iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
various minor improvements
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35
36 distro=$(distro-name)
37
38 pending_reboot=false
39
40 # template
41 case $distro in
42 esac
43
44 pup
45
46 simple_packages=(
47 htop
48 mailutils
49 nmon
50 rdiff-backup
51 ruby
52 ruby-rest-client
53 tree
54 vim
55 )
56
57 case $HOSTNAME in
58 lj|li) : ;;
59 *)
60 # universal packages
61 # swh-plugins is for karaoke pulsaudio filter.
62 # mutagen for pithos
63 simple_packages+=(
64 apache2
65 bwm-ng
66 chromium
67 debconf-doc
68 duplicity
69 eclipse
70 evince
71 fdupes
72 filelight
73 gcc-doc
74 gdb
75 gitk
76 goaccess
77 gnome-screenshot
78 i3lock
79 jq
80 locate
81 manpages
82 manpages-dev
83 meld
84 nmap
85 offlineimap
86 p7zip
87 paprefs
88 pavucontrol
89 pdfgrep
90 pianobar
91 pidgin
92 python3-mutagen
93 squashfs-tools
94 swh-plugins
95 tcpdump
96 transmission-remote-gtk
97 vlc
98 )
99 ;;
100 esac
101
102
103
104 ########### begin section including li ################
105
106
107 case $distro in
108 debian)
109 if [[ `debian-archive` == testing ]]; then
110 pi acme-tiny
111 fi
112 esac
113
114 case $distro in
115 fedora) spa unrar ;;
116 *) spa unrar-free ;;
117 esac
118
119
120 case $distro in
121 arch)
122 # ubuntu 14.04 uses b-cron,
123 # but its not maintained in arch.
124 # of the ones in the main repos, cronie is only one maintained.
125 # fcron appears abandoned software.
126 pi cronie
127 sgo cronie
128 ;;
129 *) : ;; # other distros come with cron.
130 esac
131
132
133 case $distro in
134 debian|ubuntu)
135 pi debian-goodies
136 ;;
137 esac
138
139
140 case $distro in
141 *) pi at ;;&
142 arch) sgo atd ;;
143 esac
144
145
146 case $distro in
147 debian) pi curl;;
148 arch) : ;;
149 # fedora: unknown
150 esac
151
152 case $distro in
153 # tk for gitk
154 arch) spa git tk ;;
155 *) spa git ;;
156 esac
157
158 case $distro in
159 arch) spa the_silver_searcher ;;
160 debian|ubuntu) spa silversearcher-ag ;;
161 # fedora unknown
162 esac
163
164 case $distro in
165 debian|ubuntu) spa ntp;;
166 arch)
167 pi ntp
168 sgo ntpd
169 ;;
170 # others unknown
171 esac
172
173
174 # no equivalent in other distros:
175 case $distro in
176 debian|ubuntu)
177 pi apt-file aptitude
178 s apt-file update
179 # for debconf-get-selections
180 spa debconf-utils
181 ;;
182 esac
183
184 case $distro in
185 ubuntu|debian) spa ack-grep ;;
186 arch|fedora) spa ack ;;
187 # fedora unknown
188 esac
189
190 case $distro in
191 arch|debian|ubuntu)
192 spa bash-completion
193 ;;
194 # others unknown
195 esac
196
197
198
199
200
201 # disable motd junk.
202 case $(distro-name) in
203 debian)
204 # allows me to pipe with ssh -t, and gets rid of spam
205 # http://forums.debian.net/viewtopic.php?f=5&t=85822
206 # i'd rather disable the service than comment the init file
207 # this says disabling the service, it will still get restarted
208 # but this script doesn't do anything on restart, so it should be fine
209 s dd of=/var/run/motd.dynamic if=/dev/null
210 # stretch doesn't have initscripts pkg installed by default
211 if [[ $(debian-codename) == jessie ]]; then
212 s update-rc.d motd disable
213 fi
214 ;;
215 ubuntu)
216 # this isn't a complete solution. It still shows me when updates are available,
217 # but it's no big deal.
218 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
219 ;;
220 esac
221
222 # automatic updates
223 # reference:
224 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
225 # /etc/cron.daily/apt calls unattended-upgrades
226 # /usr/share/doc/unattended-upgrades# cat README.md
227 # /etc/apt/apt.conf.d/50unattended-upgrades
228 if isdebian; then
229 setup-debian-auto-update
230 fi
231
232 # we've got a few dependencies later on, so install them now.
233 pi "${simple_packages[@]}"
234 simple_packages=()
235
236 case $HOSTNAME in
237 lj|li)
238
239 case $HOSTNAME in
240 lj) domain=iank.bid ;;
241 li) domain=iankelling.org ;;
242 esac
243 /a/h/setup.sh $domain
244 /a/h/build.rb
245
246 sudo -E /a/bin/mediawiki-setup/mw-setup-script
247 #$src/phab-setup
248
249 echo "$0: $(date): ending now)"
250 exit 0
251 ;;
252 esac
253
254 ########### end section including li/lj ###############
255
256
257
258 ## android studio setup
259 # this contains the setting for android sdk to point to
260 # /a/opt/androidsdk, which is asked upon first run
261 lnf /a/opt/.AndroidStudio2.2 ~
262 # android site says it needs a bunch of packages for ubuntu,
263 # but I googled for debian, and someone says you just need lib32stdc++6 plus the
264 # jdk
265 # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
266 # see w.org for more android studio details
267 spa lib32stdc++6 default-jdk
268
269
270 if [[ $HOSTNAME == frodo ]]; then
271 case $distro in
272 ubunut|debian)
273 pi libsqlite3-dev
274 cd /a/opt/duperemove
275 make clean
276 make
277 s make install
278 ;;
279 #others unknown
280 esac
281 fi
282
283 case $distro in
284 arch) pi syncthing ;;
285 ubuntu|debian)
286 # testing has relatively up to date packages
287 if ! isdebian-testing; then
288 # based on error when doing apt-get update:
289 # E: The method driver /usr/lib/apt/methods/https could not be found.
290 pi apt-transport-https
291 # google led me here:
292 # https://apt.syncthing.net/
293 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
294 s="deb http://apt.syncthing.net/ syncthing release"
295 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
296 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
297 p update
298 fi
299 fi
300 pi syncthing
301 ;;
302 esac
303 # installed via f-droid
304 # top right, actions, device id
305 #
306 # for installing on a remote comp:
307 # ssh -L 8384:localhost:8384 -N frodo
308 # went to http://localhost:8384/
309 #
310 # add folder to sync phone,
311 # staggered file versioning would be my normal choice, but choose
312 # trash can versioning for sake of space on phone, with
313 # clean out after 7 days.
314 #
315 # did:
316 # ser start syncthing@ian
317 # then on phone, add device, hit bar code icon,
318 # install bar code scanner.
319
320
321 # no equivalent in other distros:
322 case $distro in
323 debian|ubuntu)
324 # for gui bug reporting
325 spa python-vte
326 ;;
327 esac
328
329
330 ####### misc packages ###########
331
332 if [[ $HOSTNAME == treetowl ]]; then
333 case $distro in
334 debian|ubuntu)
335 # note i had to do this, which is persistent:
336 # cd /i/k
337 # s chgrp debian-transmission torrents partial-torrents
338
339 # syslog says things like
340 # 'Failed to set receive buffer: requested 4194304, got 425984'
341 # google suggets giving it even more than that
342 tu /etc/sysctl.conf<<'EOF'
343 net.core.rmem_max = 67108864
344 net.core.wmem_max = 16777216
345 EOF
346 s sysctl -p
347
348 # some reason it doesn't seem to start automatically anyways
349 pi-nostart transmission-daemon
350 #
351 # config file documented here, and it's the same config
352 # for daemon vs client, so it's documented in the gui.
353 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
354 #
355 # I originaly setup rpc-whitelist, but after using
356 # routing to a network namespace, it doesn't see the
357 # real source address, so it's disabled.
358 # todo: setup a password.
359 s ruby <<'EOF'
360 require 'json'
361 p = '/etc/transmission-daemon/settings.json'
362 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
363 'rpc-whitelist-enabled' => false,
364 'rpc-authentication-required' => false,
365 'incomplete-dir' => '/k/partial-torrents',
366 'incomplete-dir-enabled' => true,
367 'download-dir' => '/i/k/torrents',
368 "speed-limit-up" => 700,
369 "speed-limit-up-enabled" => true,
370 "peer-port" => 61486,
371 "ratio-limit" => 1.4000,
372 "ratio-limit-enabled" => false,
373 "pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
374 })) + "\n")
375 EOF
376
377 # make sure its not enabled, not sure if this is needed
378 ser disable transmission-daemon
379 sgo transmission-daemon-nn
380 ;;
381 # todo: others unknown
382 esac
383 fi
384
385 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
386 if ! getent passwd debian-transmission > /dev/null; then
387 case $distro in
388 arch)
389 s useradd \
390 --system \
391 --create-home \
392 --home-dir /var/lib/transmission-daemon \
393 --shell /bin/false \
394 debian-transmission
395 ;;
396 *)
397 s adduser --quiet \
398 --system \
399 --group \
400 --no-create-home \
401 --disabled-password \
402 --home /var/lib/transmission-daemon \
403 debian-transmission
404 ;;
405 esac
406 fi
407
408 # dunno why it's there, but get rid of it
409 case $HOSTNAME in
410 li|lj) s rm -rf /home/linode ;;
411 esac
412
413 # arch had a default config,
414 # debian had nothing until you start it.
415 # With a little trial an error, here is a minimal config
416 # taken from the generated one, plus changes that the
417 # settings ui does, without a bunch of ui crap settings.
418 #
419 # only settings I set were
420 # hostname
421 # auto-connect
422 for f in /home/*; do
423 d=$f/.config/transmission-remote-gtk
424 u=${f##*/}
425 s -u $u mkdir -p $d
426 s -u $u dd of=$d/config.json <<'EOF'
427 {
428 "profiles" : [
429 {
430 "profile-name" : "Default",
431 "hostname" : "treetowl",
432 "rpc-url-path" : "/transmission/rpc",
433 "username" : "",
434 "password" : "",
435 "auto-connect" : true,
436 "ssl" : false,
437 "timeout" : 40,
438 "retries" : 3,
439 "update-active-only" : false,
440 "activeonly-fullsync-enabled" : false,
441 "activeonly-fullsync-every" : 2,
442 "update-interval" : 3,
443 "min-update-interval" : 3,
444 "session-update-interval" : 60,
445 "exec-commands" : [
446 ],
447 "destinations" : [
448 ]
449 }
450 ],
451 "profile-id" : 0,
452 "add-options-dialog" : false
453 }
454 EOF
455 done
456
457 case $distro in
458 debian|ubuntu)
459 # suggests because we want the resolvconf package.
460 # todo: check other distros to make sure it's installed
461 pi-nostart --install-suggests openvpn
462 # pi-nostart this doesnt seem to be good enough?
463 ser disable openvpn@client
464 ser disable openvpn
465 ;;
466 *) pi openvpn;;
467 esac
468
469 pi wget
470 case $HOSTNAME in
471 tp|frodo)
472 case $distro in
473 debian|ubuntu)
474 log=$(mktemp)
475 cd /a/opt
476 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
477 errallow
478 set -o pipefail
479 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
480 code=$?
481 errcatch
482 case $code in
483 0) : ;;
484 *)
485 # previously I had a more specific search, but dpkg
486 # changed it's output as of 7/2016
487 if grep 'dependency problems' \
488 $log &>/dev/null; then
489 s apt-get -fy install
490 else
491 exit 1
492 fi
493 ;;
494 esac
495 ;;
496 arch)
497 pi google-chrome
498 ;;
499 esac
500 ;;
501 esac
502
503 # printer
504 case $distro in
505 arch)
506 pi cups ghostscript gsfonts # from arch wiki cups page
507 pi hplip # from google
508 s gpasswd -a $USER sys # from arch wiki
509 sgo org.cups.cupsd.service
510 # goto http://127.0.0.1:631
511 # administration tab, add new printer button.
512 # In debian, I could use hte recommended driver,
513 # in arch, I had to pick out the 6L driver.
514 ;;
515 debian|ubuntu)
516 spa hplip
517 ;;
518 # other distros unknown
519 esac
520
521
522 case $distro in
523 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
524 fedora|arch) spa mairix notmuch ;;
525 esac
526 case $distro in
527 arch) spa nfs-utils ;;
528 ubuntu|debian) spa nfs-client ;;
529 esac
530 case $distro in
531 ubuntu|debian) spa par2 ;;
532 arch|fedora) spa par2cmdline ;;
533 esac
534
535 # needed for my tex resume
536 case $distro in
537 ubuntu|debian) spa texlive-full ;;
538 arch) spa texlive-most ;;
539 # fedora unknown
540 esac
541
542 case $distro in
543 ubuntu)
544 # flash, unrar, codecs, ms fonts.
545 # This has a manual prompt.
546 spa ubuntu-restricted-extras
547 ;;
548 fedora)
549 pi yum-utils
550 # rpm fusion recommended codecs
551 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
552 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
553 xine-lib-extras-freeworld
554 ;;
555 esac
556
557 case $distro in
558 # optional dep for firefox for h.264 video
559 arch) spa gst-libav ;;
560 # other distros, probably come by default
561 esac
562
563 case $distro in
564 fedora|ubuntu|debian) spa gnupg-agent ;;
565 arch) : ;;
566 esac
567
568
569 case $distro in
570 fedora) spa pinentry-gtk ;;
571 *) : ;; # comes default or with other packages
572 esac
573
574 case $distro in
575 arch) spa firefox pulseaudio;;
576 *) : ;; # comes default or with other packages
577 esac
578
579
580 case $distro in
581 arch) spa ttf-dejavu;;
582 debian|ubuntu) spa fonts-dejavu ;;
583 # others unknown
584 esac
585
586
587 case $distro in
588 arch) spa xorg-xev;;
589 debian|ubuntu) spa x11-utils ;;
590 # others unknown
591 esac
592
593 case $distro in
594 arch) pi virt-install;;&
595 debian|ubuntu) pi virtinst ;;&
596 *) pi virt-manager ;; # creates the libvirt group in debian at least
597 # others unknown
598 esac
599 # allow user to run vms, from debian handbook
600 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
601 # bridge networking as user fails. google lead here, but it doesn't work:
602 # oh well, I give up.
603 # http://wiki.qemu.org/Features-Done/HelperNetworking
604 # s mkdir /etc/qemu
605 # f=/etc/qemu/bridge.conf
606 # s dd of=$f <<'EOF'
607 # allow br0
608 # EOF
609 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
610 # s chmod 640 $f
611
612
613 case $distro in
614 arch) spa cdrkit;;
615 debian|ubuntu) spa genisoimage;;
616 # others unknown
617 esac
618
619 case $distro in
620 arch) spa spice-gtk3 ;;
621 debian|ubuntu) spa spice-client-gtk;;
622 # others unknown
623 esac
624
625 # general known for debian/ubuntu, not for fedora
626 case $distro in
627 arch)
628 # cdrkit for cloud-init isos
629 # dnsmasq & ebtables for nat networking in libvirt
630 # qemu for qemu-img, bind-tools for dig
631 # dmidecode just because syslog complains
632 pi unzip xorg-xmodmap dmidecode ebtables\
633 bridge-utils dnsmasq qemu bind-tools
634 # otherwise we get error about accessing kvm module.
635 # seems like there might be a better way, but google was a bit vague.
636 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
637 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
638 # https://bbs.archlinux.org/viewtopic.php?id=206206
639 # # this should prolly go in the wiki
640 sgo virtlogd.socket
641 # guessing this is not needed
642 #sgo virtlogd.service
643 sgo libvirtd
644
645 ;;
646 esac
647
648 case $distro in
649 arch) pi virtviewer ;;
650 *) : ;; # other distros have it as a dependency afaik.
651 esac
652
653
654
655 case $distro in
656 fedora) cabal install shellcheck ;;
657 *) spa shellcheck ;;
658 # unknown for older ubuntu
659 esac
660
661
662 case $distro in
663 arch|debian|ubuntu) spa pumpa ;;
664 # others unknown. do have a buildscript:
665 # /a/bin/buildscripts/pumpa ;;
666 esac
667
668
669 case $distro in
670 debian|ubuntu) spa android-tools-adb/unstable ;;
671 arch) spa android-tools ;;
672 # other distros unknown
673 esac
674
675 case $distro in
676 debian)
677 if [[ `debian-archive` == testing ]]; then
678 # has no unstable dependencies
679 spa bitcoin-qt/unstable
680 fi
681 ;;
682 s cp /a/opt/bitcoin/contrib/init/bitcoind.service /usr/lib/systemd/system
683 ser daemon-reload
684 sgo bitcoind
685
686 s mkdir -p $dir
687 s touch $f
688 s chmod -R o-rwx $dir
689 s chown -R bitcoin:bitcoin $dir
690 s dd of=$f <<EOF
691 rpcbind=127.0.0.1
692 server=1
693 rpcpassword=$(openssl rand -base64 32)
694 rpcuser=$(openssl rand -base64 32)
695
696 # Joinmarket
697 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
698 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
699 EOF
700 # other distros unknown
701 esac
702 if [[ $HOSTNAME == treetowl ]]; then
703 # dunno about sharing a wallet between multiple instances
704
705 sgo bitcoind
706 fi
707
708
709
710
711 # proprietary flash. going without for now
712 # case $distro in
713 # debian)
714 # pi flashplugin-nonfree
715 # esac
716
717
718
719 case $distro in
720 fedora)
721 cd $(mktemp -d)
722 wget http://tamacom.com/global/global-6.3.2.tar.gz
723 ex global*
724 cd global-6.3.2
725 # based on https://github.com/leoliu/ggtags
726 ./configure --with-exuberant-ctags=/usr/bin/ctags
727 make
728 s make install
729 s pip install pygments
730 ;;
731 *)
732 pi global
733 ;;&
734 arch)
735 pi python2-pygments
736 ;;
737 debian|ubuntu)
738 pi python-pygments
739 ;;
740 esac
741
742
743 case $distro in
744 debian)
745 pi task-cinnamon-desktop
746 # in settings, change scrolling to two-finger,
747 # because the default edge scroll doesn\'t work.
748 pu transmission-gtk
749 ;;
750 # others unknown
751 esac
752
753 case $distro in
754 arch) spa apg ;;
755
756 # already in debian jessie
757 esac
758
759
760
761
762 # note this failed running at the beginning of this file,
763 # because no systemd user instance was running.
764 # Doing systemd --user resulted in
765 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
766
767 if isdebian-testing; then
768 # as of 7/2016, has no unstable deps, and is not in testing anymore.
769 pi synergy/unstable
770 else
771 pi synergy
772 fi
773
774 # case $distro in
775 # # ubuntu unknown. probably the same as debian, just check if the
776 # # init scripts come with the package.
777 # debian)
778 # # copied from arch, but moved to etc
779 # s dd of=/etc/systemd/user/synergys.service <<'EOF'
780 # [Unit]
781 # Description=Synergy Server Daemon
782 # After=network.target
783
784 # [Service]
785 # User=%i
786 # ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
787 # Restart=on-failure
788
789 # [Install]
790 # WantedBy=multi-user.target
791 # EOF
792 # s dd of=/etc/systemd/user/synergys.socket <<'EOF'
793 # [Unit]
794 # Conflicts=synergys@.service
795
796 # [Socket]
797 # ListenStream=24800
798 # Accept=false
799
800 # [Install]
801 # WantedBy=sockets.target
802 # EOF
803 # # had this fail with 'Failed to connect to bus: No such file or directory'
804 # # then when I tried it manually, it worked fine...
805 # if ! systemctl --user daemon-reload; then
806 # sleep 2
807 # echo retrying systemd user daemon reload
808 # systemctl --user daemon-reload
809 # fi
810 # ;;&
811 # *)
812 # # taken from arch wiki.
813 # s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
814 # [Unit]
815 # Description=Synergy Client
816 # After=network.target
817
818 # [Service]
819 # User=%i
820 # ExecStart=/usr/bin/synergyc --no-daemon frodo
821 # Restart=on-failure
822 # # per man systemd.unit, StartLimitInterval, by default we
823 # # restart more than 5 times in 10 seconds.
824 # # And this param defaults too 200 miliseconds.
825 # RestartSec=3s
826
827 # [Install]
828 # WantedBy=multi-user.target
829 # EOF
830 # s systemctl daemon-reload
831 # case $HOSTNAME in
832 # x2|treetowl)
833 # ser enable synergyc@ian
834 # ser start synergyc@ian ||: # X might not be running yet
835 # ;;
836 # frodo)
837 # systemctl --user start synergys ||:
838 # systemctl --user enable synergys
839 # ;;
840 # esac
841 # ;;
842 # esac
843
844
845 ######### end misc packages #########
846
847
848 # packages I once used before and liked, but don't want installed now for
849 # various reasons:
850 # python-sqlite is used for offlineimap
851 # lxappearance python-sqlite dolphin paman dconf-editor
852
853
854
855 ######## unfinished
856
857 # todo, finish configuring smart.
858
859 pi smartmontools
860 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
861 # turn on smart. background on options:
862 # first line, -a = test everyting on all devices.
863 # -S on, turn on disk internal saving of vendor specific info,
864 # from google, seems like this is usually already on and fairly standard.
865 # -o on, turn on 4 hour period non-performance degrading testing.
866 # short test daily 2-3am, extended tests Saturdays between 3-4am:
867 sched="-s (S/../.././02|L/../../6/03)"
868 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
869 DEVICESCAN -a -o on -S on -n standby,q $sched \
870 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
871
872 # in the default configuration of at least ubuntu 14.04, resolvconf is
873 # configured to order any nameservers associated with tun* or tap*
874 # before the normal internet interfaces, which means they are always
875 # consulted first. This is often slower and undesirable, ie. local dns
876 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
877 # can do:
878 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
879 # however, this breaks dns lookup for hosts on the openvpn lan.
880 # I can\'t figure out why hosts on the normal lan would not be
881 # broken under the default ordering, except the host I was
882 # testing with previously had an entry in /etc/hosts.
883
884 ############# end unfinished
885
886 ########### misc stuff
887
888
889 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
890 # all things found from looking around the default config
891 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
892 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
893 time-format %H:%M:%S
894 date-format %d/%b/%Y
895 log-file /var/log/apache2/access.log
896 color-scheme 2
897
898 # tip: copy access.log files to a stretch host directory, then run
899 # jessie's goaccess is too old for some options, and it's
900 # not easily installed from a testing.
901 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
902 EOF
903
904
905 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
906 /a/bin/vpn-setup/vpn-mk-client-cert dopub
907 # route lan traffic from inside the network namespace.
908 tu /etc/openvpn/client.conf "route 192.168.1.0 255.255.255.0 net_gateway"
909 fi
910
911
912 case $distro in
913 debian|ubuntu)
914 case `debian-archive` in
915 stable)
916 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
917 Explanation: Allow unison-gtk to be upgraded
918 Package: unison-gtk
919 Pin: release a=unstable
920 Pin-Priority: 500
921 EOF
922 # dont think using testing is needed since I figured out how to
923 # deal with mismatching unison compilers, but I dont
924 # see any reason to revert it, since it only installs
925 # a single package which is primarily a single binary
926 ;;
927 esac
928 pi unison/testing
929 pi unison-gtk/testing # after to make it the default unison
930 ;;
931 arch)
932 pi unison gtk2
933 ;;
934 esac
935
936 case $distro in
937 arch)
938 # default is alsa, doesn\'t work with with pianobar
939 s dd of=/etc/libao.conf <<'EOF'
940 default_driver=pulse
941 EOF
942 ;;
943 esac
944
945 # note, for jessie, it depends on a higher version of btrfs-tools.
946 #
947 # # disabled due to my patch being in btrbk
948 # case $distro in
949 # arch|debian|ubuntu) pi btrbk ;;
950 # # others unknown
951 # esac
952 cd /a/opt/btrbk
953 s make install
954 spa pv # for progress bar when running interactively.
955 if [[ $HOSTNAME == treetowl ]]; then
956 # backup/sync manually on others hosts for now.
957 sgo btrbk.timer
958 # note: to see when it was last run,
959 # ser list-timers
960 fi
961
962 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
963 # fail2 ban is broken, with a workaround, per
964 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
965 # ill wait a while to see if it gets fixed
966 pi fail2ban
967 sgo fail2ban
968 fi
969
970
971
972
973
974 case $distro in
975 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
976 esac
977
978 # tor
979 case $distro in
980 # based on
981 # https://www.torproject.org/docs/rpms.html.en
982 # https://www.torproject.org/docs/debian.html.en
983 # todo: figure out if the running service needs to be restarted upon updates
984
985
986 # todo on fedora: setup non-dev packages
987 fedora)
988 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
989 [tor]
990 name=Tor experimental repo
991 enabled=1
992 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
993 gpgcheck=1
994 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
995
996 [tor-source]
997 name=Tor experimental source repo
998 enabled=1
999 autorefresh=0
1000 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
1001 gpgcheck=1
1002 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1003 EOF
1004
1005 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
1006 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
1007 sgo tor
1008 /a/bin/buildscripts/tor-browser
1009 ;;
1010 ubuntu)
1011 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
1012 gpg --keyserver keys.gnupg.net --recv 886DDD89
1013 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
1014 p update
1015 pi deb.torproject.org-keyring
1016 pi tor
1017 /a/bin/buildscripts/tor-browser
1018 ;;
1019 debian)
1020 pi tor
1021 /a/bin/buildscripts/tor-browser
1022 ;;
1023 arch)
1024 pi tor tor-browser-en
1025 sgo tor
1026 ;;
1027 # ubuntu unknown
1028 esac
1029
1030 # nfs server
1031 case $distro in
1032 fedora)
1033 end_msg <<'EOF'
1034 fedora todo: disable the firewall or find a way to automate it.
1035 there's an unused section in t.org for tramikssion firewall setup
1036
1037 fedora manual config for nfs:
1038 s firewall-config
1039 change to permanent configuration
1040 check the box for nfs
1041 was hard to figure this out, not sure if this is all needed, but
1042 unblock these too
1043 mountd: udp/tcp 20048
1044 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
1045 troubleshooting, unblock things in rpcinfo -p
1046 make sure to reload the firewall to load the persistent configuration
1047
1048
1049 EOF
1050 pi nfs-utils
1051 sgo nfs-server
1052 ;;
1053 debian|ubuntu)
1054 pi nfs-server
1055 ;;
1056 arch)
1057 pi nfs-utils || pending_reboot=true
1058 sgo rpcbind
1059 # this failed until I rebooted
1060 sgo nfs-server
1061 ;;
1062 esac
1063
1064 if [[ $HOSTNAME == treetowl ]]; then
1065 # nohide = export filesystems mounted deeper than the export point
1066 # fsid=0 makes this export the "root" export
1067 # not documented in the man page, but this means
1068 # 1. it can be mounted with a shorthand of server:/
1069 # 2. exports that are subdirectories of this one will automatically be mounted
1070 tu /etc/exports <<'EOF'
1071 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
1072 EOF
1073 s exportfs -rav
1074 fi
1075
1076
1077 e "$end_msg_var"
1078
1079
1080 # persistent virtual machines
1081
1082 case $distro in
1083 debian|ubuntu)
1084 pi libosinfo-bin;
1085 ;;
1086 esac
1087
1088 # distro may not know about win 10 yet.
1089 variant=win7
1090 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1091 for v in 10 8.1 8; do
1092 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1093 variant=win$v
1094 break
1095 fi
1096 done
1097 fi
1098
1099 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1100
1101 # created account with
1102 # win10vmian@outlook.com, and easy to remember password
1103 # win 10 virtio, makes disk way way way faster
1104 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1105 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1106 # for installing virtio after initial install instead of with initial iso:
1107 # qemu-img create -f qcow2 fake.qcow2 1G
1108 # --disk=/a/images/virtio-win.iso,device=cdrom \
1109 # --disk=/a/images/fake.qcow2,bus=virtio
1110 # Also,
1111 # went to device manager, saw 2 pci devices with yellow !,
1112 # did search for drivers, pick cdrom location, done.
1113 #
1114 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1115 # google said there was a control panel option for it, but
1116 # that turned out to be a lie.
1117 # Put this in a .bat file and run as administrator to turn off
1118 # hyberboot which fucks things up.
1119 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1120 # power settings, turn off display: never
1121 # run "control userpasswords2", turn on automatic login.
1122 # note: when changing devices, I just undefine, the create the vm again.
1123
1124 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1125 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1126 -n win10 --import --os-variant $variant --cpu host-model-only
1127
1128 s virsh destroy win10
1129
1130 # this one hasn\'t had the virtio fix done yet.
1131 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1132 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1133 -n win7 --import --os-variant win7 --cpu host-model-only
1134 s virsh destroy win7
1135 # had a problem with --cpu host, so trying out
1136 # --cpu host-model-only
1137
1138 fi
1139
1140
1141 if [[ $HOSTNAME == treetowl ]]; then
1142 pi samba
1143 # note samba re-reads it\'s config every 1 minute
1144 case $distro in
1145 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1146 esac
1147
1148 # add 2 lines after workgroup option
1149 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1150 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1151 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1152 # remove default homes section. not sharing that.
1153 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1154
1155 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1156 s tee -a /etc/samba/smb.conf <<'EOF'
1157 [public]
1158 guest ok = yes
1159 read only = no
1160 path = /kr
1161 EOF
1162 fi
1163
1164 case $distro in
1165 debian|ubuntu)
1166 # systemd claims it generates units from /etc/init.d, but it
1167 # clearly doesn\'t in debian. I have no idea how they are
1168 # related. fuck debian right now. It\'s not documented. samba
1169 # has a systemd init file linked to /dev/null. There\'s this
1170 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1171 # claims samba\'s sub-services will be started automatically by
1172 # systemd... it didn\'t on install, wonder if it will on
1173 # boot. It clued me in how to start it manually though. Nothing
1174 # in /usr/share/doc/samba, debian admin guide says nothing about
1175 # any of this. (this is in debian testing as of 4/2016).
1176
1177 s /etc/init.d/samba start
1178 ;;
1179 arch)
1180 sgo samba
1181 ;;
1182 esac
1183 fi
1184
1185 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1186
1187
1188 ######### begin stuff belonging at the end ##########
1189
1190
1191 # Apps we want to override others for default file handler:
1192 # simplest way in debian is to just install them last.
1193 simple_packages+=(
1194 mpv
1195 )
1196
1197 case $distro in
1198 ubuntu|debian)
1199 spa spacefm-gtk3 ;;
1200 arch)
1201 spa spacefm ;;
1202 esac
1203
1204
1205 pi "${simple_packages[@]}"
1206
1207
1208 if $pending_reboot; then
1209 echo "$0: pending reboot and then finished. doing it now."
1210 s reboot now
1211 else
1212 echo "$0: $(date): ending now)"
1213 fi
~16k lines of my .bashrc + lots of my configs