2 # Copyright (C) 2016 Ian Kelling
3 # This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
5 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
11 IFS
= read -r -d '' y ||
:
53 # things with no equivalent in other distros:
56 # for gui bug reporting
60 # for debconf-get-selections
66 ####### misc packages ###########
75 arch
) pi the_silver_searcher
;;
76 debian|ubuntu
) pi silversearcher-ag
;;
83 pi cups ghostscript gsfonts
# from arch wiki cups page
84 pi hplip
# from google
85 s gpasswd
-a $USER sys
# from arch wiki
86 sgo org.cups.cupsd.service
87 # goto http://127.0.0.1:631
88 # administration tab, add new printer button.
89 # In debian, I could use hte recommended driver,
90 # in arch, I had to pick out the 6L driver.
95 # other distros unknown
100 ubuntu|debian
) pi ack-grep
;;
101 arch|fedora
) pi ack
;;
105 ubuntu|debian
) pi
--no-install-recommends mairix notmuch
;;
106 fedora|arch
) pi mairix notmuch
;;
109 arch
) pi nfs-utils
;;
110 ubuntu|debian
) pi nfs-client
;;
113 ubuntu|debian
) pi par2
;;
114 arch|fedora
) pi par2cmdline
;;
117 # needed for my tex resume
119 ubuntu|debian
) pi texlive-full
;;
120 arch
) pi texlive-most
;;
126 # flash, unrar, codecs, ms fonts.
127 # This has a manual prompt.
128 pi ubuntu-restricted-extras
132 # rpm fusion recommended codecs
133 s su
-c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
134 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
135 xine-lib-extras-freeworld
140 # optional dep for firefox for h.264 video
141 arch
) pi gst-libav
;;
142 # other distros, probably come by default
146 fedora|ubuntu|debian
) pi gnupg-agent
;;
152 fedora|ubuntu|debian
) pi transmission
;;
153 arch
) pi transmission-gtk
;;
158 fedora
) pi pinentry-gtk
;;
159 *) : ;; # comes default or with other packages
163 arch
) pi firefox pulseaudio
;;
164 *) : ;; # comes default or with other packages
176 arch
) pi ttf-dejavu
;;
177 debian|ubuntu
) pi fonts-dejavu
;;
182 arch|debian|ubuntu
) pi ntp
;;
188 debian|ubuntu
) pi x11-utils
;;
193 arch
) pi virt-install
;;
194 debian|ubuntu
) pi virtinst
;;
200 debian|ubuntu
) pi genisoimage
;;
205 arch
) pi spice-gtk3
;;
206 debian|ubuntu
) pi spice-client-gtk
;;
210 # general known for debian/ubuntu, not for fedora
213 # cdrkit for cloud-init isos
214 # dnsmasq for nat networking in libvirt
215 # qemu for qemu-img, bind-tools for dig
216 pi
unzip wget xorg-xmodmap \
217 bridge-utils dnsmasq qemu bind-tools
219 # otherwise we get error about accessing kvm module.
220 # seems like there might be a better way, but google was a bit vague.
221 s
sed -ri '/^ *user *=/d' /etc
/libvirt
/qemu.conf
222 echo 'user = "root"' | s
tee -a /etc
/libvirt
/qemu.conf
223 # https://bbs.archlinux.org/viewtopic.php?id=206206
224 # # this should prolly go in the wiki
236 arch
) pi virtviewer
;;
237 *) : ;; # other distros have it as a dependency afaik.
244 # ubuntu 14.04 uses b-cron,
245 # but it's not maintained in arch.
246 # of the ones in the main repos, cronie is only one maintained.
247 # fcron appears abandoned software.
251 *) : ;; # other distros come with cron.
256 fedora
) cabal
install shellcheck
;;
258 # unknown for older ubuntu
263 arch|debian|ubuntu
) pi pumpa
;;
264 # others unknown. do have a buildscript:
265 # /a/bin/buildscripts/pumpa ;;
270 debian|ubuntu
) pi android-tools-adb
;;
271 arch
) pi android-tools
;;
272 # other distros unknown
282 # proprietary flash. going without for now
285 # pi flashplugin-nonfree
298 wget http
://tamacom.com
/global
/global-6.3
.2.
tar.gz
301 # based on https://github.com/leoliu/ggtags
302 .
/configure
--with-exuberant-ctags=/usr
/bin
/ctags
305 s pip
install pygments
319 # leave this for last so it doesn't do a bunch of other apps
320 # which I want explicitly installed in case I switch DE's
323 pi task-cinnamon-desktop
324 # in settings, change scrolling to two-finger,
325 # because the default edge scroll doesn\'t work.
332 # already in debian jessie
335 ######### end misc packages #########
338 # packages I once used before and liked, but don't want installed now for
340 # python-sqlite is used for offlineimap
341 # lxappearance python-sqlite dolphin paman dconf-editor
347 # todo, finish configuring smart.
348 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
349 # turn on smart. background on options:
350 # first line, -a = test everyting on all devices.
351 # -S on, turn on disk internal saving of vendor specific info,
352 # from google, seems like this is usually already on and fairly standard.
353 # -o on, turn on 4 hour period non-performance degrading testing.
354 # short test daily 2-3am, extended tests Saturdays between 3-4am:
355 sched
="-s (S/../.././02|L/../../6/03)"
356 s
sed -i "s#^[[:space:]]*DEVICESCAN.*#\
357 DEVICESCAN -a -o on -S on -n standby,q $sched\
358 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc
/smartd.conf
360 # in the default configuration of at least ubuntu 14.04, resolvconf is
361 # configured to order any nameservers associated with tun* or tap*
362 # before the normal internet interfaces, which means they are always
363 # consulted first. This is often slower and undesirable, ie. local dns
364 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
366 #sudo sed -i '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
367 # however, this breaks dns lookup for hosts on the openvpn lan.
368 # I can\'t figure out why hosts on the normal lan would not be
369 # broken under the default ordering, except the host I was
370 # testing with previously had an entry in /etc/hosts.
372 ############# end unfinished
374 ########### misc stuff
376 if [[ `debian-archive` == stable
]]; then
377 s
dd of
=/etc
/apt
/preferences.d
/unison-gtk
<<'EOF'
378 Explanation: Allow unison-gtk to be upgraded
380 Pin: release a=unstable
387 # default is alsa, doesn\'t work with with pianobar
388 s
dd of
=/etc
/libao.conf
<<'EOF'
396 arch|debian|ubuntu
) pi btrbk
;;
400 if [[ $HOSTNAME == treetowl
]] && [[ `debian-archive` != testing
]]; then
401 # fail2 ban is broken, with a workaround, per
402 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
403 # ill wait a while to see if it gets fixed
411 case $
(distro-name
) in
413 # allows me to pipe with ssh -t, and gets rid of spam
414 # http://forums.debian.net/viewtopic.php?f=5&t=85822
415 # i'd rather disable the service than comment the init file
416 # this says disabling the service, it will still get restarted
417 # but this script doesn't do anything on restart, so it should be fine
418 s
dd of
=/var
/run
/motd.dynamic
if=/dev
/null
419 s update-rc.d motd disable
422 # this isn't a complete solution. It still shows me when updates are available,
423 # but it's no big deal.
424 s t
/etc
/update-motd.d
/10-help-text /etc
/update-motd.d
/00-header
430 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
431 # /etc/cron.daily/apt calls unattended-upgrades
432 # /usr/share/doc/unattended-upgrades# cat README.md
433 # /etc/apt/apt.conf.d/50unattended-upgrades
435 pi unattended-upgrades
436 s
dd of
=/etc
/apt
/apt.conf.d
/10periodic
<<'EOF'
437 # this file was mostly just comments.
438 APT::Periodic::Update-Package-Lists "1";
439 APT::Periodic::Download-Upgradeable-Packages "1";
440 APT::Periodic::AutocleanInterval "7";
441 APT::Periodic::Unattended-Upgrade "1";
444 Unattended-Upgrade::Mail "root";
445 Unattended-Upgrade::MailOnlyOnError "true";
446 Unattended-Upgrade::Remove-Unused-Dependencies "true";
447 Unattended-Upgrade::Origins-Pattern {
448 # default is just upgrade main and security, not updates.
450 if isdebian-testing
; then
452 # for testing, only do security updates.
453 "origin=Debian,codename=${distro_codename},label=Debian-Security";
457 # These are stable packages only getting bugfixes anyways.
464 } | s
dd of
=/etc
/apt
/apt.conf.d
/50unattended
-upgrades
470 ######### begin postfix ########
471 # based on,http://www.postfix.org/qmgr.8.html and my notes in gnus
472 # originally tried moving specific directories under /var/spool/postfix,
473 # but postfix didn't like that
474 if [[ ! -L /var
/spool
/postfix
]]; then
476 n
=/q
/postfix-
`distro-name``debian-archive`
478 echo "$0: error: /q/postfix exists but not the link to it"
481 s
mv /var
/spool
/postfix
$n
482 s lnf
-T $n /var
/spool
/postfix
484 journalctl
-n 20 |
cat
488 # This also works instead of ~/.forward
489 # s sed -i '/^root/d' /etc/aliases ||:
490 #echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases
491 # this can't be a symlink and has permission restrictions
492 # it might work in /etc/aliases, but this seems more proper.
494 if s
grep amazonaws
/etc
/postfix
/sasl_passwd
&>/dev
/null
; then
495 forward
=x@sallymae.club
497 forward
=$HOSTNAME@bog.mm.st
499 e
$forward > ~
/.forward
500 e
$forward | s
tee /root
/.forward
503 # if I wanted the from address to be renamed and sent to a different address,
504 # echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
505 # sudo postmap hash:/etc/postfix/recipient_canonical
506 # sudo service postfix reload
509 # i'm assuming mail just won't work on systems without the sasl_passwd.
511 smtp_sasl_auth_enable = yes
512 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
513 smtp_sasl_security_options = noanonymous
514 smtp_tls_security_level = secure
515 message_size_limit = 20480000
516 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
518 # ^ I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
520 s postmap
hash:/etc
/postfix
/sasl_passwd
521 # offlineimap uses this too, it is much easier to use one location than to
522 # condition it's config and postfix's config
524 fedora
) s lnf
-T ca-certificates.crt
/etc
/ssl
/ca-bundle.trust.crt
;;
528 s service postfix reload
531 ############ end postfix #######
535 debian|ubuntu
) s gpasswd
-a ian adm
;; #needed for reading logs
541 # https://www.torproject.org/docs/rpms.html.en
542 # https://www.torproject.org/docs/debian.html.en
543 # todo: figure out if the running service needs to be restarted upon updates
546 # todo on fedora: setup non-dev packages
548 s
dd of
=/etc
/yum.repos.d
/torproject.repo
<<'EOF'
550 name=Tor experimental repo
552 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
554 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
557 name=Tor experimental source repo
560 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
562 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
565 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
566 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
568 /a
/bin
/buildscripts
/tor-browser
571 tu
/etc
/apt
/sources.list
"deb http://deb.torproject.org/torproject.org $(debian-codename) main"
572 gpg
--keyserver keys.gnupg.net
--recv 886DDD89
573 gpg
--export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add
-
575 pi deb.torproject.org-keyring
577 /a
/bin
/buildscripts
/tor-browser
581 /a
/bin
/buildscripts
/tor-browser
584 pi tor tor-browser-en
594 fedora todo: disable the firewall or find a way to automate it.
595 there's an unused section in t.org for tramikssion firewall setup
597 fedora manual config for nfs:
599 change to permanent configuration
600 check the box for nfs
601 was hard to figure this out, not sure if this is all needed, but
603 mountd: udp/tcp 20048
604 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
605 troubleshooting, unblock things in rpcinfo -p
606 make sure to reload the firewall to load the persistent configuration
623 if [[ -e /i
/video
]]; then
624 # nohide = export filesystems mounted deeper than the export point
625 # fsid=0 makes this export the "root" export
626 # not documented in the man page, but this means
627 # 1. it can be mounted with a shorthand of server:/
628 # 2. exports that are subdirectories of this one will automatically be mounted
629 tu
/etc
/exports
'/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
631 showmount
-e localhost
636 f
=/a
/bin
/$HOSTNAME-crontab