iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
syncthing stuff
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35 distro=$(distro-name)
36
37 pending_reboot=false
38
39 # template
40 case $distro in
41 esac
42
43 pup
44
45 simple_packages=(
46 htop
47 mailutils
48 nmon
49 rdiff-backup
50 ruby
51 ruby-rest-client
52 tree
53 vim
54 wcd
55 )
56
57 case $HOSTNAME in
58 lj|li) : ;;
59 *)
60 # universal packages
61 # swh-plugins is for karaoke pulsaudio filter.
62 # mutagen for pithos
63 simple_packages+=(
64 apache2
65 bwm-ng
66 chromium
67 debconf-doc
68 duplicity
69 eclipse
70 evince
71 fdupes
72 filelight
73 gcc-doc
74 gdb
75 gitk
76 goaccess
77 gnome-screenshot
78 i3lock
79 jq
80 linux-doc
81 locate
82 manpages
83 manpages-dev
84 meld
85 mumble
86 nmap
87 offlineimap
88 p7zip
89 paprefs
90 pavucontrol
91 pdfgrep
92 pianobar
93 pidgin
94 python3-mutagen
95 reportbug
96 squashfs-tools
97 swh-plugins
98 tcpdump
99 transmission-remote-gtk
100 vlc
101 )
102 ;;
103 esac
104
105
106
107 ########### begin section including li ################
108
109
110 case $distro in
111 debian)
112 if [[ `debian-archive` == testing ]]; then
113 pi acme-tiny
114 fi
115 esac
116
117 case $distro in
118 fedora) spa unrar ;;
119 *) spa unrar-free ;;
120 esac
121
122
123 case $distro in
124 arch)
125 # ubuntu 14.04 uses b-cron,
126 # but its not maintained in arch.
127 # of the ones in the main repos, cronie is only one maintained.
128 # fcron appears abandoned software.
129 pi cronie
130 sgo cronie
131 ;;
132 *) : ;; # other distros come with cron.
133 esac
134
135
136 case $distro in
137 debian|ubuntu)
138 pi debian-goodies
139 ;;
140 esac
141
142
143 case $distro in
144 *) pi at ;;&
145 arch) sgo atd ;;
146 esac
147
148
149 case $distro in
150 debian) pi curl;;
151 arch) : ;;
152 # fedora: unknown
153 esac
154
155 case $distro in
156 # tk for gitk
157 arch) spa git tk ;;
158 *) spa git ;;
159 esac
160
161 case $distro in
162 arch) spa the_silver_searcher ;;
163 debian|ubuntu) spa silversearcher-ag ;;
164 # fedora unknown
165 esac
166
167 case $distro in
168 debian|ubuntu) spa ntp;;
169 arch)
170 pi ntp
171 sgo ntpd
172 ;;
173 # others unknown
174 esac
175
176
177 # no equivalent in other distros:
178 case $distro in
179 debian|ubuntu)
180 pi apt-file aptitude
181 s apt-file update
182 # for debconf-get-selections
183 spa debconf-utils
184 ;;
185 esac
186
187 case $distro in
188 ubuntu|debian) spa ack-grep ;;
189 arch|fedora) spa ack ;;
190 # fedora unknown
191 esac
192
193 case $distro in
194 arch|debian|ubuntu)
195 spa bash-completion
196 ;;
197 # others unknown
198 esac
199
200
201
202
203
204 # disable motd junk.
205 case $(distro-name) in
206 debian)
207 # allows me to pipe with ssh -t, and gets rid of spam
208 # http://forums.debian.net/viewtopic.php?f=5&t=85822
209 # i'd rather disable the service than comment the init file
210 # this says disabling the service, it will still get restarted
211 # but this script doesn't do anything on restart, so it should be fine
212 s dd of=/var/run/motd.dynamic if=/dev/null
213 # stretch doesn't have initscripts pkg installed by default
214 if [[ $(debian-codename) == jessie ]]; then
215 s update-rc.d motd disable
216 fi
217 ;;
218 ubuntu)
219 # this isn't a complete solution. It still shows me when updates are available,
220 # but it's no big deal.
221 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
222 ;;
223 esac
224
225 # automatic updates
226 # reference:
227 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
228 # /etc/cron.daily/apt calls unattended-upgrades
229 # /usr/share/doc/unattended-upgrades# cat README.md
230 # /etc/apt/apt.conf.d/50unattended-upgrades
231 if isdebian; then
232 setup-debian-auto-update
233 fi
234
235 # we've got a few dependencies later on, so install them now.
236 pi "${simple_packages[@]}"
237 simple_packages=()
238
239 # website setup
240 case $HOSTNAME in
241 lj|li)
242
243 case $HOSTNAME in
244 lj) domain=iank.bid; exit 0 ;;
245 li) domain=iankelling.org ;;
246 esac
247 /a/h/setup.sh $domain
248 /a/h/build.rb
249
250 sudo -E /a/bin/mediawiki-setup/mw-setup-script
251 #$src/phab-setup
252
253 pi-nostart mumble-server
254 s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
255 sgo mumble-server
256
257 vpn-server-setup -d
258
259 sudo dd of=/etc/systemd/system/vpnmail.service <<EOF
260 [Unit]
261 Description=Turns on iptables mail nat
262
263 [Service]
264 Type=oneshot
265 RemainAfterExit=yes
266 ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
267 ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.8.0.4:25
268
269 [Install]
270 WantedBy=openvpn.service
271 EOF
272 ser daemon-reload
273 ser enable vpnmail.service
274 acme-tiny-wrapper mail.iankelling.org
275 sgo openvpn
276 tu /etc/hosts <<<"mail.iankelling.org 10.8.0.4"
277
278
279 echo "$0: $(date): ending now)"
280 exit 0
281 ;;
282 esac
283
284
285 ########### end section including li/lj ###############
286
287 if private-host; then
288 vpn-mk-client-cert -n mail li
289 echo "ifconfig-push 10.8.0.4 255.255.255.0" | ssh root@li dd of=/etc/openvpn/client-config/$(openssl x509 -noout -subject -in mail.crt | sed -r 's/.*CN *= *([^,]+).*/\1/')
290 fi
291 ser enable mailroute
292 if [[ $HOSTNAME == treetowl ]]; then
293 # note, this will need to be changed when the mail host changes
294 sgo openvpn-client@mail
295 fi
296
297 ## android studio setup
298 # this contains the setting for android sdk to point to
299 # /a/opt/androidsdk, which is asked upon first run
300 lnf /a/opt/.AndroidStudio2.2 ~
301 # android site says it needs a bunch of packages for ubuntu,
302 # but I googled for debian, and someone says you just need lib32stdc++6 plus the
303 # jdk
304 # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
305 # see w.org for more android studio details
306 spa lib32stdc++6 default-jdk
307
308
309 if [[ $HOSTNAME == treetowl ]]; then
310 # It\'s simpler to just worry about running it in one place for now.
311 # I assume it would work to clone it\'s config to another non-phone
312 # and just run it in one place instead of the normal having a
313 # separate config. I lean toward using the same config, since btrfs
314 # syncs between comps.
315 case $distro in
316 arch) pi syncthing ;;
317 ubuntu|debian)
318 # testing has relatively up to date packages
319 if ! isdebian-testing; then
320 # based on error when doing apt-get update:
321 # E: The method driver /usr/lib/apt/methods/https could not be found.
322 pi apt-transport-https
323 # google led me here:
324 # https://apt.syncthing.net/
325 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
326 s="deb http://apt.syncthing.net/ syncthing release"
327 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
328 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
329 p update
330 fi
331 fi
332 pi syncthing
333 ;;
334 esac
335 sgo syncthing@ian # runs as ian
336
337 # these things persist in ~/.config/syncthing, which I save in
338 # /p/c/machine_specific
339 # open http://localhost:8384/
340 # change listen address from default to tcp://:22001,
341 # this is because we do port forward so it doesn\'t have to use
342 # some external server, but the syncthing is broken for port forward,
343 # you get a message, something "like connected to myself, this should not happen"
344 # when connecting to other local devices, so I bump the port up by 1,
345 # based on
346 # https://forum.syncthing.net/t/connected-to-myself-should-not-happen/1763/19.
347 # Without this, it was being stuck syncing at 0%.
348 # Set gui username and password.
349 #
350 # install syncthing via f-droid,
351 # folder setting, turn off master folder (makes it read only).
352 # on phone, add device, click bar code icon
353 # on dekstop, top right, actions, device id
354 # after adding, notification will appear on desktop to confirm
355 #
356 # add folder to sync phone, notification will appear on desktop
357 # to set folder location.
358 #
359 # Folder versioning would make sense if I didn\'t already use btrfs
360 # for backups. I would choose staggered, or trash can for more space.
361 #
362 # if needed to install on a remote comp:
363 # ssh -L 8384:localhost:8384 -N frodo
364 # open http://localhost:8384/
365 #
366 # Note, the other thing i did was port forward port 22000,
367 # per https://docs.syncthing.net/users/firewall.html
368 fi
369
370
371
372 # no equivalent in other distros:
373 case $distro in
374 debian|ubuntu)
375 # for gui bug reporting
376 spa python-vte
377 ;;
378 esac
379
380
381 ####### misc packages ###########
382
383 if [[ $HOSTNAME == treetowl ]]; then
384 case $distro in
385 debian|ubuntu)
386 # note i had to do this, which is persistent:
387 # cd /i/k
388 # s chgrp debian-transmission torrents partial-torrents
389
390 # syslog says things like
391 # 'Failed to set receive buffer: requested 4194304, got 425984'
392 # google suggets giving it even more than that
393 tu /etc/sysctl.conf<<'EOF'
394 net.core.rmem_max = 67108864
395 net.core.wmem_max = 16777216
396 EOF
397 s sysctl -p
398
399 # some reason it doesn't seem to start automatically anyways
400 pi-nostart transmission-daemon
401 #
402 # config file documented here, and it's the same config
403 # for daemon vs client, so it's documented in the gui.
404 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
405 #
406 # I originaly setup rpc-whitelist, but after using
407 # routing to a network namespace, it doesn't see the
408 # real source address, so it's disabled.
409 #
410 # Changed the cache-size to 128 mb, reduces disk use.
411 # It is a read & write cache.
412 #
413 # todo: setup a password.
414 s ruby <<'EOF'
415 require 'json'
416 p = '/etc/transmission-daemon/settings.json'
417 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
418 'rpc-whitelist-enabled' => false,
419 'rpc-authentication-required' => false,
420 'incomplete-dir' => '/k/partial-torrents',
421 'incomplete-dir-enabled' => true,
422 'download-dir' => '/i/k/torrents',
423 "speed-limit-up" => 800,
424 "speed-limit-up-enabled" => true,
425 "peer-port" => 61486,
426 "cache-size-mb" => 128,
427 "ratio-limit" => 1.4000,
428 "ratio-limit-enabled" => false,
429 "pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
430 })) + "\n")
431 EOF
432
433 # make sure its not enabled, not sure if this is needed
434 ser disable transmission-daemon
435 sgo transmission-daemon-nn
436 ;;
437 # todo: others unknown
438 esac
439 fi
440
441 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
442 if ! getent passwd debian-transmission > /dev/null; then
443 case $distro in
444 arch)
445 s useradd \
446 --system \
447 --create-home \
448 --home-dir /var/lib/transmission-daemon \
449 --shell /bin/false \
450 debian-transmission
451 ;;
452 *)
453 s adduser --quiet \
454 --system \
455 --group \
456 --no-create-home \
457 --disabled-password \
458 --home /var/lib/transmission-daemon \
459 debian-transmission
460 ;;
461 esac
462 fi
463
464 # dunno why it's there, but get rid of it
465 case $HOSTNAME in
466 li|lj) s rm -rf /home/linode ;;
467 esac
468
469 # arch had a default config,
470 # debian had nothing until you start it.
471 # With a little trial an error, here is a minimal config
472 # taken from the generated one, plus changes that the
473 # settings ui does, without a bunch of ui crap settings.
474 #
475 # only settings I set were
476 # hostname
477 # auto-connect
478 for f in /home/*; do
479 d=$f/.config/transmission-remote-gtk
480 u=${f##*/}
481 s -u $u mkdir -p $d
482 s -u $u dd of=$d/config.json <<'EOF'
483 {
484 "profiles" : [
485 {
486 "profile-name" : "Default",
487 "hostname" : "treetowl",
488 "rpc-url-path" : "/transmission/rpc",
489 "username" : "",
490 "password" : "",
491 "auto-connect" : true,
492 "ssl" : false,
493 "timeout" : 40,
494 "retries" : 3,
495 "update-active-only" : false,
496 "activeonly-fullsync-enabled" : false,
497 "activeonly-fullsync-every" : 2,
498 "update-interval" : 3,
499 "min-update-interval" : 3,
500 "session-update-interval" : 60,
501 "exec-commands" : [
502 ],
503 "destinations" : [
504 ]
505 }
506 ],
507 "profile-id" : 0,
508 "add-options-dialog" : false
509 }
510 EOF
511 done
512
513 case $distro in
514 debian|ubuntu)
515 # suggests because we want the resolvconf package.
516 # todo: check other distros to make sure it's installed
517 pi-nostart --install-suggests openvpn
518 # pi-nostart this doesnt seem to be good enough?
519 ser disable openvpn@client
520 ser disable openvpn
521 ;;
522 *) pi openvpn;;
523 esac
524
525 pi wget
526 case $HOSTNAME in
527 tp|frodo)
528 case $distro in
529 debian|ubuntu)
530 log=$(mktemp)
531 cd /a/opt
532 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
533 errallow
534 set -o pipefail
535 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
536 code=$?
537 errcatch
538 case $code in
539 0) : ;;
540 *)
541 # previously I had a more specific search, but dpkg
542 # changed it\'s output as of 7/2016
543 if grep 'dependency problems' \
544 $log &>/dev/null; then
545 s apt-get -fy install
546 else
547 exit 1
548 fi
549 ;;
550 esac
551 ;;
552 arch)
553 pi google-chrome
554 ;;
555 esac
556 ;;
557 esac
558
559 # printer
560 case $distro in
561 arch)
562 pi cups ghostscript gsfonts # from arch wiki cups page
563 pi hplip # from google
564 s gpasswd -a $USER sys # from arch wiki
565 sgo org.cups.cupsd.service
566 # goto http://127.0.0.1:631
567 # administration tab, add new printer button.
568 # In debian, I could use hte recommended driver,
569 # in arch, I had to pick out the 6L driver.
570 ;;
571 debian|ubuntu)
572 spa hplip
573 ;;
574 # other distros unknown
575 esac
576
577
578 case $distro in
579 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
580 fedora|arch) spa mairix notmuch ;;
581 esac
582 case $distro in
583 arch) spa nfs-utils ;;
584 ubuntu|debian) spa nfs-client ;;
585 esac
586 case $distro in
587 ubuntu|debian) spa par2 ;;
588 arch|fedora) spa par2cmdline ;;
589 esac
590
591 # needed for my tex resume
592 case $distro in
593 ubuntu|debian) spa texlive-full ;;
594 arch) spa texlive-most ;;
595 # fedora unknown
596 esac
597
598 case $distro in
599 ubuntu)
600 # flash, unrar, codecs, ms fonts.
601 # This has a manual prompt.
602 spa ubuntu-restricted-extras
603 ;;
604 fedora)
605 pi yum-utils
606 # rpm fusion recommended codecs
607 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
608 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
609 xine-lib-extras-freeworld
610 ;;
611 esac
612
613 case $distro in
614 # optional dep for firefox for h.264 video
615 arch) spa gst-libav ;;
616 # other distros, probably come by default
617 esac
618
619 case $distro in
620 fedora|ubuntu|debian) spa gnupg-agent ;;
621 arch) : ;;
622 esac
623
624
625 case $distro in
626 fedora) spa pinentry-gtk ;;
627 *) : ;; # comes default or with other packages
628 esac
629
630 case $distro in
631 arch) spa firefox pulseaudio;;
632 *) : ;; # comes default or with other packages
633 esac
634
635
636 case $distro in
637 arch) spa ttf-dejavu;;
638 debian|ubuntu) spa fonts-dejavu ;;
639 # others unknown
640 esac
641
642
643 case $distro in
644 arch) spa xorg-xev;;
645 debian|ubuntu) spa x11-utils ;;
646 # others unknown
647 esac
648
649 case $distro in
650 arch) pi virt-install;;&
651 debian|ubuntu) pi virtinst ;;&
652 *) pi virt-manager ;; # creates the libvirt group in debian at least
653 # others unknown
654 esac
655 # allow user to run vms, from debian handbook
656 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
657 # bridge networking as user fails. google lead here, but it doesn't work:
658 # oh well, I give up.
659 # http://wiki.qemu.org/Features-Done/HelperNetworking
660 # s mkdir /etc/qemu
661 # f=/etc/qemu/bridge.conf
662 # s dd of=$f <<'EOF'
663 # allow br0
664 # EOF
665 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
666 # s chmod 640 $f
667
668
669 case $distro in
670 arch) spa cdrkit;;
671 debian|ubuntu) spa genisoimage;;
672 # others unknown
673 esac
674
675 case $distro in
676 arch) spa spice-gtk3 ;;
677 debian|ubuntu) spa spice-client-gtk;;
678 # others unknown
679 esac
680
681 # general known for debian/ubuntu, not for fedora
682 case $distro in
683 arch)
684 # cdrkit for cloud-init isos
685 # dnsmasq & ebtables for nat networking in libvirt
686 # qemu for qemu-img, bind-tools for dig
687 # dmidecode just because syslog complains
688 pi unzip xorg-xmodmap dmidecode ebtables\
689 bridge-utils dnsmasq qemu bind-tools
690 # otherwise we get error about accessing kvm module.
691 # seems like there might be a better way, but google was a bit vague.
692 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
693 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
694 # https://bbs.archlinux.org/viewtopic.php?id=206206
695 # # this should prolly go in the wiki
696 sgo virtlogd.socket
697 # guessing this is not needed
698 #sgo virtlogd.service
699 sgo libvirtd
700
701 ;;
702 esac
703
704 case $distro in
705 arch) pi virtviewer ;;
706 *) : ;; # other distros have it as a dependency afaik.
707 esac
708
709
710
711 case $distro in
712 fedora) cabal install shellcheck ;;
713 *) spa shellcheck ;;
714 # unknown for older ubuntu
715 esac
716
717
718 case $distro in
719 arch|debian|ubuntu) spa pumpa ;;
720 # others unknown. do have a buildscript:
721 # /a/bin/buildscripts/pumpa ;;
722 esac
723
724
725 case $distro in
726 debian|ubuntu) spa android-tools-adbd/unstable ;;
727 arch) spa android-tools ;;
728 # other distros unknown
729 esac
730
731 case $distro in
732 debian)
733 if [[ `debian-archive` == testing ]]; then
734 # has no unstable dependencies
735 spa bitcoin-qt/unstable
736 fi
737 s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
738 ser daemon-reload
739
740 dir=/nocow/.bitcoin
741 s mkdir -p $dir
742 s chown -R bitcoin:bitcoin $dir
743 dir=/etc/bitcoin
744 s mkdir -p $dir
745 s chown -R root:bitcoin $dir
746 s chmod 750 $dir
747 f=$dir/bitcon.conf
748
749 # pruning decreases the bitcoin dir to 2 gb, keeps
750 # just the recent blocks. can't do a few things like
751 # import a wallet dump.
752 # pruning works, but people had to do
753 # some manual stuff in joinmarket. I dun need the
754 # disk space, so not bothering yet, maybe in a year or so.
755 # https://github.com/JoinMarket-Org/joinmarket/issues/431
756 #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
757 #prune=550
758
759 s dd of=$f <<EOF
760 rpcbind=127.0.0.1
761 server=1
762 rpcpassword=$(openssl rand -base64 32)
763 rpcuser=$(openssl rand -base64 32)
764
765 # Joinmarket
766 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
767 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
768 EOF
769 ;;
770 # other distros unknown
771 esac
772 if [[ $HOSTNAME == treetowl ]]; then
773 pi libsodium-dev python3-pip
774 cd /a/opt/joinmarket
775 # using develop branch, as it seems to be mostly bug fixes,
776 # and this is quite new software.
777 # note: python3 does not work.
778 pip install -r requirements.txt
779 # we need bitcoin.conf in the data dir according to
780 # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
781 # following the example .service script, I don\'t have it there,
782 # and I generate it, so lets just symlink it.
783 sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
784
785 # one time, manually did python wallet-tool.py generate.
786 # The "wallet" is just a key which deterministically generates addresses.
787 # One time: move the wallet, then link to it.
788 # ln -s /p/joinmarket/wallet.json wallets
789 #
790 # see wallet addresses via:
791 # python wallet-tool.py wallet.json
792 # send to the first 3 mixing depth 0 addresses.
793 # depths are like "identities", to separate out association with
794 # each other. the big hash in that output is the depth/branch id,
795 # ignore it afaik.
796 #
797 # after sending btc to wallet from a 3rd party service, check that
798 # at least 20% of utxo of each transaction was sent to you,
799 # btc listtransactions 10 0 true
800 # btc getrawtransaction TXID 1
801 #
802 # to view status, do
803 # python wallet-tool.py wallet.json history
804 #
805 # to help make other people,
806 # python yield-generator-basic.py wallet.json
807
808 for var in rpcuser rpcpassword; do
809 u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
810 # escape backslashes
811 u="${u//\\/\\\\\\\\}"
812 # escape commas
813 u="${u//,/\\,}"
814 sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
815 done
816 sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
817
818 # dunno about sharing a wallet between multiple instances
819 # manually did, wallet.dat symlinked in /nocow/.bitcoin
820 sgo bitcoind
821 fi
822
823
824
825
826 # proprietary flash. going without for now
827 # case $distro in
828 # debian)
829 # pi flashplugin-nonfree
830 # esac
831
832
833
834 case $distro in
835 fedora)
836 cd $(mktemp -d)
837 wget http://tamacom.com/global/global-6.3.2.tar.gz
838 ex global*
839 cd global-6.3.2
840 # based on https://github.com/leoliu/ggtags
841 ./configure --with-exuberant-ctags=/usr/bin/ctags
842 make
843 s make install
844 s pip install pygments
845 ;;
846 *)
847 pi global
848 ;;&
849 arch)
850 pi python2-pygments
851 ;;
852 debian|ubuntu)
853 pi python-pygments
854 ;;
855 esac
856
857
858 case $distro in
859 debian)
860 pi task-cinnamon-desktop
861 # in settings, change scrolling to two-finger,
862 # because the default edge scroll doesn\'t work.
863 pu transmission-gtk
864 ;;
865 # others unknown
866 esac
867
868 case $distro in
869 arch) spa apg ;;
870
871 # already in debian jessie
872 esac
873
874
875
876
877 # note this failed running at the beginning of this file,
878 # because no systemd user instance was running.
879 # Doing systemd --user resulted in
880 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
881
882 if isdebian-testing; then
883 # as of 7/2016, has no unstable deps, and is not in testing anymore.
884 pi synergy/unstable
885 else
886 pi synergy
887 fi
888
889 # case $distro in
890 # # ubuntu unknown. probably the same as debian, just check if the
891 # # init scripts come with the package.
892 # debian)
893 # # copied from arch, but moved to etc
894 # s dd of=/etc/systemd/user/synergys.service <<'EOF'
895 # [Unit]
896 # Description=Synergy Server Daemon
897 # After=network.target
898
899 # [Service]
900 # User=%i
901 # ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
902 # Restart=on-failure
903
904 # [Install]
905 # WantedBy=multi-user.target
906 # EOF
907 # s dd of=/etc/systemd/user/synergys.socket <<'EOF'
908 # [Unit]
909 # Conflicts=synergys@.service
910
911 # [Socket]
912 # ListenStream=24800
913 # Accept=false
914
915 # [Install]
916 # WantedBy=sockets.target
917 # EOF
918 # # had this fail with 'Failed to connect to bus: No such file or directory'
919 # # then when I tried it manually, it worked fine...
920 # if ! systemctl --user daemon-reload; then
921 # sleep 2
922 # echo retrying systemd user daemon reload
923 # systemctl --user daemon-reload
924 # fi
925 # ;;&
926 # *)
927 # # taken from arch wiki.
928 # s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
929 # [Unit]
930 # Description=Synergy Client
931 # After=network.target
932
933 # [Service]
934 # User=%i
935 # ExecStart=/usr/bin/synergyc --no-daemon frodo
936 # Restart=on-failure
937 # # per man systemd.unit, StartLimitInterval, by default we
938 # # restart more than 5 times in 10 seconds.
939 # # And this param defaults too 200 miliseconds.
940 # RestartSec=3s
941
942 # [Install]
943 # WantedBy=multi-user.target
944 # EOF
945 # s systemctl daemon-reload
946 # case $HOSTNAME in
947 # x2|treetowl)
948 # ser enable synergyc@ian
949 # ser start synergyc@ian ||: # X might not be running yet
950 # ;;
951 # frodo)
952 # systemctl --user start synergys ||:
953 # systemctl --user enable synergys
954 # ;;
955 # esac
956 # ;;
957 # esac
958
959
960 ######### end misc packages #########
961
962
963 # packages I once used before and liked, but don't want installed now for
964 # various reasons:
965 # python-sqlite is used for offlineimap
966 # lxappearance python-sqlite dolphin paman dconf-editor
967
968
969
970 ######## unfinished
971
972 # todo, finish configuring smart.
973
974 pi smartmontools
975 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
976 # turn on smart. background on options:
977 # first line, -a = test everyting on all devices.
978 # -S on, turn on disk internal saving of vendor specific info,
979 # from google, seems like this is usually already on and fairly standard.
980 # -o on, turn on 4 hour period non-performance degrading testing.
981 # short test daily 2-3am, extended tests Saturdays between 3-4am:
982 sched="-s (S/../.././02|L/../../6/03)"
983 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
984 DEVICESCAN -a -o on -S on -n standby,q $sched \
985 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
986
987 # in the default configuration of at least ubuntu 14.04, resolvconf is
988 # configured to order any nameservers associated with tun* or tap*
989 # before the normal internet interfaces, which means they are always
990 # consulted first. This is often slower and undesirable, ie. local dns
991 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
992 # can do:
993 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
994 # however, this breaks dns lookup for hosts on the openvpn lan.
995 # I can\'t figure out why hosts on the normal lan would not be
996 # broken under the default ordering, except the host I was
997 # testing with previously had an entry in /etc/hosts.
998
999 ############# end unfinished
1000
1001 ########### misc stuff
1002
1003
1004 # the wiki backup script from ofswiki.org uses generic paths
1005 s lnf /p/c/machine_specific/li/mw_vars /root
1006 s lnf /k/backup/wiki_backup /root
1007
1008 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
1009 # all things found from looking around the default config
1010 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
1011 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
1012 time-format %H:%M:%S
1013 date-format %d/%b/%Y
1014 log-file /var/log/apache2/access.log
1015 color-scheme 2
1016
1017 # tip: copy access.log files to a stretch host directory, then run
1018 # jessie's goaccess is too old for some options, and it's
1019 # not easily installed from a testing.
1020 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
1021 EOF
1022
1023
1024 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
1025 /a/bin/vpn-setup/vpn-mk-client-cert dopub
1026 # route lan traffic from inside the network namespace.
1027 tu /etc/openvpn/client.conf "route 192.168.1.0 255.255.255.0 net_gateway"
1028 fi
1029
1030
1031 case $distro in
1032 debian|ubuntu)
1033 case `debian-archive` in
1034 stable)
1035 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
1036 Explanation: Allow unison-gtk to be upgraded
1037 Package: unison-gtk
1038 Pin: release a=unstable
1039 Pin-Priority: 500
1040 EOF
1041 # dont think using testing is needed since I figured out how to
1042 # deal with mismatching unison compilers, but I dont
1043 # see any reason to revert it, since it only installs
1044 # a single package which is primarily a single binary
1045 ;;
1046 esac
1047 pi unison/testing
1048 pi unison-gtk/testing # after to make it the default unison
1049 ;;
1050 arch)
1051 pi unison gtk2
1052 ;;
1053 esac
1054
1055 case $distro in
1056 arch)
1057 # default is alsa, doesn\'t work with with pianobar
1058 s dd of=/etc/libao.conf <<'EOF'
1059 default_driver=pulse
1060 EOF
1061 ;;
1062 esac
1063
1064 # note, for jessie, it depends on a higher version of btrfs-tools.
1065 #
1066 # # disabled due to my patch being in btrbk
1067 # case $distro in
1068 # arch|debian|ubuntu) pi btrbk ;;
1069 # # others unknown
1070 # esac
1071 cd /a/opt/btrbk
1072 s make install
1073 spa pv # for progress bar when running interactively.
1074 if [[ $HOSTNAME == treetowl ]]; then
1075 # backup/sync manually on others hosts for now.
1076 sgo btrbk.timer
1077 # note: to see when it was last run,
1078 # ser list-timers
1079 fi
1080
1081 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
1082 # fail2 ban is broken, with a workaround, per
1083 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
1084 # ill wait a while to see if it gets fixed
1085 pi fail2ban
1086 sgo fail2ban
1087 fi
1088
1089
1090
1091
1092
1093 case $distro in
1094 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
1095 esac
1096
1097 # tor
1098 case $distro in
1099 # based on
1100 # https://www.torproject.org/docs/rpms.html.en
1101 # https://www.torproject.org/docs/debian.html.en
1102 # todo: figure out if the running service needs to be restarted upon updates
1103
1104
1105 # todo on fedora: setup non-dev packages
1106 fedora)
1107 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
1108 [tor]
1109 name=Tor experimental repo
1110 enabled=1
1111 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
1112 gpgcheck=1
1113 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1114
1115 [tor-source]
1116 name=Tor experimental source repo
1117 enabled=1
1118 autorefresh=0
1119 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
1120 gpgcheck=1
1121 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1122 EOF
1123
1124 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
1125 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
1126 sgo tor
1127 /a/bin/buildscripts/tor-browser
1128 ;;
1129 ubuntu)
1130 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
1131 gpg --keyserver keys.gnupg.net --recv 886DDD89
1132 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
1133 p update
1134 pi deb.torproject.org-keyring
1135 pi tor
1136 /a/bin/buildscripts/tor-browser
1137 ;;
1138 debian)
1139 pi tor
1140 /a/bin/buildscripts/tor-browser
1141 ;;
1142 arch)
1143 pi tor tor-browser-en
1144 sgo tor
1145 ;;
1146 # ubuntu unknown
1147 esac
1148
1149 # nfs server
1150 case $distro in
1151 fedora)
1152 end_msg <<'EOF'
1153 fedora todo: disable the firewall or find a way to automate it.
1154 there's an unused section in t.org for tramikssion firewall setup
1155
1156 fedora manual config for nfs:
1157 s firewall-config
1158 change to permanent configuration
1159 check the box for nfs
1160 was hard to figure this out, not sure if this is all needed, but
1161 unblock these too
1162 mountd: udp/tcp 20048
1163 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
1164 troubleshooting, unblock things in rpcinfo -p
1165 make sure to reload the firewall to load the persistent configuration
1166
1167
1168 EOF
1169 pi nfs-utils
1170 sgo nfs-server
1171 ;;
1172 debian|ubuntu)
1173 pi nfs-server
1174 ;;
1175 arch)
1176 pi nfs-utils || pending_reboot=true
1177 sgo rpcbind
1178 # this failed until I rebooted
1179 sgo nfs-server
1180 ;;
1181 esac
1182
1183 if [[ $HOSTNAME == treetowl ]]; then
1184 # nohide = export filesystems mounted deeper than the export point
1185 # fsid=0 makes this export the "root" export
1186 # not documented in the man page, but this means
1187 # 1. it can be mounted with a shorthand of server:/
1188 # 2. exports that are subdirectories of this one will automatically be mounted
1189 tu /etc/exports <<'EOF'
1190 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
1191 EOF
1192 s exportfs -rav
1193 fi
1194
1195
1196 e "$end_msg_var"
1197
1198
1199 # persistent virtual machines
1200
1201 case $distro in
1202 debian|ubuntu)
1203 pi libosinfo-bin;
1204 ;;
1205 esac
1206
1207 # distro may not know about win 10 yet.
1208 variant=win7
1209 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1210 for v in 10 8.1 8; do
1211 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1212 variant=win$v
1213 break
1214 fi
1215 done
1216 fi
1217
1218 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1219
1220 # created account with
1221 # win10vmian@outlook.com, and easy to remember password
1222 # win 10 virtio, makes disk way way way faster
1223 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1224 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1225 # for installing virtio after initial install instead of with initial iso:
1226 # qemu-img create -f qcow2 fake.qcow2 1G
1227 # --disk=/a/images/virtio-win.iso,device=cdrom \
1228 # --disk=/a/images/fake.qcow2,bus=virtio
1229 # Also,
1230 # went to device manager, saw 2 pci devices with yellow !,
1231 # did search for drivers, pick cdrom location, done.
1232 #
1233 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1234 # google said there was a control panel option for it, but
1235 # that turned out to be a lie.
1236 # Put this in a .bat file and run as administrator to turn off
1237 # hyberboot which fucks things up.
1238 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1239 # power settings, turn off display: never
1240 # run "control userpasswords2", turn on automatic login.
1241 # note: when changing devices, I just undefine, the create the vm again.
1242
1243 if [[ -e /a/images/win10.qcow2 ]]; then
1244 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1245 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1246 -n win10 --import --os-variant $variant --cpu host-model-only
1247
1248 s virsh destroy win10
1249 fi
1250
1251 if [[ -e /a/images/win7.qcow2 ]]; then
1252 # this one hasn\'t had the virtio fix done yet.
1253 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1254 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1255 -n win7 --import --os-variant win7 --cpu host-model-only
1256 s virsh destroy win7
1257 # had a problem with --cpu host, so trying out
1258 # --cpu host-model-only
1259 fi
1260 fi
1261
1262
1263 if [[ $HOSTNAME == treetowl ]]; then
1264 pi samba
1265 # note samba re-reads it\'s config every 1 minute
1266 case $distro in
1267 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1268 esac
1269
1270 # add 2 lines after workgroup option
1271 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1272 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1273 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1274 # remove default homes section. not sharing that.
1275 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1276
1277 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1278 s tee -a /etc/samba/smb.conf <<'EOF'
1279 [public]
1280 guest ok = yes
1281 read only = no
1282 path = /kr
1283 EOF
1284 fi
1285
1286 case $distro in
1287 debian|ubuntu)
1288 # systemd claims it generates units from /etc/init.d, but it
1289 # clearly doesn\'t in debian. I have no idea how they are
1290 # related. fuck debian right now. It\'s not documented. samba
1291 # has a systemd init file linked to /dev/null. There\'s this
1292 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1293 # claims samba\'s sub-services will be started automatically by
1294 # systemd... it didn\'t on install, wonder if it will on
1295 # boot. It clued me in how to start it manually though. Nothing
1296 # in /usr/share/doc/samba, debian admin guide says nothing about
1297 # any of this. (this is in debian testing as of 4/2016).
1298
1299 s /etc/init.d/samba start
1300 ;;
1301 arch)
1302 sgo samba
1303 ;;
1304 esac
1305 fi
1306
1307 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1308
1309
1310 ######### begin stuff belonging at the end ##########
1311
1312
1313 # Apps we want to override others for default file handler:
1314 # simplest way in debian is to just install them last.
1315 simple_packages+=(
1316 mpv
1317 )
1318
1319 case $distro in
1320 ubuntu|debian)
1321 spa spacefm-gtk3 ;;
1322 arch)
1323 spa spacefm ;;
1324 esac
1325
1326
1327 pi "${simple_packages[@]}"
1328
1329
1330 if $pending_reboot; then
1331 echo "$0: pending reboot and then finished. doing it now."
1332 s reboot now
1333 else
1334 echo "$0: $(date): ending now)"
1335 fi
~16k lines of my .bashrc + lots of my configs