X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=88a8b0efb7a302605a8d9f50974124971fdc55f9;hb=563cc41a1f3ddb95bedf595cc249f53aea6629c1;hp=4a1ab215d6649eb69d9f2922247246c0ae3f27b6;hpb=7b47d6a266340223e78317cfe0570868f45a4cad;p=distro-setup

diff --git a/distro-begin b/distro-begin
index 4a1ab21..88a8b0e 100755
--- a/distro-begin
+++ b/distro-begin
@@ -78,7 +78,10 @@ fi
 
 ### arg parsing
 recompile=false
-emacs=true
+emacs=false
+if [[ -e /a/opt/emacs ]]; then
+  emacs=true
+fi
 while [[ $1 == -* ]]; do
   case $1 in
     -r) recompile=true; shift ;;
@@ -97,7 +100,7 @@ source $script_dir/pkgs
 set +x
 source /a/bin/distro-functions/src/identify-distros
 $interactive || set -x
-for f in kd x2 x3 frodo tp li bk je demohost kw; do
+for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo; do
   eval "$f() { [[ $HOSTNAME == $f ]]; }"
 done
 codename=$(debian-codename)
@@ -152,7 +155,7 @@ EOF
 
   sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
 [Unit]
-Description=keyscriptoffIMG_20200803_221621
+Description=keyscriptoff
 
 [Service]
 Type=oneshot
@@ -210,7 +213,7 @@ fi
 distro=$(distro-name)
 case $distro in
   ubuntu|debian|trisquel)
-    sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
+    sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/IANK/11-iank"
     ;;
   *)
     sudo bash -c ". /a/bin/fai/fai-wrapper &&
@@ -235,6 +238,11 @@ EOF
 
 ##### exit first stage if running as root
 if [[ $EUID == 0 ]]; then
+  if [[ ! -e /home/iank/.ssh/authorized_keys && ! -L /home/iank/.ssh/authorized_keys ]]; then
+    sudo -u iank mkdir -p /home/iank/.ssh
+    chmod 0700 /home/iank/.ssh
+    sudo -u iank ln -sf /p/c/machine_specific/vps/subdir_files/.ssh/authorized_keys /home/iank/.ssh
+  fi
   echo "$0: running as root. exiting now that users are setup"
   exit 0
 fi
@@ -248,11 +256,33 @@ lnf $x /root
 EOF
 done
 
+###### link files
+# convenient to just do all file linking in one place
+sudo /a/exe/lnf -T /a/bin /b
+sudo /a/exe/lnf -T /a/f /f
+sudo /a/exe/lnf -T /var/log/exim4 /el
+sudo /a/exe/lnf -T /a/f/ans /c
+sudo /a/exe/lnf -T /nocow/t /t
+if has_p; then
+  lnf -T /p/News ~/News
+fi
+dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history)
+sudo mkdir -p ${dirs[@]}
+sudo chmod 600 ${dirs[@]}
+sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \
+     /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
+/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob
+sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
+
+
 ###### do conflink
 # vps needs bind group before conflink
 if vps; then
   pi-nostart bind9
 fi
+if bitfolk; then
+  pi-nostart unbound
+fi
 # this needs to be before installing pacserve so we have gpg conf.
 conflink
 rootsshsync
@@ -260,6 +290,8 @@ if [[ -e /etc/rootsudoenv ]]; then
   source /etc/rootsudoenv
 fi
 
+
+
 ###### bash environment setup
 set +x
 err-allow
@@ -287,8 +319,17 @@ if [[ ! -e $f ]]; then
   sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' $f
 fi
 case $HOSTNAME in
-  bk)
+  bk|je)
+    # je should be able to get along systemd-resolved, but ive had some odd
+    # very intermittent dns failures with spamassassin, it seems it might only
+    # be happening with systemd-resolved, so just use unbound
+    # to make it consistent with the other hosts.
     sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf
+    soff systemd-resolved
+    sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
+    sgo unbound
+    # cautious measure to make sure resolution is working
+    sleep 1
     ;;
   *)
     # default is
@@ -302,11 +343,35 @@ case $HOSTNAME in
     ;;
 esac
 
+case $HOSTNAME in
+  bk)
+    sgo named
+    ;;
+esac
+
+
+lines=(
+  "/etc/resolved-nsswitch/nsswitch.conf r,"
+  "/etc/basic-nsswitch/nsswitch.conf r,"
+  # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+  # I dont know if this is quite the right fix, but I saw other sockets
+  # in the nameservice files that were rw, so figured it was ok to add this and it worked.
+  "/run/systemd/resolve/io.systemd.Resolve rw,"
+)
 f=/etc/apparmor.d/abstractions/nameservice
-if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then
-  sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f
-  sudo sed -i '/\/etc\/nsswitch.conf/a /etc/basic-nsswitch/nsswitch.conf r,' $f
-  if sytemctl is-enabled apparmor; then
+apparmor_reload=false
+if [[ -e $f ]]; then
+  for l in "${lines[@]}"; do
+    if ! grep -qF "$l" $f; then
+      sudo sed -i "/\/nsswitch.conf/a $l" $f
+      apparmor_reload=true
+      if ! grep -qF "$l" $f; then
+        echo "$0: failed editing $f. investigate"
+        exit 1
+      fi
+    fi
+  done
+  if $apparmor_reload && systemctl is-enabled apparmor; then
     m ser reload apparmor
   fi
 fi
@@ -329,10 +394,19 @@ if bitfolk; then
   sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts
 fi
 
-# firefox exists but is 2 versions outdated
+if isdeb && [[ $(debian-codename) == aramo ]]; then
+  sudo dd of=/etc/apt/preferences.d/aramo-jammy-missing <<'EOF'
+Package: linux-libc-dev libmysqlclient21
+Pin: release n=jammy,o=Ubuntu
+Pin-Priority: 500
+EOF
+fi
+
+# libfdk just has some patent worries.
+# https://www.gnu.org/licenses/license-list.en.html#fdk
 if isdeb && [[ $(debian-codename) == nabia ]]; then
   sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF'
-Package: unrar-free firefox libfdk-aac1 ansible
+Package: libfdk-aac1
 Pin: release n=focal,o=Ubuntu
 Pin-Priority: 500
 EOF
@@ -347,7 +421,6 @@ Pin: release a=nabia-backports
 Pin-Priority: -100
 EOF
 
-
 fi
 
 
@@ -410,7 +483,7 @@ pi ${p1[@]}
 
 ######## fix evbug bug ######
 case $(debian-codename-compat) in
-  xenial|bionic|focal)
+  xenial|bionic|focal|jammy)
     # noticed in flidas. dunno if it affects any others
     #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
     #https://wiki.debian.org/KernelModuleBlacklisting
@@ -428,26 +501,6 @@ case $(debian-codename-compat) in
 esac
 
 
-###### link files
-# convenient to just do all file linking in one place
-sudo /a/exe/lnf -T /a/bin /b
-sudo /a/exe/lnf -T /a/f /f
-sudo /a/exe/lnf -T /var/log/exim4 /el
-sudo /a/exe/lnf -T /a/f/ans /c
-sudo /a/exe/lnf -T /nocow/t /t
-if has_p; then
-  lnf -T /p/News ~/News
-fi
-dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history)
-sudo mkdir -p ${dirs[@]}
-sudo chmod 600 ${dirs[@]}
-sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \
-     /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
-/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob
-sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
-
-
-
 
 #### arch specific early packages
 case $(distro-name) in
@@ -584,17 +637,31 @@ case $HOSTNAME in
   kd)
     tu /etc/fstab <<'EOF'
 /dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7  /d  btrfs  nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d  0 0
+/i /d/m none  bind,compress=zstd  0 0
 EOF
     if ! mountpoint /d &>/dev/null; then
-      sudo mkdir /d
+      sudo mkdir -p /d
       if [[ -d /mnt/r7/d ]]; then
         sudo mount /d
       fi
     fi
     ;;
+  frodo)
+    tu /etc/fstab <<'EOF'
+/dev/mapper/crypt_dev_ata-ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1  /i  btrfs  nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvol=i  0 0
+EOF
+    if ! mountpoint /i &>/dev/null; then
+      sudo mkdir -p /i
+      if [[ -d /mnt/i/i ]]; then
+        sudo mount /i
+      fi
+    fi
+    ;;
 esac
 
-
+if bitfolk; then
+  sudo systemctl disable systemd-networkd
+fi
 
 ##### setup email
 primary-setup
@@ -650,20 +717,17 @@ if has_monitor; then
   dir=/etc/X11/xinit/xinitrc.d/
   sudo mkdir -p $dir
   sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir
-  s teeu /etc/systemd/logind.conf <<'EOF'
-HandleLidSwitch=
-EOF
 
-  # this works on
-  dir=/etc/gdm3
-  sudo mkdir -p $dir/PostLogin
-  sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
+  ## disabled since i'm not using gdm atm
+  # dir=/etc/gdm3
+  # sudo mkdir -p $dir/PostLogin
+  # sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
   sudo mkdir -p /etc/lightdm/lightdm.conf.d
   # etiona lightdm.log:
   # [SeatDefaults] is now called [Seat:*], please update this configuration
   sudo dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
 [Seat:*]
-display-setup-script=/a/bin/ds/lightdm-start
+# display-setup-script=/a/bin/ds/lightdm-start
 session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
 EOF
 
@@ -693,8 +757,10 @@ if $emacs; then
   else
     if $recompile; then
       /a/bin/buildscripts/emacs
+      /a/bin/buildscripts/mu4e
     else
       /a/bin/buildscripts/emacs --no-r
+      /a/bin/buildscripts/mu4e --no-r
     fi
   fi
   # the first pup command can kill off our /etc/ mod, so rerun this