Various enhancements, mostly to mkcerts for dealing with LE's faggotry

.bashrc

@@ -97,6 +97,7 @@ function ga
 	if [ -z $PROG ]; then jq <<< "$data"; return; fi
 	$PROG $TARGET`jq -r .u <<< "$data"`.jpg
 }
+alias lynxc="lynx -cookies+"
 
 #deprecated
 #function nhen { echo https://nhentai.net/g/$1; }

mkcerts.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 #Do less often
 function generateCA { openssl req -x509 -newkey rsa:4096 -keyout $1.key -out $1.crt -sha256 -days 1825 -noenc -config $2; } # $1=kaka $2=caconf
 
@@ -6,10 +8,26 @@ function generatePriv { openssl req -new -newkey rsa:4096 -keyout $1.key -out $1
 # Should break this into two functions actually.
 
 #... Do most often? Maybe don't need to remake privkey.
+function generateReq { openssl req -new -key $1.key -out $1.csr -sha256 -noenc -config $2; } # $1=live $2=nuconf
 function signCert { openssl x509 -req -in $1.csr -out $1.crt -CA $2.crt -CAkey $2.key -days 400 -copy_extensions copyall; rm $1.csr ; } # $1=live $2=kaka
 # REMINDER TO PUT DIFFERENT NAMES ON THE CERTS FROM NOW ON TO MAKE THINGS CLEARER
 # No. Fuck you faggot, kaka and live are obvious enough.
 
+# Deal with LE's faggotry
+shopt -s expand_aliases
+if [ $1=nigger ]; then mode=nigger; shift; fi
+if [ $mode=nigger ]; then
+	alias carl=curl -H "User-Agent:nigger/faggots (https://letsencrypt.org/2025/12/02/from-90-to-45.html)"
+	sleepval=0
+	timer=0
+	backoff=0
+else
+	alias carl=curl -H "User-Agent:rakkacme (http://rakka.au/)"
+	sleepval=1
+	timer=10
+	backoff=1
+fi
+
 # GENERIC UTILS
 
 function ifsrev { __temp=$(tr "$2" '\n' <<< "$1" | tac | tr '\n' "$2"); echo -n ${__temp:0:-1}; }
@@ -32,7 +50,7 @@ function get_CA_URLs
 	CAs[jewgle]=https://dv.acme-v02.api.pki.goog/directory
 	CAs[jewgletest]=https://dv.acme-v02.test-api.pki.goog/directory
 	CA=$1
-	endpoints=$(curl -s ${CAs[$CA]})
+	endpoints=$(carl -s ${CAs[$CA]})
 	export CA
 	export endpoints # I don't know if this works, or if it matters
 } # $1=LE
@@ -64,7 +82,7 @@ function get_nonce
 	# Get a nonce (nigger):
 	nonce_resp=$1
 	if [ -z "$nonce_resp" ]; then
-		nonce_resp=$(curl -si $(echo $endpoints | jq -r .newNonce))
+		nonce_resp=$(carl -si $(echo $endpoints | jq -r .newNonce))
 	fi
 	grep -i 'replay-nonce' <<< "$nonce_resp" | tr -d "\r" | grep -Eo '[0-9a-zA-Z_\-]+$' # Fucking Windows line endings
 }
@@ -101,11 +119,11 @@ function complete_challenges
 		apply_challenge $dom ${toks[$dom]}
 	done
 	systemctl reload named # Actually update DNS for real final7
-	declare -a pending pending2
+	declare -a pending
 	for dom in ${!chals[@]}; do
 		IFS=';' read -a chalurls <<< ${chals[$dom]}
 		for chalurl in ${chalurls[@]}; do
-			sleep 1 # Spam a bit less
+			sleep $sleepval # Spam a bit less
 			rurl=$(base64 -d <<< $chalurl)
 			send_req $rurl '{}' > /dev/null # need empty dict to tell server to validate challenge, empty body only checks status. Just another certified ACME moment.
 			pending+=("$rurl")
@@ -115,28 +133,24 @@ function complete_challenges
 	echo "beginning validation" >&2
 	echo "pending list contains: ${pending[@]}" >&2
 	dirty=1
-	timer=10
-	backoff=1
 	tick=0
 	while [ $dirty -gt 0 ]; do
 		dirty=0
 		for url in ${pending[@]}; do
-			sleep 1
+			sleep $sleepval
 			echo "checking $url" >&2
 			oof=$(send_req $url)
 			oof2=$(jq -r .status <<< "$oof")
 			nonce=$(get_nonce) # For some reason checking status doesn't come back with a nonce, or comes back with same nonce.
-			if [ $oof2 != valid ]; then dirty=1; pending2+=("$url"); echo -n "in" >&2; fi
+			if [ $oof2 != valid ]; then dirty=1; echo -n "in" >&2; fi
 			echo "valid" >&2
 		done
-		pending=("${pending2[@]}")
-		pending2=()
 		echo "sleeping for $timer" >&2
 		sleep $timer # This gets slower each iteration, to spam the server less
 		timer=$(($timer+$backoff))
-		tick=$(($tick+1))
+		tick=$(($tick+$sleepval))
 		echo "tick: $tick, backoff: $backoff" >&2
-		if [ $tick -ge $backoff ]; then tick=0; backoff=$(($backoff+1)); fi
+		if [ $tick -ge $backoff ]; then tick=0; backoff=$(($backoff+$sleepval)); fi
 	done
 }
 
@@ -190,7 +204,7 @@ function get_cert
 	# I guess I should just include the conf file
 	send_req $finalise '{"csr":"'$(cat live.csr | b64u)'"}'
 	certurl=$(send_req $orderurl | jq -r .certificate)
-	curl $certurl > out.crt
+	carl $certurl > out.crt
 }
 
 # SERVER COMMUNICATION
@@ -206,7 +220,7 @@ function send_req
 	body=$(b64u <<< "$data")
 	sig2=$(echo -n "$body.$req" | openssl dgst -sha256 -sign account.key | b64u)
 	mexican='{"protected": "'$body'", "payload": "'$req'", "signature": "'$sig2'"}' # Because it's a jose
-	req_resp=$(curl -isH "Content-type:application/jose+json" $url --data "$mexican" | tr -d "\r") # Here is the line that does the work
+	req_resp=$(carl -isH "Content-type:application/jose+json" $url --data "$mexican" | tr -d "\r") # Here is the line that does the work
 	req_heads=$(sed -n 1,/^$/p <<< "$req_resp")
 	req_resp=$(sed 1,/^$/d <<< "$req_resp")
 	nonce=$(get_nonce "$req_heads")
@@ -219,4 +233,4 @@ function send_req
 get_CA_URLs $1
 shift
 load_kid
-$@
+$@

port_forward.sh

@@ -31,8 +31,8 @@ fi
 #jasmine
 if [ -z "$(grep "dpt:$port to:$ip" <<< "$remotes")" ]; then
 	echo "dpt" $port
-	sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p tcp --dport $port -j DNAT --to $ip"
-	sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p udp --dport $port -j DNAT --to $ip"
+	sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p tcp ! -s 127.0.0.1/8 --dport $port -j DNAT --to $ip"
+	sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p udp ! -s 127.0.0.1/8 --dport $port -j DNAT --to $ip"
 else
 	echo "remote already forwarded"
 fi

wpfx.sh

@@ -5,12 +5,13 @@ wine=wine
 wpfx=wpfx
 envar=WINEPREFIX
 echo init
-while getopts "123456789gpw" target; do
+while getopts "123456789gpwt" target; do
 	echo "$target, $OPTARG, $OPTIND"
 	case $target in
 		g) wine=/opt/wine-ge-custom/bin/wine;;
 		p) wine=proton-ge; wpfx=pfx; envar=STEAM_COMPAT_DATA_PATH;;
 		w) export DISPLAY=;;
+		t) wine=winetricks;;
 		*) num=$target;;
 	esac
 done