X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=a0e9b0742610dd75c07e8606374e35644e8c664c;hb=8fc333f8c2d69d0792f3742d4f4351e7acb07d9e;hp=e9699408655ccb6aa4e6a52271937a2edb7b6e09;hpb=671538dd70b9aa0f1b38192b51dd0716e29eb6f0;p=distro-setup diff --git a/distro-begin b/distro-begin index e969940..a0e9b07 100755 --- a/distro-begin +++ b/distro-begin @@ -78,7 +78,10 @@ fi ### arg parsing recompile=false -emacs=true +emacs=false +if [[ -e /a/opt/emacs ]]; then + emacs=true +fi while [[ $1 == -* ]]; do case $1 in -r) recompile=true; shift ;; @@ -97,7 +100,7 @@ source $script_dir/pkgs set +x source /a/bin/distro-functions/src/identify-distros $interactive || set -x -for f in kd x2 x3 frodo tp li bk je demohost kw; do +for f in kd x2 x3 frodo tp li bk je demohost kw sy bo; do eval "$f() { [[ $HOSTNAME == $f ]]; }" done codename=$(debian-codename) @@ -210,7 +213,7 @@ fi distro=$(distro-name) case $distro in ubuntu|debian|trisquel) - sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank" + sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/IANK/11-iank" ;; *) sudo bash -c ". /a/bin/fai/fai-wrapper && @@ -235,6 +238,11 @@ EOF ##### exit first stage if running as root if [[ $EUID == 0 ]]; then + if [[ ! -e /home/iank/.ssh/authorized_keys && ! -L /home/iank/.ssh/authorized_keys ]]; then + sudo -u iank mkdir -p /home/iank/.ssh + chmod 0700 /home/iank/.ssh + sudo -u iank ln -sf /p/c/machine_specific/vps/subdir_files/.ssh/authorized_keys /home/iank/.ssh + fi echo "$0: running as root. exiting now that users are setup" exit 0 fi @@ -248,11 +256,33 @@ lnf $x /root EOF done +###### link files +# convenient to just do all file linking in one place +sudo /a/exe/lnf -T /a/bin /b +sudo /a/exe/lnf -T /a/f /f +sudo /a/exe/lnf -T /var/log/exim4 /el +sudo /a/exe/lnf -T /a/f/ans /c +sudo /a/exe/lnf -T /nocow/t /t +if has_p; then + lnf -T /p/News ~/News +fi +dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history) +sudo mkdir -p ${dirs[@]} +sudo chmod 600 ${dirs[@]} +sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \ + /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root +/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob +sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root + + ###### do conflink # vps needs bind group before conflink if vps; then pi-nostart bind9 fi +if bitfolk; then + pi-nostart unbound +fi # this needs to be before installing pacserve so we have gpg conf. conflink rootsshsync @@ -260,6 +290,8 @@ if [[ -e /etc/rootsudoenv ]]; then source /etc/rootsudoenv fi + + ###### bash environment setup set +x err-allow @@ -287,8 +319,17 @@ if [[ ! -e $f ]]; then sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' $f fi case $HOSTNAME in - bk) + bk|je) + # je should be able to get along systemd-resolved, but ive had some odd + # very intermittent dns failures with spamassassin, it seems it might only + # be happening with systemd-resolved, so just use unbound + # to make it consistent with the other hosts. sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf + soff systemd-resolved + sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf + sgo unbound + # cautious measure to make sure resolution is working + sleep 1 ;; *) # default is @@ -302,6 +343,13 @@ case $HOSTNAME in ;; esac +case $HOSTNAME in + bk) + sgo named + ;; +esac + + f=/etc/apparmor.d/abstractions/nameservice if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f @@ -329,10 +377,19 @@ if bitfolk; then sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts fi -# firefox exists but is 2 versions outdated +if isdeb && [[ $(debian-codename) == nabia ]]; then + sudo dd of=/etc/apt/preferences.d/aramo-jammy-missing <<'EOF' +Package: linux-libc-dev libmysqlclient21 +Pin: release n=jammy,o=Ubuntu +Pin-Priority: 500 +EOF +fi + +# libfdk just has some patent worries. +# https://www.gnu.org/licenses/license-list.en.html#fdk if isdeb && [[ $(debian-codename) == nabia ]]; then sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF' -Package: unrar-free firefox libfdk-aac1 ansible +Package: libfdk-aac1 Pin: release n=focal,o=Ubuntu Pin-Priority: 500 EOF @@ -347,7 +404,6 @@ Pin: release a=nabia-backports Pin-Priority: -100 EOF - fi @@ -428,26 +484,6 @@ case $(debian-codename-compat) in esac -###### link files -# convenient to just do all file linking in one place -sudo /a/exe/lnf -T /a/bin /b -sudo /a/exe/lnf -T /a/f /f -sudo /a/exe/lnf -T /var/log/exim4 /el -sudo /a/exe/lnf -T /a/f/ans /c -sudo /a/exe/lnf -T /nocow/t /t -if has_p; then - lnf -T /p/News ~/News -fi -dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history) -sudo mkdir -p ${dirs[@]} -sudo chmod 600 ${dirs[@]} -sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \ - /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root -/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob -sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root - - - #### arch specific early packages case $(distro-name) in @@ -586,7 +622,7 @@ case $HOSTNAME in /dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0 EOF if ! mountpoint /d &>/dev/null; then - sudo mkdir /d + sudo mkdir -p /d if [[ -d /mnt/r7/d ]]; then sudo mount /d fi @@ -594,7 +630,9 @@ EOF ;; esac - +if bitfolk; then + sudo systemctl disable systemd-networkd +fi ##### setup email primary-setup