+ ############### !!!!!!!!!!!!!!!!!
+ ############### manual steps:
+
+ # only following a few people atm, so not bothering to figure out backups
+ # when mastodon has not documented it at all.
+ #
+ # fsf@status.fsf.org
+ # cwebber@toot.cat
+ # dbd@status.fsf.org
+ # johns@status.fsf.org
+
+ # sign in page is at https://mast.iankelling.org/auth/sign_in
+ # register as iank, then
+ # https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Administration-guide.md
+ # docker-compose run --rm web bundle exec rails mastodon:make_admin USERNAME=iank
+
+ ############# end setup mastodon ##############
+
+ # we use nsupdate to update the ip of home
+ pi bind9
+
+ pi znc
+ # znc config generated by doing
+ # znc --makeconf
+ # selected port is also used in erc config
+ # comma separated channel list worked.
+ # while figuring things out, running znc -D for debug in foreground.
+ # to exit and save config:
+ # /msg *status shutdown
+ # configed auth on freenode by following
+ # https://wiki.znc.in/Sasl:
+ # /msg *sasl RequireAuth yes
+ # /msg *sasl Mechanism PLAIN
+ # /msg *sasl Set ident_name password
+ # created the system service after, and had to do
+ # mv /home/iank/.znc/* /var/lib/znc
+ # sed -i 's,/home/iank/.znc/,/var/lib/znc,' /var/lib/znc/config/znc.conf
+ # and made a copy of the config files into /p/c
+ # /msg *status LoadMod --type=global log -sanitize
+ # to get into the web interface,
+ # cat /etc/letsencrypt/live/iankelling.org/{privkey,cert,chain}.pem > /var/lib/znc/znc.pem
+ # then use non-main browser or else it doesn't allow it based on ocsp stapling from my main site.
+ # https://iankelling.org:12533/
+ # i'm going to figure out how to automate this when it expires. i know i can hook a script into the renewal. https://wiki.znc.in/FAQ seems to imply that znc doesn\'t need restart.
+ # todo: in config file AllowWeb = true should be false. better security if that is off unless we need it.
+ # /msg *status LoadMod --type=network perform
+ # /msg *perform add PRIVMSG ChanServ :invite #fsf-office
+ # /msg *perform add JOIN #fsf-office
+ #
+ # i set Buffer = 500
+ # also ran /znc LoadMod clearbufferonmsg
+ # it would be nice if erc supported erc query buffers by doing
+ # /msg *status clearbuffer <name of the query/receiver
+ # on killing the,
+ # an example seems to be here: https://github.com/zenspider/elisp/blob/master/rwd-irc.el
+ # if that was the case i could remove the module clearbufferonmsg
+ # alo would be nice if erc supported
+ # https://wiki.znc.in/self-message
+ # https://wiki.znc.in/Query_buffers \
+ #
+ s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
+ chmod 700 /var/lib/znc
+ s chown -R znc:znc /var/lib/znc
+ s dd of=/etc/systemd/system/znc.service 2>/dev/null <<'EOF'
+[Unit]
+Description=ZNC, an advanced IRC bouncer
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
+User=znc
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ ser daemon-reload
+ sgo znc
+
+ echo "$0: $(date): ending now)"
+ exit 0
+ ;;
+esac
+
+########### end section including li/lj ###############
+
+
+case $(debian-codename) in
+ # needed for debootstrap scripts for fai since fai requires debian
+ flidas)
+ curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
+ s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
+Package: *
+Pin: release a=xenial
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-security
+Pin-Priority: -100
+EOF
+ s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ xenial main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
+EOF
+
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
+Package: *
+Pin: release a=bionic
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-security
+Pin-Priority: -100
+EOF
+
+ # better to run btrfs-progs which matches our kernel version
+ # (note, renamed from btrfs-tools)
+ s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
+Package: btrfs-progs libzstd1
+Pin: release a=bionic
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-updates
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-security
+Pin-Priority: 1005
+EOF
+
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ bionic main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
+EOF
+ f=/etc/apt/sources.list.d/bionic.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi