X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=9a7a9adae33d41b3298d98e78971d2cba1556a0c;hb=3f437c0f6c11356451d5d739875eee2d4603d7ca;hp=39972179d4fb223a12d1aa33ff3e98afdeef6324;hpb=431c65df440c854db2aa154a38fe6e33428d98c7;p=distro-setup

diff --git a/distro-begin b/distro-begin
index 3997217..9a7a9ad 100755
--- a/distro-begin
+++ b/distro-begin
@@ -1,12 +1,12 @@
 #!/bin/bash -l
 # Copyright (C) 2016 Ian Kelling
-
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -14,16 +14,13 @@
 # limitations under the License.
 
 
-# todo. dunno why, but original bootstrap of timezone is not sticking.
-# fixed manually with:
-# s dpkg-reconfigure tzdata
-# enter 12 then 11.
 
 
 # for bootstrapping a new machine
 
-# to make ssh interactive shell run better, first run this:
-sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
+# in case we need it,
+# to make ssh interactive shell run better, we run this first.
+sudo bash -c 'source /a/c/.bashrc && source /a/exe/ssh-emacs-setup'
 
 
 # usage: $0 [-r] HOSTNAME
@@ -33,7 +30,7 @@ sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
 # set the scrollback to unlimited in case something goes wrong
 
 if [[ $EUID == 0 ]]; then
-    if getent passwd ian; then
+    if getent passwd iank || getent passwd ian ; then
         echo "$0: error: running as root. unprivileged user exists. use it."
         exit 1
     else
@@ -41,7 +38,7 @@ if [[ $EUID == 0 ]]; then
     fi
 fi
 
-interactive=false  # set this to true if running by hand in emacs
+interactive=true  # set this to false to force set -x
 [[ $- == *i* ]] || interactive=false
 
 if ! $interactive; then
@@ -60,8 +57,6 @@ recompile=false
 bootstrapfs=false # old flag, needs new look before using.
 while [[ $1 == -* ]]; do
     case $1 in
-        # avoid some of the longer compilation steps,
-        # when we need to rerun because we had an error
         -r) recompile=true; shift ;;
     esac
 done
@@ -70,12 +65,14 @@ if [[ $1 ]]; then
     export HOSTNAME=$1
 fi
 
-for f in iank-dev htpc treetowl x2 frodo tp li lj demohost; do
+for f in iank-dev htpc treetowl x2 frodo tp li lj demohost kw fz; do
     eval "$f() { [[ $HOSTNAME == $f ]]; }"
 done
-has_p() { iank-dev || x2 || frodo || tp; }
-has_x() { ! { lj || li || demohost; }; }
+has_p() { ! linode; } # when tp is tracis, then not tp either
+has_x() { ! linode; }
 linode() { lj || li; }
+has_btrfs() { ! linode; }
+home_network() { ! linode; }
 encrypted() { has_p; }
 
 shopt -s extglob
@@ -86,6 +83,9 @@ umask 0002
 ####### end command line parsing
 
 PATH="/a/exe:$PATH"
+sed="sed --follow-symlinks"
+
+##### begin setup encryption scripts ######
 if encrypted; then
     # I tried making a service which was dependent on reboot.target,
     # but it happened too late in the shutdown process.
@@ -96,7 +96,7 @@ Description=Turn on automatic decryption of drives on boot
 # generally, I don't think targets order shutdown like they do startup.
 # So, I did systemd-analyze plot > something.svg, and picked a reliably started
 # service that happens late in the game.
-After=postfix.service
+After=ntp.service
 DefaultDependencies=no
 # not sure if needed, makes sure we shut down before reboot.target
 Conflicts=reboot.target
@@ -130,23 +130,11 @@ EOF
     sudo systemctl enable keyscriptoff.service
     sudo systemctl start keyscriptoff.service
 fi
+##### end setup encryption scripts ######
 
 
 install-myqueue
 
-if iank-dev; then
-    desktop=DESKTOP_DOMAIN # TODO, broken. rethink this next time it's used
-    if $bootstrapfs; then
-        # TODO: broken. need to copy files in this directory too, probably rethink this.
-        cp="scp $desktop:"
-        # for moving to a new hd, change $cp to move between filesystems
-        mkdir -p /a/bin
-        chown -R ian:ian /a # probably needs to be removed
-        $cp/a/c /a
-        echo -e \\n\\n\\n | ssh-keygen -t rsa
-    fi
-fi
-
 # this script has been designed to be idempotent
 # todo, it would be nice to cut down on some of the output
 
@@ -161,17 +149,16 @@ $interactive || errcatch
 set +x
 source /a/bin/distro-functions/src/identify-distros
 $interactive || set -x
-echo path:$PATH
-
 
 if isfedora; then
     # comment out line disallowing calling sudo in scripts
-    sudo sed -i --follow-symlinks 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+    sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
     # turn on magic sysrq commands for this boot cycle
     echo 1 > sudo dd of=/proc/sys/kernel/sysrq
+    echo "kernel.sysrq = 1" > /etc/sysctl.d/90-sysrq.conf
     # selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
     # and you have no idea why.
-    sudo sed -i --follow-symlinks 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+    sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
     selinuxenabled && sudo setenforce 0
 fi
 
@@ -179,8 +166,8 @@ fi
 # already ran for pxe installs, but used for vps & updates
 distro=$(distro-name)
 case $distro in
-    ubuntu|debian)
-        sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-ian"
+    ubuntu|debian|trisquel)
+        sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
         ;;
     *)
         sudo bash -c ". /a/bin/fai/fai-wrapper &&
@@ -188,10 +175,8 @@ case $distro in
         ;;
 esac
 
-if linode; then
-    sudo sed -i '/^127\.0\.1\.1/d' /etc/hosts
-    echo "127.0.1.1 $HOSTNAME.lan $HOSTNAME" | sudo tee -a /etc/hosts
-fi
+sudo $sed -i '/^127\.0\.1\.1/d' /etc/hosts
+echo "127.0.1.1 $HOSTNAME.b8.nz $HOSTNAME" | sudo tee -a /etc/hosts
 
 
 if [[ $EUID == 0 ]]; then
@@ -200,44 +185,37 @@ if [[ $EUID == 0 ]]; then
 fi
 
 
-# link files
-
-lnf-home() {
-    # $2 and opts are unused so far.
-    opts=()
-    while [[ $1 == -* ]]; do
-        opts+=($1)
-        shift
-    done
-    lnf ${opts[@]} "$1" /home/ian/$2
-    sudo -u traci -i <<EOF
-PATH="/a/exe:$PATH"
-lnf ${opts[@]} "$1" /home/traci/$2
-EOF
-}
-
-for x in /a/c/repos/bash/!(.git); do
-    lnf-home "$x"
+#### begin link bashrc for root ######
+for x in /a/c/{.bashrc,brc,.bash_profile,.profile,.inputrc,path_add_function}; do
     sudo -i <<EOF
 PATH="/a/exe:$PATH"
 lnf $x /root
 EOF
 done
+#### end link bashrc repo for root ######
 
-echo path:$PATH
+# li needs the bind group before conflink
+if [[ $HOSTNAME == li ]]; then
+    getent group bind &>/dev/null || sudo groupadd -r bind
+fi
+# this needs to be before installing pacserve so we have gpg conf.
+conflink
 
 set +x
 errallow
+source /etc/profile.d/environment.sh
 source ~/.bashrc
-echo path:$PATH
 $interactive || errcatch
 $interactive || set -x
 
 
 # passwordless sudo
-tu /etc/sudoers <<'EOF'
-ian  ALL=(ALL)  NOPASSWD: ALL
+tu /etc/sudoers <<EOF
+$USER  ALL=(ALL)  NOPASSWD: ALL
 Defaults  env_keep += SUDOD
+# makes ubuntu be like debian
+# https://unix.stackexchange.com/a/91572
+Defaults always_set_home
 EOF
 
 
@@ -245,31 +223,24 @@ EOF
 isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
 
 
-
-if isdebian; then
+if isdeb; then
     codename=$(debian-codename)
-    if isdebian-stable && has_x; then
-        s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
-deb http://mozilla.debian.net/ $codename-backports firefox-release
-deb-src http://mozilla.debian.net/ $codename-backports firefox-release
-EOF
-        p update
-        # take care of mozilla signing errors in previous command
-        pi pkg-mozilla-archive-keyring
-        p update
-    else
-        :
-        # this would change stable to testing, but I set that up already.
-        # It\'s just a no-op if its already testing.
-        # sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' /etc/apt/sources.list
-        p update
-    fi
+    ## ian: disabled. backports are not being published atm due to rust packaging issue
+    #     if isdebian-stable && has_x; then
+    #         s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
+    # deb http://mozilla.debian.net/ $codename-backports firefox-release
+    # deb-src http://mozilla.debian.net/ $codename-backports firefox-release
+    # EOF
+    #         p update
+    #         # take care of mozilla signing errors in previous command
+    #         pi pkg-mozilla-archive-keyring
+    #     fi
+    p update
+
 fi
 
-s lnf -T /q/p /p
-# this needs to be before installing pacserve so we have gpg conf.
-conflink
 
+###### begin arch aur wrapper ########
 if isarch; then
     #https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages
     sudo pacman -S --noconfirm --needed base-devel jq
@@ -295,32 +266,55 @@ if isarch; then
     sudo systemctl enable pacserve.service
     sudo systemctl start pacserve.service
 
+fi
+###### end arch aur wrapper ########
+
+pup
+
+
+###### begin trash cli install ######
+if isarch; then
     # strange error if just installing trash-cli: "pyalpm requires python",
     # so I see that it requires python2, and installing that manually fixes it.
-    # I didn't see this on earlier installation, main thing which changed was
-    # pacserve, so not sure if it's related.
+    # I didn\'t see this on earlier installation, main thing which changed was
+    # pacserve, so not sure if it\'s related.
     pi python2
 fi
-
-pup
 pi trash-cli
+###### end trash cli install ######
 
 
-###### link files ###########
-# convenient to just do all file linking in one place
+######## begin fix evbug bug ######
+case $distro in
+    trisquel|ubuntu)
+        # noticed in flidas.
+        #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
+        #https://wiki.debian.org/KernelModuleBlacklisting
+        #common advice when searching is to use /etc/modprobe.d/blacklist.conf,
+        #but that file won't work and will get automatically reverted
+        sudo rmmod evbug ||: # might not be loaded yet
+        file=/etc/modprobe.d/evbug.conf
+        line="blacklist evbug"
+        if ! grep -xFq "$line" $file; then
+            sudo dd of=$file 2>/dev/null <<<"$line"
+            sudo depmod -a
+            sudo update-initramfs -u
+        fi
+        ;;
+esac
+######## end fix evbug bug ######
 
-# if it wasn't set already, we could set hostname here
-#echo treetowl | s dd of=/etc/hostname
-#s hostname -F /etc/hostname
-#HOSTNAME=$(hostname)
+
+
+###### begin link files ###########
+# convenient to just do all file linking in one place
 
 
 s lnf -T /a/bin /b
+s lnf -T /nocow/t /t
 
 if has_p; then
-    lnf -T /p/offlineimap ~/Maildir
     lnf -T /p/News ~/News
-    # don't use /* because I don't want to require it to be mounted
 fi
 
 s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
@@ -328,7 +322,7 @@ s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
 
 rootsshsync
 
-s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
+s lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
 
 # machine is going away
 # if [[ $HOSTNAME == htpc ]]; then
@@ -340,40 +334,25 @@ if has_p; then
     lnf -T /i/k/mboxes ~/mail
 fi
 
+###### end link files ###########
+
+
+##### basic needed packages
 
-# basic needed packages
+### begin setup for keyboard and redshift ###
 case $(distro-name) in
-    debian)
+
+    trisquel|ubuntu|debian)
         if has_x; then
-            if isdebian-stable; then
-                pi firefox/$codename-backports
+            if isdebian-testing; then
+                pi xmacro/unstable # has no unstable deps
             else
-                # for a while, firefox/unstable had all it\'s deps satisfied
-                # by testing packages, but now i hit a conflict,
-                # it wanted a newer libfontconfig1, but emacs build-deps
-                # wanted an older one. Oh well, they seem to release
-                # a new esr version every 9 months or so.
-                pi firefox-esr
-            fi
-        fi
-        # for hosts which require nonfree drivers
-        # i previously had extra packages listed here linux-image-amd64
-        # firmware-linux-free linux-headers-amd64, but I
-        # don\'t see any reason why. seems to work in testing without.
-        # remove this note if it continues to work.
-        p=firmware-linux-nonfree
-        if apt-cache show $p &>/dev/null; then
-            pi $p
-        fi
-        ;;&
-    ubuntu|debian)
-        if has_x; then
-            if isdebian-stable; then
                 pi xmacro
-            else
-                pi xmacro/unstable # has no unstable deps
             fi
-            pi gtk-redshift xinput
+            pi xinput
+            # recommends gets us geoclue (for darkening automatically at night i assume),
+            # which recommends modemmanager, which is annoying to fix for the model01 keyboard.
+            pi --no-install-recommends gtk-redshift
         fi
         ;;&
     fedora)
@@ -535,28 +514,30 @@ EOF
         fi
 
         ;;&
-    ubuntu|debian|fedora)
+    ubuntu|trisquel|debian|fedora)
         if has_x; then
-            if isdebian-stable; then
-                pi xkbset
-            else
+            if isdebian-testing; then
                 # xkbset was in testing for quite a while, dunno
-                # why it's not anymore. Sometime I should check and
-                # see if it's back in testing, but the unstable package
-                # doesn't upgrade anything form testing, and it's tiny
-                # so I'm not bothering to automate it.
+                # why it\'s not anymore. Sometime I should check and
+                # see if it\'s back in testing, but the unstable package
+                # doesn\'t upgrade anything form testing, and it\'s tiny
+                # so I\'m not bothering to automate it.
                 pi xkbset/unstable
-fi
-fi
-;;&
+            else
+                pi xkbset
+            fi
+        fi
+        ;;&
 esac
-
 if has_x; then
     pi xbindkeys
 fi
+### end setup for keyboard and redshift ###
+
+
 pi cryptsetup lvm2
 # enables trim for volume delete, other rare commands.
-sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+sudo $sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
 
 if encrypted; then
     if isdeb; then
@@ -566,53 +547,119 @@ if encrypted; then
     sudo systemctl enable fstrim.timer
 fi
 
-dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
+dirs=(/mnt/{1,2,3,4,5,6,7,8,9} /nocow/t)
 s mkdir -p "${dirs[@]}"
-s chown ian:ian  "${dirs[@]}"
+s chown $USER:$USER  "${dirs[@]}"
 
-if [[ $HOSTNAME == treetowl ]]; then
-    tu /etc/fstab <<'EOF'
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs  noatime    0 2
-EOF
-else
-    tu /etc/fstab <<'EOF'
-/q/i  /i  none  bind  0 0
-EOF
-fi
 
 tu /etc/fstab <<'EOF'
-/i/w  /w  none  bind  0 0
-/i/k  /k  none  bind  0 0
+/i/w  /w  none  bind,noauto  0 0
+/i/k  /k  none  bind,noauto  0 0
 EOF
 
-if ! mountpoint /kfrodo; then
-    s mkdir -p /kfrodo
-    s chown ian:traci /kfrodo
+
+if ! mountpoint /kr; then
+    s mkdir -p /kr
+    s chown $USER:traci /kr
 fi
-if [[ $HOSTNAME == frodo ]]; then
-    tu /etc/fstab <<'EOF'
-/k  /kfrodo  none  bind  0 0
+
+if home_network; then
+    if [[ $HOSTNAME == frodo ]]; then
+        tu /etc/fstab <<'EOF'
+/k  /kr  none  bind,noauto  0 0
 EOF
-else
-    tu /etc/fstab <<'EOF'
-frodo:/k  /kfrodo  nfs  defaults  0 0
+    else
+        tu /etc/fstab <<'EOF'
+frodo:/k  /kr  nfs  noauto  0 0
 EOF
+    fi
 fi
 
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
 for dir in /{i,w,k}; do
-    if mountpoint $dir; then continue; fi
+    if mountpoint $dir; then continue; fi # already mounted
     s mkdir -p $dir
-    s chown ian:ian $dir
-    s mount $dir
+    s chown $USER:$USER $dir
 done
 
+# not needed for all hosts, but rather just keep it uniform
+s mkdir -p /mnt/iroot
+
+# debian auto mounting of multi-disk encrypted btrfs is busted.  It is
+# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
+# based on 3 of those, it creates .device units for /dev/mapper/dev...
+# then waits endlessly for them on bootup, after the /dev/mapper disks
+# have already been created and exist. todo: create a simple repro
+# for this in a vm and report it upstream.
+if has_btrfs || home_network; then
+    pi nfs-common
+    s dd of=/root/imount <<'EOF'
+#!/bin/bash
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+for dir in /i /mnt/iroot /k /kr /w; do
+    if ! mountpoint $dir &>/dev/null && \
+            awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+        if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+            mount $dir || echo "warning: failed to mount nfs on $dir"
+        else
+            mount $dir
+        fi
+    fi
+done
+EOF
+    s chmod +x /root/imount
+
+    s dd of=/etc/systemd/system/imount.service <<EOF
+[Unit]
+Description=Mount /i and related mountpoints
+Before=syncthing@$USER.service
+
+[Service]
+Type=oneshot
+ExecStart=/root/imount
+
+[Install]
+RequiredBy=syncthing@$USER.service
+# note /kr needs networking, this target is the simplest way to
+# time it when the network should be up, but not do something
+# dumb like delay startup until the network is up. It happens
+# at some time after network.target
+WantedBy=multi-user.target
+EOF
+    sudo systemctl daemon-reload # needed if the file was already there
+    sudo systemctl enable imount.service
+    sudo systemctl start imount.service
+fi
+
+dir=/nocow
+if has_btrfs; then
+    if ! mountpoint $dir; then
+        subvol=/mnt/root/nocow
+        if [[ ! -e $subvol ]]; then
+            s btrfs subvolume create $subvol
+            s chown root:1000 $subvol
+            s chattr +C $subvol
+        fi
+
+        first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+        tu /etc/fstab <<EOF
+$first_root_crypt  /nocow  btrfs  noatime,subvol=nocow  0 0
+EOF
+        s mkdir -p $dir
+        s chown $USER:$USER $dir
+        s mount $dir
+    fi
+else
+    sudo mkdir -p $dir
+fi
 
 # ssh and probably some other things care about parent directory
 # ownership, and ssh doesn\'t allow any group writable parent
 # directories, so we are forced to use a directory structure similar
 # to home directories
-s chown root:ian /q
+s chown root:$USER /q
 s chmod 755 /q
 
 
@@ -623,80 +670,50 @@ if which systemd-hwdb; then
     ser restart systemd-udev-trigger
 fi
 
-# work desktop doesnt need gpg stuff, but it doesnt hurt
-s dd of=/etc/profile.d/environment.sh <<'EOF'
-# IAN: EDIT THIS FROM /a/bin/distro-setup/distro-begin
-export ACME_TINY_WRAPPER_CERT_DIR=/p/c/machine_specific/$HOSTNAME/webservercerts
 
-if [ -f $HOME/path_add-function ]; then
-    . $HOME/path_add-function
-    path_add /usr/sbin /usr/local/sbin /sbin
-    path_add /a/exe /a/opt/bin $HOME/.cabal/bin
-
-    if [ -r /etc/alternatives/java_sdk ]; then
-        export JAVA_HOME=/etc/alternatives/java_sdk
-        path_add /etc/alternatives/java_sdk
-    fi
+if isdeb; then
+    # I\'ve had problems with postfix on debian:
+    # on stretch, a startup ordering issue caused all mail to fail.
+    # postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
+    # exim4 is default on debian, so I assume it would
+    # be packaged better to avoid these types of things.
+    # I haven\'t gotten around to getting a non-debian exim
+    # setup.
+    mail-setup exim4
+else
+    mail-setup postfix
 fi
 
-export EDITOR="emacsclient"
-# this makes emacsclient file/-c start a server instance if none is running,
-# instead of some alternate editor logic
-export ALTERNATE_EDITOR=""
-
-# ubuntu starts gpg agent automatically with  /etc/X11/Xsession.d/90gpg-agent.
-# fedora doesn't, which left me to figure this out, and google was no help.
-# fedora documentation is often quite bad :(
-# This is mostly copied from that file.
-# Main difference is that we eval the result of starting gpg-agent,
-# while that file executes it through xsession specific var.
-# Also make sourcing the pidfile make more sense.
-# End result should be the same afaik.
-# for gpg-agent to work when calling gpg from the command line,
-# we need an environment variable that is setup via the eval.
-# which is why we do this upon login, so it can propogate
-# It is also written to the file $HOME/.gnupg/gpg-agent-info-$(hostname)
-# I'm not aware if that is ever used, but just fyi.
-# I also added the bit about xmessaging the stderr,
-# because I'd like to know if the command fails
-if [ -f /etc/fedora-release ]; then
-    : ${GNUPGHOME=$HOME/.gnupg}
-
-    GPGAGENT=/usr/bin/gpg-agent
-    PID_FILE="$GNUPGHOME/gpg-agent-info-$(hostname)"
-
-    if ! $GPGAGENT 2>/dev/null; then
-        temp="$(mktemp)"
-        eval "$($GPGAGENT --homedir /p/do-not-delete --daemon --sh --write-env-file=$PID_FILE 2>$temp)"
-        temperr="$(<"$temp")"
-        [ -n "$temperr" ] && xmessage "gpg-agent stderr: $temperr"
-    elif [ -r "$PID_FILE" ]; then
-        . "$PID_FILE"
-        export GPG_AGENT_INFO
-    fi
+if isubuntu; then
+    # disable crash report annoying dialogs.
+    s dd of=/etc/default/apport <<<'enabled=0'
 fi
 
-# ubuntu has 002, debian has 022.
-# from what I've read, benefit of 002 makes shared groups read/write.
-# Security concern is where some unixes put everyone in a same group,
-# so if you copy files there with exact perms, that is probably not
-# what you want. I don't use a system like that, and I don't really care
-# either way, but I'd prefer
-# being able to sync file perms with ubuntu systems at work,
-# and it's easier to change the debian one.
-
-umask 002
+# fai sets this an old way that doesn't work for stretch.
+# no harm in setting it universally here.
+# using debconf-set-selection, the area gets reset to ETC
+# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
+# so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
+# todo: this is not idempotent, it fails when running twice, due to prepopulated values.
+# check into unsetting them using debconf-set-selection.
+s apt-get -y install --no-install-recommends expect
+s expect <<EOF ||:
+set force_conservative 0
+spawn dpkg-reconfigure tzdata -freadline
+expect -nocase timeout {exit 1} "Geographic area:"
+send "\02512\r"
+expect -nocase timeout {exit 1} "Time zone:"
+send "\0255\r"
+expect eof
+exit
 EOF
 
 
-
-postfix-setup
-
-if isubuntu; then
-    # disable crash report annoying crap
-    s dd of=/etc/default/apport <<<'enabled=0'
-fi
-
 if has_x; then
     if isarch; then
         # install so it's build dependencies don't get removed.
@@ -714,12 +731,10 @@ if has_x; then
         fi
         pi hunspell hunspell-en
     else
-        # to disable emacs git build,
-        # s apt-get install emacs
         if $recompile; then
-            /a/bin/buildscripts/emacs -u
+            /a/bin/buildscripts/emacs
         else
-            /a/bin/buildscripts/emacs -r
+            /a/bin/buildscripts/emacs --no-r || /a/bin/buildscripts/emacs
         fi
     fi
 
@@ -735,7 +750,7 @@ if has_x; then
         s mkdir -p $dir/PostLogin
         s command cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
         s mkdir /etc/lightdm/lightdm.conf.d
-        s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF'
+        s dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
 [SeatDefaults]
 session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
 EOF
@@ -763,7 +778,7 @@ EOF
         # https://wiki.archlinux.org/index.php/Xinitrc
         for homedir in /home/*; do
             cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
-            sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
+            $sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
             tee -a $homedir/.xinitrc <<'EOF'
 /a/bin/desktop-20-autostart.sh
 xsetroot -cursor_name left_ptr
@@ -775,11 +790,22 @@ EOF
     fi
     pi dmenu
 
-    if isdeb && (tp || x2); then
-        pi task-laptop
+    if tp || x2; then
+        case $distro in
+            debian)
+                pi task-laptop
+                ;;
+            ubuntu|trisquel)
+                # the exact packages that task-laptop would install, since ubuntu
+                # doesn\'t have this virtual in practice package.
+                pi avahi-autoipd bluetooth powertop iw wireless-tools wpasupplicant
+                ;;
+            # todo: other distros unknown
+        esac
     fi
 fi
 
-# the first pup command can kill off our /etc/
-/a/bin/ssh-emacs-setup
+# the first pup command can kill off our /etc/ mod, so rerun this
+/a/exe/ssh-emacs-setup
 echo "$0: $(date): ending now"
+exit 0