dry_run=false # mostly for testing
resume_arg=
do_i=true
-do_o=true
+if [[ $HOSTNAME == $MAIL_HOST ]]; then
+ do_o=true
+else
+ do_o=false
+fi
+
+default_args_file=/etc/btrbk-run.conf
+if [[ -r $default_args_file ]]; then
+ set -- $(< $default_args_file) "$@"
+fi
temp=$(getopt -l help hcinoprt: "$@") || usage 1
eval set -- "$temp"
targets=(frodo)
;;
esac
- echo "targets: ${targets[*]}"
fi
+echo "targets: ${targets[*]}"
+
+
# for i, we just do a 1 way sync from master to backup,
# and manually manage any changes to that.
i_possible=false
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-d=/etc/letsencrypt/live/pump.iankelling.org
-if [[ $RENEWED_LINEAGE == $d ]]; then
- install -m 640 -g pumpio $d/{privkey.pem,fullchain.pem} /home/pumpio
-fi
-exit 0
+domain_user=(
+ pump.iankelling.org pumpio
+ mumble.iankelling.org mumble-server
+)
+
+for ((i=0; i<${#domain_user[@]}; i+=2)); do
+ domain=${domain_user[i]}
+ user=${domain_user[i+1]}
+
+ d=/etc/letsencrypt/live/$domain
+ if [[ $RENEWED_LINEAGE == $d ]]; then
+ install -m 640 -g $user $d/{privkey.pem,fullchain.pem} $(eval echo ~$user)
+ exit 0
+ fi
+done
fi
if [[ -e $dir/subdir_files ]]; then
- subdir-link-r $dir/subdir_files
+ m subdir-link-r $dir/subdir_files
fi
local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
(( ${#x[@]} >= 1 )) || continue
case $USER in
ian)
# p needs to go first so .ssh link is created, then config link inside it
- common-file-setup ${all_dirs[@]}
+ m common-file-setup ${all_dirs[@]}
if [[ -d /etc/bind/bind-writable ]]; then
# need bind writable dir for nsupdate, or else we get
# named[20823]: /etc/bind/db.iank.pw.jnl: create: permission denied
- s chgrp bind /etc/bind/bind-writable
+ m s chgrp bind /etc/bind/bind-writable
fi
if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
s chgrp www-data /etc/davpass
fi
- sudo -u traci "$BASH_SOURCE"
+ m sudo -H -u traci "$BASH_SOURCE"
;;
traci)
- common-file-setup ${c_dirs[@]}
+ m common-file-setup ${c_dirs[@]}
;;
*)
echo "$0: error: unexpected user"; exit 1
if isarch; then
pulseaudio --start
fi
+#indicator-kdeconnect
date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log
# already ran for pxe installs, but used for vps & updates
distro=$(distro-name)
case $distro in
- ubuntu|debian)
+ ubuntu|debian|trisquel)
sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-ian"
;;
*)
tu /etc/sudoers <<'EOF'
ian ALL=(ALL) NOPASSWD: ALL
Defaults env_keep += SUDOD
+# makes ubuntu be like debian
+# https://unix.stackexchange.com/a/91572
+Defaults always_set_home
EOF
isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
-if isdebian; then
- codename=$(debian-codename)
+if isdeb; then
if isdebian-stable && has_x; then
+ codename=$(debian-codename)
s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
deb http://mozilla.debian.net/ $codename-backports firefox-release
deb-src http://mozilla.debian.net/ $codename-backports firefox-release
pi $p
fi
;;&
- ubuntu|debian)
+ trisquel|ubuntu|debian)
if has_x; then
- if isdebian-stable; then
- pi xmacro
- else
+ if isdebian-testing; then
pi xmacro/unstable # has no unstable deps
+ else
+ pi xmacro
fi
pi gtk-redshift xinput
fi
fi
;;&
- ubuntu|debian|fedora)
+ ubuntu|trisquel|debian|fedora)
if has_x; then
- if isdebian-stable; then
- pi xkbset
- else
+ if isdebian-testing; then
# xkbset was in testing for quite a while, dunno
# why it\'s not anymore. Sometime I should check and
# see if it\'s back in testing, but the unstable package
# doesn\'t upgrade anything form testing, and it\'s tiny
# so I\'m not bothering to automate it.
pi xkbset/unstable
+ else
+ pi xkbset
fi
fi
;;&
s dd of=/etc/systemd/system/imount.service <<'EOF'
[Unit]
Description=Mount /i and related mountpoints
-RequiredBy=syncthing@ian.service
Before=syncthing@ian.service
[Service]
ExecStart=/root/imount
[Install]
+RequiredBy=syncthing@ian.service
# note /kr needs networking, this target is the simplest way to
# time it when the network should be up, but not do something
# dumb like delay startup until the network is up. It happens
fi
if isubuntu; then
- # disable crash report annoying crap
+ # disable crash report annoying dialogs.
s dd of=/etc/default/apport <<<'enabled=0'
fi
fi
pi dmenu
- if isdeb && (tp || x2); then
- pi task-laptop
+ if tp || x2; then
+ case $distro in
+ debian)
+ pi task-laptop
+ ;;
+ ubuntu|trisquel)
+ # the exact packages that task-laptop would install, since ubuntu
+ # doesn\'t have this virtual in practice package.
+ pi avahi-autoipd bluetooth powertop iw wireless-tools wpasupplicant
+ ;;
+ # todo: other distros unknown
+ esac
fi
fi
cloc
cron
debconf-doc
+ dirmngr
+ dnsutils
+ dtrx
duplicity
eclipse
evince
gcc-doc
gdb
gdb-doc
+ geoip-bin
git-doc
git-email
gitk
glibc-doc
goaccess
gnome-screenshot
+ gnome-session-flashback
i3lock
+ inetutils-traceroute
iproute2-doc
jq
kid3-qt
kid3-cli
linux-doc
locate
+ lshw
make-doc
manpages
manpages-dev
meld
+ mps-youtube
mumble
+ nagstamon
nginx-doc
nmap
offlineimap
perl-doc
pianobar
pidgin
+ pry
+ python-autopep8
python3-doc
python3-mutagen
reportbug
+ $(aptitude show ruby | sed -rn 's/Depends: (.*)/\1/p')-doc
sqlite3-doc
squashfs-tools
swh-plugins
tar-doc
tcpdump
+ telnet
transmission-remote-gtk
vlc
whois
esac
-case $distro in
- debian|ubuntu)
- pi debian-goodies
- ;;
-esac
+if isdeb; then
+ pi debian-goodies
+fi
case $distro in
case $distro in
arch) spa the_silver_searcher ;;
- debian|ubuntu) spa silversearcher-ag ;;
+ debian|ubuntu|trisquel) spa silversearcher-ag ;;
# fedora unknown
esac
case $distro in
- debian|ubuntu) spa ntp;;
+ debian|ubuntu|trisquel) spa ntp;;
arch)
pi ntp
sgo ntpd
# no equivalent in other distros:
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi aptitude
if ! dpkg -s apt-file &>/dev/null; then
# this condition is just a speed optimization
esac
case $distro in
- ubuntu|debian) spa ack-grep ;;
+ ubuntu|trisquel|debian) spa ack-grep ;;
arch|fedora) spa ack ;;
# fedora unknown
esac
case $distro in
- arch|debian|ubuntu)
+ arch|debian|ubuntu|trisquel)
spa bash-completion
;;
# others unknown
s update-rc.d motd disable
fi
;;
- ubuntu)
+ ubuntu|trisquel)
# this isn't a complete solution. It still shows me when updates are available,
# but it's no big deal.
s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header
simple_packages=()
+### begin docker install ####
+# https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
+pi software-properties-common apt-transport-https
+curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
+sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/debian \
+ $(lsb_release -cs) \
+ stable"
+p update
+pi docker-ce
+sgo docker
+### end docker install ####
+
+
case $distro in
debian)
# note, need python-certbot-nginx for nginx, but it depends on nginx,
pi-nostart mumble-server
s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini
+
+ # do certificate to avoid warning about unsigned cert,
+ # which is overkill for my use, but hey, I'm cool, I know
+ # how to do this.
+ web-conf apache2 mumble.iankelling.org
+ s rm -f /etc/apache2/sites-enabled/mumble.iankelling.org
+ sudo -i <<'EOF'
+export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
+/a/bin/distro-setup/certbot-renew-hook
+EOF
+
sgo mumble-server
vpn-server-setup -d
+ tee /etc/openvpn/client-config/mail <<'EOF'
+ifconfig-push 10.8.0.4 255.255.255.0
+EOF
+
sudo dd of=/etc/systemd/system/vpnmail.service <<EOF
[Unit]
domain=cal.iankelling.org
web-conf -f 10.8.0.4:5232 - apache2 $domain <<'EOF'
#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
- <Directory "/var/www/cal.iankelling.org/html">
+# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
+ <Location />
Options +FollowSymLinks +Multiviews +Indexes
AllowOverride None
AuthType basic
# setup one time, with root:www-data, 640
AuthUserFile "/etc/caldav-htpasswd"
Require valid-user
- </Directory>
+ <Location />
EOF
# nginx version of above would be:
# auth_basic "Not currently available";
############# begin setup mastodon ##############
- # https://store.docker.com/editions/community/docker-ce-server-debian?tab=description
- pi software-properties-common apt-transport-https
- curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
- sudo add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/debian \
- $(lsb_release -cs) \
- stable"
- p update
- pi docker-ce
- sgo docker
+ # I'd like to try gnu social just cuz of gnu, but it's not being
+ # well maintained, for example, simple pull requests
+ # languishing:
+ # https://git.gnu.io/gnu/gnu-social/merge_requests/143
+ # and I submitted my own bugs, basic docs are broken
+ # https://git.gnu.io/gnu/gnu-social/issues/269
- curl -L https://github.com/docker/compose/releases/download/1.12.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
- s chmod +x /usr/local/bin/docker-compose
+ # note, docker required, but we installed it earlier
# i subscrubed to https://github.com/docker/compose/releases.atom
- # to deal with updates manually.
+ # to deal with updates manually. So far, it means just reving the
+ # version number, then restarting docker-compose with
+ # cd ~/mastodon
+ # docker-compose up -d
+ curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose
+ s chmod +x /usr/local/bin/docker-compose
+
cd ~
i clone https://github.com/tootsuite/mastodon
cd mastodon
- # https://github.com/tootsuite/mastodon/tree/v1.1.2
# subbed to atom feed to deal with updates
- i co v1.1.2
+ git checkout $(git tag | grep -v rc | tail -n1)
# per instructions, uncomment redis/postgres persistence in docker-compose.yml
sed -i 's/^#//' docker-compose.yml
######### end pump.io periodic backup #############
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# suggests because we want the resolvconf package.
# todo: check other distros to make sure it\'s installed
pi-nostart --install-suggests openvpn
*) pi openvpn;;
esac
-if private-host; then
- vpn-mk-client-cert -n mail li
- cn=$(s openssl x509 -noout -nameopt multiline -subject \
- -in /etc/openvpn/client/mail.crt | \
- sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p')
- echo "ifconfig-push 10.8.0.4 255.255.255.0" | \
- ssh root@li dd of=/etc/openvpn/client-config/"$cn"
-fi
-ser enable mailroute
-if [[ $HOSTNAME == treetowl ]]; then
- # note, this will need to be changed when the mail/contacts host changes
- sgo openvpn-client@mail
- /a/bin/distro-setup/radicale-setup
-fi
+/a/bin/distro-setup/radicale-setup
## android studio setup
# this contains the setting for android sdk to point to
# syncs between comps.
case $distro in
arch) pi syncthing ;;
- ubuntu|debian)
+ ubuntu|trisquel|debian)
# testing has relatively up to date packages
if ! isdebian-testing; then
# based on error when doing apt-get update:
# no equivalent in other distros:
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# for gui bug reporting
spa python-vte
;;
####### misc packages ###########
+# nagstamon setting which were set through the ui
+# in filters tab:
+# all unknown sources
+# all warning services
+# acknowledged hosts & services
+# hosts & services down for maintenence
+# services on down hosts
+# services on hosts in maintenece
+# services on unreachable osts
+# hosts in soft state
+# services in soft state
+# in display tab: icon in systray.
+
+case $distro in
+ debian|ubuntu|trisquel)
+ # it asks if it should make users in it's group capture packets without root,
+ # which is arguably more secure than running wireshark as root. default is no,
+ # which is what i prefer, since I plan to use tcpdump to input to wireshark.
+ s DEBIAN_FRONTEND=noninteractive pi wireshark-gtk
+ ;;
+ # others unknown
+esac
+
+
+case $distro in
+ debian|ubuntu|trisquel)
+ # no recommends because it wanted some other unstable package, something to
+ # do with math or something, which I didn't want to deal with.
+ p -y --no-install-recommends install python3-send2trash/unstable anki/unstable
+ ;;
+ # others unknown
+esac
+
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# note i had to do this, which is persistent:
# cd /i/k
# s chgrp debian-transmission torrents partial-torrents
case $HOSTNAME in
tp|frodo)
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
log=$(mktemp)
cd /a/opt
wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
# In debian, I could use hte recommended driver,
# in arch, I had to pick out the 6L driver.
;;
- debian|ubuntu)
+ debian|ubuntu|trisquel)
spa hplip
;;
# other distros unknown
esac
case $distro in
- fedora|ubuntu|debian) spa gnupg-agent ;;
+ fedora|ubuntu|trisquel|debian) spa gnupg-agent ;;
arch) : ;;
esac
case $distro in
arch) spa ttf-dejavu;;
- debian|ubuntu) spa fonts-dejavu ;;
+ debian|ubuntu|trisquel) spa fonts-dejavu ;;
# others unknown
esac
case $distro in
arch) spa xorg-xev;;
- debian|ubuntu) spa x11-utils ;;
+ debian|ubuntu|trisquel) spa x11-utils ;;
# others unknown
esac
case $distro in
arch) pi virt-install;;&
- debian|ubuntu) pi virtinst ;;&
+ debian|ubuntu|trisquel) pi virtinst ;;&
*) pi virt-manager ;; # creates the libvirt group in debian at least
# others unknown
esac
case $distro in
arch) spa cdrkit;;
- debian|ubuntu) spa genisoimage;;
+ debian|ubuntu|trisquel) spa genisoimage;;
# others unknown
esac
case $distro in
arch) spa spice-gtk3 ;;
- debian|ubuntu) spa spice-client-gtk;;
+ debian|ubuntu|trisquel) spa spice-client-gtk;;
# others unknown
esac
# general known for debian/ubuntu, not for fedora
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi golang-go
# a bit of googling, and added settings to bashrc
go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
case $distro in
- arch|debian|ubuntu) spa pumpa ;;
+ arch|debian|ubuntu|trisquel) spa pumpa ;;
# others unknown. do have a buildscript:
# /a/bin/buildscripts/pumpa ;;
esac
case $distro in
- debian|ubuntu) spa android-tools-adbd/unstable ;;
+ debian) pi adb ;;
+ debian|ubuntu|trisquel) spa android-tools-adbd/unstable ;;
arch) spa android-tools ;;
# other distros unknown
esac
arch)
pi python2-pygments
;;
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi python-pygments
;;
esac
# esac
+
+### kdeconnect for gnome. started in /a/bin/distro-setup/desktop-20-autostart.sh
+pi libgtk-3-dev python3-requests-oauthlib valac cmake python-nautilus
+cd /a/opt/indicator-kdeconnect
+mkdir -p build
+cd build
+cmake .. -DCMAKE_INSTALL_PREFIX=/usr
+make
+sudo make install
+
+
######### end misc packages #########
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
case `debian-archive` in
stable)
s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
#
# # disabled due to my patch being in btrbk
# case $distro in
-# arch|debian|ubuntu) pi btrbk ;;
+# arch|debian|ubuntu|trisquel) pi btrbk ;;
# # others unknown
# esac
cd /a/opt/btrbk
case $distro in
- debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs
+ debian|ubuntu|trisquel) s gpasswd -a ian adm ;; #needed for reading logs
esac
# tor
pi nfs-utils
sgo nfs-server
;;
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi nfs-server
;;
arch)
# persistent virtual machines
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
pi libosinfo-bin;
;;
esac
fi
case $distro in
- debian|ubuntu)
+ debian|ubuntu|trisquel)
# systemd claims it generates units from /etc/init.d, but it
# clearly doesn\'t in debian. I have no idea how they are
# related. fuck debian right now. It\'s not documented. samba
# See the License for the specific language governing permissions and
# limitations under the License.
+case $HOSTNAME in
+ x2|tp) type=laptop ;;
+ treetowl*|iank-dev|frodo) type=kinesis ;;
+esac
+
+
+
+case $1 in
+ l) type=laptop ;;
+ k) type=kinesis ;;
+esac
+
#set -x
mi() {
xinput --get-feedbacks "$1" | grep "threshold"
fi
}
-case $HOSTNAME in
- tp|x2)
- # original saved with: xkbcomp $DISPLAY /a/c/stretch-11-2016.xkb
- xkbcomp /a/c/x2.xkb $DISPLAY
- ;;
- treetowl*|iank-dev|frodo)
+case $type in
+ laptop)
+ # original saved with: xkbcomp $DISPLAY /a/c/stretch-11-2016.xkb
+ xkbcomp /a/c/x2.xkb $DISPLAY
+ xkbset -m # remove mouse keys
+
+ ;;
+ kinesis)
# todo, differentiate for work pc
#/a/bin/radl
if [[ -z $DISPLAY ]]; then
fi
. /a/bin/bash_unpublished/duplicity-gpg-agent-setup
;;
- frodo*)
- ;;
esac
# for desktop and htpc
for port in 25 143; do # smtp and imap.
e iptables -t mangle $iptables_op \
OUTPUT -m tcp -p tcp -m multiport --ports $port -j MARK --set-mark 0x1
+ e iptables -t mangle $iptables_op \
+ OUTPUT -m tcp -p tcp -m multiport --ports $port -j MARK --set-mark 0x0 \
+ -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+# note, we could have used a custom chain and returned instead of setting the mark again.
+ # in case anyone was ever curious, the inverse of private ips is: #0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3
+
done
e iptables -t nat $iptables_op POSTROUTING -o tun0 -m mark --mark 0x1 -j SNAT --to-source 10.8.0.4
e ip rule $ip_op fwmark 1 table 1
# note, this rule does not persist when the tun interface is deleted
e ip route $ip_op default via 10.8.0.1 table 1
-e ip route $ip_op 192.168.1.0/24 via 192.168.1.1 dev br0 table 1
exit 0
# inet_protocols
service postfix restart
-else # exim. has debian specific stuff for now
+else # begin exim. has debian specific stuff for now
+ if [[ -e /p/c/filesystem ]]; then
+ /a/exe/vpn-mk-client-cert -n mail li
+ fi
+
+ cat >/etc/systemd/system/mailroute.service <<'EOF'
+[Unit]
+# this unit is configured to start and stop whenever openvpn-client@mail.service
+# does
+Description=Routing for email vpn
+After=network.target
+BindsTo=openvpn-client@mail.service
+After=openvpn-client@mail.service
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/distro-setup/mail-route start
+ExecStop=/a/bin/distro-setup/mail-route stop
+RemainAfterExit=yes
+
+[Install]
+RequiredBy=openvpn-client@mail.service
+EOF
+
+ cat >/etc/systemd/system/offlineimapsync.timer <<'EOF'
+[Unit]
+Description=Run offlineimap-sync once every 5 mins
+
+[Timer]
+OnCalendar=*:0/5
+
+[Install]
+WantedBy=timers.target
+EOF
+
+ cat >/etc/systemd/system/offlineimapsync.service <<'EOF'
+[Unit]
+Description=Offlineimap sync
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync
+EOF
+ systemctl daemon-reload
+ systemctl enable mailroute
# wording of question from dpkg-reconfigure exim4-config
# 1. internet site; mail is sent and received directly using SMTP
source /a/bin/bash_unpublished/source-semi-priv
exim_main_dir=/etc/exim4/conf.d/main
mkdir -p $exim_main_dir
+
+
if [[ $HOSTNAME == $MAIL_HOST ]]; then
debconf-set-selections <<EOF
LOCAL_DELIVERY = dovecot_lmtp
-# options exim has to avoid altering the default config files
+# options exim has to avoid having to alter the default config files
CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/rcpt_local_acl
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/data_local_acl
EOF
- cat >/etc/systemd/system/offlineimapsync.timer <<'EOF'
-[Unit]
-Description=Run offlineimap-sync once every 5 mins
-
-[Timer]
-OnCalendar=*:0/5
-
-[Install]
-WantedBy=timers.target
-EOF
-
- cat >/etc/systemd/system/offlineimapsync.service <<'EOF'
-[Unit]
-Description=Offlineimap sync
-After=multi-user.target
-
-[Service]
-User=ian
-Type=oneshot
-ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync
-EOF
- systemctl daemon-reload
systemctl enable offlineimapsync.timer
systemctl start offlineimapsync.timer
+ systemctl restart openvpn-client@mail
+ systemctl enable openvpn-client@mail
else # $HOSTNAME != $MAIL_HOST
systemctl disable offlineimapsync.timer &>/dev/null ||:
systemctl stop offlineimapsync.timer &>/dev/null ||:
+ systemctl disable openvpn-client@mail
+ systemctl stop openvpn-client@mail
#
#
# would only exist because I wrote it i the previous condition,
exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail
exim4-config exim4/dc_smarthost string $smarthost
EOF
+
fi # end $HOSTNAME != $MAIL_HOST
# if we already have it installed, need to reconfigure, without being prompted
# just noticed this in the config file, seems like a good idea.
sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin
e 'NICE="--nicelevel 15"' >>/etc/default/spamassassin
+ systemctl start spamassassin
systemctl reload spamassassin
cat >/etc/systemd/system/spamddnsfix.service <<'EOF'
# begin setup passwd.client
f=/etc/exim4/passwd.client
+ rm -f /etc/exim4/passwd.client
install -m 640 -g Debian-exim /dev/null $f
cat /etc/mailpass| while read -r domain port pass; do
# reference: exim4_passwd_client(5)
# put spool dir in directory that spans multiple distros.
# based on http://www.postfix.org/qmgr.8.html and my notes in gnus
+#
+# todo: I'm suspicious of uids for Debian-exim being the same across
+# distros. It would be good to test this.
dir=/nocow/$type
sdir=/var/spool/$type
# we only do this if our system has $dir
--- /dev/null
+#!/bin/bash
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+# based on
+# https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Docker-Guide.md
+
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+
+cd /home/ian/mastodon
+git fetch
+git stash
+git checkout $(git tag | grep -v rc | tail -n1)
+git stash pop
+docker-compose build
+# these 2 may not be needed in all upgrades, but
+# simpler to just do them always.
+docker-compose run --rm web rake db:migrate
+docker-compose run --rm web rake assets:precompile
+# restart the app
+docker-compose up -d
# created password file with:
-# htpasswd -c /etc/nginx/caldav/htpasswd ian
+# htpasswd -c /etc/davpass dav
-# python-dulwich, to track changes with git, per
-# http://radicale.org/user_documentation/#idgit-support
-pi nginx python-dulwich radicale
+pi radicale
# I moved /var/lib/radicale after it's initialization.
# I did a sudo -u radicale git init in the collections subfolder
setini hosts 10.8.0.4:5232 server
sgo radicale
-# davdroid from f-droid. username ian,
+# davdroid from f-droid.
+# login with url and user name
+# username ian,
# url https://cal.iankelling.org
# username ian
+# pass, see password manager
# I disabled power management feature, it's got 240 min sync interval,
# so it shouldn't be bad.
#
# https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
#
# Note, url above says only cayanogenmod 13+ and omnirom can manage groups.
+
+# Note, radicale had built-in git support to track changes, but they
+# removed it in 2.0.
fi
# -t times, so it won't rewrite the file every time,
# -L resolve links
-rsync -rtL $(eval echo ~${SUDO_USER:-$USER})/.ssh/ $dest
+rsync -rtL --delete $(eval echo ~${SUDO_USER:-$USER})/.ssh/ $dest
chown -R root:root /root/.ssh
iankelling.org / git / distro-setup / commitdiff