# ensure no bad programs appending to this file will have an affect
return 0
+
+
+export PATH="$HOME/.cargo/bin:$PATH"
# see .bashrc_profile for commentary
echo this is ~/.profile, either my .bashrc_profile is unavailable or this is posix mode or not bash
-# Add RVM to PATH for scripting. Make sure this is the last PATH variable change.
-export PATH="$PATH:$HOME/.rvm/bin"
+return 0
-[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*
+export PATH="$HOME/.cargo/bin:$PATH"
local p
fdroidcl update
if fdroidcl search -u | grep ^org.fdroid.fdroid; then
- fdroidcl upgrade org.fdroid.fdroid
+ fdroidcl install org.fdroid.fdroid
sleep 5
fdroidcl update
fi
done
for p in ${!installed[@]}; do
if ! ${updated[$p]:-true}; then
- fdroidcl upgrade $p
+ fdroidcl install $p
sleep 5
fi
done
grep --exclude-dir='*.emacs.d' --exclude-dir='*.git' -RiIP --color=auto "$@"
fi
}
+rg() {
+ command rg -i -M 200 "$@"
+}
hstatus() {
# do git status on published repos
# ARDUINO_PATH=/a/opt/Arduino/build/linux/work
export ARDUINO_PATH=/a/opt/arduino-1.8.9
+# They want to be added to the start, but i think
+# that should be avoided unless we really need it.
path_add --end ~/.npm-global
+path_add --end $HOME/.cargo/bin
+
# taken from default changes to bashrc and bash_profile
path_add --end $HOME/.rvm/bin
[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*
EOF
########### begin section including li ################
-pi ${p3[@]} $($src/distro-pkgs)
+pi ${p3[@]}
#### desktop stuff
case $codename_compat in
# Setup daily reboots, so all unattended upgrades go into affect
# unattended upgrades happen at 6 am + rand(60 min).
echo '20 7 * * * root /usr/local/bin/zelous-unattended-reboot' | s dd of=/etc/cron.d/unattended-upgrade-reboot
+case $(debian-codename) in
+ flidas)
+ if [[ ! -e /usr/local/bin/checkrestart ]]; then
+ ;;
+esac
##### end automatic upgrades ####
# office is not exposed to internet yet
########### end section including li/lj ###############
+
+case $(debian-codename) in
+ # needed for debootstrap scripts for fai since fai requires debian
+ flidas)
+ curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
+ s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
+Package: *
+Pin: release a=xenial
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-security
+Pin-Priority: -100
+EOF
+ s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ xenial main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
+EOF
+
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
+Package: *
+Pin: release a=bionic
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-security
+Pin-Priority: -100
+EOF
+
+ # better to run btrfs-progs which matches our kernel version
+ # (note, renamed from btrfs-tools)
+ s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
+Package: btrfs-progs libzstd1
+Pin: release a=bionic
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-updates
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-security
+Pin-Priority: 1005
+EOF
+
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ bionic main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
+EOF
+ f=/etc/apt/sources.list.d/bionic.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ # no special reason, but its better for btrfs-progs to
+ # be closer to our kernel version
+ pi btrfs-progs
+
+ t=$(mktemp -d)
+ cd $t
+ aptitude download debootstrap/xenial
+ ex ./*
+ s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+
+ s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
+Package: *
+Pin: release a=etiona
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-security
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-backports
+Pin-Priority: -100
+EOF
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://mirror.fsf.org/trisquel/ etiona main
+deb http://mirror.fsf.org/trisquel/ etiona-updates main
+deb http://archive.trisquel.info/trisquel/ etiona-security main
+deb http://mirror.fsf.org/trisquel/ etiona-backports main
+EOF
+ f=/etc/apt/sources.list.d/etiona.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ # needed for false positive in checkrestart
+ s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
+Package: debian-goodies
+Pin: release a=etiona
+Pin-Priority: 1005
+
+Package: debian-goodies
+Pin: release a=etiona-updates
+Pin-Priority: 1005
+
+Package: debian-goodies
+Pin: release a=etiona-security
+Pin-Priority: 1005
+EOF
+ ;;
+esac
+
+
# TODO: some of the X programs can be removed from pall when using wayland
# depends gcc is a way to install suggests. this is apparently the only
# way to install suggests even if the main package is already
# installed. reinstall doesn't work, uninstalling can cause removing
# dependent packages.
-pi ${pall[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}') $(apt-cache depends gcc|grep -i suggests:| awk '{print $2}')
+pi ${pall[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}') $(apt-cache depends gcc|grep -i suggests:| awk '{print $2}') $($src/distro-pkgs)
if ! type pip; then
x=$(mktemp)
# others unknown
esac
-case $(debian-codename) in
- # needed for debootstrap scripts for fai since fai requires debian
- flidas)
- curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
- s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
-Package: *
-Pin: release a=xenial
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-security
-Pin-Priority: -100
-EOF
- s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ xenial main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
-EOF
-
- s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
- s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
-Package: *
-Pin: release a=bionic
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-security
-Pin-Priority: -100
-EOF
-
- # better to run btrfs-progs which matches our kernel version
- # (note, renamed from btrfs-tools)
- s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
-Package: btrfs-progs libzstd1
-Pin: release a=bionic
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-updates
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-security
-Pin-Priority: 1005
-EOF
-
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ bionic main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
-EOF
- f=/etc/apt/sources.list.d/bionic.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
-
- # no special reason, but its better for btrfs-progs to
- # be closer to our kernel version
- pi btrfs-progs
-
- t=$(mktemp -d)
- cd $t
- aptitude download debootstrap/xenial
- ex ./*
- s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
-
- s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
-Package: *
-Pin: release a=etiona
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-security
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-backports
-Pin-Priority: -100
-EOF
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://mirror.fsf.org/trisquel/ etiona main
-deb http://mirror.fsf.org/trisquel/ etiona-updates main
-deb http://archive.trisquel.info/trisquel/ etiona-security main
-deb http://mirror.fsf.org/trisquel/ etiona-backports main
-EOF
- f=/etc/apt/sources.list.d/etiona.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
-
- ;;
-esac
-
# /run and /dev/shm are listed as required for pulseaudio. All 4 in the group
# listed in the default config as suggested.
# /run/usr/1000 i noticed was missing for pulseaudio
# manual instructions
# wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
# echo is to get past prompt
- echo | sudo -E HOME=/home/iank bash guix-install.sh
+ yes | sudo -E HOME=$HOME bash guix-install.sh || [[ $? == 141 ]]
guix install glibc-utf8-locales
guix package --install guile
fi
+# install rust
+curl https://sh.rustup.rs -sSf | bash -s -- -y
+cargo install ripgrep
+
#### tor
case $distro in
# based on
EOF
pi nfs-utils
- sgo nfs-server
;;
debian|trisquel|ubuntu)
- pi nfs-server
+ pi-nostart nfs-server
;;
arch)
pi nfs-utils || pending_reboot=true
- sgo rpcbind
- # this failed until I rebooted
- sgo nfs-server
;;
esac
--- /dev/null
+#!/usr/bin/env python3
+from email.parser import BytesParser, Parser
+from email.policy import default
+from pathlib import Path
+from email.utils import mktime_tz, parsedate_tz
+import sys
+with open(sys.argv[1], 'rb') as fp:
+ headers = BytesParser(policy=default).parse(fp)
+print(mktime_tz(parsedate_tz(headers['date'])))
for port in 25 143 587; do # smtp and imap.
iptcommon="OUTPUT -m tcp -p tcp -m multiport --ports $port -j MARK --set-mark"
iptmod iptables -t mangle $iptables_op $iptcommon 0x1
- iptmod iptables -t mangle $iptables_op $iptcommon 0x0 -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+ iptmod iptables -t mangle $iptables_op $iptcommon 0x0 -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/8
# note, we could have used a custom chain and returned instead of setting the mark again.
# in case anyone was ever curious, the inverse of private ips is: #0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3
done
fi
+####### instructions for icedove #####
+# Incoming mail server: mail.iankelling.org, port 143, username iank, connection security starttls, authentication method normal password
+# we could also just use 127.0.0.1 with no ssl, but todo: disable that in dovecot, so mail is secure from local programs.
+#
+# hamburger -> preferences -> preferences -> advanced tab -> config editor button -> security.ssl.enable_ocsp_must_staple = false
+# background: ovecot does not yet have ocsp stapling support
+# reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921
+#######
+
####### begin perstent password instructions ######
# # exim passwords:
# apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
# s sed -i "/^$user:/d" /p/c/filesystem/etc/exim4/passwd
# echo "$user:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
-# echo "mail.iankelling.org $user $(<$f)" >> /p/c/machine_specific/$user/filesystem/etc/mailpass
+# echo "mail.iankelling.org 587 $user:$(<$f)" >> /p/c/machine_specific/$user/filesystem/etc/mailpass
# # then run this script, or part of it which uses /etc/mailpass
# # dovecot password, i just need 1 as I\'m the only user
# mkdir /p/c/filesystem/etc/dovecot
-# echo "ian:$(doveadm pw -s ssha256)::::::" >/p/c/filesystem/etc/dovecot/users
+# echo "iank:$(doveadm pw -s ssha256)::::::" >/p/c/filesystem/etc/dovecot/users
# conflink
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync
EOF
+
+ cat >/etc/systemd/system/mailclean.timer <<'EOF'
+[Unit]
+Description=Run mailclean daily
+
+[Timer]
+OnCalendar=monthly
+
+[Install]
+WantedBy=timers.target
+EOF
+
+ cat >/etc/systemd/system/mailclean.service <<EOF
+[Unit]
+Description=Delete and archive old mail files
+After=multi-user.target
+
+[Service]
+User=$u
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once mailclean /a/bin/distro-setup/mailclean
+EOF
+
systemctl daemon-reload
# wording of question from dpkg-reconfigure exim4-config
systemctl enable offlineimapsync.timer
systemctl start offlineimapsync.timer
+ systemctl enable mailclean.timer
+ systemctl start mailclean.timer
systemctl restart $vpn_ser@mail
systemctl enable $vpn_ser@mail
systemctl enable dovecot
else # $HOSTNAME != $MAIL_HOST
systemctl disable offlineimapsync.timer &>/dev/null ||:
systemctl stop offlineimapsync.timer &>/dev/null ||:
+ systemctl disable mailclean.timer &>/dev/null ||:
+ systemctl stop mailclean.timer &>/dev/null ||:
systemctl disable $vpn_ser@mail
systemctl stop $vpn_ser@mail
systemctl disable dovecot ||:
--- /dev/null
+#!/bin/bash
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+x="$(readlink -f -- "$BASH_SOURCE")"; scriptdir=${x%/*}
+
+
+
+# find but ignore directories which dont exist, assuming first args are directories
+# and a following arg starts with -
+myfind() {
+ dirs=()
+ for d; do
+ if [[ $d == -* ]]; then
+ # past dirs, onto options
+ break
+ fi
+ shift
+ if [[ -e $d ]]; then
+ dirs+=($d)
+ fi
+ done
+ if [[ $dirs ]]; then
+ find ${dirs[@]} $@
+ fi
+}
+
+# qemu-devel is our biggest list by far, so occasionally
+# I want to hop into conversations about our mailing
+# systems there, but I don't need many old messages.
+myfind /nocow/user/fsfmd/l/qemu-devel/new -type f -mtime +14 -execdir rm -- '{}' +
+myfind /nocow/user/fsfmd/{sec,Spam,Drafts,{rtcc,sysadmin,l/outreachy-mentors}/new} -type f -mtime +100 -execdir rm -- '{}' +
+myfind /nocow/user/fsfmd/log -type f -mtime +300 -execdir rm -- '{}' +
+myfind /nocow/user/fsfmd/dmarc -type f -mtime +14 -execdir rm -- '{}' +
+
+
+
+shopt -s nullglob
+shopt -s extglob
+
+now=$(date +%s)
+cd /m/md
+for d in ./!(*archive|Drafts)/*(cur|new) ./l/!(*archive)/*(cur|new); do
+ madearchive=false
+ leafdir=${d##*/}
+ md=${d%/*}; md=${md##*/}
+ archive=${d%/*/*}/${md}-myarchive/$leafdir
+ archivebase=archive=${d%/*/*}/${md}-myarchive
+ for f in $d/1*; do
+ date=$($scriptdir/email-date.py $f) || echo $f
+ [[ $date ]] || continue
+ if (( date < now - 60*60*24*400 )); then
+ if ! $madearchive; then
+ mkdir -p ${archivebase}{cur,tmp,new}
+ madearchive=true
+ fi
+ mv $f $archive
+ echo mv $f $archive
+ fi
+ done
+done
#mu index &>/dev/null ||:
fi
-# find but ignore directories which dont exist, assuming first args are directories
-# and a following arg starts with -
-myfind() {
- dirs=()
- for d; do
- if [[ $d == -* ]]; then
- # past dirs, onto options
- break
- fi
- shift
- if [[ -e $d ]]; then
- dirs+=($d)
- fi
- done
- if [[ $dirs ]]; then
- find ${dirs[@]} $@
- fi
-}
-
-# qemu-devel is our biggest list by far, so occasionally
-# I want to hop into conversations about our mailing
-# systems there, but I don't need many old messages.
-myfind /nocow/user/fsfmd/l/qemu-devel/new -type f -mtime +14 -execdir rm -- '{}' +
-myfind /nocow/user/fsfmd/{sec,Spam,Drafts,{rtcc,sysadmin,l/outreachy-mentors}/new} -type f -mtime +100 -execdir rm -- '{}' +
-myfind /nocow/user/fsfmd/log -type f -mtime +300 -execdir rm -- '{}' +
-myfind /nocow/user/fsfmd/dmarc -type f -mtime +14 -execdir rm -- '{}' +
-
# delete based on http://deflexion.com/2006/05/imap-way-of-deleting-message
sieve-filter -eW -o mail_location=maildir:/nocow/user/fsfmd:LAYOUT=fs:INBOX=/nocow/user/fsfmd/INBOX ~/sieve/fsf.sieve INBOX delete &>>/tmp/fsfsieve.log
header :contains "list-id" "<exim-users.exim.org>",
header :contains "list-id" "<octave-maintainers.gnu.org>",
header :contains "list-id" "<discuss-gnuradio.gnu.org>",
+ header :contains "list-id" "<seabios.seabios.org>",
header :contains "list-id" "<freetype-devel.nongnu.org>",
header :contains "list-id" "<xmonad.haskell.org>") {
if header :regex "list-id" "<([a-z_0-9-]+)[.@]" {
iankelling.org / git / distro-setup / commitdiff