Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Origins-Pattern {
# default is just security updates. this list found from reading
- # match_whitelist_string() in `which unattended-upgrades`
+ # match_whitelist_string() in $(which unattended-upgrades)
"o=*,l=*,a=*,c=*,site=*,n=*";
};
EOF
###### begin website setup
case $HOSTNAME in
li|l2)
+ pi bind9
f=/var/lib/bind/db.b8.nz
if [[ ! -e $f ]]; then
ser stop bind9
fi
;;&
l2)
+ # setup let's encrypt cert
+ m web-conf apache2 l2.b8.nz
+ s rm -fv /etc/apache2/sites-enabled/l2.b8.nz{,-redir}.conf
+ ser reload apache2
+ s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt
+ if [[ ! -L /etc/exim4/exim.key ]]; then
+ s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key
+ mail-setup
+ fi
end
;;
li)
case $HOSTNAME in
- li) domain=iankelling.org ;;
+ li)
+ m /a/h/setup.sh iankelling.org
+ ;;
+ *)
+ # allow symlinks on other hosts so i can host files in arbitrary paths
+ m /a/h/setup.sh -s
+ ;;
esac
- m /a/h/setup.sh $domain
m /a/h/build.rb
# start mumble only when im going to use it, since i dont use it much
s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
s chmod 700 /var/lib/znc
s chown -R znc:znc /var/lib/znc
- sd /etc/systemd/system/znc.service 2>/dev/null <<'EOF'
-[Unit]
-Description=ZNC, an advanced IRC bouncer
-After=network-online.target
-
-[Service]
-ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
-User=znc
-
-[Install]
-WantedBy=multi-user.target
-EOF
- ser daemon-reload
- # avoid restarting if possible, reconnecting to irc is annoying.
+ # Avoid restarting if possible, reconnecting to irc is annoying.
+ # The unit file was made active with conflink.
if [[ $(ser is-active znc) != active ]]; then
m sgo znc
fi
####### begin transmission
+case $HOSTNAME in
+ frodo)
+ tdir=/i/k
+ ;;
+ *)
+ tdir=/nocow/user
+ ;;
+esac
+
# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
# 450 seems likely to be unused. we need to specify one or else
# it won't be stable across installs.
# plus a simple symlink to the config file which it\'s
# not worth separating out.
# between comps, the uid can change
-f=/i/transmission-daemon
+f=$tdir/transmission-daemon
+mkdir -p $f
s lnf -T $f /var/lib/transmission-daemon/.config/transmission-daemon
-if [[ -e $f ]]; then
- s chown -R debian-transmission:debian-transmission $f
-fi
-for f in /i/k/partial-torrents /i/k/torrents; do
+s lnf -T /etc/transmission-daemon/settings.json $f/settings.json
+s chown -R debian-transmission:debian-transmission $f
+for f in $tdir/partial-torrents $tdir/torrents; do
if [[ -e $f ]]; then
s chown -R debian-transmission:user2 $f
fi
#
# Changed the cache-size to 256 mb, reduces disk use.
# It is a read & write cache.
-#
-s ruby <<'EOF'
+s ruby <<EOF
require 'json'
p = '/etc/transmission-daemon/settings.json'
File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
'rpc-whitelist-enabled' => false,
'rpc-authentication-required' => false,
-'incomplete-dir' => '/i/k/partial-torrents',
+'incomplete-dir' => '$tdir/partial-torrents',
'incomplete-dir-enabled' => true,
-'download-dir' => '/i/k/torrents',
+'download-dir' => '$tdir/torrents',
"speed-limit-up" => 800,
"speed-limit-up-enabled" => true,
"peer-port" => 61486,
s -u $u dd of=$d/config.json <<EOF
{
"profiles" : [
- {
+ {
"profile-name" : "Default",
"hostname" : "transmission.b8.nz",
+
"rpc-url-path" : "/transmission/rpc",
"username" : "",
"password" : "$rpc_pass",
"update-interval" : 3,
"min-update-interval" : 3,
"session-update-interval" : 60,
- "exec-commands" : [
- ],
- "destinations" : [
- ]
- }
+ "exec-commands" : [],
+ "destinations" : []
+ },
+ {
+ "profile-name" : "local",
+ "hostname" : "10.173.0.2",
+
+ "username" : "",
+ "password" : "$rpc_pass",
+ "auto-connect" : true,
+ "ssl" : false,
+ "timeout" : 40,
+ "retries" : 3,
+ "update-active-only" : false,
+ "activeonly-fullsync-enabled" : false,
+ "activeonly-fullsync-every" : 2,
+ "update-interval" : 3,
+ "min-update-interval" : 3,
+ "session-update-interval" : 60,
+ "exec-commands" : [],
+ "destinations" : []
+ }
],
"profile-id" : 0,
"add-options-dialog" : false
f=/etc/NetworkManager/NetworkManager.conf
m=$(md5sum $f)
s sed -ri '/ *\[main\]/,/^ *\[[^]]+\]/{/^\s*dns[[:space:]=]/d}' $f
+s sed -ri '/ *\[main\]/a dns=default' $f
if [[ $m != $(md5sum $f) ]]; then
srestart NetworkManager
fi
# then based on whats in /run/dnsmasq/, i see we can run
# s resolvconf -d NetworkManager
# oh ya, and stoping NetworkManager leaves this crap behind without cleaning it up.
-ser stop NetworkManager
ser disable NetworkManager