra $source:/usr/local/bin/{mount-latest-subvol,check-subvol-stale} /usr/local/bin
+  m rsync -ra $source:/usr/local/lib/err /usr/local/lib
+  m scp $source:/a/bin/distro-setup/btrbk-run $tmpf
   if ! diff -q $tmpf ${BASH_SOURCE[0]}; then
     e "found newer version on host $source. reexecing"
     install -T $tmpf /usr/local/bin/btrbk-run
diff --git a/distro-begin b/distro-begin
index 1f1d7bc..5dcdd61 100755
--- a/distro-begin
+++ b/distro-begin
@@ -335,7 +335,9 @@ if dpkg -s -- nscd &>/dev/null; then
 fi
 
 # http://strugglers.net/~andy/blog/2020/12/03/starting-services-only-when-the-network-is-ready-on-debiansystemd/
-systemctl enable ifupdown-wait-online.service
+if systemctl cat ifupdown-wait-online.service &>/dev/null; then
+  sudo systemctl enable ifupdown-wait-online.service
+fi
 
 if bitfolk; then
   # remove line like this: 85.119.82.128   je.iankelling.org       je
diff --git a/distro-end b/distro-end
index dc3ccf3..a0ac545 100755
--- a/distro-end
+++ b/distro-end
@@ -481,8 +481,6 @@ case $HOSTNAME in
     ;;
   li)
 
-
-
     m /a/h/setup.sh iankelling.org
 
     # start mumble only when im going to use it, since i dont use it much
@@ -497,6 +495,18 @@ case $HOSTNAME in
 
     # general vpn for as needed use
     vpn-server-setup -d -r -4 10.2.2 -p 443 -n hole
+    sd /etc/openvpn/client-config-hole/kw <<'EOF'
+ifconfig-push 10.2.2.9 255.255.255.0
+EOF
+    sd /etc/openvpn/client-config-hole/x3 <<'EOF'
+ifconfig-push 10.2.2.8 255.255.255.0
+EOF
+    sd /etc/openvpn/client-config-hole/x2 <<'EOF'
+ifconfig-push 10.2.2.7 255.255.255.0
+EOF
+    sd /etc/openvpn/client-config-hole/wclient <<'EOF'
+ifconfig-push 10.2.2.6 255.255.255.0
+EOF
     sd /etc/openvpn/client-config-hole/frodo <<'EOF'
 ifconfig-push 10.2.2.5 255.255.255.0
 EOF
@@ -701,8 +711,9 @@ sudo update-alternatives --set x-www-browser /usr/bin/abrowser
 pi ${pall[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}') $($src/distro-pkgs)
 
 
-seru enable psd
-seru start psd
+# commented, not worth the hassle i think.
+#seru enable psd
+#seru start psd
 
 
 # website is dead june 14 2019. back in october, but meh
@@ -840,6 +851,10 @@ if [[ -e /p/c/gen-fsf-vpn ]]; then
   /p/c/gen-fsf-vpn
 fi
 
+if [[ -e /p/c/machine_specific/$HOSTNAME/etc/openvpn/client/hole.crt ]]; then
+  sgo openvpn-client@hole
+  fi
+
 if [[ $HOSTNAME == frodo ]]; then
   vpn-mk-client-cert -b frodo -n hole iankelling.org
 fi
@@ -1390,6 +1405,7 @@ if [[ $HOSTNAME != frodo ]]; then
   s cedit hole /etc/hosts <<EOF ||:
 10.2.2.3 amy amy.b8.nz
 10.2.2.5 frodo frodo.b8.nz
+10.2.2.6 wclient wclient.b8.nz
 EOF
 fi
 
diff --git a/mailtest-check b/mailtest-check
index f2d564d..1bec4de 100755
--- a/mailtest-check
+++ b/mailtest-check
@@ -50,8 +50,12 @@ case $HOSTNAME in
     ;;
 esac
 
-
-spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+getspamdpid() {
+  if [[ ! $spamdpid || ! -d /proc/$spamdpid ]]; then
+    spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+  fi
+}
+getspamdpid
 e spamdpid: $spamdpid
 if [[ ! $spamdpid ]]; then
   echo $HOSTNAME mailtest spamd pid not found
@@ -74,6 +78,7 @@ for folder in ${folders[@]}; do
 
       if $slow; then
         find $folder/new $folder/cur -type f -mmin +1080 -delete
+        getspamdpid
         if [[ $spamdpid ]]; then
           if [[ $(readlink /proc/$$/ns/net) != "$(readlink /proc/$spamdpid/ns/net)" ]]; then
             spamcpre="nsenter -t $spamdpid -n -m"
diff --git a/pkgs b/pkgs
index 486382f..cd2e7bc 100644
--- a/pkgs
+++ b/pkgs
@@ -172,7 +172,6 @@ p3=(
   pidgin
   pidgin-otr
   pixz
-  profile-sync-daemon
   pry
   pv
   python-autopep8
diff --git a/primary-setup b/primary-setup
index 6b294ab..203350d 100755
--- a/primary-setup
+++ b/primary-setup
@@ -32,6 +32,7 @@ if dpkg -s rss2email &>/dev/null; then
     #DISPLAY=:0 arbtt-capture --sample-rate=10 &
     m sudo systemctl start rss2email.timer
     m sudo systemctl enable rss2email.timer
+    # off is in mail-setup. no reason for this to be in the rss2email block.
     m sudo systemctl start btrbk.timer
     m sudo systemctl enable btrbk.timer
 
@@ -50,6 +51,8 @@ if dpkg -s rss2email &>/dev/null; then
   fi
 fi
 
+# todo: whats going on here? figure out if this should be removed.
+
 # if dpkg -s radicale &>/dev/null; then
 #   if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
 #     m sudo systemctl restart radicale
@@ -67,14 +70,24 @@ fi
 #   fi
 # fi
 
+
+# todo: this needs to be disabled earlier than primary-setup in switch-mail-host
+
+# if dpkg -s profile-sync-daemon &>/dev/null; then
+#   if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
+#     m systemctl --user start psd
+#     m systemctl --user enable psd
+#   else
+#     m systemctl --user stop psd
+#     m systemctl --user disable psd
+#   fi
+# fi
+
+
 if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
-  m sudo systemctl --user start psd
-  m sudo systemctl --user enable psd
   m sudo systemctl start openvpn-client@hole
   m sudo systemctl enable openvpn-client@hole
 else
-  m sudo systemctl --user stop psd
-  m sudo systemctl --user disable psd
   m sudo systemctl stop openvpn-client@hole
   m sudo systemctl disable openvpn-client@hole
 fi
diff --git a/rootsshsync b/rootsshsync
index 668f8a3..31bc939 100755
--- a/rootsshsync
+++ b/rootsshsync
@@ -52,5 +52,8 @@ if [[ -e $d ]] && ! diff -q /root/.ssh/authorized_keys $d/root/.ssh/authorized_k
   chmod 700 $d/root $d/root/.ssh
   cp -p /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys
   cp -p /root/.ssh/authorized_keys /etc/dropbear-initramfs
+  if [[ -e /root/.ssh/authorized_keys2 ]]; then
+    cat /root/.ssh/authorized_keys2 >>/etc/dropbear-initramfs
+  fi
   update-initramfs -u -k all
 fi
-- 
2.30.2