iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
various fixes
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35 distro=$(distro-name)
36
37 pending_reboot=false
38
39 # template
40 case $distro in
41 esac
42
43 pup
44
45 simple_packages=(
46 htop
47 mailutils
48 nmon
49 rdiff-backup
50 ruby
51 ruby-rest-client
52 tree
53 vim
54 )
55
56 case $HOSTNAME in
57 lj|li) : ;;
58 *)
59 # universal packages
60 # swh-plugins is for karaoke pulsaudio filter.
61 simple_packages+=(
62 apache2
63 bwm-ng
64 chromium
65 duplicity
66 evince
67 fdupes
68 filelight
69 gdb
70 goaccess
71 gnome-screenshot
72 jq
73 locate
74 meld
75 nmap
76 offlineimap
77 p7zip
78 paprefs
79 pavucontrol
80 pdfgrep
81 pianobar
82 pidgin
83 slock
84 squashfs-tools
85 swh-plugins
86 tcpdump
87 transmission-remote-gtk
88 vlc
89 )
90 ;;
91 esac
92
93
94
95 ########### begin section including li ################
96
97
98 case $distro in
99 debian)
100 if [[ `debian-archive` == testing ]]; then
101 pi acme-tiny
102 fi
103 esac
104
105 case $distro in
106 fedora) spa unrar ;;
107 *) spa unrar-free ;;
108 esac
109
110
111 case $distro in
112 arch)
113 # ubuntu 14.04 uses b-cron,
114 # but its not maintained in arch.
115 # of the ones in the main repos, cronie is only one maintained.
116 # fcron appears abandoned software.
117 pi cronie
118 sgo cronie
119 ;;
120 *) : ;; # other distros come with cron.
121 esac
122
123
124 case $distro in
125 debian|ubuntu)
126 pi debian-goodies
127 ;;
128 esac
129
130
131 case $distro in
132 *) pi at ;;&
133 arch) sgo atd ;;
134 esac
135
136
137 case $distro in
138 debian) pi curl;;
139 arch) : ;;
140 # fedora: unknown
141 esac
142
143 case $distro in
144 # tk for gitk
145 arch) spa git tk ;;
146 *) spa git ;;
147 esac
148
149 case $distro in
150 arch) spa the_silver_searcher ;;
151 debian|ubuntu) spa silversearcher-ag ;;
152 # fedora unknown
153 esac
154
155 case $distro in
156 debian|ubuntu) spa ntp;;
157 arch)
158 pi ntp
159 sgo ntpd
160 ;;
161 # others unknown
162 esac
163
164
165 # no equivalent in other distros:
166 case $distro in
167 debian|ubuntu)
168 pi apt-file aptitude
169 s apt-file update
170 # for debconf-get-selections
171 spa debconf-utils
172 ;;
173 esac
174
175 case $distro in
176 ubuntu|debian) spa ack-grep ;;
177 arch|fedora) spa ack ;;
178 # fedora unknown
179 esac
180
181 case $distro in
182 arch|debian|ubuntu)
183 spa bash-completion
184 ;;
185 # others unknown
186 esac
187
188
189
190
191
192 # disable motd junk.
193 case $(distro-name) in
194 debian)
195 # allows me to pipe with ssh -t, and gets rid of spam
196 # http://forums.debian.net/viewtopic.php?f=5&t=85822
197 # i'd rather disable the service than comment the init file
198 # this says disabling the service, it will still get restarted
199 # but this script doesn't do anything on restart, so it should be fine
200 s dd of=/var/run/motd.dynamic if=/dev/null
201 # stretch doesn't have initscripts pkg installed by default
202 if [[ $(debian-codename) == jessie ]]; then
203 s update-rc.d motd disable
204 fi
205 ;;
206 ubuntu)
207 # this isn't a complete solution. It still shows me when updates are available,
208 # but it's no big deal.
209 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
210 ;;
211 esac
212
213 # automatic updates
214 # reference:
215 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
216 # /etc/cron.daily/apt calls unattended-upgrades
217 # /usr/share/doc/unattended-upgrades# cat README.md
218 # /etc/apt/apt.conf.d/50unattended-upgrades
219 if isdebian; then
220 setup-debian-auto-update
221 fi
222
223 # we've got a few dependencies later on, so install them now.
224 pi "${simple_packages[@]}"
225 simple_packages=()
226
227 case $HOSTNAME in
228 lj|li)
229
230 case $HOSTNAME in
231 lj) domain=iank.bid ;;
232 li) domain=iankelling.org ;;
233 esac
234 /a/h/setup.sh $domain
235 /a/h/build.rb
236
237 sudo -E /a/bin/mediawiki-setup/mw-setup-script
238 #$src/phab-setup
239
240 echo "$0: $(date): ending now)"
241 exit 0
242 ;;
243 esac
244
245 ########### end section including li/lj ###############
246
247
248 if [[ $HOSTNAME == frodo ]]; then
249 case $distro in
250 ubunut|debian)
251 pi libsqlite3-dev
252 cd /a/opt/duperemove
253 make clean
254 make
255 s make install
256 ;;
257 #others unknown
258 esac
259 fi
260
261 case $distro in
262 arch) pi syncthing ;;
263 ubuntu|debian)
264 # google led me here:
265 # https://apt.syncthing.net/
266 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
267 s="deb http://apt.syncthing.net/ syncthing release"
268 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
269 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
270 p update
271 fi
272 pi syncthing
273 ;;
274 esac
275 # installed via f-droid
276 # top right, actions, device id
277 #
278 # for installing on a remote comp:
279 # ssh -L 8384:localhost:8384 -N frodo
280 # went to http://localhost:8384/
281 #
282 # add folder to sync phone,
283 # staggered file versioning would be my normal choice, but choose
284 # trash can versioning for sake of space on phone, with
285 # clean out after 7 days.
286 #
287 # did ser syncthing@ian start
288 # then on phone, add device, hit bar code icon,
289 # install bar code scanner.
290
291
292 # no equivalent in other distros:
293 case $distro in
294 debian|ubuntu)
295 # for gui bug reporting
296 spa python-vte
297 ;;
298 esac
299
300
301 ####### misc packages ###########
302
303
304 if [[ $HOSTNAME == treetowl ]]; then
305 case $distro in
306 debian|ubuntu)
307 # note i had to do this, which is persistent:
308 # cd /i/k
309 # s chgrp debian-transmission torrents partial-torrents
310
311 # syslog says things like
312 # 'Failed to set receive buffer: requested 4194304, got 425984'
313 # google suggets giving it even more than that
314 tu /etc/sysctl.conf<<'EOF'
315 net.core.rmem_max = 67108864
316 net.core.wmem_max = 16777216
317 EOF
318 s sysctl -p
319
320 # some reason it doesn't seem to start automatically anyways
321 pi-nostart transmission-daemon
322 # config file documented here, and it's the same config
323 # for daemon vs client, so it's documented in the gui.
324 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
325 s ruby <<'EOF'
326 require 'json'
327 p = '/etc/transmission-daemon/settings.json'
328 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
329 'rpc-whitelist' => '127.0.0.1,192.168.1.*',
330 'rpc-authentication-required' => false,
331 'incomplete-dir' => '/i/k/partial-torrents',
332 'download-dir' => '/i/k/torrents',
333 "speed-limit-up" => 700,
334 "speed-limit-up-enabled" => true,
335 "ratio-limit" => 1.4000,
336 "ratio-limit-enabled" => true,
337 })) + "\n")
338 EOF
339 sgo transmission-daemon
340 ;;
341 arch)
342 # todo, setup it's config file & daemon
343 pi transmission-cli
344 ;;
345 esac
346 fi
347
348 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
349 if ! getent passwd debian-transmission > /dev/null; then
350 case $distro in
351 arch)
352 s useradd \
353 --system \
354 --create-home \
355 --home-dir /var/lib/transmission-daemon \
356 --shell /bin/false \
357 debian-transmission
358 ;;
359 *)
360 s adduser --quiet \
361 --system \
362 --group \
363 --no-create-home \
364 --disabled-password \
365 --home /var/lib/transmission-daemon \
366 debian-transmission
367 ;;
368 esac
369 fi
370
371 # dunno why it's there, but get rid of it
372 case $HOSTNAME in
373 li|lj) s rm -rf /home/linode ;;
374 esac
375
376 # arch had a default config,
377 # debian had nothing until you start it.
378 # With a little trial an error, here is a minimal config
379 # taken from the generated one, plus changes that the
380 # settings ui does, without a bunch of ui crap settings.
381 #
382 # only settings I set were
383 # hostname
384 # auto-connect
385 for f in /home/*; do
386 d=$f/.config/transmission-remote-gtk
387 u=${f##*/}
388 s -u $u mkdir -p $d
389 s -u $u dd of=$d/config.json <<'EOF'
390 {
391 "profiles" : [
392 {
393 "profile-name" : "Default",
394 "hostname" : "treetowl",
395 "rpc-url-path" : "/transmission/rpc",
396 "username" : "",
397 "password" : "",
398 "auto-connect" : true,
399 "ssl" : false,
400 "timeout" : 40,
401 "retries" : 3,
402 "update-active-only" : false,
403 "activeonly-fullsync-enabled" : false,
404 "activeonly-fullsync-every" : 2,
405 "update-interval" : 3,
406 "min-update-interval" : 3,
407 "session-update-interval" : 60,
408 "exec-commands" : [
409 ],
410 "destinations" : [
411 ]
412 }
413 ],
414 "profile-id" : 0,
415 "add-options-dialog" : false
416 }
417 EOF
418 done
419
420 case $distro in
421 debian|ubuntu)
422 pi-nostart openvpn
423 # pi-nostart this doesnt seem to be good enough?
424 ser disable openvpn@client
425 ser disable openvpn
426 ;;
427 # suggests because we want the resolvconf package
428 *) pi --install-suggests openvpn;;
429 esac
430
431 pi wget
432 case $HOSTNAME in
433 tp|frodo)
434 case $distro in
435 debian|ubuntu)
436 log=$(mktemp)
437 cd /a/opt
438 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
439 errallow
440 set -o pipefail
441 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
442 code=$?
443 errcatch
444 case $code in
445 0) : ;;
446 *)
447 # previously I had a more specific search, but dpkg
448 # changed it's output as of 7/2016
449 if grep 'dependency problems' \
450 $log &>/dev/null; then
451 s apt-get -fy install
452 else
453 exit 1
454 fi
455 ;;
456 esac
457 ;;
458 arch)
459 pi google-chrome
460 ;;
461 esac
462 ;;
463 esac
464
465 # printer
466 case $distro in
467 arch)
468 pi cups ghostscript gsfonts # from arch wiki cups page
469 pi hplip # from google
470 s gpasswd -a $USER sys # from arch wiki
471 sgo org.cups.cupsd.service
472 # goto http://127.0.0.1:631
473 # administration tab, add new printer button.
474 # In debian, I could use hte recommended driver,
475 # in arch, I had to pick out the 6L driver.
476 ;;
477 debian|ubuntu)
478 spa hplip
479 ;;
480 # other distros unknown
481 esac
482
483
484 case $distro in
485 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
486 fedora|arch) spa mairix notmuch ;;
487 esac
488 case $distro in
489 arch) spa nfs-utils ;;
490 ubuntu|debian) spa nfs-client ;;
491 esac
492 case $distro in
493 ubuntu|debian) spa par2 ;;
494 arch|fedora) spa par2cmdline ;;
495 esac
496
497 # needed for my tex resume
498 case $distro in
499 ubuntu|debian) spa texlive-full ;;
500 arch) spa texlive-most ;;
501 # fedora unknown
502 esac
503
504 case $distro in
505 ubuntu)
506 # flash, unrar, codecs, ms fonts.
507 # This has a manual prompt.
508 spa ubuntu-restricted-extras
509 ;;
510 fedora)
511 pi yum-utils
512 # rpm fusion recommended codecs
513 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
514 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
515 xine-lib-extras-freeworld
516 ;;
517 esac
518
519 case $distro in
520 # optional dep for firefox for h.264 video
521 arch) spa gst-libav ;;
522 # other distros, probably come by default
523 esac
524
525 case $distro in
526 fedora|ubuntu|debian) spa gnupg-agent ;;
527 arch) : ;;
528 esac
529
530
531 case $distro in
532 fedora) spa pinentry-gtk ;;
533 *) : ;; # comes default or with other packages
534 esac
535
536 case $distro in
537 arch) spa firefox pulseaudio;;
538 *) : ;; # comes default or with other packages
539 esac
540
541
542 case $distro in
543 arch) spa ttf-dejavu;;
544 debian|ubuntu) spa fonts-dejavu ;;
545 # others unknown
546 esac
547
548
549 case $distro in
550 arch) spa xorg-xev;;
551 debian|ubuntu) spa x11-utils ;;
552 # others unknown
553 esac
554
555 case $distro in
556 arch) pi virt-install;;&
557 debian|ubuntu) pi virtinst ;;&
558 *) pi virt-manager ;; # creates the libvirt group in debian at least
559 # others unknown
560 esac
561 # allow user to run vms, from debian handbook
562 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
563 # bridge networking as user fails. google lead here, but it doesn't work:
564 # oh well, I give up.
565 # http://wiki.qemu.org/Features-Done/HelperNetworking
566 # s mkdir /etc/qemu
567 # f=/etc/qemu/bridge.conf
568 # s dd of=$f <<'EOF'
569 # allow br0
570 # EOF
571 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
572 # s chmod 640 $f
573
574
575 case $distro in
576 arch) spa cdrkit;;
577 debian|ubuntu) spa genisoimage;;
578 # others unknown
579 esac
580
581 case $distro in
582 arch) spa spice-gtk3 ;;
583 debian|ubuntu) spa spice-client-gtk;;
584 # others unknown
585 esac
586
587 # general known for debian/ubuntu, not for fedora
588 case $distro in
589 arch)
590 # cdrkit for cloud-init isos
591 # dnsmasq & ebtables for nat networking in libvirt
592 # qemu for qemu-img, bind-tools for dig
593 # dmidecode just because syslog complains
594 pi unzip xorg-xmodmap dmidecode ebtables\
595 bridge-utils dnsmasq qemu bind-tools
596 # otherwise we get error about accessing kvm module.
597 # seems like there might be a better way, but google was a bit vague.
598 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
599 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
600 # https://bbs.archlinux.org/viewtopic.php?id=206206
601 # # this should prolly go in the wiki
602 sgo virtlogd.socket
603 # guessing this is not needed
604 #sgo virtlogd.service
605 sgo libvirtd
606
607 ;;
608 esac
609
610 case $distro in
611 arch) pi virtviewer ;;
612 *) : ;; # other distros have it as a dependency afaik.
613 esac
614
615
616
617 case $distro in
618 fedora) cabal install shellcheck ;;
619 *) spa shellcheck ;;
620 # unknown for older ubuntu
621 esac
622
623
624 case $distro in
625 arch|debian|ubuntu) spa pumpa ;;
626 # others unknown. do have a buildscript:
627 # /a/bin/buildscripts/pumpa ;;
628 esac
629
630
631 case $distro in
632 debian|ubuntu) spa android-tools-adb/unstable ;;
633 arch) spa android-tools ;;
634 # other distros unknown
635 esac
636
637 case $distro in
638 debian)
639 if [[ `debian-archive` == testing ]]; then
640 # has no unstable dependencies
641 spa bitcoin-qt/unstable
642 fi
643 ;;
644 # other distros unknown
645 esac
646
647
648 # proprietary flash. going without for now
649 # case $distro in
650 # debian)
651 # pi flashplugin-nonfree
652 # esac
653
654
655
656 case $distro in
657 fedora)
658 cd $(mktemp -d)
659 wget http://tamacom.com/global/global-6.3.2.tar.gz
660 ex global*
661 cd global-6.3.2
662 # based on https://github.com/leoliu/ggtags
663 ./configure --with-exuberant-ctags=/usr/bin/ctags
664 make
665 s make install
666 s pip install pygments
667 ;;
668 *)
669 pi global
670 ;;&
671 arch)
672 pi python2-pygments
673 ;;
674 debian|ubuntu)
675 pi python-pygments
676 ;;
677 esac
678
679
680 case $distro in
681 debian)
682 pi task-cinnamon-desktop
683 # in settings, change scrolling to two-finger,
684 # because the default edge scroll doesn\'t work.
685 pu transmission-gtk
686 ;;
687 # others unknown
688 esac
689
690 case $distro in
691 arch) spa apg ;;
692
693 # already in debian jessie
694 esac
695
696
697
698
699 # note this failed running at the beginning of this file,
700 # because no systemd user instance was running.
701 # Doing systemd --user resulted in
702 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
703
704 if isdebian-testing; then
705 # as of 7/2016, has no unstable deps, and is not in testing anymore.
706 pi synergy/unstable
707 else
708 pi synergy
709 fi
710
711 case $distro in
712 # ubuntu unknown. probably the same as debian, just check if the
713 # init scripts come with the package.
714 debian)
715 # copied from arch, but moved to etc
716 s dd of=/etc/systemd/user/synergys.service <<'EOF'
717 [Unit]
718 Description=Synergy Server Daemon
719 After=network.target
720
721 [Service]
722 User=%i
723 ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
724 Restart=on-failure
725
726 [Install]
727 WantedBy=multi-user.target
728 EOF
729 s dd of=/etc/systemd/user/synergys.socket <<'EOF'
730 [Unit]
731 Conflicts=synergys@.service
732
733 [Socket]
734 ListenStream=24800
735 Accept=false
736
737 [Install]
738 WantedBy=sockets.target
739 EOF
740 # had this fail with 'Failed to connect to bus: No such file or directory'
741 # then when I tried it manually, it worked fine...
742 if ! systemctl --user daemon-reload; then
743 sleep 2
744 echo retrying systemd user daemon reload
745 systemctl --user daemon-reload
746 fi
747 ;;&
748 *)
749 # taken from arch wiki.
750 s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
751 [Unit]
752 Description=Synergy Client
753 After=network.target
754
755 [Service]
756 User=%i
757 ExecStart=/usr/bin/synergyc --no-daemon frodo
758 Restart=on-failure
759 # per man systemd.unit, StartLimitInterval, by default we
760 # restart more than 5 times in 10 seconds.
761 # And this param defaults too 200 miliseconds.
762 RestartSec=3s
763
764 [Install]
765 WantedBy=multi-user.target
766 EOF
767 s systemctl daemon-reload
768 case $HOSTNAME in
769 x2|treetowl)
770 ser enable synergyc@ian
771 ser start synergyc@ian ||: # X might not be running yet
772 ;;
773 frodo)
774 systemctl --user start synergys ||:
775 systemctl --user enable synergys
776 ;;
777 esac
778 ;;
779 esac
780
781
782 ######### end misc packages #########
783
784
785 # packages I once used before and liked, but don't want installed now for
786 # various reasons:
787 # python-sqlite is used for offlineimap
788 # lxappearance python-sqlite dolphin paman dconf-editor
789
790
791
792 ######## unfinished
793
794 # todo, finish configuring smart.
795
796 pi smartmontools
797 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
798 # turn on smart. background on options:
799 # first line, -a = test everyting on all devices.
800 # -S on, turn on disk internal saving of vendor specific info,
801 # from google, seems like this is usually already on and fairly standard.
802 # -o on, turn on 4 hour period non-performance degrading testing.
803 # short test daily 2-3am, extended tests Saturdays between 3-4am:
804 sched="-s (S/../.././02|L/../../6/03)"
805 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
806 DEVICESCAN -a -o on -S on -n standby,q $sched \
807 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
808
809 # in the default configuration of at least ubuntu 14.04, resolvconf is
810 # configured to order any nameservers associated with tun* or tap*
811 # before the normal internet interfaces, which means they are always
812 # consulted first. This is often slower and undesirable, ie. local dns
813 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
814 # can do:
815 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
816 # however, this breaks dns lookup for hosts on the openvpn lan.
817 # I can\'t figure out why hosts on the normal lan would not be
818 # broken under the default ordering, except the host I was
819 # testing with previously had an entry in /etc/hosts.
820
821 ############# end unfinished
822
823 ########### misc stuff
824
825
826 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
827 # all things found from looking around the default config
828 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
829 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
830 time-format %H:%M:%S
831 date-format %d/%b/%Y
832 log-file /var/log/apache2/access.log
833 color-scheme 2
834
835 # tip: copy access.log files to a stretch host directory, then run
836 # jessie's goaccess is too old for some options, and it's
837 # not easily installed from a testing.
838 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
839 EOF
840
841
842 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
843 /a/bin/vpn-setup/vpn-mk-client-cert dopub
844 fi
845
846
847 case $distro in
848 debian|ubuntu)
849 case `debian-archive` in
850 stable)
851 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
852 Explanation: Allow unison-gtk to be upgraded
853 Package: unison-gtk
854 Pin: release a=unstable
855 Pin-Priority: 500
856 EOF
857 # dont think using testing is needed since I figured out how to
858 # deal with mismatching unison compilers, but I dont
859 # see any reason to revert it, since it only installs
860 # a single package which is primarily a single binary
861 ;;
862 esac
863 pi unison/testing
864 pi unison-gtk/testing # after to make it the default unison
865 ;;
866 arch)
867 pi unison gtk2
868 ;;
869 esac
870
871 case $distro in
872 arch)
873 # default is alsa, doesn\'t work with with pianobar
874 s dd of=/etc/libao.conf <<'EOF'
875 default_driver=pulse
876 EOF
877 ;;
878 esac
879
880 # not using it atm, and for jessie, it depends on a higher version of btrfs-tools
881 # case $distro in
882 # arch|debian|ubuntu) pi btrbk ;;
883 # # others unknown
884 # esac
885
886 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
887 # fail2 ban is broken, with a workaround, per
888 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
889 # ill wait a while to see if it gets fixed
890 pi fail2ban
891 sgo fail2ban
892 fi
893
894
895
896
897
898 case $distro in
899 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
900 esac
901
902 # tor
903 case $distro in
904 # based on
905 # https://www.torproject.org/docs/rpms.html.en
906 # https://www.torproject.org/docs/debian.html.en
907 # todo: figure out if the running service needs to be restarted upon updates
908
909
910 # todo on fedora: setup non-dev packages
911 fedora)
912 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
913 [tor]
914 name=Tor experimental repo
915 enabled=1
916 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
917 gpgcheck=1
918 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
919
920 [tor-source]
921 name=Tor experimental source repo
922 enabled=1
923 autorefresh=0
924 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
925 gpgcheck=1
926 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
927 EOF
928
929 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
930 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
931 sgo tor
932 /a/bin/buildscripts/tor-browser
933 ;;
934 ubuntu)
935 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
936 gpg --keyserver keys.gnupg.net --recv 886DDD89
937 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
938 p update
939 pi deb.torproject.org-keyring
940 pi tor
941 /a/bin/buildscripts/tor-browser
942 ;;
943 debian)
944 pi tor
945 /a/bin/buildscripts/tor-browser
946 ;;
947 arch)
948 pi tor tor-browser-en
949 sgo tor
950 ;;
951 # ubuntu unknown
952 esac
953
954 # nfs server
955 case $distro in
956 fedora)
957 end_msg <<'EOF'
958 fedora todo: disable the firewall or find a way to automate it.
959 there's an unused section in t.org for tramikssion firewall setup
960
961 fedora manual config for nfs:
962 s firewall-config
963 change to permanent configuration
964 check the box for nfs
965 was hard to figure this out, not sure if this is all needed, but
966 unblock these too
967 mountd: udp/tcp 20048
968 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
969 troubleshooting, unblock things in rpcinfo -p
970 make sure to reload the firewall to load the persistent configuration
971
972
973 EOF
974 pi nfs-utils
975 sgo nfs-server
976 ;;
977 debian|ubuntu)
978 pi nfs-server
979 ;;
980 arch)
981 pi nfs-utils || pending_reboot=true
982 sgo rpcbind
983 # this failed until I rebooted
984 sgo nfs-server
985 ;;
986 esac
987
988 if [[ $HOSTNAME == treetowl ]]; then
989 # nohide = export filesystems mounted deeper than the export point
990 # fsid=0 makes this export the "root" export
991 # not documented in the man page, but this means
992 # 1. it can be mounted with a shorthand of server:/
993 # 2. exports that are subdirectories of this one will automatically be mounted
994 tu /etc/exports <<'EOF'
995 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
996 EOF
997 s exportfs -rav
998 fi
999
1000
1001 e "$end_msg_var"
1002
1003
1004 # persistent virtual machines
1005
1006 case $distro in
1007 debian|ubuntu)
1008 pi libosinfo-bin;
1009 ;;
1010 esac
1011
1012 # distro may not know about win 10 yet.
1013 variant=win7
1014 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1015 for v in 10 8.1 8; do
1016 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1017 variant=win$v
1018 break
1019 fi
1020 done
1021 fi
1022
1023 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1024
1025 # created account with
1026 # win10vmian@outlook.com, and easy to remember password
1027 # win 10 virtio, makes disk way way way faster
1028 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1029 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1030 # for installing virtio after initial install instead of with initial iso:
1031 # qemu-img create -f qcow2 fake.qcow2 1G
1032 # --disk=/a/images/virtio-win.iso,device=cdrom \
1033 # --disk=/a/images/fake.qcow2,bus=virtio
1034 # Also,
1035 # went to device manager, saw 2 pci devices with yellow !,
1036 # did search for drivers, pick cdrom location, done.
1037 #
1038 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1039 # google said there was a control panel option for it, but
1040 # that turned out to be a lie.
1041 # Put this in a .bat file and run as administrator to turn off
1042 # hyberboot which fucks things up.
1043 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1044 # power settings, turn off display: never
1045 # run "control userpasswords2", turn on automatic login.
1046 # note: when changing devices, I just undefine, the create the vm again.
1047
1048 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1049 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1050 -n win10 --import --os-variant $variant --cpu host-model-only
1051
1052 s virsh destroy win10
1053
1054 # this one hasn\'t had the virtio fix done yet.
1055 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1056 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1057 -n win7 --import --os-variant win7 --cpu host-model-only
1058 s virsh destroy win7
1059 # had a problem with --cpu host, so trying out
1060 # --cpu host-model-only
1061
1062 fi
1063
1064
1065 if [[ $HOSTNAME == treetowl ]]; then
1066 pi samba
1067 # note samba re-reads it\'s config every 1 minute
1068 case $distro in
1069 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1070 esac
1071
1072 # add 2 lines after workgroup option
1073 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1074 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1075 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1076 # remove default homes section. not sharing that.
1077 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1078
1079 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1080 s tee -a /etc/samba/smb.conf <<'EOF'
1081 [public]
1082 guest ok = yes
1083 read only = no
1084 path = /kr
1085 EOF
1086 fi
1087
1088 case $distro in
1089 debian|ubuntu)
1090 # systemd claims it generates units from /etc/init.d, but it
1091 # clearly doesn\'t in debian. I have no idea how they are
1092 # related. fuck debian right now. It\'s not documented. samba
1093 # has a systemd init file linked to /dev/null. There\'s this
1094 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1095 # claims samba\'s sub-services will be started automatically by
1096 # systemd... it didn\'t on install, wonder if it will on
1097 # boot. It clued me in how to start it manually though. Nothing
1098 # in /usr/share/doc/samba, debian admin guide says nothing about
1099 # any of this. (this is in debian testing as of 4/2016).
1100
1101 s /etc/init.d/samba start
1102 ;;
1103 arch)
1104 sgo samba
1105 ;;
1106 esac
1107 fi
1108
1109 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1110
1111
1112
1113 rootdev=$(mount | sed -rn 's#^(\S+) on / .*#\1#p')
1114 s mkdir /mnt/root
1115 tu /etc/fstab <<< "$rootdev /mnt/root btrfs noatime,subvolid=0 0 0"
1116 mountpoint /mnt/root || s mount /mnt/root
1117 idev=$(mount | sed -rn 's#^(\S+) on /i .*#\1#p')
1118 if [[ $idev != $rootdev ]]; then
1119 s mkdir /mnt/iroot
1120 tu /etc/fstab <<< "$idev /mnt/iroot btrfs noatime,subvolid=0 0 0"
1121 mountpoint /mnt/iroot || s mount /mnt/iroot
1122 fi
1123
1124
1125 ######### begin stuff belonging at the end ##########
1126
1127
1128 # Apps we want to override others for default file handler:
1129 # simplest way in debian is to just install them last.
1130 simple_packages+=(
1131 mpv
1132 )
1133
1134 case $distro in
1135 ubuntu|debian)
1136 spa spacefm-gtk3 ;;
1137 arch)
1138 spa spacefm ;;
1139 esac
1140
1141
1142 pi "${simple_packages[@]}"
1143
1144
1145 if $pending_reboot; then
1146 echo "$0: pending reboot and then finished. doing it now."
1147 s reboot now
1148 else
1149 echo "$0: $(date): ending now)"
1150 fi
~16k lines of my .bashrc + lots of my configs