From 6cc73025405b7a540eec371d1d8f7d9d13d8e019 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 27 Apr 2022 00:11:37 -0400 Subject: [PATCH] mostly fixes --- brc | 12 +++++++--- brc2 | 23 +++++++++++++++---- check-remote-mailqs | 12 ++++++++-- distro-begin | 6 ++--- distro-end | 6 ++++- filesystem/etc/prometheus/rules/iank.yml | 13 ++++++----- .../system/ssh.service.d/override.conf | 19 +++++++++++++++ i3-sway/common.conf | 8 +++++++ mail-setup | 15 ++++++------ mailtest-check | 2 +- schrootupdate | 1 + subdir_files/.config/i3/config | 8 +++++++ subdir_files/.config/sway/config | 8 +++++++ ziva-backup-check | 4 ++-- 14 files changed, 107 insertions(+), 30 deletions(-) create mode 100644 filesystem/etc/systemd/system/ssh.service.d/override.conf diff --git a/brc b/brc index e0f2a88..bd76bb4 100644 --- a/brc +++ b/brc @@ -238,8 +238,7 @@ export SL_INFO_DIR=/p/sshinfo if [[ -s $bashrc_dir/path-add-function ]]; then source $bashrc_dir/path-add-function if [[ $SSH_CLIENT ]]; then - # [[ -d /home/iank/.iank/e/e ]] mounts it unnecessarily, so use this. - if grep -qF /home/iank/.iank/e/e /etc/auto.iank /etc/exports &>/dev/null; then + if grep -qF /home/iank/.iank/e/e /etc/exports &>/dev/null; then export EMACSDIR=/home/iank/.iank/e/e fi path-add $bashrc_dir @@ -1321,6 +1320,13 @@ rsu() { # [OPTS] HOST PATH } ccomp rsync rsd rsa rst rsu +# find programs listening on a port +ssp() { + local port=$1 + # to figure out these args, i had to look at the man page from git version, as of 2022-04. + s ss -lpn state listening sport = $port +} + resolvcat() { local f if [[ $(systemctl is-active nscd ||:) != inactive ]]; then @@ -1328,7 +1334,7 @@ resolvcat() { fi f=/etc/resolv.conf echo $f:; ccat $f - hr; s ss -lpn 'sport = 53' + hr; s ss -lpn sport = 53 if systemctl is-enabled dnsmasq &>/dev/null || [[ $(systemctl is-active dnsmasq ||:) != inactive ]]; then # this will fail is dnsmasq is failed hr; m ser status dnsmasq | cat || : diff --git a/brc2 b/brc2 index d85511f..f18bfdb 100644 --- a/brc2 +++ b/brc2 @@ -21,6 +21,15 @@ path-add --ifexists --end /a/work/libremanage path-add --ifexists --end /a/opt/adt-bundle*/tools /a/opt/adt-bundle*/platform-tools path-add --ifexists --end /a/opt/scancode-toolkit-3.10. +case $HOSTNAME in + sy|bo) + # https://askubuntu.com/questions/1254544/vlc-crashes-when-opening-any-file-ubuntu-20-04 + if grep -qE '^VERSION_CODENAME="(nabia|focal)"' /etc/os-release &>/dev/null; then + export MESA_LOADER_DRIVER_OVERRIDE=i965 + fi + ;; +esac + export WCDHOME=/a @@ -492,14 +501,16 @@ lipush() { # note, i had --delete-excluded, but that deletes all files in --exclude-from on # the remote site, which doesn't make sense, so not sure why i had it. local p a - p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) + # excluding emacs for now + #p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) + p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}) a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes" ret=0 for h in li je bk; do m s rsync "$@" $a ${p[@]} /p/c/machine_specific/$h root@$h.b8.nz:/ || ret=$? - # only li is debian11 - p[0]=/a/opt/emacs-ubuntu20.04 - p[1]=/a/opt/emacs-ubuntu20.04-nox + ## only li is debian11 + #p[0]=/a/opt/emacs-trisuqel10 + #p[1]=/a/opt/emacs-trisquel10-nox done m s rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$? return $ret @@ -1280,6 +1291,10 @@ mygajim() { done } +allmygajim() { + sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank'" | less +} + gajlogs() { sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs" | less } diff --git a/check-remote-mailqs b/check-remote-mailqs index d37ec7a..df67a04 100755 --- a/check-remote-mailqs +++ b/check-remote-mailqs @@ -26,8 +26,16 @@ for h in bk je li frodo kwwg x3wg x2wg kdwg sywg; do else if [[ -s $statefile ]]; then logsec=$(date +%s -d "$(head -n1 $statefile | awk '{print $1,$2}')") - if (( logsec < EPOCHSECONDS - 60*60*20 )); then - echo $0: host $h ssh /usr/local/bin/check-mailq fail for over 20 hours + case h in + frodo) + hours=200 + ;; + *) + hours=20 + ;; + esac + if (( logsec < EPOCHSECONDS - 60*60*hours )); then + echo $0: host $h ssh /usr/local/bin/check-mailq fail for over $hours hours fi fi printf "%s\n" "$c" | ts "%F %T" >> $statefile diff --git a/distro-begin b/distro-begin index 0fee0af..f022ec3 100755 --- a/distro-begin +++ b/distro-begin @@ -367,10 +367,11 @@ if bitfolk; then sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts fi -# firefox exists but is 2 versions outdated +# libfdk just has some patent worries. +# https://www.gnu.org/licenses/license-list.en.html#fdk if isdeb && [[ $(debian-codename) == nabia ]]; then sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF' -Package: unrar-free firefox libfdk-aac1 ansible +Package: libfdk-aac1 Pin: release n=focal,o=Ubuntu Pin-Priority: 500 EOF @@ -385,7 +386,6 @@ Pin: release a=nabia-backports Pin-Priority: -100 EOF - fi diff --git a/distro-end b/distro-end index 434ca2a..feabc62 100755 --- a/distro-end +++ b/distro-end @@ -525,9 +525,13 @@ Pin-Priority: 500 EOF ;; nabia) + # note, to get the latest, it would be n=bullseye* + # but that has conflicting package versions, so this does the old one. + # I only use it for special rare purposes. Just keep in mind it is an + # outdated insecure version. sd /etc/apt/preferences.d/chromium-bullseye <= 60 * 12 + time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 17 labels: severity: day annotations: - summary: '12 minutes down' + summary: '17 minutes down' - alert: mailtest_check_unexpected_spamd_vps expr: |- @@ -125,11 +126,11 @@ groups: - alert: mailtest_check_mailhost expr: |- - time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 12 + time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 17 labels: severity: day annotations: - summary: '12 minutes down' + summary: '17 minutes down' # 20 minutes. just allow for more due to prod alert. - alert: mailtest_check_gnu_mailhost diff --git a/filesystem/etc/systemd/system/ssh.service.d/override.conf b/filesystem/etc/systemd/system/ssh.service.d/override.conf new file mode 100644 index 0000000..8905c75 --- /dev/null +++ b/filesystem/etc/systemd/system/ssh.service.d/override.conf @@ -0,0 +1,19 @@ +# This is very strange. perhaps the initramfs ssh daemon was still +# holding open the port somehow. +# +# Apr 26 07:26:32 x2 systemd[1]: Starting OpenBSD Secure Shell server... +# Apr 26 07:26:33 x2 sshd[1256]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. +# Apr 26 07:26:33 x2 sshd[1256]: error: Bind to port 22 on :: failed: Address already in use. +# Apr 26 07:26:33 x2 sshd[1256]: fatal: Cannot bind any address. +# Apr 26 07:26:33 x2 systemd[1]: ssh.service: Main process exited, code=exited, status=255/EXCEPTION +# Apr 26 07:26:33 x2 systemd[1]: ssh.service: Failed with result 'exit-code'. +# Apr 26 07:26:33 x2 systemd[1]: Failed to start OpenBSD Secure Shell server. + +[Unit] +StartLimitIntervalSec=0 + +[Service] +Restart=always +RestartSec=20 + +ExecStopPost=+/usr/bin/ss -lpn state listening sport = 22 diff --git a/i3-sway/common.conf b/i3-sway/common.conf index ee678f8..39ee9b4 100644 --- a/i3-sway/common.conf +++ b/i3-sway/common.conf @@ -83,6 +83,14 @@ bindsym $mod+9 workspace 10 # random keybind, feel free to change bindsym $mod+Shift+m border toggle +# toggle tiling / floating +bindcode $mod+Shift+65 floating toggle + +# change focus between tiling / floating windows +bindcode $mod+65 focus mode_toggle +# Use Mouse+$mod to drag floating windows to their wanted position +floating_modifier $mod + bindsym $mod+j exec emacsclient -c bindsym $mod+k exec konsole bindsym $mod+l exec dmenu_run diff --git a/mail-setup b/mail-setup index e12149f..041ab1d 100755 --- a/mail-setup +++ b/mail-setup @@ -29,10 +29,6 @@ # todo: run mailping test after running, or otherwise # clear out terminal alert -# todo: on bk, dont send email if mailvpn is not up - -# todo: mailtest-check should check on bk too - # todo: disable postgrey # todo: in testforward-check, we should also look @@ -1212,6 +1208,7 @@ accept EOF rm -fv /etc/exim4/data_local_acl # old path + i /etc/exim4/conf.d/data_local_acl <<'EOF' # Except for the "condition =", this was # a comment in the check_data acl. The comment about this not @@ -1230,6 +1227,9 @@ warn warn !hosts = +iank_trusted + # They dont send spam, but needed this because + # smarthosts connect with residential ips and thus get flagged as spam. + !authenticated = plain_server:login_server condition = ${if < {$message_size}{5000K}} spam = Debian-exim:true add_header = X-Spam_score_int: $spam_score_int @@ -1239,6 +1239,7 @@ warn add_header = X-Spam_action: $spam_action warn + !authenticated = plain_server:login_server condition = ${if def:malware_name} remove_header = Subject: add_header = Subject: [Clamav warning: $malware_name] $h_subject @@ -3200,14 +3201,12 @@ case $HOSTNAME in # note: cronjob "ian" also does some important monitoring # todo: this will sometimes cause an alert because mailtest-check will run # before we have setup network namespace and spamassassin - cat >/etc/cron.d/mailtest </etc/systemd/system/mailtest-check.service <<'EOF' + i /etc/systemd/system/mailtest-check.service <<'EOF' [Unit] Description=mailtest-check After=local-fs.target diff --git a/mailtest-check b/mailtest-check index 03cf6ab..91e577c 100755 --- a/mailtest-check +++ b/mailtest-check @@ -86,7 +86,7 @@ main() { froms=(ian@iankelling.org z@zroe.org testignore@je.b8.nz iank@gnu.org) ;; je) - froms=(ian@iankelling.org z@zroe.org testignore@expertpathologyreview.com testignore@amnimal.ninja) + froms=(ian@iankelling.org z@zroe.org iank@gnu.org testignore@amnimal.ninja) folders=(/m/md/je.b8.nz/testignore) ;; *) diff --git a/schrootupdate b/schrootupdate index a55e2cd..182371e 100755 --- a/schrootupdate +++ b/schrootupdate @@ -41,4 +41,5 @@ for d in dev/pts dev proc sys; do umount $d fi done +cd / umount /mnt/tmptimer diff --git a/subdir_files/.config/i3/config b/subdir_files/.config/i3/config index 938f67e..d185b50 100644 --- a/subdir_files/.config/i3/config +++ b/subdir_files/.config/i3/config @@ -83,6 +83,14 @@ bindsym $mod+9 workspace 10 # random keybind, feel free to change bindsym $mod+Shift+m border toggle +# toggle tiling / floating +bindcode $mod+Shift+65 floating toggle + +# change focus between tiling / floating windows +bindcode $mod+65 focus mode_toggle +# Use Mouse+$mod to drag floating windows to their wanted position +floating_modifier $mod + bindsym $mod+j exec emacsclient -c bindsym $mod+k exec konsole bindsym $mod+l exec dmenu_run diff --git a/subdir_files/.config/sway/config b/subdir_files/.config/sway/config index 0d56fef..fbebd2f 100644 --- a/subdir_files/.config/sway/config +++ b/subdir_files/.config/sway/config @@ -83,6 +83,14 @@ bindsym $mod+9 workspace 10 # random keybind, feel free to change bindsym $mod+Shift+m border toggle +# toggle tiling / floating +bindcode $mod+Shift+65 floating toggle + +# change focus between tiling / floating windows +bindcode $mod+65 focus mode_toggle +# Use Mouse+$mod to drag floating windows to their wanted position +floating_modifier $mod + bindsym $mod+j exec emacsclient -c bindsym $mod+k exec konsole bindsym $mod+l exec dmenu_run diff --git a/ziva-backup-check b/ziva-backup-check index 1d5e432..3db63fc 100755 --- a/ziva-backup-check +++ b/ziva-backup-check @@ -18,14 +18,14 @@ fi ## begin check on btrbk -age_limit_sec=$(( 60 * 60 * 74 )) # 74 hours +age_limit_sec=$(( 60 * 60 * 24 * 7 )) # 7 days. for prefix in root boot; do if [[ $prefix == boot ]]; then # its not uncommon for the /boot subvol to have no changes, and thus # no new backups for 10 days or so. todo: instead of this error # prone check, we should make it so the ziva computer will # touch a file on our computer whenever btrbk succeeds - age_limit_sec=$(( age_limit_sec + 60* 60 * 24 * 15 )) + age_limit_sec=$(( age_limit_sec + 60* 60 * 24 * 35 )) fi vol=${prefix}_ubuntubionic snaps=(/mnt/r7/amy/$prefix/btrbk/${vol}.20*) -- 2.30.2