####### end command line parsing
-if frodo; then
- x=/usr/local/bin/iancryptsetup
- sudo dd of=$x <<'EOF'
-#!/bin/bash -x
-
-# man systemd-cryptsetup-generator
-#man systemd-cryptsetup
-#man systemd-cryptsetup@.service
-
-f=/tmp/iancryptsetup
-ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null \
- -T -i /p/cryptkeyssh/id_rsa ian@treetowl > $f || exit 0
-
-# example of initial setup of a disk
-#disk=/dev/sdg2
-#echo YES|cryptsetup --verbose luksFormat $disk $f
-## copy $f into paste buffer, then enter memorized pass, which we can use
-## This is for the case of ssh not being available
-#cryptsetup --verbose --verify-passphrase luksAddKey $disk
-
-# initial keyfile can be generated like any random pass
-# head -c 200 /dev/urandom | tr -cd '[:alnum:]' | head -c 80 > keyfile
-
-
-data=(
-b1d7f102-c7cd-40a0-bff0-2d498692b5a7 crypta7
-80649f08-1977-441b-ad8f-246931571702 crypt02
-3ae71d1a-dbd5-4cbe-afa2-c7529c0c4d31 crypt31
-bd4bbf8e-35c1-48e5-bb15-106c1b47792b crypt2b
-c061a929-54fe-4a47-939d-c008ba418246 crypt46
-ec709a4b-1ba7-463f-a1cd-841cb40868f0 cryptf0
-b9f2a980-f57c-4c58-9313-055da09d579c crypt9c
-747b9932-aa98-4552-86ab-657d0ccd4fb0 cryptb0
-afb44dd6-28ba-443b-9ca4-34dc2a95a213 crypt13
-)
-for ((i=0; i<${#data[@]}; i+=2)); do
- cryptsetup luksOpen --key-file $f UUID=${data[i]} ${data[i+1]}
-done
-for x in a q /mnt/btrfs_root; do
- mount /$x
-done
-#/a/bin/firefox-link
-exit 0
-EOF
- sudo chmod +x $x
- # todo, it needs to wait for networking
- sudo dd of=/etc/systemd/system/iancrypt.service <<'EOF'
+if encrypted; then
+ # I tried making a service which was dependent on reboot.target,
+ # but it happened too late in the shutdown process.
+ sudo dd of=/etc/systemd/system/keyscripton.service <<'EOF'
[Unit]
-Description=iancrypt
+Description=Turn on automatic decryption of drives on boot
+After=multi-user.target
[Service]
Type=oneshot
-ExecStart=/usr/local/bin/iancryptsetup
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecStop=/a/bin/keyscript-on
[Install]
WantedBy=multi-user.target
EOF
- sudo systemctl enable iancrypt.service
- sudo systemctl restart iancrypt.service
-fi
+ sudo systemctl start keyscripton.service
+ sudo systemctl enable keyscripton.service
+ sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
+[Unit]
+Description=Turn off automatic decryption of drives on boot
+[Service]
+Type=oneshot
+ExecStart=/a/bin/keyscript-off
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ sudo systemctl enable keyscriptoff.service
+ sudo systemctl start keyscriptoff.service
+fi
if iank-dev; then
desktop=$(ssh root@iankelling.org grep desktop /etc/hosts | grep -o "^.* ")
fi
fi
-# example which will be usefull when redoing desktop
-# if x2; then
-# f=/etc/fstab
-# line='/dev/mapper/fedora-a /a btrfs noatime 0 1'
-# if ! grep -Fxq "$line" $f; then
-# echo "$line" | sudo tee -a $f >/dev/null
-# fi
-# if ! mount | grep -q '^/dev/mapper/fedora-a'; then
-# dir=/a
-# sudo mkdir -p $dir
-# sudo chown ian:ian $dir
-# sudo mount $dir
-# fi
-# fi
-
-# set noatime.
-sudo sed -ri '/noatime/!s/(ext[234]|btrfs)[[:space:]]+/\1 noatime,/' /etc/fstab
-sudo sed -ri '/noatime/s/relatime,?|defaults,?//g' /etc/fstab
-
-
# this script has been designed to be idempotent
# todo, it would be nice to cut down on some of the output
-
# output is below so shellcheck can verify sources
for x in /a/bin/bash-programs-by-ian/repos/{errhandle,tee-unique,lnf}/*-function; do
echo "# shellcheck source=$x";
if isdebian; then
# add contrib non-free to sources for main
- s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list
+ s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list.d/*
# non-existent var, as Im not planning to use stable right now
if isdebian-stable; then
code=$(debian-codename)
- s dd of=/etc/apt/sources.list.d/mozilla-iceweasel <<EOF
-deb http://mozilla.debian.net/ $code-backports iceweasel-release
-deb-src http://mozilla.debian.net/ $code-backports iceweasel-release
+ s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
+deb http://mozilla.debian.net/ $code-backports firefox-release
+deb-src http://mozilla.debian.net/ $code-backports firefox-release
EOF
# we change the mirror from the default, so we cant use tu
- s dd of=/etc/apt/sources.list.d/main-backports <<EOF
-deb http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
-deb-src http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
+ s dd of=/etc/apt/sources.list.d/main-backports.list <<EOF
+deb http://http.debian.net/debian $code-backports main contrib non-free
+deb-src http://http.debian.net/debian $code-backports main contrib non-free
EOF
p update
# NOTE: only /a needs to be mounted for creating links!
###########################################
-# todo: this is desktop specific. on work comp, mkdir /p/.editor-backups
# todo: reconcile ~/.ssh/config work/home
+s lnf -T /q/p /p
if has_p; then
lnf -T /p/offlineimap ~/Maildir
lnf -T /p/News ~/News
- s lnf -T /q/p /p
# don't use /* because I don't want to require it to be mounted
s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
/q/root/.ssh /a/opt \
# basic needed packages
case $(distro-name) in
debian)
- pi $( isdebian-stable && e -t $code-backports ) iceweasel
+ pi firefox$( isdebian-stable && e /$code-backports )
# for hosts which require nonfree drivers
case $HOSTNAME in
tp|x2) : ;;
;;&
esac
-pi xbindkeys xkbset cryptsetup unison
+pi xbindkeys xkbset cryptsetup
pi lvm2
# enables trim for volume delete, other rare commands.
s chown root:ian /q
s chmod 755 /q
- if treetowl; then
- # get uuids from blkid and lvdisplay
- # at times Ive done this through the installer. not anymore
- tu /etc/fstab<<'EOF'
-/dev/mapper/cswap1 none swap sw 0 0
-/dev/mapper/q /q ext4 noatime 0 2
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /i btrfs noatime 0 2
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715 /mnt/btrfs_root btrfs noatime,subvolid=0 0 2
-EOF
- s mkdir -p /mnt/btrfs_root
- s dd of=/etc/crypttab <<'EOF'
-# i used to use UUID=<uuid> from cryptsetup luksUUID /dev/mapper/ianvg1-q
-# however, it doesn't work for lvm volumes when opening on the command line,
-# So, just using the thing which works both ways.
-q /dev/mapper/vg_treetowl00-lv01 none luks,discard,noauto
-# based on cryptsetup's README.Debian, and FAQ
-cswap1 /dev/mapper/vg_treetowl00-lv00 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,discard,noearly
-EOF
- s chmod 600 /etc/crypttab
-
- s systemctl daemon-reload
- s systemctl restart systemd-cryptsetup@q.service
- s mount /q
-
- s systemctl restart systemd-cryptsetup@cswap1.service
- # old ways:
- # s update-rc.d cryptdisks enable
-
- # misc notes about when messing around with jessie:
- # # this was useful on debian jessie:
- # systemd-tty-ask-password-agent --query
- # according to the broadcast message
- # jessie also still had /etc/init.d/cryptdisks,
- # which seemed to work only with reload, and it seems deprecated
- # and cryptdisks_start q, also prolly deprecated
-
- fi
-
-
fi
-
-# exptected directory for .editor-backups
-if ! has_p; then
- s lnf /a/p /
-fi
-
/a/bin/conflink
makepkg -si --noconfirm
popd
rm -rf $x
+ pi hunspell hunspell-en
else
# to disable emacs git build,
# s apt-get install emacs
cabal update
PATH="$PATH:$HOME/.cabal/bin"
-# trying out the distro's versions newer distros
-if isdebian-stable || isubuntu; then
- # todo: on ubuntu 12.04, needed to install zlib1g-dev
- cabal install cabal-install
- pu cabal-install
- # just guessed at this after getting /bin/ld cannot find -lHSmtl or something
- t ~/.ghc
-
-
- cabal update
- # todo, work machine required some packages libx11-dev libxrandr-dev libxft2-dev
- cabal install xmonad
- cabal install xmonad-contrib
- # work machine:
- # pi tasksel. select openssh server, basic server, large font selection
-
- #http://comments.gmane.org/gmane.comp.lang.haskell.xmonad/13871
- cat <<'EOF'
-manual steps required:
-xfce, "Session and Startup" > "Application Autostart"
-Add
-Name: xmonad
-Description: xmonad --replace
-Command: delayed-xmonad
-EOF
+# todo, on older ubuntu I used cabal xmonad + xfce,
+# see /a/bin/old-unused/xmonad-cabal.sh
-else
+# trying out the distro's versions newer distros
pi xmonad
if isarch; then
# for displaying error messages.
else
pi suckless-tools
fi
-fi
pi dmenu
if isdeb && (tp || x2); then
bwm-ng
chromium
duplicity
- fail2ban
fdupes
filelight
gdb
####### misc packages ###########
-
case $distro in
# tk for gitk
arch) pi git tk ;;
# others unknown
esac
+case $distro in
+ arch) pi apg ;;
+ # already in debian jessie
+esac
+
######### end misc packages #########
############# end unfinished
+########### misc stuff
+
+if [[ `debian-archive` == stable ]]; then
+ s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
+Explanation: Allow unison-gtk to be upgraded
+Package: unison-gtk
+Pin: release a=unstable
+Pin-Priority: 500
+EOF
+fi
+
case $distro in
arch)
# default is alsa, doesn\'t work with with pianobar
# others unknown
esac
-if [[ $HOSTNAME == treetowl ]]; then
+if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
+ # fail2 ban is broken, with a workaround, per
+ # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
+ # ill wait a while to see if it gets fixed
pi fail2ban
sgo fail2ban
fi
EOF
if isdebian-testing; then
cat <<'EOF'
-# for stable, only do security updates.
+# for testing, only do security updates.
"origin=Debian,codename=${distro_codename},label=Debian-Security";
EOF
+ else
cat <<'EOF'
# These are stable packages only getting bugfixes anyways.
"origin=*";
# but postfix didn't like that
if [[ ! -L /var/spool/postfix ]]; then
ser stop postfix
- if [[ -e /q/postfix ]]; then
+ n=/q/postfix-`distro-name``debian-archive`
+ if [[ -e $n ]]; then
echo "$0: error: /q/postfix exists but not the link to it"
+ exit 1
fi
- s mv /var/spool/postfix /q
- s lnf /q/postfix /var/spool
+ s mv /var/spool/postfix $n
+ s lnf -T $n /var/spool/postfix
ser start postfix
- journalctl -n 20
+ journalctl -n 20 | cat
fi
iankelling.org / git / distro-setup / commitdiff