path-add /a/exe
# add this with absolute paths as needed for better security
#path-add --end /path/to/node_modules/.bin
+## for yarn, etc
+#path-add --end /usr/lib/node_modules/corepack/shims/
# pip3 --user things go here:
path-add --end ~/.local/bin
fi
sudo chroot $d apt-get update
sudo DEBIAN_FRONTEND=noninteractive chroot $d apt-get -y dist-upgrade --purge --auto-remove
- sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
sudo cp -P {,$d}/etc/localtime
+ if (( ${#apps[@]} )); then
+ sudo DEBIAN_FRONTEND=noninteractive schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
+ fi
}
nnn() { /a/opt/nnn -H "$@"; }
+locat() { # log-once cat
+ local files
+ ngset
+ files=(/var/local/cron-errors/* /home/iank/cron-errors/* /sysd-mail-once-state/*)
+ case ${#files[@]} in
+ 0) : ;;
+ 1)
+ echo ${files[0]}
+ head ${files[0]}
+ ;;
+ *)
+ head ${files[@]}
+ ;;
+ esac
+ ngreset
+}
# duplicated somewhat below.
jrun() { # journal run. run args, log to journal, tail and grep the journal.
done
}
bindpushb8() {
- dsign iankelling.org expertpathologyreview.com zroe.org amnimal.ninja
lipush
for h in li bk; do
m sl $h <<'EOF'
source ~/.bashrc
-m dnsup
m dnsb8
EOF
done
}
dnsup() {
- conflink
+ conflink -f
m ser reload bind9
}
dnsb8() {
local f=/var/lib/bind/db.b8.nz
ser stop bind9
+ sleep 1
sudo rm -fv $f.jnl
sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
ser restart bind9
PostUp = ping -c1 10.8.0.1 ||:
[Peer]
-# li
-PublicKey = zePGl7LoS3iv6ziTI/k8BMh4L3iL3K2t9xJheMR4hQA=
+# li. called wgmail on that server
+PublicKey = CTFsje45qLAU44AbX71Vo+xFJ6rt7Cu6+vdMGyWjBjU=
AllowedIPs = 10.8.0.0/24
Endpoint = 72.14.176.105:1194
PersistentKeepalive = 25
umask $umask_orig
# old approach. systemd seems to work fine and cleaner.
rm -f ../network/interfaces.d/wghole
- cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wghole.conf <<EOF || [[ $? == 1 ]]
+ cedit -q $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf <<EOF || [[ $? == 1 ]]
[Peer]
PublicKey = $(cat hole-pub.key)
AllowedIPs = 10.8.0.$ipsuf/32
local l base
if [[ $1 == /* ]]; then
base=${1##*/}
- if mountpoint /mnt/$base; then
+ if mountpoint -q /mnt/$base; then
return 0
fi
- l=$(sudo losetup -f)
- sudo losetup $l $1
- if ! sudo cryptsetup luksOpen $l $base; then
- sudo losetup -d $l
- return 1
+ l=$(losetup -j $1 | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
+ if [[ ! $l ]]; then
+ l=$(sudo losetup -f)
+ m sudo losetup $l $1
+ fi
+ if ! sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+ if ! sudo cryptsetup luksOpen $l $base; then
+ m sudo losetup -d $l
+ return 1
+ fi
fi
- sudo mkdir -p /mnt/$base
- sudo mount /dev/mapper/$base /mnt/$base
- sudo chown $USER:$USER /mnt/$base
+ m sudo mkdir -p /mnt/$base
+ m sudo mount /dev/mapper/$base /mnt/$base
+ m sudo chown $USER:$USER /mnt/$base
else
base=$1
if mountpoint /mnt/$base &>/dev/null; then
- sudo umount /mnt/$base
+ m sudo umount /mnt/$base
+ fi
+ if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
+ if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
+ echo lom: failed cryptsetup luksClose /dev/mapper/$base
+ return 1
+ fi
+ fi
+ l=$(losetup -l --noheadings | awk '$6 ~ /\/'$1'$/ {print $1}')
+ if [[ $l ]]; then
+ m sudo losetup -d $l
+ else
+ echo lom: warning: no loopback device found
fi
- l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
- sudo cryptsetup luksClose /dev/mapper/$base || return 1
- sudo losetup -d $l
fi
}
otp() {
oathtool --totp -b "$*" | xclip -selection clipboard
}
+j() {
+ "$@" |& pee "xclip -r -selection clipboard"
+}
pakaraoke() {
# always run this first, edit the test files, then run the following
testsieve() {
sieve-filter ~/sieve/maintest.sieve ${1:-INBOX} delete 2> >(head; tail) >/tmp/testsieve.log && sed -rn '/^Performed actions:/,/^[^ ]/{/^ /p}' /tmp/testsieve.log | sort | uniq -c
- _dosieve
}
runsieve() {
c ~/sieve; cp personal{test,}.sieve; cp lists{test,}.sieve; cp personalend{test,}.sieve
sed -r '/^info: filtering:/{h;d};/^info: msgid=$/N;/^info: msgid=.*left message in mailbox [^ ]+$/d;/^info: msgid=/{H;g};/^info: message kept in source mailbox.$/d' /tmp/testsieve.log
}
+# usage:
+# alertme SUBJECT
+# printf "subject\nbody\n" | alertme
+alertme() {
+ if [[ -t 0 ]]; then
+ exim -t <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $*
+EOF
+ else
+ read sub
+ { cat <<EOF
+From: alertme@b8.nz
+To: alerts@iankelling.org
+Subject: $sub
+
+EOF
+ cat
+ } | exim -t
+ fi
+}
+daylertme() {
+ if [[ -t 0 ]]; then
+ exim -t <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $*
+EOF
+ else
+ read sub
+ { cat <<EOF
+From: alertme@b8.nz
+To: daylert@iankelling.org
+Subject: $sub
+
+EOF
+ cat
+ } | exim -t
+ fi
+}
+
+# alert when a page goes live. not urgent.
+alert200() {
+ url="$1"
+ tmpdir="$(mktemp -d)"
+ cd $tmpdir
+ while true; do
+ if torsocks wget -q "$url"; then
+ alertme $tmpdir
+ fi
+ sleep $(( 600 + RANDOM % 300 ))
+ done
+}
+
+
# mail related
testexim() {
# testmail above calls sendmail, which is a link to exim/postfix.
sdnbash() { # systemd namespace bash
local unit=$1
- m sudo nsenter -t $(systemctl status $unit | sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+ m sudo nsenter -t $(systemctl show --property MainPID --value $unit) -n -m sudo -u $USER -i bash
}
mailnnbash() {
- m sudo nsenter -t $(systemctl status mailnn| sed -n '/^ *Main PID:/s/[^0-9]//gp') -n -m sudo -u $USER -i bash
+ m sudo nsenter -t $(systemctl show --property MainPID --value mailnn) -n -m sudo -u $USER -i bash
}
mailvpnbash() {
m sudo nsenter -t $(pgrep -f "/usr/sbin/openvpn .* --config /etc/openvpn/.*mail.conf") -n -m sudo -u $USER -i bash
}
eximbash() {
- m sudo nsenter -t $(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1) -n -m sudo -u $USER -i bash
+ local pid
+ pid=$(pgrep -f "/usr/sbin/exim4 -bd -q30m -C /etc/exim4/my.conf"|h1)
+ if [[ ! $pid ]]; then
+ echo "eximbash: failed to find exim pid. systemctl -n 30 status exim4:"
+ systemctl status exim4
+ fi
+ m sudo nsenter -t $pid -n -m
}
spamnn() {
local spamdpid
- spamdpid=$(systemctl status spamassassin| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+ spamdpid=$(systemctl show --property MainPID --value spamassassin)
m sudo nsenter -t $spamdpid -n -m sudo -u Debian-exim spamassassin "$@"
}
unboundbash() {
}
mailnncheck() {
- local pid ns mailnn
- for p in mailnn mailvpn unbound dovecot spamassassin exim4 radicale; do
- pid=$(s systemctl status $p| sed -n '/^ *Main PID:/s/[^0-9]//gp')
+ local p pid ns mailnn
+ # mailvpn would belong on the list if using openvpn
+ for p in mailnn unbound dovecot spamassassin exim4 radicale; do
+ case $p in
+ exim4|radicale)
+ pid=$(ps -eo pid,cgroup | grep /system.slice/$p.service | awk '{print $1}')
+ ;;
+ *)
+ pid=$(s systemctl show --property MainPID --value $p)
+ ;;
+ esac
+ echo p=$p pid=$pid
if [[ ! $pid ]]; then
echo failed to find pid for $p
continue
sudo systemd-tty-ask-password-agent
}
+fixu() {
+ ls -lad /run/user/1000
+ s chmod 700 /run/user/1000; s chown iank.iank /run/user/1000
+}
+
# systemctl is-enabled / status / cat says nothing, instead theres
# some obscure symlink. paths copied from man systemd.unit.
# possibly also usefull, but incomplete, doesnt show units not loaded in memory: