# Copyright (C) 2016 Ian Kelling
# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
+# todo. dunno why, but original bootstrap of timezone is not sticking.
+# fixed manually with:
+# s dpkg-reconfigure tzdata
+
# for bootstrapping a new machine
set -E
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+exec &> >(sudo tee -a /var/log/distro-begin)
+echo "$0: $(date): starting now)"
+
# headless=false # unused atm
recompile=true
# for copying to a new data fs
####### end command line parsing
+if encrypted; then
+ # I tried making a service which was dependent on reboot.target,
+ # but it happened too late in the shutdown process.
+ sudo dd of=/etc/systemd/system/keyscripton.service <<'EOF'
+[Unit]
+Description=Turn on automatic decryption of drives on boot
+# tried using graphical.target, but it made my display manager restart before rebooting.
+# generally, I don't think targets order shutdown like they do startup.
+# So, I did systemd-analyze plot > something.svg, and picked a reliably started
+# service that happens late in the game.
+After=postfix.service
+DefaultDependencies=no
+Conflicts=reboot.target
-if frodo; then
- x=/usr/local/bin/iancryptsetup
- sudo dd of=$x <<'EOF'
-#!/bin/bash -x
-
-# man systemd-cryptsetup-generator
-#man systemd-cryptsetup
-#man systemd-cryptsetup@.service
-
-f=/tmp/iancryptsetup
-ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null \
- -T -i /p/cryptkeyssh/id_rsa ian@treetowl > $f || exit 0
-
-# example of initial setup of a disk
-#disk=/dev/sdg2
-#echo YES|cryptsetup --verbose luksFormat $disk $f
-## copy $f into paste buffer, then enter memorized pass, which we can use
-## This is for the case of ssh not being available
-#cryptsetup --verbose --verify-passphrase luksAddKey $disk
-
-# initial keyfile can be generated like any random pass
-# head -c 200 /dev/urandom | tr -cd '[:alnum:]' | head -c 80 > keyfile
-
-
-data=(
-b1d7f102-c7cd-40a0-bff0-2d498692b5a7 crypta7
-80649f08-1977-441b-ad8f-246931571702 crypt02
-3ae71d1a-dbd5-4cbe-afa2-c7529c0c4d31 crypt31
-bd4bbf8e-35c1-48e5-bb15-106c1b47792b crypt2b
-c061a929-54fe-4a47-939d-c008ba418246 crypt46
-ec709a4b-1ba7-463f-a1cd-841cb40868f0 cryptf0
-b9f2a980-f57c-4c58-9313-055da09d579c crypt9c
-747b9932-aa98-4552-86ab-657d0ccd4fb0 cryptb0
-afb44dd6-28ba-443b-9ca4-34dc2a95a213 crypt13
-)
-for ((i=0; i<${#data[@]}; i+=2)); do
- cryptsetup luksOpen --key-file $f UUID=${data[i]} ${data[i+1]}
-done
-for x in a q /mnt/btrfs_root; do
- mount /$x
-done
-#/a/bin/firefox-link
-exit 0
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecStop=/a/bin/keyscript-on
+
+[Install]
+WantedBy=keyscriptoff.service
EOF
- sudo chmod +x $x
- # todo, it needs to wait for networking
- sudo dd of=/etc/systemd/system/iancrypt.service <<'EOF'
+ sudo systemctl daemon-reload # needed if the file was already there
+ sudo systemctl stop keyscripton.service
+ # sudo systemctl start keyscripton.service
+ sudo systemctl enable keyscripton.service
+
+ sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
[Unit]
-Description=iancrypt
+Description=Turn off automatic decryption of drives on boot
[Service]
Type=oneshot
-ExecStart=/usr/local/bin/iancryptsetup
+ExecStart=/a/bin/keyscript-off
[Install]
WantedBy=multi-user.target
EOF
- sudo systemctl enable iancrypt.service
- sudo systemctl restart iancrypt.service
+ sudo systemctl daemon-reload # needed if the file was already there
+ sudo systemctl enable keyscriptoff.service
+ sudo systemctl start keyscriptoff.service
fi
-
-
if iank-dev; then
desktop=$(ssh root@iankelling.org grep desktop /etc/hosts | grep -o "^.* ")
if $bootstrapfs; then
fi
fi
-# example which will be usefull when redoing desktop
-# if x2; then
-# f=/etc/fstab
-# line='/dev/mapper/fedora-a /a btrfs noatime 0 1'
-# if ! grep -Fxq "$line" $f; then
-# echo "$line" | sudo tee -a $f >/dev/null
-# fi
-# if ! mount | grep -q '^/dev/mapper/fedora-a'; then
-# dir=/a
-# sudo mkdir -p $dir
-# sudo chown ian:ian $dir
-# sudo mount $dir
-# fi
-# fi
-
-# set noatime.
-sudo sed -ri '/noatime/!s/(ext[234]|btrfs)[[:space:]]+/\1 noatime,/' /etc/fstab
-sudo sed -ri '/noatime/s/relatime,?|defaults,?//g' /etc/fstab
-
-
# this script has been designed to be idempotent
# todo, it would be nice to cut down on some of the output
-
# output is below so shellcheck can verify sources
for x in /a/bin/bash-programs-by-ian/repos/{errhandle,tee-unique,lnf}/*-function; do
echo "# shellcheck source=$x";
# link files
-lnf /a/c/* /a/bin ~
-
for x in /a/c/repos/bash/!(.git); do
- lnf "$x" ~
+ for homedir in /home/*; do
+ sudo chown -R ian:ian $homedir
+ lnf "$x" $homedir
+ done
sudo -i <<EOF
source /a/bin/bash-programs-by-ian/repos/lnf/lnf-function
lnf $x /root
if isdebian; then
# add contrib non-free to sources for main
- s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list
+ s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list.d/*
# non-existent var, as Im not planning to use stable right now
if isdebian-stable; then
code=$(debian-codename)
- s dd of=/etc/apt/sources.list.d/mozilla-iceweasel <<EOF
-deb http://mozilla.debian.net/ $code-backports iceweasel-release
-deb-src http://mozilla.debian.net/ $code-backports iceweasel-release
+ s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
+deb http://mozilla.debian.net/ $code-backports firefox-release
+deb-src http://mozilla.debian.net/ $code-backports firefox-release
EOF
# we change the mirror from the default, so we cant use tu
- s dd of=/etc/apt/sources.list.d/main-backports <<EOF
-deb http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
-deb-src http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
+ s dd of=/etc/apt/sources.list.d/main-backports.list <<EOF
+deb http://http.debian.net/debian $code-backports main contrib non-free
+deb-src http://http.debian.net/debian $code-backports main contrib non-free
EOF
p update
# take care of mozilla signing errors in previous command
pi pkg-mozilla-archive-keyring
+ p update
else
:
# this would change stable to testing, but I set that up already.
}
aurpi cower pacaur
- # this creates ~/.gnupg. addgnupghome is broken on arch.
- gpg -k
# for aur, automatically dl & add gpg keys.
# Just the keyserver-options line goes in dirmngr.conf once
# this bug is fixed: https://bugs.gnupg.org/gnupg/issue2147
- teeu ~/.gnupg/gpg.conf <<EOF
-$(grep -o '^ *keyserver .*' ~/.gnupg/dirmngr.conf)
+ for homedir in /home/*; do
+ # this creates ~/.gnupg. addgnupghome is kinda broken on arch.
+ HOME=$homedir gpg -k
+ teeu $homedir/.gnupg/gpg.conf <<EOF
+$(grep -o '^ *keyserver .*' $homedir/.gnupg/dirmngr.conf)
keyserver-options auto-key-retrieve
EOF
+ done
pi pacserve
x=$(mktemp); pacman.conf-insert_pacserve >$x
sudo dd of=/etc/pacman.conf if=$x; rm $x
###### link files ###########
# convenient to just do all file linking in one place
-lnf /a/* ~
s lnf /a/sdx{,d} /
# if it wasn't set already, we could set hostname here
# NOTE: only /a needs to be mounted for creating links!
###########################################
-# todo: this is desktop specific. on work comp, mkdir /p/.editor-backups
# todo: reconcile ~/.ssh/config work/home
+s lnf -T /q/p /p
if has_p; then
lnf -T /p/offlineimap ~/Maildir
lnf -T /p/News ~/News
- s lnf -T /q/p /p
# don't use /* because I don't want to require it to be mounted
s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
- /q/root/.ssh /a/opt \
- /a/c/.emacs.d ~/.unison /root
-
+ /a/opt /a/c/.emacs.d ~/.unison /root
fi
+/a/bin/rootsshsync
+
s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
-if [[ $HOSTNAME == htpc ]]; then
- lnf -T /i/Videos ~/Downloads
-fi
+# machine is going away
+# if [[ $HOSTNAME == htpc ]]; then
+# lnf -T /i/Videos ~/Downloads
+# fi
if has_p; then
# for dovecot
- lnf -T /i/mboxes ~/mail
+ lnf -T /i/k/mboxes ~/mail
fi
# basic needed packages
case $(distro-name) in
debian)
- pi $( isdebian-stable && e -t $code-backports ) iceweasel
+ pi firefox$( isdebian-stable && e /$code-backports )
# for hosts which require nonfree drivers
case $HOSTNAME in
tp|x2) : ;;
pi xorg-server redshift xorg-xinput pkgfile libxtst xmacro
# like apt-cache
s pkgfile --update
+
+ # background:
+ # https://aur.archlinux.org/packages/xkbset/#comment-545419
+ cert=$(mktemp)
+ cat >$cert <<'EOF'
+-----BEGIN CERTIFICATE-----
+MIIJADCCB+igAwIBAgIRAIVAhZ0TMbQ5jTm0koI8X6YwDQYJKoZIhvcNAQELBQAw
+djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
+EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
+FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTUxMjA4MDAwMDAwWhcNMTgxMjA3
+MjM1OTU5WjCBsTELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTY1MjExMREwDwYDVQQI
+EwhNaXNzb3VyaTERMA8GA1UEBxMIQ29sdW1iaWExHzAdBgNVBAkTFjExMDAgQ2Fy
+cmllIEZyYW5ja2UgRHIxHzAdBgNVBAoTFlVuaXZlcnNpdHkgb2YgTWlzc291cmkx
+CzAJBgNVBAsTAk1VMR0wGwYDVQQDExRmYWN1bHR5Lm1pc3NvdXJpLmVkdTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8Kap8hASpxQeqjHibGsCR1PBkh
+nW9p5FkuhGpMW/3ko8QfxH0W1Hq2y2DTFUmq17kH3GfT3h9a7HcmUrC3q15PciOB
+WR3j8u0bDfVppyAZXiHJzYGN7xHiPrZtFEGgwZd28+sW80WXTbGl+zKkmeZguGdH
+AVGeWJEFK44ctLbpjHWCy+xNuhxJuL4olwPoV7WX9IUhceC0rxYQANhLGOJhbchj
+Z76MA8dc2K3CZI5m7VqQwl09QSnCfz00afUr88ny9vj1S5k2ADS46gaE9O0lM6EY
+z/uZvMizXN/4ko+hFBjCSt0Vhxjx0kYDSP15btiwh700ywBEubpvLROmd48CAwEA
+AaOCBUswggVHMB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1Ud
+DgQWBBTTNWrSb+V/Ayy0i8W2LExMUisQMzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
+AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAw
+XjBSBgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5j
+b21tb24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIw
+RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0lu
+Q29tbW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcw
+AoYyaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0Ff
+Mi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wggOg
+BgNVHREEggOXMIIDk4IUZmFjdWx0eS5taXNzb3VyaS5lZHWCGmFkdmlzaW5nLmNv
+YXMubWlzc291cmkuZWR1ghBhaGEubWlzc291cmkuZWR1ghZhbGwtY3JhZnQubWlz
+c291cmkuZWR1gh1hbWVyaWNhbmJhc2tldHJ5Lm1pc3NvdXJpLmVkdYIXYW5kcmVh
+cmlldy5taXNzb3VyaS5lZHWCFWFydGdyYWRzLm1pc3NvdXJpLmVkdYIYYmFja3Vw
+LmNvYXMubWlzc291cmkuZWR1ghBiaWMubWlzc291cmkuZWR1ghZibG9nLmNvYXMu
+bWlzc291cmkuZWR1ghVjb3dhbmxhYi5taXNzb3VyaS5lZHWCFWRhZS5zdGF0Lm1p
+c3NvdXJpLmVkdYIRZGljZS5taXNzb3VyaS5lZHWCIGRpZ2l0YWxzdG9yeXRlbGxp
+bmcubWlzc291cmkuZWR1gg9lYS5taXNzb3VyaS5lZHWCG2Vib29rLWRldi5tYXRo
+Lm1pc3NvdXJpLmVkdYIXZWJvb2suZWNvbi5taXNzb3VyaS5lZHWCGGVuZ2xpc2g4
+MDA2Lm1pc3NvdXJpLmVkdYIZZXVnZW5lZml0c2NoLm1pc3NvdXJpLmVkdYIYZXVy
+b2t1bHR1cmUubWlzc291cmkuZWR1ghNmY2RsYWIubWlzc291cmkuZWR1ghZnZW9t
+dXNldW0ubWlzc291cmkuZWR1ghRoYXJzdGFkLm1pc3NvdXJpLmVkdYITbHVkd2ln
+Lm1pc3NvdXJpLmVkdYIYbWFjaGluZXNob3AubWlzc291cmkuZWR1ghNtYWpvcnMu
+bWlzc291cmkuZWR1ghBtZ2EubWlzc291cmkuZWR1ghdvcmdhbnByaW50Lm1pc3Nv
+dXJpLmVkdYIUcGh5c2ljcy5taXNzb3VyaS5lZHWCFHBtLmNoZW0ubWlzc291cmku
+ZWR1ghxyZWNydWl0aW5nLmVjb24ubWlzc291cmkuZWR1ghdyZXBlYy5lY29uLm1p
+c3NvdXJpLmVkdYIUc2NhbmxhYi5taXNzb3VyaS5lZHWCFnNzc2MuY29hcy5taXNz
+b3VyaS5lZHWCF3RlYWNoLmNvYXMubWlzc291cmkuZWR1ghd0b3B0ZWFjaGVyLm1p
+c3NvdXJpLmVkdYIQdnNmLm1pc3NvdXJpLmVkdYIid2hpdGVwYXBlci5ncmFkc2No
+b29sLm1pc3NvdXJpLmVkdTANBgkqhkiG9w0BAQsFAAOCAQEAQutYVAqG7MpmG2Nu
+Z/UypjYkN4JvwRbKBpTrce2IT/Sy29x6chBbyD+0WE6QORBtaUHuzE1KoXqpnF4M
+QrkKw0oBAC6x9dISoomq0DkIndtoBYYLaxSoII6F4OGWgF7pQ/7MiCBYzsKQpn9t
+aofMcTfvnCjq+MCIaeYnUKBVww0lOJlUxZGKxFJvRpf78HfbBauojjRO2zXLZD/u
+KMspbTfDaj5etIgWGShY2eml3N/SjAENmZYkcgDBYFyi8CckcEBAVzpH1+D+7Anz
+txHSYDNHAYLv83MwbegApa1FwPqlG/4SdEU8G6e6Xf5GLC/6GPGVTUpr7o348OOO
+lzGQzw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
+MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
+DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
+xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
+HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
+iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
+qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
+eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
+fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
+MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
+EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
+hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
+dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
+dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
+cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
+hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
+11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
++Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
+5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
+hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
+RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
+Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
+eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
+nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
+oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
+OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
+MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
+3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
+tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
+Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
+VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
+79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
+c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
+Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
+c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
+UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
+Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
+Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
+VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
+ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
+8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
+iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
+Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
+XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
+qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
+VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
+L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
+jjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+EOF
+ cat /etc/ssl/certs/ca-certificates.crt >> $cert
+ CURL_CA_BUNDLE=$cert pi xkbset
+
+ ;;&
+ ubuntu|debian|fedora)
+ pi xkbset
;;&
esac
-pi xbindkeys xkbset cryptsetup unison
+
+pi xbindkeys cryptsetup
pi lvm2
# enables trim for volume delete, other rare commands.
sudo systemctl enable fstrim.timer
fi
-if has_p; then
- # relatime is default, but it still significantly increases writes
- # in comparison because it writes on the first read after each
- # write.
- #
- dirs=(/i /mnt/{1,2,3,4,5,6,7,8,9})
- if ! frodo; then
- dirs+=(/q)
- fi
- s mkdir -p "${dirs[@]}"
- s chown ian:ian "${dirs[@]}"
- # ssh and probably some other things care about parent directory
- # ownership, and ssh doesn\'t allow any group writable parent
- # directories, so we are forced to use a directory structure similar
- # to home directories
- s chown root:ian /q
- s chmod 755 /q
-
- if treetowl; then
- # get uuids from blkid and lvdisplay
- # at times Ive done this through the installer. not anymore
- tu /etc/fstab<<'EOF'
-/dev/mapper/cswap1 none swap sw 0 0
-/dev/mapper/q /q ext4 noatime 0 2
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs noatime 0 2
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /mnt/btrfs_root btrfs noatime,subvolid=0 0 2
+dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
+s mkdir -p "${dirs[@]}"
+s chown ian:ian "${dirs[@]}"
+
+if [[ $HOSTNAME == treetowl ]]; then
+ tu /etc/fstab <<'EOF'
+UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs noatime 0 2
EOF
- s mkdir -p /mnt/btrfs_root
- s dd of=/etc/crypttab <<'EOF'
-# i used to use UUID=<uuid> from cryptsetup luksUUID /dev/mapper/ianvg1-q
-# however, it doesn't work for lvm volumes when opening on the command line,
-# So, just using the thing which works both ways.
-q /dev/mapper/vg_treetowl00-lv01 none luks,discard,noauto
-# based on cryptsetup's README.Debian, and FAQ
-cswap1 /dev/mapper/vg_treetowl00-lv00 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,discard,noearly
+else
+ tu /etc/fstab <<'EOF'
+/q/i /i none bind 0 0
EOF
- s chmod 600 /etc/crypttab
-
- s systemctl daemon-reload
- s systemctl restart systemd-cryptsetup@q.service
- s mount /q
-
- s systemctl restart systemd-cryptsetup@cswap1.service
- # old ways:
- # s update-rc.d cryptdisks enable
-
- # misc notes about when messing around with jessie:
- # # this was useful on debian jessie:
- # systemd-tty-ask-password-agent --query
- # according to the broadcast message
- # jessie also still had /etc/init.d/cryptdisks,
- # which seemed to work only with reload, and it seems deprecated
- # and cryptdisks_start q, also prolly deprecated
-
- fi
-
+fi
+tu /etc/fstab <<'EOF'
+/i/w /w none bind 0 0
+/i/k /k none bind 0 0
+EOF
+if ! mountpoint /kfrodo; then
+ s mkdir -p /kfrodo
+ s chown ian:traci /kfrodo
fi
+if [[ $HOSTNAME == frodo ]]; then
+ tu /etc/fstab <<'EOF'
+/k /kfrodo none bind 0 0
+EOF
+else
+ tu /etc/fstab <<'EOF'
+frodo:/k /kfrodo nfs defaults 0 0
+EOF
+fi
+
+for dir in /{i,w,k}; do
+ if mountpoint $dir; then continue; fi
+ s mkdir -p $dir
+ s chown ian:ian $dir
+ s mount $dir
+done
+# ssh and probably some other things care about parent directory
+# ownership, and ssh doesn\'t allow any group writable parent
+# directories, so we are forced to use a directory structure similar
+# to home directories
+s chown root:ian /q
+s chmod 755 /q
-# exptected directory for .editor-backups
-if ! has_p; then
- s lnf /a/p /
-fi
/a/bin/conflink
+# propogate /etc/udev/hwdb.d
+s systemd-hwdb update
+ser restart systemd-udev-trigger
# work desktop doesnt need gpg stuff, but it doesnt hurt
s dd of=/etc/profile.d/environment.sh <<'EOF'
if isarch; then
# install so it's build dependencies don't get removed.
- x=$(mktemp -d)
- pushd $x
- aurex emacs-git
- makepkg -si --noconfirm
- popd
- rm -rf $x
+
+ # emacs git build is currently broken
+ if false; then
+ x=$(mktemp -d)
+ pushd $x
+ aurex emacs-git
+ makepkg -si --noconfirm
+ popd
+ rm -rf $x
+ else
+ pi emacs
+ fi
+ pi hunspell hunspell-en
else
# to disable emacs git build,
# s apt-get install emacs
if $recompile; then
- /a/bin/buildscripts/emacs
+ /a/bin/buildscripts/emacs -u
else
/a/bin/buildscripts/emacs -r
fi
cabal update
PATH="$PATH:$HOME/.cabal/bin"
-# trying out the distro's versions newer distros
-if isdebian-stable || isubuntu; then
- # todo: on ubuntu 12.04, needed to install zlib1g-dev
- cabal install cabal-install
- pu cabal-install
- # just guessed at this after getting /bin/ld cannot find -lHSmtl or something
- t ~/.ghc
-
-
- cabal update
- # todo, work machine required some packages libx11-dev libxrandr-dev libxft2-dev
- cabal install xmonad
- cabal install xmonad-contrib
- # work machine:
- # pi tasksel. select openssh server, basic server, large font selection
-
- #http://comments.gmane.org/gmane.comp.lang.haskell.xmonad/13871
- cat <<'EOF'
-manual steps required:
-xfce, "Session and Startup" > "Application Autostart"
-Add
-Name: xmonad
-Description: xmonad --replace
-Command: delayed-xmonad
-EOF
+# todo, on older ubuntu I used cabal xmonad + xfce,
+# see /a/bin/old-unused/xmonad-cabal.sh
+# trying out the distro's versions newer distros
+pi xmonad
+if isarch; then
+ # for displaying error messages.
+ # optional dependency in arch, standard elsewhere.
+ pi xorg-xmessage xmonad-contrib xorg-xsetroot xorg-xinit
+
+ # https://wiki.archlinux.org/index.php/Xinitrc
+ for homedir in /home/*; do
+ cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
+ sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
+ echo "source /a/bin/xinitrc" | tee -a $homedir/.xinitrc
+ done
else
- pi xmonad
- if isarch; then
- # for displaying error messages.
- # optional dependency in arch, standard elsewhere.
- pi xorg-xmessage xmonad-contrib xorg-xsetroot xorg-xinit
-
- # https://wiki.archlinux.org/index.php/Xinitrc
- cp /etc/X11/xinit/xinitrc ~/.xinitrc
- sed -ri '/^ *twm\b/,$d' ~/.xinitrc
- echo "source /a/bin/xinitrc" >> ~/.xinitrc
- else
- pi suckless-tools
- fi
+ pi suckless-tools
fi
pi dmenu
if isdeb && (tp || x2); then
pi task-laptop
fi
+
+sudo chown -R traci:traci /home/traci
+echo "$0: $(date): ending now"
iankelling.org / git / distro-setup / blobdiff