From 7b47d6a266340223e78317cfe0570868f45a4cad Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Tue, 15 Feb 2022 10:33:36 -0500 Subject: [PATCH] misc fixes and improvements --- brc | 24 +++++++--- brc2 | 13 +++--- btrbk-run | 14 +++--- check-subvol-stale | 2 +- desktop-20-autostart.sh | 2 +- distro-begin | 2 +- distro-end | 15 ++++-- i3-sway/common.conf | 2 +- machine_specific/btrbk.hosts | 1 + .../kd/filesystem/etc/btrbk/root2.conf | 45 ++++++++++++++++++ machine_specific/kd/filesystem/etc/cron.d/kd | 16 +++++-- mail-setup | 3 +- sl/.iank/ecat | 1 + sl/.iank/eg | 1 + sl/.iank/egbefore | 1 + sl/.iank/egpanic | 1 + sl/.iank/ex | 1 + sl/.iank/exigrep-wrappers-common | 1 + subdir_files/sieve/lists.sieve | 10 ++++ subdir_files/sieve/liststest.sieve | 10 ++++ system-status | 24 +++++----- zboot | 5 ++ ziva-backup-check | 46 +++++++++++++++++++ 23 files changed, 197 insertions(+), 43 deletions(-) create mode 100644 machine_specific/kd/filesystem/etc/btrbk/root2.conf create mode 120000 sl/.iank/ecat create mode 120000 sl/.iank/eg create mode 120000 sl/.iank/egbefore create mode 120000 sl/.iank/egpanic create mode 120000 sl/.iank/ex create mode 120000 sl/.iank/exigrep-wrappers-common create mode 100755 ziva-backup-check diff --git a/brc b/brc index cc38787..0b89b66 100644 --- a/brc +++ b/brc @@ -227,6 +227,7 @@ if [[ -s $bashrc_dir/path-add-function ]]; then if grep -qF /home/iank/.iank/e/e /etc/auto.iank /etc/exports &>/dev/null; then export EMACSDIR=/home/iank/.iank/e/e fi + path-add $bashrc_dir fi fi @@ -249,15 +250,23 @@ if [[ -s /usr/share/wcd/wcd-include.sh ]]; then source /usr/share/wcd/wcd-include.sh fi -if [[ -s /a/bin/small-misc-bash/ll-function ]]; then - source /a/bin/small-misc-bash/ll-function -elif [[ -s $bashrc_dir/ll-function ]]; then - # shellcheck source=/a/bin/small-misc-bash/ll-function - source $bashrc_dir/ll-function -fi +mysrc() { + local path dir file + path=$1 + dir=${path%/*} + file=${path##*/} + if [[ -s $path ]]; then + source $path + elif [[ -s $bashrc_dir/$file ]]; then + source $bashrc_dir/$file + fi +} +mysrc /a/bin/small-misc-bash/ll-function +mysrc /a/bin/distro-functions/src/package-manager-abstractions + # * functions ccomp() { # copy completion @@ -1964,6 +1973,9 @@ if [[ $- == *i* ]]; then if [[ $EUID != 0 ]] && [[ $DID_SUDO ]]; then ps_char="SUDO $ps_char" fi + if [[ ! $HISTFILE ]]; then + ps_char="NOHIST $ps_char" + fi PS1="${PS1%"${PS1#*[wW]}"} \[$ps_color\]$ps_char\[$term_nocolor\] " # set titlebar. instead, using more advanced diff --git a/brc2 b/brc2 index 1e2f999..6f0d016 100644 --- a/brc2 +++ b/brc2 @@ -35,7 +35,6 @@ esac # generated instead of dynamic for the benefit of shellcheck #for x in /a/bin/distro-functions/src/* /a/bin/!(githtml)/*-function?(s); do echo source $x ; done source /a/bin/distro-functions/src/identify-distros -source /a/bin/distro-functions/src/package-manager-abstractions source /a/bin/log-quiet/logq-function # for x in /a/bin/bash_unpublished/source-!(.#*); do echo source $x; done source /a/bin/bash_unpublished/source-semi-priv @@ -1019,11 +1018,11 @@ wghole() { local host ipsuf umask_orig host=$1 ipsuf=$2 - mkdir -p /p/c/machine_specific/$host/filesystem/etc/{wireguard,network/interfaces.d} + mkdir -p /p/c/machine_specific/$host/filesystem/etc/wireguard cd /p/c/machine_specific/$host/filesystem/etc/wireguard umask_orig=$(umask) umask 0077 - wg genkey | tee $host-priv.key | wg pubkey > $host-pub.key + wg genkey | tee hole-priv.key | wg pubkey > hole-pub.key cat >wghole.conf </dev/null; then + sudo umount /mnt/$base + fi l=$(sudo cryptsetup status /dev/mapper/$base|sed -rn 's/^\s*device:\s*(.*)/\1/p') sudo cryptsetup luksClose /dev/mapper/$base || return 1 sudo losetup -d $l @@ -1703,10 +1704,10 @@ vpnoff() { sudo systemctl stop $vpn_service@$1 } vpnoffc() { # vpn off client - ser stop openvpn-nn@client + ser stop openvpn-client-tr@client } vpnc() { - ser start openvpn-nn@client + ser start openvpn-client-tr@client } diff --git a/btrbk-run b/btrbk-run index c83b763..2e839ee 100644 --- a/btrbk-run +++ b/btrbk-run @@ -175,13 +175,13 @@ if [[ ! -v targets && ! $source ]]; then kw) at_work=true ;;& - x2|x3|sy) + x2|x3|sy|bo) if ping -q -c1 -w1 hal.office.fsf.org \ && ip n show 192.168.0.26 | grep . &>/dev/null; then at_work=true fi ;;& - kw|x2|x3|sy) + kw|x2|x3|sy|bo) if $at_work; then if ping -q -c1 -w1 iank.vpn.office.fsf.org &>/dev/null; then home=iank.vpn.office.fsf.org @@ -195,7 +195,7 @@ if [[ ! -v targets && ! $source ]]; then kw) targets+=($home x3) ;; - x2|x3|sy) + x2|x3|sy|bo) targets+=($home) if $at_work; then targets+=(kw.office.fsf.org x2.b8.nz) @@ -205,11 +205,11 @@ if [[ ! -v targets && ! $source ]]; then ;; kd) targets+=(x2.b8.nz kw.b8.nz) - ## sy is unused - # if ping -q -c1 -w1 sy.b8.nz &>/dev/null; then - # targets+=(sy.b8.nz) + # temporarily disabled while doing maint + # if ping -q -c1 -w1 bo.b8.nz &>/dev/null; then + # targets+=(bo.b8.nz) # else - # targets+=(syw.b8.nz) + # targets+=(bow.b8.nz) # fi ;; frodo) diff --git a/check-subvol-stale b/check-subvol-stale index 3d64988..a3d0149 100644 --- a/check-subvol-stale +++ b/check-subvol-stale @@ -172,7 +172,7 @@ for d; do for s in ${snaps[@]}; do f=${s##*/} unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s) - printf "%s %s\n" $unix_time $s + printf "%s %s\n" $unix_time $s # part of the pipeline # sort will fail done | sort -r | head -n 1 | awk '{print $2}' || [[ ${PIPESTATUS[1]} == 141 || ${PIPESTATUS[0]} == 32 ]] ) diff --git a/desktop-20-autostart.sh b/desktop-20-autostart.sh index ff8e654..0a3d139 100755 --- a/desktop-20-autostart.sh +++ b/desktop-20-autostart.sh @@ -33,7 +33,7 @@ if echo "$xout" | grep "^HDMI-1 connected" &>/dev/null; then xrandr --output VGA-1 --off --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output eDP-1 --off fi case $HOSTNAME in - sy) /a/bin/distro-setup/input-setup l ;; + sy|bo) /a/bin/distro-setup/input-setup l ;; *) /a/bin/distro-setup/input-setup m ;; esac diff --git a/distro-begin b/distro-begin index fa8879e..4a1ab21 100755 --- a/distro-begin +++ b/distro-begin @@ -606,7 +606,7 @@ if isubuntu; then fi ##### install laptop hardware packages -if tp || x2 || x3; then +if tp || x2 || x3 || bo || sy; then case $distro in debian) pi task-laptop diff --git a/distro-end b/distro-end index 51f4bc4..ee6693c 100755 --- a/distro-end +++ b/distro-end @@ -633,6 +633,9 @@ EOF sd /etc/openvpn/client-config-hole/onep9 <<'EOF' ifconfig-push 10.5.5.14 255.255.255.0 +EOF + sd /etc/openvpn/client-config-hole/bo <<'EOF' +ifconfig-push 10.5.5.13 255.255.255.0 EOF sd /etc/openvpn/client-config-hole/sy <<'EOF' ifconfig-push 10.5.5.12 255.255.255.0 @@ -830,7 +833,7 @@ esac ### system76 things ### case $HOSTNAME in - sy) + sy|bo) # note, i stored the initial popos packages at /a/bin/data/popos-pkgs if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then # https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html @@ -848,7 +851,7 @@ EOF # Pin: release o=LP-PPA-system76-dev-stable # Pin-Priority: 1001 # EOF - pi system76-driver system76-firmware-cli + pi system76-driver system76-firmware # if you get a notice about a firmware update, the notifier on i3 # is too dumb to do anything when you click it. so to see # a changelog, cd to @@ -1179,9 +1182,13 @@ case $HOSTNAME in esac # user for short term use dropping of privileges -s groupadd -g 1023 zu -s useradd -g 1023 -u 1023 -c zu -s /bin/bash zu +if ! getent group zu &>/dev/null; then + s groupadd -g 1023 zu +fi +if ! getent passwd zu &>/dev/null; then + s useradd -g 1023 -u 1023 -c zu -s /bin/bash zu +fi # these things persist in ~/.config/syncthing, which I save in diff --git a/i3-sway/common.conf b/i3-sway/common.conf index 6f4b146..0e49aec 100644 --- a/i3-sway/common.conf +++ b/i3-sway/common.conf @@ -81,7 +81,7 @@ bindsym $mod+9 workspace 10 bindsym $mod+Shift+m border toggle bindsym $mod+j exec emacsclient -c -bindsym $mod+k exec alacritty +bindsym $mod+k exec kitty bindsym $mod+l exec dmenu_run # note default is 27% on my system76. not sure if these # keybinds will screw up other laptop brightness keys. diff --git a/machine_specific/btrbk.hosts b/machine_specific/btrbk.hosts index 7af85a1..43e86f2 100644 --- a/machine_specific/btrbk.hosts +++ b/machine_specific/btrbk.hosts @@ -4,3 +4,4 @@ x2 x3 frodo sy +bo diff --git a/machine_specific/kd/filesystem/etc/btrbk/root2.conf b/machine_specific/kd/filesystem/etc/btrbk/root2.conf new file mode 100644 index 0000000..d811240 --- /dev/null +++ b/machine_specific/kd/filesystem/etc/btrbk/root2.conf @@ -0,0 +1,45 @@ +snapshot_create onchange + +snapshot_preserve_min 2h +snapshot_dir btrbk +target_preserve_min 2h + + +ssh_identity /root/.ssh/home +# Just a guess that local7 is a good facility to pick. +# It's a bit odd that the transaction log has to be logged to +# a file or syslog, while other output is sent to std out. +# The man does not mention a way for them to be together, but +# I dunno if setting a log level like warn might also output +# transaction info. +transaction_syslog local7 + +# trying this out +stream_compress zstd + +archive_preserve_min latest + +# so we only run one at a time +lockfile /var/lock/btrbkroot2.lock + +# default format of short does not accomidate hourly preservation setting +timestamp_format long-iso + +# dont make new snapshot, we only receive new snapshots +snapshot_create no + +# if something fails and it's not obvious, try doing +# btrbk -l debug -v dryrun + +rate_limit no +volume ssh://syw/mnt/root +snapshot_preserve 18h 14d 4w 24m +target_preserve 18h 14d 4w 24m +subvolume root_ubuntubionic +target send-receive /mnt/r7/amy/root/btrbk + +volume ssh://syw/mnt/boot +snapshot_preserve 18h 14d 4w 6m +target_preserve 18h 14d 4w 6m +subvolume boot_ubuntubionic +target send-receive /mnt/r7/amy/boot/btrbk diff --git a/machine_specific/kd/filesystem/etc/cron.d/kd b/machine_specific/kd/filesystem/etc/cron.d/kd index 76dad03..206c365 100644 --- a/machine_specific/kd/filesystem/etc/cron.d/kd +++ b/machine_specific/kd/filesystem/etc/cron.d/kd @@ -1,7 +1,17 @@ SHELL=/bin/bash PATH=/usr/bin:/bin:/usr/local/bin:/a/exe:/a/bin/fai MAILTO=root -0 7 * * 1,2,3,4,5 root failmail wrt-setup -y +0 6 * * 1,2,3,4,5 root failmail wrt-setup -y 45 7 * * 1,2,3,4,5 root failmail wrt-setup -z -0 7 * * 0,6 root failmail wrt-setup -y -0 11 * * 0,6 root failmail wrt-setup -z +0 9 * * 1,2,3,4,5 root failmail wrt-setup -y +10 21 * * 1,2,3,4,5 root failmail wrt-setup -z +# saturday morning +0 6 * * 6 root failmail wrt-setup -y +# sunday evening +10 21 * * 0 root failmail wrt-setup -z + +# old rules, weekends allow only morning. +#0 7 * * 0,6 root failmail wrt-setup -y +#0 11 * * 0,6 root failmail wrt-setup -z + +5 1 * * * root ziva-backup-check |& log-once ziva-backup-check diff --git a/mail-setup b/mail-setup index 86464f1..ae3aabb 100755 --- a/mail-setup +++ b/mail-setup @@ -369,7 +369,7 @@ fi bhost_t=false case $HOSTNAME in $MAIL_HOST) : ;; - kd|frodo|x2|x3|kw|sy) + kd|frodo|x2|x3|kw|sy|bo) bhost_t=true ;; esac @@ -1418,7 +1418,6 @@ ssl = required ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl_protocols = TLSv1.2 ssl_prefer_server_ciphers = no -ssl_dh_parameters_length = 2048 protocol lmtp { #per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration diff --git a/sl/.iank/ecat b/sl/.iank/ecat new file mode 120000 index 0000000..cc40509 --- /dev/null +++ b/sl/.iank/ecat @@ -0,0 +1 @@ +/b/exim-tools/ecat \ No newline at end of file diff --git a/sl/.iank/eg b/sl/.iank/eg new file mode 120000 index 0000000..b74e368 --- /dev/null +++ b/sl/.iank/eg @@ -0,0 +1 @@ +/b/exim-tools/eg \ No newline at end of file diff --git a/sl/.iank/egbefore b/sl/.iank/egbefore new file mode 120000 index 0000000..144b7c3 --- /dev/null +++ b/sl/.iank/egbefore @@ -0,0 +1 @@ +/b/exim-tools/egbefore \ No newline at end of file diff --git a/sl/.iank/egpanic b/sl/.iank/egpanic new file mode 120000 index 0000000..99d1f1b --- /dev/null +++ b/sl/.iank/egpanic @@ -0,0 +1 @@ +/b/exim-tools/egpanic \ No newline at end of file diff --git a/sl/.iank/ex b/sl/.iank/ex new file mode 120000 index 0000000..420c5b2 --- /dev/null +++ b/sl/.iank/ex @@ -0,0 +1 @@ +/b/exim-tools/ex \ No newline at end of file diff --git a/sl/.iank/exigrep-wrappers-common b/sl/.iank/exigrep-wrappers-common new file mode 120000 index 0000000..476a8f9 --- /dev/null +++ b/sl/.iank/exigrep-wrappers-common @@ -0,0 +1 @@ +/b/exim-tools/exigrep-wrappers-common \ No newline at end of file diff --git a/subdir_files/sieve/lists.sieve b/subdir_files/sieve/lists.sieve index 66b75fa..01f5349 100644 --- a/subdir_files/sieve/lists.sieve +++ b/subdir_files/sieve/lists.sieve @@ -29,6 +29,15 @@ if anyof ( stop; } + +if anyof ( + header :contains "list-id" "" + ) { + fileinto :create "l/spamassassin"; + stop; +} + + if anyof ( header :contains "list-id" "", header :contains "list-id" "", @@ -124,6 +133,7 @@ if anyof ( if anyof ( + header :contains "list-id" "", header :contains "list-id" "", header :contains "list-id" "", header :contains "list-id" "", diff --git a/subdir_files/sieve/liststest.sieve b/subdir_files/sieve/liststest.sieve index 66b75fa..01f5349 100644 --- a/subdir_files/sieve/liststest.sieve +++ b/subdir_files/sieve/liststest.sieve @@ -29,6 +29,15 @@ if anyof ( stop; } + +if anyof ( + header :contains "list-id" "" + ) { + fileinto :create "l/spamassassin"; + stop; +} + + if anyof ( header :contains "list-id" "", header :contains "list-id" "", @@ -124,6 +133,7 @@ if anyof ( if anyof ( + header :contains "list-id" "", header :contains "list-id" "", header :contains "list-id" "", header :contains "list-id" "", diff --git a/system-status b/system-status index 606ac7f..8e24d8f 100644 --- a/system-status +++ b/system-status @@ -54,17 +54,19 @@ write-status() { fi - # this is for tracking dns over tls issue, which - # fixvpndns() in brc2 fixes. - stat=$(resolvectl dnsovertls tunfsf 2>/dev/null ||: ) - read _ _ _ istls <<<"$stat" - case $istls in - no) : ;; - *) - printf "%s\n" "$istls" | ts >> /tmp/istls.log - chars+=("T:$istls") - ;; - esac + if ip l show tunfsf &>/dev/null; then + # this is for tracking dns over tls issue, which + # fixvpndns() in brc2 fixes. + stat=$(resolvectl dnsovertls tunfsf 2>/dev/null ||: ) + read _ _ _ istls <<<"$stat" + case $istls in + no) : ;; + *) + printf "%s\n" "$istls" | ts >> /tmp/istls.log + chars+=("T:$istls") + ;; + esac + fi if pgrep -G iank -u iank -f 'emacs --daemon' &>/dev/null; then diff --git a/zboot b/zboot index 3a0a46a..4e4edce 100755 --- a/zboot +++ b/zboot @@ -19,6 +19,11 @@ source /usr/local/lib/err set -x +if [[ ! -e /mnt/root/root2-fstab || ! -e /mnt/root/root2-crypttab ]]; then + echo $0: "error: create /mnt/root/root2-fstab & /mnt/root/root2-crypttab from running /a/bin/fai/fai/config/hooks/partition.DEFAULT mkroot2 or mkroot2tab" + exit 1 +fi + mount -o bind /mnt/root2/root_ubuntubionic /mnt/1 cd /mnt/1 /b/ds/gen-amy-fstab ubuntubionic . diff --git a/ziva-backup-check b/ziva-backup-check new file mode 100755 index 0000000..31ae7dd --- /dev/null +++ b/ziva-backup-check @@ -0,0 +1,46 @@ +#!/bin/bash +# Copyright (C) 2019 Ian Kelling +# SPDX-License-Identifier: AGPL-3.0-or-later + +source /a/bin/errhandle/err + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +pre="${0##*/}:" +err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } + +## begin check on syncthing +if ! systemctl show --no-page syncthing@ziva | sed -n 's/^MainPID=//p' | egrep '^[0-9]+$' &>/dev/null; then + err no pid for syncthing@ziva. systemctl status: + systemctl status syncthing@ziva +fi +## end check on syncthing + + +## begin check on btrbk +now=$(date +%s) +age_limit_sec=$(( 60 * 60 * 50 )) # 50 hours +for vol in {root,boot}_ubuntubionic; do + snaps=(/mnt/r7/amy/btrbk/${vol}.20*) + if [[ ! ${snaps[*]} ]]; then + err no snapshots starting with /mnt/r7/amy/btrbk/${vol}_ubuntubionic.20 + break + fi + + read last_snap_sec last_snap < <( + for s in ${snaps[@]}; do + f=${s##*/} + unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s) + printf "%s %s\n" $unix_time $s # part of the pipeline + done | sort -r | head -n 1 ||: + ) + if [[ ! $last_snap ]]; then + # should not happen. + err "could not find latest snapshot for $svp among ${snaps[*]}" + exit 1 + fi + if (( last_snap_sec < now - age_limit_sec )); then + err vol $vol last backup older than 50 hours: $last_snap + fi +done +## end check on btrbk -- 2.30.2