#!/bin/bash -l
# Copyright (C) 2016 Ian Kelling
-
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-
+#
# http://www.apache.org/licenses/LICENSE-2.0
-
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# limitations under the License.
-# todo. dunno why, but original bootstrap of timezone is not sticking.
-# fixed manually with:
-# s dpkg-reconfigure tzdata
-# enter 12 then 11.
# for bootstrapping a new machine
-# to make ssh interactive shell run better, first run this:
+# in case we need it,
+# to make ssh interactive shell run better, we run this first.
sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
fi
fi
-interactive=false # set this to true if running by hand in emacs
+interactive=true # set this to false to force set -x
[[ $- == *i* ]] || interactive=false
if ! $interactive; then
bootstrapfs=false # old flag, needs new look before using.
while [[ $1 == -* ]]; do
case $1 in
- # avoid some of the longer compilation steps,
- # when we need to rerun because we had an error
-r) recompile=true; shift ;;
esac
done
for f in iank-dev htpc treetowl x2 frodo tp li lj demohost; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
-has_p() { iank-dev || x2 || frodo || tp; }
-has_x() { ! { lj || li || demohost; }; }
+has_p() { treetowl || x2 || frodo || tp || demohost; }
+has_x() { ! linode; }
linode() { lj || li; }
+has_btrfs() { ! linode; }
+home_network() { ! linode; }
encrypted() { has_p; }
shopt -s extglob
####### end command line parsing
PATH="/a/exe:$PATH"
+sed="sed --follow-symlinks"
+
+##### begin setup encryption scripts ######
if encrypted; then
# I tried making a service which was dependent on reboot.target,
# but it happened too late in the shutdown process.
# generally, I don't think targets order shutdown like they do startup.
# So, I did systemd-analyze plot > something.svg, and picked a reliably started
# service that happens late in the game.
-After=postfix.service
+After=ntp.service
DefaultDependencies=no
# not sure if needed, makes sure we shut down before reboot.target
Conflicts=reboot.target
sudo systemctl enable keyscriptoff.service
sudo systemctl start keyscriptoff.service
fi
+##### end setup encryption scripts ######
install-myqueue
-if iank-dev; then
- desktop=DESKTOP_DOMAIN # TODO, broken. rethink this next time it's used
- if $bootstrapfs; then
- # TODO: broken. need to copy files in this directory too, probably rethink this.
- cp="scp $desktop:"
- # for moving to a new hd, change $cp to move between filesystems
- mkdir -p /a/bin
- chown -R ian:ian /a # probably needs to be removed
- $cp/a/c /a
- echo -e \\n\\n\\n | ssh-keygen -t rsa
- fi
-fi
-
# this script has been designed to be idempotent
# todo, it would be nice to cut down on some of the output
set +x
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
-echo path:$PATH
-
if isfedora; then
# comment out line disallowing calling sudo in scripts
- sudo sed -i --follow-symlinks 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+ sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
# turn on magic sysrq commands for this boot cycle
echo 1 > sudo dd of=/proc/sys/kernel/sysrq
# selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
# and you have no idea why.
- sudo sed -i --follow-symlinks 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+ sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
selinuxenabled && sudo setenforce 0
fi
esac
if linode; then
- sudo sed -i '/^127\.0\.1\.1/d' /etc/hosts
+ sudo $sed -i '/^127\.0\.1\.1/d' /etc/hosts
echo "127.0.1.1 $HOSTNAME.lan $HOSTNAME" | sudo tee -a /etc/hosts
fi
fi
-# link files
-
-lnf-home() {
- # $2 and opts are unused so far.
- opts=()
- while [[ $1 == -* ]]; do
- opts+=($1)
- shift
- done
- lnf ${opts[@]} "$1" /home/ian/$2
+#### begin link bashrc repo for all users ######
+for x in /a/c/repos/bash/!(.git|..|.); do
+ lnf "$x" /home/ian
sudo -u traci -i <<EOF
PATH="/a/exe:$PATH"
-lnf ${opts[@]} "$1" /home/traci/$2
+lnf "$x" /home/traci
EOF
-}
-
-for x in /a/c/repos/bash/!(.git); do
- lnf-home "$x"
sudo -i <<EOF
PATH="/a/exe:$PATH"
lnf $x /root
EOF
done
+#### end link bashrc repo for all users ######
-echo path:$PATH
set +x
errallow
source ~/.bashrc
-echo path:$PATH
$interactive || errcatch
$interactive || set -x
isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
+# this needs to be before installing pacserve so we have gpg conf.
+conflink
if isdebian; then
codename=$(debian-codename)
fi
fi
-s lnf -T /q/p /p
-# this needs to be before installing pacserve so we have gpg conf.
-conflink
-
if isarch; then
#https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages
sudo pacman -S --noconfirm --needed base-devel jq
if isdebian-stable; then
pi firefox/$codename-backports
else
- # for a while, firefox/unstable had all it\'s deps satisfied
- # by testing packages, but now i hit a conflict,
- # it wanted a newer libfontconfig1, but emacs build-deps
- # wanted an older one. Oh well, they seem to release
- # a new esr version every 9 months or so.
- pi firefox-esr
+ # for a while, firefox/unstable did not have
+ # dependencies satisfied by testing packages, and i hit
+ # a conflict, it wanted a newer libfontconfig1, but
+ # emacs build-deps wanted an older one. In this case,
+ # I switch to using firefox-esr. note: They seem
+ # to release a new esr version every 9 months or so.
+ pi firefox/unstable
fi
fi
# for hosts which require nonfree drivers
pi xkbset
else
# xkbset was in testing for quite a while, dunno
- # why it's not anymore. Sometime I should check and
- # see if it's back in testing, but the unstable package
- # doesn't upgrade anything form testing, and it's tiny
- # so I'm not bothering to automate it.
+ # why it\'s not anymore. Sometime I should check and
+ # see if it\'s back in testing, but the unstable package
+ # doesn\'t upgrade anything form testing, and it\'s tiny
+ # so I\'m not bothering to automate it.
pi xkbset/unstable
-fi
-fi
-;;&
+ fi
+ fi
+ ;;&
esac
if has_x; then
fi
pi cryptsetup lvm2
# enables trim for volume delete, other rare commands.
-sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+sudo $sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
if encrypted; then
if isdeb; then
s mkdir -p "${dirs[@]}"
s chown ian:ian "${dirs[@]}"
-if [[ $HOSTNAME == treetowl ]]; then
- tu /etc/fstab <<'EOF'
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs noatime 0 2
-EOF
-else
- tu /etc/fstab <<'EOF'
-/q/i /i none bind 0 0
-EOF
-fi
tu /etc/fstab <<'EOF'
-/i/w /w none bind 0 0
-/i/k /k none bind 0 0
+/i/w /w none bind,noauto 0 0
+/i/k /k none bind,noauto 0 0
EOF
-if ! mountpoint /kfrodo; then
- s mkdir -p /kfrodo
- s chown ian:traci /kfrodo
+
+if ! mountpoint /kr; then
+ s mkdir -p /kr
+ s chown ian:traci /kr
fi
-if [[ $HOSTNAME == frodo ]]; then
- tu /etc/fstab <<'EOF'
-/k /kfrodo none bind 0 0
+
+if home_network; then
+ if [[ $HOSTNAME == treetowl ]]; then
+ tu /etc/fstab <<'EOF'
+/k /kr none bind,noauto 0 0
EOF
-else
- tu /etc/fstab <<'EOF'
-frodo:/k /kfrodo nfs defaults 0 0
+ else
+ tu /etc/fstab <<'EOF'
+treetowl:/k /kr nfs noauto 0 0
EOF
+ fi
fi
s mkdir -p /q/i/{w,k}
for dir in /{i,w,k}; do
- if mountpoint $dir; then continue; fi
+ if mountpoint $dir; then continue; fi # already mounted
s mkdir -p $dir
s chown ian:ian $dir
- s mount $dir
done
+# not needed for all hosts, but rather just keep it uniform
+s mkdir -p /mnt/iroot
+
+# debian auto mounting of multi-disk encrypted btrfs is busted. It is
+# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
+# based on 3 of those, it creates .device units for /dev/mapper/dev...
+# then waits endlessly for them on bootup, after the /dev/mapper disks
+# have already been created and exist. todo: create a simple repro
+# for this in a vm and report it upstream.
+s dd of=/root/imount <<'EOF'
+#!/bin/bash
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+for dir in /i /mnt/iroot /w /k /kr; do
+ if ! mountpoint $dir &>/dev/null && \
+ awk '{print $2}' /etc/fstab | grep -xFq $dir; then
+ mount $dir
+ fi
+done
+EOF
+s chmod +x /root/imount
+
+s dd of=/etc/systemd/system/imount.service <<'EOF'
+[Unit]
+Description=Mount /i and related mountpoints
+
+[Service]
+Type=oneshot
+ExecStart=/root/imount
+
+[Install]
+WantedBy=multi-user.target
+EOF
+sudo systemctl daemon-reload # needed if the file was already there
+sudo systemctl enable imount.service
+sudo systemctl start imount.service
+
+
+dir=/nocow
+if ! mountpoint $dir; then
+ subvol=/mnt/root/nocow
+ if [[ ! -e $subvol ]]; then
+ s btrfs subvolume create $subvol
+ s chown root:1000 $subvol
+ s chattr +C $subvol
+ fi
+
+ first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+ tu /etc/fstab <<EOF
+$first_root_crypt /nocow btrfs noatime,subvol=nocow 0 0
+EOF
+ s mkdir -p $dir
+ s chown ian:ian $dir
+ s mount $dir
+fi
+
# ssh and probably some other things care about parent directory
# ownership, and ssh doesn\'t allow any group writable parent
EOF
+if isdeb; then
+ # I've had problems with postfix on debian:
+ # on stretch, a startup ordering issue caused all mail to fail.
+ # postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
+ # exim4 is default on debian, so I assume it would
+ # be packaged better to avoid these types of things.
+ # I haven't gotten around to getting a non-debian exim
+ # setup.
+ mail-setup exim4
+ else
+ mail-setup postfix
+fi
-postfix-setup
+ if isubuntu; then
+ # disable crash report annoying crap
+ s dd of=/etc/default/apport <<<'enabled=0'
+ fi
+
+# fai sets this an old way that doesn't work for stretch.
+# no harm in setting it universally here.
+# using debconf-set-selection, the area gets reset to ETC
+# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
+# so we are using expect :(
+s apt-get -y install --no-install-recommends expect
+s expect <<EOF
+set force_conservative 0
+spawn dpkg-reconfigure tzdata -freadline
+expect -nocase timeout {exit 1} "Geographic area:"
+send "12\r"
+expect -nocase timeout {exit 1} "Time zone:"
+send "11\r"
+expect eof
+exit
+EOF
-if isubuntu; then
- # disable crash report annoying crap
- s dd of=/etc/default/apport <<<'enabled=0'
-fi
if has_x; then
if isarch; then
fi
pi hunspell hunspell-en
else
- # to disable emacs git build,
- # s apt-get install emacs
if $recompile; then
- /a/bin/buildscripts/emacs -u
+ /a/bin/buildscripts/emacs
else
- /a/bin/buildscripts/emacs -r
+ /a/bin/buildscripts/emacs --no-r || /a/bin/buildscripts/emacs
fi
fi
# https://wiki.archlinux.org/index.php/Xinitrc
for homedir in /home/*; do
cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
- sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
+ $sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
tee -a $homedir/.xinitrc <<'EOF'
/a/bin/desktop-20-autostart.sh
xsetroot -cursor_name left_ptr
fi
fi
-# the first pup command can kill off our /etc/
-/a/bin/ssh-emacs-setup
+# the first pup command can kill off our /etc/ mod, so rerun this
+/a/exe/ssh-emacs-setup
echo "$0: $(date): ending now"
iankelling.org / git / distro-setup / blobdiff