3 # this is from distro-end
7 # based on https://wiki.debian.org/SecuringNFS
8 # but the quota stuff is either outdated or optional,
9 # i guessed that it was not needed and it worked fine.
10 s
dd of
=/etc
/sysctl.d
/nfs-static-ports.conf
<<'EOF'
11 fs.nfs.nfs_callback_tcpport = 32764
12 fs.nfs.nlm_tcpport = 32768
13 fs.nfs.nlm_udpport = 32768
16 s
$sed -ri -f - /etc
/default
/nfs-common
<<'EOF'
18 $a STATDOPTS="--port 32765 --outgoing-port 32766"
21 s
$sed -ri -f - /etc
/default
/nfs-kernel-server
<<'EOF'
23 $a RPCMOUNTDOPTS="--manage-gids --port 32767"
25 ser restart nfs-kernel-server
27 if [[ $HOSTNAME == kd
]]; then
28 # persistent one time steps for webdav:
29 # create persistent password, put it in ~/.kodi/userdata/advancedsettings.xml,
30 # per http://kodi.wiki/view/MySQL/Sync_other_parts_of_Kodi
31 # htpasswd -c /p/c/filesystem/etc/davpass dav
32 # chmod 640 /p/c/filesystem/etc/davpass
33 # in conflink, set group to www-data.
34 # In kodi, i set the music source, server address: my domain,
35 # path: k/music. Then copied the file
36 # /p/c/subdir_files/.kodi/userdata/sources.xml to save that setting.
38 web-conf
-r /a
/c
/playlists
- apache2 dav.
$HOME_DOMAIN <<'EOF'
39 <Directory /a/c/playlists>
42 AuthName "Authentication Required"
43 AuthUserFile "/etc/davpass"
46 # outside the standard /var/www, so use this:
51 s mkdir
-p /var
/www
/davlock
52 s chown www-data
:www-data
/var
/www
/davlock
53 s
sed -i "1i DavLockDB /var/www/davlock/davlock" /etc
/apache
2/sites-enabled
/dav.
$HOME_DOMAIN.conf
56 teeu
/etc
/exports
"/k/music *(ro,nohide,async,no_subtree_check,insecure)"
59 # kodi uses sqlite by default, but supports mysql.
62 # see ofswiki.org for explanation.
63 dbpass
="$(cat /p/mysql-root-pass)"
64 if ! echo exit|mysql
-uroot "-p$dbpass"; then
65 echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
67 mysql
-uroot "-p$dbpass" <<EOF
68 GRANT ALL PRIVILEGES ON *.* TO 'kodi' IDENTIFIED BY '$(</p/mysql-kodi-pass)';
70 s
sed -ri 's/^(\s*bind-address\s*=).*/\1 0.0.0.0/' /etc
/mysql
/mariadb.conf.d
/50-server.cnf