interactive=true # set this to false to force set -x
[[ $- == *i* ]] || interactive=false
if ! $interactive; then
- set -x
+ set -x
fi
source /a/bin/errhandle/err
### sanity checking
if [[ $EUID == 0 ]]; then
- if getent passwd iank || getent passwd ian ; then
- echo "$0: error: running as root. unprivileged user exists. use it."
- exit 1
- else
- echo "$0: warning: running as root. I will setup users then exit"
- fi
+ if getent passwd iank || getent passwd ian ; then
+ echo "$0: error: running as root. unprivileged user exists. use it."
+ exit 1
+ else
+ echo "$0: warning: running as root. I will setup users then exit"
+ fi
fi
### arg parsing
recompile=false
while [[ $1 == -* ]]; do
- case $1 in
- -r) recompile=true; shift ;;
- esac
+ case $1 in
+ -r) recompile=true; shift ;;
+ esac
done
if [[ $1 ]]; then
- export HOSTNAME=$1
+ export HOSTNAME=$1
fi
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
for f in iank-dev htpc kd x2 x3 frodo tp li lj demohost kw fz; do
- eval "$f() { [[ $HOSTNAME == $f ]]; }"
+ eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
-has_p() { ! linode; } # when tp is tracis, then not tp either
-has_x() { ! linode; }
+codename=$(debian-codename)
+has_wayland() { [[ $codename == buster ]]; }
+has_x() { [[ $codename != buster ]]; }
+has_monitor() { ! linode ; }
linode() { lj || li; }
has_btrfs() { ! linode; }
home_network() { ! linode; }
##### begin setup encryption scripts ######
if encrypted; then
- # I tried making a service which was dependent on reboot.target,
- # but it happened too late in the shutdown process.
- sudo dd of=/etc/systemd/system/keyscripton.service <<'EOF'
+ # I tried making a service which was dependent on reboot.target,
+ # but it happened too late in the shutdown process.
+ sudo dd of=/etc/systemd/system/keyscripton.service <<'EOF'
[Unit]
Description=Turn on automatic decryption of drives on boot
# tried using graphical.target, but it made my display manager restart before rebooting.
[Install]
WantedBy=keyscriptoff.service
EOF
- sudo systemctl daemon-reload # needed if the file was already there
- sudo systemctl stop keyscripton.service
- # sudo systemctl start keyscripton.service
- sudo systemctl enable keyscripton.service
+ sudo systemctl daemon-reload # needed if the file was already there
+ sudo systemctl stop keyscripton.service
+ # sudo systemctl start keyscripton.service
+ sudo systemctl enable keyscripton.service
- sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
+ sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
[Unit]
Description=Turn off automatic decryption of drives on boot
[Install]
WantedBy=multi-user.target
EOF
- sudo systemctl daemon-reload # needed if the file was already there
- sudo systemctl enable keyscriptoff.service
- sudo systemctl start keyscriptoff.service
-
- # from /usr/share/doc/dropbear-initramfs/README.initramfs.gz
- while read m _; do /sbin/modinfo -F filename "$m"; done </proc/modules | \
- sed -nr "s@^/lib/modules/`uname -r`/kernel/drivers/net(/.*)?/([^/]+)\.ko\$@\2@p" \
- | sudo dd of=/etc/initramfs-tools/modules
- sudo apt-get -y install initramfs-tools-core
- # initram auth keys get setup with rootsshsync
- # then for remote unlock, ssh and do this once per crypt disk:
- # echo -n PASS >/lib/cryptsetup/passfifo
+ sudo systemctl daemon-reload # needed if the file was already there
+ sudo systemctl enable keyscriptoff.service
+ sudo systemctl start keyscriptoff.service
+
+ # from /usr/share/doc/dropbear-initramfs/README.initramfs.gz
+ while read m _; do /sbin/modinfo -F filename "$m"; done </proc/modules | \
+ sed -nr "s@^/lib/modules/`uname -r`/kernel/drivers/net(/.*)?/([^/]+)\.ko\$@\2@p" \
+ | sudo dd of=/etc/initramfs-tools/modules
+ sudo apt-get -y install initramfs-tools-core
+ # initram auth keys get setup with rootsshsync
+ # then for remote unlock, ssh and do this once per crypt disk:
+ # echo -n PASS >/lib/cryptsetup/passfifo
fi
##### end setup encryption scripts ######
##### fedora prereq/fundamental settings
if isfedora; then
- # comment out line disallowing calling sudo in scripts
- sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
- # turn on magic sysrq commands
- echo 1 > sudo dd of=/proc/sys/kernel/sysrq
- echo "kernel.sysrq = 1" > /etc/sysctl.d/90-sysrq.conf
- # selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
- # and you have no idea why.
- sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
- selinuxenabled && sudo setenforce 0
+ # comment out line disallowing calling sudo in scripts
+ sudo $sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+ # turn on magic sysrq commands
+ echo 1 > sudo dd of=/proc/sys/kernel/sysrq
+ echo "kernel.sysrq = 1" > /etc/sysctl.d/90-sysrq.conf
+ # selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
+ # and you have no idea why.
+ sudo $sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+ selinuxenabled && sudo setenforce 0
fi
# already ran for pxe installs, but used for vps & updates
distro=$(distro-name)
case $distro in
- ubuntu|debian|trisquel)
- sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
- ;;
- *)
- sudo bash -c ". /a/bin/fai/fai-wrapper &&
+ ubuntu|debian|trisquel)
+ sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
+ ;;
+ *)
+ sudo bash -c ". /a/bin/fai/fai-wrapper &&
/a/bin/fai/fai/config/distro-install-common/end"
- ;;
+ ;;
esac
###### setup hostname
##### exit first stage if running as root
if [[ $EUID == 0 ]]; then
- echo "$0: running as root. exiting now that users are setup"
- exit 0
+ echo "$0: running as root. exiting now that users are setup"
+ exit 0
fi
#### setup bash for root
for x in /a/c/{.bashrc,brc,.bash_profile,.profile,.inputrc,path_add_function}; do
- sudo -i <<EOF
+ sudo -i <<EOF
PATH="/a/exe:$PATH"
lnf $x /root
EOF
###### do conflink
# li needs the bind group before conflink
if [[ $HOSTNAME == li ]]; then
- getent group bind &>/dev/null || sudo groupadd -r bind
+ getent group bind &>/dev/null || sudo groupadd -r bind
fi
# this needs to be before installing pacserve so we have gpg conf.
conflink
###### arch aur wrapper setup
if isarch; then
- #https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages
- sudo pacman -S --noconfirm --needed base-devel jq
- # pacaur seems to be the best, although it + cower has a few minor bugs,
- # its design goals seem good, so, going for it.
-
- aurpi() {
- for p in "$@"; do
- tempdir=$(mktemp -d)
- pushd $tempdir
- aurex "$p"
- makepkg -sri --skippgpcheck --noconfirm
- popd
- rm -rf $tempdir
- done
- }
- aurpi cower pacaur
-
- pi pacserve
-
- x=$(mktemp); /usr/bin/pacman.conf-insert_pacserve >$x
- sudo dd of=/etc/pacman.conf if=$x; rm $x
- sudo systemctl enable pacserve.service
- sudo systemctl start pacserve.service
+ #https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages
+ sudo pacman -S --noconfirm --needed base-devel jq
+ # pacaur seems to be the best, although it + cower has a few minor bugs,
+ # its design goals seem good, so, going for it.
+
+ aurpi() {
+ for p in "$@"; do
+ tempdir=$(mktemp -d)
+ pushd $tempdir
+ aurex "$p"
+ makepkg -sri --skippgpcheck --noconfirm
+ popd
+ rm -rf $tempdir
+ done
+ }
+ aurpi cower pacaur
+
+ pi pacserve
+
+ x=$(mktemp); /usr/bin/pacman.conf-insert_pacserve >$x
+ sudo dd of=/etc/pacman.conf if=$x; rm $x
+ sudo systemctl enable pacserve.service
+ sudo systemctl start pacserve.service
fi
###### p1 packages install ######
if isarch; then
- # requirement for trash-cli.
- # background: strange error if just installing trash-cli: "pyalpm requires python",
- # so I see that it requires python2, and installing that manually fixes it.
- # I didn\'t see this on earlier installation, main thing which changed was
- # pacserve, so not sure if it\'s related.
- pi python2
+ # requirement for trash-cli.
+ # background: strange error if just installing trash-cli: "pyalpm requires python",
+ # so I see that it requires python2, and installing that manually fixes it.
+ # I didn\'t see this on earlier installation, main thing which changed was
+ # pacserve, so not sure if it\'s related.
+ pi python2
fi
pi ${p1[@]}
######## fix evbug bug ######
case $distro in
- trisquel|ubuntu)
- # noticed in flidas.
- #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
- #https://wiki.debian.org/KernelModuleBlacklisting
- #common advice when searching is to use /etc/modprobe.d/blacklist.conf,
- #but that file won't work and will get automatically reverted
- sudo rmmod evbug ||: # might not be loaded yet
- file=/etc/modprobe.d/evbug.conf
- line="blacklist evbug"
- if ! grep -xFq "$line" $file; then
- sudo dd of=$file 2>/dev/null <<<"$line"
- sudo depmod -a
- sudo update-initramfs -u
- fi
- ;;
+ trisquel|ubuntu)
+ # noticed in flidas.
+ #https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
+ #https://wiki.debian.org/KernelModuleBlacklisting
+ #common advice when searching is to use /etc/modprobe.d/blacklist.conf,
+ #but that file won't work and will get automatically reverted
+ sudo rmmod evbug ||: # might not be loaded yet
+ file=/etc/modprobe.d/evbug.conf
+ line="blacklist evbug"
+ if ! grep -xFq "$line" $file; then
+ sudo dd of=$file 2>/dev/null <<<"$line"
+ sudo depmod -a
+ sudo update-initramfs -u
+ fi
+ ;;
esac
s lnf -T /a/bin /b
s lnf -T /nocow/t /t
if has_p; then
- lnf -T /p/News ~/News
+ lnf -T /p/News ~/News
fi
s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
/a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
rootsshsync
s lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
if has_p; then
- # for dovecot
- lnf -T /i/k/mboxes ~/mail
+ # for dovecot
+ lnf -T /i/k/mboxes ~/mail
fi
-
##### install xinput
if has_x; then
- case $(distro-name) in
- trisquel|ubuntu|debian)
- pi xinput
- ;;
- fedora)
- pi xinput_calibrator
- ;;
- arch)
- pi xorg-xinput
- ;;
- esac
-
- #### install redshift
- case $(distro-name) in
- trisquel|ubuntu|debian)
- # recommends gets us geoclue (for darkening automatically at night i assume),
- # which recommends modemmanager, which is annoying to fix for the model01 keyboard.
- pi --no-install-recommends gtk-redshift
- ;;&
- fedora)
- pi redshift-gtk
- ;;&
- arch)
- pi redshift
- ;;&
- esac
+ case $(distro-name) in
+ trisquel|ubuntu|debian)
+ pi xinput
+ ;;
+ fedora)
+ pi xinput_calibrator
+ ;;
+ arch)
+ pi xorg-xinput
+ ;;
+ esac
+
+ #### install redshift
+ case $(distro-name) in
+ trisquel|ubuntu|debian)
+ # recommends gets us geoclue (for darkening automatically at night i assume),
+ # which recommends modemmanager, which is annoying to fix for the model01 keyboard.
+ pi --no-install-recommends gtk-redshift
+ ;;&
+ fedora)
+ pi redshift-gtk
+ ;;&
+ arch)
+ pi redshift
+ ;;&
+ esac
fi
+if has_wayland; then
+ pi sway xwayland
+ # originally used xkbcomp, documented in input-setup.sh, this doesnt
+ # work under wayland, but its still useful for creating the config,
+ # then modifying the system files.
+ s sed -i.orig '/key *<KPMU> *{/,/}/s/KP_Multiply/underscore/g' /usr/share/X11/xkb/symbols/keypad
+fi
+
+
#### arch specific early packages
case $(distro-name) in
- arch)
- # pkgfile is like apt-cache
- pi pkgfile
- s pkgfile --update
- ;;
+ arch)
+ # pkgfile is like apt-cache
+ pi pkgfile
+ s pkgfile --update
+ ;;
esac
#### fedora specific packages
case $(distro-name) in
- fedora)
- # todo, this could probably come later
- p -y groupinstall development-tools c-development books admin-tools
- pi man-pages
- ;;
- # other distros unknown
+ fedora)
+ # todo, this could probably come later
+ p -y groupinstall development-tools c-development books admin-tools
+ pi man-pages
+ ;;
+ # other distros unknown
esac
#### enable trim
# enable trim for volume delete, other rare commands
sudo $sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
if encrypted; then
- if isdeb; then
- sudo cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system
- fi
- # does weekly trim
- sudo systemctl enable fstrim.timer
+ # flidas or so, these units arent built-in
+ if isdeb && ! systemctl list-unit-files | grep -xF fstrim.timer &>/dev/null ; then
+ sudo cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system
+ fi
+ # does weekly trim
+ sudo systemctl enable fstrim.timer
fi
##### make extra dirs
/i/k /k none bind,noauto 0 0
EOF
if ! mountpoint /kr; then
- s mkdir -p /kr
- s chown $USER:traci /kr
+ s mkdir -p /kr
+ s chown $USER:user2 /kr
fi
if home_network; then
- if [[ $HOSTNAME == frodo ]]; then
- tu /etc/fstab <<'EOF'
+ if [[ $HOSTNAME == frodo ]]; then
+ tu /etc/fstab <<'EOF'
/k /kr none bind,noauto 0 0
EOF
- else
- tu /etc/fstab <<'EOF'
+ else
+ tu /etc/fstab <<'EOF'
frodo:/k /kr nfs noauto 0 0
EOF
- fi
+ fi
fi
s mkdir -p /q /i/{w,k}
for dir in /{i,w,k}; do
- if mountpoint $dir; then continue; fi # already mounted
- s mkdir -p $dir
- s chown $USER:$USER $dir
+ if mountpoint $dir; then continue; fi # already mounted
+ s mkdir -p $dir
+ s chown $USER:$USER $dir
done
# not needed for all hosts, but rather just keep it uniform
s mkdir -p /mnt/iroot
# have already been created and exist. todo: create a simple repro
# for this in a vm and report it upstream.
if has_btrfs || home_network; then
- pi nfs-common
- s dd of=/root/imount <<'EOF'
+ pi nfs-common
+ s dd of=/root/imount <<'EOF'
#!/bin/bash
[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
set -eE -o pipefail
fi
done
EOF
- s chmod +x /root/imount
+ s chmod +x /root/imount
- s dd of=/etc/systemd/system/imount.service <<EOF
+ s dd of=/etc/systemd/system/imount.service <<EOF
[Unit]
Description=Mount /i and related mountpoints
Before=syncthing@$USER.service
# at some time after network.target
WantedBy=multi-user.target
EOF
- sudo systemctl daemon-reload # needed if the file was already there
- sudo systemctl enable imount.service
- sudo systemctl start imount.service
+ sudo systemctl daemon-reload # needed if the file was already there
+ sudo systemctl enable imount.service
+ sudo systemctl start imount.service
fi
##### setup /nocow.
# a nocow dir that is common to multiple distros installed on the same system
dir=/nocow
if has_btrfs; then
- if ! mountpoint $dir; then
- subvol=/mnt/root/nocow
- if [[ ! -e $subvol ]]; then
- s btrfs subvolume create $subvol
- s chown root:1000 $subvol
- s chattr +C $subvol
- fi
+ if ! mountpoint $dir; then
+ subvol=/mnt/root/nocow
+ if [[ ! -e $subvol ]]; then
+ s btrfs subvolume create $subvol
+ s chown root:1000 $subvol
+ s chattr +C $subvol
+ fi
- first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
- tu /etc/fstab <<EOF
+ first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
+ tu /etc/fstab <<EOF
$first_root_crypt /nocow btrfs noatime,subvol=nocow 0 0
EOF
- s mkdir -p $dir
- s chown $USER:$USER $dir
- s mount $dir
- fi
+ s mkdir -p $dir
+ s chown $USER:$USER $dir
+ s mount $dir
+ fi
else
- sudo mkdir -p $dir
-fi
-
-
-###### fix mouse on jessie
-# it comes with stretch and arch, but not jessie.
-# propogate /etc/udev/hwdb.d
-if which systemd-hwdb; then
- s systemd-hwdb update
- ser restart systemd-udev-trigger
+ sudo mkdir -p $dir
fi
##### setup email
if isdeb; then
- mail-setup exim4
+ mail-setup exim4
else
- # todo: probably broken
- mail-setup postfix
+ # todo: probably broken
+ mail-setup postfix
fi
#### ubuntu nicety
if isubuntu; then
- # disable crash report annoying dialogs.
- s dd of=/etc/default/apport <<<'enabled=0'
+ # disable crash report annoying dialogs.
+ s dd of=/etc/default/apport <<<'enabled=0'
fi
-###### setup time zone
-# fai sets this an old way that doesn't work for stretch.
-# no harm in setting it universally here.
-# using debconf-set-selection, the area gets reset to ETC
-# on my linode test machine after doing a dpkg-reconfigure, or a reinstall,
-# so we are using expect :(
-# I got a random error when running this, so I added a sleep
-# rather than trying to write a whole detect and wait loop.
-# E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
-# E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
-sleep 1
-# todo: this is not idempotent, it fails when running twice, due to prepopulated values.
-# check into unsetting them using debconf-set-selection.
-s apt-get -y install --no-install-recommends expect
-s expect <<EOF ||:
-set force_conservative 0
-spawn dpkg-reconfigure tzdata -freadline
-expect -nocase timeout {exit 1} "Geographic area:"
-send "\02512\r"
-expect -nocase timeout {exit 1} "Time zone:"
-send "\0255\r"
-expect eof
-exit
-EOF
-
##### install emacs
-if has_x; then
- if isarch; then
- # emacs git build was broken last time i checked,
- x=$(mktemp -d)
- pushd $x
- aurex emacs-git
- makepkg -si --noconfirm
- popd
- rm -rf $x
- pi hunspell hunspell-en
- else
- if $recompile; then
- /a/bin/buildscripts/emacs
- else
- /a/bin/buildscripts/emacs --no-r || /a/bin/buildscripts/emacs
- fi
- fi
+if isarch; then
+ # emacs git build was broken last time i checked,
+ x=$(mktemp -d)
+ pushd $x
+ aurex emacs-git
+ makepkg -si --noconfirm
+ popd
+ rm -rf $x
+ pi hunspell hunspell-en
+else
+ if $recompile; then
+ /a/bin/buildscripts/emacs
+ else
+ /a/bin/buildscripts/emacs --no-r || /a/bin/buildscripts/emacs
+ fi
fi
##### install laptop hardware packages
if tp || x2 || x3; then
- case $distro in
- debian)
- pi task-laptop
- ;;
- ubuntu|trisquel)
- # the exact packages that task-laptop would install, since ubuntu
- # doesn\'t have this virtual in practice package.
- pi avahi-autoipd bluetooth powertop iw wireless-tools wpasupplicant
- ;;
- # todo: other distros unknown
- esac
+ case $distro in
+ debian)
+ pi task-laptop
+ ;;
+ ubuntu|trisquel)
+ # the exact packages that task-laptop would install, since ubuntu
+ # doesn\'t have this virtual in practice package.
+ pi avahi-autoipd bluetooth powertop iw wireless-tools wpasupplicant
+ ;;
+ # todo: other distros unknown
+ esac
fi
##### install x stuff
-if has_x; then
- pi ${p2[@]}
+if has_monitor; then
+ pi ${p2[@]}
+ if has_x; then
+ pi i3
if isarch; then
- # xorg-xmessage for displaying error messages.
- # optional dependency in arch, standard elsewhere.
- pi xorg-server xorg-xmessage xorg-xsetroot xorg-xinit
+ # xorg-xmessage for displaying error messages.
+ # optional dependency in arch, standard elsewhere.
+ pi xorg-server xorg-xmessage xorg-xsetroot xorg-xinit
fi
+ fi
fi
##### setup X autostart
if has_x; then
- if isarch; then
- # https://wiki.archlinux.org/index.php/Xinitrc
- for homedir in /home/*; do
- cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
- $sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
- tee -a $homedir/.xinitrc <<'EOF'
+ if isarch; then
+ # https://wiki.archlinux.org/index.php/Xinitrc
+ for homedir in /home/*; do
+ cp /etc/X11/xinit/xinitrc $homedir/.xinitrc
+ $sed -ri '/^ *twm\b/,$d' $homedir/.xinitrc
+ tee -a $homedir/.xinitrc <<'EOF'
/a/bin/desktop-20-autostart.sh
xsetroot -cursor_name left_ptr
exec xmonad
EOF
- done
- else
- # todo, figure this out for arch if we ever try out gnome.
- # install for multiple display managers in case we use one
- if isdeb; then
- dir=/etc/gdm3
- elif isfedora; then
- # fedora didn\'t have the 3.
- dir=/etc/gdm
- fi
- s mkdir -p $dir/PostLogin
- s command cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
- s mkdir /etc/lightdm/lightdm.conf.d
- s dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
+ done
+ else
+ # todo, figure this out for arch if we ever try out gnome.
+ # install for multiple display managers in case we use one
+ if isdeb; then
+ dir=/etc/gdm3
+ elif isfedora; then
+ # fedora didn\'t have the 3.
+ dir=/etc/gdm
+ fi
+ s mkdir -p $dir/PostLogin
+ s command cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
+ s mkdir /etc/lightdm/lightdm.conf.d
+ s dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
[SeatDefaults]
session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
EOF
- fi
+ fi
fi
iankelling.org / git / distro-setup / commitdiff