.

linuxconf/files/mymsbin/rmserial → linuxconf/files/mybin/rmserial

 #!/bin/bash
+# one-click serial access to a bare-metal server.
 
 function die () {
     echo "$1"

linuxconf/files/mymsbin/_recolic-encrypted-executable

-#!/bin/bash
-# This is equivalent to running decrypted binary directly.
-
-set -e
-
-EXECNAME=$(basename "$0")
-TMP_BIN="/tmp/.tmpbin-$EXECNAME"
-
-if [ ! -f "$TMP_BIN" ]; then
-    gpg -d -o "$TMP_BIN" "$0.gpg"
-    chmod +x "$TMP_BIN"
-fi
-
-"$TMP_BIN" "$@"

linuxconf/files/mymsbin/azmon

-#!/bin/fish
-#Usage: azmon <build_id>
-#This script will monitor this pipeline, and beep when pipeline finished.
-
-function azmon
-    set id $argv[1]
-    while true
-        sleep 15
-        curl -s -H $devops_header "https://msazure.visualstudio.com/b32aa71e-8ed2-41b2-9d77-5bc261222004/_apis/build/builds/$id" > /tmp/azmon$id
-          or echo "FAILED TO req API. check devops_header"
-        cat /tmp/azmon$id | grep 'Azure DevOps services are currently unavailable'
-          and continue
-
-        cat /tmp/azmon$id | grep 'status":"notStarted' -v | grep 'status":"inProgress' -v
-        and begin
-          beep
-          or mpg123 ~/Nextcloud/tmp/alarm/alarm.mp3
-          or notify-send "ppl complete $id"
-          or echo Failed to send notify
-        end
-    end
-end
-
-azmon $argv[1]
-

linuxconf/files/mymsbin/azvm-deploy.sh

-#!/bin/bash
-# This script deploys n test VMs into a vnet, and optionally, you can make it deploy into TiP session.
-
-COLOR_BLU='\033[0;34m'
-COLOR_CLR='\033[0m'
-COLOR_RED_BLD='\033[1;31m'
-function var_default_val () { eval "[[ -z \$$1 ]]" && export "$1=$2" ;echo -ne "$COLOR_BLU"; eval "echo \"  >> $1 = \$$1\"" ;echo -ne "$COLOR_CLR"; }
-
-location="$1"
-vmcount="$2"
-tipid="$3"
-cluster="$4"
-
-# D/E_v5 for OVL, D/E_v4 for non-ovl. Refer to Azure doc for more details.
-var_default_val vmsize              Standard_E2_v5
-var_default_val vnet_ipv6           0
-var_default_val vnet_enc            0
-var_default_val accelnet            1
-
-# If set to n: First n VMs will be deployed into TiP (if provided TiP session), and TiP session would be ignored for the rest VMs.
-var_default_val only_n_vms_in_tip   999
-
-var_default_val prefix              $(short=1 today || echo zz)$(head -c6 /dev/urandom | base64 -w0 | tr -d =/+)
-var_default_val resgrp              rshgrp-$prefix
-var_default_val vmname              rvm-$prefix
-var_default_val avname              $vmname-av
-var_default_val vnetname            vnet-$vmname
-
-var_default_val vmimg               Ubuntu2204
-
-# Path to an executable (usually bash script) to upload & run on VM creation. Don't forget your shebang!
-var_default_val vmsetup_exec
-
-var_default_val plugin_dir          "$(dirname "$0")/azvm-plugins"
-var_default_val plugins
-var_default_val dryrun              0
-
-######## Configuration END #########################################
-
-function plugin_hook () {
-  for p in $plugins; do
-    source "$plugin_dir/$p"
-    if declare -f "$1" > /dev/null; then
-      "$1" ; unset -f "$1"
-    fi
-  done
-}
-
-if [ "$vmcount" = "" ]; then
-    echo "
-azvm-deploy.sh v2505.1
-This script deploys n test VMs into a vnet, and optionally, you can make it deploy into TiP session.
-Usage: $0 <location> <vmcount> [tipid] [cluster]
-Example: $0 eastus2 2
-         $0 eastus2 2 11111111-2222-3333-4444-555555555555 AAA01BbbCcc02
-
-Optionally, you can override some variables by setting corresponding env. For example:
-         resgrp=mygrp vmsize=Standard_D2_v3 $0 eastus2 2 ...
-         prefix=t0704 plugins=secured vnet_enc=1 only_n_vms_in_tip=1 $0 eastus2 2 ...
-Optional variables (read script for help):
-$(grep '^var' $0 | sed 's/^/  /')
-
-Available plugins:
-$(ls -m $plugin_dir)
-
-Use plugins like this:
-  plugins=secured $0 eastus2 1
-  plugins='secured slb' resgrp=mygrp $0 eastus2 2
-
-Plugin-specific help:"
-    plugins="$plugin_dir/*" plugin_dir="" plugin_hook plugin_help
-    exit 1
-fi
-
-vm_create_xtra_arg=()
-vm_create_xtra_arg_first_n=()
-vnet_create_xtra_arg=()
-explicit_vnet_create=0
-
-[ "$vnet_enc"       = 1 ] && vnet_create_xtra_arg+=(--enable-encryption true --encryption-enforcement-policy allowUnencrypted) && explicit_vnet_create=1
-[ "$accelnet"       = 1 ] && vm_create_xtra_arg+=(--accelerated-networking true)
-[ "$vmsetup_exec" != "" ] && vm_create_xtra_arg+=(--user-data "$vmsetup_exec")
-vm_admin_pass=$(rsec WEAK12) || vm_admin_pass=dummypassW12
-
-function echo_info () { echo -e "$COLOR_BLU"     "$@" "$COLOR_CLR" 1>&2 ; }
-function echo_warn () { echo -e "$COLOR_RED_BLD" "$@" "$COLOR_CLR" 1>&2 ; }
-function debugexec () {
-    echo_info ".. EXEC #" "$@"
-    [ "$dryrun" != 0 ] || "$@" ; return $?
-}
-
-echo_warn "II Deploy $vmcount VMs at location $location, in res_grp $resgrp ..."
-
-# Create RG if not exists.
-if ! az group show -g "$resgrp" > /dev/null 2>&1; then
-    debugexec az group create -n "$resgrp" --location "$location" || exit $?
-fi
-
-plugin_hook plugin_before_av_creat
-
-# Create an availability set if we want deploy into specific node/cluster. This could be a plugin.
-if [ "$cluster" != "" ]; then
-    echo_warn "++ Using TiP session $tipid at cluster $cluster"
-
-    # `az vm availability-set create` doesn't allow setting internalData.pinnedFabricCluster, we must use the ugly ARM deployment.
-    echo "H4sIAAAAAAAAA31TTY/aMBC98yssb6VtJUgC7WX3VrFaqYfthd1eVqgakgGmdWzLnoAo4r/XTgJs+EoixZr3Zvzma9sT4ZGffL7EEuSjkEtm6x/TtLEkJWhYYImaE/hXOUxyU7aYT0fZ8GGQfRtkw7RAq8wm8l6xtAoYkz/e6DvZb27IjeYA/kLnyeh40TDJ4rsnWHBQIgc8gNvaVtthpYM92ITYSt7YeJQTdqQXctc/8pTJgZvQN3lMloo63G1eriof1ETmOa+mtWy5AkcwU3gi/HeoVKxH9IsFmRtXvtkiVObJlEB6bCrNAnQh9ugzVIo7oENR4DyaBRsxFKTFmnRh1l743JHlRGjDwofGiPUS2AteoigRdJCZiDcffqLu2z6O7Eh36E3l8lr6+0H6MYmmYm3yL5Q7482ck7EpbcWYwgpIwYwU8WaC7GW/6wmWPjR8lI2+DrLwDU95bYfl+3EIPt83jb//Mj1lf+h012MPXPBhWHTbc0Beyf40BSYT9FHoj+IsbD0xMWbHeXdyg/9bXb5gn9x3RQuNxe0o1hmLjgmvqL02KvVCnSTdcTibvKseFBbVaVBPwHBRRBOXdEjmGWaO8vFhVbqFa1forHQXEq9jrshxBeoF8iXpZian3Wr1uqdpb9f7D7e+f03CBAAA" | base64 -d | gzip -d > /tmp/template-avset.json || exit $?
-    if [ "$tipid" = "" ]; then
-        echo_info "++ tipid is empty.. Will just deploy into cluster $cluster"
-        sed -i 's/"tags": . "TipNode.SessionId": ".parameters..tipid..." .,//' /tmp/template-avset.json
-    fi
-    debugexec az deployment group create -g "$resgrp" --template-file /tmp/template-avset.json --parameters "avname=$avname" "location=$location" "tipid=$tipid" "cluster=$cluster" || exit $?
-    vm_create_xtra_arg_first_n+=(--availability-set "$avname")
-fi
-
-# This could also be a plugin.
-if [ "$vnet_ipv6" = 1 ]; then
-    vnet_create_xtra_arg+=(--address-prefixes 10.0.0.0/16 fd00:db8:deca::/48 --subnet-prefixes 10.0.0.0/24 fd00:db8:deca::/64)
-    explicit_vnet_create=1
-fi
-
-# bug fix: some VM size (M96s_v3) doesnt support Trusted Launch, but --security-type Standard broken in azcli 2.71.
-if [[ "$vmsize" = Standard_M*_v3 ]]; then
-    if az --version | grep azure-cli | grep "2\\.7[123]\\." 2>/dev/null; then
-        echo_warn "Mitigation doesnt work. This VM size wont work with Trusted Launch, and azcli 2.71 doesnt allow --security-type Standard"
-        echo_warn "Please downgrade to azure-cli 2.70. https://github.com/Azure/azure-cli/issues/31191"
-        exit 1
-    else
-        vm_create_xtra_arg+=(--security-type Standard)
-    fi
-fi
-
-plugin_hook plugin_before_vnet_creat
-
-# Explicitly create vnet if advanced options are necessary
-if [ "$explicit_vnet_create" = 1 ]; then
-    if ! az network vnet show -g "$resgrp" --name "$vnetname" > /dev/null 2>&1; then
-        [[ " ${vnet_create_xtra_arg[@]} " =~ " --subnets " ]] || vnet_create_xtra_arg+=(--subnet-name default)
-        debugexec az network vnet create -g "${resgrp}" --location "${location}" --name "${vnetname}" "${vnet_create_xtra_arg[@]}" || exit $?
-    fi
-fi
-
-plugin_hook plugin_before_vm_creat
-
-# Actually create the VM
-for cter in $(seq $vmcount); do
-    vm_create_xtra_arg_i=("${vm_create_xtra_arg[@]}")
-    [ "$cter" -le "$only_n_vms_in_tip" ] && vm_create_xtra_arg_i+=("${vm_create_xtra_arg_first_n[@]}")
-
-    plugin_hook plugin_before_each_vm_creat
-    debugexec az vm create -g "$resgrp" --name "$vmname$cter" --image "$vmimg" --admin-password "$vm_admin_pass" --admin-username r --location "$location" --size "$vmsize" --vnet-name "$vnetname" --subnet default "${vm_create_xtra_arg_i[@]}" || exit $?
-
-    if [ "$vnet_ipv6" = 1 ]; then
-        debugexec az network nic ip-config create -g "$resgrp" --name "$vmname${cter}-xtraipc" --nic-name "$vmname${cter}VMNic" --private-ip-address-version IPv6 --vnet-name "$vnetname" --subnet default
-    fi
-    plugin_hook plugin_after_each_vm_creat
-done
-
-plugin_hook plugin_after_vm_creat
-
-echo_info "Done. SSH to your VM: az vm list-ip-addresses --output table -g $resgrp"

linuxconf/files/mymsbin/azvm-plugins/altaddr

-#!/bin/bash
-
-function plugin_help () {
-    echo "
-###############################################
-### azvm-deploy.sh plugin 'altaddr' v2505.1 ###
-
-Use alternative vnet IP range. (Useful for vnet peering)
-
-Args: vnet_altaddr (default = no effect)
-Set a non-zero number (1-253) and your vnet ip will look like '10.XXX.0.0/24'
-
-Please include this plugin **before** 'secured'
-"
-}
-
-function plugin_before_vnet_creat () {
-    var_default_val vnet_altaddr 0
-
-    if [ "$vnet_altaddr" != 0 ]; then
-        [ "$vnet_ipv6" = 1 ] && echo_warn "++ Conflict: vnet_altaddr conflicts with vnet_ipv6." && exit 1
-        [[ " ${vnet_create_xtra_arg[@]} " =~ " --subnets " ]] && echo_warn "++ Conflict: please include 'altaddr' plugin before 'secured'" && exit 1
-    
-        vnet_iprange=10.$vnet_altaddr.0.0
-        echo_info "++ alt_addr: vnet IP range $vnet_iprange"
-        vm_create_xtra_arg+=(--vnet-address-prefix $vnet_iprange/16 --subnet-address-prefix $vnet_iprange/24)
-        vnet_create_xtra_arg+=(--address-prefixes $vnet_iprange/16 --subnet-prefixes $vnet_iprange/24)
-    fi
-}

linuxconf/files/mymsbin/azvm-plugins/extra-tip

-#!/bin/bash
-
-function plugin_help () {
-    echo "
-###########################################
-### azvm-deploy.sh plugin 'extra-tip' v2504.1 ###
-
-This plugin helps creating VM across more than 1 tip session.
-
-Extra Args:
-  tip2_id
-  tip2_cluster (optional)
-  (tip2 must be in the same region)
-
-Example:
-  plugin=extra-tip vmsize=Standard_E4a_v4 vnet_enc=1 only_n_vms_in_tip=1 tip2_id=e45c538c-8c14-4770-ba0e-1bc6c7da3ddf azvm-deploy.sh centraluseuap 2 5d710a1b-6f7c-46d7-bc5c-21052d0050c9 CDM40PrdApp04
-  (VM1 will land on tip1, VM2 will land on tip2)
-"
-}
-
-function plugin_before_vm_creat () {
-    var_default_val tip2_id
-    var_default_val tip2_cluster "$cluster"
-    [ "$tip2_id" = "" ] && echo "ERROR tip2_id not set" && exit 1
-
-    echo -e "${COLOR_RED_BLD}++ Using Extra TiP session $tip2_id at cluster $tip2_cluster$COLOR_CLR"
-    debugexec az deployment group create -g "$resgrp" --template-file /tmp/template-avset.json --parameters "avname=tip2_$avname" "location=$location" "tipid=$tip2_id" "cluster=$tip2_cluster" || exit $?
-}
-
-function plugin_before_each_vm_creat () {
-    [ "$cter" -gt "$only_n_vms_in_tip" ] && vm_create_xtra_arg_i+=(--availability-set "tip2_$avname")
-}
-

linuxconf/files/mymsbin/azvm-plugins/secured

-#!/bin/bash
-
-function plugin_help () {
-    echo "
-###############################################
-### azvm-deploy.sh plugin 'secured' v2505.1 ###
-
-This plugin makes your VM compliant by:
-  1. Use TLS-compliant OS img.
-  2. Disable vnet outbound default access. (You need azcli older than 2.73.0)
-  3. Install Azure Monitor.
-  4. Set a tag for public ip.
-
-Extra Optional Args:
-  secured_version (default = 2506)
-"
-}
-
-# Thanks ChatGPT
-function vnet_args_parse_helper() {
-    local subnet_name=default
-    local subnet_prefixes=(10.0.0.0/24)
-    local collecting_prefixes=0
-    vnet_args_parse_remaining=()
-
-    while [[ $# -gt 0 ]]; do
-        case "$1" in
-            --subnet-name)
-                shift
-                subnet_name="$1"
-                ;;
-            --subnet-prefixes)
-                collecting_prefixes=1
-                subnet_prefixes=()
-                ;;
-            -*)
-                collecting_prefixes=0
-                vnet_args_parse_remaining+=("$1")
-                ;;
-            *)
-                if (( collecting_prefixes )); then
-                    subnet_prefixes+=("$1")
-                else
-                    vnet_args_parse_remaining+=("$1")
-                fi
-                ;;
-        esac
-        shift
-    done
-
-    local subnet_prefix_json="$(printf "'%s'," "${subnet_prefixes[@]}" | sed 's/,$//')"
-    echo "[{name:$subnet_name,default-outbound-access:false,address-prefixes:[$subnet_prefix_json]}]"
-}
-
-function plugin_before_vnet_creat () {
-    var_default_val secured_version 2506
-
-    if [ "$secured_version" -ge 2504 ]; then
-        # Block default-outbound-access.
-        # We have to parse vnet args, remove subnet config, and compose a json one.
-        vnet_args_parse_helper "${vnet_create_xtra_arg[@]}" > /tmp/.azvm-tmp-subnets-json || exit 1
-        local subnets_json="$(cat /tmp/.azvm-tmp-subnets-json)"
-        vnet_create_xtra_arg=("${vnet_args_parse_remaining[@]}")
-        vnet_create_xtra_arg+=(--subnets "$subnets_json")
-        explicit_vnet_create=1
-    fi
-}
-
-function plugin_before_vm_creat () {
-    if [ "$secured_version" -ge 2405 ]; then
-        # The following image are considered TLS-compliant: ["2022-datacenter-azure-edition","2022-datacenter","2022-datacenter-core","2022-datacenter-azure-edition-core","2022-datacenter-core-g2","2022-datacenter-g2","pro-22_04","pro-22_04-gen2","24_04","24_04-gen2","22_04-lts-arm64","azure-linux-3","azure-linux-arm64","azure-linux-gen2","1-gen2","cbl-mariner-1","cbl-mariner-2","cbl-mariner-2-arm64","cbl-mariner-2-fips","cbl-mariner-2-gen2","cbl-mariner-2-gen2-fips","cbl-mariner-2-kata","79-gen2"]
-        # az vm image list --publisher Canonical --output table --all | grep 0001-com-ubuntu-pro-microsoft | grep 22_04-gen2
-        if [[ "$vmsize" = Standard_D*v3 ]] || [[ "$vmsize" = Standard_E*v3 ]]; then
-            # Adjust this filter for other gen1-only VM sku.
-            vmimg=Canonical:0001-com-ubuntu-pro-microsoft:pro-22_04:22.04.202405240
-        else
-            vmimg=Canonical:0001-com-ubuntu-pro-microsoft:pro-22_04-gen2:22.04.202405240
-        fi
-        echo_info "++ plugin secured set vmimg = $vmimg"
-    fi
-}
-
-function plugin_before_each_vm_creat () {
-    az network public-ip create -g "$resgrp" -n "pip$prefix$cter" --location "$location" --ip-tags "FirstPartyUsage=/____"
-    vm_create_xtra_arg_i+=(--public-ip-address "pip$prefix$cter")
-}
-
-
-
-function plugin_after_each_vm_creat () {
-    if [ "$secured_version" -ge 2505 ]; then
-        debugexec az vm extension set -n AzureMonitorLinuxAgent  --publisher Microsoft.Azure.Monitor             --version 1.0 --vm-name "$vmname$cter" --resource-group "$resgrp" --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG":true}'
-        debugexec az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name "$vmname$cter" --resource-group "$resgrp" --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}'
-    fi
-}
-

linuxconf/files/mymsbin/azvm-plugins/slb

-#!/bin/bash
-
-function plugin_help () {
-    echo "
-###########################################
-### azvm-deploy.sh plugin 'slb' v2501.1 ###
-
-This plugin helps creating VM behind SLB.
-
-Extra Optional Args:
-  outbound_ports_per_vm (default value = 1000)
-
-Note:
-  SLB will redirect public_ip:8888 to ANY RANDOM VM:22, so it's recommended to only create 1 VM.
-  inbound-nat-rule is not reliable even if manually created on azure portal.
-"
-}
-
-function plugin_before_vm_creat () {
-    vm_create_xtra_arg+=(--public-ip-address "")
-}
-
-function plugin_after_vm_creat () {
-    LB_NAME=lbt_$prefix
-    FE_IP=feip_$prefix
-    BE_PL=bepl_$prefix
-    var_default_val outbound_ports_per_vm 1000
-    var_default_val enable_outbound_rule_fix 1
-    debugexec az network lb create --resource-group $resgrp --name $LB_NAME --sku Standard --frontend-ip-name $FE_IP --backend-pool-name $BE_PL --vnet-name $vnetname || exit
-
-    #if [[ $enable_outbound_rule_fix = 1 ]]; then
-    #    # This is an unreliable trick to use NIC directly. It's from good-case ARM template dump. 
-    #    debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses [0].name="${resgrp}_${vmname}VMNicipconfig${vmname}" || exit
-    #else
-        echo -e "$COLOR_RED_BLD Warning: enable_outbound_rule_fix not enabled. outbound_ports_per_vm limit won't make effect $COLOR_CLR" 1>&2
-        echo -e "$COLOR_RED_BLD If needed this feature, clear backend_pool and add VMs manually on az portal. $COLOR_CLR" 1>&2
-        # When a backend pool is configured by IP address, the backend instances are not secure by default and still use default outbound access.
-        # This means: outbound_ports_per_vm won't make effect
-        # Ref: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access#how-can-i-transition-to-an-explicit-method-of-public-connectivity-and-disable-default-outbound-access
-        debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses "[{name:addr1,ip-address:10.0.0.4}]" || exit
-    #fi
-
-    # TODO: The correct way to redirect PUBLIC:4022 to VM1:22. But azure-cli cannot associate nat-rule to machine. Even if u manually created one on az portal, it will de-associate after some time.
-    # debugexec az network lb inbound-nat-rule create --resource-group $resgrp --lb-name $LB_NAME  --name nat_rule_nt --protocol Tcp --frontend-port 4022 --backend-port 22 --frontend-ip-name $FE_IP || exit
-    # Warning: outbound-rule + lb-rule = outbound internet access
-    debugexec az network lb outbound-rule    create --resource-group $resgrp --lb-name $LB_NAME --name MyOutboundRule --protocol All --idle-timeout 4 --frontend-ip-configs $FE_IP --address-pool $BE_PL --outbound-ports $outbound_ports_per_vm || exit
-
-    # Redirects 8888 to ANY_MACHINE:22. Backend machine selected randomly. (replacement to inbound-nat-rule as workaround)
-    debugexec az network lb rule             create --resource-group $resgrp --lb-name $LB_NAME --name lb_rule_a --protocol All --frontend-port 8888 --backend-port 22 --backend-pool-name $BE_PL --frontend-ip $FE_IP --protocol Tcp --disable-outbound-snat 1 || exit
-    if [[ $vmcount != 1 ]]; then
-        echo -e "$COLOR_RED_BLD Warning: PublicIp:8888 is mapped to RANDOM_MACHINE:22. Add inbound-nat-rule on az portal manually if required.$COLOR_CLR" 1>&2
-    fi
-}

linuxconf/files/mymsbin/azvm-plugins/vnet-append

-#!/bin/bash
-
-function plugin_help () {
-    echo "
-###############################################
-### azvm-deploy.sh plugin 'vnet-append' v2505.1 ###
-
-Don't create a new vnet. Add VM into existing vnet instead.
-All vnet / subnet config would be ignored. Please do exactly same config as initial deployment.
-
-Conflict: Please include this plugin **after** 'secured'
-"
-}
-
-function plugin_before_av_creat () {
-    avname="${avname}_ex$(head -c3 /dev/urandom | base64 -w0 | tr -d =/+)"
-}
-
-function plugin_before_vnet_creat () {
-    az network vnet show --name "${vnetname}" --resource-group "${resgrp}" --query "name" --output tsv >/dev/null 2>&1 || ! echo_warn "[vnet-append] Error: To use this plugin, vnet $vnetname must already exists in $resgrp." || exit 1
-    vmname="${vmname}_ex$(head -c3 /dev/urandom | base64 -w0 | tr -d =/+)"
-
-    vnet_create_xtra_arg+=(--wrong-plugin-usage please_include_vnet-append_before_secured)
-    explicit_vnet_create=0
-}

linuxconf/files/mymsbin/oespolicy

-_recolic-encrypted-executable
\ No newline at end of file

linuxconf/files/mymsbin/oespolicy.gpg

------BEGIN PGP MESSAGE-----
-
-hQIMA2xDZEbjUq0tARAAlNsKT4Jn/Fba/P9srpL5RryzDHEZJ8R0gcQTDlz9QeA8
-R9BJ72k8ICEwKh+jLiQpMfZ6z7HhfV2u8cpA9HwkrmZPaGg5OIoYDkRgDSxSXkrb
-T+JfIYa3UarGNWaH+RS1qWItu9Z8rcBCVYj8Y7cUxQvbwxpT5Bb83/bt0dNlbYF9
-BEdDML7uK+Jle000Eu3YiYgFKIpnWg3BJQJ7sUxqwPzY/2p/Fj9bOeFp1TfeJDNv
-ZfMLn1UIvrrmba9tMEBIinE/Nti7N3YYzHiLtmAFRCrRbnCh4fZu3jB4Rp0+hrRG
-rykYkcuzF1mppqZAalRcNQIZ2j+/KX0HJWXk6M7Qf0DR/z5lSMdJwoomsmzcFlBW
-zoqOsHpQg5TseCP+E1lLG7DB6YGMIa5tKeT39iUIi7h8YY0WCung/0Ezz61BRADe
-Kots1v17DAynebCYKqThdkaClz1uLi7PAxdbrVY+kkJB+C+Lm9InRLCbHie2+az7
-zYzGB+bzA1yCKQGjy0cjLdKvHZBs9Fnsroqi8fVZfRtZnULGpe81soJLgUMBg12a
-puWRUhtE1paCxxv5MG6D/5+pTsspb0bqhsaq0O3ByJzq/RgVUL5CfAMS8jfi5km/
-KNPMDsNMN+uHSI5hKfm26utLehzm7WGHWz5qDp02aDjWd4eynZnswgN1vbLykKnS
-6gHXbn5h3itU0Ya9oQdoI4DLwIG7CTCXXAOpi/0Bl9KZt3HebPdk6Is1ikyXjhaO
-FA9UbpTWXWG5M8Muwzb/pFAeLqhxuFr0ZOlxK+s+rSZFWQhR3KtCV5Czdoc+Jeui
-W7NmkRwLAzxX8KMfBGlOnYm5fcHB9Me5mjzYzlRMGRiCDCAqWnoZGR5BQS1BAvWG
-wZuCDUZcfKf4yjakzjvCpgCts+EYUCopinqsVIPSb5jqZPMwfAy3J6NANh2E1bXk
-Lmk3Qu+4vIbCbjuw+NrRM7z5dqJjDocnjp4Kz3ZYBQUUFho+zzDibBPaTNDKrwCR
-CdmuiKuhnJVtrnqY4/x9XIKdOGT63Gb2P0lNtnusLlf+EOXRRFGDYUQ1jx3e0hk4
-YneQ55rkPcPcnwpN7oAMQ8gLIuvLyRIWNF71Je9VAJQo8/QgwNP+oYQQN+GmPA1H
-6c82JsfOe22GsUrKcc6Xuw7Eiqeau/GCHmeNTvQtJD6Vvql4B/JjDX3ftx0VgCSr
-+IOGfH1Np2NtFq0LAMIFW/HcENGLwjJgAz3APL9ynnp2Q3xjMDyibPlmbJI+qp6C
-8N08l/nRROOKYAYg45LSJ9UYxGni9p8RG8PG6dRukbP2bby8SSiliVDUaGKBAzr3
-p7DjQ3WX3PxM6wMt/XfiJ5PXY7XGf/AFGcBhJu1Q3ZnXmLLpfXvbvUZ3pG/e/SVH
-Jb0GST3A5UAlJ/uqXb+FXY1TYV+SXbWNHSkhBjAdVWt4FlRU4Q/fk0LMrkXMl1w4
-j1fXEEu1Us2I9MlbbZuHgp4MaN/iUlCEZv3yL7M6zMS8UcNuV/i274P8UUneZWGb
-fQOMG5CuwJy0bul7Hgkqekp1nOjCU5SDvL6dxmBnIGQDjqnNGkpkp1215gJSx6o7
-Ry/IFkBAEdsJBUqwwZ+FnvYlgnvHkVHFX77w+IDYx4evPKLegwJFBW+U3xjxJrl9
-FQP6zRBVBI6YiibqL8tDniFIzVFDGkm8pKOhn3wQxuVo80ubsR9T0MpOkBxldlBC
-Gx9cRWw8u6EK8xxAYHgQ64txPzWrXbMTV9geqxEx0Iv1XpkMEDuq23xk0jCHCpZ7
-atLEFTBF+ypfnGKnJgm6hmzvRN8yrP1Cgse46Ou0kCXPnXIEtb0QAYk36lxZ3pt/
-RJhJbHV5Ub6WgXaqiEmC13aYw3qcfVt1xcue/z+Xs5/xA5d5MIGnoKYySbaf+zHg
-1Xn4x/hCAWy9CaGCeh5Vlb0O4S8dMBZbC5s0ZRrSMdm3nSZFGqpsFzgCxvT6Zcah
-9rfE1kIl3AvdigRP93n+E1u/uJYSxBIeqTMEINhiCQ9Axj49kboJMN6mrClkb5am
-V6eXvtpXCNfBaDWCbCM94ckslcCdlYzYyZwmnX6Qj+xa7SuZlwghZWgMuBWqPnHc
-8Unhy56YdsTMjS/GAWw=
-=X++q
------END PGP MESSAGE-----

linuxconf/files/mymsbin/patnew.fish

-#!/bin/fish
-## This script prints cached PAT token if expired, create a new one otherwise.
-# starting 04/15, stupid az devops only allows 7-day PAT, not 90 days.
-# It's stupid to keep clicking clicking clicking every day. This script request PAT automatically.
-
-
-set NEXTCLOUD_PREFIX $HOME/(ls $HOME | grep -i '^nextcloud$' | head -n1)
-set token_cache_file $NEXTCLOUD_PREFIX/tmp/pat-token.txt # TODO: find a good loc
-
-set make_web_req_func "
------BEGIN PGP MESSAGE-----
-
-hQIMA2xDZEbjUq0tAQ//WxrdoexK6u8QrDJRBaN+q4qMdWvUcNGLUmdMSY1cPFRO
-JCEJLVpvhn+YPK+/movgFv7oFx4B4I2cpdyaNSkYN5HL7P/ripaTZHa1kcT0j3Z0
-tvpwSOdfbdIwKGQdqBSk0vJPi8KKIMa5iPSMYb9h0A/y9KFYeJOAS1k46TNzb4BD
-ZzrZZSQtBnx6G+DJKAeY8Wd4t0mDOKmUwlOegKswWydBroixg8vPK4CuMmctWypA
-JUvYHSkvNzbOvyLGTFu/wp5Hu+YCpRpXgOZUjBDnaVCMEnIKpQbyNx11/YVrLuD8
-DrLR6dBYpa46jtW7GWlAY96zXzpYl0O6Z4ixFAFiVZWGBupbivh6vl3ISOOy+A4J
-1Qzqo/sBhvr1zi3jHc26+4sKLnOGlIOzhCgaJErOs3K6u9YVdO4gwwQHzu0v887u
-05sroF+mB2hB9UT7cFKRNA9zKI/tfJYa+4xgeJfahoYSu/nb+0cFhfVaKNv0/J+d
-10BbGnNy+SlLz4GWAdbmW/ms0KELGOg3gHlKkfT3s+6+8LAGJ/VRYNtlFS5DEcmp
-3CiFZb4E1Zd8B7R1TegN+QG8J32Hn3/gRaZDPbDVfNSrliiSlH9dkppO4rhS0iLY
-FfK0QMhfN90S8CWtcU4D0eNp4YXSSNeZdCXQd/hjJA2WCkRadUh4j/YhAInCMPXS
-6gE4GoopXHB0fexLlNgTPdLWUUrKkfANq7JHbveiS/n+wbxbATbtNlxzf97yE1xa
-U+nZD0FLieBU4n2GvRjKfb4+Sz/s6VSAh4cOKsiupUcrhxWScYcxL3POTw/N2kk0
-cq/m5PdEDHJ0lTYlOjZhRj73sH5RiN+h5SSTiX85lTyJLjQAgcRjOcO2tQpUo3s1
-UUyVo2s7IlwExcRFtoCXysYt41UE5I5Cj2VfN7EVWUcn+/k6JyBF7J2qRBVhO+iu
-8LwSAjPOoBxsZgfMyc3xMgQumjTPJbC+yNzSlwVomfdyKeEezElC3cIgFV7+wcdv
-EJoI8yokTHDW7JaF+e9H93UGCwj0GIojUc/nEOxIU31KYZK5MNp0vfTpAB7ZiujA
-iNMlDLTWQ7FqyCoA/X/18aAgDwc2voQJcHr4sa7PrbeqJoF4Toze81FadDDdt2w4
-9Rnuf59AWKqq5ofZkNwmu3+7D7uvWwqzDnkIYzvTkIvQqVwRdmwuc0JsNzsZzJ2c
-XEHOT0EX8TKL4yrEJksg8ygjplru+M7nqApGt1gWpIS1moGSWE4aHNC4h0j+ybUx
-kSHvU2QYbNt7FSuDgBfpDrmKIb3pHz2/Da9YNPl+m88jR5k2Mhzc0Wd4Bc2fe20D
-f/4wpzFoVgPuSf8x9IqwCdROKXFdw89XPodO+1ixxX8UgtLpoPGvzr7dS7unUQ3K
-4yvEB8iFn/OVBDPD7Cq5AuKZy614VGOoFyeumbLMUpyM/KbC5CKzYphqumSlgPD4
-9RMbqIBcyNd1YEIYZEfv4OZtpqN63gTAV727CeJYZnVKZPbZlGbrdNXvdE+8Ncxi
-9ItdhXDAQsbQ7caYcKcg1PZijCaqmbhje9pxXhonBkPCcob51c9eaVBW5JsQVCUH
-5TosKwHzIdGoBO7eQlMx/1zWH6QJ/UtI1hFOEqn4/RV911qbDRDOZXQVhK6yqW7y
-35a+Y8M3e0JXMoCN2qWkjlhWM+AM25UIx4rN7oNjvesTI7sgrR9uIupYhIoN5Sy2
-SENxWlNGUPpIHdnq3kYd87O8fxoP0rb9ZZfIDJxLc1godk0ZS+b1kerV7OJf3XJP
-kwN8nbIVYjZOdor4OG45Y5b/z4aLXmvd1zqz87NIe62/X9TPH4R/ajbPzUv0bqPR
-5TfUEf3Wc8Sl/VTahdokKYZnepe4WnSbApalkvjxe+AGRviYPp/1MxRJz00pCVy7
-sVwlcR2z9gwnl3Y4MmSeHNklNfIaDTJW6E8vL+5rqipibqL14KzXCYYyDR5wVh1s
-zikGLeeXIdBUxxLcCTFNz+13uKMAT93pbHkZa6fkPBMzeXtpt5MREscBCzOnyBlq
-NKr+JHGQs+lsts3ySpM3n2bpWpyjBeGDdF8Y0hXjPPhcTC5u8DlmNbTECrcmHPsS
-XAdaCO4xqxmQHwcnTfNNo4IRArnb2paG/LlYanvqL9owHSLkE60k++uUDf04Aqqd
-GNYagxnO8li7DQmea37mBLob8EMqM0u/demgDRrWRK3Yw4a2Efe9n2sxHI59nNHn
-d6UgDUaX55k1+SC5WCVS2uLCPfrLNgcJnU5M74KwGv9XlW7oI3QnWMCtBW0oaiai
-uXxYLNv9u3iFMv3XpCKRD7sPh3CTLUSp4vqeuQS5k13ClhSJLEiwpqsvqyyKPU58
-EF1eeLsKSgasZ1NXzjjmUUROKCJRPeksUNn8ro6ODz81SNubT/sW7s1ZaZyb4Xul
-HfXTQ22+uEDGF8W14UAGrZHcP5guNqbNxIUWliM6vffKpi7DJhZ1OXq1GZuQRdIT
-ODv/r6Kd8uznEgQqUqMCjk2yT4MxRJu5MtwN5Gg5UaGl0MHrrPv+Uf1MJKoK98ak
-MTkDqir2tS/fnx7FLbREqgkhrCAH77id3RFYfz0/vwtVdqE82qCj/LxXhiTyoOHZ
-Mmi1cmoU4dIw5Gj9hpOAPOl3h+90UJf5hlMJyYBn+ZIy5kQWU8HrJQkajP3HiKma
-3Jn6dPUTWn1Cv4HKnTuFYSaJWFfhmygquCGLLBib4xI5sFH4/vfPn5+U4qJ/eBEq
-sMYJ5LwEuGKgzWQu
-=QqGG
------END PGP MESSAGE-----"
-
-# use this sample function for testing. 
-function make_web_req_sample
-    echo "VAL: g5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx3a|"
-end
-
-function GenNewToken
-    echo "Decrypt make_web_req_func & Generating new token..." 1>&2
-    echo "$make_web_req_func" | gpg -d | source
-        or return 1
-    set -l token (make_web_req | cut -d ' ' -f 2 | tr -d '|')
-        or return 1
-    test "$token" != ""
-        or return 1
-################################### Starting ChatGPT generated code ##############################
-    set -l creation_time (date +%s)
-    set -l expire_time (math "7 * 24 * 60 * 60 + $creation_time") # after 7 days
-    echo "$token $expire_time" > $token_cache_file
-end
-
-# Function to check if token is still valid and print it if valid
-function is_cache_valid
-    if not test -f $token_cache_file
-        return 1
-    end
-
-    set -l token_expire_time (cut -d ' ' -f 2 $token_cache_file)
-    set -l current_time (date +%s)
-
-    if test $current_time -lt $token_expire_time
-        return 0  # Token is valid
-    else
-        return 1  # Token expired
-    end
-end
-
-function print_token_cache
-    set -l token (cut -d ' ' -f 1 $token_cache_file)
-    echo $token
-end
-
-# Main script logic
-if not is_cache_valid
-    if test "$DONT_REGEN_EXPIRED_TOKEN" = 1
-        echo "> Warning: Microsoft PAT outdated! Run patnew.fish to re-generate it." 1>&2
-        return 1
-    end
-    GenNewToken
-    or return $status
-end
-
-print_token_cache
-

linuxconf/files/mymsbin/saw-fup.sh

-#!/bin/bash
-
-# Variables
-LOCAL_FILE="$1"                                # File to process (passed as an argument)
-REMOTE_SCP_DEST="remote.hms.r:/mnt/fsdisk/nfs/tmp/saw-shared.file"  # SCP destination
-REMOTE_NFS_DEST="$HOME/nfs/tmp/saw-shared.file"                     # Local NFS destination
-
-[[ "$1" = "" ]] && echo "Usage: $0 <localfile path>" && exit 1
-
-# Check if the local NFS directory exists
-if [ -d "$(dirname "$REMOTE_NFS_DEST")" ]; then
-    echo "NFS directory exists locally. Moving file..."
-    mv "$LOCAL_FILE" "$REMOTE_NFS_DEST" && exit 0 || echo "Failed to move file locally to NFS directory."
-fi
-
-echo "NFS doesn't work. Using SCP to transfer file..."
-scp "$LOCAL_FILE" "$REMOTE_SCP_DEST"
-if [ $? -eq 0 ]; then
-    echo "File successfully transferred to remote server via SCP. Deleting original..."
-    rm -f "$LOCAL_FILE"
-else
-    echo "SCP failed. Original file retained."
-    exit 1
-fi
-

linuxconf/files/mymsbin/sma-graph.sh

-#!/bin/bash
-
-"$HOME/ms-scripts/$(basename $0)" "$@"

quick_push.sh

@@ -14,13 +14,3 @@ git add -A
 git commit -m ".$1" || true # fail if no change
 git push
 
-# copy to mirror
-msmirror=$HOME/code/msdoc/proj/sh-mirror
-if [[ -d $msmirror ]]; then
-    rm -rf $msmirror/*/ # remove all directories
-    cp -r linuxconf/files/mybin linuxconf/files/mymsbin $msmirror/
-
-    rm -f $msmirror/mymsbin/oespolicy
-    gpg -d -o $msmirror/mymsbin/oespolicy $msmirror/mymsbin/oespolicy.gpg
-fi
-