X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;ds=sidebyside;f=distro-end;h=0e7c4b8197dab344b80a00602e76365deaa84dfa;hb=8a6b446c7e336596af614c853e1c6177e55a7983;hp=728161d1f811cc4d2e1120bcf91e45ae942b32e2;hpb=2cff2dd2b8040e6cbd721932ae09142881d7e0a6;p=distro-setup
diff --git a/distro-end b/distro-end
index 728161d..0e7c4b8 100755
--- a/distro-end
+++ b/distro-end
@@ -14,7 +14,7 @@
# limitations under the License.
### setup
-errcatch
+source /a/bin/errhandle/err
src="${BASH_SOURCE%/*}"
source $src/pkgs
@@ -73,7 +73,6 @@ case $distro in
;;
esac
-
# disable motd junk.
case $distro in
debian)
@@ -111,18 +110,28 @@ if isdeb; then
# https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
pi software-properties-common apt-transport-https
curl -fsSL https://download.docker.com/linux/$(distro-name-compat)/gpg | sudo apt-key add -
- sudo add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/$(distro-name-compat) \
- $(debian-codename-compat) \
- stable"
- p update
- pi docker-ce
- sgo docker
+ url=https://download.docker.com/linux/$(distro-name-compat)
+ l="deb [arch=amd64] $url $(debian-codename-compat) stable"
+
+ if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then
+ sudo add-apt-repository "$l"
+ p update
+ fi
+ # docker eats up a fair amount of cpu when doing nothing, so don't enable it unless
+ # we really need it.
+ pi-nostart docker-ce
+ # and docker is even more crap, it ignores that it shouldnt start
+ ser stop docker
+ ser disable docker
+ case $HOSTNAME in
+ li|lj) sgo docker ;;
+ esac
# other distros unknown
fi
### end docker install ####
+
### begin certbot install ###
case $distro in
debian)
@@ -138,8 +147,11 @@ case $distro in
trisquel|ubuntu)
# not packaged in xenial or flidas
pi software-properties-common
- s add-apt-repository -y ppa:certbot/certbot ||:
- p update
+ l="deb http://ppa.launchpad.net/certbot/certbot/ubuntu xenial main"
+ if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then
+ s add-apt-repository -y ppa:certbot/certbot ||:
+ p update
+ fi
pi python-certbot-apache
;;
# todo: other distros unknown
@@ -157,15 +169,33 @@ sgo certbotmail.timer
### end certbot install ###
-# dogcam setup
-case $HOSTNAME in
- lj|li)
- /a/bin/webcam/install-server
- ;;
- kw)
- /a/bin/webcam/install-client
- ;;
-esac
+# dogcam setup. not using atm
+# case $HOSTNAME in
+# lj|li)
+# /a/bin/webcam/install-server
+# ;;
+# kw)
+# /a/bin/webcam/install-client
+# ;;
+# esac
+
+pi ${p1[@]}
+
+
+## prometheus node exporter setup
+web-conf -f 9100 -p 9101 apache2 $(hostname -f) <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
+
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/prometheus-htpasswd"
+ Require valid-user
+
+EOF
+
# website setup
case $HOSTNAME in
@@ -482,7 +512,7 @@ EOF
############### !!!!!!!!!!!!!!!!!
############### manual steps:
- # only following 2 people atm, so not bothering to figure out backups
+ # only following a few people atm, so not bothering to figure out backups
# when mastodon has not documented it at all.
#
# fsf@status.fsf.org
@@ -538,7 +568,7 @@ EOF
# alo would be nice if erc supported
# https://wiki.znc.in/self-message
# https://wiki.znc.in/Query_buffers \
- #
+ #
s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
chmod 700 /var/lib/znc
s chown -R znc:znc /var/lib/znc
@@ -564,37 +594,42 @@ esac
########### end section including li/lj ###############
-pi ${p4[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
-
-
-case $distro in
- trisquel|ubuntu)
- l="deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main"
- f=/etc/apt/sources.list.d/ansible-ubuntu-ansible-xenial.list
- if ! grep -qF "$l" $f; then
- s add-apt-repository -y ppa:ansible/ansible
- p update
- fi
- pi ansible
- ;;
-esac
+# depends gcc is a way to install suggests. this is apparently the only
+# way to install suggests even if the main package is already
+# installed. reinstall doesn't work, uninstalling can cause removing
+# dependent packages.
+pi ${pall[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}') $(apt-cache depends gcc|grep -i suggests:| awk '{print $2}')
+if ! type pip; then
+ x=$(mktemp)
+ wget -O$x https://bootstrap.pypa.io/get-pip.py
+ python3 $x --user
+fi
+sgo fsf-vpn-dns-cleanup
-case $distro in
- debian)
- pi chromium ;;
- trisquel|ubuntu)
- wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
- cat <$t </dev/null <$t < /dev/null; then
+ s groupadd -g 450 debian-transmission
+ case $distro in
+ arch)
+ s useradd \
+ --system \
+ --create-home \
+ --gid 450 \
+ --uid 450 \
+ --home-dir /var/lib/transmission-daemon \
+ --shell /bin/false \
+ debian-transmission
+ ;;
+ *)
+ s adduser --quiet \
+ --gid 450 \
+ --uid 450 \
+ --system \
+ --no-create-home \
+ --disabled-password \
+ --home /var/lib/transmission-daemon \
+ debian-transmission
+ ;;
+ esac
+fi
+# We want group writable stuff from transmission.
+# However, after setting this, I learn that transmission sets it's
+# own umask based on it's settings file. Well, no harm leaving this
+# so it's set right from the beginning.
+s chfn debian-transmission -o umask=0002
+
case $distro in
debian|trisquel|ubuntu)
# note i had to do this, which is persistent:
@@ -998,6 +1158,9 @@ EOF
# some reason it doesn\'t seem to start automatically anyways
pi-nostart transmission-daemon
+ # be extra sure its not started
+ ser disable transmission-daemon
+ ser stop transmission-daemon
# the folder was moved here after an install around 02/2017.
# it contains runtime data,
@@ -1045,40 +1208,11 @@ File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
})) + "\n")
EOF
- # make sure its not enabled, not sure if this is needed
- ser disable transmission-daemon
;;
# todo: others unknown
esac
-# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
-if ! getent passwd debian-transmission > /dev/null; then
- case $distro in
- arch)
- s useradd \
- --system \
- --create-home \
- --home-dir /var/lib/transmission-daemon \
- --shell /bin/false \
- debian-transmission
- ;;
- *)
- s adduser --quiet \
- --system \
- --group \
- --no-create-home \
- --disabled-password \
- --home /var/lib/transmission-daemon \
- debian-transmission
- ;;
- esac
-fi
-# We want group writable stuff from transmission.
-# However, after setting this, I learn that transmission sets it's
-# own umask based on it's settings file. Well, no harm leaving this
-# so it's set right from the beginning.
-s chfn debian-transmission -o umask=0002
# trisquel 8 = openvpn, debian stretch = openvpn-client
vpn_ser=openvpn-client
@@ -1192,6 +1326,7 @@ case $distro in
sgo org.cups.cupsd.service
;;
debian|trisquel|ubuntu)
+ pi cups
s gpasswd -a $USER lpadmin # based on ubuntu wiki
spa hplip
;;
@@ -1203,11 +1338,6 @@ esac
# in arch, I had to pick out the 6L driver.
-case $distro in
- trisquel|ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
- fedora|arch) spa mairix notmuch ;;
-esac
-
# allow user to run vms, from debian handbook
for x in iank traci; do s usermod -a -G libvirt,kvm $x; done
# bridge networking as user fails. google lead here, but it doesn\'t work:
@@ -1225,24 +1355,40 @@ for x in iank traci; do s usermod -a -G libvirt,kvm $x; done
case $distro in
debian|trisquel|ubuntu)
+ if ! type -p go &>/dev/null; then
+ cd $(mktemp -d)
+ # just the latest stable at the time of writing
+ # TODO, maybe put this all into a build script,
+ # and do some automatic updates
+ wget -q https://dl.google.com/go/go1.12.4.linux-amd64.tar.gz
+ s tar -C /usr/local -xzf go1.12.4.linux-amd64.tar.gz
+ rm -f *
+ fi
+ go get -u mvdan.cc/fdroidcl
# a bit of googling, and added settings to bashrc
- go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
;;
esac
case $distro in
arch)
+ pi virt-install
# otherwise we get error about accessing kvm module.
# seems like there might be a better way, but google was a bit vague.
s $sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
- # https://bbs.archlinux.org/viewtopic.php?id=206206
- # # this should prolly go in the wiki
- sgo virtlogd.socket
# guessing this is not needed
#sgo virtlogd.service
- sgo libvirtd
+
+ # iank: disabed as im not using libvirt usually
+ # # https://bbs.archlinux.org/viewtopic.php?id=206206
+ # # # this should prolly go in the wiki
+ # sgo virtlogd.socket
+ # sgo libvirtd
;;
+ debian|trisquel|ubuntu)
+ pi-nostart virtinst virt-manager
+ ;;
+
esac
@@ -1256,7 +1402,7 @@ case $distro in
./configure --with-exuberant-ctags=/usr/bin/ctags
make
s make install
- s pip install pygments
+ pip install pygments
;;
*)
pi global
@@ -1342,7 +1488,7 @@ fi
# EOF
# s systemctl daemon-reload
# case $HOSTNAME in
-# x2|tp)
+# x2|x3|tp)
# ser enable synergyc@iank
# ser start synergyc@iank ||: # X might not be running yet
# ;;
@@ -1431,10 +1577,26 @@ DEVICESCAN -a -o on -S on -n standby,q $sched \
########### misc stuff
+# make networkmanager use resolvconf instead of its own dnsmasq which
+# conflicts with the normal dnsmasq package.
+f=/etc/NetworkManager/NetworkManager.conf
+m=$(md5sum $f)
+s sed -ri '/ *\[main\]/,/^ *\[[^]]+\]/{/^\s*dns[[:space:]=]/d}' $f
+if [[ $m != $(md5sum $f) ]]; then
+ srestart NetworkManager
+fi
+
+# make my /etc/fonts/conf.d/ get used.
+# I have a new sans-serif font there because the default one
+# displays l and I as the same char, grrrrr.
+s fc-cache
/a/bin/distro-setup/mymimes
+sgo dynamicipupdate
+
+
# stop autopoping windows when i plug in an android phone.
# dbus-launch makes this work within an ssh connection, otherwise you get this message,
# with still 0 exit code.
@@ -1621,7 +1783,16 @@ EOF
;;
esac
-
+# networkmanager has this nasty behavior on flidas: if the machine
+# crashes with dnsmasq running, on subsequent boot, it adds an entry to
+# resolvconf for 127.0.0.1 in some stupid attempt to restore
+# nameservers.
+# This can be manually fixed by stoping dnsmasq,
+# then based on whats in /run/dnsmasq/, i see we can run
+# s resolvconf -d NetworkManager
+# oh ya, and stoping NetworkManager leaves this crap behind without cleaning it up.
+ser stop NetworkManager
+ser disable NetworkManager
if [[ $HOSTNAME == frodo ]]; then