case $1 in
-c) conf_only=true; shift ;;
-n) dry_run=true; dry_run_arg=-n; shift ;;
+ # btrbk arg: Resume only. Skips snapshot creation.
-r) resume_arg=-r; shift ;;
-t) IFS=, targets=($2); shift 2 ;;
-h|--help) usage ;;
rsync-dirs() {
local host=$1
local path=$2
- rsync $dry_run_arg -ahi --relative --delete "$path" "root@$host:/"
+ m rsync $dry_run_arg -ahi --relative --delete "$path" "root@$host:/"
}
vol-conf() {
target send-receive ssh://$tg$vol/btrbk
EOF
}
-
+m() { printf "%s\n" "$*"; "$@"; }
if ! which btrbk &>/dev/null; then
echo "$0: error: no btrbk binary found"
fi
+if [[ $- == *i* ]]; then
+ progress_arg=--progress
+fi
+
cat >/etc/btrbk.conf <<'EOF'
ssh_identity /root/.ssh/id_rsa
+# Just a guess that local7 is a good facility to pick.
+# It's a bit odd that the transaction log has to be logged to
+# a file or syslog, while other output is sent to std out.
+# The man does not mention a way for them to be together, but
+# I dunno if setting a log level like warn might also output
+# transaction info.
+transaction_syslog local7
# so we only run one at a time
lockfile /var/lock/btrbk.lock
# note q is owned by root:1000
# note p is owned 1000:1000 and chmod 700
-mountpoints=(/q)
-if awk '{print $2}' /etc/fstab | grep -xF /p &>/dev/null; then
- mountpoints+=(/p)
+mountpoints=(/a)
+qmnt=/q
+if awk '{print $2}' /etc/fstab | grep -xF $qmnt &>/dev/null; then
+ mountpoints+=($qmnt)
fi
# if our mountpoints are from stale snapshots,
fi
if $dry_run; then
- btrbk -n $resume_arg run
+ m btrbk -n $resume_arg run
else
# -q and just using the syslog option seemed nice,
# but it doesn't show when a send has a parent and when it doesn't.
- btrbk $resume_arg run
+ m btrbk $progress_arg $resume_arg run
fi
# if we have /p, rsync to targets without /p
fi
if ! $dry_run; then
- $script_dir/mount-latest-remote ${targets[@]}
+ m $script_dir/mount-latest-remote ${targets[@]}
fi
simple_packages+=($@)
}
+
distro=$(distro-name)
pending_reboot=false
# universal packages
# swh-plugins is for karaoke pulsaudio filter.
# mutagen for pithos
- # lib32stdc++6/default-jdk for android studio
- # android site says it needs a bunch of packages for ubuntu,
- # but I googled for debian, and someone says you just need one, plus the
- # jdk
- # https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
- # see w.org for more android studio details
- #
simple_packages+=(
apache2
bwm-ng
chromium
- default-jdk
+ debconf-doc
duplicity
+ eclipse
evince
fdupes
filelight
+ gcc-doc
gdb
gitk
goaccess
gnome-screenshot
+ i3lock
jq
locate
- lib32stdc++6
manpages
+ manpages-dev
meld
nmap
offlineimap
pianobar
pidgin
python3-mutagen
- slock
squashfs-tools
swh-plugins
tcpdump
########### end section including li/lj ###############
+
+## android studio setup
+# this contains the setting for android sdk to point to
+# /a/opt/androidsdk, which is asked upon first run
+lnf /a/opt/.AndroidStudio2.2 ~
+# android site says it needs a bunch of packages for ubuntu,
+# but I googled for debian, and someone says you just need lib32stdc++6 plus the
+# jdk
+# https://pid7007blog.blogspot.com/2015/07/installing-android-studio-in-debian-8.html
+# see w.org for more android studio details
+spa lib32stdc++6 default-jdk
+
+
if [[ $HOSTNAME == frodo ]]; then
case $distro in
ubunut|debian)
####### misc packages ###########
-
if [[ $HOSTNAME == treetowl ]]; then
case $distro in
debian|ubuntu)
# some reason it doesn't seem to start automatically anyways
pi-nostart transmission-daemon
+ #
# config file documented here, and it's the same config
# for daemon vs client, so it's documented in the gui.
# https://trac.transmissionbt.com/wiki/EditConfigFiles#Options
+ #
+ # I originaly setup rpc-whitelist, but after using
+ # routing to a network namespace, it doesn't see the
+ # real source address, so it's disabled.
+ # todo: setup a password.
s ruby <<'EOF'
require 'json'
p = '/etc/transmission-daemon/settings.json'
File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
-'rpc-whitelist' => '127.0.0.1,192.168.1.*',
+'rpc-whitelist-enabled' => false,
'rpc-authentication-required' => false,
-'incomplete-dir' => '/i/k/partial-torrents',
+'incomplete-dir' => '/k/partial-torrents',
+'incomplete-dir-enabled' => true,
'download-dir' => '/i/k/torrents',
"speed-limit-up" => 700,
"speed-limit-up-enabled" => true,
+"peer-port" => 61486,
"ratio-limit" => 1.4000,
-"ratio-limit-enabled" => true,
+"ratio-limit-enabled" => false,
+"pidfile": "/var/lib/transmission-daemon/transmission-daemon.pid",
})) + "\n")
EOF
- sgo transmission-daemon
- ;;
- arch)
- # todo, setup it's config file & daemon
- pi transmission-cli
+
+ # make sure its not enabled, not sure if this is needed
+ ser disable transmission-daemon
+ sgo transmission-daemon-nn
;;
+ # todo: others unknown
esac
fi
case $distro in
debian|ubuntu)
- pi-nostart openvpn
+ # suggests because we want the resolvconf package.
+ # todo: check other distros to make sure it's installed
+ pi-nostart --install-suggests openvpn
# pi-nostart this doesnt seem to be good enough?
ser disable openvpn@client
ser disable openvpn
;;
- # suggests because we want the resolvconf package
- *) pi --install-suggests openvpn;;
+ *) pi openvpn;;
esac
pi wget
spa bitcoin-qt/unstable
fi
;;
+ s cp /a/opt/bitcoin/contrib/init/bitcoind.service /usr/lib/systemd/system
+ ser daemon-reload
+ sgo bitcoind
+
+ s mkdir -p $dir
+ s touch $f
+ s chmod -R o-rwx $dir
+ s chown -R bitcoin:bitcoin $dir
+ s dd of=$f <<EOF
+rpcbind=127.0.0.1
+server=1
+rpcpassword=$(openssl rand -base64 32)
+rpcuser=$(openssl rand -base64 32)
+
+# Joinmarket
+walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
+alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
+EOF
# other distros unknown
esac
+if [[ $HOSTNAME == treetowl ]]; then
+ # dunno about sharing a wallet between multiple instances
+
+ sgo bitcoind
+fi
+
+
# proprietary flash. going without for now
if [[ $HOSTNAME == treetowl ]] && ! sudo test -e /etc/openvpn/client.key; then
/a/bin/vpn-setup/vpn-mk-client-cert dopub
+ # route lan traffic from inside the network namespace.
+ tu /etc/openvpn/client.conf "route 192.168.1.0 255.255.255.0 net_gateway"
fi
;;
esac
-# note, for jessie, it depends on a higher version of btrfs-tools
+# note, for jessie, it depends on a higher version of btrfs-tools.
+#
+# # disabled due to my patch being in btrbk
# case $distro in
# arch|debian|ubuntu) pi btrbk ;;
# # others unknown
# esac
cd /a/opt/btrbk
s make install
+spa pv # for progress bar when running interactively.
+if [[ $HOSTNAME == treetowl ]]; then
+ # backup/sync manually on others hosts for now.
+ sgo btrbk.timer
+ # note: to see when it was last run,
+ # ser list-timers
+fi
if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
# fail2 ban is broken, with a workaround, per
e() { printf "%s\n" "$*"; "$@"; }
mnt() {
dir=$1
- if ! mountpoint $dir >/dev/null; then
+ if ! mountpoint $dir &>/dev/null; then
mkdir -p $dir
e mount $dir
fi
first_root_crypt=$(awk '$2 == "/" {print $1}' /etc/mtab)
tu /etc/fstab <<EOF
-$first_root_crypt /q btrfs noatime,subvol=q 0 0
-/q/a /a none bind 0 0
+$first_root_crypt /a btrfs noatime,subvol=a 0 0
EOF
case $HOSTNAME in
treetowl|x2|frodo)
tu /etc/fstab <<EOF
-$first_root_crypt /p btrfs noatime,subvol=p 0 0
+$first_root_crypt /q btrfs noatime,subvol=q 0 0
+/q/p /p none bind 0 0
EOF
;;
esac
-for vol in q p; do
+for vol in q a; do
d=/$vol
if ! awk '{print $2}' /etc/fstab | grep -xF $d &>/dev/null; then
continue
while true; do
new_roots=()
for r in ${roots[@]}; do
- # /q/a /a none bind 0 0
+ # example
+ # /q/p /p none bind 0 0
new_roots+=($(sed -rn "s#^$r/\S+\s+(\S+)\s+none\s+bind\s.*#\1#p" /etc/fstab))
done
(( ${#new_roots} )) || break
cryptdisks_start crypt_dev_$dev
fi
done
-else
- tu /etc/fstab <<'EOF'
-/q/i /i none bind,noauto 0 0
-EOF
+ # note, could do an else here and have some kind of mount for /i
+ # on other hosts.
fi
exit $ret
iankelling.org / git / distro-setup / commitdiff