# note p/m is owned 1000:1000 and chmod 700
-targets=()
mountpoints=()
rsync_mountpoint=/q
eval set -- "$temp"
while true; do
case $1 in
+ # only creates the config file, does not run btrbk
-c) conf_only=true; shift ;;
-l) rate_limit=$2; shift 2 ;;
-m) IFS=, mountpoints=($2); unset IFS; shift 2 ;;
-p) progress_arg="--progress"; shift ;;
# btrbk arg: Resume only. Skips snapshot creation.
-r) resume_arg=-r; shift ;;
+ # empty is valid for just doing local snapshot. we have default hosts
+ # we will populate
-t) IFS=, targets=($2); unset IFS; shift 2 ;;
-v) verbose=true; verbose_arg=-v; shift ;;
-h|--help) usage ;;
echo -e "$0: options: conf_only=$conf_only\ndry_run=$dry_run\nresume_arg=$resume_arg\nrate_limit=$rate_limit\nverbose=$verbose"
# set default targets
-if ! (( ${#targets[@]} )); then
+if [[ ! -v targets ]]; then
case $HOSTNAME in
x2)
if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
fi
fi
;;
+ frodo)
+ targets=()
+ ;;
*)
echo "$0: error: no default targets for this host, use -t"
exit 1
fi
done
else # set default mountpoints
- prospective_mps=(/a /q)
- if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- prospective_mps+=(/o)
- fi
- for tg in ${targets[@]}; do
- if [[ $tg == frodo && $HOSTNAME == treetowl ]]; then
- prospective_mps+=(/i)
+ if [[ $HOSTNAME == frodo ]]; then
+ prospective_mps=(/i)
+ else
+ prospective_mps=(/a /q)
+ if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
+ prospective_mps+=(/o)
fi
- done
+ fi
for mp in ${prospective_mps[@]}; do # default mountpoints to sync
if [[ -e /nocow/btrfs-stale/$mp ]]; then
echo "$0: warning: $mp stale, not adding to default mountpoints"
vol=${d##*/}
dev=$(sed -rn "s,^\s*([^#]\S*)\s+$d\s.*,\1,p" /etc/fstab|head -n1)
subvol_dir=$(sed -rn "s,^\s*[^#]\S*\s+$d\s.*\bsubvol=([a-zA-A/]+).*,\1,p" /etc/fstab|head -n1)
- root_dir=$(sed -rn "s,^\s*$dev\s+(\S+).*\bsubvolid=0\b.*,\1,p" /etc/fstab|head -n1)
+ # note, we need $dev because $d might not be mounted, and we do this loop
+ # because the device in fstab for the rootfs can be different.
+ for devx in $(btrfs fi show $dev| sed -rn 's#.*path (/\S+)$#\1#p'); do
+ root_dir=$(sed -rn "s,^\s*$devx\s+(\S+).*\bsubvolid=0\b.*,\1,p" /etc/fstab|head -n1)
+ if [[ $root_dir ]]; then break; fi
+ done
svp=$root_dir/$subvol_dir # subvolume path
-
-
snaps=($root_dir/btrbk/$subvol_dir.20*) # Assumes we are in the 21st century.
if [[ ! $snaps ]]; then
# no snapshots yet
last_snap=$(
for s in ${snaps[@]}; do
f=${s##*/}
- printf "%s %s\n" $(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s) $f
+ unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s)
+ printf "%s %s\n" $unix_time $s
done | sort -r | head -n 1 | awk '{print $2}'
)
if [[ ! $last_snap ]]; then
fi
if [[ ! -e $svp ]]; then
- echo "$0: warning: subvol we want to check does not exist: $svp"
- stale-file=$last_snap
+ echo "$0: warning: subvol does not exist: $svp"
+ echo "$0 assuming this host was just for receiving and latest snap is freshest"
+ freshest_snap=$last_snap
+ stale=true
stale-file
continue
fi
continue
fi
+ # fallback to using last_snap as the freshest
freshest_snap=$last_snap
stale=true
# fresh if $svp has $last_snap as a snapshot,
local dir fs x bdir f dst
for dir in "$@"; do
fs=$dir/filesystem
- if [[ -e $fs && $USER == ian ]]; then
+ if [[ -e $fs && $USER =~ ^iank?$ ]]; then
# note, symlinks get resolved, not copied.
- m s cp -RLT --preserve=mode,timestamps $fs /
+ s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
fi
if [[ -e $dir/subdir_files ]]; then
c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
case $USER in
- ian)
+ ian|iank)
# p needs to go first so .ssh link is created, then config link inside it
m common-file-setup ${all_dirs[@]}
if [[ -d /etc/bind/bind-writable ]]; then
[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
-virsh destroy demohost ||:
-# there's some other ways to configure it, but by default, we get perms of this user
-usermod -a -G ian libvirt-qemu
-usermod -a -G traci libvirt-qemu
-virsh attach-device demohost <(e "<filesystem type='mount' accessmode='mapped'> <source dir='/q'/> <target dir='/q'/> </filesystem>") --config ||:
-virsh attach-device demohost <(e "<filesystem type='mount' accessmode='mapped'> <source dir='/a'/> <target dir='/a'/> </filesystem>") --config ||:
-
-virsh start demohost
-while ! timeout -s 9 5 ssh demohost :; do sleep 3; done
+ip=$(host demohost | sed -rn 's/^\S+ has address //p;T;q')/32
+cedit demohost /etc/exports <<EOF
+/a $ip(async,rw,no_subtree_check,no_root_squash)
+/q $ip(async,rw,no_subtree_check,no_root_squash)
+EOF
+exportfs -ra
ssh root@demohost bash -s <<'EOFOUTER'
set -eE -o pipefail
-cat >>/etc/modules <<EOF
-loop
-virtio
-9p
-9pnet
-9pnet_virtio
-EOF
-service kmod start
+apt-get install -y nfs-common
+sed -ri '\%^(faiserver:/[aq]|/q/p)\s%d' /etc/fstab
cat >>/etc/fstab <<'EOF'
-/a /a 9p trans=virtio 0 0
-/q /q 9p trans=virtio 0 0
+faiserver:/a /a nfs defaults 0 0
+faiserver:/q /q nfs defaults 0 0
/q/p /p none bind 0 0
EOF
+
mkdir -p /a /q /p
mount /a
mount /q
# set the scrollback to unlimited in case something goes wrong
if [[ $EUID == 0 ]]; then
- if getent passwd ian; then
+ if getent passwd iank || getent passwd ian ; then
echo "$0: error: running as root. unprivileged user exists. use it."
exit 1
else
distro=$(distro-name)
case $distro in
ubuntu|debian|trisquel)
- sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-ian"
+ sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-iank"
;;
*)
sudo bash -c ". /a/bin/fai/fai-wrapper &&
# passwordless sudo
-tu /etc/sudoers <<'EOF'
-ian ALL=(ALL) NOPASSWD: ALL
+tu /etc/sudoers <<EOF
+$USER ALL=(ALL) NOPASSWD: ALL
Defaults env_keep += SUDOD
# makes ubuntu be like debian
# https://unix.stackexchange.com/a/91572
dirs=(/mnt/{1,2,3,4,5,6,7,8,9})
s mkdir -p "${dirs[@]}"
-s chown ian:ian "${dirs[@]}"
+s chown $USER:$USER "${dirs[@]}"
tu /etc/fstab <<'EOF'
if ! mountpoint /kr; then
s mkdir -p /kr
- s chown ian:traci /kr
+ s chown $USER:traci /kr
fi
if home_network; then
- if [[ $HOSTNAME == treetowl ]]; then
+ if [[ $HOSTNAME == frodo ]]; then
tu /etc/fstab <<'EOF'
/k /kr none bind,noauto 0 0
EOF
for dir in /{i,w,k}; do
if mountpoint $dir; then continue; fi # already mounted
s mkdir -p $dir
- s chown ian:ian $dir
+ s chown $USER:$USER $dir
done
# not needed for all hosts, but rather just keep it uniform
EOF
s chmod +x /root/imount
- s dd of=/etc/systemd/system/imount.service <<'EOF'
+ s dd of=/etc/systemd/system/imount.service <<EOF
[Unit]
Description=Mount /i and related mountpoints
-Before=syncthing@ian.service
+Before=syncthing@$USER.service
[Service]
Type=oneshot
ExecStart=/root/imount
[Install]
-RequiredBy=syncthing@ian.service
+RequiredBy=syncthing@$USER.service
# note /kr needs networking, this target is the simplest way to
# time it when the network should be up, but not do something
# dumb like delay startup until the network is up. It happens
$first_root_crypt /nocow btrfs noatime,subvol=nocow 0 0
EOF
s mkdir -p $dir
- s chown ian:ian $dir
+ s chown $USER:$USER $dir
s mount $dir
fi
else
# ownership, and ssh doesn\'t allow any group writable parent
# directories, so we are forced to use a directory structure similar
# to home directories
-s chown root:ian /q
+s chown root:$USER /q
s chmod 755 /q
s mkdir -p $dir/PostLogin
s command cp /a/bin/distro-setup/desktop-20-autostart.sh $dir/PostLogin/Default
s mkdir /etc/lightdm/lightdm.conf.d
- s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF'
+ s dd of=/etc/lightdm/lightdm.conf.d/12-iank.conf <<'EOF'
[SeatDefaults]
session-setup-script=/a/bin/distro-setup/desktop-20-autostart.sh
EOF
guvcview
i3lock
inetutils-traceroute
+ iperf3
iproute2-doc
jq
kid3-qt
fi
# we've got a few dependencies later on, so install them now.
-pi "${simple_packages[@]}"
+pi eatmydata
+s eatmydata apt-get -y install --purge --auto-remove "${simple_packages[@]}"
simple_packages=()
# https://nodejs.org/en/download/package-manager/
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
pi nodejs
- cd /home/ian
+ cd /home/iank
rm -rf pump.io.git
git clone https://github.com/pump-io/pump.io.git
cd pump.io
Type=simple
User=pumpio
Group=pumpio
-ExecStart=/home/ian/pump.io/bin/pump
+ExecStart=/home/iank/pump.io/bin/pump
Environment=NODE_ENV=production
# failed to find databank-mongodb without this.
# I just looked at my environment variables took a guess.
After=multi-user.target
[Service]
-User=ian
+User=iank
Type=oneshot
# about 24 hours of failures
# it copies over its files without respecting symlinks, so
After=multi-user.target
[Service]
-User=ian
+User=iank
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
EOF
pi syncthing
;;
esac
- lnf -T /w/syncthing /home/ian/.config/syncthing
- sgo syncthing@ian # runs as ian
+ lnf -T /w/syncthing /home/iank/.config/syncthing
+ sgo syncthing@iank # runs as iank
# these things persist in ~/.config/syncthing, which I save in
# /w/syncthing (not in /p, because syncthing should continue to
;;
esac
fi
-if [[ $HOSTNAME == treetowl ]]; then
+if [[ $HOSTNAME == frodo ]]; then
sgo transmission-daemon-nn
fi
# others unknown
esac
# allow user to run vms, from debian handbook
-for x in ian traci; do s usermod -a -G libvirt,kvm $x; done
+for x in iank traci; do s usermod -a -G libvirt,kvm $x; done
# bridge networking as user fails. google lead here, but it doesn\'t work:
# oh well, I give up.
# http://wiki.qemu.org/Features-Done/HelperNetworking
f=$dir/bitcoin.conf
s dd of=$f <<EOF
server=1
+# necessary for joinmarket, not bad in general
rpcpassword=$(openssl rand -base64 32)
rpcuser=$(openssl rand -base64 32)
EOF
-
- f2=$dir/bitcoinjm.conf
- s cp $f $f2
- s tee -a $f2 >/dev/null <<EOF
-# Joinmarket
-walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
-alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
-wallet=joinmarket.dat
-EOF
# dunno about sharing a wallet between multiple instances
# manually did, wallet.dat symlinked in /nocow/.bitcoin
sgo bitcoind
;;
# other distros unknown
esac
- pi libsodium-dev python-pip
- cd /a/opt/joinmarket
- # using develop branch, as it seems to be mostly bug fixes,
- # and this is quite new software.
- # note: python3 does not work.
- # has seg fault error due to some bug, but it still works
- pip install -r requirements.txt || [[ $? == 139 ]]
- # note, the target must exist ahead of time, or bitcoin
- # just overwrites the link, and it\'s not happy with an empty file,
- # so we have to create the wallet, then move and link it.
- s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
- s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
- # not technically needed, but seems cleaner not to have
- # symlinks be root owned unlike everything else
- s chown -h bitcoin:bitcoin /nocow/.bitcoin/*
-
- for var in rpcuser rpcpassword; do
- u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
- # escape backslashes
- u="${u//\\/\\\\\\\\}"
- # escape commas
- u="${u//,/\\,}"
- sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
- done
- sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
-fi
+# ## disabling joinmarket, its too expensive
+# ### begin joinmarket setup ###
+
+# case $distro in
+# debian)
+# f=$dir/bitcoin.conf
+# f2=$dir/bitcoinjm.conf
+# s cp $f $f2
+# s tee -a $f2 >/dev/null <<EOF
+# # Joinmarket
+# walletnotify=curl -sI --connect-timeout 1 http://localhost:62602/walletnotify?%s
+# alertnotify=curl -sI --connect-timeout 1 http://localhost:62602/alertnotify?%s
+# wallet=joinmarket.dat
+# EOF
+# ;;
+# # other distros unknown
+# esac
+
+# pi libsodium-dev python-pip
+# cd /a/opt/joinmarket
+# # using develop branch, as it seems to be mostly bug fixes,
+# # and this is quite new software.
+# # note: python3 does not work.
+# # has seg fault error due to some bug, but it still works
+# pip install -r requirements.txt || [[ $? == 139 ]]
+# # note, the target must exist ahead of time, or bitcoin
+# # just overwrites the link, and it\'s not happy with an empty file,
+# # so we have to create the wallet, then move and link it.
+# s lnf -T /q/bitcoin/wallet.dat /nocow/.bitcoin/wallet.dat
+# s lnf -T /q/bitcoin/joinmarket.dat /nocow/.bitcoin/joinmarket.dat
+# # not technically needed, but seems cleaner not to have
+# # symlinks be root owned unlike everything else
+# s chown -h bitcoin:bitcoin /nocow/.bitcoin/*
+
+# for var in rpcuser rpcpassword; do
+# u="$(s sed -rn "s/^$var=(.*)/\1/p" /etc/bitcoin/bitcoin.conf)"
+# # escape backslashes
+# u="${u//\\/\\\\\\\\}"
+# # escape commas
+# u="${u//,/\\,}"
+# sed -ri "s,^(rpc_${var#rpc}\s*=).*,\1 $u," joinmarket.cfg
+# done
+# sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
+# ### end joinmarket setup ###
+
+
+fi
case $distro in
# s systemctl daemon-reload
# case $HOSTNAME in
# x2|treetowl)
-# ser enable synergyc@ian
-# ser start synergyc@ian ||: # X might not be running yet
+# ser enable synergyc@iank
+# ser start synergyc@iank ||: # X might not be running yet
# ;;
# frodo)
# systemctl --user start synergys ||:
# ser list-timers
fi
-if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
- # fail2 ban is broken, with a workaround, per
- # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
- # ill wait a while to see if it gets fixed
- pi fail2ban
- sgo fail2ban
-fi
-
-
case $distro in
- debian|ubuntu|trisquel) s gpasswd -a ian adm ;; #needed for reading logs
+ debian|ubuntu|trisquel) s gpasswd -a iank adm ;; #needed for reading logs
esac
# tor
# mkc /p/c/machine_specific/li/filesystem/etc/bind
# s dnssec-keygen -a HMAC-MD5 -b 512 -n HOST b8.nz
-# s chown ian:ian *
+# s chown iank:iank *
# f=key.b8.nz
# cat >$f <<EOF
# limitations under the License.
# set to oppsite if the order is flipped.
-k2flip=true
+k2flip=false
if $k2flip; then
k2inorder=false
else
# switch to easy or hard pass which is the same as luks
f=/q/root/shadow/traci
-[[ $HOSTNAME != tp ]] || usermod -p "$(cat $f)" ian
+[[ $HOSTNAME != tp ]] || usermod -p "$(cat $f)" iank
echo "$0: finished. $(date)"
fi
# switch to easy or hard login pass which is the same as luks
f=/q/root/shadow/traci-simple
-[[ $HOSTNAME != tp ]] || usermod -p "$(cat $f)" ian
+[[ $HOSTNAME != tp ]] || usermod -p "$(cat $f)" iank
echo "$0: finished. $(date)"
usage 1
fi
+if [[ ! $SUDO_USER ]]; then
+ echo "$0: error: requires running as nonroot or sudo"
+fi
+u=$SUDO_USER
####### begin perstent password instructions ######
# # via the mail-setup scripts
# # 2017-02 dmarc policies:
+# # host -t txt _dmarc.gmail.com
# # yahoo: p=reject, hotmail: p=none, gmail: p=none, fastmail none for legacy reasons
-# # gmail will be changing to p=reject, which is expected to cause problems
+# # there were articles claiming gmail would be changing
+# # to p=reject, in early 2017, which didn't happen. I see no sources on them. It's
+# # expected to cause problems
# # with a few old mailing lists, copying theirs for now.
+#
# echo "dmarc dns, name: _dmarc value: v=DMARC1; p=none; rua=mailto:mailauth-reports@$domain"
# # 2017-02 spf policies:
# New one is smtp.fastmail.com
# test delivery & rewrite settings:
-#exim4 -bt ian@localhost
+#exim4 -bt iank@localhost
postconfin() {
}
e() { printf "%s\n" "$*"; }
-postmaster=ian
+postmaster=$u
mxhost=mail.iankelling.org
mxport=25
-forward=ian@$mxhost
+forward=$u@$mxhost
# old setup. left as comment for example
# mxhost=mail.messagingengine.com
relayhost="[$mxhost]:$mxport" # postfix
smarthost="$mxhost::$mxport" # exim
-
+vpn_ser=openvpn-client
+if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
+ vpn_ser=openvpn
+fi
if [[ $HOSTNAME == $MAIL_HOST ]]; then
# afaik, these will get ignored because they are routing to my own
else # begin exim. has debian specific stuff for now
+ if ! dpkg -s openvpn &>/dev/null; then
+ apt-get -y install --purge --auto-remove openvpn
+ fi
+
if [[ -e /p/c/filesystem ]]; then
/a/exe/vpn-mk-client-cert -b mail -n mail li
fi
- cat >/etc/systemd/system/mailroute.service <<'EOF'
+ cat >/etc/systemd/system/mailroute.service <<EOF
[Unit]
-# this unit is configured to start and stop whenever openvpn-client@mail.service
+# this unit is configured to start and stop whenever $vpn_ser@mail.service
# does
Description=Routing for email vpn
After=network.target
-BindsTo=openvpn-client@mail.service
-After=openvpn-client@mail.service
+BindsTo=$vpn_ser@mail.service
+After=$vpn_ser@mail.service
[Service]
Type=oneshot
RemainAfterExit=yes
[Install]
-RequiredBy=openvpn-client@mail.service
+RequiredBy=$vpn_ser@mail.service
EOF
cat >/etc/systemd/system/offlineimapsync.timer <<'EOF'
WantedBy=timers.target
EOF
- cat >/etc/systemd/system/offlineimapsync.service <<'EOF'
+ cat >/etc/systemd/system/offlineimapsync.service <<EOF
[Unit]
Description=Offlineimap sync
After=multi-user.target
[Service]
-User=ian
+User=$u
Type=oneshot
ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync
EOF
# MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
# smarthost config type, not sure. all other settings
# would be unused in that config type.
- cat >$exim_main_dir/000_localmacros <<'EOF'
+ cat >$exim_main_dir/000_localmacros <<EOF
MAIN_TLS_ENABLE = true
DKIM_CANON = relaxed
# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
# The file is based on the outgoing domain-name in the from-header.
-DKIM_DOMAIN = ${lc:${domain:$h_from:}}
+DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
# sign if key exists
-DKIM_PRIVATE_KEY= ${if exists{/etc/exim4/${dkim_domain}-private.pem} {/etc/exim4/${dkim_domain}-private.pem}}
+DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
# failing message on mail-tester.com:
# normally empty, I set this so I can set the envelope address
# when doing mail redelivery to invoke filters
-MAIN_TRUSTED_GROUPS = ian
+MAIN_TRUSTED_GROUPS = $u
LOCAL_DELIVERY = dovecot_lmtp
systemctl enable offlineimapsync.timer
systemctl start offlineimapsync.timer
- systemctl restart openvpn-client@mail
- systemctl enable openvpn-client@mail
+ systemctl restart $vpn_ser@mail
+ systemctl enable $vpn_ser@mail
systemctl enable dovecot
systemctl restart dovecot
else # $HOSTNAME != $MAIL_HOST
systemctl disable offlineimapsync.timer &>/dev/null ||:
systemctl stop offlineimapsync.timer &>/dev/null ||:
- systemctl disable openvpn-client@mail
- systemctl stop openvpn-client@mail
+ systemctl disable $vpn_ser@mail
+ systemctl stop $vpn_ser@mail
systemctl disable dovecot ||:
systemctl stop dovecot ||:
#
sed -r s/^\\S+:/$b:/ 600_exim4-config_userforward >175_$b
systemctl restart exim4
-fi # end if exim4
+ fi # end if exim4
-# /etc/alias setup is debian specific, and
-# exim config sets up an /etc/alias from root to the postmaster, which i
-# config to ian, as long as there exists an entry for root, or there was
-# no preexisting aliases file. based on the postinst file. postfix
-# won't set up a root to $postmaster alias if it's already installed.
-# Since postfix is not the greatest, just set it ourselves.
-if [[ $postmaster != root ]]; then
- sed -i --follow-symlinks -f - /etc/aliases <<EOF
+ # /etc/alias setup is debian specific, and
+ # exim config sets up an /etc/alias from root to the postmaster, which i
+ # config to ian, as long as there exists an entry for root, or there was
+ # no preexisting aliases file. based on the postinst file. postfix
+ # won't set up a root to $postmaster alias if it's already installed.
+ # Since postfix is not the greatest, just set it ourselves.
+ if [[ $postmaster != root ]]; then
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
\$a root: $postmaster
/^root:/d
EOF
- newaliases
-fi
+ newaliases
+ fi
# put spool dir in directory that spans multiple distros.
# based on http://www.postfix.org/qmgr.8.html and my notes in gnus
EOF
;;
esac
+if [[ $HOSTNAME == frodo ]]; then
+ tu /etc/fstab <<EOF
+$first_root_crypt /i btrfs noatime,subvol=i 0 0
+EOF
+fi
##### end setup fstab for subvols we care about ######
-for vol in q a o; do
+for vol in q a o i; do
d=/$vol
if ! awk '{print $2}' /etc/fstab | grep -xF $d &>/dev/null; then
continue
if e umount -R $dir; then
unmounted+=($dir)
else
- umount_ret=false
- ret=1
echo "$0: failed to umount $dir"
- e lsof $dir
- break
+ # lsof will fail if it finds no pids
+ if ! e lsof $dir; then
+ umount_ret=false
+ ret=1
+ continue
+ fi
+ pids=$(lsof -t $dir) ||:
+ kill $pids
+ sleep .5
+ if e umount -R $dir; then
+ unmounted+=($dir)
+ else
+ umount_ret=false
+ ret=1
+ continue
+ fi
fi
fi
done
# arcanist(), phabricator(), phutil()
s usermod -a -G vcs www-data
-s usermod -a -G vcs ian
+s usermod -a -G vcs iank
s usermod -a -G vcs phabricator
s chown root:vcs /usr/share/phabricator/conf/local/local.json
fbin config set diffusion.ssh-port $ssh_port
iankelling.org / git / distro-setup / commitdiff