X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=6f7031de476cd0b0cb58921376ef8aeba6fc2aa5;hb=f27b67a1dfa58b5f101bba607b2f91a73e65299e;hp=74bbdffaae42ce830c1fa795bb966d8d7ecf4e3f;hpb=7ed3b98c4d3678d982c33741f1f42727144e66ce;p=distro-setup diff --git a/distro-begin b/distro-begin index 74bbdff..6f7031d 100755 --- a/distro-begin +++ b/distro-begin @@ -55,6 +55,7 @@ ####### begin setup environment ####### +# shellcheck disable=SC2317 # false positive ### make ssh interactive shell run better. for when running line interactively line by line sudo bash -c '/a/exe/ssh-emacs-setup' || exit $? @@ -315,80 +316,6 @@ source ~/brc err-catch $interactive || set -x -##### use systemd-resolved for glibc resolutions - -pi libnss-resolve - -if [[ ! -L /etc/nsswitch.conf ]]; then - sudo mkdir -p /etc/resolved-nsswitch - sudo mv /etc/nsswitch.conf /etc/resolved-nsswitch - sudo ln -sf /etc/resolved-nsswitch/nsswitch.conf /etc -fi - -f=/etc/basic-nsswitch/nsswitch.conf -if [[ ! -e $f ]]; then - sudo mkdir -p ${f%/*} - sudo cp /etc/nsswitch.conf $f - sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' $f -fi -case $HOSTNAME in - bk|je) - # je should be able to get along systemd-resolved, but ive had some odd - # very intermittent dns failures with spamassassin, it seems it might only - # be happening with systemd-resolved, so just use unbound - # to make it consistent with the other hosts. - sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf - soff systemd-resolved - sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf - sgo unbound - # cautious measure to make sure resolution is working - sleep 1 - ;; - *) - # default is - # files mdns4_minimal [NOTFOUND=return] dns myhostname - # mdns4 is needed for my printer and for bbb webrtc, not sure exactly why. - # https://www.freedesktop.org/software/systemd/man/nss-resolve.html# - # seems more important than some potential use case. - # Interestingly, t9/t10 man page says use files before resolve, debian 10 says the opposite. - # removing files makes hostname -f not actually give the fully qualified domain name. - sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return] myhostname/' /etc/resolved-nsswitch/nsswitch.conf - ;; -esac - -case $HOSTNAME in - bk) - sgo named - ;; -esac - - -lines=( - "/etc/resolved-nsswitch/nsswitch.conf r," - "/etc/basic-nsswitch/nsswitch.conf r," - # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101 - # I dont know if this is quite the right fix, but I saw other sockets - # in the nameservice files that were rw, so figured it was ok to add this and it worked. - "/run/systemd/resolve/io.systemd.Resolve rw," -) -f=/etc/apparmor.d/abstractions/nameservice -apparmor_reload=false -if [[ -e $f ]]; then - for l in "${lines[@]}"; do - if ! grep -qF "$l" $f; then - sudo sed -i "/\/nsswitch.conf/a $l" $f - apparmor_reload=true - if ! grep -qF "$l" $f; then - echo "$0: failed editing $f. investigate" - exit 1 - fi - fi - done - if $apparmor_reload && systemctl is-active apparmor; then - m ser reload apparmor - fi -fi - if dpkg -s -- nscd &>/dev/null; then @@ -497,7 +424,7 @@ pi ${p1[@]} ######## fix evbug bug ###### case $(debian-codename-compat) in - xenial|bionic|focal|jammy) + xenial|bionic|focal|jammy|noble) # noticed in flidas. dunno if it affects any others #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553 #https://wiki.debian.org/KernelModuleBlacklisting