X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-begin;h=a7622848af7171f3437c9f02dcba2c3eb2ef2f1a;hb=c2bf18a9e27233fc9b57450455969fc9e53508b8;hp=b03134890ea3e4e67de6ade28ac275bbbd2771a4;hpb=3a3b7a50177e551b41d7857154f932b1c0dbbf4f;p=distro-setup

diff --git a/distro-begin b/distro-begin
index b031348..a762284 100755
--- a/distro-begin
+++ b/distro-begin
@@ -1,12 +1,12 @@
 #!/bin/bash -l
 # Copyright (C) 2016 Ian Kelling
-
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -68,9 +68,11 @@ fi
 for f in iank-dev htpc treetowl x2 frodo tp li lj demohost; do
     eval "$f() { [[ $HOSTNAME == $f ]]; }"
 done
-has_p() { treetowl || iank-dev || x2 || frodo || tp || demohost; }
-has_x() { ! { lj || li; }; }
+has_p() { treetowl || x2 || frodo || tp || demohost; }
+has_x() { ! linode; }
 linode() { lj || li; }
+has_btrfs() { ! linode; }
+home_network() { ! linode; }
 encrypted() { has_p; }
 
 shopt -s extglob
@@ -94,7 +96,7 @@ Description=Turn on automatic decryption of drives on boot
 # generally, I don't think targets order shutdown like they do startup.
 # So, I did systemd-analyze plot > something.svg, and picked a reliably started
 # service that happens late in the game.
-After=postfix.service
+After=ntp.service
 DefaultDependencies=no
 # not sure if needed, makes sure we shut down before reboot.target
 Conflicts=reboot.target
@@ -217,7 +219,6 @@ EOF
 isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
 
 
-s lnf -T /q/p /p
 # this needs to be before installing pacserve so we have gpg conf.
 conflink
 
@@ -319,12 +320,13 @@ case $(distro-name) in
             if isdebian-stable; then
                 pi firefox/$codename-backports
             else
-                # for a while, firefox/unstable had all it\'s deps satisfied
-                # by testing packages, but now i hit a conflict,
-                # it wanted a newer libfontconfig1, but emacs build-deps
-                # wanted an older one. Oh well, they seem to release
-                # a new esr version every 9 months or so.
-                pi firefox-esr
+                # for a while, firefox/unstable did not have
+                # dependencies satisfied by testing packages, and i hit
+                # a conflict, it wanted a newer libfontconfig1, but
+                # emacs build-deps wanted an older one. In this case,
+                # I switch to using firefox-esr. note: They seem
+                # to release a new esr version every 9 months or so.
+                pi firefox/unstable
             fi
         fi
         # for hosts which require nonfree drivers
@@ -512,14 +514,14 @@ EOF
                 pi xkbset
             else
                 # xkbset was in testing for quite a while, dunno
-                # why it's not anymore. Sometime I should check and
-                # see if it's back in testing, but the unstable package
-                # doesn't upgrade anything form testing, and it's tiny
-                # so I'm not bothering to automate it.
+                # why it\'s not anymore. Sometime I should check and
+                # see if it\'s back in testing, but the unstable package
+                # doesn\'t upgrade anything form testing, and it\'s tiny
+                # so I\'m not bothering to automate it.
                 pi xkbset/unstable
-fi
-fi
-;;&
+            fi
+        fi
+        ;;&
 esac
 
 if has_x; then
@@ -541,43 +543,107 @@ dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
 s mkdir -p "${dirs[@]}"
 s chown ian:ian  "${dirs[@]}"
 
-if [[ $HOSTNAME == treetowl ]]; then
-    tu /etc/fstab <<'EOF'
-/dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84REK6NTFS9A-part1 /i btrfs  noatime,subvol=i  0 0
-EOF
-else
-    tu /etc/fstab <<'EOF'
-/q/i  /i  none  bind  0 0
-EOF
-fi
 
 tu /etc/fstab <<'EOF'
-/i/w  /w  none  bind  0 0
-/i/k  /k  none  bind  0 0
+/i/w  /w  none  bind,noauto  0 0
+/i/k  /k  none  bind,noauto  0 0
 EOF
 
+
 if ! mountpoint /kr; then
     s mkdir -p /kr
     s chown ian:traci /kr
 fi
-if [[ $HOSTNAME == treetowl ]]; then
-    tu /etc/fstab <<'EOF'
-/k  /kr  none  bind  0 0
+
+if home_network; then
+    if [[ $HOSTNAME == treetowl ]]; then
+        tu /etc/fstab <<'EOF'
+/k  /kr  none  bind,noauto  0 0
 EOF
-else
-    tu /etc/fstab <<'EOF'
-treetowl:/k  /kr  nfs  defaults  0 0
+    else
+        tu /etc/fstab <<'EOF'
+treetowl:/k  /kr  nfs  noauto  0 0
 EOF
+    fi
 fi
 
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
 for dir in /{i,w,k}; do
-    if mountpoint $dir; then continue; fi
+    if mountpoint $dir; then continue; fi # already mounted
     s mkdir -p $dir
     s chown ian:ian $dir
-    s mount $dir
 done
 
+# not needed for all hosts, but rather just keep it uniform
+s mkdir -p /mnt/iroot
+
+# debian auto mounting of multi-disk encrypted btrfs is busted.  It is
+# in jessie, and in stretch as of 11/26/2016 I have 4 disks in cryptab,
+# based on 3 of those, it creates .device units for /dev/mapper/dev...
+# then waits endlessly for them on bootup, after the /dev/mapper disks
+# have already been created and exist. todo: create a simple repro
+# for this in a vm and report it upstream.
+if has_btrfs || home_network; then
+    pi nfs-common
+    s dd of=/root/imount <<'EOF'
+#!/bin/bash
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+for dir in /i /mnt/iroot /k /kr /w; do
+    if ! mountpoint $dir &>/dev/null && \
+            awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+        if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+            mount $dir || echo "warning: failed to mount nfs on $dir"
+        else
+            mount $dir
+        fi
+    fi
+done
+EOF
+    s chmod +x /root/imount
+
+    s dd of=/etc/systemd/system/imount.service <<'EOF'
+[Unit]
+Description=Mount /i and related mountpoints
+
+[Service]
+Type=oneshot
+ExecStart=/root/imount
+
+[Install]
+# note /kr needs networking, this target is the simplest way to
+# time it when the network should be up, but not do something
+# dumb like delay startup until the network is up. It happens
+# at some time after network.target
+WantedBy=multi-user.target
+EOF
+    sudo systemctl daemon-reload # needed if the file was already there
+    sudo systemctl enable imount.service
+    sudo systemctl start imount.service
+fi
+
+dir=/nocow
+if has_btrfs; then
+    if ! mountpoint $dir; then
+        subvol=/mnt/root/nocow
+        if [[ ! -e $subvol ]]; then
+            s btrfs subvolume create $subvol
+            s chown root:1000 $subvol
+            s chattr +C $subvol
+        fi
+
+        first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+        tu /etc/fstab <<EOF
+$first_root_crypt  /nocow  btrfs  noatime,subvol=nocow  0 0
+EOF
+        s mkdir -p $dir
+        s chown ian:ian $dir
+        s mount $dir
+    fi
+else
+    sudo mkdir -p $dir
+fi
 
 # ssh and probably some other things care about parent directory
 # ownership, and ssh doesn\'t allow any group writable parent
@@ -660,8 +726,18 @@ umask 002
 EOF
 
 
-
-postfix-setup
+if isdeb; then
+    # I\'ve had problems with postfix on debian:
+    # on stretch, a startup ordering issue caused all mail to fail.
+    # postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
+    # exim4 is default on debian, so I assume it would
+    # be packaged better to avoid these types of things.
+    # I haven\'t gotten around to getting a non-debian exim
+    # setup.
+    mail-setup exim4
+else
+    mail-setup postfix
+fi
 
 if isubuntu; then
     # disable crash report annoying crap
@@ -673,6 +749,11 @@ fi
 # using debconf-set-selection, the area gets reset to ETC
 # on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
 # so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
 s apt-get -y install --no-install-recommends expect
 s expect <<EOF
 set force_conservative 0