iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
various fixes, add emacs wrappers
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35
36 distro=$(distro-name)
37
38 pending_reboot=false
39
40 # template
41 case $distro in
42 esac
43
44 pup
45
46 simple_packages=(
47 htop
48 mailutils
49 nmon
50 rdiff-backup
51 ruby
52 ruby-rest-client
53 tree
54 vim
55 )
56
57 case $HOSTNAME in
58 lj|li) : ;;
59 *)
60 # universal packages
61 # swh-plugins is for karaoke pulsaudio filter.
62 # mutagen for pithos
63 simple_packages+=(
64 apache2
65 bwm-ng
66 chromium
67 debconf-doc
68 duplicity
69 eclipse
70 evince
71 fdupes
72 filelight
73 gcc-doc
74 gdb
75 gitk
76 goaccess
77 gnome-screenshot
78 i3lock
79 jq
80 locate
81 manpages
82 manpages-dev
83 meld
84 mumble
85 nmap
86 offlineimap
87 p7zip
88 paprefs
89 pavucontrol
90 pdfgrep
91 pianobar
92 pidgin
93 python3-mutagen
94 reportbug
95 squashfs-tools
96 swh-plugins
97 tcpdump
98 transmission-remote-gtk
99 vlc
100 wcd
101 )
102 ;;
103 esac
104
105
106
107 ########### begin section including li ################
108
109
110 case $distro in
111 debian)
112 if [[ `debian-archive` == testing ]]; then
113 pi acme-tiny
114 fi
115 esac
116
117 case $distro in
118 fedora) spa unrar ;;
119 *) spa unrar-free ;;
120 esac
121
122
123 case $distro in
124 arch)
125 # ubuntu 14.04 uses b-cron,
126 # but its not maintained in arch.
127 # of the ones in the main repos, cronie is only one maintained.
128 # fcron appears abandoned software.
129 pi cronie
130 sgo cronie
131 ;;
132 *) : ;; # other distros come with cron.
133 esac
134
135
136 case $distro in
137 debian|ubuntu)
138 pi debian-goodies
139 ;;
140 esac
141
142
143 case $distro in
144 *) pi at ;;&
145 arch) sgo atd ;;
146 esac
147
148
149 case $distro in
150 debian) pi curl;;
151 arch) : ;;
152 # fedora: unknown
153 esac
154
155 case $distro in
156 # tk for gitk
157 arch) spa git tk ;;
158 *) spa git ;;
159 esac
160
161 case $distro in
162 arch) spa the_silver_searcher ;;
163 debian|ubuntu) spa silversearcher-ag ;;
164 # fedora unknown
165 esac
166
167 case $distro in
168 debian|ubuntu) spa ntp;;
169 arch)
170 pi ntp
171 sgo ntpd
172 ;;
173 # others unknown
174 esac
175
176
177 # no equivalent in other distros:
178 case $distro in
179 debian|ubuntu)
180 pi apt-file aptitude
181 s apt-file update
182 # for debconf-get-selections
183 spa debconf-utils
184 ;;
185 esac
186
187 case $distro in
188 ubuntu|debian) spa ack-grep ;;
189 arch|fedora) spa ack ;;
190 # fedora unknown
191 esac
192
193 case $distro in
194 arch|debian|ubuntu)
195 spa bash-completion
196 ;;
197 # others unknown
198 esac
199
200
201
202
203
204 # disable motd junk.
205 case $(distro-name) in
206 debian)
207 # allows me to pipe with ssh -t, and gets rid of spam
208 # http://forums.debian.net/viewtopic.php?f=5&t=85822
209 # i'd rather disable the service than comment the init file
210 # this says disabling the service, it will still get restarted
211 # but this script doesn't do anything on restart, so it should be fine
212 s dd of=/var/run/motd.dynamic if=/dev/null
213 # stretch doesn't have initscripts pkg installed by default
214 if [[ $(debian-codename) == jessie ]]; then
215 s update-rc.d motd disable
216 fi
217 ;;
218 ubuntu)
219 # this isn't a complete solution. It still shows me when updates are available,
220 # but it's no big deal.
221 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
222 ;;
223 esac
224
225 # automatic updates
226 # reference:
227 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
228 # /etc/cron.daily/apt calls unattended-upgrades
229 # /usr/share/doc/unattended-upgrades# cat README.md
230 # /etc/apt/apt.conf.d/50unattended-upgrades
231 if isdebian; then
232 setup-debian-auto-update
233 fi
234
235 # we've got a few dependencies later on, so install them now.
236 pi "${simple_packages[@]}"
237 simple_packages=()
238
239 # website setup
240 case $HOSTNAME in
241 lj|li)
242
243 case $HOSTNAME in
244 lj) domain=iank.bid ;;
245 li) domain=iankelling.org ;;
246 esac
247 /a/h/setup.sh $domain
248 /a/h/build.rb
249
250 sudo -E /a/bin/mediawiki-setup/mw-setup-script
251 #$src/phab-setup
252
253 pi-nostart mumble-server
254 s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" mumble-server.ini
255 sgo mumble-server
256
257 echo "$0: $(date): ending now)"
258 exit 0
259 ;;
260 esac
261
262
263 ########### end section including li/lj ###############
264
265
266
267 ## android studio setup
268 # this contains the setting for android sdk to point to
269 # /a/opt/androidsdk, which is asked upon first run
270 lnf /a/opt/.AndroidStudio2.2 ~
271 # android site says it needs a bunch of packages for ubuntu,
272 # but I googled for debian, and someone says you just need lib32stdc++6 plus the
273 # jdk
274 # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
275 # see w.org for more android studio details
276 spa lib32stdc++6 default-jdk
277
278
279 if [[ $HOSTNAME == frodo ]]; then
280 case $distro in
281 ubunut|debian)
282 pi libsqlite3-dev
283 cd /a/opt/duperemove
284 make clean
285 make
286 s make install
287 ;;
288 #others unknown
289 esac
290 fi
291
292 case $distro in
293 arch) pi syncthing ;;
294 ubuntu|debian)
295 # testing has relatively up to date packages
296 if ! isdebian-testing; then
297 # based on error when doing apt-get update:
298 # E: The method driver /usr/lib/apt/methods/https could not be found.
299 pi apt-transport-https
300 # google led me here:
301 # https://apt.syncthing.net/
302 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
303 s="deb http://apt.syncthing.net/ syncthing release"
304 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
305 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
306 p update
307 fi
308 fi
309 pi syncthing
310 ;;
311 esac
312 # installed via f-droid
313 # top right, actions, device id
314 #
315 # for installing on a remote comp:
316 # ssh -L 8384:localhost:8384 -N frodo
317 # went to http://localhost:8384/
318 #
319 # add folder to sync phone,
320 # staggered file versioning would be my normal choice, but choose
321 # trash can versioning for sake of space on phone, with
322 # clean out after 7 days.
323 #
324 # did:
325 # ser start syncthing@ian
326 # then on phone, add device, hit bar code icon,
327 # install bar code scanner.
328
329
330 # no equivalent in other distros:
331 case $distro in
332 debian|ubuntu)
333 # for gui bug reporting
334 spa python-vte
335 ;;
336 esac
337
338
339 ####### misc packages ###########
340
341 if [[ $HOSTNAME == treetowl ]]; then
342 case $distro in
343 debian|ubuntu)
344 # note i had to do this, which is persistent:
345 # cd /i/k
346 # s chgrp debian-transmission torrents partial-torrents
347
348 # syslog says things like
349 # 'Failed to set receive buffer: requested 4194304, got 425984'
350 # google suggets giving it even more than that
351 tu /etc/sysctl.conf<<'EOF'
352 net.core.rmem_max = 67108864
353 net.core.wmem_max = 16777216
354 EOF
355 s sysctl -p
356
357 # some reason it doesn't seem to start automatically anyways
358 pi-nostart transmission-daemon
359 #
360 # config file documented here, and it's the same config
361 # for daemon vs client, so it's documented in the gui.
362 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
363 #
364 # I originaly setup rpc-whitelist, but after using
365 # routing to a network namespace, it doesn't see the
366 # real source address, so it's disabled.
367 #
368 # Changed the cache-size to 128 mb, reduces disk use.
369 # It is a read & write cache.
370 #
371 # todo: setup a password.
372 s ruby <<'EOF'
373 require 'json'
374 p = '/etc/transmission-daemon/settings.json'
375 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
376 'rpc-whitelist-enabled' => false,
377 'rpc-authentication-required' => false,
378 'incomplete-dir' => '/k/partial-torrents',
379 'incomplete-dir-enabled' => true,
380 'download-dir' => '/i/k/torrents',
381 "speed-limit-up" => 800,
382 "speed-limit-up-enabled" => true,
383 "peer-port" => 61486,
384 "cache-size-mb" => 128,
385 "ratio-limit" => 1.4000,
386 "ratio-limit-enabled" => false,
387 "pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
388 })) + "\n")
389 EOF
390
391 # make sure its not enabled, not sure if this is needed
392 ser disable transmission-daemon
393 sgo transmission-daemon-nn
394 ;;
395 # todo: others unknown
396 esac
397 fi
398
399 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
400 if ! getent passwd debian-transmission > /dev/null; then
401 case $distro in
402 arch)
403 s useradd \
404 --system \
405 --create-home \
406 --home-dir /var/lib/transmission-daemon \
407 --shell /bin/false \
408 debian-transmission
409 ;;
410 *)
411 s adduser --quiet \
412 --system \
413 --group \
414 --no-create-home \
415 --disabled-password \
416 --home /var/lib/transmission-daemon \
417 debian-transmission
418 ;;
419 esac
420 fi
421
422 # dunno why it's there, but get rid of it
423 case $HOSTNAME in
424 li|lj) s rm -rf /home/linode ;;
425 esac
426
427 # arch had a default config,
428 # debian had nothing until you start it.
429 # With a little trial an error, here is a minimal config
430 # taken from the generated one, plus changes that the
431 # settings ui does, without a bunch of ui crap settings.
432 #
433 # only settings I set were
434 # hostname
435 # auto-connect
436 for f in /home/*; do
437 d=$f/.config/transmission-remote-gtk
438 u=${f##*/}
439 s -u $u mkdir -p $d
440 s -u $u dd of=$d/config.json <<'EOF'
441 {
442 "profiles" : [
443 {
444 "profile-name" : "Default",
445 "hostname" : "treetowl",
446 "rpc-url-path" : "/transmission/rpc",
447 "username" : "",
448 "password" : "",
449 "auto-connect" : true,
450 "ssl" : false,
451 "timeout" : 40,
452 "retries" : 3,
453 "update-active-only" : false,
454 "activeonly-fullsync-enabled" : false,
455 "activeonly-fullsync-every" : 2,
456 "update-interval" : 3,
457 "min-update-interval" : 3,
458 "session-update-interval" : 60,
459 "exec-commands" : [
460 ],
461 "destinations" : [
462 ]
463 }
464 ],
465 "profile-id" : 0,
466 "add-options-dialog" : false
467 }
468 EOF
469 done
470
471 case $distro in
472 debian|ubuntu)
473 # suggests because we want the resolvconf package.
474 # todo: check other distros to make sure it's installed
475 pi-nostart --install-suggests openvpn
476 # pi-nostart this doesnt seem to be good enough?
477 ser disable openvpn@client
478 ser disable openvpn
479 ;;
480 *) pi openvpn;;
481 esac
482
483 pi wget
484 case $HOSTNAME in
485 tp|frodo)
486 case $distro in
487 debian|ubuntu)
488 log=$(mktemp)
489 cd /a/opt
490 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
491 errallow
492 set -o pipefail
493 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
494 code=$?
495 errcatch
496 case $code in
497 0) : ;;
498 *)
499 # previously I had a more specific search, but dpkg
500 # changed it's output as of 7/2016
501 if grep 'dependency problems' \
502 $log &>/dev/null; then
503 s apt-get -fy install
504 else
505 exit 1
506 fi
507 ;;
508 esac
509 ;;
510 arch)
511 pi google-chrome
512 ;;
513 esac
514 ;;
515 esac
516
517 # printer
518 case $distro in
519 arch)
520 pi cups ghostscript gsfonts # from arch wiki cups page
521 pi hplip # from google
522 s gpasswd -a $USER sys # from arch wiki
523 sgo org.cups.cupsd.service
524 # goto http://127.0.0.1:631
525 # administration tab, add new printer button.
526 # In debian, I could use hte recommended driver,
527 # in arch, I had to pick out the 6L driver.
528 ;;
529 debian|ubuntu)
530 spa hplip
531 ;;
532 # other distros unknown
533 esac
534
535
536 case $distro in
537 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
538 fedora|arch) spa mairix notmuch ;;
539 esac
540 case $distro in
541 arch) spa nfs-utils ;;
542 ubuntu|debian) spa nfs-client ;;
543 esac
544 case $distro in
545 ubuntu|debian) spa par2 ;;
546 arch|fedora) spa par2cmdline ;;
547 esac
548
549 # needed for my tex resume
550 case $distro in
551 ubuntu|debian) spa texlive-full ;;
552 arch) spa texlive-most ;;
553 # fedora unknown
554 esac
555
556 case $distro in
557 ubuntu)
558 # flash, unrar, codecs, ms fonts.
559 # This has a manual prompt.
560 spa ubuntu-restricted-extras
561 ;;
562 fedora)
563 pi yum-utils
564 # rpm fusion recommended codecs
565 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
566 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
567 xine-lib-extras-freeworld
568 ;;
569 esac
570
571 case $distro in
572 # optional dep for firefox for h.264 video
573 arch) spa gst-libav ;;
574 # other distros, probably come by default
575 esac
576
577 case $distro in
578 fedora|ubuntu|debian) spa gnupg-agent ;;
579 arch) : ;;
580 esac
581
582
583 case $distro in
584 fedora) spa pinentry-gtk ;;
585 *) : ;; # comes default or with other packages
586 esac
587
588 case $distro in
589 arch) spa firefox pulseaudio;;
590 *) : ;; # comes default or with other packages
591 esac
592
593
594 case $distro in
595 arch) spa ttf-dejavu;;
596 debian|ubuntu) spa fonts-dejavu ;;
597 # others unknown
598 esac
599
600
601 case $distro in
602 arch) spa xorg-xev;;
603 debian|ubuntu) spa x11-utils ;;
604 # others unknown
605 esac
606
607 case $distro in
608 arch) pi virt-install;;&
609 debian|ubuntu) pi virtinst ;;&
610 *) pi virt-manager ;; # creates the libvirt group in debian at least
611 # others unknown
612 esac
613 # allow user to run vms, from debian handbook
614 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
615 # bridge networking as user fails. google lead here, but it doesn't work:
616 # oh well, I give up.
617 # http://wiki.qemu.org/Features-Done/HelperNetworking
618 # s mkdir /etc/qemu
619 # f=/etc/qemu/bridge.conf
620 # s dd of=$f <<'EOF'
621 # allow br0
622 # EOF
623 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
624 # s chmod 640 $f
625
626
627 case $distro in
628 arch) spa cdrkit;;
629 debian|ubuntu) spa genisoimage;;
630 # others unknown
631 esac
632
633 case $distro in
634 arch) spa spice-gtk3 ;;
635 debian|ubuntu) spa spice-client-gtk;;
636 # others unknown
637 esac
638
639 # general known for debian/ubuntu, not for fedora
640 case $distro in
641 arch)
642 # cdrkit for cloud-init isos
643 # dnsmasq & ebtables for nat networking in libvirt
644 # qemu for qemu-img, bind-tools for dig
645 # dmidecode just because syslog complains
646 pi unzip xorg-xmodmap dmidecode ebtables\
647 bridge-utils dnsmasq qemu bind-tools
648 # otherwise we get error about accessing kvm module.
649 # seems like there might be a better way, but google was a bit vague.
650 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
651 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
652 # https://bbs.archlinux.org/viewtopic.php?id=206206
653 # # this should prolly go in the wiki
654 sgo virtlogd.socket
655 # guessing this is not needed
656 #sgo virtlogd.service
657 sgo libvirtd
658
659 ;;
660 esac
661
662 case $distro in
663 arch) pi virtviewer ;;
664 *) : ;; # other distros have it as a dependency afaik.
665 esac
666
667
668
669 case $distro in
670 fedora) cabal install shellcheck ;;
671 *) spa shellcheck ;;
672 # unknown for older ubuntu
673 esac
674
675
676 case $distro in
677 arch|debian|ubuntu) spa pumpa ;;
678 # others unknown. do have a buildscript:
679 # /a/bin/buildscripts/pumpa ;;
680 esac
681
682
683 case $distro in
684 debian|ubuntu) spa android-tools-adb/unstable ;;
685 arch) spa android-tools ;;
686 # other distros unknown
687 esac
688
689 case $distro in
690 debian)
691 if [[ `debian-archive` == testing ]]; then
692 # has no unstable dependencies
693 spa bitcoin-qt/unstable
694 fi
695 s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
696 ser daemon-reload
697
698 dir=/nocow/.bitcoin
699 s mkdir -p $dir
700 s chown -R bitcoin:bitcoin $dir
701 dir=/etc/bitcoin
702 s mkdir -p $dir
703 s chown -R root:bitcoin $dir
704 s chmod 750 $dir
705 f=$dir/bitcon.conf
706
707 # pruning decreases the bitcoin dir to 2 gb, keeps
708 # just the recent blocks. can't do a few things like
709 # import a wallet dump.
710 # pruning works, but people had to do
711 # some manual stuff in joinmarket. I dun need the
712 # disk space, so not bothering yet, maybe in a year or so.
713 # https://github.com/JoinMarket-Org/joinmarket/issues/431
714 #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
715 #prune=550
716
717 s dd of=$f <<EOF
718 rpcbind=127.0.0.1
719 server=1
720 rpcpassword=$(openssl rand -base64 32)
721 rpcuser=$(openssl rand -base64 32)
722
723 # Joinmarket
724 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
725 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
726 EOF
727 ;;
728 # other distros unknown
729 esac
730 if [[ $HOSTNAME == treetowl ]]; then
731 pi libsodium-dev python3-pip
732 cd /a/opt/joinmarket
733 # using develop branch, as it seems to be mostly bug fixes,
734 # and this is quite new software.
735 # note: python3 does not work.
736 pip install -r requirements.txt
737 # we need bitcoin.conf in the data dir according to
738 # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
739 # following the example .service script, I don\'t have it there,
740 # and I generate it, so lets just symlink it.
741 sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
742
743 # one time, manually did python wallet-tool.py generate.
744 # The "wallet" is just a key which deterministically generates addresses.
745 # One time: move the wallet, then link to it.
746 # ln -s /p/joinmarket/wallet.json wallets
747 #
748 # see wallet addresses via:
749 # python wallet-tool.py wallet.json
750 # send to the first 3 mixing depth 0 addresses.
751 # depths are like "identities", to separate out association with
752 # each other. the big hash in that output is the depth/branch id,
753 # ignore it afaik.
754 #
755 # after sending btc to wallet from a 3rd party service, check that
756 # at least 20% of utxo of each transaction was sent to you,
757 # btc listtransactions 10 0 true
758 # btc getrawtransaction TXID 1
759 #
760 # to view status, do
761 # python wallet-tool.py wallet.json history
762 #
763 # to help make other people,
764 # python yield-generator-basic.py wallet.json
765
766 for var in rpcuser rpcpassword; do
767 u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
768 # escape backslashes
769 u="${u//\\/\\\\\\\\}"
770 # escape commas
771 u="${u//,/\\,}"
772 sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
773 done
774 sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
775
776 # dunno about sharing a wallet between multiple instances
777 # manually did, wallet.dat symlinked in /nocow/.bitcoin
778 sgo bitcoind
779 fi
780
781
782
783
784 # proprietary flash. going without for now
785 # case $distro in
786 # debian)
787 # pi flashplugin-nonfree
788 # esac
789
790
791
792 case $distro in
793 fedora)
794 cd $(mktemp -d)
795 wget http://tamacom.com/global/global-6.3.2.tar.gz
796 ex global*
797 cd global-6.3.2
798 # based on https://github.com/leoliu/ggtags
799 ./configure --with-exuberant-ctags=/usr/bin/ctags
800 make
801 s make install
802 s pip install pygments
803 ;;
804 *)
805 pi global
806 ;;&
807 arch)
808 pi python2-pygments
809 ;;
810 debian|ubuntu)
811 pi python-pygments
812 ;;
813 esac
814
815
816 case $distro in
817 debian)
818 pi task-cinnamon-desktop
819 # in settings, change scrolling to two-finger,
820 # because the default edge scroll doesn\'t work.
821 pu transmission-gtk
822 ;;
823 # others unknown
824 esac
825
826 case $distro in
827 arch) spa apg ;;
828
829 # already in debian jessie
830 esac
831
832
833
834
835 # note this failed running at the beginning of this file,
836 # because no systemd user instance was running.
837 # Doing systemd --user resulted in
838 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
839
840 if isdebian-testing; then
841 # as of 7/2016, has no unstable deps, and is not in testing anymore.
842 pi synergy/unstable
843 else
844 pi synergy
845 fi
846
847 # case $distro in
848 # # ubuntu unknown. probably the same as debian, just check if the
849 # # init scripts come with the package.
850 # debian)
851 # # copied from arch, but moved to etc
852 # s dd of=/etc/systemd/user/synergys.service <<'EOF'
853 # [Unit]
854 # Description=Synergy Server Daemon
855 # After=network.target
856
857 # [Service]
858 # User=%i
859 # ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
860 # Restart=on-failure
861
862 # [Install]
863 # WantedBy=multi-user.target
864 # EOF
865 # s dd of=/etc/systemd/user/synergys.socket <<'EOF'
866 # [Unit]
867 # Conflicts=synergys@.service
868
869 # [Socket]
870 # ListenStream=24800
871 # Accept=false
872
873 # [Install]
874 # WantedBy=sockets.target
875 # EOF
876 # # had this fail with 'Failed to connect to bus: No such file or directory'
877 # # then when I tried it manually, it worked fine...
878 # if ! systemctl --user daemon-reload; then
879 # sleep 2
880 # echo retrying systemd user daemon reload
881 # systemctl --user daemon-reload
882 # fi
883 # ;;&
884 # *)
885 # # taken from arch wiki.
886 # s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
887 # [Unit]
888 # Description=Synergy Client
889 # After=network.target
890
891 # [Service]
892 # User=%i
893 # ExecStart=/usr/bin/synergyc --no-daemon frodo
894 # Restart=on-failure
895 # # per man systemd.unit, StartLimitInterval, by default we
896 # # restart more than 5 times in 10 seconds.
897 # # And this param defaults too 200 miliseconds.
898 # RestartSec=3s
899
900 # [Install]
901 # WantedBy=multi-user.target
902 # EOF
903 # s systemctl daemon-reload
904 # case $HOSTNAME in
905 # x2|treetowl)
906 # ser enable synergyc@ian
907 # ser start synergyc@ian ||: # X might not be running yet
908 # ;;
909 # frodo)
910 # systemctl --user start synergys ||:
911 # systemctl --user enable synergys
912 # ;;
913 # esac
914 # ;;
915 # esac
916
917
918 ######### end misc packages #########
919
920
921 # packages I once used before and liked, but don't want installed now for
922 # various reasons:
923 # python-sqlite is used for offlineimap
924 # lxappearance python-sqlite dolphin paman dconf-editor
925
926
927
928 ######## unfinished
929
930 # todo, finish configuring smart.
931
932 pi smartmontools
933 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
934 # turn on smart. background on options:
935 # first line, -a = test everyting on all devices.
936 # -S on, turn on disk internal saving of vendor specific info,
937 # from google, seems like this is usually already on and fairly standard.
938 # -o on, turn on 4 hour period non-performance degrading testing.
939 # short test daily 2-3am, extended tests Saturdays between 3-4am:
940 sched="-s (S/../.././02|L/../../6/03)"
941 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
942 DEVICESCAN -a -o on -S on -n standby,q $sched \
943 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
944
945 # in the default configuration of at least ubuntu 14.04, resolvconf is
946 # configured to order any nameservers associated with tun* or tap*
947 # before the normal internet interfaces, which means they are always
948 # consulted first. This is often slower and undesirable, ie. local dns
949 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
950 # can do:
951 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
952 # however, this breaks dns lookup for hosts on the openvpn lan.
953 # I can\'t figure out why hosts on the normal lan would not be
954 # broken under the default ordering, except the host I was
955 # testing with previously had an entry in /etc/hosts.
956
957 ############# end unfinished
958
959 ########### misc stuff
960
961
962 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
963 # all things found from looking around the default config
964 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
965 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
966 time-format %H:%M:%S
967 date-format %d/%b/%Y
968 log-file /var/log/apache2/access.log
969 color-scheme 2
970
971 # tip: copy access.log files to a stretch host directory, then run
972 # jessie's goaccess is too old for some options, and it's
973 # not easily installed from a testing.
974 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
975 EOF
976
977
978 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
979 /a/bin/vpn-setup/vpn-mk-client-cert dopub
980 # route lan traffic from inside the network namespace.
981 tu /etc/openvpn/client.conf "route 192.168.1.0 255.255.255.0 net_gateway"
982 fi
983
984
985 case $distro in
986 debian|ubuntu)
987 case `debian-archive` in
988 stable)
989 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
990 Explanation: Allow unison-gtk to be upgraded
991 Package: unison-gtk
992 Pin: release a=unstable
993 Pin-Priority: 500
994 EOF
995 # dont think using testing is needed since I figured out how to
996 # deal with mismatching unison compilers, but I dont
997 # see any reason to revert it, since it only installs
998 # a single package which is primarily a single binary
999 ;;
1000 esac
1001 pi unison/testing
1002 pi unison-gtk/testing # after to make it the default unison
1003 ;;
1004 arch)
1005 pi unison gtk2
1006 ;;
1007 esac
1008
1009 case $distro in
1010 arch)
1011 # default is alsa, doesn\'t work with with pianobar
1012 s dd of=/etc/libao.conf <<'EOF'
1013 default_driver=pulse
1014 EOF
1015 ;;
1016 esac
1017
1018 # note, for jessie, it depends on a higher version of btrfs-tools.
1019 #
1020 # # disabled due to my patch being in btrbk
1021 # case $distro in
1022 # arch|debian|ubuntu) pi btrbk ;;
1023 # # others unknown
1024 # esac
1025 cd /a/opt/btrbk
1026 s make install
1027 spa pv # for progress bar when running interactively.
1028 if [[ $HOSTNAME == treetowl ]]; then
1029 # backup/sync manually on others hosts for now.
1030 sgo btrbk.timer
1031 # note: to see when it was last run,
1032 # ser list-timers
1033 fi
1034
1035 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
1036 # fail2 ban is broken, with a workaround, per
1037 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
1038 # ill wait a while to see if it gets fixed
1039 pi fail2ban
1040 sgo fail2ban
1041 fi
1042
1043
1044
1045
1046
1047 case $distro in
1048 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
1049 esac
1050
1051 # tor
1052 case $distro in
1053 # based on
1054 # https://www.torproject.org/docs/rpms.html.en
1055 # https://www.torproject.org/docs/debian.html.en
1056 # todo: figure out if the running service needs to be restarted upon updates
1057
1058
1059 # todo on fedora: setup non-dev packages
1060 fedora)
1061 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
1062 [tor]
1063 name=Tor experimental repo
1064 enabled=1
1065 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
1066 gpgcheck=1
1067 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1068
1069 [tor-source]
1070 name=Tor experimental source repo
1071 enabled=1
1072 autorefresh=0
1073 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
1074 gpgcheck=1
1075 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1076 EOF
1077
1078 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
1079 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
1080 sgo tor
1081 /a/bin/buildscripts/tor-browser
1082 ;;
1083 ubuntu)
1084 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
1085 gpg --keyserver keys.gnupg.net --recv 886DDD89
1086 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
1087 p update
1088 pi deb.torproject.org-keyring
1089 pi tor
1090 /a/bin/buildscripts/tor-browser
1091 ;;
1092 debian)
1093 pi tor
1094 /a/bin/buildscripts/tor-browser
1095 ;;
1096 arch)
1097 pi tor tor-browser-en
1098 sgo tor
1099 ;;
1100 # ubuntu unknown
1101 esac
1102
1103 # nfs server
1104 case $distro in
1105 fedora)
1106 end_msg <<'EOF'
1107 fedora todo: disable the firewall or find a way to automate it.
1108 there's an unused section in t.org for tramikssion firewall setup
1109
1110 fedora manual config for nfs:
1111 s firewall-config
1112 change to permanent configuration
1113 check the box for nfs
1114 was hard to figure this out, not sure if this is all needed, but
1115 unblock these too
1116 mountd: udp/tcp 20048
1117 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
1118 troubleshooting, unblock things in rpcinfo -p
1119 make sure to reload the firewall to load the persistent configuration
1120
1121
1122 EOF
1123 pi nfs-utils
1124 sgo nfs-server
1125 ;;
1126 debian|ubuntu)
1127 pi nfs-server
1128 ;;
1129 arch)
1130 pi nfs-utils || pending_reboot=true
1131 sgo rpcbind
1132 # this failed until I rebooted
1133 sgo nfs-server
1134 ;;
1135 esac
1136
1137 if [[ $HOSTNAME == treetowl ]]; then
1138 # nohide = export filesystems mounted deeper than the export point
1139 # fsid=0 makes this export the "root" export
1140 # not documented in the man page, but this means
1141 # 1. it can be mounted with a shorthand of server:/
1142 # 2. exports that are subdirectories of this one will automatically be mounted
1143 tu /etc/exports <<'EOF'
1144 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
1145 EOF
1146 s exportfs -rav
1147 fi
1148
1149
1150 e "$end_msg_var"
1151
1152
1153 # persistent virtual machines
1154
1155 case $distro in
1156 debian|ubuntu)
1157 pi libosinfo-bin;
1158 ;;
1159 esac
1160
1161 # distro may not know about win 10 yet.
1162 variant=win7
1163 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1164 for v in 10 8.1 8; do
1165 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1166 variant=win$v
1167 break
1168 fi
1169 done
1170 fi
1171
1172 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1173
1174 # created account with
1175 # win10vmian@outlook.com, and easy to remember password
1176 # win 10 virtio, makes disk way way way faster
1177 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1178 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1179 # for installing virtio after initial install instead of with initial iso:
1180 # qemu-img create -f qcow2 fake.qcow2 1G
1181 # --disk=/a/images/virtio-win.iso,device=cdrom \
1182 # --disk=/a/images/fake.qcow2,bus=virtio
1183 # Also,
1184 # went to device manager, saw 2 pci devices with yellow !,
1185 # did search for drivers, pick cdrom location, done.
1186 #
1187 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1188 # google said there was a control panel option for it, but
1189 # that turned out to be a lie.
1190 # Put this in a .bat file and run as administrator to turn off
1191 # hyberboot which fucks things up.
1192 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1193 # power settings, turn off display: never
1194 # run "control userpasswords2", turn on automatic login.
1195 # note: when changing devices, I just undefine, the create the vm again.
1196
1197 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1198 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1199 -n win10 --import --os-variant $variant --cpu host-model-only
1200
1201 s virsh destroy win10
1202
1203 # this one hasn\'t had the virtio fix done yet.
1204 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1205 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1206 -n win7 --import --os-variant win7 --cpu host-model-only
1207 s virsh destroy win7
1208 # had a problem with --cpu host, so trying out
1209 # --cpu host-model-only
1210
1211 fi
1212
1213
1214 if [[ $HOSTNAME == treetowl ]]; then
1215 pi samba
1216 # note samba re-reads it\'s config every 1 minute
1217 case $distro in
1218 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1219 esac
1220
1221 # add 2 lines after workgroup option
1222 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1223 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1224 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1225 # remove default homes section. not sharing that.
1226 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1227
1228 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1229 s tee -a /etc/samba/smb.conf <<'EOF'
1230 [public]
1231 guest ok = yes
1232 read only = no
1233 path = /kr
1234 EOF
1235 fi
1236
1237 case $distro in
1238 debian|ubuntu)
1239 # systemd claims it generates units from /etc/init.d, but it
1240 # clearly doesn\'t in debian. I have no idea how they are
1241 # related. fuck debian right now. It\'s not documented. samba
1242 # has a systemd init file linked to /dev/null. There\'s this
1243 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1244 # claims samba\'s sub-services will be started automatically by
1245 # systemd... it didn\'t on install, wonder if it will on
1246 # boot. It clued me in how to start it manually though. Nothing
1247 # in /usr/share/doc/samba, debian admin guide says nothing about
1248 # any of this. (this is in debian testing as of 4/2016).
1249
1250 s /etc/init.d/samba start
1251 ;;
1252 arch)
1253 sgo samba
1254 ;;
1255 esac
1256 fi
1257
1258 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1259
1260
1261 ######### begin stuff belonging at the end ##########
1262
1263
1264 # Apps we want to override others for default file handler:
1265 # simplest way in debian is to just install them last.
1266 simple_packages+=(
1267 mpv
1268 )
1269
1270 case $distro in
1271 ubuntu|debian)
1272 spa spacefm-gtk3 ;;
1273 arch)
1274 spa spacefm ;;
1275 esac
1276
1277
1278 pi "${simple_packages[@]}"
1279
1280
1281 if $pending_reboot; then
1282 echo "$0: pending reboot and then finished. doing it now."
1283 s reboot now
1284 else
1285 echo "$0: $(date): ending now)"
1286 fi
~16k lines of my .bashrc + lots of my configs