X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=distro-end;h=f8419aa886069d35d5760902ceecf542cbd53ab5;hp=87a54e3af75a4bd81230f907fd3f61924b60f267;hb=32a1673064cfd9eaa165b4ea62fa416f02f3dfd2;hpb=4d0dc703ef2e62cd16ea84f27456f6f50f74baa3

diff --git a/distro-end b/distro-end
index 87a54e3..f8419aa 100755
--- a/distro-end
+++ b/distro-end
@@ -382,7 +382,7 @@ Unattended-Upgrade::MailOnlyOnError "true";
 Unattended-Upgrade::Remove-Unused-Dependencies "true";
 Unattended-Upgrade::Origins-Pattern {
   # default is just security updates. this list found from reading
-  # match_whitelist_string() in `which unattended-upgrades`
+  # match_whitelist_string() in $(which unattended-upgrades)
   "o=*,l=*,a=*,c=*,site=*,n=*";
 };
 EOF
@@ -408,6 +408,7 @@ EOF
 ###### begin website setup
 case $HOSTNAME in
   li|l2)
+    pi bind9
     f=/var/lib/bind/db.b8.nz
     if [[ ! -e $f ]]; then
       ser stop bind9
@@ -417,14 +418,28 @@ case $HOSTNAME in
     fi
     ;;&
   l2)
+    # setup let's encrypt cert
+    m web-conf apache2 l2.b8.nz
+    s rm -fv /etc/apache2/sites-enabled/l2.b8.nz{,-redir}.conf
+    ser reload apache2
+    s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt
+    if [[ ! -L /etc/exim4/exim.key ]]; then
+      s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key
+      mail-setup
+    fi
     end
     ;;
   li)
 
     case $HOSTNAME in
-      li) domain=iankelling.org ;;
+      li)
+        m /a/h/setup.sh iankelling.org
+        ;;
+      *)
+        # allow symlinks on other hosts so i can host files in arbitrary paths
+        m /a/h/setup.sh -s
+        ;;
     esac
-    m /a/h/setup.sh $domain
     m /a/h/build.rb
 
     # start mumble only when im going to use it, since i dont use it much
@@ -553,20 +568,8 @@ EOF
     s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
     s chmod 700 /var/lib/znc
     s chown -R znc:znc /var/lib/znc
-    sd /etc/systemd/system/znc.service 2>/dev/null <<'EOF'
-[Unit]
-Description=ZNC, an advanced IRC bouncer
-After=network-online.target
-
-[Service]
-ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
-User=znc
-
-[Install]
-WantedBy=multi-user.target
-EOF
-    ser daemon-reload
-    # avoid restarting if possible, reconnecting to irc is annoying.
+    # Avoid restarting if possible, reconnecting to irc is annoying.
+    # The unit file was made active with conflink.
     if [[ $(ser is-active znc) != active ]]; then
       m sgo znc
     fi
@@ -1029,6 +1032,15 @@ pi anki
 
 ####### begin transmission
 
+case $HOSTNAME in
+  frodo)
+    tdir=/i/k
+    ;;
+  *)
+    tdir=/nocow/user
+    ;;
+esac
+
 # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
 # 450 seems likely to be unused. we need to specify one or else
 # it won't be stable across installs.
@@ -1073,12 +1085,12 @@ ser stop transmission-daemon
 # plus a simple symlink to the config file which it\'s
 # not worth separating out.
 # between comps, the uid can change
-f=/i/transmission-daemon
+f=$tdir/transmission-daemon
+mkdir -p $f
 s lnf -T $f /var/lib/transmission-daemon/.config/transmission-daemon
-if [[ -e $f ]]; then
-  s chown -R debian-transmission:debian-transmission $f
-fi
-for f in /i/k/partial-torrents /i/k/torrents; do
+s lnf -T /etc/transmission-daemon/settings.json $f/settings.json
+s chown -R debian-transmission:debian-transmission $f
+for f in $tdir/partial-torrents $tdir/torrents; do
   if [[ -e $f ]]; then
     s chown -R debian-transmission:user2 $f
   fi
@@ -1095,16 +1107,15 @@ s chown -R debian-transmission:debian-transmission /var/lib/transmission-daemon
 #
 # Changed the cache-size to 256 mb, reduces disk use.
 # It is a read & write cache.
-#
-s ruby <<'EOF'
+s ruby <<EOF
 require 'json'
 p = '/etc/transmission-daemon/settings.json'
 File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
 'rpc-whitelist-enabled' => false,
 'rpc-authentication-required' => false,
-'incomplete-dir' => '/i/k/partial-torrents',
+'incomplete-dir' => '$tdir/partial-torrents',
 'incomplete-dir-enabled' => true,
-'download-dir' => '/i/k/torrents',
+'download-dir' => '$tdir/torrents',
 "speed-limit-up" => 800,
 "speed-limit-up-enabled" => true,
 "peer-port" => 61486,
@@ -1188,9 +1199,10 @@ EOF
     s -u $u dd of=$d/config.json <<EOF
 {
   "profiles" : [
-    {
+      {
       "profile-name" : "Default",
       "hostname" : "transmission.b8.nz",
+
       "rpc-url-path" : "/transmission/rpc",
       "username" : "",
       "password" : "$rpc_pass",
@@ -1204,11 +1216,28 @@ EOF
       "update-interval" : 3,
       "min-update-interval" : 3,
       "session-update-interval" : 60,
-      "exec-commands" : [
-      ],
-      "destinations" : [
-      ]
-    }
+      "exec-commands" : [],
+      "destinations" : []
+      },
+      {
+      "profile-name" : "local",
+      "hostname" : "10.173.0.2",
+
+      "username" : "",
+      "password" : "$rpc_pass",
+      "auto-connect" : true,
+      "ssl" : false,
+      "timeout" : 40,
+      "retries" : 3,
+      "update-active-only" : false,
+      "activeonly-fullsync-enabled" : false,
+      "activeonly-fullsync-every" : 2,
+      "update-interval" : 3,
+      "min-update-interval" : 3,
+      "session-update-interval" : 60,
+      "exec-commands" : [],
+      "destinations" : []
+      }
   ],
   "profile-id" : 0,
   "add-options-dialog" : false
@@ -1327,6 +1356,7 @@ DEVICESCAN -a -o on -S on -n standby,q $sched \
 f=/etc/NetworkManager/NetworkManager.conf
 m=$(md5sum $f)
 s sed -ri '/ *\[main\]/,/^ *\[[^]]+\]/{/^\s*dns[[:space:]=]/d}' $f
+s sed -ri '/ *\[main\]/a dns=default' $f
 if [[ $m != $(md5sum $f) ]]; then
   srestart NetworkManager
 fi
@@ -1416,7 +1446,6 @@ pi-nostart nfs-kernel-server
 # then based on whats in /run/dnsmasq/, i see we can run
 # s resolvconf -d NetworkManager
 # oh ya, and stoping NetworkManager leaves this crap behind without cleaning it up.
-ser stop NetworkManager
 ser disable NetworkManager