#!/bin/bash
-# Copyright (C) 2016 Ian Kelling
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# Setup Ian's computers
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
-# for setting up a new machine
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+#### for setting up a new machine
# usage: $0 [-r] [HOSTNAME]
# HOSTNAME changes the machine's hostname
+# Update target_down alerts in
+# /a/bin/ds/filesystem/etc/prometheus/rules/iank.yml
+#
+# Update hostnames in /b/ds/check-remote-mailqs
+# Update hostnames in /b/ds/machine_specific/*.hosts /p/c/machine_specific/*.hosts
+# Update hostnames in this file
+
+### end new machine setup
+
# tips:
# run any sudo command first so your pass is cached
# set the scrollback to unlimited in case something goes wrong
### make ssh interactive shell run better. for when running line interactively line by line
-sudo bash -c '/a/exe/ssh-emacs-setup'
+sudo bash -c '/a/exe/ssh-emacs-setup' || exit $?
##### setup error handling
interactive=true # set this to false to force set -x
if ! $interactive; then
set -x
fi
-source /a/bin/errhandle/err
+source /a/bin/bash-bear-trap/bash-bear
mkdir -p ~/.local
err-cleanup() {
### arg parsing
recompile=false
-emacs=true
+emacs=false
+if [[ -e /a/opt/emacs ]]; then
+ emacs=true
+fi
while [[ $1 == -* ]]; do
case $1 in
-r) recompile=true; shift ;;
set +x
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
-for f in kd x2 x3 frodo tp li bk je demohost kw; do
+for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo so; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
codename=$(debian-codename)
sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
[Unit]
-Description=keyscriptoffIMG_20200803_221621
+Description=keyscriptoff
[Service]
Type=oneshot
distro=$(distro-name)
case $distro in
ubuntu|debian|trisquel)
- sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
+ sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/IANK/11-iank"
;;
*)
sudo bash -c ". /a/bin/fai/fai-wrapper &&
##### exit first stage if running as root
if [[ $EUID == 0 ]]; then
+ if [[ ! -e /home/iank/.ssh/authorized_keys && ! -L /home/iank/.ssh/authorized_keys ]]; then
+ sudo -u iank mkdir -p /home/iank/.ssh
+ chmod 0700 /home/iank/.ssh
+ sudo -u iank ln -sf /p/c/machine_specific/vps/subdir_files/.ssh/authorized_keys /home/iank/.ssh
+ fi
echo "$0: running as root. exiting now that users are setup"
exit 0
fi
EOF
done
+###### link files
+# convenient to just do all file linking in one place
+sudo /a/exe/lnf -T /a/bin /b
+sudo /a/exe/lnf -T /a/f /f
+sudo /a/exe/lnf -T /var/log/exim4 /el
+sudo /a/exe/lnf -T /a/f/ans /c
+sudo /a/exe/lnf -T /nocow/t /t
+if has_p; then
+ lnf -T /p/News ~/News
+fi
+dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history)
+sudo mkdir -p ${dirs[@]}
+sudo chmod 600 ${dirs[@]}
+sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \
+ /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
+/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob
+sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
+
+
###### do conflink
# vps needs bind group before conflink
if vps; then
pi-nostart bind9
fi
+if bitfolk; then
+ pi-nostart unbound
+fi
# this needs to be before installing pacserve so we have gpg conf.
conflink
rootsshsync
source /etc/rootsudoenv
fi
+
+
###### bash environment setup
set +x
err-allow
source /etc/profile.d/environment.sh
export LC_USEBASHRC=t
-# shellcheck source=./.bashrc
-source ~/.bashrc
+# shellcheck source=./brc
+source ~/brc
err-catch
$interactive || set -x
sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' $f
fi
case $HOSTNAME in
- bk)
+ bk|je)
+ # je should be able to get along systemd-resolved, but ive had some odd
+ # very intermittent dns failures with spamassassin, it seems it might only
+ # be happening with systemd-resolved, so just use unbound
+ # to make it consistent with the other hosts.
sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf
+ soff systemd-resolved
+ sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
+ sgo unbound
+ # cautious measure to make sure resolution is working
+ sleep 1
;;
*)
# default is
;;
esac
+case $HOSTNAME in
+ bk)
+ sgo named
+ ;;
+esac
+
+
+lines=(
+ "/etc/resolved-nsswitch/nsswitch.conf r,"
+ "/etc/basic-nsswitch/nsswitch.conf r,"
+ # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+ # I dont know if this is quite the right fix, but I saw other sockets
+ # in the nameservice files that were rw, so figured it was ok to add this and it worked.
+ "/run/systemd/resolve/io.systemd.Resolve rw,"
+)
f=/etc/apparmor.d/abstractions/nameservice
-if [[ -e $f ]] && ! grep -q /etc/resolved-nsswitch/nsswitch.conf $f; then
- sudo sed -i '/\/etc\/nsswitch.conf/a /etc/resolved-nsswitch/nsswitch.conf r,' $f
- sudo sed -i '/\/etc\/nsswitch.conf/a /etc/basic-nsswitch/nsswitch.conf r,' $f
- if sytemctl is-enabled apparmor; then
+apparmor_reload=false
+if [[ -e $f ]]; then
+ for l in "${lines[@]}"; do
+ if ! grep -qF "$l" $f; then
+ sudo sed -i "/\/nsswitch.conf/a $l" $f
+ apparmor_reload=true
+ if ! grep -qF "$l" $f; then
+ echo "$0: failed editing $f. investigate"
+ exit 1
+ fi
+ fi
+ done
+ if $apparmor_reload && systemctl is-active apparmor; then
m ser reload apparmor
fi
fi
sudo sed -ri "/^127\./n;/[[:space:]]$HOSTNAME\$/d" /etc/hosts
fi
-# firefox exists but is 2 versions outdated
+if isdeb && [[ $(debian-codename) == aramo ]]; then
+ sudo dd of=/etc/apt/preferences.d/aramo-jammy-missing <<'EOF'
+Package: linux-libc-dev libmysqlclient21
+Pin: release n=jammy,o=Ubuntu
+Pin-Priority: 500
+EOF
+fi
+
+# libfdk just has some patent worries.
+# https://www.gnu.org/licenses/license-list.en.html#fdk
if isdeb && [[ $(debian-codename) == nabia ]]; then
sudo dd of=/etc/apt/preferences.d/nabia-focal-missing <<'EOF'
-Package: unrar-free firefox libfdk-aac1 ansible
+Package: libfdk-aac1
Pin: release n=focal,o=Ubuntu
Pin-Priority: 500
EOF
Pin-Priority: -100
EOF
-
fi
fi
#### update all packages
+# shellcheck disable=SC2119 # obvious
pup
######## fix evbug bug ######
case $(debian-codename-compat) in
- xenial|bionic|focal)
+ xenial|bionic|focal|jammy)
# noticed in flidas. dunno if it affects any others
#https://bugs.launchpad.net/ubuntu/+source/module-init-tools/+bug/240553
#https://wiki.debian.org/KernelModuleBlacklisting
file=/etc/modprobe.d/evbug.conf
line="blacklist evbug"
if [[ $(cat $file) != "$line" ]]; then
- sudo dd of=$file 2>/dev/null <<<"$line"
+ sudo dd of=$file status=none <<<"$line"
sudo depmod -a
sudo update-initramfs -u
fi
esac
-###### link files
-# convenient to just do all file linking in one place
-sudo /a/exe/lnf -T /a/bin /b
-sudo /a/exe/lnf -T /a/f /f
-sudo /a/exe/lnf -T /var/log/exim4 /el
-sudo /a/exe/lnf -T /a/f/ans /c
-sudo /a/exe/lnf -T /nocow/t /t
-if has_p; then
- lnf -T /p/News ~/News
-fi
-dirs=(/q/root /q/root/.editor-backups /q/root/.undo-tree-history)
-sudo mkdir -p ${dirs[@]}
-sudo chmod 600 ${dirs[@]}
-sudo /a/exe/lnf /q/root/.editor-backups /q/root/.undo-tree-history \
- /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
-/a/bin/ds/install-my-scripts # needed for rootsshsync cronjob
-sudo /a/exe/lnf /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
-
-
-
#### arch specific early packages
case $(distro-name) in
first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
tu /etc/fstab <<EOF
-$first_root_crypt /nocow btrfs noatime,subvol=nocow$( ((`nproc` > 2)) && echo ,compress=zstd ) 0 0
+$first_root_crypt /nocow btrfs noatime,subvol=nocow$( (( $(nproc) > 2)) && echo ,compress=zstd ) 0 0
EOF
sudo mkdir -p $dir
sudo chown $USER:$USER $dir
kd)
tu /etc/fstab <<'EOF'
/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0
+/d/m /i none bind,compress=zstd 0 0
EOF
if ! mountpoint /d &>/dev/null; then
- sudo mkdir /d
+ sudo mkdir -p /d
if [[ -d /mnt/r7/d ]]; then
sudo mount /d
fi
fi
+ if ! mountpoint /i &>/dev/null; then
+ sudo mkdir -p /i
+ sudo mount /i
+ fi
+ ;;
+ frodo)
+ tu /etc/fstab <<'EOF'
+/dev/mapper/crypt_dev_ata-ata-Hitachi_HDS722020ALA330_JK1121YAG7SXWS-part1 /i btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvol=i 0 0
+EOF
+ if ! mountpoint /i &>/dev/null; then
+ sudo mkdir -p /i
+ if [[ -d /mnt/i/i ]]; then
+ sudo mount /i
+ fi
+ fi
;;
esac
-
+if bitfolk; then
+ sudo systemctl disable systemd-networkd
+fi
##### setup email
primary-setup
###### install X
- # no recommends due to this bug: https://trisquel.info/en/issues/26525
- pi --no-install-recommends i3
+ pi i3
##### install xinput
case $(distro-name) in
dir=/etc/X11/xinit/xinitrc.d/
sudo mkdir -p $dir
sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir
- s teeu /etc/systemd/logind.conf <<'EOF'
-HandleLidSwitch=
-EOF
- # this works on
- dir=/etc/gdm3
- sudo mkdir -p $dir/PostLogin
- sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
+ ## disabled since i'm not using gdm atm
+ # dir=/etc/gdm3
+ # sudo mkdir -p $dir/PostLogin
+ # sudo cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
sudo mkdir -p /etc/lightdm/lightdm.conf.d
# etiona lightdm.log:
# [SeatDefaults] is now called [Seat:*], please update this configuration
sudo dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
[Seat:*]
-display-setup-script=/a/bin/ds/lightdm-start
+# display-setup-script=/a/bin/ds/lightdm-start
session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
EOF
else
if $recompile; then
/a/bin/buildscripts/emacs
+ /a/bin/buildscripts/mu4e
else
/a/bin/buildscripts/emacs --no-r
+ /a/bin/buildscripts/mu4e --no-r
fi
fi
# the first pup command can kill off our /etc/ mod, so rerun this
iankelling.org / git / distro-setup / blobdiff