+
+########### begin kodi setup ############
+pi kodi
+
+# based on https://wiki.debian.org/SecuringNFS
+# but the quota stuff is either outdated or optional,
+# i guessed that it was not needed and it worked fine.
+s dd of=/etc/sysctl.d/nfs-static-ports.conf <<'EOF'
+fs.nfs.nfs_callback_tcpport = 32764
+fs.nfs.nlm_tcpport = 32768
+fs.nfs.nlm_udpport = 32768
+EOF
+s sysctl --system
+s $sed -ri -f - /etc/default/nfs-common <<'EOF'
+/^\s*STATDOPTS=/d
+$a STATDOPTS="--port 32765 --outgoing-port 32766"
+EOF
+
+s $sed -ri -f - /etc/default/nfs-kernel-server <<'EOF'
+/^\s*RPCMOUNTDOPTS=/d
+$a RPCMOUNTDOPTS="--manage-gids --port 32767"
+EOF
+ser restart nfs-kernel-server
+
+if [[ $HOSTNAME == treetowl ]]; then
+ # persistent one time steps for webdav:
+ # create persistent password, put it in ~/.kodi/userdata/advancedsettings.xml,
+ # per http://kodi.wiki/view/MySQL/Sync_other_parts_of_Kodi
+ # htpasswd -c /p/c/filesystem/etc/davpass dav
+ # chmod 640 /p/c/filesystem/etc/davpass
+ # in conflink, set group to www-data.
+ # In kodi, i set the music source, server address: my domain,
+ # path: k/music. Then copied the file
+ # /p/c/subdir_files/.kodi/userdata/sources.xml to save that setting.
+ s a2enmod dav dav_fs
+ web-conf -r /a/c/playlists - apache2 dav.iank.pw <<'EOF'
+<Directory /a/c/playlists>
+ DAV On
+ AuthType Basic
+ AuthName "Authentication Required"
+ AuthUserFile "/etc/davpass"
+ Require valid-user
+
+# outside the standard /var/www, so use this:
+ Order allow,deny
+ Allow from all
+</Directory>
+EOF
+ s mkdir -p /var/www/davlock
+ s chown www-data:www-data /var/www/davlock
+ s sed -i "1i DavLockDB /var/www/davlock/davlock" /etc/apache2/sites-enabled/dav.iank.pw.conf
+ ser reload apache2
+
+ teeu /etc/exports "/k/music *(ro,nohide,async,no_subtree_check,insecure)"
+ exportfs -ra
+
+ # kodi uses sqlite by default, but supports mysql.
+ pi mariadb-server
+
+ # see ofswiki.org for explanation.
+ dbpass="$(cat /p/mysql-root-pass)"
+ if ! echo exit|mysql -uroot "-p$dbpass"; then
+ echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
+ fi
+ mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON *.* TO 'kodi' IDENTIFIED BY '$(</p/mysql-kodi-pass)';
+EOF
+ s sed -ri 's/^(\s*bind-address\s*=).*/\1 0.0.0.0/' /etc/mysql/mariadb.conf.d/50-server.cnf
+ ser restart mariadb
+
+fi
+
+########### end kodi setup ############
+
+