From: Ian Kelling <ian@iankelling.org>
Date: Mon, 22 Apr 2024 04:24:05 +0000 (-0400)
Subject: unify dns related config, change some dns settings
X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=c91604aff2ce49bd4ce9b429b9e738286a319923

unify dns related config, change some dns settings
---

diff --git a/brc b/brc
index 2ffd91c..5105c59 100644
--- a/brc
+++ b/brc
@@ -2139,7 +2139,7 @@ pkx() { # package extract
   c "$(mktemp -d)"
   pkg=$1
   # shellcheck disable=SC2012
-  cached=$(ls -t /var/cache/apt/archives/${pkg}_* | tail -n1 2>/dev/null) ||:
+  cached=$(ls -t /var/cache/apt/archives/${pkg}_* 2>/dev/null | tail -n1 2>/dev/null) ||:
   if [[ $cached ]]; then
     m cp $cached .
   else
@@ -2900,6 +2900,7 @@ nonet() {
 }
 
 m() { printf "%s\n" "$*";  "$@"; }
+m2() { printf "%s\n" "$*" >&2;  "$@"; }
 
 # update file. note: duplicated in mail-setup.
 # updates $ur u result to true or false
diff --git a/brc2 b/brc2
index aa370ac..9e2b548 100644
--- a/brc2
+++ b/brc2
@@ -840,6 +840,7 @@ mpvrpc-loadfile() {
 # q quit
 # ret next
 #
+# todo: enter should also unpause
 beetag()  {
   local last_genre_i fstring tag id char new_item char_i genre tag remove doplay i j random path
   local do_rare_genres read_wait help line lsout tmp ls_line skip_lookback
@@ -2055,6 +2056,7 @@ apache-apply() {
 }
 # strip out the apache license from a file.
 apache-strip() {
+  # shellcheck disable=SC2044 # meh
   for f in $(find . -type f -maxdepth 1); do if head -n1 "$f"| grep -E '^#!/bin/bash\b' &>/dev/null; then { head -n 20 $f | tac | sed '/^# limitations under the License.$/,/^# Copyright.*Ian Kelling$/d' | tac; tail -n+21 $f; } |sponge $f; fi ; done
 }
 
@@ -2628,19 +2630,52 @@ wgkey() {
   umask $umask_orig
 }
 
-declare -A vpn_ips
-vpn_ips[kd]=2
-# note: 1, 4, 5 are occupied by mail wireguard
-vpn_ips[x3]=8
-vpn_ips[sy]=12
-vpn_ips[x2]=13
-vpn_ips[kw]=27
-vpn_ips[bo]=28
-vpn_ips[frodo]=34
-vpn_ips[s23b]=49
+host-info-update() {
+
+  local -A vpn_ips host_ips host_macs nonvpn_ips
+  local -a root_hosts nonroot_hosts
+
+  # the hosts with no mac
+  root_hosts=( bk je li b8.nz )
+  for h in ${root_hosts[@]}; do
+    root_hosts+=(${h}ex)
+  done
+  root_hosts+=(cmc)
+
+  while read -r ip host mac opts; do
+    if [[ $ip == *#*  || ! $host ]]; then continue; fi
+    if [[ $opts == vpn ]]; then
+      vpn_ips[$host]=$ip
+    else
+      nonvpn_ips[$host]=$ip
+    fi
+
+
+    if [[ $opts == user=root ]]; then
+      root_hosts+=($host i$host)
+    else
+      nonroot_hosts+=($host i$host)
+    fi
+
+    host_ips[$host]=$ip
+    host_macs[$host]=$mac
+  done </p/c/host-info
+
+  cedit /p/c/subdir_files/.ssh/config <<EOF || [[ $? == 1 ]]
+Host ${nonroot_hosts[@]}
+User iank
+IdentityFile ~/.ssh/home
+
+Host ${root_hosts[@]}
+IdentityFile ~/.ssh/home
+EOF
+
+
+  grep -E '^[a-z0-9]+[[:space:]]' /p/c/machine_specific/vps/bind-initial/db.b8.nz | awk '{print $1,$3}'
 
-vpn-ips-update() {
   local host ipsuf f files
+
+  sedi '/edits below here are made automatically/,$d' /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf
   for host in ${!vpn_ips[@]}; do
     ipsuf=${vpn_ips[$host]}
     wghole $host $ipsuf
@@ -2685,15 +2720,28 @@ EOF
   done
 
   {
-    for host in ${!vpn_ips[@]}; do
-      ipsuf=${vpn_ips[$host]}
-      cat <<EOF
-local-data-ptr: "10.2.0.$ipsuf $host.b8.nz"
-EOF
+    echo "cat <<EOF"
+    for host in ${!host_ips[@]}; do
+      ipsuf=${host_ips[$host]}
+      echo 'local-data-ptr: "$l.'$ipsuf $host.b8.nz'"'
+    done
+    echo "EOF"
+  } | u /p/ptr-data
+
+  {
+    echo "cat <<EOF"
+    for host in ${!host_ips[@]}; do
+      ipsuf=${host_ips[$host]}
+      echo "dhcp-host=${host_macs[$host]},set:$host,\$l.7,$host"
     done
-  } | u /b/ds/ptr-data
+    echo "EOF"
+  } | u /p/dnsmaq-data
 
   {
+    for host in ${!nonvpn_ips[@]}; do
+      ipsuf=${nonvpn_ips[$host]}
+      echo "$host	A	10.2.0.$ipsuf"
+    done
     for host in ${!vpn_ips[@]}; do
       ipsuf=${vpn_ips[$host]}
       cat <<EOF
@@ -2729,8 +2777,7 @@ EOF
   for f in "${files[@]}"; do
     host=${f%%/*}
     if [[ ! ${vpn_ips[$host]} ]]; then
-      e /p/c/machine_specific/$host/filesystem/etc/wireguard/wghole.conf
-      e cedit -s $host /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf '<<<""'
+      e rm /p/c/machine_specific/$host/filesystem/etc/wireguard/wghole.conf
     fi
   done
 }
diff --git a/dynamic-ip-update b/dynamic-ip-update
index f4cec4b..12726ae 100755
--- a/dynamic-ip-update
+++ b/dynamic-ip-update
@@ -88,7 +88,6 @@ main() {
   case $gateway in
     10.2.0.1)
       dyndomain=b8.nz
-      dynhost=i.b8.nz
       ;;
     *)
       return 0
@@ -116,7 +115,7 @@ main() {
 
 
   if $athome; then
-    if ! cur4="$(dig +short $dynhost @iankelling.org | tail -1)"; then
+    if ! cur4="$(dig +short $dyndomain @iankelling.org | tail -1)"; then
       if [[ ! $INVOCATION_ID ]]; then
         echo "$0: dig failed. internet looks down. giving up"
       fi
@@ -175,8 +174,6 @@ EOF
 
   if $up4; then
     cat >>$tmpf <<EOF
-update delete $dynhost. A
-update add $dynhost. 300 A $ip4
 update delete $dyndomain. A
 update add $dyndomain. 300 A $ip4
 EOF
diff --git a/easiest-to-type-numbers b/easiest-to-type-numbers
new file mode 100755
index 0000000..279151f
--- /dev/null
+++ b/easiest-to-type-numbers
@@ -0,0 +1,83 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source /a/bin/bash-bear-trap/bash-bear
+
+e () {
+    printf "%s\n" "$*"
+}
+
+
+prefix=$1
+suffix=$2
+
+# print number
+pn() {
+  for n; do
+    e $prefix$n$suffix
+  done
+}
+
+# level 1 numbers
+l1=(2 3 8 9)
+
+# level 2 numbers
+l2=(4 7)
+
+l12=( ${l1[@]} ${l2[@]} )
+
+t1() {
+
+  pn ${l1[@]}
+}
+
+t2() {
+
+  pn ${l2[@]}
+}
+
+declare -A used
+t3() {
+  for d1 in ${l1[@]}; do
+    for d2 in ${l1[@]}; do
+      if (( d1 == d2 )); then continue; fi
+      pn $d1$d2
+      used[$d1$d2]=t
+    done
+  done
+}
+
+t4() {
+  for d1 in ${l12[@]}; do
+    for d2 in ${l12[@]}; do
+      if (( d1 == d2 )); then continue; fi
+      if [[ ${used[$d1$d2]} ]]; then continue; fi
+      pn $d1$d2
+      used[$d1$d2]=t
+    done
+  done
+}
+
+for t in {1..4}; do
+  e tier $t
+  t$t
+done
diff --git a/laptop-xrandr b/laptop-xrandr
index 417c9f7..4a0891a 100755
--- a/laptop-xrandr
+++ b/laptop-xrandr
@@ -23,12 +23,9 @@
 set -e; . /usr/local/lib/bash-bear; set +e
 
 
-output=HDMI2
-output=DP1
+output=$(xrandr | grep -E "^(HDMI.?|DP1) connected" | awk '{print $1}' ||:)
 
-if xrandr | grep -q "^$output disconnected" &>/dev/null; then
-  xrandr --auto
-else
+if [[ $output ]]; then
   xrandr --output $output --off
   sleep 2
   xrandr --output $output --right-of eDP1 --mode 3840x2160
@@ -37,4 +34,7 @@ else
     # if the workspace is already there, this will fail
     i3-msg '[workspace="'$i'"]' move workspace to output $output ||:
   done
+else
+  xrandr --auto
+
 fi
diff --git a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 94%
rename from machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service
index e96fdd7..9a5afec 100644
--- a/machine_specific/frodo/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/bow/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -24,10 +24,10 @@ LimitNPROC=10
 # we use .1 to make this be on a different network than kd, so that we can
 # talk to transmission on kd from remote host, and still use this
 # vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.34 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.29 start %i
 ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
 # allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.34.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.29.1 dev veth1-client
 ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
 PrivateNetwork=true
 BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
diff --git a/machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 93%
rename from machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service
index f6ac66a..dae65d4 100644
--- a/machine_specific/kw/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/sow/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -24,10 +24,10 @@ LimitNPROC=10
 # we use .1 to make this be on a different network than kd, so that we can
 # talk to transmission on kd from remote host, and still use this
 # vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.27 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.3 start %i
 ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
 # allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.27.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.3.1 dev veth1-client
 ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
 PrivateNetwork=true
 BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
diff --git a/machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 93%
rename from machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service
index d6010de..f85639d 100644
--- a/machine_specific/sy/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ b/machine_specific/syw/filesystem/etc/systemd/system/openvpn-client-tr@.service
@@ -24,10 +24,10 @@ LimitNPROC=10
 # we use .1 to make this be on a different network than kd, so that we can
 # talk to transmission on kd from remote host, and still use this
 # vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.12 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.7 start %i
 ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
 # allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.12.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.7.1 dev veth1-client
 ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
 PrivateNetwork=true
 BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
diff --git a/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service
deleted file mode 100644
index d16312d..0000000
--- a/machine_specific/x2/filesystem/etc/systemd/system/openvpn-client-tr@.service
+++ /dev/null
@@ -1,36 +0,0 @@
-[Unit]
-Description=OpenVPN tunnel for %I
-After=syslog.target network-online.target
-Wants=network-online.target
-Documentation=man:openvpn(8)
-Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
-Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
-Requires=iptables.service
-
-[Service]
-Type=notify
-RuntimeDirectory=openvpn-client
-RuntimeDirectoryMode=0710
-WorkingDirectory=/etc/openvpn/client
-ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
-# todo, try reenabling this from the default openvpn,
-# it was disabled so we could do bind mounts as a command,
-# but now systemd handles it
-#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-LimitNPROC=10
-# DeviceAllow=/dev/null rw
-# DeviceAllow=/dev/net/tun rw
-
-# we use .1 to make this be on a different network than kd, so that we can
-# talk to transmission on kd from remote host, and still use this
-# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.13 start %i
-ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
-# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.13.1 dev veth1-client
-ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
-PrivateNetwork=true
-BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
-
-[Install]
-WantedBy=multi-user.target
diff --git a/machine_specific/bo/filesystem/etc/systemd/system/openvpn-client-tr@.service b/machine_specific/x2w/filesystem/etc/systemd/system/openvpn-client-tr@.service
similarity index 100%
rename from machine_specific/bo/filesystem/etc/systemd/system/openvpn-client-tr@.service
rename to machine_specific/x2w/filesystem/etc/systemd/system/openvpn-client-tr@.service
diff --git a/mail-setup b/mail-setup
index e15a31e..3ac3476 100755
--- a/mail-setup
+++ b/mail-setup
@@ -3344,6 +3344,12 @@ EOF
     # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
     echo iankelling.org > /etc/mailname
 
+    # mail default domain.
+    u /etc/mailutils.conf <<'EOF'
+address {
+  email-domain iankelling.org;
+};
+EOF
 
     # mail.iankelling.org so local imap clients can connect with tls and
     # when they happen to not be local.
diff --git a/mount-latest-subvol b/mount-latest-subvol
index 1f4229e..433c7c2 100644
--- a/mount-latest-subvol
+++ b/mount-latest-subvol
@@ -267,7 +267,7 @@ fi
 # fa=(/mnt/root/btrbk/ar.*); f=${fa[0]}
 # if [[ -e $f ]]; then
 #   fstab <<EOF
-# $crypt_dev  /ar  btrfs  noatime,subvol=ar,uid=1000$mopts  0 0
+# $crypt_dev  /ar  btrfs  noatime,subvol=ar$mopts  0 0
 # EOF
 # fi
 
diff --git a/pkgs b/pkgs
index edb6c6c..e55f92c 100644
--- a/pkgs
+++ b/pkgs
@@ -233,6 +233,7 @@ p3=(
   nginx-doc
   nmap
   nyancat
+  nzbget
   obs-studio
   offlineimap
   oathtool
diff --git a/ptr-data b/ptr-data
deleted file mode 100644
index c8dfa67..0000000
--- a/ptr-data
+++ /dev/null
@@ -1,7 +0,0 @@
-local-data-ptr: "10.2.0.8 x3.b8.nz"
-local-data-ptr: "10.2.0.13 x2.b8.nz"
-local-data-ptr: "10.2.0.12 sy.b8.nz"
-local-data-ptr: "10.2.0.34 frodo.b8.nz"
-local-data-ptr: "10.2.0.27 kw.b8.nz"
-local-data-ptr: "10.2.0.2 kd.b8.nz"
-local-data-ptr: "10.2.0.28 bo.b8.nz"