X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=a7622848af7171f3437c9f02dcba2c3eb2ef2f1a;hb=c2bf18a9e27233fc9b57450455969fc9e53508b8;hp=222eb5ceca2ece5b8b9cccacce59bac8368b051e;hpb=aa8ff7aafcbe3cc05b1394818abf1c2f00b78a52;p=distro-setup

diff --git a/distro-begin b/distro-begin
index 222eb5c..a762284 100755
--- a/distro-begin
+++ b/distro-begin
@@ -1,12 +1,12 @@
 #!/bin/bash -l
 # Copyright (C) 2016 Ian Kelling
-
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -14,21 +14,16 @@
 # limitations under the License.
 
 
-# todo. dunno why, but original bootstrap of timezone is not sticking.
-# fixed manually with:
-# s dpkg-reconfigure tzdata
-# enter 12 then 11.
 
 
 # for bootstrapping a new machine
 
-# to make ssh run better, first run this:
+# in case we need it,
+# to make ssh interactive shell run better, we run this first.
 sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/exe/ssh-emacs-setup'
 
 
-# see t.org for OS installer notes
-
-# usage: $0 [OPTIONS] HOSTNAME
+# usage: $0 [-r] HOSTNAME
 
 # tips:
 # run any sudo command first so your pass is cached
@@ -43,7 +38,7 @@ if [[ $EUID == 0 ]]; then
     fi
 fi
 
-interactive=false  # set this to true if running by hand in emacs
+interactive=true  # set this to false to force set -x
 [[ $- == *i* ]] || interactive=false
 
 if ! $interactive; then
@@ -62,8 +57,6 @@ recompile=false
 bootstrapfs=false # old flag, needs new look before using.
 while [[ $1 == -* ]]; do
     case $1 in
-        # avoid some of the longer compilation steps,
-        # when we need to rerun because we had an error
         -r) recompile=true; shift ;;
     esac
 done
@@ -75,9 +68,11 @@ fi
 for f in iank-dev htpc treetowl x2 frodo tp li lj demohost; do
     eval "$f() { [[ $HOSTNAME == $f ]]; }"
 done
-has_p() { iank-dev || x2 || frodo || tp; }
-has_x() { ! { lj || li || demohost; }; }
+has_p() { treetowl || x2 || frodo || tp || demohost; }
+has_x() { ! linode; }
 linode() { lj || li; }
+has_btrfs() { ! linode; }
+home_network() { ! linode; }
 encrypted() { has_p; }
 
 shopt -s extglob
@@ -88,6 +83,9 @@ umask 0002
 ####### end command line parsing
 
 PATH="/a/exe:$PATH"
+sed="sed --follow-symlinks"
+
+##### begin setup encryption scripts ######
 if encrypted; then
     # I tried making a service which was dependent on reboot.target,
     # but it happened too late in the shutdown process.
@@ -98,7 +96,7 @@ Description=Turn on automatic decryption of drives on boot
 # generally, I don't think targets order shutdown like they do startup.
 # So, I did systemd-analyze plot > something.svg, and picked a reliably started
 # service that happens late in the game.
-After=postfix.service
+After=ntp.service
 DefaultDependencies=no
 # not sure if needed, makes sure we shut down before reboot.target
 Conflicts=reboot.target
@@ -132,24 +130,11 @@ EOF
     sudo systemctl enable keyscriptoff.service
     sudo systemctl start keyscriptoff.service
 fi
+##### end setup encryption scripts ######
 
 
 install-myqueue
 
-if iank-dev; then
-    desktop=$(ssh root@iankelling.org grep desktop /etc/hosts | grep -o "^.* ")
-    if $bootstrapfs; then
-        # for bootstrapping at a new job:
-        cp="scp $desktop:"
-        # for moving to a new hd, change $cp to move between filesystems
-        mkdir -p /a/bin
-        chown -R ian:ian /a # probably needs to be removed
-        $cp/a/c /a
-        $cp/a/c/bin/{bash-programs-by-ian,distro-begin,distro-functions,input-setup.sh} /a/bin
-        echo -e \\n\\n\\n | ssh-keygen -t rsa
-    fi
-fi
-
 # this script has been designed to be idempotent
 # todo, it would be nice to cut down on some of the output
 
@@ -164,17 +149,15 @@ $interactive || errcatch
 set +x
 source /a/bin/distro-functions/src/identify-distros
 $interactive || set -x
-echo path:$PATH
-
 
 if isfedora; then
     # comment out line disallowing calling sudo in scripts
-    sudo sed -i --follow-symlinks 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+    sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
     # turn on magic sysrq commands for this boot cycle
     echo 1 > sudo dd of=/proc/sys/kernel/sysrq
     # selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
     # and you have no idea why.
-    sudo sed -i --follow-symlinks 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+    sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
     selinuxenabled && sudo setenforce 0
 fi
 
@@ -192,7 +175,7 @@ case $distro in
 esac
 
 if linode; then
-    sudo sed -i '/^127\.0\.1\.1/d' /etc/hosts
+    sudo $sed -i '/^127\.0\.1\.1/d' /etc/hosts
     echo "127.0.1.1 $HOSTNAME.lan $HOSTNAME" | sudo tee -a /etc/hosts
 fi
 
@@ -203,36 +186,24 @@ if [[ $EUID == 0 ]]; then
 fi
 
 
-# link files
-
-lnf-home() {
-    # $2 and opts are unused so far.
-    opts=()
-    while [[ $1 == -* ]]; do
-        opts+=($1)
-        shift
-    done
-    lnf ${opts[@]} "$1" /home/ian/$2
+#### begin link bashrc repo for all users ######
+for x in /a/c/repos/bash/!(.git|..|.); do
+    lnf "$x" /home/ian
     sudo -u traci -i <<EOF
 PATH="/a/exe:$PATH"
-lnf ${opts[@]} "$1" /home/traci/$2
+lnf "$x" /home/traci
 EOF
-}
-
-for x in /a/c/repos/bash/!(.git); do
-    lnf-home "$x"
     sudo -i <<EOF
 PATH="/a/exe:$PATH"
 lnf $x /root
 EOF
 done
+#### end link bashrc repo for all users ######
 
-echo path:$PATH
 
 set +x
 errallow
 source ~/.bashrc
-echo path:$PATH
 $interactive || errcatch
 $interactive || set -x
 
@@ -248,6 +219,8 @@ EOF
 isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
 
 
+# this needs to be before installing pacserve so we have gpg conf.
+conflink
 
 if isdebian; then
     codename=$(debian-codename)
@@ -269,10 +242,6 @@ EOF
     fi
 fi
 
-s lnf -T /q/p /p
-# this needs to be before installing pacserve so we have gpg conf.
-conflink
-
 if isarch; then
     #https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages
     sudo pacman -S --noconfirm --needed base-devel jq
@@ -351,12 +320,13 @@ case $(distro-name) in
             if isdebian-stable; then
                 pi firefox/$codename-backports
             else
-                # for a while, firefox/unstable had all it\'s deps satisfied
-                # by testing packages, but now i hit a conflict,
-                # it wanted a newer libfontconfig1, but emacs build-deps
-                # wanted an older one. Oh well, they seem to release
-                # a new esr version every 9 months or so.
-                pi firefox-esr
+                # for a while, firefox/unstable did not have
+                # dependencies satisfied by testing packages, and i hit
+                # a conflict, it wanted a newer libfontconfig1, but
+                # emacs build-deps wanted an older one. In this case,
+                # I switch to using firefox-esr. note: They seem
+                # to release a new esr version every 9 months or so.
+                pi firefox/unstable
             fi
         fi
         # for hosts which require nonfree drivers
@@ -371,7 +341,12 @@ case $(distro-name) in
         ;;&
     ubuntu|debian)
         if has_x; then
-            pi xmacro gtk-redshift xinput
+            if isdebian-stable; then
+                pi xmacro
+            else
+                pi xmacro/unstable # has no unstable deps
+            fi
+            pi gtk-redshift xinput
         fi
         ;;&
     fedora)
@@ -539,14 +514,14 @@ EOF
                 pi xkbset
             else
                 # xkbset was in testing for quite a while, dunno
-                # why it's not anymore. Sometime I should check and
-                # see if it's back in testing, but the unstable package
-                # doesn't upgrade anything form testing, and it's tiny
-                # so I'm not bothering to automate it.
+                # why it\'s not anymore. Sometime I should check and
+                # see if it\'s back in testing, but the unstable package
+                # doesn\'t upgrade anything form testing, and it\'s tiny
+                # so I\'m not bothering to automate it.
                 pi xkbset/unstable
-fi
-fi
-;;&
+            fi
+        fi
+        ;;&
 esac
 
 if has_x; then
@@ -554,7 +529,7 @@ if has_x; then
 fi
 pi cryptsetup lvm2
 # enables trim for volume delete, other rare commands.
-sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+sudo $sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
 
 if encrypted; then
     if isdeb; then
@@ -568,43 +543,107 @@ dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
 s mkdir -p "${dirs[@]}"
 s chown ian:ian  "${dirs[@]}"
 
-if [[ $HOSTNAME == treetowl ]]; then
-    tu /etc/fstab <<'EOF'
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs  noatime    0 2
-EOF
-else
-    tu /etc/fstab <<'EOF'
-/q/i  /i  none  bind  0 0
-EOF
-fi
 
 tu /etc/fstab <<'EOF'
-/i/w  /w  none  bind  0 0
-/i/k  /k  none  bind  0 0
+/i/w  /w  none  bind,noauto  0 0
+/i/k  /k  none  bind,noauto  0 0
 EOF
 
-if ! mountpoint /kfrodo; then
-    s mkdir -p /kfrodo
-    s chown ian:traci /kfrodo
+
+if ! mountpoint /kr; then
+    s mkdir -p /kr
+    s chown ian:traci /kr
 fi
-if [[ $HOSTNAME == frodo ]]; then
-    tu /etc/fstab <<'EOF'
-/k  /kfrodo  none  bind  0 0
+
+if home_network; then
+    if [[ $HOSTNAME == treetowl ]]; then
+        tu /etc/fstab <<'EOF'
+/k  /kr  none  bind,noauto  0 0
 EOF
-else
-    tu /etc/fstab <<'EOF'
-frodo:/k  /kfrodo  nfs  defaults  0 0
+    else
+        tu /etc/fstab <<'EOF'
+treetowl:/k  /kr  nfs  noauto  0 0
 EOF
+    fi
 fi
 
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
 for dir in /{i,w,k}; do
-    if mountpoint $dir; then continue; fi
+    if mountpoint $dir; then continue; fi # already mounted
     s mkdir -p $dir
     s chown ian:ian $dir
-    s mount $dir
 done
 
+# not needed for all hosts, but rather just keep it uniform
+s mkdir -p /mnt/iroot
+
+# debian auto mounting of multi-disk encrypted btrfs is busted.  It is
+# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
+# based on 3 of those, it creates .device units for /dev/mapper/dev...
+# then waits endlessly for them on bootup, after the /dev/mapper disks
+# have already been created and exist. todo: create a simple repro
+# for this in a vm and report it upstream.
+if has_btrfs || home_network; then
+    pi nfs-common
+    s dd of=/root/imount <<'EOF'
+#!/bin/bash
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+for dir in /i /mnt/iroot /k /kr /w; do
+    if ! mountpoint $dir &>/dev/null && \
+            awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+        if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+            mount $dir || echo "warning: failed to mount nfs on $dir"
+        else
+            mount $dir
+        fi
+    fi
+done
+EOF
+    s chmod +x /root/imount
+
+    s dd of=/etc/systemd/system/imount.service <<'EOF'
+[Unit]
+Description=Mount /i and related mountpoints
+
+[Service]
+Type=oneshot
+ExecStart=/root/imount
+
+[Install]
+# note /kr needs networking, this target is the simplest way to
+# time it when the network should be up, but not do something
+# dumb like delay startup until the network is up. It happens
+# at some time after network.target
+WantedBy=multi-user.target
+EOF
+    sudo systemctl daemon-reload # needed if the file was already there
+    sudo systemctl enable imount.service
+    sudo systemctl start imount.service
+fi
+
+dir=/nocow
+if has_btrfs; then
+    if ! mountpoint $dir; then
+        subvol=/mnt/root/nocow
+        if [[ ! -e $subvol ]]; then
+            s btrfs subvolume create $subvol
+            s chown root:1000 $subvol
+            s chattr +C $subvol
+        fi
+
+        first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+        tu /etc/fstab <<EOF
+$first_root_crypt  /nocow  btrfs  noatime,subvol=nocow  0 0
+EOF
+        s mkdir -p $dir
+        s chown ian:ian $dir
+        s mount $dir
+    fi
+else
+    sudo mkdir -p $dir
+fi
 
 # ssh and probably some other things care about parent directory
 # ownership, and ssh doesn\'t allow any group writable parent
@@ -687,14 +726,47 @@ umask 002
 EOF
 
 
-
-postfix-setup
+if isdeb; then
+    # I\'ve had problems with postfix on debian:
+    # on stretch, a startup ordering issue caused all mail to fail.
+    # postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
+    # exim4 is default on debian, so I assume it would
+    # be packaged better to avoid these types of things.
+    # I haven\'t gotten around to getting a non-debian exim
+    # setup.
+    mail-setup exim4
+else
+    mail-setup postfix
+fi
 
 if isubuntu; then
     # disable crash report annoying crap
     s dd of=/etc/default/apport <<<'enabled=0'
 fi
 
+# fai sets this an old way that doesn't work for stretch.
+# no harm in setting it universally here.
+# using debconf-set-selection, the area gets reset to ETC
+# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
+# so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
+s apt-get -y install --no-install-recommends expect
+s expect <<EOF
+set force_conservative 0
+spawn dpkg-reconfigure tzdata -freadline
+expect -nocase timeout {exit 1} "Geographic area:"
+send "12\r"
+expect -nocase timeout {exit 1} "Time zone:"
+send "11\r"
+expect eof
+exit
+EOF
+
+
 if has_x; then
     if isarch; then
         # install so it's build dependencies don't get removed.
@@ -712,12 +784,10 @@ if has_x; then
         fi
         pi hunspell hunspell-en
     else
-        # to disable emacs git build,
-        # s apt-get install emacs
         if $recompile; then
-            /a/bin/buildscripts/emacs -u
+            /a/bin/buildscripts/emacs
         else
-            /a/bin/buildscripts/emacs -r
+            /a/bin/buildscripts/emacs --no-r || /a/bin/buildscripts/emacs
         fi
     fi
 
@@ -731,11 +801,11 @@ if has_x; then
             dir=/etc/gdm
         fi
         s mkdir -p $dir/PostLogin
-        s command cp /a/bin/desktop-20-autostart.sh $dir/PostLogin/Default
+        s command cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
         s mkdir /etc/lightdm/lightdm.conf.d
         s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF'
 [SeatDefaults]
-session-setup-script=/a/bin/desktop-20-autostart.sh
+session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
 EOF
     fi
 
@@ -761,8 +831,12 @@ EOF
         # https://wiki.archlinux.org/index.php/Xinitrc
         for homedir in /home/*; do
             cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
-            sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
-            echo "source /a/bin/xinitrc" | tee -a $homedir/.xinitrc
+            $sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
+            tee -a $homedir/.xinitrc <<'EOF'
+/a/bin/desktop-20-autostart.sh
+xsetroot -cursor_name left_ptr
+exec xmonad
+EOF
         done
     else
         pi suckless-tools
@@ -774,6 +848,6 @@ EOF
     fi
 fi
 
-# the first pup command can kill off our /etc/
-/a/bin/ssh-emacs-setup
+# the first pup command can kill off our /etc/ mod, so rerun this
+/a/exe/ssh-emacs-setup
 echo "$0: $(date): ending now"