X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=6f7031de476cd0b0cb58921376ef8aeba6fc2aa5;hb=3342374657bd712f14cd772378b23d2bca3382cb;hp=61d8f8d002b56d3924c8547dade334ce76b99f59;hpb=d67edcdca8795a4bca116aa532d02dda246a6f53;p=distro-setup
diff --git a/distro-begin b/distro-begin
index 61d8f8d..6f7031d 100755
--- a/distro-begin
+++ b/distro-begin
@@ -1,17 +1,21 @@
#!/bin/bash
-# Copyright (C) 2016 Ian Kelling
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# Setup Ian's computers
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+# SPDX-License-Identifier: GPL-3.0-or-later
#### for setting up a new machine
# usage: $0 [-r] [HOSTNAME]
@@ -21,6 +25,8 @@
# /a/bin/ds/filesystem/etc/prometheus/rules/iank.yml
#
# Update hostnames in /b/ds/check-remote-mailqs
+# Update hostnames in /b/ds/machine_specific/*.hosts /p/c/machine_specific/*.hosts
+# Update hostnames in this file
### end new machine setup
@@ -49,9 +55,10 @@
####### begin setup environment #######
+# shellcheck disable=SC2317 # false positive
### make ssh interactive shell run better. for when running line interactively line by line
-sudo bash -c '/a/exe/ssh-emacs-setup'
+sudo bash -c '/a/exe/ssh-emacs-setup' || exit $?
##### setup error handling
interactive=true # set this to false to force set -x
@@ -107,7 +114,7 @@ source $script_dir/pkgs
set +x
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
-for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo; do
+for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo so; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
codename=$(debian-codename)
@@ -304,85 +311,11 @@ set +x
err-allow
source /etc/profile.d/environment.sh
export LC_USEBASHRC=t
-# shellcheck source=./.bashrc
-source ~/.bashrc
+# shellcheck source=./brc
+source ~/brc
err-catch
$interactive || set -x
-##### use systemd-resolved for glibc resolutions
-
-pi libnss-resolve
-
-if [[ ! -L /etc/nsswitch.conf ]]; then
- sudo mkdir -p /etc/resolved-nsswitch
- sudo mv /etc/nsswitch.conf /etc/resolved-nsswitch
- sudo ln -sf /etc/resolved-nsswitch/nsswitch.conf /etc
-fi
-
-f=/etc/basic-nsswitch/nsswitch.conf
-if [[ ! -e $f ]]; then
- sudo mkdir -p ${f%/*}
- sudo cp /etc/nsswitch.conf $f
- sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' $f
-fi
-case $HOSTNAME in
- bk|je)
- # je should be able to get along systemd-resolved, but ive had some odd
- # very intermittent dns failures with spamassassin, it seems it might only
- # be happening with systemd-resolved, so just use unbound
- # to make it consistent with the other hosts.
- sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf
- soff systemd-resolved
- sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
- sgo unbound
- # cautious measure to make sure resolution is working
- sleep 1
- ;;
- *)
- # default is
- # files mdns4_minimal [NOTFOUND=return] dns myhostname
- # mdns4 is needed for my printer and for bbb webrtc, not sure exactly why.
- # https://www.freedesktop.org/software/systemd/man/nss-resolve.html#
- # seems more important than some potential use case.
- # Interestingly, t9/t10 man page says use files before resolve, debian 10 says the opposite.
- # removing files makes hostname -f not actually give the fully qualified domain name.
- sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return] myhostname/' /etc/resolved-nsswitch/nsswitch.conf
- ;;
-esac
-
-case $HOSTNAME in
- bk)
- sgo named
- ;;
-esac
-
-
-lines=(
- "/etc/resolved-nsswitch/nsswitch.conf r,"
- "/etc/basic-nsswitch/nsswitch.conf r,"
- # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
- # I dont know if this is quite the right fix, but I saw other sockets
- # in the nameservice files that were rw, so figured it was ok to add this and it worked.
- "/run/systemd/resolve/io.systemd.Resolve rw,"
-)
-f=/etc/apparmor.d/abstractions/nameservice
-apparmor_reload=false
-if [[ -e $f ]]; then
- for l in "${lines[@]}"; do
- if ! grep -qF "$l" $f; then
- sudo sed -i "/\/nsswitch.conf/a $l" $f
- apparmor_reload=true
- if ! grep -qF "$l" $f; then
- echo "$0: failed editing $f. investigate"
- exit 1
- fi
- fi
- done
- if $apparmor_reload && systemctl is-enabled apparmor; then
- m ser reload apparmor
- fi
-fi
-
if dpkg -s -- nscd &>/dev/null; then
@@ -491,7 +424,7 @@ pi ${p1[@]}
######## fix evbug bug ######
case $(debian-codename-compat) in
- xenial|bionic|focal|jammy)
+ xenial|bionic|focal|jammy|noble)
# noticed in flidas. dunno if it affects any others
#https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
#https://wiki.debian.org/KernelModuleBlacklisting
@@ -547,7 +480,7 @@ fi
# disabled temporarily
###### setup /i
# if home_network; then
-# tu /etc/fstab <<'EOF'
+# sudo /a/exe/teeu /etc/fstab <<'EOF'
# /i/w /w none bind,noauto 0 0
# /i/k /k none bind,noauto 0 0
# EOF
@@ -556,11 +489,11 @@ fi
# sudo chown $USER:user2 /kr
# fi
# if [[ $HOSTNAME == frodo ]]; then
-# tu /etc/fstab <<'EOF'
+# sudo /a/exe/teeu /etc/fstab <<'EOF'
# /k /kr none bind,noauto 0 0
# EOF
# else
-# tu /etc/fstab <<'EOF'
+# sudo /a/exe/teeu /etc/fstab <<'EOF'
# frodo:/k /kr nfs noauto 0 0
# EOF
# fi
@@ -630,7 +563,7 @@ if has_btrfs; then
fi
first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
- tu /etc/fstab < 2)) && echo ,compress=zstd ) 0 0
EOF
sudo mkdir -p $dir
@@ -643,7 +576,7 @@ fi
case $HOSTNAME in
kd)
- tu /etc/fstab <<'EOF'
+ sudo /a/exe/teeu /etc/fstab <<'EOF'
/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0
/d/m /i none bind,compress=zstd 0 0
EOF
@@ -659,7 +592,7 @@ EOF
fi
;;
frodo)
- tu /etc/fstab <<'EOF'
+ sudo /a/exe/teeu /etc/fstab <<'EOF'
/dev/mapper/crypt_dev_ata-ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1 /i btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvol=i 0 0
EOF
if ! mountpoint /i &>/dev/null; then