X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=ba0b585482efd636a10dde0c64c5ba7060d110a7;hb=1f027ea146ea6c62002a8f67f831273a5c431b52;hp=16fc7a5b0afbcfe6e46291c24ce4edbf3a1e744d;hpb=89a1a98bb918fdf856d34900610413c79e32897e;p=distro-setup
diff --git a/distro-end b/distro-end
index 16fc7a5..ba0b585 100755
--- a/distro-end
+++ b/distro-end
@@ -1,9 +1,25 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-# shellcheck source=/a/bin/ds/.bashrc
-export LC_USEBASHRC=t; if [[ -s ~/.bashrc ]]; then . ~/.bashrc; fi
+# Setup Ian's computers
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# shellcheck source=./brc
+source ~/brc
### setup
source /a/bin/bash-bear-trap/bash-bear
@@ -151,8 +167,6 @@ EOF
t=$(mktemp)
case $n in
bookworm)
- cat >$t <<'EOF'
-EOF
cat >$t <= 1 )); then
- rm -f ${files[@]}
- fi
- ngreset
- for host in ${!vpn_ips[@]}; do
- sd /etc/openvpn/client-config-hole/$host < websocket server settings -> generate/copy password
+ #
+ # note: obs-studio on gnu does not support webrtc, it seems mainly because
+ # libdatachannel is not packaged. If it was, it would just need to do
+ # apt source obs-studio, obs-studio-30.1.1/debian/rules set -DENABLE_WEBRTC=ON
+ #
+ # I did manage to build libdatachannel following its instructions, then make install,
+ # then obs failed due to nvidia. found those options to disable with
+ # rg 'option\(ENABLE' | gr nv, then build obs like so:
+ #
+ # cmake -DLINUX_PORTABLE=ON -DCMAKE_INSTALL_PREFIX="${HOME}/obs-studio-portable" -DENABLE_BROWSER=OFF -DENABLE_AJA=OFF -DENABLE_NEW_MPEGTS_OUTPUT=OFF -DENABLE_WEBRTC=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DENABLE_NVVFX=OFF -DENABLE_NVAFX=OFF -DENABLE_NATIVE_NVENC=OFF ..
+ #
+ #
+ #
+ # however, I didn't end up trying it out.
+ #
+ # note, in terminal source, i setup a transform so it would show the
+ # bottom 1080p section of the terminal instead of the top if the
+ # screen was bigger. click like 2 times in the preview so the red
+ # lines show up, right click, edit transform (or ctrl-e). bounding
+ # box type: scale to width of bounds. alignment in bounding box:
+ # bottom left. bounding box size 1920 x 1080.
+
# ppa:obsproject/obs-studio
if [[ ! -s /etc/apt/sources.list.d/obs.list ]]; then
# https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
@@ -767,6 +807,7 @@ EOF
p update
fi
;;
+
esac
case $codename_compat in
@@ -1515,7 +1556,8 @@ m /a/bin/buildscripts/go
# only needed for rg. cargo takes up 11 gigs, filled up the disk on je.
m /a/bin/buildscripts/rust
m /a/bin/buildscripts/misc
-m /a/bin/buildscripts/pithosfly
+
+#m /a/bin/buildscripts/pithosfly
#m /a/bin/buildscripts/alacritty
#m /a/bin/buildscripts/kitty
@@ -1793,7 +1835,7 @@ case $HOSTNAME in
/c/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus
# make it available for other machines
rsync -a /usr/local/bin/amtool /a/opt/bin
- web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
+ web-conf -p 9091 -f 9090 - apache2 b8.nz <<'EOF'
AuthType Basic
AuthName "basic_auth"
@@ -1804,7 +1846,7 @@ Require valid-user
EOF
- web-conf -p 9094 -f 9093 - apache2 i.b8.nz <<'EOF'
+ web-conf -p 9094 -f 9093 - apache2 b8.nz <<'EOF'
AuthType Basic
AuthName "basic_auth"
@@ -1854,10 +1896,11 @@ case $HOSTNAME in
# listen on the wireguard interface
*)
- wgip=$(command sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf)
- # old filename. remove once all hosts are updated.
- s rm -fv /etc/apache2/sites-enabled/${HOSTNAME}wg.b8.nz.conf
- web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF'
+ if [[ -e /etc/wireguard/wghole.conf ]]; then
+ wgip=$(command sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf)
+ # old filename. remove once all hosts are updated.
+ s rm -fv /etc/apache2/sites-enabled/${HOSTNAME}wg.b8.nz.conf
+ web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF'
AuthType Basic
AuthName "basic_auth"
@@ -1867,14 +1910,14 @@ AuthUserFile "/etc/prometheus-export-htpasswd"
Require valid-user
EOF
- # For work, i think we will just use the firewall for hosts in the main data center, and
- # vpn for hosts outside it.
+ # For work, i think we will just use the firewall for hosts in the main data center, and
+ # vpn for hosts outside it.
- # TODO: figure out how to detect the ping failure and try again.
+ # TODO: figure out how to detect the ping failure and try again.
- # Binding to the wg interface, it might go down, so always restart, and wait for it on boot.
- s mkdir /etc/systemd/system/apache2.service.d
- sd /etc/systemd/system/apache2.service.d/restart.conf <
- Options FollowSymLinks
- DirectoryIndex index.php index.html
- AllowOverride AuthConfig
- #
- # The default Debian nagios4 install sets use_authentication=0 in
- # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
- # This is insecure. As a compromise this default apache2 configuration
- # only allows private IP addresses access.
- #
- # The ... below shows how you can secure the nagios4
- # web site so anybody can view it, but only authenticated users can issue
- # commands (such as silence notifications). To do that replace the
- # "Require all granted" with "Require valid-user", and use htdigest
- # program from the apache2-utils package to add users to
- # /etc/nagios4/htdigest.users.
- #
- # A step up is to insist all users validate themselves by moving
- # the stanza's in the .. into the .
- # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
- # can configure which people get to see a particular service from
- # within the nagios configuration.
- #
- AuthDigestDomain "Nagios4"
- AuthDigestProvider file
- AuthUserFile "/etc/nagios4-htdigest.users"
- AuthGroupFile "/etc/group"
- AuthName "Nagios4"
- AuthType Digest
- Require valid-user
-
-
-
- Options +ExecCGI
-
-EOF
- ;;
-esac
-
-# when you alter a service through the web, it changes vars in /var/lib/nagios4/status.dat. for example:
-# notifications_enabled=1
-# note, the same variable exists in the correspdonding "define service {"
-
-# in the default config, we have these definitions
-
-# 11 define command {
-# 2 define contact {
-# 1 define contactgroup {
-# 9 define host {
-# 4 define hostgroup {
-# 23 define service {
-# 5 define timeperiod {
-
-
-# on klaxon
-
-# klaxon:/etc/nagios3 # grep -rho '^ *define [^{ ]*' | sort | uniq -c
-# 76 define command
-# 11 define contact
-# 6 define contactgroup
-# 162 define host
-# 1 define hostextinfo
-# 16 define hostgroup
-# 3040 define service
-# 2 define servicedependency
-# 6 define timeperiod
-
-
-
-
-### end nagios ###
-
### begin bitcoin ###
case $HOSTNAME in
- sy|kd)
- sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-26.0/bin/*
+ sy|kd|so)
+ sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-27.0/bin/*
# Note: i leave it to system-status to start and stop bitcoin.
# note: the bitcoin user & group are setup in fai
sudo usermod -a -G bitcoin iank
@@ -2015,9 +1959,39 @@ esac
# `mpv --cache=no` had about 2.5 sec latency vs 4 seconds.
# Then I discovered this command which had about .5 sec latency:
#ffplay -f live_flv -fast -x 1280 -y 720 -fflags nobuffer -flags low_delay -strict experimental -vf "setpts=N/60/TB" -af "asetpts=N/60/TB" -noframedrop -i rtmp://url_here
+## a lot of those args arent needed, here is what I ended up with:
+# #ffplay -f live_flv -fflags nobuffer -flags low_delay -i rtmp://localhost/live
#
-pi nginx libnginx-mod-rtmp
-
+# A problem with rtmp is that it doesn't support vp8/vp9, requiring the partly patent encumbered h264.
+# Looking at alternative protocols: dash & hls are both high latency, I tested dash with the nginx-rtmp
+# module and got about 5 seconds of latency, web results imply that is normal.
+#
+# Webrtc is what jitsi & bbb use, but an annoying thing is that
+# generally requires a web browser with javascript, or some special
+# client, and afaik, it has a smaller limit on number of clients.
+#
+# Another option is to try rtp/rtsp, there are some servers here:
+# https://en.wikipedia.org/wiki/Real-Time_Streaming_Protocol
+
+
+## reference for setting up rtmp
+# pi nginx libnginx-mod-rtmp
+# cat >/etc/nginx/modules-enabled/rtmp.conf <<'EOF'
+## based on https://opensource.com/article/19/1/basic-live-video-streaming-server#comments
+## and https://github.com/arut/nginx-rtmp-module/wiki/Directives
+
+# rtmp {
+# allow publish 127.0.0.1;
+# deny publish all;
+# server {
+# listen 1935;
+# application live {
+# live on;
+# record off;
+# }
+# }
+# }
+# EOF
### end live streaming ###
@@ -2042,6 +2016,7 @@ curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo
### end gh ####
+
# remove trisquel banner. it is cool but takes up too much space.
sudo rm -f /etc/update-motd.d/01-banner
@@ -2091,6 +2066,13 @@ m /a/bin/buildscripts/tor-browser
s ln -sf /a/opt/tor-browser/Browser/start-tor-browser /usr/local/bin
+case $HOSTNAME in
+ kd)
+ web-conf -p 4500 -f 4533 -e ian@iankelling.org apache2 b8.nz
+ sgo navidrome
+ ;;
+esac
+
# nfs server
pi-nostart nfs-kernel-server