path-add /a/exe
# add this with absolute paths as needed for better security
#path-add --end /path/to/node_modules/.bin
+## for yarn, etc
+#path-add --end /usr/lib/node_modules/corepack/shims/
# pip3 --user things go here:
path-add --end ~/.local/bin
# generated instead of dynamic for the benefit of shellcheck
#for x in /a/bin/distro-functions/src/* /a/bin/!(githtml)/*-function?(s); do echo source $x ; done
source /a/bin/distro-functions/src/identify-distros
-source /a/bin/distro-functions/src/package-manager-abstractions
source /a/bin/log-quiet/logq-function
# for x in /a/bin/bash_unpublished/source-!(.#*); do echo source $x; done
source /a/bin/bash_unpublished/source-semi-priv
fi
sudo chroot $d apt-get update
sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
- sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
sudo cp -P {,$d}/etc/localtime
+ if (( ${#apps[@]} )); then
+ sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+ fi
}
system-status _
}
+alerts() {
+ find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f
+}
+ralerts() { # remote alerts
+ local ret shell
+ # this list is duplicated in check-remote-mailqs
+ for h in bk je li frodo kwwg x3wg x2wg kdwg sywg; do
+ echo $h:
+ shell="ssh $h"
+ if [[ $HOSTNAME == "${h%wg}" ]]; then
+ shell=
+ fi
+ ret=0
+ $shell find /var/local/cron-errors /home/iank/cron-errors /sysd-mail-once-state -type f || ret=$?
+ if (( ret )); then
+ echo ret:$ret
+ fi
+ done
+}
+
ap() {
# pushd in case current directory has an ansible.cfg file
pushd /a/xans >/dev/null
nnn() { /a/opt/nnn -H "$@"; }
+locat() { # log-once cat
+ local files
+ ngset
+ files=(/var/local/cron-errors/* /home/iank/cron-errors/* /sysd-mail-once-state/*)
+ case ${#files[@]} in
+ 0) : ;;
+ 1)
+ echo ${files[0]}
+ head ${files[0]}
+ ;;
+ *)
+ head ${files[@]}
+ ;;
+ esac
+ ngreset
+}
# duplicated somewhat below.
jrun() { # journal run. run args, log to journal, tail and grep the journal.
done
}
bindpushb8() {
- dsign iankelling.org expertpathologyreview.com zroe.org amnimal.ninja
lipush
for h in li bk; do
m sl $h <<'EOF'
source ~/.bashrc
-m dnsup
m dnsb8
EOF
done
}
dnsup() {
- conflink
+ conflink -f
m ser reload bind9
}
dnsb8() {
local f=/var/lib/bind/db.b8.nz
ser stop bind9
+ sleep 1
sudo rm -fv $f.jnl
sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
ser restart bind9
digdiff @ns{1,2}.iankelling.org "$@"
}
+tsr() { # ts run
+ "$@" |& ts || return $?
+}
dup() {
local ran_d
case $PS1 in
*[\ \]]D\ *)
pushd /
- /b/ds/distro-begin || return $?
- /b/ds/distro-end || return $?
+ /b/ds/distro-begin |& ts || return $?
+ /b/ds/distro-end |& ts || return $?
popd
ran_d=true
;;&
*[\ \]]DB\ *)
pushd /
- /b/ds/distro-begin || return $?
+ /b/ds/distro-begin |& ts || return $?
popd
ran_d=true
;;
*[\ \]]DE\ *)
pushd /
- /b/ds/distro-end || return $?
+ /b/ds/distro-end |& ts || return $?
popd
ran_d=true
;;&
local host ipsuf umask_orig
host=$1
ipsuf=$2
- mkdir -p /p/c/machine_specific/$host/filesystem/etc/{wireguard,network/interfaces.d}
+ mkdir -p /p/c/machine_specific/$host/filesystem/etc/wireguard
cd /p/c/machine_specific/$host/filesystem/etc/wireguard
umask_orig=$(umask)
umask 0077
- wg genkey | tee $host-priv.key | wg pubkey > $host-pub.key
+ wg genkey | tee hole-priv.key | wg pubkey > hole-pub.key
cat >wghole.conf <<EOF
[Interface]
# contents hole-priv.key
PostUp = ping -c1 10.8.0.1 ||:
[Peer]
-# li
-PublicKey = zePGl7LoS3iv6ziTI/k8BMh4L3iL3K2t9xJheMR4hQA=
+# li. called wgmail on that server
+PublicKey = CTFsje45qLAU44AbX71Vo+xFJ6rt7Cu6+vdMGyWjBjU=
AllowedIPs = 10.8.0.0/24
Endpoint = 72.14.176.105:1194
PersistentKeepalive = 25
umask $umask_orig
# old approach. systemd seems to work fine and cleaner.
rm -f ../network/interfaces.d/wghole
- cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wghole.conf <<EOF || [[ $? == 1 ]]
+ cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf <<EOF || [[ $? == 1 ]]
[Peer]
PublicKey = $(cat hole-pub.key)
AllowedIPs = 10.8.0.$ipsuf/32
local l base
if [[ $1 == /* ]]; then
base=${1##*/}
- if mountpoint /mnt/$base; then
+ if mountpoint -q /mnt/$base; then
return 0
fi
- l=$(sudo losetup -f)
- sudo losetup $l $1
- if ! sudo cryptsetup luksOpen $l $base; then
- sudo losetup -d $l
- return 1
+ l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+ if [[ ! $l ]]; then
+ l=$(sudo losetup -f)
+ m sudo losetup $l $1
+ fi
+ if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+ if ! sudo cryptsetup luksOpen $l $base; then
+ m sudo losetup -d $l
+ return 1
+ fi
fi
- sudo mkdir -p /mnt/$base
- sudo mount /dev/mapper/$base /mnt/$base
- sudo chown $USER:$USER /mnt/$base
+ m sudo mkdir -p /mnt/$base
+ m sudo mount /dev/mapper/$base /mnt/$base
+ m sudo chown $USER:$USER /mnt/$base
else
base=$1
- sudo umount /mnt/$base
- l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
- sudo cryptsetup luksClose /dev/mapper/$base || return 1
- sudo losetup -d $l
+ if mountpoint /mnt/$base &>/dev/null; then
+ m sudo umount /mnt/$base
+ fi
+ if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+ if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
+ echo lom: failed cryptsetup luksClose /dev/mapper/$base
+ return 1
+ fi
+ fi
+ l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}')
+ if [[ $l ]]; then
+ m sudo losetup -d $l
+ else
+ echo lom: warning: no loopback device found
+ fi
fi
}
otp() {
oathtool --totp -b "$*" | xclip -selection clipboard
}
+j() {
+ "$@" |& pee "xclip -r -selection clipboard"
+}
pakaraoke() {
# other tiling window managers in giving up on setting it at all
#
xprop -root -remove _NET_WORKAREA
- command pumpa &r
+ command pumpa & r
}
# reviewboard, used at my old job
# always run this first, edit the test files, then run the following
testsieve() {
sieve-filter ~/sieve/maintest.sieve ${1:-INBOX} delete 2> >(head; tail) >/tmp/testsieve.log && sed -rn '/^Performed actions:/,/^[^ ]/{/^ /p}' /tmp/testsieve.log | sort | uniq -c
- _dosieve
}
runsieve() {
c ~/sieve; cp personal{test,}.sieve; cp lists{test,}.sieve; cp personalend{test,}.sieve
sed -r '/^info: filtering:/{h;d};/^info: msgid=$/N;/^info: msgid=.*left message in mailbox [^ ]+$/d;/^info: msgid=/{H;g};/^info: message kept in source mailbox.$/d' /tmp/testsieve.log
}
+# usage:
+# alertme SUBJECT
+# printf "subject\nbody\n" | alertme
+alertme() {
+ if [[ -t 0 ]]; then
+ exim -t <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $*
+EOF
+ else
+ read sub
+ { cat <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $sub
+
+EOF
+ cat
+ } | exim -t
+ fi
+}
+daylertme() {
+ if [[ -t 0 ]]; then
+ exim -t <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $*
+EOF
+ else
+ read sub
+ { cat <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $sub
+
+EOF
+ cat
+ } | exim -t
+ fi
+}
+
+# alert when a page goes live. not urgent.
+alert200() {
+ url="$1"
+ tmpdir="$(mktemp -d)"
+ cd $tmpdir
+ while true; do
+ if torsocks wget -q "$url"; then
+ alertme $tmpdir
+ fi
+ sleep $(( 600 + RANDOM % 300 ))
+ done
+}
+
+
# mail related
testexim() {
# testmail above calls sendmail, which is a link to exim/postfix.
(sleep $(calc "$* * 60") && mpv --no-config --volume 50 /a/bin/data/alarm.mp3) > /dev/null 2>&1 &
}
-trg() { transmission-remote-gtk&r; }
+trg() { transmission-remote-gtk & r; }
trc() {
# example, set global upload limit to 100 kilobytes:
# trc -u 100
sdnbash() { # systemd namespace bash
local unit=$1
- m sudo nsenter -t $(systemctl status $unit | sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+ m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash
}
mailnnbash() {
- m sudo nsenter -t $(systemctl status mailnn| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+ m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash
}
mailvpnbash() {
m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
}
eximbash() {
- m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
+ local pid
+ pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1)
+ if [[ ! $pid ]]; then
+ echo "eximbash: failed to find exim pid. systemctl -n 30 status exim4:"
+ systemctl status exim4
+ fi
+ m sudo nsenter -t $pid -n -m
}
spamnn() {
local spamdpid
- spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+ spamdpid=$(systemctl show --property MainPID --value spamassassin)
m sudo nsenter -t $spamdpid -n -m sudo -u Debian-exim spamassassin "$@"
}
unboundbash() {
}
mailnncheck() {
- local pid ns mailnn
- for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
- pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+ local p pid ns mailnn
+ # mailvpn would belong on the list if using openvpn
+ for p in mailnn unbound dovecot spamassassin exim4 radicale; do
+ case $p in
+ exim4|radicale)
+ pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
+ ;;
+ *)
+ pid=$(s systemctl show --property MainPID --value $p)
+ ;;
+ esac
+ echo p=$p pid=$pid
if [[ ! $pid ]]; then
echo failed to find pid for $p
continue
m sudo -E env "PATH=$PATH" nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*client.conf") -n -m "$@"
}
vpnf() {
- vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn &r
+ vpncmd sudo -E -u iank env "PATH=$PATH" abrowser -no-remote -P vpn & r
}
vpn2f() {
- vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 &r
+ vpncmd sudo -u iank env "PATH=$PATH" abrowser -no-remote -P vpn2 & r
}
vpni() {
sudo systemd-tty-ask-password-agent
}
+fixu() {
+ ls -lad /run/user/1000
+ s chmod 700 /run/user/1000; s chown iank.iank /run/user/1000
+}
+
# systemctl is-enabled / status / cat says nothing, instead theres
# some obscure symlink. paths copied from man systemd.unit.
# possibly also usefull, but incomplete, doesnt show units not loaded in memory:
sudo systemctl stop $vpn_service@$1
}
vpnoffc() { # vpn off client
- ser stop openvpn-nn@client
+ ser stop openvpn-client-tr@client
}
vpnc() {
- ser start openvpn-nn@client
+ ser start openvpn-client-tr@client
}
iankelling.org / git / distro-setup / blobdiff