From 5a5455b15beeb07ab511b35d345544fcb5311600 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 12 Aug 2024 23:48:26 -0400 Subject: [PATCH] lots of fixes and improvements --- Makefile | 2 +- brc | 479 ++++++++++++------ brc2 | 37 +- check-remote-mailqs | 8 +- distro-begin | 4 +- distro-end | 10 +- filesystem/usr/local/bin/ikclip | 25 + filesystem/usr/local/bin/myupgrade | 8 +- .../usr/local/bin/rootsshsync | 4 +- .../usr/share/applications/ikclip.desktop | 12 + g | 5 +- mail-setup | 221 ++++---- pkgs | 1 + .../.config/xdg-desktop-portal/portals.conf | 11 + system-status | 5 +- transmission-firewall/netns.rules | 5 + 16 files changed, 551 insertions(+), 286 deletions(-) create mode 100755 filesystem/usr/local/bin/ikclip rename rootsshsync => filesystem/usr/local/bin/rootsshsync (97%) create mode 100644 filesystem/usr/share/applications/ikclip.desktop create mode 100644 subdir_files/.config/xdg-desktop-portal/portals.conf diff --git a/Makefile b/Makefile index 3c19e63..525652f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ all: ~/.local/distro-begin ~/.local/distro-end -~/.local/distro-begin: distro-begin mail-setup /a/bin/buildscripts/emacs ssh-emacs-setup +~/.local/distro-begin: distro-begin mail-setup /a/bin/buildscripts/emacs ssh-emacs-setup /a/bin/fai/fai/config/scripts/IANK/11-iank distro-begin ~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc diff --git a/brc b/brc index 161a2cc..115d3fa 100644 --- a/brc +++ b/brc @@ -208,21 +208,10 @@ if [[ $INFOPATH != *: ]]; then INFOPATH="$INFOPATH:" fi -# info parameter expansion -# -# info cheat sheet: -# H: see keybinds -# / search, {, }: next/prev match -# ctrl/alt-v scroll forward/backward within this node -# l: go to previous node -# -info-pe() { - info bash 'Basic Shell Features' 'Shell Expansions' 'Shell Parameter Expansion' -} - -# for openwrt system that has no stty, this is easier than -# guarding every time i use it. +# shadow stty on systems without it. Fixes annoying errors on openwrt +# system that has no stty, this is easier than guarding every time i use +# it. if ! type -p stty >/dev/null; then stty() { :; } fi @@ -336,7 +325,8 @@ fi # go exists here path-add --ifexists /usr/local/go/bin - +# Wrap source command to look in alternate directory in conjunction with +# sl(). mysrc() { local path dir file path=$1 @@ -423,10 +413,16 @@ ccomp() { # We keep 2 stacks of directories, forward and back. Unlike with a web # browser, the forward stack is not erased when going somewhere new. # -# Recent directories are stored in ~/.cdirs. +# Recent directories are stored in ~/.cdirs or $DOT_CDIRS if it is set # declare -a _dir_forward _dir_back c() { + local cdirs + if [[ $DOT_CDIRS ]]; then + cdirs="$DOT_CDIRS" + else + cdirs=~/.cdirs + fi # normally, the top of _dir_back is our current dir. if it isn't, # put it on there, except we don't want to do that when we # just launched a shell @@ -439,7 +435,7 @@ c() { if (( ${#_dir_back[@]} == 0 )) || [[ ${_dir_back[-1]} != "$PWD" ]]; then _dir_back+=("$PWD") fi - echo "$PWD" >> ~/.cdirs + echo "$PWD" >>"$cdirs" } ccomp cd c @@ -528,21 +524,27 @@ cl() { local i line input start local -A buttondirs alines local -a buttons dirs lines + local cdirs + if [[ $DOT_CDIRS ]]; then + cdirs="$DOT_CDIRS" + else + cdirs=~/.cdirs + fi buttons=( {a..z} {2..9} ) - if [[ ! -s ~/.cdirs ]]; then - echo nothing in ~/.cdirs + if [[ ! -s "$cdirs" ]]; then + echo nothing in "$cdirs" return 0 fi i=0 - mapfile -t lines <~/.cdirs + mapfile -t lines <"$cdirs" start=$(( ${#lines[@]} - 1 )) # we have ~33 buttons as of this writing, so lets # prune down the history every once in a while. if (( start > 500 )); then - tac ~/.cdirs | awk '!seen[$0]++' | head -n 200 | tac | sponge ~/.cdirs || [[ $? == 141 ]] + tac "$cdirs" | awk '!seen[$0]++' | head -n 200 | tac | sponge "$cdirs" || [[ $? == 141 ]] fi for (( j=start; j >= 0; j-- )); do @@ -562,7 +564,7 @@ cl() { done if (( i == 0 )); then - echo "no dirs in ~/.cdirs" + echo "no dirs in "$cdirs"" return 0 fi read -sr -N 1 input @@ -614,8 +616,8 @@ bl() { } # like running cl a cla() { - local line - mapfile -t lines <~/.cdirs + local line cdirs + mapfile -t lines <"$cdirs" start=$(( ${#lines[@]} - 1 )) for (( j=start; j >= 0; j-- )); do line="${lines[$j]}" @@ -769,6 +771,8 @@ tsl() { fi } +# Gets all the essential disk info on a machine. In case it gets ill, this +# will help us know the expected state. disk-info() { local cmds cmd mapfile -t cmds <<'EOF' @@ -793,8 +797,8 @@ EOF done } +# Send a screencast in rtp. For libreplanet testing of local stream. screenrtp() { - local ip port xoffset read -r ip port xoffset <<<"$@" @@ -828,6 +832,8 @@ screenrtp() { done } +# Set the basic X related environment variables we don't have in some +# cases. setxenv() { if [[ ! $DISPLAY ]]; then export DISPLAY=:0.0 @@ -843,9 +849,10 @@ setxenv() { ..() { c ..; } ...() { c ../..; } ....() { c ../../..; } -.....() { c ../../../..; } +.....() { c ../../../j..; } ......() { c ../../../../..; } +# Given a file, output a here document which rewrites the file. chere() { local f path for f; do @@ -1046,21 +1053,14 @@ kdrescue() { - +# cat exim4 c4() { c /var/log/exim4; } +# commit all amend caa() { git commit --amend --no-edit -a; } -cf() { - for f; do - hr - echo "$f" - hr - cat "$f" - done -} +# cat + hr all files found by find. caf() { - local file find -L "$@" -type f -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ @@ -1077,18 +1077,21 @@ caf() { } ccomp cat cf caf +# calculator calc() { echo "scale=3; $*" | bc -l; } -# no having to type quotes, but also no command history: +# calculator without needing to type quotes, but also no command history: clc() { local x read -r x echo "scale=3; $x" | bc -l } +# quick chmod +X cx() { chmod +X "$@" } +# commit all with message cam() { git commit -am "$*" } @@ -1098,6 +1101,7 @@ ccat () { # config cat. see a config without extra lines. } ccomp grep ccat +# Setup chroot bindmounts (idempotently) chrbind() { local d # dev/pts needed for pacman signature check @@ -1108,6 +1112,7 @@ chrbind() { fi done } +# unmount chroot bindmounts chumount() { local d # dev/pts needed for pacman signature check @@ -1141,8 +1146,8 @@ _cdiff-prep() { echo "$pastline" >> "$2" } +# config diff. (for very common config format or two) cdiff() { - # diff config files, # setup for format of postfix, eg: # option = stuff[,] # [more stuff] @@ -1159,7 +1164,7 @@ cdiff() { done < "$unified" } - +# cat new files as they appear in $1. cat-new-files() { local start=$SECONDS local dir="$1" @@ -1174,10 +1179,12 @@ cat-new-files() { } +# quicker chown to my user chownme() { s chown -R $USER:$USER "$@" } +# Better chown defaults. # shellcheck disable=SC2032 chown() { # makes it so chown -R symlink affects the symlink and its target. @@ -1190,25 +1197,30 @@ chown() { fi } +# commit with message cim() { git commit -m "$*" } - +# push a process down. d() { builtin bg "$@"; } ccomp bg d +# faster fg. # f would be more natural, but i already am using it for something z() { builtin fg "$@"; } ccomp fg z +# quick kill. x() { builtin kill %%; } +# diff content, aka word diff. dc() { - diff --strip-trailing-cr -w "$@" # diff content + diff --strip-trailing-cr -w "$@" } ccomp diff dc +# remove spaces from file name(s) despace() { local x y for x in "$@"; do @@ -1250,10 +1262,13 @@ hostip() { esac } +# dig nicer defaults dig() { command dig +nostats +nocmd "$@" } -# Output with sections sorted, and removal of query id, so 2 dig outputs can be diffed. + +# dig "$@" and output with sections sorted, and removal of query id, so +# 2 dig outputs can be diffed. digsort() { local sec sec= @@ -1297,12 +1312,13 @@ dtd() { } ccomp date dt dtr dtd -dus() { # du, sorted, default arg of +# du sorted. Default target of *. +dus() { du -sh ${@:-*} | sort -h } ccomp du dus - +# echo e() { printf "%s\n" "$*"; } # echo args @@ -1331,11 +1347,13 @@ ev() { done } +# emacs ediff from cli ediff() { [[ ${#@} == 2 ]] || { echo "error: ediff requires 2 arguments"; return 1; } emacs --eval "(ediff-files \"$1\" \"$2\")" } +# tail rspam log rspamta() { ta "$@" /var/log/rspamd/rspamd.log } @@ -1344,17 +1362,18 @@ rspamta() { _rspamtag() { tailf /var/log/rspamd/rspamd.log | grp "$@" } +# tail rspam log + grep $@ rspamtag() { bn _rspamtag "$@" } -# etail + grep. _etailg() { ngset tailf /var/log/exim4/mainlog /var/log/exim4/*main /var/log/exim4/paniclog /var/log/exim4/*panic -n 200 | grp "$@" ngreset } +# etail + grep. etailg() { bn _etailg "$@" } @@ -1382,6 +1401,7 @@ tailf() { fi } +# tail -F but keep our shell line untouched.. ta() { bn tailf "$@" } @@ -1390,6 +1410,7 @@ _tag() { file="$1" tailf "$file" | gr --line-buffered "$@" } +# ta + grep tag() { bn _tag "$@" } @@ -1399,22 +1420,17 @@ ccomp tail etail etail2 ta _cron-test() { tailf /var/log/syslog | gr --line-buffered cron } - +# tool to manually test cronjobs cron-test() { echo "cron will check for new files in about $(( 60 - $(date +%S) + 2 )) seconds" bn _cron-test } -# ran into this online, trying it out -detach() { - ( "$@" &>/dev/null & disown ) -} - +# ssh + cat both auth keys files. showkeys() { ssh "$@" cat .ssh/authorized_keys{,2} } - # print exim old pids eoldpids() { local configtime pid piduptime now daemonpid @@ -1469,10 +1485,12 @@ ewatchold() { done } +# eximlog less eless() { less /var/log/exim4/mainlog } ccomp less eless +# exim queue cat eqcat() { exiqgrep -ir.\* -o 60 | while read -r i; do hlm exim -Mvc $i @@ -1480,6 +1498,7 @@ eqcat() { hlm exigrep $i /var/log/exim4/mainlog | cat ||: done } +# do like rm -f for messages in the exim queue. eqrmf() { # other ways to get the list of message ids: # exim -bp | awk 'NF == 4 {print $3}' @@ -1487,7 +1506,7 @@ eqrmf() { # exipick -i exiqgrep -ir.\* | xargs exim -Mrm } - +# create a development exim config directory. econfdevnew() { rm -rf /tmp/edev mkdir -p /tmp/edev/etc @@ -1496,20 +1515,22 @@ econfdevnew() { find /tmp/edev/etc/exim4 -type f -execdir sed -i "s,/etc/,/tmp/edev/etc/,g" '{}' + econfdev } +# build a development exim config. econfdev() { update-exim4.conf -d /tmp/edev/etc/exim4 -o /tmp/edev/e.conf } -# exim grep in +# exim log grep for incoming. # show important information about incoming mail in the exim log egrin() { sed -rn '/testignore|jtuttle|eximbackup/!s/^[^ ]+ ([^ ]+) [^ ]+ [^ ]+ <= ([^ ]+).*T="(.*)" from (<[^ ]+> .*$)/\1 \4\n \3/p' <${1:-/var/log/exim4/mainlog} } - +# exim log grep for incoming + show message-ids. # 2nd line is message-id: egrinid() { sed -rn '/testignore|jtuttle|eximbackup/!s/^[^ ]+ ([^ ]+) [^ ]+ [^ ]+ <= ([^ ]+).* id=([^ ]+) T="(.*)" from (<[^ ]+> .*$)/\1 \5\n \3\n \4/p' <${1:-/var/log/exim4/mainlog} } +# exim log tail + filter for incoming messages. etailin() { local -a tail_arg tail_arg=(-n500) @@ -1521,23 +1542,24 @@ etailin() { - +# find array. make an array of file names found by find into $x +# argument: find arguments +# return: find results in an array $x fa() { - # find array. make an array of file names found by find into $x - # argument: find arguments - # return: find results in an array $x while read -rd ''; do x+=("$REPLY"); done < <(find "$@" -print0); } +# find all files. use -L to follow symlinks # shellcheck disable=SC2120 -faf() { # find all files. use -L to follow symlinks +faf() { find "$@" -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ -o -name .undo-tree-history -prune \) -type f 2>/dev/null } +# ffmpeg concat files. # usage ffconcat FILES_TO_CONCAT OUTPUT_FILE ffconcat() { local tmpf @@ -1551,6 +1573,7 @@ ffconcat() { ffmpeg -f concat -safe 0 -i $tmpf -c copy "$1" rm $tmpf } +# ffmpeg remux files. ffremux() { local tmpf tmpd if (( $# == 0 )); then @@ -1609,8 +1632,7 @@ fpd() { OLDPWD="$initial_oldpwd" } - -# mail related +# cat exim frozen messages in a nice format. frozen() { rm -rf /tmp/frozen sudo mailq |gr frozen|awk '{print $3}' | while read -r id; do @@ -1622,6 +1644,7 @@ frozen() { echo -e '\n\n##############################\n' done | tee -a /tmp/frozen } +# nice deletion of exim frozen messages. frozenrm() { local ids=() while read -r line; do @@ -1633,16 +1656,17 @@ frozenrm() { sudo exim -Mrm "${ids[@]}" } +# like -e for functions. returns on error. +# at the end of the function, disable with: +# trap ERR funce() { - # like -e for functions. returns on error. - # at the end of the function, disable with: - # trap ERR trap 'echo "${BASH_COMMAND:+BASH_COMMAND=\"$BASH_COMMAND\" } ${FUNCNAME:+FUNCNAME=\"$FUNCNAME\" }${LINENO:+LINENO=\"$LINENO\" }\$?=$?" trap ERR return' ERR } +# see help= getdir () { local help="Usage: getdir [--help] PATH Output the directory of PATH, or just PATH if it is a directory." @@ -1678,6 +1702,7 @@ git_empty_branch() { # start an empty git branch. carefull, it deletes untracked git clean -fdx } +# see help= # shellcheck disable=SC2120 gitroot() { local help="Usage: gitroot [--help] @@ -1695,7 +1720,6 @@ and works in older versions of git which did not have that." echo "${p%%/.git}" } - # g pipe. like: cmd | emacs. save cmd output to tmp file, then edit. gp() { cat &>/a/tmp/gtmp @@ -1718,25 +1742,22 @@ gc() { g $("$@") } -# force terminal version +# g, but run terminal emacs. gn() { g -n "$@" } +# emacs under gdb. gmacs() { # quit will prompt if the program crashes. gdb -ex=r -ex=quit --args emacs "$@"; r; } +# kill the emacs daemon gdkill() { - # kill the emacs daemon pk1 emacs --daemon } -# execute, grep & background with bn. usage: -# -# CMD GREP ARGS -# CMD CMD_ARGS - GREP ARGS _grx() { local arg local -a cmd grep_args @@ -1752,18 +1773,24 @@ _grx() { done "${cmd[@]}" | grp "${grep_args[@]}" } +# execute a command, grep it & background with bn. +# usage: +# CMD GREP ARGS +# CMD CMD_ARGS - GREP ARGS grx() { bn _grx "$@" } -# grep to pipe in interactive shell +# grep with fix for pipe buffering in interactive shell. grp() { gr --color=always --line-buffered "$@" || return $? } +# quick grep gr() { grep -iIP --color=auto "$@" || return $? } -grr() { # grep recursive +# grep recursive +grr() { # Don't return 1 on nonmatch because this is meant to be # interactive, not in a conditional. if [[ ${#@} == 1 ]]; then @@ -1774,10 +1801,12 @@ grr() { # grep recursive } ccomp grep gr grr +# recursive grep rg() { grr "$@"; } ccomp grep rg -# recursive everything. search for files/dirs and lines. rs = easy chars to press +# recursive grep and find (e for everything). search for files/dirs and +# lines. re() { local query query="$1" @@ -1801,11 +1830,12 @@ hr() { if (( end_count >= 1 )); then end=${end:0:$end_count} else + end= fi printf "%s\n" "$(tput setaf 5 2>/dev/null ||:)$start$end$(tput sgr0 2>/dev/null||:)" } -# highlight +# highlighted echo. hl() { local col input_len=0 for arg; do @@ -1819,8 +1849,10 @@ hl() { fi echo } +# hl, then run. hlm() { hl "$*"; "$@"; } +# cat file(ss), adding hr lines indicating the start, end, and echo file name. hrcat() { local f; for f; do [[ -f $f ]] || continue; hr; echo "$f"; cat "$f"; done } # example usage: @@ -1850,11 +1882,11 @@ github-release-dl() { m wget -- "$latest_prefix/$file_prefix$version$file_suffix" } -# examples. +## Given a url to a github repo written in go, install its binary +## (assuming it follows a common pattern). +# examples: # go-github-install restic/restic restic_ _linux_amd64.bz2 # go-github-install restic/rest-server rest-server_ _linux_amd64.tar.gz - -# common pattern among go binaries on github go-github-install() { local tmpd targetf tmp files src tmpd=$(mktemp -d) @@ -1945,6 +1977,7 @@ hub() { command hub "$@" } +# git alias i() { git "$@"; } ccomp git i @@ -1963,52 +1996,82 @@ ccomp git i # importing cvs repo into git using git-cvs package: # /f/www $ /usr/lib/git-core/git-cvsimport -C /f/www-git +# fast commit all ic() { - # fast commit all git commit -am "$*" } +# simple alias ipp() { git pull git push } +# quick insensitive find ifn() { local glob + local -a args + while [[ $2 ]]; do + args+=("$1") + shift + done glob="$1" shift - find -L "$@" -not \( -name .svn -prune -o -name .git -prune \ + find -L "${args[@]}" -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ -o -name .undo-tree-history -prune \) -iname "*$glob*" 2>/dev/null } +ifs() { # insensitive find suffix + local glob + local -a args + while [[ $2 ]]; do + args+=("$1") + shift + done + glob="$1" + shift + find -L "${args[@]}" -not \( -name .svn -prune -o -name .git -prune \ + -o -name .hg -prune -o -name .editor-backups -prune \ + -o -name .undo-tree-history -prune \) -iname "*$glob" 2>/dev/null +} + + ifh() { - # insensitive find here. args are combined into the search string. + # insensitive find here, args are combined into the search string. # -L = follow symlinks find -L . -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ -o -name .undo-tree-history -prune \) -iname "*$**" 2>/dev/null } - +# insensitive find directory ifd() { - # insensitive find directory find -L . -type d -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ -o -name .undo-tree-history -prune \) -iname "*$**" 2>/dev/null } +ifs() { + # insensitive find suffix from here, args are combined into the search string. + # -L = follow symlinks + find -L . -not \( -name .svn -prune -o -name .git -prune \ + -o -name .hg -prune -o -name .editor-backups -prune \ + -o -name .undo-tree-history -prune \) -iname "*$**" 2>/dev/null +} +# quick iptables drop a source ip arg. ipdrop() { sudo iptables -A INPUT -s $1 -j DROP } - +# test if a file contains text vs binary. istext() { grep -Il "" "$@" &>/dev/null } +# pstree alias pst() { - pstree -apnA + pstree -apnAl } # journalctl with times in the format the --since= and --until= options accept @@ -2034,7 +2097,7 @@ jrug() { ccomp journalctl jr jrf jru - +# ls with minor improvements l() { if [[ $PWD == /[iap] ]]; then command ls -A --color=auto -I lost+found "$@" @@ -2042,13 +2105,13 @@ l() { command ls -A --color=auto "$@" fi } - +# locate -i without the need to quote spaces lcn() { locate -i "*$**"; } - +# ll with directories grouped lg() { LC_COLLATE=C.UTF-8 ll --group-directories-first "$@"; } - +# ll mod time sorted lt() { ll -tr "$@"; } - +# quick ll -d lld() { ll -d "$@"; } ccomp ls l lg lt lld ll @@ -2084,7 +2147,8 @@ lowr() { done } -low() { # make filenames lowercase, remove bad chars +# make filenames lowercase, remove bad chars +low() { local arg new dir f for arg; do arg="${arg%%+(/)}" # remove trailing slashes. assumes we have extglob on. @@ -2149,32 +2213,34 @@ histplain() { ccomp grep k ks ksu histrm - +# show makefile targets of current directory makefile. make-targets() { - # show make targets, via http://stackoverflow.com/questions/3063507/list-goals-targets-in-gnu-make + # via http://stackoverflow.com/questions/3063507/list-goals-targets-in-gnu-make make -qp | awk -F':' '/^[a-zA-Z0-9][^$#\/\t=]*:([^=]|$)/ {split($1,A,/ /);for(i in A)print A[i]}' } +# mkdir + cd mkc() { mkdir "$1" c "$1" } ccomp mkdir mkc - +# mktemp -d + cd mkct() { mkc "$(mktemp -d)" } -# mkdir the last arg, cp the rest into it +# mkdir the last arg, then cp the remaining args into it mkcp() { mkdir -p "${@: -1}" cp "${@:1:$#-1}" "${@: -1}" } +# mkdir the last arg, then mv the remaining args into it mkmv() { mkdir -p "${@: -1}" mv "${@:1:$#-1}" "${@: -1}" } - -mkt() { # mkdir and touch file +# mkdir directory underneath $1, then touch $1 +mkt() { local path="$1" mkdir -p "$(dirname "$path")" touch "$path" @@ -2183,6 +2249,7 @@ mkt() { # mkdir and touch file # shellcheck disable=SC2032 mkdir() { command mkdir -p "$@"; } +# nagstamon fix nags() { # https://github.com/HenriWahl/Nagstamon/issues/357 if ! pgrep -f /usr/bin/dunst >/dev/null; then @@ -2200,13 +2267,14 @@ profsrc() { prof() { command prof &>/dev/null & } -# self chat +# self chat. chatlog messages to myself. sc() { while read -r l; do printf '\033[1A\033[K'; printf "%s\n" "$l"| ts "%F %T" | tee -a /p/self-chat.log done } +# simple alias nmt() { # cant use s because sudo -i doesnt work for passwordless sudo command case $EUID in @@ -2219,7 +2287,7 @@ nmt() { esac } - +# nullglob set, track original state. ngset() { if shopt nullglob >/dev/null; then ngreset=false @@ -2228,12 +2296,14 @@ ngset() { ngreset=true fi } +# nullglob reset ngreset() { if $ngreset; then shopt -u nullglob fi } +# empty exim panic log nopanic() { # shellcheck disable=SC2024 ngset @@ -2290,6 +2360,7 @@ pk1() { esac } +# ps grep psg () { local x y help help="Usage: psg [--help] GREP_ARGS @@ -2312,9 +2383,18 @@ pubip6() { curl -6s https://icanhazip.com; } whatismyip() { pubip; } -q() { # start / launch a program in the backround and redir output to null +q() { # quietly start / launch a program + "$@" &> /dev/null & disown + # online, I ran into a version that runs in a subshell with ( ), I + # suppose that might quiet some programs that try to talk to the tty + # on their own. I'll just wait and see if I ever have the need for + # that. +} +# quiet , but keep it as a job +qk() { "$@" &> /dev/null & } + # quietly run command and then redisplay prompt on the same line. qr() { local ret=0 @@ -2418,22 +2498,11 @@ wemode() { # remove the we, then press down. bind '"\C-m": "\e \eOHwe \C-q\C-j"' } +# turn off wemode weoff() { bind '"\C-m": accept-line' } -# Run the command in the background and make its output go above our -# prompt so it doesn't interfere with it. Especially useful for tailing -# logs. -# -# The name bn is not special. -# -# Note: if you want to tail -f | grep, wrap it in a function -# first, and use grep --line-buffered --color=always (because we are piping to a pipe). -# -# Note: colorization will need to be turned on since it captures -# output to a pipe, eg: SYSTEMD_COLORS=true bn journalctl -f -# _bn() { local line lwlc i "$@" |& while read -r line; do @@ -2455,12 +2524,25 @@ _bn() { echo -ne "\e7\e[${lwlc}A\e[1G\e[${lwlc}L$line\e8" done } +# Run the command in the background and make its output go above our +# prompt so it doesn't interfere with it. Especially useful for tailing +# logs. +# +# The name bn is not special. +# +# Note: if you want to tail -f | grep, wrap it in a function +# first, and use grep --line-buffered --color=always (because we are piping to a pipe). +# +# Note: colorization will need to be turned on since it captures +# output to a pipe, eg: SYSTEMD_COLORS=true bn journalctl -f +# bn() { # We wrap a function rather than a long {} so that it looks nicer in # job control output. _bn "$@" & } +# save history & exit the shell. # shellcheck disable=SC2120 r() { if [[ $HISTFILE ]]; then @@ -2472,12 +2554,18 @@ r() { # exit "$@" 2>/dev/null } -# scp is insecure and deprecated. +# rsync with nice defaults. +# scp is a bit insecure and deprecated. scp() { - rsync -Pt --inplace "$@" + local -a arg + if [[ $SL_SSH_ARGS ]]; then + arg=(-e "ssh $SL_SSH_ARGS") + fi + rsync "${arg[@]}" -Pt --inplace "$@" } ccomp rsync scp +# output a random high port. randport() { # available high ports are 1024-65535, # but lets skip things that are more likely to be in use @@ -2493,11 +2581,13 @@ reb() { source ~/.bashrc } + rl() { readlink -f "$@" } ccomp readlink rl +# rsync delete. rsd() { # rsync, root is required to keep permissions right. # rsync --archive --human-readable --verbose --itemize-changes --checksum \(-ahvic\) \ @@ -2505,15 +2595,15 @@ rsd() { # basically, make an exact copy, use checksums instead of file times to be more accurate rsync -ahvic --delete "$@" } +# rlu, but dont delete files extra files on the remote host. rsa() { - # like rlu, but dont delete files on the target end which - # do not exist on the original end. rsync -ahvic "$@" } +# rsync: use checksums & preserve target modification time. rst() { - # rl without preserving modification time. rsync -ahvic --delete --no-t "$@" } +# rsync update a common absolute path. # [RSYNC_OPTS] HOST PATH rsu() { # eg. rsu -opts frodo /testpath @@ -2528,13 +2618,14 @@ rsu() { } ccomp rsync rsd rsa rst rsu -# find programs listening on a port +# find programs listening on a given port ssp() { local port=$1 # to figure out these args, i had to look at the man page from git version, as of 2022-04. s ss -lpn state listening sport = $port } +# output info relevant to debugging dns resolution resolvcat() { local f if [[ $(systemctl is-active nscd ||:) != inactive ]]; then @@ -2561,9 +2652,11 @@ resolvcat() { fi } +# simple alias rcat() { resolvcat | less } +# restart whatever resolver I happen to be using. reresolv() { if [[ $(systemctl is-active nscd ||:) != inactive ]]; then m ser stop nscd @@ -2582,16 +2675,17 @@ reresolv() { fi } -# add annoyingly long argument which should be the default +# sed + add annoyingly long argument which should be the default sedi() { sed -i --follow-symlinks "$@" } - +## piped in lines get shell escaped. +# # todo: test variable assignment with newlines here. # https://stackoverflow.com/questions/15783701/which-characters-need-to-be-escaped-when-using-bash - +# # beware that it only works on the assumption that any special # characters in the input string are intended to be escaped, not to work # as special chacters. @@ -2603,15 +2697,18 @@ rmstrips() { ssh fencepost head -n 300 /gd/gnuorg/EventAndTravelInfo/rms-current-trips.txt | less } +# run a command with $1 as its umask. urun () { umask $1 shift "$@" } +# simple wrapper sudo () { command sudo "$@" || return $? DID_SUDO=true } +# sudo wrapper. s() { # background # I use a function because otherwise we cant use in a script, @@ -2629,18 +2726,20 @@ s() { "$@" fi } -sb() { # sudo bash -c - # use sb instead of s is for sudo redirections, - # eg. sb 'echo "ok fine" > /etc/file' +# sudo bash -c +# use sb instead of s is for sudo redirections, +# eg. sb 'echo "ok fine" > /etc/file' +sb() { # shellcheck disable=SC2034 local SUDOD="$PWD" sudo -i bash -c "$@" } -# secret sudo +# sudo with umask 0077, amenable to making files containing secrets. se() { s urun 0077 "$@"; } ccomp sudo s sb se -safe_rename() { # warn and dont rename if file exists. +# mv, but warn and dont rename if the target file exists. +safe_rename() { # mv -n exists, but it\'s silent if [[ $# != 2 ]]; then echo safe_rename error: $# args, need 2 >&2 @@ -2655,11 +2754,11 @@ safe_rename() { # warn and dont rename if file exists. fi } - +# simple alias sd() { sudo dd status=none of="$1" } - +# service wrapper. ser() { if type -p systemctl &>/dev/null; then s systemctl "$@" @@ -2671,11 +2770,12 @@ ser() { s service $2 $1 fi } +# simple alias serstat() { systemctl -n 40 status "$@" } -# assume last arg is a service and we want to tail its log. +# quickly journalctl -f FINAL_ARG, then systemctl $@ serj() { local service jr_pid ret ret=0 @@ -2688,6 +2788,7 @@ serj() { (( ret == 0 )) || return $ret } + seru() { systemctl --user "$@"; } # like restart, but do nothing if its not already started srestart() { @@ -2726,6 +2827,7 @@ sgo() { # service go ser enable $service fi } +# service off soff () { for service; do # ignore services that dont exist @@ -2736,15 +2838,16 @@ soff () { done } +# Systemd Grep Unit file list. sgu() { systemctl list-unit-files | rg "$@" } -# check whether we generally want to do sk on the file +# test for whether we generally want to do sk on the file sk-p() { [[ ! -L $f ]] && istext "$1" && [[ $(head -n1 "$1" 2>/dev/null) == '#!/bin/bash'* ]] } - +# shellcheck with better defaults. sk() { # see https://savannah.gnu.org/maintenance/fsf/bash-style-guide/ for justifications local quotes others ret @@ -3072,10 +3175,10 @@ ssh() { } +# log with script. timing is $1.t and script is $1.s +# -l to save to ~/typescripts/ +# -t to add a timestamp to the filenames slog() { - # log with script. timing is $1.t and script is $1.s - # -l to save to ~/typescripts/ - # -t to add a timestamp to the filenames local logdir do_stamp arg_base (( $# >= 1 )) || { echo "arguments wrong"; return 1; } logdir="/a/dt/" @@ -3097,14 +3200,16 @@ slog() { $do_stamp && arg_base+=$(date +%F.%T%z) script -t $arg_base.s 2> $arg_base.t } -splay() { # script replay +# script replay +splay() { #logRoot="$HOME/typescripts/" #scriptreplay "$logRoot$1.t" "$logRoot$1.s" scriptreplay "$1.t" "$1.s" } +# sudo redo. be aware, this command may not work right on strange +# distros or earlier software sr() { - # sudo redo. be aware, this command may not work right on strange distros or earlier software if [[ $# == 0 ]]; then sudo -E bash -c -l "$(history -p '!!')" else @@ -3117,12 +3222,20 @@ srm () { command srm -ll "$@" } +# scp a script then ssh and run it. +# +# note on use cases: this can be useful for running a commands locally, +# dump them into a script, then run remotely. Note, there is no way to +# include an escaped ; in an ssh arg so that it works in the remote +# command, but we can use eval to make it work. For example: +# +# ssh ahost eval cd /mnt/root/btrbk \; ls -1 a.\* srun() { scp $2 $1:/tmp ssh $1 "/tmp/${2##*/}" "$(printf "%q\n" "${@:2}")" } - +# swap 2 files swap() { local tmp tmp=$(mktemp) @@ -3131,7 +3244,8 @@ swap() { mv $tmp $2 } -tclock() { # terminal clock +# terminal clock +tclock() { local x clear date +%l:%_M @@ -3167,8 +3281,8 @@ tclock() { # terminal clock } +# test existence / exists te() { - # test existence / exists local ret=0 for x in "$@"; do [[ -e "$x" || -L "$x" ]] || ret=1 @@ -3176,6 +3290,7 @@ te() { return $ret } +# Turn off my prompt hook function (it makes set -x annoyingly verbose). psoff() { # normally, i would just execute these commands in the function. # however, DEBUG is not inherited, so we need to run it outside a function. @@ -3184,7 +3299,7 @@ psoff() { # shellcheck disable=SC2178 # intentional PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1=" \w \$ "' } - +# Turn on my prompt hook function. pson() { PROMPT_COMMAND=(prompt-command) if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then @@ -3199,7 +3314,8 @@ pnodecurl() { s curl --cert-type PEM --cert /etc/prometheus/ssl/prometheus_cert.pem --key /etc/prometheus/ssl/prometheus_key.pem --cacert /etc/prometheus/ssl/prom_node_cert.pem --resolve prom_node:9100:$host -v https://prom_node:9100/metrics } -tx() { # toggle set -x, and the prompt so it doesnt spam +# toggle set -x and my custom prompt so it doesnt spam +tx() { if [[ $- == *x* ]]; then set +x pson @@ -3208,9 +3324,9 @@ tx() { # toggle set -x, and the prompt so it doesnt spam fi } +# show all processes in the network namespace $1. +# blank entries appear to be subprocesses/threads psnetns() { - # show all processes in the network namespace $1. - # blank entries appear to be subprocesses/threads local x netns netns=$1 ps -w | head -n 1 @@ -3220,18 +3336,20 @@ psnetns() { if [[ $x ]]; then echo "$x"; else echo $l; fi; done } +# start a shell in a network namespace connected to no networks. nonet() { if ! s ip netns list | grep -Fx nonet &>/dev/null; then s ip netns add nonet fi sudo -E env /sbin/ip netns exec nonet sudo -E -u iank /bin/bash } - +# echo args then run m() { printf "%s\n" "$*"; "$@"; } +# echo args then run and send output to stderr m2() { printf "%s\n" "$*" >&2; "$@"; } - +# better uptime uptime() { if type -p uprecords &>/dev/null; then uprecords -B @@ -3240,10 +3358,12 @@ uptime() { fi } +# stop and delete given vm(s) virshrm() { for x in "$@"; do virsh destroy "$x"; virsh undefine "$x"; done } +# todo: dunno what this is about. vm-set-listen(){ local t t=$(mktemp) @@ -3481,17 +3601,26 @@ tsr() { # ts run if $use_color && type -p tput &>/dev/null; then - # this is nice for a dark background terminal: - # https://github.com/trapd00r/LS_COLORS - # I would like if there was something similar for light. + # according to man ls: run dircolors to get default. + # Did that then modified things. + # + # default too light: + # ex=00;32y + # ln=01;36 + # + # related references: # https://www.bigsoft.co.uk/blog/2008/04/11/configuring-ls_colors - # change the hard to read turqouise. - # defaults dircolors --print-database. - - # the default bold green is too light. + # # this explains the codes: https://gist.github.com/thomd/7667642 - export LS_COLORS="ex=1:ln=00;31" + # + export LS_COLORS='rs=0:di=01;34:ln=01;31:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=00;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.avif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:*~=00;90:*#=00;90:*.bak=00;90:*.crdownload=00;90:*.dpkg-dist=00;90:*.dpkg-new=00;90:*.dpkg-old=00;90:*.dpkg-tmp=00;90:*.old=00;90:*.orig=00;90:*.part=00;90:*.rej=00;90:*.rpmnew=00;90:*.rpmorig=00;90:*.rpmsave=00;90:*.swp=00;90:*.tmp=00;90:*.ucf-dist=00;90:*.ucf-new=00;90:*.ucf-old=00;90:'; + + # note: this is nice for a dark background terminal: + # https://github.com/trapd00r/LS_COLORS + # I would like if there was something similar for light. + + term_bold="$(tput bold)" term_red="$(tput setaf 1)" @@ -3573,12 +3702,22 @@ if [[ $- == *i* ]]; then if [[ $HISTFILE ]]; then history -a # save history - if [[ -e $HOME/.iank-stream-on ]]; then - if [[ $HISTFILE == $HOME/.bh ]]; then - ps_char="HISTP " + + # if we aren't in ssh, maybe indicate history file + if [[ ! $SSH_CLIENT ]]; then + if [[ -e $HOME/.iank-stream-on ]]; then + if [[ $HISTFILE == $HOME/.bh ]]; then + ps_char="H_P " + fi + elif [[ $HISTFILE == /a/bin/data/stream_hist ]]; then + ps_char="H_S " + fi + if [[ $HISTFILE == $HOME/.bash_history ]]; then + ps_char="H_DEFAULT " + elif [[ $HISTFILE != /a/bin/data/stream_hist && $HISTFILE != $HOME/.bh ]]; then + # O for other + ps_char="H_O " fi - elif [[ $HISTFILE == /a/bin/data/stream_hist ]]; then - ps_char="HISTS " fi fi @@ -3655,8 +3794,10 @@ if [[ $- == *i* ]]; then fi fi - # version 211203 does not have this feature, 230805 does - if [[ $SSH_CLIENT ]] || [[ $KONSOLE_VERSION && ! $KONSOLE_VERSION == 2[01]* ]]; then + # version 211203 does not have this feature, 230805 does. we can't + # detect this over ssh. We could copy the var over ssh, but I'd + # rather just wait until i'm not running the earlier konsole. + if [[ $TERM == xterm-256color && $KONSOLE_VERSION && ! $KONSOLE_VERSION == 2[01]* ]]; then # This is from konsole, copied after pressing ctrl-alt-] . # I figured out what it does from reading git clone https://gitlab.freedesktop.org/Per_Bothner/specifications # @@ -3811,6 +3952,22 @@ h() { "$@" } +tcpdump() { + # avoid buffered output when debugging, which will cause confusion. + command tcpdump -l "$@" +} + +# Info on Parameter Expansion +# +# info cheat sheet: +# H: see keybinds +# / search, {, }: next/prev match +# ctrl/alt-v scroll forward/backward within this node +# l: go to previous node +info-pe() { + info bash 'Basic Shell Features' 'Shell Expansions' 'Shell Parameter Expansion' +} + brc3() { source /a/c/brc3 diff --git a/brc2 b/brc2 index 0555d7b..be6052d 100644 --- a/brc2 +++ b/brc2 @@ -28,7 +28,7 @@ if [[ $LESSHISTFILE == - ]]; then HISTFILE= c() { cd "$@"; } -elif [[ $HISTFILE ]]; then +elif [[ $HISTFILE == $HOME/.bash_history ]]; then # use an alternate history file when we are streaming. if [[ -e $HOME/.iank-stream-on ]]; then HISTFILE=/a/bin/data/stream_hist @@ -455,10 +455,11 @@ alerts() { } ralerts() { # remote alerts local ret shell - # this list is duplicated in check-remote-mailqs - for h in bk je li frodo x3wg kdwg sywg; do + local -a active_hosts + source /p/c/domain-info + for h in ${active_hosts[@]}; do echo $h: - shell="ssh $h" + shell="ssh $h.b8.nz" if [[ $HOSTNAME == "${h%wg}" ]]; then shell= fi @@ -1707,8 +1708,10 @@ lipush() { #p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) p=( /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} - /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter + /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter /a/opt/fpaste + /a/opt/bbdb-csv-import + /a/opt/spray /p/c/user-specific/www-data/icecast-fsf{,-tech}-htpasswd /p/c/icecast.xml ) @@ -1724,14 +1727,19 @@ lipush() { return $ret } bkpush() { # no emacs. for running faster. - p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter) + p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} + /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter + ) a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 m rsync "$@" $a ${p[@]} /p/c/machine_specific/bk root@bk.b8.nz:/ || ret=$? return $ret } jepush() { # no emacs. for running faster. - p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter) + p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} + /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter + ) + a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 m rsync "$@" $a ${p[@]} /p/c/machine_specific/je root@je.b8.nz:/ || ret=$? @@ -2907,24 +2915,17 @@ EOF ### end focus on hosts file update ### - # note: note sure if this is a great way to check. - # todo: think about it - - if $at_home; then - # possible that in the future we want to create - # a dynamic file here, and then we can move the cat - # command above out of the conditional - rsync -a /p/c/subdir_files/.ssh/config-static ~/.ssh/config - else + truncate -s0 ~/.ssh/config-dynamic + if ! $at_home; then for host in ${!portfw_ips[@]}; do ipsuf=${portfw_ips[$host]} cat < ~/.ssh/config-dynamic - cat /p/c/subdir_files/.ssh/config-static ~/.ssh/config-dynamic >~/.ssh/config + done >> ~/.ssh/config-dynamic fi + cat /p/c/subdir_files/.ssh/config-static ~/.ssh/config-dynamic >~/.ssh/config } # usage host ipsuf [extrahost] diff --git a/check-remote-mailqs b/check-remote-mailqs index bb0f8b1..1c1745f 100755 --- a/check-remote-mailqs +++ b/check-remote-mailqs @@ -30,7 +30,13 @@ shopt -s dotglob # temp disabled: x2wg kwwg # this list duplicated in brc2 ralerts -for h in bk je li x3wg kdwg sywg; do + +if [[ ! -e /p/c/domain-info ]]; then + exit 0 + fi +source /p/c/domain-info + +for h in ${active_hosts[@]}; do statedir=/b/bash_unpublished/mailq-state statefile=$statedir/$h [[ -d $statedir ]] || continue diff --git a/distro-begin b/distro-begin index 86e41e6..abd3f06 100755 --- a/distro-begin +++ b/distro-begin @@ -205,7 +205,7 @@ EOF fi # initram auth keys get setup with rootsshsync later on. - $script_dir/rootsshsync + $script_dir/filesystem/usr/local/bin/rootsshsync ### To do a remote unlock: ssh and do this once per crypt disk: # echo -n PASS >/lib/cryptsetup/passfifo @@ -285,7 +285,7 @@ sudo mkdir -p ${dirs[@]} sudo chmod 600 ${dirs[@]} sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \ /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root -/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob +/a/bin/ds/install-my-scripts # needed for cronjob sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root diff --git a/distro-end b/distro-end index 5dce39a..8fbc83a 100755 --- a/distro-end +++ b/distro-end @@ -454,7 +454,7 @@ case $HOSTNAME in dnsb8 fi - sudo /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 + sudo /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 # ex for exporter web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF' @@ -1961,7 +1961,7 @@ case $HOSTNAME in kd) # Font awesome is needed for the alertmanager ui. pi prometheus-alertmanager prometheus fonts-font-awesome - /c/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus + /a/f/ans/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus # make it available for other machines rsync -a /usr/local/bin/amtool /a/opt/bin @@ -2000,7 +2000,7 @@ EOF ser restart prometheus-alertmanager fi - s /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 + s /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 for ser in prometheus-node-exporter prometheus-alertmanager prometheus; do sysd-prom-fail-install $ser @@ -2008,7 +2008,7 @@ EOF ;; *) - s /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter + s /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter ;; esac @@ -2279,7 +2279,7 @@ case $codename_compat in ;; esac -host-info-update +hiup # if I was going to create a persistent vm, i might do it like this: # variant=something # from: virt-install --os-variant list diff --git a/filesystem/usr/local/bin/ikclip b/filesystem/usr/local/bin/ikclip new file mode 100755 index 0000000..2868e61 --- /dev/null +++ b/filesystem/usr/local/bin/ikclip @@ -0,0 +1,25 @@ +#!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to change +# to a recommended GPL license. + +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# both! +printf "%s" "$*" | xclip +printf "%s" "$*" | xclip -selection clipboard diff --git a/filesystem/usr/local/bin/myupgrade b/filesystem/usr/local/bin/myupgrade index 1f50c6f..3438166 100755 --- a/filesystem/usr/local/bin/myupgrade +++ b/filesystem/usr/local/bin/myupgrade @@ -73,14 +73,14 @@ myreboot() { case $hn in kd) - /c/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus - /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 + /a/f/ans/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus + /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 ;; li|bk|je) - /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 + /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1 ;; *) - /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter + /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter ;; esac diff --git a/rootsshsync b/filesystem/usr/local/bin/rootsshsync similarity index 97% rename from rootsshsync rename to filesystem/usr/local/bin/rootsshsync index 1c9492a..0e5e8b9 100755 --- a/rootsshsync +++ b/filesystem/usr/local/bin/rootsshsync @@ -100,4 +100,6 @@ if [[ ! -e $auth_file ]] || ! diff -q /root/.ssh/authorized_keys $auth_file; the update-initramfs -u -k all fi -rsync -tpur /p/c/subdir_files/.dsh /root +if [[ -e /p/c/subdir_files/.dsh ]]; then + rsync -tpur /p/c/subdir_files/.dsh /root +fi diff --git a/filesystem/usr/share/applications/ikclip.desktop b/filesystem/usr/share/applications/ikclip.desktop new file mode 100644 index 0000000..dfca0b9 --- /dev/null +++ b/filesystem/usr/share/applications/ikclip.desktop @@ -0,0 +1,12 @@ +#!/usr/bin/env xdg-open +# copied from emacsmail and gwenview +[Desktop Entry] +Version=1.0 +Type=Application +Terminal=false +Name[en]=ikclip +Exec=/usr/local/bin/ikclip %u +Name=ikclip +Categories=Office;Network;Email;Graphics;Viewer;Photography; +MimeType=inode/directory;image/avif;image/gif;image/heif;image/jpeg;image/jxl;image/png;image/bmp;image/x-eps;image/x-icns;image/x-ico;image/x-portable-bitmap;image/x-portable-graymap;image/x-portable-pixmap;image/x-xbitmap;image/x-xpixmap;image/tiff;image/x-psd;image/x-webp;image/webp;image/x-tga;image/x-xcf;application/x-krita;image/x-kde-raw;image/x-canon-cr2;image/x-canon-crw;image/x-kodak-dcr;image/x-adobe-dng;image/x-kodak-k25;image/x-kodak-kdc;image/x-minolta-mrw;image/x-nikon-nef;image/x-olympus-orf;image/x-pentax-pef;image/x-fuji-raf;image/x-panasonic-rw;image/x-sony-sr2;image/x-sony-srf;image/x-sigma-x3f;image/x-sony-arw;image/x-panasonic-rw2 +NoDisplay=false diff --git a/g b/g index d559b8a..c6a037e 100755 --- a/g +++ b/g @@ -51,11 +51,14 @@ g() { # duplicate -c, but oh well if ! pgrep -u $EUID emacsclient &>/dev/null; then if (( $# == 0 )) && type -p gdb &>/dev/null; then - gdb=true + # no time for messing with gdb right now + #gdb=true + : else args+=" -c" fi fi + if $gdb; then # due to a bug, we cant debug from the start unless we get a new gdb # https://sourceware.org/bugzilla/show_bug.cgi?id=24454 diff --git a/mail-setup b/mail-setup index d6aedb2..54c8b65 100755 --- a/mail-setup +++ b/mail-setup @@ -505,9 +505,9 @@ elif $first_spamd_run; then fi if $use_rspamd; then myspam_ser=rspamd - else - myspam_ser=$spamd_ser - fi +else + myspam_ser=$spamd_ser +fi if spamd-timer-exists; then systemctl enable --now spamassassin-maintenance.timer @@ -1530,7 +1530,7 @@ if $use_rspamd; then cat >>/etc/exim4/conf.d/main/000_local <<'EOF' spamd_address = 127.0.0.1 11333 variant=rspamd EOF - fi +fi if dpkg --compare-versions "$(dpkg-query -f='${Version}\n' --show exim4)" ge 4.94; then cat >>/etc/exim4/conf.d/main/000_local <<'EOF' @@ -1689,7 +1689,8 @@ EOF # TODO: copy the defaults into their own file, and setup a cronjob so # that if file.dpkg-dist shows up, and it is different, we get an alert. -u /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost <<'EOF' +{ + cat <<'EOF' ### transport/30_exim4-config_remote_smtp_smarthost ################################# @@ -1700,7 +1701,6 @@ u /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost <<'EOF' remote_smtp_smarthost: debug_print = "T: remote_smtp_smarthost for $local_part@$domain" driver = smtp - message_linelength_limit = 2097152 multi_domain hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \ {\ @@ -1745,8 +1745,16 @@ tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY protocol = REMOTE_SMTP_SMARTHOST_PROTOCOL .endif EOF + # os needs an update, doesn't have this setting in exim yet. + if [[ $HOSTNAME != li ]]; then + cat <<'EOF' + message_linelength_limit = 2097152 +EOF + fi +} | u /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost -u /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp <<'EOF' +{ + cat <<'EOF' ### transport/30_exim4-config_remote_smtp ################################# # This transport is used for delivering messages over SMTP connections. @@ -1754,7 +1762,6 @@ u /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp <<'EOF' remote_smtp: debug_print = "T: remote_smtp for $local_part@$domain" driver = smtp - message_linelength_limit = 2097152 .ifdef REMOTE_SMTP_HOSTS_AVOID_TLS hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS .endif @@ -1811,12 +1818,19 @@ tls_privatekey = REMOTE_SMTP_PRIVATEKEY .endif EOF +# os needs an update, doesn't have this setting in exim yet. +if [[ $HOSTNAME != li ]]; then + cat <<'EOF' + message_linelength_limit = 2097152 +EOF +fi +} | u /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp -u /etc/exim4/conf.d/transport/30_backup_remote <<'EOF' +{ + cat <<'EOF' backup_remote: driver = smtp multi_domain - message_linelength_limit = 2097152 hosts_require_auth = * hosts_try_auth = * envelope_to_add @@ -1854,6 +1868,13 @@ tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE .endif EOF +# os needs an update, doesn't have this setting in exim yet. +if [[ $HOSTNAME != li ]]; then + cat <<'EOF' + message_linelength_limit = 2097152 +EOF +fi +} | u /etc/exim4/conf.d/transport/30_backup_remote u /etc/exim4/conf.d/router/900_exim4-config_local_user <<'EOF' ### router/900_exim4-config_local_user @@ -1885,14 +1906,14 @@ dovecot_lmtp: envelope_to_add EOF -u /etc/exim4/conf.d/transport/30_remote_smtp_vpn <<'EOF' +{ + cat <<'EOF' # same as debians 30_exim4-config_remote_smtp, but # with interface added at the end. remote_smtp_vpn: debug_print = "T: remote_smtp_vpn for $local_part@$domain" driver = smtp - message_linelength_limit = 2097152 .ifdef REMOTE_SMTP_HOSTS_AVOID_TLS hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS .endif @@ -1940,14 +1961,21 @@ tls_privatekey = REMOTE_SMTP_PRIVATEKEY .endif interface = <; 10.8.0.4 ; 2600:3c00:e002:3800::4 EOF +# os needs an update, doesn't have this setting in exim yet. +if [[ $HOSTNAME != li ]]; then + cat <<'EOF' + message_linelength_limit = 2097152 +EOF +fi +} | u /etc/exim4/conf.d/transport/30_remote_smtp_vpn -u /etc/exim4/conf.d/transport/30_smarthost_dkim <<'EOF' +{ + cat <<'EOF' # ian: this is remote_smtp_smarthost plus the dkim parts from remote_smtp smarthost_dkim: debug_print = "T: remote_smtp_smarthost for $local_part@$domain" driver = smtp - message_linelength_limit = 2097152 multi_domain hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \ {\ @@ -2007,7 +2035,13 @@ dkim_strict = DKIM_STRICT dkim_sign_headers = DKIM_SIGN_HEADERS .endif EOF - +# os needs an update, doesn't have this setting in exim yet. +if [[ $HOSTNAME != li ]]; then + cat <<'EOF' + message_linelength_limit = 2097152 +EOF +fi +} | u /etc/exim4/conf.d/transport/30_smarthost_dkim cat >/etc/exim4/update-exim4.conf.conf <<'EOF' # default stuff, i havent checked if its needed @@ -3006,63 +3040,66 @@ fi # * debbugs -pi debbugs -# missing dependency. apache error log: -# Can't locate List/AllUtils.pm in @INC (you may need to install the List::AllUtils module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /var/lib/debbugs/www/cgi/pkgreport.cgi line 23. -pi liblist-allutils-perl lynx -# workarounds for broken debbugsconfig which is -# itself deprecated. this is temporary before I -# figure out how to install from git -if [[ -e /usr/share/doc/debbugs/examples/text.gz ]]; then - gunzip /usr/share/doc/debbugs/examples/text.gz -fi -mkdir -p /etc/debbugs/indices -debbugsconfig - - -# ld for local debbugs -/a/exe/web-conf -l -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF' -# copied from debbugs upstream example - - Options Indexes SymLinksIfOwnerMatch MultiViews - DirectoryIndex index.html - Require all granted - - -ScriptAlias /cgi/ /var/lib/debbugs/www/cgi/ - - AllowOverride None - Options ExecCGI SymLinksIfOwnerMatch - Require all granted - - -RewriteEngine on -RewriteCond %{HTTP_USER_AGENT} .*apt-listbugs.* -RewriteRule .* /apt-listbugs.html [R,L] - -# RewriteLog /org/bugs.debian.org/apache-rewrite.log -# RewriteLogLevel 0 - -#RewriteRule ^/$ http://www.debian.org/Bugs/ -RewriteRule ^/(robots\.txt|release-critical|apt-listbugs\.html)$ - [L] -# The following two redirect to up-to-date pages -RewriteRule ^/[[:space:]]*#?([[:digit:]][[:digit:]][[:digit:]]+)([;&].+)?$ /cgi-bin/bugreport.cgi?bug=$1$2 [L,R,NE] -RewriteRule ^/([^/+]*)([+])([^/]*)$ "/$1%%{%}2B$3" [N] -RewriteRule ^/[Ff][Rr][Oo][Mm]:([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?submitter=$1 [PT,NE] -# Commented out, 'cuz aj says it will crash master. (old master) -# RewriteRule ^/[Ss][Ee][Vv][Ee][Rr][Ii][Tt][Yy]:([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?severity=$1 [L,R] -RewriteRule ^/([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?maint=$1 [PT,NE] -RewriteRule ^/mbox:([[:digit:]][[:digit:]][[:digit:]]+)([;&].+)?$ /cgi-bin/bugreport.cgi?mbox=yes&bug=$1$2 [PT,NE] -RewriteRule ^/src:([^/]+)$ /cgi-bin/pkgreport.cgi?src=$1 [PT,NE] -RewriteRule ^/severity:([^/]+)$ /cgi-bin/pkgreport.cgi?severity=$1 [PT,NE] -RewriteRule ^/tag:([^/]+)$ /cgi-bin/pkgreport.cgi?tag=$1 [PT,NE] -# RewriteMap fix-chars int:noescape -RewriteCond %{REQUEST_URI} ^/(Access\.html|Developer\.html|Reporting\.html|server-request\.html|server-control\.html|server-refcard\.html).* [NC] -RewriteRule .* - [L] -# PT|passthrough to bugreport.cgi and pkgreport.cgi -RewriteRule ^/([0-9]+)$ /cgi-bin/bugreport.cgi?bug=$1 [PT,NE] -RewriteRule ^/([^/]+)$ /cgi-bin/pkgreport.cgi?pkg=$1 [PT,NE] -EOF +# disabled for now. the debbugs package is gone in the latest debian, +# need to figure out an install from source. + +# pi debbugs +# # missing dependency. apache error log: +# # Can't locate List/AllUtils.pm in @INC (you may need to install the List::AllUtils module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /var/lib/debbugs/www/cgi/pkgreport.cgi line 23. +# pi liblist-allutils-perl lynx +# # workarounds for broken debbugsconfig which is +# # itself deprecated. this is temporary before I +# # figure out how to install from git +# if [[ -e /usr/share/doc/debbugs/examples/text.gz ]]; then +# gunzip /usr/share/doc/debbugs/examples/text.gz +# fi +# mkdir -p /etc/debbugs/indices +# debbugsconfig + + +# # ld for local debbugs +# /a/exe/web-conf -l -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF' +# # copied from debbugs upstream example +# +# Options Indexes SymLinksIfOwnerMatch MultiViews +# DirectoryIndex index.html +# Require all granted +# + +# ScriptAlias /cgi/ /var/lib/debbugs/www/cgi/ +# +# AllowOverride None +# Options ExecCGI SymLinksIfOwnerMatch +# Require all granted +# + +# RewriteEngine on +# RewriteCond %{HTTP_USER_AGENT} .*apt-listbugs.* +# RewriteRule .* /apt-listbugs.html [R,L] + +# # RewriteLog /org/bugs.debian.org/apache-rewrite.log +# # RewriteLogLevel 0 + +# #RewriteRule ^/$ http://www.debian.org/Bugs/ +# RewriteRule ^/(robots\.txt|release-critical|apt-listbugs\.html)$ - [L] +# # The following two redirect to up-to-date pages +# RewriteRule ^/[[:space:]]*#?([[:digit:]][[:digit:]][[:digit:]]+)([;&].+)?$ /cgi-bin/bugreport.cgi?bug=$1$2 [L,R,NE] +# RewriteRule ^/([^/+]*)([+])([^/]*)$ "/$1%%{%}2B$3" [N] +# RewriteRule ^/[Ff][Rr][Oo][Mm]:([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?submitter=$1 [PT,NE] +# # Commented out, 'cuz aj says it will crash master. (old master) +# # RewriteRule ^/[Ss][Ee][Vv][Ee][Rr][Ii][Tt][Yy]:([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?severity=$1 [L,R] +# RewriteRule ^/([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?maint=$1 [PT,NE] +# RewriteRule ^/mbox:([[:digit:]][[:digit:]][[:digit:]]+)([;&].+)?$ /cgi-bin/bugreport.cgi?mbox=yes&bug=$1$2 [PT,NE] +# RewriteRule ^/src:([^/]+)$ /cgi-bin/pkgreport.cgi?src=$1 [PT,NE] +# RewriteRule ^/severity:([^/]+)$ /cgi-bin/pkgreport.cgi?severity=$1 [PT,NE] +# RewriteRule ^/tag:([^/]+)$ /cgi-bin/pkgreport.cgi?tag=$1 [PT,NE] +# # RewriteMap fix-chars int:noescape +# RewriteCond %{REQUEST_URI} ^/(Access\.html|Developer\.html|Reporting\.html|server-request\.html|server-control\.html|server-refcard\.html).* [NC] +# RewriteRule .* - [L] +# # PT|passthrough to bugreport.cgi and pkgreport.cgi +# RewriteRule ^/([0-9]+)$ /cgi-bin/bugreport.cgi?bug=$1 [PT,NE] +# RewriteRule ^/([^/]+)$ /cgi-bin/pkgreport.cgi?pkg=$1 [PT,NE] +# EOF # * exim host conditional config @@ -3314,26 +3351,28 @@ debbugs_pipe: return_output EOF + # disable for now + echo|u /etc/exim4/conf.d/router/153_debbugs - # We dont want delays or backups for mail being stored locally. - # We could put domain exclusion on other routes, but going for - # higher priority instead. - u /etc/exim4/conf.d/router/153_debbugs <<'EOF' -debbugs: - debug_print = "R: debbugs for $local_part@$domain" - driver = accept - transport = debbugs_pipe - local_parts = submit : bugs : maintonly : quiet : forwarded : \ - done : close : request : submitter : control : ^\\d+ - domains = DEBBUGS_DOMAIN - -bounce_debbugs: - debug_print = "R: bounce_debbugs for $local_part@$domain" - driver = redirect - allow_fail - data = :fail: Unknown user - domains = DEBBUGS_DOMAIN -EOF + # # We dont want delays or backups for mail being stored locally. + # # We could put domain exclusion on other routes, but going for + # # higher priority instead. + # u /etc/exim4/conf.d/router/153_debbugs <<'EOF' + # debbugs: + # debug_print = "R: debbugs for $local_part@$domain" + # driver = accept + # transport = debbugs_pipe + # local_parts = submit : bugs : maintonly : quiet : forwarded : \ + # done : close : request : submitter : control : ^\\d+ + # domains = DEBBUGS_DOMAIN + + # bounce_debbugs: + # debug_print = "R: bounce_debbugs for $local_part@$domain" + # driver = redirect + # allow_fail + # data = :fail: Unknown user + # domains = DEBBUGS_DOMAIN + # EOF install -m=0775 -d -g Debian-exim -o iank /var/spool/exim4/gw f=/var/spool/exim4/gw/.no-delay-eximids diff --git a/pkgs b/pkgs index f3c66c4..c253aeb 100644 --- a/pkgs +++ b/pkgs @@ -318,6 +318,7 @@ p3=( wondershaper xawtv xbacklight + xdg-desktop-portal-lxqt xdot # needed for some i3 hacks xdotool diff --git a/subdir_files/.config/xdg-desktop-portal/portals.conf b/subdir_files/.config/xdg-desktop-portal/portals.conf new file mode 100644 index 0000000..6ea0c6a --- /dev/null +++ b/subdir_files/.config/xdg-desktop-portal/portals.conf @@ -0,0 +1,11 @@ +# get some apps to use a better file open dialog. +# +# in abrowser, set widget.use-xdg-desktop-portal.file-picker to 1 to use this. +# +# https://wiki.archlinux.org/title/XDG_Desktop_Portal +# the 2nd lxqt is supposedly not needed, but added just in case. +# +# requires xdg-desktop-portal-lxqt +[preferred] +default=lxqt +org.freedesktop.impl.portal.FileChooser=lxqt diff --git a/system-status b/system-status index 34ad07a..c090a4a 100755 --- a/system-status +++ b/system-status @@ -174,9 +174,12 @@ write-status() { chars+=(OLD-SNAP-${last_snap_hours}h) snapshotmsg="/$vol snapshot older than 4 hours" if [[ $MAIL_HOST == "$HOSTNAME" ]]; then - p "$snapshotmsg" | lo -1 old-snapshot + p "$snapshotmsg" | loday -1 old-snapshot fi # not bothering to get info on all volumes if we find an old one. + else + echo | loday -1 old-snapshot + fi fi diff --git a/transmission-firewall/netns.rules b/transmission-firewall/netns.rules index 3340ecf..110b1a9 100644 --- a/transmission-firewall/netns.rules +++ b/transmission-firewall/netns.rules @@ -44,4 +44,9 @@ # makes debugging things easier -A INPUT -p icmp -j ACCEPT -A OUTPUT -p icmp -j ACCEPT + +# allow us to run servers on localhost +-A INPUT -d 127.0.0.0/8 -j ACCEPT +-A OUTPUT -s 127.0.0.0/8 -j ACCEPT + COMMIT -- 2.30.2