From e9ef1838cf5b49748529267e9c70d254225c755f Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Fri, 20 Sep 2024 02:27:44 -0400 Subject: [PATCH] cleanup old frodo stuff --- distro-begin | 11 ------ distro-end | 16 ++------- filesystem/etc/X11/Xsession.d/98iank | 9 ++--- .../systemd/system/openvpn-client-tr@.service | 36 +++++++++++++++++++ .../etc/openvpn/client-config-hole/frodo | 1 + 5 files changed, 45 insertions(+), 28 deletions(-) create mode 100644 machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service create mode 100644 machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo diff --git a/distro-begin b/distro-begin index 7863f4c..d421e9a 100755 --- a/distro-begin +++ b/distro-begin @@ -591,17 +591,6 @@ EOF sudo mount /i fi ;; - frodo) - sudo /a/exe/teeu /etc/fstab <<'EOF' -/dev/mapper/crypt_dev_ata-ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1 /i btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvol=i 0 0 -EOF - if ! mountpoint /i &>/dev/null; then - sudo mkdir -p /i - if [[ -d /mnt/i/i ]]; then - sudo mount /i - fi - fi - ;; esac if bitfolk; then diff --git a/distro-end b/distro-end index 2583f55..f98a459 100755 --- a/distro-end +++ b/distro-end @@ -1125,7 +1125,7 @@ fi ######### begin irc periodic backup ############# -if [[ $HOSTNAME == frodo ]]; then +if [[ $HOSTNAME == kd ]]; then sd /etc/systemd/system/ircbackup.service <<'EOF' [Unit] Description=irc li backup @@ -1134,7 +1134,7 @@ After=multi-user.target [Service] User=iank Type=oneshot -ExecStart=/usr/local/bin/sysd-mail-once irc-backup rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /k/irclogs +ExecStart=/usr/local/bin/sysd-mail-once irc-backup rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /p/irc-backup EOF sd /etc/systemd/system/ircbackup.timer <<'EOF' [Unit] @@ -1169,7 +1169,7 @@ fi ############# begin syncthing setup ########### case $HOSTNAME in - kd|frodo) + kd) f=/usr/share/keyrings/syncthing-archive-keyring.gpg if [[ ! -e $f ]]; then s curl -s -o $f https://syncthing.net/release-key.gpg @@ -1180,13 +1180,6 @@ case $HOSTNAME in p update fi pi syncthing - ;;& - frodo) - m lnf -T /w/syncthing /home/iank/.config/syncthing - ser daemon-reload # syncthing likely not properly packaged - sgo syncthing@iank # runs as iank - ;; - kd) # 1003 just happens to be what was on my system if ! getent passwd ziva; then @@ -1451,9 +1444,6 @@ pi anki ####### begin transmission case $HOSTNAME in - frodo) - tdir=/i/k - ;; kd) tdir=/d/tor ;; diff --git a/filesystem/etc/X11/Xsession.d/98iank b/filesystem/etc/X11/Xsession.d/98iank index e56094c..a5c30f4 100644 --- a/filesystem/etc/X11/Xsession.d/98iank +++ b/filesystem/etc/X11/Xsession.d/98iank @@ -21,7 +21,8 @@ # limitations under the License. -# no screensaver for htpc machine -if [[ $HOSTNAME != frodo ]]; then - /usr/share/xscreensaver/xscreensaver-wrapper.sh & -fi +# no screensaver for htpc machine. but we have no htpc machine atm + +# if [[ $HOSTNAME != htpc ]]; then +# /usr/share/xscreensaver/xscreensaver-wrapper.sh & +# fi diff --git a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service new file mode 100644 index 0000000..e96fdd7 --- /dev/null +++ b/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service @@ -0,0 +1,36 @@ +[Unit] +Description=OpenVPN tunnel for %I +After=syslog.target network-online.target +Wants=network-online.target +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO +Requires=iptables.service + +[Service] +Type=notify +RuntimeDirectory=openvpn-client +RuntimeDirectoryMode=0710 +WorkingDirectory=/etc/openvpn/client +ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf +# todo, try reenabling this from the default openvpn, +# it was disabled so we could do bind mounts as a command, +# but now systemd handles it +#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE +LimitNPROC=10 +# DeviceAllow=/dev/null rw +# DeviceAllow=/dev/net/tun rw + +# we use .1 to make this be on a different network than kd, so that we can +# talk to transmission on kd from remote host, and still use this +# vpn. +ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.34 start %i +ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules +# allow wireguard network to connect +ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.34.1 dev veth1-client +ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i +PrivateNetwork=true +BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind + +[Install] +WantedBy=multi-user.target diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo new file mode 100644 index 0000000..7fbb17c --- /dev/null +++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/frodo @@ -0,0 +1 @@ +ifconfig-push 10.5.5.34 255.255.255.0 -- 2.30.2