distro=$(distro-name)
pending_reboot=false
+sed="sed --follow-symlinks"
# template
case $distro in
# mutagen for pithos
simple_packages+=(
apache2
+ apache2-doc
+ apt-doc
+ apt-listchanges
+ aptitude-doc-en
+ bash-doc
+ binutils-doc
bwm-ng
chromium
+ cpio-doc
+ cloc
+ cron
debconf-doc
duplicity
eclipse
evince
fdupes
+ feh
filelight
+ gawk-doc
gcc-doc
gdb
+ gdb-doc
+ git-doc
+ git-email
gitk
+ glibc-doc
goaccess
gnome-screenshot
i3lock
+ iproute2-doc
jq
linux-doc
locate
+ make-doc
manpages
manpages-dev
meld
offlineimap
p7zip
paprefs
+ parted-doc
pavucontrol
pdfgrep
+ perl-doc
pianobar
pidgin
+ python3-doc
python3-mutagen
reportbug
+ sqlite3-doc
squashfs-tools
swh-plugins
+ tar-doc
tcpdump
transmission-remote-gtk
vlc
+ whois
)
+ spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
;;
esac
-
########### begin section including li ################
# no equivalent in other distros:
case $distro in
debian|ubuntu)
- pi apt-file aptitude
- s apt-file update
+ pi aptitude
+ if ! dpkg -s apt-file &>/dev/null; then
+ # this condition is just a speed optimization
+ pi apt-file
+ s apt-file update
+ fi
# for debconf-get-selections
spa debconf-utils
;;
#$src/phab-setup
pi-nostart mumble-server
- s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
+ s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
sgo mumble-server
vpn-server-setup -d
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
-ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
+ExecStart=/a/bin/distro-setup/vpn-mail-forward start
+ExecStop=/a/bin/distro-setup/vpn-mail-forward stop
[Install]
WantedBy=openvpn.service
ser daemon-reload
ser enable vpnmail.service
acme-tiny-wrapper mail.iankelling.org
+ # needed for li's local mail delivery. there might
+ # be a better way to do it that doesn't require disabling
+ # it during le verification, but whatever for now.
+ f=/etc/cron.daily/lets-encrypt-mail_iankelling_org
+ l="10.8.0.4 mail.iankelling.org"
+ tu /etc/hosts <<<"$l"
+ s sed -i '/^\s*sysv acme-tiny-wrapper/i sed -i /^10\.8\.0\.4/d /etc/hosts' $f
+ echo "echo $l >>/etc/hosts" | s tee -a $f
sgo openvpn
- tu /etc/hosts <<<"mail.iankelling.org 10.8.0.4"
+ domain=cal.iankelling.org
+ acme-tiny-wrapper $domain
+ apache-site -f 10.8.0.4:5232 - $domain <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+ <Directory "/var/www/cal.iankelling.org/html">
+ Options +FollowSymLinks +Multiviews +Indexes
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/caldav-htpasswd"
+ Require valid-user
+ </Directory>
+EOF
+ # nginx version of above would be:
+ # auth_basic "Not currently available";
+ # auth_basic_user_file /etc/nginx/caldav/htpasswd;
+
+
+ ########## begin pump.io setup ##########
+
+ # once pump adds a logrotation script, turn off nologger,
+ # and add
+ # "logfile": "/var/log/pumpio/pumpio.log",
+ #
+ s dd of=/etc/pump.io.json <<'EOF'
+{
+ "secret": "SECRET_REPLACE_ME",
+ "driver": "mongodb",
+ "params": { "dbname": "pumpio" },
+ "noweb": false,
+ "site": "pump.iankelling.org",
+ "owner": "Ian Kelling",
+ "ownerURL": "https://iankelling.org/",
+ "port": 8001,
+ "urlPort": 443,
+ "hostname": "pump.iankelling.org",
+ "nologger": true,
+ "datadir": "/home/pumpio/pumpdata",
+ "enableUploads": true,
+ "debugClient": false,
+ "disableRegistration": true,
+ "noCDN": true,
+ "key": "/home/pumpio/pump.iankelling.org-domain.key",
+ "cert": "/home/pumpio/pump.iankelling.org-chained.pem",
+ "address": "localhost",
+ "sockjs": false
+}
+EOF
+ s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
+
+ # jessie\'s node is too old
+ # https://nodejs.org/en/download/package-manager/
+ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
+ pi nodejs
+ cd /home/ian
+ rm -rf pump.io.git
+ git clone https://github.com/pump-io/pump.io.git
+ cd pump.io
+ # note: doing this or the npm install pump.io as root had problems.
+ npm install
+ npm run build
+ # normally, next command would be
+ # s npm install -g databank-mongodb
+ # but it\'s this until a bug in pump gets fixed
+ s npm install -g databank-mongodb@0.19.2
+ s useradd -m -s /bin/false pumpio
+ sudo -u pumpio mkdir -p /home/pumpio/pumpdata
+ # for testing browser when only listening to localhost,
+ # in the pump.io.json, set hostname localhost, urlPort 5233
+ #ssh -L 5233:localhost:5233 li
+ acme-tiny-wrapper -c /home/pumpio pump.iankelling.org
+
+ s mkdir -p /var/log/pumpio/
+ s chown pumpio:pumpio /var/log/pumpio/
+
+ apache-site -c /home/pumpio - pump.iankelling.org <<'EOF'
+# currently a bug in pump that we cant terminate ssl
+ SSLProxyEngine On
+ ProxyPreserveHost On
+ ProxyPass / https://127.0.0.1:8001/
+ ProxyPassReverse / https://127.0.0.1:8001/
+ # i have sockjs disabled per people suggesting that
+ # it won\'t work with apache right now.
+ # not sure if it would work with this,
+ # but afaik, this is pointless atm.
+ <Location /main/realtime/sockjs/>
+ ProxyPass wss://127.0.0.1:8001/main/realtime/sockjs/
+ ProxyPassReverse wss://127.0.0.1:8001/main/realtime/sockjs/
+ </Location>
+EOF
+
+ s dd of=/etc/systemd/system/pump.service <<'EOF'
+[Unit]
+Description=pump.io
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User=pumpio
+Group=pumpio
+ExecStart=/home/ian/pump.io/bin/pump
+Environment=NODE_ENV=production
+# failed to find databank-mongodb without this.
+# I just looked at my environment variables took a guess.
+Environment=NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ ser daemon-reload
+ sgo pump
+ ########## end pump.io setup ############
+
+
+ ############# begin setup mastodon ##############
+ # https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
+ pi software-properties-common
+ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
+ sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/debian \
+ $(lsb_release -cs) \
+ stable"
+ p update
+ pi docker-ce
+ sgo docker
+ # this may not be needed
+ ser start docker
+
+ curl -L https://github.com/docker/compose/releases/download/1.12.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
+ s chmod +x /usr/local/bin/docker-compose
+
+ # i subscrubed to https://github.com/docker/compose/releases.atom
+ # to deal with updates manually.
+
+ cd ~
+ i clone https://github.com/tootsuite/mastodon
+ cd mastodon
+ # https://github.com/tootsuite/mastodon/tree/v1.1.2
+ # subbed to atom feed to deal with updates
+ i co v1.1.2
+
+ # per instructions, uncomment redis/postgres persistence in docker-compose.yml
+ sed -i 's/^#//' docker-compose.yml
+
+ cat >.env.production <<'EOF'
+REDIS_HOST=redis
+REDIS_PORT=6379
+DB_HOST=db
+DB_USER=postgres
+DB_NAME=postgres
+DB_PASS=
+DB_PORT=5432
+
+LOCAL_DOMAIN=mast.iankelling.org
+LOCAL_HTTPS=true
+
+SINGLE_USER_MODE=true
+
+SMTP_SERVER=10.8.0.4
+SMTP_PORT=25
+SMTP_LOGIN=li
+SMTP_FROM_ADDRESS=notifications@mast.iankelling.org
+SMTP_DOMAIN=mast.iankelling.org
+SMTP_DELIVERY_METHOD=smtp
+EOF
+
+ for key in PAPERCLIP_SECRET SECRET_KEY_BASE OTP_SECRET; do
+ printf "%s=%s" $key "$(docker-compose run --rm web rake secret)" >>.env.production
+ done
+ s cat /etc/mailpass| while read -r domain port pass; do
+ if [[ $domain == mail.iankelling.org ]]; then
+ printf "SMTP_PASSWORD=%s" "$pass" >>.env.production
+ break
+ fi
+ done
+
+
+
+ docker-compose run --rm web rails assets:precompile
+
+ # docker daemon takes care of starting on boot.
+ docker-compose up -d
+
+ acme-tiny-wrapper mast.iankelling.org
+ s a2enmod proxy_wstunnel headers
+ apache-site -f 3000 - mast.iankelling.org <<'EOF'
+ ProxyPreserveHost On
+ RequestHeader set X-Forwarded-Proto "https"
+ ProxyPass /500.html !
+ ProxyPass /oops.png !
+ ProxyPass /api/v1/streaming/ ws://localhost:4000/
+ ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/
+ ErrorDocument 500 /500.html
+ ErrorDocument 501 /500.html
+ ErrorDocument 502 /500.html
+ ErrorDocument 503 /500.html
+ ErrorDocument 504 /500.html
+EOF
+
+
+ ############### !!!!!!!!!!!!!!!!!
+ ############### manual steps:
+
+ # only following 2 people atm, so not bothering to figure out backups
+ # when mastodon has not documented it at all.
+ #
+ # fsf@status.fsf.org
+ # cwebber@toot.cat
+ # dbd@status.fsf.org
+ # johns@status.fsf.org
+
+ # sign in page is at https://mast.iankelling.org/auth/sign_in
+ # register as iank, then
+ # https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Administration-guide.md
+ # docker-compose run --rm web bundle exec rails mastodon:make_admin USERNAME=iank
+
+ ############# end setup mastodon ##############
echo "$0: $(date): ending now)"
exit 0
########### end section including li/lj ###############
+if [[ $HOSTNAME == treetowl ]]; then
+ # note, see bashrc for more documentation.
+ pi rss2email
+ s dd of=/etc/systemd/system/rss2email.service <<'EOF'
+[Unit]
+Description=rss2email
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+# about 24 hours of failures
+ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e run
+EOF
+ s dd of=/etc/systemd/system/rss2email.timer <<'EOF'
+[Unit]
+Description=rss2email
+
+[Timer]
+# for initial run. required.
+OnActiveSec=30
+# for subsequent runs.
+OnUnitInactiveSec=300
+
+[Install]
+WantedBy=timers.target
+EOF
+ s systemctl daemon-reload
+ sgo rss2email.timer
+fi
+
+######### begin pump.io periodic backup #############
+if [[ $HOSTNAME == treetowl ]]; then
+ s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
+[Unit]
+Description=pump li backup
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
+EOF
+ s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF'
+[Unit]
+Description=pump li backup hourly
+
+[Timer]
+OnCalendar=hourly
+
+[Install]
+WantedBy=timers.target
+EOF
+ s systemctl daemon-reload
+ sgo pumpbackup.timer
+fi
+######### end pump.io periodic backup #############
+
+case $distro in
+ debian|ubuntu)
+ # suggests because we want the resolvconf package.
+ # todo: check other distros to make sure it\'s installed
+ pi-nostart --install-suggests openvpn
+ # pi-nostart does not disable
+ ser disable openvpn
+ ;;
+ *) pi openvpn;;
+esac
+
if private-host; then
vpn-mk-client-cert -n mail li
- echo "ifconfig-push 10.8.0.4 255.255.255.0" | ssh root@li dd of=/etc/openvpn/client-config/$(openssl x509 -noout -subject -in mail.crt | sed -r 's/.*CN *= *([^,]+).*/\1/')
+ cn=$(s openssl x509 -noout -nameopt multiline -subject \
+ -in /etc/openvpn/client/mail.crt | \
+ sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p')
+ echo "ifconfig-push 10.8.0.4 255.255.255.0" | \
+ ssh root@li dd of=/etc/openvpn/client-config/"$cn"
fi
ser enable mailroute
if [[ $HOSTNAME == treetowl ]]; then
- # note, this will need to be changed when the mail host changes
+ # note, this will need to be changed when the mail/contacts host changes
sgo openvpn-client@mail
+ /a/bin/distro-setup/radicale-setup
fi
## android studio setup
spa lib32stdc++6 default-jdk
-case $distro in
- arch) pi syncthing ;;
- ubuntu|debian)
- # testing has relatively up to date packages
- if ! isdebian-testing; then
- # based on error when doing apt-get update:
- # E: The method driver /usr/lib/apt/methods/https could not be found.
- pi apt-transport-https
- # google led me here:
- # https://apt.syncthing.net/
- curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
- s="deb http://apt.syncthing.net/ syncthing release"
- if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
- echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
- p update
+if [[ $HOSTNAME == treetowl ]]; then
+ ############# begin syncthing setup ###########
+
+ # It\'s simpler to just worry about running it in one place for now.
+ # I assume it would work to clone it\'s config to another non-phone
+ # and just run it in one place instead of the normal having a
+ # separate config. I lean toward using the same config, since btrfs
+ # syncs between comps.
+ case $distro in
+ arch) pi syncthing ;;
+ ubuntu|debian)
+ # testing has relatively up to date packages
+ if ! isdebian-testing; then
+ # based on error when doing apt-get update:
+ # E: The method driver /usr/lib/apt/methods/https could not be found.
+ pi apt-transport-https
+ # google led me here:
+ # https://apt.syncthing.net/
+ curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
+ s="deb http://apt.syncthing.net/ syncthing release"
+ if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
+ echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
+ p update
+ fi
fi
- fi
- pi syncthing
- ;;
-esac
-# installed via f-droid
-# top right, actions, device id
-#
-# for installing on a remote comp:
-# ssh -L 8384:localhost:8384 -N frodo
-# went to http://localhost:8384/
-#
-# add folder to sync phone,
-# staggered file versioning would be my normal choice, but choose
-# trash can versioning for sake of space on phone, with
-# clean out after 7 days.
-#
-# did:
-# ser start syncthing@ian
-# then on phone, add device, hit bar code icon,
-# install bar code scanner.
+ pi syncthing
+ ;;
+ esac
+ lnf -T /w/syncthing /home/ian/.config/syncthing
+ sgo syncthing@ian # runs as ian
+
+ # these things persist in ~/.config/syncthing, which I save in
+ # /w/syncthing (not in /p, because syncthing should continue to
+ # run on home server even when using laptop as primary device)
+ # open http://localhost:8384/
+ # change listen address from default to tcp://:22001,
+ # this is because we do port forward so it doesn\'t have to use
+ # some external server, but the syncthing is broken for port forward,
+ # you get a message, something "like connected to myself, this should not happen"
+ # when connecting to other local devices, so I bump the port up by 1,
+ # based on
+ # https://forum.syncthing.net/t/connected-to-myself-should-not-happen/1763/19.
+ # Without this, it was being stuck syncing at 0%.
+ # Set gui username and password.
+ #
+ # install syncthing via f-droid,
+ # folder setting, turn off master folder (makes it read only).
+ # on phone, add device, click bar code icon
+ # on dekstop, top right, actions, device id
+ # after adding, notification will appear on desktop to confirm
+ #
+ # syncing folder. from phone to desktop: select desktop in the
+ # folder on phone\'s sync options, notification will appear in
+ # desktop\'s web ui within a minute. For the reverse, the
+ # notification will appear in android\'s notifications, you have to
+ # swipe down and tap it to add the folder. It won\'t appear in the
+ # syncthing ui, which would be intuitive, but don\'t wait for it
+ # there.
+ #
+ # On phone, set settings to run syncthing all the time, and
+ # show no notification.
+ #
+ # Folder versioning would make sense if I didn\'t already use btrfs
+ # for backups. I would choose staggered, or trash can for more space.
+ #
+ # if needed to install on a remote comp:
+ # ssh -L 8384:localhost:8384 -N frodo
+ # open http://localhost:8384/
+ #
+ # Note, the other thing i did was port forward port 22000,
+ # per https://docs.syncthing.net/users/firewall.html
+
+ ############# end syncthing setup ###########
+fi
+
# no equivalent in other distros:
EOF
s sysctl -p
- # some reason it doesn't seem to start automatically anyways
+ # some reason it doesn\'t seem to start automatically anyways
pi-nostart transmission-daemon
+
+ # the folder was moved here after an install around 02/2017.
+ # it contains runtime data,
+ # plus a simple symlink to the config file which it\'s
+ # not worth separating out.
+ s lnf -T /i/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
#
- # config file documented here, and it's the same config
- # for daemon vs client, so it's documented in the gui.
+ # config file documented here, and it\'s the same config
+ # for daemon vs client, so it\'s documented in the gui.
# https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
#
# I originaly setup rpc-whitelist, but after using
- # routing to a network namespace, it doesn't see the
- # real source address, so it's disabled.
+ # routing to a network namespace, it doesn\'t see the
+ # real source address, so it\'s disabled.
#
- # Changed the cache-size to 128 mb, reduces disk use.
+ # Changed the cache-size to 256 mb, reduces disk use.
# It is a read & write cache.
#
- # todo: setup a password.
s ruby <<'EOF'
require 'json'
p = '/etc/transmission-daemon/settings.json'
File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
'rpc-whitelist-enabled' => false,
'rpc-authentication-required' => false,
-'incomplete-dir' => '/k/partial-torrents',
+'incomplete-dir' => '/i/k/partial-torrents',
'incomplete-dir-enabled' => true,
'download-dir' => '/i/k/torrents',
"speed-limit-up" => 800,
"speed-limit-up-enabled" => true,
"peer-port" => 61486,
-"cache-size-mb" => 128,
-"ratio-limit" => 1.4000,
-"ratio-limit-enabled" => false,
-"pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
+"cache-size-mb" => 256,
+"ratio-limit" => 5.0,
+"ratio-limit-enabled" => true,
})) + "\n")
EOF
esac
fi
-# dunno why it's there, but get rid of it
+# dunno why it\'s there, but get rid of it
case $HOSTNAME in
li|lj) s rm -rf /home/linode ;;
esac
# only settings I set were
# hostname
# auto-connect
+# password
+
+
+# the password is randomly generated on first run
+rpc_pass=$(s ruby <<'EOF'
+require 'json'
+p = '/etc/transmission-daemon/settings.json'
+puts JSON.parse(File.read(p))["rpc-password"]
+EOF
+ )
+
for f in /home/*; do
d=$f/.config/transmission-remote-gtk
u=${f##*/}
s -u $u mkdir -p $d
- s -u $u dd of=$d/config.json <<'EOF'
+ s -u $u dd of=$d/config.json <<EOF
{
"profiles" : [
{
"profile-name" : "Default",
- "hostname" : "treetowl",
+ "hostname" : "transmission",
"rpc-url-path" : "/transmission/rpc",
"username" : "",
- "password" : "",
+ "password" : "$rpc_pass",
"auto-connect" : true,
"ssl" : false,
"timeout" : 40,
EOF
done
-case $distro in
- debian|ubuntu)
- # suggests because we want the resolvconf package.
- # todo: check other distros to make sure it's installed
- pi-nostart --install-suggests openvpn
- # pi-nostart this doesnt seem to be good enough?
- ser disable openvpn@client
- ser disable openvpn
- ;;
- *) pi openvpn;;
-esac
-
pi wget
case $HOSTNAME in
tp|frodo)
0) : ;;
*)
# previously I had a more specific search, but dpkg
- # changed it's output as of 7/2016
+ # changed it\'s output as of 7/2016
if grep 'dependency problems' \
$log &>/dev/null; then
s apt-get -fy install
exit 1
fi
;;
-esac
-;;
-arch)
- pi google-chrome
- ;;
-esac
-;;
+ esac
+ ;;
+ arch)
+ pi google-chrome
+ ;;
+ esac
+ ;;
esac
# printer
esac
# allow user to run vms, from debian handbook
for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
-# bridge networking as user fails. google lead here, but it doesn't work:
+# bridge networking as user fails. google lead here, but it doesn\'t work:
# oh well, I give up.
# http://wiki.qemu.org/Features-Done/HelperNetworking
# s mkdir /etc/qemu
esac
# general known for debian/ubuntu, not for fedora
+
+case $distro in
+ debian|ubuntu)
+ pi golang-go
+ # a bit of googling, and added settings to bashrc
+ go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
+ ;;
+ # others unknown
+esac
+
+
case $distro in
arch)
# cdrkit for cloud-init isos
bridge-utils dnsmasq qemu bind-tools
# otherwise we get error about accessing kvm module.
# seems like there might be a better way, but google was a bit vague.
- s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
+ s $sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
# https://bbs.archlinux.org/viewtopic.php?id=206206
# # this should prolly go in the wiki
# other distros unknown
esac
-case $distro in
- debian)
- if [[ `debian-archive` == testing ]]; then
- # has no unstable dependencies
- spa bitcoin-qt/unstable
- fi
- s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
- ser daemon-reload
-
- dir=/nocow/.bitcoin
- s mkdir -p $dir
- s chown -R bitcoin:bitcoin $dir
- dir=/etc/bitcoin
- s mkdir -p $dir
- s chown -R root:bitcoin $dir
- s chmod 750 $dir
- f=$dir/bitcon.conf
-
- # pruning decreases the bitcoin dir to 2 gb, keeps
- # just the recent blocks. can't do a few things like
- # import a wallet dump.
- # pruning works, but people had to do
- # some manual stuff in joinmarket. I dun need the
- # disk space, so not bothering yet, maybe in a year or so.
- # https://github.com/JoinMarket-Org/joinmarket/issues/431
- #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
- #prune=550
-
- s dd of=$f <<EOF
-rpcbind=127.0.0.1
+if [[ $HOSTNAME == treetowl ]]; then
+ case $distro in
+ debian)
+ if [[ `debian-archive` == testing ]]; then
+ # has no unstable dependencies
+ pi bitcoind/unstable
+ src=/a/opt/bitcoin/contrib/init/bitcoind.service
+ s cp $src /etc/systemd/system
+ p=/etc/bitcoin/bitcoin
+ dst=/etc/systemd/system/bitcoinjm.service
+ # jm for joinmarket
+ $sed -r "/^\s*ExecStart/s,${p}.conf,${p}jm.conf," $src \
+ >/etc/systemd/system/bitcoinjm.service
+
+ d=jm; jm=d # being clever for succinctness
+ for s in d jm; do
+ s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
+ /etc/systemd/system/bitcoin${s}.service
+ done
+
+ ser daemon-reload
+
+ dir=/nocow/.bitcoin
+ s mkdir -p $dir
+ s chown -R bitcoin:bitcoin $dir
+ dir=/etc/bitcoin
+ s mkdir -p $dir
+ s chown -R root:bitcoin $dir
+ s chmod 750 $dir
+
+ # pruning decreases the bitcoin dir to 2 gb, keeps
+ # just the recent blocks. can\'t do a few things like
+ # import a wallet dump.
+ # pruning works, but people had to do
+ # some manual stuff in joinmarket. I dun need the
+ # disk space, so not bothering yet, maybe in a year or so.
+ # https://github.com/JoinMarket-Org/joinmarket/issues/431
+ #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
+ #prune=550
+
+ f=$dir/bitcoin.conf
+ s dd of=$f <<EOF
server=1
rpcpassword=$(openssl rand -base64 32)
rpcuser=$(openssl rand -base64 32)
+EOF
+
+ f2=$dir/bitcoinjm.conf
+ s cp $f $f2
+ s tee -a $f2 >/dev/null <<EOF
# Joinmarket
walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
+wallet=joinmarket.dat
EOF
- ;;
- # other distros unknown
-esac
-if [[ $HOSTNAME == treetowl ]]; then
- pi libsodium-dev python3-pip
+ # dunno about sharing a wallet between multiple instances
+ # manually did, wallet.dat symlinked in /nocow/.bitcoin
+ sgo bitcoind
+ fi
+ ;;
+ # other distros unknown
+ esac
+ pi libsodium-dev python-pip
cd /a/opt/joinmarket
# using develop branch, as it seems to be mostly bug fixes,
# and this is quite new software.
# note: python3 does not work.
- pip install -r requirements.txt
- # we need bitcoin.conf in the data dir according to
- # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
- # following the example .service script, I don\'t have it there,
- # and I generate it, so lets just symlink it.
- sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
-
- # one time, manually did python wallet-tool.py generate.
- # The "wallet" is just a key which deterministically generates addresses.
- # One time: move the wallet, then link to it.
- # ln -s /p/joinmarket/wallet.json wallets
- #
- # see wallet addresses via:
- # python wallet-tool.py wallet.json
- # send to the first 3 mixing depth 0 addresses.
- # depths are like "identities", to separate out association with
- # each other. the big hash in that output is the depth/branch id,
- # ignore it afaik.
- #
- # after sending btc to wallet from a 3rd party service, check that
- # at least 20% of utxo of each transaction was sent to you,
- # btc listtransactions 10 0 true
- # btc getrawtransaction TXID 1
- #
- # to view status, do
- # python wallet-tool.py wallet.json history
- #
- # to help make other people,
- # python yield-generator-basic.py wallet.json
+ # has seg fault error due to some bug, but it still works
+ pip install -r requirements.txt || [[ $? == 139 ]]
+ # note, the target must exist ahead of time, or bitcoin
+ # just overwrites the link, and it\'s not happy with an empty file,
+ # so we have to create the wallet, then move and link it.
+ s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
+ s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
+ # not technically needed, but seems cleaner not to have
+ # symlinks be root owned unlike everything else
+ s chown -h bitcoin:bitcoin /nocow/.bitcoin/*
for var in rpcuser rpcpassword; do
u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
done
sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
- # dunno about sharing a wallet between multiple instances
- # manually did, wallet.dat symlinked in /nocow/.bitcoin
- sgo bitcoind
fi
-
-# proprietary flash. going without for now
-# case $distro in
-# debian)
-# pi flashplugin-nonfree
-# esac
-
-
-
case $distro in
fedora)
cd $(mktemp -d)
######### end misc packages #########
-# packages I once used before and liked, but don't want installed now for
+# packages I once used before and liked, but don\'t want installed now for
# various reasons:
# python-sqlite is used for offlineimap
# lxappearance python-sqlite dolphin paman dconf-editor
########### misc stuff
+devs=()
+for dev in $(s btrfs fi show /boot | sed -nr 's#.*path\s+(\S+)$#\1#p'); do
+ devs+=($(devbyid $dev),)
+done
+devs[-1]=${devs[-1]%,} # jonied by commas
+
+# on grub upgrade, we get prompts unless we do this
+s debconf-set-selections <<EOF
+grub-pc grub-pc/install_devices multiselect ${devs[*]}
+EOF
+
# the wiki backup script from ofswiki.org uses generic paths
s lnf /p/c/machine_specific/li/mw_vars /root
color-scheme 2
# tip: copy access.log files to a stretch host directory, then run
-# jessie's goaccess is too old for some options, and it's
+# jessie's goaccess is too old for some options, and it\'s
# not easily installed from a testing.
# goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
EOF
-if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
- /a/bin/vpn-setup/vpn-mk-client-cert dopub
- # route lan traffic from inside the network namespace.
- tu /etc/openvpn/client.conf "route 192.168.1.0 255.255.255.0 net_gateway"
-fi
-
-
case $distro in
debian|ubuntu)
case `debian-archive` in
s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
Explanation: Allow unison-gtk to be upgraded
Package: unison-gtk
-Pin: release a=unstable
+Pin: release a=testing
Pin-Priority: 500
EOF
# dont think using testing is needed since I figured out how to
# run "control userpasswords2", turn on automatic login.
# note: when changing devices, I just undefine, the create the vm again.
- if [[ -e /a/images/win10.qcow2 ]]; then
+ if [[ -e /nocow/user/vms/win10.qcow2 ]]; then
s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
--disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
-n win10 --import --os-variant $variant --cpu host-model-only
s virsh destroy win10
fi
- if [[ -e /a/images/win7.qcow2 ]]; then
+ if [[ -e /nocow/user/vms/win7.qcow2 ]]; then
# this one hasn\'t had the virtio fix done yet.
s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
--disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \