iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix keyscript
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35 distro=$(distro-name)
36
37 pending_reboot=false
38
39 # template
40 case $distro in
41 esac
42
43 pup
44
45 simple_packages=(
46 htop
47 mailutils
48 nmon
49 rdiff-backup
50 ruby
51 ruby-rest-client
52 tree
53 vim
54 )
55
56 case $HOSTNAME in
57 lj|li) : ;;
58 *)
59 # universal packages
60 # swh-plugins is for karaoke pulsaudio filter.
61 simple_packages+=(
62 apache2
63 bwm-ng
64 chromium
65 duplicity
66 evince
67 fdupes
68 filelight
69 gdb
70 goaccess
71 gnome-screenshot
72 jq
73 locate
74 meld
75 nmap
76 offlineimap
77 p7zip
78 paprefs
79 pavucontrol
80 pdfgrep
81 pianobar
82 pidgin
83 slock
84 squashfs-tools
85 swh-plugins
86 tcpdump
87 transmission-remote-gtk
88 vlc
89 )
90 ;;
91 esac
92
93
94
95 ########### begin section including li ################
96
97
98 case $distro in
99 debian)
100 if [[ `debian-archive` == testing ]]; then
101 pi acme-tiny
102 fi
103 esac
104
105 case $distro in
106 fedora) spa unrar ;;
107 *) spa unrar-free ;;
108 esac
109
110
111 case $distro in
112 arch)
113 # ubuntu 14.04 uses b-cron,
114 # but its not maintained in arch.
115 # of the ones in the main repos, cronie is only one maintained.
116 # fcron appears abandoned software.
117 pi cronie
118 sgo cronie
119 ;;
120 *) : ;; # other distros come with cron.
121 esac
122
123
124 case $distro in
125 debian|ubuntu)
126 pi debian-goodies
127 ;;
128 esac
129
130
131 case $distro in
132 *) pi at ;;&
133 arch) sgo atd ;;
134 esac
135
136
137 case $distro in
138 debian) pi curl;;
139 arch) : ;;
140 # fedora: unknown
141 esac
142
143 case $distro in
144 # tk for gitk
145 arch) spa git tk ;;
146 *) spa git ;;
147 esac
148
149 case $distro in
150 arch) spa the_silver_searcher ;;
151 debian|ubuntu) spa silversearcher-ag ;;
152 # fedora unknown
153 esac
154
155 case $distro in
156 debian|ubuntu) spa ntp;;
157 arch)
158 pi ntp
159 sgo ntpd
160 ;;
161 # others unknown
162 esac
163
164
165 # no equivalent in other distros:
166 case $distro in
167 debian|ubuntu)
168 pi apt-file aptitude
169 s apt-file update
170 # for debconf-get-selections
171 spa debconf-utils
172 ;;
173 esac
174
175 case $distro in
176 ubuntu|debian) spa ack-grep ;;
177 arch|fedora) spa ack ;;
178 # fedora unknown
179 esac
180
181 case $distro in
182 arch|debian|ubuntu)
183 spa bash-completion
184 ;;
185 # others unknown
186 esac
187
188
189
190
191
192 # disable motd junk.
193 case $(distro-name) in
194 debian)
195 # allows me to pipe with ssh -t, and gets rid of spam
196 # http://forums.debian.net/viewtopic.php?f=5&t=85822
197 # i'd rather disable the service than comment the init file
198 # this says disabling the service, it will still get restarted
199 # but this script doesn't do anything on restart, so it should be fine
200 s dd of=/var/run/motd.dynamic if=/dev/null
201 # stretch doesn't have initscripts pkg installed by default
202 if [[ $(debian-codename) == jessie ]]; then
203 s update-rc.d motd disable
204 fi
205 ;;
206 ubuntu)
207 # this isn't a complete solution. It still shows me when updates are available,
208 # but it's no big deal.
209 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
210 ;;
211 esac
212
213 # automatic updates
214 # reference:
215 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
216 # /etc/cron.daily/apt calls unattended-upgrades
217 # /usr/share/doc/unattended-upgrades# cat README.md
218 # /etc/apt/apt.conf.d/50unattended-upgrades
219 if isdebian; then
220 setup-debian-auto-update
221 fi
222
223 # we've got a few dependencies later on, so install them now.
224 pi "${simple_packages[@]}"
225 simple_packages=()
226
227 case $HOSTNAME in
228 lj|li)
229
230 case $HOSTNAME in
231 lj) domain=iank.bid ;;
232 li) domain=iankelling.org ;;
233 esac
234 /a/h/setup.sh $domain
235 /a/h/build.rb
236
237 sudo -E /a/bin/mediawiki-setup/mw-setup-script
238 #$src/phab-setup
239
240 echo "$0: $(date): ending now)"
241 exit 0
242 ;;
243 esac
244
245 ########### end section including li/lj ###############
246
247
248 if [[ $HOSTNAME == frodo ]]; then
249 case $distro in
250 ubunut|debian)
251 pi libsqlite3-dev
252 cd /a/opt/duperemove
253 make clean
254 make
255 s make install
256 ;;
257 #others unknown
258 esac
259 fi
260
261 case $distro in
262 arch) pi syncthing ;;
263 ubuntu|debian)
264 # google led me here:
265 # https://apt.syncthing.net/
266 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
267 s="deb http://apt.syncthing.net/ syncthing release"
268 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
269 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
270 p update
271 fi
272 pi syncthing
273 ;;
274 esac
275 # installed via f-droid
276 # top right, actions, device id
277 #
278 # for installing on a remote comp:
279 # ssh -L 8384:localhost:8384 -N frodo
280 # went to http://localhost:8384/
281 #
282 # add folder to sync phone,
283 # staggered file versioning would be my normal choice, but choose
284 # trash can versioning for sake of space on phone, with
285 # clean out after 7 days.
286 #
287 # did ser syncthing@ian start
288 # then on phone, add device, hit bar code icon,
289 # install bar code scanner.
290
291
292 # no equivalent in other distros:
293 case $distro in
294 debian|ubuntu)
295 # for gui bug reporting
296 spa python-vte
297 ;;
298 esac
299
300
301 ####### misc packages ###########
302
303
304 if [[ $HOSTNAME == treetowl ]]; then
305 case $distro in
306 debian|ubuntu)
307 # note i had to do this, which is persistent:
308 # cd /i/k
309 # s chgrp debian-transmission torrents partial-torrents
310
311 # syslog says things like
312 # 'Failed to set receive buffer: requested 4194304, got 425984'
313 # google suggets giving it even more than that
314 tu /etc/sysctl.conf<<'EOF'
315 net.core.rmem_max = 67108864
316 net.core.wmem_max = 16777216
317 EOF
318 s sysctl -p
319
320 # some reason it doesn't seem to start automatically anyways
321 pi-nostart transmission-daemon
322 # config file documented here, and it's the same config
323 # for daemon vs client, so it's documented in the gui.
324 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
325 s ruby <<'EOF'
326 require 'json'
327 p = '/etc/transmission-daemon/settings.json'
328 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
329 'rpc-whitelist' => '127.0.0.1,192.168.1.*',
330 'rpc-authentication-required' => false,
331 'incomplete-dir' => '/i/k/partial-torrents',
332 'download-dir' => '/i/k/torrents',
333 "speed-limit-up" => 700,
334 "speed-limit-up-enabled" => true,
335 "ratio-limit" => 1.4000,
336 "ratio-limit-enabled" => true,
337 })) + "\n")
338 EOF
339 sgo transmission-daemon
340 ;;
341 arch)
342 # todo, setup it's config file & daemon
343 pi transmission-cli
344 ;;
345 esac
346 fi
347
348 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
349 if ! getent passwd debian-transmission > /dev/null; then
350 case $distro in
351 arch)
352 s useradd \
353 --system \
354 --create-home \
355 --home-dir /var/lib/transmission-daemon \
356 --shell /bin/false \
357 debian-transmission
358 ;;
359 *)
360 s adduser --quiet \
361 --system \
362 --group \
363 --no-create-home \
364 --disabled-password \
365 --home /var/lib/transmission-daemon \
366 debian-transmission
367 ;;
368 esac
369 fi
370
371 # dunno why it's there, but get rid of it
372 case $HOSTNAME in
373 li|lj) s rm -rf /home/linode ;;
374 esac
375
376 # arch had a default config,
377 # debian had nothing until you start it.
378 # With a little trial an error, here is a minimal config
379 # taken from the generated one, plus changes that the
380 # settings ui does, without a bunch of ui crap settings.
381 #
382 # only settings I set were
383 # hostname
384 # auto-connect
385 for f in /home/*; do
386 d=$f/.config/transmission-remote-gtk
387 u=${f##*/}
388 s -u $u mkdir -p $d
389 s -u $u dd of=$d/config.json <<'EOF'
390 {
391 "profiles" : [
392 {
393 "profile-name" : "Default",
394 "hostname" : "treetowl",
395 "rpc-url-path" : "/transmission/rpc",
396 "username" : "",
397 "password" : "",
398 "auto-connect" : true,
399 "ssl" : false,
400 "timeout" : 40,
401 "retries" : 3,
402 "update-active-only" : false,
403 "activeonly-fullsync-enabled" : false,
404 "activeonly-fullsync-every" : 2,
405 "update-interval" : 3,
406 "min-update-interval" : 3,
407 "session-update-interval" : 60,
408 "exec-commands" : [
409 ],
410 "destinations" : [
411 ]
412 }
413 ],
414 "profile-id" : 0,
415 "add-options-dialog" : false
416 }
417 EOF
418 done
419
420 case $distro in
421 debian|ubuntu)
422 pi-nostart openvpn
423 # pi-nostart this doesnt seem to be good enough?
424 ser disable openvpn@client
425 ser disable openvpn
426 ;;
427 # suggests because we want the resolvconf package
428 *) pi --install-suggests openvpn;;
429 esac
430
431 pi wget
432 case $HOSTNAME in
433 tp|frodo)
434 case $distro in
435 debian|ubuntu)
436 log=$(mktemp)
437 cd /a/opt
438 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
439 errallow
440 set -o pipefail
441 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
442 code=$?
443 errcatch
444 case $code in
445 0) : ;;
446 *)
447 # previously I had a more specific search, but dpkg
448 # changed it's output as of 7/2016
449 if grep 'dependency problems' \
450 $log &>/dev/null; then
451 s apt-get -fy install
452 else
453 exit 1
454 fi
455 ;;
456 esac
457 ;;
458 arch)
459 pi google-chrome
460 ;;
461 esac
462 ;;
463 esac
464
465 # printer
466 case $distro in
467 arch)
468 pi cups ghostscript gsfonts # from arch wiki cups page
469 pi hplip # from google
470 s gpasswd -a $USER sys # from arch wiki
471 sgo org.cups.cupsd.service
472 # goto http://127.0.0.1:631
473 # administration tab, add new printer button.
474 # In debian, I could use hte recommended driver,
475 # in arch, I had to pick out the 6L driver.
476 ;;
477 debian|ubuntu)
478 spa hplip
479 ;;
480 # other distros unknown
481 esac
482
483
484 case $distro in
485 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
486 fedora|arch) spa mairix notmuch ;;
487 esac
488 case $distro in
489 arch) spa nfs-utils ;;
490 ubuntu|debian) spa nfs-client ;;
491 esac
492 case $distro in
493 ubuntu|debian) spa par2 ;;
494 arch|fedora) spa par2cmdline ;;
495 esac
496
497 # needed for my tex resume
498 case $distro in
499 ubuntu|debian) spa texlive-full ;;
500 arch) spa texlive-most ;;
501 # fedora unknown
502 esac
503
504 case $distro in
505 ubuntu)
506 # flash, unrar, codecs, ms fonts.
507 # This has a manual prompt.
508 spa ubuntu-restricted-extras
509 ;;
510 fedora)
511 pi yum-utils
512 # rpm fusion recommended codecs
513 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
514 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
515 xine-lib-extras-freeworld
516 ;;
517 esac
518
519 case $distro in
520 # optional dep for firefox for h.264 video
521 arch) spa gst-libav ;;
522 # other distros, probably come by default
523 esac
524
525 case $distro in
526 fedora|ubuntu|debian) spa gnupg-agent ;;
527 arch) : ;;
528 esac
529
530
531 case $distro in
532 fedora) spa pinentry-gtk ;;
533 *) : ;; # comes default or with other packages
534 esac
535
536 case $distro in
537 arch) spa firefox pulseaudio;;
538 *) : ;; # comes default or with other packages
539 esac
540
541
542 case $distro in
543 arch) spa ttf-dejavu;;
544 debian|ubuntu) spa fonts-dejavu ;;
545 # others unknown
546 esac
547
548
549 case $distro in
550 arch) spa xorg-xev;;
551 debian|ubuntu) spa x11-utils ;;
552 # others unknown
553 esac
554
555 case $distro in
556 arch) pi virt-install;;&
557 debian|ubuntu) pi virtinst ;;&
558 *) pi virt-manager ;; # creates the libvirt group in debian at least
559 # others unknown
560 esac
561 # allow user to run vms, from debian handbook
562 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
563 # bridge networking as user fails. google lead here, but it doesn't work:
564 # oh well, I give up.
565 # http://wiki.qemu.org/Features-Done/HelperNetworking
566 # s mkdir /etc/qemu
567 # f=/etc/qemu/bridge.conf
568 # s dd of=$f <<'EOF'
569 # allow br0
570 # EOF
571 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
572 # s chmod 640 $f
573
574
575 case $distro in
576 arch) spa cdrkit;;
577 debian|ubuntu) spa genisoimage;;
578 # others unknown
579 esac
580
581 case $distro in
582 arch) spa spice-gtk3 ;;
583 debian|ubuntu) spa spice-client-gtk;;
584 # others unknown
585 esac
586
587 # general known for debian/ubuntu, not for fedora
588 case $distro in
589 arch)
590 # cdrkit for cloud-init isos
591 # dnsmasq & ebtables for nat networking in libvirt
592 # qemu for qemu-img, bind-tools for dig
593 # dmidecode just because syslog complains
594 pi unzip xorg-xmodmap dmidecode ebtables\
595 bridge-utils dnsmasq qemu bind-tools
596 # otherwise we get error about accessing kvm module.
597 # seems like there might be a better way, but google was a bit vague.
598 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
599 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
600 # https://bbs.archlinux.org/viewtopic.php?id=206206
601 # # this should prolly go in the wiki
602 sgo virtlogd.socket
603 # guessing this is not needed
604 #sgo virtlogd.service
605 sgo libvirtd
606
607 ;;
608 esac
609
610 case $distro in
611 arch) pi virtviewer ;;
612 *) : ;; # other distros have it as a dependency afaik.
613 esac
614
615
616
617 case $distro in
618 fedora) cabal install shellcheck ;;
619 *) spa shellcheck ;;
620 # unknown for older ubuntu
621 esac
622
623
624 case $distro in
625 arch|debian|ubuntu) spa pumpa ;;
626 # others unknown. do have a buildscript:
627 # /a/bin/buildscripts/pumpa ;;
628 esac
629
630
631 case $distro in
632 debian|ubuntu) spa android-tools-adb/unstable ;;
633 arch) spa android-tools ;;
634 # other distros unknown
635 esac
636
637 case $distro in
638 debian)
639 if [[ `debian-archive` == testing ]]; then
640 # has no unstable dependencies
641 spa bitcoin-qt/unstable
642 fi
643 ;;
644 # other distros unknown
645 esac
646
647
648 # proprietary flash. going without for now
649 # case $distro in
650 # debian)
651 # pi flashplugin-nonfree
652 # esac
653
654
655
656 case $distro in
657 fedora)
658 cd $(mktemp -d)
659 wget http://tamacom.com/global/global-6.3.2.tar.gz
660 ex global*
661 cd global-6.3.2
662 # based on https://github.com/leoliu/ggtags
663 ./configure --with-exuberant-ctags=/usr/bin/ctags
664 make
665 s make install
666 s pip install pygments
667 ;;
668 *)
669 pi global
670 ;;&
671 arch)
672 pi python2-pygments
673 ;;
674 debian|ubuntu)
675 pi python-pygments
676 ;;
677 esac
678
679
680 case $distro in
681 debian)
682 pi task-cinnamon-desktop
683 # in settings, change scrolling to two-finger,
684 # because the default edge scroll doesn\'t work.
685 pu transmission-gtk
686 ;;
687 # others unknown
688 esac
689
690 case $distro in
691 arch) spa apg ;;
692
693 # already in debian jessie
694 esac
695
696
697
698
699 # note this failed running at the beginning of this file,
700 # because no systemd user instance was running.
701 # Doing systemd --user resulted in
702 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
703
704 if isdebian-testing; then
705 # as of 7/2016, has no unstable deps, and is not in testing anymore.
706 pi synergy/unstable
707 else
708 pi synergy
709 fi
710
711 case $distro in
712 # ubuntu unknown. probably the same as debian, just check if the
713 # init scripts come with the package.
714 debian)
715 # copied from arch, but moved to etc
716 s dd of=/etc/systemd/user/synergys.service <<'EOF'
717 [Unit]
718 Description=Synergy Server Daemon
719 After=network.target
720
721 [Service]
722 User=%i
723 ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
724 Restart=on-failure
725
726 [Install]
727 WantedBy=multi-user.target
728 EOF
729 s dd of=/etc/systemd/user/synergys.socket <<'EOF'
730 [Unit]
731 Conflicts=synergys@.service
732
733 [Socket]
734 ListenStream=24800
735 Accept=false
736
737 [Install]
738 WantedBy=sockets.target
739 EOF
740 # had this fail with 'Failed to connect to bus: No such file or directory'
741 # then when I tried it manually, it worked fine...
742 if ! systemctl --user daemon-reload; then
743 sleep 2
744 echo retrying systemd user daemon reload
745 systemctl --user daemon-reload
746 fi
747 ;;&
748 *)
749 # taken from arch wiki.
750 s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
751 [Unit]
752 Description=Synergy Client
753 After=network.target
754
755 [Service]
756 User=%i
757 ExecStart=/usr/bin/synergyc --no-daemon frodo
758 Restart=on-failure
759 # per man systemd.unit, StartLimitInterval, by default we
760 # restart more than 5 times in 10 seconds.
761 # And this param defaults too 200 miliseconds.
762 RestartSec=3s
763
764 [Install]
765 WantedBy=multi-user.target
766 EOF
767 s systemctl daemon-reload
768 case $HOSTNAME in
769 x2|treetowl)
770 ser enable synergyc@ian
771 ser start synergyc@ian ||: # X might not be running yet
772 ;;
773 frodo)
774 systemctl --user start synergys ||:
775 systemctl --user enable synergys
776 ;;
777 esac
778 ;;
779 esac
780
781
782 ######### end misc packages #########
783
784
785 # packages I once used before and liked, but don't want installed now for
786 # various reasons:
787 # python-sqlite is used for offlineimap
788 # lxappearance python-sqlite dolphin paman dconf-editor
789
790
791
792 ######## unfinished
793
794 # todo, finish configuring smart.
795
796 pi smartmontools
797 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
798 # turn on smart. background on options:
799 # first line, -a = test everyting on all devices.
800 # -S on, turn on disk internal saving of vendor specific info,
801 # from google, seems like this is usually already on and fairly standard.
802 # -o on, turn on 4 hour period non-performance degrading testing.
803 # short test daily 2-3am, extended tests Saturdays between 3-4am:
804 sched="-s (S/../.././02|L/../../6/03)"
805 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
806 DEVICESCAN -a -o on -S on -n standby,q $sched\
807 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
808
809 # in the default configuration of at least ubuntu 14.04, resolvconf is
810 # configured to order any nameservers associated with tun* or tap*
811 # before the normal internet interfaces, which means they are always
812 # consulted first. This is often slower and undesirable, ie. local dns
813 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
814 # can do:
815 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
816 # however, this breaks dns lookup for hosts on the openvpn lan.
817 # I can\'t figure out why hosts on the normal lan would not be
818 # broken under the default ordering, except the host I was
819 # testing with previously had an entry in /etc/hosts.
820
821 ############# end unfinished
822
823 ########### misc stuff
824
825
826 s cedit /etc/goaccess.conf <<'EOF'
827 # all things found from looking around the default config
828 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
829 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %L
830 time-format %H:%M:%S
831 date-format %d/%b/%Y
832 log-file /var/log/apache2/access.log
833 color-scheme 2
834 EOF
835
836
837 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
838 /a/bin/vpn-setup/vpn-mk-client-cert dopub
839 fi
840
841
842 case $distro in
843 debian|ubuntu)
844 case `debian-archive` in
845 stable)
846 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
847 Explanation: Allow unison-gtk to be upgraded
848 Package: unison-gtk
849 Pin: release a=unstable
850 Pin-Priority: 500
851 EOF
852 # dont think using testing is needed since I figured out how to
853 # deal with mismatching unison compilers, but I dont
854 # see any reason to revert it, since it only installs
855 # a single package which is primarily a single binary
856 ;;
857 esac
858 pi unison/testing
859 pi unison-gtk/testing # after to make it the default unison
860 ;;
861 arch)
862 pi unison gtk2
863 ;;
864 esac
865
866 case $distro in
867 arch)
868 # default is alsa, doesn\'t work with with pianobar
869 s dd of=/etc/libao.conf <<'EOF'
870 default_driver=pulse
871 EOF
872 ;;
873 esac
874
875 # not using it atm, and for jessie, it depends on a higher version of btrfs-tools
876 # case $distro in
877 # arch|debian|ubuntu) pi btrbk ;;
878 # # others unknown
879 # esac
880
881 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
882 # fail2 ban is broken, with a workaround, per
883 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
884 # ill wait a while to see if it gets fixed
885 pi fail2ban
886 sgo fail2ban
887 fi
888
889
890
891
892
893 case $distro in
894 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
895 esac
896
897 # tor
898 case $distro in
899 # based on
900 # https://www.torproject.org/docs/rpms.html.en
901 # https://www.torproject.org/docs/debian.html.en
902 # todo: figure out if the running service needs to be restarted upon updates
903
904
905 # todo on fedora: setup non-dev packages
906 fedora)
907 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
908 [tor]
909 name=Tor experimental repo
910 enabled=1
911 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
912 gpgcheck=1
913 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
914
915 [tor-source]
916 name=Tor experimental source repo
917 enabled=1
918 autorefresh=0
919 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
920 gpgcheck=1
921 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
922 EOF
923
924 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
925 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
926 sgo tor
927 /a/bin/buildscripts/tor-browser
928 ;;
929 ubuntu)
930 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
931 gpg --keyserver keys.gnupg.net --recv 886DDD89
932 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
933 p update
934 pi deb.torproject.org-keyring
935 pi tor
936 /a/bin/buildscripts/tor-browser
937 ;;
938 debian)
939 pi tor
940 /a/bin/buildscripts/tor-browser
941 ;;
942 arch)
943 pi tor tor-browser-en
944 sgo tor
945 ;;
946 # ubuntu unknown
947 esac
948
949 # nfs server
950 case $distro in
951 fedora)
952 end_msg <<'EOF'
953 fedora todo: disable the firewall or find a way to automate it.
954 there's an unused section in t.org for tramikssion firewall setup
955
956 fedora manual config for nfs:
957 s firewall-config
958 change to permanent configuration
959 check the box for nfs
960 was hard to figure this out, not sure if this is all needed, but
961 unblock these too
962 mountd: udp/tcp 20048
963 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
964 troubleshooting, unblock things in rpcinfo -p
965 make sure to reload the firewall to load the persistent configuration
966
967
968 EOF
969 pi nfs-utils
970 sgo nfs-server
971 ;;
972 debian|ubuntu)
973 pi nfs-server
974 ;;
975 arch)
976 pi nfs-utils || pending_reboot=true
977 sgo rpcbind
978 # this failed until I rebooted
979 sgo nfs-server
980 ;;
981 esac
982
983 if [[ $HOSTNAME == treetowl ]]; then
984 # nohide = export filesystems mounted deeper than the export point
985 # fsid=0 makes this export the "root" export
986 # not documented in the man page, but this means
987 # 1. it can be mounted with a shorthand of server:/
988 # 2. exports that are subdirectories of this one will automatically be mounted
989 tu /etc/exports <<'EOF'
990 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
991 EOF
992 s exportfs -rav
993 fi
994
995
996 e "$end_msg_var"
997
998
999 # persistent virtual machines
1000
1001 case $distro in
1002 debian|ubuntu)
1003 pi libosinfo-bin;
1004 ;;
1005 esac
1006
1007 # distro may not know about win 10 yet.
1008 variant=win7
1009 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1010 for v in 10 8.1 8; do
1011 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1012 variant=win$v
1013 break
1014 fi
1015 done
1016 fi
1017
1018 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1019
1020 # created account with
1021 # win10vmian@outlook.com, and easy to remember password
1022 # win 10 virtio, makes disk way way way faster
1023 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1024 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1025 # for installing virtio after initial install instead of with initial iso:
1026 # qemu-img create -f qcow2 fake.qcow2 1G
1027 # --disk=/a/images/virtio-win.iso,device=cdrom \
1028 # --disk=/a/images/fake.qcow2,bus=virtio
1029 # Also,
1030 # went to device manager, saw 2 pci devices with yellow !,
1031 # did search for drivers, pick cdrom location, done.
1032 #
1033 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1034 # google said there was a control panel option for it, but
1035 # that turned out to be a lie.
1036 # Put this in a .bat file and run as administrator to turn off
1037 # hyberboot which fucks things up.
1038 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1039 # power settings, turn off display: never
1040 # run "control userpasswords2", turn on automatic login.
1041 # note: when changing devices, I just undefine, the create the vm again.
1042
1043 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1044 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1045 -n win10 --import --os-variant $variant --cpu host-model-only
1046
1047 s virsh destroy win10
1048
1049 # this one hasn\'t had the virtio fix done yet.
1050 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1051 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1052 -n win7 --import --os-variant win7 --cpu host-model-only
1053 s virsh destroy win7
1054 # had a problem with --cpu host, so trying out
1055 # --cpu host-model-only
1056
1057 fi
1058
1059
1060 if [[ $HOSTNAME == treetowl ]]; then
1061 pi samba
1062 # note samba re-reads it\'s config every 1 minute
1063 case $distro in
1064 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1065 esac
1066
1067 # add 2 lines after workgroup option
1068 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1069 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1070 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1071 # remove default homes section. not sharing that.
1072 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1073
1074 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1075 s tee -a /etc/samba/smb.conf <<'EOF'
1076 [public]
1077 guest ok = yes
1078 read only = no
1079 path = /kr
1080 EOF
1081 fi
1082
1083 case $distro in
1084 debian|ubuntu)
1085 # systemd claims it generates units from /etc/init.d, but it
1086 # clearly doesn\'t in debian. I have no idea how they are
1087 # related. fuck debian right now. It\'s not documented. samba
1088 # has a systemd init file linked to /dev/null. There\'s this
1089 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1090 # claims samba\'s sub-services will be started automatically by
1091 # systemd... it didn\'t on install, wonder if it will on
1092 # boot. It clued me in how to start it manually though. Nothing
1093 # in /usr/share/doc/samba, debian admin guide says nothing about
1094 # any of this. (this is in debian testing as of 4/2016).
1095
1096 s /etc/init.d/samba start
1097 ;;
1098 arch)
1099 sgo samba
1100 ;;
1101 esac
1102 fi
1103
1104 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1105
1106
1107
1108 rootdev=$(mount | sed -rn 's#^(\S+) on / .*#\1#p')
1109 s mkdir /mnt/root
1110 tu /etc/fstab <<< "$rootdev /mnt/root btrfs noatime,subvolid=0 0 0"
1111 mountpoint /mnt/root || s mount /mnt/root
1112 idev=$(mount | sed -rn 's#^(\S+) on /i .*#\1#p')
1113 if [[ $idev != $rootdev ]]; then
1114 s mkdir /mnt/iroot
1115 tu /etc/fstab <<< "$idev /mnt/iroot btrfs noatime,subvolid=0 0 0"
1116 mountpoint /mnt/iroot || s mount /mnt/iroot
1117 fi
1118
1119
1120 ######### begin stuff belonging at the end ##########
1121
1122
1123 # Apps we want to override others for default file handler:
1124 # simplest way in debian is to just install them last.
1125 simple_packages+=(
1126 mpv
1127 )
1128
1129 case $distro in
1130 ubuntu|debian)
1131 spa spacefm-gtk3 ;;
1132 arch)
1133 spa spacefm ;;
1134 esac
1135
1136
1137 pi "${simple_packages[@]}"
1138
1139
1140 if $pending_reboot; then
1141 echo "$0: pending reboot and then finished. doing it now."
1142 s reboot now
1143 else
1144 echo "$0: $(date): ending now)"
1145 fi
~16k lines of my .bashrc + lots of my configs