iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
minor fixes, indenting
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35 distro=$(distro-name)
36
37 pending_reboot=false
38 sed="sed --follow-symlinks"
39
40 # template
41 case $distro in
42 esac
43
44 pup
45
46 simple_packages=(
47 htop
48 mailutils
49 nmon
50 rdiff-backup
51 ruby
52 ruby-rest-client
53 tree
54 vim
55 wcd
56 )
57
58 case $HOSTNAME in
59 lj|li) : ;;
60 *)
61 # universal packages
62 # swh-plugins is for karaoke pulsaudio filter.
63 # mutagen for pithos
64 simple_packages+=(
65 apache2
66 apache2-doc
67 apt-doc
68 aptitude-doc-en
69 bash-doc
70 binutils-doc
71 bwm-ng
72 chromium
73 cpio-doc
74 cron
75 debconf-doc
76 duplicity
77 eclipse
78 evince
79 fdupes
80 feh
81 filelight
82 gawk-doc
83 gcc-doc
84 gdb
85 gdb-doc
86 git-doc
87 git-email
88 gitk
89 glibc-doc
90 goaccess
91 gnome-screenshot
92 i3lock
93 iproute2-doc
94 jq
95 linux-doc
96 locate
97 make-doc
98 manpages
99 manpages-dev
100 meld
101 mumble
102 nmap
103 offlineimap
104 p7zip
105 paprefs
106 parted-doc
107 pavucontrol
108 pdfgrep
109 perl-doc
110 pianobar
111 pidgin
112 python3-doc
113 python3-mutagen
114 reportbug
115 sqlite3-doc
116 squashfs-tools
117 swh-plugins
118 tar-doc
119 tcpdump
120 transmission-remote-gtk
121 vlc
122 whois
123 )
124 spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
125 ;;
126 esac
127
128
129 ########### begin section including li ################
130
131
132 case $distro in
133 debian)
134 if [[ `debian-archive` == testing ]]; then
135 pi acme-tiny
136 fi
137 esac
138
139 case $distro in
140 fedora) spa unrar ;;
141 *) spa unrar-free ;;
142 esac
143
144
145 case $distro in
146 arch)
147 # ubuntu 14.04 uses b-cron,
148 # but its not maintained in arch.
149 # of the ones in the main repos, cronie is only one maintained.
150 # fcron appears abandoned software.
151 pi cronie
152 sgo cronie
153 ;;
154 *) : ;; # other distros come with cron.
155 esac
156
157
158 case $distro in
159 debian|ubuntu)
160 pi debian-goodies
161 ;;
162 esac
163
164
165 case $distro in
166 *) pi at ;;&
167 arch) sgo atd ;;
168 esac
169
170
171 case $distro in
172 debian) pi curl;;
173 arch) : ;;
174 # fedora: unknown
175 esac
176
177 case $distro in
178 # tk for gitk
179 arch) spa git tk ;;
180 *) spa git ;;
181 esac
182
183 case $distro in
184 arch) spa the_silver_searcher ;;
185 debian|ubuntu) spa silversearcher-ag ;;
186 # fedora unknown
187 esac
188
189 case $distro in
190 debian|ubuntu) spa ntp;;
191 arch)
192 pi ntp
193 sgo ntpd
194 ;;
195 # others unknown
196 esac
197
198
199 # no equivalent in other distros:
200 case $distro in
201 debian|ubuntu)
202 pi aptitude
203 if ! dpkg -s apt-file &>/dev/null; then
204 # this condition is just a speed optimization
205 pi apt-file
206 s apt-file update
207 fi
208 # for debconf-get-selections
209 spa debconf-utils
210 ;;
211 esac
212
213 case $distro in
214 ubuntu|debian) spa ack-grep ;;
215 arch|fedora) spa ack ;;
216 # fedora unknown
217 esac
218
219 case $distro in
220 arch|debian|ubuntu)
221 spa bash-completion
222 ;;
223 # others unknown
224 esac
225
226
227
228
229
230 # disable motd junk.
231 case $(distro-name) in
232 debian)
233 # allows me to pipe with ssh -t, and gets rid of spam
234 # http://forums.debian.net/viewtopic.php?f=5&t=85822
235 # i'd rather disable the service than comment the init file
236 # this says disabling the service, it will still get restarted
237 # but this script doesn't do anything on restart, so it should be fine
238 s dd of=/var/run/motd.dynamic if=/dev/null
239 # stretch doesn't have initscripts pkg installed by default
240 if [[ $(debian-codename) == jessie ]]; then
241 s update-rc.d motd disable
242 fi
243 ;;
244 ubuntu)
245 # this isn't a complete solution. It still shows me when updates are available,
246 # but it's no big deal.
247 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
248 ;;
249 esac
250
251 # automatic updates
252 # reference:
253 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
254 # /etc/cron.daily/apt calls unattended-upgrades
255 # /usr/share/doc/unattended-upgrades# cat README.md
256 # /etc/apt/apt.conf.d/50unattended-upgrades
257 if isdebian; then
258 setup-debian-auto-update
259 fi
260
261 # we've got a few dependencies later on, so install them now.
262 pi "${simple_packages[@]}"
263 simple_packages=()
264
265 # website setup
266 case $HOSTNAME in
267 lj|li)
268
269 case $HOSTNAME in
270 lj) domain=iank.bid; exit 0 ;;
271 li) domain=iankelling.org ;;
272 esac
273 /a/h/setup.sh $domain
274 /a/h/build.rb
275
276 sudo -E /a/bin/mediawiki-setup/mw-setup-script
277 #$src/phab-setup
278
279 pi-nostart mumble-server
280 s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
281 sgo mumble-server
282
283 vpn-server-setup -d
284
285 sudo dd of=/etc/systemd/system/vpnmail.service <<EOF
286 [Unit]
287 Description=Turns on iptables mail nat
288
289 [Service]
290 Type=oneshot
291 RemainAfterExit=yes
292 ExecStart=/a/bin/distro-setup/vpn-mail-forward start
293 ExecStop=/a/bin/distro-setup/vpn-mail-forward stop
294
295 [Install]
296 WantedBy=openvpn.service
297 EOF
298 ser daemon-reload
299 ser enable vpnmail.service
300 acme-tiny-wrapper mail.iankelling.org
301 # needed for li's local mail delivery. there might
302 # be a better way to do it that doesn't require disabling
303 # it during le verification, but whatever for now.
304 f=/etc/cron.daily/lets-encrypt-mail_iankelling_org
305 l="10.8.0.4 mail.iankelling.org"
306 tu /etc/hosts <<<"$l"
307 s sed -i '/^\s*sysv acme-tiny-wrapper/i sed -i /^10\.8\.0\.4/d /etc/hosts' $f
308 echo "echo $l >>/etc/hosts" | s tee -a $f
309 sgo openvpn
310 domain=cal.iankelling.org
311 acme-tiny-wrapper $domain
312 apache-site -f 10.8.0.4:5232 - $domain <<'EOF'
313 #https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
314 <Directory "/var/www/cal.iankelling.org/html">
315 Options +FollowSymLinks +Multiviews +Indexes
316 AllowOverride None
317 AuthType basic
318 AuthName "Authentication Required"
319 # setup one time, with root:www-data, 640
320 AuthUserFile "/etc/caldav-htpasswd"
321 Require valid-user
322 </Directory>
323 EOF
324 # nginx version of above would be:
325 # auth_basic "Not currently available";
326 # auth_basic_user_file /etc/nginx/caldav/htpasswd;
327
328
329 ########## begin pump.io setup ##########
330
331 # once pump adds a logrotation script, turn off nologger,
332 # and add
333 # "logfile": "/var/log/pumpio/pumpio.log",
334 #
335 s dd of=/etc/pump.io.json <<'EOF'
336 {
337 "secret": "SECRET_REPLACE_ME",
338 "driver": "mongodb",
339 "params": { "dbname": "pumpio" },
340 "noweb": false,
341 "site": "pump.iankelling.org",
342 "owner": "Ian Kelling",
343 "ownerURL": "https://iankelling.org/",
344 "port": 8001,
345 "urlPort": 443,
346 "hostname": "pump.iankelling.org",
347 "nologger": true,
348 "datadir": "/home/pumpio/pumpdata",
349 "enableUploads": true,
350 "debugClient": false,
351 "disableRegistration": true,
352 "noCDN": true,
353 "key": "/home/pumpio/pump.iankelling.org-domain.key",
354 "cert": "/home/pumpio/pump.iankelling.org-chained.pem",
355 "address": "localhost",
356 "sockjs": false
357 }
358 EOF
359 s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
360
361 # jessie\'s node is too old
362 # https://nodejs.org/en/download/package-manager/
363 curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
364 pi nodejs
365 cd /home/ian
366 rm -rf pump.io.git
367 git clone https://github.com/pump-io/pump.io.git
368 cd pump.io
369 # note: doing this or the npm install pump.io as root had problems.
370 npm install
371 npm run build
372 # normally, next command would be
373 # s npm install -g databank-mongodb
374 # but it\'s this until a bug in pump gets fixed
375 s npm install -g databank-mongodb@0.19.2
376 s useradd -m -s /bin/false pumpio
377 sudo -u pumpio mkdir -p /home/pumpio/pumpdata
378 # for testing browser when only listening to localhost,
379 # in the pump.io.json, set hostname localhost, urlPort 5233
380 #ssh -L 5233:localhost:5233 li
381 acme-tiny-wrapper -c /home/pumpio pump.iankelling.org
382
383 s mkdir -p /var/log/pumpio/
384 s chown pumpio:pumpio /var/log/pumpio/
385
386 apache-site -c /home/pumpio - pump.iankelling.org <<'EOF'
387 # currently a bug in pump that we cant terminate ssl
388 SSLProxyEngine On
389 ProxyPreserveHost On
390 ProxyPass / https://127.0.0.1:8001/
391 ProxyPassReverse / https://127.0.0.1:8001/
392 # i have sockjs disabled per people suggesting that
393 # it won\'t work with apache right now.
394 # not sure if it would work with this,
395 # but afaik, this is pointless atm.
396 <Location /main/realtime/sockjs/>
397 ProxyPass wss://127.0.0.1:8001/main/realtime/sockjs/
398 ProxyPassReverse wss://127.0.0.1:8001/main/realtime/sockjs/
399 </Location>
400 EOF
401
402 s dd of=/etc/systemd/system/pump.service <<'EOF'
403 [Unit]
404 Description=pump.io
405 After=syslog.target network.target
406
407 [Service]
408 Type=simple
409 User=pumpio
410 Group=pumpio
411 ExecStart=/home/ian/pump.io/bin/pump
412 Environment=NODE_ENV=production
413 # failed to find databank-mongodb without this.
414 # I just looked at my environment variables took a guess.
415 Environment=NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
416
417 [Install]
418 WantedBy=multi-user.target
419 EOF
420 ser daemon-reload
421 sgo pump
422 ########## end pump.io setup ############
423
424 echo "$0: $(date): ending now)"
425 exit 0
426 ;;
427 esac
428
429
430 ########### end section including li/lj ###############
431
432 # pump.io periodic backup
433 if [[ $HOSTNAME == treetowl ]]; then
434 s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
435 [Unit]
436 Description=pump li backup
437 After=multi-user.target
438
439 [Service]
440 User=ian
441 Type=oneshot
442 ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
443 EOF
444
445 s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF'
446 [Unit]
447 Description=pump li backup hourly
448
449 [Timer]
450 OnCalendar=hourly
451
452 [Install]
453 WantedBy=timers.target
454 EOF
455 s systemctl daemon-reload
456 sgo pumpbackup.timer
457 fi
458
459 case $distro in
460 debian|ubuntu)
461 # suggests because we want the resolvconf package.
462 # todo: check other distros to make sure it\'s installed
463 pi-nostart --install-suggests openvpn
464 # pi-nostart does not disable
465 ser disable openvpn
466 ;;
467 *) pi openvpn;;
468 esac
469
470 if private-host; then
471 vpn-mk-client-cert -n mail li
472 cn=$(s openssl x509 -noout -nameopt multiline -subject \
473 -in /etc/openvpn/client/mail.crt | \
474 sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p')
475 echo "ifconfig-push 10.8.0.4 255.255.255.0" | \
476 ssh root@li dd of=/etc/openvpn/client-config/"$cn"
477 fi
478 ser enable mailroute
479 if [[ $HOSTNAME == treetowl ]]; then
480 # note, this will need to be changed when the mail/contacts host changes
481 sgo openvpn-client@mail
482 /a/bin/distro-setup/radicale-setup
483 fi
484
485 ## android studio setup
486 # this contains the setting for android sdk to point to
487 # /a/opt/androidsdk, which is asked upon first run
488 lnf /a/opt/.AndroidStudio2.2 ~
489 # android site says it needs a bunch of packages for ubuntu,
490 # but I googled for debian, and someone says you just need lib32stdc++6 plus the
491 # jdk
492 # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
493 # see w.org for more android studio details
494 spa lib32stdc++6 default-jdk
495
496
497 if [[ $HOSTNAME == treetowl ]]; then
498 # It\'s simpler to just worry about running it in one place for now.
499 # I assume it would work to clone it\'s config to another non-phone
500 # and just run it in one place instead of the normal having a
501 # separate config. I lean toward using the same config, since btrfs
502 # syncs between comps.
503 case $distro in
504 arch) pi syncthing ;;
505 ubuntu|debian)
506 # testing has relatively up to date packages
507 if ! isdebian-testing; then
508 # based on error when doing apt-get update:
509 # E: The method driver /usr/lib/apt/methods/https could not be found.
510 pi apt-transport-https
511 # google led me here:
512 # https://apt.syncthing.net/
513 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
514 s="deb http://apt.syncthing.net/ syncthing release"
515 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
516 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
517 p update
518 fi
519 fi
520 pi syncthing
521 ;;
522 esac
523 lnf -T /w/syncthing /home/ian/.config/syncthing
524 sgo syncthing@ian # runs as ian
525
526 # these things persist in ~/.config/syncthing, which I save in
527 # /w/syncthing (not in /p, because syncthing should continue to
528 # run on home server even when using laptop as primary device)
529 # open http://localhost:8384/
530 # change listen address from default to tcp://:22001,
531 # this is because we do port forward so it doesn\'t have to use
532 # some external server, but the syncthing is broken for port forward,
533 # you get a message, something "like connected to myself, this should not happen"
534 # when connecting to other local devices, so I bump the port up by 1,
535 # based on
536 # https://forum.syncthing.net/t/connected-to-myself-should-not-happen/1763/19.
537 # Without this, it was being stuck syncing at 0%.
538 # Set gui username and password.
539 #
540 # install syncthing via f-droid,
541 # folder setting, turn off master folder (makes it read only).
542 # on phone, add device, click bar code icon
543 # on dekstop, top right, actions, device id
544 # after adding, notification will appear on desktop to confirm
545 #
546 # syncing folder. from phone to desktop: select desktop in the
547 # folder on phone\'s sync options, notification will appear in
548 # desktop\'s web ui within a minute. For the reverse, the
549 # notification will appear in android\'s notifications, you have to
550 # swipe down and tap it to add the folder. It won\'t appear in the
551 # syncthing ui, which would be intuitive, but don\'t wait for it
552 # there.
553 #
554 # On phone, set settings to run syncthing all the time, and
555 # show no notification.
556 #
557 # Folder versioning would make sense if I didn\'t already use btrfs
558 # for backups. I would choose staggered, or trash can for more space.
559 #
560 # if needed to install on a remote comp:
561 # ssh -L 8384:localhost:8384 -N frodo
562 # open http://localhost:8384/
563 #
564 # Note, the other thing i did was port forward port 22000,
565 # per https://docs.syncthing.net/users/firewall.html
566 fi
567
568
569
570 # no equivalent in other distros:
571 case $distro in
572 debian|ubuntu)
573 # for gui bug reporting
574 spa python-vte
575 ;;
576 esac
577
578
579 ####### misc packages ###########
580
581 if [[ $HOSTNAME == treetowl ]]; then
582 case $distro in
583 debian|ubuntu)
584 # note i had to do this, which is persistent:
585 # cd /i/k
586 # s chgrp debian-transmission torrents partial-torrents
587
588 # syslog says things like
589 # 'Failed to set receive buffer: requested 4194304, got 425984'
590 # google suggets giving it even more than that
591 tu /etc/sysctl.conf<<'EOF'
592 net.core.rmem_max = 67108864
593 net.core.wmem_max = 16777216
594 EOF
595 s sysctl -p
596
597 # some reason it doesn\'t seem to start automatically anyways
598 pi-nostart transmission-daemon
599
600 # the folder was moved here after an install around 02/2017.
601 # it contains runtime data,
602 # plus a simple symlink to the config file which it\'s
603 # not worth separating out.
604 s lnf -T /i/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
605 #
606 # config file documented here, and it\'s the same config
607 # for daemon vs client, so it\'s documented in the gui.
608 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
609 #
610 # I originaly setup rpc-whitelist, but after using
611 # routing to a network namespace, it doesn\'t see the
612 # real source address, so it\'s disabled.
613 #
614 # Changed the cache-size to 256 mb, reduces disk use.
615 # It is a read & write cache.
616 #
617 s ruby <<'EOF'
618 require 'json'
619 p = '/etc/transmission-daemon/settings.json'
620 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
621 'rpc-whitelist-enabled' => false,
622 'rpc-authentication-required' => false,
623 'incomplete-dir' => '/i/k/partial-torrents',
624 'incomplete-dir-enabled' => true,
625 'download-dir' => '/i/k/torrents',
626 "speed-limit-up" => 800,
627 "speed-limit-up-enabled" => true,
628 "peer-port" => 61486,
629 "cache-size-mb" => 256,
630 "ratio-limit" => 5.0,
631 "ratio-limit-enabled" => true,
632 })) + "\n")
633 EOF
634
635 # make sure its not enabled, not sure if this is needed
636 ser disable transmission-daemon
637 sgo transmission-daemon-nn
638 ;;
639 # todo: others unknown
640 esac
641 fi
642
643 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
644 if ! getent passwd debian-transmission > /dev/null; then
645 case $distro in
646 arch)
647 s useradd \
648 --system \
649 --create-home \
650 --home-dir /var/lib/transmission-daemon \
651 --shell /bin/false \
652 debian-transmission
653 ;;
654 *)
655 s adduser --quiet \
656 --system \
657 --group \
658 --no-create-home \
659 --disabled-password \
660 --home /var/lib/transmission-daemon \
661 debian-transmission
662 ;;
663 esac
664 fi
665
666 # dunno why it\'s there, but get rid of it
667 case $HOSTNAME in
668 li|lj) s rm -rf /home/linode ;;
669 esac
670
671 # arch had a default config,
672 # debian had nothing until you start it.
673 # With a little trial an error, here is a minimal config
674 # taken from the generated one, plus changes that the
675 # settings ui does, without a bunch of ui crap settings.
676 #
677 # only settings I set were
678 # hostname
679 # auto-connect
680 # password
681
682
683 # the password is randomly generated on first run
684 rpc_pass=$(s ruby <<'EOF'
685 require 'json'
686 p = '/etc/transmission-daemon/settings.json'
687 puts JSON.parse(File.read(p))["rpc-password"]
688 EOF
689 )
690
691 for f in /home/*; do
692 d=$f/.config/transmission-remote-gtk
693 u=${f##*/}
694 s -u $u mkdir -p $d
695 s -u $u dd of=$d/config.json <<EOF
696 {
697 "profiles" : [
698 {
699 "profile-name" : "Default",
700 "hostname" : "transmission",
701 "rpc-url-path" : "/transmission/rpc",
702 "username" : "",
703 "password" : "$rpc_pass",
704 "auto-connect" : true,
705 "ssl" : false,
706 "timeout" : 40,
707 "retries" : 3,
708 "update-active-only" : false,
709 "activeonly-fullsync-enabled" : false,
710 "activeonly-fullsync-every" : 2,
711 "update-interval" : 3,
712 "min-update-interval" : 3,
713 "session-update-interval" : 60,
714 "exec-commands" : [
715 ],
716 "destinations" : [
717 ]
718 }
719 ],
720 "profile-id" : 0,
721 "add-options-dialog" : false
722 }
723 EOF
724 done
725
726 pi wget
727 case $HOSTNAME in
728 tp|frodo)
729 case $distro in
730 debian|ubuntu)
731 log=$(mktemp)
732 cd /a/opt
733 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
734 errallow
735 set -o pipefail
736 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
737 code=$?
738 errcatch
739 case $code in
740 0) : ;;
741 *)
742 # previously I had a more specific search, but dpkg
743 # changed it\'s output as of 7/2016
744 if grep 'dependency problems' \
745 $log &>/dev/null; then
746 s apt-get -fy install
747 else
748 exit 1
749 fi
750 ;;
751 esac
752 ;;
753 arch)
754 pi google-chrome
755 ;;
756 esac
757 ;;
758 esac
759
760 # printer
761 case $distro in
762 arch)
763 pi cups ghostscript gsfonts # from arch wiki cups page
764 pi hplip # from google
765 s gpasswd -a $USER sys # from arch wiki
766 sgo org.cups.cupsd.service
767 # goto http://127.0.0.1:631
768 # administration tab, add new printer button.
769 # In debian, I could use hte recommended driver,
770 # in arch, I had to pick out the 6L driver.
771 ;;
772 debian|ubuntu)
773 spa hplip
774 ;;
775 # other distros unknown
776 esac
777
778
779 case $distro in
780 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
781 fedora|arch) spa mairix notmuch ;;
782 esac
783 case $distro in
784 arch) spa nfs-utils ;;
785 ubuntu|debian) spa nfs-client ;;
786 esac
787 case $distro in
788 ubuntu|debian) spa par2 ;;
789 arch|fedora) spa par2cmdline ;;
790 esac
791
792 # needed for my tex resume
793 case $distro in
794 ubuntu|debian) spa texlive-full ;;
795 arch) spa texlive-most ;;
796 # fedora unknown
797 esac
798
799 case $distro in
800 ubuntu)
801 # flash, unrar, codecs, ms fonts.
802 # This has a manual prompt.
803 spa ubuntu-restricted-extras
804 ;;
805 fedora)
806 pi yum-utils
807 # rpm fusion recommended codecs
808 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
809 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
810 xine-lib-extras-freeworld
811 ;;
812 esac
813
814 case $distro in
815 # optional dep for firefox for h.264 video
816 arch) spa gst-libav ;;
817 # other distros, probably come by default
818 esac
819
820 case $distro in
821 fedora|ubuntu|debian) spa gnupg-agent ;;
822 arch) : ;;
823 esac
824
825
826 case $distro in
827 fedora) spa pinentry-gtk ;;
828 *) : ;; # comes default or with other packages
829 esac
830
831 case $distro in
832 arch) spa firefox pulseaudio;;
833 *) : ;; # comes default or with other packages
834 esac
835
836
837 case $distro in
838 arch) spa ttf-dejavu;;
839 debian|ubuntu) spa fonts-dejavu ;;
840 # others unknown
841 esac
842
843
844 case $distro in
845 arch) spa xorg-xev;;
846 debian|ubuntu) spa x11-utils ;;
847 # others unknown
848 esac
849
850 case $distro in
851 arch) pi virt-install;;&
852 debian|ubuntu) pi virtinst ;;&
853 *) pi virt-manager ;; # creates the libvirt group in debian at least
854 # others unknown
855 esac
856 # allow user to run vms, from debian handbook
857 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
858 # bridge networking as user fails. google lead here, but it doesn\'t work:
859 # oh well, I give up.
860 # http://wiki.qemu.org/Features-Done/HelperNetworking
861 # s mkdir /etc/qemu
862 # f=/etc/qemu/bridge.conf
863 # s dd of=$f <<'EOF'
864 # allow br0
865 # EOF
866 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
867 # s chmod 640 $f
868
869
870 case $distro in
871 arch) spa cdrkit;;
872 debian|ubuntu) spa genisoimage;;
873 # others unknown
874 esac
875
876 case $distro in
877 arch) spa spice-gtk3 ;;
878 debian|ubuntu) spa spice-client-gtk;;
879 # others unknown
880 esac
881
882 # general known for debian/ubuntu, not for fedora
883
884 case $distro in
885 debian|ubuntu)
886 pi golang-go
887 # a bit of googling, and added settings to bashrc
888 go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
889 ;;
890 # others unknown
891 esac
892
893
894 case $distro in
895 arch)
896 # cdrkit for cloud-init isos
897 # dnsmasq & ebtables for nat networking in libvirt
898 # qemu for qemu-img, bind-tools for dig
899 # dmidecode just because syslog complains
900 pi unzip xorg-xmodmap dmidecode ebtables\
901 bridge-utils dnsmasq qemu bind-tools
902 # otherwise we get error about accessing kvm module.
903 # seems like there might be a better way, but google was a bit vague.
904 s $sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
905 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
906 # https://bbs.archlinux.org/viewtopic.php?id=206206
907 # # this should prolly go in the wiki
908 sgo virtlogd.socket
909 # guessing this is not needed
910 #sgo virtlogd.service
911 sgo libvirtd
912
913 ;;
914 esac
915
916 case $distro in
917 arch) pi virtviewer ;;
918 *) : ;; # other distros have it as a dependency afaik.
919 esac
920
921
922
923 case $distro in
924 fedora) cabal install shellcheck ;;
925 *) spa shellcheck ;;
926 # unknown for older ubuntu
927 esac
928
929
930 case $distro in
931 arch|debian|ubuntu) spa pumpa ;;
932 # others unknown. do have a buildscript:
933 # /a/bin/buildscripts/pumpa ;;
934 esac
935
936
937 case $distro in
938 debian|ubuntu) spa android-tools-adbd/unstable ;;
939 arch) spa android-tools ;;
940 # other distros unknown
941 esac
942
943 if [[ $HOSTNAME == treetowl ]]; then
944 case $distro in
945 debian)
946 if [[ `debian-archive` == testing ]]; then
947 # has no unstable dependencies
948 pi bitcoind/unstable
949 src=/a/opt/bitcoin/contrib/init/bitcoind.service
950 s cp $src /etc/systemd/system
951 p=/etc/bitcoin/bitcoin
952 dst=/etc/systemd/system/bitcoinjm.service
953 # jm for joinmarket
954 $sed -r "/^\s*ExecStart/s,${p}.conf,${p}jm.conf," $src \
955 >/etc/systemd/system/bitcoinjm.service
956
957 d=jm; jm=d # being clever for succinctness
958 for s in d jm; do
959 s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
960 /etc/systemd/system/bitcoin${s}.service
961 done
962
963 ser daemon-reload
964
965 dir=/nocow/.bitcoin
966 s mkdir -p $dir
967 s chown -R bitcoin:bitcoin $dir
968 dir=/etc/bitcoin
969 s mkdir -p $dir
970 s chown -R root:bitcoin $dir
971 s chmod 750 $dir
972
973 # pruning decreases the bitcoin dir to 2 gb, keeps
974 # just the recent blocks. can\'t do a few things like
975 # import a wallet dump.
976 # pruning works, but people had to do
977 # some manual stuff in joinmarket. I dun need the
978 # disk space, so not bothering yet, maybe in a year or so.
979 # https://github.com/JoinMarket-Org/joinmarket/issues/431
980 #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
981 #prune=550
982
983 f=$dir/bitcoin.conf
984 s dd of=$f <<EOF
985 server=1
986 rpcpassword=$(openssl rand -base64 32)
987 rpcuser=$(openssl rand -base64 32)
988 EOF
989
990
991 f2=$dir/bitcoinjm.conf
992 s cp $f $f2
993 s tee -a $f2 >/dev/null <<EOF
994 # Joinmarket
995 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
996 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
997 wallet=joinmarket.dat
998 EOF
999 # dunno about sharing a wallet between multiple instances
1000 # manually did, wallet.dat symlinked in /nocow/.bitcoin
1001 sgo bitcoind
1002 fi
1003 ;;
1004 # other distros unknown
1005 esac
1006 pi libsodium-dev python-pip
1007 cd /a/opt/joinmarket
1008 # using develop branch, as it seems to be mostly bug fixes,
1009 # and this is quite new software.
1010 # note: python3 does not work.
1011 # has seg fault error due to some bug, but it still works
1012 pip install -r requirements.txt || [[ $? == 139 ]]
1013 # note, the target must exist ahead of time, or bitcoin
1014 # just overwrites the link, and it\'s not happy with an empty file,
1015 # so we have to create the wallet, then move and link it.
1016 s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
1017 s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
1018 # not technically needed, but seems cleaner not to have
1019 # symlinks be root owned unlike everything else
1020 s chown -h bitcoin:bitcoin /nocow/.bitcoin/*
1021
1022 for var in rpcuser rpcpassword; do
1023 u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
1024 # escape backslashes
1025 u="${u//\\/\\\\\\\\}"
1026 # escape commas
1027 u="${u//,/\\,}"
1028 sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
1029 done
1030 sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
1031
1032 fi
1033
1034
1035
1036 case $distro in
1037 fedora)
1038 cd $(mktemp -d)
1039 wget http://tamacom.com/global/global-6.3.2.tar.gz
1040 ex global*
1041 cd global-6.3.2
1042 # based on https://github.com/leoliu/ggtags
1043 ./configure --with-exuberant-ctags=/usr/bin/ctags
1044 make
1045 s make install
1046 s pip install pygments
1047 ;;
1048 *)
1049 pi global
1050 ;;&
1051 arch)
1052 pi python2-pygments
1053 ;;
1054 debian|ubuntu)
1055 pi python-pygments
1056 ;;
1057 esac
1058
1059
1060 case $distro in
1061 debian)
1062 pi task-cinnamon-desktop
1063 # in settings, change scrolling to two-finger,
1064 # because the default edge scroll doesn\'t work.
1065 pu transmission-gtk
1066 ;;
1067 # others unknown
1068 esac
1069
1070 case $distro in
1071 arch) spa apg ;;
1072
1073 # already in debian jessie
1074 esac
1075
1076
1077
1078
1079 # note this failed running at the beginning of this file,
1080 # because no systemd user instance was running.
1081 # Doing systemd --user resulted in
1082 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
1083
1084 if isdebian-testing; then
1085 # as of 7/2016, has no unstable deps, and is not in testing anymore.
1086 pi synergy/unstable
1087 else
1088 pi synergy
1089 fi
1090
1091 # case $distro in
1092 # # ubuntu unknown. probably the same as debian, just check if the
1093 # # init scripts come with the package.
1094 # debian)
1095 # # copied from arch, but moved to etc
1096 # s dd of=/etc/systemd/user/synergys.service <<'EOF'
1097 # [Unit]
1098 # Description=Synergy Server Daemon
1099 # After=network.target
1100
1101 # [Service]
1102 # User=%i
1103 # ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
1104 # Restart=on-failure
1105
1106 # [Install]
1107 # WantedBy=multi-user.target
1108 # EOF
1109 # s dd of=/etc/systemd/user/synergys.socket <<'EOF'
1110 # [Unit]
1111 # Conflicts=synergys@.service
1112
1113 # [Socket]
1114 # ListenStream=24800
1115 # Accept=false
1116
1117 # [Install]
1118 # WantedBy=sockets.target
1119 # EOF
1120 # # had this fail with 'Failed to connect to bus: No such file or directory'
1121 # # then when I tried it manually, it worked fine...
1122 # if ! systemctl --user daemon-reload; then
1123 # sleep 2
1124 # echo retrying systemd user daemon reload
1125 # systemctl --user daemon-reload
1126 # fi
1127 # ;;&
1128 # *)
1129 # # taken from arch wiki.
1130 # s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
1131 # [Unit]
1132 # Description=Synergy Client
1133 # After=network.target
1134
1135 # [Service]
1136 # User=%i
1137 # ExecStart=/usr/bin/synergyc --no-daemon frodo
1138 # Restart=on-failure
1139 # # per man systemd.unit, StartLimitInterval, by default we
1140 # # restart more than 5 times in 10 seconds.
1141 # # And this param defaults too 200 miliseconds.
1142 # RestartSec=3s
1143
1144 # [Install]
1145 # WantedBy=multi-user.target
1146 # EOF
1147 # s systemctl daemon-reload
1148 # case $HOSTNAME in
1149 # x2|treetowl)
1150 # ser enable synergyc@ian
1151 # ser start synergyc@ian ||: # X might not be running yet
1152 # ;;
1153 # frodo)
1154 # systemctl --user start synergys ||:
1155 # systemctl --user enable synergys
1156 # ;;
1157 # esac
1158 # ;;
1159 # esac
1160
1161
1162 ######### end misc packages #########
1163
1164
1165 # packages I once used before and liked, but don\'t want installed now for
1166 # various reasons:
1167 # python-sqlite is used for offlineimap
1168 # lxappearance python-sqlite dolphin paman dconf-editor
1169
1170
1171
1172 ######## unfinished
1173
1174 # todo, finish configuring smart.
1175
1176 pi smartmontools
1177 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
1178 # turn on smart. background on options:
1179 # first line, -a = test everyting on all devices.
1180 # -S on, turn on disk internal saving of vendor specific info,
1181 # from google, seems like this is usually already on and fairly standard.
1182 # -o on, turn on 4 hour period non-performance degrading testing.
1183 # short test daily 2-3am, extended tests Saturdays between 3-4am:
1184 sched="-s (S/../.././02|L/../../6/03)"
1185 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
1186 DEVICESCAN -a -o on -S on -n standby,q $sched \
1187 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
1188
1189 # in the default configuration of at least ubuntu 14.04, resolvconf is
1190 # configured to order any nameservers associated with tun* or tap*
1191 # before the normal internet interfaces, which means they are always
1192 # consulted first. This is often slower and undesirable, ie. local dns
1193 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
1194 # can do:
1195 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
1196 # however, this breaks dns lookup for hosts on the openvpn lan.
1197 # I can\'t figure out why hosts on the normal lan would not be
1198 # broken under the default ordering, except the host I was
1199 # testing with previously had an entry in /etc/hosts.
1200
1201 ############# end unfinished
1202
1203 ########### misc stuff
1204
1205 devs=()
1206 for dev in $(s btrfs fi show /boot | sed -nr 's#.*path\s+(\S+)$#\1#p'); do
1207 devs+=($(devbyid $dev),)
1208 done
1209 devs[-1]=${devs[-1]%,} # jonied by commas
1210
1211 # on grub upgrade, we get prompts unless we do this
1212 s debconf-set-selections <<EOF
1213 grub-pc grub-pc/install_devices multiselect ${devs[*]}
1214 EOF
1215
1216
1217 # the wiki backup script from ofswiki.org uses generic paths
1218 s lnf /p/c/machine_specific/li/mw_vars /root
1219 s lnf /k/backup/wiki_backup /root
1220
1221 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
1222 # all things found from looking around the default config
1223 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
1224 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
1225 time-format %H:%M:%S
1226 date-format %d/%b/%Y
1227 log-file /var/log/apache2/access.log
1228 color-scheme 2
1229
1230 # tip: copy access.log files to a stretch host directory, then run
1231 # jessie's goaccess is too old for some options, and it\'s
1232 # not easily installed from a testing.
1233 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
1234 EOF
1235
1236
1237 case $distro in
1238 debian|ubuntu)
1239 case `debian-archive` in
1240 stable)
1241 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
1242 Explanation: Allow unison-gtk to be upgraded
1243 Package: unison-gtk
1244 Pin: release a=testing
1245 Pin-Priority: 500
1246 EOF
1247 # dont think using testing is needed since I figured out how to
1248 # deal with mismatching unison compilers, but I dont
1249 # see any reason to revert it, since it only installs
1250 # a single package which is primarily a single binary
1251 ;;
1252 esac
1253 pi unison/testing
1254 pi unison-gtk/testing # after to make it the default unison
1255 ;;
1256 arch)
1257 pi unison gtk2
1258 ;;
1259 esac
1260
1261 case $distro in
1262 arch)
1263 # default is alsa, doesn\'t work with with pianobar
1264 s dd of=/etc/libao.conf <<'EOF'
1265 default_driver=pulse
1266 EOF
1267 ;;
1268 esac
1269
1270 # note, for jessie, it depends on a higher version of btrfs-tools.
1271 #
1272 # # disabled due to my patch being in btrbk
1273 # case $distro in
1274 # arch|debian|ubuntu) pi btrbk ;;
1275 # # others unknown
1276 # esac
1277 cd /a/opt/btrbk
1278 s make install
1279 spa pv # for progress bar when running interactively.
1280 if [[ $HOSTNAME == treetowl ]]; then
1281 # backup/sync manually on others hosts for now.
1282 sgo btrbk.timer
1283 # note: to see when it was last run,
1284 # ser list-timers
1285 fi
1286
1287 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
1288 # fail2 ban is broken, with a workaround, per
1289 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
1290 # ill wait a while to see if it gets fixed
1291 pi fail2ban
1292 sgo fail2ban
1293 fi
1294
1295
1296
1297
1298
1299 case $distro in
1300 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
1301 esac
1302
1303 # tor
1304 case $distro in
1305 # based on
1306 # https://www.torproject.org/docs/rpms.html.en
1307 # https://www.torproject.org/docs/debian.html.en
1308 # todo: figure out if the running service needs to be restarted upon updates
1309
1310
1311 # todo on fedora: setup non-dev packages
1312 fedora)
1313 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
1314 [tor]
1315 name=Tor experimental repo
1316 enabled=1
1317 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
1318 gpgcheck=1
1319 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1320
1321 [tor-source]
1322 name=Tor experimental source repo
1323 enabled=1
1324 autorefresh=0
1325 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
1326 gpgcheck=1
1327 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1328 EOF
1329
1330 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
1331 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
1332 sgo tor
1333 /a/bin/buildscripts/tor-browser
1334 ;;
1335 ubuntu)
1336 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
1337 gpg --keyserver keys.gnupg.net --recv 886DDD89
1338 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
1339 p update
1340 pi deb.torproject.org-keyring
1341 pi tor
1342 /a/bin/buildscripts/tor-browser
1343 ;;
1344 debian)
1345 pi tor
1346 /a/bin/buildscripts/tor-browser
1347 ;;
1348 arch)
1349 pi tor tor-browser-en
1350 sgo tor
1351 ;;
1352 # ubuntu unknown
1353 esac
1354
1355 # nfs server
1356 case $distro in
1357 fedora)
1358 end_msg <<'EOF'
1359 fedora todo: disable the firewall or find a way to automate it.
1360 there's an unused section in t.org for tramikssion firewall setup
1361
1362 fedora manual config for nfs:
1363 s firewall-config
1364 change to permanent configuration
1365 check the box for nfs
1366 was hard to figure this out, not sure if this is all needed, but
1367 unblock these too
1368 mountd: udp/tcp 20048
1369 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
1370 troubleshooting, unblock things in rpcinfo -p
1371 make sure to reload the firewall to load the persistent configuration
1372
1373
1374 EOF
1375 pi nfs-utils
1376 sgo nfs-server
1377 ;;
1378 debian|ubuntu)
1379 pi nfs-server
1380 ;;
1381 arch)
1382 pi nfs-utils || pending_reboot=true
1383 sgo rpcbind
1384 # this failed until I rebooted
1385 sgo nfs-server
1386 ;;
1387 esac
1388
1389 if [[ $HOSTNAME == treetowl ]]; then
1390 # nohide = export filesystems mounted deeper than the export point
1391 # fsid=0 makes this export the "root" export
1392 # not documented in the man page, but this means
1393 # 1. it can be mounted with a shorthand of server:/
1394 # 2. exports that are subdirectories of this one will automatically be mounted
1395 tu /etc/exports <<'EOF'
1396 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
1397 EOF
1398 s exportfs -rav
1399 fi
1400
1401
1402 e "$end_msg_var"
1403
1404
1405 # persistent virtual machines
1406
1407 case $distro in
1408 debian|ubuntu)
1409 pi libosinfo-bin;
1410 ;;
1411 esac
1412
1413 # distro may not know about win 10 yet.
1414 variant=win7
1415 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1416 for v in 10 8.1 8; do
1417 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1418 variant=win$v
1419 break
1420 fi
1421 done
1422 fi
1423
1424 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1425
1426 # created account with
1427 # win10vmian@outlook.com, and easy to remember password
1428 # win 10 virtio, makes disk way way way faster
1429 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1430 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1431 # for installing virtio after initial install instead of with initial iso:
1432 # qemu-img create -f qcow2 fake.qcow2 1G
1433 # --disk=/a/images/virtio-win.iso,device=cdrom \
1434 # --disk=/a/images/fake.qcow2,bus=virtio
1435 # Also,
1436 # went to device manager, saw 2 pci devices with yellow !,
1437 # did search for drivers, pick cdrom location, done.
1438 #
1439 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1440 # google said there was a control panel option for it, but
1441 # that turned out to be a lie.
1442 # Put this in a .bat file and run as administrator to turn off
1443 # hyberboot which fucks things up.
1444 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1445 # power settings, turn off display: never
1446 # run "control userpasswords2", turn on automatic login.
1447 # note: when changing devices, I just undefine, the create the vm again.
1448
1449 if [[ -e /nocow/user/vms/win10.qcow2 ]]; then
1450 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1451 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1452 -n win10 --import --os-variant $variant --cpu host-model-only
1453
1454 s virsh destroy win10
1455 fi
1456
1457 if [[ -e /nocow/user/vms/win7.qcow2 ]]; then
1458 # this one hasn\'t had the virtio fix done yet.
1459 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1460 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1461 -n win7 --import --os-variant win7 --cpu host-model-only
1462 s virsh destroy win7
1463 # had a problem with --cpu host, so trying out
1464 # --cpu host-model-only
1465 fi
1466 fi
1467
1468
1469 if [[ $HOSTNAME == treetowl ]]; then
1470 pi samba
1471 # note samba re-reads it\'s config every 1 minute
1472 case $distro in
1473 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1474 esac
1475
1476 # add 2 lines after workgroup option
1477 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1478 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1479 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1480 # remove default homes section. not sharing that.
1481 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1482
1483 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1484 s tee -a /etc/samba/smb.conf <<'EOF'
1485 [public]
1486 guest ok = yes
1487 read only = no
1488 path = /kr
1489 EOF
1490 fi
1491
1492 case $distro in
1493 debian|ubuntu)
1494 # systemd claims it generates units from /etc/init.d, but it
1495 # clearly doesn\'t in debian. I have no idea how they are
1496 # related. fuck debian right now. It\'s not documented. samba
1497 # has a systemd init file linked to /dev/null. There\'s this
1498 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1499 # claims samba\'s sub-services will be started automatically by
1500 # systemd... it didn\'t on install, wonder if it will on
1501 # boot. It clued me in how to start it manually though. Nothing
1502 # in /usr/share/doc/samba, debian admin guide says nothing about
1503 # any of this. (this is in debian testing as of 4/2016).
1504
1505 s /etc/init.d/samba start
1506 ;;
1507 arch)
1508 sgo samba
1509 ;;
1510 esac
1511 fi
1512
1513 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1514
1515
1516 ######### begin stuff belonging at the end ##########
1517
1518
1519 # Apps we want to override others for default file handler:
1520 # simplest way in debian is to just install them last.
1521 simple_packages+=(
1522 mpv
1523 )
1524
1525 case $distro in
1526 ubuntu|debian)
1527 spa spacefm-gtk3 ;;
1528 arch)
1529 spa spacefm ;;
1530 esac
1531
1532
1533 pi "${simple_packages[@]}"
1534
1535
1536 if $pending_reboot; then
1537 echo "$0: pending reboot and then finished. doing it now."
1538 s reboot now
1539 else
1540 echo "$0: $(date): ending now)"
1541 fi
~16k lines of my .bashrc + lots of my configs