From ad09c51104f62d1da1782387025b44327a081872 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Wed, 3 Aug 2022 15:23:21 -0400
Subject: [PATCH] fixes and improvements

---
 brc                                           | 15 +++++-
 brc2                                          |  4 +-
 btrbk-run                                     | 46 +++++++++++++++----
 distro-end                                    | 13 ++++--
 .../etc/systemd/resolved.conf.d/zziank.conf   |  3 +-
 gitslink                                      |  2 +
 mail-setup                                    | 44 +++++++++++++++++-
 trusted-network                               |  3 --
 8 files changed, 106 insertions(+), 24 deletions(-)

diff --git a/brc b/brc
index fdd8e2c..6322eb9 100644
--- a/brc
+++ b/brc
@@ -779,6 +779,19 @@ despace() {
   done
 }
 
+# get ipv4 ip from HOST. or if it is already a number, return that
+hostip() {
+  local host="$1"
+  case $host in
+    [0-9:])
+      echo "$host"
+      ;;
+    *)
+      getent ahostsv4 "$host" | awk '{ print $1 }' | head -n1
+      ;;
+  esac
+}
+
 dig() {
   command dig +nostats +nocmd "$@"
 }
@@ -827,7 +840,7 @@ dus() { # du, sorted, default arg of
 ccomp du dus
 
 
-e() { printf "%s\n" "$@"; }
+e() { printf "%s\n" "$*"; }
 
 # echo args
 ea() {
diff --git a/brc2 b/brc2
index 7b98ad9..54fe47b 100644
--- a/brc2
+++ b/brc2
@@ -571,7 +571,7 @@ dnsb8() {
   local f=/var/lib/bind/db.b8.nz
   m ser stop named
   m sleep 1
-  m sudo rm -fv $f.jnl
+  m sudo rm -fv $f.jnl $f.signed.jnl
   m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
   m ser restart named
 }
@@ -2212,7 +2212,7 @@ if type -P rg &>/dev/null; then
   # --no-messages because of annoying errors on broken symlinks
   # -z = search .gz etc files
   # -. = search dotfilesq
-  rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore "$@" || return $?; }
+  rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore-parent --no-ignore-vcs -g '!.git' "$@" || return $?; }
   #fails if not exist. ignore
   complete -r rg 2>/dev/null ||:
 else
diff --git a/btrbk-run b/btrbk-run
index b3a3207..8a310e6 100644
--- a/btrbk-run
+++ b/btrbk-run
@@ -76,13 +76,18 @@ if [[ -s $default_args_file ]]; then
   sleep 5
 fi
 
-early=false # quit early, just btrbk, no extra remounting etc.
+marchive=false
+early=false
 cron=false
 orig_args=("$@")
 temp=$(getopt -l cron,pull-reexec,help ceil:m:npqrs:t:vh "$@") || usage 1
 eval set -- "$temp"
 while true; do
   case $1 in
+    # some behaviors specific to running under cron:
+    # - skip hosts where xprintidle haven't been idle recently
+    # - if we can't ssh to 1 or more hosts, still do the rest
+    # - if we aren't MAIL_HOST and no -m or -s, just exit
     --cron)
       cron=true
       pre=
@@ -90,6 +95,7 @@ while true; do
       ;;
     # only creates the config file, does not run btrbk
     -c) conf_only=true; shift ;;
+    # quit early, just btrbk, no extra remounting etc.
     -e) early=true; shift ;;
     -i) incremental_strict=true; shift ;;
     # bytes per second, suffix k m g
@@ -97,9 +103,11 @@ while true; do
     # Comma separated mountpoints to backup. This has defaults set below.
     -m) IFS=, mountpoints=($2); unset IFS; shift 2 ;;
     -n) dry_run=true; dry_run_arg=-n; shift ;;
+    # show progress
     -p) progress_arg="--progress"; shift ;;
+    # internal option for rerunning under newer SOURCE_HOST version.
     --pull-reexec) pull_reexec=true; shift ;;
-    -r) archive=false; shift ;;
+    # quiet
     -q) verbose=false; verbose_arg=; progress_arg=; shift ;;
     # source host to receive a backup from
     -s)
@@ -113,6 +121,7 @@ while true; do
     # target hosts to send to. empty is valid for just doing local
     # snapshot. we have default hosts we will populate.
     -t) IFS=, targets=($2); unset IFS; shift 2 ;;
+    # verbose.
     -v) verbose=true; verbose_arg=-v; shift ;;
     -h|--help) usage ;;
     --) shift; break ;;
@@ -123,8 +132,19 @@ done
 # only tested commands are resume and archive
 cmd_arg=${1:-run}
 
+
+std_preserve="18h 14d 8w 24m"
+q_preserve="18h 14d"
+
 case $cmd_arg in
   run|resume|archive) : ;;
+  marchive)
+    marchive=true
+    cmd=resume
+    std_preserve="999h 999d 999w 999m"
+    q_preserve="$std_preserve"
+    preserve_arg=-p
+    ;;
   *) die "untested command arg" ;;
 esac
 
@@ -143,6 +163,8 @@ if $verbose; then
 fi
 ### end options parsing
 
+declare -A vols
+
 # remove path from earlier version of btrbk
 rm -f /usr/sbin/btrbk
 # note, this still works as intended if there is no /usr/bin/btrbk
@@ -423,11 +445,11 @@ snapshot_create onchange
 # I could make this different from target_preserve,
 # if one disk had less space.
 # for now, keeping them equal.
-snapshot_preserve 18h 14d 8w 24m
+snapshot_preserve $std_preserve
 snapshot_preserve_min 2h
 snapshot_dir btrbk
 # so, total backups = ~58
-target_preserve 18h 14d 8w 24m
+target_preserve $std_preserve
 target_preserve_min 2h
 
 # if something fails and it's not obvious, try doing
@@ -446,9 +468,11 @@ for m in ${mountpoints[@]}; do
   case $m in
     /o)
       vol=/mnt/o
+      vols[$vol]=t
       ;;
     *)
       vol=/mnt/root
+      vols[$vol]=t
       ;;
   esac
 
@@ -469,10 +493,10 @@ EOF
       q)
         # q has sensitive data i dont want to backup for so long
         cat >>/etc/btrbk.conf <<EOF
-snapshot_preserve 18h 14d
+snapshot_preserve $std_preserve
 snapshot_preserve_min 2h
 snapshot_dir btrbk
-target_preserve 18h 14d
+target_preserve $std_preserve
 target_preserve_min 2h
 EOF
         ;;
@@ -514,17 +538,21 @@ if $dry_run; then
   mexit 0
 elif [[ $cmd_arg == archive ]]; then
   if [[ $source ]]; then
-    m btrbk $verbose_arg $progress_arg $cmd_arg ssh://$source$vol $vol
+    for vol in ${!vols[@]}; do
+      m btrbk $verbose_arg $progress_arg $cmd_arg ssh://$source$vol $vol
+    done
   else
     for tg in ${targets[@]}; do
-      m btrbk $verbose_arg $progress_arg $cmd_arg $vol ssh://$tg$vol
+      for vol in ${!vols[@]}; do
+        m btrbk $verbose_arg $progress_arg $cmd_arg $vol ssh://$tg$vol
+      done
     done
   fi
   mexit 0
 fi
 # -q and just using the syslog option seemed nice,
 # but it doesn't show when a send has a parent and when it doesn't.
-m btrbk $verbose_arg $progress_arg $cmd_arg
+m btrbk $preserve_arg $verbose_arg $progress_arg $cmd_arg
 
 # todo: tp not valid anymore.
 # if we have it, sync to systems which don't
diff --git a/distro-end b/distro-end
index 54321bf..6e04cc9 100755
--- a/distro-end
+++ b/distro-end
@@ -1949,9 +1949,9 @@ esac
 
 case $HOSTNAME in
   kd)
-    /a/bin/buildscripts/prometheus
     # Font awesome is needed for the alertmanager ui.
     pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
+    /a/bin/buildscripts/prometheus
     web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
 <Location "/">
 AuthType Basic
@@ -1976,11 +1976,14 @@ EOF
 
     # by default, the alertmanager web ui is not enabled other than a page
     # that suggests to use the amtool cli. that tool is good, but you cant
-    # silence things nearly as fast.
+    # silence things nearly as easily as with the gui.
     if [[ ! -e /usr/share/prometheus/alertmanager/ui/index.html ]]; then
-      sudo chroot /nocow/schroot/bullseye prometheus-alertmanager
-      sudo chroot /nocow/schroot/bullseye /usr/share/prometheus/alertmanager/generate-ui.sh
-      sudo rsync -avih /nocow/schroot/bullseye/usr/share/prometheus/alertmanager/ui/ /usr/share/prometheus/alertmanager/ui
+      # default script didnt work, required some changes to get elm 19.1,
+      # which is a dependency of the latest alertmanager. I modified
+      # and copied it into /b/ds. In future, might need some other
+      # solution.
+      #sudo /usr/share/prometheus/alertmanager/generate-ui.sh
+      sudo /b/ds/generate-ui.sh
       ser restart prometheus-alertmanager
     fi
 
diff --git a/filesystem/etc/systemd/resolved.conf.d/zziank.conf b/filesystem/etc/systemd/resolved.conf.d/zziank.conf
index 0c0c2e5..bce0966 100644
--- a/filesystem/etc/systemd/resolved.conf.d/zziank.conf
+++ b/filesystem/etc/systemd/resolved.conf.d/zziank.conf
@@ -4,5 +4,4 @@
 # in case.
 LLMNR=no
 MulticastDNS=no
-# this can be useful when working not on the vpn
-#Domains=fsf.org gnu.org
+Domains=fsf.org gnu.org
diff --git a/gitslink b/gitslink
index a2318e0..e4b39dc 100755
--- a/gitslink
+++ b/gitslink
@@ -35,6 +35,8 @@ for x in *; do
   fi
 done
 
+lnf -v /p/bin/* /a/exe
+
 cd /a/exe
 if (( ${#existing[@]} )); then
   echo run manually:
diff --git a/mail-setup b/mail-setup
index 3b28199..9b9a97c 100755
--- a/mail-setup
+++ b/mail-setup
@@ -468,8 +468,48 @@ EOF
 
 # old.
 #vpnser=mailvpn.service
-# todo: this hangs if it cant resolv the endpoint. we
-# want it to just retry in the background.
+# note: this hangs if it cant resolv the endpoint. we
+# want it to just retry in the background. i just use a static ip instead.
+#
+# Note: at least on t10, on reboot, the service fails to come up according to systemd, but
+# in reality it is up and working, then it tries to restart infinitely, and fails
+# because it detects that the interface exists.
+#
+# failing output:
+#
+# Aug 02 21:59:27 sy wg-quick[2092]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
+# Aug 02 21:59:27 sy wg-quick[2248]: [#] iptables-restore -n
+# Aug 02 21:59:27 sy wg-quick[2249]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
+# Aug 02 21:59:27 sy wg-quick[2259]: [#] iptables-restore -n
+# Aug 02 21:59:27 sy wg-quick[2260]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
+# Aug 02 21:59:27 sy systemd[1]: wg-quick@wgmail.service: Main process exited, code=exited, status=4/NOPERMISSION
+
+
+# successful output.
+# Aug 03 14:12:47 sy wg-quick[711336]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
+# Aug 03 14:12:47 sy wg-quick[711384]: [#] iptables-restore -n
+# Aug 03 14:12:47 sy wg-quick[711336]: [#] ping -w10 -c1 10.8.0.1 ||:
+# Aug 03 14:12:47 sy wg-quick[711389]: PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
+# Aug 03 14:12:47 sy wg-quick[711389]: 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=73.0 ms
+# Aug 03 14:12:47 sy wg-quick[711389]: --- 10.8.0.1 ping statistics ---
+# Aug 03 14:12:47 sy wg-quick[711389]: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
+# Aug 03 14:12:47 sy wg-quick[711389]: rtt min/avg/max/mdev = 72.993/72.993/72.993/0.000 ms
+# Aug 03 14:12:47 sy systemd[1]: Finished WireGuard via wg-quick(8) for wgmail.
+# Aug 02 21:59:27 sy systemd[1]: wg-quick@wgmail.service: Failed with result 'exit-code'.
+# Aug 02 21:59:27 sy systemd[1]: Failed to start WireGuard via wg-quick(8) for wgmail.
+# Aug 02 21:59:47 sy systemd[1]: wg-quick@wgmail.service: Scheduled restart job, restart counter is at 1.
+# Aug 02 21:59:47 sy systemd[1]: Stopped WireGuard via wg-quick(8) for wgmail.
+# Aug 02 21:59:47 sy systemd[1]: Starting WireGuard via wg-quick(8) for wgmail...
+# Aug 02 21:59:47 sy wg-quick[3424]: wg-quick: `wgmail' already exists
+# Aug 02 21:59:47 sy systemd[1]: wg-quick@wgmail.service: Main process exited, code=exited, status=1/FAILURE
+# Aug 02 21:59:47 sy systemd[1]: wg-quick@wgmail.service: Failed with result 'exit-code'.
+# Aug 02 21:59:47 sy systemd[1]: Failed to start WireGuard via wg-quick(8) for wgmail.
+
+
+# According to iptables -S and iptables -t nat -S,
+# there are no modifications to iptables rules on a succsfull run,
+# and
+
 vpnser=wg-quick@wgmail.service
 
 case $HOSTNAME in
diff --git a/trusted-network b/trusted-network
index 1b0ee8d..894815e 100755
--- a/trusted-network
+++ b/trusted-network
@@ -40,9 +40,6 @@ i() { # install file
   rm -rf $tmpdir
 }
 
-e $script_name
-exit 0
-
 # i symlinked the script to another name to make it work different
 trust=true
 case $script_name in
-- 
2.30.2