distro=$(distro-name)
case $distro in
ubuntu|debian|trisquel)
- sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
+ sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/IANK/11-iank"
;;
*)
sudo bash -c ". /a/bin/fai/fai-wrapper &&
/^127\.0\.1\.1/d
EOF
-if bitfolk; then
- sudo systemctl disable systemd-networkd
-fi
-
##### exit first stage if running as root
if [[ $EUID == 0 ]]; then
+ if [[ ! -e /home/iank/.ssh/authorized_keys && ! -L /home/iank/.ssh/authorized_keys ]]; then
+ sudo -u iank mkdir -p /home/iank/.ssh
+ chmod 0700 /home/iank/.ssh
+ sudo -u iank ln -sf /p/c/machine_specific/vps/subdir_files/.ssh/authorized_keys /home/iank/.ssh
+ fi
echo "$0: running as root. exiting now that users are setup"
exit 0
fi
if vps; then
pi-nostart bind9
fi
+if bitfolk; then
+ pi-nostart unbound
+fi
# this needs to be before installing pacserve so we have gpg conf.
conflink
rootsshsync
sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' $f
fi
case $HOSTNAME in
- bk)
+ bk|je)
+ # je should be able to get along systemd-resolved, but ive had some odd
+ # very intermittent dns failures with spamassassin, it seems it might only
+ # be happening with systemd-resolved, so just use unbound
+ # to make it consistent with the other hosts.
sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf
+ soff systemd-resolved
+ sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
+ sgo unbound
+ # cautious measure to make sure resolution is working
+ sleep 1
;;
*)
# default is
;;
esac
+case $HOSTNAME in
+ bk)
+ sgo named
+ ;;
+esac
+
+
+lines=(
+ "/etc/resolved-nsswitch/nsswitch.conf r,"
+ "/etc/basic-nsswitch/nsswitch.conf r,"
+ # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+ # I dont know if this is quite the right fix, but I saw other sockets
+ # in the nameservice files that were rw, so figured it was ok to add this and it worked.
+ "/run/systemd/resolve/io.systemd.Resolve rw,"
+)
f=/etc/apparmor.d/abstractions/nameservice
-if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then
- sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f
- sudo sed -i '/\/etc\/nsswitch.conf/a /etc/basic-nsswitch/nsswitch.conf r,' $f
- if sytemctl is-enabled apparmor; then
+apparmor_reload=false
+if [[ -e $f ]]; then
+ for l in "${lines[@]}"; do
+ if ! grep -qF "$l" $f; then
+ sudo sed -i "/\/nsswitch.conf/a $l" $f
+ apparmor_reload=true
+ if ! grep -qF "$l" $f; then
+ echo "$0: failed editing $f. investigate"
+ exit 1
+ fi
+ fi
+ done
+ if $apparmor_reload && systemctl is-enabled apparmor; then
m ser reload apparmor
fi
fi
sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts
fi
-# firefox exists but is 2 versions outdated
+if isdeb && [[ $(debian-codename) == aramo ]]; then
+ sudo dd of=/etc/apt/preferences.d/aramo-jammy-missing <<'EOF'
+Package: linux-libc-dev libmysqlclient21
+Pin: release n=jammy,o=Ubuntu
+Pin-Priority: 500
+EOF
+fi
+
+# libfdk just has some patent worries.
+# https://www.gnu.org/licenses/license-list.en.html#fdk
if isdeb && [[ $(debian-codename) == nabia ]]; then
sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF'
-Package: unrar-free firefox libfdk-aac1 ansible
+Package: libfdk-aac1
Pin: release n=focal,o=Ubuntu
Pin-Priority: 500
EOF
Pin-Priority: -100
EOF
-
fi
######## fix evbug bug ######
case $(debian-codename-compat) in
- xenial|bionic|focal)
+ xenial|bionic|focal|jammy)
# noticed in flidas. dunno if it affects any others
#https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
#https://wiki.debian.org/KernelModuleBlacklisting
/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0
EOF
if ! mountpoint /d &>/dev/null; then
- sudo mkdir /d
+ sudo mkdir -p /d
if [[ -d /mnt/r7/d ]]; then
sudo mount /d
fi
;;
esac
-
+if bitfolk; then
+ sudo systemctl disable systemd-networkd
+fi
##### setup email
primary-setup
else
if $recompile; then
/a/bin/buildscripts/emacs
+ /a/bin/buildscripts/mu4e
else
/a/bin/buildscripts/emacs --no-r
+ /a/bin/buildscripts/mu4e --no-r
fi
fi
# the first pup command can kill off our /etc/ mod, so rerun this