X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=9a7a9adae33d41b3298d98e78971d2cba1556a0c;hb=3f437c0f6c11356451d5d739875eee2d4603d7ca;hp=ce71c83de81bf5d4b4056ff2d36b469f3cdbfaf1;hpb=d2a47c0cb8dd83d90b1062d0513d1719d5a15b9c;p=distro-setup
diff --git a/distro-begin b/distro-begin
index ce71c83..9a7a9ad 100755
--- a/distro-begin
+++ b/distro-begin
@@ -1,29 +1,36 @@
#!/bin/bash -l
# Copyright (C) 2016 Ian Kelling
-# This program is under GPL v. 3 or later, see
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
-# todo. dunno why, but original bootstrap of timezone is not sticking.
-# fixed manually with:
-# s dpkg-reconfigure tzdata
-# enter 12 then 11.
-# for bootstrapping a new machine
-# to make ssh run better, first run this:
-sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
+# for bootstrapping a new machine
+# in case we need it,
+# to make ssh interactive shell run better, we run this first.
+sudo bash -c 'source /a/c/.bashrc && source /a/exe/ssh-emacs-setup'
-# see t.org for OS installer notes
-# usage: $0 [OPTIONS] HOSTNAME
+# usage: $0 [-r] HOSTNAME
# tips:
# run any sudo command first so your pass is cached
# set the scrollback to unlimited in case something goes wrong
if [[ $EUID == 0 ]]; then
- if getent passwd ian; then
+ if getent passwd iank || getent passwd ian ; then
echo "$0: error: running as root. unprivileged user exists. use it."
exit 1
else
@@ -31,7 +38,7 @@ if [[ $EUID == 0 ]]; then
fi
fi
-interactive=false # set this to true if running by hand in emacs
+interactive=true # set this to false to force set -x
[[ $- == *i* ]] || interactive=false
if ! $interactive; then
@@ -50,8 +57,6 @@ recompile=false
bootstrapfs=false # old flag, needs new look before using.
while [[ $1 == -* ]]; do
case $1 in
- # avoid some of the longer compilation steps,
- # when we need to rerun because we had an error
-r) recompile=true; shift ;;
esac
done
@@ -60,11 +65,14 @@ if [[ $1 ]]; then
export HOSTNAME=$1
fi
-for f in iank-dev htpc treetowl x2 frodo tp li lj; do
+for f in iank-dev htpc treetowl x2 frodo tp li lj demohost kw fz; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
-has_p() { iank-dev || x2 || frodo || tp; }
-has_x() { ! { lj || li; }; }
+has_p() { ! linode; } # when tp is tracis, then not tp either
+has_x() { ! linode; }
+linode() { lj || li; }
+has_btrfs() { ! linode; }
+home_network() { ! linode; }
encrypted() { has_p; }
shopt -s extglob
@@ -75,6 +83,9 @@ umask 0002
####### end command line parsing
PATH="/a/exe:$PATH"
+sed="sed --follow-symlinks"
+
+##### begin setup encryption scripts ######
if encrypted; then
# I tried making a service which was dependent on reboot.target,
# but it happened too late in the shutdown process.
@@ -85,8 +96,9 @@ Description=Turn on automatic decryption of drives on boot
# generally, I don't think targets order shutdown like they do startup.
# So, I did systemd-analyze plot > something.svg, and picked a reliably started
# service that happens late in the game.
-After=postfix.service
+After=ntp.service
DefaultDependencies=no
+# not sure if needed, makes sure we shut down before reboot.target
Conflicts=reboot.target
[Service]
@@ -118,24 +130,11 @@ EOF
sudo systemctl enable keyscriptoff.service
sudo systemctl start keyscriptoff.service
fi
+##### end setup encryption scripts ######
install-myqueue
-if iank-dev; then
- desktop=$(ssh root@iankelling.org grep desktop /etc/hosts | grep -o "^.* ")
- if $bootstrapfs; then
- # for bootstrapping at a new job:
- cp="scp $desktop:"
- # for moving to a new hd, change $cp to move between filesystems
- mkdir -p /a/bin
- chown -R ian:ian /a # probably needs to be removed
- $cp/a/c /a
- $cp/a/c/bin/{bash-programs-by-ian,distro-begin,distro-functions,input-setup.sh} /a/bin
- echo -e \\n\\n\\n | ssh-keygen -t rsa
- fi
-fi
-
# this script has been designed to be idempotent
# todo, it would be nice to cut down on some of the output
@@ -150,17 +149,16 @@ $interactive || errcatch
set +x
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
-echo path:$PATH
-
if isfedora; then
# comment out line disallowing calling sudo in scripts
- sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+ sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
# turn on magic sysrq commands for this boot cycle
echo 1 > sudo dd of=/proc/sys/kernel/sysrq
+ echo "kernel.sysrq = 1" > /etc/sysctl.d/90-sysrq.conf
# selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
# and you have no idea why.
- sudo sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+ sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
selinuxenabled && sudo setenforce 0
fi
@@ -168,8 +166,8 @@ fi
# already ran for pxe installs, but used for vps & updates
distro=$(distro-name)
case $distro in
- ubuntu|debian)
- sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-ian"
+ ubuntu|debian|trisquel)
+ sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
;;
*)
sudo bash -c ". /a/bin/fai/fai-wrapper &&
@@ -177,6 +175,9 @@ case $distro in
;;
esac
+sudo $sed -i '/^127\.0\.1\.1/d' /etc/hosts
+echo "127.0.1.1 $HOSTNAME.b8.nz $HOSTNAME" | sudo tee -a /etc/hosts
+
if [[ $EUID == 0 ]]; then
echo "$0: running as root. exiting now that users are setup"
@@ -184,44 +185,37 @@ if [[ $EUID == 0 ]]; then
fi
-# link files
-
-lnf-home() {
- # $2 and opts are unused so far.
- opts=()
- while [[ $1 == -* ]]; do
- opts+=($1)
- shift
- done
- lnf ${opts[@]} "$1" /home/ian/$2
- sudo -u traci -i </dev/null || sudo groupadd -r bind
+fi
+# this needs to be before installing pacserve so we have gpg conf.
+conflink
set +x
errallow
+source /etc/profile.d/environment.sh
source ~/.bashrc
-echo path:$PATH
$interactive || errcatch
$interactive || set -x
# passwordless sudo
-tu /etc/sudoers <<'EOF'
-ian ALL=(ALL) NOPASSWD: ALL
+tu /etc/sudoers <$x
+
+ x=$(mktemp); /usr/bin/pacman.conf-insert_pacserve >$x
sudo dd of=/etc/pacman.conf if=$x; rm $x
sudo systemctl enable pacserve.service
sudo systemctl start pacserve.service
+fi
+###### end arch aur wrapper ########
+
+pup
+
+
+###### begin trash cli install ######
+if isarch; then
# strange error if just installing trash-cli: "pyalpm requires python",
# so I see that it requires python2, and installing that manually fixes it.
- # I didn't see this on earlier installation, main thing which changed was
- # pacserve, so not sure if it's related.
+ # I didn\'t see this on earlier installation, main thing which changed was
+ # pacserve, so not sure if it\'s related.
pi python2
fi
-
-pup
pi trash-cli
+###### end trash cli install ######
-###### link files ###########
-# convenient to just do all file linking in one place
+######## begin fix evbug bug ######
+case $distro in
+ trisquel|ubuntu)
+ # noticed in flidas.
+ #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
+ #https://wiki.debian.org/KernelModuleBlacklisting
+ #common advice when searching is to use /etc/modprobe.d/blacklist.conf,
+ #but that file won't work and will get automatically reverted
+ sudo rmmod evbug ||: # might not be loaded yet
+ file=/etc/modprobe.d/evbug.conf
+ line="blacklist evbug"
+ if ! grep -xFq "$line" $file; then
+ sudo dd of=$file 2>/dev/null <<<"$line"
+ sudo depmod -a
+ sudo update-initramfs -u
+ fi
+ ;;
+esac
+######## end fix evbug bug ######
-# if it wasn't set already, we could set hostname here
-#echo treetowl | s dd of=/etc/hostname
-#s hostname -F /etc/hostname
-#HOSTNAME=$(hostname)
-#########################################
-# NOTE: only /a needs to be mounted for creating links!
-###########################################
-# todo: reconcile ~/.ssh/config work/home
-s lnf -T /q/p /p
+###### begin link files ###########
+# convenient to just do all file linking in one place
+
+
s lnf -T /a/bin /b
-conflink
+s lnf -T /nocow/t /t
if has_p; then
- lnf -T /p/offlineimap ~/Maildir
lnf -T /p/News ~/News
- # don't use /* because I don't want to require it to be mounted
fi
s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
@@ -334,7 +322,7 @@ s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
rootsshsync
-s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
+s lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
# machine is going away
# if [[ $HOSTNAME == htpc ]]; then
@@ -346,28 +334,25 @@ if has_p; then
lnf -T /i/k/mboxes ~/mail
fi
+###### end link files ###########
-# basic needed packages
+
+##### basic needed packages
+
+### begin setup for keyboard and redshift ###
case $(distro-name) in
- debian)
+
+ trisquel|ubuntu|debian)
if has_x; then
- if isdebian-stable; then
- pi firefox/$codename-backports
+ if isdebian-testing; then
+ pi xmacro/unstable # has no unstable deps
else
- pi firefox/unstable # has no unstable dependencies
+ pi xmacro
fi
- fi
- # for hosts which require nonfree drivers
- case $HOSTNAME in
- tp|x2) : ;;
- *) pi linux-image-amd64 firmware-linux-nonfree \
- firmware-linux-free linux-headers-amd64
- ;;
- esac
- ;;&
- ubuntu|debian)
- if has_x; then
- pi xmacro gtk-redshift xinput
+ pi xinput
+ # recommends gets us geoclue (for darkening automatically at night i assume),
+ # which recommends modemmanager, which is annoying to fix for the model01 keyboard.
+ pi --no-install-recommends gtk-redshift
fi
;;&
fedora)
@@ -529,19 +514,30 @@ EOF
fi
;;&
- ubuntu|debian|fedora)
+ ubuntu|trisquel|debian|fedora)
if has_x; then
- pi xkbset
+ if isdebian-testing; then
+ # xkbset was in testing for quite a while, dunno
+ # why it\'s not anymore. Sometime I should check and
+ # see if it\'s back in testing, but the unstable package
+ # doesn\'t upgrade anything form testing, and it\'s tiny
+ # so I\'m not bothering to automate it.
+ pi xkbset/unstable
+ else
+ pi xkbset
+ fi
fi
;;&
esac
-
if has_x; then
pi xbindkeys
fi
+### end setup for keyboard and redshift ###
+
+
pi cryptsetup lvm2
# enables trim for volume delete, other rare commands.
-sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+sudo $sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
if encrypted; then
if isdeb; then
@@ -551,53 +547,119 @@ if encrypted; then
sudo systemctl enable fstrim.timer
fi
-dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
+dirs=(/mnt/{1,2,3,4,5,6,7,8,9} /nocow/t)
s mkdir -p "${dirs[@]}"
-s chown ian:ian "${dirs[@]}"
+s chown $USER:$USER "${dirs[@]}"
-if [[ $HOSTNAME == treetowl ]]; then
- tu /etc/fstab <<'EOF'
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs noatime 0 2
-EOF
-else
- tu /etc/fstab <<'EOF'
-/q/i /i none bind 0 0
-EOF
-fi
tu /etc/fstab <<'EOF'
-/i/w /w none bind 0 0
-/i/k /k none bind 0 0
+/i/w /w none bind,noauto 0 0
+/i/k /k none bind,noauto 0 0
EOF
-if ! mountpoint /kfrodo; then
- s mkdir -p /kfrodo
- s chown ian:traci /kfrodo
+
+if ! mountpoint /kr; then
+ s mkdir -p /kr
+ s chown $USER:traci /kr
fi
-if [[ $HOSTNAME == frodo ]]; then
- tu /etc/fstab <<'EOF'
-/k /kfrodo none bind 0 0
+
+if home_network; then
+ if [[ $HOSTNAME == frodo ]]; then
+ tu /etc/fstab <<'EOF'
+/k /kr none bind,noauto 0 0
EOF
-else
- tu /etc/fstab <<'EOF'
-frodo:/k /kfrodo nfs defaults 0 0
+ else
+ tu /etc/fstab <<'EOF'
+frodo:/k /kr nfs noauto 0 0
EOF
+ fi
fi
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
for dir in /{i,w,k}; do
- if mountpoint $dir; then continue; fi
+ if mountpoint $dir; then continue; fi # already mounted
s mkdir -p $dir
- s chown ian:ian $dir
- s mount $dir
+ s chown $USER:$USER $dir
done
+# not needed for all hosts, but rather just keep it uniform
+s mkdir -p /mnt/iroot
+
+# debian auto mounting of multi-disk encrypted btrfs is busted. It is
+# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
+# based on 3 of those, it creates .device units for /dev/mapper/dev...
+# then waits endlessly for them on bootup, after the /dev/mapper disks
+# have already been created and exist. todo: create a simple repro
+# for this in a vm and report it upstream.
+if has_btrfs || home_network; then
+ pi nfs-common
+ s dd of=/root/imount <<'EOF'
+#!/bin/bash
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+for dir in /i /mnt/iroot /k /kr /w; do
+ if ! mountpoint $dir &>/dev/null && \
+ awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+ if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+ mount $dir || echo "warning: failed to mount nfs on $dir"
+ else
+ mount $dir
+ fi
+ fi
+done
+EOF
+ s chmod +x /root/imount
+
+ s dd of=/etc/systemd/system/imount.service </dev/null; then
- temp="$(mktemp)"
- eval "$($GPGAGENT --homedir /p/do-not-delete --daemon --sh --write-env-file=$PID_FILE 2>$temp)"
- temperr="$(<"$temp")"
- [ -n "$temperr" ] && xmessage "gpg-agent stderr: $temperr"
- elif [ -r "$PID_FILE" ]; then
- . "$PID_FILE"
- export GPG_AGENT_INFO
- fi
+if isubuntu; then
+ # disable crash report annoying dialogs.
+ s dd of=/etc/default/apport <<<'enabled=0'
fi
-# ubuntu has 002, debian has 022.
-# from what I've read, benefit of 002 makes shared groups read/write.
-# Security concern is where some unixes put everyone in a same group,
-# so if you copy files there with exact perms, that is probably not
-# what you want. I don't use a system like that, and I don't really care
-# either way, but I'd prefer
-# being able to sync file perms with ubuntu systems at work,
-# and it's easier to change the debian one.
-
-umask 002
+# fai sets this an old way that doesn't work for stretch.
+# no harm in setting it universally here.
+# using debconf-set-selection, the area gets reset to ETC
+# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
+# so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
+# todo: this is not idempotent, it fails when running twice, due to prepopulated values.
+# check into unsetting them using debconf-set-selection.
+s apt-get -y install --no-install-recommends expect
+s expect <