From 94c147d68d7864d5747ffce3a9618af88fb4339d Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 18 May 2026 05:12:21 -0400 Subject: [PATCH] fixes --- .bashrc | 4 +- brc | 88 ++++++++++------- brc2 | 99 ++++++++++++------- dall | 3 +- distro-end | 37 +++---- filesystem/etc/apt/apt.conf.d/02proxy | 6 ++ .../etc/systemd/system/hist-catcher.service | 18 ---- filesystem/usr/local/bin/abrowser | 4 +- filesystem/usr/local/bin/abrowser-main | 0 .../usr/local/bin/abrowser-profile-plus | 16 ++- filesystem/usr/local/bin/i3-abrowser | 6 +- .../usr/local/bin/iank-apt-post-hook | 38 +++++-- filesystem/usr/local/bin/mailbindwatchdog | 6 +- filesystem/usr/local/bin/mount-latest-subvol | 2 +- mail-setup | 12 ++- mailtest-check | 3 - script-files | 1 - subdir_files/.config/konsolerc | 4 +- system-status | 3 + 19 files changed, 214 insertions(+), 136 deletions(-) delete mode 100644 filesystem/etc/systemd/system/hist-catcher.service mode change 100755 => 100644 filesystem/usr/local/bin/abrowser-main rename hist-catcher => filesystem/usr/local/bin/iank-apt-post-hook (54%) diff --git a/.bashrc b/.bashrc index f5cb050..2d0b6ef 100644 --- a/.bashrc +++ b/.bashrc @@ -40,7 +40,7 @@ # History related options first and always, or else we risk screwing up # the history file. This is duplicated in ~/.bash_profile just for good -# measure +# measure. Duplicated in hist-catcher also. # History file size limit, set to unlimited. # this needs to be different from the default because @@ -81,7 +81,7 @@ _ran_bashrc=t # bashrc is too slow. 3 SECONDS because if the shell is around longer # than that, I'm probably sourcing the file manually, not as part of # shell startup._ -if [[ ( $SECONDS && $SECONDS -lt 3 ) && $LC_USEBASHRC != t && ( $SSH_CONNECTION || $TERM == linux ) ]]; then +if [[ ( $SECONDS && $SECONDS -lt 3 ) && ! $LC_USEBASHRC && ( $SSH_CONNECTION || $TERM == linux ) ]]; then # Here we did not opt-in to running our .bashrc file so we just # return, but we still setup a function to source it without returning # so if we want it we don't have to restart our ssh connection. diff --git a/brc b/brc index 61672d6..19094f4 100644 --- a/brc +++ b/brc @@ -1378,6 +1378,7 @@ despace() { # df progress # usage: dfp [-SECOND_INTERVAL] MOUNTPOINT... # SECOND_INTERVAL defaults to 120 +# shellcheck disable=SC2207,SC2059 # low stakes dfp() { local f1 f2 f3 local -i i mp_count M_diff interval=120 @@ -1418,7 +1419,7 @@ dfp() { # bf() { btrfs fi usage -k / | sed -rn '/^Data/,/S7KGNU0X708190H-root/p'|tail -n1|awk '{print $2}' | sed -r 's/[^0-9].*//'; } # funcp bf funcp() { - local a b mp interval + local cmd a b interval cmd=$1 interval=${2:-90} if [[ ! $cmd ]]; then @@ -3291,10 +3292,13 @@ _sl-get-host-type() { } + #### sl: ssh wrapper, but if needed, first rsync files that we configure and # always source our .bashrc on the remote. # TODO: docs needs polishing. +# +# TODO: histcatcher feature is undocumented & won't work for anyone but ian. # Usage: all the same args as ssh + a few below. Note, combining options # that have arguments with ones that dont, like -4oOption is not @@ -3379,7 +3383,8 @@ sl() { local verbose now args remote sshinfo tmp host_type info_sec force_rsync local sync_dirname extra_info files_sec sl_test_cmd sl_test_hook pre_synced - local sl_rsync_cmd sl_test_cmd sl_test_hook sl_local_test_cmd + local sl_rsync_cmd sl_test_cmd sl_test_hook sl_local_test_cmd sl_hist_arg + local sl_usebashrc=t local -a args sshinfo_files args=($SL_SSH_ARGS) @@ -3401,10 +3406,6 @@ sl() { verbose=false force_rsync=false - if [[ $1 == --rsync ]]; then - force_rsync=true - shift - fi # shellcheck disable=SC2153 # intentional sl_local_test_cmd=$SL_LOCAL_TEST_CMD # shellcheck disable=SC2153 # intentional @@ -3417,6 +3418,7 @@ sl() { case "$1" in --rsync) force_rsync=true + shift ;; --sl-local-test-cmd) sl_local_test_cmd="$2" @@ -3522,11 +3524,13 @@ sl() { # But, since we are doing all this, lets source it because we can. cat <(echo . $sync_dirname/.bashrc) - | command ssh "${args[@]}" "$remote" LC_USEBASHRC=t bash else - mq command ssh -R localhost:36660:localhost:36661 -t "${args[@]}" "$remote" LC_USEBASHRC=t INPUTRC=$sync_dirname/.inputrc bash --rcfile $sync_dirname/.bashrc + _sl-hist-arg + mq command ssh $sl_hist_arg -t "${args[@]}" "$remote" LC_USEBASHRC=$sl_usebashrc INPUTRC=$sync_dirname/.inputrc bash --rcfile $sync_dirname/.bashrc fi else if [[ -t 0 ]]; then - mq LC_USEBASHRC=t command ssh -R localhost:36660:localhost:36661 "${args[@]}" "$remote" "$@" + _sl-hist-arg + mq LC_USEBASHRC=$sl_usebashrc command ssh $sl_hist_arg "${args[@]}" "$remote" "$@" else mq command ssh "${args[@]}" "$remote" LC_USEBASHRC=t bash fi @@ -3539,25 +3543,22 @@ sl() { # output if it took longer than 4 seconds or so. # todo: try running slowdo on verbose ssh -# Stores some history from remote ssh sessions via sl. -hist-catcher() { - local cmd - local cmd_regex='[[:alnum:]]' - - while true; do - cmd=$(nc -l 36661) || sleep 1 - if [[ $verbose == true ]]; then - e "cmd:'$cmd'"; - fi - if [[ ! $cmd =~ $cmd_regex ]]; then - continue +_sl-hist-arg() { + if [[ $EUID != 1000 || $USER != iank || ! -d /home/iank/.local ]]; then return 0; fi + local -i hist_catchern + for (( hist_catchern=36660; hist_catchern <= 36690; hist_catchern++ )); do + if ! pgrep -f "^ssh -R tmp/S.sl_[^:]*:$hist_catchern" &>/dev/null; then + break fi - history -s "$cmd" && history -a ||: done + if (( hist_catchern == 36690 )); then + e "sl: something is wrong, over 31 ssh calls, hist_catchern = 36690" >&2 + return 1 + fi + sl_usebashrc=sl_$(tr -dc 'a-zA-Z0-9' <,_-]*$' + if [[ $HISTFILE ]]; then # save history. if our filesystem went read-only or something, continue on if history -a; then - if [[ $SSH_CLIENT && $NOT_MAIL_HOST_P == t ]]; then - h="$(history 1)" - if [[ $h ]]; then - sed -r 's/^([^ ]+ +){4}//' <<<"$h" | nc -w 1 -N localhost 36660 ||: + # If are sshed to HOST2, our history will get overwritten after + # syncing with HOST2 so don't bother. + if [[ $SSH_CLIENT && $HOST2 != "$HOSTNAME" && $LC_USEBASHRC == sl_* && -w /tmp/S.$LC_USEBASHRC ]]; then + if [[ $_did_ssh_prompt1 ]]; then + h="$(history 1)" + # note: _sl_last_history is to avoid wastefully sending + # history which won't actually get saved. + if [[ $h != "$_sl_last_history" && $h =~ $cmd_regex ]]; then + _sl_last_history="$h" + if type -p socat &>/dev/null; then + sed -r 's/^ *([^ ]+ +){4}//' <<<"$h" | (socat - UNIX-CONNECT:/tmp/S.$LC_USEBASHRC &) + elif type -p nc &>/dev/null; then + sed -r 's/^ *([^ ]+ +){4}//' <<<"$h" | (nc -w 1 -U /tmp/S.$LC_USEBASHRC &) + fi + fi + else + _sl_last_history="$(history 1)" + _did_ssh_prompt1=t fi fi fi @@ -4906,8 +4925,9 @@ ipti() { iptables ${*/ -[AI]/ -C/} 2>/dev/null || iptables "$@"; } # s 22720934 i 858939 lswc-avg() { - local -i size fcount sum=0 - for i in $(stat -c %s "$@"); do + local i + local -i fcount sum=0 + stat -c %s "$@" | while read -r i; do fcount=$(( i / 26 )) sum+=$fcount printf "%'12d %s\n" $fcount "$1" @@ -4940,7 +4960,9 @@ minpri() { s ionice -c3 -P "$@" } # Prefix for launching a command: +# shellcheck disable=SC2034 # false positive maxpri="s nice -n-40 ionice -c1 -n0" +# shellcheck disable=SC2034 # false positive minpri="nice -n40 ionice -c3" sql() { @@ -4960,8 +4982,8 @@ na() { # wait for PID $1 to die pidw() { - local pid="$1" - local x=$(mktemp); e $pid >$x; pidwait -e -F $x; rm $x + local x pid="$1" + x=$(mktemp); e $pid >$x; pidwait -e -F $x; rm $x } # printf string + newline diff --git a/brc2 b/brc2 index 7814ae0..b3f1bf8 100644 --- a/brc2 +++ b/brc2 @@ -146,7 +146,7 @@ fi multimic() { - local i + local i s l local -a sources m pactl unload-module module-loopback @@ -387,9 +387,11 @@ schroot-rm() { } crypttab-open() { - for f in $(awk '{print $1}' /etc/crypttab | grep -v '#'); do - m cryptdisks_start $f - done + awk '{print $1}' /etc/crypttab | grep -v '#' | + while read -r f; do + if [[ ! $f ]]; then continue; fi + m cryptdisks_start $f + done } # note: this is incomplete and untested. @@ -535,7 +537,8 @@ alerts() { } # remote alerts ralerts() { - local ret shell + local shell h + local -i ret local -a active_hosts source /p/c/domain-info for h in ${active_hosts[@]}; do @@ -628,6 +631,7 @@ _iki-convert() { # debug variables dv() { + local arg for arg; do printf "%s=%s " "$arg" "${!arg}" done @@ -811,6 +815,7 @@ beetconvert-rm-extras() { # for going in the reverse direction, run # /b/ds/navidrome-playlist-export beetsmartplaylists() { + local f install -m 0700 -d /tmp/ianbeetstmp beet splupdate # kill off any playlists we deleted. they will still need manual @@ -1011,7 +1016,7 @@ btrbk-host-debug-show-host() { # Alt is just the other host that takes snapshots # besides the local host. btrbk-host-debug() { - +local host remote alt f remote=b8.nz alt=sywg.b8.nz @@ -1216,10 +1221,12 @@ sh2() { # switch host2 lipush() { # note, i had --delete-excluded, but that deletes all files in --exclude-from on # the remote site, which doesn't make sense, so not sure why i had it. - local p a + local a h + local -a fs + local -i ret=0 # excluding emacs for now - #p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) - p=( + #fs=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) + fs=( /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /p/c/user-specific/{bind,znc,icecast2} /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter /a/opt/fpaste @@ -1230,9 +1237,8 @@ lipush() { /p/c/subdir_files ) a="-ahviSAXPH --specials --devices --delete --delete-excluded --relative --exclude-from=/p/c/li-rsync-excludes" - ret=0 for h in li je bk; do - m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ + m s rsync "$@" $a ${fs[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ ## only li is debian11 #p[0]=/a/opt/emacs-trisuqel10 #p[1]=/a/opt/emacs-trisquel10-nox @@ -1242,26 +1248,33 @@ lipush() { } # compared to li, no emacs and some user-specific files. bkpush() { - p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} + local a + local -a fs + local -i ret=0 + fs=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter ) a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 - m rsync "$@" $a ${p[@]} /p/c/machine_specific/bk root@bk.b8.nz:/ || ret=$? + m rsync "$@" $a ${fs[@]} /p/c/machine_specific/bk root@bk.b8.nz:/ || ret=$? return $ret } jepush() { # no emacs. for running faster. - p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} + local a + local -a fs + local -i ret=0 + fs=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter ) a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 - m rsync "$@" $a ${p[@]} /p/c/machine_specific/je root@je.b8.nz:/ || ret=$? + m rsync "$@" $a ${fs[@]} /p/c/machine_specific/je root@je.b8.nz:/ || ret=$? return $ret } bindpush() { + local h dsign iankelling.org zroe.org amnimal.ninja lipush for h in li bk; do @@ -1269,6 +1282,7 @@ bindpush() { done } bindpushb8() { + local h lipush for h in li bk; do m ssh $h.b8.nz dnsb8 @@ -1307,7 +1321,7 @@ dnsecgen() { # become insecure, I want some extra time to update. # dnsecgen (in brc2) - local zone=$1 + local f zone=$1 dnssec-keygen -a RSASHA256 -b 2048 $zone dnssec-keygen -f KSK -a RSASHA256 -b 4096 $zone for f in K"$zone".*.key; do @@ -1481,6 +1495,7 @@ EOF # apply apache to git tracked bash files + README, except files with A?GPL3 header. apache-apply-repo() { + local f for f in $(git ls-files); do [[ -L $f || ! -f $f ]] && continue if [[ $f != README ]]; then @@ -1492,7 +1507,7 @@ apache-apply-repo() { } apache-apply() { - local header_suffix + local header_suffix file if [[ $1 == -* ]]; then header_suffix="$1" shift @@ -1522,6 +1537,7 @@ apache-fsf() { # strip out the apache license from a file. apache-strip() { + local f # shellcheck disable=SC2044 # meh for f in $(find . -type f -maxdepth 1); do if head -n1 "$f"| grep -E '^#!/bin/bash\b' &>/dev/null; then { head -n 20 $f | tac | sed '/^# limitations under the License.$/,/^# Copyright.*Ian Kelling$/d' | tac; tail -n+21 $f; } |sponge $f; fi ; done } @@ -1770,6 +1786,7 @@ dejagnu() { /a/opt/dejagnu/dejagnu "$@"; } # do git status on published repos. hstatus() { + local x c /a/bin/githtml for x in *; do cd "$(readlink -f $x)"/.. @@ -1921,6 +1938,8 @@ idea() { } ilogs-local() { + local n f x d tmp base + local -a files d=/var/lib/znc/moddata/log/iank/ for n in freenode libera; do cd $d/$n @@ -1945,7 +1964,7 @@ ilogs() { ilog-local() { - local d chan + local d chan n x chan="$1" if [[ ! $chan ]]; then err "requires 1 argument, got 0. check ssh interpolation" @@ -2040,7 +2059,7 @@ host-info-all() { hiup() { # incomplete local vars list - local usb ip host mac opts + local usb ip host mac opts h opt user root vpn i arg local -A vpn_ips host_ips host_macs portfw_ips nonvpn_ips all_ips root_hosts_a local -a root_hosts nonroot_hosts work_hosts @@ -2484,11 +2503,11 @@ sudm() { mntns1-p() { # fyi, another way to compare: #s bash -c '[[ /proc/self/ns/mnt -ef /proc/1/ns/mnt ]]' - s stat -Lc %i /proc/{1,self}/ns/mnt|uniq -d|read + s stat -Lc %i /proc/{1,self}/ns/mnt|uniq -d|read -r } # Like mntns1-p except with network ns. netns1-p() { - s stat -Lc %i /proc/{1,self}/ns/net|uniq -d|read + s stat -Lc %i /proc/{1,self}/ns/net|uniq -d|read -r } mns-setup() { @@ -2700,7 +2719,7 @@ lom() { # mu personality. for original, just run mp. for 2, run mp 2. # this is partly duplicated in mail-setup mp() { - local dead=false + local dead=false s suf f target for s in {1..5}; do if ! killall mu; then dead=true @@ -2728,7 +2747,7 @@ mp() { # maildir enable mdenable() { - local md dst ln_path src two + local md dst ln_path src two d two=false case $1 in @@ -2762,7 +2781,7 @@ md2enable() { mdenable -2 "$@" } mddisable() { - local md=$1 + local md=$1 d src dst=/m/md/$md ### begin copied from mdenable, but different d ### @@ -2833,7 +2852,8 @@ mpvt() { # mpv all media files in . or $1 mpvm() { - local -a extensions arg + local -a extensions arg dir + local -i i # get page source of https://en.wikipedia.org/w/index.php?title=Video_file_format&action=edit # into /a/x.log, then # grep '^| *\.' /a/x.log | sed 's/| *//;s/,//g' @@ -2912,6 +2932,7 @@ allmyirc() { # date and time I said when I started and stopped working, so I'm trying # out a new client: profanity. mypidgin() { + local x c /p/c/.purple/logs/jabber/iank@fsf.org/office@conference.fsf.org.chat for x in *.html; do html2text -o ${x%.html}.txt $x; done # shellcheck disable=SC2016 # false positive on ${ @@ -3625,7 +3646,7 @@ ns-exists() { local pid pid="$1" [[ $pid ]] - ! s stat -Lc %i /proc/{1,$pid}/ns/net|uniq -d|read + ! s stat -Lc %i /proc/{1,$pid}/ns/net|uniq -d|read -r } # Get pid of systemd service @@ -3674,6 +3695,7 @@ sdnbash() { # systemd namespace bash fi unit=$1 pid=$(servicepid $unit) + # shellcheck disable=SC2046 m sudo nsenter -t $pid -n $(mntns1-p && e -m) sudo -u $USER -i bash } @@ -3685,6 +3707,7 @@ sdnbashroot() { # systemd namespace bash as root fi unit=$1 pid=$(servicepid $unit) + # shellcheck disable=SC2046 m sudo nsenter -t $pid -n $(mntns1-p && e -m) bash } @@ -3719,6 +3742,7 @@ sdncmd() { # We use the mount namespace to use a non-systemd dns but doing it # twice doesn't work. + # shellcheck disable=SC2046 m sudo nsenter -t $pid -n $(mntns1-p && e -m) sudo -u $user -i "${final_args[@]}" } @@ -4031,7 +4055,9 @@ wakehours() { printf "%d:%02d\n" $(( sec / 60 / 60)) $(( (sec / 60) % 60 )) } -calvis() { # calendar visualize +# calendar visualize +calvis() { + local l char install -m 600 /dev/null /tmp/calendar-bytes while read -r l; do for char in $l; do @@ -4091,7 +4117,7 @@ rgm() { # re all my files more expansively. # usage [-OPT...] regex space combined rem() { - local paths + local paths arg local -a opts if [[ ! $1 ]]; then echo rem: missing argument >&2 @@ -4139,7 +4165,7 @@ fupzone() { # pip3 install linode-cli # linode-cli livp9() { - local input ip id tmp + local input ip id tmp string input=$1 if [[ $2 ]]; then id=$2 @@ -4394,6 +4420,7 @@ path_add --end --ifexists $HOME/.rvm/bin # ya, hacky hardcoded hostnames in 2023. we could do better hssh-update() { + local host local -a failed_hosts hosts source /p/c/domain-info @@ -4526,6 +4553,7 @@ obs-gen-profiles() { # terminal clear. like clear, but put the prompt at the bottom, # useful for obs streaming the bottom half of a terminal window. tclear() { + local -i i for ((i=0; i$t <<'EOF' fs.xfs.xfssyncd_centisecs=13000 vm.dirty_background_ratio=25 @@ -5087,5 +5119,4 @@ vm.dirty_expire_centisecs=13000 vm.dirty_writeback_centisecs=1500 EOF s sysctl -p$t - } diff --git a/dall b/dall index 0e3844e..454cbf6 100755 --- a/dall +++ b/dall @@ -26,7 +26,8 @@ shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" readonly this_dir="${this_file%/*}" cd "$this_dir" ./distro-begin diff --git a/distro-end b/distro-end index 064f0f2..eda39db 100755 --- a/distro-end +++ b/distro-end @@ -853,12 +853,21 @@ case $distro in trisquel) case $codename in *) - # firefox would work here too, apt would select abrowser. - # and the update-alternatives thing i think is becuz firefox is - # generally available before abrowser and this helps fix things - # up when we have both. - pi abrowser - s update-alternatives --set x-www-browser /usr/bin/abrowser + # pi abrowser + # s update-alternatives --set x-www-browser /usr/bin/abrowser + # xdg-settings set default-web-browser abrowser.desktop + + if [[ ! -s /etc/apt/sources.list.d/extrepo_librewolf.sources ]]; then + pi extrepo + sudo extrepo enable librewolf + sudo extrepo update librewolf + p update + pi librewolf + # I think this handles the case when we have multiple browsers installed. + s update-alternatives --set x-www-browser /usr/bin/librewolf + # not sure this is needed + xdg-settings set default-web-browser librewolf.desktop + fi ;; esac ;; @@ -1653,6 +1662,7 @@ DEVICESCAN -a -o on -S on -n standby,q $sched \ ########### misc stuff + # i rely on a newer version. pu fzf @@ -1674,21 +1684,6 @@ esac sudo systemctl mask wacom-inputattach@ttyS4.service -# see current with: -# xdg-settings get default-web-browser -# not sure this is needed. -# -# These are some old files that made xdg-open open firefox from a chroot. -rm -f ~/.local/share/applications/{firefox,chromium}* -case $distro in - trisquel) - xdg-settings set default-web-browser abrowser.desktop - ;; - ubuntu) - xdg-settings set default-web-browser firefox.desktop - ;; -esac - # pressing tab after sdf here: # scp sdfbash: set +o noglob: command not found diff --git a/filesystem/etc/apt/apt.conf.d/02proxy b/filesystem/etc/apt/apt.conf.d/02proxy index b8d4feb..3d254c4 100644 --- a/filesystem/etc/apt/apt.conf.d/02proxy +++ b/filesystem/etc/apt/apt.conf.d/02proxy @@ -48,3 +48,9 @@ APT::AutoRemove::SuggestsImportant "false"; # 249.11-0ubuntu3.4 for libsystemd-dev was phased, while libsystemd0 wasn't APT::Get::Always-Include-Phased-Updates "true"; + + +# 2026, just continuing to reuse this file for apt settings +DPkg::Post-Invoke { + "if [ -x /usr/local/bin/iank-apt-post-hook ]; then /usr/local/bin/iank-apt-post-hook; fi"; +}; diff --git a/filesystem/etc/systemd/system/hist-catcher.service b/filesystem/etc/systemd/system/hist-catcher.service deleted file mode 100644 index 5738a18..0000000 --- a/filesystem/etc/systemd/system/hist-catcher.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=bash remote history -StartLimitIntervalSec=0 -After=local-fs.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/hist-catcher -IOSchedulingClass=idle -CPUSchedulingPolicy=idle -User=iank -Group=iank -Restart=always -RestartSec=600 - - -[Install] -WantedBy=graphical.target diff --git a/filesystem/usr/local/bin/abrowser b/filesystem/usr/local/bin/abrowser index 8d47fec..1f33122 100755 --- a/filesystem/usr/local/bin/abrowser +++ b/filesystem/usr/local/bin/abrowser @@ -40,7 +40,9 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${P # prefer abrowser -if [[ -x /usr/bin/abrowser ]]; then +if [[ -x /usr/bin/librewolf ]]; then + b=librewolf +elif [[ -x /usr/bin/abrowser ]]; then b=abrowser else b=firefox diff --git a/filesystem/usr/local/bin/abrowser-main b/filesystem/usr/local/bin/abrowser-main old mode 100755 new mode 100644 diff --git a/filesystem/usr/local/bin/abrowser-profile-plus b/filesystem/usr/local/bin/abrowser-profile-plus index be100c9..4dc5caf 100755 --- a/filesystem/usr/local/bin/abrowser-profile-plus +++ b/filesystem/usr/local/bin/abrowser-profile-plus @@ -40,12 +40,20 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${P profile="$1" shift -if pgrep -f "^/usr/lib/abrowser/abrowser --new-instance -P ${profile}$" &>/dev/null; then +if [[ -x /usr/bin/librewolf ]]; then + b=librewolf + ps_name=/usr/bin/librewolf +elif [[ -x /usr/bin/abrowser ]]; then + b=librewolf + ps_name=/usr/lib/abrowser/abrowser +fi + +if pgrep -f "^$ps_name --new-instance -P ${profile}$" &>/dev/null; then if (( $# )); then - abrowser -P $profile --new-tab "$@" + $b -P $profile --new-tab "$@" else - abrowser -P $profile + $b -P $profile fi else - abrowser --new-instance -P $profile &>/dev/null & + $b --new-instance -P $profile &>/dev/null & fi diff --git a/filesystem/usr/local/bin/i3-abrowser b/filesystem/usr/local/bin/i3-abrowser index 0a62f17..2f9e02c 100755 --- a/filesystem/usr/local/bin/i3-abrowser +++ b/filesystem/usr/local/bin/i3-abrowser @@ -26,8 +26,10 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR -# prefer abrowser -if [[ -x /usr/bin/abrowser ]]; then +# prefer librewolf, trying it out due to faster at getting upstream fixes +if [[ -x /usr/bin/librewolf ]]; then + b=librewolf +elif [[ -x /usr/bin/abrowser ]]; then b=abrowser else b=firefox diff --git a/hist-catcher b/filesystem/usr/local/bin/iank-apt-post-hook similarity index 54% rename from hist-catcher rename to filesystem/usr/local/bin/iank-apt-post-hook index ad8c963..e4705d3 100755 --- a/hist-catcher +++ b/filesystem/usr/local/bin/iank-apt-post-hook @@ -20,13 +20,35 @@ # See the License for the specific language governing permissions and # limitations under the License. +# Note, no automatic error exit since that is super annoying for package installs. -cmd_regex='[[:alnum:]]' -while true; do - cmd=$(nc -l 36661) || sleep 1 - if [[ ! $cmd =~ $cmd_regex ]]; then - continue - fi - history -s "$cmd" && history -a ||: -done +if grep -q 'VERSION_ID="11' /etc/os-release ; then exit 0; fi + +if [[ ! -s /usr/sbin/exim4 ]]; then exit 0; fi + +if ! type -p setcap &>/dev/null || ! type -p getcap &>/dev/null; then exit 0; fi + +modified=false + +owners=$(stat -c %U:%G /usr/sbin/exim4) +if [[ $owners != Debian-exim:Debian-exim ]]; then + chown Debian-exim:Debian-exim /usr/sbin/exim4 + modified=true +fi +perms=$(stat --format %a /usr/sbin/exim4) +if [[ $perms != 6* ]]; then + chmod g+s,u+s /usr/sbin/exim4 + modified=true +fi + +caps=$(getcap /usr/sbin/exim4) +if [[ ! $caps ]]; then + setcap CAP_NET_BIND_SERVICE+ei /usr/sbin/exim4 + modified=true +fi + +if $modified && systemctl is-active exim4 &>/dev/null; then + systemctl restart exim4 +fi +exit 0 diff --git a/filesystem/usr/local/bin/mailbindwatchdog b/filesystem/usr/local/bin/mailbindwatchdog index c88a304..b3048fd 100755 --- a/filesystem/usr/local/bin/mailbindwatchdog +++ b/filesystem/usr/local/bin/mailbindwatchdog @@ -57,15 +57,15 @@ while true; do run_as_nonroot=true if $run_as_nonroot; then - # settings that go away when exim gets upgraded. obviously the best - # way to do this would be to modify the exim package itself, but this - # is easier. + # settings that go away when exim gets upgraded. We shouldn't hit this + # because we have an apt hook, but just in case. caps=$(getcap /usr/sbin/exim4) if [[ ! $caps ]]; then echo "$0: setting capabilities, user and setuid/gid on /usr/sbin/exim4" chown Debian-exim:Debian-exim /usr/sbin/exim4 chmod g+s,u+s /usr/sbin/exim4 setcap CAP_NET_BIND_SERVICE+ei /usr/sbin/exim4 + systemctl restart exim4 fi fi done diff --git a/filesystem/usr/local/bin/mount-latest-subvol b/filesystem/usr/local/bin/mount-latest-subvol index bfa79b0..3757814 100755 --- a/filesystem/usr/local/bin/mount-latest-subvol +++ b/filesystem/usr/local/bin/mount-latest-subvol @@ -110,7 +110,7 @@ fstab() { local mount_source mpoint line_end l while read -r mount_source mpoint line_end; do l="$mount_source $mpoint $line_end" - if grep -rq "^[[:space:]]*$mount_source[[:space:]]+$mpoint[[:space:]]+" /etc/fstab; then continue; fi + if grep -rq "^[[:space:]]*${mount_source}[[:space:]]+${mpoint}[[:space:]]+" /etc/fstab; then continue; fi tu /etc/fstab <<<"$l" done } diff --git a/mail-setup b/mail-setup index 7593487..613e7db 100755 --- a/mail-setup +++ b/mail-setup @@ -19,6 +19,11 @@ # SPDX-License-Identifier: GPL-3.0-or-later +# TODO: track the actual generated exim config files in git. Somehow an +# exim update screwed up the config file, probably by generating it +# outside of the normal processes. It was fixed when I reran this file, +# but then I didn't actually know for sure what went wrong. + # todo: # on bk (and fsf servers that run multiple exim4 daemons, eg eximfsf2 and eximfsf3), # make it so that when exim is restarted due to package upgrades, @@ -3786,8 +3791,11 @@ case $HOSTNAME in # make exim be a nonroot setuid program. m chown Debian-exim:Debian-exim /usr/sbin/exim4 fi - # needs guid set in order to become Debian-exim - m chmod g+s,u+s /usr/sbin/exim4 + perms=$(stat --format %a /usr/sbin/exim4) + if [[ $perms != 6* ]]; then + # needs guid set in order to become Debian-exim + m chmod g+s,u+s /usr/sbin/exim4 + fi # need this to avoid error on service reload: # 2022-08-07 18:44:34.005 [892491] pid 892491: SIGHUP received: re-exec daemon # 2022-08-07 18:44:34.036 [892491] cwd=/var/spool/exim4 5 args: /usr/sbin/exim4 -bd -q30m -C /etc/exim4/nn-mainlog.conf diff --git a/mailtest-check b/mailtest-check index fd51a0f..d17c308 100755 --- a/mailtest-check +++ b/mailtest-check @@ -68,9 +68,6 @@ parse-rspamd() { awk '$1 == "Symbol:" && $2 !~ /\(0\.00\)/ && $3 !~ /\(0\.00\)/ {print $2}' | sed 's/(.*//' } -deactivated_sshd=false -lock_check_fails=0 - ssh-wan() { printf "Port 22\nPort 8989\n" > /etc/ssh/sshd_config.d/iank.conf systemctl reload ssh.service diff --git a/script-files b/script-files index 70f40a0..0532935 100644 --- a/script-files +++ b/script-files @@ -39,7 +39,6 @@ done my_service_scripts=( epanic-clean system-status - hist-catcher btrfsmaint mailtest-check dynamic-ip-update diff --git a/subdir_files/.config/konsolerc b/subdir_files/.config/konsolerc index 133d499..2e559bb 100644 --- a/subdir_files/.config/konsolerc +++ b/subdir_files/.config/konsolerc @@ -24,8 +24,8 @@ ShowMenuBarByDefault=false 2 screens: XPosition=2 2 screens: YPosition=2 3840x2160 screen: Height=2156 -3840x2160 screen: Width=1916 -3840x2160 screen: XPosition=1922 +3840x2160 screen: Width=1276 +3840x2160 screen: XPosition=2562 3840x2160 screen: YPosition=2 DP-0=DP-0 DP-1 eDP-1=DP-1 diff --git a/system-status b/system-status index 371f91c..34ac06d 100755 --- a/system-status +++ b/system-status @@ -428,6 +428,9 @@ write-status() { fi done fi + if [[ -s /home/iank/hist-catcher.log ]]; then + chars+=("HC") + fi # if [[ $(grep -v "exim user lost privilege for using -C option" /var/log/exim4/paniclog 2>/dev/null ||:) ]]; then if [[ -s /var/log/exim4/paniclog ]]; then -- 2.30.2