bunch of updates and fixes

[distro-setup] / distro-end

diff --git a/distro-end b/distro-end
index 2e6b687a503385cdb9385c49085c8a4f15dce05c..52199b8216d2167f6ee6acd6aa9aa4ff93dadfa1 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -93,7 +93,7 @@ case $distro in
   trisquel|ubuntu)
     # this isn't a complete solution. It still shows me when updates are available,
     # but it's no big deal.
-    s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
+    s rm -f /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
     ;;
 esac
 
@@ -164,7 +164,13 @@ case $HOSTNAME in
   li)
 
     pi bind9
-
+    f=/var/lib/bind/db.b8.nz
+    if [[ ! -e $f ]]; then
+      ser stop bind9
+      rm -f $f.jnl
+      install -m 644 -o bind -g bind /p/c/machine_specific/li/bind-initial/db.b8.nz $f
+      ser restart bind9
+    fi
 
     case $HOSTNAME in
       li) domain=iankelling.org ;;
@@ -187,9 +193,18 @@ export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
 EOF
 
 
-    vpn-server-setup -rd
+    # requested from linode via a support ticket.
+    # https://www.linode.com/docs/networking/an-overview-of-ipv6-on-linode/
+    # ipv6 stuff pieced together
+    # via slightly wrong information from
+    # https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh
+    # https://community.openvpn.net/openvpn/wiki/IPv6
+    # and man openvpn
+
+    vpn-server-setup -rd 2600:3c00:e000:280::1/64 2600:3c00::f03c:91ff:feb4:0bf3
     s tee /etc/openvpn/client-config/mail <<'EOF'
 ifconfig-push 10.8.0.4 255.255.255.0
+ifconfig-ipv6-push 2600:3c00:e000:280::2/64
 EOF
 
     if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
@@ -419,7 +434,7 @@ EOF
 
         s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
 Package: debian-goodies
-Pin: release n=buster
+Pin: release n=etiona
 Pin-Priority: 1005
 EOF
 
@@ -428,32 +443,43 @@ EOF
 Package: *
 Pin: release n=buster
 Pin-Priority: -100
-EOF
 
-        # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
-        s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
-Acquire::AllowInsecureRepositories "true";
+Package: *
+Pin: release n=buster-updates
+Pin-Priority: -100
 EOF
 
-        t=$(mktemp)
-        cat >$t <<EOF
-deb http://http.us.debian.org/debian buster main
-deb-src http://http.us.debian.org/debian buster main
-
-deb http://security.debian.org/ buster/updates main
-deb-src http://security.debian.org/ buster/updates main
+        # dont use buster because it causes dist-upgrade to think its downgrading
+        # packages while really just reinstalling the same version.
+        f=/etc/apt/apt.conf.d/01iank
+        rm -f $f
+#         # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
+#         s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
+# Acquire::AllowInsecureRepositories "true";
+# EOF
 
-deb http://http.us.debian.org/debian buster-updates main
-deb-src http://http.us.debian.org/debian buster-updates main
-EOF
         f=/etc/apt/sources.list.d/buster.list
-        if ! diff -q $t $f; then
-          s cp $t $f
-          s chmod 644 $f
-          p update
-        fi
+        rm -f $f
+#         t=$(mktemp)
+#         cat >$t <<EOF
+# deb http://http.us.debian.org/debian buster main
+# deb-src http://http.us.debian.org/debian buster main
 
-        # newer version needed for false positive in checkrestart
+# deb http://security.debian.org/ buster/updates main
+# deb-src http://security.debian.org/ buster/updates main
+
+# deb http://http.us.debian.org/debian buster-updates main
+# deb-src http://http.us.debian.org/debian buster-updates main
+# EOF
+#         if ! diff -q $t $f; then
+#           s cp $t $f
+#           s chmod 644 $f
+#           p update
+#         fi
+
+        # newer version needed for false positive in checkrestart.
+        # I did buster at first, but other problem above with having
+        # buster repos. not sure if the false positive exists in etiona.
         p install -y --allow-unauthenticated debian-goodies
 
         s dd of=/etc/apt/preferences.d/shellcheck <<EOF
@@ -470,6 +496,20 @@ Pin: release a=etiona-security
 Pin-Priority: 1005
 EOF
 
+        s dd of=/etc/apt/preferences.d/bash <<EOF
+Package: bash
+Pin: release a=etiona
+Pin-Priority: 1005
+
+Package: bash
+Pin: release a=etiona-updates
+Pin-Priority: 1005
+
+Package: bash
+Pin: release a=etiona-security
+Pin-Priority: 1005
+EOF
+
 
         ;;
       *)
@@ -491,13 +531,14 @@ EOF
 
     s dd of=/etc/apt/apt.conf.d/50unattended-upgrades  <<EOF
 # fyi: default file has comments about available options,
-# you may want to read that.
+# you may want to read that, do pkx unattended-upgrades
 Unattended-Upgrade::Mail "root";
 Unattended-Upgrade::MailOnlyOnError "true";
 Unattended-Upgrade::Remove-Unused-Dependencies "true";
 Unattended-Upgrade::Origins-Pattern {
-       # default is just security updates.
-       "origin=*";
+  # default is just security updates. this list found from reading
+  # match_whitelist_string() in `which unattended-upgrades`
+  "o=*,l=*,a=*,c=*,site=*,n=*";
 };
 EOF