various improvements

[distro-setup] / distro-end

diff --git a/distro-end b/distro-end
index 2e6b687a503385cdb9385c49085c8a4f15dce05c..fe3ebcf43b3458ef24a8e0acd561ca7b9882c8ad 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -164,7 +164,13 @@ case $HOSTNAME in
   li)
 
     pi bind9
-
+    f=/var/lib/bind/db.b8.nz
+    if [[ ! -e $f ]]; then
+      ser stop bind9
+      rm -f $f.jnl
+      install -m 644 -o bind -g bind /p/c/machine_specific/li/bind-initial/db.b8.nz $f
+      ser restart bind9
+    fi
 
     case $HOSTNAME in
       li) domain=iankelling.org ;;
@@ -187,9 +193,18 @@ export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
 EOF
 
 
-    vpn-server-setup -rd
+    # requested from linode via a support ticket.
+    # https://www.linode.com/docs/networking/an-overview-of-ipv6-on-linode/
+    # ipv6 stuff pieced together
+    # via slightly wrong information from
+    # https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh
+    # https://community.openvpn.net/openvpn/wiki/IPv6
+    # and man openvpn
+
+    vpn-server-setup -rd 2600:3c00:e000:280::1/64 2600:3c00::f03c:91ff:feb4:0bf3
     s tee /etc/openvpn/client-config/mail <<'EOF'
 ifconfig-push 10.8.0.4 255.255.255.0
+ifconfig-ipv6-push 2600:3c00:e000:280::2/64
 EOF
 
     if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
@@ -491,13 +506,14 @@ EOF
 
     s dd of=/etc/apt/apt.conf.d/50unattended-upgrades  <<EOF
 # fyi: default file has comments about available options,
-# you may want to read that.
+# you may want to read that, do pkx unattended-upgrades
 Unattended-Upgrade::Mail "root";
 Unattended-Upgrade::MailOnlyOnError "true";
 Unattended-Upgrade::Remove-Unused-Dependencies "true";
 Unattended-Upgrade::Origins-Pattern {
-       # default is just security updates.
-       "origin=*";
+  # default is just security updates. this list found from reading
+  # match_whitelist_string() in `which unattended-upgrades`
+  "o=*,l=*,a=*,c=*,site=*,n=*";
 };
 EOF