X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=09ad1de2ec7b3ea63bb081adda46b25ad19f19c4;hb=602a1874cc11a7d371890cdae4c0dc982267ea89;hp=434ca2aec0a5e0f923d773e1ac1f4b515e04f72f;hpb=2a1cee2e73d9291dde9af831bbe9e996199b7cbc;p=distro-setup

diff --git a/distro-end b/distro-end
index 434ca2a..09ad1de 100755
--- a/distro-end
+++ b/distro-end
@@ -43,7 +43,7 @@ end() {
 }
 pre="${0##*/}:"
 sudo() {
-  printf "$pre %s\n"  "$*"
+  printf "$pre sudo %s\n"  "$*"
   SUDOD="$PWD" command sudo "$@";
 }
 m() { printf "$pre %s\n"  "$*"; "$@"; }
@@ -155,10 +155,12 @@ esac
 # fi
 
 
+
+
 pi debootstrap
 ######### begin universal pinned packages ######
 case $(debian-codename) in
-  nabia|etiona|flidas)
+  etiona|flidas|nabia|aramo)
     sudo rm -fv /etc/apt/preferences.d/etiona-buster
     sd /etc/apt/preferences.d/trisquel-debian <<EOF
 Explanation: Debian* includes Debian + Debian Backports
@@ -340,29 +342,14 @@ EOF
 
 
     ;;&
-  nabia|etiona)
+  aramo|nabia|etiona)
     # for ziva
     #p install --no-install-recommends minetest/buster libleveldb1d/buster libncursesw6/buster libtinfo6/buster
     doupdate=false
-    for n in buster bullseye; do
+    for n in bullseye; do
       f=/etc/apt/sources.list.d/$n.list
       t=$(mktemp)
       case $n in
-        buster)
-          cat >$t <<'EOF'
-deb http://http.us.debian.org/debian buster main
-deb-src http://http.us.debian.org/debian buster main
-
-deb http://security.debian.org/ buster/updates main
-deb-src http://security.debian.org/ buster/updates main
-
-deb http://http.us.debian.org/debian buster-updates main
-deb-src http://http.us.debian.org/debian buster-updates main
-
-deb http://http.debian.net/debian buster-backports main
-deb-src http://http.debian.net/debian buster-backports main
-EOF
-          ;;
         bullseye)
           cat >$t <<'EOF'
 EOF
@@ -484,6 +471,34 @@ Pin: release n=bionic,o=Ubuntu
 Pin-Priority: -100
 EOF
 
+    ;;&
+  nabia)
+    sd /etc/apt/preferences.d/aramo-nabia <<'EOF'
+Package: *
+Pin: release n=aramo*,o=Trisquel
+Pin-Priority: -100
+EOF
+    f=/etc/apt/sources.list.d/aramo.list
+    t=$(mktemp)
+    cat >$t <<'EOF'
+deb http://mirror.fsf.org/trisquel/ aramo main
+deb-src http://mirror.fsf.org/trisquel/ aramo main
+
+deb http://mirror.fsf.org/trisquel/ aramo-updates main
+deb-src http://mirror.fsf.org/trisquel/ aramo-updates main
+
+deb http://archive.trisquel.info/trisquel/ aramo-security main
+deb-src http://archive.trisquel.info/trisquel/ aramo-security main
+
+# Uncomment this lines to enable the backports optional repository
+deb http://mirror.fsf.org/trisquel/ aramo-backports main
+deb-src http://mirror.fsf.org/trisquel/ aramo-backports main
+EOF
+    if ! diff -q $t $f; then
+      sudo dd if=$t of=$f 2>/dev/null
+      p update
+    fi
+
     ;;&
   *)
     if isdeb; then
@@ -492,7 +507,11 @@ EOF
     ;;
 esac
 
-
+case $codename_compat in
+  jammy)
+    s systemctl enable ssh-agent-iank
+    ;;
+esac
 
 case $codename_compat in
   focal)
@@ -525,9 +544,21 @@ Pin-Priority: 500
 EOF
     ;;
   nabia)
+    # note, to get the latest, it would be n=bullseye*
+    # but that has conflicting package versions, so this does the old one.
+    # I only use it for special rare purposes. Just keep in mind it is an
+    # outdated insecure version.
     sd /etc/apt/preferences.d/chromium-bullseye <<EOF
 Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
-Pin: release o=Debian*,n=bullseye*
+Pin: release o=Debian*,n=bullseye
+Pin-Priority: 500
+EOF
+    ;;
+  aramo)
+    # obs dependency not in trisquel
+    sd /etc/apt/preferences.d/obs <<EOF
+Package: libfdk-aac2
+Pin: release n=jammy,o=Ubuntu
 Pin-Priority: 500
 EOF
     ;;
@@ -578,23 +609,6 @@ sudo rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattende
 # Pin-Priority: 500
 # EOF
 
-if [[ -e /etc/wireguard/wghole.conf ]]; then
-  reload=false
-  if [[ ! -e /etc/systemd/system/wg-quick@wghole.service.d/override.conf ]]; then
-    reload=true
-  fi
-  sudo mkdir -p /etc/systemd/system/wg-quick@wghole.service.d
-  sd /etc/systemd/system/wg-quick@wghole.service.d/override.conf <<'EOF'
-[Unit]
-StartLimitIntervalSec=0
-
-[Service]
-Restart=on-failure
-RestartSec=20
-EOF
-  if $reload; then ser daemon-reload; fi
-  sgo wg-quick@wghole
-fi
 
 ###### begin website setup
 case $HOSTNAME in
@@ -606,6 +620,7 @@ case $HOSTNAME in
     fi
 
     pi prometheus-node-exporter
+    /a/bin/buildscripts/prom-node-exporter -l
 
     # ex for exporter
     web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
@@ -779,14 +794,25 @@ EOF
 # https://radicale.org/2.1.html
 #https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
 # https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
-<Location /radicale/>
-  Options +FollowSymLinks +Multiviews +Indexes
+
+# this doesn't exactly fit with the documentation.
+# We need location / to do an auth, it cant be done outside,
+# in order to pass on X-Remote-User. And we need
+# the other location in order to remove the /radicale/ for
+# requests which have it. This could be done with a rewrite,
+# but i just get something working and call it a day.
+
+<Location "/">
   AllowOverride None
-  AuthType basic
+  AuthType Basic
   AuthName "Authentication Required"
   # setup one time, with root:www-data, 640
   AuthUserFile "/etc/caldav-htpasswd"
   Require valid-user
+  RequestHeader    set X-Remote-User expr=%{REMOTE_USER}
+</Location>
+<Location "/radicale/">
+  Options +FollowSymLinks +Multiviews -Indexes
   RequestHeader    set X-Script-Name /radicale/
   RequestHeader    set X-Remote-User expr=%{REMOTE_USER}
   ProxyPass  "http://10.8.0.4:5232/" retry=0
@@ -969,6 +995,10 @@ EOF
     # and choose lightdm.
     #
     ;;
+  jammy)
+    # not yet bothering with mate
+    pi lightdm-gtk-greeter
+    ;;
 esac
 
 
@@ -1304,18 +1334,21 @@ m reset-xscreensaver
 # cabal update
 # cabal install --upgrade-dependencies  --force-reinstalls arbtt
 # also, i assume syncing this between machines somehow messed up the data.
-if mountpoint /p &>/dev/null; then
-  case $codename in
-    etiona|nabia)
-      pi arbtt
-      # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
-      # Failed to connect to bus: No such file or directory
-      lnf -T  /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
-      # allow failure
-      seru start arbtt ||:
-      ;;
-  esac
-fi
+
+## not using arbtt for now
+# if mountpoint /p &>/dev/null; then
+#   case $codename in
+#     etiona|nabia)
+#       pi arbtt
+#       # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
+#       # Failed to connect to bus: No such file or directory
+#       lnf -T  /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
+#       # allow failure
+#       seru start arbtt ||:
+#       ;;
+#   esac
+# fi
+rm -fv /home/iank/.config/systemd/user/default.target.wants/arbtt.service
 
 
 m primary-setup
@@ -1716,13 +1749,23 @@ pi --no-install-recommends kdeconnect
 # # I'm not seeing the icon, but the clipboard replication is working
 
 
-### model 01 arduino support ###
+### begin model 01 arduino support ###
 # https://github.com/keyboardio/Kaleidoscope/wiki/Install-Arduino-support-on-Linux
 # also built latest arduino in /a/opt/Arduino, (just cd build; ant build; ant run )
 # set arduino var in bashrc,
 # have system config file setup too.
 sudo adduser $USER dialout
 
+# as of 2022-05,
+# download arduino ide, extract in /a/opt, ignore the install script, run ./arduino,
+# toolbar, preferences, add board manager url:
+# https://raw.githubusercontent.com/keyboardio/boardsmanager/master/package_keyboardio_index.json
+# toolbar, board manager, add keyboardio
+# toolbar, select model01 board
+# toolbar, examples, model01, compile
+
+###
+
 # this is for the mail command too. update-alternatives is kind of misleading
 # since at least it's main commands pretend mail does not exist.
 # bsd's mail got pulled in on some dumb dependency, i dunno how.
@@ -1889,9 +1932,9 @@ esac
 
 case $HOSTNAME in
   kd)
-    /a/bin/buildscripts/prometheus
     # Font awesome is needed for the alertmanager ui.
     pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
+    /a/bin/buildscripts/prometheus
     web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
 <Location "/">
 AuthType Basic
@@ -1916,11 +1959,14 @@ EOF
 
     # by default, the alertmanager web ui is not enabled other than a page
     # that suggests to use the amtool cli. that tool is good, but you cant
-    # silence things nearly as fast.
+    # silence things nearly as easily as with the gui.
     if [[ ! -e /usr/share/prometheus/alertmanager/ui/index.html ]]; then
-      sudo chroot /nocow/schroot/bullseye prometheus-alertmanager
-      sudo chroot /nocow/schroot/bullseye /usr/share/prometheus/alertmanager/generate-ui.sh
-      sudo rsync -avih /nocow/schroot/bullseye/usr/share/prometheus/alertmanager/ui/ /usr/share/prometheus/alertmanager/ui
+      # default script didnt work, required some changes to get elm 19.1,
+      # which is a dependency of the latest alertmanager. I modified
+      # and copied it into /b/ds. In future, might need some other
+      # solution.
+      #sudo /usr/share/prometheus/alertmanager/generate-ui.sh
+      sudo /b/ds/generate-ui.sh
       ser restart prometheus-alertmanager
     fi
 
@@ -1941,6 +1987,7 @@ case $HOSTNAME in
   # either use iptables or, in
   # /etc/default/prometheus-node-exporter
   # listen on the wireguard interface
+
   *)
     wgip=$(command sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf)
     # old filename. remove once all hosts are updated.