From: Ian Kelling <iank@fsf.org>
Date: Sun, 19 Nov 2017 17:38:35 +0000 (-0500)
Subject: lots of fixes for trisquel flidas
X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=3a5055dce8796a1946d9f75d8c74605eb73d19df

lots of fixes for trisquel flidas
---

diff --git a/btrbk-run b/btrbk-run
index d05616a..e5d0b5e 100755
--- a/btrbk-run
+++ b/btrbk-run
@@ -83,7 +83,7 @@ if [[ ! -v targets ]]; then
                 targets=($HOME_DOMAIN)
             fi
             ;;
-        treetowl)
+        tp)
             targets=(frodo)
             if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
                 if timeout -s 9 10 ssh x2 :; then
diff --git a/distro-begin b/distro-begin
index 0e61f2b..904bc79 100755
--- a/distro-begin
+++ b/distro-begin
@@ -65,10 +65,10 @@ if [[ $1 ]]; then
     export HOSTNAME=$1
 fi
 
-for f in iank-dev htpc treetowl x2 frodo tp li lj demohost; do
+for f in iank-dev htpc treetowl x2 frodo tp li lj demohost kw; do
     eval "$f() { [[ $HOSTNAME == $f ]]; }"
 done
-has_p() { treetowl || x2 || frodo || tp || demohost; }
+has_p() { ! linode; } # when tp is tracis, then not tp either
 has_x() { ! linode; }
 linode() { lj || li; }
 has_btrfs() { ! linode; }
@@ -277,11 +277,6 @@ pi trash-cli
 ###### link files ###########
 # convenient to just do all file linking in one place
 
-# if it wasn't set already, we could set hostname here
-#echo treetowl | s dd of=/etc/hostname
-#s hostname -F /etc/hostname
-#HOSTNAME=$(hostname)
-
 
 s lnf -T /a/bin /b
 s lnf -T /nocow/t /t
@@ -564,7 +559,7 @@ if home_network; then
 EOF
     else
         tu /etc/fstab <<'EOF'
-treetowl:/k  /kr  nfs  noauto  0 0
+frodo:/k  /kr  nfs  noauto  0 0
 EOF
     fi
 fi
@@ -802,3 +797,4 @@ fi
 # the first pup command can kill off our /etc/ mod, so rerun this
 /a/exe/ssh-emacs-setup
 echo "$0: $(date): ending now"
+exit 0
diff --git a/distro-end b/distro-end
index 973dc85..f943910 100755
--- a/distro-end
+++ b/distro-end
@@ -165,6 +165,7 @@ esac
 
 ########### begin section including li ################
 
+conflink
 
 case $distro in
     arch)
@@ -665,26 +666,46 @@ esac
 
 
 
-if [[ $HOSTNAME == treetowl ]]; then
 
-    # vpn-server setup via:
+### begin home vpn server setup
 
-    vpn-server-setup -r -d
-    s tee -a /etc/openvpn/server/server.conf <<'EOF'
+
+# # this section done initially to make persistent keys.
+# # Also note, I temporarily set /etc/hosts so my host was
+# # b8.nz when running this, since the vpn client config
+# # generator assumes we need to go to that server to get
+# # server keys.
+# vpn-server-setup -rds
+# s cp -r --parents /etc/openvpn/easy-rsa/keys /p/c/filesystem
+# s chown -R 1000:1000 /p/c/filesystem/etc/openvpn/easy-rsa/keys
+# for host in x2 kw; do
+#     vpn-mk-client-cert -b $host -n home b8.nz
+#     dir=/p/c/machine_specific/$host/filesystem/etc/openvpn/client
+#     mkdir -p $dir
+#     s bash -c "cp /etc/openvpn/client/home* $dir"
+#     # note: /etc/update-resolv-conf-home also exists for all systems with /p
+# done
+
+
+vpn-server-setup -rds
+s tee -a /etc/openvpn/server/server.conf <<'EOF'
 push "dhcp-option DNS 192.168.1.1"
 push "route 192.168.1.0 255.255.255.0"
 client-connect /a/bin/distro-setup/vpn-client-connect
 EOF
-    s sed -i --follow-symlinks 's/10.8./10.9./g' /etc/openvpn/server/server.conf
-    ser restart openvpn-server@server
-    vpn-mk-client-cert -s /etc/update-resolv-conf-home -c x2 -n home b8.nz
-    dir=/p/c/machine_specific/x2/filesystem/etc/openvpn/client
-    mkdir -p $dir
-    # background: We have these files locally, but we\'d have to duplicate the logic
-    # in vpn-mk-client-cert to get them, and this is just simpler.
-    scp root@x2:/etc/openvpn/client/home* $dir
-
+s sed -i --follow-symlinks 's/10.8./10.9./g' /etc/openvpn/server/server.conf
+
+if [[ $HOSTNAME == tp ]]; then
+    if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
+        vpn_service=openvpn-server@.service
+    else
+        vpn_service=openvpn@server
+    fi
+    sgo $vpn_service
+fi
+### end vpn server setup
 
+if [[ $HOSTNAME == tp ]]; then
 
     # note, see bashrc for more documentation.
     pi rss2email
@@ -719,7 +740,7 @@ EOF
 fi
 
 ######### begin  pump.io periodic backup #############
-if [[ $HOSTNAME == treetowl ]]; then
+if [[ $HOSTNAME == tp ]]; then
     s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
 [Unit]
 Description=pump li backup
@@ -770,7 +791,7 @@ lnf /a/opt/.AndroidStudio2.2 ~
 spa lib32stdc++6 default-jdk
 
 
-if [[ $HOSTNAME == treetowl ]]; then
+if [[ $HOSTNAME == frodo ]]; then
     ############# begin syncthing setup ###########
 
     # It\'s simpler to just worry about running it in one place for now.
@@ -916,10 +937,18 @@ EOF
         # it contains runtime data,
         # plus a simple symlink to the config file which it\'s
         # not worth separating out.
-        s lnf -T /i/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
         # between comps, the uid can change
-        s chown -R debian-transmission:debian-transmission /i/transmission-daemon /var/lib/transmission-daemon
-        s chown -R debian-transmission:traci /i/k/partial-torrents /i/k/torrents
+        f=/i/transmission-daemon
+        s lnf -T $f /var/lib/transmission-daemon/.config/transmission-daemon
+        if [[ -e $f ]]; then
+            s chown -R debian-transmission:debian-transmission $f
+        fi
+        for f in /i/k/partial-torrents /i/k/torrents; do
+            if [[ -e $f ]]; then
+                s chown -R debian-transmission:traci $f
+            fi
+        done
+        s chown -R debian-transmission:debian-transmission /var/lib/transmission-daemon
         #
         # config file documented here, and it\'s the same config
         # for daemon vs client, so it\'s documented in the gui.
@@ -1246,119 +1275,11 @@ case $distro in
     debian) pi adb ;;
     debian|trisquel|ubuntu) spa android-tools-adbd ;;
     # todo: not sure this is needed anymore, or if trisqel etc works even
-#    debian) spa android-tools-adbd/unstable ;;
+    #    debian) spa android-tools-adbd/unstable ;;
     arch) spa android-tools ;;
     # other distros unknown
 esac
 
-if [[ $HOSTNAME == treetowl ]]; then
-    :
-    ## bitcoin disabled. fees too high
-    #     case $distro in
-    #         debian)
-    #             if [[ `debian-archive`  == testing ]]; then
-    #                 # has no unstable dependencies
-    #                 pi bitcoind/unstable
-    #                 src=/a/opt/bitcoin/contrib/init/bitcoind.service
-    #                 s cp $src /etc/systemd/system
-    #                 p=/etc/bitcoin/bitcoin
-    #                 dst=/etc/systemd/system/bitcoinjm.service
-    #                 # jm for joinmarket
-    #                 $sed -r "/^\s*ExecStart/s,${p}.conf,${p}jm.conf," $src \
-        #                      >/etc/systemd/system/bitcoinjm.service
-
-    #                 d=jm; jm=d # being clever for succinctness
-    #                 for s in d jm; do
-    #                     s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
-        #                       /etc/systemd/system/bitcoin${s}.service
-    #                 done
-
-    #                 ser daemon-reload
-
-    #                 dir=/nocow/.bitcoin
-    #                 s mkdir -p $dir
-    #                 s chown -R bitcoin:bitcoin $dir
-    #                 dir=/etc/bitcoin
-    #                 s mkdir -p $dir
-    #                 s chown -R root:bitcoin $dir
-    #                 s chmod 750 $dir
-
-    #                 # pruning decreases the bitcoin dir to 2 gb, keeps
-    #                 # just the recent blocks. can\'t do a few things like
-    #                 # import a wallet dump.
-    #                 # pruning works, but people had to do
-    #                 # some manual stuff in joinmarket. I dun need the
-    #                 # disk space, so not bothering yet, maybe in a year or so.
-    #                 # https://github.com/JoinMarket-Org/joinmarket/issues/431
-    #                 #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
-    #                 #prune=550
-
-    #                 f=$dir/bitcoin.conf
-    #                 s dd of=$f <<EOF
-    # server=1
-    # # necessary for joinmarket, not bad in general
-    # rpcpassword=$(openssl rand -base64 32)
-    # rpcuser=$(openssl rand -base64 32)
-    # EOF
-
-    #                 # dunno about sharing a wallet between multiple instances
-    #                 # manually did, wallet.dat symlinked in /nocow/.bitcoin
-    #                 sgo bitcoind
-    #             fi
-    #             ;;
-    #         # other distros unknown
-    #     esac
-
-
-
-    #     ## disabling joinmarket, its too expensive
-    #     ### begin joinmarket setup ###
-
-    #     case $distro in
-    #         debian)
-    #             f=$dir/bitcoin.conf
-    #             f2=$dir/bitcoinjm.conf
-    #             s cp $f $f2
-    #             s tee -a $f2 >/dev/null <<EOF
-    # # Joinmarket
-    # walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
-    # alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
-    # wallet=joinmarket.dat
-    # EOF
-
-    #             ;;
-    #         # other distros unknown
-    #     esac
-
-    #     pi libsodium-dev python-pip
-    #     cd /a/opt/joinmarket
-    #     # using develop branch, as it seems to be mostly bug fixes,
-    #     # and this is quite new software.
-    #     # note: python3 does not work.
-    #     # has seg fault error due to some bug, but it still works
-    #     pip install -r requirements.txt || [[ $? == 139 ]]
-    #     # note, the target must exist ahead of time, or bitcoin
-    #     # just overwrites the link, and it\'s not happy with an empty file,
-    #     # so we have to create the wallet, then move and link it.
-    #     s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
-    #     s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
-    #     # not technically needed, but seems cleaner not to have
-    #     # symlinks be root owned unlike everything else
-    #     s chown -h bitcoin:bitcoin /nocow/.bitcoin/*
-
-    #     for var in rpcuser rpcpassword; do
-    #         u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
-    #         # escape backslashes
-    #         u="${u//\\/\\\\\\\\}"
-    #         # escape commas
-    #         u="${u//,/\\,}"
-    #         sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
-    #     done
-    #     sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
-    #     ### end joinmarket setup ###
-
-
-fi
 
 
 case $distro in
@@ -1480,7 +1401,7 @@ fi
 # EOF
 #         s systemctl daemon-reload
 #         case $HOSTNAME in
-#             x2|treetowl)
+#             x2|tp)
 #                 ser enable synergyc@iank
 #                 ser start synergyc@iank ||: # X might not be running yet
 #                 ;;
@@ -1596,9 +1517,9 @@ case $distro in
         # compilers.
         spa unison unison-gtk
         ;;
-    arch)
-        spa unison gtk2
-        ;;
+arch)
+    spa unison gtk2
+    ;;
 esac
 
 case $distro in
@@ -1620,12 +1541,14 @@ esac
 cd /a/opt/btrbk
 s make install
 spa pv # for progress bar when running interactively.
-if [[ $HOSTNAME == treetowl ]]; then
-    # backup/sync manually on others hosts for now.
-    sgo btrbk.timer
-    # note: to see when it was last run,
-    # ser list-timers
-fi
+
+# ian: temporarily disabled while hosts are in flux.
+# if [[ $HOSTNAME == tp ]]; then
+#     # backup/sync manually on others hosts for now.
+#     sgo btrbk.timer
+#     # note: to see when it was last run,
+#     # ser list-timers
+# fi
 
 
 
@@ -1779,3 +1702,4 @@ if $pending_reboot; then
 else
     echo "$0: $(date): ending now)"
 fi
+exit 0
diff --git a/input-setup b/input-setup
index b3ad60b..798748a 100755
--- a/input-setup
+++ b/input-setup
@@ -23,8 +23,8 @@ else
 fi
 
 case $HOSTNAME in
-    x2|tp) type=laptop ;;
-    treetowl*|iank-dev|frodo) type=kinesis ;;
+    some_x200_laptop) type=laptop ;;
+    hosts_with_keyboards_attached) type=kinesis ;;
 esac
 
 
diff --git a/mail-setup b/mail-setup
index c0035c6..7674921 100755
--- a/mail-setup
+++ b/mail-setup
@@ -278,7 +278,9 @@ else # begin exim. has debian specific stuff for now
     fi
 
     if [[ -e /p/c/filesystem ]]; then
-        /a/exe/vpn-mk-client-cert -b mail -n mail li
+        # to put the hostname in the known hosts
+        ssh -o StrictHostKeyChecking=no li.iankelling.org :
+        /a/exe/vpn-mk-client-cert -b mail -n mail li.iankelling.org
     fi
 
     cat >/etc/systemd/system/mailroute.service <<EOF
@@ -467,6 +469,9 @@ EOF
         # smarthost config type, not sure. all other settings
         # would be unused in that config type.
         cat >$exim_main_dir/000_localmacros <<EOF
+# i don't have ipv6 setup for my tunnel yet.
+diable_ipv6 = true
+
 MAIN_TLS_ENABLE = true
 
 DKIM_CANON = relaxed
diff --git a/mount-latest-remote b/mount-latest-remote
index cd04faf..406a1e9 100755
--- a/mount-latest-remote
+++ b/mount-latest-remote
@@ -22,6 +22,7 @@ if [[ ! $@ ]]; then
     echo "mount-latest-remote: error: expected 1 or more host arguments"
     exit 1
 fi
+ret=0
 
 for tg; do
     scp $script_dir/{mount-latest-subvol,check-subvol-stale} \
@@ -33,5 +34,7 @@ chmod +x /usr/local/bin/{mount-latest-subvol,check-subvol-stale}
 EOF
     then
         echo "$0: warning: failed mount-latest-subvol on $tg"
+        ret=1
     fi
 done
+exit $ret
diff --git a/mount-latest-subvol b/mount-latest-subvol
index 1b0a8e2..b4bec8e 100644
--- a/mount-latest-subvol
+++ b/mount-latest-subvol
@@ -89,16 +89,25 @@ first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
 fstab <<EOF
 $first_root_crypt  /a  btrfs  noatime,subvol=a  0 0
 EOF
-case $HOSTNAME in
-    treetowl|x2|frodo)
-        fstab <<EOF
+
+shopt -s nullglob
+
+f=(/mnt/root/btrbk/q.*)
+if [[ -e $f ]]; then
+    fstab <<EOF
 $first_root_crypt  /q  btrfs  noatime,subvol=q  0 0
-$first_root_crypt  /o  btrfs  noatime,subvol=o  0 0
 /q/p  /p  none  bind  0 0
+EOF
+fi
+
+f=(/mnt/root/btrbk/o.*)
+if [[ -e $f ]]; then
+    fstab <<EOF
+$first_root_crypt  /o  btrfs  noatime,subvol=o  0 0
 /o/m  /m  none  bind  0 0
 EOF
-        ;;
-esac
+fi
+
 if [[ $HOSTNAME == frodo ]]; then
     fstab <<EOF
 $first_root_crypt  /i  btrfs  noatime,subvol=i  0 0
diff --git a/switch-mail-host b/switch-mail-host
index b795596..ab57c13 100755
--- a/switch-mail-host
+++ b/switch-mail-host
@@ -11,7 +11,7 @@ Adjust home network dns so NEW_HOST resolves locally if it is on the
 local network.  Turn off mail receiving on OLD_HOST, run btrbk to move
 mail to NEW_HOST, turn on mail receiving on NEW_HOST.
 
-
+-w         Don't try to ssh to wrt. Should only be used in unusual network situation.
 -h|--help  Print help and exit.
 
 Note: Uses GNU getopt options parsing style
@@ -21,9 +21,21 @@ EOF
 
 ##### begin command line parsing ########
 
-if (( $# != 2 )) || [[ $1 == -* || $2 == -* ]]; then
-    usage 1
-fi
+update_wrt=true # default
+long_opt=foo # default
+temp=$(getopt -l help wh "$@") || usage 1
+eval set -- "$temp"
+while true; do
+    case $1 in
+        -w) update_wrt=false; shift ;;
+        -h|--help) usage ;;
+        --) shift; break ;;
+        *) echo "$0: Internal error! unexpected args: $*" ; exit 1 ;;
+    esac
+done
+
+
+(( $# == 2 )) || usage 1
 
 old_host=$1
 new_host=$2
@@ -55,7 +67,7 @@ if [[ ! $new_host || ! $old_host ]]; then
 fi
 
 at_home=false
-if [[ $HOSTNAME == treetowl ]] || [[ $HOSTNAME == frodo ]] || timeout -s 9 5 ssh wrt.b8.nz :; then
+if [[ $HOSTNAME == tp ]] || [[ $HOSTNAME == frodo ]] || timeout -s 9 5 ssh wrt.b8.nz :; then
     at_home=true
 fi
 echo "$0: at_home = $at_home"
@@ -65,7 +77,7 @@ source /a/bin/bash_unpublished/source-semi-priv
 if ! $at_home; then
     for var in old_host new_host; do
         case ${!var} in
-            treetowl)
+            tp)
                 eval $var=$HOME_DOMAIN
                 ;;
         esac
@@ -76,14 +88,16 @@ fi
 
 # because our port forward is not robust enough, we can't use proxy command,
 # todo: setup vpn so this is all taken care of.
-if ! $at_home; then
+if ! $update_wrt; then
+    wrt_shell=:
+elif $at_home; then
+    wrt_shell="ssh wrt.b8.nz"
+else
     if [[ $old_host == iank.vpn.office.fsf.org || $new_host == iank.vpn.office.fsf.org ]]; then
         wrt_shell="ssh iank.vpn.office.fsf.org ssh wrt.b8.nz"
     else
         wrt_shell="ssh $HOME_DOMAIN ssh wrt.b8.nz"
     fi
-else
-    wrt_shell="ssh wrt.b8.nz"
 fi
 
 btrbk_test="systemctl is-active btrbk.service"
diff --git a/transmission-firewall/netns.rules b/transmission-firewall/netns.rules
index a8c8c2c..f1b6bdd 100644
--- a/transmission-firewall/netns.rules
+++ b/transmission-firewall/netns.rules
@@ -38,4 +38,8 @@
 
 -A OUTPUT -o tun0 -j ACCEPT
 -A INPUT -i tun0 -j ACCEPT
+
+# makes debugging things easier
+-A INPUT -p icmp -j ACCEPT
+-A OUTPUT -p icmp -j ACCEPT
 COMMIT