# See the License for the specific language governing permissions and
# limitations under the License.
+
+# todo: remove old leaf subvols, like keep up to 1 month or something.
+
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
# set default targets
if [[ ! -v targets ]]; then
case $HOSTNAME in
- x2)
+ x2|fz)
if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
targets=($HOME_DOMAIN)
fi
--- /dev/null
+#!/bin/bash
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+# inspired from
+# https://github.com/kdave/btrfsmaintenance
+
+
+# Man page says we could also use a range, i suppose it would be
+# logical to use a pattern like 5..10 10..20,
+# but I don't know if this would help us at all.
+dusage="1 5 10 20 30 40 50"
+musage="1 5 10 20 30"
+
+e() { echo "cron: $*"; "$@"; }
+
+check-idle() {
+ export DISPLAY=:0
+ idle_time=$(xprintidle 2>/dev/null) ||:
+ # 3 hours, assume a movie might run that long.
+ if [[ $idle_time ]] && (( idle_time < 1000 * 60 * 60 * 3 )); then
+ idle=false
+ else
+ idle=true
+ fi
+}
+
+if [[ $1 == check ]]; then
+ check=true
+else
+ check=false
+fi
+
+check-idle
+
+fnd="findmnt --types btrfs --noheading"
+for x in $($fnd --output "SOURCE" --nofsroot | sort -u); do
+ mnt=$($fnd --output "TARGET" --first-only --source $x)
+ [[ $mnt ]] || continue
+
+ if ! $idle; then
+ btrfs scrub cancel $mnt &>/dev/null ||:
+ continue
+ fi
+ if $check; then
+ continue
+ fi
+
+ # for comparing before and after balance.
+ # the log is already fairly verbose, so commented.
+ # e btrfs filesystem df $mnt
+ # e df -H $mnt
+ if btrfs filesystem df $mnt | grep -q "Data+Metadata"; then
+ for usage in $dusage; do
+ e btrfs balance start -dusage=$usage -musage=$usage $mnt
+ done
+ else
+ e btrfs balance start -dusage=0 $mnt
+ for usage in $dusage; do
+ e btrfs balance start -dusage=$usage $mnt
+ done
+ e btrfs balance start -musage=0 $mnt
+ for usage in $musage; do
+ e btrfs balance start -musage=$usage $mnt
+ done
+ fi
+ # e btrfs filesystem df $mnt
+ # e df -H $mnt
+ date=$(
+ btrfs scrub status $mnt | \
+ sed -rn 's/^\s*scrub started at (.*) and finished.*/\1/p'
+ )
+ if [[ $date ]]; then
+ date=$(date --date="$date" +%s)
+ # if date is sooner than 90 days ago
+ # the wiki recommends 30 days or so, but
+ # it makes the comp lag like shit for a day,
+ # so I'm going with 90 days.
+ if (( $date > `date +%s` - 60*60*24*30 )); then
+ echo "cron: skiping scrub of $mnt"
+ continue
+ fi
+ fi
+ e btrfs scrub start -Bd $mnt
+done
--- /dev/null
+#!/bin/bash
# named[20823]: /etc/bind/db.iank.pw.jnl: create: permission denied
m s chgrp bind /etc/bind/bind-writable
fi
+ files=(/etc/bind/[Kk]*)
+ if [[ -e $files ]]; then
+ m s chgrp bind ${files[@]}
+ fi
if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
s chgrp www-data /etc/davpass
fi
if ! pgrep -u $EUID -f "firefox -P sfw"; then
firefox -P sfw &
fi
-nagstamon &
+#nagstamon &
export HOSTNAME=$1
fi
-for f in iank-dev htpc treetowl x2 frodo tp li lj demohost kw; do
+for f in iank-dev htpc treetowl x2 frodo tp li lj demohost kw fz; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
has_p() { ! linode; } # when tp is tracis, then not tp either
xbacklight
xprintidle
xscreensaver
+ xscreensaver-data-extra
+ xscreensaver-gl
+ xscreensaver-gl-extra
)
spa $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}')
;;
### end docker install ####
+### begin certbot install ###
case $distro in
debian)
# note, need python-certbot-nginx for nginx, but it depends on nginx,
else
pi certbot python-certbot-apache
fi
- # make a version of the certbot timer that emails me.
- x=/systemd/system/certbot
- $sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
-s,^Description.*,\0 mail version,
-EOF
- $sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
-s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
-EOF
- ser daemon-reload
- sgo certbotmail.timer
-
;;
trisquel|ubuntu)
# not packaged in xenial or flidas
pi software-properties-common
- s add-apt-repository -y ppa:certbot/certbot
+ # this fails with:
+ #
+ # gpg: key 75BCA694: public key "Launchpad PPA for certbot" imported
+ # gpg: Total number processed: 1
+ # gpg: imported: 1
+ # gpg: no valid OpenPGP data found.
+ # Failed to add key.
+ #
+ # but it seems to work fine, perhaps it's only failing on the second run.
+ s add-apt-repository -y ppa:certbot/certbot ||:
p update
pi python-certbot-apache
;;
# todo: other distros unknown
esac
+# make a version of the certbot timer that emails me.
+x=/systemd/system/certbot
+$sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
+s,^Description.*,\0 mail version,
+EOF
+$sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
+s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2 --renew-hook /a/bin/distro-setup/certbot-renew-hook,
+EOF
+ser daemon-reload
+sgo certbotmail.timer
+### end certbot install ###
+
# dogcam setup
case $HOSTNAME in
esac
+# needed for checkrestart
+if isdeb; then
+ spa debian-goodies
+fi
+
+
+
########### end section including li/lj ###############
case $distro in
esac
-if isdeb; then
- spa debian-goodies
-fi
-
case $distro in
debian)
esac
-
-
### begin home vpn server setup
# vpn-server-setup -rds
# s cp -r --parents /etc/openvpn/easy-rsa/keys /p/c/filesystem
# s chown -R 1000:1000 /p/c/filesystem/etc/openvpn/easy-rsa/keys
+# # kw = kgpe work machine.
# for host in x2 kw; do
-# vpn-mk-client-cert -b $host -n home b8.nz
-# dir=/p/c/machine_specific/$host/filesystem/etc/openvpn/client
-# mkdir -p $dir
-# s bash -c "cp /etc/openvpn/client/home* $dir"
+# vpn-mk-client-cert -b $host -n home b8.nz 1196
+# dir=/p/c/machine_specific/$host/filesystem/etc/openvpn/client
+# mkdir -p $dir
+# s bash -c "cp /etc/openvpn/client/home* $dir"
# # note: /etc/update-resolv-conf-home also exists for all systems with /p
# done
-
+# key already exists, so this won't generate one, just the configs.
vpn-server-setup -rds
s tee -a /etc/openvpn/server/server.conf <<'EOF'
push "dhcp-option DNS 192.168.1.1"
push "route 192.168.1.0 255.255.255.0"
client-connect /a/bin/distro-setup/vpn-client-connect
EOF
-s sed -i --follow-symlinks 's/10.8./10.9./g' /etc/openvpn/server/server.conf
+s sed -i --follow-symlinks 's/10.8./10.9./g;s/^\s*port\s.*/port 1196/' /etc/openvpn/server/server.conf
if [[ $HOSTNAME == tp ]]; then
if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then
####### begin misc packages ###########
+if [[ ! -e ~/.linphonerc && -e /p/.linphonerc-initial ]]; then
+ cp /p/.linphonerc-initial ~/.linphonerc
+fi
-### begin spd install
+### begin spd install
pi libswitch-perl libdigest-md5-file-perl libgnupg-interface-perl
t=$(mktemp)
wget -O $t http://mirror.fsf.org/fsfsys-trisquel/fsfsys-trisquel/pool/main/s/spd-perl/spd-perl_0.2-1_amd64.deb
rm $t
# this guesses at the appropriate directory, adjust if needed
x=(/usr/lib/x86_64-linux-gnu/perl/5.*)
-sudo ln -s ../../../perl/5.18.2/SPD/ $x
+sudo ln -sf ../../../perl/5.18.2/SPD/ $x
# newer distro had gpg2 as default, older one, flidas, need to make it that way
x=$(which gpg2)
if [[ $x ]]; then
- lnf -T $x /usr/local/bin/gpg
+ s lnf -T $x /usr/local/bin/gpg
fi
### end spd install
# services on unreachable osts
# hosts in soft state
# services in soft state
-# in display tab: icon in systray.
+# in display tab: fullscreen
+
+# these translate to these settings I think
+# filter_acknowledged_hosts_services = True
+# filter_all_unknown_services = True
+# filter_all_warning_services = True
+# filter_hosts_in_soft_state = True
+# filter_hosts_services_maintenance = True
+# filter_services_in_soft_state = True
+# filter_services_on_down_hosts = True
+# filter_services_on_hosts_in_maintenance = True
+# filter_services_on_unreachable_hosts = True
+# notify_if_up = False
+# statusbar_floating = False
+# fullscreen = True
+# but i'm just going to rely on the webpage plus sms for now.
+
case $distro in
debian|trisquel|ubuntu)
/dev/shm /dev/shm none rw,bind 0 0
/run/shm /run/shm none rw,bind 0 0
/run/user/1000 /run/user/1000 none rw,bind 0 0
+/run/user/1001 /run/user/1001 none rw,bind 0 0
/run/user/0 /run/user/0 none rw,bind 0 0
EOF
cd; s schroot -c $n -- apt-get install --allow-unauthenticated -y ${apps[@]}
fi
s cp -P {,$d}/etc/localtime
-
}
+s dd of=/etc/systemd/system/schrootupdate.service <<'EOF'
+[Unit]
+Description=schrootupdate
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once schrootupdate /a/bin/distro-setup/schrootupdate
+EOF
+s dd of=/etc/systemd/system/schrootupdate.timer <<'EOF'
+[Unit]
+Description=schrootupdate
+
+[Timer]
+OnCalendar=*-*-* 04:20:00
+
+[Install]
+WantedBy=timers.target
+EOF
+s systemctl daemon-reload
+sgo schrootupdate.timer
+
+
+
# for my roommate
case $distro in
########### misc stuff
+/a/bin/distro-setup/mymimes
# stop autopoping windows when i plug in an android phone.
# dconf-WARNING **: failed to commit changes to dconf: Cannot autolaunch D-Bus without X11 $DISPLAY
dbus-launch gsettings set org.gnome.desktop.media-handling automount-open false
+
+# on grub upgrade, we get prompts unless we do this
devs=()
for dev in $(s btrfs fi show /boot | sed -nr 's#.*path\s+(\S+)$#\1#p'); do
devs+=($(devbyid $dev),)
done
devs[-1]=${devs[-1]%,} # jonied by commas
-
-# on grub upgrade, we get prompts unless we do this
s debconf-set-selections <<EOF
grub-pc grub-pc/install_devices multiselect ${devs[*]}
EOF
+# btrfs maintenance
+sgo btrfsmaint.timer
+sgo btrfsmaintstop.timer
+
# the wiki backup script from ofswiki.org uses generic paths
s lnf /p/c/machine_specific/li/mw_vars /root
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-cur="$(host -4 iank.life iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')"
+cur="$(host -4 b8.nz iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')"
ip=$(curl -s4 https://iankelling.org/cgi/pubip)
# note, a simpler way to do this would be to ssh and use
# to update bind if needed.
if [[ $cur != $ip ]]; then
- nsupdate -k /p/c/machine_specific/li/filesystem/etc/bind/Kiank.life.*.private <<EOF
-server iankelling.org
-zone iank.life
-update delete iank.life. A
-update add iank.life. 300 A $ip
-update delete *.iank.life. A
-update add *.iank.life. 300 A $ip
-show
-send
-EOF
-
nsupdate -k /p/c/machine_specific/li/filesystem/etc/bind/Kb8.nz.*.private <<EOF
server iankelling.org
zone b8.nz
# # persistent initial setup for this:
# # create files in /a/c/machine_specific/li/filesystem/etc/bind
+# # note, conflink also does some group ownership stuff.
# mkc /p/c/machine_specific/li/filesystem/etc/bind
# s dnssec-keygen -a HMAC-MD5 -b 512 -n HOST b8.nz
-# s chown iank:iank *
+# s chown $USER:$USER *
# f=key.b8.nz
# cat >$f <<EOF
# };
# EOF
-# chmod 640 $f
+# chmod 640 [kK]*
# myunison -ob li
# ssh li conflink
if [[ $HOSTNAME == $MAIL_HOST ]]; then
systemctl restart radicale
systemctl enable radicale
+ if [[ -e /etc/logrotate.d/radicale.disabled ]]; then
+ mv /etc/logrotate.d/radicale{.disabled,}
+ fi
else
systemctl stop radicale
systemctl disable radicale
+ # weekly logrotate tries to restart radicale even if it's a disabled service in flidas.
+ if [[ -e /etc/logrotate.d/radicale ]]; then
+ mv /etc/logrotate.d/radicale{,.disabled}
+ fi
fi
fi
+exit 0
# if I wanted the from address to be renamed and sent to a different address,
# echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
tu /etc/fstab <<<"$l"
done
}
+kill-dir() {
+ found_pids=false
+ sig=${1:-TERM}
+ if pids=$(timeout 4 lsof -t $dir); then
+ found_pids=true
+ timeout 4 lsof -w $dir
+ kill -$sig $pids
+ fi
+ # fuser will find open sockets that lsof won't, for example from gpg-agent.
+ # note: -v shows kernel processes, which then doesn't return true when we want
+ if timeout 4 fuser -m $dir &>/dev/null; then
+ found_pids=true
+ fuser -$sig -mvk $dir
+ fi
+ if $found_pids; then
+ sleep .5
+ return 0
+ fi
+ return 1
+}
+
+force=false
+if [[ $1 == -f ]]; then
+ force=true
+fi
ret=0
if e umount -R $dir; then
unmounted+=($dir)
else
- if pids=$(timeout 4 lsof -t $dir); then
- timeout 4 lsof -w $dir
- kill $pids
- fi
-
- # fuser will find open sockets that lsof won't, for example from gpg-agent.
- # note: -v shows kernel processes, which then doesn't return true when we want
- if timeout 4 fuser -m $dir &>/dev/null; then
- fuser -TERM -mvk $dir
- fi
+ kill-dir || kill-dir INT || kill-dir HUP || ! $force || kill-dir KILL ||:
- sleep .5
if e umount -R $dir; then
unmounted+=($dir)
else
--- /dev/null
+#!/bin/bash
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+
+shopt -s extglob nullglob
+
+echo '[Default Applications]' >/etc/xdg/defaults.list
+sed -r '/^MimeType=/!d;s/^MimeType=//;s/;/=mpv.desktop;\n/g' /usr/share/applications/mpv.desktop >>/etc/xdg/defaults.list
+
+# this is the new one, according to
+# https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-1.0.html
+# https://wiki.debian.org/MIME
+# https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
+cp /etc/xdg/defaults.list /etc/xdg/mimapps.list
+
+for f in /usr/share/applications/!(defaults).list; do
+ cp /etc/xdg/defaults.list /etc/xdg/${f##*/}
+done
#!/bin/bash
ssh li mongodump >/dev/null # too verbose by default
-rsync -r --delete root@li:{/home/ian/dump,/home/pumpio/pumpdata} /w/backup/pump
+rsync -r --delete root@li:{/home/iank/dump,/home/pumpio/pumpdata} /w/backup/pump
--- /dev/null
+#!/bin/bash
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+
+for n in stretch jessie; do
+ if [[ -e /etc/schroot/chroot.d/$n.conf ]]; then
+ cd
+ schroot -c $n -- apt-get -y dist-upgrade --purge --auto-remove
+ fi
+done
EOF
-sudo btrbk run
+sudo btrbk -l debug --progress run
$new_shell mount-latest-subvol
mail-setup "$new_shell"
iankelling.org / git / distro-setup / commitdiff