iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
use better practice to avoid overwriting symlnks
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3 # This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
4 errcatch
5
6 set -x
7
8 exec &> >(sudo tee -a /var/log/distro-end)
9 echo "$0: $(date): starting now)"
10
11 src="${BASH_SOURCE%/*}"
12
13 end_msg() {
14 = local y
15 IFS= read -r -d '' y ||:
16 end_msg_var+="$y"
17 }
18
19 spa() { # simple package add
20 simple_packages+=($@)
21 }
22
23 distro=$(distro-name)
24
25 pending_reboot=false
26
27 # template
28 case $distro in
29 esac
30
31 pup
32
33 simple_packages=(
34 htop
35 mailutils
36 nmon
37 ruby
38 ruby-rest-client
39 tree
40 vim
41 )
42
43 case $HOSTNAME in
44 lj|li) : ;;
45 *)
46 # universal packages
47 # swh-plugins is for karaoke pulsaudio filter.
48 simple_packages+=(
49 apache2
50 bwm-ng
51 chromium
52 duplicity
53 evince
54 fdupes
55 filelight
56 gdb
57 gnome-screenshot
58 jq
59 locate
60 meld
61 offlineimap
62 p7zip
63 paprefs
64 pavucontrol
65 pdfgrep
66 pianobar
67 pidgin
68 rdiff-backup
69 slock
70 squashfs-tools
71 swh-plugins
72 tcpdump
73 transmission-remote-gtk
74 vlc
75 )
76 ;;
77 esac
78
79
80
81 ########### begin section including li ################
82
83
84 case $distro in
85 debian)
86 if [[ `debian-archive` == testing ]]; then
87 pi acme-tiny
88 fi
89 esac
90
91 case $distro in
92 fedora) spa unrar ;;
93 *) spa unrar-free ;;
94 esac
95
96
97 case $distro in
98 arch)
99 # ubuntu 14.04 uses b-cron,
100 # but its not maintained in arch.
101 # of the ones in the main repos, cronie is only one maintained.
102 # fcron appears abandoned software.
103 pi cronie
104 sgo cronie
105 ;;
106 *) : ;; # other distros come with cron.
107 esac
108
109
110 case $distro in
111 debian|ubuntu)
112 pi debian-goodies
113 ;;
114 esac
115
116
117 case $distro in
118 *) pi at ;;&
119 arch) sgo atd ;;
120 esac
121
122
123 case $distro in
124 debian) pi curl;;
125 arch) : ;;
126 # fedora: unknown
127 esac
128
129 case $distro in
130 # tk for gitk
131 arch) spa git tk ;;
132 *) spa git ;;
133 esac
134
135 case $distro in
136 arch) spa the_silver_searcher ;;
137 debian|ubuntu) spa silversearcher-ag ;;
138 # fedora unknown
139 esac
140
141 case $distro in
142 debian|ubuntu) spa ntp;;
143 arch)
144 pi ntp
145 sgo ntpd
146 ;;
147 # others unknown
148 esac
149
150
151 # no equivalent in other distros:
152 case $distro in
153 debian|ubuntu)
154 pi apt-file aptitude
155 s apt-file update
156 # for debconf-get-selections
157 spa debconf-utils
158 ;;
159 esac
160
161 case $distro in
162 ubuntu|debian) spa ack-grep ;;
163 arch|fedora) spa ack ;;
164 # fedora unknown
165 esac
166
167 case $distro in
168 arch|debian|ubuntu)
169 spa bash-completion
170 ;;
171 # others unknown
172 esac
173
174
175
176
177
178 # disable motd junk.
179 case $(distro-name) in
180 debian)
181 # allows me to pipe with ssh -t, and gets rid of spam
182 # http://forums.debian.net/viewtopic.php?f=5&t=85822
183 # i'd rather disable the service than comment the init file
184 # this says disabling the service, it will still get restarted
185 # but this script doesn't do anything on restart, so it should be fine
186 s dd of=/var/run/motd.dynamic if=/dev/null
187 s update-rc.d motd disable
188 ;;
189 ubuntu)
190 # this isn't a complete solution. It still shows me when updates are available,
191 # but it's no big deal.
192 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
193 ;;
194 esac
195
196 # automatic updates
197 # reference:
198 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
199 # /etc/cron.daily/apt calls unattended-upgrades
200 # /usr/share/doc/unattended-upgrades# cat README.md
201 # /etc/apt/apt.conf.d/50unattended-upgrades
202 if isdebian; then
203 debian-setup-auto-update
204 fi
205
206 case $HOSTNAME in
207 lj|li)
208
209 pi "${simple_packages[@]}"
210 case $HOSTNAME in
211 lj) domain=iank.bid ;;
212 li) domain=iankelling.org ;;
213 esac
214 /a/h/setup.sh $domain
215 s rld /a/h/_site/ /var/www/$domain/html
216
217 curl https://$domain/git/?p=mediawiki-setup/.git;a=blob_plain;f=mw-setup-script;hb=HEAD | bash
218 $src/phab-setup
219
220
221 echo "$0: $(date): ending now)"
222 exit 0
223 ;;
224 esac
225
226 ########### end section including li/lj ###############
227
228
229 case $distro in
230 arch) pi syncthing ;;
231 ubuntu|debian)
232 # google led me here:
233 # https://apt.syncthing.net/
234 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
235 s="deb http://apt.syncthing.net/ syncthing release"
236 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
237 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
238 p update
239 fi
240 pi syncthing
241 ;;
242 esac
243 # installed via f-droid
244 # top right, actions, device id
245 #
246 # for installing on a remote comp:
247 # ssh -L 8384:localhost:8384 -N frodo
248 # went to http://localhost:8384/
249 #
250 # add folder to sync phone,
251 # staggered file versioning would be my normal choice, but choose
252 # trash can versioning for sake of space on phone, with
253 # clean out after 7 days.
254 #
255 # did ser syncthing@ian start
256 # then on phone, add device, hit bar code icon,
257 # install bar code scanner.
258
259
260 # no equivalent in other distros:
261 case $distro in
262 debian|ubuntu)
263 # for gui bug reporting
264 spa python-vte
265 ;;
266 esac
267
268
269 ####### misc packages ###########
270
271
272 if [[ $HOSTNAME == frodo ]]; then
273 case $distro in
274 debian|ubuntu)
275 # note i had to do this, which is persistent:
276 # cd /i/k
277 # s chgrp debian-transmission torrents partial-torrents
278
279 # syslog says things like
280 # 'Failed to set receive buffer: requested 4194304, got 425984'
281 # google suggets giving it even more than that
282 tu /etc/sysctl.conf<<'EOF'
283 net.core.rmem_max = 67108864
284 net.core.wmem_max = 16777216
285 EOF
286 s sysctl -p
287
288 # some reason it doesn't seem to start automatically anyways
289 pi-nostart transmission-daemon
290 # config file documented here, and it's the same config
291 # for daemon vs client, so it's documented in the gui.
292 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
293 s ruby <<'EOF'
294 require 'json'
295 p = '/etc/transmission-daemon/settings.json'
296 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
297 'rpc-whitelist' => '127.0.0.1,192.168.1.*',
298 'rpc-authentication-required' => false,
299 'incomplete-dir' => '/i/k/partial-torrents',
300 'download-dir' => '/i/k/torrents',
301 "speed-limit-up" => 700,
302 "speed-limit-up-enabled" => true,
303 "ratio-limit" => 1.4000,
304 "ratio-limit-enabled" => true,
305 })) + "\n")
306 EOF
307 sgo transmission-daemon
308 ;;
309 arch)
310 # todo, setup it's config file & daemon
311 pi transmission-cli
312 ;;
313 esac
314 fi
315
316 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
317 if ! getent passwd debian-transmission > /dev/null; then
318 case $distro in
319 arch)
320 s useradd \
321 --system \
322 --create-home \
323 --home-dir /var/lib/transmission-daemon \
324 --shell /bin/false \
325 debian-transmission
326 ;;
327 *)
328 s adduser --quiet \
329 --system \
330 --group \
331 --no-create-home \
332 --disabled-password \
333 --home /var/lib/transmission-daemon \
334 debian-transmission
335 ;;
336 esac
337 fi
338
339 # dunno why it's there, but get rid of it
340 case $HOSTNAME in
341 li|lj) s rm -rf /home/linode ;;
342 esac
343
344 # arch had a default config,
345 # debian had nothing until you start it.
346 # With a little trial an error, here is a minimal config
347 # taken from the generated one, plus changes that the
348 # settings ui does, without a bunch of ui crap settings.
349 #
350 # only settings I set were
351 # hostname
352 # auto-connect
353 for f in /home/*; do
354 d=$f/.config/transmission-remote-gtk
355 u=${f##*/}
356 s -u $u mkdir -p $d
357 s -u $u dd of=$d/config.json <<'EOF'
358 {
359 "profiles" : [
360 {
361 "profile-name" : "Default",
362 "hostname" : "frodo",
363 "rpc-url-path" : "/transmission/rpc",
364 "username" : "",
365 "password" : "",
366 "auto-connect" : true,
367 "ssl" : false,
368 "timeout" : 40,
369 "retries" : 3,
370 "update-active-only" : false,
371 "activeonly-fullsync-enabled" : false,
372 "activeonly-fullsync-every" : 2,
373 "update-interval" : 3,
374 "min-update-interval" : 3,
375 "session-update-interval" : 60,
376 "exec-commands" : [
377 ],
378 "destinations" : [
379 ]
380 }
381 ],
382 "profile-id" : 0,
383 "add-options-dialog" : false
384 }
385 EOF
386 done
387
388 case $distro in
389 debian|ubuntu)
390 pi-nostart openvpn
391 # pi-nostart this doesnt seem to be good enough?
392 ser disable openvpn@client
393 ser disable openvpn
394 ;;
395 # suggests because we want the resolvconf package
396 *) pi --install-suggests openvpn;;
397 esac
398
399 pi wget
400 case $HOSTNAME in
401 tp|frodo)
402 case $distro in
403 debian|ubuntu)
404 log=$(mktemp)
405 cd /a/opt
406 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
407 errallow
408 set -o pipefail
409 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
410 code=$?
411 errcatch
412 case $code in
413 0) : ;;
414 *)
415 # previously I had a more specific search, but dpkg
416 # changed it's output as of 7/2016
417 if grep 'dependency problems' \
418 $log &>/dev/null; then
419 s apt-get -fy install
420 else
421 exit 1
422 fi
423 ;;
424 esac
425 ;;
426 arch)
427 pi google-chrome
428 ;;
429 esac
430 ;;
431 esac
432
433 # printer
434 case $distro in
435 arch)
436 pi cups ghostscript gsfonts # from arch wiki cups page
437 pi hplip # from google
438 s gpasswd -a $USER sys # from arch wiki
439 sgo org.cups.cupsd.service
440 # goto http://127.0.0.1:631
441 # administration tab, add new printer button.
442 # In debian, I could use hte recommended driver,
443 # in arch, I had to pick out the 6L driver.
444 ;;
445 debian|ubuntu)
446 spa hplip
447 ;;
448 # other distros unknown
449 esac
450
451
452 case $distro in
453 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
454 fedora|arch) spa mairix notmuch ;;
455 esac
456 case $distro in
457 arch) spa nfs-utils ;;
458 ubuntu|debian) spa nfs-client ;;
459 esac
460 case $distro in
461 ubuntu|debian) spa par2 ;;
462 arch|fedora) spa par2cmdline ;;
463 esac
464
465 # needed for my tex resume
466 case $distro in
467 ubuntu|debian) spa texlive-full ;;
468 arch) spa texlive-most ;;
469 # fedora unknown
470 esac
471
472 case $distro in
473 ubuntu)
474 # flash, unrar, codecs, ms fonts.
475 # This has a manual prompt.
476 spa ubuntu-restricted-extras
477 ;;
478 fedora)
479 pi yum-utils
480 # rpm fusion recommended codecs
481 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
482 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
483 xine-lib-extras-freeworld
484 ;;
485 esac
486
487 case $distro in
488 # optional dep for firefox for h.264 video
489 arch) spa gst-libav ;;
490 # other distros, probably come by default
491 esac
492
493 case $distro in
494 fedora|ubuntu|debian) spa gnupg-agent ;;
495 arch) : ;;
496 esac
497
498
499 case $distro in
500 fedora) spa pinentry-gtk ;;
501 *) : ;; # comes default or with other packages
502 esac
503
504 case $distro in
505 arch) spa firefox pulseaudio;;
506 *) : ;; # comes default or with other packages
507 esac
508
509
510 case $distro in
511 arch) spa ttf-dejavu;;
512 debian|ubuntu) spa fonts-dejavu ;;
513 # others unknown
514 esac
515
516
517 case $distro in
518 arch) spa xorg-xev;;
519 debian|ubuntu) spa x11-utils ;;
520 # others unknown
521 esac
522
523 case $distro in
524 arch) pi virt-install;;&
525 debian|ubuntu) pi virtinst ;;&
526 *) pi virt-manager ;; # creates the libvirt group in debian at least
527 # others unknown
528 esac
529 # allow user to run vms, from debian handbook
530 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
531 # bridge networking as user fails. google lead here, but it doesn't work:
532 # oh well, I give up.
533 # http://wiki.qemu.org/Features-Done/HelperNetworking
534 # s mkdir /etc/qemu
535 # f=/etc/qemu/bridge.conf
536 # s dd of=$f <<'EOF'
537 # allow br0
538 # EOF
539 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
540 # s chmod 640 $f
541
542
543 case $distro in
544 arch) spa cdrkit;;
545 debian|ubuntu) spa genisoimage;;
546 # others unknown
547 esac
548
549 case $distro in
550 arch) spa spice-gtk3 ;;
551 debian|ubuntu) spa spice-client-gtk;;
552 # others unknown
553 esac
554
555 # general known for debian/ubuntu, not for fedora
556 case $distro in
557 arch)
558 # cdrkit for cloud-init isos
559 # dnsmasq & ebtables for nat networking in libvirt
560 # qemu for qemu-img, bind-tools for dig
561 # dmidecode just because syslog complains
562 pi unzip xorg-xmodmap dmidecode ebtables\
563 bridge-utils dnsmasq qemu bind-tools
564 # otherwise we get error about accessing kvm module.
565 # seems like there might be a better way, but google was a bit vague.
566 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
567 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
568 # https://bbs.archlinux.org/viewtopic.php?id=206206
569 # # this should prolly go in the wiki
570 sgo virtlogd.socket
571 # guessing this is not needed
572 #sgo virtlogd.service
573 sgo libvirtd
574
575 ;;
576 esac
577
578 case $distro in
579 arch) pi virtviewer ;;
580 *) : ;; # other distros have it as a dependency afaik.
581 esac
582
583
584
585 case $distro in
586 fedora) cabal install shellcheck ;;
587 *) spa shellcheck ;;
588 # unknown for older ubuntu
589 esac
590
591
592 case $distro in
593 arch|debian|ubuntu) spa pumpa ;;
594 # others unknown. do have a buildscript:
595 # /a/bin/buildscripts/pumpa ;;
596 esac
597
598
599 case $distro in
600 debian|ubuntu) spa android-tools-adb/unstable ;;
601 arch) spa android-tools ;;
602 # other distros unknown
603 esac
604
605 case $distro in
606 debian)
607 if [[ `debian-archive` == testing ]]; then
608 # has no unstable dependencies
609 spa bitcoin-qt/unstable
610 fi
611 ;;
612 # other distros unknown
613 esac
614
615
616 # proprietary flash. going without for now
617 # case $distro in
618 # debian)
619 # pi flashplugin-nonfree
620 # esac
621
622
623
624 case $distro in
625 fedora)
626 cd $(mktemp -d)
627 wget http://tamacom.com/global/global-6.3.2.tar.gz
628 ex global*
629 cd global-6.3.2
630 # based on https://github.com/leoliu/ggtags
631 ./configure --with-exuberant-ctags=/usr/bin/ctags
632 make
633 s make install
634 s pip install pygments
635 ;;
636 *)
637 pi global
638 ;;&
639 arch)
640 pi python2-pygments
641 ;;
642 debian|ubuntu)
643 pi python-pygments
644 ;;
645 esac
646
647
648 case $distro in
649 debian)
650 pi task-cinnamon-desktop
651 # in settings, change scrolling to two-finger,
652 # because the default edge scroll doesn\'t work.
653 pu transmission-gtk
654 ;;
655 # others unknown
656 esac
657
658 case $distro in
659 arch) spa apg ;;
660
661 # already in debian jessie
662 esac
663
664
665
666
667 # note this failed running at the beginning of this file,
668 # because no systemd user instance was running.
669 # Doing systemd --user resulted in
670 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
671 case $distro in
672 # ubuntu unknown. probably the same as debian, just check if the
673 # init scripts come with the package.
674 debian)
675 # copied from arch, but moved to etc
676 s dd of=/etc/systemd/user/synergys.service <<'EOF'
677 [Unit]
678 Description=Synergy Server Daemon
679 After=network.target
680
681 [Service]
682 User=%i
683 ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
684 Restart=on-failure
685
686 [Install]
687 WantedBy=multi-user.target
688 EOF
689 s dd of=/etc/systemd/user/synergys.socket <<'EOF'
690 [Unit]
691 Conflicts=synergys@.service
692
693 [Socket]
694 ListenStream=24800
695 Accept=false
696
697 [Install]
698 WantedBy=sockets.target
699 EOF
700 ;;&
701 *)
702 pi synergy
703 # taken from arch wiki.
704 s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
705 [Unit]
706 Description=Synergy Client
707 After=network.target
708
709 [Service]
710 User=%i
711 ExecStart=/usr/bin/synergyc --no-daemon treetowl
712 Restart=on-failure
713 # per man systemd.unit, StartLimitInterval, by default we
714 # restart more than 5 times in 10 seconds.
715 # And this param defaults too 200 miliseconds.
716 RestartSec=3s
717
718 [Install]
719 WantedBy=multi-user.target
720 EOF
721 case $HOSTNAME in
722 frodo)
723 ser enable synergyc@ian
724 ser start synergyc@ian ||: # X might not be running yet
725 systemctl --user start synergys ||:
726 systemctl --user enable synergys
727 ;;
728 treetowl) systemctl --user enable synergys ;;
729 esac
730 ;;
731 esac
732
733
734 ######### end misc packages #########
735
736
737 # packages I once used before and liked, but don't want installed now for
738 # various reasons:
739 # python-sqlite is used for offlineimap
740 # lxappearance python-sqlite dolphin paman dconf-editor
741
742
743
744 ######## unfinished
745
746 # todo, finish configuring smart.
747
748 pi smartmontools
749 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
750 # turn on smart. background on options:
751 # first line, -a = test everyting on all devices.
752 # -S on, turn on disk internal saving of vendor specific info,
753 # from google, seems like this is usually already on and fairly standard.
754 # -o on, turn on 4 hour period non-performance degrading testing.
755 # short test daily 2-3am, extended tests Saturdays between 3-4am:
756 sched="-s (S/../.././02|L/../../6/03)"
757 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
758 DEVICESCAN -a -o on -S on -n standby,q $sched\
759 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
760
761 # in the default configuration of at least ubuntu 14.04, resolvconf is
762 # configured to order any nameservers associated with tun* or tap*
763 # before the normal internet interfaces, which means they are always
764 # consulted first. This is often slower and undesirable, ie. local dns
765 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
766 # can do:
767 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
768 # however, this breaks dns lookup for hosts on the openvpn lan.
769 # I can\'t figure out why hosts on the normal lan would not be
770 # broken under the default ordering, except the host I was
771 # testing with previously had an entry in /etc/hosts.
772
773 ############# end unfinished
774
775 ########### misc stuff
776
777
778 if ! sudo test -e /etc/openvpn/client.key; then
779 /a/bin/vpn-setup/vpn-mk-client-cert
780 fi
781
782
783 case $distro in
784 debian|ubuntu)
785 case `debian-archive` in
786 stable)
787 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
788 Explanation: Allow unison-gtk to be upgraded
789 Package: unison-gtk
790 Pin: release a=unstable
791 Pin-Priority: 500
792 EOF
793 # dont think using testing is needed since I figured out how to
794 # deal with mismatching unison compilers, but I dont
795 # see any reason to revert it, since it only installs
796 # a single package which is primarily a single binary
797 ;;
798 esac
799 pi unison/testing
800 pi unison-gtk/testing # after to make it the default unison
801 ;;
802 arch)
803 pi unison gtk2
804 ;;
805 esac
806
807 case $distro in
808 arch)
809 # default is alsa, doesn\'t work with with pianobar
810 s dd of=/etc/libao.conf <<'EOF'
811 default_driver=pulse
812 EOF
813 ;;
814 esac
815
816 # not using it atm, and for jessie, it depends on a higher version of btrfs-tools
817 # case $distro in
818 # arch|debian|ubuntu) pi btrbk ;;
819 # # others unknown
820 # esac
821
822 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
823 # fail2 ban is broken, with a workaround, per
824 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
825 # ill wait a while to see if it gets fixed
826 pi fail2ban
827 sgo fail2ban
828 fi
829
830
831
832
833
834 case $distro in
835 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
836 esac
837
838 # tor
839 case $distro in
840 # based on
841 # https://www.torproject.org/docs/rpms.html.en
842 # https://www.torproject.org/docs/debian.html.en
843 # todo: figure out if the running service needs to be restarted upon updates
844
845
846 # todo on fedora: setup non-dev packages
847 fedora)
848 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
849 [tor]
850 name=Tor experimental repo
851 enabled=1
852 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
853 gpgcheck=1
854 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
855
856 [tor-source]
857 name=Tor experimental source repo
858 enabled=1
859 autorefresh=0
860 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
861 gpgcheck=1
862 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
863 EOF
864
865 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
866 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
867 sgo tor
868 /a/bin/buildscripts/tor-browser
869 ;;
870 ubuntu)
871 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
872 gpg --keyserver keys.gnupg.net --recv 886DDD89
873 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
874 p update
875 pi deb.torproject.org-keyring
876 pi tor
877 /a/bin/buildscripts/tor-browser
878 ;;
879 debian)
880 pi tor
881 /a/bin/buildscripts/tor-browser
882 ;;
883 arch)
884 pi tor tor-browser-en
885 sgo tor
886 ;;
887 # ubuntu unknown
888 esac
889
890 # nfs server
891 case $distro in
892 fedora)
893 end_msg <<'EOF'
894 fedora todo: disable the firewall or find a way to automate it.
895 there's an unused section in t.org for tramikssion firewall setup
896
897 fedora manual config for nfs:
898 s firewall-config
899 change to permanent configuration
900 check the box for nfs
901 was hard to figure this out, not sure if this is all needed, but
902 unblock these too
903 mountd: udp/tcp 20048
904 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
905 troubleshooting, unblock things in rpcinfo -p
906 make sure to reload the firewall to load the persistent configuration
907
908
909 EOF
910 pi nfs-utils
911 sgo nfs-server
912 ;;
913 debian|ubuntu)
914 pi nfs-server
915 ;;
916 arch)
917 pi nfs-utils || pending_reboot=true
918 sgo rpcbind
919 # this failed until I rebooted
920 sgo nfs-server
921 ;;
922 esac
923
924 if [[ $HOSTNAME == frodo ]]; then
925 tu /etc/exports <<'EOF'
926 /k 192.168.1.0/24(rw,nohide,no_subtree_check,insecure)
927 EOF
928 s exportfs -rav
929 fi
930
931 if [[ -e /k/video ]]; then
932 # nohide = export filesystems mounted deeper than the export point
933 # fsid=0 makes this export the "root" export
934 # not documented in the man page, but this means
935 # 1. it can be mounted with a shorthand of server:/
936 # 2. exports that are subdirectories of this one will automatically be mounted
937 tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
938 s exportfs -rav
939 showmount -e localhost
940 fi
941
942
943
944 e "$end_msg_var"
945
946
947 # persistent virtual machines
948
949 case $distro in
950 debian|ubuntu)
951 pi libosinfo-bin;
952 ;;
953 esac
954
955 # distro may not know about win 10 yet.
956 variant=win7
957 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
958 for v in 10 8.1 8; do
959 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
960 variant=win$v
961 break
962 fi
963 done
964 fi
965
966 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
967
968 # created account with
969 # win10vmian@outlook.com, and easy to remember password
970 # win 10 virtio, makes disk way way way faster
971 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
972 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
973 # for installing virtio after initial install instead of with initial iso:
974 # qemu-img create -f qcow2 fake.qcow2 1G
975 # --disk=/a/images/virtio-win.iso,device=cdrom \
976 # --disk=/a/images/fake.qcow2,bus=virtio
977 # Also,
978 # went to device manager, saw 2 pci devices with yellow !,
979 # did search for drivers, pick cdrom location, done.
980 #
981 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
982 # google said there was a control panel option for it, but
983 # that turned out to be a lie.
984 # Put this in a .bat file and run as administrator to turn off
985 # hyberboot which fucks things up.
986 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
987 # power settings, turn off display: never
988 # run "control userpasswords2", turn on automatic login.
989 # note: when changing devices, I just undefine, the create the vm again.
990
991 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
992 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
993 -n win10 --import --os-variant $variant --cpu host-model-only
994
995 s virsh destroy win10
996
997 # this one hasn\'t had the virtio fix done yet.
998 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
999 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1000 -n win7 --import --os-variant win7 --cpu host-model-only
1001 s virsh destroy win7
1002 # had a problem with --cpu host, so trying out
1003 # --cpu host-model-only
1004
1005 fi
1006
1007
1008 pi samba
1009 # note samba re-reads it's config every 1 minute
1010 case $distro in
1011 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1012 esac
1013
1014 # add 2 lines after workgroup option
1015 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1016 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1017 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1018 # remove default homes section. not sharing that.
1019 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1020
1021 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1022 s tee -a /etc/samba/smb.conf <<'EOF'
1023 [public]
1024 guest ok = yes
1025 read only = no
1026 path = /kfrodo
1027 EOF
1028 fi
1029
1030 case $distro in
1031 debian|ubuntu)
1032 # systemd claims it generates units from /etc/init.d, but it clearly doesn't
1033 # in debian. I have no idea how they are related. fuck debian right now. It's
1034 # not documented. samba has a systemd init file linked to /dev/null.
1035 # There's this https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1036 # claims samba's sub-services will be started automatically by systemd... it
1037 # didn't on install, wonder if it will on boot. It clued me in how to start
1038 # it manually though. Nothing in /usr/share/doc/samba, debian admin guide
1039 # says nothing about any of this. (this is in debian testing as of 4/2016).
1040
1041 s /etc/init.d/samba start
1042 ;;
1043 arch)
1044 sgo samba
1045 ;;
1046 esac
1047
1048 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1049
1050
1051
1052 rootdev=$(mount | sed -rn 's#^(\S+) on / .*#\1#p')
1053 s mkdir /mnt/root
1054 tu /etc/fstab <<< "$rootdev /mnt/root btrfs noatime,subvolid=0 0 0"
1055 mountpoint /mnt/root || s mount /mnt/root
1056 idev=$(mount | sed -rn 's#^(\S+) on /i .*#\1#p')
1057 if [[ $idev != $rootdev ]]; then
1058 s mkdir /mnt/iroot
1059 tu /etc/fstab <<< "$idev /mnt/iroot btrfs noatime,subvolid=0 0 0"
1060 mountpoint /mnt/iroot || s mount /mnt/iroot
1061 fi
1062
1063
1064 ######### begin stuff belonging at the end ##########
1065
1066
1067 # Apps we want to override others for default file handler:
1068 # simplest way in debian is to just install them last.
1069 simple_packages+=(
1070 mpv
1071 )
1072
1073 case $distro in
1074 ubuntu|debian)
1075 spa spacefm-gtk3 ;;
1076 arch)
1077 spa spacefm ;;
1078 esac
1079
1080
1081 pi "${simple_packages[@]}"
1082
1083
1084 if $pending_reboot; then
1085 echo "$0: pending reboot and then finished. doing it now."
1086 s reboot now
1087 else
1088 echo "$0: $(date): ending now)"
1089 fi
~16k lines of my .bashrc + lots of my configs