From ff20a265369c871004916fd162241d3219eb72c7 Mon Sep 17 00:00:00 2001 From: Ian Kelling <ian@iankelling.org> Date: Sun, 7 Feb 2016 19:57:49 -0800 Subject: [PATCH] various fixes and updates --- distro-begin | 160 +++++++++++++++++++++++------------- distro-end | 223 +++++++++++++++++++++++++++++++++++---------------- 2 files changed, 258 insertions(+), 125 deletions(-) diff --git a/distro-begin b/distro-begin index 89acacf..5dc0359 100755 --- a/distro-begin +++ b/distro-begin @@ -18,7 +18,7 @@ sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/bin/ssh-emacs-setup' # set the scrollback to unlimited in case something goes wrong if [[ $EUID == 0 ]]; then - echo error: do not run as root + echo "error: do not run as root" exit fi @@ -34,17 +34,15 @@ fi set -E trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR -headless=false -debian_stable=false +# headless=false # unused atm recompile=true # for copying to a new data fs -bootstrapfs=false +bootstrapfs=false # old flag, needs new look before using. while [[ $1 == -* ]]; do case $1 in # avoid some of the longer compilation steps, # when we need to rerun because we had an error -n) recompile=false; shift ;; - -b) boostrap_new_comp=true; shift ;; esac done @@ -54,10 +52,11 @@ else host=$HOSTNAME fi -for f in iank-dev htpc treetowl x2 frodo; do +for f in iank-dev htpc treetowl x2 frodo tp; do eval "$f() { [[ $host == $f ]]; }" done -encrypted() { iank-dev || x2 || frodo ; } +has_p() { iank-dev || x2 || frodo; } +encrypted() { has_p || tp; } shopt -s extglob export GLOBIGNORE=*/.:*/.. @@ -166,9 +165,22 @@ sudo sed -ri '/noatime/s/relatime,?|defaults,?//g' /etc/fstab # this script has been designed to be idempotent # todo, it would be nice to cut down on some of the output + + + +# output is below so shellcheck can verify sources for x in /a/bin/bash-programs-by-ian/repos/{errhandle,tee-unique,lnf}/*-function; do - source $x; + echo "# shellcheck source=$x"; + # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/bash-trace-function + # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errallow-function + # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errcatch-function + # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errexit-function + # shellcheck source=/a/bin/bash-programs-by-ian/repos/tee-unique/teeu-function + # shellcheck source=/a/bin/bash-programs-by-ian/repos/lnf/lnf-function + source $x done + + set +e $interactive || errcatch source /a/bin/distro-functions/src/identify-distros @@ -176,7 +188,6 @@ echo path:$PATH - if isfedora; then # comment out line disallowing calling sudo in scripts sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers @@ -231,32 +242,29 @@ if isdebian; then s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list # non-existent var, as Im not planning to use stable right now - if $debian_stable; then + if isdebian-stable; then code=$(debian-codename) - tu /etc/apt/sources.list <<EOF + s dd of=/etc/apt/sources.list.d/mozilla-iceweasel <<EOF deb http://mozilla.debian.net/ $code-backports iceweasel-release deb-src http://mozilla.debian.net/ $code-backports iceweasel-release EOF # we change the mirror from the default, so we cant use tu - if ! grep -qP "^deb [^ ]+ $code-backports main contrib non-free" /etc/apt/sources.list; then - s tee -a /etc/apt/sources.list <<EOF + s dd of=/etc/apt/sources.list.d/main-backports <<EOF deb http://ftp.us.debian.org/debian/ $code-backports main contrib non-free deb-src http://ftp.us.debian.org/debian/ $code-backports main contrib non-free EOF - fi p update # take care of mozilla signing errors in previous command pi pkg-mozilla-archive-keyring else - sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' \ - /etc/apt/sources.list - pup + : + # this would change stable to testing, but I set that up already. + # It\'s just a no-op if its already testing. + # sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' /etc/apt/sources.list + p update fi - # doesnt exist on ubuntu. ubuntu has a mirror type url to use instead. - pi netselect-apt - debian_pick_mirror fi if isarch; then @@ -291,13 +299,16 @@ EOF sudo dd of=/etc/pacman.conf if=$x; rm $x sudo systemctl enable pacserve.service sudo systemctl start pacserve.service + + # strange error if just installing trash-cli: "pyalpm requires python", + # so I see that it requires python2, and installing that manually fixes it. + # I didn't see this on earlier installation, main thing which changed was + # pacserve, so not sure if it's related. + pi python2 fi + pup -# strange error if just installing trash-cli: "pyalpm requires python", -# so I see that it requires python2, and installing that manually fixes it. -# I didn't see this on earlier installation, main thing which changed was -# pacserve, so not sure if it's related. -pi python2 trash-cli +pi trash-cli ###### link files ########### @@ -317,29 +328,24 @@ s lnf /a/sdx{,d} / # todo: this is desktop specific. on work comp, mkdir /p/.editor-backups # todo: reconcile ~/.ssh/config work/home -if encrypted; then +if has_p; then lnf -T /p/offlineimap ~/Maildir lnf -T /p/News ~/News s lnf -T /q/p /p # don't use /* because I don't want to require it to be mounted s lnf /q/root/.editor-backups /q/root/.undo-tree-history \ - /q/root/.ssh /q/root/sasl_passwd /q/root/sasl_passwd.db /a/opt \ + /q/root/.ssh /a/opt \ /a/c/.emacs.d ~/.unison /root fi -for x in /a/c/repos/*/!(.git); do - [[ $x == */. || $x == */.. ]] && continue # workaround for ubuntu 14.04 bug - lnf "$x" ~ -done - s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root if [[ $HOSTNAME == htpc ]]; then lnf -T /i/Videos ~/Downloads fi -if encrypted; then +if has_p; then # for dovecot lnf -T /i/mboxes ~/mail fi @@ -348,9 +354,14 @@ fi # basic needed packages case $(distro-name) in debian) - pi $( $debian_stable && e -t $code-backports ) iceweasel \ - linux-image-amd64 firmware-linux-nonfree \ - firmware-linux-free linux-headers-amd64 + pi $( isdebian-stable && e -t $code-backports ) iceweasel + # for hosts which require nonfree drivers + case $HOSTNAME in + tp|x2) : ;; + *) pi linux-image-amd64 firmware-linux-nonfree \ + firmware-linux-free linux-headers-amd64 + ;; + esac ;;& ubuntu|debian) pi xmacro gtk-redshift xinput @@ -384,15 +395,19 @@ esac pi xbindkeys xkbset cryptsetup unison +pi lvm2 # enables trim for volume delete, other rare commands. sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf + if encrypted; then if isdeb; then sudo cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system fi # does weekly trim sudo systemctl enable fstrim.timer +fi +if has_p; then # relatime is default, but it still significantly increases writes # in comparison because it writes on the first read after each # write. @@ -401,8 +416,8 @@ if encrypted; then if ! frodo; then dirs+=(/q) fi - s mkdir -p ${dirs[@]} - s chown ian:ian ${dirs[@]} + s mkdir -p "${dirs[@]}" + s chown ian:ian "${dirs[@]}" # ssh and probably some other things care about parent directory # ownership, and ssh doesn\'t allow any group writable parent # directories, so we are forced to use a directory structure similar @@ -450,24 +465,13 @@ EOF - # emacs dependencies. +fi - # dunno why debian installed postfix with yum-builddep emacs - # but I will just explicitly install it here since - # I use it for sending mail in emacs. - if isdeb; then - s debconf-set-selections<<EOF -postfix postfix/main_mailer_type select Satellite system -postfix postfix/mailname string $host -postfix postfix/relayhost string [mail.messagingengine.com]:587 -EOF - pi postfix - else - pi postfix - s postconf -v 'relayhost = [mail.messagingengine.com]:587' - s systemctl enable postfix - s systemctl start postfix - fi + + +# exptected directory for .editor-backups +if ! has_p; then + s lnf /a/p / fi /a/bin/conflink @@ -538,6 +542,42 @@ umask 002 EOF + +# emacs dependency. +# dunno why debian installed postfix with yum-builddep emacs +# but I will just explicitly install it here since +# I use it for sending mail in emacs. +if private-host; then + relayhost="[mail.messagingengine.com]:587" +else + # ses initially suggests port 25, but I had problems connecting to that. + relayhost="[email-smtp.us-west-2.amazonaws.com]:587" +fi +if isdeb; then + s debconf-set-selections<<EOF +postfix postfix/main_mailer_type select Satellite system +postfix postfix/mailname string $host +postfix postfix/relayhost string $relayhost +EOF + + pi postfix +else + pi postfix + # Settings from reading the output when installing on debian, + # then seeing which were different in a default install on arch. + # I assume the same works for fedora. + postconfin <<EOF +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +relayhost = $relayhost +inet_interfaces = loopback-only +EOF + + s systemctl enable postfix + s systemctl start postfix +fi + + if isarch; then # install so it's build dependencies don't get removed. x=$(mktemp -d) @@ -547,6 +587,8 @@ if isarch; then popd rm -rf $x else + # to disable emacs git build, + # s apt-get install emacs if $recompile; then /a/bin/buildscripts/emacs else @@ -563,7 +605,7 @@ if ! isarch; then # fedora didn\'t have the 3. dir=/etc/gdm fi - mkdir -p $dir/PostLogin + s mkdir -p $dir/PostLogin s command cp /a/bin/desktop-20-autostart.sh $dir/PostLogin/Default s mkdir /etc/lightdm/lightdm.conf.d s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF' @@ -587,7 +629,7 @@ cabal update PATH="$PATH:$HOME/.cabal/bin" # trying out the distro's versions newer distros -if $debian_stable || isubuntu; then +if isdebian-stable || isubuntu; then # todo: on ubuntu 12.04, needed to install zlib1g-dev cabal install cabal-install pu cabal-install @@ -628,3 +670,7 @@ else fi fi pi dmenu + +if isdeb && (tp || x2); then + pi task-laptop +fi diff --git a/distro-end b/distro-end index 1288c75..40282d0 100755 --- a/distro-end +++ b/distro-end @@ -6,12 +6,14 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR set -x -distro=$(distro-name) +end_msg() { + local y + IFS= read -r -d '' y ||: + end_msg_var+="$y" +} +distro=$(distro-name) -is_debian_testing() { - grep -E '^[^#]debian.*\stesting\s+main\s*$' /etc/apt/sources.list &>/dev/null -} # template case $distro in @@ -26,8 +28,10 @@ x=( duplicity fail2ban fdupes + filelight gdb gnome-screenshot + mailutils meld mpv offlineimap @@ -42,6 +46,7 @@ x=( smartmontools squashfs-tools tree + virt-manager ) pi "${x[@]}" @@ -70,7 +75,8 @@ esac case $distro in arch) pi the_silver_searcher ;; - # others unknown + debian|ubuntu) pi silversearcher-ag ;; + # fedora unknown esac # printer @@ -85,12 +91,15 @@ case $distro in # In debian, I could use hte recommended driver, # in arch, I had to pick out the 6L driver. ;; + debian|ubuntu) + pi hplip + ;; # other distros unknown esac case $distro in - ubuntu|debian) pi ack-grep nfs-client ;; + ubuntu|debian) pi ack-grep ;; arch|fedora) pi ack ;; # fedora unknown esac @@ -106,23 +115,7 @@ case $distro in ubuntu|debian) pi par2 ;; arch|fedora) pi par2cmdline ;; esac -case $distro in - arch|fedora) pi unison ;; - # deb/ubuntu, it depends what version they have. - # arch and fedora have unison240 and unison-240-compat respectively, - # but that failed to sync with an ubuntu 12.04 which had unson 2.40, - # so I installed it manually, but hopefully never have to use it on 12.04 again. - - # wget http://caml.inria.fr/pub/distrib/ocaml-4.02/ocaml-4.02.3.tar.gz - # ./configure - # make world opt - # s make install - - # wget http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.48.3.tar.gz - # make - # s cp unison /usr/local/bin -esac # needed for my tex resume case $distro in ubuntu|debian) pi texlive-full ;; @@ -139,11 +132,12 @@ case $distro in fedora) pi yum-utils # rpm fusion recommended codecs - s su -c 'yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm' + s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm" pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\ xine-lib-extras-freeworld ;; esac + case $distro in # optional dep for firefox for h.264 video arch) pi gst-libav ;; @@ -172,18 +166,61 @@ case $distro in *) : ;; # comes default or with other packages esac -# general others are unknown bucket +case $distro in + arch|debian|ubuntu) + pi bash-completion + ;; + # others unknown +esac + + +case $distro in + arch) pi ttf-dejavu;; + debian|ubuntu) pi fonts-dejavu ;; + # others unknown +esac + +case $distro in + arch|debian|ubuntu) pi ntp;; + # others unknown +esac + +case $distro in + arch) pi xorg-xev;; + debian|ubuntu) pi x11-utils ;; + # others unknown +esac + +case $distro in + arch) pi virt-install;; + debian|ubuntu) pi virtinst ;; + # others unknown +esac + +case $distro in + arch) pi cdrkit;; + debian|ubuntu) pi genisoimage;; + # others unknown +esac + +case $distro in + arch) pi spice-gtk3 ;; + debian|ubuntu) pi spice-client-gtk;; + # others unknown +esac + +# general known for debian/ubuntu, not for fedora case $distro in arch) # cdrkit for cloud-init isos # dnsmasq for nat networking in libvirt # qemu for qemu-img, bind-tools for dig - pi ttf-dejavu bash-completion unzip ntp wget xorg-xev xorg-xmodmap \ - virt-install bridge-utils cdrkit dnsmasq qemu spice-gtk3 bind-tools + pi unzip wget xorg-xmodmap \ + bridge-utils dnsmasq qemu bind-tools sgo ntpd - s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf # otherwise we get error about accessing kvm module. # seems like there might be a better way, but google was a bit vague. + s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf # https://bbs.archlinux.org/viewtopic.php?id=206206 # # this should prolly go in the wiki @@ -203,6 +240,7 @@ case $distro in esac + case $distro in arch) # ubuntu 14.04 uses b-cron, @@ -224,13 +262,14 @@ esac case $distro in - arch|arch) pi pumpa ;; - *) /a/bin/buildscripts/pumpa ;; + arch|debian|ubuntu) pi pumpa ;; + # others unknown. do have a buildscript: + # /a/bin/buildscripts/pumpa ;; esac case $distro in - ubuntu) pi android-tools-adb ;; + debian|ubuntu) pi android-tools-adb ;; arch) pi android-tools ;; # other distros unknown esac @@ -268,20 +307,40 @@ case $distro in s pip install pygments ;; *) - pi global python2-pygments + pi global + ;;& + arch) + pi python2-pygments + ;; + debian|ubuntu) + pi python-pygments ;; esac -######### end misc packages ######### +# leave this for last so it doesn't do a bunch of other apps +# which I want explicitly installed in case I switch DE's +case $distro in + debian) + pi task-cinnamon-desktop + # in settings, change scrolling to two-finger, + # because the default edge scroll doesn\'t work. + ;; + # others unknown +esac +######### end misc packages ######### # packages I once used before and liked, but don't want installed now for -# various reasons +# various reasons: # python-sqlite is used for offlineimap # lxappearance python-sqlite dolphin paman dconf-editor + + +######## unfinished + # todo, finish configuring smart. # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T. # turn on smart. background on options: @@ -307,6 +366,7 @@ DEVICESCAN -a -o on -S on -n standby,q $sched\ # broken under the default ordering, except the host I was # testing with previously had an entry in /etc/hosts. +############# end unfinished case $distro in arch) @@ -318,14 +378,14 @@ EOF esac +case $distro in + arch|debian|ubuntu) pi btrbk ;; + # others unknown +esac + if [[ $HOSTNAME == treetowl ]]; then - case $distro in - arch) pi btrbk ;; - # others unknown - esac pi fail2ban - s systemctl enable fail2ban - s systemctl start fail2ban + sgo fail2ban fi @@ -355,8 +415,9 @@ esac # /usr/share/doc/unattended-upgrades# cat README.md # /etc/apt/apt.conf.d/50unattended-upgrades if isdebian; then - pi unattended-upgrade + pi unattended-upgrades s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF' +# this file was mostly just comments. APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; @@ -366,18 +427,24 @@ EOF Unattended-Upgrade::Mail "root"; Unattended-Upgrade::MailOnlyOnError "true"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; +Unattended-Upgrade::Origins-Pattern { +# default is just upgrade main and security, not updates. +EOF + if isdebian-testing; then + cat <<'EOF' +# for stable, only do security updates. + "origin=Debian,codename=${distro_codename},label=Debian-Security"; EOF - if ! is_debian_testing; then cat <<'EOF' -# default is just upgrade main and security, not updates. -# If it's not testing, just upgrade everything. # These are stable packages only getting bugfixes anyways. -Unattended-Upgrade::Origins-Pattern { "origin=*"; +EOF + cat <<'EOF' }; EOF fi - } >/etc/apt/apt.conf.d/50unattended-upgrades + } | s dd of=/etc/apt/apt.conf.d/50unattended-upgrades + echo $- > /tmp/x fi @@ -388,25 +455,41 @@ fi # but postfix didn't like that if [[ ! -L /var/spool/postfix ]]; then ser stop postfix - s t /q/postfix + if [[ -e /q/postfix ]]; then + echo "$0: error: /q/postfix exists but not the link to it" + fi s mv /var/spool/postfix /q s lnf /q/postfix /var/spool ser start postfix journalctl -n 20 fi -# send mail to a better place than /var/mail/ian -s sed -i '/^root/d' /etc/aliases ||: -echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases + +# This also works instead of ~/.forward +# s sed -i '/^root/d' /etc/aliases ||: +#echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases # this can't be a symlink and has permission restrictions # it might work in /etc/aliases, but this seems more proper. -e "$HOSTNAME@bog.mm.st" > ~/.forward + +if s grep amazonaws /etc/postfix/sasl_passwd &>/dev/null; then + forward=x@sallymae.club +else + forward=$HOSTNAME@bog.mm.st +fi +e $forward > ~/.forward +e $forward | s tee /root/.forward s newaliases +# if I wanted the from address to be renamed and sent to a different address, +# echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical +# sudo postmap hash:/etc/postfix/recipient_canonical +# sudo service postfix reload + + # i'm assuming mail just won't work on systems without the sasl_passwd. postconfin <<'EOF' smtp_sasl_auth_enable = yes -smtp_sasl_password_maps = hash:/q/root/sasl_passwd +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_security_level = secure message_size_limit = 20480000 @@ -414,6 +497,7 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt EOF # ^ I ran into a log file not sending cuz of size. double from 10 to 20 meg limit +s postmap hash:/etc/postfix/sasl_passwd # offlineimap uses this too, it is much easier to use one location than to # condition it's config and postfix's config case $distro in @@ -421,8 +505,8 @@ case $distro in *) : esac -ser enable postfix -ser start postfix +s service postfix reload +sgo postfix ############ end postfix ####### @@ -463,8 +547,8 @@ EOF sgo tor /a/bin/buildscripts/tor-browser ;; - debian) - tu /etc/apt/sources.list 'deb http://deb.torproject.org/torproject.org trusty main' + ubuntu) + tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main" gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - p update @@ -472,6 +556,10 @@ EOF pi tor /a/bin/buildscripts/tor-browser ;; + debian) + pi tor + /a/bin/buildscripts/tor-browser + ;; arch) pi tor tor-browser-en sgo tor @@ -482,7 +570,7 @@ esac # nfs server case $distro in fedora) - read -r -d '' fedora_end_msg <<'EOF' + end_msg <<'EOF' fedora todo: disable the firewall or find a way to automate it. there's an unused section in t.org for tramikssion firewall setup @@ -511,15 +599,17 @@ EOF sgo nfs-server ;; esac -# nohide = export filesystems mounted deeper than the export point -# fsid=0 makes this export the "root" export -# not documented in the man page, but this means -# 1. it can be mounted with a shorthand of server:/ -# 2. exports that are subdirectories of this one will automatically be mounted -tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)' -s exportfs -rav -showmount -e localhost +if [[ -e /i/video ]]; then + # nohide = export filesystems mounted deeper than the export point + # fsid=0 makes this export the "root" export + # not documented in the man page, but this means + # 1. it can be mounted with a shorthand of server:/ + # 2. exports that are subdirectories of this one will automatically be mounted + tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)' + s exportfs -rav + showmount -e localhost +fi # cron @@ -528,7 +618,4 @@ if [[ -e $f ]]; then $f fi - -if [[ ${distro}_end_msg ]]; then - echo ${distro}_end_msg -fi +e "$end_msg_var" -- 2.30.2