# service that happens late in the game.
After=postfix.service
DefaultDependencies=no
+# not sure if needed, makes sure we shut down before reboot.target
Conflicts=reboot.target
[Service]
if isfedora; then
# comment out line disallowing calling sudo in scripts
- sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
+ sudo sed -i --follow-symlinks 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
# turn on magic sysrq commands for this boot cycle
echo 1 > sudo dd of=/proc/sys/kernel/sysrq
# selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work
# and you have no idea why.
- sudo sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
+ sudo sed -i --follow-symlinks 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config
selinuxenabled && sudo setenforce 0
fi
}
aurpi cower pacaur
- # for aur, automatically dl & add gpg keys.
- # Just the keyserver-options line goes in dirmngr.conf once
- # this bug is fixed: https://bugs.gnupg.org/gnupg/issue2147
- for homedir in /home/*; do
- # this creates ~/.gnupg. addgnupghome is kinda broken on arch.
- HOME=$homedir gpg -k
- teeu $homedir/.gnupg/gpg.conf <<EOF
-$(grep -o '^ *keyserver .*' $homedir/.gnupg/dirmngr.conf)
-keyserver-options auto-key-retrieve
-EOF
- done
pi pacserve
x=$(mktemp); /a/opt/pacman.conf-insert_pacserve >$x
sudo dd of=/etc/pacman.conf if=$x; rm $x
/a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root
d=/q/p/c/machine_specific/$HOSTNAME/.unison
-if ! s test -L /root/.unison && [[ ! $(s find /root/.unison -prune -empty) ]]; then
+if ! s test -L /root/.unison && [[ $(s find /root/.unison -prune -empty) ]]; then
mkdir -p $d
s chown -R $USER:$USER /root/.unison
- mv -f /root/.unison/* $d
+ s cp -rT /root/.unison $d
fi
s lnf -T $d /root/.unison
-########### begin section including lj ################
+########### begin section including li ################
+case $distro in
+ debian)
+ if [[ `debian-archive` == testing ]]; then
+ pi acme-tiny
+ fi
+esac
+
case $distro in
fedora) spa unrar ;;
*) spa unrar-free ;;
debian-setup-auto-update
fi
-# cron
-/a/bin/crons/all
-
-
case $HOSTNAME in
lj|li)
lj) domain=iank.bid ;;
li) domain=iankelling.org ;;
esac
- homepage-setup $domain
+ /a/h/setup.sh $domain
s rld /a/h/_site/ /var/www/$domain/html
curl https://$domain/git/?p=mediawiki-setup/.git;a=blob_plain;f=mw-setup-script;hb=HEAD | bash
cd /a/opt
wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
errallow
+ set -o pipefail
s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log
code=$?
errcatch
case $code in
0) : ;;
*)
- if grep '^dpkg: dependency problems prevent configuration of' \
+ # previously I had a more specific search, but dpkg
+ # changed it's output as of 7/2016
+ if grep 'dependency problems' \
$log &>/dev/null; then
s apt-get -fy install
else
bridge-utils dnsmasq qemu bind-tools
# otherwise we get error about accessing kvm module.
# seems like there might be a better way, but google was a bit vague.
- s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
+ s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf
echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
# https://bbs.archlinux.org/viewtopic.php?id=206206
# # this should prolly go in the wiki
# -o on, turn on 4 hour period non-performance degrading testing.
# short test daily 2-3am, extended tests Saturdays between 3-4am:
sched="-s (S/../.././02|L/../../6/03)"
-s sed -i "s#^[[:space:]]*DEVICESCAN.*#\
+s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\
DEVICESCAN -a -o on -S on -n standby,q $sched\
-m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf
# consulted first. This is often slower and undesirable, ie. local dns
# queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you
# can do:
-#sudo sed -i '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
+#sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order
# however, this breaks dns lookup for hosts on the openvpn lan.
# I can\'t figure out why hosts on the normal lan would not be
# broken under the default ordering, except the host I was
########### misc stuff
+if ! sudo test -e /etc/openvpn/client.key; then
+ /a/bin/vpn-setup/vpn-mk-client-cert
+fi
+
+
case $distro in
debian|ubuntu)
case `debian-archive` in
esac
# add 2 lines after workgroup option
-s sed -ri '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
-s sed -ri '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
-s sed -i 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
+s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf
+s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf
+s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf
# remove default homes section. not sharing that.
-s sed -ri '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
+s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf
if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then
s tee -a /etc/samba/smb.conf <<'EOF'
fi
rlu $host /a/bin/distro-setup/
-ssh $host /a/bin/distro-begin
-ssh $host /a/bin/distro-end
+ssh $host /a/bin/distro-setup/distro-begin
+ssh $host /a/bin/distro-setup/distro-end
+++ /dev/null
-#!/bin/bash -l
-# Copyright (C) 2016 Ian Kelling
-# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-domain=$1
-
-if [[ ! $1 ]]; then
- echo "$0: error: expected domain argument"
- exit 1
-fi
-
-gitroot=/a/bin/githtml
-
-type -P a2enmod &>/dev/null || pi apache2
-
-acme-tiny-wrapper $domain
-
-# debian has the package gitweb, which seems to mainly
-# have some example apache config, and a minimal gitweb config.
-# I'll just use the config as example and not use the package.
-# It's example apache config seems to say we can use cgi or cgid,
-# and googling cgid it seems a newer faster alternative.
-sudo a2enmod cgid
-
-# so, highlight is not highlighting my
-pi highlight
-
-# additional settings from browsing https://git-scm.com/docs/gitweb.conf
-s dd of=/etc/gitweb.conf <<EOF
-\$feature{'highlight'}{'default'} = [1];
-# highlighting doesn't work on files without extension.
-# I noticed in terminal "highlight file" won't do it (unknown file type)
-# hightlight < file will do it, and it's online documentation
-# suggests it reads shebang. Todo: file a bug for gitweb
-# to make highlight read shebangs.
-our \$projectroot = "$gitroot";
-# not documented at https://git-scm.com/docs/gitweb.conf,
-# but it's in the debian conf, so use it.
-# directory to use for temp files.
-\$git_temp = "/tmp";
-push @git_base_url_list, "https://$domain/git";
-EOF
-
-
-apache-site - $domain <<EOF
-# to run python script on my site:
-<Directory /var/www/$domain/html>
- # to run python scripts with cgi
- Options +ExecCGI
- AddHandler cgi-script .py
-</Directory>
-
-
-# All below is for gitweb + git-http-web.
-# A simple builtin way to have a read only git website.
-# I didn't find any significantly better alternatives out there.
-SetEnv GIT_PROJECT_ROOT $gitroot
-SetEnv GIT_HTTP_EXPORT_ALL
-
-# note: cgi scripts can go anywhere into the filesystem,
-# so there is no need to do a directory block for $gitroot
-
-# fot git-http-web
-<Directory /usr/lib/git-core>
- AllowOverride None
- Require all granted
-</Directory>
-
-<Directory /usr/share/gitweb>
- Options +FollowSymLinks +ExecCGI
- AddHandler cgi-script .cgi
-</Directory>
-
-# from man-git-http-backend, so git-http-web ang gitweb can both be used.
-# it is instead of this:
-# #ScriptAlias / /usr/lib/git-core/git-http-backend/
-ScriptAliasMatch \\
- "(?x)^/git/(.*/(HEAD | \\
- info/refs | \\
- objects/(info/[^/]+ | \\
- [0-9a-f]{2}/[0-9a-f]{38} | \\
- pack/pack-[0-9a-f]{40}\\.(pack|idx)) | \\
- git-(upload|receive)-pack))\$" \\
- /usr/lib/git-core/git-http-backend/\$1
-
-
-
-# man-git-http-backend claims we should do this, but
-# it causes no css/images to be displayed. Instead,
-# just stick with the standard gitweb example directive
-# from debian.
-#ScriptAlias /git /usr/share/gitweb/gitweb.cgi/
-Alias /git /usr/share/gitweb
-EOF
pi phabricator/unstable
# debian sets http, but we want https
-s sed -i 's/http:/https:/' /usr/share/phabricator/conf/local/local.json
+s sed -i --follow-symlinks 's/http:/https:/' /usr/share/phabricator/conf/local/local.json
acme-tiny-wrapper $domain
# This also works instead of ~/.forward
-# s sed -i '/^root/d' /etc/aliases ||:
+# s sed -i --follow-symlinks '/^root/d' /etc/aliases ||:
#echo "root: $HOSTNAME@$SOME_DOMAIN" | s tee -a /etc/aliases
# this can't be a symlink and has permission restrictions
# it might work in /etc/aliases, but this seems more proper.
iankelling.org / git / distro-setup / commitdiff