iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fixup unison dir, auto-updates setup in separate repo
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3 # This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
4 errcatch
5
6 set -x
7
8 exec &> >(sudo tee -a /var/log/distro-end)
9 echo "$0: $(date): starting now)"
10
11 src="${BASH_SOURCE%/*}"
12
13 end_msg() {
14 = local y
15 IFS= read -r -d '' y ||:
16 end_msg_var+="$y"
17 }
18
19 spa() { # simple package add
20 simple_packages+=($@)
21 }
22
23 distro=$(distro-name)
24
25 pending_reboot=false
26
27 # template
28 case $distro in
29 esac
30
31 pup
32
33 simple_packages=(
34 htop
35 mailutils
36 nmon
37 ruby
38 ruby-rest-client
39 tree
40 vim
41 )
42
43 case $HOSTNAME in
44 lj|li) : ;;
45 *)
46 # universal packages
47 # swh-plugins is for karaoke pulsaudio filter.
48 simple_packages+=(
49 apache2
50 bwm-ng
51 chromium
52 duplicity
53 evince
54 fdupes
55 filelight
56 gdb
57 gnome-screenshot
58 jq
59 locate
60 meld
61 offlineimap
62 p7zip
63 paprefs
64 pavucontrol
65 pdfgrep
66 pianobar
67 pidgin
68 rdiff-backup
69 slock
70 squashfs-tools
71 swh-plugins
72 tcpdump
73 transmission-remote-gtk
74 vlc
75 )
76 ;;
77 esac
78
79
80
81 ########### begin section including lj ################
82
83
84 case $distro in
85 fedora) spa unrar ;;
86 *) spa unrar-free ;;
87 esac
88
89
90 case $distro in
91 arch)
92 # ubuntu 14.04 uses b-cron,
93 # but its not maintained in arch.
94 # of the ones in the main repos, cronie is only one maintained.
95 # fcron appears abandoned software.
96 pi cronie
97 sgo cronie
98 ;;
99 *) : ;; # other distros come with cron.
100 esac
101
102
103 case $distro in
104 debian|ubuntu)
105 pi debian-goodies
106 ;;
107 esac
108
109
110 case $distro in
111 *) pi at ;;&
112 arch) sgo atd ;;
113 esac
114
115
116 case $distro in
117 debian) pi curl;;
118 arch) : ;;
119 # fedora: unknown
120 esac
121
122 case $distro in
123 # tk for gitk
124 arch) spa git tk ;;
125 *) spa git ;;
126 esac
127
128 case $distro in
129 arch) spa the_silver_searcher ;;
130 debian|ubuntu) spa silversearcher-ag ;;
131 # fedora unknown
132 esac
133
134 case $distro in
135 debian|ubuntu) spa ntp;;
136 arch)
137 pi ntp
138 sgo ntpd
139 ;;
140 # others unknown
141 esac
142
143
144 # no equivalent in other distros:
145 case $distro in
146 debian|ubuntu)
147 pi apt-file aptitude
148 s apt-file update
149 # for debconf-get-selections
150 spa debconf-utils
151 ;;
152 esac
153
154 case $distro in
155 ubuntu|debian) spa ack-grep ;;
156 arch|fedora) spa ack ;;
157 # fedora unknown
158 esac
159
160 case $distro in
161 arch|debian|ubuntu)
162 spa bash-completion
163 ;;
164 # others unknown
165 esac
166
167
168
169
170
171 # disable motd junk.
172 case $(distro-name) in
173 debian)
174 # allows me to pipe with ssh -t, and gets rid of spam
175 # http://forums.debian.net/viewtopic.php?f=5&t=85822
176 # i'd rather disable the service than comment the init file
177 # this says disabling the service, it will still get restarted
178 # but this script doesn't do anything on restart, so it should be fine
179 s dd of=/var/run/motd.dynamic if=/dev/null
180 s update-rc.d motd disable
181 ;;
182 ubuntu)
183 # this isn't a complete solution. It still shows me when updates are available,
184 # but it's no big deal.
185 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
186 ;;
187 esac
188
189 # automatic updates
190 # reference:
191 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
192 # /etc/cron.daily/apt calls unattended-upgrades
193 # /usr/share/doc/unattended-upgrades# cat README.md
194 # /etc/apt/apt.conf.d/50unattended-upgrades
195 if isdebian; then
196 debian-setup-auto-update
197 fi
198
199 # cron
200 /a/bin/crons/all
201
202
203 case $HOSTNAME in
204 lj|li)
205
206 pi "${simple_packages[@]}"
207 case $HOSTNAME in
208 lj) domain=iank.bid ;;
209 li) domain=iankelling.org ;;
210 esac
211 homepage-setup $domain
212 s rld /a/h/_site/ /var/www/$domain/html
213
214 curl https://$domain/git/?p=mediawiki-setup/.git;a=blob_plain;f=mw-setup-script;hb=HEAD | bash
215 $src/phab-setup
216
217
218 echo "$0: $(date): ending now)"
219 exit 0
220 ;;
221 esac
222
223 ########### end section including li/lj ###############
224
225
226 case $distro in
227 arch) pi syncthing ;;
228 ubuntu|debian)
229 # google led me here:
230 # https://apt.syncthing.net/
231 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
232 s="deb http://apt.syncthing.net/ syncthing release"
233 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
234 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
235 p update
236 fi
237 pi syncthing
238 ;;
239 esac
240 # installed via f-droid
241 # top right, actions, device id
242 #
243 # for installing on a remote comp:
244 # ssh -L 8384:localhost:8384 -N frodo
245 # went to http://localhost:8384/
246 #
247 # add folder to sync phone,
248 # staggered file versioning would be my normal choice, but choose
249 # trash can versioning for sake of space on phone, with
250 # clean out after 7 days.
251 #
252 # did ser syncthing@ian start
253 # then on phone, add device, hit bar code icon,
254 # install bar code scanner.
255
256
257 # no equivalent in other distros:
258 case $distro in
259 debian|ubuntu)
260 # for gui bug reporting
261 spa python-vte
262 ;;
263 esac
264
265
266 ####### misc packages ###########
267
268
269 if [[ $HOSTNAME == frodo ]]; then
270 case $distro in
271 debian|ubuntu)
272 # note i had to do this, which is persistent:
273 # cd /i/k
274 # s chgrp debian-transmission torrents partial-torrents
275
276 # syslog says things like
277 # 'Failed to set receive buffer: requested 4194304, got 425984'
278 # google suggets giving it even more than that
279 tu /etc/sysctl.conf<<'EOF'
280 net.core.rmem_max = 67108864
281 net.core.wmem_max = 16777216
282 EOF
283 s sysctl -p
284
285 # some reason it doesn't seem to start automatically anyways
286 pi-nostart transmission-daemon
287 # config file documented here, and it's the same config
288 # for daemon vs client, so it's documented in the gui.
289 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
290 s ruby <<'EOF'
291 require 'json'
292 p = '/etc/transmission-daemon/settings.json'
293 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
294 'rpc-whitelist' => '127.0.0.1,192.168.1.*',
295 'rpc-authentication-required' => false,
296 'incomplete-dir' => '/i/k/partial-torrents',
297 'download-dir' => '/i/k/torrents',
298 "speed-limit-up" => 700,
299 "speed-limit-up-enabled" => true,
300 "ratio-limit" => 1.4000,
301 "ratio-limit-enabled" => true,
302 })) + "\n")
303 EOF
304 sgo transmission-daemon
305 ;;
306 arch)
307 # todo, setup it's config file & daemon
308 pi transmission-cli
309 ;;
310 esac
311 fi
312
313 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
314 if ! getent passwd debian-transmission > /dev/null; then
315 case $distro in
316 arch)
317 s useradd \
318 --system \
319 --create-home \
320 --home-dir /var/lib/transmission-daemon \
321 --shell /bin/false \
322 debian-transmission
323 ;;
324 *)
325 s adduser --quiet \
326 --system \
327 --group \
328 --no-create-home \
329 --disabled-password \
330 --home /var/lib/transmission-daemon \
331 debian-transmission
332 ;;
333 esac
334 fi
335
336 # dunno why it's there, but get rid of it
337 case $HOSTNAME in
338 li|lj) s rm -rf /home/linode ;;
339 esac
340
341 # arch had a default config,
342 # debian had nothing until you start it.
343 # With a little trial an error, here is a minimal config
344 # taken from the generated one, plus changes that the
345 # settings ui does, without a bunch of ui crap settings.
346 #
347 # only settings I set were
348 # hostname
349 # auto-connect
350 for f in /home/*; do
351 d=$f/.config/transmission-remote-gtk
352 u=${f##*/}
353 s -u $u mkdir -p $d
354 s -u $u dd of=$d/config.json <<'EOF'
355 {
356 "profiles" : [
357 {
358 "profile-name" : "Default",
359 "hostname" : "frodo",
360 "rpc-url-path" : "/transmission/rpc",
361 "username" : "",
362 "password" : "",
363 "auto-connect" : true,
364 "ssl" : false,
365 "timeout" : 40,
366 "retries" : 3,
367 "update-active-only" : false,
368 "activeonly-fullsync-enabled" : false,
369 "activeonly-fullsync-every" : 2,
370 "update-interval" : 3,
371 "min-update-interval" : 3,
372 "session-update-interval" : 60,
373 "exec-commands" : [
374 ],
375 "destinations" : [
376 ]
377 }
378 ],
379 "profile-id" : 0,
380 "add-options-dialog" : false
381 }
382 EOF
383 done
384
385 case $distro in
386 debian|ubuntu)
387 pi-nostart openvpn
388 # pi-nostart this doesnt seem to be good enough?
389 ser disable openvpn@client
390 ser disable openvpn
391 ;;
392 # suggests because we want the resolvconf package
393 *) pi --install-suggests openvpn;;
394 esac
395
396 pi wget
397 case $HOSTNAME in
398 tp|frodo)
399 case $distro in
400 debian|ubuntu)
401 log=$(mktemp)
402 cd /a/opt
403 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
404 errallow
405 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
406 code=$?
407 errcatch
408 case $code in
409 0) : ;;
410 *)
411 if grep '^dpkg: dependency problems prevent configuration of' \
412 $log &>/dev/null; then
413 s apt-get -fy install
414 else
415 exit 1
416 fi
417 ;;
418 esac
419 ;;
420 arch)
421 pi google-chrome
422 ;;
423 esac
424 ;;
425 esac
426
427 # printer
428 case $distro in
429 arch)
430 pi cups ghostscript gsfonts # from arch wiki cups page
431 pi hplip # from google
432 s gpasswd -a $USER sys # from arch wiki
433 sgo org.cups.cupsd.service
434 # goto http://127.0.0.1:631
435 # administration tab, add new printer button.
436 # In debian, I could use hte recommended driver,
437 # in arch, I had to pick out the 6L driver.
438 ;;
439 debian|ubuntu)
440 spa hplip
441 ;;
442 # other distros unknown
443 esac
444
445
446 case $distro in
447 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
448 fedora|arch) spa mairix notmuch ;;
449 esac
450 case $distro in
451 arch) spa nfs-utils ;;
452 ubuntu|debian) spa nfs-client ;;
453 esac
454 case $distro in
455 ubuntu|debian) spa par2 ;;
456 arch|fedora) spa par2cmdline ;;
457 esac
458
459 # needed for my tex resume
460 case $distro in
461 ubuntu|debian) spa texlive-full ;;
462 arch) spa texlive-most ;;
463 # fedora unknown
464 esac
465
466 case $distro in
467 ubuntu)
468 # flash, unrar, codecs, ms fonts.
469 # This has a manual prompt.
470 spa ubuntu-restricted-extras
471 ;;
472 fedora)
473 pi yum-utils
474 # rpm fusion recommended codecs
475 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
476 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
477 xine-lib-extras-freeworld
478 ;;
479 esac
480
481 case $distro in
482 # optional dep for firefox for h.264 video
483 arch) spa gst-libav ;;
484 # other distros, probably come by default
485 esac
486
487 case $distro in
488 fedora|ubuntu|debian) spa gnupg-agent ;;
489 arch) : ;;
490 esac
491
492
493 case $distro in
494 fedora) spa pinentry-gtk ;;
495 *) : ;; # comes default or with other packages
496 esac
497
498 case $distro in
499 arch) spa firefox pulseaudio;;
500 *) : ;; # comes default or with other packages
501 esac
502
503
504 case $distro in
505 arch) spa ttf-dejavu;;
506 debian|ubuntu) spa fonts-dejavu ;;
507 # others unknown
508 esac
509
510
511 case $distro in
512 arch) spa xorg-xev;;
513 debian|ubuntu) spa x11-utils ;;
514 # others unknown
515 esac
516
517 case $distro in
518 arch) pi virt-install;;&
519 debian|ubuntu) pi virtinst ;;&
520 *) pi virt-manager ;; # creates the libvirt group in debian at least
521 # others unknown
522 esac
523 # allow user to run vms, from debian handbook
524 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
525 # bridge networking as user fails. google lead here, but it doesn't work:
526 # oh well, I give up.
527 # http://wiki.qemu.org/Features-Done/HelperNetworking
528 # s mkdir /etc/qemu
529 # f=/etc/qemu/bridge.conf
530 # s dd of=$f <<'EOF'
531 # allow br0
532 # EOF
533 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
534 # s chmod 640 $f
535
536
537 case $distro in
538 arch) spa cdrkit;;
539 debian|ubuntu) spa genisoimage;;
540 # others unknown
541 esac
542
543 case $distro in
544 arch) spa spice-gtk3 ;;
545 debian|ubuntu) spa spice-client-gtk;;
546 # others unknown
547 esac
548
549 # general known for debian/ubuntu, not for fedora
550 case $distro in
551 arch)
552 # cdrkit for cloud-init isos
553 # dnsmasq & ebtables for nat networking in libvirt
554 # qemu for qemu-img, bind-tools for dig
555 # dmidecode just because syslog complains
556 pi unzip xorg-xmodmap dmidecode ebtables\
557 bridge-utils dnsmasq qemu bind-tools
558 # otherwise we get error about accessing kvm module.
559 # seems like there might be a better way, but google was a bit vague.
560 s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
561 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
562 # https://bbs.archlinux.org/viewtopic.php?id=206206
563 # # this should prolly go in the wiki
564 sgo virtlogd.socket
565 # guessing this is not needed
566 #sgo virtlogd.service
567 sgo libvirtd
568
569 ;;
570 esac
571
572 case $distro in
573 arch) pi virtviewer ;;
574 *) : ;; # other distros have it as a dependency afaik.
575 esac
576
577
578
579 case $distro in
580 fedora) cabal install shellcheck ;;
581 *) spa shellcheck ;;
582 # unknown for older ubuntu
583 esac
584
585
586 case $distro in
587 arch|debian|ubuntu) spa pumpa ;;
588 # others unknown. do have a buildscript:
589 # /a/bin/buildscripts/pumpa ;;
590 esac
591
592
593 case $distro in
594 debian|ubuntu) spa android-tools-adb/unstable ;;
595 arch) spa android-tools ;;
596 # other distros unknown
597 esac
598
599 case $distro in
600 debian)
601 if [[ `debian-archive` == testing ]]; then
602 # has no unstable dependencies
603 spa bitcoin-qt/unstable
604 fi
605 ;;
606 # other distros unknown
607 esac
608
609
610 # proprietary flash. going without for now
611 # case $distro in
612 # debian)
613 # pi flashplugin-nonfree
614 # esac
615
616
617
618 case $distro in
619 fedora)
620 cd $(mktemp -d)
621 wget http://tamacom.com/global/global-6.3.2.tar.gz
622 ex global*
623 cd global-6.3.2
624 # based on https://github.com/leoliu/ggtags
625 ./configure --with-exuberant-ctags=/usr/bin/ctags
626 make
627 s make install
628 s pip install pygments
629 ;;
630 *)
631 pi global
632 ;;&
633 arch)
634 pi python2-pygments
635 ;;
636 debian|ubuntu)
637 pi python-pygments
638 ;;
639 esac
640
641
642 case $distro in
643 debian)
644 pi task-cinnamon-desktop
645 # in settings, change scrolling to two-finger,
646 # because the default edge scroll doesn\'t work.
647 pu transmission-gtk
648 ;;
649 # others unknown
650 esac
651
652 case $distro in
653 arch) spa apg ;;
654
655 # already in debian jessie
656 esac
657
658
659
660
661 # note this failed running at the beginning of this file,
662 # because no systemd user instance was running.
663 # Doing systemd --user resulted in
664 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
665 case $distro in
666 # ubuntu unknown. probably the same as debian, just check if the
667 # init scripts come with the package.
668 debian)
669 # copied from arch, but moved to etc
670 s dd of=/etc/systemd/user/synergys.service <<'EOF'
671 [Unit]
672 Description=Synergy Server Daemon
673 After=network.target
674
675 [Service]
676 User=%i
677 ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
678 Restart=on-failure
679
680 [Install]
681 WantedBy=multi-user.target
682 EOF
683 s dd of=/etc/systemd/user/synergys.socket <<'EOF'
684 [Unit]
685 Conflicts=synergys@.service
686
687 [Socket]
688 ListenStream=24800
689 Accept=false
690
691 [Install]
692 WantedBy=sockets.target
693 EOF
694 ;;&
695 *)
696 pi synergy
697 # taken from arch wiki.
698 s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
699 [Unit]
700 Description=Synergy Client
701 After=network.target
702
703 [Service]
704 User=%i
705 ExecStart=/usr/bin/synergyc --no-daemon treetowl
706 Restart=on-failure
707 # per man systemd.unit, StartLimitInterval, by default we
708 # restart more than 5 times in 10 seconds.
709 # And this param defaults too 200 miliseconds.
710 RestartSec=3s
711
712 [Install]
713 WantedBy=multi-user.target
714 EOF
715 case $HOSTNAME in
716 frodo)
717 ser enable synergyc@ian
718 ser start synergyc@ian ||: # X might not be running yet
719 systemctl --user start synergys ||:
720 systemctl --user enable synergys
721 ;;
722 treetowl) systemctl --user enable synergys ;;
723 esac
724 ;;
725 esac
726
727
728 ######### end misc packages #########
729
730
731 # packages I once used before and liked, but don't want installed now for
732 # various reasons:
733 # python-sqlite is used for offlineimap
734 # lxappearance python-sqlite dolphin paman dconf-editor
735
736
737
738 ######## unfinished
739
740 # todo, finish configuring smart.
741
742 pi smartmontools
743 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
744 # turn on smart. background on options:
745 # first line, -a = test everyting on all devices.
746 # -S on, turn on disk internal saving of vendor specific info,
747 # from google, seems like this is usually already on and fairly standard.
748 # -o on, turn on 4 hour period non-performance degrading testing.
749 # short test daily 2-3am, extended tests Saturdays between 3-4am:
750 sched="-s (S/../.././02|L/../../6/03)"
751 s sed -i "s#^[[:space:]]*DEVICESCAN.*#\
752 DEVICESCAN -a -o on -S on -n standby,q $sched\
753 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
754
755 # in the default configuration of at least ubuntu 14.04, resolvconf is
756 # configured to order any nameservers associated with tun* or tap*
757 # before the normal internet interfaces, which means they are always
758 # consulted first. This is often slower and undesirable, ie. local dns
759 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
760 # can do:
761 #sudo sed -i '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
762 # however, this breaks dns lookup for hosts on the openvpn lan.
763 # I can\'t figure out why hosts on the normal lan would not be
764 # broken under the default ordering, except the host I was
765 # testing with previously had an entry in /etc/hosts.
766
767 ############# end unfinished
768
769 ########### misc stuff
770
771
772 case $distro in
773 debian|ubuntu)
774 case `debian-archive` in
775 stable)
776 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
777 Explanation: Allow unison-gtk to be upgraded
778 Package: unison-gtk
779 Pin: release a=unstable
780 Pin-Priority: 500
781 EOF
782 # dont think using testing is needed since I figured out how to
783 # deal with mismatching unison compilers, but I dont
784 # see any reason to revert it, since it only installs
785 # a single package which is primarily a single binary
786 ;;
787 esac
788 pi unison/testing
789 pi unison-gtk/testing # after to make it the default unison
790 ;;
791 arch)
792 pi unison gtk2
793 ;;
794 esac
795
796 case $distro in
797 arch)
798 # default is alsa, doesn\'t work with with pianobar
799 s dd of=/etc/libao.conf <<'EOF'
800 default_driver=pulse
801 EOF
802 ;;
803 esac
804
805 # not using it atm, and for jessie, it depends on a higher version of btrfs-tools
806 # case $distro in
807 # arch|debian|ubuntu) pi btrbk ;;
808 # # others unknown
809 # esac
810
811 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
812 # fail2 ban is broken, with a workaround, per
813 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
814 # ill wait a while to see if it gets fixed
815 pi fail2ban
816 sgo fail2ban
817 fi
818
819
820
821
822
823 case $distro in
824 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
825 esac
826
827 # tor
828 case $distro in
829 # based on
830 # https://www.torproject.org/docs/rpms.html.en
831 # https://www.torproject.org/docs/debian.html.en
832 # todo: figure out if the running service needs to be restarted upon updates
833
834
835 # todo on fedora: setup non-dev packages
836 fedora)
837 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
838 [tor]
839 name=Tor experimental repo
840 enabled=1
841 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
842 gpgcheck=1
843 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
844
845 [tor-source]
846 name=Tor experimental source repo
847 enabled=1
848 autorefresh=0
849 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
850 gpgcheck=1
851 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
852 EOF
853
854 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
855 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
856 sgo tor
857 /a/bin/buildscripts/tor-browser
858 ;;
859 ubuntu)
860 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
861 gpg --keyserver keys.gnupg.net --recv 886DDD89
862 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
863 p update
864 pi deb.torproject.org-keyring
865 pi tor
866 /a/bin/buildscripts/tor-browser
867 ;;
868 debian)
869 pi tor
870 /a/bin/buildscripts/tor-browser
871 ;;
872 arch)
873 pi tor tor-browser-en
874 sgo tor
875 ;;
876 # ubuntu unknown
877 esac
878
879 # nfs server
880 case $distro in
881 fedora)
882 end_msg <<'EOF'
883 fedora todo: disable the firewall or find a way to automate it.
884 there's an unused section in t.org for tramikssion firewall setup
885
886 fedora manual config for nfs:
887 s firewall-config
888 change to permanent configuration
889 check the box for nfs
890 was hard to figure this out, not sure if this is all needed, but
891 unblock these too
892 mountd: udp/tcp 20048
893 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
894 troubleshooting, unblock things in rpcinfo -p
895 make sure to reload the firewall to load the persistent configuration
896
897
898 EOF
899 pi nfs-utils
900 sgo nfs-server
901 ;;
902 debian|ubuntu)
903 pi nfs-server
904 ;;
905 arch)
906 pi nfs-utils || pending_reboot=true
907 sgo rpcbind
908 # this failed until I rebooted
909 sgo nfs-server
910 ;;
911 esac
912
913 if [[ $HOSTNAME == frodo ]]; then
914 tu /etc/exports <<'EOF'
915 /k 192.168.1.0/24(rw,nohide,no_subtree_check,insecure)
916 EOF
917 s exportfs -rav
918 fi
919
920 if [[ -e /k/video ]]; then
921 # nohide = export filesystems mounted deeper than the export point
922 # fsid=0 makes this export the "root" export
923 # not documented in the man page, but this means
924 # 1. it can be mounted with a shorthand of server:/
925 # 2. exports that are subdirectories of this one will automatically be mounted
926 tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
927 s exportfs -rav
928 showmount -e localhost
929 fi
930
931
932
933 e "$end_msg_var"
934
935
936 # persistent virtual machines
937
938 case $distro in
939 debian|ubuntu)
940 pi libosinfo-bin;
941 ;;
942 esac
943
944 # distro may not know about win 10 yet.
945 variant=win7
946 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
947 for v in 10 8.1 8; do
948 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
949 variant=win$v
950 break
951 fi
952 done
953 fi
954
955 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
956
957 # created account with
958 # win10vmian@outlook.com, and easy to remember password
959 # win 10 virtio, makes disk way way way faster
960 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
961 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
962 # for installing virtio after initial install instead of with initial iso:
963 # qemu-img create -f qcow2 fake.qcow2 1G
964 # --disk=/a/images/virtio-win.iso,device=cdrom \
965 # --disk=/a/images/fake.qcow2,bus=virtio
966 # Also,
967 # went to device manager, saw 2 pci devices with yellow !,
968 # did search for drivers, pick cdrom location, done.
969 #
970 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
971 # google said there was a control panel option for it, but
972 # that turned out to be a lie.
973 # Put this in a .bat file and run as administrator to turn off
974 # hyberboot which fucks things up.
975 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
976 # power settings, turn off display: never
977 # run "control userpasswords2", turn on automatic login.
978 # note: when changing devices, I just undefine, the create the vm again.
979
980 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
981 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
982 -n win10 --import --os-variant $variant --cpu host-model-only
983
984 s virsh destroy win10
985
986 # this one hasn\'t had the virtio fix done yet.
987 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
988 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
989 -n win7 --import --os-variant win7 --cpu host-model-only
990 s virsh destroy win7
991 # had a problem with --cpu host, so trying out
992 # --cpu host-model-only
993
994 fi
995
996
997 pi samba
998 # note samba re-reads it's config every 1 minute
999 case $distro in
1000 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1001 esac
1002
1003 # add 2 lines after workgroup option
1004 s sed -ri '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1005 s sed -ri '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1006 s sed -i 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1007 # remove default homes section. not sharing that.
1008 s sed -ri '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1009
1010 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1011 s tee -a /etc/samba/smb.conf <<'EOF'
1012 [public]
1013 guest ok = yes
1014 read only = no
1015 path = /kfrodo
1016 EOF
1017 fi
1018
1019 case $distro in
1020 debian|ubuntu)
1021 # systemd claims it generates units from /etc/init.d, but it clearly doesn't
1022 # in debian. I have no idea how they are related. fuck debian right now. It's
1023 # not documented. samba has a systemd init file linked to /dev/null.
1024 # There's this https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1025 # claims samba's sub-services will be started automatically by systemd... it
1026 # didn't on install, wonder if it will on boot. It clued me in how to start
1027 # it manually though. Nothing in /usr/share/doc/samba, debian admin guide
1028 # says nothing about any of this. (this is in debian testing as of 4/2016).
1029
1030 s /etc/init.d/samba start
1031 ;;
1032 arch)
1033 sgo samba
1034 ;;
1035 esac
1036
1037 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1038
1039
1040
1041 rootdev=$(mount | sed -rn 's#^(\S+) on / .*#\1#p')
1042 s mkdir /mnt/root
1043 tu /etc/fstab <<< "$rootdev /mnt/root btrfs noatime,subvolid=0 0 0"
1044 mountpoint /mnt/root || s mount /mnt/root
1045 idev=$(mount | sed -rn 's#^(\S+) on /i .*#\1#p')
1046 if [[ $idev != $rootdev ]]; then
1047 s mkdir /mnt/iroot
1048 tu /etc/fstab <<< "$idev /mnt/iroot btrfs noatime,subvolid=0 0 0"
1049 mountpoint /mnt/iroot || s mount /mnt/iroot
1050 fi
1051
1052
1053 ######### begin stuff belonging at the end ##########
1054
1055
1056 # Apps we want to override others for default file handler:
1057 # simplest way in debian is to just install them last.
1058 simple_packages+=(
1059 mpv
1060 )
1061
1062 case $distro in
1063 ubuntu|debian)
1064 spa spacefm-gtk3 ;;
1065 arch)
1066 spa spacefm ;;
1067 esac
1068
1069
1070 pi "${simple_packages[@]}"
1071
1072
1073 if $pending_reboot; then
1074 echo "$0: pending reboot and then finished. doing it now."
1075 s reboot now
1076 else
1077 echo "$0: $(date): ending now)"
1078 fi
~16k lines of my .bashrc + lots of my configs