exec &> >(sudo tee -a /var/log/distro-end)
echo "$0: $(date): starting now)"
# see example of usage to understand.
exec &> >(sudo tee -a /var/log/distro-end)
echo "$0: $(date): starting now)"
# see example of usage to understand.
# no equivalent in other distros:
if isdeb && pcheck apt-file; then
# this condition is just a speed optimization
# no equivalent in other distros:
if isdeb && pcheck apt-file; then
# this condition is just a speed optimization
# i'd rather disable the service than comment the init file
# this says disabling the service, it will still get restarted
# but this script doesn't do anything on restart, so it should be fine
# i'd rather disable the service than comment the init file
# this says disabling the service, it will still get restarted
# but this script doesn't do anything on restart, so it should be fine
l="deb http://ppa.launchpad.net/certbot/certbot/ubuntu xenial main"
if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then
s add-apt-repository -y ppa:certbot/certbot ||:
l="deb http://ppa.launchpad.net/certbot/certbot/ubuntu xenial main"
if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then
s add-apt-repository -y ppa:certbot/certbot ||:
s,^Description.*,\0 mail version,
EOF
s,^Description.*,\0 mail version,
EOF
s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
EOF
ser daemon-reload
s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
EOF
ser daemon-reload
# needed for debootstrap scripts for fai since fai requires debian
flidas)
curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
# needed for debootstrap scripts for fai since fai requires debian
flidas)
curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
deb http://us.archive.ubuntu.com/ubuntu/ xenial main
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
EOF
deb http://us.archive.ubuntu.com/ubuntu/ xenial main
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
EOF
- s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
- s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
+ if ! apt-key list | grep /C0B21F32 &>/dev/null; then
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ sd /etc/apt/preferences.d/flidas-bionic <<EOF
# better to run btrfs-progs which matches our kernel version
# (note, renamed from btrfs-tools)
# better to run btrfs-progs which matches our kernel version
# (note, renamed from btrfs-tools)
fi
# no special reason, but its better for btrfs-progs to
# be closer to our kernel version
pi btrfs-progs
fi
# no special reason, but its better for btrfs-progs to
# be closer to our kernel version
pi btrfs-progs
- t=$(mktemp -d)
- cd $t
- aptitude download debootstrap/xenial
- ex ./*
- s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+ if [[ ! -e /usr/share/debootstrap/scripts/xenial ]]; then
+ t=$(mktemp -d)
+ cd $t
+ m aptitude download debootstrap/xenial
+ m ex ./*
+ s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+ fi
# dont use buster because it causes dist-upgrade to think its downgrading
# packages while really just reinstalling the same version.
f=/etc/apt/apt.conf.d/01iank
# dont use buster because it causes dist-upgrade to think its downgrading
# packages while really just reinstalling the same version.
f=/etc/apt/apt.conf.d/01iank
# newer version needed for false positive in checkrestart.
# I did buster at first, but other problem above with having
# buster repos. not sure if the false positive exists in etiona.
# newer version needed for false positive in checkrestart.
# I did buster at first, but other problem above with having
# buster repos. not sure if the false positive exists in etiona.
######### end flidas pinned packages ######
##### begin automatic upgrades (after checkrestart has been installed) ####
######### end flidas pinned packages ######
##### begin automatic upgrades (after checkrestart has been installed) ####
# this file was mostly just comments.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
# this file was mostly just comments.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
# fyi: default file has comments about available options,
# you may want to read that, do pkx unattended-upgrades
Unattended-Upgrade::Mail "root";
# fyi: default file has comments about available options,
# you may want to read that, do pkx unattended-upgrades
Unattended-Upgrade::Mail "root";
# Setup reboots when running outdated stuff, unattended upgrades happen
# at 6 am + rand(60 min).
20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
# Setup reboots when running outdated stuff, unattended upgrades happen
# at 6 am + rand(60 min).
20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
# do certificate to avoid warning about unsigned cert,
# which is overkill for my use, but hey, I'm cool, I know
# how to do this.
# do certificate to avoid warning about unsigned cert,
# which is overkill for my use, but hey, I'm cool, I know
# how to do this.
export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
/a/bin/distro-setup/certbot-renew-hook
EOF
export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org
/a/bin/distro-setup/certbot-renew-hook
EOF
s tee /etc/openvpn/client-config/mail <<'EOF'
ifconfig-push 10.8.0.4 255.255.255.0
ifconfig-ipv6-push 2600:3c00:e000:280::2/64
s tee /etc/openvpn/client-config/mail <<'EOF'
ifconfig-push 10.8.0.4 255.255.255.0
ifconfig-ipv6-push 2600:3c00:e000:280::2/64
- web-conf apache2 mail.iankelling.org
- s rm /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
+ m web-conf apache2 mail.iankelling.org
+ s rm -fv /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
s chmod 700 /var/lib/znc
s chown -R znc:znc /var/lib/znc
s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
s chmod 700 /var/lib/znc
s chown -R znc:znc /var/lib/znc
[Unit]
Description=ZNC, an advanced IRC bouncer
After=network-online.target
[Unit]
Description=ZNC, an advanced IRC bouncer
After=network-online.target
s tee -a /etc/openvpn/server/server.conf <<'EOF'
push "dhcp-option DNS 10.0.0.1"
push "route 10.0.0.0 255.255.0.0"
s tee -a /etc/openvpn/server/server.conf <<'EOF'
push "dhcp-option DNS 10.0.0.1"
push "route 10.0.0.0 255.255.0.0"
# we pass options to use different location.
ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run
EOF
# we pass options to use different location.
ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run
EOF
fi
######### end pump.io periodic backup #############
######### begin irc periodic backup #############
if [[ $HOSTNAME == frodo ]]; then
fi
######### end pump.io periodic backup #############
######### begin irc periodic backup #############
if [[ $HOSTNAME == frodo ]]; then
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
s="deb http://apt.syncthing.net/ syncthing release"
if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != "$s" ]]; then
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
s="deb http://apt.syncthing.net/ syncthing release"
if [[ $(cat /etc/apt/sources.list.d/syncthing.list) != "$s" ]]; then
# these things persist in ~/.config/syncthing, which I save in
# /w/syncthing (not in /p, because syncthing should continue to
# these things persist in ~/.config/syncthing, which I save in
# /w/syncthing (not in /p, because syncthing should continue to
# this would install from cabal for newer / consistent version across os, but it screws up xmonad, so disabled for now.
# this would install from cabal for newer / consistent version across os, but it screws up xmonad, so disabled for now.
# also, i assume syncing this between machines somehow messed thin
#lnf -T /m/arbtt-capture.log ~/.arbtt/capture.log
# also, i assume syncing this between machines somehow messed thin
#lnf -T /m/arbtt-capture.log ~/.arbtt/capture.log
# this guesses at the appropriate directory, adjust if needed
perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
# this guesses at the appropriate directory, adjust if needed
perldir=(/usr/lib/x86_64-linux-gnu/perl/5.*)
# newer distro had gpg2 as default, older one, flidas, need to make it that way
gpgpath=$(which gpg2)
if [[ $x ]]; then
# newer distro had gpg2 as default, older one, flidas, need to make it that way
gpgpath=$(which gpg2)
if [[ $x ]]; then
# also built latest arduino in /a/opt/Arduino, (just cd build; ant build; ant run )
# set arduino var in bashrc,
# have system config file setup too.
# also built latest arduino in /a/opt/Arduino, (just cd build; ant build; ant run )
# set arduino var in bashrc,
# have system config file setup too.
# this is for the mail command too. update-alternatives is kind of misleading
# since at least it's main commands pretend mail does not exist.
# this is for the mail command too. update-alternatives is kind of misleading
# since at least it's main commands pretend mail does not exist.
# stop autopoping windows when i plug in an android phone.
# dbus-launch makes this work within an ssh connection, otherwise you get this message,
# with still 0 exit code.
# dconf-WARNING **: failed to commit changes to dconf: Cannot autolaunch D-Bus without X11 $DISPLAY
# stop autopoping windows when i plug in an android phone.
# dbus-launch makes this work within an ssh connection, otherwise you get this message,
# with still 0 exit code.
# dconf-WARNING **: failed to commit changes to dconf: Cannot autolaunch D-Bus without X11 $DISPLAY
# networkmanager has this nasty behavior on flidas: if the machine
# crashes with dnsmasq running, on subsequent boot, it adds an entry to
# networkmanager has this nasty behavior on flidas: if the machine
# crashes with dnsmasq running, on subsequent boot, it adds an entry to