From 1f027ea146ea6c62002a8f67f831273a5c431b52 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sun, 28 Apr 2024 09:31:11 -0400
Subject: [PATCH] shellcheck, static usb ethnet addresses, fix vpn config

---
 brc                                           | 20 ++---
 brc2                                          | 35 +++++----
 btrbk-run                                     |  1 +
 distro-end                                    | 13 +---
 .../local/bin/check-lets-encrypt-ssl-settings |  2 -
 filesystem/usr/local/bin/ethusb-nm            | 31 ++++++++
 filesystem/usr/local/bin/ethusb-static        | 74 +++++++++++++++++++
 .../etc/openvpn/client-config-hole/bb8        |  1 +
 .../etc/openvpn/client-config-hole/bo         |  1 +
 .../etc/openvpn/client-config-hole/frodo      |  1 +
 .../etc/openvpn/client-config-hole/kd         |  1 +
 .../etc/openvpn/client-config-hole/so         |  1 +
 .../etc/openvpn/client-config-hole/sy         |  1 +
 .../etc/openvpn/client-config-hole/x2         |  1 +
 .../etc/openvpn/client-config-hole/x3         |  1 +
 script-files                                  |  1 -
 shellcheck-this-repo                          | 45 +++++++++++
 system-status                                 |  4 +-
 18 files changed, 187 insertions(+), 47 deletions(-)
 create mode 100644 filesystem/usr/local/bin/ethusb-nm
 create mode 100644 filesystem/usr/local/bin/ethusb-static
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/bb8
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/bo
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/kd
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/so
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/sy
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/x2
 create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/x3
 create mode 100755 shellcheck-this-repo

diff --git a/brc b/brc
index a5c645c..7731b9c 100644
--- a/brc
+++ b/brc
@@ -2474,29 +2474,19 @@ skmodified() {
 }
 
 
-# sk on all the files in current git repo (except those excluded)
+# sk on all the files in current git repo
 skgit() {
-  local f toplevel orig_dir tmp skip pattern
-  local -a ls_files excludes sk_files
+  local f toplevel orig_dir tmp
+  local -a ls_files sk_files
   toplevel=$(git rev-parse --show-toplevel)
   if [[ $PWD != "$toplevel" ]]; then
     orig_dir=$PWD
     cd $toplevel
   fi
-  excludes=(
-    'disabled/*'
-  )
-  tmp=$(git ls-files | shuf)
+  # tracked & untracked files
+  tmp=$(git ls-files && git ls-files --others --exclude-standard)
   mapfile -t ls_files <<<"$tmp"
   for f in "${ls_files[@]}"; do
-    skip=false
-    for pattern in "${excludes[@]}"; do
-      if [[ $f == $pattern ]]; then
-        skip=true
-        break
-      fi
-    done
-    if $skip; then continue; fi
     if sk-p "$f"; then
       sk_files+=("$f")
     fi
diff --git a/brc2 b/brc2
index de12005..05de0a3 100644
--- a/brc2
+++ b/brc2
@@ -172,7 +172,7 @@ slemacs() {
 
 sle() { # sl emacs
   local f=/home/iank/.emacs.d/init.el
-  sl --sl-test-cmd ". /etc/os-release ; printf %s \${VERSION//[^a-zA-Z0-9]/}; test -e $f && stat -c%Y $f" --sl-test-hook slemacs "$@"
+  sl --sl-test-cmd "sed -rn '/^VERSION=/{s/^.*=//;s/[^[:alnum:]]//gp}' /etc/os-release; test -e $f && stat -c%Y $f" --sl-test-hook slemacs "$@"
 }
 ccomp ssh sle
 
@@ -2639,7 +2639,7 @@ wgkey() {
 host-info-all() {
   host-info-update
   bindpushb8
-  ssh li.b8.nz conflink
+  ssh iank@li.b8.nz conflink
   wrt-setup
 }
 
@@ -2650,7 +2650,7 @@ host-info-all() {
 host-info-update() {
 
   local -A vpn_ips host_ips host_macs nonvpn_ips all_ips
-  local -a root_hosts nonroot_hosts
+  local -a root_hosts nonroot_hosts host_usbs
 
   # the hosts with no mac
   root_hosts=( bk je li b8.nz )
@@ -2690,9 +2690,11 @@ host-info-update() {
     else
       nonroot_hosts+=($host ${host}i)
     fi
-
     host_ips[$host]=$ip
-    host_macs[$host]=$mac
+    if [[ $mac ]]; then
+      host_macs[$host]=$mac
+    fi
+
   done </p/c/host-info
 
   {
@@ -2732,17 +2734,17 @@ EOF
       ipsuf=${vpn_ips[$host]}
       i_port=$(( 2200 + ipsuf ))
       cat <<EOF
-      config redirect
-      option name ssh$host
-      option src              wan
-      option src_dport        $i_port
-      option dest_port        22
-      option dest_ip          \$l.$ipsuf
-      option dest             lan
-      config rule
-      option src              wan
-      option target           ACCEPT
-      option dest_port        $i_port
+config redirect
+option name ssh$host
+option src              wan
+option src_dport        $i_port
+option dest_port        22
+option dest_ip          \$l.$ipsuf
+option dest             lan
+config rule
+option src              wan
+option target           ACCEPT
+option dest_port        $i_port
 EOF
     done
     echo "EOF"
@@ -2824,6 +2826,7 @@ EOF
     echo "EOF"
   } | u /p/c/dnsmasq-data
 
+
   b8_ip=$(dig +short b8.nz @iankelling.org | tail -1)
   if [[ ! $b8_ip ]]; then
     echo "$0: error: got empty b8.nz ip. returning 1"
diff --git a/btrbk-run b/btrbk-run
index b4bd302..8fc4c4f 100644
--- a/btrbk-run
+++ b/btrbk-run
@@ -77,6 +77,7 @@ set-location() {
     x2|x3|sy|so)
       if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
            && ip n show 10.2.0.1 | grep . &>/dev/null; then
+        # note: logic duplicated in 11-iank
         at_home=true
       elif ping -q -c1 -w1 hal.office.fsf.org &>/dev/null \
           && ip n show 192.168.0.26 | grep . &>/dev/null; then
diff --git a/distro-end b/distro-end
index 8da4a26..ba0b585 100755
--- a/distro-end
+++ b/distro-end
@@ -523,18 +523,7 @@ EOF
 client-to-client
 EOF
 
-
-    ngset
-    files=(/etc/openvpn/client-config-hole/*)
-    if (( ${#files[@]} >= 1 )); then
-      rm -f ${files[@]}
-    fi
-    ngreset
-    for host in ${!vpn_ips[@]}; do
-      sd /etc/openvpn/client-config-hole/$host <<EOF
-ifconfig-push 10.5.5.${vpn_ips[$host]} 255.255.255.0
-EOF
-    done
+    # note client-config files are setup in brc2 update-host-info
 
 
     # for adding cert to system with /p
diff --git a/filesystem/usr/local/bin/check-lets-encrypt-ssl-settings b/filesystem/usr/local/bin/check-lets-encrypt-ssl-settings
index c9eab42..c4d87dd 100755
--- a/filesystem/usr/local/bin/check-lets-encrypt-ssl-settings
+++ b/filesystem/usr/local/bin/check-lets-encrypt-ssl-settings
@@ -34,8 +34,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-source ~/.bashrc
-
 if [[ ! -e /dev/shm/iank-status ]]; then
   exit 0
 fi
diff --git a/filesystem/usr/local/bin/ethusb-nm b/filesystem/usr/local/bin/ethusb-nm
new file mode 100644
index 0000000..041124e
--- /dev/null
+++ b/filesystem/usr/local/bin/ethusb-nm
@@ -0,0 +1,31 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+
+sed -i --follow-symlinks '/^[^#/]/s/^/#/' /etc/network/interfaces.d/ethusb
diff --git a/filesystem/usr/local/bin/ethusb-static b/filesystem/usr/local/bin/ethusb-static
new file mode 100644
index 0000000..97868d7
--- /dev/null
+++ b/filesystem/usr/local/bin/ethusb-static
@@ -0,0 +1,74 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+
+shopt -s nullglob
+
+# we already configured the interface once, afterwards, comment and
+# uncomment to enable/disable. This makes it so we don't depend on /p
+# being mounted.
+
+if [[ -s /etc/network/interfaces.d/ethusb ]]; then
+  sed -i --follow-symlinks 's/^#//' /etc/network/interfaces.d/ethusb
+  exit 0
+fi
+
+
+while read -r ip host mac; do
+  if [[ $mac != usb ]]; then
+    continue
+  fi
+  if [[ $host = ${HOSTNAME}c ]]; then
+    usbip=$ip
+    break
+  fi
+done </p/c/host-info
+
+if [[ ! $usbip ]]; then
+  exit 0
+fi
+
+ethx=0
+
+# device that has an eth0, but we aren't using it because it is
+# broken. We could just hardcode a mac comparison with `cat
+# /sys/class/net/eth0/address` but this is cooler.
+if [[ -e  /sys/class/net/eth0 ]]; then
+  bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
+  if [[ $bus_info != usb* ]]; then
+    ethx=1
+  fi
+fi
+
+cat >/etc/network/interfaces.d/ethusb <<EOF
+auto eth$ethx
+iface eth$ethx inet static
+  address 10.2.0.$ip/16
+  gateway 10.2.0.1
+EOF
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/bb8 b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/bb8
new file mode 100644
index 0000000..efe7832
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/bb8
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.32 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/bo b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/bo
new file mode 100644
index 0000000..062b893
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/bo
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.29 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo
new file mode 100644
index 0000000..7fbb17c
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.34 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/kd b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/kd
new file mode 100644
index 0000000..095befb
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/kd
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.2 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/so b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/so
new file mode 100644
index 0000000..0ba69f2
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/so
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.3 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/sy b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/sy
new file mode 100644
index 0000000..bfad767
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/sy
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.7 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/x2 b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/x2
new file mode 100644
index 0000000..16ef137
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/x2
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.23 255.255.255.0
diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/x3 b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/x3
new file mode 100644
index 0000000..cf4cffa
--- /dev/null
+++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/x3
@@ -0,0 +1 @@
+ifconfig-push 10.5.5.8 255.255.255.0
diff --git a/script-files b/script-files
index f2b5d44..712da26 100644
--- a/script-files
+++ b/script-files
@@ -65,4 +65,3 @@ my_service_scripts=(
 # note: turn this into an array if we ever add more
 my_lib_files=/a/bin/bash-bear-trap/bash-bear
 
-all_my_scripts=("${my_service_scripts[@]}" "${my_bin_files[@]}" $my_lib_files)
diff --git a/shellcheck-this-repo b/shellcheck-this-repo
new file mode 100755
index 0000000..926797c
--- /dev/null
+++ b/shellcheck-this-repo
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
+
+. .bashrc
+
+# "a", as in, pass to sk -a
+a_files=(
+  brc2
+  install-my-scripts
+)
+
+a_sourced_files=(
+  script-files
+  beet-data
+)
+
+declare -a ls_files standard_files
+
+# so, shellcheck doesn't like files that declare variables that are just
+# used in other files that source them. Using -a like this is the only
+# way to solve it. We can't just -a on everything because then we would
+# get various files I didn't write and that don't pass shellcheck.
+sk -a ${a_files[@]}
+
+
+tmp=$(git ls-files && git ls-files --others --exclude-standard)
+mapfile -t ls_files <<<"$tmp"
+for f in "${ls_files[@]}"; do
+  skip=false
+  for fignore in ${a_files[@]} ${a_sourced_files[@]}; do
+    if [[ $f == "$fignore" ]]; then
+      skip=true
+      break
+    fi
+  done
+  if $skip; then continue; fi
+  if sk-p "$f"; then
+    standard_files+=("$f")
+  fi
+done
+
+sk "${standard_files[@]}"
diff --git a/system-status b/system-status
index 2efb2dc..d6269d9 100755
--- a/system-status
+++ b/system-status
@@ -358,8 +358,10 @@ write-status() {
           if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
         done
 
+        script_files=("${my_service_scripts[@]}" "${my_bin_files[@]}" $my_lib_files)
+
         # Just because i forget a lot, -mmin -NUM means files modified <= NUM minutes ago
-        if (( fmin < 0 )) && [[ $(find ${all_my_scripts[@]} ${all_dirs[@]} -mmin $fmin -type f -print -quit 2>/dev/null) ]]; then
+        if (( fmin < 0 )) && [[ $(find "${script_files[@]}" ${all_dirs[@]} -mmin $fmin -type f -print -quit 2>/dev/null) ]]; then
           v conflink newer filesystem files
           chars+=(CONFLINK)
           break
-- 
2.30.2