apache2
apache2-doc
apt-doc
+ apt-listchanges
aptitude-doc-en
bash-doc
+ beets
+ beets-doc
binutils-doc
+ bind9-doc
bwm-ng
chromium
cpio-doc
+ cloc
cron
debconf-doc
+ dirmngr
+ dnsutils
+ dtrx
duplicity
eclipse
evince
gcc-doc
gdb
gdb-doc
+ geoip-bin
git-doc
+ git-email
gitk
glibc-doc
goaccess
gnome-screenshot
+ gnome-session-flashback
i3lock
+ inetutils-traceroute
iproute2-doc
jq
+ kid3-qt
+ kid3-cli
linux-doc
locate
+ lshw
make-doc
manpages
manpages-dev
meld
+ mps-youtube
mumble
+ nagstamon
+ nginx-doc
nmap
offlineimap
p7zip
perl-doc
pianobar
pidgin
+ pry
+ python-autopep8
python3-doc
python3-mutagen
reportbug
+ $(aptitude show ruby | sed -rn 's/Depends: (.*)/\1/p')-doc
sqlite3-doc
squashfs-tools
swh-plugins
tar-doc
tcpdump
+ telnet
transmission-remote-gtk
vlc
whois
########### begin section including li ################
-case $distro in
- debian)
- if [[ `debian-archive` == testing ]]; then
- pi acme-tiny
- fi
-esac
-
case $distro in
fedora) spa unrar ;;
*) spa unrar-free ;;
esac
-case $distro in
- debian|ubuntu)
- pi debian-goodies
- ;;
-esac
+if isdeb; then
+ pi debian-goodies
+fi
case $distro in
case $distro in
arch) spa the_silver_searcher ;;
- debian|ubuntu) spa silversearcher-ag ;;
+ debian|ubuntu|trisquel) spa silversearcher-ag ;;
# fedora unknown
esac
case $distro in
- debian|ubuntu) spa ntp;;
+ debian|ubuntu|trisquel) spa ntp;;
arch)
pi ntp
sgo ntpd
# no equivalent in other distros:
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi aptitude
if ! dpkg -s apt-file &>/dev/null; then
# this condition is just a speed optimization
esac
case $distro in
- ubuntu|debian) spa ack-grep ;;
+ ubuntu|trisquel|debian) spa ack-grep ;;
arch|fedora) spa ack ;;
# fedora unknown
esac
case $distro in
- arch|debian|ubuntu)
+ arch|debian|ubuntu|trisquel)
spa bash-completion
;;
# others unknown
# disable motd junk.
-case $(distro-name) in
+case $distro in
debian)
# allows me to pipe with ssh -t, and gets rid of spam
# http://forums.debian.net/viewtopic.php?f=5&t=85822
s update-rc.d motd disable
fi
;;
- ubuntu)
+ ubuntu|trisquel)
# this isn't a complete solution. It still shows me when updates are available,
# but it's no big deal.
s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
pi "${simple_packages[@]}"
simple_packages=()
+
+### begin docker install ####
+# https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
+pi software-properties-common apt-transport-https
+curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
+sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/debian \
+ $(lsb_release -cs) \
+ stable"
+p update
+pi docker-ce
+sgo docker
+### end docker install ####
+
+
+case $distro in
+ debian)
+ # note, need python-certbot-nginx for nginx, but it depends on nginx,
+ # and I'm not installing nginx by default right now
+ if isdebian-testing; then
+ pi --install-suggests certbot
+ else
+ pi --install-suggests -t jessie-backports certbot
+ fi
+ # make a version of the certbot timer that emails me.
+ x=/systemd/system/certbot
+ $sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
+s,^Description.*,\0 mail version,
+EOF
+ $sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
+s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
+EOF
+ ser daemon-reload
+ sgo certbotmail.timer
+
+ ;;
+ # todo: other distros unknown
+esac
+
# website setup
case $HOSTNAME in
lj|li)
pi-nostart mumble-server
s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
+
+ # do certificate to avoid warning about unsigned cert,
+ # which is overkill for my use, but hey, I'm cool, I know
+ # how to do this.
+ web-conf apache2 mumble.iankelling.org
+ s rm -f /etc/apache2/sites-enabled/mumble.iankelling.org
+ sudo -i <<'EOF'
+export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
+/a/bin/distro-setup/certbot-renew-hook
+EOF
+
sgo mumble-server
vpn-server-setup -d
+ tee /etc/openvpn/client-config/mail <<'EOF'
+ifconfig-push 10.8.0.4 255.255.255.0
+EOF
+
sudo dd of=/etc/systemd/system/vpnmail.service <<EOF
[Unit]
EOF
ser daemon-reload
ser enable vpnmail.service
- acme-tiny-wrapper mail.iankelling.org
- sgo openvpn
+ # needed for li's local mail delivery.
tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org"
+ sgo openvpn
+ # setup let's encrypt cert
+ web-conf apache2 mail.iankelling.org
+ s rm /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
+ ser reload apache2
+
+ domain=cal.iankelling.org
+ web-conf -f 10.8.0.4:5232 - apache2 $domain <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
+ <Location />
+ Options +FollowSymLinks +Multiviews +Indexes
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/caldav-htpasswd"
+ Require valid-user
+ <Location />
+EOF
+ # nginx version of above would be:
+ # auth_basic "Not currently available";
+ # auth_basic_user_file /etc/nginx/caldav/htpasswd;
+
+ ########## begin pump.io setup ##########
+
+ # once pump adds a logrotation script, turn off nologger,
+ # and add
+ # "logfile": "/var/log/pumpio/pumpio.log",
+ #
+ s dd of=/etc/pump.io.json <<'EOF'
+{
+ "secret": "SECRET_REPLACE_ME",
+ "driver": "mongodb",
+ "params": { "dbname": "pumpio" },
+ "noweb": false,
+ "site": "pump.iankelling.org",
+ "owner": "Ian Kelling",
+ "ownerURL": "https://iankelling.org/",
+ "port": 8001,
+ "urlPort": 443,
+ "hostname": "pump.iankelling.org",
+ "nologger": true,
+ "datadir": "/home/pumpio/pumpdata",
+ "enableUploads": true,
+ "debugClient": false,
+ "disableRegistration": true,
+ "noCDN": true,
+ "key": "/home/pumpio/privkey.pem",
+ "cert": "/home/pumpio/fullchain.pem",
+ "address": "localhost",
+ "sockjs": false
+}
+EOF
+ s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
+
+ # jessie\'s node is too old
+ # https://nodejs.org/en/download/package-manager/
+ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
+ pi nodejs
+ cd /home/ian
+ rm -rf pump.io.git
+ git clone https://github.com/pump-io/pump.io.git
+ cd pump.io
+ # note: doing this or the npm install pump.io as root had problems.
+ npm install
+ npm run build
+ # normally, next command would be
+ # s npm install -g databank-mongodb
+ # but it\'s this until a bug in pump gets fixed
+ s npm install -g databank-mongodb@0.19.2
+ s useradd -m -s /bin/false pumpio
+ sudo -u pumpio mkdir -p /home/pumpio/pumpdata
+ # for testing browser when only listening to localhost,
+ # in the pump.io.json, set hostname localhost, urlPort 5233
+ #ssh -L 5233:localhost:5233 li
+
+ s mkdir -p /var/log/pumpio/
+ s chown pumpio:pumpio /var/log/pumpio/
+
+ web-conf - apache2 pump.iankelling.org <<'EOF'
+# currently a bug in pump that we cant terminate ssl
+ SSLProxyEngine On
+ ProxyPreserveHost On
+ ProxyPass / https://127.0.0.1:8001/
+ ProxyPassReverse / https://127.0.0.1:8001/
+ # i have sockjs disabled per people suggesting that
+ # it won\'t work with apache right now.
+ # not sure if it would work with this,
+ # but afaik, this is pointless atm.
+ <Location /main/realtime/sockjs/>
+ ProxyPass wss://127.0.0.1:8001/main/realtime/sockjs/
+ ProxyPassReverse wss://127.0.0.1:8001/main/realtime/sockjs/
+ </Location>
+EOF
+
+ sudo -i <<'EOF'
+export RENEWED_LINEAGE=/etc/letsencrypt/live/pump.iankelling.org
+/a/bin/distro-setup/certbot-renew-hook
+EOF
+
+ s dd of=/etc/systemd/system/pump.service <<'EOF'
+[Unit]
+Description=pump.io
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User=pumpio
+Group=pumpio
+ExecStart=/home/ian/pump.io/bin/pump
+Environment=NODE_ENV=production
+# failed to find databank-mongodb without this.
+# I just looked at my environment variables took a guess.
+Environment=NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ ser daemon-reload
+ sgo pump
+ ########## end pump.io setup ############
+
+
+ ############# begin setup mastodon ##############
+
+ # I'd like to try gnu social just cuz of gnu, but it's not being
+ # well maintained, for example, simple pull requests
+ # languishing:
+ # https://git.gnu.io/gnu/gnu-social/merge_requests/143
+ # and I submitted my own bugs, basic docs are broken
+ # https://git.gnu.io/gnu/gnu-social/issues/269
+
+ # note, docker required, but we installed it earlier
+
+ # i subscrubed to https://github.com/docker/compose/releases.atom
+ # to deal with updates manually. So far, it means just reving the
+ # version number, then restarting docker-compose with
+ # cd ~/mastodon
+ # docker-compose up -d
+ curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
+ s chmod +x /usr/local/bin/docker-compose
+
+
+ cd ~
+ i clone https://github.com/tootsuite/mastodon
+ cd mastodon
+ # subbed to atom feed to deal with updates
+ git checkout $(git tag | grep -v rc | tail -n1)
+
+ # per instructions, uncomment redis/postgres persistence in docker-compose.yml
+ sed -i 's/^#//' docker-compose.yml
+
+ cat >.env.production <<'EOF'
+REDIS_HOST=redis
+REDIS_PORT=6379
+DB_HOST=db
+DB_USER=postgres
+DB_NAME=postgres
+DB_PASS=
+DB_PORT=5432
+
+LOCAL_DOMAIN=mast.iankelling.org
+LOCAL_HTTPS=true
+
+SINGLE_USER_MODE=true
+
+SMTP_SERVER=10.8.0.4
+SMTP_PORT=25
+SMTP_LOGIN=li
+SMTP_FROM_ADDRESS=notifications@mast.iankelling.org
+SMTP_DOMAIN=mast.iankelling.org
+SMTP_DELIVERY_METHOD=smtp
+EOF
+
+ for key in PAPERCLIP_SECRET SECRET_KEY_BASE OTP_SECRET; do
+ printf "%s=%s" $key "$(docker-compose run --rm web rake secret)" >>.env.production
+ done
+ s cat /etc/mailpass| while read -r domain port pass; do
+ if [[ $domain == mail.iankelling.org ]]; then
+ printf "SMTP_PASSWORD=%s" "$pass" >>.env.production
+ break
+ fi
+ done
+
+
+
+ docker-compose run --rm web rails assets:precompile
+
+ # docker daemon takes care of starting on boot.
+ docker-compose up -d
+
+ s a2enmod proxy_wstunnel headers
+ web-conf -f 3000 - apache2 mast.iankelling.org <<'EOF'
+ ProxyPreserveHost On
+ RequestHeader set X-Forwarded-Proto "https"
+ ProxyPass /500.html !
+ ProxyPass /oops.png !
+ ProxyPass /api/v1/streaming/ ws://localhost:4000/
+ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/
+ ErrorDocument 500 /500.html
+ ErrorDocument 501 /500.html
+ ErrorDocument 502 /500.html
+ ErrorDocument 503 /500.html
+ ErrorDocument 504 /500.html
+EOF
+
+
+ ############### !!!!!!!!!!!!!!!!!
+ ############### manual steps:
+
+ # only following 2 people atm, so not bothering to figure out backups
+ # when mastodon has not documented it at all.
+ #
+ # fsf@status.fsf.org
+ # cwebber@toot.cat
+ # dbd@status.fsf.org
+ # johns@status.fsf.org
+
+ # sign in page is at https://mast.iankelling.org/auth/sign_in
+ # register as iank, then
+ # https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Administration-guide.md
+ # docker-compose run --rm web bundle exec rails mastodon:make_admin USERNAME=iank
+
+ ############# end setup mastodon ##############
+
+ pi bind9
echo "$0: $(date): ending now)"
exit 0
########### end section including li/lj ###############
+if [[ $HOSTNAME == treetowl ]]; then
+ # note, see bashrc for more documentation.
+ pi rss2email
+ s dd of=/etc/systemd/system/rss2email.service <<'EOF'
+[Unit]
+Description=rss2email
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+# about 24 hours of failures
+# it copies over its files without respecting symlinks, so
+# we pass options to use different location.
+ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run
+EOF
+ s dd of=/etc/systemd/system/rss2email.timer <<'EOF'
+[Unit]
+Description=rss2email
+
+[Timer]
+# for initial run. required.
+OnActiveSec=30
+# for subsequent runs.
+OnUnitInactiveSec=300
+
+[Install]
+WantedBy=timers.target
+EOF
+ s systemctl daemon-reload
+ sgo rss2email.timer
+fi
+
+######### begin pump.io periodic backup #############
+if [[ $HOSTNAME == treetowl ]]; then
+ s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
+[Unit]
+Description=pump li backup
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
+EOF
+ s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF'
+[Unit]
+Description=pump li backup hourly
+
+[Timer]
+OnCalendar=hourly
+
+[Install]
+WantedBy=timers.target
+EOF
+ s systemctl daemon-reload
+ sgo pumpbackup.timer
+fi
+######### end pump.io periodic backup #############
+
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# suggests because we want the resolvconf package.
- # todo: check other distros to make sure it's installed
+ # todo: check other distros to make sure it\'s installed
pi-nostart --install-suggests openvpn
# pi-nostart does not disable
ser disable openvpn
*) pi openvpn;;
esac
-if private-host; then
- vpn-mk-client-cert -n mail li
- cn=$(s openssl x509 -noout -nameopt multiline -subject \
- -in /etc/openvpn/client/mail.crt | \
- sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p')
- echo "ifconfig-push 10.8.0.4 255.255.255.0" | \
- ssh root@li dd of=/etc/openvpn/client-config/"$cn"
-fi
-ser enable mailroute
-if [[ $HOSTNAME == treetowl ]]; then
- # note, this will need to be changed when the mail/contacts host changes
- sgo openvpn-client@mail
- /a/bin/distro-setup/radicale-setup.sh
-fi
+/a/bin/distro-setup/radicale-setup
## android studio setup
# this contains the setting for android sdk to point to
if [[ $HOSTNAME == treetowl ]]; then
+ ############# begin syncthing setup ###########
+
# It\'s simpler to just worry about running it in one place for now.
# I assume it would work to clone it\'s config to another non-phone
# and just run it in one place instead of the normal having a
# syncs between comps.
case $distro in
arch) pi syncthing ;;
- ubuntu|debian)
+ ubuntu|trisquel|debian)
# testing has relatively up to date packages
if ! isdebian-testing; then
# based on error when doing apt-get update:
pi syncthing
;;
esac
+ lnf -T /w/syncthing /home/ian/.config/syncthing
sgo syncthing@ian # runs as ian
# these things persist in ~/.config/syncthing, which I save in
- # /p/c/machine_specific
+ # /w/syncthing (not in /p, because syncthing should continue to
+ # run on home server even when using laptop as primary device)
# open http://localhost:8384/
# change listen address from default to tcp://:22001,
# this is because we do port forward so it doesn\'t have to use
# after adding, notification will appear on desktop to confirm
#
# syncing folder. from phone to desktop: select desktop in the
- # folder on phone's sync options, notification will appear in
- # desktop's web ui within a minute. For the reverse, the
- # notification will appear in android's notifications, you have to
- # swipe down and tap it to add the folder. It won't appear in the
- # syncthing ui, which would be intuitive, but don't wait for it
+ # folder on phone\'s sync options, notification will appear in
+ # desktop\'s web ui within a minute. For the reverse, the
+ # notification will appear in android\'s notifications, you have to
+ # swipe down and tap it to add the folder. It won\'t appear in the
+ # syncthing ui, which would be intuitive, but don\'t wait for it
# there.
#
# On phone, set settings to run syncthing all the time, and
#
# Note, the other thing i did was port forward port 22000,
# per https://docs.syncthing.net/users/firewall.html
+
+ ############# end syncthing setup ###########
fi
# no equivalent in other distros:
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# for gui bug reporting
spa python-vte
;;
####### misc packages ###########
-if [[ $HOSTNAME == treetowl ]]; then
- case $distro in
- debian|ubuntu)
- # note i had to do this, which is persistent:
- # cd /i/k
- # s chgrp debian-transmission torrents partial-torrents
-
- # syslog says things like
- # 'Failed to set receive buffer: requested 4194304, got 425984'
- # google suggets giving it even more than that
- tu /etc/sysctl.conf<<'EOF'
+# nagstamon setting which were set through the ui
+# in filters tab:
+# all unknown sources
+# all warning services
+# acknowledged hosts & services
+# hosts & services down for maintenence
+# services on down hosts
+# services on hosts in maintenece
+# services on unreachable osts
+# hosts in soft state
+# services in soft state
+# in display tab: icon in systray.
+
+case $distro in
+ debian|ubuntu|trisquel)
+ # it asks if it should make users in it's group capture packets without root,
+ # which is arguably more secure than running wireshark as root. default is no,
+ # which is what i prefer, since I plan to use tcpdump to input to wireshark.
+ s DEBIAN_FRONTEND=noninteractive pi wireshark-gtk
+ ;;
+ # others unknown
+esac
+
+
+case $distro in
+ debian|ubuntu|trisquel)
+ # no recommends because it wanted some other unstable package, something to
+ # do with math or something, which I didn't want to deal with.
+ p -y --no-install-recommends install python3-send2trash/unstable anki/unstable
+ ;;
+ # others unknown
+esac
+
+case $distro in
+ debian|ubuntu|trisquel)
+ # note i had to do this, which is persistent:
+ # cd /i/k
+ # s chgrp debian-transmission torrents partial-torrents
+
+ # syslog says things like
+ # 'Failed to set receive buffer: requested 4194304, got 425984'
+ # google suggets giving it even more than that
+ tu /etc/sysctl.conf<<'EOF'
net.core.rmem_max = 67108864
net.core.wmem_max = 16777216
EOF
- s sysctl -p
-
- # some reason it doesn't seem to start automatically anyways
- pi-nostart transmission-daemon
-
- # the folder was moved here after an install around 02/2017.
- # it contains runtime data,
- # plus a simple symlink to the config file which it's
- # not worth separating out.
- s lnf -T /q/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
- #
- # config file documented here, and it's the same config
- # for daemon vs client, so it's documented in the gui.
- # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
- #
- # I originaly setup rpc-whitelist, but after using
- # routing to a network namespace, it doesn't see the
- # real source address, so it's disabled.
- #
- # Changed the cache-size to 256 mb, reduces disk use.
- # It is a read & write cache.
- #
- s ruby <<'EOF'
+ s sysctl -p
+
+ # some reason it doesn\'t seem to start automatically anyways
+ pi-nostart transmission-daemon
+
+ # the folder was moved here after an install around 02/2017.
+ # it contains runtime data,
+ # plus a simple symlink to the config file which it\'s
+ # not worth separating out.
+ s lnf -T /i/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
+ #
+ # config file documented here, and it\'s the same config
+ # for daemon vs client, so it\'s documented in the gui.
+ # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
+ #
+ # I originaly setup rpc-whitelist, but after using
+ # routing to a network namespace, it doesn\'t see the
+ # real source address, so it\'s disabled.
+ #
+ # Changed the cache-size to 256 mb, reduces disk use.
+ # It is a read & write cache.
+ #
+ s ruby <<'EOF'
require 'json'
p = '/etc/transmission-daemon/settings.json'
File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
})) + "\n")
EOF
- # make sure its not enabled, not sure if this is needed
- ser disable transmission-daemon
- sgo transmission-daemon-nn
- ;;
- # todo: others unknown
- esac
-fi
-
+ # make sure its not enabled, not sure if this is needed
+ ser disable transmission-daemon
+ ;;
+ # todo: others unknown
+esac
# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
if ! getent passwd debian-transmission > /dev/null; then
case $distro in
;;
esac
fi
+if [[ $HOSTNAME == treetowl ]]; then
+ sgo transmission-daemon-nn
+fi
-# dunno why it's there, but get rid of it
-case $HOSTNAME in
- li|lj) s rm -rf /home/linode ;;
-esac
-
-# arch had a default config,
-# debian had nothing until you start it.
-# With a little trial an error, here is a minimal config
-# taken from the generated one, plus changes that the
-# settings ui does, without a bunch of ui crap settings.
-#
-# only settings I set were
-# hostname
-# auto-connect
-# password
+######### begin transmission client setup ######
-# the password is randomly generated on first run
-rpc_pass=$(s ruby <<'EOF'
+if [[ -e /p/transmission-rpc-pass ]]; then
+ # arch had a default config,
+ # debian had nothing until you start it.
+ # With a little trial an error, here is a minimal config
+ # taken from the generated one, plus changes that the
+ # settings ui does, without a bunch of ui crap settings.
+ #
+ # only settings I set were
+ # hostname
+ # auto-connect
+ # password
+
+ # the password is randomly generated on first run, i copied it out
+ # so it could be used by other hosts.
+ s ruby <<'EOF'
require 'json'
p = '/etc/transmission-daemon/settings.json'
-puts JSON.parse(File.read(p))["rpc-password"]
+s = JSON.parse(File.read(p))
+s["rpc-password"] = File.read("/p/transmission-rpc-pass").chomp
+File.write p, JSON.pretty_generate(s)
EOF
- )
-for f in /home/*; do
- d=$f/.config/transmission-remote-gtk
- u=${f##*/}
- s -u $u mkdir -p $d
- s -u $u dd of=$d/config.json <<EOF
+ rpc_pass=$(</p/transmission-rpc-pass)
+ for f in /home/*; do
+ d=$f/.config/transmission-remote-gtk
+ u=${f##*/}
+ s -u $u mkdir -p $d
+ s -u $u dd of=$d/config.json <<EOF
{
"profiles" : [
{
"add-options-dialog" : false
}
EOF
-done
+ done
+fi
+
+# dunno why it\'s there, but get rid of it
+case $HOSTNAME in
+ li|lj) s rm -rf /home/linode ;;
+esac
+
pi wget
case $HOSTNAME in
tp|frodo)
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
log=$(mktemp)
cd /a/opt
wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
# In debian, I could use hte recommended driver,
# in arch, I had to pick out the 6L driver.
;;
- debian|ubuntu)
+ debian|ubuntu|trisquel)
spa hplip
;;
# other distros unknown
esac
case $distro in
- fedora|ubuntu|debian) spa gnupg-agent ;;
+ fedora|ubuntu|trisquel|debian) spa gnupg-agent ;;
arch) : ;;
esac
case $distro in
arch) spa ttf-dejavu;;
- debian|ubuntu) spa fonts-dejavu ;;
+ debian|ubuntu|trisquel) spa fonts-dejavu ;;
# others unknown
esac
case $distro in
arch) spa xorg-xev;;
- debian|ubuntu) spa x11-utils ;;
+ debian|ubuntu|trisquel) spa x11-utils ;;
# others unknown
esac
case $distro in
arch) pi virt-install;;&
- debian|ubuntu) pi virtinst ;;&
+ debian|ubuntu|trisquel) pi virtinst ;;&
*) pi virt-manager ;; # creates the libvirt group in debian at least
# others unknown
esac
# allow user to run vms, from debian handbook
for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
-# bridge networking as user fails. google lead here, but it doesn't work:
+# bridge networking as user fails. google lead here, but it doesn\'t work:
# oh well, I give up.
# http://wiki.qemu.org/Features-Done/HelperNetworking
# s mkdir /etc/qemu
case $distro in
arch) spa cdrkit;;
- debian|ubuntu) spa genisoimage;;
+ debian|ubuntu|trisquel) spa genisoimage;;
# others unknown
esac
case $distro in
arch) spa spice-gtk3 ;;
- debian|ubuntu) spa spice-client-gtk;;
+ debian|ubuntu|trisquel) spa spice-client-gtk;;
# others unknown
esac
# general known for debian/ubuntu, not for fedora
+
+case $distro in
+ debian|ubuntu|trisquel)
+ pi golang-go
+ # a bit of googling, and added settings to bashrc
+ go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
+ ;;
+ # others unknown
+esac
+
+
case $distro in
arch)
# cdrkit for cloud-init isos
case $distro in
- arch|debian|ubuntu) spa pumpa ;;
+ arch|debian|ubuntu|trisquel) spa pumpa ;;
# others unknown. do have a buildscript:
# /a/bin/buildscripts/pumpa ;;
esac
case $distro in
- debian|ubuntu) spa android-tools-adbd/unstable ;;
+ debian) pi adb ;;
+ debian|ubuntu|trisquel) spa android-tools-adbd/unstable ;;
arch) spa android-tools ;;
# other distros unknown
esac
d=jm; jm=d # being clever for succinctness
for s in d jm; do
s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
- /etc/systemd/system/bitcoin${s}.service
+ /etc/systemd/system/bitcoin${s}.service
done
ser daemon-reload
# has seg fault error due to some bug, but it still works
pip install -r requirements.txt || [[ $? == 139 ]]
# note, the target must exist ahead of time, or bitcoin
- # just overwrites the link, and it's not happy with an empty file,
+ # just overwrites the link, and it\'s not happy with an empty file,
# so we have to create the wallet, then move and link it.
s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
-
-# proprietary flash. going without for now
-# case $distro in
-# debian)
-# pi flashplugin-nonfree
-# esac
-
-
-
case $distro in
fedora)
cd $(mktemp -d)
arch)
pi python2-pygments
;;
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi python-pygments
;;
esac
+
# note this failed running at the beginning of this file,
# because no systemd user instance was running.
# Doing systemd --user resulted in
# esac
+
+### kdeconnect for gnome. started in /a/bin/distro-setup/desktop-20-autostart.sh
+pi libgtk-3-dev python3-requests-oauthlib valac cmake python-nautilus
+cd /a/opt/indicator-kdeconnect
+mkdir -p build
+cd build
+cmake .. -DCMAKE_INSTALL_PREFIX=/usr
+make
+sudo make install
+
+
######### end misc packages #########
-# packages I once used before and liked, but don't want installed now for
+# packages I once used before and liked, but don\'t want installed now for
# various reasons:
# python-sqlite is used for offlineimap
# lxappearance python-sqlite dolphin paman dconf-editor
color-scheme 2
# tip: copy access.log files to a stretch host directory, then run
-# jessie's goaccess is too old for some options, and it's
+# jessie's goaccess is too old for some options, and it\'s
# not easily installed from a testing.
# goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
EOF
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
case `debian-archive` in
stable)
s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
#
# # disabled due to my patch being in btrbk
# case $distro in
-# arch|debian|ubuntu) pi btrbk ;;
+# arch|debian|ubuntu|trisquel) pi btrbk ;;
# # others unknown
# esac
cd /a/opt/btrbk
case $distro in
- debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
+ debian|ubuntu|trisquel) s gpasswd -a ian adm ;; #needed for reading logs
esac
# tor
pi nfs-utils
sgo nfs-server
;;
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi nfs-server
;;
arch)
;;
esac
+
+########### begin kodi setup ############
+pi kodi
+
+# based on https://wiki.debian.org/SecuringNFS
+# but the quota stuff is either outdated or optional,
+# i guessed that it was not needed and it worked fine.
+s dd of=/etc/sysctl.d/nfs-static-ports.conf <<'EOF'
+fs.nfs.nfs_callback_tcpport = 32764
+fs.nfs.nlm_tcpport = 32768
+fs.nfs.nlm_udpport = 32768
+EOF
+s sysctl --system
+s $sed -ri -f - /etc/default/nfs-common <<'EOF'
+/^\s*STATDOPTS=/d
+$a STATDOPTS="--port 32765 --outgoing-port 32766"
+EOF
+
+s $sed -ri -f - /etc/default/nfs-kernel-server <<'EOF'
+/^\s*RPCMOUNTDOPTS=/d
+$a RPCMOUNTDOPTS="--manage-gids --port 32767"
+EOF
+ser restart nfs-kernel-server
+
+if [[ $HOSTNAME == treetowl ]]; then
+ # persistent one time steps for webdav:
+ # create persistent password, put it in ~/.kodi/userdata/advancedsettings.xml,
+ # per http://kodi.wiki/view/MySQL/Sync_other_parts_of_Kodi
+ # htpasswd -c /p/c/filesystem/etc/davpass dav
+ # chmod 640 /p/c/filesystem/etc/davpass
+ # in conflink, set group to www-data.
+ # In kodi, i set the music source, server address: my domain,
+ # path: k/music. Then copied the file
+ # /p/c/subdir_files/.kodi/userdata/sources.xml to save that setting.
+ s a2enmod dav dav_fs
+ web-conf -r /a/c/playlists - apache2 dav.iank.pw <<'EOF'
+<Directory /a/c/playlists>
+ DAV On
+ AuthType Basic
+ AuthName "Authentication Required"
+ AuthUserFile "/etc/davpass"
+ Require valid-user
+
+# outside the standard /var/www, so use this:
+ Order allow,deny
+ Allow from all
+</Directory>
+EOF
+ s mkdir -p /var/www/davlock
+ s chown www-data:www-data /var/www/davlock
+ s sed -i "1i DavLockDB /var/www/davlock/davlock" /etc/apache2/sites-enabled/dav.iank.pw.conf
+ ser reload apache2
+
+ teeu /etc/exports "/k/music *(ro,nohide,async,no_subtree_check,insecure)"
+ exportfs -ra
+
+ # kodi uses sqlite by default, but supports mysql.
+ pi mariadb-server
+
+ # see ofswiki.org for explanation.
+ dbpass="$(cat /p/mysql-root-pass)"
+ if ! echo exit|mysql -uroot "-p$dbpass"; then
+ echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
+ fi
+ mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON *.* TO 'kodi' IDENTIFIED BY '$(</p/mysql-kodi-pass)';
+EOF
+ s sed -ri 's/^(\s*bind-address\s*=).*/\1 0.0.0.0/' /etc/mysql/mariadb.conf.d/50-server.cnf
+ ser restart mariadb
+
+fi
+
+########### end kodi setup ############
+
+
if [[ $HOSTNAME == treetowl ]]; then
# nohide = export filesystems mounted deeper than the export point
# fsid=0 makes this export the "root" export
# persistent virtual machines
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi libosinfo-bin;
;;
esac
fi
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# systemd claims it generates units from /etc/init.d, but it
# clearly doesn\'t in debian. I have no idea how they are
# related. fuck debian right now. It\'s not documented. samba