X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=a7622848af7171f3437c9f02dcba2c3eb2ef2f1a;hb=c2bf18a9e27233fc9b57450455969fc9e53508b8;hp=045af1a7fd4eede04b5f761970eb0ab9641e04d3;hpb=60eef240a59f76166e24aad79199ac5e06978cad;p=distro-setup

diff --git a/distro-begin b/distro-begin
index 045af1a..a762284 100755
--- a/distro-begin
+++ b/distro-begin
@@ -1,22 +1,29 @@
 #!/bin/bash -l
 # Copyright (C) 2016 Ian Kelling
-# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
-# todo. dunno why, but original bootstrap of timezone is not sticking.
-# fixed manually with:
-# s dpkg-reconfigure tzdata
-# enter 12 then 11.
 
 
 # for bootstrapping a new machine
 
-# to make ssh run better, first run this:
+# in case we need it,
+# to make ssh interactive shell run better, we run this first.
 sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
 
 
-# see t.org for OS installer notes
-
-# usage: $0 [OPTIONS] HOSTNAME
+# usage: $0 [-r] HOSTNAME
 
 # tips:
 # run any sudo command first so your pass is cached
@@ -31,7 +38,7 @@ if [[ $EUID == 0 ]]; then
     fi
 fi
 
-interactive=false  # set this to true if running by hand in emacs
+interactive=true  # set this to false to force set -x
 [[ $- == *i* ]] || interactive=false
 
 if ! $interactive; then
@@ -50,8 +57,6 @@ recompile=false
 bootstrapfs=false # old flag, needs new look before using.
 while [[ $1 == -* ]]; do
     case $1 in
-        # avoid some of the longer compilation steps,
-        # when we need to rerun because we had an error
         -r) recompile=true; shift ;;
     esac
 done
@@ -60,11 +65,14 @@ if [[ $1 ]]; then
     export HOSTNAME=$1
 fi
 
-for f in iank-dev htpc treetowl x2 frodo tp li lj; do
+for f in iank-dev htpc treetowl x2 frodo tp li lj demohost; do
     eval "$f() { [[ $HOSTNAME == $f ]]; }"
 done
-has_p() { iank-dev || x2 || frodo || tp; }
-has_x() { ! { lj || li; }; }
+has_p() { treetowl || x2 || frodo || tp || demohost; }
+has_x() { ! linode; }
+linode() { lj || li; }
+has_btrfs() { ! linode; }
+home_network() { ! linode; }
 encrypted() { has_p; }
 
 shopt -s extglob
@@ -75,6 +83,9 @@ umask 0002
 ####### end command line parsing
 
 PATH="/a/exe:$PATH"
+sed="sed --follow-symlinks"
+
+##### begin setup encryption scripts ######
 if encrypted; then
     # I tried making a service which was dependent on reboot.target,
     # but it happened too late in the shutdown process.
@@ -85,8 +96,9 @@ Description=Turn on automatic decryption of drives on boot
 # generally, I don't think targets order shutdown like they do startup.
 # So, I did systemd-analyze plot > something.svg, and picked a reliably started
 # service that happens late in the game.
-After=postfix.service
+After=ntp.service
 DefaultDependencies=no
+# not sure if needed, makes sure we shut down before reboot.target
 Conflicts=reboot.target
 
 [Service]
@@ -118,24 +130,11 @@ EOF
     sudo systemctl enable keyscriptoff.service
     sudo systemctl start keyscriptoff.service
 fi
+##### end setup encryption scripts ######
 
 
 install-myqueue
 
-if iank-dev; then
-    desktop=$(ssh root@iankelling.org grep desktop /etc/hosts | grep -o "^.* ")
-    if $bootstrapfs; then
-        # for bootstrapping at a new job:
-        cp="scp $desktop:"
-        # for moving to a new hd, change $cp to move between filesystems
-        mkdir -p /a/bin
-        chown -R ian:ian /a # probably needs to be removed
-        $cp/a/c /a
-        $cp/a/c/bin/{bash-programs-by-ian,distro-begin,distro-functions,input-setup.sh} /a/bin
-        echo -e \\n\\n\\n | ssh-keygen -t rsa
-    fi
-fi
-
 # this script has been designed to be idempotent
 # todo, it would be nice to cut down on some of the output
 
@@ -150,17 +149,15 @@ $interactive || errcatch
 set +x
 source /a/bin/distro-functions/src/identify-distros
 $interactive || set -x
-echo path:$PATH
-
 
 if isfedora; then
     # comment out line disallowing calling sudo in scripts
-    sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+    sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
     # turn on magic sysrq commands for this boot cycle
     echo 1 > sudo dd of=/proc/sys/kernel/sysrq
     # selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
     # and you have no idea why.
-    sudo sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+    sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
     selinuxenabled && sudo setenforce 0
 fi
 
@@ -177,6 +174,11 @@ case $distro in
         ;;
 esac
 
+if linode; then
+    sudo $sed -i '/^127\.0\.1\.1/d' /etc/hosts
+    echo "127.0.1.1 $HOSTNAME.lan $HOSTNAME" | sudo tee -a /etc/hosts
+fi
+
 
 if [[ $EUID == 0 ]]; then
     echo "$0: running as root. exiting now that users are setup"
@@ -184,36 +186,24 @@ if [[ $EUID == 0 ]]; then
 fi
 
 
-# link files
-
-lnf-home() {
-    # $2 and opts are unused so far.
-    opts=()
-    while [[ $1 == -* ]]; do
-        opts+=($1)
-        shift
-    done
-    lnf ${opts[@]} "$1" /home/ian/$2
+#### begin link bashrc repo for all users ######
+for x in /a/c/repos/bash/!(.git|..|.); do
+    lnf "$x" /home/ian
     sudo -u traci -i <<EOF
 PATH="/a/exe:$PATH"
-lnf ${opts[@]} "$1" /home/traci/$2
+lnf "$x" /home/traci
 EOF
-}
-
-for x in /a/c/repos/bash/!(.git); do
-    lnf-home "$x"
     sudo -i <<EOF
 PATH="/a/exe:$PATH"
 lnf $x /root
 EOF
 done
+#### end link bashrc repo for all users ######
 
-echo path:$PATH
 
 set +x
 errallow
 source ~/.bashrc
-echo path:$PATH
 $interactive || errcatch
 $interactive || set -x
 
@@ -229,24 +219,16 @@ EOF
 isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
 
 
+# this needs to be before installing pacserve so we have gpg conf.
+conflink
 
 if isdebian; then
     codename=$(debian-codename)
-    # non-existent var, as Im not planning to use stable right now
-    if isdebian-stable; then
-        if has_x; then
-            s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
+    if isdebian-stable && has_x; then
+        s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
 deb http://mozilla.debian.net/ $codename-backports firefox-release
 deb-src http://mozilla.debian.net/ $codename-backports firefox-release
 EOF
-        fi
-
-        # we change the mirror from the default, so we cant use tu
-        s dd of=/etc/apt/sources.list.d/main-backports.list <<EOF
-deb http://http.debian.net/debian $codename-backports main contrib non-free
-deb-src http://http.debian.net/debian $codename-backports main contrib non-free
-EOF
-
         p update
         # take care of mozilla signing errors in previous command
         pi pkg-mozilla-archive-keyring
@@ -278,19 +260,9 @@ if isarch; then
     }
     aurpi cower pacaur
 
-    # for aur, automatically dl & add gpg keys.
-    # Just the keyserver-options line goes in dirmngr.conf once
-    # this bug is fixed: https://bugs.gnupg.org/gnupg/issue2147
-    for homedir in /home/*; do
-        # this creates ~/.gnupg. addgnupghome is kinda broken on arch.
-        HOME=$homedir gpg -k
-        teeu $homedir/.gnupg/gpg.conf <<EOF
-$(grep -o '^ *keyserver .*' $homedir/.gnupg/dirmngr.conf)
-keyserver-options auto-key-retrieve
-EOF
-    done
     pi pacserve
-    x=$(mktemp); /a/opt/pacman.conf-insert_pacserve >$x
+
+    x=$(mktemp); /usr/bin/pacman.conf-insert_pacserve >$x
     sudo dd of=/etc/pacman.conf if=$x; rm $x
     sudo systemctl enable pacserve.service
     sudo systemctl start pacserve.service
@@ -314,14 +286,8 @@ pi trash-cli
 #s hostname -F /etc/hostname
 #HOSTNAME=$(hostname)
 
-#########################################
-# NOTE: only /a needs to be mounted for creating links!
-###########################################
 
-# todo: reconcile ~/.ssh/config work/home
-s lnf -T /q/p /p
 s lnf -T /a/bin /b
-conflink
 
 if has_p; then
     lnf -T /p/offlineimap ~/Maildir
@@ -332,15 +298,6 @@ fi
 s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
   /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
 
-d=/q/p/c/machine_specific/$HOSTNAME/.unison
-if ! s test -L /root/.unison && [[ ! $(s find /root/.unison -prune -empty) ]]; then
-    mkdir -p $d
-    s chown -R $USER:$USER /root/.unison
-    mv -f /root/.unison/* $d
-fi
-s lnf -T $d /root/.unison
-
-
 rootsshsync
 
 s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
@@ -363,20 +320,33 @@ case $(distro-name) in
             if isdebian-stable; then
                 pi firefox/$codename-backports
             else
-                pi firefox/unstable # has no unstable dependencies
+                # for a while, firefox/unstable did not have
+                # dependencies satisfied by testing packages, and i hit
+                # a conflict, it wanted a newer libfontconfig1, but
+                # emacs build-deps wanted an older one. In this case,
+                # I switch to using firefox-esr. note: They seem
+                # to release a new esr version every 9 months or so.
+                pi firefox/unstable
             fi
         fi
         # for hosts which require nonfree drivers
-        case $HOSTNAME in
-            tp|x2) : ;;
-            *) pi linux-image-amd64 firmware-linux-nonfree \
-                  firmware-linux-free linux-headers-amd64
-               ;;
-        esac
+        # i previously had extra packages listed here linux-image-amd64
+        # firmware-linux-free linux-headers-amd64, but I
+        # don\'t see any reason why. seems to work in testing without.
+        # remove this note if it continues to work.
+        p=firmware-linux-nonfree
+        if apt-cache show $p &>/dev/null; then
+            pi $p
+        fi
         ;;&
     ubuntu|debian)
         if has_x; then
-            pi xmacro gtk-redshift xinput
+            if isdebian-stable; then
+                pi xmacro
+            else
+                pi xmacro/unstable # has no unstable deps
+            fi
+            pi gtk-redshift xinput
         fi
         ;;&
     fedora)
@@ -540,7 +510,16 @@ EOF
         ;;&
     ubuntu|debian|fedora)
         if has_x; then
-            pi xkbset
+            if isdebian-stable; then
+                pi xkbset
+            else
+                # xkbset was in testing for quite a while, dunno
+                # why it\'s not anymore. Sometime I should check and
+                # see if it\'s back in testing, but the unstable package
+                # doesn\'t upgrade anything form testing, and it\'s tiny
+                # so I\'m not bothering to automate it.
+                pi xkbset/unstable
+            fi
         fi
         ;;&
 esac
@@ -550,7 +529,7 @@ if has_x; then
 fi
 pi cryptsetup lvm2
 # enables trim for volume delete, other rare commands.
-sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+sudo $sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
 
 if encrypted; then
     if isdeb; then
@@ -564,43 +543,107 @@ dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
 s mkdir -p "${dirs[@]}"
 s chown ian:ian  "${dirs[@]}"
 
-if [[ $HOSTNAME == treetowl ]]; then
-    tu /etc/fstab <<'EOF'
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs  noatime    0 2
-EOF
-else
-    tu /etc/fstab <<'EOF'
-/q/i  /i  none  bind  0 0
-EOF
-fi
 
 tu /etc/fstab <<'EOF'
-/i/w  /w  none  bind  0 0
-/i/k  /k  none  bind  0 0
+/i/w  /w  none  bind,noauto  0 0
+/i/k  /k  none  bind,noauto  0 0
 EOF
 
-if ! mountpoint /kfrodo; then
-    s mkdir -p /kfrodo
-    s chown ian:traci /kfrodo
+
+if ! mountpoint /kr; then
+    s mkdir -p /kr
+    s chown ian:traci /kr
 fi
-if [[ $HOSTNAME == frodo ]]; then
-    tu /etc/fstab <<'EOF'
-/k  /kfrodo  none  bind  0 0
+
+if home_network; then
+    if [[ $HOSTNAME == treetowl ]]; then
+        tu /etc/fstab <<'EOF'
+/k  /kr  none  bind,noauto  0 0
 EOF
-else
-    tu /etc/fstab <<'EOF'
-frodo:/k  /kfrodo  nfs  defaults  0 0
+    else
+        tu /etc/fstab <<'EOF'
+treetowl:/k  /kr  nfs  noauto  0 0
 EOF
+    fi
 fi
 
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
 for dir in /{i,w,k}; do
-    if mountpoint $dir; then continue; fi
+    if mountpoint $dir; then continue; fi # already mounted
     s mkdir -p $dir
     s chown ian:ian $dir
-    s mount $dir
 done
 
+# not needed for all hosts, but rather just keep it uniform
+s mkdir -p /mnt/iroot
+
+# debian auto mounting of multi-disk encrypted btrfs is busted.  It is
+# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
+# based on 3 of those, it creates .device units for /dev/mapper/dev...
+# then waits endlessly for them on bootup, after the /dev/mapper disks
+# have already been created and exist. todo: create a simple repro
+# for this in a vm and report it upstream.
+if has_btrfs || home_network; then
+    pi nfs-common
+    s dd of=/root/imount <<'EOF'
+#!/bin/bash
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+for dir in /i /mnt/iroot /k /kr /w; do
+    if ! mountpoint $dir &>/dev/null && \
+            awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+        if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+            mount $dir || echo "warning: failed to mount nfs on $dir"
+        else
+            mount $dir
+        fi
+    fi
+done
+EOF
+    s chmod +x /root/imount
+
+    s dd of=/etc/systemd/system/imount.service <<'EOF'
+[Unit]
+Description=Mount /i and related mountpoints
+
+[Service]
+Type=oneshot
+ExecStart=/root/imount
+
+[Install]
+# note /kr needs networking, this target is the simplest way to
+# time it when the network should be up, but not do something
+# dumb like delay startup until the network is up. It happens
+# at some time after network.target
+WantedBy=multi-user.target
+EOF
+    sudo systemctl daemon-reload # needed if the file was already there
+    sudo systemctl enable imount.service
+    sudo systemctl start imount.service
+fi
+
+dir=/nocow
+if has_btrfs; then
+    if ! mountpoint $dir; then
+        subvol=/mnt/root/nocow
+        if [[ ! -e $subvol ]]; then
+            s btrfs subvolume create $subvol
+            s chown root:1000 $subvol
+            s chattr +C $subvol
+        fi
+
+        first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+        tu /etc/fstab <<EOF
+$first_root_crypt  /nocow  btrfs  noatime,subvol=nocow  0 0
+EOF
+        s mkdir -p $dir
+        s chown ian:ian $dir
+        s mount $dir
+    fi
+else
+    sudo mkdir -p $dir
+fi
 
 # ssh and probably some other things care about parent directory
 # ownership, and ssh doesn\'t allow any group writable parent
@@ -620,6 +663,7 @@ fi
 # work desktop doesnt need gpg stuff, but it doesnt hurt
 s dd of=/etc/profile.d/environment.sh <<'EOF'
 # IAN: EDIT THIS FROM /a/bin/distro-setup/distro-begin
+export ACME_TINY_WRAPPER_CERT_DIR=/p/c/machine_specific/$HOSTNAME/webservercerts
 
 if [ -f $HOME/path_add-function ]; then
     . $HOME/path_add-function
@@ -682,14 +726,47 @@ umask 002
 EOF
 
 
-
-postfix-setup
+if isdeb; then
+    # I\'ve had problems with postfix on debian:
+    # on stretch, a startup ordering issue caused all mail to fail.
+    # postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
+    # exim4 is default on debian, so I assume it would
+    # be packaged better to avoid these types of things.
+    # I haven\'t gotten around to getting a non-debian exim
+    # setup.
+    mail-setup exim4
+else
+    mail-setup postfix
+fi
 
 if isubuntu; then
     # disable crash report annoying crap
     s dd of=/etc/default/apport <<<'enabled=0'
 fi
 
+# fai sets this an old way that doesn't work for stretch.
+# no harm in setting it universally here.
+# using debconf-set-selection, the area gets reset to ETC
+# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
+# so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
+s apt-get -y install --no-install-recommends expect
+s expect <<EOF
+set force_conservative 0
+spawn dpkg-reconfigure tzdata -freadline
+expect -nocase timeout {exit 1} "Geographic area:"
+send "12\r"
+expect -nocase timeout {exit 1} "Time zone:"
+send "11\r"
+expect eof
+exit
+EOF
+
+
 if has_x; then
     if isarch; then
         # install so it's build dependencies don't get removed.
@@ -707,12 +784,10 @@ if has_x; then
         fi
         pi hunspell hunspell-en
     else
-        # to disable emacs git build,
-        # s apt-get install emacs
         if $recompile; then
-            /a/bin/buildscripts/emacs -u
+            /a/bin/buildscripts/emacs
         else
-            /a/bin/buildscripts/emacs -r
+            /a/bin/buildscripts/emacs --no-r || /a/bin/buildscripts/emacs
         fi
     fi
 
@@ -726,11 +801,11 @@ if has_x; then
             dir=/etc/gdm
         fi
         s mkdir -p $dir/PostLogin
-        s command cp /a/bin/desktop-20-autostart.sh $dir/PostLogin/Default
+        s command cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
         s mkdir /etc/lightdm/lightdm.conf.d
         s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF'
 [SeatDefaults]
-session-setup-script=/a/bin/desktop-20-autostart.sh
+session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
 EOF
     fi
 
@@ -756,8 +831,12 @@ EOF
         # https://wiki.archlinux.org/index.php/Xinitrc
         for homedir in /home/*; do
             cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
-            sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
-            echo "source /a/bin/xinitrc" | tee -a $homedir/.xinitrc
+            $sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
+            tee -a $homedir/.xinitrc <<'EOF'
+/a/bin/desktop-20-autostart.sh
+xsetroot -cursor_name left_ptr
+exec xmonad
+EOF
         done
     else
         pi suckless-tools
@@ -769,6 +848,6 @@ EOF
     fi
 fi
 
-# the first pup command can kill off our /etc/
-/a/bin/ssh-emacs-setup
+# the first pup command can kill off our /etc/ mod, so rerun this
+/a/exe/ssh-emacs-setup
 echo "$0: $(date): ending now"