# in case we need it,
# to make ssh interactive shell run better, we run this first.
-sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
+sudo bash -c 'source /a/c/.bashrc && source /a/exe/ssh-emacs-setup'
# usage: $0 [-r] HOSTNAME
sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
# turn on magic sysrq commands for this boot cycle
echo 1 > sudo dd of=/proc/sys/kernel/sysrq
+ echo "kernel.sysrq = 1" > /etc/sysctl.d/90-sysrq.conf
# selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
# and you have no idea why.
sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
# already ran for pxe installs, but used for vps & updates
distro=$(distro-name)
case $distro in
- ubuntu|debian)
+ ubuntu|debian|trisquel)
sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-ian"
;;
*)
if linode; then
sudo $sed -i '/^127\.0\.1\.1/d' /etc/hosts
- echo "127.0.1.1 $HOSTNAME.lan $HOSTNAME" | sudo tee -a /etc/hosts
+ echo "127.0.1.1 $HOSTNAME.b8.nz $HOSTNAME" | sudo tee -a /etc/hosts
fi
fi
-#### begin link bashrc repo for all users ######
-for x in /a/c/repos/bash/!(.git|..|.); do
- lnf "$x" /home/ian
- sudo -u traci -i <<EOF
-PATH="/a/exe:$PATH"
-lnf "$x" /home/traci
-EOF
+#### begin link bashrc for root ######
+for x in /a/c/{.bashrc,brc,.bash_profile,.profile,.inputrc,path_add_function}; do
sudo -i <<EOF
PATH="/a/exe:$PATH"
lnf $x /root
EOF
done
-#### end link bashrc repo for all users ######
-
+#### end link bashrc repo for root ######
+# this needs to be before installing pacserve so we have gpg conf.
+conflink
set +x
errallow
+source /etc/profile.d/environment.sh
source ~/.bashrc
$interactive || errcatch
$interactive || set -x
tu /etc/sudoers <<'EOF'
ian ALL=(ALL) NOPASSWD: ALL
Defaults env_keep += SUDOD
+# makes ubuntu be like debian
+# https://unix.stackexchange.com/a/91572
+Defaults always_set_home
EOF
isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
-# this needs to be before installing pacserve so we have gpg conf.
-conflink
-
-if isdebian; then
- codename=$(debian-codename)
+if isdeb; then
if isdebian-stable && has_x; then
+ codename=$(debian-codename)
s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
deb http://mozilla.debian.net/ $codename-backports firefox-release
deb-src http://mozilla.debian.net/ $codename-backports firefox-release
s lnf -T /a/bin /b
+s lnf -T /nocow/t /t
if has_p; then
- lnf -T /p/offlineimap ~/Maildir
lnf -T /p/News ~/News
- # don't use /* because I don't want to require it to be mounted
fi
s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
rootsshsync
-s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
+s lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
# machine is going away
# if [[ $HOSTNAME == htpc ]]; then
# I switch to using firefox-esr. note: They seem
# to release a new esr version every 9 months or so.
pi firefox/unstable
+ s dd of=/etc/apt/preferences.d/firefox <<'EOF'
+Package: firefox
+Pin: release a=unstable
+Pin-Priority: 500
+EOF
fi
fi
# for hosts which require nonfree drivers
pi $p
fi
;;&
- ubuntu|debian)
+ trisquel|ubuntu|debian)
if has_x; then
- if isdebian-stable; then
- pi xmacro
- else
+ if isdebian-testing; then
pi xmacro/unstable # has no unstable deps
+ else
+ pi xmacro
fi
pi gtk-redshift xinput
fi
fi
;;&
- ubuntu|debian|fedora)
+ ubuntu|trisquel|debian|fedora)
if has_x; then
- if isdebian-stable; then
- pi xkbset
- else
+ if isdebian-testing; then
# xkbset was in testing for quite a while, dunno
# why it\'s not anymore. Sometime I should check and
# see if it\'s back in testing, but the unstable package
# doesn\'t upgrade anything form testing, and it\'s tiny
# so I\'m not bothering to automate it.
pi xkbset/unstable
+ else
+ pi xkbset
fi
fi
;;&
# then waits endlessly for them on bootup, after the /dev/mapper disks
# have already been created and exist. todo: create a simple repro
# for this in a vm and report it upstream.
-pi nfs-common
-s dd of=/root/imount <<'EOF'
+if has_btrfs || home_network; then
+ pi nfs-common
+ s dd of=/root/imount <<'EOF'
#!/bin/bash
[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-for dir in /i /mnt/iroot /w /k /kr; do
+for dir in /i /mnt/iroot /k /kr /w; do
if ! mountpoint $dir &>/dev/null && \
awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
fi
done
EOF
-s chmod +x /root/imount
+ s chmod +x /root/imount
-s dd of=/etc/systemd/system/imount.service <<'EOF'
+ s dd of=/etc/systemd/system/imount.service <<'EOF'
[Unit]
Description=Mount /i and related mountpoints
+Before=syncthing@ian.service
[Service]
Type=oneshot
ExecStart=/root/imount
[Install]
+RequiredBy=syncthing@ian.service
+# note /kr needs networking, this target is the simplest way to
+# time it when the network should be up, but not do something
+# dumb like delay startup until the network is up. It happens
+# at some time after network.target
WantedBy=multi-user.target
EOF
-sudo systemctl daemon-reload # needed if the file was already there
-sudo systemctl enable imount.service
-sudo systemctl start imount.service
-
+ sudo systemctl daemon-reload # needed if the file was already there
+ sudo systemctl enable imount.service
+ sudo systemctl start imount.service
+fi
dir=/nocow
-if ! mountpoint $dir; then
- subvol=/mnt/root/nocow
- if [[ ! -e $subvol ]]; then
- s btrfs subvolume create $subvol
- s chown root:1000 $subvol
- s chattr +C $subvol
- fi
+if has_btrfs; then
+ if ! mountpoint $dir; then
+ subvol=/mnt/root/nocow
+ if [[ ! -e $subvol ]]; then
+ s btrfs subvolume create $subvol
+ s chown root:1000 $subvol
+ s chattr +C $subvol
+ fi
- first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
- tu /etc/fstab <<EOF
+ first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+ tu /etc/fstab <<EOF
$first_root_crypt /nocow btrfs noatime,subvol=nocow 0 0
EOF
- s mkdir -p $dir
- s chown ian:ian $dir
- s mount $dir
+ s mkdir -p $dir
+ s chown ian:ian $dir
+ s mount $dir
+ fi
+else
+ sudo mkdir -p $dir
fi
-
# ssh and probably some other things care about parent directory
# ownership, and ssh doesn\'t allow any group writable parent
# directories, so we are forced to use a directory structure similar
ser restart systemd-udev-trigger
fi
-# work desktop doesnt need gpg stuff, but it doesnt hurt
-s dd of=/etc/profile.d/environment.sh <<'EOF'
-# IAN: EDIT THIS FROM /a/bin/distro-setup/distro-begin
-export ACME_TINY_WRAPPER_CERT_DIR=/p/c/machine_specific/$HOSTNAME/webservercerts
-
-if [ -f $HOME/path_add-function ]; then
- . $HOME/path_add-function
- path_add /usr/sbin /usr/local/sbin /sbin
- path_add /a/exe /a/opt/bin $HOME/.cabal/bin
-
- if [ -r /etc/alternatives/java_sdk ]; then
- export JAVA_HOME=/etc/alternatives/java_sdk
- path_add /etc/alternatives/java_sdk
- fi
-fi
-
-export EDITOR="emacsclient"
-# this makes emacsclient file/-c start a server instance if none is running,
-# instead of some alternate editor logic
-export ALTERNATE_EDITOR=""
-
-# ubuntu starts gpg agent automatically with /etc/X11/Xsession.d/90gpg-agent.
-# fedora doesn't, which left me to figure this out, and google was no help.
-# fedora documentation is often quite bad :(
-# This is mostly copied from that file.
-# Main difference is that we eval the result of starting gpg-agent,
-# while that file executes it through xsession specific var.
-# Also make sourcing the pidfile make more sense.
-# End result should be the same afaik.
-# for gpg-agent to work when calling gpg from the command line,
-# we need an environment variable that is setup via the eval.
-# which is why we do this upon login, so it can propogate
-# It is also written to the file $HOME/.gnupg/gpg-agent-info-$(hostname)
-# I'm not aware if that is ever used, but just fyi.
-# I also added the bit about xmessaging the stderr,
-# because I'd like to know if the command fails
-if [ -f /etc/fedora-release ]; then
- : ${GNUPGHOME=$HOME/.gnupg}
-
- GPGAGENT=/usr/bin/gpg-agent
- PID_FILE="$GNUPGHOME/gpg-agent-info-$(hostname)"
-
- if ! $GPGAGENT 2>/dev/null; then
- temp="$(mktemp)"
- eval "$($GPGAGENT --homedir /p/do-not-delete --daemon --sh --write-env-file=$PID_FILE 2>$temp)"
- temperr="$(<"$temp")"
- [ -n "$temperr" ] && xmessage "gpg-agent stderr: $temperr"
- elif [ -r "$PID_FILE" ]; then
- . "$PID_FILE"
- export GPG_AGENT_INFO
- fi
-fi
-
-# ubuntu has 002, debian has 022.
-# from what I've read, benefit of 002 makes shared groups read/write.
-# Security concern is where some unixes put everyone in a same group,
-# so if you copy files there with exact perms, that is probably not
-# what you want. I don't use a system like that, and I don't really care
-# either way, but I'd prefer
-# being able to sync file perms with ubuntu systems at work,
-# and it's easier to change the debian one.
-
-umask 002
-EOF
-
if isdeb; then
# I\'ve had problems with postfix on debian:
fi
if isubuntu; then
- # disable crash report annoying crap
+ # disable crash report annoying dialogs.
s dd of=/etc/default/apport <<<'enabled=0'
fi
fi
pi dmenu
- if isdeb && (tp || x2); then
- pi task-laptop
+ if tp || x2; then
+ case $distro in
+ debian)
+ pi task-laptop
+ ;;
+ ubuntu|trisquel)
+ # the exact packages that task-laptop would install, since ubuntu
+ # doesn\'t have this virtual in practice package.
+ pi avahi-autoipd bluetooth powertop iw wireless-tools wpasupplicant
+ ;;
+ # todo: other distros unknown
+ esac
fi
fi