dry_run=false # mostly for testing
resume_arg=
-temp=$(getopt -l help hcnrt: "$@") || usage 1
+temp=$(getopt -l help hcnprt: "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
-c) conf_only=true; shift ;;
-n) dry_run=true; dry_run_arg=-n; shift ;;
+ -p) progress_arg="--progress"; shift ;;
# btrbk arg: Resume only. Skips snapshot creation.
-r) resume_arg=-r; shift ;;
- -t) IFS=, targets=($2); shift 2 ;;
+ -t) IFS=, targets=($2); unset IFS; shift 2 ;;
-h|--help) usage ;;
--) shift; break ;;
*) echo "$0: Internal error!" ; exit 1 ;;
target send-receive ssh://$tg$vol/btrbk
EOF
}
-m() { printf "%s\n" "$*"; "$@"; }
+m() { printf "%s: %s\n" "${0##*/}" "$*"; "$@"; }
if ! which btrbk &>/dev/null; then
echo "$0: error: no btrbk binary found"
fi
-if [[ $- == *i* ]]; then
- progress_arg=--progress
-fi
-
cat >/etc/btrbk.conf <<'EOF'
ssh_identity /root/.ssh/id_rsa
# Just a guess that local7 is a good facility to pick.
targets=($HOME_DOMAIN)
fi
;;
+ treetowl)
+ targets=(frodo)
+ if timeout -s 9 10 ssh x2 :; then
+ targets+=(x2)
+ fi
+ ;;
+ *)
+ targets=(frodo)
+ ;;
esac
- targets=(frodo)
+ echo "targets: ${targets[*]}"
fi
fi
fi
-s mkdir -p /q/i/{w,k}
+s mkdir -p /q /i/{w,k}
for dir in /{i,w,k}; do
if mountpoint $dir; then continue; fi # already mounted
s mkdir -p $dir
# then waits endlessly for them on bootup, after the /dev/mapper disks
# have already been created and exist. todo: create a simple repro
# for this in a vm and report it upstream.
+pi nfs-common
s dd of=/root/imount <<'EOF'
#!/bin/bash
[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
for dir in /i /mnt/iroot /w /k /kr; do
- if ! mountpoint $dir &>/dev/null && \
- awk '{print $2}' /etc/fstab | grep -xFq $dir; then
- mount $dir
- fi
+ if ! mountpoint $dir &>/dev/null && \
+ awk '{print $2}' /etc/fstab | grep -xF $dir &>/dev/null; then
+ if awk '{print $3}' /etc/fstab | grep -xF nfs &>/dev/null; then
+ mount $dir || echo "warning: failed to mount nfs on $dir"
+ else
+ mount $dir
+ fi
+ fi
done
EOF
s chmod +x /root/imount
if isdeb; then
- # I've had problems with postfix on debian:
+ # I\'ve had problems with postfix on debian:
# on stretch, a startup ordering issue caused all mail to fail.
# postfix changed defaults to only use ipv6 dns, causing all my mail to fail.
# exim4 is default on debian, so I assume it would
# be packaged better to avoid these types of things.
- # I haven't gotten around to getting a non-debian exim
+ # I haven\'t gotten around to getting a non-debian exim
# setup.
mail-setup exim4
- else
- mail-setup postfix
+else
+ mail-setup postfix
fi
- if isubuntu; then
- # disable crash report annoying crap
- s dd of=/etc/default/apport <<<'enabled=0'
- fi
+if isubuntu; then
+ # disable crash report annoying crap
+ s dd of=/etc/default/apport <<<'enabled=0'
+fi
# fai sets this an old way that doesn't work for stretch.
# no harm in setting it universally here.
# using debconf-set-selection, the area gets reset to ETC
# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
# so we are using expect :(
+# I got a random error when running this, so I added a sleep
+# rather than trying to write a whole detect and wait loop.
+# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
+# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
+sleep 1
s apt-get -y install --no-install-recommends expect
s expect <<EOF
set force_conservative 0
manpages
manpages-dev
meld
+ mumble
nmap
offlineimap
p7zip
pianobar
pidgin
python3-mutagen
+ reportbug
squashfs-tools
swh-plugins
tcpdump
transmission-remote-gtk
vlc
+ wcd
)
;;
esac
pi "${simple_packages[@]}"
simple_packages=()
+# website setup
case $HOSTNAME in
lj|li)
sudo -E /a/bin/mediawiki-setup/mw-setup-script
#$src/phab-setup
+ pi-nostart mumble-server
+ s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" mumble-server.ini
+ sgo mumble-server
+
echo "$0: $(date): ending now)"
exit 0
;;
esac
+
########### end section including li/lj ###############
# I originaly setup rpc-whitelist, but after using
# routing to a network namespace, it doesn't see the
# real source address, so it's disabled.
+ #
+ # Changed the cache-size to 128 mb, reduces disk use.
+ # It is a read & write cache.
+ #
# todo: setup a password.
s ruby <<'EOF'
require 'json'
'incomplete-dir' => '/k/partial-torrents',
'incomplete-dir-enabled' => true,
'download-dir' => '/i/k/torrents',
-"speed-limit-up" => 700,
+"speed-limit-up" => 800,
"speed-limit-up-enabled" => true,
"peer-port" => 61486,
+"cache-size-mb" => 128,
"ratio-limit" => 1.4000,
"ratio-limit-enabled" => false,
"pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
# has no unstable dependencies
spa bitcoin-qt/unstable
fi
- ;;
- s cp /a/opt/bitcoin/contrib/init/bitcoind.service /usr/lib/systemd/system
- ser daemon-reload
- sgo bitcoind
-
- s mkdir -p $dir
- s touch $f
- s chmod -R o-rwx $dir
- s chown -R bitcoin:bitcoin $dir
- s dd of=$f <<EOF
+ s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
+ ser daemon-reload
+
+ dir=/nocow/.bitcoin
+ s mkdir -p $dir
+ s chown -R bitcoin:bitcoin $dir
+ dir=/etc/bitcoin
+ s mkdir -p $dir
+ s chown -R root:bitcoin $dir
+ s chmod 750 $dir
+ f=$dir/bitcon.conf
+
+ # pruning decreases the bitcoin dir to 2 gb, keeps
+ # just the recent blocks. can't do a few things like
+ # import a wallet dump.
+ # pruning works, but people had to do
+ # some manual stuff in joinmarket. I dun need the
+ # disk space, so not bothering yet, maybe in a year or so.
+ # https://github.com/JoinMarket-Org/joinmarket/issues/431
+ #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
+ #prune=550
+
+ s dd of=$f <<EOF
rpcbind=127.0.0.1
server=1
rpcpassword=$(openssl rand -base64 32)
walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
EOF
+ ;;
# other distros unknown
esac
if [[ $HOSTNAME == treetowl ]]; then
- # dunno about sharing a wallet between multiple instances
+ pi libsodium-dev python3-pip
+ cd /a/opt/joinmarket
+ # using develop branch, as it seems to be mostly bug fixes,
+ # and this is quite new software.
+ # note: python3 does not work.
+ pip install -r requirements.txt
+ # we need bitcoin.conf in the data dir according to
+ # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
+ # following the example .service script, I don\'t have it there,
+ # and I generate it, so lets just symlink it.
+ sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
+
+ # one time, manually did python wallet-tool.py generate.
+ # The "wallet" is just a key which deterministically generates addresses.
+ # One time: move the wallet, then link to it.
+ # ln -s /p/joinmarket/wallet.json wallets
+ #
+ # see wallet addresses via:
+ # python wallet-tool.py wallet.json
+ # send to the first 3 mixing depth 0 addresses.
+ # depths are like "identities", to separate out association with
+ # each other. the big hash in that output is the depth/branch id,
+ # ignore it afaik.
+ #
+ # after sending btc to wallet from a 3rd party service, check that
+ # at least 20% of utxo of each transaction was sent to you,
+ # btc listtransactions 10 0 true
+ # btc getrawtransaction TXID 1
+ #
+ # to view status, do
+ # python wallet-tool.py wallet.json history
+ #
+ # to help make other people,
+ # python yield-generator-basic.py wallet.json
+
+ for var in rpcuser rpcpassword; do
+ u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
+ # escape backslashes
+ u="${u//\\/\\\\\\\\}"
+ # escape commas
+ u="${u//,/\\,}"
+ sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
+ done
+ sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
+ # dunno about sharing a wallet between multiple instances
+ # manually did, wallet.dat symlinked in /nocow/.bitcoin
sgo bitcoind
fi
--- /dev/null
+#!/bin/bash
+
+# note: starting emacs server can hang due to errors in init files
+# which don't cause problems for non-server emacs. And things
+# that aren't errors can cause hang too, like when I added gnus
+# git to load path.
+
+# I was experimenting with running
+# under gdb always to diagnose any hangs/crashes
+# and it won't work due to a gdb crash:
+# gdb -ex="set follow-fork-mode child" -ex=r -ex=quit --args emacsclient -nc
+# -n = --no-wait, go into background
+# -c = create new frame instead of reusing the current frame
+# -a = alternate editor, empty string makes it start emacs daemon.
+# This is also set via env variable, but that doesn't propagate everywhere.
+
+
+if pgrep -u $EUID emacsclient && (( $# )); then
+ emacsclient -a "" -n "$@"
+else
+ emacsclient -a "" -nc "$@"
+fi
--- /dev/null
+#!/bin/bash
+
+# force creation of new frame.
+exec emacsclient -a "" -nc "$@"
# it might work in /etc/aliases, but this seems more proper.
e $forward > ~/.forward
e $forward | s tee /root/.forward
+# exim log complains about 664 permissions.
+s chmod 644 ~/.forward /root/.forward
# offlineimap uses this too, it is much easier to use one location than to
*) :
esac
-read -r domain pass < <(s cat /etc/mailpass)
+read -r domain pass < <(s cat /etc/mailpass) # format: domain user:pass
if postfix; then
# dunno why, but debian installed postfix with builddep emacs
# but I will just explicitly install it here since
f=/etc/postfix/sasl_passwd
s touch $f
s chmod 600 $f
- echo "[$domain]:587 ${pass/@/#}" | s dd of=/etc/postfix/sasl_passwd >/dev/null
+ printf "[%s]:587 %s" "$domain" "${pass/@/#}" | s dd of=/etc/postfix/sasl_passwd 2>/dev/null
s postmap hash:/etc/postfix/sasl_passwd
s service postfix reload
else
f=/etc/exim4/passwd.client
s touch $f
s chmod 640 $f # before writing sensitive info
- echo "$domain:${pass/:/::}" | s dd of=$f >/dev/null
+ s chown root:Debian-exim $f
+ # reference: exim4_passwd_client(5)
+ printf "%s:%s" "$domain" "$pass" | s dd of=$f 2>/dev/null
# https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
# i only need .forwards, so just doing that one.
cd /etc/exim4/conf.d/router
tmp=$(mktemp)
of=175_$b
# sed to make the router name unique
- sed -r s/^\\S+:/$b:/ 600_exim4-config_$a >$tmp
- if diff -q >/dev/null $tmp $of; then
+ sed -r s/^\\S+:/$b:/ 600_exim4-config_$a | s dd of=$tmp 2>/dev/null
+ if ! diff -q >/dev/null $tmp $of; then
s dd if=$tmp of=$of >/dev/null
ser restart exim4
fi
-#!/bin/bash -l
+#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-if s test -e /q/root/.ssh; then
- s lnf /q/root/.ssh /root
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+if sudo test -e /q/root/.ssh; then
+ sudo /a/exe/lnf /q/root/.ssh /root
else
- mkdir /root/.ssh
+ sudo mkdir /root/.ssh
fi
-s cp -rL $(eval echo ~${SUDO_USER:-$USER})/.ssh/* /root/.ssh
-s chown -R root:root /root/.ssh
+sudo cp -rL $(eval echo ~${SUDO_USER:-$USER})/.ssh/* /root/.ssh
+sudo chown -R root:root /root/.ssh
iankelling.org / git / distro-setup / commitdiff