~/.local/distro-begin: distro-begin mail-setup /a/bin/buildscripts/emacs ssh-emacs-setup
distro-begin
-~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc /p/c/gen-fsf-vpn
+~/.local/distro-end: distro-end distro-pkgs pkgs primary-setup /a/bin/buildscripts/tor-browser /a/bin/buildscripts/go /a/bin/buildscripts/rust /a/bin/buildscripts/misc
distro-end
$s service $2 $1
fi
}
+seru() { systemctl --user "$@"; }
# like restart, but do nothing if its not already started
srestart() {
local service=$1
ser enable $service
fi
}
+soff() { # service go
+ service=$1
+ ser stop $service
+ ser disable $service
+}
sgu() {
systemctl list-unit-files | rg "$@"
if [[ $- == *x* ]]; then
set +x
PROMPT_COMMAND=prompt-command
- # disabled due to issue on stretch, running ll we get error. something
- # about the DEBUG trap is broken
- # if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
- # trap 'settitle "$BASH_COMMAND"' DEBUG
- # fi
+ if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
+ trap 'settitle "$BASH_COMMAND"' DEBUG
+ fi
else
# normally, i would just execute these commands in the function.
# however, DEBUG is not inherited, so we need to run it outside a function.
# And we want to run set -x afterwards to avoid spam, so we cram everything
# in here, and then it will run after this function is done.
- #PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1="\w \$ "; set -x'
-
- unset PROMPT_COMMAND
- PS1="\w \$ "
- set -x
+ PROMPT_COMMAND='trap DEBUG; unset PROMPT_COMMAND; PS1="\w \$ "; set -x'
fi
}
ps_char="@ $ps_char"
fi
PS1="${PS1%"${PS1#*[wW]}"} \[$ps_color\]$ps_char\[$term_nocolor\] "
+
+ # set titlebar
+ #echo -ne "$title_escape ${PWD/#$HOME/~} \007"
+
}
PROMPT_COMMAND=prompt-command
+ if [[ $TERM == screen* ]]; then
+ _title_escape="\033]..2;"
+ else
+ _title_escape="\033]0;"
+ fi
+
settitle () {
- if [[ $TERM == screen* ]]; then
- local title_escape="\033]..2;"
- else
- local title_escape="\033]0;"
- fi
- if [[ $0 != prompt-command ]]; then
- echo -ne "$title_escape$USER@$HOSTNAME ${PWD/#$HOME/~} "
+ # this makes it so we show the current command if
+ # one is running, otherwise, show nothing
+ if [[ $1 == prompt-command ]]; then
+ set --
+ fi
+ if [[ ${#BASH_ARGC[@]} == 1 ]]; then
+ echo -ne "$_title_escape ${PWD/#$HOME/~} "
printf "%s" "$*"
echo -ne "\007"
fi
# for titlebar.
# condition from the screen man page i think.
# note: duplicated in tx()
- # disabled. see note in tx
- # if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
- # trap 'settitle "$BASH_COMMAND"' DEBUG
- # else
- # trap DEBUG
- # fi
+ if [[ $TERM == *(screen*|xterm*|rxvt*) ]]; then
+ trap 'settitle "$BASH_COMMAND"' DEBUG
+ else
+ trap DEBUG
+ fi
fi
}
o() {
- if type gvfs-open &> /dev/null ; then
+ if type gio &> /dev/null ; then
+ gio open "$@"
+ elif type gvfs-open &> /dev/null ; then
gvfs-open "$@"
else
xdg-open "$@"
nk() {
ser stop NetworkManager
+ ser disable NetworkManager
+ ser stop NetworkManager-wait-online.service
+ ser disable NetworkManager-wait-online.service
ser stop dnsmasq
sudo resolvconf -d NetworkManager
ser start dnsmasq
}
reset-sakura() {
- while -r read k v; do
+ while read -r k v; do
# shellcheck disable=SC2154
setini $k $v sakura /a/c/subdir_files/.config/sakura/sakura.conf
done <<'EOF'
# * stuff that makes sense to be at the end
if [[ "$SUDOD" ]]; then
- cd "$SUDOD"
+ # allow failure, for example if we are sudoing into a user with diffferent/lesser permissions.
+ cd "$SUDOD" ||:
unset SUDOD
elif [[ -d /a ]] && [[ $PWD == "$HOME" ]] && [[ $- == *i* ]]; then
cd /a
fi
;;&
kw|x2|x3)
- if $at_work && ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then
- home=iank.vpn.office.fsf.org
+ if $at_work && ping -q -c1 -w1 iank.vpn2.office.fsf.org &>/dev/null; then
+ home=iank.vpn2.office.fsf.org
else
home=b8.nz
fi
sshfail=()
min_idle_ms=$((1000 * 60 * 15))
for h in ${targets[@]}; do
- if zone=$(ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then
+ if zone=$(timeout -s 9 6 ssh root@$h "mkdir -p /mnt/root/btrbk && date +%z"); then
# This is a separate ssh because xprintidle can fail and thats ok.
if $cron && idle_ms=$(timeout -s 9 6 ssh $h DISPLAY=:0 xprintidle); then
if (( idle_ms < min_idle_ms )); then
etc/dnsmasq.d/*)
restart_services+=(dnsmasq)
;;
+ etc/systemd/resolved.conf.d/*)
+ restart_services+=(systemd-resolved)
+ ;;
esac
# Previously did this with tar, but it doesn't
# update directory permissions.
fi
for service in ${restart_services[@]}; do
if systemctl is-active $service >/dev/null; then
- m s systemctl reload $service
+ m s systemctl restart $service
fi
done
if [[ -e /var/lib/znc ]] && getent group znc; then
s chown -R znc:znc /var/lib/znc
fi
- /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
f=/etc/prometheus-htpasswd
if [[ -e $f ]]; then
s chmod 640 $f /etc/prometheus-pass
# See the License for the specific language governing permissions and
# limitations under the License.
+date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log
+
+
# first 2 alternatives showed under ubuntu 14.04, second 2 under arch at 11/2015
if [[ $1 ]]; then
right_monitor_rotation=left
# under wayland
exit 0
fi
-xe() { echo "$xout"; }
-x=$(xe | grep -Ec '^(DisplayPort-[0123]|DVI-0|DP-[1234]|DVI-I-1) connected')
-if (( x > 2 )); then
- left=$(xe | sed -rn 's/^(DVI[^ ]+) connected .*/\1/p')
- dps=( $(xe | sed -rn 's/^(DP-[01234]|DisplayPort-[01234]) connected .*/\1/p') )
-
- middle=${dps[1]}
- right=${dps[0]}
- # on older distros, i needed to swap middle and right.
-
-
- xrandr --output $left --mode 2560x1600 --pos 0x0 --rotate left \
- --output $middle --mode 2560x1600 --pos 1600x0 --rotate left \
- --output $right --mode 2560x1600 --pos 3200x0 --rotate $right_monitor_rotation
-elif (( x == 2 )); then
- # 3rd monitor not working atm, so doing this.
- left=$(xe | sed -rn 's/^(DVI[^ ]+) connected .*/\1/p')
- middle=$(xe | sed -rn 's/^(DP-[01234]|DisplayPort-[01234]) connected .*/\1/p')
- xrandr --output $left --mode 2560x1600 --pos 0x0 --rotate left \
- --output $middle --mode 2560x1600 --pos 1600x0 --rotate left
-
+if echo "$xout" | grep "^HDMI-1 connected" &>/dev/null; then
+ # this command created by using arandr and then clicking save, copying the result.
+ xrandr --output VGA-1 --off --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output eDP-1 --off
fi
/a/bin/distro-setup/input-setup m
-if isarch; then
- pulseaudio --start
-fi
-#indicator-kdeconnect
-date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log
+echo -n "ending " >> /tmp/desktop-20-autostart-log
+date "+%A, %B %d, %r, %S seconds" >> /tmp/desktop-20-autostart-log
fi
source /a/bin/errhandle/err
+mkdir -p ~/.local
err-cleanup() {
echo 1 >~/.local/distro-begin
}
fi
# this needs to be before installing pacserve so we have gpg conf.
conflink
+rootsshsync
###### bash environment setup
set +x
######## fix evbug bug ######
case $(debian-codename-compat) in
- xenial)
+ xenial|bionic)
# noticed in flidas. dunno if it affects any others
#https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
#https://wiki.debian.org/KernelModuleBlacklisting
pi --no-install-recommends gtk-redshift
##### setup X autostart
- # todo, figure this out for arch if we ever try out gnome.
# install for multiple display managers in case we use one
+ dir=/etc/X11/xinit/xinitrc.d/
+ sudo mkdir -p $dir
+ sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir
+ s teeu /etc/systemd/logind.conf <<'EOF'
+HandleLidSwitch=
+EOF
+
+ # this works on
dir=/etc/gdm3
sudo mkdir -p $dir/PostLogin
sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
######### begin flidas pinned packages ######
case $(debian-codename) in
+ etiona|flidas)
+ sd /etc/apt/preferences.d/etiona-buster <<EOF
+Package: *
+Pin: release n=buster
+Pin-Priority: -100
+
+Package: *
+Pin: release n=buster-updates
+Pin-Priority: -100
+EOF
+ ;;&
# needed for debootstrap scripts for fai since fai requires debian
flidas)
- curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
+ # moved to fai
+ #curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
sd /etc/apt/preferences.d/flidas-xenial <<EOF
Package: *
Pin: release a=xenial
EOF
if ! apt-key list | grep /C0B21F32 &>/dev/null; then
- sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ # moved to fai
+ #sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
sd /etc/apt/preferences.d/flidas-bionic <<EOF
Package: *
Pin: release a=bionic
EOF
- sd /etc/apt/preferences.d/flidas-buster <<EOF
-Package: *
-Pin: release n=buster
-Pin-Priority: -100
-
-Package: *
-Pin: release n=buster-updates
-Pin-Priority: -100
-EOF
-
# dont use buster because it causes dist-upgrade to think its downgrading
# packages while really just reinstalling the same version.
f=/etc/apt/apt.conf.d/01iank
f=/etc/apt/sources.list.d/buster.list
sudo rm -fv $f
- # t=$(mktemp)
- # cat >$t <<EOF
- # deb http://http.us.debian.org/debian buster main
- # deb-src http://http.us.debian.org/debian buster main
-
- # deb http://security.debian.org/ buster/updates main
- # deb-src http://security.debian.org/ buster/updates main
-
- # deb http://http.us.debian.org/debian buster-updates main
- # deb-src http://http.us.debian.org/debian buster-updates main
- # EOF
- # if ! diff -q $t $f; then
- # s cp $t $f
- # s chmod 644 $f
- # p update
- # fi
# newer version needed for false positive in checkrestart.
# I did buster at first, but other problem above with having
;;&
etiona)
+
+ f=/etc/apt/sources.list.d/buster.list
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://http.us.debian.org/debian buster main
+deb-src http://http.us.debian.org/debian buster main
+
+deb http://security.debian.org/ buster/updates main
+deb-src http://security.debian.org/ buster/updates main
+
+deb http://http.us.debian.org/debian buster-updates main
+deb-src http://http.us.debian.org/debian buster-updates main
+EOF
+ if ! diff -q $t $f; then
+ curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | sudo apt-key add -
+ curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | sudo apt-key add -
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+ if [[ ! -e /usr/share/debootstrap/scripts/buster ]]; then
+ t=$(mktemp -d)
+ cd $t
+ m aptitude download debootstrap/buster
+ m ex ./*
+ sudo cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+ fi
+
sd /etc/apt/preferences.d/etiona-bionic <<'EOF'
Package: *
Pin: release n=bionic
l2)
# setup let's encrypt cert
m web-conf apache2 l2.b8.nz
- sudo rm -fv /etc/apache2/sites-enabled/l2.b8.nz{,-redir}.conf
- ser reload apache2
+ # And leave apache running so renewals can happen.
s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt
if [[ ! -L /etc/exim4/exim.key ]]; then
s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key
# by default, it sleeps when not logged in to x/wayland and on ac power.
# stop that.
sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
- systemctl --user stop gvfs-daemon
- systemctl --user disable gvfs-daemon
+ m systemctl --user stop gvfs-daemon
+ m systemctl --user disable gvfs-daemon
+ # apt-get update periodically fails with an appstream error.
+ # this removes gnome-core, but its just a package for dependencies
+ p remove appstream
;;
esac
# done
# key already exists, so this won't generate one, just the configs.
-m vpn-server-setup -rds
-sudo tee -a /etc/openvpn/server/server.conf <<'EOF'
-push "dhcp-option DNS 10.0.0.1"
-push "route 10.0.0.0 255.255.0.0"
-client-connect /a/bin/distro-setup/vpn-client-connect
-EOF
-sudo sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf
-
-if [[ $HOSTNAME == tp ]]; then
- if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
- vpn_service=openvpn-server@server
- else
- vpn_service=openvpn@server
- fi
- sgo $vpn_service
-fi
+# m vpn-server-setup -rds
+# sudo tee -a /etc/openvpn/server/server.conf <<'EOF'
+# push "dhcp-option DNS 10.0.0.1"
+# push "route 10.0.0.0 255.255.0.0"
+# client-connect /a/bin/distro-setup/vpn-client-connect
+# EOF
+# sudo sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf
+
+# if [[ $HOSTNAME == tp ]]; then
+# if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
+# vpn_service=openvpn-server@server
+# else
+# vpn_service=openvpn@server
+# fi
+# sgo $vpn_service
+# fi
### end vpn server setup
# pi-nostart does not disable
ser disable openvpn
-/p/c/gen-fsf-vpn
+if [[ -e /p/c/gen-fsf-vpn ]]; then
+ /p/c/gen-fsf-vpn
+fi
m /a/bin/distro-setup/radicale-setup
# pi libxss-dev # dependency based on build failure
# cabal update
# cabal install --upgrade-dependencies --force-reinstalls arbtt
-# also, i assume syncing this between machines somehow messed thin
-#lnf -T /m/arbtt-capture.log ~/.arbtt/capture.log
+# also, i assume syncing this between machines somehow messed up the data.
+
m primary-setup
m /a/bin/buildscripts/misc
pi-nostart virtinst virt-manager
+soff libvirtd
+# i cant if this is whats causing it to start even though
+# its disabled. note: it leaves around dnsmasq instances even
+# if you stop it. what the hell systemd?
+soff libvirt-guests
# allow user to run vms, from debian handbook
for x in iank user2; do s usermod -a -G libvirt,kvm $x; done
flidas)
pi dnsmasq
pi-nostart network-manager
+ # i hate networkmanager. noo, of course disabling it doesnt work
+ # unless you add a hack. found this by doing
+ # systemd-analyze dot > x.dot
+ # less x.dot
+ # /networkman
+ soff NetworkManager
+ soff NetworkManager-wait-online.service
# make networkmanager use resolvconf instead of its own dnsmasq which
# conflicts with the normal dnsmasq package.
f=/etc/NetworkManager/NetworkManager.conf
;;
esac
+# I have no use for avahi,
+# had to run this twice when doing manually, i dunno why
+soff avahi-daemon ||:
+sleep 1
+soff avahi-daemon
+
# make my /etc/fonts/conf.d/ get used.
# I have a new sans-serif font there because the default one
# displays l and I as the same char, grrrrr.
if [[ $HOSTNAME != frodo ]]; then
/usr/share/xscreensaver/xscreensaver-wrapper.sh &
fi
-
-# if [[ $HOSTNAME == $MAIL_HOST ]]; then
-# arbtt-capture --sample-rate=10 &
-# fi
fi
fi
+
+
# background:
# ubuntu has 002 for non-system users, debian has 022. 002 makes groups
# be rw instead of r.
--- /dev/null
+# See logind.conf(5) for details.
+[Login]
+HandleLidSwitch=ignore
--- /dev/null
+[Resolve]
+# i had an issue where i changed dns on wrt, but it started randomly
+# going back to the old dns. dunno why. just disabling these things
+# in case.
+LLMNR=no
+MulticastDNS=no
# todo: only available in newer i3n
#hide_edge_borders smart
+
+#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
bindsym $mod+Shift+p restart
+
+bar {
+status_command i3status
+mode hide
+hidden_state hide
+}
# See the License for the specific language governing permissions and
# limitations under the License.
-# set to oppsite if the order is flipped.
-k2flip=true
-if $k2flip; then
- k2inorder=false
-else
- k2inorder=true
-fi
-
type=model01
case $1 in
l) type=laptop ;;
- k) type=kinesis ;;
m) type=model01 ;;
esac
mi() {
xinput --get-feedbacks "$1" | grep "threshold"
xinput --get-feedbacks "$1" | grep "accelNum\|accelDenom"
- xinput --list-props "$1" | grep "Device Accel Profile\|Device Accel Constant Deceleration\|Device Accel Velocity Scaling"
+ xinput --list-props "$1"
}
ms() {
xinput --set-ptr-feedback "$1" $2 ${3%/*} ${3#*/}
+ # running newer system that uses libinput and has far less
+ # customizability. I havent yet determined the best settings here.
+ if xinput --list-props "$1" | grep "libinput Accel Speed" &>/dev/null; then
+ xinput --set-prop "$1" "libinput Accel Speed" 1
+ else
xinput --set-prop "$1" 'Device Accel Profile' $4
xinput --set-prop "$1" 'Device Accel Constant Deceleration' $5
xinput --set-prop "$1" 'Device Accel Velocity Scaling' $6
+ fi
mi "$1"
}
set_device_id() {
model01)
# original saved with: xkbcomp $DISPLAY /a/c/flidas-2017-12.xkb
xkbcomp /a/c/model01.xkb $DISPLAY
- . /a/bin/bash_unpublished/duplicity-gpg-agent-setup
;;
laptop)
xkbcomp /a/c/x2.xkb $DISPLAY
# http://www.apache.org/licenses/LICENSE-2.0
+set -x
+exec &> >(logger)
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
err "no err tracing script found"
exit 1
fi
+source /a/bin/distro-functions/src/identify-distros
+
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
if [[ ! $SUDO_USER ]]; then
# reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921
#
# for phone, k9mail, same thing but username alerts, pass in ivy-pass.
-# also, l2.b8.nz for secondary alerts
+# also, l2.b8.nz for secondary alerts, username is iank. same alerts pass.
# fetching mail settings: folder poll frequency 10 minutes
#######
## * Install packages
# light version of exim does not have sasl auth support.
pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn
+
+if [[ $(debian-codename) == etiona ]]; then
+ # ip6tables stopped loading on boot. openvpn has reduced capability set,
+ # so running iptables as part of openvpn startup wont work. This should do it.
+ # todo: im sure there is a better way.
+ yes no | pi iptables-persistent || [[ $? == 141 ]]
+ cat >/etc/iptables/rules.v6 <<'EOF'
+*nat
+*mangle
+*filter
+COMMIT
+EOF
+ # load it now.
+ ip6tables -S &>/dev/null
+fi
+
# our nostart pi fails to avoid enabling
sudo systemctl disable openvpn
batch_max = 200
EOF
+# this avoids some error. i cant remember what. todo:
+# test it out and document why/if its needed.
cat >/etc/exim4/host_local_deny_exceptions <<'EOF'
mail.fsf.org
*.posteo.de
EOF
+# for iank@fsf.org, i have mail.fsf.org forward it to fsf@iankelling.org.
+# and also have mail.iankelling.org whitelisted as a relay domain.
+# I could avoid that if I changed this to submit to 587 with a
+# password like a standard mua.
cat >/etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost <<'EOF'
# smarthost for fsf mail
# ian: copied from /etc/exim4/conf.d/router/200_exim4-config_primary, and added senders = and
for f in /p/c/subdir_files/sieve/*sieve /a/c/subdir_files/sieve/*sieve; do
m sudo -u $u /a/exe/lnf -T $f $uhome/sieve/${f##*/}
done
+
+
# If we changed 90-sieve.conf and removed the active part of the
# sieve option, we wouldn\'t need this, but I\'d rather not modify a
# default config if not needed. This won\'t work as a symlink in /a/c
# unfortunately.
- if [[ -e $uhome/sieve/personal.sieve ]]; then
- m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
+ m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
+
+ if [[ ! -e $uhome/sieve/personal.sieve ]]; then
+ touch $uhome/sieve/personal{,end}{,test}.sieve
fi
# we set this later in local.conf
# * if MAIL_HOST
case $HOSTNAME in
- $MAIL_HOST)
+ $MAIL_HOST|l2)
dovecot-setup
+ m systemctl enable dovecot
+ m systemctl restart dovecot
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# note: some things we don't set that are here by default because they are unused.
+dc_eximconfig_configtype='internet'
+dc_localdelivery='dovecot_lmtp'
+EOF
+ cat >>/etc/exim4/conf.d/main/000_local <<EOF
+# recommended if dns is expected to work
+CHECK_RCPT_VERIFY_SENDER = true
+# seems like a good idea
+CHECK_DATA_VERIFY_HEADER_SENDER = true
+CHECK_RCPT_SPF = true
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_MAIL_HELO_ISSUED = true
+EOF
+
+ m systemctl enable mailclean.timer
+ m systemctl start mailclean.timer
+
+ ;;&
+ $MAIL_HOST)
# ** exim
+ # todo, these pem files look old and useless. whats going on
sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 \
/p/c/filesystem/etc/exim4/passwd /p/c/filesystem/etc/exim4/*.pem /etc/exim4/
# file, so I've saved that into ./mail-notes.conf.
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
-# note: some things we don't set that are here by default because they are unused.
-
-dc_eximconfig_configtype='internet'
-
# man page: is used to build the local_domains list, together with "localhost"
# iank.bid is for testing
# mail.iankelling.org is for machines i own
-dc_other_hostnames='*.iankelling.org;iankelling.org;*iank.bid;iank.bid;*zroe.org;zroe.org;*.b8.nz;b8.nz'
+dc_other_hostnames='*.iankelling.org;iankelling.org;*zroe.org;zroe.org;$HOSTNAME.b8.nz;b8.nz'
-# from man page:
-# Is a list of domains for which we accept mail from anywhere on the Internet but which are not delivered locally, e.g.
-# because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS.
-# todo: we should not accept from anywhere, only the mx for fsf.
-dc_relay_domains='*.fsf.org;fsf.org'
-dc_localdelivery='dovecot_lmtp'
EOF
# i can send mail where port 25 is firewalled by isp
daemon_smtp_ports = 25 : 587
-
-
# failing message on mail-tester.com:
# We check if there is a server (A Record) behind your hostname kd.
# You may want to publish a DNS record (A type) for the hostname kd or use a different hostname in your mail software
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl
-# recommended if dns is expected to work
-CHECK_RCPT_VERIFY_SENDER = true
-# seems like a good idea
-CHECK_DATA_VERIFY_HEADER_SENDER = true
-CHECK_RCPT_SPF = true
-CHECK_RCPT_REVERSE_DNS = true
-CHECK_MAIL_HELO_ISSUED = true
-
# testing dmarc
#dmarc_tld_file = /etc/public_suffix_list.dat
EOF
fi
- m systemctl enable mailclean.timer
- m systemctl start mailclean.timer
m systemctl restart $vpn_ser@mail
m systemctl enable $vpn_ser@mail
- m systemctl enable dovecot
- m systemctl restart dovecot
;;
# * not MAIL_HOST
*) # $HOSTNAME != $MAIL_HOST
;;&
## we use this host to monitor MAIL_HOST
l2)
- dovecot-setup
- m systemctl enable dovecot
- m systemctl restart dovecot
+
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# man page: is used to build the local_domains list, together with "localhost"
# mail.iankelling.org is for machines i own
dc_other_hostnames='l2.b8.nz'
-dc_localdelivery='dovecot_lmtp'
EOF
# This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
# is no good.
PATH=/usr/bin:/bin:/usr/local/bin
*/5 * * * * $u send-test-forward |& log-once send-test-forward
*/10 * * * * root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod
+*/5 * * * * $u mailtest-check |& log-once -1 mailtest-check
EOF
;;&
$MAIL_HOST)
test_from=ian@iankelling.org
- test_to=iank@posteo.de
+ test_to=testignore@l2.b8.nz
cat >>/etc/cron.d/mailtest <<EOF
-*/5 * * * * $u mailtest-check |& log-once -1 mailtest-check
2 * * * * $u check-remote-mailqs |& log-once check-remote-mailqs
EOF
m sudo rsync -ahhi --chown=root:root --chmod=0755 \
fi
-folders=(/m/md/l/testignore{,2}/new)
-find ${folders[@]} -type f -mtime +1 -delete
-
-for folder in ${folders[@]}; do
- cd $folder
- last_sec=0
- for file in *; do
- if [[ $file -nt $latest ]]; then
- latest=$file
- fi
- done
-
- if [[ $latest ]]; then
- last_sec=$(awk '/^Subject: / {print $3}' $latest)
- fi
+folder=/m/md/l/testignore/new
+find $folder -type f -mtime +1 -delete
- now=$(date +%s)
- limit=$(( now - 60 * min_limit ))
- if (( last_sec <= limit )); then
- echo $HOSTNAME mailtest failure
- touch /nocow/user/mailtest-failure
- break
- else
- rm -f /nocow/user/mailtest-failure
+cd $folder
+last_sec=0
+for file in *; do
+ if [[ $file -nt $latest ]]; then
+ latest=$file
fi
done
+
+if [[ $latest ]]; then
+ last_sec=$(awk '/^Subject: / {print $3}' $latest)
+fi
+
+now=$(date +%s)
+limit=$(( now - 60 * min_limit ))
+
+if (( last_sec <= limit )); then
+ echo $HOSTNAME mailtest failure
+ touch /nocow/user/mailtest-failure
+ break
+else
+ rm -f /nocow/user/mailtest-failure
+fi
continue
fi
+ if [[ $vol == q ]]; then
+ systemctl --user stop arbtt
+ fi
umount_ret=true
unmounted=()
for dir in $(echo $d ${binds[*]}\ |tac -s\ ); do
for dir in $d ${binds[@]}; do
m mnt $dir
done
+ if [[ $vol == q ]]; then
+ # maybe this will fail if X is not running
+ systemctl --user start arbtt ||:
+ fi
stale_dir=/nocow/btrfs-stale
rm -f $stale_dir/$d
# todo: only available in newer i3n
#hide_edge_borders smart
+
+#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+q exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
bindsym $mod+Shift+p restart
+
+bar {
+status_command i3status
+mode hide
+hidden_state hide
+}
# todo: only available in newer i3n
#hide_edge_borders smart
+
+#exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
# exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
--- /dev/null
+[Unit]
+Description=arbtt
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/arbtt-capture --sample-rate=15
+Environment="DISPLAY=:0"
+Restart=always
+
+[Install]
+WantedBy=default.target
require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ];
+if anyof (
+ address :regex "to" "^testignore@"
+ ) {
+ fileinto :create "l/testignore";
+ stop;
+ }
+
+
if anyof (
header :contains "list-id" "<debian-security-announce.lists.debian.org>",
header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
header :contains "list-id" "<seabios.seabios.org>",
header :contains "list-id" "<freetype-devel.nongnu.org>",
header :contains "list-id" "<mailman-developers.python.org>",
- header :contains "list-id" "<mailop.mailop.org>",
header :contains "list-id" "<linux-raid.vger.kernel.org>",
+ header :contains "list-id" "<mailop.mailop.org>",
header :contains "list-id" "<xmonad.haskell.org>") {
if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
set :lower "listname" "${1}";
require [ "regex", "variables", "fileinto", "envelope", "mailbox", "imap4flags", "include" ];
+if anyof (
+ address :regex "to" "^testignore@"
+ ) {
+ fileinto :create "l/testignore";
+ stop;
+ }
+
+
if anyof (
header :contains "list-id" "<debian-security-announce.lists.debian.org>",
header :contains "list-id" "<ubuntu-security-announce.lists.ubuntu.com>"
iankelling.org / git / distro-setup / commitdiff