X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=660d556ea2363d9220ab9859c09fc3d2b4403f97;hb=65351382939fa95fb1e05d7d83eb58d27c3c6133;hp=b044f5c798fe549e0a4c31a07aad5899cebb3844;hpb=d46190aff6f5dc65bd39524e3937dc5765895b42;p=distro-setup
diff --git a/distro-end b/distro-end
index b044f5c..660d556 100755
--- a/distro-end
+++ b/distro-end
@@ -22,8 +22,11 @@ echo "$0: $(date): starting now)"
src="${BASH_SOURCE%/*}"
+source $src/pkgs
+
+# see example of usage to understand.
end_msg() {
- = local y
+ local y
IFS= read -r -d '' y ||:
end_msg_var+="$y"
}
@@ -42,118 +45,16 @@ case $distro in
esac
pup
+if isdeb; then
+ pi aptitude
+fi
-simple_packages=(
- htop
- mailutils
- nmon
- rdiff-backup
- ruby
- ruby-rest-client
- tree
- vim
- wcd
-)
+simple_packages=(${p3[@]})
case $HOSTNAME in
lj|li) : ;;
*)
- # universal packages
- # swh-plugins is for karaoke pulsaudio filter.
- # mutagen for pithos
- # guvcview set webcam brightness to highest
- # pidgin-otr, i went into pidgin pluggin settings and generated a key for some accounts
- simple_packages+=(
- apache2
- apache2-doc
- apt-doc
- apt-listchanges
- aptitude-doc-en
- bash-doc
- beets
- beets-doc
- binutils-doc
- bind9-doc
- bind9-utils
- bwm-ng
- chromium
- cpio-doc
- cloc
- cpulimit
- cron
- debconf-doc
- dirmngr
- dnsutils
- dnsmasq
- dtrx
- duplicity
- eclipse
- evince
- fdupes
- feh
- filelight
- flashrom
- gawk-doc
- gcc-doc
- gdb
- gdb-doc
- geoip-bin
- git-doc
- git-email
- gitk
- glibc-doc
- goaccess
- gnome-screenshot
- gnome-session-flashback
- guvcview
- i3lock
- inetutils-traceroute
- iperf3
- iproute2-doc
- jq
- kid3-qt
- kid3-cli
- linux-doc
- locate
- lshw
- make-doc
- manpages
- manpages-dev
- meld
- mps-youtube
- mumble
- nagstamon
- nginx-doc
- nmap
- offlineimap
- oathtool
- p7zip
- paprefs
- parted-doc
- pavucontrol
- pdfgrep
- perl-doc
- pianobar
- pidgin
- pidgin-otr
- pry
- python-autopep8
- python3-doc
- python3-mutagen
- qrencode
- reportbug
- $(aptitude show ruby | sed -rn 's/Depends: (.*)/\1/p')-doc
- sqlite3-doc
- squashfs-tools
- swh-plugins
- tar-doc
- tcpdump
- telnet
- transmission-remote-gtk
- vlc
- whois
- wondershaper
- )
+ simple_packages+=(${p4[@]})
spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
;;
esac
@@ -161,12 +62,7 @@ esac
########### begin section including li ################
-
-case $distro in
- fedora) spa unrar ;;
- *) spa unrar-free ;;
-esac
-
+conflink
case $distro in
arch)
@@ -181,10 +77,6 @@ case $distro in
esac
-if isdeb; then
- pi debian-goodies
-fi
-
case $distro in
*) pi at ;;&
@@ -193,7 +85,7 @@ esac
case $distro in
- debian) pi curl;;
+ debian|trisquel|ubuntu) pi curl;;
arch) : ;;
# fedora: unknown
esac
@@ -206,12 +98,12 @@ esac
case $distro in
arch) spa the_silver_searcher ;;
- debian|ubuntu|trisquel) spa silversearcher-ag ;;
+ debian|trisquel|ubuntu) spa silversearcher-ag ;;
# fedora unknown
esac
case $distro in
- debian|ubuntu|trisquel) spa ntp;;
+ debian|trisquel|ubuntu) spa ntp;;
arch)
pi ntp
sgo ntpd
@@ -222,7 +114,7 @@ esac
# no equivalent in other distros:
case $distro in
- debian|ubuntu|trisquel)
+ debian|trisquel|ubuntu)
pi aptitude
if ! dpkg -s apt-file &>/dev/null; then
# this condition is just a speed optimization
@@ -234,14 +126,9 @@ case $distro in
;;
esac
-case $distro in
- ubuntu|trisquel|debian) spa ack-grep ;;
- arch|fedora) spa ack ;;
- # fedora unknown
-esac
case $distro in
- arch|debian|ubuntu|trisquel)
+ arch|debian|trisquel|ubuntu)
spa bash-completion
;;
# others unknown
@@ -265,7 +152,7 @@ case $distro in
s update-rc.d motd disable
fi
;;
- ubuntu|trisquel)
+ trisquel|ubuntu)
# this isn't a complete solution. It still shows me when updates are available,
# but it's no big deal.
s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
@@ -283,47 +170,80 @@ if isdebian; then
fi
# we've got a few dependencies later on, so install them now.
-pi eatmydata
-s eatmydata apt-get -y install --purge --auto-remove "${simple_packages[@]}"
+pi eatmydata; PI_PREFIX=eatmydata
+pi "${simple_packages[@]}"
simple_packages=()
### begin docker install ####
-# https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
-pi software-properties-common apt-transport-https
-curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
-sudo add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/debian \
- $(lsb_release -cs) \
+
+if isdeb; then
+ # https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
+ pi software-properties-common apt-transport-https
+ curl -fsSL https://download.docker.com/linux/$(distro-name-compat)/gpg | sudo apt-key add -
+ sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/$(distro-name-compat) \
+ $(debian-codename-compat) \
stable"
-p update
-pi docker-ce
-sgo docker
+ p update
+ pi docker-ce
+ sgo docker
+ # other distros unknown
+fi
### end docker install ####
+### begin certbot install ###
case $distro in
debian)
# note, need python-certbot-nginx for nginx, but it depends on nginx,
- # and I'm not installing nginx by default right now
- if isdebian-testing; then
- pi --install-suggests certbot
+ # and I'm not installing nginx by default right now.
+ # note python-certbot-apache is in suggests, but so is a doc package that brought in xorg
+ if [[ $(debian-codename) == jessie ]]; then
+ pi -t jessie-backports certbot python-certbot-apache
else
- pi --install-suggests -t jessie-backports certbot
+ pi certbot python-certbot-apache
fi
- # make a version of the certbot timer that emails me.
- x=/systemd/system/certbot
- $sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
+ ;;
+ trisquel|ubuntu)
+ # not packaged in xenial or flidas
+ pi software-properties-common
+ # this fails with:
+ #
+ # gpg: key 75BCA694: public key "Launchpad PPA for certbot" imported
+ # gpg: Total number processed: 1
+ # gpg: imported: 1
+ # gpg: no valid OpenPGP data found.
+ # Failed to add key.
+ #
+ # but it seems to work fine, perhaps it's only failing on the second run.
+ s add-apt-repository -y ppa:certbot/certbot ||:
+ p update
+ pi python-certbot-apache
+ ;;
+ # todo: other distros unknown
+esac
+# make a version of the certbot timer that emails me.
+x=/systemd/system/certbot
+$sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
s,^Description.*,\0 mail version,
EOF
- $sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
+$sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
EOF
- ser daemon-reload
- sgo certbotmail.timer
+ser daemon-reload
+sgo certbotmail.timer
+### end certbot install ###
+
+# dogcam setup
+case $HOSTNAME in
+ lj|li)
+ /a/bin/webcam/install-server
+ ;;
+ kw)
+ /a/bin/webcam/install-client
;;
- # todo: other distros unknown
esac
# website setup
@@ -338,7 +258,6 @@ case $HOSTNAME in
/a/h/build.rb
sudo -E /a/bin/mediawiki-setup/mw-setup-script
- #$src/phab-setup
pi-nostart mumble-server
s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
@@ -355,11 +274,23 @@ EOF
sgo mumble-server
- vpn-server-setup -d
- tee /etc/openvpn/client-config/mail <<'EOF'
+ vpn-server-setup -rd
+ s tee /etc/openvpn/client-config/mail <<'EOF'
ifconfig-push 10.8.0.4 255.255.255.0
EOF
+ # it\'s strange. docker seems to make the default for forward
+ # be drop, but then I set it to accept and it\'s stuck that way,
+ # I dun know why. But, let\'s make sure we can forward anyways.
+ s DEBIAN_FRONTEND=noninteractive pi iptables-persistent
+ rm /etc/iptables/rules.v6
+ s tee /etc/iptables/rules.v4 <<'EOF'
+*filter
+-A FORWARD -i tun+ -o eth0 -j ACCEPT
+-A FORWARD -i eth0 -o tun+ -j ACCEPT
+COMMIT
+EOF
+
sudo dd of=/etc/systemd/system/vpnmail.service <
+
EOF
# nginx version of above would be:
# auth_basic "Not currently available";
@@ -435,22 +371,29 @@ EOF
EOF
s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
- # jessie\'s node is too old
+ # stretch node is too old
# https://nodejs.org/en/download/package-manager/
- curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
- pi nodejs
+ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
+ pi nodejs graphicsmagick mongodb
cd /home/iank
- rm -rf pump.io.git
- git clone https://github.com/pump-io/pump.io.git
- cd pump.io
+ if [[ -e pump.io ]]; then
+ cd pump.io
+ git pull
+ else
+ git clone https://github.com/pump-io/pump.io.git
+ cd pump.io
+ fi
# note: doing this or the npm install pump.io as root had problems.
npm install
npm run build
# normally, next command would be
- # s npm install -g databank-mongodb
+ # s npm install -g odb
# but it\'s this until a bug in pump gets fixed
+ # https://github.com/pump-io/pump.io/issues/1287
s npm install -g databank-mongodb@0.19.2
- s useradd -m -s /bin/false pumpio
+ if ! getent passwd pumpio &>/dev/null; then
+ s useradd -m -s /bin/false pumpio
+ fi
sudo -u pumpio mkdir -p /home/pumpio/pumpdata
# for testing browser when only listening to localhost,
# in the pump.io.json, set hostname localhost, urlPort 5233
@@ -505,6 +448,8 @@ EOF
############# begin setup mastodon ##############
+ # main doc is Docker-Guide.md in docs repo
+
# I'd like to try gnu social just cuz of gnu, but it's not being
# well maintained, for example, simple pull requests
# languishing:
@@ -515,15 +460,19 @@ EOF
# note, docker required, but we installed it earlier
# i subscrubed to https://github.com/docker/compose/releases.atom
- # to deal with updates manually. So far, it means just reving the
- # version number, then restarting docker-compose with
- # cd ~/mastodon
- # docker-compose up -d
- curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
+ # to see release notes.
+ # i had some problems upgrading. blew things away with
+ # docker-compose down
+ # docker rmi $(docker images -q)
+ # s reboot now
+ # when running docker-compose run, kernel stack traces are printed to the journal.
+ # things seem to succeed, google says nothing, so ignoring them.
+ curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
s chmod +x /usr/local/bin/docker-compose
cd ~
+ s rm -rf mastodon
i clone https://github.com/tootsuite/mastodon
cd mastodon
# subbed to atom feed to deal with updates
@@ -546,7 +495,7 @@ LOCAL_HTTPS=true
SINGLE_USER_MODE=true
-SMTP_SERVER=10.8.0.4
+SMTP_SERVER=mail.iankelling.org
SMTP_PORT=25
SMTP_LOGIN=li
SMTP_FROM_ADDRESS=notifications@mast.iankelling.org
@@ -555,19 +504,40 @@ SMTP_DELIVERY_METHOD=smtp
EOF
for key in PAPERCLIP_SECRET SECRET_KEY_BASE OTP_SECRET; do
- printf "%s=%s" $key "$(docker-compose run --rm web rake secret)" >>.env.production
+ # 1 minute 7 seconds to run this docker command
+ # to generate a secret, and it has ^M chars at the end. wtf. really dumb
+ printf "%s=%s\n" $key "$(docker-compose run --rm web rake secret|dos2unix|tail -n1)" >>.env.production
done
- s cat /etc/mailpass| while read -r domain port pass; do
+ found=false
+ while read -r domain port pass; do
if [[ $domain == mail.iankelling.org ]]; then
- printf "SMTP_PASSWORD=%s" "$pass" >>.env.production
+ found=true
+ # remove the username part
+ pass="${pass#*:}"
+ printf "SMTP_PASSWORD=%s\n" "$pass" >>.env.production
break
fi
- done
-
+ done < <(s cat /etc/mailpass)
+ if ! $found; then
+ echo "$0: error, failed to find mailpass domain for mastadon"
+ exit 1
+ fi
+ # docker compose makes an interface named like br-8f3e208558f2. we need mail to
+ # get routed to us.
+ if ! s /sbin/iptables -t nat -C PREROUTING -i br-+ -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25; then
+ s /sbin/iptables -t nat -A PREROUTING -i br-+ -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
+ fi
+ docker-compose run --rm web rake mastodon:webpush:generate_vapid_key | grep -E '^VAPID_PUBLIC_KEY=|^VAPID_PRIVATE_KEY=' >> .env.production
+ logq docker-compose run --rm web rake db:migrate
docker-compose run --rm web rails assets:precompile
+ # avatar failed to upload, did
+ # docker logs mastodon_web_1
+ # google lead me to this
+ s chown -R 991:991 public/system
+
# docker daemon takes care of starting on boot.
docker-compose up -d
@@ -608,34 +578,144 @@ EOF
# we use nsupdate to update the ip of home
pi bind9
+ pi znc
+ # znc config generated by doing
+ # znc --makeconf
+ # selected port is also used in erc config
+ # comma separated channel list worked.
+ # while figuring things out, running znc -D for debug in foreground.
+ # to exit and save config:
+ # /msg *status shutdown
+ # configed auth on freenode by following
+ # https://wiki.znc.in/Sasl
+ # created the system service after, and had to do
+ # mv /home/iank/.znc/* /var/lib/znc
+ # sed -i 's,/home/iank/.znc/,/var/lib/znc,' /var/lib/znc/config/znc.conf
+ # and made a copy of the config files into /p/c
+ # added LoadModule = log -sanitize to the top level
+ # to get into the web interface,
+ # cat /etc/letsencrypt/live/iankelling.org/{privkey,cert,chain}.pem > /var/lib/znc/znc.pem
+ # then use non-main browser or else it doesn't allow it based on ocsp stapling from my main site.
+ # i'm going to figure out how to automate this when it expires. i know i can hook a script into the renewal. https://wiki.znc.in/FAQ seems to imply that znc doesn\'t need restart.
+ # todo: in config file AllowWeb = true should be false. better security if that is off unless we need it.
+ # todo: figure out how to make playback in erc happe.n
+ s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
+ chmod 700 /var/lib/znc
+ s chown -R znc:znc /var/lib/znc/config
+ s dd of=/etc/systemd/system/znc.service 2>/dev/null <<'EOF'
+[Unit]
+Description=ZNC, an advanced IRC bouncer
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
+User=znc
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ ser daemon-reload
+ sgo znc
+
echo "$0: $(date): ending now)"
exit 0
;;
esac
+# needed for checkrestart
+if isdeb; then
+ spa debian-goodies
+fi
+
+
+
########### end section including li/lj ###############
-if [[ $HOSTNAME == treetowl ]]; then
+case $distro in
+ debian) spa gnome-session-flashback ;;
+ # flidas is missing dependency gnome-panel. others unknown
+esac
+
+
+
+case $distro in
+ trisquel|ubuntu|debian) spa ack-grep ;;
+ arch|fedora) spa ack ;;
+ # fedora unknown
+esac
+
- # vpn-server setup via:
- vpn-server-setup -r -d
- s tee -a /etc/openvpn/server/server.conf <<'EOF'
+case $distro in
+ debian)
+ pi chromium ;;
+ xenial|ubuntu)
+ wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
+ cat < /dev/null; then
;;
esac
fi
+
+
+# trisquel 8 = openvpn, debian stretch = openvpn-client
+vpn_ser=openvpn-client
+if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
+ vpn_ser=openvpn
+fi
+
+s dd of=/etc/systemd/system/transmission-daemon-nn.service </dev/null; then
- s apt-get -fy install
- else
- exit 1
- fi
- ;;
- esac
- ;;
- arch)
- pi google-chrome
- ;;
- esac
- ;;
-esac
-
# printer
case $distro in
arch)
@@ -1040,7 +1270,7 @@ case $distro in
# In debian, I could use hte recommended driver,
# in arch, I had to pick out the 6L driver.
;;
- debian|ubuntu|trisquel)
+ debian|trisquel|ubuntu)
spa hplip
;;
# other distros unknown
@@ -1048,39 +1278,25 @@ esac
case $distro in
- ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
+ trisquel|ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
fedora|arch) spa mairix notmuch ;;
esac
case $distro in
arch) spa nfs-utils ;;
- ubuntu|debian) spa nfs-client ;;
+ trisquel|ubuntu|debian) spa nfs-client ;;
esac
case $distro in
- ubuntu|debian) spa par2 ;;
+ trisquel|ubuntu|debian) spa par2 ;;
arch|fedora) spa par2cmdline ;;
esac
# needed for my tex resume
case $distro in
- ubuntu|debian) spa texlive-full ;;
+ trisquel|ubuntu|debian) spa texlive-full ;;
arch) spa texlive-most ;;
# fedora unknown
esac
-case $distro in
- ubuntu)
- # flash, unrar, codecs, ms fonts.
- # This has a manual prompt.
- spa ubuntu-restricted-extras
- ;;
- fedora)
- pi yum-utils
- # rpm fusion recommended codecs
- s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
- pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
- xine-lib-extras-freeworld
- ;;
-esac
case $distro in
# optional dep for firefox for h.264 video
@@ -1089,7 +1305,7 @@ case $distro in
esac
case $distro in
- fedora|ubuntu|trisquel|debian) spa gnupg-agent ;;
+ fedora|trisquel|ubuntu|debian) spa gnupg-agent ;;
arch) : ;;
esac
@@ -1101,26 +1317,27 @@ esac
case $distro in
arch) spa firefox pulseaudio;;
- *) : ;; # comes default or with other packages
+ trisquel) spa abrowser ;;
+ *) : ;; # comes default or with other packages, or uknown
esac
case $distro in
arch) spa ttf-dejavu;;
- debian|ubuntu|trisquel) spa fonts-dejavu ;;
+ debian|trisquel|ubuntu) spa fonts-dejavu ;;
# others unknown
esac
case $distro in
arch) spa xorg-xev;;
- debian|ubuntu|trisquel) spa x11-utils ;;
+ debian|trisquel|ubuntu) spa x11-utils ;;
# others unknown
esac
case $distro in
arch) pi virt-install;;&
- debian|ubuntu|trisquel) pi virtinst ;;&
+ debian|trisquel|ubuntu) pi virtinst ;;&
*) pi virt-manager ;; # creates the libvirt group in debian at least
# others unknown
esac
@@ -1140,20 +1357,20 @@ for x in iank traci; do s usermod -a -G libvirt,kvm $x; done
case $distro in
arch) spa cdrkit;;
- debian|ubuntu|trisquel) spa genisoimage;;
+ debian|trisquel|ubuntu) spa genisoimage;;
# others unknown
esac
case $distro in
arch) spa spice-gtk3 ;;
- debian|ubuntu|trisquel) spa spice-client-gtk;;
+ debian|trisquel|ubuntu) spa spice-client-gtk;;
# others unknown
esac
# general known for debian/ubuntu, not for fedora
case $distro in
- debian|ubuntu|trisquel)
+ debian|trisquel|ubuntu)
pi golang-go
# a bit of googling, and added settings to bashrc
go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
@@ -1199,7 +1416,7 @@ esac
case $distro in
- arch|debian|ubuntu|trisquel) spa pumpa ;;
+ arch|debian|trisquel|ubuntu) spa pumpa ;;
# others unknown. do have a buildscript:
# /a/bin/buildscripts/pumpa ;;
esac
@@ -1207,123 +1424,21 @@ esac
case $distro in
debian) pi adb ;;
- debian|ubuntu|trisquel) spa android-tools-adbd/unstable ;;
+ debian|trisquel|ubuntu) spa android-tools-adbd ;;
+ # todo: not sure this is needed anymore, or if trisqel etc works even
+ # debian) spa android-tools-adbd/unstable ;;
arch) spa android-tools ;;
# other distros unknown
esac
-if [[ $HOSTNAME == treetowl ]]; then
- case $distro in
- debian)
- if [[ `debian-archive` == testing ]]; then
- # has no unstable dependencies
- pi bitcoind/unstable
- src=/a/opt/bitcoin/contrib/init/bitcoind.service
- s cp $src /etc/systemd/system
- p=/etc/bitcoin/bitcoin
- dst=/etc/systemd/system/bitcoinjm.service
- # jm for joinmarket
- $sed -r "/^\s*ExecStart/s,${p}.conf,${p}jm.conf," $src \
- >/etc/systemd/system/bitcoinjm.service
-
- d=jm; jm=d # being clever for succinctness
- for s in d jm; do
- s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
- /etc/systemd/system/bitcoin${s}.service
- done
-
- ser daemon-reload
-
- dir=/nocow/.bitcoin
- s mkdir -p $dir
- s chown -R bitcoin:bitcoin $dir
- dir=/etc/bitcoin
- s mkdir -p $dir
- s chown -R root:bitcoin $dir
- s chmod 750 $dir
-
- # pruning decreases the bitcoin dir to 2 gb, keeps
- # just the recent blocks. can\'t do a few things like
- # import a wallet dump.
- # pruning works, but people had to do
- # some manual stuff in joinmarket. I dun need the
- # disk space, so not bothering yet, maybe in a year or so.
- # https://github.com/JoinMarket-Org/joinmarket/issues/431
- #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
- #prune=550
-
- f=$dir/bitcoin.conf
- s dd of=$f </dev/null <
- DAV On
- AuthType Basic
- AuthName "Authentication Required"
- AuthUserFile "/etc/davpass"
- Require valid-user
-
-# outside the standard /var/www, so use this:
- Order allow,deny
- Allow from all
-
-EOF
- s mkdir -p /var/www/davlock
- s chown www-data:www-data /var/www/davlock
- s sed -i "1i DavLockDB /var/www/davlock/davlock" /etc/apache2/sites-enabled/dav.$HOME_DOMAIN.conf
- ser reload apache2
-
- teeu /etc/exports "/k/music *(ro,nohide,async,no_subtree_check,insecure)"
- exportfs -ra
-
- # kodi uses sqlite by default, but supports mysql.
- pi mariadb-server
-
- # see ofswiki.org for explanation.
- dbpass="$(cat /p/mysql-root-pass)"
- if ! echo exit|mysql -uroot "-p$dbpass"; then
- echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
- fi
- mysql -uroot "-p$dbpass" </dev/null; then # we are using a newer virt-install
- for v in 10 8.1 8; do
- if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
- variant=win$v
- break
- fi
- done
-fi
-
-if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
-
- # created account with
- # win10vmian@outlook.com, and easy to remember password
- # win 10 virtio, makes disk way way way faster
- # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
- # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
- # for installing virtio after initial install instead of with initial iso:
- # qemu-img create -f qcow2 fake.qcow2 1G
- # --disk=/a/images/virtio-win.iso,device=cdrom \
- # --disk=/a/images/fake.qcow2,bus=virtio
- # Also,
- # went to device manager, saw 2 pci devices with yellow !,
- # did search for drivers, pick cdrom location, done.
- #
- # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
- # google said there was a control panel option for it, but
- # that turned out to be a lie.
- # Put this in a .bat file and run as administrator to turn off
- # hyberboot which fucks things up.
- # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
- # power settings, turn off display: never
- # run "control userpasswords2", turn on automatic login.
- # note: when changing devices, I just undefine, the create the vm again.
-
- if [[ -e /nocow/user/vms/win10.qcow2 ]]; then
- s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
- --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
- -n win10 --import --os-variant $variant --cpu host-model-only
-
- s virsh destroy win10
- fi
-
- if [[ -e /nocow/user/vms/win7.qcow2 ]]; then
- # this one hasn\'t had the virtio fix done yet.
- s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
- --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
- -n win7 --import --os-variant win7 --cpu host-model-only
- s virsh destroy win7
- # had a problem with --cpu host, so trying out
- # --cpu host-model-only
- fi
-fi
+# if I was going to create a persistent vm, i might do it like this:
+# variant=something # from: virt-install --os-variant list
+# s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
+ # --disk=/a/images/some_name.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
+ # -n some_name --import --os-variant $variant --cpu host-model-only
-if [[ $HOSTNAME == treetowl ]]; then
- pi samba
- # note samba re-reads it\'s config every 1 minute
- case $distro in
- arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
- esac
-
- # add 2 lines after workgroup option
- s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
- s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
- s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
- # remove default homes section. not sharing that.
- s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
-
- if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
- s tee -a /etc/samba/smb.conf <<'EOF'
-[public]
- guest ok = yes
- read only = no
- path = /kr
-EOF
- fi
-
- case $distro in
- debian|ubuntu|trisquel)
- # systemd claims it generates units from /etc/init.d, but it
- # clearly doesn\'t in debian. I have no idea how they are
- # related. fuck debian right now. It\'s not documented. samba
- # has a systemd init file linked to /dev/null. There\'s this
- # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
- # claims samba\'s sub-services will be started automatically by
- # systemd... it didn\'t on install, wonder if it will on
- # boot. It clued me in how to start it manually though. Nothing
- # in /usr/share/doc/samba, debian admin guide says nothing about
- # any of this. (this is in debian testing as of 4/2016).
-
- s /etc/init.d/samba start
- ;;
- arch)
- sgo samba
- ;;
- esac
-fi
-
-tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
-
######### begin stuff belonging at the end ##########
-# Apps we want to override others for default file handler:
-# simplest way in debian is to just install them last.
-simple_packages+=(
- mpv
-)
-
case $distro in
ubuntu|debian)
spa spacefm-gtk3 ;;
@@ -1902,3 +1873,4 @@ if $pending_reboot; then
else
echo "$0: $(date): ending now)"
fi
+exit 0