simple_packages+=($@)
}
-
distro=$(distro-name)
pending_reboot=false
ruby-rest-client
tree
vim
+ wcd
)
case $HOSTNAME in
gnome-screenshot
i3lock
jq
+ linux-doc
locate
manpages
manpages-dev
meld
+ mumble
nmap
offlineimap
p7zip
pianobar
pidgin
python3-mutagen
+ reportbug
squashfs-tools
swh-plugins
tcpdump
pi "${simple_packages[@]}"
simple_packages=()
+# website setup
case $HOSTNAME in
lj|li)
case $HOSTNAME in
- lj) domain=iank.bid ;;
+ lj) domain=iank.bid; exit 0 ;;
li) domain=iankelling.org ;;
esac
/a/h/setup.sh $domain
sudo -E /a/bin/mediawiki-setup/mw-setup-script
#$src/phab-setup
+ pi-nostart mumble-server
+ s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
+ sgo mumble-server
+
+ vpn-server-setup -d
+
+ sudo dd of=/etc/systemd/system/vpnmail.service <<EOF
+[Unit]
+Description=Turns on iptables mail nat
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
+ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
+
+[Install]
+WantedBy=openvpn.service
+EOF
+ ser daemon-reload
+ ser enable vpnmail.service
+ acme-tiny-wrapper mail.iankelling.org
+ sgo openvpn
+ tu /etc/hosts <<<"mail.iankelling.org 10.8.0.4"
+
+
echo "$0: $(date): ending now)"
exit 0
;;
esac
-########### end section including li/lj ###############
+########### end section including li/lj ###############
+if private-host; then
+ vpn-mk-client-cert -n mail li
+ echo "ifconfig-push 10.8.0.4 255.255.255.0" | ssh root@li dd of=/etc/openvpn/client-config/$(openssl x509 -noout -subject -in mail.crt | sed -r 's/.*CN *= *([^,]+).*/\1/')
+fi
+ser enable mailroute
+if [[ $HOSTNAME == treetowl ]]; then
+ # note, this will need to be changed when the mail host changes
+ sgo openvpn-client@mail
+fi
## android studio setup
# this contains the setting for android sdk to point to
spa lib32stdc++6 default-jdk
-if [[ $HOSTNAME == frodo ]]; then
+if [[ $HOSTNAME == treetowl ]]; then
+ # It\'s simpler to just worry about running it in one place for now.
+ # I assume it would work to clone it\'s config to another non-phone
+ # and just run it in one place instead of the normal having a
+ # separate config. I lean toward using the same config, since btrfs
+ # syncs between comps.
case $distro in
- ubunut|debian)
- pi libsqlite3-dev
- cd /a/opt/duperemove
- make clean
- make
- s make install
+ arch) pi syncthing ;;
+ ubuntu|debian)
+ # testing has relatively up to date packages
+ if ! isdebian-testing; then
+ # based on error when doing apt-get update:
+ # E: The method driver /usr/lib/apt/methods/https could not be found.
+ pi apt-transport-https
+ # google led me here:
+ # https://apt.syncthing.net/
+ curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
+ s="deb http://apt.syncthing.net/ syncthing release"
+ if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
+ echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
+ p update
+ fi
+ fi
+ pi syncthing
;;
- #others unknown
esac
+ sgo syncthing@ian # runs as ian
+
+ # these things persist in ~/.config/syncthing, which I save in
+ # /p/c/machine_specific
+ # open http://localhost:8384/
+ # change listen address from default to tcp://:22001,
+ # this is because we do port forward so it doesn\'t have to use
+ # some external server, but the syncthing is broken for port forward,
+ # you get a message, something "like connected to myself, this should not happen"
+ # when connecting to other local devices, so I bump the port up by 1,
+ # based on
+ # https://forum.syncthing.net/t/connected-to-myself-should-not-happen/1763/19.
+ # Without this, it was being stuck syncing at 0%.
+ # Set gui username and password.
+ #
+ # install syncthing via f-droid,
+ # folder setting, turn off master folder (makes it read only).
+ # on phone, add device, click bar code icon
+ # on dekstop, top right, actions, device id
+ # after adding, notification will appear on desktop to confirm
+ #
+ # add folder to sync phone, notification will appear on desktop
+ # to set folder location.
+ #
+ # Folder versioning would make sense if I didn\'t already use btrfs
+ # for backups. I would choose staggered, or trash can for more space.
+ #
+ # if needed to install on a remote comp:
+ # ssh -L 8384:localhost:8384 -N frodo
+ # open http://localhost:8384/
+ #
+ # Note, the other thing i did was port forward port 22000,
+ # per https://docs.syncthing.net/users/firewall.html
fi
-case $distro in
- arch) pi syncthing ;;
- ubuntu|debian)
- # testing has relatively up to date packages
- if ! isdebian-testing; then
- # based on error when doing apt-get update:
- # E: The method driver /usr/lib/apt/methods/https could not be found.
- pi apt-transport-https
- # google led me here:
- # https://apt.syncthing.net/
- curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
- s="deb http://apt.syncthing.net/ syncthing release"
- if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
- echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
- p update
- fi
- fi
- pi syncthing
- ;;
-esac
-# installed via f-droid
-# top right, actions, device id
-#
-# for installing on a remote comp:
-# ssh -L 8384:localhost:8384 -N frodo
-# went to http://localhost:8384/
-#
-# add folder to sync phone,
-# staggered file versioning would be my normal choice, but choose
-# trash can versioning for sake of space on phone, with
-# clean out after 7 days.
-#
-# did:
-# ser start syncthing@ian
-# then on phone, add device, hit bar code icon,
-# install bar code scanner.
# no equivalent in other distros:
# I originaly setup rpc-whitelist, but after using
# routing to a network namespace, it doesn't see the
# real source address, so it's disabled.
+ #
+ # Changed the cache-size to 128 mb, reduces disk use.
+ # It is a read & write cache.
+ #
# todo: setup a password.
s ruby <<'EOF'
require 'json'
'incomplete-dir' => '/k/partial-torrents',
'incomplete-dir-enabled' => true,
'download-dir' => '/i/k/torrents',
-"speed-limit-up" => 700,
+"speed-limit-up" => 800,
"speed-limit-up-enabled" => true,
"peer-port" => 61486,
+"cache-size-mb" => 128,
"ratio-limit" => 1.4000,
"ratio-limit-enabled" => false,
"pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
ser disable transmission-daemon
sgo transmission-daemon-nn
;;
- # todo: others unknown
- esac
+ # todo: others unknown
+esac
fi
# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
0) : ;;
*)
# previously I had a more specific search, but dpkg
- # changed it's output as of 7/2016
+ # changed it\'s output as of 7/2016
if grep 'dependency problems' \
$log &>/dev/null; then
s apt-get -fy install
exit 1
fi
;;
-esac
-;;
-arch)
- pi google-chrome
- ;;
-esac
-;;
+ esac
+ ;;
+ arch)
+ pi google-chrome
+ ;;
+ esac
+ ;;
esac
# printer
case $distro in
- debian|ubuntu) spa android-tools-adb/unstable ;;
+ debian|ubuntu) spa android-tools-adbd/unstable ;;
arch) spa android-tools ;;
# other distros unknown
esac
# has no unstable dependencies
spa bitcoin-qt/unstable
fi
- ;;
- s cp /a/opt/bitcoin/contrib/init/bitcoind.service /usr/lib/systemd/system
- ser daemon-reload
- sgo bitcoind
-
- s mkdir -p $dir
- s touch $f
- s chmod -R o-rwx $dir
- s chown -R bitcoin:bitcoin $dir
- s dd of=$f <<EOF
+ s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
+ ser daemon-reload
+
+ dir=/nocow/.bitcoin
+ s mkdir -p $dir
+ s chown -R bitcoin:bitcoin $dir
+ dir=/etc/bitcoin
+ s mkdir -p $dir
+ s chown -R root:bitcoin $dir
+ s chmod 750 $dir
+ f=$dir/bitcon.conf
+
+ # pruning decreases the bitcoin dir to 2 gb, keeps
+ # just the recent blocks. can't do a few things like
+ # import a wallet dump.
+ # pruning works, but people had to do
+ # some manual stuff in joinmarket. I dun need the
+ # disk space, so not bothering yet, maybe in a year or so.
+ # https://github.com/JoinMarket-Org/joinmarket/issues/431
+ #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
+ #prune=550
+
+ s dd of=$f <<EOF
rpcbind=127.0.0.1
server=1
rpcpassword=$(openssl rand -base64 32)
walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
EOF
- # other distros unknown
+ ;;
+ # other distros unknown
esac
if [[ $HOSTNAME == treetowl ]]; then
- # dunno about sharing a wallet between multiple instances
+ pi libsodium-dev python3-pip
+ cd /a/opt/joinmarket
+ # using develop branch, as it seems to be mostly bug fixes,
+ # and this is quite new software.
+ # note: python3 does not work.
+ pip install -r requirements.txt
+ # we need bitcoin.conf in the data dir according to
+ # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
+ # following the example .service script, I don\'t have it there,
+ # and I generate it, so lets just symlink it.
+ sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
+
+ # one time, manually did python wallet-tool.py generate.
+ # The "wallet" is just a key which deterministically generates addresses.
+ # One time: move the wallet, then link to it.
+ # ln -s /p/joinmarket/wallet.json wallets
+ #
+ # see wallet addresses via:
+ # python wallet-tool.py wallet.json
+ # send to the first 3 mixing depth 0 addresses.
+ # depths are like "identities", to separate out association with
+ # each other. the big hash in that output is the depth/branch id,
+ # ignore it afaik.
+ #
+ # after sending btc to wallet from a 3rd party service, check that
+ # at least 20% of utxo of each transaction was sent to you,
+ # btc listtransactions 10 0 true
+ # btc getrawtransaction TXID 1
+ #
+ # to view status, do
+ # python wallet-tool.py wallet.json history
+ #
+ # to help make other people,
+ # python yield-generator-basic.py wallet.json
+
+ for var in rpcuser rpcpassword; do
+ u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
+ # escape backslashes
+ u="${u//\\/\\\\\\\\}"
+ # escape commas
+ u="${u//,/\\,}"
+ sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
+ done
+ sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
+ # dunno about sharing a wallet between multiple instances
+ # manually did, wallet.dat symlinked in /nocow/.bitcoin
sgo bitcoind
fi
########### misc stuff
+# the wiki backup script from ofswiki.org uses generic paths
+s lnf /p/c/machine_specific/li/mw_vars /root
+s lnf /k/backup/wiki_backup /root
+
s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
# all things found from looking around the default config
# copied existing NCSA Combined Log Format with Virtual Host, plus %L
# run "control userpasswords2", turn on automatic login.
# note: when changing devices, I just undefine, the create the vm again.
- s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
- --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
- -n win10 --import --os-variant $variant --cpu host-model-only
+ if [[ -e /a/images/win10.qcow2 ]]; then
+ s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
+ --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
+ -n win10 --import --os-variant $variant --cpu host-model-only
- s virsh destroy win10
-
- # this one hasn\'t had the virtio fix done yet.
- s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
- --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
- -n win7 --import --os-variant win7 --cpu host-model-only
- s virsh destroy win7
- # had a problem with --cpu host, so trying out
- # --cpu host-model-only
+ s virsh destroy win10
+ fi
+ if [[ -e /a/images/win7.qcow2 ]]; then
+ # this one hasn\'t had the virtio fix done yet.
+ s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
+ --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
+ -n win7 --import --os-variant win7 --cpu host-model-only
+ s virsh destroy win7
+ # had a problem with --cpu host, so trying out
+ # --cpu host-model-only
+ fi
fi