X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=dde7a1026206449daf0f6affa9828b9424e3e84d;hb=69c1f384f54bba59a693c4ac9d61d8f7f3692269;hp=920de7f70a6a22405bd6c3535a03e23b70007d06;hpb=28d76e1e82027ad40d7ec48ff68839f1f035b7b1;p=distro-setup
diff --git a/distro-end b/distro-end
index 920de7f..dde7a10 100755
--- a/distro-end
+++ b/distro-end
@@ -35,6 +35,7 @@ spa() { # simple package add
distro=$(distro-name)
pending_reboot=false
+sed="sed --follow-symlinks"
# template
case $distro in
@@ -62,23 +63,37 @@ case $HOSTNAME in
# mutagen for pithos
simple_packages+=(
apache2
+ apache2-doc
+ apt-doc
+ aptitude-doc-en
+ bash-doc
+ binutils-doc
bwm-ng
chromium
+ cpio-doc
+ cron
debconf-doc
duplicity
eclipse
evince
fdupes
+ feh
filelight
+ gawk-doc
gcc-doc
gdb
+ gdb-doc
+ git-doc
gitk
+ glibc-doc
goaccess
gnome-screenshot
i3lock
+ iproute2-doc
jq
linux-doc
locate
+ make-doc
manpages
manpages-dev
meld
@@ -87,23 +102,29 @@ case $HOSTNAME in
offlineimap
p7zip
paprefs
+ parted-doc
pavucontrol
pdfgrep
+ perl-doc
pianobar
pidgin
+ python3-doc
python3-mutagen
reportbug
+ sqlite3-doc
squashfs-tools
swh-plugins
+ tar-doc
tcpdump
transmission-remote-gtk
vlc
+ whois
)
+ spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
;;
esac
-
########### begin section including li ################
@@ -177,8 +198,12 @@ esac
# no equivalent in other distros:
case $distro in
debian|ubuntu)
- pi apt-file aptitude
- s apt-file update
+ pi aptitude
+ if ! dpkg -s apt-file &>/dev/null; then
+ # this condition is just a speed optimization
+ pi apt-file
+ s apt-file update
+ fi
# for debconf-get-selections
spa debconf-utils
;;
@@ -251,7 +276,7 @@ case $HOSTNAME in
#$src/phab-setup
pi-nostart mumble-server
- s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
+ s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
sgo mumble-server
vpn-server-setup -d
@@ -263,8 +288,8 @@ Description=Turns on iptables mail nat
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
-ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
+ExecStart=/a/bin/distro-setup/vpn-mail-forward start
+ExecStop=/a/bin/distro-setup/vpn-mail-forward stop
[Install]
WantedBy=openvpn.service
@@ -273,7 +298,25 @@ EOF
ser enable vpnmail.service
acme-tiny-wrapper mail.iankelling.org
sgo openvpn
- tu /etc/hosts <<<"mail.iankelling.org 10.8.0.4"
+ tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org"
+ domain=cal.iankelling.org
+ acme-tiny-wrapper $domain
+ apache-site -f 10.8.0.4:5232 - $domain <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+
+ Options +FollowSymLinks +Multiviews +Indexes
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/caldav-htpasswd"
+ Require valid-user
+
+EOF
+ # nginx version of above would be:
+ # auth_basic "Not currently available";
+ # auth_basic_user_file /etc/nginx/caldav/htpasswd;
+
echo "$0: $(date): ending now)"
@@ -284,14 +327,30 @@ esac
########### end section including li/lj ###############
+case $distro in
+ debian|ubuntu)
+ # suggests because we want the resolvconf package.
+ # todo: check other distros to make sure it's installed
+ pi-nostart --install-suggests openvpn
+ # pi-nostart does not disable
+ ser disable openvpn
+ ;;
+ *) pi openvpn;;
+esac
+
if private-host; then
vpn-mk-client-cert -n mail li
- echo "ifconfig-push 10.8.0.4 255.255.255.0" | ssh root@li dd of=/etc/openvpn/client-config/$(openssl x509 -noout -subject -in mail.crt | sed -r 's/.*CN *= *([^,]+).*/\1/')
+ cn=$(s openssl x509 -noout -nameopt multiline -subject \
+ -in /etc/openvpn/client/mail.crt | \
+ sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p')
+ echo "ifconfig-push 10.8.0.4 255.255.255.0" | \
+ ssh root@li dd of=/etc/openvpn/client-config/"$cn"
fi
ser enable mailroute
if [[ $HOSTNAME == treetowl ]]; then
- # note, this will need to be changed when the mail host changes
+ # note, this will need to be changed when the mail/contacts host changes
sgo openvpn-client@mail
+ /a/bin/distro-setup/radicale-setup
fi
## android studio setup
@@ -332,10 +391,12 @@ if [[ $HOSTNAME == treetowl ]]; then
pi syncthing
;;
esac
+ lnf -T /w/syncthing /home/ian/.config/syncthing
sgo syncthing@ian # runs as ian
# these things persist in ~/.config/syncthing, which I save in
- # /p/c/machine_specific
+ # /w/syncthing (not in /p, because syncthing should continue to
+ # run on home server even when using laptop as primary device)
# open http://localhost:8384/
# change listen address from default to tcp://:22001,
# this is because we do port forward so it doesn\'t have to use
@@ -353,8 +414,16 @@ if [[ $HOSTNAME == treetowl ]]; then
# on dekstop, top right, actions, device id
# after adding, notification will appear on desktop to confirm
#
- # add folder to sync phone, notification will appear on desktop
- # to set folder location.
+ # syncing folder. from phone to desktop: select desktop in the
+ # folder on phone's sync options, notification will appear in
+ # desktop's web ui within a minute. For the reverse, the
+ # notification will appear in android's notifications, you have to
+ # swipe down and tap it to add the folder. It won't appear in the
+ # syncthing ui, which would be intuitive, but don't wait for it
+ # there.
+ #
+ # On phone, set settings to run syncthing all the time, and
+ # show no notification.
#
# Folder versioning would make sense if I didn\'t already use btrfs
# for backups. I would choose staggered, or trash can for more space.
@@ -398,6 +467,12 @@ EOF
# some reason it doesn't seem to start automatically anyways
pi-nostart transmission-daemon
+
+ # the folder was moved here after an install around 02/2017.
+ # it contains runtime data,
+ # plus a simple symlink to the config file which it's
+ # not worth separating out.
+ s lnf -T /i/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
#
# config file documented here, and it's the same config
# for daemon vs client, so it's documented in the gui.
@@ -407,26 +482,24 @@ EOF
# routing to a network namespace, it doesn't see the
# real source address, so it's disabled.
#
- # Changed the cache-size to 128 mb, reduces disk use.
+ # Changed the cache-size to 256 mb, reduces disk use.
# It is a read & write cache.
#
- # todo: setup a password.
s ruby <<'EOF'
require 'json'
p = '/etc/transmission-daemon/settings.json'
File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
'rpc-whitelist-enabled' => false,
'rpc-authentication-required' => false,
-'incomplete-dir' => '/k/partial-torrents',
+'incomplete-dir' => '/i/k/partial-torrents',
'incomplete-dir-enabled' => true,
'download-dir' => '/i/k/torrents',
"speed-limit-up" => 800,
"speed-limit-up-enabled" => true,
"peer-port" => 61486,
-"cache-size-mb" => 128,
-"ratio-limit" => 1.4000,
-"ratio-limit-enabled" => false,
-"pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
+"cache-size-mb" => 256,
+"ratio-limit" => 5.0,
+"ratio-limit-enabled" => true,
})) + "\n")
EOF
@@ -434,8 +507,8 @@ EOF
ser disable transmission-daemon
sgo transmission-daemon-nn
;;
- # todo: others unknown
-esac
+ # todo: others unknown
+ esac
fi
# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
@@ -475,19 +548,30 @@ esac
# only settings I set were
# hostname
# auto-connect
+# password
+
+
+# the password is randomly generated on first run
+rpc_pass=$(s ruby <<'EOF'
+require 'json'
+p = '/etc/transmission-daemon/settings.json'
+puts JSON.parse(File.read(p))["rpc-password"]
+EOF
+ )
+
for f in /home/*; do
d=$f/.config/transmission-remote-gtk
u=${f##*/}
s -u $u mkdir -p $d
- s -u $u dd of=$d/config.json <<'EOF'
+ s -u $u dd of=$d/config.json </etc/systemd/system/bitcoinjm.service
+
+ d=jm; jm=d # being clever for succinctness
+ for s in d jm; do
+ s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
+ /etc/systemd/system/bitcoin${s}.service
+ done
+
+ ser daemon-reload
+
+ dir=/nocow/.bitcoin
+ s mkdir -p $dir
+ s chown -R bitcoin:bitcoin $dir
+ dir=/etc/bitcoin
+ s mkdir -p $dir
+ s chown -R root:bitcoin $dir
+ s chmod 750 $dir
+
+ # pruning decreases the bitcoin dir to 2 gb, keeps
+ # just the recent blocks. can\'t do a few things like
+ # import a wallet dump.
+ # pruning works, but people had to do
+ # some manual stuff in joinmarket. I dun need the
+ # disk space, so not bothering yet, maybe in a year or so.
+ # https://github.com/JoinMarket-Org/joinmarket/issues/431
+ #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
+ #prune=550
+
+ f=$dir/bitcoin.conf
+ s dd of=$f </dev/null </dev/null; then
# run "control userpasswords2", turn on automatic login.
# note: when changing devices, I just undefine, the create the vm again.
- if [[ -e /a/images/win10.qcow2 ]]; then
+ if [[ -e /nocow/user/vms/win10.qcow2 ]]; then
s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
--disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
-n win10 --import --os-variant $variant --cpu host-model-only
@@ -1248,7 +1323,7 @@ if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
s virsh destroy win10
fi
- if [[ -e /a/images/win7.qcow2 ]]; then
+ if [[ -e /nocow/user/vms/win7.qcow2 ]]; then
# this one hasn\'t had the virtio fix done yet.
s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
--disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \