iankelling.org / git / distro-setup / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
shellcheck, better automated upgrades
[distro-setup] / distro-end
diff --git a/distro-end b/distro-end
index 84566b89fa4299468c147d69bd2e60ee97911166..14cc2f52ddca1ff5d0ea158f9d7d55e7734ba47f 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -15,8 +15,9 @@
 
 ### setup
 source /a/bin/errhandle/err
-src="$(readlink -f -- "$BASH_SOURCE")"; src=${src%/*} # directory of this file
+src="$(readlink -f -- "${BASH_SOURCE[0]}")"; src=${src%/*} # directory of this file
 
+# shellcheck source=./pkgs
 source $src/pkgs
 
 set -x
@@ -35,6 +36,7 @@ spa() { # simple package add
   simple_packages+=($@)
 }
 distro=$(distro-name)
+codename=$(debian-codename)
 codename_compat=$(debian-codename-compat)
 pending_reboot=false
 sed="sed --follow-symlinks"
@@ -184,15 +186,38 @@ sgo certbotmail.timer
 pi ${p1[@]}
 
 ##### begin automatic upgrades ####
-# this makes it so we upgrade everything
-s debconf-set-selections <<'EOF'
-unattended-upgrades unattended-upgrades/origins_pattern string "codename=${distro_codename}";
+
+s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
+# this file was mostly just comments.
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
+EOF
+
+s dd of=/etc/apt/apt.conf.d/50unattended-upgrades  <<EOF
+# fyi: default file has comments about available options,
+# you may want to read that.
+Unattended-Upgrade::Mail "root";
+Unattended-Upgrade::MailOnlyOnError "true";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::Origins-Pattern {
+       # default is just security updates.
+       "origin=*";
+};
 EOF
-s dpkg-reconfigure -u -fnoninteractive unattended-upgrades
 
-# Setup daily reboots, so all unattended upgrades go into affect
-# unattended upgrades happen at 6 am + rand(60 min).
-echo '20 7 * * * root /usr/local/bin/zelous-unattended-reboot' | s dd of=/etc/cron.d/unattended-upgrade-reboot
+# Setup reboots when running outdated stuff, unattended upgrades happen
+# at 6 am + rand(60 min).
+/usr/local/bin/log-once checkrestart
+
+# old names, too verbose
+s rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot
+
+s dd of=/etc/cron.d/myupgrade <<'EOF'
+20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
+0 * * * * root /usr/local/bin/mycheckrestart | /usr/local/bin/log-once -1 mycheckrestart
+EOF
 ##### end automatic upgrades ####
 
 # office is not exposed to internet yet
@@ -434,7 +459,7 @@ EOF
     # s reboot now
     # when running docker-compose run, kernel stack traces are printed to the journal.
     # things seem to succeed, google says nothing, so ignoring them.
-    curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
+    curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-$(uname -s)-$(uname -m) | s dd of=/usr/local/bin/docker-compose
     s chmod +x /usr/local/bin/docker-compose
 
 
@@ -476,7 +501,7 @@ EOF
       printf "%s=%s\n" $key "$(docker-compose run --rm web rake secret|dos2unix|tail -n1)" >>.env.production
     done
     found=false
-    while read -r domain port pass; do
+    while read -r domain _ pass; do
       if [[ $domain == mail.iankelling.org ]]; then
         found=true
         # remove the username part
@@ -759,6 +784,21 @@ EOF
     # newer version needed for false positive in checkrestart
     p install -y --allow-unauthenticated debian-goodies
 
+    s dd of=/etc/apt/preferences.d/shellcheck <<EOF
+Package: shellcheck
+Pin: release a=etiona
+Pin-Priority: 1005
+
+Package: shellcheck
+Pin: release a=etiona-updates
+Pin-Priority: 1005
+
+Package: shellcheck
+Pin: release a=etiona-security
+Pin-Priority: 1005
+EOF
+
+
     ;;
 esac
 
@@ -981,7 +1021,7 @@ if [[ $HOSTNAME == frodo ]]; then
         # https://apt.syncthing.net/
         curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
         s="deb http://apt.syncthing.net/ syncthing release"
-        if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != $s ]]; then
+        if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != "$s" ]]; then
           echo "$s" | s dd of=/etc/apt/sources.list.d/syncthing.list
           p update
         fi
@@ -1042,6 +1082,13 @@ fi
 
 ####### begin misc packages ###########
 
+case $codename in
+  flidas)
+
+    ;;
+esac
+
+
 # sakura config is owned by ian
 reset-sakura
 reset-konsole
@@ -1072,13 +1119,13 @@ wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd
 s dpkg -i $t
 rm $t
 # this guesses at the appropriate directory, adjust if needed
-x=(/usr/lib/x86_64-linux-gnu/perl/5.*)
-sudo ln -sf ../../../perl/5.18.2/SPD/ $x
+perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
+sudo ln -sf ../../../perl/5.18.2/SPD/ ${perldir[0]}
 # newer distro had gpg2 as default, older one, flidas, need to make it that way
-x=$(which gpg2)
+gpgpath=$(which gpg2)
 if [[ $x ]]; then
   s mkdir -p /usr/local/spdhackfix
-  s lnf -T $x /usr/local/spdhackfix/gpg
+  s lnf -T $gpgpath /usr/local/spdhackfix/gpg
 fi
 ### end spd install
 
@@ -1646,7 +1693,7 @@ dbus-launch gsettings set org.gnome.desktop.media-handling automount-open false
 # on grub upgrade, we get prompts unless we do this
 devs=()
 for dev in $(s btrfs fil show /boot | sed -nr 's#.*path\s+(\S+)$#\1#p'); do
-  devs+=($(devbyid $dev),)
+  devs+=("$(devbyid $dev),")
 done
 devs[-1]=${devs[-1]%,} # jonied by commas
 s debconf-set-selections <<EOF
~16k lines of my .bashrc + lots of my configs