X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=81174b466a42b8e79f84b5116d2c85fbe94641d8;hb=3f437c0f6c11356451d5d739875eee2d4603d7ca;hp=b044f5c798fe549e0a4c31a07aad5899cebb3844;hpb=d46190aff6f5dc65bd39524e3937dc5765895b42;p=distro-setup
diff --git a/distro-end b/distro-end
index b044f5c..81174b4 100755
--- a/distro-end
+++ b/distro-end
@@ -22,8 +22,9 @@ echo "$0: $(date): starting now)"
src="${BASH_SOURCE%/*}"
+# see example of usage to understand.
end_msg() {
- = local y
+ local y
IFS= read -r -d '' y ||:
end_msg_var+="$y"
}
@@ -42,9 +43,11 @@ case $distro in
esac
pup
+pi aptitude
simple_packages=(
htop
+ iptables
mailutils
nmon
rdiff-backup
@@ -53,6 +56,7 @@ simple_packages=(
tree
vim
wcd
+ wget
)
case $HOSTNAME in
@@ -63,7 +67,10 @@ case $HOSTNAME in
# mutagen for pithos
# guvcview set webcam brightness to highest
# pidgin-otr, i went into pidgin pluggin settings and generated a key for some accounts
+ # xawtv has webcam cli control. v4lctl bright 80%; v4lctl list
+ # guvcview also adjusts webcam
simple_packages+=(
+ adb
apache2
apache2-doc
apt-doc
@@ -74,13 +81,12 @@ case $HOSTNAME in
beets-doc
binutils-doc
bind9-doc
- bind9-utils
+ bind9utils
bwm-ng
- chromium
- cpio-doc
cloc
cpulimit
cron
+ debootstrap
debconf-doc
dirmngr
dnsutils
@@ -104,7 +110,6 @@ case $HOSTNAME in
glibc-doc
goaccess
gnome-screenshot
- gnome-session-flashback
guvcview
i3lock
inetutils-traceroute
@@ -113,20 +118,27 @@ case $HOSTNAME in
jq
kid3-qt
kid3-cli
+ konsole
+ libreoffice
+ linphone
linux-doc
locate
lshw
make-doc
manpages
manpages-dev
+ mb2md
meld
mps-youtube
+ mpv
mumble
nagstamon
+ ncdu
nginx-doc
nmap
offlineimap
oathtool
+ opendkim-tools
p7zip
paprefs
parted-doc
@@ -139,10 +151,10 @@ case $HOSTNAME in
pry
python-autopep8
python3-doc
- python3-mutagen
qrencode
reportbug
$(aptitude show ruby | sed -rn 's/Depends: (.*)/\1/p')-doc
+ schroot
sqlite3-doc
squashfs-tools
swh-plugins
@@ -153,6 +165,13 @@ case $HOSTNAME in
vlc
whois
wondershaper
+ xawtv
+ xbacklight
+ xprintidle
+ xscreensaver
+ xscreensaver-data-extra
+ xscreensaver-gl
+ xscreensaver-gl-extra
)
spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
;;
@@ -161,12 +180,7 @@ esac
########### begin section including li ################
-
-case $distro in
- fedora) spa unrar ;;
- *) spa unrar-free ;;
-esac
-
+conflink
case $distro in
arch)
@@ -181,10 +195,6 @@ case $distro in
esac
-if isdeb; then
- pi debian-goodies
-fi
-
case $distro in
*) pi at ;;&
@@ -193,7 +203,7 @@ esac
case $distro in
- debian) pi curl;;
+ debian|trisquel|ubuntu) pi curl;;
arch) : ;;
# fedora: unknown
esac
@@ -206,12 +216,12 @@ esac
case $distro in
arch) spa the_silver_searcher ;;
- debian|ubuntu|trisquel) spa silversearcher-ag ;;
+ debian|trisquel|ubuntu) spa silversearcher-ag ;;
# fedora unknown
esac
case $distro in
- debian|ubuntu|trisquel) spa ntp;;
+ debian|trisquel|ubuntu) spa ntp;;
arch)
pi ntp
sgo ntpd
@@ -222,7 +232,7 @@ esac
# no equivalent in other distros:
case $distro in
- debian|ubuntu|trisquel)
+ debian|trisquel|ubuntu)
pi aptitude
if ! dpkg -s apt-file &>/dev/null; then
# this condition is just a speed optimization
@@ -234,14 +244,9 @@ case $distro in
;;
esac
-case $distro in
- ubuntu|trisquel|debian) spa ack-grep ;;
- arch|fedora) spa ack ;;
- # fedora unknown
-esac
case $distro in
- arch|debian|ubuntu|trisquel)
+ arch|debian|trisquel|ubuntu)
spa bash-completion
;;
# others unknown
@@ -265,7 +270,7 @@ case $distro in
s update-rc.d motd disable
fi
;;
- ubuntu|trisquel)
+ trisquel|ubuntu)
# this isn't a complete solution. It still shows me when updates are available,
# but it's no big deal.
s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
@@ -283,47 +288,80 @@ if isdebian; then
fi
# we've got a few dependencies later on, so install them now.
-pi eatmydata
-s eatmydata apt-get -y install --purge --auto-remove "${simple_packages[@]}"
+pi eatmydata; PI_PREFIX=eatmydata
+pi "${simple_packages[@]}"
simple_packages=()
### begin docker install ####
-# https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
-pi software-properties-common apt-transport-https
-curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
-sudo add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/debian \
- $(lsb_release -cs) \
+
+if isdeb; then
+ # https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
+ pi software-properties-common apt-transport-https
+ curl -fsSL https://download.docker.com/linux/$(distro-name-compat)/gpg | sudo apt-key add -
+ sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/$(distro-name-compat) \
+ $(debian-codename-compat) \
stable"
-p update
-pi docker-ce
-sgo docker
+ p update
+ pi docker-ce
+ sgo docker
+ # other distros unknown
+fi
### end docker install ####
+### begin certbot install ###
case $distro in
debian)
# note, need python-certbot-nginx for nginx, but it depends on nginx,
- # and I'm not installing nginx by default right now
- if isdebian-testing; then
- pi --install-suggests certbot
+ # and I'm not installing nginx by default right now.
+ # note python-certbot-apache is in suggests, but so is a doc package that brought in xorg
+ if [[ $(debian-codename) == jessie ]]; then
+ pi -t jessie-backports certbot python-certbot-apache
else
- pi --install-suggests -t jessie-backports certbot
+ pi certbot python-certbot-apache
fi
- # make a version of the certbot timer that emails me.
- x=/systemd/system/certbot
- $sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
+ ;;
+ trisquel|ubuntu)
+ # not packaged in xenial or flidas
+ pi software-properties-common
+ # this fails with:
+ #
+ # gpg: key 75BCA694: public key "Launchpad PPA for certbot" imported
+ # gpg: Total number processed: 1
+ # gpg: imported: 1
+ # gpg: no valid OpenPGP data found.
+ # Failed to add key.
+ #
+ # but it seems to work fine, perhaps it's only failing on the second run.
+ s add-apt-repository -y ppa:certbot/certbot ||:
+ p update
+ pi python-certbot-apache
+ ;;
+ # todo: other distros unknown
+esac
+# make a version of the certbot timer that emails me.
+x=/systemd/system/certbot
+$sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
s,^Description.*,\0 mail version,
EOF
- $sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
+$sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
EOF
- ser daemon-reload
- sgo certbotmail.timer
+ser daemon-reload
+sgo certbotmail.timer
+### end certbot install ###
+
+# dogcam setup
+case $HOSTNAME in
+ lj|li)
+ /a/bin/webcam/install-server
+ ;;
+ kw)
+ /a/bin/webcam/install-client
;;
- # todo: other distros unknown
esac
# website setup
@@ -338,7 +376,6 @@ case $HOSTNAME in
/a/h/build.rb
sudo -E /a/bin/mediawiki-setup/mw-setup-script
- #$src/phab-setup
pi-nostart mumble-server
s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
@@ -355,11 +392,23 @@ EOF
sgo mumble-server
- vpn-server-setup -d
- tee /etc/openvpn/client-config/mail <<'EOF'
+ vpn-server-setup -rd
+ s tee /etc/openvpn/client-config/mail <<'EOF'
ifconfig-push 10.8.0.4 255.255.255.0
EOF
+ # it\'s strange. docker seems to make the default for forward
+ # be drop, but then I set it to accept and it\'s stuck that way,
+ # I dun know why. But, let\'s make sure we can forward anyways.
+ s DEBIAN_FRONTEND=noninteractive pi iptables-persistent
+ rm /etc/iptables/rules.v6
+ s tee /etc/iptables/rules.v4 <<'EOF'
+*filter
+-A FORWARD -i tun+ -o eth0 -j ACCEPT
+-A FORWARD -i eth0 -o tun+ -j ACCEPT
+COMMIT
+EOF
+
sudo dd of=/etc/systemd/system/vpnmail.service <
+
EOF
# nginx version of above would be:
# auth_basic "Not currently available";
@@ -435,22 +489,29 @@ EOF
EOF
s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
- # jessie\'s node is too old
+ # stretch node is too old
# https://nodejs.org/en/download/package-manager/
- curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
- pi nodejs
+ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
+ pi nodejs graphicsmagick mongodb
cd /home/iank
- rm -rf pump.io.git
- git clone https://github.com/pump-io/pump.io.git
- cd pump.io
+ if [[ -e pump.io ]]; then
+ cd pump.io
+ git pull
+ else
+ git clone https://github.com/pump-io/pump.io.git
+ cd pump.io
+ fi
# note: doing this or the npm install pump.io as root had problems.
npm install
npm run build
# normally, next command would be
- # s npm install -g databank-mongodb
+ # s npm install -g odb
# but it\'s this until a bug in pump gets fixed
+ # https://github.com/pump-io/pump.io/issues/1287
s npm install -g databank-mongodb@0.19.2
- s useradd -m -s /bin/false pumpio
+ if ! getent passwd pumpio &>/dev/null; then
+ s useradd -m -s /bin/false pumpio
+ fi
sudo -u pumpio mkdir -p /home/pumpio/pumpdata
# for testing browser when only listening to localhost,
# in the pump.io.json, set hostname localhost, urlPort 5233
@@ -505,6 +566,8 @@ EOF
############# begin setup mastodon ##############
+ # main doc is Docker-Guide.md in docs repo
+
# I'd like to try gnu social just cuz of gnu, but it's not being
# well maintained, for example, simple pull requests
# languishing:
@@ -515,15 +578,19 @@ EOF
# note, docker required, but we installed it earlier
# i subscrubed to https://github.com/docker/compose/releases.atom
- # to deal with updates manually. So far, it means just reving the
- # version number, then restarting docker-compose with
- # cd ~/mastodon
- # docker-compose up -d
- curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
+ # to see release notes.
+ # i had some problems upgrading. blew things away with
+ # docker-compose down
+ # docker rmi $(docker images -q)
+ # s reboot now
+ # when running docker-compose run, kernel stack traces are printed to the journal.
+ # things seem to succeed, google says nothing, so ignoring them.
+ curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
s chmod +x /usr/local/bin/docker-compose
cd ~
+ s rm -rf mastodon
i clone https://github.com/tootsuite/mastodon
cd mastodon
# subbed to atom feed to deal with updates
@@ -546,7 +613,7 @@ LOCAL_HTTPS=true
SINGLE_USER_MODE=true
-SMTP_SERVER=10.8.0.4
+SMTP_SERVER=mail.iankelling.org
SMTP_PORT=25
SMTP_LOGIN=li
SMTP_FROM_ADDRESS=notifications@mast.iankelling.org
@@ -555,19 +622,40 @@ SMTP_DELIVERY_METHOD=smtp
EOF
for key in PAPERCLIP_SECRET SECRET_KEY_BASE OTP_SECRET; do
- printf "%s=%s" $key "$(docker-compose run --rm web rake secret)" >>.env.production
+ # 1 minute 7 seconds to run this docker command
+ # to generate a secret, and it has ^M chars at the end. wtf. really dumb
+ printf "%s=%s\n" $key "$(docker-compose run --rm web rake secret|dos2unix|tail -n1)" >>.env.production
done
- s cat /etc/mailpass| while read -r domain port pass; do
+ found=false
+ while read -r domain port pass; do
if [[ $domain == mail.iankelling.org ]]; then
- printf "SMTP_PASSWORD=%s" "$pass" >>.env.production
+ found=true
+ # remove the username part
+ pass="${pass#*:}"
+ printf "SMTP_PASSWORD=%s\n" "$pass" >>.env.production
break
fi
- done
-
+ done < <(s cat /etc/mailpass)
+ if ! $found; then
+ echo "$0: error, failed to find mailpass domain for mastadon"
+ exit 1
+ fi
+ # docker compose makes an interface named like br-8f3e208558f2. we need mail to
+ # get routed to us.
+ if ! s /sbin/iptables -t nat -C PREROUTING -i br-+ -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25; then
+ s /sbin/iptables -t nat -A PREROUTING -i br-+ -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
+ fi
+ docker-compose run --rm web rake mastodon:webpush:generate_vapid_key | grep -E '^VAPID_PUBLIC_KEY=|^VAPID_PRIVATE_KEY=' >> .env.production
+ logq docker-compose run --rm web rake db:migrate
docker-compose run --rm web rails assets:precompile
+ # avatar failed to upload, did
+ # docker logs mastodon_web_1
+ # google lead me to this
+ s chown -R 991:991 public/system
+
# docker daemon takes care of starting on boot.
docker-compose up -d
@@ -608,34 +696,143 @@ EOF
# we use nsupdate to update the ip of home
pi bind9
+ pi znc
+ # znc config generated by doing
+ # znc --makeconf
+ # selected port is also used in erc config
+ # comma separated channel list worked.
+ # while figuring things out, running znc -D for debug in foreground.
+ # to exit and save config:
+ # /msg *status shutdown
+ # configed auth on freenode by following
+ # https://wiki.znc.in/Sasl
+ # created the system service after, and had to do
+ # mv /home/iank/.znc/* /var/lib/znc
+ # sed -i 's,/home/iank/.znc/,/var/lib/znc,' /var/lib/znc/config/znc.conf
+ # and made a copy of the config files into /p/c
+ # added LoadModule = log -sanitize to the top level
+ # to get into the web interface,
+ # cat /etc/letsencrypt/live/iankelling.org/{privkey,cert,chain}.pem > /var/lib/znc/znc.pem
+ # then use non-main browser or else it doesn't allow it based on ocsp stapling from my main site.
+ # i'm going to figure out how to automate this when it expires. i know i can hook a script into the renewal. https://wiki.znc.in/FAQ seems to imply that znc doesn\'t need restart.
+ # todo: in config file AllowWeb = true should be false. better security if that is off unless we need it.
+ # todo: figure out how to make playback in erc happe.n
+ s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
+ chmod 700 /var/lib/znc
+ s dd of=/etc/systemd/system/znc.service 2>/dev/null <<'EOF'
+[Unit]
+Description=ZNC, an advanced IRC bouncer
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
+User=znc
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ ser daemon-reload
+ sgo znc
+
echo "$0: $(date): ending now)"
exit 0
;;
esac
+# needed for checkrestart
+if isdeb; then
+ spa debian-goodies
+fi
+
+
+
########### end section including li/lj ###############
-if [[ $HOSTNAME == treetowl ]]; then
+case $distro in
+ debian) spa gnome-session-flashback ;;
+ # flidas is missing dependency gnome-panel. others unknown
+esac
+
+
+
+case $distro in
+ trisquel|ubuntu|debian) spa ack-grep ;;
+ arch|fedora) spa ack ;;
+ # fedora unknown
+esac
+
+
+
+case $distro in
+ debian)
+ pi chromium ;;
+ xenial|ubuntu)
+ wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
+ cat < /dev/null; then
;;
esac
fi
+
+
+# trisquel 8 = openvpn, debian stretch = openvpn-client
+vpn_ser=openvpn-client
+if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
+ vpn_ser=openvpn
+fi
+
+s dd of=/etc/systemd/system/transmission-daemon-nn.service </dev/null; then
- s apt-get -fy install
- else
- exit 1
- fi
- ;;
- esac
- ;;
- arch)
- pi google-chrome
- ;;
- esac
- ;;
-esac
-
# printer
case $distro in
arch)
@@ -1040,7 +1387,7 @@ case $distro in
# In debian, I could use hte recommended driver,
# in arch, I had to pick out the 6L driver.
;;
- debian|ubuntu|trisquel)
+ debian|trisquel|ubuntu)
spa hplip
;;
# other distros unknown
@@ -1048,39 +1395,25 @@ esac
case $distro in
- ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
+ trisquel|ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
fedora|arch) spa mairix notmuch ;;
esac
case $distro in
arch) spa nfs-utils ;;
- ubuntu|debian) spa nfs-client ;;
+ trisquel|ubuntu|debian) spa nfs-client ;;
esac
case $distro in
- ubuntu|debian) spa par2 ;;
+ trisquel|ubuntu|debian) spa par2 ;;
arch|fedora) spa par2cmdline ;;
esac
# needed for my tex resume
case $distro in
- ubuntu|debian) spa texlive-full ;;
+ trisquel|ubuntu|debian) spa texlive-full ;;
arch) spa texlive-most ;;
# fedora unknown
esac
-case $distro in
- ubuntu)
- # flash, unrar, codecs, ms fonts.
- # This has a manual prompt.
- spa ubuntu-restricted-extras
- ;;
- fedora)
- pi yum-utils
- # rpm fusion recommended codecs
- s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
- pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
- xine-lib-extras-freeworld
- ;;
-esac
case $distro in
# optional dep for firefox for h.264 video
@@ -1089,7 +1422,7 @@ case $distro in
esac
case $distro in
- fedora|ubuntu|trisquel|debian) spa gnupg-agent ;;
+ fedora|trisquel|ubuntu|debian) spa gnupg-agent ;;
arch) : ;;
esac
@@ -1101,26 +1434,27 @@ esac
case $distro in
arch) spa firefox pulseaudio;;
- *) : ;; # comes default or with other packages
+ trisquel) spa abrowser ;;
+ *) : ;; # comes default or with other packages, or uknown
esac
case $distro in
arch) spa ttf-dejavu;;
- debian|ubuntu|trisquel) spa fonts-dejavu ;;
+ debian|trisquel|ubuntu) spa fonts-dejavu ;;
# others unknown
esac
case $distro in
arch) spa xorg-xev;;
- debian|ubuntu|trisquel) spa x11-utils ;;
+ debian|trisquel|ubuntu) spa x11-utils ;;
# others unknown
esac
case $distro in
arch) pi virt-install;;&
- debian|ubuntu|trisquel) pi virtinst ;;&
+ debian|trisquel|ubuntu) pi virtinst ;;&
*) pi virt-manager ;; # creates the libvirt group in debian at least
# others unknown
esac
@@ -1140,20 +1474,20 @@ for x in iank traci; do s usermod -a -G libvirt,kvm $x; done
case $distro in
arch) spa cdrkit;;
- debian|ubuntu|trisquel) spa genisoimage;;
+ debian|trisquel|ubuntu) spa genisoimage;;
# others unknown
esac
case $distro in
arch) spa spice-gtk3 ;;
- debian|ubuntu|trisquel) spa spice-client-gtk;;
+ debian|trisquel|ubuntu) spa spice-client-gtk;;
# others unknown
esac
# general known for debian/ubuntu, not for fedora
case $distro in
- debian|ubuntu|trisquel)
+ debian|trisquel|ubuntu)
pi golang-go
# a bit of googling, and added settings to bashrc
go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
@@ -1199,7 +1533,7 @@ esac
case $distro in
- arch|debian|ubuntu|trisquel) spa pumpa ;;
+ arch|debian|trisquel|ubuntu) spa pumpa ;;
# others unknown. do have a buildscript:
# /a/bin/buildscripts/pumpa ;;
esac
@@ -1207,123 +1541,21 @@ esac
case $distro in
debian) pi adb ;;
- debian|ubuntu|trisquel) spa android-tools-adbd/unstable ;;
+ debian|trisquel|ubuntu) spa android-tools-adbd ;;
+ # todo: not sure this is needed anymore, or if trisqel etc works even
+ # debian) spa android-tools-adbd/unstable ;;
arch) spa android-tools ;;
# other distros unknown
esac
-if [[ $HOSTNAME == treetowl ]]; then
- case $distro in
- debian)
- if [[ `debian-archive` == testing ]]; then
- # has no unstable dependencies
- pi bitcoind/unstable
- src=/a/opt/bitcoin/contrib/init/bitcoind.service
- s cp $src /etc/systemd/system
- p=/etc/bitcoin/bitcoin
- dst=/etc/systemd/system/bitcoinjm.service
- # jm for joinmarket
- $sed -r "/^\s*ExecStart/s,${p}.conf,${p}jm.conf," $src \
- >/etc/systemd/system/bitcoinjm.service
-
- d=jm; jm=d # being clever for succinctness
- for s in d jm; do
- s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
- /etc/systemd/system/bitcoin${s}.service
- done
-
- ser daemon-reload
-
- dir=/nocow/.bitcoin
- s mkdir -p $dir
- s chown -R bitcoin:bitcoin $dir
- dir=/etc/bitcoin
- s mkdir -p $dir
- s chown -R root:bitcoin $dir
- s chmod 750 $dir
-
- # pruning decreases the bitcoin dir to 2 gb, keeps
- # just the recent blocks. can\'t do a few things like
- # import a wallet dump.
- # pruning works, but people had to do
- # some manual stuff in joinmarket. I dun need the
- # disk space, so not bothering yet, maybe in a year or so.
- # https://github.com/JoinMarket-Org/joinmarket/issues/431
- #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
- #prune=550
-
- f=$dir/bitcoin.conf
- s dd of=$f </dev/null <
- DAV On
- AuthType Basic
- AuthName "Authentication Required"
- AuthUserFile "/etc/davpass"
- Require valid-user
-
-# outside the standard /var/www, so use this:
- Order allow,deny
- Allow from all
-
-EOF
- s mkdir -p /var/www/davlock
- s chown www-data:www-data /var/www/davlock
- s sed -i "1i DavLockDB /var/www/davlock/davlock" /etc/apache2/sites-enabled/dav.$HOME_DOMAIN.conf
- ser reload apache2
-
- teeu /etc/exports "/k/music *(ro,nohide,async,no_subtree_check,insecure)"
- exportfs -ra
-
- # kodi uses sqlite by default, but supports mysql.
- pi mariadb-server
-
- # see ofswiki.org for explanation.
- dbpass="$(cat /p/mysql-root-pass)"
- if ! echo exit|mysql -uroot "-p$dbpass"; then
- echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
- fi
- mysql -uroot "-p$dbpass" </dev/null; then # we are using a newer virt-install
- for v in 10 8.1 8; do
- if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
- variant=win$v
- break
- fi
- done
-fi
-
-if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
-
- # created account with
- # win10vmian@outlook.com, and easy to remember password
- # win 10 virtio, makes disk way way way faster
- # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
- # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
- # for installing virtio after initial install instead of with initial iso:
- # qemu-img create -f qcow2 fake.qcow2 1G
- # --disk=/a/images/virtio-win.iso,device=cdrom \
- # --disk=/a/images/fake.qcow2,bus=virtio
- # Also,
- # went to device manager, saw 2 pci devices with yellow !,
- # did search for drivers, pick cdrom location, done.
- #
- # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
- # google said there was a control panel option for it, but
- # that turned out to be a lie.
- # Put this in a .bat file and run as administrator to turn off
- # hyberboot which fucks things up.
- # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
- # power settings, turn off display: never
- # run "control userpasswords2", turn on automatic login.
- # note: when changing devices, I just undefine, the create the vm again.
-
- if [[ -e /nocow/user/vms/win10.qcow2 ]]; then
- s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
- --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
- -n win10 --import --os-variant $variant --cpu host-model-only
-
- s virsh destroy win10
- fi
-
- if [[ -e /nocow/user/vms/win7.qcow2 ]]; then
- # this one hasn\'t had the virtio fix done yet.
- s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
- --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
- -n win7 --import --os-variant win7 --cpu host-model-only
- s virsh destroy win7
- # had a problem with --cpu host, so trying out
- # --cpu host-model-only
- fi
-fi
-
-
-if [[ $HOSTNAME == treetowl ]]; then
- pi samba
- # note samba re-reads it\'s config every 1 minute
- case $distro in
- arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
- esac
-
- # add 2 lines after workgroup option
- s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
- s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
- s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
- # remove default homes section. not sharing that.
- s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
-
- if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
- s tee -a /etc/samba/smb.conf <<'EOF'
-[public]
- guest ok = yes
- read only = no
- path = /kr
-EOF
- fi
-
- case $distro in
- debian|ubuntu|trisquel)
- # systemd claims it generates units from /etc/init.d, but it
- # clearly doesn\'t in debian. I have no idea how they are
- # related. fuck debian right now. It\'s not documented. samba
- # has a systemd init file linked to /dev/null. There\'s this
- # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
- # claims samba\'s sub-services will be started automatically by
- # systemd... it didn\'t on install, wonder if it will on
- # boot. It clued me in how to start it manually though. Nothing
- # in /usr/share/doc/samba, debian admin guide says nothing about
- # any of this. (this is in debian testing as of 4/2016).
-
- s /etc/init.d/samba start
- ;;
- arch)
- sgo samba
- ;;
- esac
-fi
-
-tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
######### begin stuff belonging at the end ##########
-# Apps we want to override others for default file handler:
-# simplest way in debian is to just install them last.
-simple_packages+=(
- mpv
-)
-
case $distro in
ubuntu|debian)
spa spacefm-gtk3 ;;
@@ -1902,3 +1990,4 @@ if $pending_reboot; then
else
echo "$0: $(date): ending now)"
fi
+exit 0