export LC_USEBASHRC=t; if [[ -s ~/.bashrc ]]; then . ~/.bashrc; fi
### setup
-source /a/bin/errhandle/err
+source /a/bin/bash-bear-trap/bash-bear
src="$(readlink -f -- "${BASH_SOURCE[0]}")"; src=${src%/*} # directory of this file
if [[ $EUID == 0 ]]; then
-
-# dogcam setup. not using atm
-# case $HOSTNAME in
-# lj|li)
-# /a/bin/webcam/install-server
-# ;;
-# kw)
-# /a/bin/webcam/install-client
-# ;;
-# esac
-
-
-## not actually using prometheus just yet
-# # office is not exposed to internet yet
-# if [[ $HOSTNAME != kw ]]; then
-# ## prometheus node exporter setup
-# web-conf -f 9100 -p 9101 apache2 $(hostname -f) <<'EOF'
-# #https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
-# # https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
-# <Location />
-# AllowOverride None
-# AuthType basic
-# AuthName "Authentication Required"
-# # setup one time, with root:www-data, 640
-# AuthUserFile "/etc/prometheus-htpasswd"
-# Require valid-user
-# </Location>
-# EOF
-# fi
-
-
-
-
pi debootstrap
######### begin universal pinned packages ######
case $(debian-codename) in
Package: *
Pin: release o=Debian*
Pin-Priority: -100
-EOF
- ;;&
- # needed for debootstrap scripts for fai since fai requires debian
- flidas)
- # moved to fai
- #curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
- sd /etc/apt/preferences.d/flidas-xenial <<EOF
-Package: *
-Pin: release a=xenial
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-security
-Pin-Priority: -100
-
-Package: firefox
-Pin: release n=xenial
-Pin-Priority: 500
-EOF
- sd /etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ xenial main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
-EOF
-
- if ! apt-key list | grep /C0B21F32 &>/dev/null; then
- # moved to fai
- #sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
- sd /etc/apt/preferences.d/flidas-bionic <<EOF
-Package: *
-Pin: release a=bionic
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-security
-Pin-Priority: -100
-EOF
- fi
-
- # better to run btrfs-progs which matches our kernel version
- # (note, renamed from btrfs-tools)
- sd /etc/apt/preferences.d/btrfs-progs <<EOF
-Package: btrfs-progs libzstd1
-Pin: release a=bionic
-Pin-Priority: 1005
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-updates
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-security
-Pin-Priority: 1005
-EOF
-
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ bionic main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
-EOF
- f=/etc/apt/sources.list.d/bionic.list
- if ! diff -q $t $f; then
- sudo cp $t $f
- sudo chmod 644 $f
- m p update
- fi
-
- # no special reason, but its better for btrfs-progs to
- # be closer to our kernel version
- pi btrfs-progs
-
- if [[ ! -e /usr/share/debootstrap/scripts/xenial ]]; then
- t=$(mktemp -d)
- cd $t
- m aptitude download debootstrap/xenial
- m ex ./*
- sudo cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
- fi
-
- sd /etc/apt/preferences.d/flidas-etiona <<EOF
-Package: *
-Pin: release a=etiona
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-security
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-backports
-Pin-Priority: -100
-EOF
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://mirror.fsf.org/trisquel/ etiona main
-deb http://mirror.fsf.org/trisquel/ etiona-updates main
-deb http://archive.trisquel.info/trisquel/ etiona-security main
-deb http://mirror.fsf.org/trisquel/ etiona-backports main
-EOF
- f=/etc/apt/sources.list.d/etiona.list
- if ! diff -q $t $f; then
- sudo cp $t $f
- n s chmod 644 $f
- m p update
- fi
-
- sd /etc/apt/preferences.d/debian-goodies <<EOF
-Package: debian-goodies
-Pin: release n=etiona
-Pin-Priority: 1005
-EOF
-
-
- # dont use buster because it causes dist-upgrade to think its downgrading
- # packages while really just reinstalling the same version.
- f=/etc/apt/apt.conf.d/01iank
- sudo rm -fv $f
- # # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
- # sd /etc/apt/apt.conf.d/01iank <<'EOF'
- # Acquire::AllowInsecureRepositories "true";
- # EOF
-
- f=/etc/apt/sources.list.d/buster.list
- sudo rm -fv $f
-
- # newer version needed for false positive in checkrestart.
- # I did buster at first, but other problem above with having
- # buster repos. not sure if the false positive exists in etiona.
- pi debian-goodies
-
- sd /etc/apt/preferences.d/shellcheck <<EOF
-Package: shellcheck
-Pin: release a=etiona
-Pin-Priority: 1005
-
-Package: shellcheck
-Pin: release a=etiona-updates
-Pin-Priority: 1005
-
-Package: shellcheck
-Pin: release a=etiona-security
-Pin-Priority: 1005
-EOF
-
- sd /etc/apt/preferences.d/bash <<EOF
-Package: bash
-Pin: release a=etiona
-Pin-Priority: 1005
-
-Package: bash
-Pin: release a=etiona-updates
-Pin-Priority: 1005
-
-Package: bash
-Pin: release a=etiona-security
-Pin-Priority: 1005
+Explanation: ubuntu's version is outdated
+Package: debian-archive-keyring
+Pin: release o=Debian*
+Pin-Priority: 1000
EOF
-
-
;;&
+
aramo|nabia|etiona)
# for ziva
#p install --no-install-recommends minetest/buster libleveldb1d/buster libncursesw6/buster libtinfo6/buster
doupdate=false
# shellcheck disable=SC2043 # in case we want more than 1 in the loop later.
- for n in bullseye; do
+ for n in bookworm; do
f=/etc/apt/sources.list.d/$n.list
t=$(mktemp)
case $n in
- bullseye)
+ bookworm)
cat >$t <<'EOF'
EOF
cat >$t <<EOF
-deb http://deb.debian.org/debian bullseye main
-deb-src http://deb.debian.org/debian bullseye main
+deb http://deb.debian.org/debian bookworm main
+deb-src http://deb.debian.org/debian bookworm main
-deb http://deb.debian.org/debian-security/ bullseye-security main
-deb-src http://deb.debian.org/debian-security/ bullseye-security main
+deb http://deb.debian.org/debian-security/ bookworm-security main
+deb-src http://deb.debian.org/debian-security/ bookworm-security main
-deb http://deb.debian.org/debian bullseye-updates main
-deb-src http://deb.debian.org/debian bullseye-updates main
+deb http://deb.debian.org/debian bookworm-updates main
+deb-src http://deb.debian.org/debian bookworm-updates main
-deb http://http.debian.net/debian bullseye-backports main
-deb-src http://http.debian.net/debian bullseye-backports main
+deb http://http.debian.net/debian bookworm-backports main
+deb-src http://http.debian.net/debian bookworm-backports main
EOF
;;
esac
fi
done
if $doupdate; then
- curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | sudo apt-key add -
- curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | sudo apt-key add -
+ cd $(mktemp -d)
+ p download debian-archive-keyring
+ s dpkg -i debian-archive-keyring
p update
+ cd -
fi
- if [[ ! -e /usr/share/debootstrap/scripts/bullseye ]]; then
+ if [[ ! -e /usr/share/debootstrap/scripts/bookworm ]]; then
t=$(mktemp -d)
cd $t
- m aptitude download debootstrap/bullseye
+ m aptitude download debootstrap/bookworm
m ex ./*
sudo cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
fi
dnsb8
fi
- s /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1
+ sudo /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1
# ex for exporter
web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
# for my roommate
case $distro in
trisquel)
- m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/bullseye.list/BULLSEYE_FREE \
- debian bullseye firefox-esr pulseaudio chromium anki
- case $(debian-codename) in
- etiona|nabia)
- # we have a lot of t8 stuff, useful to have
- m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/flidas.list/FLIDAS \
- trisquel flidas
- tu /nocow/schroot/flidas/etc/sudoers <<EOF
-$USER ALL=(ALL) NOPASSWD: ALL
-Defaults env_keep += SUDOD
-Defaults always_set_home
-Defaults !umask
-EOF
- sd /nocow/schroot/flidas//etc/locale.gen <<'EOF'
-en_US.UTF-8 UTF-8
-EOF
- s schroot -c flidas locale-gen
- s schroot -c flidas update-locale LANG=en_US.UTF-8
-
- m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/testing.list/TESTING_NONFREE debian unstable debootstrap
- sudo cp -a /nocow/schroot/unstable/usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
-
- m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/impish.list/IMPISH ubuntu impish
-
- ;;
- esac
+ m mkschroot -s /a/bin/fai/fai/config/files/etc/apt/sources.list.d/bookworm.list/BOOKWORM_FREE \
+ debian bookworm firefox-esr pulseaudio chromium
;;
debian)
pi chromium
case $HOSTNAME in
sy|kd)
- sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-24.0.1/bin/*
- sgo bitcoind
+ sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-26.0/bin/*
+ # Note: i leave it to system-status to start and stop bitcoin.
# note: the bitcoin user & group are setup in fai
sudo usermod -a -G bitcoin iank
# todo: make bitcoin have a stable uid/gid
- if [[ ! $(readlink -f /var/lib/bitcoind/wallets) == /q/wallets ]]; then
- mkdir -p /var/lib/bitcoind
- chown bitcoin:bitcoin /var/lib/bitcoind
- # 710 comes from the upstream bitcoin unit file
- chmod 710 /var/lib/bitcoind
- s lnf /q/wallets /var/lib/bitcoind
- sudo chown -h bitcoin:bitcoin /var/lib/bitcoind/wallets
- fi
+ sudo mkdir -p /var/lib/bitcoind
+ sudo chown bitcoin:bitcoin /var/lib/bitcoind
+ # 710 comes from the upstream bitcoin unit file
+ sudo chmod 710 /var/lib/bitcoind
# note, there exists
# /a/bin/ds/disabled/bitcoin
;;
### end bitcoin
+### begin gh ####
+
+# from https://raw.githubusercontent.com/cli/cli/trunk/docs/install_linux.md
+# One time setup afterwards:
+# gh auth login
+#
+# When it gets to the page where it asks to authorize github, the button
+# is grayed out. You can just open browser dev tools, inspect the
+# button, remove disabled="", then click it and it works.
+#
+# Auth token gets saved into /p/c/subdir_files/.local/share/keyrings/
+#
+# initial config goes to /home/iank/.config/gh
+curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+ && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
+ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+ && sudo apt update \
+ && sudo apt install gh -y
+
+### end gh ####
+
+# remove trisquel banner. it is cool but takes up too much space.
+sudo rm -f /etc/update-motd.d/01-banner
+
case $HOSTNAME in
kw|x3)
sd /etc/cups/client.conf <<'EOF'