From b714b0dde29aaf5e44d628c1d723077465e9c488 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Mon, 20 May 2024 18:03:51 -0400
Subject: [PATCH] a few important fixes, mostly improvements

---
 .tmux.conf                                    |   6 +
 brc                                           |  77 ++++++++++-
 brc2                                          | 130 ++++++++++++++++--
 btrbk-run                                     | 119 +++++++++-------
 btrfsmaint                                    |   4 +-
 distro-begin                                  |  12 +-
 distro-end                                    |   6 +-
 ffs                                           |  96 +++++++++++++
 filesystem/usr/local/bin/abrowser             |   6 +-
 filesystem/usr/local/bin/ethusb-nm            |  31 -----
 filesystem/usr/local/bin/ethusb-static        |  74 ----------
 i3-pull                                       |   3 +-
 i3-sway/common.conf                           |   3 +-
 i3-sway/i3.conf                               |  36 ++---
 laptop-xrandr                                 |  11 +-
 obs-i3-monitor                                |   3 +
 pkgs                                          |   2 +
 prof                                          |   2 +-
 prof-remote                                   |   2 +-
 rootsshsync                                   |   2 +
 script-files                                  |   1 +
 .../.config/systemd/user/profanity.service    |   7 +-
 system-status                                 |  44 +++---
 23 files changed, 442 insertions(+), 235 deletions(-)
 create mode 100644 .tmux.conf
 create mode 100755 ffs
 delete mode 100644 filesystem/usr/local/bin/ethusb-nm
 delete mode 100644 filesystem/usr/local/bin/ethusb-static

diff --git a/.tmux.conf b/.tmux.conf
new file mode 100644
index 0000000..9557d72
--- /dev/null
+++ b/.tmux.conf
@@ -0,0 +1,6 @@
+# a 256color term is needed for profanity to have colors, this is
+# recommended by
+# https://unix.stackexchange.com/questions/1045/getting-256-colors-to-work-in-tmux
+set -g default-terminal "tmux-256color"
+# default is green. I prefer it to stand out less.
+set-option -g status-style bg=black
diff --git a/brc b/brc
index 7731b9c..dc32a10 100644
--- a/brc
+++ b/brc
@@ -774,6 +774,50 @@ EOF
   done
 }
 
+screenrtp() {
+
+  local ip port xoffset
+  read -r ip port xoffset <<<"$@"
+
+  setxenv
+
+  if [[ ! $port ]]; then
+    port=9999
+  fi
+
+  while true; do
+    # By default, plugged in screen goes to the right side, so we need an
+    # offset that is the same as the laptop's x resolution. If we are in
+    # mirror mode, then we don't need an offset.
+    if [[ ! $xoffset ]]; then
+      xoffset=0
+      laptop_x=$(xrandr | awk '$1 == "LVDS-1" {print $4}' | sed 's/x.*//') || { sleep 1; continue; }
+      total_x=$(xdpyinfo| awk '$1 == "dimensions:" {print $2}' | sed 's/x.*//') || { sleep 1; continue; }
+      screen2_res=$(xrandr | awk '$2 == "connected" && $1 != "LVDS-1" { print $3 }' | sed 's/+.*//')
+      if (( laptop_x < total_x )); then
+        xoffset=$laptop_x
+      fi
+    fi
+
+    m ffmpeg -probesize 50M -thread_queue_size 50 \
+      -video_size $screen2_res -f x11grab -framerate 30 -i :0.0+$xoffset.0 \
+      -vcodec libx264 -g 1 -tune zerolatency -preset ultrafast -pix_fmt yuv420p -x264-params repeat-headers=1 \
+      -f rtp_mpegts rtp://$ip:$port ||:
+
+
+    sleep 1
+  done
+}
+
+setxenv() {
+  if [[ ! $DISPLAY ]]; then
+    export DISPLAY=:0.0
+  fi
+  if [[ ! $XAUTHORITY ]]; then
+    export XAUTHORITY=$HOME/.Xauthority
+  fi
+}
+
 #### end fsf section
 
 
@@ -2046,9 +2090,9 @@ nags() {
   /usr/bin/nagstamon &
 }
 
-# profanity screen
+# profanity tmux
 profsrc() {
-  screen -RD -S profanity
+  screen -L profanity a
 }
 
 # i dont want to wait for konsole to exit...
@@ -3375,6 +3419,35 @@ if [[ $- == *i* ]]; then
 
 fi
 
+
+lp22viewers() {
+  v=0
+  roomv=(0 0)
+  rooms=(jupiter saturn)
+  for ip in 209.51.188.25 live.fsf.org; do
+    out=$(curl -sS --insecure https://$ip/)
+    for i in 0 1 2; do
+      room=${rooms[i]}
+      while read -r n; do
+        v=$((v+n))
+        roomv[$i]=$(( ${roomv[$i]} + n ))
+      done < <(printf "%s\n" "$out"  | grep -Po "$room.*?current[^0-9]*[0-9]*" | grep -o '[0-9]*$' )
+    done
+  done
+  printf "total: %s " $v
+  for i in 0 1; do
+    room=${rooms[i]}
+    printf "$room: %s " "${roomv[$i]}"
+  done
+  echo
+}
+
+arpflush() {
+  local default_route_dev
+  default_route_dev=$(ip r show default | sed 's/.*dev \([^ ]*\).*/\1/' | head -n1)
+  m s ip n flush dev "$default_route_dev"
+}
+
 # * stuff that makes sense to be at the end
 
 
diff --git a/brc2 b/brc2
index 3edbae0..5fde368 100644
--- a/brc2
+++ b/brc2
@@ -1504,7 +1504,6 @@ btrbk-host-debug() {
 
 # $ dig ns1.gnu.org @b0.org.afilias-nst.org.
 
-# todo: make sm pull/push use systemd instead of the journal cat command
 bbk() { # btrbk wrapper
   local ret=0
   c /
@@ -1855,7 +1854,13 @@ dsign() {
 # set day start for use in other programs.
 # expected to do be in a format like 830, or 800 or 1300.
 ds() {
+  local regex
+  regex='[0-9]?[0-9]?[0-9][0-9]'
   if [[ $1 ]]; then
+    if [[ ! $1 =~ $regex ]]; then
+      echo "ds: error. expected \$1 to match $regex, got \$1: $1"
+      return 1
+    fi
     echo $1 >/b/data/daystart
   else
     cat /b/data/daystart
@@ -1998,8 +2003,8 @@ apache-header() {
 # https://www.gnu.org/licenses/license-recommendations.en.html. They
 # recommend that small programs, < 300 lines, be licensed under the
 # Apache License 2.0. This file contains or is part of one or more small
-# programs. If a small program grows beyond 300 lines, I plan to switch
-# its license to GPL.
+# programs. If a small program grows beyond 300 lines, I plan to change
+# to a recommended GPL license.
 
 # Copyright 2024 Ian Kelling
 
@@ -2638,18 +2643,28 @@ wgkey() {
 
 host-info-all() {
   host-info-update
+
   bindpushb8
+  # for wireguard configs
   ssh iank@li.b8.nz conflink
   wrt-setup
 }
 
 
-# if you change a host's ip, then run
-# bindpushb8
-# wrt-setup
+
+
+
+## for updating host info like ip, location, update /p/c/host-info and
+## host_info below. the host_info array should probably be in its own
+## file that gets sourced so that it can be more easily updated.
+
+# todo: this is so long that it becomes confusing,
+# try to split it up.
+#
+# To make some changes take effect, run host-info-all.
 host-info-update() {
 
-  local -A vpn_ips host_ips host_macs nonvpn_ips all_ips
+  local -A vpn_ips host_ips host_macs portfw_ips nonvpn_ips all_ips
   local -a root_hosts nonroot_hosts
 
   # the hosts with no mac
@@ -2678,6 +2693,7 @@ host-info-update() {
 
     all_ips[$host]=$ip
     if $vpn; then
+      portfw_ips[$host]=$ip
       vpn_ips[$host]=$ip
     else
       nonvpn_ips[$host]=$ip
@@ -2711,10 +2727,8 @@ EOF
     for host in ${!vpn_ips[@]}; do
       ipsuf=${vpn_ips[$host]}
       cat <<EOF
-Host ${host}i
-Hostname b8.nz
+Host ${host}i ${host}i.b8.nz
 Port $((2200 + ipsuf))
-
 EOF
     done
 
@@ -2725,7 +2739,7 @@ Host $host ${host}i $host.b8.nz ${host}i.b8.nz
 HostKeyAlias $host.b8.nz
 EOF
     done
-  } | cedit /p/c/subdir_files/.ssh/config || [[ $? == 1 ]]
+  } | cedit -e /p/c/subdir_files/.ssh/config-static
 
   {
     # hack to please emacs parser
@@ -2846,9 +2860,10 @@ $host	A	10.2.0.$ipsuf
 ${host}wg	A	10.8.0.$ipsuf
 ${host}vp	A	10.5.5.$ipsuf
 ${host}tr	A	10.174.$ipsuf.2
+${host}i	A	$b8_ip
 EOF
     done
-  } | cedit vpn-ips-update /p/c/machine_specific/vps/bind-initial/db.b8.nz ||:
+  } | cedit -e vpn-ips-update /p/c/machine_specific/vps/bind-initial/db.b8.nz
 
 
   echo checking for stray files:
@@ -2880,14 +2895,96 @@ EOF
     fi
   done
 
-
+  tmpf=$(mktemp)
   {
     printf "%s" "Host * "
-    sed -n '/^Host /h;/^IdentityFile .*\/home/{g;s/^Host//;s/ / !/gp}' ~/.ssh/config | tr '\n' ' '
+    sed -n '/^Host /h;/^IdentityFile .*\/home/{g;s/^Host//;s/ / !/gp}' /p/c/subdir_files/.ssh/config-static | tr '\n' ' '
+    echo
     echo "IdentityFile ~/.ssh/work"
-  } | cedit work-identity ~/.ssh/config || [[ $? == 1 ]]
+  } >$tmpf
+  cedit -e work-identity /p/c/subdir_files/.ssh/config-static <$tmpf
+  rm -f $tmpf
+
+  ### begin focus on hosts file update ###
+  #
+  # This started as its own function, but it actually
+  # needed to alter the ssh config, so combined it.
+  #
+  # background: This is finally doing dynamic ip resolution via the hosts
+  # file. I considered detecting where each host was dynamically or
+  # something, but ultimately decided to mostly avoid that, other than
+  # detecting the status of the current machine I'm on.  I want to be able
+  # to move it around without having to manually type much of anything.
+  local -a host_domain_suffix hosts
+  local -A ip_to_hosts
+  local suf ip i host at_home suf_from_here
+
+  source /p/c/domain-info
+
+  at_home=false
+  if ip n | grep -q "10.2.0.1 .* b4:75:0e:fd:06:4a"; then
+    at_home=true
+  fi
+
+  for i in ${host_domain_suffix[@]}; do
+    if [[ $i == *.* ]]; then
+      suf=$i
+      continue
+    fi
+    hosts+=($i)
+    if [[ $i == "$HOSTNAME" ]]; then
+      unset "portfw_ips[$i]"
+      continue
+    fi
+
+    suf_from_here=$suf
+    if ! $at_home && [[ $suf == .b8.nz || $suf == [wc].b8.nz ]]; then
+      suf_from_here=i.b8.nz
+    else
+      unset "portfw_ips[$i]"
+    fi
 
+    ip=$(getent ahostsv4 "$i$suf_from_here" | awk '{ print $1 }' | head -n1) ||:
+    if [[ ! $ip ]]; then
+      if [[ $suf == .office.fsf.org ]]; then
+        suf_from_here=wg.b8.nz
+        ip=$(getent ahostsv4 "$i$suf_from_here" | awk '{ print $1 }' | head -n1) ||:
+      fi
+      if [[ ! $ip ]]; then
+        echo error: failed to get ip of "$i$suf_from_here"
+        return 1
+      fi
+    fi
+    ip_to_hosts[$ip]+=" $i"
+  done
 
+  for ip in "${!ip_to_hosts[@]}"; do
+    echo "$ip${ip_to_hosts[$ip]}"
+  done | s cedit -e hosts-file-up /etc/hosts
+  for host in ${hosts[@]}; do
+    echo $host
+  done | cedit -e /a/bin/ds/subdir_files/.dsh/group/btrbk
+  ### end focus on hosts file update ###
+
+
+  # note: note sure if this is a great way to check.
+  # todo: think about it
+
+  if $at_home; then
+    # possible that in the future we want to create
+    # a dynamic file here, and then we can move the cat
+    # command above out of the conditional
+    rsync -a /p/c/subdir_files/.ssh/config-static ~/.ssh/config
+  else
+    for host in ${!portfw_ips[@]}; do
+      ipsuf=${portfw_ips[$host]}
+      cat <<EOF
+Host ${host}
+Port $((2200 + ipsuf))
+EOF
+    done > ~/.ssh/config-dynamic
+    cat /p/c/subdir_files/.ssh/config-static ~/.ssh/config-dynamic  >~/.ssh/config
+  fi
 }
 
 # usage host ipsuf [extrahost]
@@ -4675,6 +4772,9 @@ tclear() {
   done
 }
 
+opensslcertinfo() {
+  openssl x509 -txt -in "$@"
+}
 
 export BASEFILE_DIR=/a/bin/fai-basefiles
 
diff --git a/btrbk-run b/btrbk-run
index 8fc4c4f..9bd6e9b 100644
--- a/btrbk-run
+++ b/btrbk-run
@@ -45,25 +45,53 @@ EOF
 }
 
 
+
 pre=btrbk-run
 
+
+
 script_name="${BASH_SOURCE[0]}"
 script_name="${script_name##*/}"
+
+
+log-setup() {
+  if [[ ! $log_path ]]; then
+    mkdir -p /var/log/btrbk
+    log_path=/var/log/btrbk/$(date +%F_%T%:::z).log
+  fi
+}
 d() {
   if $dry_run || $conf_only; then
     printf "$pre dry-run: %s\n"  "$*"
   else
-    printf "$pre running: %s\n"  "$*"
-    "$@"
+    log-setup
+    printf "$pre running: %s\n"  "$*" |& pee cat 'ts "%F %T" >>'$log_path
+    "$@" |& pee cat 'ts "%F %T" >>'$log_path
   fi
 }
 m() { if $verbose; then printf "$pre %s\n"  "$*"; fi;  "$@"; }
 e() { printf "$pre %s\n"  "$*"; }
+
+logq() {
+  local exit_code
+  exit_code=0
+  log-setup
+  printf "$pre running: %s\n"  "$*" | pee cat 'ts "%F %T" >>'$log_path
+  e logging to $log_path
+  "$@" |& ts "%F %T" >>$log_path || exit_code=$?
+  printf "$pre exit code:%s of %s\n" "$exit_code"  "$*" | pee cat 'ts "%F %T" >>'$log_path
+  if (( exit_code > 0 )); then
+    e "error: command exit code: $exit_code. exiting after tail -n50 $log_path"
+    tail -n50 $log_path
+    exit $exit_code
+  fi
+}
+
 die() { printf "$pre error: %s\n" "$*" >&2; echo "$pre exiting with status 1" >&2; exit 1; }
 mexit() { echo "$pre exiting with status $1"; exit $1; }
 
 uninstalled-file-die() {
-  die "uninstalled file $1. run install-my-scripts or rerun with -f"
+  die "file $1 is not latest. run install-my-scripts or rerun with -f"
 }
 
 set-location() {
@@ -104,10 +132,10 @@ add-x3-target() {
   # main work machine
   if ping -q -c1 -w1 x3.office.fsf.org &>/dev/null; then
     targets+=(x3.office.fsf.org)
-  elif ping -q -c1 -w1 $h.b8.nz &>/dev/null; then
+  elif ping -q -c1 -w1 x3.b8.nz &>/dev/null; then
     # in case we took it home
     targets+=(x3.b8.nz)
-  elif ping -q -c1 -w1 ${h}w.b8.nz &>/dev/null; then
+  elif ping -q -c1 -w1 x3w.b8.nz &>/dev/null; then
     targets+=(x3w.b8.nz)
   else
     targets+=(x3wg.b8.nz)
@@ -164,7 +192,7 @@ ret=0
 conf_only=false
 dry_run=false # mostly for testing
 rate_limit=no
-verbose=true; verbose_arg=-v
+verbose=true; verbose_arg="-l trace"
 force=false
 if [[ $INVOCATION_ID ]]; then
   # INVOCATION_ID means running as a systemd service. we cant show progress in this case,
@@ -203,13 +231,17 @@ fast=false
 kd_spread=false
 check_installed=false
 orig_args=("$@")
-temp=$(getopt -l check-installed,fast,pull-reexec,help 23cefikl:m:npqrs:t:vh "$@") || usage 1
+temp=$(getopt -l check-installed,fast,pull-reexec,help 23acefikl:m:npqrs:t:vh "$@") || usage 1
 eval set -- "$temp"
 while true; do
   case $1 in
     # for the rare case we want to run multiple instances at the same time
     -2) conf_suf=2 ;;
     -3) conf_suf=3 ;;
+    -a)
+      # all moiuntpoints
+      mountpoints=(/a /o /qr /qd /q)
+      ;;
     # only creates the config file, does not run btrbk
     -c) conf_only=true ;;
     --check-installed)
@@ -254,7 +286,9 @@ while true; do
     # snapshot. we have default hosts we will populate.
     -t) IFS=, targets=($2); unset IFS; shift ;;
     # verbose.
-    -v) verbose=true; verbose_arg=-v ;;
+    -v)
+      verbose=true; verbose_arg="-l trace"
+      ;;
     -h|--help) usage ;;
     --) shift; break ;;
     *) die "Internal error!" ;;
@@ -278,7 +312,7 @@ if ! $force && { $check_installed || [[ ! $source ]]; } ; then
     fi
   done
   if ! diff -q /a/bin/bash-bear-trap/bash-bear /usr/local/lib/bash-bear; then
-    uninstalled-file-die err
+    uninstalled-file-die bash-bear
   fi
   if $check_installed; then
     exit 0
@@ -474,21 +508,24 @@ if ! command -v btrbk &>/dev/null; then
   die "error: no btrbk binary found"
 fi
 
+# pull_reexec stops us from getting into an infinite loop if there is some
+# kind of weird problem
+pulla=false
+for m in "${mountpoints[@]}"; do
+  if [[ $m == /a ]]; then
+    pulla=true
+    break
+  fi
+done
+
 if ! $pull_reexec && [[ $source ]] && $pulla && ! $force ; then
-  ssh root@$source btrbk-run --check-installed || exit 1
+  ssh root@$source btrbk-run --check-installed
 fi
 
 #### end pre-checks #####
 
 
 
-mkdir -p /var/log/btrbk
-# The journal doesnt go back to my oldest backups, and I've found myself
-# wanting older logs. Not going to bother expiring old logs, since it is
-# fine if they go back years.
-log_path=/var/log/btrbk/$(date +%F_%T%:::z).log
-echo copying output to $log_path
-exec &> >(pee cat 'ts "%F %T"|dd of='$log_path' status=none')
 
 # print some non-default opts
 if $verbose; then
@@ -519,26 +556,6 @@ if $verbose; then
   fi
 fi
 
-if [[ -v targets ]]; then
-  echo "targets: ${targets[*]}"
-fi
-
-if [[ $source ]]; then
-  echo "source: $source"
-fi
-
-echo "mountpoints: ${mountpoints[*]}"
-
-
-# pull_reexec stops us from getting into an infinite loop if there is some
-# kind of weird problem
-pulla=false
-for m in "${mountpoints[@]}"; do
-  if [[ $m == /a ]]; then
-    pulla=true
-    break
-  fi
-done
 
 if ! $pull_reexec && [[ $source ]] && $pulla ; then
   tmpf=$(mktemp)
@@ -553,6 +570,16 @@ if ! $pull_reexec && [[ $source ]] && $pulla ; then
   fi
 fi
 
+
+if [[ -v targets ]]; then
+  echo "targets: ${targets[*]}"
+fi
+if [[ $source ]]; then
+  echo "source: $source"
+fi
+echo "mountpoints: ${mountpoints[*]}"
+
+
 # todo: check if we have no snapshots yet, because I always want to run
 # archive instead of run. Likely, I should give an error unless a cli
 # override is passed. perhaps check-subvol-stale could give the error.
@@ -674,14 +701,6 @@ cat >/etc/btrbk$conf_suf.conf <<EOF
 ssh_identity /q/root/h
 #ssh_identity /root/.ssh/home
 
-# Just a guess that local7 is a good facility to pick.
-# It's a bit odd that the transaction log has to be logged to
-# a file or syslog, while other output is sent to std out.
-# The man does not mention a way for them to be together, but
-# I dunno if setting a log level like warn might also output
-# transaction info.
-transaction_syslog local7
-
 # trying this out
 #stream_compress zstd
 
@@ -711,7 +730,7 @@ target_preserve_min 6h
 incremental_prefs sao:1
 
 # if something fails and it's not obvious, try doing
-# btrbk -l debug -v dryrun
+# btrbk -l trace -v dryrun
 
 rate_limit $rate_limit
 EOF
@@ -848,7 +867,7 @@ if $dry_run; then
 fi
 # -q and just using the syslog option seemed nice,
 # but it doesn't show when a send has a parent and when it doesn't.
-m btrbk -c /etc/btrbk$conf_suf.conf $preserve_arg $verbose_arg $progress_arg $cmd_arg
+logq btrbk -c /etc/btrbk$conf_suf.conf $preserve_arg $verbose_arg $progress_arg $cmd_arg
 
 if $early; then
   exit 0
@@ -877,10 +896,10 @@ for mp in "${mountpoints[@]}"; do
   subvols+=("${mp##*/}")
 done
 if [[ $source ]]; then
-  m mount-latest-subvol "${subvols[@]}"
+  d mount-latest-subvol "${subvols[@]}"
 else
   for tg in ${targets[@]}; do
-    m /a/exe/mount-latest-remote "$tg" "${subvols[@]}" || ret=$?
+    d /a/exe/mount-latest-remote "$tg" "${subvols[@]}" || ret=$?
   done
 fi
 
@@ -889,7 +908,7 @@ if [[ $ret == 0 ]]; then
   for tg in ${targets[@]}; do
     h=$(ssh $tg hostname)
     if [[ $h == kd && $HOSTNAME == x3 && $HOSTNAME == "$MAIL_HOST" ]]; then
-      m ssh root@$tg 'btrbk-spread-wrap &>/dev/null </dev/null &'
+      d ssh root@$tg 'btrbk-spread-wrap &>/dev/null </dev/null &'
     fi
     rsync --mkpath -a -f"- */" -f"+ *" /var/log/btrbk/ root@$tg:/var/log/btrbk/$tg
     cmd=/usr/local/bin/mail-backup-clean
diff --git a/btrfsmaint b/btrfsmaint
index 85f2f34..f50f549 100755
--- a/btrfsmaint
+++ b/btrfsmaint
@@ -57,12 +57,10 @@ check-idle() {
   export XAUTHORITY=/home/iank/.Xauthority
   export DISPLAY=:0
   locked=false
-  if lock_info=$(xscreensaver-command -time); then
+  if lock_info=$(xscreensaver-command -time 2>/dev/null); then
     if [[ $lock_info != *non-blanked* ]]; then
       locked=true
     fi
-  else
-    locked=true
   fi
 }
 
diff --git a/distro-begin b/distro-begin
index 59e50d5..82b349e 100755
--- a/distro-begin
+++ b/distro-begin
@@ -553,7 +553,7 @@ fi
 # disabled temporarily
 ###### setup /i
 # if home_network; then
-#   tu /etc/fstab <<'EOF'
+#   sudo teeu /etc/fstab <<'EOF'
 # /i/w  /w  none  bind,noauto  0 0
 # /i/k  /k  none  bind,noauto  0 0
 # EOF
@@ -562,11 +562,11 @@ fi
 #     sudo chown $USER:user2 /kr
 #   fi
 #   if [[ $HOSTNAME == frodo ]]; then
-#     tu /etc/fstab <<'EOF'
+#     sudo teeu /etc/fstab <<'EOF'
 # /k  /kr  none  bind,noauto  0 0
 # EOF
 #   else
-#     tu /etc/fstab <<'EOF'
+#     sudo teeu /etc/fstab <<'EOF'
 # frodo:/k  /kr  nfs  noauto  0 0
 # EOF
 #   fi
@@ -636,7 +636,7 @@ if has_btrfs; then
     fi
 
     first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
-    tu /etc/fstab <<EOF
+    sudo teeu /etc/fstab <<EOF
 $first_root_crypt  /nocow  btrfs  noatime,subvol=nocow$( (( $(nproc) > 2)) && echo ,compress=zstd )  0 0
 EOF
     sudo mkdir -p $dir
@@ -649,7 +649,7 @@ fi
 
 case $HOSTNAME in
   kd)
-    tu /etc/fstab <<'EOF'
+    sudo teeu /etc/fstab <<'EOF'
 /dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7  /d  btrfs  nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d  0 0
 /d/m /i  none  bind,compress=zstd  0 0
 EOF
@@ -665,7 +665,7 @@ EOF
     fi
     ;;
   frodo)
-    tu /etc/fstab <<'EOF'
+    sudo teeu /etc/fstab <<'EOF'
 /dev/mapper/crypt_dev_ata-ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1  /i  btrfs  nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvol=i  0 0
 EOF
     if ! mountpoint /i &>/dev/null; then
diff --git a/distro-end b/distro-end
index ba0b585..d99e6a1 100755
--- a/distro-end
+++ b/distro-end
@@ -18,8 +18,8 @@
 
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-# shellcheck source=./brc
-source ~/brc
+export LC_USEBASHRC=t
+source /a/bin/ds/.bashrc
 
 ### setup
 source /a/bin/bash-bear-trap/bash-bear
@@ -1900,7 +1900,7 @@ case $HOSTNAME in
       wgip=$(command sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf)
       # old filename. remove once all hosts are updated.
       s rm -fv /etc/apache2/sites-enabled/${HOSTNAME}wg.b8.nz.conf
-      web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF'
+      s bash -x web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF'
 <Location "/">
 AuthType Basic
 AuthName "basic_auth"
diff --git a/ffs b/ffs
new file mode 100755
index 0000000..253b83b
--- /dev/null
+++ b/ffs
@@ -0,0 +1,96 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to change
+# to a recommended GPL license.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ffs = ffmpeg stream
+
+# todo: figure out how to record mumble
+# todo: get icecast on li.b8.nz
+# todo: https://superuser.com/questions/1106674/how-to-add-blank-lines-above-the-bottom-in-terminal
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
+
+# 3 mountpoints: fsf-sysops (public), fsf (default, all staff), fsf-tech (tech team)
+case $1 in
+  sysops|tech)
+    mount_suffix=-$1
+    ;;
+esac
+
+host=live.iankelling.org:8000
+if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+     && ip n show 10.2.0.1 | grep . &>/dev/null; then
+  host=127.0.0.1:8000
+fi
+
+pass=$(sed -n 's/ *<source-password>\([^<]*\).*/\1/p' /p/c/icecast.xml)
+
+
+tmpf=$(mktemp)
+xrandr >$tmpf
+
+# example xrandr output: 1280x800+0+0
+primary_res=$(awk '$2 == "connected" && $3 == "primary" { print $4 }' $tmpf | sed 's/+.*//')
+secondary_res=$(awk '$2 == "connected" && $3 != "primary" { print $3 }' $tmpf | sed 's/+.*//')
+
+if [[ $secondary_res ]]; then
+  # assumes secondary is on the right
+  x_offset=${primary_res%%x*}
+  secondary_x=${secondary_res%%x*}
+  secondary_y=${secondary_res##*x}
+  stream_res=$(( secondary_x / 2 ))x$(( secondary_y / 2))
+else
+  x_offset=0
+  stream_res=$primary_res
+fi
+
+
+opts=(
+  # nice to have: be a little less verbose
+  -hide_banner
+  -video_size $stream_res
+  -f x11grab
+  -framerate 4
+  # input options come before -i
+  -i :0.0+$x_offset.0
+  -vf drawbox=color=black
+  -vcodec libvpx
+  -g 8
+  -quality realtime
+  -threads 2
+  -error-resilient 1
+  -content_type video/webm
+  -f webm
+  icecast://source:$pass@$host/fsf$mount_suffix.webm
+
+)
+
+
+rm -f /tmp/iank-ffmpeg
+mkfifo -m 0600 /tmp/iank-ffmpeg
+echo executing: ffmpeg -stdin ${opts[@]}
+# ffmpeg sits and waits until we do this. dunno why. whatever.
+echo >/tmp/iank-ffmpeg &
+ffmpeg ${opts[@]} </tmp/iank-ffmpeg
diff --git a/filesystem/usr/local/bin/abrowser b/filesystem/usr/local/bin/abrowser
index 80f2371..7892cc7 100755
--- a/filesystem/usr/local/bin/abrowser
+++ b/filesystem/usr/local/bin/abrowser
@@ -48,8 +48,8 @@ else
   firefox "$@" &
 fi
 
-# .5 was too fast
-sleep 1
+# on a fast computer, .5 is too fast, 1 is ok. on x200, 1 is too fast, 2 is ok.
+sleep 2
 # debug
 #printf "%s\n" "$*" >> /tmp/a
 if (( $# == 0 )) && ! i3-msg -t get_tree | jq --stream -r 'select(.[1]|scalars!=null) | "\(.[0]|join(".")): \(.[1]|tojson)"'  | grep 'marks.0: "abrowser"$' &>/dev/null; then
@@ -60,7 +60,7 @@ if (( $# == 0 )) && ! i3-msg -t get_tree | jq --stream -r 'select(.[1]|scalars!=
   # into a single array instead of a list of arrays with [.[]], or else
   # it will add the arrays a bunch of times and give several results.
   # comm gives us just the new id.
-  id=$(i3-msg -t get_tree | jq -e '.nodes[].nodes[].nodes[].nodes | [.[]] + ( [.[].nodes[]]) | .[] | select(.window_properties.class=="abrowser") | .id' | comm -23 - $tmpf | head -n1)
+  id=$(i3-msg -t get_tree | jq -e '.nodes[].nodes[].nodes[].nodes | [.[]] + ( [.[].nodes[]]) + ( [.[].nodes[].nodes[]]) + ( [.[].nodes[].nodes[].nodes[]]) | .[] | select(.window_properties.class=="abrowser") | .id' | comm -23 - $tmpf | head -n1)
   rm -f $tmpf
   if [[ $id ]]; then
     i3-msg "[con_id=$id] mark abrowser"
diff --git a/filesystem/usr/local/bin/ethusb-nm b/filesystem/usr/local/bin/ethusb-nm
deleted file mode 100644
index 041124e..0000000
--- a/filesystem/usr/local/bin/ethusb-nm
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-# I, Ian Kelling, follow the GNU license recommendations at
-# https://www.gnu.org/licenses/license-recommendations.en.html. They
-# recommend that small programs, < 300 lines, be licensed under the
-# Apache License 2.0. This file contains or is part of one or more small
-# programs. If a small program grows beyond 300 lines, I plan to switch
-# its license to GPL.
-
-# Copyright 2024 Ian Kelling
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-#     http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-
-sed -i --follow-symlinks '/^[^#/]/s/^/#/' /etc/network/interfaces.d/ethusb
diff --git a/filesystem/usr/local/bin/ethusb-static b/filesystem/usr/local/bin/ethusb-static
deleted file mode 100644
index 97868d7..0000000
--- a/filesystem/usr/local/bin/ethusb-static
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/bash
-# I, Ian Kelling, follow the GNU license recommendations at
-# https://www.gnu.org/licenses/license-recommendations.en.html. They
-# recommend that small programs, < 300 lines, be licensed under the
-# Apache License 2.0. This file contains or is part of one or more small
-# programs. If a small program grows beyond 300 lines, I plan to switch
-# its license to GPL.
-
-# Copyright 2024 Ian Kelling
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-#     http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-
-shopt -s nullglob
-
-# we already configured the interface once, afterwards, comment and
-# uncomment to enable/disable. This makes it so we don't depend on /p
-# being mounted.
-
-if [[ -s /etc/network/interfaces.d/ethusb ]]; then
-  sed -i --follow-symlinks 's/^#//' /etc/network/interfaces.d/ethusb
-  exit 0
-fi
-
-
-while read -r ip host mac; do
-  if [[ $mac != usb ]]; then
-    continue
-  fi
-  if [[ $host = ${HOSTNAME}c ]]; then
-    usbip=$ip
-    break
-  fi
-done </p/c/host-info
-
-if [[ ! $usbip ]]; then
-  exit 0
-fi
-
-ethx=0
-
-# device that has an eth0, but we aren't using it because it is
-# broken. We could just hardcode a mac comparison with `cat
-# /sys/class/net/eth0/address` but this is cooler.
-if [[ -e  /sys/class/net/eth0 ]]; then
-  bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
-  if [[ $bus_info != usb* ]]; then
-    ethx=1
-  fi
-fi
-
-cat >/etc/network/interfaces.d/ethusb <<EOF
-auto eth$ethx
-iface eth$ethx inet static
-  address 10.2.0.$ip/16
-  gateway 10.2.0.1
-EOF
diff --git a/i3-pull b/i3-pull
index 64f35f7..9d391d5 100755
--- a/i3-pull
+++ b/i3-pull
@@ -21,11 +21,12 @@
 # limitations under the License.
 
 
-# sometimes I want to pull in and sometimes I want to swap.
+# pull in the $1 marked window to the current workspace, unless the current workspace is #1, then swap it with the current window
 
 set -e; . /usr/local/lib/bash-bear; set +e
 
 mark=$1
+# height of currently focused window
 h=$(i3-msg -t get_tree | jq -r ".. | select(.focused? == true) | .rect.height")
 
 cur_workspace=$(i3-msg -t get_workspaces | jq -r '.[] | select(.focused? == true) | .name')
diff --git a/i3-sway/common.conf b/i3-sway/common.conf
index 8ad41a1..017f4bd 100644
--- a/i3-sway/common.conf
+++ b/i3-sway/common.conf
@@ -63,7 +63,8 @@ bindsym $mod+t layout toggle splith splitv tabbed
 bindsym $mod+Shift+t move workspace to output right
 # there's a bug about this. it is not logical that there is no "split
 # tabbed", but you accomplish that by doing this.
-bindsym $mod+g split vertical, layout tabbed
+bindsym $mod+g split horizontal, layout tabbed
+bindsym $mod+shift+n layout tabbed
 bindsym $mod+shift+g $ex "/b/ds/i3-auto-layout-toggle"
 
 # Use Mouse+$mod to drag floating windows to their wanted position
diff --git a/i3-sway/i3.conf b/i3-sway/i3.conf
index aefcee8..265a932 100644
--- a/i3-sway/i3.conf
+++ b/i3-sway/i3.conf
@@ -4,29 +4,29 @@ bindsym $mod+Shift+o exec "i3-nagbar -t warning -m 'You pressed the exit shortcu
 bindsym $mod+Shift+p restart
 
 # need this for kde connect
-bar {
+# bar {
 
-# keep it only on secondary monitor to save space and make for less
-# missing pixes in obs live stream. For docs on this, search "output
-# primary" in the i3 guide.
-output primary
+# # keep it only on secondary monitor to save space and make for less
+# # missing pixes in obs live stream. For docs on this, search "output
+# # primary" in the i3 guide.
+# output primary
 
-# the builtin prog
-#status_command i3status
+# # the builtin prog
+# #status_command i3status
 
-#for faster testing
-#status_command          /a/bin/ds/myi3status
-status_command          /usr/local/bin/myi3status
-#mode hide
-# hidden_state hide
-font pango:monospace 18
+# #for faster testing
+# #status_command          /a/bin/ds/myi3status
+# status_command          /usr/local/bin/myi3status
+# #mode hide
+# # hidden_state hide
+# font pango:monospace 18
 
-# i have no need for the tray icons so far
-tray_output primary
+# # i have no need for the tray icons so far
+# tray_output primary
 
-# I found I didn't need these, but, I'm trying them out again.
-# workspace_buttons no
-}
+# # I found I didn't need these, but, I'm trying them out again.
+# # workspace_buttons no
+# }
 
 ## dont want to see this bar for now
 # bar {
diff --git a/laptop-xrandr b/laptop-xrandr
index 4a0891a..28c840e 100755
--- a/laptop-xrandr
+++ b/laptop-xrandr
@@ -25,10 +25,19 @@ set -e; . /usr/local/lib/bash-bear; set +e
 
 output=$(xrandr | grep -E "^(HDMI.?|DP1) connected" | awk '{print $1}' ||:)
 
+left_right_arg=--right-of
 if [[ $output ]]; then
+
+  if [[ $output == HDMI2 ]]; then
+    sum=$(sha256sum </sys/class/drm/card0-HDMI-A-2/edid | grep -oE '^.{10}')
+    # identify monitor that is always on the left.
+    if [[ $sum == 192efbdcef ]]; then
+      left_right_arg=--left-of
+    fi
+  fi
   xrandr --output $output --off
   sleep 2
-  xrandr --output $output --right-of eDP1 --mode 3840x2160
+  xrandr --output $output $left_right_arg eDP1 --mode 3840x2160
 
   for i in 1 2 4 5 6 7 8 9 10; do
     # if the workspace is already there, this will fail
diff --git a/obs-i3-monitor b/obs-i3-monitor
index 69bde61..7c0e7d5 100755
--- a/obs-i3-monitor
+++ b/obs-i3-monitor
@@ -21,6 +21,9 @@
 # limitations under the License.
 
 
+# Automatically switch between obs scenes which match i3 window mark
+# names.
+
 set -e; . /usr/local/lib/bash-bear; set +e
 
 try() {
diff --git a/pkgs b/pkgs
index ee3efb9..97e4e9d 100644
--- a/pkgs
+++ b/pkgs
@@ -31,6 +31,7 @@ p1=(
   mbuffer
   moreutils
   screen
+  tmux
 )
 p2=(
   bash-completion
@@ -127,6 +128,7 @@ p3=(
   dos2unix
   dosfstools
   dnsutils
+  dsh
   dunst
   python3-dnspython
   # better du in t11+
diff --git a/prof b/prof
index dd9ad3e..9cc5880 100644
--- a/prof
+++ b/prof
@@ -41,5 +41,5 @@ if $dossh; then
   konsole --profile profanity
 else
   prof-tail | prof-notify &
-  konsole --profile profanity -e screen -RD -S profanity
+  konsole --profile profanity -e tmux -L profanity a
 fi
diff --git a/prof-remote b/prof-remote
index 9e436ed..d7363fe 100644
--- a/prof-remote
+++ b/prof-remote
@@ -33,7 +33,7 @@ while true; do
   fi
   # -n or else it competes with the other ssh for reading stdin.
   ssh -n $remote prof-tail | prof-notify &
-  ssh -t $remote screen -Dr -S profanity ||:
+  ssh -t $remote tmux -L profanity a ||:
   builtin kill %% &> /dev/null ||:
   if (( EPOCHSECONDS > start + 600 )); then
     fastcon=0
diff --git a/rootsshsync b/rootsshsync
index 4767c7d..5395c44 100755
--- a/rootsshsync
+++ b/rootsshsync
@@ -95,3 +95,5 @@ if [[ ! -e $auth_file ]] || ! diff -q /root/.ssh/authorized_keys $auth_file; the
   cp -p /root/.ssh/authorized_keys $auth_file
   update-initramfs -u -k all
 fi
+
+rsync -tpur /p/c/subdir_files/.dsh /root
diff --git a/script-files b/script-files
index 712da26..e369ceb 100644
--- a/script-files
+++ b/script-files
@@ -45,6 +45,7 @@ my_bin_files=(
   prof-tail
   prof-notify
   /a/bin/newns/newns
+  /a/bin/fai/fai/config/distro-install-common/ethusb-static
 )
 
 for f in /b/log-quiet/*; do
diff --git a/subdir_files/.config/systemd/user/profanity.service b/subdir_files/.config/systemd/user/profanity.service
index ed713cd..b7b9a05 100644
--- a/subdir_files/.config/systemd/user/profanity.service
+++ b/subdir_files/.config/systemd/user/profanity.service
@@ -11,8 +11,11 @@ Description=profanity
 After=gpg-agent.service
 
 [Service]
-# bash is required to get colors working
-ExecStart=/usr/bin/screen -S profanity -Dm /bin/bash -c profanity
+# tmux requirement
+Type=forking
+
+# new-session is a tmux command which allows launching profanity.
+ExecStart=/usr/bin/tmux -L profanity new-session -d profanity
 
 [Install]
 WantedBy=default.target
diff --git a/system-status b/system-status
index d6269d9..ae37d3b 100755
--- a/system-status
+++ b/system-status
@@ -440,32 +440,30 @@ mute() {
   local locked
   export DISPLAY=:0
   locked=false
-  if lock_info=$(xscreensaver-command -time); then
+  if lock_info=$(xscreensaver-command -time 2>/dev/null); then
     if [[ $lock_info != *non-blanked* ]]; then
       locked=true
     fi
-  else
-    locked=true
-  fi
-  midnight=$(date -d 00:00 +%s)
-  mdiff=$(( EPOCHSECONDS - midnight ))
-  if $locked && (( mdiff < 6 *60*60 || mdiff > 21 *60*60 )); then
-    case $(pactl get-sink-mute @DEFAULT_SINK@ | awk '{print $2}') in
-      no)
-        # for log purposes
-        echo muted
-        pactl set-sink-mute @DEFAULT_SINK@ true
-        ;;
-    esac
-  fi
-  if ! $locked && ((  mdiff > 6 *60*60 || mdiff < 12 *60*60 )) && [[ ! -e /tmp/ianknap ]]; then
-    case $(pactl get-sink-mute @DEFAULT_SINK@ | awk '{print $2}') in
-      yes)
-        # for log purposes
-        echo unmuted
-        pactl set-sink-mute @DEFAULT_SINK@ false
-        ;;
-    esac
+    midnight=$(date -d 00:00 +%s)
+    mdiff=$(( EPOCHSECONDS - midnight ))
+    if $locked && (( mdiff < 6 *60*60 || mdiff > 21 *60*60 )); then
+      case $(pactl get-sink-mute @DEFAULT_SINK@ | awk '{print $2}') in
+        no)
+          # for log purposes
+          echo muted
+          pactl set-sink-mute @DEFAULT_SINK@ true
+          ;;
+      esac
+    fi
+    if ! $locked && ((  mdiff > 6 *60*60 || mdiff < 12 *60*60 )) && [[ ! -e /tmp/ianknap ]]; then
+      case $(pactl get-sink-mute @DEFAULT_SINK@ | awk '{print $2}') in
+        yes)
+          # for log purposes
+          echo unmuted
+          pactl set-sink-mute @DEFAULT_SINK@ false
+          ;;
+      esac
+    fi
   fi
 }
 
-- 
2.30.2