### end docker install ####
+
### begin certbot install ###
case $distro in
debian)
pi ${p1[@]}
+##### begin automatic upgrades ####
+# this makes it so we upgrade everything
+debconf-set-selections <<'EOF'
+unattended-upgrades unattended-upgrades/origins_pattern string "codename=${distro_codename}";
+EOF
+dpkg-reconfigure -u -fnoninteractive unattended-upgrades
+
+# Setup daily reboots, so all unattended upgrades go into affect
+# unattended upgrades happen at 6 am + rand(60 min).
+echo '20 7 * * * root /usr/local/bin/zelous-unattended-reboot' >/etc/cron.d/unattended-upgrade-reboot
+##### end automatic upgrades ####
+
+
+## prometheus node exporter setup
+web-conf -f 9100 -p 9101 apache2 $(hostname -f) <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
+<Location />
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/prometheus-htpasswd"
+ Require valid-user
+</Location>
+EOF
+
+
# website setup
case $HOSTNAME in
lj|li)
sgo fsf-vpn-dns-cleanup
-case $distro in
- debian)
- pi chromium ;;
- trisquel|ubuntu)
- wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
- t=$(mktemp)
- cat >$t <<EOF
-deb [arch=amd64] https://downloads.iridiumbrowser.de/deb/ stable main
-#deb-src https://downloads.iridiumbrowser.de/deb/ stable main
-EOF
- f=/etc/apt/sources.list.d/iridium-browser.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
- pi iridium-browser
- ;;
-esac
+# website is dead june 14 2019
+s rm -f /etc/apt/sources.list.d/iridium-browser.list
+# case $distro in
+# debian)
+# pi chromium ;;
+# trisquel|ubuntu)
+# wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
+# t=$(mktemp)
+# cat >$t <<EOF
+# deb [arch=amd64] https://downloads.iridiumbrowser.de/deb/ stable main
+# #deb-src https://downloads.iridiumbrowser.de/deb/ stable main
+# EOF
+# f=/etc/apt/sources.list.d/iridium-browser.list
+# if ! diff -q $t $f; then
+# s cp $t $f
+# s chmod 644 $f
+# p update
+# fi
+# pi iridium-browser
+# ;;
+# esac
### begin home vpn server setup
######### end pump.io periodic backup #############
+######### begin irc periodic backup #############
+if [[ $HOSTNAME == frodo ]]; then
+ s dd of=/etc/systemd/system/ircbackup.service <<'EOF'
+[Unit]
+Description=irc li backup
+After=multi-user.target
+
+[Service]
+User=iank
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once irc-backup rsync -rlptDhSAX --delete root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /k/irclogs
+EOF
+ s dd of=/etc/systemd/system/ircbackup.timer <<'EOF'
+[Unit]
+Description=irc li backup hourly
+
+[Timer]
+OnCalendar=hourly
+
+[Install]
+WantedBy=timers.target
+EOF
+ s systemctl daemon-reload
+ sgo ircbackup.timer
+fi
+
+
+######### end irc periodic backup #############
+
+
+# https://github.com/jlebon/textern
+cd /a/opt/textern
+make native-install USER=1
+
case $distro in
debian|trisquel|ubuntu)
# suggests resolvconf package. installing it here is redundant, but make sure anyways.
# sakura config is owned by ian
reset-sakura
reset-konsole
-sudo -u traci -i reset-konsole
-# traci xscreensaver we don't want to reset
+sudo -u user2 -i reset-konsole
+# user2 xscreensaver we don't want to reset
reset-xscreensaver
cd $t
aptitude download debootstrap/xenial
ex *
- ex data.tar.gz
s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
-
;;
+
+ s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
+Package: *
+Pin: release a=etiona
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-security
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-backports
+Pin-Priority: -100
+EOF
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://mirror.fsf.org/trisquel/ etiona main
+deb http://mirror.fsf.org/trisquel/ etiona-updates main
+deb http://archive.trisquel.info/trisquel/ etiona-security main
+deb http://mirror.fsf.org/trisquel/ etiona-backports main
+EOF
+ f=/etc/apt/sources.list.d/etiona.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
esac
# /run and /dev/shm are listed as required for pulseaudio. All 4 in the group
directory=$d
profile=desktop
preserve-environment=true
-users=$USER,traci
+users=$USER,user2
EOF
if [[ -e $d/bin ]]; then
s chroot $d apt-get update
fi
for f in /i/k/partial-torrents /i/k/torrents; do
if [[ -e $f ]]; then
- s chown -R debian-transmission:traci $f
+ s chown -R debian-transmission:user2 $f
fi
done
s chown -R debian-transmission:debian-transmission /var/lib/transmission-daemon
rpc_pass=$(</p/transmission-rpc-pass)
for f in /home/*; do
- d=$f/.config/transmission-remote-gtk
u=${f##*/}
+ if [[ ! $(id -u $u) -ge 1000 ]]; then
+ continue
+ fi
+ d=$f/.config/transmission-remote-gtk
s -u $u mkdir -p $d
s -u $u dd of=$d/config.json <<EOF
{
# allow user to run vms, from debian handbook
-for x in iank traci; do s usermod -a -G libvirt,kvm $x; done
+for x in iank user2; do s usermod -a -G libvirt,kvm $x; done
# bridge networking as user fails. google lead here, but it doesn\'t work:
# oh well, I give up.
# http://wiki.qemu.org/Features-Done/HelperNetworking
case $distro in
arch)
+ pi virt-install
# otherwise we get error about accessing kvm module.
# seems like there might be a better way, but google was a bit vague.
s $sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
- # https://bbs.archlinux.org/viewtopic.php?id=206206
- # # this should prolly go in the wiki
- sgo virtlogd.socket
# guessing this is not needed
#sgo virtlogd.service
- sgo libvirtd
+
+ # iank: disabed as im not using libvirt usually
+ # # https://bbs.archlinux.org/viewtopic.php?id=206206
+ # # # this should prolly go in the wiki
+ # sgo virtlogd.socket
+ # sgo libvirtd
;;
+ debian|trisquel|ubuntu)
+ pi-nostart virtinst virt-manager
+ ;;
+
esac
/a/bin/distro-setup/mymimes
+sgo dynamicipupdate
+
+
# stop autopoping windows when i plug in an android phone.
# dbus-launch makes this work within an ssh connection, otherwise you get this message,
# with still 0 exit code.
iankelling.org / git / distro-setup / blobdiff