iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add pump.io
[distro-setup] / distro-end
1 #!/bin/bash -l
2 # Copyright (C) 2016 Ian Kelling
3
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7
8 # http://www.apache.org/licenses/LICENSE-2.0
9
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 errcatch
17
18 set -x
19
20 exec &> >(sudo tee -a /var/log/distro-end)
21 echo "$0: $(date): starting now)"
22
23 src="${BASH_SOURCE%/*}"
24
25 end_msg() {
26 = local y
27 IFS= read -r -d '' y ||:
28 end_msg_var+="$y"
29 }
30
31 spa() { # simple package add
32 simple_packages+=($@)
33 }
34
35 distro=$(distro-name)
36
37 pending_reboot=false
38 sed="sed --follow-symlinks"
39
40 # template
41 case $distro in
42 esac
43
44 pup
45
46 simple_packages=(
47 htop
48 mailutils
49 nmon
50 rdiff-backup
51 ruby
52 ruby-rest-client
53 tree
54 vim
55 wcd
56 )
57
58 case $HOSTNAME in
59 lj|li) : ;;
60 *)
61 # universal packages
62 # swh-plugins is for karaoke pulsaudio filter.
63 # mutagen for pithos
64 simple_packages+=(
65 apache2
66 apache2-doc
67 apt-doc
68 aptitude-doc-en
69 bash-doc
70 binutils-doc
71 bwm-ng
72 chromium
73 cpio-doc
74 cron
75 debconf-doc
76 duplicity
77 eclipse
78 evince
79 fdupes
80 feh
81 filelight
82 gawk-doc
83 gcc-doc
84 gdb
85 gdb-doc
86 git-doc
87 gitk
88 glibc-doc
89 goaccess
90 gnome-screenshot
91 i3lock
92 iproute2-doc
93 jq
94 linux-doc
95 locate
96 make-doc
97 manpages
98 manpages-dev
99 meld
100 mumble
101 nmap
102 offlineimap
103 p7zip
104 paprefs
105 parted-doc
106 pavucontrol
107 pdfgrep
108 perl-doc
109 pianobar
110 pidgin
111 python3-doc
112 python3-mutagen
113 reportbug
114 sqlite3-doc
115 squashfs-tools
116 swh-plugins
117 tar-doc
118 tcpdump
119 transmission-remote-gtk
120 vlc
121 whois
122 )
123 spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
124 ;;
125 esac
126
127
128 ########### begin section including li ################
129
130
131 case $distro in
132 debian)
133 if [[ `debian-archive` == testing ]]; then
134 pi acme-tiny
135 fi
136 esac
137
138 case $distro in
139 fedora) spa unrar ;;
140 *) spa unrar-free ;;
141 esac
142
143
144 case $distro in
145 arch)
146 # ubuntu 14.04 uses b-cron,
147 # but its not maintained in arch.
148 # of the ones in the main repos, cronie is only one maintained.
149 # fcron appears abandoned software.
150 pi cronie
151 sgo cronie
152 ;;
153 *) : ;; # other distros come with cron.
154 esac
155
156
157 case $distro in
158 debian|ubuntu)
159 pi debian-goodies
160 ;;
161 esac
162
163
164 case $distro in
165 *) pi at ;;&
166 arch) sgo atd ;;
167 esac
168
169
170 case $distro in
171 debian) pi curl;;
172 arch) : ;;
173 # fedora: unknown
174 esac
175
176 case $distro in
177 # tk for gitk
178 arch) spa git tk ;;
179 *) spa git ;;
180 esac
181
182 case $distro in
183 arch) spa the_silver_searcher ;;
184 debian|ubuntu) spa silversearcher-ag ;;
185 # fedora unknown
186 esac
187
188 case $distro in
189 debian|ubuntu) spa ntp;;
190 arch)
191 pi ntp
192 sgo ntpd
193 ;;
194 # others unknown
195 esac
196
197
198 # no equivalent in other distros:
199 case $distro in
200 debian|ubuntu)
201 pi aptitude
202 if ! dpkg -s apt-file &>/dev/null; then
203 # this condition is just a speed optimization
204 pi apt-file
205 s apt-file update
206 fi
207 # for debconf-get-selections
208 spa debconf-utils
209 ;;
210 esac
211
212 case $distro in
213 ubuntu|debian) spa ack-grep ;;
214 arch|fedora) spa ack ;;
215 # fedora unknown
216 esac
217
218 case $distro in
219 arch|debian|ubuntu)
220 spa bash-completion
221 ;;
222 # others unknown
223 esac
224
225
226
227
228
229 # disable motd junk.
230 case $(distro-name) in
231 debian)
232 # allows me to pipe with ssh -t, and gets rid of spam
233 # http://forums.debian.net/viewtopic.php?f=5&t=85822
234 # i'd rather disable the service than comment the init file
235 # this says disabling the service, it will still get restarted
236 # but this script doesn't do anything on restart, so it should be fine
237 s dd of=/var/run/motd.dynamic if=/dev/null
238 # stretch doesn't have initscripts pkg installed by default
239 if [[ $(debian-codename) == jessie ]]; then
240 s update-rc.d motd disable
241 fi
242 ;;
243 ubuntu)
244 # this isn't a complete solution. It still shows me when updates are available,
245 # but it's no big deal.
246 s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
247 ;;
248 esac
249
250 # automatic updates
251 # reference:
252 # https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
253 # /etc/cron.daily/apt calls unattended-upgrades
254 # /usr/share/doc/unattended-upgrades# cat README.md
255 # /etc/apt/apt.conf.d/50unattended-upgrades
256 if isdebian; then
257 setup-debian-auto-update
258 fi
259
260 # we've got a few dependencies later on, so install them now.
261 pi "${simple_packages[@]}"
262 simple_packages=()
263
264 # website setup
265 case $HOSTNAME in
266 lj|li)
267
268 case $HOSTNAME in
269 lj) domain=iank.bid; exit 0 ;;
270 li) domain=iankelling.org ;;
271 esac
272 /a/h/setup.sh $domain
273 /a/h/build.rb
274
275 sudo -E /a/bin/mediawiki-setup/mw-setup-script
276 #$src/phab-setup
277
278 pi-nostart mumble-server
279 s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
280 sgo mumble-server
281
282 vpn-server-setup -d
283
284 sudo dd of=/etc/systemd/system/vpnmail.service <<EOF
285 [Unit]
286 Description=Turns on iptables mail nat
287
288 [Service]
289 Type=oneshot
290 RemainAfterExit=yes
291 ExecStart=/a/bin/distro-setup/vpn-mail-forward start
292 ExecStop=/a/bin/distro-setup/vpn-mail-forward stop
293
294 [Install]
295 WantedBy=openvpn.service
296 EOF
297 ser daemon-reload
298 ser enable vpnmail.service
299 acme-tiny-wrapper mail.iankelling.org
300 # needed for li's local mail delivery. there might
301 # be a better way to do it that doesn't require disabling
302 # it during le verification, but whatever for now.
303 f=/etc/cron.daily/lets-encrypt-mail_iankelling_org
304 l="10.8.0.4 mail.iankelling.org"
305 tu /etc/hosts <<<"$l"
306 s sed -i '/^\s*sysv acme-tiny-wrapper/i sed -i /^10\.8\.0\.4/d /etc/hosts' $f
307 echo "echo $l >>/etc/hosts" | s tee -a $f
308 sgo openvpn
309 domain=cal.iankelling.org
310 acme-tiny-wrapper $domain
311 apache-site -f 10.8.0.4:5232 - $domain <<'EOF'
312 #https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
313 <Directory "/var/www/cal.iankelling.org/html">
314 Options +FollowSymLinks +Multiviews +Indexes
315 AllowOverride None
316 AuthType basic
317 AuthName "Authentication Required"
318 # setup one time, with root:www-data, 640
319 AuthUserFile "/etc/caldav-htpasswd"
320 Require valid-user
321 </Directory>
322 EOF
323 # nginx version of above would be:
324 # auth_basic "Not currently available";
325 # auth_basic_user_file /etc/nginx/caldav/htpasswd;
326
327
328 ########## begin pump.io setup ##########
329
330 # once pump adds a logrotation script, turn off nologger,
331 # and add
332 # "logfile": "/var/log/pumpio/pumpio.log",
333 #
334 s dd of=/etc/pump.io.json <<'EOF'
335 {
336 "secret": "SECRET_REPLACE_ME",
337 "driver": "mongodb",
338 "params": { "dbname": "pumpio" },
339 "noweb": false,
340 "site": "pump.iankelling.org",
341 "owner": "Ian Kelling",
342 "ownerURL": "https://pump.iankelling.org/",
343 "port": 8001,
344 "urlPort": 443,
345 "hostname": "pump.iankelling.org",
346 "nologger": true,
347 "datadir": "/home/pumpio/pumpdata",
348 "enableUploads": true,
349 "debugClient": false,
350 "disableRegistration": true,
351 "noCDN": true,
352 "key": "/home/pumpio/pump.iankelling.org-domain.key",
353 "cert": "/home/pumpio/pump.iankelling.org-chained.pem",
354 "address": "localhost",
355 "sockjs": false
356 }
357 EOF
358 s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
359
360 # jessie\'s node is too old
361 # https://nodejs.org/en/download/package-manager/
362 curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
363 pi nodejs
364 cd /home/ian
365 rm -rf pump.io.git
366 git clone https://github.com/pump-io/pump.io.git
367 cd pump.io
368 # note: doing this or the npm install pump.io as root had problems.
369 npm install
370 npm run build
371 # normally, next command would be
372 # s npm install -g databank-mongodb
373 # but it\'s this until a bug in pump gets fixed
374 s npm install -g databank-mongodb@0.19.2
375 s useradd -m -s /bin/false pumpio
376 sudo -u pumpio mkdir -p /home/pumpio/pumpdata
377 # for testing browser when only listening to localhost,
378 # in the pump.io.json, set hostname localhost, urlPort 5233
379 #ssh -L 5233:localhost:5233 li
380 acme-tiny-wrapper -c /home/pumpio pump.iankelling.org
381
382 s mkdir -p /var/log/pumpio/
383 s chown pumpio:pumpio /var/log/pumpio/
384
385 apache-site -c /home/pumpio - pump.iankelling.org <<'EOF'
386 # currently a bug in pump that we cant terminate ssl
387 SSLProxyEngine On
388 ProxyPreserveHost On
389 ProxyPass / https://127.0.0.1:8001/
390 ProxyPassReverse / https://127.0.0.1:8001/
391 # i have sockjs disabled per people suggesting that
392 # it won't work with apache right now.
393 # not sure if it would work with this,
394 # but afaik, this is pointless atm.
395 <Location /main/realtime/sockjs/>
396 ProxyPass wss://127.0.0.1:8001/main/realtime/sockjs/
397 ProxyPassReverse wss://127.0.0.1:8001/main/realtime/sockjs/
398 </Location>
399 EOF
400
401 s dd of=/etc/systemd/system/pump.service <<'EOF'
402 [Unit]
403 Description=pump.io
404 After=syslog.target network.target
405
406 [Service]
407 Type=simple
408 User=pumpio
409 Group=pumpio
410 ExecStart=/home/ian/pump.io/bin/pump
411 Environment=NODE_ENV=production
412 # failed to find databank-mongodb without this.
413 # I just looked at my environment variables took a guess.
414 Environment=NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
415
416 [Install]
417 WantedBy=multi-user.target
418 EOF
419 ser daemon-reload
420 sgo pump
421 ########## end pump.io setup ############
422
423 echo "$0: $(date): ending now)"
424 exit 0
425 ;;
426 esac
427
428
429 ########### end section including li/lj ###############
430
431 # pump.io periodic backup
432 if [[ $HOSTNAME == treetowl ]]; then
433 s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
434 [Unit]
435 Description=pump li backup
436 After=multi-user.target
437
438 [Service]
439 User=ian
440 Type=oneshot
441 ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
442 EOF
443
444 s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF'
445 [Unit]
446 Description=pump li backup hourly
447
448 [Timer]
449 OnCalendar=hourly
450
451 [Install]
452 WantedBy=timers.target
453 EOF
454 s systemctl daemon-reload
455 sgo pumpbackup.timer
456 fi
457
458 case $distro in
459 debian|ubuntu)
460 # suggests because we want the resolvconf package.
461 # todo: check other distros to make sure it's installed
462 pi-nostart --install-suggests openvpn
463 # pi-nostart does not disable
464 ser disable openvpn
465 ;;
466 *) pi openvpn;;
467 esac
468
469 if private-host; then
470 vpn-mk-client-cert -n mail li
471 cn=$(s openssl x509 -noout -nameopt multiline -subject \
472 -in /etc/openvpn/client/mail.crt | \
473 sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p')
474 echo "ifconfig-push 10.8.0.4 255.255.255.0" | \
475 ssh root@li dd of=/etc/openvpn/client-config/"$cn"
476 fi
477 ser enable mailroute
478 if [[ $HOSTNAME == treetowl ]]; then
479 # note, this will need to be changed when the mail/contacts host changes
480 sgo openvpn-client@mail
481 /a/bin/distro-setup/radicale-setup
482 fi
483
484 ## android studio setup
485 # this contains the setting for android sdk to point to
486 # /a/opt/androidsdk, which is asked upon first run
487 lnf /a/opt/.AndroidStudio2.2 ~
488 # android site says it needs a bunch of packages for ubuntu,
489 # but I googled for debian, and someone says you just need lib32stdc++6 plus the
490 # jdk
491 # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
492 # see w.org for more android studio details
493 spa lib32stdc++6 default-jdk
494
495
496 if [[ $HOSTNAME == treetowl ]]; then
497 # It\'s simpler to just worry about running it in one place for now.
498 # I assume it would work to clone it\'s config to another non-phone
499 # and just run it in one place instead of the normal having a
500 # separate config. I lean toward using the same config, since btrfs
501 # syncs between comps.
502 case $distro in
503 arch) pi syncthing ;;
504 ubuntu|debian)
505 # testing has relatively up to date packages
506 if ! isdebian-testing; then
507 # based on error when doing apt-get update:
508 # E: The method driver /usr/lib/apt/methods/https could not be found.
509 pi apt-transport-https
510 # google led me here:
511 # https://apt.syncthing.net/
512 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
513 s="deb http://apt.syncthing.net/ syncthing release"
514 if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
515 echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
516 p update
517 fi
518 fi
519 pi syncthing
520 ;;
521 esac
522 lnf -T /w/syncthing /home/ian/.config/syncthing
523 sgo syncthing@ian # runs as ian
524
525 # these things persist in ~/.config/syncthing, which I save in
526 # /w/syncthing (not in /p, because syncthing should continue to
527 # run on home server even when using laptop as primary device)
528 # open http://localhost:8384/
529 # change listen address from default to tcp://:22001,
530 # this is because we do port forward so it doesn\'t have to use
531 # some external server, but the syncthing is broken for port forward,
532 # you get a message, something "like connected to myself, this should not happen"
533 # when connecting to other local devices, so I bump the port up by 1,
534 # based on
535 # https://forum.syncthing.net/t/connected-to-myself-should-not-happen/1763/19.
536 # Without this, it was being stuck syncing at 0%.
537 # Set gui username and password.
538 #
539 # install syncthing via f-droid,
540 # folder setting, turn off master folder (makes it read only).
541 # on phone, add device, click bar code icon
542 # on dekstop, top right, actions, device id
543 # after adding, notification will appear on desktop to confirm
544 #
545 # syncing folder. from phone to desktop: select desktop in the
546 # folder on phone's sync options, notification will appear in
547 # desktop's web ui within a minute. For the reverse, the
548 # notification will appear in android's notifications, you have to
549 # swipe down and tap it to add the folder. It won't appear in the
550 # syncthing ui, which would be intuitive, but don't wait for it
551 # there.
552 #
553 # On phone, set settings to run syncthing all the time, and
554 # show no notification.
555 #
556 # Folder versioning would make sense if I didn\'t already use btrfs
557 # for backups. I would choose staggered, or trash can for more space.
558 #
559 # if needed to install on a remote comp:
560 # ssh -L 8384:localhost:8384 -N frodo
561 # open http://localhost:8384/
562 #
563 # Note, the other thing i did was port forward port 22000,
564 # per https://docs.syncthing.net/users/firewall.html
565 fi
566
567
568
569 # no equivalent in other distros:
570 case $distro in
571 debian|ubuntu)
572 # for gui bug reporting
573 spa python-vte
574 ;;
575 esac
576
577
578 ####### misc packages ###########
579
580 if [[ $HOSTNAME == treetowl ]]; then
581 case $distro in
582 debian|ubuntu)
583 # note i had to do this, which is persistent:
584 # cd /i/k
585 # s chgrp debian-transmission torrents partial-torrents
586
587 # syslog says things like
588 # 'Failed to set receive buffer: requested 4194304, got 425984'
589 # google suggets giving it even more than that
590 tu /etc/sysctl.conf<<'EOF'
591 net.core.rmem_max = 67108864
592 net.core.wmem_max = 16777216
593 EOF
594 s sysctl -p
595
596 # some reason it doesn't seem to start automatically anyways
597 pi-nostart transmission-daemon
598
599 # the folder was moved here after an install around 02/2017.
600 # it contains runtime data,
601 # plus a simple symlink to the config file which it's
602 # not worth separating out.
603 s lnf -T /i/transmission-daemon /var/lib/transmission-daemon/.config/transmission-daemon
604 #
605 # config file documented here, and it's the same config
606 # for daemon vs client, so it's documented in the gui.
607 # https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
608 #
609 # I originaly setup rpc-whitelist, but after using
610 # routing to a network namespace, it doesn't see the
611 # real source address, so it's disabled.
612 #
613 # Changed the cache-size to 256 mb, reduces disk use.
614 # It is a read & write cache.
615 #
616 s ruby <<'EOF'
617 require 'json'
618 p = '/etc/transmission-daemon/settings.json'
619 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
620 'rpc-whitelist-enabled' => false,
621 'rpc-authentication-required' => false,
622 'incomplete-dir' => '/i/k/partial-torrents',
623 'incomplete-dir-enabled' => true,
624 'download-dir' => '/i/k/torrents',
625 "speed-limit-up" => 800,
626 "speed-limit-up-enabled" => true,
627 "peer-port" => 61486,
628 "cache-size-mb" => 256,
629 "ratio-limit" => 5.0,
630 "ratio-limit-enabled" => true,
631 })) + "\n")
632 EOF
633
634 # make sure its not enabled, not sure if this is needed
635 ser disable transmission-daemon
636 sgo transmission-daemon-nn
637 ;;
638 # todo: others unknown
639 esac
640 fi
641
642 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
643 if ! getent passwd debian-transmission > /dev/null; then
644 case $distro in
645 arch)
646 s useradd \
647 --system \
648 --create-home \
649 --home-dir /var/lib/transmission-daemon \
650 --shell /bin/false \
651 debian-transmission
652 ;;
653 *)
654 s adduser --quiet \
655 --system \
656 --group \
657 --no-create-home \
658 --disabled-password \
659 --home /var/lib/transmission-daemon \
660 debian-transmission
661 ;;
662 esac
663 fi
664
665 # dunno why it's there, but get rid of it
666 case $HOSTNAME in
667 li|lj) s rm -rf /home/linode ;;
668 esac
669
670 # arch had a default config,
671 # debian had nothing until you start it.
672 # With a little trial an error, here is a minimal config
673 # taken from the generated one, plus changes that the
674 # settings ui does, without a bunch of ui crap settings.
675 #
676 # only settings I set were
677 # hostname
678 # auto-connect
679 # password
680
681
682 # the password is randomly generated on first run
683 rpc_pass=$(s ruby <<'EOF'
684 require 'json'
685 p = '/etc/transmission-daemon/settings.json'
686 puts JSON.parse(File.read(p))["rpc-password"]
687 EOF
688 )
689
690 for f in /home/*; do
691 d=$f/.config/transmission-remote-gtk
692 u=${f##*/}
693 s -u $u mkdir -p $d
694 s -u $u dd of=$d/config.json <<EOF
695 {
696 "profiles" : [
697 {
698 "profile-name" : "Default",
699 "hostname" : "transmission",
700 "rpc-url-path" : "/transmission/rpc",
701 "username" : "",
702 "password" : "$rpc_pass",
703 "auto-connect" : true,
704 "ssl" : false,
705 "timeout" : 40,
706 "retries" : 3,
707 "update-active-only" : false,
708 "activeonly-fullsync-enabled" : false,
709 "activeonly-fullsync-every" : 2,
710 "update-interval" : 3,
711 "min-update-interval" : 3,
712 "session-update-interval" : 60,
713 "exec-commands" : [
714 ],
715 "destinations" : [
716 ]
717 }
718 ],
719 "profile-id" : 0,
720 "add-options-dialog" : false
721 }
722 EOF
723 done
724
725 pi wget
726 case $HOSTNAME in
727 tp|frodo)
728 case $distro in
729 debian|ubuntu)
730 log=$(mktemp)
731 cd /a/opt
732 wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
733 errallow
734 set -o pipefail
735 s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
736 code=$?
737 errcatch
738 case $code in
739 0) : ;;
740 *)
741 # previously I had a more specific search, but dpkg
742 # changed it\'s output as of 7/2016
743 if grep 'dependency problems' \
744 $log &>/dev/null; then
745 s apt-get -fy install
746 else
747 exit 1
748 fi
749 ;;
750 esac
751 ;;
752 arch)
753 pi google-chrome
754 ;;
755 esac
756 ;;
757 esac
758
759 # printer
760 case $distro in
761 arch)
762 pi cups ghostscript gsfonts # from arch wiki cups page
763 pi hplip # from google
764 s gpasswd -a $USER sys # from arch wiki
765 sgo org.cups.cupsd.service
766 # goto http://127.0.0.1:631
767 # administration tab, add new printer button.
768 # In debian, I could use hte recommended driver,
769 # in arch, I had to pick out the 6L driver.
770 ;;
771 debian|ubuntu)
772 spa hplip
773 ;;
774 # other distros unknown
775 esac
776
777
778 case $distro in
779 ubuntu|debian) pi --no-install-recommends mairix notmuch ;;
780 fedora|arch) spa mairix notmuch ;;
781 esac
782 case $distro in
783 arch) spa nfs-utils ;;
784 ubuntu|debian) spa nfs-client ;;
785 esac
786 case $distro in
787 ubuntu|debian) spa par2 ;;
788 arch|fedora) spa par2cmdline ;;
789 esac
790
791 # needed for my tex resume
792 case $distro in
793 ubuntu|debian) spa texlive-full ;;
794 arch) spa texlive-most ;;
795 # fedora unknown
796 esac
797
798 case $distro in
799 ubuntu)
800 # flash, unrar, codecs, ms fonts.
801 # This has a manual prompt.
802 spa ubuntu-restricted-extras
803 ;;
804 fedora)
805 pi yum-utils
806 # rpm fusion recommended codecs
807 s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
808 pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
809 xine-lib-extras-freeworld
810 ;;
811 esac
812
813 case $distro in
814 # optional dep for firefox for h.264 video
815 arch) spa gst-libav ;;
816 # other distros, probably come by default
817 esac
818
819 case $distro in
820 fedora|ubuntu|debian) spa gnupg-agent ;;
821 arch) : ;;
822 esac
823
824
825 case $distro in
826 fedora) spa pinentry-gtk ;;
827 *) : ;; # comes default or with other packages
828 esac
829
830 case $distro in
831 arch) spa firefox pulseaudio;;
832 *) : ;; # comes default or with other packages
833 esac
834
835
836 case $distro in
837 arch) spa ttf-dejavu;;
838 debian|ubuntu) spa fonts-dejavu ;;
839 # others unknown
840 esac
841
842
843 case $distro in
844 arch) spa xorg-xev;;
845 debian|ubuntu) spa x11-utils ;;
846 # others unknown
847 esac
848
849 case $distro in
850 arch) pi virt-install;;&
851 debian|ubuntu) pi virtinst ;;&
852 *) pi virt-manager ;; # creates the libvirt group in debian at least
853 # others unknown
854 esac
855 # allow user to run vms, from debian handbook
856 for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
857 # bridge networking as user fails. google lead here, but it doesn't work:
858 # oh well, I give up.
859 # http://wiki.qemu.org/Features-Done/HelperNetworking
860 # s mkdir /etc/qemu
861 # f=/etc/qemu/bridge.conf
862 # s dd of=$f <<'EOF'
863 # allow br0
864 # EOF
865 # #s chown root:qemu $f # debian has somethig like qemu-libvirt. equivalent?
866 # s chmod 640 $f
867
868
869 case $distro in
870 arch) spa cdrkit;;
871 debian|ubuntu) spa genisoimage;;
872 # others unknown
873 esac
874
875 case $distro in
876 arch) spa spice-gtk3 ;;
877 debian|ubuntu) spa spice-client-gtk;;
878 # others unknown
879 esac
880
881 # general known for debian/ubuntu, not for fedora
882
883 case $distro in
884 debian|ubuntu)
885 pi golang-go
886 # a bit of googling, and added settings to bashrc
887 go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
888 ;;
889 # others unknown
890 esac
891
892
893 case $distro in
894 arch)
895 # cdrkit for cloud-init isos
896 # dnsmasq & ebtables for nat networking in libvirt
897 # qemu for qemu-img, bind-tools for dig
898 # dmidecode just because syslog complains
899 pi unzip xorg-xmodmap dmidecode ebtables\
900 bridge-utils dnsmasq qemu bind-tools
901 # otherwise we get error about accessing kvm module.
902 # seems like there might be a better way, but google was a bit vague.
903 s $sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
904 echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
905 # https://bbs.archlinux.org/viewtopic.php?id=206206
906 # # this should prolly go in the wiki
907 sgo virtlogd.socket
908 # guessing this is not needed
909 #sgo virtlogd.service
910 sgo libvirtd
911
912 ;;
913 esac
914
915 case $distro in
916 arch) pi virtviewer ;;
917 *) : ;; # other distros have it as a dependency afaik.
918 esac
919
920
921
922 case $distro in
923 fedora) cabal install shellcheck ;;
924 *) spa shellcheck ;;
925 # unknown for older ubuntu
926 esac
927
928
929 case $distro in
930 arch|debian|ubuntu) spa pumpa ;;
931 # others unknown. do have a buildscript:
932 # /a/bin/buildscripts/pumpa ;;
933 esac
934
935
936 case $distro in
937 debian|ubuntu) spa android-tools-adbd/unstable ;;
938 arch) spa android-tools ;;
939 # other distros unknown
940 esac
941
942 if [[ $HOSTNAME == treetowl ]]; then
943 case $distro in
944 debian)
945 if [[ `debian-archive` == testing ]]; then
946 # has no unstable dependencies
947 pi bitcoind/unstable
948 src=/a/opt/bitcoin/contrib/init/bitcoind.service
949 s cp $src /etc/systemd/system
950 p=/etc/bitcoin/bitcoin
951 dst=/etc/systemd/system/bitcoinjm.service
952 # jm for joinmarket
953 $sed -r "/^\s*ExecStart/s,${p}.conf,${p}jm.conf," $src \
954 >/etc/systemd/system/bitcoinjm.service
955
956 d=jm; jm=d # being clever for succinctness
957 for s in d jm; do
958 s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
959 /etc/systemd/system/bitcoin${s}.service
960 done
961
962 ser daemon-reload
963
964 dir=/nocow/.bitcoin
965 s mkdir -p $dir
966 s chown -R bitcoin:bitcoin $dir
967 dir=/etc/bitcoin
968 s mkdir -p $dir
969 s chown -R root:bitcoin $dir
970 s chmod 750 $dir
971
972 # pruning decreases the bitcoin dir to 2 gb, keeps
973 # just the recent blocks. can\'t do a few things like
974 # import a wallet dump.
975 # pruning works, but people had to do
976 # some manual stuff in joinmarket. I dun need the
977 # disk space, so not bothering yet, maybe in a year or so.
978 # https://github.com/JoinMarket-Org/joinmarket/issues/431
979 #https://bitcoin.org/en/release/v0.12.0#wallet-pruning
980 #prune=550
981
982 f=$dir/bitcoin.conf
983 s dd of=$f <<EOF
984 server=1
985 rpcpassword=$(openssl rand -base64 32)
986 rpcuser=$(openssl rand -base64 32)
987 EOF
988
989
990 f2=$dir/bitcoinjm.conf
991 s cp $f $f2
992 s tee -a $f2 >/dev/null <<EOF
993 # Joinmarket
994 walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
995 alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
996 wallet=joinmarket.dat
997 EOF
998 # dunno about sharing a wallet between multiple instances
999 # manually did, wallet.dat symlinked in /nocow/.bitcoin
1000 sgo bitcoind
1001 fi
1002 ;;
1003 # other distros unknown
1004 esac
1005 pi libsodium-dev python-pip
1006 cd /a/opt/joinmarket
1007 # using develop branch, as it seems to be mostly bug fixes,
1008 # and this is quite new software.
1009 # note: python3 does not work.
1010 # has seg fault error due to some bug, but it still works
1011 pip install -r requirements.txt || [[ $? == 139 ]]
1012 # note, the target must exist ahead of time, or bitcoin
1013 # just overwrites the link, and it's not happy with an empty file,
1014 # so we have to create the wallet, then move and link it.
1015 s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
1016 s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
1017 # not technically needed, but seems cleaner not to have
1018 # symlinks be root owned unlike everything else
1019 s chown -h bitcoin:bitcoin /nocow/.bitcoin/*
1020
1021 for var in rpcuser rpcpassword; do
1022 u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
1023 # escape backslashes
1024 u="${u//\\/\\\\\\\\}"
1025 # escape commas
1026 u="${u//,/\\,}"
1027 sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
1028 done
1029 sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
1030
1031 fi
1032
1033
1034
1035
1036 # proprietary flash. going without for now
1037 # case $distro in
1038 # debian)
1039 # pi flashplugin-nonfree
1040 # esac
1041
1042
1043
1044 case $distro in
1045 fedora)
1046 cd $(mktemp -d)
1047 wget http://tamacom.com/global/global-6.3.2.tar.gz
1048 ex global*
1049 cd global-6.3.2
1050 # based on https://github.com/leoliu/ggtags
1051 ./configure --with-exuberant-ctags=/usr/bin/ctags
1052 make
1053 s make install
1054 s pip install pygments
1055 ;;
1056 *)
1057 pi global
1058 ;;&
1059 arch)
1060 pi python2-pygments
1061 ;;
1062 debian|ubuntu)
1063 pi python-pygments
1064 ;;
1065 esac
1066
1067
1068 case $distro in
1069 debian)
1070 pi task-cinnamon-desktop
1071 # in settings, change scrolling to two-finger,
1072 # because the default edge scroll doesn\'t work.
1073 pu transmission-gtk
1074 ;;
1075 # others unknown
1076 esac
1077
1078 case $distro in
1079 arch) spa apg ;;
1080
1081 # already in debian jessie
1082 esac
1083
1084
1085
1086
1087 # note this failed running at the beginning of this file,
1088 # because no systemd user instance was running.
1089 # Doing systemd --user resulted in
1090 # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
1091
1092 if isdebian-testing; then
1093 # as of 7/2016, has no unstable deps, and is not in testing anymore.
1094 pi synergy/unstable
1095 else
1096 pi synergy
1097 fi
1098
1099 # case $distro in
1100 # # ubuntu unknown. probably the same as debian, just check if the
1101 # # init scripts come with the package.
1102 # debian)
1103 # # copied from arch, but moved to etc
1104 # s dd of=/etc/systemd/user/synergys.service <<'EOF'
1105 # [Unit]
1106 # Description=Synergy Server Daemon
1107 # After=network.target
1108
1109 # [Service]
1110 # User=%i
1111 # ExecStart=/usr/bin/synergys --no-daemon --config /etc/synergy.conf
1112 # Restart=on-failure
1113
1114 # [Install]
1115 # WantedBy=multi-user.target
1116 # EOF
1117 # s dd of=/etc/systemd/user/synergys.socket <<'EOF'
1118 # [Unit]
1119 # Conflicts=synergys@.service
1120
1121 # [Socket]
1122 # ListenStream=24800
1123 # Accept=false
1124
1125 # [Install]
1126 # WantedBy=sockets.target
1127 # EOF
1128 # # had this fail with 'Failed to connect to bus: No such file or directory'
1129 # # then when I tried it manually, it worked fine...
1130 # if ! systemctl --user daemon-reload; then
1131 # sleep 2
1132 # echo retrying systemd user daemon reload
1133 # systemctl --user daemon-reload
1134 # fi
1135 # ;;&
1136 # *)
1137 # # taken from arch wiki.
1138 # s dd of=/etc/systemd/system/synergyc@.service <<'EOF'
1139 # [Unit]
1140 # Description=Synergy Client
1141 # After=network.target
1142
1143 # [Service]
1144 # User=%i
1145 # ExecStart=/usr/bin/synergyc --no-daemon frodo
1146 # Restart=on-failure
1147 # # per man systemd.unit, StartLimitInterval, by default we
1148 # # restart more than 5 times in 10 seconds.
1149 # # And this param defaults too 200 miliseconds.
1150 # RestartSec=3s
1151
1152 # [Install]
1153 # WantedBy=multi-user.target
1154 # EOF
1155 # s systemctl daemon-reload
1156 # case $HOSTNAME in
1157 # x2|treetowl)
1158 # ser enable synergyc@ian
1159 # ser start synergyc@ian ||: # X might not be running yet
1160 # ;;
1161 # frodo)
1162 # systemctl --user start synergys ||:
1163 # systemctl --user enable synergys
1164 # ;;
1165 # esac
1166 # ;;
1167 # esac
1168
1169
1170 ######### end misc packages #########
1171
1172
1173 # packages I once used before and liked, but don't want installed now for
1174 # various reasons:
1175 # python-sqlite is used for offlineimap
1176 # lxappearance python-sqlite dolphin paman dconf-editor
1177
1178
1179
1180 ######## unfinished
1181
1182 # todo, finish configuring smart.
1183
1184 pi smartmontools
1185 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
1186 # turn on smart. background on options:
1187 # first line, -a = test everyting on all devices.
1188 # -S on, turn on disk internal saving of vendor specific info,
1189 # from google, seems like this is usually already on and fairly standard.
1190 # -o on, turn on 4 hour period non-performance degrading testing.
1191 # short test daily 2-3am, extended tests Saturdays between 3-4am:
1192 sched="-s (S/../.././02|L/../../6/03)"
1193 s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
1194 DEVICESCAN -a -o on -S on -n standby,q $sched \
1195 -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
1196
1197 # in the default configuration of at least ubuntu 14.04, resolvconf is
1198 # configured to order any nameservers associated with tun* or tap*
1199 # before the normal internet interfaces, which means they are always
1200 # consulted first. This is often slower and undesirable, ie. local dns
1201 # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
1202 # can do:
1203 #sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
1204 # however, this breaks dns lookup for hosts on the openvpn lan.
1205 # I can\'t figure out why hosts on the normal lan would not be
1206 # broken under the default ordering, except the host I was
1207 # testing with previously had an entry in /etc/hosts.
1208
1209 ############# end unfinished
1210
1211 ########### misc stuff
1212
1213 devs=()
1214 for dev in $(s btrfs fi show /boot | sed -nr 's#.*path\s+(\S+)$#\1#p'); do
1215 devs+=($(devbyid $dev),)
1216 done
1217 devs[-1]=${devs[-1]%,} # jonied by commas
1218
1219 # on grub upgrade, we get prompts unless we do this
1220 s debconf-set-selections <<EOF
1221 grub-pc grub-pc/install_devices multiselect ${devs[*]}
1222 EOF
1223
1224
1225 # the wiki backup script from ofswiki.org uses generic paths
1226 s lnf /p/c/machine_specific/li/mw_vars /root
1227 s lnf /k/backup/wiki_backup /root
1228
1229 s cedit /etc/goaccess.conf <<'EOF' || [[ $? == 1 ]]
1230 # all things found from looking around the default config
1231 # copied existing NCSA Combined Log Format with Virtual Host, plus %L
1232 log-format %^:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" %D
1233 time-format %H:%M:%S
1234 date-format %d/%b/%Y
1235 log-file /var/log/apache2/access.log
1236 color-scheme 2
1237
1238 # tip: copy access.log files to a stretch host directory, then run
1239 # jessie's goaccess is too old for some options, and it's
1240 # not easily installed from a testing.
1241 # goaccess --ignore-crawlers -f <(cat *) -a -o html > x.html
1242 EOF
1243
1244
1245 case $distro in
1246 debian|ubuntu)
1247 case `debian-archive` in
1248 stable)
1249 s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
1250 Explanation: Allow unison-gtk to be upgraded
1251 Package: unison-gtk
1252 Pin: release a=testing
1253 Pin-Priority: 500
1254 EOF
1255 # dont think using testing is needed since I figured out how to
1256 # deal with mismatching unison compilers, but I dont
1257 # see any reason to revert it, since it only installs
1258 # a single package which is primarily a single binary
1259 ;;
1260 esac
1261 pi unison/testing
1262 pi unison-gtk/testing # after to make it the default unison
1263 ;;
1264 arch)
1265 pi unison gtk2
1266 ;;
1267 esac
1268
1269 case $distro in
1270 arch)
1271 # default is alsa, doesn\'t work with with pianobar
1272 s dd of=/etc/libao.conf <<'EOF'
1273 default_driver=pulse
1274 EOF
1275 ;;
1276 esac
1277
1278 # note, for jessie, it depends on a higher version of btrfs-tools.
1279 #
1280 # # disabled due to my patch being in btrbk
1281 # case $distro in
1282 # arch|debian|ubuntu) pi btrbk ;;
1283 # # others unknown
1284 # esac
1285 cd /a/opt/btrbk
1286 s make install
1287 spa pv # for progress bar when running interactively.
1288 if [[ $HOSTNAME == treetowl ]]; then
1289 # backup/sync manually on others hosts for now.
1290 sgo btrbk.timer
1291 # note: to see when it was last run,
1292 # ser list-timers
1293 fi
1294
1295 if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
1296 # fail2 ban is broken, with a workaround, per
1297 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
1298 # ill wait a while to see if it gets fixed
1299 pi fail2ban
1300 sgo fail2ban
1301 fi
1302
1303
1304
1305
1306
1307 case $distro in
1308 debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
1309 esac
1310
1311 # tor
1312 case $distro in
1313 # based on
1314 # https://www.torproject.org/docs/rpms.html.en
1315 # https://www.torproject.org/docs/debian.html.en
1316 # todo: figure out if the running service needs to be restarted upon updates
1317
1318
1319 # todo on fedora: setup non-dev packages
1320 fedora)
1321 s dd of=/etc/yum.repos.d/torproject.repo <<'EOF'
1322 [tor]
1323 name=Tor experimental repo
1324 enabled=1
1325 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/$basearch/
1326 gpgcheck=1
1327 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1328
1329 [tor-source]
1330 name=Tor experimental source repo
1331 enabled=1
1332 autorefresh=0
1333 baseurl=http://deb.torproject.org/torproject.org/rpm/tor-testing/fc/20/SRPMS
1334 gpgcheck=1
1335 gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
1336 EOF
1337
1338 # to be secure, take a look at the fingerprint reported from the following install, and see if it matches from the link above:
1339 # 3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1
1340 sgo tor
1341 /a/bin/buildscripts/tor-browser
1342 ;;
1343 ubuntu)
1344 tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
1345 gpg --keyserver keys.gnupg.net --recv 886DDD89
1346 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
1347 p update
1348 pi deb.torproject.org-keyring
1349 pi tor
1350 /a/bin/buildscripts/tor-browser
1351 ;;
1352 debian)
1353 pi tor
1354 /a/bin/buildscripts/tor-browser
1355 ;;
1356 arch)
1357 pi tor tor-browser-en
1358 sgo tor
1359 ;;
1360 # ubuntu unknown
1361 esac
1362
1363 # nfs server
1364 case $distro in
1365 fedora)
1366 end_msg <<'EOF'
1367 fedora todo: disable the firewall or find a way to automate it.
1368 there's an unused section in t.org for tramikssion firewall setup
1369
1370 fedora manual config for nfs:
1371 s firewall-config
1372 change to permanent configuration
1373 check the box for nfs
1374 was hard to figure this out, not sure if this is all needed, but
1375 unblock these too
1376 mountd: udp/tcp 20048
1377 portmapper, in firewall-config its called rpc-bind: udp/tcp 111
1378 troubleshooting, unblock things in rpcinfo -p
1379 make sure to reload the firewall to load the persistent configuration
1380
1381
1382 EOF
1383 pi nfs-utils
1384 sgo nfs-server
1385 ;;
1386 debian|ubuntu)
1387 pi nfs-server
1388 ;;
1389 arch)
1390 pi nfs-utils || pending_reboot=true
1391 sgo rpcbind
1392 # this failed until I rebooted
1393 sgo nfs-server
1394 ;;
1395 esac
1396
1397 if [[ $HOSTNAME == treetowl ]]; then
1398 # nohide = export filesystems mounted deeper than the export point
1399 # fsid=0 makes this export the "root" export
1400 # not documented in the man page, but this means
1401 # 1. it can be mounted with a shorthand of server:/
1402 # 2. exports that are subdirectories of this one will automatically be mounted
1403 tu /etc/exports <<'EOF'
1404 /k 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)
1405 EOF
1406 s exportfs -rav
1407 fi
1408
1409
1410 e "$end_msg_var"
1411
1412
1413 # persistent virtual machines
1414
1415 case $distro in
1416 debian|ubuntu)
1417 pi libosinfo-bin;
1418 ;;
1419 esac
1420
1421 # distro may not know about win 10 yet.
1422 variant=win7
1423 if ! virt-install --os-variant list &>/dev/null; then # we are using a newer virt-install
1424 for v in 10 8.1 8; do
1425 if osinfo-query os | gr "^\s*win${v/./\\.}\s" &>/dev/null; then
1426 variant=win$v
1427 break
1428 fi
1429 done
1430 fi
1431
1432 if ! s virsh list --all --name | grep -xF win10 &>/dev/null; then
1433
1434 # created account with
1435 # win10vmian@outlook.com, and easy to remember password
1436 # win 10 virtio, makes disk way way way faster
1437 # wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
1438 # https://wiki.archlinux.org/index.php/QEMU#Change_Existing_Windows_VM_to_use_virtio
1439 # for installing virtio after initial install instead of with initial iso:
1440 # qemu-img create -f qcow2 fake.qcow2 1G
1441 # --disk=/a/images/virtio-win.iso,device=cdrom \
1442 # --disk=/a/images/fake.qcow2,bus=virtio
1443 # Also,
1444 # went to device manager, saw 2 pci devices with yellow !,
1445 # did search for drivers, pick cdrom location, done.
1446 #
1447 # from http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html.
1448 # google said there was a control panel option for it, but
1449 # that turned out to be a lie.
1450 # Put this in a .bat file and run as administrator to turn off
1451 # hyberboot which fucks things up.
1452 # REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
1453 # power settings, turn off display: never
1454 # run "control userpasswords2", turn on automatic login.
1455 # note: when changing devices, I just undefine, the create the vm again.
1456
1457 if [[ -e /nocow/user/vms/win10.qcow2 ]]; then
1458 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1459 --disk=/a/images/win10.qcow2,bus=virtio --vcpus 2 -r 4096 -w bridge=br0 \
1460 -n win10 --import --os-variant $variant --cpu host-model-only
1461
1462 s virsh destroy win10
1463 fi
1464
1465 if [[ -e /nocow/user/vms/win7.qcow2 ]]; then
1466 # this one hasn\'t had the virtio fix done yet.
1467 s virt-install --noautoconsole --graphics spice,listen=0.0.0.0 \
1468 --disk=/a/images/win7.qcow2 --vcpus 2 -r 4096 -w bridge=br0 \
1469 -n win7 --import --os-variant win7 --cpu host-model-only
1470 s virsh destroy win7
1471 # had a problem with --cpu host, so trying out
1472 # --cpu host-model-only
1473 fi
1474 fi
1475
1476
1477 if [[ $HOSTNAME == treetowl ]]; then
1478 pi samba
1479 # note samba re-reads it\'s config every 1 minute
1480 case $distro in
1481 arch) s cp /etc/samba/smb.conf.default /etc/samba/smb.conf ;;
1482 esac
1483
1484 # add 2 lines after workgroup option
1485 s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
1486 s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
1487 s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
1488 # remove default homes section. not sharing that.
1489 s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
1490
1491 if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
1492 s tee -a /etc/samba/smb.conf <<'EOF'
1493 [public]
1494 guest ok = yes
1495 read only = no
1496 path = /kr
1497 EOF
1498 fi
1499
1500 case $distro in
1501 debian|ubuntu)
1502 # systemd claims it generates units from /etc/init.d, but it
1503 # clearly doesn\'t in debian. I have no idea how they are
1504 # related. fuck debian right now. It\'s not documented. samba
1505 # has a systemd init file linked to /dev/null. There\'s this
1506 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769714 which
1507 # claims samba\'s sub-services will be started automatically by
1508 # systemd... it didn\'t on install, wonder if it will on
1509 # boot. It clued me in how to start it manually though. Nothing
1510 # in /usr/share/doc/samba, debian admin guide says nothing about
1511 # any of this. (this is in debian testing as of 4/2016).
1512
1513 s /etc/init.d/samba start
1514 ;;
1515 arch)
1516 sgo samba
1517 ;;
1518 esac
1519 fi
1520
1521 tu /etc/hosts <<< "127.0.1.1 $(hostname).lan $(hostname)"
1522
1523
1524 ######### begin stuff belonging at the end ##########
1525
1526
1527 # Apps we want to override others for default file handler:
1528 # simplest way in debian is to just install them last.
1529 simple_packages+=(
1530 mpv
1531 )
1532
1533 case $distro in
1534 ubuntu|debian)
1535 spa spacefm-gtk3 ;;
1536 arch)
1537 spa spacefm ;;
1538 esac
1539
1540
1541 pi "${simple_packages[@]}"
1542
1543
1544 if $pending_reboot; then
1545 echo "$0: pending reboot and then finished. doing it now."
1546 s reboot now
1547 else
1548 echo "$0: $(date): ending now)"
1549 fi
~16k lines of my .bashrc + lots of my configs