# shellcheck source=./pkgs
source $src/pkgs
-set -x
exec &> >(sudo tee -a /var/log/distro-end)
echo "$0: $(date): starting now)"
# see example of usage to understand.
fi
exit 0
}
-die() {
- printf "$0: %s\n" "$*" >&2; exit 1
+pre="${0##*/}:"
+s() {
+ printf "s %s\n" "$*"
+ SUDOD="$PWD" sudo -i "$@";
}
-spa() { # simple package add
- simple_packages+=($@)
+sd() {
+ s dd of="$1" 2>/dev/null
}
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; }
distro=$(distro-name)
codename=$(debian-codename)
codename_compat=$(debian-codename-compat)
conflink
-
# no equivalent in other distros:
if isdeb && pcheck apt-file; then
# this condition is just a speed optimization
# i'd rather disable the service than comment the init file
# this says disabling the service, it will still get restarted
# but this script doesn't do anything on restart, so it should be fine
- s dd of=/var/run/motd.dynamic if=/dev/null
+ s truncate -s0 /var/run/motd.dynamic
;;
trisquel|ubuntu)
# this isn't a complete solution. It still shows me when updates are available,
# but it's no big deal.
- s rm -f /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
+ s rm -fv /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
;;
esac
l="deb http://ppa.launchpad.net/certbot/certbot/ubuntu xenial main"
if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then
s add-apt-repository -y ppa:certbot/certbot ||:
- p update
+ m p update
fi
pi python-certbot-apache
else
- die "distro unknown for certbot"
+ err "distro unknown for certbot"
fi
# make a version of the certbot timer that emails me.
x=/systemd/system/certbot
-$sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
+$sed -r -f - /lib$x.timer <<'EOF' |sd /etc${x}mail.timer
s,^Description.*,\0 mail version,
EOF
-$sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
+$sed -r -f - /lib$x.service <<'EOF' |sd /etc${x}mail.service
s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
EOF
ser daemon-reload
-sgo certbotmail.timer
+m sgo certbotmail.timer
### end certbot install ###
# needed for debootstrap scripts for fai since fai requires debian
flidas)
curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
- s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
+ sd /etc/apt/preferences.d/flidas-xenial <<EOF
Package: *
Pin: release a=xenial
Pin-Priority: -100
Pin: release a=xenial-security
Pin-Priority: -100
EOF
- s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
+ sd /etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
deb http://us.archive.ubuntu.com/ubuntu/ xenial main
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
EOF
- s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
- s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
+ if ! apt-key list | grep /C0B21F32 &>/dev/null; then
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ sd /etc/apt/preferences.d/flidas-bionic <<EOF
Package: *
Pin: release a=bionic
Pin-Priority: -100
Pin: release a=bionic-security
Pin-Priority: -100
EOF
+ fi
# better to run btrfs-progs which matches our kernel version
# (note, renamed from btrfs-tools)
- s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
+ sd /etc/apt/preferences.d/btrfs-progs <<EOF
Package: btrfs-progs libzstd1
Pin: release a=bionic
Pin-Priority: 1005
if ! diff -q $t $f; then
s cp $t $f
s chmod 644 $f
- p update
+ m p update
fi
# no special reason, but its better for btrfs-progs to
# be closer to our kernel version
pi btrfs-progs
- t=$(mktemp -d)
- cd $t
- aptitude download debootstrap/xenial
- ex ./*
- s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+ if [[ ! -e /usr/share/debootstrap/scripts/xenial ]]; then
+ t=$(mktemp -d)
+ cd $t
+ m aptitude download debootstrap/xenial
+ m ex ./*
+ s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+ fi
- s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
+ sd /etc/apt/preferences.d/flidas-etiona <<EOF
Package: *
Pin: release a=etiona
Pin-Priority: -100
f=/etc/apt/sources.list.d/etiona.list
if ! diff -q $t $f; then
s cp $t $f
- s chmod 644 $f
- p update
+ n s chmod 644 $f
+ m p update
fi
- s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
+ sd /etc/apt/preferences.d/debian-goodies <<EOF
Package: debian-goodies
Pin: release n=etiona
Pin-Priority: 1005
EOF
- s dd of=/etc/apt/preferences.d/flidas-buster <<EOF
+ sd /etc/apt/preferences.d/flidas-buster <<EOF
Package: *
Pin: release n=buster
Pin-Priority: -100
# dont use buster because it causes dist-upgrade to think its downgrading
# packages while really just reinstalling the same version.
f=/etc/apt/apt.conf.d/01iank
- s rm -f $f
+ s rm -fv $f
# # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
- # s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
+ # sd /etc/apt/apt.conf.d/01iank <<'EOF'
# Acquire::AllowInsecureRepositories "true";
# EOF
f=/etc/apt/sources.list.d/buster.list
- s rm -f $f
+ s rm -fv $f
# t=$(mktemp)
# cat >$t <<EOF
# deb http://http.us.debian.org/debian buster main
# newer version needed for false positive in checkrestart.
# I did buster at first, but other problem above with having
# buster repos. not sure if the false positive exists in etiona.
- p install -y --allow-unauthenticated debian-goodies
+ pi debian-goodies
- s dd of=/etc/apt/preferences.d/shellcheck <<EOF
+ sd /etc/apt/preferences.d/shellcheck <<EOF
Package: shellcheck
Pin: release a=etiona
Pin-Priority: 1005
Pin-Priority: 1005
EOF
- s dd of=/etc/apt/preferences.d/bash <<EOF
+ sd /etc/apt/preferences.d/bash <<EOF
Package: bash
Pin: release a=etiona
Pin-Priority: 1005
######### end flidas pinned packages ######
##### begin automatic upgrades (after checkrestart has been installed) ####
-s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
+sd /etc/apt/apt.conf.d/10periodic <<'EOF'
# this file was mostly just comments.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
EOF
-s dd of=/etc/apt/apt.conf.d/50unattended-upgrades <<EOF
+sd /etc/apt/apt.conf.d/50unattended-upgrades <<EOF
# fyi: default file has comments about available options,
# you may want to read that, do pkx unattended-upgrades
Unattended-Upgrade::Mail "root";
# old names, too verbose
s rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot
-s dd of=/etc/cron.d/myupgrade <<'EOF'
+sd /etc/cron.d/myupgrade <<'EOF'
# Setup reboots when running outdated stuff, unattended upgrades happen
# at 6 am + rand(60 min).
20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
f=/var/lib/bind/db.b8.nz
if [[ ! -e $f ]]; then
ser stop bind9
- s rm -f $f.jnl
+ s rm -fv $f.jnl
s install -m 644 -o bind -g bind /p/c/machine_specific/linode/bind-initial/db.b8.nz $f
ser restart bind9
fi
case $HOSTNAME in
li) domain=iankelling.org ;;
esac
- /a/h/setup.sh $domain
- /a/h/build.rb
+ m /a/h/setup.sh $domain
+ m /a/h/build.rb
# start mumble only when im going to use it, since i dont use it much
pi-nostart mumble-server
# do certificate to avoid warning about unsigned cert,
# which is overkill for my use, but hey, I'm cool, I know
# how to do this.
- web-conf apache2 mumble.iankelling.org
- s rm -f /etc/apache2/sites-enabled/mumble.iankelling.org
- sudo -i <<'EOF'
+ m web-conf apache2 mumble.iankelling.org
+ s rm -fv /etc/apache2/sites-enabled/mumble.iankelling.org
+ s <<'EOF'
export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
/a/bin/distro-setup/certbot-renew-hook
EOF
# https://community.openvpn.net/openvpn/wiki/IPv6
# and man openvpn
- vpn-server-setup -rd 2600:3c00:e000:280::1/64 2600:3c00::f03c:91ff:feb4:0bf3
+ m vpn-server-setup -rd 2600:3c00:e000:280::1/64 2600:3c00::f03c:91ff:feb4:0bf3
s tee /etc/openvpn/client-config/mail <<'EOF'
ifconfig-push 10.8.0.4 255.255.255.0
ifconfig-ipv6-push 2600:3c00:e000:280::2/64
WantedBy=$vpn_service.service
EOF
ser daemon-reload
- sgo vpnmail.service
+ m sgo vpnmail.service
# needed for li's local mail delivery.
tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org"
- sgo $vpn_service
+ m sgo $vpn_service
# setup let's encrypt cert
- web-conf apache2 mail.iankelling.org
- s rm /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
+ m web-conf apache2 mail.iankelling.org
+ s rm -fv /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
ser reload apache2
domain=cal.iankelling.org
s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
s chmod 700 /var/lib/znc
s chown -R znc:znc /var/lib/znc
- s dd of=/etc/systemd/system/znc.service 2>/dev/null <<'EOF'
+ sd /etc/systemd/system/znc.service 2>/dev/null <<'EOF'
[Unit]
Description=ZNC, an advanced IRC bouncer
After=network-online.target
WantedBy=multi-user.target
EOF
ser daemon-reload
- sgo znc
+ m sgo znc
###### stop znc setup #####
end
pi ${pall[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}') $(apt-cache depends gcc|grep -i suggests:| awk '{print $2}') $($src/distro-pkgs)
-sgo fsf-vpn-dns-cleanup
+m sgo fsf-vpn-dns-cleanup
# website is dead june 14 2019. back in october, but meh
-s rm -f /etc/apt/sources.list.d/iridium-browser.list
+s rm -fv /etc/apt/sources.list.d/iridium-browser.list
# case $distro in
# debian)
# pi chromium ;;
# done
# key already exists, so this won't generate one, just the configs.
-vpn-server-setup -rds
+m vpn-server-setup -rds
s tee -a /etc/openvpn/server/server.conf <<'EOF'
push "dhcp-option DNS 10.0.0.1"
push "route 10.0.0.0 255.255.0.0"
else
vpn_service=openvpn@server
fi
- sgo $vpn_service
+ m sgo $vpn_service
fi
### end vpn server setup
##### rss2email
# note, see bashrc for more documentation.
pi rss2email
-s dd of=/etc/systemd/system/rss2email.service <<'EOF'
+sd /etc/systemd/system/rss2email.service <<'EOF'
[Unit]
Description=rss2email
After=multi-user.target
# we pass options to use different location.
ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run
EOF
-s dd of=/etc/systemd/system/rss2email.timer <<'EOF'
+sd /etc/systemd/system/rss2email.timer <<'EOF'
[Unit]
Description=rss2email
######### begin pump.io periodic backup #############
if [[ $HOSTNAME == frodo ]]; then
- s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
+ sd /etc/systemd/system/pumpbackup.service <<'EOF'
[Unit]
Description=pump li backup
After=multi-user.target
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
EOF
- s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF'
+ sd /etc/systemd/system/pumpbackup.timer <<'EOF'
[Unit]
Description=pump li backup hourly
[Install]
WantedBy=timers.target
EOF
- s systemctl daemon-reload
- sgo pumpbackup.timer
+ ser daemon-reload
+ m sgo pumpbackup.timer
fi
######### end pump.io periodic backup #############
######### begin irc periodic backup #############
if [[ $HOSTNAME == frodo ]]; then
- s dd of=/etc/systemd/system/ircbackup.service <<'EOF'
+ sd /etc/systemd/system/ircbackup.service <<'EOF'
[Unit]
Description=irc li backup
After=multi-user.target
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once irc-backup rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /k/irclogs
EOF
- s dd of=/etc/systemd/system/ircbackup.timer <<'EOF'
+ sd /etc/systemd/system/ircbackup.timer <<'EOF'
[Unit]
Description=irc li backup hourly
######### end irc periodic backup #############
-# https://github.com/jlebon/textern
-cd /a/opt/textern
-make native-install USER=1
-
case $distro in
debian|trisquel|ubuntu)
# suggests resolvconf package. installing it here is redundant, but make sure anyways.
*) pi openvpn;;
esac
-/a/bin/distro-setup/radicale-setup
+m /a/bin/distro-setup/radicale-setup
############# begin syncthing setup ###########
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
s="deb http://apt.syncthing.net/ syncthing release"
if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != "$s" ]]; then
- echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
+ echo "$s" | sd /etc/apt/sources.list.d/syncthing.list
p update
fi
fi
pi syncthing
- lnf -T /w/syncthing /home/iank/.config/syncthing
+ m lnf -T /w/syncthing /home/iank/.config/syncthing
ser daemon-reload # syncthing likely not properly packaged
- sgo syncthing@iank # runs as iank
+ m sgo syncthing@iank # runs as iank
# these things persist in ~/.config/syncthing, which I save in
# /w/syncthing (not in /p, because syncthing should continue to
# sakura config is owned by ian
-reset-sakura
-reset-konsole
-sudo -u user2 -i reset-konsole
+m reset-sakura
+m reset-konsole
+m sudo -u user2 -i reset-konsole
# user2 xscreensaver we don't want to reset
-reset-xscreensaver
+m reset-xscreensaver
# this would install from cabal for newer / consistent version across os, but it screws up xmonad, so disabled for now.
# also, i assume syncing this between machines somehow messed thin
#lnf -T /m/arbtt-capture.log ~/.arbtt/capture.log
-primary-setup
+m primary-setup
if [[ ! -e ~/.linphonerc && -e /p/.linphonerc-initial ]]; then
- cp /p/.linphonerc-initial ~/.linphonerc
+ m cp /p/.linphonerc-initial ~/.linphonerc
fi
### begin spd install
pi libswitch-perl libdigest-md5-file-perl libgnupg-interface-perl
t=$(mktemp)
-wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb
+m wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb
s dpkg -i $t
-rm $t
+m rm $t
# this guesses at the appropriate directory, adjust if needed
perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
-sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]}
+m sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]}
# newer distro had gpg2 as default, older one, flidas, need to make it that way
gpgpath=$(which gpg2)
if [[ $x ]]; then
fi
apps=($@)
d=/nocow/schroot/$n
- s dd of=/etc/schroot/chroot.d/$n.conf <<EOF
+ sd /etc/schroot/chroot.d/$n.conf <<EOF
[$n]
description=$n
type=directory
fi
s cp -P {,$d}/etc/localtime
}
-s dd of=/etc/systemd/system/schrootupdate.service <<'EOF'
+sd /etc/systemd/system/schrootupdate.service <<'EOF'
[Unit]
Description=schrootupdate
After=multi-user.target
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once schrootupdate /a/bin/distro-setup/schrootupdate
EOF
-s dd of=/etc/systemd/system/schrootupdate.timer <<'EOF'
+sd /etc/systemd/system/schrootupdate.timer <<'EOF'
[Unit]
Description=schrootupdate
[Install]
WantedBy=timers.target
EOF
-s systemctl daemon-reload
-sgo schrootupdate.timer
+ser daemon-reload
+m sgo schrootupdate.timer
# for my roommate
case $distro in
trisquel)
- mkschroot debian stretch firefox-esr pulseaudio chromium
+ m mkschroot debian stretch firefox-esr pulseaudio chromium
;;
debian)
pi chromium
vpn_ser=openvpn
fi
-s dd of=/etc/systemd/system/transmission-daemon-nn.service <<EOF
+sd /etc/systemd/system/transmission-daemon-nn.service <<EOF
[Unit]
Description=Transmission BitTorrent Daemon netns
After=network.target
ser daemon-reload
if [[ $HOSTNAME == frodo ]]; then
- sgo transmission-daemon-nn
+ m sgo transmission-daemon-nn
fi
rpc_pass=$(</p/transmission-rpc-pass)
for f in /home/*; do
u=${f##*/}
- if [[ ! $(id -u $u) -ge 1000 ]]; then
+ uid=$(id -u $u 2>/dev/null) || continue
+ if [[ ! $uid -ge 1000 ]]; then
continue
fi
d=$f/.config/transmission-remote-gtk
# http://wiki.qemu.org/Features-Done/HelperNetworking
# s mkdir /etc/qemu
# f=/etc/qemu/bridge.conf
-# s dd of=$f <<'EOF'
+# sd $f <<'EOF'
# allow br0
# EOF
# #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
# general known for debian/ubuntu, not for fedora
-/a/bin/buildscripts/go
+m /a/bin/buildscripts/go
+m /a/bin/buildscripts/rust
+m /a/bin/buildscripts/misc
pi-nostart virtinst virt-manager
# also built latest arduino in /a/opt/Arduino, (just cd build; ant build; ant run )
# set arduino var in bashrc,
# have system config file setup too.
-sudo adduser $USER dialout
+s adduser $USER dialout
# this is for the mail command too. update-alternatives is kind of misleading
# since at least it's main commands pretend mail does not exist.
# displays l and I as the same char, grrrrr.
s fc-cache
-/a/bin/distro-setup/mymimes
+m /a/bin/distro-setup/mymimes
-sgo dynamicipupdate
+m sgo dynamicipupdate
# stop autopoping windows when i plug in an android phone.
# dbus-launch makes this work within an ssh connection, otherwise you get this message,
# with still 0 exit code.
# dconf-WARNING **: failed to commit changes to dconf: Cannot autolaunch D-Bus without X11 $DISPLAY
-dbus-launch gsettings set org.gnome.desktop.media-handling automount-open false
+m dbus-launch gsettings set org.gnome.desktop.media-handling automount-open false
# on grub upgrade, we get prompts unless we do this
sgo btrfsmaintstop.timer
# aren't autoupdating this, but I do check on it somewhat regularly.
-cd /a/opt/btrbk
+m cd /a/opt/btrbk
s make install
-sgo btrbk.timer
+m sgo btrbk.timer
# note: to see when it was last run,
# ser list-timers
because the default edge scroll doesn\'t work. Originally found this in debian.
EOF
-case $distro in
- debian)
- # remove dep that came in with desktop
- pu transmission-gtk
- ;;
-esac
-
+# Remove dep that came in with desktop to fix associations.
+m pu transmission-gtk
-s gpasswd -a iank adm ;; #needed for reading logs
+s gpasswd -a iank adm #needed for reading logs
-/a/bin/buildscripts/pithosfly
+m /a/bin/buildscripts/pithosfly
# # Based on guix manual instructions, also added code to profile.
pi tor
-/a/bin/buildscripts/tor-browser
+m /a/bin/buildscripts/tor-browser
# nfs server
-pi-nostart nfs-server
+pi-nostart nfs-kernel-server
# networkmanager has this nasty behavior on flidas: if the machine
# crashes with dnsmasq running, on subsequent boot, it adds an entry to
iankelling.org / git / distro-setup / commitdiff