From 38551d7ffc2a7d212b4b849c9ff0dbfa1c169536 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 09:40:54 +0200 Subject: [PATCH 01/16] Fix. --- bookworm/copy/server/etc/caddy/Caddyfile | 13 ++-- bookworm/scripts/setup_server.sh | 24 ++++++- trixie/copy/all/etc/hosts | 1 - trixie/scripts/lib/core_setup.sh | 10 --- trixie/scripts/setup_server.sh | 85 +++++++++++++++++++++++- 5 files changed, 115 insertions(+), 18 deletions(-) delete mode 120000 trixie/copy/all/etc/hosts mode change 120000 => 100755 trixie/scripts/setup_server.sh diff --git a/bookworm/copy/server/etc/caddy/Caddyfile b/bookworm/copy/server/etc/caddy/Caddyfile index 1eddd83..36e54b2 100644 --- a/bookworm/copy/server/etc/caddy/Caddyfile +++ b/bookworm/copy/server/etc/caddy/Caddyfile @@ -1,7 +1,10 @@ REPLACE_WITH_FQDN { - root * /var/www/dump - basicauth /private/* { - user REPLACE_WITH_HASH - } - file_server browse + root * /var/www/dump + basicauth /private/* { + user REPLACE_WITH_HASH + } + header { + Content-Type application/octet-stream + } + file_server browse } diff --git a/bookworm/scripts/setup_server.sh b/bookworm/scripts/setup_server.sh index 09545d1..82c0b76 100755 --- a/bookworm/scripts/setup_server.sh +++ b/bookworm/scripts/setup_server.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e cd $(dirname "$0") -. lib/apt_digested.sh +. lib/apt_get_digested.sh . lib/constants_etc.sh # PATH_ETC . lib/constants_ssh.sh # PATH_REL_SSH, PATH_USER_SSH . lib/constants_user.sh # USERNAME @@ -9,6 +9,7 @@ cd $(dirname "$0") . lib/core_setup.sh . lib/expect_n_args.sh . lib/prefixed_msg.sh +. lib/put_finished_marker.sh . lib/trapp.sh prefixed_msg_init @@ -23,6 +24,7 @@ FQDN="$3" PATH_BORG_HOME=/home/borg PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile" +PATH_CADDY_REPO='https://dl.cloudsmith.io/public/caddy/stable' PATH_DUMP='/var/www/dump' prefixed_msg_no_nl 'Determining external IP …' @@ -47,6 +49,26 @@ if [ ! -z "${FQDN}" ]; then fi fi +prefixed_msg 'Ensure we have curl and gpg (for caddy installation preparation) …' +apt_get_digested '-q -q install curl gpg' +PATH_CURL_ERROR=$(mktemp) +CMD_RM_CURL_ERROR="rm ${PATH_CURL_ERROR}" +trapp "${CDM_RM_CURL_ERROR}" +prefixed_msg 'Retrieve caddy repo key …' +set +e +curl -1Lf "${PATH_CADDY_REPO}/gpg.key" 2> "${PATH_CURL_ERROR}" | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg +RESULT="$?" +set -e +if [ "${RESULT}" != '0' ]; then + cat "${PATH_CURL_ERROR}" + exit 1 +fi +${CMD_RM_CURL_ERROR} +trapp +PATH_APT_CADDY_REPO='/etc/apt/sources.list.d/caddy-stable.list' +prefixed_msg "Adding caddy repo to ${PATH_APT_CADDY_REPO} …" +curl -1LfsS "${PATH_CADDY_REPO}/debian.deb.txt" > "${PATH_APT_CADDY_REPO}" + core_setup "${HOSTNAME}" "${FQDN}" "${EXTERNAL_IP}" "${INSTALL_TAGS}" prefixed_msg 'Moving SSH data from root to user …' diff --git a/trixie/copy/all/etc/hosts b/trixie/copy/all/etc/hosts deleted file mode 120000 index bd0fd44..0000000 --- a/trixie/copy/all/etc/hosts +++ /dev/null @@ -1 +0,0 @@ -../../../../bookworm/copy/all/etc/hosts \ No newline at end of file diff --git a/trixie/scripts/lib/core_setup.sh b/trixie/scripts/lib/core_setup.sh index 83a44cf..f871ed8 100644 --- a/trixie/scripts/lib/core_setup.sh +++ b/trixie/scripts/lib/core_setup.sh @@ -28,16 +28,6 @@ core_setup() { prefixed_msg 'Setting hostname …' hostnamectl hostname "${HOSTNAME}" - local PATH_HOSTS="${PATH_ETC}/hosts" - prefixed_msg "Adapting ${PATH_HOSTS} …" - if [ -z "${FQDN}" ]; then - sed -i 's/REPLACE_WITH_FQDN/REPLACE_WITH_HOSTNAME.local REPLACE_WITH_HOSTNAME.localdomain/g' "${PATH_HOSTS}" - else - sed -i 's/REPLACE_WITH_FQDN/'"${FQDN}"'/g' "${PATH_HOSTS}" - sed -i "s/#REPLACE_WITH_EXTERNAL_IP/${EXTERNAL_IP}/g" "${PATH_HOSTS}" - fi - sed -i 's/REPLACE_WITH_HOSTNAME/'"${HOSTNAME}"'/g' "${PATH_HOSTS}" - prefixed_msg 'Syncing clock …' ntpdate-debian -s diff --git a/trixie/scripts/setup_server.sh b/trixie/scripts/setup_server.sh deleted file mode 120000 index d4eabff..0000000 --- a/trixie/scripts/setup_server.sh +++ /dev/null @@ -1 +0,0 @@ -../../bookworm/scripts/setup_server.sh \ No newline at end of file diff --git a/trixie/scripts/setup_server.sh b/trixie/scripts/setup_server.sh new file mode 100755 index 0000000..09545d1 --- /dev/null +++ b/trixie/scripts/setup_server.sh @@ -0,0 +1,84 @@ +#!/bin/sh +set -e +cd $(dirname "$0") +. lib/apt_digested.sh +. lib/constants_etc.sh # PATH_ETC +. lib/constants_ssh.sh # PATH_REL_SSH, PATH_USER_SSH +. lib/constants_user.sh # USERNAME +. lib/copy_dirtrees_of_tags.sh +. lib/core_setup.sh +. lib/expect_n_args.sh +. lib/prefixed_msg.sh +. lib/trapp.sh + +prefixed_msg_init +prefixed_msg 'starting (setting up basics of standard server)' + +INSTALL_TAGS='all server user keep_if_installed:systemd-resolved' + +expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@ +CADDY_PASSWORD="$1" +HOSTNAME="$2" +FQDN="$3" + +PATH_BORG_HOME=/home/borg +PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile" +PATH_DUMP='/var/www/dump' + +prefixed_msg_no_nl 'Determining external IP …' +for _CANDIDATE in $(hostname -I); do + _START=$(echo ${_CANDIDATE} | cut -d'.' -f1) + if [ "$(echo -n ${_START} | wc -c)" -gt 3 ]; then # ignore IPv6 + continue + fi + if [ "${_START}" = "127" -o "${_START}" = "192" -o "${_START}" = "172" ]; then + continue + fi + EXTERNAL_IP="${_CANDIDATE}" + break +done +echo " it's: ${EXTERNAL_IP}" + +if [ ! -z "${FQDN}" ]; then + prefixed_msg "Ensuring provided FQDN ${FQDN} maps to it …" + IP_BY_DNS=$(getent ahostsv4 "${FQDN}" | head -1 | cut -d' ' -f1) + if [ ! "${IP_BY_DNS}" = "${EXTERNAL_IP}" ]; then + abort "DNS mapping provided FQDN '${FQDN}' to ${IP_BY_DNS} rather than this system's external IP ${EXTERNAL_IP}." + fi +fi + +core_setup "${HOSTNAME}" "${FQDN}" "${EXTERNAL_IP}" "${INSTALL_TAGS}" + +prefixed_msg 'Moving SSH data from root to user …' +mkdir -p "${PATH_USER_SSH}" +mv "/root/${PATH_REL_SSH}/authorized_keys" "${PATH_USER_SSH}/" +chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_SSH}" + +prefixed_msg 'Setting up minimal borg user …' +adduser --quiet --system --home "${PATH_BORG_HOME}" --shell /bin/sh borg +cp -a "${PATH_USER_SSH}" "${PATH_BORG_HOME}/" +chown -R borg:nogroup "${PATH_BORG_HOME}/${PATH_REL_SSH}" + +prefixed_msg 'Enabling firewall …' +systemctl --quiet enable --now nftables + +prefixed_msg "Creating web-accessible directories …" +mkdir -p "${PATH_DUMP}/private" "${PATH_DUMP}/public" + +prefixed_msg "Adapting ${PATH_CADDYFILE} …" +CADDY_PW_HASH=$(caddy hash-password --plaintext "${CADDY_PASSWORD}") +if [ -z "${FQDN}" ]; then + ADDRESS_TO_CADDY="${EXTERNAL_IP}" +else + ADDRESS_TO_CADDY="${FQDN}" +fi +sed -i 's|REPLACE_WITH_HASH|'"${CADDY_PW_HASH}"'|g' "${PATH_CADDYFILE}" +sed -i 's/REPLACE_WITH_FQDN/'"${ADDRESS_TO_CADDY}"'/g' "${PATH_CADDYFILE}" + +prefixed_msg "Restarting caddy …" +systemctl reload caddy + +prefixed_msg "Asking for user pw so they can sudo …" +passwd "${USERNAME}" + +prefixed_msg_exit -- 2.30.2 From a27c9e125b72adbf3315da4e6bc04958ac3b4eb0 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 11:25:24 +0200 Subject: [PATCH 02/16] Fix. --- trixie/aptmark/catgirl | 1 - trixie/aptmark/ircplom | 9 +++++ trixie/copy/catgirl | 1 - .../system/encrypt_ircplom_logs.service | 8 +++++ .../systemd/system/encrypt_ircplom_logs.timer | 9 +++++ .../etc/systemd/system/ircplom.service | 17 +++++++++ trixie/copy/ircplom/home/plom/.bashrc.ircplom | 1 + .../home/plom/.config/ircplom/ircplom.toml | 12 +++++++ .../home/plom/.local/bin/encrypt_ircplom_logs | 36 +++++++++++++++++++ .../copy/ircplom/home/plom/.plomlib/abort.sh | 1 + .../home/plom/.plomlib/expect_n_args.sh | 1 + .../home/plom/.plomlib/prefixed_msg.sh | 1 + trixie/scripts/setup_catgirl.sh | 1 - trixie/scripts/setup_ircplom.sh | 32 +++++++++++++++++ 14 files changed, 127 insertions(+), 3 deletions(-) delete mode 120000 trixie/aptmark/catgirl create mode 100644 trixie/aptmark/ircplom delete mode 120000 trixie/copy/catgirl create mode 100644 trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.service create mode 100644 trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.timer create mode 100644 trixie/copy/ircplom/etc/systemd/system/ircplom.service create mode 100644 trixie/copy/ircplom/home/plom/.bashrc.ircplom create mode 100644 trixie/copy/ircplom/home/plom/.config/ircplom/ircplom.toml create mode 100755 trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs create mode 120000 trixie/copy/ircplom/home/plom/.plomlib/abort.sh create mode 120000 trixie/copy/ircplom/home/plom/.plomlib/expect_n_args.sh create mode 120000 trixie/copy/ircplom/home/plom/.plomlib/prefixed_msg.sh delete mode 120000 trixie/scripts/setup_catgirl.sh create mode 100755 trixie/scripts/setup_ircplom.sh diff --git a/trixie/aptmark/catgirl b/trixie/aptmark/catgirl deleted file mode 120000 index 3e1bdbd..0000000 --- a/trixie/aptmark/catgirl +++ /dev/null @@ -1 +0,0 @@ -../../bookworm/aptmark/catgirl \ No newline at end of file diff --git a/trixie/aptmark/ircplom b/trixie/aptmark/ircplom new file mode 100644 index 0000000..17e89f6 --- /dev/null +++ b/trixie/aptmark/ircplom @@ -0,0 +1,9 @@ +# ircplom + +# to run in venv +pyvenv +# for detachable sessions +dtach +# for logs encryption +age +# diff --git a/trixie/copy/catgirl b/trixie/copy/catgirl deleted file mode 120000 index dc216f8..0000000 --- a/trixie/copy/catgirl +++ /dev/null @@ -1 +0,0 @@ -../../bookworm/copy/catgirl \ No newline at end of file diff --git a/trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.service b/trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.service new file mode 100644 index 0000000..cfbde9e --- /dev/null +++ b/trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.service @@ -0,0 +1,8 @@ +[Unit] +Description=Run script for encrypting ircplom logs. + +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -cl 'encrypt_ircplom_logs' + diff --git a/trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.timer b/trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.timer new file mode 100644 index 0000000..d76de40 --- /dev/null +++ b/trixie/copy/ircplom/etc/systemd/system/encrypt_ircplom_logs.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Run service for encrypting ircplom logs once every day. + +[Timer] +OnCalendar=*-*-* 01:00:00 + +[Install] +WantedBy=timers.target + diff --git a/trixie/copy/ircplom/etc/systemd/system/ircplom.service b/trixie/copy/ircplom/etc/systemd/system/ircplom.service new file mode 100644 index 0000000..9c6105a --- /dev/null +++ b/trixie/copy/ircplom/etc/systemd/system/ircplom.service @@ -0,0 +1,17 @@ +[Unit] +Description=ircplom dtached +After=network.target + +[Service] +Type=simple +User=plom +WorkingDirectory=/home/plom +ExecStart=/bin/sh -lc "dtach -n /tmp/dtach_ircplom && while true; do sleep 1; test ! -e /tmp/dtach_ircplom && break; done" +ExecStop=/bin/sh -lc "rm /tmp/dtach_ircplom" +Environment=TERM=linux +Restart=on-success +RestartSec=10 + +[Install] +WantedBy=multi-user.target + diff --git a/trixie/copy/ircplom/home/plom/.bashrc.ircplom b/trixie/copy/ircplom/home/plom/.bashrc.ircplom new file mode 100644 index 0000000..34ffeaf --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.bashrc.ircplom @@ -0,0 +1 @@ +alias attach_ircplom='dtach -a /tmp/dtach_ircplom -e "^t"' diff --git a/trixie/copy/ircplom/home/plom/.config/ircplom/ircplom.toml b/trixie/copy/ircplom/home/plom/.config/ircplom/ircplom.toml new file mode 100644 index 0000000..ce6bce6 --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.config/ircplom/ircplom.toml @@ -0,0 +1,12 @@ +to_highlight = ['plom', 'plomlompom'] + +[[server]] +hostname = 'irc.libera.chat' +nickname = 'plomtest' +password = 'REPLACE_WITH_IRC_PASSWORD' +channels = [ + '#plomtest', + '##plomtest', + '##newdrama', + '#mnt-reform', +] diff --git a/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs b/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs new file mode 100755 index 0000000..18ef129 --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs @@ -0,0 +1,36 @@ +#!/bin/sh +set -e +cd $(dirname "$0") +. lib/expect_n_args + +expect_n_args 0 0 '' + +PATH_LOGS="${HOME}/.local/share/ircplom/logs" +PATH_ENCRYPTED_LOGS="${HOME}/logs_encrypted" +PATH_ENCRYPTION_KEY="${HOME}/.plomlib/encrypt_with.pub" + +TODAY="$(date +'%Y-%m-%d')" +set +e +PATHS_LOGFILES="$(ls ${PATH_LOGS}/*/*/*.log 2> /dev/null)" +set -e +if [ -z "${PATHS_LOGFILES}" ]; then + echo "No log files present, so nothing to do." + exit 0 +fi +for _PATH_LOGFILE in ${PATHS_LOGFILES}; do + _FILENAME=$(basename "${_PATH_LOGFILE}") + _DATE_OF_LOG=$(echo "${_FILENAME}" | cut -d'.' -f1) + _DIRNAME=$(dirname "${_PATH_LOGFILE}") + _WINDOW_OF_LOG=$(basename "${_DIRNAME}") + _DIRNAME=$(dirname "${_DIRNAME}") + _NETWORK_OF_LOG=$(basename "${_DIRNAME}") + if ! [ "${_DATE_OF_LOG}" '<' "${TODAY}" ]; then + echo "${_PATH_LOGFILE} too young, ignoring." + else + echo "${_PATH_LOGFILE}: encrypting to ${PATH_ENCRYPTED_LOGS}, deleting original …" + _PATH_TARGET="${PATH_ENCRYPTED_LOGS}/${_NETWORK_OF_LOG}/${_WINDOW_OF_LOG}" + mkdir -p "${_PATH_TARGET}" + age -R "${PATH_ENCRYPTION_KEY}" "${_PATH_LOGFILE}" > "${_PATH_TARGET}/${_FILENAME}.age" + rm "${_PATH_LOGFILE}" + fi +done diff --git a/trixie/copy/ircplom/home/plom/.plomlib/abort.sh b/trixie/copy/ircplom/home/plom/.plomlib/abort.sh new file mode 120000 index 0000000..45aefdb --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.plomlib/abort.sh @@ -0,0 +1 @@ +../../../../../scripts/lib/abort.sh \ No newline at end of file diff --git a/trixie/copy/ircplom/home/plom/.plomlib/expect_n_args.sh b/trixie/copy/ircplom/home/plom/.plomlib/expect_n_args.sh new file mode 120000 index 0000000..9582f5f --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.plomlib/expect_n_args.sh @@ -0,0 +1 @@ +../../../../../scripts/lib/expect_n_args.sh \ No newline at end of file diff --git a/trixie/copy/ircplom/home/plom/.plomlib/prefixed_msg.sh b/trixie/copy/ircplom/home/plom/.plomlib/prefixed_msg.sh new file mode 120000 index 0000000..e9c316f --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.plomlib/prefixed_msg.sh @@ -0,0 +1 @@ +../../../../../scripts/lib/prefixed_msg.sh \ No newline at end of file diff --git a/trixie/scripts/setup_catgirl.sh b/trixie/scripts/setup_catgirl.sh deleted file mode 120000 index 34e99a8..0000000 --- a/trixie/scripts/setup_catgirl.sh +++ /dev/null @@ -1 +0,0 @@ -../../bookworm/scripts/setup_catgirl.sh \ No newline at end of file diff --git a/trixie/scripts/setup_ircplom.sh b/trixie/scripts/setup_ircplom.sh new file mode 100755 index 0000000..3c39120 --- /dev/null +++ b/trixie/scripts/setup_ircplom.sh @@ -0,0 +1,32 @@ +#!/bin/sh +set -e +cd $(dirname "$0") +. lib/constants_user.sh # PATH_USER_HOME +. lib/expect_n_args.sh +. lib/install_tags.sh +. lib/prefixed_msg.sh + +prefixed_msg_init +prefixed_msg 'starting' + +expect_n_args 1 1 'IRC_PASSWORD' $@ +IRC_PASSWORD="$1" + +install_tags ircplom +URL_REPO='https://plomlompom.com/repos/clone/ircplom' +cd ~ +git clone "${URL_REPO}" +cd ircplom +./install.sh + +PATH_USER_CONF_IRCPLOM="${PATH_USER_HOME}/.config/ircplom/ircplom.toml" +prefixed_msg "Writing provided password into ${PATH_USER_CONF_CATGIRL} …" +sed -i "s/REPLACE_WITH_IRC_PASSWORD/${IRC_PASSWORD}/g" "${PATH_USER_CONF_IRCPLOM}" + +prefixed_msg 'Activating ircplom dtach session …' +systemctl enable --now ircplom + +prefixed_msg 'Activating ircplom logs encryption service/timer …' +systemctl enable --now encrypt_ircplom_logs.timer + +prefixed_msg_exit -- 2.30.2 From 2585314c650fb4e016f8c8339ff7a4644f49f1ff Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 11:27:12 +0200 Subject: [PATCH 03/16] Fix. --- trixie/scripts/setup_ircplom.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/trixie/scripts/setup_ircplom.sh b/trixie/scripts/setup_ircplom.sh index 3c39120..aef9449 100755 --- a/trixie/scripts/setup_ircplom.sh +++ b/trixie/scripts/setup_ircplom.sh @@ -11,13 +11,10 @@ prefixed_msg 'starting' expect_n_args 1 1 'IRC_PASSWORD' $@ IRC_PASSWORD="$1" +URL_REPO='https://plomlompom.com/repos/clone/ircplom' install_tags ircplom -URL_REPO='https://plomlompom.com/repos/clone/ircplom' -cd ~ -git clone "${URL_REPO}" -cd ircplom -./install.sh +su -l plom -c "cd && git clone ${URL_REPO} && cd ircplom && ./install.sh" PATH_USER_CONF_IRCPLOM="${PATH_USER_HOME}/.config/ircplom/ircplom.toml" prefixed_msg "Writing provided password into ${PATH_USER_CONF_CATGIRL} …" -- 2.30.2 From f9a63c7cc305b4efd0a7e76aa8fb6e8032d69adc Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 11:29:41 +0200 Subject: [PATCH 04/16] Fix. --- trixie/scripts/lib/install_tags.sh | 1 + 1 file changed, 1 insertion(+) create mode 120000 trixie/scripts/lib/install_tags.sh diff --git a/trixie/scripts/lib/install_tags.sh b/trixie/scripts/lib/install_tags.sh new file mode 120000 index 0000000..965dd4a --- /dev/null +++ b/trixie/scripts/lib/install_tags.sh @@ -0,0 +1 @@ +../../../bookworm/scripts/lib/install_tags.sh \ No newline at end of file -- 2.30.2 From d2e22f40c923e67bb8ab394e3ae2882ddadffc83 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 11:30:40 +0200 Subject: [PATCH 05/16] Fix. --- trixie/scripts/setup_ircplom.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trixie/scripts/setup_ircplom.sh b/trixie/scripts/setup_ircplom.sh index aef9449..8117ac4 100755 --- a/trixie/scripts/setup_ircplom.sh +++ b/trixie/scripts/setup_ircplom.sh @@ -14,7 +14,7 @@ IRC_PASSWORD="$1" URL_REPO='https://plomlompom.com/repos/clone/ircplom' install_tags ircplom -su -l plom -c "cd && git clone ${URL_REPO} && cd ircplom && ./install.sh" +su -l plom -c "cd && git clone --recursive ${URL_REPO} && cd ircplom && ./install.sh" PATH_USER_CONF_IRCPLOM="${PATH_USER_HOME}/.config/ircplom/ircplom.toml" prefixed_msg "Writing provided password into ${PATH_USER_CONF_CATGIRL} …" -- 2.30.2 From 075afb101b2f01de6ff3fc5123833e9c7a110efb Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 11:31:24 +0200 Subject: [PATCH 06/16] Fix. --- trixie/aptmark/ircplom | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trixie/aptmark/ircplom b/trixie/aptmark/ircplom index 17e89f6..f21c976 100644 --- a/trixie/aptmark/ircplom +++ b/trixie/aptmark/ircplom @@ -1,7 +1,7 @@ # ircplom # to run in venv -pyvenv +python3-venv # for detachable sessions dtach # for logs encryption -- 2.30.2 From 8da9fd04b18b0a68b624d985c19d33101da80035 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 29 Sep 2025 11:36:38 +0200 Subject: [PATCH 07/16] Fix. --- trixie/copy/ircplom/home/plom/.plomlib/encrypt_with.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 trixie/copy/ircplom/home/plom/.plomlib/encrypt_with.pub diff --git a/trixie/copy/ircplom/home/plom/.plomlib/encrypt_with.pub b/trixie/copy/ircplom/home/plom/.plomlib/encrypt_with.pub new file mode 100644 index 0000000..ddd5ba1 --- /dev/null +++ b/trixie/copy/ircplom/home/plom/.plomlib/encrypt_with.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoMa288S7iHnw8lEaSQTTK8pSJwBEWCCyPJF7zewbXrgGoHHXAYD88AJFrULBivTk6HIVpx+Dc0fdhheXr3yl8XGo57l7XTVd1xz2USxaPXfWHEz5mAtJVM4MJ7MjQ5eNkCgrJaOWZ1SLnSS/+dF3KGYs1BK7piIKFk/5AKQmX+0R3STxNlLlEOWG03224409VNliMKFhbfjszPJyaKDFKt4tnG12YgEZ0Zx2LbAfJZzFdkxb2qzcdb09vRHOEZgtFPszohVETaBtocl3mEPHRjwXzhE6fz/jzMHc+JZDViQONobvgJ7weVU7dnv8zmiobFuyOEb4uyAE1yugvBypPQ== -- 2.30.2 From 1bd2551b854c641337c13b3258aa6bc1eb7a14af Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 1 Oct 2025 07:25:04 +0200 Subject: [PATCH 08/16] Fixes. --- trixie/copy/ircplom/etc/systemd/system/ircplom.service | 4 +++- .../ircplom/home/plom/.local/bin/encrypt_ircplom_logs | 9 +++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/trixie/copy/ircplom/etc/systemd/system/ircplom.service b/trixie/copy/ircplom/etc/systemd/system/ircplom.service index 9c6105a..a2beacb 100644 --- a/trixie/copy/ircplom/etc/systemd/system/ircplom.service +++ b/trixie/copy/ircplom/etc/systemd/system/ircplom.service @@ -6,10 +6,12 @@ After=network.target Type=simple User=plom WorkingDirectory=/home/plom +# once per second check if dtach file still exists, only declare run over (and thereby re-start possible) once it doesn't ExecStart=/bin/sh -lc "dtach -n /tmp/dtach_ircplom && while true; do sleep 1; test ! -e /tmp/dtach_ircplom && break; done" -ExecStop=/bin/sh -lc "rm /tmp/dtach_ircplom" +ExecStop=/bin/sh -lc "rm -f /tmp/dtach_ircplom" Environment=TERM=linux Restart=on-success +# leave enough time for manual intervention if need be RestartSec=10 [Install] diff --git a/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs b/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs index 18ef129..b4f58c2 100755 --- a/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs +++ b/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs @@ -1,7 +1,8 @@ -#!/bin/sh +#!/usr/bin/env dash set -e -cd $(dirname "$0") -. lib/expect_n_args +ROOT=$(dirname "$0") +cd "${ROOT}" +. lib/expect_n_args.sh expect_n_args 0 0 '' @@ -11,7 +12,7 @@ PATH_ENCRYPTION_KEY="${HOME}/.plomlib/encrypt_with.pub" TODAY="$(date +'%Y-%m-%d')" set +e -PATHS_LOGFILES="$(ls ${PATH_LOGS}/*/*/*.log 2> /dev/null)" +PATHS_LOGFILES=$(ls "${PATH_LOGS}"/*/*/*.log 2> /dev/null) set -e if [ -z "${PATHS_LOGFILES}" ]; then echo "No log files present, so nothing to do." -- 2.30.2 From cefff4b318b451fe9bf1a285712d383afad7fab2 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 1 Oct 2025 10:03:30 +0200 Subject: [PATCH 09/16] Fix. --- trixie/copy/ircplom/etc/systemd/system/ircplom.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trixie/copy/ircplom/etc/systemd/system/ircplom.service b/trixie/copy/ircplom/etc/systemd/system/ircplom.service index a2beacb..af5c5c3 100644 --- a/trixie/copy/ircplom/etc/systemd/system/ircplom.service +++ b/trixie/copy/ircplom/etc/systemd/system/ircplom.service @@ -7,7 +7,7 @@ Type=simple User=plom WorkingDirectory=/home/plom # once per second check if dtach file still exists, only declare run over (and thereby re-start possible) once it doesn't -ExecStart=/bin/sh -lc "dtach -n /tmp/dtach_ircplom && while true; do sleep 1; test ! -e /tmp/dtach_ircplom && break; done" +ExecStart=/bin/sh -lc "dtach -n /tmp/dtach_ircplom ircplom && while true; do sleep 1; test ! -e /tmp/dtach_ircplom && break; done" ExecStop=/bin/sh -lc "rm -f /tmp/dtach_ircplom" Environment=TERM=linux Restart=on-success -- 2.30.2 From 0d664b9f548caa193f1bb8702ffd48e155b1d865 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 3 Oct 2025 14:27:34 +0200 Subject: [PATCH 10/16] Fix. --- trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs b/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs index b4f58c2..7b0a2b9 100755 --- a/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs +++ b/trixie/copy/ircplom/home/plom/.local/bin/encrypt_ircplom_logs @@ -12,7 +12,7 @@ PATH_ENCRYPTION_KEY="${HOME}/.plomlib/encrypt_with.pub" TODAY="$(date +'%Y-%m-%d')" set +e -PATHS_LOGFILES=$(ls "${PATH_LOGS}"/*/*/*.log 2> /dev/null) +PATHS_LOGFILES=$(ls "${PATH_LOGS}"/*/*/*.txt 2> /dev/null) set -e if [ -z "${PATHS_LOGFILES}" ]; then echo "No log files present, so nothing to do." -- 2.30.2 From e741ec6e003cf23d130aeabd0f5d27e280cce9af Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Sat, 4 Oct 2025 12:51:10 +0200 Subject: [PATCH 11/16] Fix. --- testing/scripts/pull_catgirl_logs.sh | 70 --------------------------- trixie/scripts/pull_ircplom_logs.sh | 71 ++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 70 deletions(-) delete mode 100755 testing/scripts/pull_catgirl_logs.sh create mode 100755 trixie/scripts/pull_ircplom_logs.sh diff --git a/testing/scripts/pull_catgirl_logs.sh b/testing/scripts/pull_catgirl_logs.sh deleted file mode 100755 index e760b4c..0000000 --- a/testing/scripts/pull_catgirl_logs.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh -set -e -cd $(dirname "$0") -. lib/abort_if_command_unknown.sh -. lib/abort_if_offline.sh -. lib/constants_ssh.sh # PATH_USER_SSH -. lib/expect_n_args.sh -. lib/path_tmp_timestamped.sh -. lib/prefixed_msg.sh -. lib/trapp.sh - -prefixed_msg_init - -PATH_LOGS_LOCAL="${HOME}/chatlogs/catgirl" -PATH_DECRYPTION_KEY_ENCRYPTED="${PATH_USER_SSH}/id_rsa" -DIRNAME_ENCRYPTED_REMOTE='logs_encrypted' - -abort_if_offline -abort_if_command_unknown age - -expect_n_args 1 1 '(server)' $@ -SERVER="$1" - -PATH_PROCESSING="$(path_tmp_timestamped pull_catgirl_logs)" -RM_PROCESSING="rm -rf ${PATH_PROCESSING}" -prefixed_msg "Setting up processing directory at ${PATH_PROCESSING} …" -mkdir "${PATH_PROCESSING}" -trapp "${RM_PROCESSING}" -cd "${PATH_PROCESSING}" - -# Highly questionable acrobatics to work around "age" not supporting ssh-agent. -PATH_DECRYPTION_KEY="${PATH_PROCESSING}/key" -cp "${PATH_DECRYPTION_KEY_ENCRYPTED}" "${PATH_DECRYPTION_KEY}" -# (NB: not using lib/retry_until here cuz ssh-keygen returns non-workable exit codes) -prefixed_msg_no_nl 'Enter key decryption password: ' -stty -echo -trapp "${RM_PROCESSING}; stty echo" -read SSHPASS -stty echo -trapp "${RM_PROCESSING}" -echo '' -echo "\n\n" | ssh-keygen -q -P "${SSHPASS}" -p -f "${PATH_DECRYPTION_KEY}" > /dev/null - -prefixed_msg 'Collecting encrypted logs from server …' -DIRNAME_TMP_ENCRYPTED="_${DIRNAME_ENCRYPTED_REMOTE}" -NAME_ARCHIVE="aged_logs_$(date +'%Y-%m-%d_%H-%M-%S').tar" -ssh -q "${SERVER}" "mv ${DIRNAME_ENCRYPTED_REMOTE} ${DIRNAME_TMP_ENCRYPTED} && tar cf ${NAME_ARCHIVE} ${DIRNAME_TMP_ENCRYPTED} && rm -rf ${DIRNAME_TMP_ENCRYPTED}" -scp -q "${SERVER}:~/${NAME_ARCHIVE}" . -ssh -q "${SERVER}" "rm ${NAME_ARCHIVE}" -tar xf "${NAME_ARCHIVE}" -rm "${NAME_ARCHIVE}" - -prefixed_msg "Decrypting logs to ${PATH_LOGS_LOCAL} …" -find "${DIRNAME_TMP_ENCRYPTED}" | while read PATH_FOUND; do - if [ ! -f "${PATH_FOUND}" ]; then - continue - fi - TARGET_FILENAME=$(basename "${PATH_FOUND}" | cut -d'.' -f1-2) - DIRNAME=$(dirname "${PATH_FOUND}") - CHANNELNAME=$(basename "${DIRNAME}") - SERVERNAME=$(basename $(dirname "${DIRNAME}")) - TARGET_DIRNAME="${SERVERNAME}/${CHANNELNAME}" - TARGET_DIRPATH="${PATH_LOGS_LOCAL}/${TARGET_DIRNAME}" - prefixed_msg "Decrypting ${TARGET_DIRNAME}/${TARGET_FILENAME} …" - mkdir -p "${TARGET_DIRPATH}" - age --decrypt --identity "${PATH_DECRYPTION_KEY}" "${PATH_FOUND}" >> "${TARGET_DIRPATH}/${TARGET_FILENAME}" -done - -prefixed_msg 'Done!' -prefixed_msg_exit diff --git a/trixie/scripts/pull_ircplom_logs.sh b/trixie/scripts/pull_ircplom_logs.sh new file mode 100755 index 0000000..11d8dcd --- /dev/null +++ b/trixie/scripts/pull_ircplom_logs.sh @@ -0,0 +1,71 @@ +#!/bin/sh +set -e +ROOT=$(dirname "$0") +cd "${ROOT}" +. lib/abort_if_command_unknown.sh +. lib/abort_if_offline.sh +. lib/constants_ssh.sh # PATH_USER_SSH +. lib/expect_n_args.sh +. lib/prefixed_msg.sh +. lib/trapp.sh + +prefixed_msg_init + +PATH_LOGS_LOCAL="${HOME}/chatlogs/ircplom" +PATH_DECRYPTION_KEY_ENCRYPTED="${PATH_USER_SSH}/id_rsa" +DIRNAME_ENCRYPTED_LOGS_REMOTE='logs_encrypted' + +# abort_if_offline +abort_if_command_unknown age +expect_n_args 1 1 SERVER "$@" +SERVER="$1" + +PATH_TEMPDIR=$(mktemp -d) +prefixed_msg "Set up temporary working directory at ${PATH_TEMPDIR} …" +RM_TEMPDIR="rm -rvf ${PATH_TEMPDIR}" +trapp "${RM_TEMPDIR}" +cd "${PATH_TEMPDIR}" + +PATH_DECRYPTION_KEY="${PATH_TEMPDIR}/key" +prefixed_msg 'WARNING: about to do some very INSECURE acrobatics to work around "age" not' +prefixed_msg 'supporting ssh-agent – namely: create a de-facto decrypted variant of your' +prefixed_msg 'private key in temporary working directory, for "age" to read to decrypt files.' +cp "${PATH_DECRYPTION_KEY_ENCRYPTED}" "${PATH_DECRYPTION_KEY}" +# (NB: not using lib/retry_until here cuz ssh-keygen returns non-workable exit codes) +prefixed_msg_no_nl 'Enter key decryption password: ' +stty -echo +trapp "${RM_TEMPDIR}; stty echo" +read -r SSHPASS +stty echo +trapp "${RM_TEMPDIR}" +echo '' +echo "\n\n" | ssh-keygen -q -P "${SSHPASS}" -p -f "${PATH_DECRYPTION_KEY}" > /dev/null + +prefixed_msg 'Collecting encrypted logs from server …' +DIRNAME_TEMP_ENCRYPTED_LOGS="_${DIRNAME_ENCRYPTED_LOGS_REMOTE}" +NAME_ARCHIVE="aged_logs_$(date +'%Y-%m-%d_%H-%M-%S').tar" +ssh -q "${SERVER}" "mv ${DIRNAME_ENCRYPTED_LOGS_REMOTE} ${DIRNAME_TEMP_ENCRYPTED_LOGS} && tar cf ${NAME_ARCHIVE} ${DIRNAME_TEMP_ENCRYPTED_LOGS} && rm -rf ${DIRNAME_TEMP_ENCRYPTED_LOGS}" +scp -q "${SERVER}:~/${NAME_ARCHIVE}" . +ssh -q "${SERVER}" "rm ${NAME_ARCHIVE}" +tar xf "${NAME_ARCHIVE}" +rm "${NAME_ARCHIVE}" + +prefixed_msg "Decrypting logs to ${PATH_LOGS_LOCAL} …" +find "${DIRNAME_TEMP_ENCRYPTED_LOGS}" | while read -r PATH_FOUND; do + if [ ! -f "${PATH_FOUND}" ]; then + continue + fi + TARGET_FILENAME=$(basename "${PATH_FOUND}" | cut -d'.' -f1-2) + DIRNAME_FOUND=$(dirname "${PATH_FOUND}") + CHATNAME=$(basename "${DIRNAME_FOUND}") + DIRNAME_DIRNAME_FOUND=$(dirname "${DIRNAME_FOUND}") + SERVERNAME=$(basename "${DIRNAME_DIRNAME_FOUND}") + TARGET_DIRNAME="${SERVERNAME}/${CHATNAME}" + TARGET_DIRPATH="${PATH_LOGS_LOCAL}/${TARGET_DIRNAME}" + prefixed_msg "Decrypting ${TARGET_DIRNAME}/${TARGET_FILENAME} …" + mkdir -p "${TARGET_DIRPATH}" + age --decrypt --identity "${PATH_DECRYPTION_KEY}" "${PATH_FOUND}" >> "${TARGET_DIRPATH}/${TARGET_FILENAME}" +done + +prefixed_msg 'Done! (DO ensure that working directory is gone, i.e. that decrypted-key file is …)' +prefixed_msg_exit -- 2.30.2 From 8ed0ff1bf08f51305a80637d6f7931ee3d2bd52b Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Sun, 5 Oct 2025 03:44:24 +0200 Subject: [PATCH 12/16] Fix. --- trixie/copy/ircplom/etc/systemd/system/ircplom.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trixie/copy/ircplom/etc/systemd/system/ircplom.service b/trixie/copy/ircplom/etc/systemd/system/ircplom.service index af5c5c3..da0f67a 100644 --- a/trixie/copy/ircplom/etc/systemd/system/ircplom.service +++ b/trixie/copy/ircplom/etc/systemd/system/ircplom.service @@ -9,7 +9,7 @@ WorkingDirectory=/home/plom # once per second check if dtach file still exists, only declare run over (and thereby re-start possible) once it doesn't ExecStart=/bin/sh -lc "dtach -n /tmp/dtach_ircplom ircplom && while true; do sleep 1; test ! -e /tmp/dtach_ircplom && break; done" ExecStop=/bin/sh -lc "rm -f /tmp/dtach_ircplom" -Environment=TERM=linux +Environment=TERM=screen-256color Restart=on-success # leave enough time for manual intervention if need be RestartSec=10 -- 2.30.2 From 53919e3d872681a9e7d4458baee60fd84633a4f5 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 10 Oct 2025 14:34:38 +0200 Subject: [PATCH 13/16] Fix. --- trixie/aptmark/hosting_digitalocean | 6 ++++ trixie/aptmark/server | 7 ++-- trixie/scripts/lib/constants_setup.sh | 1 + trixie/scripts/lib/ensure_packages_of_tags.sh | 4 ++- trixie/scripts/pull_ircplom_logs.sh | 2 +- trixie/scripts/setup_server.sh | 32 ++++++++++++------- 6 files changed, 35 insertions(+), 17 deletions(-) create mode 100644 trixie/aptmark/hosting_digitalocean create mode 100644 trixie/scripts/lib/constants_setup.sh diff --git a/trixie/aptmark/hosting_digitalocean b/trixie/aptmark/hosting_digitalocean new file mode 100644 index 0000000..afca4f3 --- /dev/null +++ b/trixie/aptmark/hosting_digitalocean @@ -0,0 +1,6 @@ +# specifically necessary for DigitalOcean vservers +# systemd-networkd-wait-online will have to timeout before starting caddy etc. if this not installed +netplan-generator +# no DNS resolution of hostnames if this missing +systemd-resolved +# diff --git a/trixie/aptmark/server b/trixie/aptmark/server index 2ae4900..c2a203a 100644 --- a/trixie/aptmark/server +++ b/trixie/aptmark/server @@ -6,9 +6,10 @@ nftables borgbackup # so every server can serve some webspace caddy -# necessary on _some_ vservers -net-tools -quota +# # necessary on _some_ vservers +# net-tools +# quota +# systemd-resolved # terminfo for ssh logins (replaces/includes former foot-terminfo) ncurses-term # diff --git a/trixie/scripts/lib/constants_setup.sh b/trixie/scripts/lib/constants_setup.sh new file mode 100644 index 0000000..0fab5b2 --- /dev/null +++ b/trixie/scripts/lib/constants_setup.sh @@ -0,0 +1 @@ +PATH_REL_DIR_APTMARK=../aptmark diff --git a/trixie/scripts/lib/ensure_packages_of_tags.sh b/trixie/scripts/lib/ensure_packages_of_tags.sh index 72d8a15..1a21e79 100644 --- a/trixie/scripts/lib/ensure_packages_of_tags.sh +++ b/trixie/scripts/lib/ensure_packages_of_tags.sh @@ -1,4 +1,5 @@ . lib/apt_digested.sh +. lib/constants_setup.sh # PATH_REL_DIR_APTMARK . lib/prefixed_msg.sh ensure_packages_of_tags() { @@ -10,6 +11,7 @@ ensure_packages_of_tags() { prefixed_msg_no_nl "For tag '${TAG}', " local TEST TEST=$(echo "${TAG}" | cut -d':' -f1) + # TODO get rid of this one if [ "${TEST}" = 'keep_if_installed' ]; then local PACKAGE PACKAGE=$(echo "${TAG}" | cut -d':' -f2) @@ -22,7 +24,7 @@ ensure_packages_of_tags() { fi continue fi - local PATH_APTMARK_TAG="../aptmark/${TAG}" + local PATH_APTMARK_TAG="${PATH_REL_DIR_APTMARK}/${TAG}" if [ ! -f "${PATH_APTMARK_TAG}" ]; then echo 'no file, ignoring.' continue diff --git a/trixie/scripts/pull_ircplom_logs.sh b/trixie/scripts/pull_ircplom_logs.sh index 11d8dcd..91f58f5 100755 --- a/trixie/scripts/pull_ircplom_logs.sh +++ b/trixie/scripts/pull_ircplom_logs.sh @@ -22,7 +22,7 @@ SERVER="$1" PATH_TEMPDIR=$(mktemp -d) prefixed_msg "Set up temporary working directory at ${PATH_TEMPDIR} …" -RM_TEMPDIR="rm -rvf ${PATH_TEMPDIR}" +RM_TEMPDIR="rm -rf ${PATH_TEMPDIR}" trapp "${RM_TEMPDIR}" cd "${PATH_TEMPDIR}" diff --git a/trixie/scripts/setup_server.sh b/trixie/scripts/setup_server.sh index 09545d1..d030bfb 100755 --- a/trixie/scripts/setup_server.sh +++ b/trixie/scripts/setup_server.sh @@ -1,8 +1,10 @@ #!/bin/sh set -e -cd $(dirname "$0") +ROOT=$(dirname "$0") +cd "${ROOT}" . lib/apt_digested.sh . lib/constants_etc.sh # PATH_ETC +. lib/constants_setup.sh # PATH_REL_DIR_APTMARK . lib/constants_ssh.sh # PATH_REL_SSH, PATH_USER_SSH . lib/constants_user.sh # USERNAME . lib/copy_dirtrees_of_tags.sh @@ -14,24 +16,30 @@ cd $(dirname "$0") prefixed_msg_init prefixed_msg 'starting (setting up basics of standard server)' -INSTALL_TAGS='all server user keep_if_installed:systemd-resolved' - -expect_n_args 2 3 'CADDY_PASSWORD, HOSTNAME, [FQDN]' $@ -CADDY_PASSWORD="$1" -HOSTNAME="$2" -FQDN="$3" - +INSTALL_TAGS='all server user' PATH_BORG_HOME=/home/borg PATH_CADDYFILE="${PATH_ETC}/caddy/Caddyfile" PATH_DUMP='/var/www/dump' +expect_n_args 3 4 'HOSTING_SERVICE CADDY_PASSWORD HOSTNAME [FQDN]' "$@" +HOSTING_APTMARK_TAG="hosting_$1" +CADDY_PASSWORD="$2" +HOSTNAME="$3" +FQDN="$4" +if [ -f "${PATH_REL_DIR_APTMARK}/${HOSTING_APTMARK_TAG}" ]; then + INSTALL_TAGS="${INSTALL_TAGS} ${HOSTING_SERVICE}" +else + abort 'Unrecognized hosting service.' +fi + prefixed_msg_no_nl 'Determining external IP …' for _CANDIDATE in $(hostname -I); do - _START=$(echo ${_CANDIDATE} | cut -d'.' -f1) - if [ "$(echo -n ${_START} | wc -c)" -gt 3 ]; then # ignore IPv6 + _START=$(echo "${_CANDIDATE}" | cut -d'.' -f1) + _N_START_CHARS=$(echo -n "${_START}" | wc -c) + if [ "${_N_START_CHARS}" -gt 3 ]; then # ignore IPv6 continue fi - if [ "${_START}" = "127" -o "${_START}" = "192" -o "${_START}" = "172" ]; then + if [ "${_START}" = "127" ] || [ "${_START}" = "192" ] || [ "${_START}" = "172" ]; then continue fi EXTERNAL_IP="${_CANDIDATE}" @@ -39,7 +47,7 @@ for _CANDIDATE in $(hostname -I); do done echo " it's: ${EXTERNAL_IP}" -if [ ! -z "${FQDN}" ]; then +if [ -n "${FQDN}" ]; then prefixed_msg "Ensuring provided FQDN ${FQDN} maps to it …" IP_BY_DNS=$(getent ahostsv4 "${FQDN}" | head -1 | cut -d' ' -f1) if [ ! "${IP_BY_DNS}" = "${EXTERNAL_IP}" ]; then -- 2.30.2 From cc0c1bd748260681343f266e7968dfbae2e31396 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 10 Oct 2025 14:47:52 +0200 Subject: [PATCH 14/16] Fixes. --- trixie/scripts/lib/ensure_packages_of_tags.sh | 8 ++++---- trixie/scripts/setup_server.sh | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/trixie/scripts/lib/ensure_packages_of_tags.sh b/trixie/scripts/lib/ensure_packages_of_tags.sh index 1a21e79..d6b9283 100644 --- a/trixie/scripts/lib/ensure_packages_of_tags.sh +++ b/trixie/scripts/lib/ensure_packages_of_tags.sh @@ -7,7 +7,7 @@ ensure_packages_of_tags() { local APT_ARG="-q -q -o 'Dpkg::Options::=--force-confnew' install" local TAG - for TAG in $@; do + for TAG in "$@"; do prefixed_msg_no_nl "For tag '${TAG}', " local TEST TEST=$(echo "${TAG}" | cut -d':' -f1) @@ -18,7 +18,7 @@ ensure_packages_of_tags() { printf 'checking if installed … ' if dpkg-query -Wf '${Package}\n' | grep '^'"${PACKAGE}"'$' > /dev/null; then echo 'yup, keeping!' - apt_digested ${APT_ARG} ${PACKAGE} + apt_digested "${APT_ARG}" "${PACKAGE}" else echo 'nope, nothing to keep.' fi @@ -30,12 +30,12 @@ ensure_packages_of_tags() { continue fi local PACKAGES - PACKAGES=$(cat "${PATH_APTMARK_TAG}" | sed -E 's/#.*//g' | sed -z 's/\n/ /g' | sed 's/ */ /g' | cut -c 2-) + PACKAGES=$(sed -E 's/#.*//g' < "${PATH_APTMARK_TAG}" | sed -z 's/\n/ /g' | sed 's/ */ /g' | cut -c 2-) if [ -z "${PACKAGES}" ]; then echo 'nothing to install.' else echo "ensuring installation of: ${PACKAGES}" - apt_digested ${APT_ARG} ${PACKAGES} + apt_digested "${APT_ARG}" "${PACKAGES}" fi done prefixed_msg_exit diff --git a/trixie/scripts/setup_server.sh b/trixie/scripts/setup_server.sh index d030bfb..7b8898c 100755 --- a/trixie/scripts/setup_server.sh +++ b/trixie/scripts/setup_server.sh @@ -27,7 +27,7 @@ CADDY_PASSWORD="$2" HOSTNAME="$3" FQDN="$4" if [ -f "${PATH_REL_DIR_APTMARK}/${HOSTING_APTMARK_TAG}" ]; then - INSTALL_TAGS="${INSTALL_TAGS} ${HOSTING_SERVICE}" + INSTALL_TAGS="${INSTALL_TAGS} ${HOSTING_APTMARK_TAG}" else abort 'Unrecognized hosting service.' fi -- 2.30.2 From 4f16d9be40caa628fb9d9d1a5dd37852456264f6 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 10 Oct 2025 15:03:20 +0200 Subject: [PATCH 15/16] Fix. --- trixie/scripts/lib/ensure_packages_of_tags.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/trixie/scripts/lib/ensure_packages_of_tags.sh b/trixie/scripts/lib/ensure_packages_of_tags.sh index d6b9283..ceda292 100644 --- a/trixie/scripts/lib/ensure_packages_of_tags.sh +++ b/trixie/scripts/lib/ensure_packages_of_tags.sh @@ -5,20 +5,23 @@ ensure_packages_of_tags() { prefixed_msg_init 'ensure_packages_of_tags' + # shellcheck disable=SC2089 local APT_ARG="-q -q -o 'Dpkg::Options::=--force-confnew' install" local TAG - for TAG in "$@"; do + # shellcheck disable=SC2068 + for TAG in $@; do prefixed_msg_no_nl "For tag '${TAG}', " local TEST TEST=$(echo "${TAG}" | cut -d':' -f1) - # TODO get rid of this one + # TODO get rid of this one if [ "${TEST}" = 'keep_if_installed' ]; then local PACKAGE PACKAGE=$(echo "${TAG}" | cut -d':' -f2) printf 'checking if installed … ' if dpkg-query -Wf '${Package}\n' | grep '^'"${PACKAGE}"'$' > /dev/null; then echo 'yup, keeping!' - apt_digested "${APT_ARG}" "${PACKAGE}" + # shellcheck disable=SC2090,SC2086 + apt_digested ${APT_ARG} ${PACKAGE} else echo 'nope, nothing to keep.' fi @@ -35,7 +38,8 @@ ensure_packages_of_tags() { echo 'nothing to install.' else echo "ensuring installation of: ${PACKAGES}" - apt_digested "${APT_ARG}" "${PACKAGES}" + # shellcheck disable=SC2090,SC2086 + apt_digested ${APT_ARG} ${PACKAGES} fi done prefixed_msg_exit -- 2.30.2 From a4069963d1c4b897250eaa1453ced996966b74ec Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 24 Dec 2025 13:09:15 +0100 Subject: [PATCH 16/16] Fix. --- .../home/plom/.config/iamb/config.toml | 7 ++++ .../desktop/home/plom/.local/bin/setup_apps | 39 +++++++++++++------ trixie/scripts/lib/INSTALLER_VERSION.sh | 2 +- 3 files changed, 36 insertions(+), 12 deletions(-) create mode 100644 trixie/copy/desktop/home/plom/.config/iamb/config.toml diff --git a/trixie/copy/desktop/home/plom/.config/iamb/config.toml b/trixie/copy/desktop/home/plom/.config/iamb/config.toml new file mode 100644 index 0000000..2e8e425 --- /dev/null +++ b/trixie/copy/desktop/home/plom/.config/iamb/config.toml @@ -0,0 +1,7 @@ +default_profile = "matrix-org" + +[profiles.tchncs-de] +user_id = "@plomlompom:tchncs.de" + +[profiles.matrix-org] +user_id = "@plomlompom:matrix.org" diff --git a/trixie/copy/desktop/home/plom/.local/bin/setup_apps b/trixie/copy/desktop/home/plom/.local/bin/setup_apps index a9513c3..f660103 100755 --- a/trixie/copy/desktop/home/plom/.local/bin/setup_apps +++ b/trixie/copy/desktop/home/plom/.local/bin/setup_apps @@ -9,7 +9,7 @@ cd "${ROOT}" abort_if_offline abort_if_command_unknown xz -expect_n_args 0 4 '[discord] [mattermost] [signal] [telegram]' "$@" +expect_n_args 0 5 '[discord] [mattermost] [signal] [telegram] [iamb]' "$@" install_with_repo() { local APP_NAME=$1 @@ -50,16 +50,6 @@ install_telegram() { rm "${FILENAME_TGRAM_ARCHIVE}" } -install_discord() { - local FILENAME_DISCORD_DEB_SOURCE='download?platform=linux' - local FILENAME_DISCORD_DEB_TARGET=discord.deb - local URL_DISCORD="https://discord.com/api/${FILENAME_DISCORD_DEB_SOURCE}" - wget "${URL_DISCORD}" - mv "${FILENAME_DISCORD_DEB_SOURCE}" "${FILENAME_DISCORD_DEB_TARGET}" - sudo apt install "./${FILENAME_DISCORD_DEB_TARGET}" - rm "${FILENAME_DISCORD_DEB_TARGET}" -} - install_mattermost() { install_with_repo mattermost deb.packages.mattermost.com pubkey.gpg stable } @@ -68,6 +58,30 @@ install_signal() { install_with_repo signal updates.signal.org/desktop/apt keys.asc xenial } +install_from_deb() { + local URL_PREFIX="$1" + local FILENAME_DEB_TARGET="$2" + local FILENAME_DEB_SOURCE="$3" + if [ -z "${FILENAME_DEB_SOURCE}" ]; then + FILENAME_DEB_SOURCE="${FILENAME_DEB_TARGET}" + fi + local URL_DEB="${URL_PREFIX}${FILENAME_DEB_SOURCE}" + wget "${URL_DEB}" + if [ ! "${FILENAME_DEB_TARGET}" = "${FILENAME_DEB_SOURCE}" ]; then + mv "${FILENAME_DEB_SOURCE}" "${FILENAME_DEB_TARGET}" + fi + sudo apt install "./${FILENAME_DEB_TARGET}" + rm "${FILENAME_DEB_TARGET}" +} + +install_discord() { + install_from_deb https://discord.com/api/ discord.deb download?platform=linux +} + +install_iamb() { + install_from_deb https://github.com/ulyssa/iamb/releases/latest/download/ iamb-x86_64-unknown-linux-musl.deb +} + TEMP_DIR=$(mktemp -d) cd "${TEMP_DIR}" @@ -76,6 +90,7 @@ if [ "$#" -eq 0 ]; then install_telegram install_discord install_mattermost + install_iamb else while [ "$#" -gt 0 ]; do if [ "$1" = 'signal' ]; then @@ -86,6 +101,8 @@ else install_discord elif [ "$1" = 'mattermost' ]; then install_mattermost + elif [ "$1" = 'iamb' ]; then + install_iamb else echo "unrecognized target: $1" fi diff --git a/trixie/scripts/lib/INSTALLER_VERSION.sh b/trixie/scripts/lib/INSTALLER_VERSION.sh index 549df00..8329263 100644 --- a/trixie/scripts/lib/INSTALLER_VERSION.sh +++ b/trixie/scripts/lib/INSTALLER_VERSION.sh @@ -1 +1 @@ -INSTALLER_VERSION=13.1.0 +INSTALLER_VERSION=13.2.0 -- 2.30.2