c "$(mktemp -d)"
pkg=$1
# shellcheck disable=SC2012
- cached=$(ls -t /var/cache/apt/archives/${pkg}_* | tail -n1 2>/dev/null) ||:
+ cached=$(ls -t /var/cache/apt/archives/${pkg}_* 2>/dev/null | tail -n1 2>/dev/null) ||:
if [[ $cached ]]; then
m cp $cached .
else
}
m() { printf "%s\n" "$*"; "$@"; }
+m2() { printf "%s\n" "$*" >&2; "$@"; }
# update file. note: duplicated in mail-setup.
# updates $ur u result to true or false
# q quit
# ret next
#
+# todo: enter should also unpause
beetag() {
local last_genre_i fstring tag id char new_item char_i genre tag remove doplay i j random path
local do_rare_genres read_wait help line lsout tmp ls_line skip_lookback
}
# strip out the apache license from a file.
apache-strip() {
+ # shellcheck disable=SC2044 # meh
for f in $(find . -type f -maxdepth 1); do if head -n1 "$f"| grep -E '^#!/bin/bash\b' &>/dev/null; then { head -n 20 $f | tac | sed '/^# limitations under the License.$/,/^# Copyright.*Ian Kelling$/d' | tac; tail -n+21 $f; } |sponge $f; fi ; done
}
umask $umask_orig
}
-declare -A vpn_ips
-vpn_ips[kd]=2
-# note: 1, 4, 5 are occupied by mail wireguard
-vpn_ips[x3]=8
-vpn_ips[sy]=12
-vpn_ips[x2]=13
-vpn_ips[kw]=27
-vpn_ips[bo]=28
-vpn_ips[frodo]=34
-vpn_ips[s23b]=49
+host-info-update() {
+
+ local -A vpn_ips host_ips host_macs nonvpn_ips
+ local -a root_hosts nonroot_hosts
+
+ # the hosts with no mac
+ root_hosts=( bk je li b8.nz )
+ for h in ${root_hosts[@]}; do
+ root_hosts+=(${h}ex)
+ done
+ root_hosts+=(cmc)
+
+ while read -r ip host mac opts; do
+ if [[ $ip == *#* || ! $host ]]; then continue; fi
+ if [[ $opts == vpn ]]; then
+ vpn_ips[$host]=$ip
+ else
+ nonvpn_ips[$host]=$ip
+ fi
+
+
+ if [[ $opts == user=root ]]; then
+ root_hosts+=($host i$host)
+ else
+ nonroot_hosts+=($host i$host)
+ fi
+
+ host_ips[$host]=$ip
+ host_macs[$host]=$mac
+ done </p/c/host-info
+
+ cedit /p/c/subdir_files/.ssh/config <<EOF || [[ $? == 1 ]]
+Host ${nonroot_hosts[@]}
+User iank
+IdentityFile ~/.ssh/home
+
+Host ${root_hosts[@]}
+IdentityFile ~/.ssh/home
+EOF
+
+
+ grep -E '^[a-z0-9]+[[:space:]]' /p/c/machine_specific/vps/bind-initial/db.b8.nz | awk '{print $1,$3}'
-vpn-ips-update() {
local host ipsuf f files
+
+ sedi '/edits below here are made automatically/,$d' /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf
for host in ${!vpn_ips[@]}; do
ipsuf=${vpn_ips[$host]}
wghole $host $ipsuf
done
{
- for host in ${!vpn_ips[@]}; do
- ipsuf=${vpn_ips[$host]}
- cat <<EOF
-local-data-ptr: "10.2.0.$ipsuf $host.b8.nz"
-EOF
+ echo "cat <<EOF"
+ for host in ${!host_ips[@]}; do
+ ipsuf=${host_ips[$host]}
+ echo 'local-data-ptr: "$l.'$ipsuf $host.b8.nz'"'
+ done
+ echo "EOF"
+ } | u /p/ptr-data
+
+ {
+ echo "cat <<EOF"
+ for host in ${!host_ips[@]}; do
+ ipsuf=${host_ips[$host]}
+ echo "dhcp-host=${host_macs[$host]},set:$host,\$l.7,$host"
done
- } | u /b/ds/ptr-data
+ echo "EOF"
+ } | u /p/dnsmaq-data
{
+ for host in ${!nonvpn_ips[@]}; do
+ ipsuf=${nonvpn_ips[$host]}
+ echo "$host A 10.2.0.$ipsuf"
+ done
for host in ${!vpn_ips[@]}; do
ipsuf=${vpn_ips[$host]}
cat <<EOF
for f in "${files[@]}"; do
host=${f%%/*}
if [[ ! ${vpn_ips[$host]} ]]; then
- e /p/c/machine_specific/$host/filesystem/etc/wireguard/wghole.conf
- e cedit -s $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf '<<<""'
+ e rm /p/c/machine_specific/$host/filesystem/etc/wireguard/wghole.conf
fi
done
}
case $gateway in
10.2.0.1)
dyndomain=b8.nz
- dynhost=i.b8.nz
;;
*)
return 0
if $athome; then
- if ! cur4="$(dig +short $dynhost @iankelling.org | tail -1)"; then
+ if ! cur4="$(dig +short $dyndomain @iankelling.org | tail -1)"; then
if [[ ! $INVOCATION_ID ]]; then
echo "$0: dig failed. internet looks down. giving up"
fi
if $up4; then
cat >>$tmpf <<EOF
-update delete $dynhost. A
-update add $dynhost. 300 A $ip4
update delete $dyndomain. A
update add $dyndomain. 300 A $ip4
EOF
--- /dev/null
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source /a/bin/bash-bear-trap/bash-bear
+
+e () {
+ printf "%s\n" "$*"
+}
+
+
+prefix=$1
+suffix=$2
+
+# print number
+pn() {
+ for n; do
+ e $prefix$n$suffix
+ done
+}
+
+# level 1 numbers
+l1=(2 3 8 9)
+
+# level 2 numbers
+l2=(4 7)
+
+l12=( ${l1[@]} ${l2[@]} )
+
+t1() {
+
+ pn ${l1[@]}
+}
+
+t2() {
+
+ pn ${l2[@]}
+}
+
+declare -A used
+t3() {
+ for d1 in ${l1[@]}; do
+ for d2 in ${l1[@]}; do
+ if (( d1 == d2 )); then continue; fi
+ pn $d1$d2
+ used[$d1$d2]=t
+ done
+ done
+}
+
+t4() {
+ for d1 in ${l12[@]}; do
+ for d2 in ${l12[@]}; do
+ if (( d1 == d2 )); then continue; fi
+ if [[ ${used[$d1$d2]} ]]; then continue; fi
+ pn $d1$d2
+ used[$d1$d2]=t
+ done
+ done
+}
+
+for t in {1..4}; do
+ e tier $t
+ t$t
+done
set -e; . /usr/local/lib/bash-bear; set +e
-output=HDMI2
-output=DP1
+output=$(xrandr | grep -E "^(HDMI.?|DP1) connected" | awk '{print $1}' ||:)
-if xrandr | grep -q "^$output disconnected" &>/dev/null; then
- xrandr --auto
-else
+if [[ $output ]]; then
xrandr --output $output --off
sleep 2
xrandr --output $output --right-of eDP1 --mode 3840x2160
# if the workspace is already there, this will fail
i3-msg '[workspace="'$i'"]' move workspace to output $output ||:
done
+else
+ xrandr --auto
+
fi
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.34 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.29 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.34.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.29.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.27 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.3 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.27.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.3.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.12 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.7 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.12.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.7.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
+++ /dev/null
-[Unit]
-Description=OpenVPN tunnel for %I
-After=syslog.target network-online.target
-Wants=network-online.target
-Documentation=man:openvpn(8)
-Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
-Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
-Requires=iptables.service
-
-[Service]
-Type=notify
-RuntimeDirectory=openvpn-client
-RuntimeDirectoryMode=0710
-WorkingDirectory=/etc/openvpn/client
-ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
-# todo, try reenabling this from the default openvpn,
-# it was disabled so we could do bind mounts as a command,
-# but now systemd handles it
-#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-LimitNPROC=10
-# DeviceAllow=/dev/null rw
-# DeviceAllow=/dev/net/tun rw
-
-# we use .1 to make this be on a different network than kd, so that we can
-# talk to transmission on kd from remote host, and still use this
-# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.13 start %i
-ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
-# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.13.1 dev veth1-client
-ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
-PrivateNetwork=true
-BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
-
-[Install]
-WantedBy=multi-user.target
# This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
echo iankelling.org > /etc/mailname
+ # mail default domain.
+ u /etc/mailutils.conf <<'EOF'
+address {
+ email-domain iankelling.org;
+};
+EOF
# mail.iankelling.org so local imap clients can connect with tls and
# when they happen to not be local.
# fa=(/mnt/root/btrbk/ar.*); f=${fa[0]}
# if [[ -e $f ]]; then
# fstab <<EOF
-# $crypt_dev /ar btrfs noatime,subvol=ar,uid=1000$mopts 0 0
+# $crypt_dev /ar btrfs noatime,subvol=ar$mopts 0 0
# EOF
# fi
nginx-doc
nmap
nyancat
+ nzbget
obs-studio
offlineimap
oathtool
+++ /dev/null
-local-data-ptr: "10.2.0.8 x3.b8.nz"
-local-data-ptr: "10.2.0.13 x2.b8.nz"
-local-data-ptr: "10.2.0.12 sy.b8.nz"
-local-data-ptr: "10.2.0.34 frodo.b8.nz"
-local-data-ptr: "10.2.0.27 kw.b8.nz"
-local-data-ptr: "10.2.0.2 kd.b8.nz"
-local-data-ptr: "10.2.0.28 bo.b8.nz"
iankelling.org / git / distro-setup / commitdiff