if grep -qF /home/iank/.iank/e/e /etc/auto.iank /etc/exports &>/dev/null; then
export EMACSDIR=/home/iank/.iank/e/e
fi
+ path-add $bashrc_dir
fi
fi
source /usr/share/wcd/wcd-include.sh
fi
-if [[ -s /a/bin/small-misc-bash/ll-function ]]; then
- source /a/bin/small-misc-bash/ll-function
-elif [[ -s $bashrc_dir/ll-function ]]; then
- # shellcheck source=/a/bin/small-misc-bash/ll-function
- source $bashrc_dir/ll-function
-fi
+mysrc() {
+ local path dir file
+ path=$1
+ dir=${path%/*}
+ file=${path##*/}
+ if [[ -s $path ]]; then
+ source $path
+ elif [[ -s $bashrc_dir/$file ]]; then
+ source $bashrc_dir/$file
+ fi
+}
+mysrc /a/bin/small-misc-bash/ll-function
+mysrc /a/bin/distro-functions/src/package-manager-abstractions
+
# * functions
ccomp() { # copy completion
if [[ $EUID != 0 ]] && [[ $DID_SUDO ]]; then
ps_char="SUDO $ps_char"
fi
+ if [[ ! $HISTFILE ]]; then
+ ps_char="NOHIST $ps_char"
+ fi
PS1="${PS1%"${PS1#*[wW]}"} \[$ps_color\]$ps_char\[$term_nocolor\] "
# set titlebar. instead, using more advanced
# generated instead of dynamic for the benefit of shellcheck
#for x in /a/bin/distro-functions/src/* /a/bin/!(githtml)/*-function?(s); do echo source $x ; done
source /a/bin/distro-functions/src/identify-distros
-source /a/bin/distro-functions/src/package-manager-abstractions
source /a/bin/log-quiet/logq-function
# for x in /a/bin/bash_unpublished/source-!(.#*); do echo source $x; done
source /a/bin/bash_unpublished/source-semi-priv
local host ipsuf umask_orig
host=$1
ipsuf=$2
- mkdir -p /p/c/machine_specific/$host/filesystem/etc/{wireguard,network/interfaces.d}
+ mkdir -p /p/c/machine_specific/$host/filesystem/etc/wireguard
cd /p/c/machine_specific/$host/filesystem/etc/wireguard
umask_orig=$(umask)
umask 0077
- wg genkey | tee $host-priv.key | wg pubkey > $host-pub.key
+ wg genkey | tee hole-priv.key | wg pubkey > hole-pub.key
cat >wghole.conf <<EOF
[Interface]
# contents hole-priv.key
sudo chown $USER:$USER /mnt/$base
else
base=$1
- sudo umount /mnt/$base
+ if mountpoint /mnt/$base &>/dev/null; then
+ sudo umount /mnt/$base
+ fi
l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p')
sudo cryptsetup luksClose /dev/mapper/$base || return 1
sudo losetup -d $l
sudo systemctl stop $vpn_service@$1
}
vpnoffc() { # vpn off client
- ser stop openvpn-nn@client
+ ser stop openvpn-client-tr@client
}
vpnc() {
- ser start openvpn-nn@client
+ ser start openvpn-client-tr@client
}
kw)
at_work=true
;;&
- x2|x3|sy)
+ x2|x3|sy|bo)
if ping -q -c1 -w1 hal.office.fsf.org \
&& ip n show 192.168.0.26 | grep . &>/dev/null; then
at_work=true
fi
;;&
- kw|x2|x3|sy)
+ kw|x2|x3|sy|bo)
if $at_work; then
if ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then
home=iank.vpn.office.fsf.org
kw)
targets+=($home x3)
;;
- x2|x3|sy)
+ x2|x3|sy|bo)
targets+=($home)
if $at_work; then
targets+=(kw.office.fsf.org x2.b8.nz)
;;
kd)
targets+=(x2.b8.nz kw.b8.nz)
- ## sy is unused
- # if ping -q -c1 -w1 sy.b8.nz &>/dev/null; then
- # targets+=(sy.b8.nz)
+ # temporarily disabled while doing maint
+ # if ping -q -c1 -w1 bo.b8.nz &>/dev/null; then
+ # targets+=(bo.b8.nz)
# else
- # targets+=(syw.b8.nz)
+ # targets+=(bow.b8.nz)
# fi
;;
frodo)
for s in ${snaps[@]}; do
f=${s##*/}
unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s)
- printf "%s %s\n" $unix_time $s
+ printf "%s %s\n" $unix_time $s # part of the pipeline
# sort will fail
done | sort -r | head -n 1 | awk '{print $2}' || [[ ${PIPESTATUS[1]} == 141 || ${PIPESTATUS[0]} == 32 ]]
)
xrandr --output VGA-1 --off --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output eDP-1 --off
fi
case $HOSTNAME in
- sy) /a/bin/distro-setup/input-setup l ;;
+ sy|bo) /a/bin/distro-setup/input-setup l ;;
*) /a/bin/distro-setup/input-setup m ;;
esac
fi
##### install laptop hardware packages
-if tp || x2 || x3; then
+if tp || x2 || x3 || bo || sy; then
case $distro in
debian)
pi task-laptop
sd /etc/openvpn/client-config-hole/onep9 <<'EOF'
ifconfig-push 10.5.5.14 255.255.255.0
+EOF
+ sd /etc/openvpn/client-config-hole/bo <<'EOF'
+ifconfig-push 10.5.5.13 255.255.255.0
EOF
sd /etc/openvpn/client-config-hole/sy <<'EOF'
ifconfig-push 10.5.5.12 255.255.255.0
### system76 things ###
case $HOSTNAME in
- sy)
+ sy|bo)
# note, i stored the initial popos packages at /a/bin/data/popos-pkgs
if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
# https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
# Pin: release o=LP-PPA-system76-dev-stable
# Pin-Priority: 1001
# EOF
- pi system76-driver system76-firmware-cli
+ pi system76-driver system76-firmware
# if you get a notice about a firmware update, the notifier on i3
# is too dumb to do anything when you click it. so to see
# a changelog, cd to
esac
# user for short term use dropping of privileges
-s groupadd -g 1023 zu
-s useradd -g 1023 -u 1023 -c zu -s /bin/bash zu
+if ! getent group zu &>/dev/null; then
+ s groupadd -g 1023 zu
+fi
+if ! getent passwd zu &>/dev/null; then
+ s useradd -g 1023 -u 1023 -c zu -s /bin/bash zu
+fi
# these things persist in ~/.config/syncthing, which I save in
bindsym $mod+Shift+m border toggle
bindsym $mod+j exec emacsclient -c
-bindsym $mod+k exec alacritty
+bindsym $mod+k exec kitty
bindsym $mod+l exec dmenu_run
# note default is 27% on my system76. not sure if these
# keybinds will screw up other laptop brightness keys.
--- /dev/null
+snapshot_create onchange
+
+snapshot_preserve_min 2h
+snapshot_dir btrbk
+target_preserve_min 2h
+
+
+ssh_identity /root/.ssh/home
+# Just a guess that local7 is a good facility to pick.
+# It's a bit odd that the transaction log has to be logged to
+# a file or syslog, while other output is sent to std out.
+# The man does not mention a way for them to be together, but
+# I dunno if setting a log level like warn might also output
+# transaction info.
+transaction_syslog local7
+
+# trying this out
+stream_compress zstd
+
+archive_preserve_min latest
+
+# so we only run one at a time
+lockfile /var/lock/btrbkroot2.lock
+
+# default format of short does not accomidate hourly preservation setting
+timestamp_format long-iso
+
+# dont make new snapshot, we only receive new snapshots
+snapshot_create no
+
+# if something fails and it's not obvious, try doing
+# btrbk -l debug -v dryrun
+
+rate_limit no
+volume ssh://syw/mnt/root
+snapshot_preserve 18h 14d 4w 24m
+target_preserve 18h 14d 4w 24m
+subvolume root_ubuntubionic
+target send-receive /mnt/r7/amy/root/btrbk
+
+volume ssh://syw/mnt/boot
+snapshot_preserve 18h 14d 4w 6m
+target_preserve 18h 14d 4w 6m
+subvolume boot_ubuntubionic
+target send-receive /mnt/r7/amy/boot/btrbk
SHELL=/bin/bash
PATH=/usr/bin:/bin:/usr/local/bin:/a/exe:/a/bin/fai
MAILTO=root
-0 7 * * 1,2,3,4,5 root failmail wrt-setup -y
+0 6 * * 1,2,3,4,5 root failmail wrt-setup -y
45 7 * * 1,2,3,4,5 root failmail wrt-setup -z
-0 7 * * 0,6 root failmail wrt-setup -y
-0 11 * * 0,6 root failmail wrt-setup -z
+0 9 * * 1,2,3,4,5 root failmail wrt-setup -y
+10 21 * * 1,2,3,4,5 root failmail wrt-setup -z
+# saturday morning
+0 6 * * 6 root failmail wrt-setup -y
+# sunday evening
+10 21 * * 0 root failmail wrt-setup -z
+
+# old rules, weekends allow only morning.
+#0 7 * * 0,6 root failmail wrt-setup -y
+#0 11 * * 0,6 root failmail wrt-setup -z
+
+5 1 * * * root ziva-backup-check |& log-once ziva-backup-check
bhost_t=false
case $HOSTNAME in
$MAIL_HOST) : ;;
- kd|frodo|x2|x3|kw|sy)
+ kd|frodo|x2|x3|kw|sy|bo)
bhost_t=true
;;
esac
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_protocols = TLSv1.2
ssl_prefer_server_ciphers = no
-ssl_dh_parameters_length = 2048
protocol lmtp {
#per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
--- /dev/null
+/b/exim-tools/ecat
\ No newline at end of file
--- /dev/null
+/b/exim-tools/eg
\ No newline at end of file
--- /dev/null
+/b/exim-tools/egbefore
\ No newline at end of file
--- /dev/null
+/b/exim-tools/egpanic
\ No newline at end of file
--- /dev/null
+/b/exim-tools/ex
\ No newline at end of file
--- /dev/null
+/b/exim-tools/exigrep-wrappers-common
\ No newline at end of file
stop;
}
+
+if anyof (
+ header :contains "list-id" "<users.spamassassin.apache.org>"
+ ) {
+ fileinto :create "l/spamassassin";
+ stop;
+}
+
+
if anyof (
header :contains "list-id" "<bbdb-info.lists.sourceforge.net>",
header :contains "list-id" "<bug-bash.gnu.org>",
if anyof (
+ header :contains "list-id" "<ln.lists.fsfe.org>",
header :contains "list-id" "<gnu-prog-discuss.gnu.org>",
header :contains "list-id" "<gnu-prog.gnu.org>",
header :contains "list-id" "<www-discuss.gnu.org>",
stop;
}
+
+if anyof (
+ header :contains "list-id" "<users.spamassassin.apache.org>"
+ ) {
+ fileinto :create "l/spamassassin";
+ stop;
+}
+
+
if anyof (
header :contains "list-id" "<bbdb-info.lists.sourceforge.net>",
header :contains "list-id" "<bug-bash.gnu.org>",
if anyof (
+ header :contains "list-id" "<ln.lists.fsfe.org>",
header :contains "list-id" "<gnu-prog-discuss.gnu.org>",
header :contains "list-id" "<gnu-prog.gnu.org>",
header :contains "list-id" "<www-discuss.gnu.org>",
fi
- # this is for tracking dns over tls issue, which
- # fixvpndns() in brc2 fixes.
- stat=$(resolvectl dnsovertls tunfsf 2>/dev/null ||: )
- read _ _ _ istls <<<"$stat"
- case $istls in
- no) : ;;
- *)
- printf "%s\n" "$istls" | ts >> /tmp/istls.log
- chars+=("T:$istls")
- ;;
- esac
+ if ip l show tunfsf &>/dev/null; then
+ # this is for tracking dns over tls issue, which
+ # fixvpndns() in brc2 fixes.
+ stat=$(resolvectl dnsovertls tunfsf 2>/dev/null ||: )
+ read _ _ _ istls <<<"$stat"
+ case $istls in
+ no) : ;;
+ *)
+ printf "%s\n" "$istls" | ts >> /tmp/istls.log
+ chars+=("T:$istls")
+ ;;
+ esac
+ fi
if pgrep -G iank -u iank -f 'emacs --daemon' &>/dev/null; then
set -x
+if [[ ! -e /mnt/root/root2-fstab || ! -e /mnt/root/root2-crypttab ]]; then
+ echo $0: "error: create /mnt/root/root2-fstab & /mnt/root/root2-crypttab from running /a/bin/fai/fai/config/hooks/partition.DEFAULT mkroot2 or mkroot2tab"
+ exit 1
+fi
+
mount -o bind /mnt/root2/root_ubuntubionic /mnt/1
cd /mnt/1
/b/ds/gen-amy-fstab ubuntubionic .
--- /dev/null
+#!/bin/bash
+# Copyright (C) 2019 Ian Kelling
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+source /a/bin/errhandle/err
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+pre="${0##*/}:"
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+## begin check on syncthing
+if ! systemctl show --no-page syncthing@ziva | sed -n 's/^MainPID=//p' | egrep '^[0-9]+$' &>/dev/null; then
+ err no pid for syncthing@ziva. systemctl status:
+ systemctl status syncthing@ziva
+fi
+## end check on syncthing
+
+
+## begin check on btrbk
+now=$(date +%s)
+age_limit_sec=$(( 60 * 60 * 50 )) # 50 hours
+for vol in {root,boot}_ubuntubionic; do
+ snaps=(/mnt/r7/amy/btrbk/${vol}.20*)
+ if [[ ! ${snaps[*]} ]]; then
+ err no snapshots starting with /mnt/r7/amy/btrbk/${vol}_ubuntubionic.20
+ break
+ fi
+
+ read last_snap_sec last_snap < <(
+ for s in ${snaps[@]}; do
+ f=${s##*/}
+ unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s)
+ printf "%s %s\n" $unix_time $s # part of the pipeline
+ done | sort -r | head -n 1 ||:
+ )
+ if [[ ! $last_snap ]]; then
+ # should not happen.
+ err "could not find latest snapshot for $svp among ${snaps[*]}"
+ exit 1
+ fi
+ if (( last_snap_sec < now - age_limit_sec )); then
+ err vol $vol last backup older than 50 hours: $last_snap
+ fi
+done
+## end check on btrbk
iankelling.org / git / distro-setup / commitdiff