iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
minor updates
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35
36 distro=$(distro-name)
37
38 pending_reboot=false
39
40 # template
41 case $distro in
42 esac
43
44 pup
45
46 simple_packages=(
47 htop
48 mailutils
49 nmon
50 rdiff-backup
51 ruby
52 ruby-rest-client
53 tree
54 vim
55 wcd
56 )
57
58 case $HOSTNAME in
59 lj|li) : ;;
60 *)
61 # universal packages
62 # swh-plugins is for karaoke pulsaudio filter.
63 # mutagen for pithos
64 simple_packages+=(
65 apache2
66 bwm-ng
67 chromium
68 debconf-doc
69 duplicity
70 eclipse
71 evince
72 fdupes
73 filelight
74 gcc-doc
75 gdb
76 gitk
77 goaccess
78 gnome-screenshot
79 i3lock
80 jq
81 locate
82 manpages
83 manpages-dev
84 meld
85 mumble
86 nmap
87 offlineimap
88 p7zip
89 paprefs
90 pavucontrol
91 pdfgrep
92 pianobar
93 pidgin
94 python3-mutagen
95 reportbug
96 squashfs-tools
97 swh-plugins
98 tcpdump
99 transmission-remote-gtk
100 vlc
101 )
102 ;;
103 esac
104
105
106
107 ########### begin section including li ################
108
109
110 case $distro in
111 debian)
112 if [[ `debian-archive` == testing ]]; then
113 pi acme-tiny
114 fi
115 esac
116
117 case $distro in
118 fedora) spa unrar ;;
119 *) spa unrar-free ;;
120 esac
121
122
123 case $distro in
124 arch)
125 # ubuntu 14.04 uses b-cron,
126 # but its not maintained in arch.
127 # of the ones in the main repos, cronie is only one maintained.
128 # fcron appears abandoned software.
129 pi cronie
130 sgo cronie
131 ;;
132 *) : ;; # other distros come with cron.
133 esac
134
135
136 case $distro in
137 debian|ubuntu)
138 pi debian-goodies
139 ;;
140 esac
141
142
143 case $distro in
144 *) pi at ;;&
145 arch) sgo atd ;;
146 esac
147
148
149 case $distro in
150 debian) pi curl;;
151 arch) : ;;
152 # fedora: unknown
153 esac
154
155 case $distro in
156 # tk for gitk
157 arch) spa git tk ;;
158 *) spa git ;;
159 esac
160
161 case $distro in
162 arch) spa the_silver_searcher ;;
163 debian|ubuntu) spa silversearcher-ag ;;
164 # fedora unknown
165 esac
166
167 case $distro in
168 debian|ubuntu) spa ntp;;
169 arch)
170 pi ntp
171 sgo ntpd
172 ;;
173 # others unknown
174 esac
175
176
177 # no equivalent in other distros:
178 case $distro in
179 debian|ubuntu)
180 pi apt-file aptitude
181 s apt-file update
182 # for debconf-get-selections
183 spa debconf-utils
184 ;;
185 esac
186
187 case $distro in
188 ubuntu|debian) spa ack-grep ;;
189 arch|fedora) spa ack ;;
190 # fedora unknown
191 esac
192
193 case $distro in
194 arch|debian|ubuntu)
195 spa bash-completion
196 ;;
197 # others unknown
198 esac
199
200
201
202
203
204 # disable motd junk.
205 case $(distro-name) in
206 debian)
207 # allows me to pipe with ssh -t, and gets rid of spam
208 # http://forums.debian.net/viewtopic.php?f=5&t=85822
209 # i'd rather disable the service than comment the init file
210 # this says disabling the service, it will still get restarted
211 # but this script doesn't do anything on restart, so it should be fine
212 s dd of=/var/run/motd.dynamic if=/dev/null
213 # stretch doesn't have initscripts pkg installed by default
214 if [[ $(debian-codename) == jessie ]]; then
215 s update-rc.d motd disable
216 fi
217 ;;
218 ubuntu)
219 # this isn't a complete solution. It still shows me when updates are available,
220 # but it's no big deal.
221 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
222 ;;
223 esac
224
225 # automatic updates
226 # reference:
227 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
228 # /etc/cron.daily/apt calls unattended-upgrades
229 # /usr/share/doc/unattended-upgrades# cat README.md
230 # /etc/apt/apt.conf.d/50unattended-upgrades
231 if isdebian; then
232 setup-debian-auto-update
233 fi
234
235 # we've got a few dependencies later on, so install them now.
236 pi "${simple_packages[@]}"
237 simple_packages=()
238
239 # website setup
240 case $HOSTNAME in
241 lj|li)
242
243 case $HOSTNAME in
244 lj) domain=iank.bid; exit 0 ;;
245 li) domain=iankelling.org ;;
246 esac
247 /a/h/setup.sh $domain
248 /a/h/build.rb
249
250 sudo -E /a/bin/mediawiki-setup/mw-setup-script
251 #$src/phab-setup
252
253 pi-nostart mumble-server
254 s sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
255 sgo mumble-server
256
257 echo "$0: $(date): ending now)"
258 exit 0
259 ;;
260 esac
261
262
263 ########### end section including li/lj ###############
264
265
266
267 ## android studio setup
268 # this contains the setting for android sdk to point to
269 # /a/opt/androidsdk, which is asked upon first run
270 lnf /a/opt/.AndroidStudio2.2 ~
271 # android site says it needs a bunch of packages for ubuntu,
272 # but I googled for debian, and someone says you just need lib32stdc++6 plus the
273 # jdk
274 # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
275 # see w.org for more android studio details
276 spa lib32stdc++6 default-jdk
277
278
279 if [[ $HOSTNAME == frodo ]]; then
280 case $distro in
281 ubunut|debian)
282 pi libsqlite3-dev
283 cd /a/opt/duperemove
284 make clean
285 make
286 s make install
287 ;;
288 #others unknown
289 esac
290 fi
291
292 case $distro in
293 arch) pi syncthing ;;
294 ubuntu|debian)
295 # testing has relatively up to date packages
296 if ! isdebian-testing; then
297 # based on error when doing apt-get update:
298 # E: The method driver /usr/lib/apt/methods/https could not be found.
299 pi apt-transport-https
300 # google led me here:
301 # https://apt.syncthing.net/
302 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
303 s="deb http://apt.syncthing.net/ syncthing release"
304 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
305 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
306 p update
307 fi
308 fi
309 pi syncthing
310 ;;
311 esac
312 # installed via f-droid
313 # top right, actions, device id
314 #
315 # for installing on a remote comp:
316 # ssh -L 8384:localhost:8384 -N frodo
317 # went to http://localhost:8384/
318 #
319 # add folder to sync phone,
320 # staggered file versioning would be my normal choice, but choose
321 # trash can versioning for sake of space on phone, with
322 # clean out after 7 days.
323 #
324 # did:
325 # ser start syncthing@ian
326 # then on phone, add device, hit bar code icon,
327 # install bar code scanner.
328
329
330 # no equivalent in other distros:
331 case $distro in
332 debian|ubuntu)
333 # for gui bug reporting
334 spa python-vte
335 ;;
336 esac
337
338
339 ####### misc packages ###########
340
341 if [[ $HOSTNAME == treetowl ]]; then
342 case $distro in
343 debian|ubuntu)
344 # note i had to do this, which is persistent:
345 # cd /i/k
346 # s chgrp debian-transmission torrents partial-torrents
347
348 # syslog says things like
349 # 'Failed to set receive buffer: requested 4194304, got 425984'
350 # google suggets giving it even more than that
351 tu /etc/sysctl.conf<<'EOF'
352 net.core.rmem_max = 67108864
353 net.core.wmem_max = 16777216
354 EOF
355 s sysctl -p
356
357 # some reason it doesn't seem to start automatically anyways
358 pi-nostart transmission-daemon
359 #
360 # config file documented here, and it's the same config
361 # for daemon vs client, so it's documented in the gui.
362 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
363 #
364 # I originaly setup rpc-whitelist, but after using
365 # routing to a network namespace, it doesn't see the
366 # real source address, so it's disabled.
367 #
368 # Changed the cache-size to 128 mb, reduces disk use.
369 # It is a read & write cache.
370 #
371 # todo: setup a password.
372 s ruby <<'EOF'
373 require 'json'
374 p = '/etc/transmission-daemon/settings.json'
375 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
376 'rpc-whitelist-enabled' => false,
377 'rpc-authentication-required' => false,
378 'incomplete-dir' => '/k/partial-torrents',
379 'incomplete-dir-enabled' => true,
380 'download-dir' => '/i/k/torrents',
381 "speed-limit-up" => 800,
382 "speed-limit-up-enabled" => true,
383 "peer-port" => 61486,
384 "cache-size-mb" => 128,
385 "ratio-limit" => 1.4000,
386 "ratio-limit-enabled" => false,
387 "pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
388 })) + "\n")
389 EOF
390
391 # make sure its not enabled, not sure if this is needed
392 ser disable transmission-daemon
393 sgo transmission-daemon-nn
394 ;;
395 # todo: others unknown
396 esac
397 fi
398
399 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
400 if ! getent passwd debian-transmission > /dev/null; then
401 case $distro in
402 arch)
403 s useradd \
404 --system \
405 --create-home \
406 --home-dir /var/lib/transmission-daemon \
407 --shell /bin/false \
408 debian-transmission
409 ;;
410 *)
411 s adduser --quiet \
412 --system \
413 --group \
414 --no-create-home \
415 --disabled-password \
416 --home /var/lib/transmission-daemon \
417 debian-transmission
418 ;;
419 esac
420 fi
421
422 # dunno why it's there, but get rid of it
423 case $HOSTNAME in
424 li|lj) s rm -rf /home/linode ;;
425 esac
426
427 # arch had a default config,
428 # debian had nothing until you start it.
429 # With a little trial an error, here is a minimal config
430 # taken from the generated one, plus changes that the
431 # settings ui does, without a bunch of ui crap settings.
432 #
433 # only settings I set were
434 # hostname
435 # auto-connect
436 for f in /home/*; do
437 d=$f/.config/transmission-remote-gtk
438 u=${f##*/}
439 s -u $u mkdir -p $d
440 s -u $u dd of=$d/config.json <<'EOF'
441 {
442 "profiles" : [
443 {
444 "profile-name" : "Default",
445 "hostname" : "treetowl",
446 "rpc-url-path" : "/transmission/rpc",
447 "username" : "",
448 "password" : "",
449 "auto-connect" : true,
450 "ssl" : false,
451 "timeout" : 40,
452 "retries" : 3,
453 "update-active-only" : false,
454 "activeonly-fullsync-enabled" : false,
455 "activeonly-fullsync-every" : 2,
456 "update-interval" : 3,
457 "min-update-interval" : 3,
458 "session-update-interval" : 60,
459 "exec-commands" : [
460 ],
461 "destinations" : [
462 ]
463 }
464 ],
465 "profile-id" : 0,
466 "add-options-dialog" : false
467 }
468 EOF
469 done
470
471 case $distro in
472 debian|ubuntu)
473 # suggests because we want the resolvconf package.
474 # todo: check other distros to make sure it's installed
475 pi-nostart --install-suggests openvpn
476 # pi-nostart this doesnt seem to be good enough?
477 ser disable openvpn@client
478 ser disable openvpn
479 ;;
480 *) pi openvpn;;
481 esac
482
483 pi wget
484 case $HOSTNAME in
485 tp|frodo)
486 case $distro in
487 debian|ubuntu)
488 log=$(mktemp)
489 cd /a/opt
490 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
491 errallow
492 set -o pipefail
493 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
494 code=$?
495 errcatch
496 case $code in
497 0) : ;;
498 *)
499 # previously I had a more specific search, but dpkg
500 # changed it's output as of 7/2016
501 if grep 'dependency problems' \
502 $log &>/dev/null; then
503 s apt-get -fy install
504 else
505 exit 1
506 fi
507 ;;
508 esac
509 ;;
510 arch)
511 pi google-chrome
512 ;;
513 esac
514 ;;
515 esac
516
517 # printer
518 case $distro in
519 arch)
520 pi cups ghostscript gsfonts # from arch wiki cups page
521 pi hplip # from google
522 s gpasswd -a $USER sys # from arch wiki
523 sgo org.cups.cupsd.service
524 # goto http://127.0.0.1:631
525 # administration tab, add new printer button.
526 # In debian, I could use hte recommended driver,
527 # in arch, I had to pick out the 6L driver.
528 ;;
529 debian|ubuntu)
530 spa hplip
531 ;;
532 # other distros unknown
533 esac
534
535
536 case $distro in
537 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
538 fedora|arch) spa mairix notmuch ;;
539 esac
540 case $distro in
541 arch) spa nfs-utils ;;
542 ubuntu|debian) spa nfs-client ;;
543 esac
544 case $distro in
545 ubuntu|debian) spa par2 ;;
546 arch|fedora) spa par2cmdline ;;
547 esac
548
549 # needed for my tex resume
550 case $distro in
551 ubuntu|debian) spa texlive-full ;;
552 arch) spa texlive-most ;;
553 # fedora unknown
554 esac
555
556 case $distro in
557 ubuntu)
558 # flash, unrar, codecs, ms fonts.
559 # This has a manual prompt.
560 spa ubuntu-restricted-extras
561 ;;
562 fedora)
563 pi yum-utils
564 # rpm fusion recommended codecs
565 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
566 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
567 xine-lib-extras-freeworld
568 ;;
569 esac
570
571 case $distro in
572 # optional dep for firefox for h.264 video
573 arch) spa gst-libav ;;
574 # other distros, probably come by default
575 esac
576
577 case $distro in
578 fedora|ubuntu|debian) spa gnupg-agent ;;
579 arch) : ;;
580 esac
581
582
583 case $distro in
584 fedora) spa pinentry-gtk ;;
585 *) : ;; # comes default or with other packages
586 esac
587
588 case $distro in
589 arch) spa firefox pulseaudio;;
590 *) : ;; # comes default or with other packages
591 esac
592
593
594 case $distro in
595 arch) spa ttf-dejavu;;
596 debian|ubuntu) spa fonts-dejavu ;;
597 # others unknown
598 esac
599
600
601 case $distro in
602 arch) spa xorg-xev;;
603 debian|ubuntu) spa x11-utils ;;
604 # others unknown
605 esac
606
607 case $distro in
608 arch) pi virt-install;;&
609 debian|ubuntu) pi virtinst ;;&
610 *) pi virt-manager ;; # creates the libvirt group in debian at least
611 # others unknown
612 esac
613 # allow user to run vms, from debian handbook
614 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
615 # bridge networking as user fails. google lead here, but it doesn't work:
616 # oh well, I give up.
617 # http://wiki.qemu.org/Features-Done/HelperNetworking
618 # s mkdir /etc/qemu
619 # f=/etc/qemu/bridge.conf
620 # s dd of=$f <<'EOF'
621 # allow br0
622 # EOF
623 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
624 # s chmod 640 $f
625
626
627 case $distro in
628 arch) spa cdrkit;;
629 debian|ubuntu) spa genisoimage;;
630 # others unknown
631 esac
632
633 case $distro in
634 arch) spa spice-gtk3 ;;
635 debian|ubuntu) spa spice-client-gtk;;
636 # others unknown
637 esac
638
639 # general known for debian/ubuntu, not for fedora
640 case $distro in
641 arch)
642 # cdrkit for cloud-init isos
643 # dnsmasq & ebtables for nat networking in libvirt
644 # qemu for qemu-img, bind-tools for dig
645 # dmidecode just because syslog complains
646 pi unzip xorg-xmodmap dmidecode ebtables\
647 bridge-utils dnsmasq qemu bind-tools
648 # otherwise we get error about accessing kvm module.
649 # seems like there might be a better way, but google was a bit vague.
650 s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
651 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
652 # https://bbs.archlinux.org/viewtopic.php?id=206206
653 # # this should prolly go in the wiki
654 sgo virtlogd.socket
655 # guessing this is not needed
656 #sgo virtlogd.service
657 sgo libvirtd
658
659 ;;
660 esac
661
662 case $distro in
663 arch) pi virtviewer ;;
664 *) : ;; # other distros have it as a dependency afaik.
665 esac
666
667
668
669 case $distro in
670 fedora) cabal install shellcheck ;;
671 *) spa shellcheck ;;
672 # unknown for older ubuntu
673 esac
674
675
676 case $distro in
677 arch|debian|ubuntu) spa pumpa ;;
678 # others unknown. do have a buildscript:
679 # /a/bin/buildscripts/pumpa ;;
680 esac
681
682
683 case $distro in
684 debian|ubuntu) spa android-tools-adbd/unstable ;;
685 arch) spa android-tools ;;
686 # other distros unknown
687 esac
688
689 case $distro in
690 debian)
691 if [[ `debian-archive` == testing ]]; then
692 # has no unstable dependencies
693 spa bitcoin-qt/unstable
694 fi
695 s cp /a/opt/bitcoin/contrib/init/bitcoind.service /etc/systemd/system
696 ser daemon-reload
697
698 dir=/nocow/.bitcoin
699 s mkdir -p $dir
700 s chown -R bitcoin:bitcoin $dir
701 dir=/etc/bitcoin
702 s mkdir -p $dir
703 s chown -R root:bitcoin $dir
704 s chmod 750 $dir
705 f=$dir/bitcon.conf
706
707 # pruning decreases the bitcoin dir to 2 gb, keeps
708 # just the recent blocks. can't do a few things like
709 # import a wallet dump.
710 # pruning works, but people had to do
711 # some manual stuff in joinmarket. I dun need the
712 # disk space, so not bothering yet, maybe in a year or so.
713 # https://github.com/JoinMarket-Org/joinmarket/issues/431
714 #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
715 #prune=550
716
717 s dd of=$f <<EOF
718 rpcbind=127.0.0.1
719 server=1
720 rpcpassword=$(openssl rand -base64 32)
721 rpcuser=$(openssl rand -base64 32)
722
723 # Joinmarket
724 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
725 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
726 EOF
727 ;;
728 # other distros unknown
729 esac
730 if [[ $HOSTNAME == treetowl ]]; then
731 pi libsodium-dev python3-pip
732 cd /a/opt/joinmarket
733 # using develop branch, as it seems to be mostly bug fixes,
734 # and this is quite new software.
735 # note: python3 does not work.
736 pip install -r requirements.txt
737 # we need bitcoin.conf in the data dir according to
738 # https://github.com/JoinMarket-Org/joinmarket/wiki/Running-JoinMarket-with-Bitcoin-Core-full-node
739 # following the example .service script, I don\'t have it there,
740 # and I generate it, so lets just symlink it.
741 sudo -u bitcoin ln -sf /etc/bitcoin/bitcoin.conf /nocow/.bitcoin
742
743 # one time, manually did python wallet-tool.py generate.
744 # The "wallet" is just a key which deterministically generates addresses.
745 # One time: move the wallet, then link to it.
746 # ln -s /p/joinmarket/wallet.json wallets
747 #
748 # see wallet addresses via:
749 # python wallet-tool.py wallet.json
750 # send to the first 3 mixing depth 0 addresses.
751 # depths are like "identities", to separate out association with
752 # each other. the big hash in that output is the depth/branch id,
753 # ignore it afaik.
754 #
755 # after sending btc to wallet from a 3rd party service, check that
756 # at least 20% of utxo of each transaction was sent to you,
757 # btc listtransactions 10 0 true
758 # btc getrawtransaction TXID 1
759 #
760 # to view status, do
761 # python wallet-tool.py wallet.json history
762 #
763 # to help make other people,
764 # python yield-generator-basic.py wallet.json
765
766 for var in rpcuser rpcpassword; do
767 u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
768 # escape backslashes
769 u="${u//\\/\\\\\\\\}"
770 # escape commas
771 u="${u//,/\\,}"
772 sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
773 done
774 sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
775
776 # dunno about sharing a wallet between multiple instances
777 # manually did, wallet.dat symlinked in /nocow/.bitcoin
778 sgo bitcoind
779 fi
780
781
782
783
784 # proprietary flash. going without for now
785 # case $distro in
786 # debian)
787 # pi flashplugin-nonfree
788 # esac
789
790
791
792 case $distro in
793 fedora)
794 cd $(mktemp -d)
795 wget http://tamacom.com/global/global-6.3.2.tar.gz
796 ex global*
797 cd global-6.3.2
798 # based on https://github.com/leoliu/ggtags
799 ./configure --with-exuberant-ctags=/usr/bin/ctags
800 make
801 s make install
802 s pip install pygments
803 ;;
804 *)
805 pi global
806 ;;&
807 arch)
808 pi python2-pygments
809 ;;
810 debian|ubuntu)
811 pi python-pygments
812 ;;
813 esac
814
815
816 case $distro in
817 debian)
818 pi task-cinnamon-desktop
819 # in settings, change scrolling to two-finger,
820 # because the default edge scroll doesn\'t work.
821 pu transmission-gtk
822 ;;
823 # others unknown
824 esac
825
826 case $distro in
827 arch) spa apg ;;
828
829 # already in debian jessie
830 esac
831
832
833
834
835 # note this failed running at the beginning of this file,
836 # because no systemd user instance was running.
837 # Doing systemd --user resulted in
838 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
839
840 if isdebian-testing; then
841 # as of 7/2016, has no unstable deps, and is not in testing anymore.
842 pi synergy/unstable
843 else
844 pi synergy
845 fi
846
847 # case $distro in
848 # # ubuntu unknown. probably the same as debian, just check if the
849 # # init scripts come with the package.
850 # debian)
851 # # copied from arch, but moved to etc
852 # s dd of=/etc/systemd/user/synergys.service <<'EOF'
853 # [Unit]
854 # Description=Synergy Server Daemon
855 # After=network.target
856
857 # [Service]
858 # User=%i
859 # ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
860 # Restart=on-failure
861
862 # [Install]
863 # WantedBy=multi-user.target
864 # EOF
865 # s dd of=/etc/systemd/user/synergys.socket <<'EOF'
866 # [Unit]
867 # Conflicts=synergys@.service
868
869 # [Socket]
870 # ListenStream=24800
871 # Accept=false
872
873 # [Install]
874 # WantedBy=sockets.target
875 # EOF
876 # # had this fail with 'Failed to connect to bus: No such file or directory'
877 # # then when I tried it manually, it worked fine...
878 # if ! systemctl --user daemon-reload; then
879 # sleep 2
880 # echo retrying systemd user daemon reload
881 # systemctl --user daemon-reload
882 # fi
883 # ;;&
884 # *)
885 # # taken from arch wiki.
886 # s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
887 # [Unit]
888 # Description=Synergy Client
889 # After=network.target
890
891 # [Service]
892 # User=%i
893 # ExecStart=/usr/bin/synergyc --no-daemon frodo
894 # Restart=on-failure
895 # # per man systemd.unit, StartLimitInterval, by default we
896 # # restart more than 5 times in 10 seconds.
897 # # And this param defaults too 200 miliseconds.
898 # RestartSec=3s
899
900 # [Install]
901 # WantedBy=multi-user.target
902 # EOF
903 # s systemctl daemon-reload
904 # case $HOSTNAME in
905 # x2|treetowl)
906 # ser enable synergyc@ian
907 # ser start synergyc@ian ||: # X might not be running yet
908 # ;;
909 # frodo)
910 # systemctl --user start synergys ||:
911 # systemctl --user enable synergys
912 # ;;
913 # esac
914 # ;;
915 # esac
916
917
918 ######### end misc packages #########
919
920
921 # packages I once used before and liked, but don't want installed now for
922 # various reasons:
923 # python-sqlite is used for offlineimap
924 # lxappearance python-sqlite dolphin paman dconf-editor
925
926
927
928 ######## unfinished
929
930 # todo, finish configuring smart.
931
932 pi smartmontools
933 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
934 # turn on smart. background on options:
935 # first line, -a = test everyting on all devices.
936 # -S on, turn on disk internal saving of vendor specific info,
937 # from google, seems like this is usually already on and fairly standard.
938 # -o on, turn on 4 hour period non-performance degrading testing.
939 # short test daily 2-3am, extended tests Saturdays between 3-4am:
940 sched="-s (S/../.././02|L/../../6/03)"
941 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
942 DEVICESCAN -a -o on -S on -n standby,q $sched \
943 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
944
945 # in the default configuration of at least ubuntu 14.04, resolvconf is
946 # configured to order any nameservers associated with tun* or tap*
947 # before the normal internet interfaces, which means they are always
948 # consulted first. This is often slower and undesirable, ie. local dns
949 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
950 # can do:
951 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
952 # however, this breaks dns lookup for hosts on the openvpn lan.
953 # I can\'t figure out why hosts on the normal lan would not be
954 # broken under the default ordering, except the host I was
955 # testing with previously had an entry in /etc/hosts.
956
957 ############# end unfinished
958
959 ########### misc stuff
960
961
962 # the wiki backup script from ofswiki.org uses generic paths
963 s lnf /p/c/machine_specific/li/mw_vars /root
964 s lnf /k/backup/wiki_backup /root
965
966 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
967 # all things found from looking around the default config
968 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
969 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
970 time-format %H:%M:%S
971 date-format %d/%b/%Y
972 log-file /var/log/apache2/access.log
973 color-scheme 2
974
975 # tip: copy access.log files to a stretch host directory, then run
976 # jessie's goaccess is too old for some options, and it's
977 # not easily installed from a testing.
978 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
979 EOF
980
981
982 if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
983 /a/bin/vpn-setup/vpn-mk-client-cert dopub
984 # route lan traffic from inside the network namespace.
985 tu /etc/openvpn/client.conf "route 192.168.1.0 255.255.255.0 net_gateway"
986 fi
987
988
989 case $distro in
990 debian|ubuntu)
991 case `debian-archive` in
992 stable)
993 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
994 Explanation: Allow unison-gtk to be upgraded
995 Package: unison-gtk
996 Pin: release a=unstable
997 Pin-Priority: 500
998 EOF
999 # dont think using testing is needed since I figured out how to
1000 # deal with mismatching unison compilers, but I dont
1001 # see any reason to revert it, since it only installs
1002 # a single package which is primarily a single binary
1003 ;;
1004 esac
1005 pi unison/testing
1006 pi unison-gtk/testing # after to make it the default unison
1007 ;;
1008 arch)
1009 pi unison gtk2
1010 ;;
1011 esac
1012
1013 case $distro in
1014 arch)
1015 # default is alsa, doesn\'t work with with pianobar
1016 s dd of=/etc/libao.conf <<'EOF'
1017 default_driver=pulse
1018 EOF
1019 ;;
1020 esac
1021
1022 # note, for jessie, it depends on a higher version of btrfs-tools.
1023 #
1024 # # disabled due to my patch being in btrbk
1025 # case $distro in
1026 # arch|debian|ubuntu) pi btrbk ;;
1027 # # others unknown
1028 # esac
1029 cd /a/opt/btrbk
1030 s make install
1031 spa pv # for progress bar when running interactively.
1032 if [[ $HOSTNAME == treetowl ]]; then
1033 # backup/sync manually on others hosts for now.
1034 sgo btrbk.timer
1035 # note: to see when it was last run,
1036 # ser list-timers
1037 fi
1038
1039 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
1040 # fail2 ban is broken, with a workaround, per
1041 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
1042 # ill wait a while to see if it gets fixed
1043 pi fail2ban
1044 sgo fail2ban
1045 fi
1046
1047
1048
1049
1050
1051 case $distro in
1052 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
1053 esac
1054
1055 # tor
1056 case $distro in
1057 # based on
1058 # https://www.torproject.org/docs/rpms.html.en
1059 # https://www.torproject.org/docs/debian.html.en
1060 # todo: figure out if the running service needs to be restarted upon updates
1061
1062
1063 # todo on fedora: setup non-dev packages
1064 fedora)
1065 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
1066 [tor]
1067 name=Tor experimental repo
1068 enabled=1
1069 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
1070 gpgcheck=1
1071 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1072
1073 [tor-source]
1074 name=Tor experimental source repo
1075 enabled=1
1076 autorefresh=0
1077 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
1078 gpgcheck=1
1079 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1080 EOF
1081
1082 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
1083 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
1084 sgo tor
1085 /a/bin/buildscripts/tor-browser
1086 ;;
1087 ubuntu)
1088 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
1089 gpg --keyserver keys.gnupg.net --recv 886DDD89
1090 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
1091 p update
1092 pi deb.torproject.org-keyring
1093 pi tor
1094 /a/bin/buildscripts/tor-browser
1095 ;;
1096 debian)
1097 pi tor
1098 /a/bin/buildscripts/tor-browser
1099 ;;
1100 arch)
1101 pi tor tor-browser-en
1102 sgo tor
1103 ;;
1104 # ubuntu unknown
1105 esac
1106
1107 # nfs server
1108 case $distro in
1109 fedora)
1110 end_msg <<'EOF'
1111 fedora todo: disable the firewall or find a way to automate it.
1112 there's an unused section in t.org for tramikssion firewall setup
1113
1114 fedora manual config for nfs:
1115 s firewall-config
1116 change to permanent configuration
1117 check the box for nfs
1118 was hard to figure this out, not sure if this is all needed, but
1119 unblock these too
1120 mountd: udp/tcp 20048
1121 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
1122 troubleshooting, unblock things in rpcinfo -p
1123 make sure to reload the firewall to load the persistent configuration
1124
1125
1126 EOF
1127 pi nfs-utils
1128 sgo nfs-server
1129 ;;
1130 debian|ubuntu)
1131 pi nfs-server
1132 ;;
1133 arch)
1134 pi nfs-utils || pending_reboot=true
1135 sgo rpcbind
1136 # this failed until I rebooted
1137 sgo nfs-server
1138 ;;
1139 esac
1140
1141 if [[ $HOSTNAME == treetowl ]]; then
1142 # nohide = export filesystems mounted deeper than the export point
1143 # fsid=0 makes this export the "root" export
1144 # not documented in the man page, but this means
1145 # 1. it can be mounted with a shorthand of server:/
1146 # 2. exports that are subdirectories of this one will automatically be mounted
1147 tu /etc/exports <<'EOF'
1148 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
1149 EOF
1150 s exportfs -rav
1151 fi
1152
1153
1154 e "$end_msg_var"
1155
1156
1157 # persistent virtual machines
1158
1159 case $distro in
1160 debian|ubuntu)
1161 pi libosinfo-bin;
1162 ;;
1163 esac
1164
1165 # distro may not know about win 10 yet.
1166 variant=win7
1167 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1168 for v in 10 8.1 8; do
1169 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1170 variant=win$v
1171 break
1172 fi
1173 done
1174 fi
1175
1176 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1177
1178 # created account with
1179 # win10vmian@outlook.com, and easy to remember password
1180 # win 10 virtio, makes disk way way way faster
1181 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1182 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1183 # for installing virtio after initial install instead of with initial iso:
1184 # qemu-img create -f qcow2 fake.qcow2 1G
1185 # --disk=/a/images/virtio-win.iso,device=cdrom \
1186 # --disk=/a/images/fake.qcow2,bus=virtio
1187 # Also,
1188 # went to device manager, saw 2 pci devices with yellow !,
1189 # did search for drivers, pick cdrom location, done.
1190 #
1191 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1192 # google said there was a control panel option for it, but
1193 # that turned out to be a lie.
1194 # Put this in a .bat file and run as administrator to turn off
1195 # hyberboot which fucks things up.
1196 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1197 # power settings, turn off display: never
1198 # run "control userpasswords2", turn on automatic login.
1199 # note: when changing devices, I just undefine, the create the vm again.
1200
1201 if [[ -e /a/images/win10.qcow2 ]]; then
1202 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1203 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1204 -n win10 --import --os-variant $variant --cpu host-model-only
1205
1206 s virsh destroy win10
1207 fi
1208
1209 if [[ -e /a/images/win7.qcow2 ]]; then
1210 # this one hasn\'t had the virtio fix done yet.
1211 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1212 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1213 -n win7 --import --os-variant win7 --cpu host-model-only
1214 s virsh destroy win7
1215 # had a problem with --cpu host, so trying out
1216 # --cpu host-model-only
1217 fi
1218 fi
1219
1220
1221 if [[ $HOSTNAME == treetowl ]]; then
1222 pi samba
1223 # note samba re-reads it\'s config every 1 minute
1224 case $distro in
1225 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1226 esac
1227
1228 # add 2 lines after workgroup option
1229 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1230 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1231 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1232 # remove default homes section. not sharing that.
1233 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1234
1235 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1236 s tee -a /etc/samba/smb.conf <<'EOF'
1237 [public]
1238 guest ok = yes
1239 read only = no
1240 path = /kr
1241 EOF
1242 fi
1243
1244 case $distro in
1245 debian|ubuntu)
1246 # systemd claims it generates units from /etc/init.d, but it
1247 # clearly doesn\'t in debian. I have no idea how they are
1248 # related. fuck debian right now. It\'s not documented. samba
1249 # has a systemd init file linked to /dev/null. There\'s this
1250 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1251 # claims samba\'s sub-services will be started automatically by
1252 # systemd... it didn\'t on install, wonder if it will on
1253 # boot. It clued me in how to start it manually though. Nothing
1254 # in /usr/share/doc/samba, debian admin guide says nothing about
1255 # any of this. (this is in debian testing as of 4/2016).
1256
1257 s /etc/init.d/samba start
1258 ;;
1259 arch)
1260 sgo samba
1261 ;;
1262 esac
1263 fi
1264
1265 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1266
1267
1268 ######### begin stuff belonging at the end ##########
1269
1270
1271 # Apps we want to override others for default file handler:
1272 # simplest way in debian is to just install them last.
1273 simple_packages+=(
1274 mpv
1275 )
1276
1277 case $distro in
1278 ubuntu|debian)
1279 spa spacefm-gtk3 ;;
1280 arch)
1281 spa spacefm ;;
1282 esac
1283
1284
1285 pi "${simple_packages[@]}"
1286
1287
1288 if $pending_reboot; then
1289 echo "$0: pending reboot and then finished. doing it now."
1290 s reboot now
1291 else
1292 echo "$0: $(date): ending now)"
1293 fi
~16k lines of my .bashrc + lots of my configs