From 7828c7fd662aca1327c45854614237ca9a942a00 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sun, 15 Jan 2017 07:31:33 -0800
Subject: [PATCH] various fixes, add emacs wrappers

---
 btrbk-run    | 22 +++++++-----
 distro-begin | 36 ++++++++++++-------
 distro-end   | 97 +++++++++++++++++++++++++++++++++++++++++++++-------
 g            | 22 ++++++++++++
 g2           |  4 +++
 mail-setup   | 14 +++++---
 rootsshsync  | 15 ++++----
 7 files changed, 166 insertions(+), 44 deletions(-)
 create mode 100755 g
 create mode 100644 g2

diff --git a/btrbk-run b/btrbk-run
index 485c7f5..961208e 100755
--- a/btrbk-run
+++ b/btrbk-run
@@ -32,15 +32,16 @@ conf_only=false
 dry_run=false # mostly for testing
 resume_arg=
 
-temp=$(getopt -l help hcnrt: "$@") || usage 1
+temp=$(getopt -l help hcnprt: "$@") || usage 1
 eval set -- "$temp"
 while true; do
     case $1 in
         -c) conf_only=true; shift ;;
         -n) dry_run=true; dry_run_arg=-n; shift ;;
+        -p) progress_arg="--progress"; shift ;;
         # btrbk arg: Resume only. Skips snapshot creation.
         -r) resume_arg=-r; shift ;;
-        -t) IFS=, targets=($2); shift 2 ;;
+        -t) IFS=, targets=($2); unset IFS; shift 2 ;;
         -h|--help) usage ;;
         --) shift; break ;;
         *) echo "$0: Internal error!" ; exit 1 ;;
@@ -71,17 +72,13 @@ tg-conf() {
 target send-receive ssh://$tg$vol/btrbk
 EOF
 }
-m() { printf "%s\n" "$*";  "$@"; }
+m() { printf "%s: %s\n" "${0##*/}" "$*";  "$@"; }
 
 
 if ! which btrbk &>/dev/null; then
     echo "$0: error: no btrbk binary found"
 fi
 
-if [[ $- == *i* ]]; then
-    progress_arg=--progress
-fi
-
 cat >/etc/btrbk.conf <<'EOF'
 ssh_identity /root/.ssh/id_rsa
 # Just a guess that local7 is a good facility to pick.
@@ -135,8 +132,17 @@ if [[ ! $targets ]]; then
                 targets=($HOME_DOMAIN)
             fi
             ;;
+        treetowl)
+            targets=(frodo)
+            if timeout -s 9 10 ssh x2 :; then
+                targets+=(x2)
+            fi
+            ;;
+        *)
+            targets=(frodo)
+            ;;
     esac
-    targets=(frodo)
+    echo "targets: ${targets[*]}"
 fi
 
 
diff --git a/distro-begin b/distro-begin
index a765491..bbd94f2 100755
--- a/distro-begin
+++ b/distro-begin
@@ -567,7 +567,7 @@ EOF
     fi
 fi
 
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
 for dir in /{i,w,k}; do
     if mountpoint $dir; then continue; fi # already mounted
     s mkdir -p $dir
@@ -583,16 +583,21 @@ s mkdir -p /mnt/iroot
 # then waits endlessly for them on bootup, after the /dev/mapper disks
 # have already been created and exist. todo: create a simple repro
 # for this in a vm and report it upstream.
+pi nfs-common
 s dd of=/root/imount <<'EOF'
 #!/bin/bash
 [[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 for dir in /i /mnt/iroot /w /k /kr; do
-  if ! mountpoint $dir &>/dev/null && \
-        awk '{print $2}' /etc/fstab | grep -xFq $dir; then
-    mount $dir
-  fi
+    if ! mountpoint $dir &>/dev/null && \
+            awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+        if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+            mount $dir || echo "warning: failed to mount nfs on $dir"
+        else
+            mount $dir
+        fi
+    fi
 done
 EOF
 s chmod +x /root/imount
@@ -714,28 +719,33 @@ EOF
 
 
 if isdeb; then
-    # I've had problems with postfix on debian:
+    # I\'ve had problems with postfix on debian:
     # on stretch, a startup ordering issue caused all mail to fail.
     # postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
     # exim4 is default on debian, so I assume it would
     # be packaged better to avoid these types of things.
-    # I haven't gotten around to getting a non-debian exim
+    # I haven\'t gotten around to getting a non-debian exim
     # setup.
     mail-setup exim4
-   else
-       mail-setup postfix
+else
+    mail-setup postfix
 fi
 
-   if isubuntu; then
-       # disable crash report annoying crap
-       s dd of=/etc/default/apport <<<'enabled=0'
-   fi
+if isubuntu; then
+    # disable crash report annoying crap
+    s dd of=/etc/default/apport <<<'enabled=0'
+fi
 
 # fai sets this an old way that doesn't work for stretch.
 # no harm in setting it universally here.
 # using debconf-set-selection, the area gets reset to ETC
 # on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
 # so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
 s apt-get -y install --no-install-recommends expect
 s expect <<EOF
 set force_conservative 0
diff --git a/distro-end b/distro-end
index 8034fb9..1878ebe 100755
--- a/distro-end
+++ b/distro-end
@@ -81,6 +81,7 @@ case $HOSTNAME in
             manpages
             manpages-dev
             meld
+            mumble
             nmap
             offlineimap
             p7zip
@@ -90,11 +91,13 @@ case $HOSTNAME in
             pianobar
             pidgin
             python3-mutagen
+            reportbug
             squashfs-tools
             swh-plugins
             tcpdump
             transmission-remote-gtk
             vlc
+            wcd
         )
         ;;
 esac
@@ -233,6 +236,7 @@ fi
 pi "${simple_packages[@]}"
 simple_packages=()
 
+# website setup
 case $HOSTNAME in
     lj|li)
 
@@ -246,11 +250,16 @@ case $HOSTNAME in
         sudo -E /a/bin/mediawiki-setup/mw-setup-script
         #$src/phab-setup
 
+        pi-nostart mumble-server
+        s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" mumble-server.ini
+        sgo mumble-server
+
         echo "$0: $(date): ending now)"
         exit 0
         ;;
 esac
 
+
 ########### end section including li/lj ###############
 
 
@@ -355,6 +364,10 @@ EOF
             # I originaly setup rpc-whitelist, but after using
             # routing to a network namespace, it doesn't see the
             # real source address, so it's disabled.
+            #
+            # Changed the cache-size to 128 mb, reduces disk use.
+            # It is a read & write cache.
+            #
             # todo: setup a password.
             s ruby <<'EOF'
 require 'json'
@@ -365,9 +378,10 @@ File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
 'incomplete-dir' => '/k/partial-torrents',
 'incomplete-dir-enabled' => true,
 'download-dir' => '/i/k/torrents',
-"speed-limit-up" => 700,
+"speed-limit-up" => 800,
 "speed-limit-up-enabled" => true,
 "peer-port" => 61486,
+"cache-size-mb" => 128,
 "ratio-limit" => 1.4000,
 "ratio-limit-enabled" => false,
 "pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
@@ -678,16 +692,29 @@ case $distro in
             # has no unstable dependencies
             spa bitcoin-qt/unstable
         fi
-        ;;
-    s cp /a/opt/bitcoin/contrib/init/bitcoind.service /usr/lib/systemd/system
-    ser daemon-reload
-    sgo bitcoind
-
-    s mkdir -p $dir
-    s touch $f
-    s chmod -R o-rwx $dir
-    s chown -R bitcoin:bitcoin $dir
-    s dd of=$f <<EOF
+        s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
+        ser daemon-reload
+
+        dir=/nocow/.bitcoin
+        s mkdir -p $dir
+        s chown -R bitcoin:bitcoin $dir
+        dir=/etc/bitcoin
+        s mkdir -p $dir
+        s chown -R root:bitcoin $dir
+        s chmod 750 $dir
+        f=$dir/bitcon.conf
+
+        # pruning decreases the bitcoin dir to 2 gb, keeps
+        # just the recent blocks. can't do a few things like
+        # import a wallet dump.
+        # pruning works, but people had to do
+        # some manual stuff in joinmarket. I dun need the
+        # disk space, so not bothering yet, maybe in a year or so.
+        # https://github.com/JoinMarket-Org/joinmarket/issues/431
+        #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
+        #prune=550
+
+        s dd of=$f <<EOF
 rpcbind=127.0.0.1
 server=1
 rpcpassword=$(openssl rand -base64 32)
@@ -697,11 +724,57 @@ rpcuser=$(openssl rand -base64 32)
 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
 EOF
+        ;;
     # other distros unknown
 esac
 if [[ $HOSTNAME == treetowl ]]; then
-    # dunno about sharing a wallet between multiple instances
+    pi libsodium-dev python3-pip
+    cd /a/opt/joinmarket
+    # using develop branch, as it seems to be mostly bug fixes,
+    # and this is quite new software.
+    # note: python3 does not work.
+    pip install -r requirements.txt
+    # we need bitcoin.conf in the data dir according to
+    # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
+    # following the example .service script, I don\'t have it there,
+    # and I generate it, so lets just symlink it.
+    sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
+
+    # one time, manually did python wallet-tool.py generate.
+    # The "wallet" is just a key which deterministically generates addresses.
+    # One time: move the wallet, then link to it.
+    # ln -s /p/joinmarket/wallet.json wallets
+    #
+    # see wallet addresses via:
+    # python wallet-tool.py wallet.json
+    # send to the first 3 mixing depth 0 addresses.
+    # depths are like "identities", to separate out association with
+    # each other. the big hash in that output is the depth/branch id,
+    # ignore it afaik.
+    #
+    # after sending btc to wallet from a 3rd party service, check that
+    # at least 20% of utxo of each transaction was sent to you,
+    # btc listtransactions 10 0 true
+    # btc getrawtransaction TXID 1
+    #
+    # to view status, do
+    # python wallet-tool.py wallet.json history
+    #
+    # to help make other people,
+    # python yield-generator-basic.py wallet.json
+
+    for var in rpcuser rpcpassword; do
+        u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
+        # escape backslashes
+        u="${u//\\/\\\\\\\\}"
+        # escape commas
+        u="${u//,/\\,}"
+        sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
+    done
+    sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
 
+    # dunno about sharing a wallet between multiple instances
+    # manually did, wallet.dat symlinked in /nocow/.bitcoin
     sgo bitcoind
 fi
 
diff --git a/g b/g
new file mode 100755
index 0000000..0b5c901
--- /dev/null
+++ b/g
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# note: starting emacs server can hang due to errors in init files
+# which don't cause problems for non-server emacs. And things
+# that aren't errors can cause hang too, like when I added gnus
+# git to load path.
+
+# I was experimenting with running
+# under gdb always to diagnose any hangs/crashes
+# and it won't work due to a gdb crash:
+# gdb -ex="set follow-fork-mode child" -ex=r -ex=quit --args emacsclient -nc
+# -n = --no-wait, go into background
+# -c = create new frame instead of reusing the current frame
+# -a = alternate editor, empty string makes it start emacs daemon.
+# This is also set via env variable, but that doesn't propagate everywhere.
+
+
+if pgrep -u $EUID emacsclient && (( $# )); then
+    emacsclient -a "" -n "$@"
+else
+    emacsclient -a "" -nc "$@"
+fi
diff --git a/g2 b/g2
new file mode 100644
index 0000000..a00227c
--- /dev/null
+++ b/g2
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# force creation of new frame.
+exec emacsclient -a "" -nc "$@"
diff --git a/mail-setup b/mail-setup
index db4daa7..ffd6f8c 100755
--- a/mail-setup
+++ b/mail-setup
@@ -73,6 +73,8 @@ smarthost="$host::587" # exim
 # it might work in /etc/aliases, but this seems more proper.
 e $forward > ~/.forward
 e $forward | s tee /root/.forward
+# exim log complains about 664 permissions.
+s chmod 644 ~/.forward /root/.forward
 
 
 # offlineimap uses this too, it is much easier to use one location than to
@@ -82,7 +84,7 @@ case $distro in
     *) :
 esac
 
-read -r domain pass < <(s cat /etc/mailpass)
+read -r domain pass < <(s cat /etc/mailpass) # format: domain user:pass
 if postfix; then
     # dunno why, but debian installed postfix with builddep emacs
     # but I will just explicitly install it here since
@@ -131,7 +133,7 @@ EOF
     f=/etc/postfix/sasl_passwd
     s touch $f
     s chmod 600 $f
-    echo "[$domain]:587 ${pass/@/#}" | s dd of=/etc/postfix/sasl_passwd >/dev/null
+    printf "[%s]:587 %s" "$domain" "${pass/@/#}" | s dd of=/etc/postfix/sasl_passwd 2>/dev/null
     s postmap hash:/etc/postfix/sasl_passwd
     s service postfix reload
 else
@@ -159,7 +161,9 @@ EOF
     f=/etc/exim4/passwd.client
     s touch $f
     s chmod 640 $f # before writing sensitive info
-    echo "$domain:${pass/:/::}" | s dd of=$f >/dev/null
+    s chown root:Debian-exim $f
+    # reference: exim4_passwd_client(5)
+    printf "%s:%s" "$domain" "$pass" | s dd of=$f 2>/dev/null
     # https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
     # i only need .forwards, so just doing that one.
     cd /etc/exim4/conf.d/router
@@ -168,8 +172,8 @@ EOF
     tmp=$(mktemp)
     of=175_$b
     # sed to make the router name unique
-    sed -r s/^\\S+:/$b:/ 600_exim4-config_$a >$tmp
-    if diff -q >/dev/null $tmp $of; then
+    sed -r s/^\\S+:/$b:/ 600_exim4-config_$a | s dd of=$tmp 2>/dev/null
+    if ! diff -q >/dev/null $tmp $of; then
         s dd if=$tmp of=$of >/dev/null
         ser restart exim4
     fi
diff --git a/rootsshsync b/rootsshsync
index aef668a..592a5aa 100755
--- a/rootsshsync
+++ b/rootsshsync
@@ -1,4 +1,4 @@
-#!/bin/bash -l
+#!/bin/bash
 # Copyright (C) 2016 Ian Kelling
 
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,10 +13,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-if s test -e /q/root/.ssh; then
-    s lnf /q/root/.ssh /root
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+if sudo test -e /q/root/.ssh; then
+    sudo /a/exe/lnf /q/root/.ssh /root
 else
-    mkdir /root/.ssh
+    sudo mkdir /root/.ssh
 fi
-s cp -rL $(eval echo ~${SUDO_USER:-$USER})/.ssh/* /root/.ssh
-s chown -R root:root /root/.ssh
+sudo cp -rL $(eval echo ~${SUDO_USER:-$USER})/.ssh/* /root/.ssh
+sudo chown -R root:root /root/.ssh
-- 
2.30.2