From aec23d4d07e390a2a74635c35b39f5a0ba0f7439 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Thu, 25 Feb 2021 22:33:39 -0500
Subject: [PATCH] various fixes

---
 brc                                           |  2 +-
 distro-begin                                  | 15 ++++++---
 distro-end                                    | 33 +++++++++++--------
 dynamic-ip-update                             | 20 ++++++-----
 .../kd/filesystem/etc/btrbk/rust.conf         | 19 +++++++++++
 .../etc/systemd/system/btrbkrust.service      |  7 ++++
 .../etc/systemd/system/btrbkrust.timer        |  8 +++++
 mail-setup                                    | 22 +++++--------
 8 files changed, 86 insertions(+), 40 deletions(-)
 create mode 100644 machine_specific/kd/filesystem/etc/btrbk/rust.conf
 create mode 100644 machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.service
 create mode 100644 machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.timer

diff --git a/brc b/brc
index 9aeff8c..c9078ee 100644
--- a/brc
+++ b/brc
@@ -1236,7 +1236,7 @@ safe_rename() { # warn and dont rename if file exists.
 
 
 sd() {
-  sudo dd of="$1" 2>/dev/null
+  sudo dd status=none of="$1"
 }
 
 ser() {
diff --git a/distro-begin b/distro-begin
index 1ad65f4..e4958f5 100755
--- a/distro-begin
+++ b/distro-begin
@@ -472,10 +472,17 @@ if encrypted; then
 fi
 
 ##### make extra dirs
-dirs=(/mnt/{1,2,3,4,5,6,7,8,9} /nocow/t /bu/md /bu/md/{cur,tmp,new} /bu/mnt)
-sudo mkdir -p "${dirs[@]}"
-# allow to fail because they could have read-only mounts on them
-sudo chown $USER:$USER  "${dirs[@]}" ||:
+dirs=()
+for dir in /mnt/{1,2,3,4,5,6,7,8,9} /nocow/t /bu/md /bu/md/{cur,tmp,new} /bu/mnt; do
+  [[ -e $dir ]] && continue
+  dirs+=($dir)
+done
+if (( ${#dirs[@]} )); then
+  # mkdir -p on a mounted directory will fail. so will chown if its an ro mount
+  sudo mkdir -p "${dirs[@]}"
+  sudo chown $USER:$USER  "${dirs[@]}"
+fi
+
 
 # disabled temporarily
 ###### setup /i
diff --git a/distro-end b/distro-end
index 3c37330..5c802ca 100755
--- a/distro-end
+++ b/distro-end
@@ -525,27 +525,27 @@ case $HOSTNAME in
     sudo rm -fv /etc/apache2/sites-enabled/mumble.iankelling.org
 
     # general vpn for as needed use
-    vpn-server-setup -d -r -4 10.2.2 -p 443 -n hole
+    vpn-server-setup -d -r -4 10.5.5 -p 443 -n hole
     sd /etc/openvpn/client-config-hole/kw <<'EOF'
-ifconfig-push 10.2.2.9 255.255.255.0
+ifconfig-push 10.5.5.9 255.255.255.0
 EOF
     sd /etc/openvpn/client-config-hole/x3 <<'EOF'
-ifconfig-push 10.2.2.8 255.255.255.0
+ifconfig-push 10.5.5.8 255.255.255.0
 EOF
     sd /etc/openvpn/client-config-hole/x2 <<'EOF'
-ifconfig-push 10.2.2.7 255.255.255.0
+ifconfig-push 10.5.5.7 255.255.255.0
 EOF
     sd /etc/openvpn/client-config-hole/wclient <<'EOF'
-ifconfig-push 10.2.2.6 255.255.255.0
+ifconfig-push 10.5.5.6 255.255.255.0
 EOF
     sd /etc/openvpn/client-config-hole/frodo <<'EOF'
-ifconfig-push 10.2.2.5 255.255.255.0
+ifconfig-push 10.5.5.5 255.255.255.0
 EOF
     sd /etc/openvpn/client-config-hole/amy <<'EOF'
-ifconfig-push 10.2.2.3 255.255.255.0
+ifconfig-push 10.5.5.3 255.255.255.0
 EOF
     sd /etc/openvpn/client-config-hole/kd <<'EOF'
-ifconfig-push 10.2.2.2 255.255.255.0
+ifconfig-push 10.5.5.2 255.255.255.0
 EOF
 
     #vpn-mk-client-cert -s "" -n hole 72.14.176.105
@@ -1214,6 +1214,9 @@ case $HOSTNAME in
   frodo)
     tdir=/i/k
     ;;
+  kd)
+    tdir=/d/tor
+    ;;
   *)
     tdir=/nocow/user
     ;;
@@ -1300,15 +1303,17 @@ File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
 "peer-port" => 61486,
 "cache-size-mb" => 256,
 "ratio-limit" => 5.0,
-"ratio-limit-enabled" => true,
+"ratio-limit-enabled" => false,
 })) + "\n")
 EOF
-####### end transmission
-
 
+####### end transmission
 
 case $HOSTNAME in
   kd)
+    # to persist upload/dl metadata. initially, moved all the stuff
+    # in /var/lib/transmission-daemon to /d/tor
+    s usermod --home /d/tor debian-transmission
     sgo transmission-daemon-nn
     ;;
 esac
@@ -1495,9 +1500,9 @@ DEVICESCAN -a -o on -S on -n standby,q $sched \
 
 if [[ $HOSTNAME != frodo ]]; then
   s cedit hole /etc/hosts <<EOF ||:
-10.2.2.3 amy amy.b8.nz
-10.2.2.5 frodo frodo.b8.nz
-10.2.2.6 wclient wclient.b8.nz
+10.5.5.3 amy amy.b8.nz
+10.5.5.5 frodo frodo.b8.nz
+10.5.5.6 wclient wclient.b8.nz
 EOF
 fi
 
diff --git a/dynamic-ip-update b/dynamic-ip-update
index 6432b57..d5102dd 100755
--- a/dynamic-ip-update
+++ b/dynamic-ip-update
@@ -34,8 +34,10 @@ fi
 cur6="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||:
 
 up6=false
-# maybe we dont have ipv6 working
-if out6=$(curl -s6 https://iankelling.org/cgi/pubip) && [[ $out6 ]]; then
+
+out6=$(curl -s6 https://iankelling.org/cgi/pubip) ||: # failure allowed if we have no ipv6
+
+if [[ $out6 ]]; then
   dev=$(ip -o a show to $out6 | awk '{print $2}')
   # we use slaac with privacy extension, so get our less private more permanent address
   mac=$(cat /sys/class/net/$dev/address)
@@ -46,11 +48,11 @@ if out6=$(curl -s6 https://iankelling.org/cgi/pubip) && [[ $out6 ]]; then
   if ! ip a | grep "^ *inet6 $ip6/" &>/dev/null; then
     ip6=$out6
   fi
-  if [[ $cur6 != $ip6 ]]; then
-    up6=true
-  fi
 fi
 
+if [[ $cur6 != $ip6 ]]; then
+  up6=true
+fi
 
 if ! $up4 && ! $up6; then
   exit 0
@@ -74,14 +76,16 @@ EOF
 fi
 
 if $up6; then
-  cat >>$f <<EOF
+  if [[ $ip6 ]]; then
+    cat >>$f <<EOF
 update delete $fqdn. AAAA
 update add $fqdn. 60 AAAA $ip6
 EOF
-else
-  cat >>$f <<EOF
+  else
+    cat >>$f <<EOF
 update delete $fqdn. AAAA
 EOF
+  fi
 fi
 
 cat >>$f <<EOF
diff --git a/machine_specific/kd/filesystem/etc/btrbk/rust.conf b/machine_specific/kd/filesystem/etc/btrbk/rust.conf
new file mode 100644
index 0000000..cf64295
--- /dev/null
+++ b/machine_specific/kd/filesystem/etc/btrbk/rust.conf
@@ -0,0 +1,19 @@
+transaction_syslog local7
+
+lockfile                   /var/lock/btrbk-rust.lock
+
+timestamp_format long-iso
+
+snapshot_create onchange
+
+snapshot_preserve 18h 14d 8w 12m
+snapshot_preserve_min 2h
+snapshot_dir btrbk
+
+target_preserve 18h 14d 8w 12m
+target_preserve_min 2h
+
+rate_limit no
+volume /mnt/r6
+subvolume d
+target send-receive /mnt/rust/btrbk
diff --git a/machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.service b/machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.service
new file mode 100644
index 0000000..1391daa
--- /dev/null
+++ b/machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Btrbk to rust
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once btrbkrust btrbk -c /etc/btrbk/rust.conf run
diff --git a/machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.timer b/machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.timer
new file mode 100644
index 0000000..8866acc
--- /dev/null
+++ b/machine_specific/kd/filesystem/etc/systemd/system/btrbkrust.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Btrbk rust timer
+
+[Timer]
+OnCalendar=*-*-* 05:00:00
+
+[Install]
+WantedBy=timers.target
diff --git a/mail-setup b/mail-setup
index 901361c..b11993a 100755
--- a/mail-setup
+++ b/mail-setup
@@ -5,15 +5,9 @@
 
 # todo: auto restart of je on checkrestart
 
-# todo: remove old files from bk:/m/md/expertpathologyreview.com/testignore/cur
-
 # todo: run mailping test after running, or otherwise
 # clear out terminal alert
 
-# todo: in err can we print out variables?
-
-# todo setup better backup/sync of MAIL_HOST emails
-
 # todo: reinstall bk with bigger filesystem
 
 # todo: on bk, dont send email if mailvpn is not up
@@ -573,14 +567,16 @@ EOF
 
 # this is just a bug fix for trisquel.
 f=/etc/apparmor.d/usr.sbin.unbound
-line="/usr/sbin/unbound flags=(attach_disconnected) {"
-if ! grep -qFx "$line" $f; then
-  badline="/usr/sbin/unbound {"
-  if ! grep -qFx "$badline" $f; then
-    err expected line in $f not found
+if [[ $f ]]; then
+  line="/usr/sbin/unbound flags=(attach_disconnected) {"
+  if ! grep -qFx "$line" $f; then
+    badline="/usr/sbin/unbound {"
+    if ! grep -qFx "$badline" $f; then
+      err expected line in $f not found
+    fi
+    sed -i "s,^$badline$,$line," $f
+    m systemctl reload apparmor
   fi
-  sed -i "s,^$badline$,$line," $f
-  m systemctl reload apparmor
 fi
 
 # note: anything added to nn_progs needs corresponding rm
-- 
2.30.2