ser daemon-reload
ser enable vpnmail.service
acme-tiny-wrapper mail.iankelling.org
+ # needed for li's local mail delivery. there might
+ # be a better way to do it that doesn't require disabling
+ # it during le verification, but whatever for now.
+ f=/etc/cron.daily/lets-encrypt-mail_iankelling_org
+ l="10.8.0.4 mail.iankelling.org"
+ tu /etc/hosts <<<"$l"
+ s sed -i '/^\s*sysv acme-tiny-wrapper/i sed -i /^10\.8\.0\.4/d /etc/hosts' $f
+ echo "echo $l >>/etc/hosts" | s tee -a $f
sgo openvpn
- tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org"
domain=cal.iankelling.org
acme-tiny-wrapper $domain
apache-site -f 10.8.0.4:5232 - $domain <<'EOF'
# auth_basic_user_file /etc/nginx/caldav/htpasswd;
+ ########## begin pump.io setup ##########
+
+ # once pump adds a logrotation script, turn off nologger,
+ # and add
+ # "logfile": "/var/log/pumpio/pumpio.log",
+ #
+ s dd of=/etc/pump.io.json <<'EOF'
+{
+ "secret": "SECRET_REPLACE_ME",
+ "driver": "mongodb",
+ "params": { "dbname": "pumpio" },
+ "noweb": false,
+ "site": "pump.iankelling.org",
+ "owner": "Ian Kelling",
+ "ownerURL": "https://pump.iankelling.org/",
+ "port": 8001,
+ "urlPort": 443,
+ "hostname": "pump.iankelling.org",
+ "nologger": true,
+ "datadir": "/home/pumpio/pumpdata",
+ "enableUploads": true,
+ "debugClient": false,
+ "disableRegistration": true,
+ "noCDN": true,
+ "key": "/home/pumpio/pump.iankelling.org-domain.key",
+ "cert": "/home/pumpio/pump.iankelling.org-chained.pem",
+ "address": "localhost",
+ "sockjs": false
+}
+EOF
+ s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json
+
+ # jessie\'s node is too old
+ # https://nodejs.org/en/download/package-manager/
+ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
+ pi nodejs
+ cd /home/ian
+ rm -rf pump.io.git
+ git clone https://github.com/pump-io/pump.io.git
+ cd pump.io
+ # note: doing this or the npm install pump.io as root had problems.
+ npm install
+ npm run build
+ # normally, next command would be
+ # s npm install -g databank-mongodb
+ # but it\'s this until a bug in pump gets fixed
+ s npm install -g databank-mongodb@0.19.2
+ s useradd -m -s /bin/false pumpio
+ sudo -u pumpio mkdir -p /home/pumpio/pumpdata
+ # for testing browser when only listening to localhost,
+ # in the pump.io.json, set hostname localhost, urlPort 5233
+ #ssh -L 5233:localhost:5233 li
+ acme-tiny-wrapper -c /home/pumpio pump.iankelling.org
+
+ s mkdir -p /var/log/pumpio/
+ s chown pumpio:pumpio /var/log/pumpio/
+
+ apache-site -c /home/pumpio - pump.iankelling.org <<'EOF'
+# currently a bug in pump that we cant terminate ssl
+ SSLProxyEngine On
+ ProxyPreserveHost On
+ ProxyPass / https://127.0.0.1:8001/
+ ProxyPassReverse / https://127.0.0.1:8001/
+ # i have sockjs disabled per people suggesting that
+ # it won't work with apache right now.
+ # not sure if it would work with this,
+ # but afaik, this is pointless atm.
+ <Location /main/realtime/sockjs/>
+ ProxyPass wss://127.0.0.1:8001/main/realtime/sockjs/
+ ProxyPassReverse wss://127.0.0.1:8001/main/realtime/sockjs/
+ </Location>
+EOF
+
+ s dd of=/etc/systemd/system/pump.service <<'EOF'
+[Unit]
+Description=pump.io
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User=pumpio
+Group=pumpio
+ExecStart=/home/ian/pump.io/bin/pump
+Environment=NODE_ENV=production
+# failed to find databank-mongodb without this.
+# I just looked at my environment variables took a guess.
+Environment=NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
+
+[Install]
+WantedBy=multi-user.target
+EOF
+ ser daemon-reload
+ sgo pump
+ ########## end pump.io setup ############
echo "$0: $(date): ending now)"
exit 0
########### end section including li/lj ###############
+# pump.io periodic backup
+if [[ $HOSTNAME == treetowl ]]; then
+ s dd of=/etc/systemd/system/pumpbackup.service <<'EOF'
+[Unit]
+Description=pump li backup
+After=multi-user.target
+
+[Service]
+User=ian
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup
+EOF
+
+ s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF'
+[Unit]
+Description=pump li backup hourly
+
+[Timer]
+OnCalendar=hourly
+
+[Install]
+WantedBy=timers.target
+EOF
+ s systemctl daemon-reload
+ sgo pumpbackup.timer
+fi
+
case $distro in
debian|ubuntu)
# suggests because we want the resolvconf package.
# pi-nostart does not disable
ser disable openvpn
;;
- *) pi openvpn;;
+*) pi openvpn;;
esac
if private-host; then
-# no equivalent in other distros:
-case $distro in
- debian|ubuntu)
- # for gui bug reporting
- spa python-vte
- ;;
-esac
+ # no equivalent in other distros:
+ case $distro in
+ debian|ubuntu)
+ # for gui bug reporting
+ spa python-vte
+ ;;
+ esac
-####### misc packages ###########
+ ####### misc packages ###########
-if [[ $HOSTNAME == treetowl ]]; then
- case $distro in
- debian|ubuntu)
- # note i had to do this, which is persistent:
- # cd /i/k
- # s chgrp debian-transmission torrents partial-torrents
-
- # syslog says things like
- # 'Failed to set receive buffer: requested 4194304, got 425984'
- # google suggets giving it even more than that
- tu /etc/sysctl.conf<<'EOF'
+ if [[ $HOSTNAME == treetowl ]]; then
+ case $distro in
+ debian|ubuntu)
+ # note i had to do this, which is persistent:
+ # cd /i/k
+ # s chgrp debian-transmission torrents partial-torrents
+
+ # syslog says things like
+ # 'Failed to set receive buffer: requested 4194304, got 425984'
+ # google suggets giving it even more than that
+ tu /etc/sysctl.conf<<'EOF'
net.core.rmem_max = 67108864
net.core.wmem_max = 16777216
EOF
- s sysctl -p
+ s sysctl -p
# some reason it doesn't seem to start automatically anyways
pi-nostart transmission-daemon
ser disable transmission-daemon
sgo transmission-daemon-nn
;;
- # todo: others unknown
- esac
-fi
+ # todo: others unknown
+ esac
+ fi
-# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
-if ! getent passwd debian-transmission > /dev/null; then
- case $distro in
- arch)
- s useradd \
- --system \
- --create-home \
- --home-dir /var/lib/transmission-daemon \
- --shell /bin/false \
- debian-transmission
- ;;
- *)
- s adduser --quiet \
- --system \
- --group \
- --no-create-home \
- --disabled-password \
- --home /var/lib/transmission-daemon \
- debian-transmission
- ;;
- esac
-fi
+ # adapted from /var/lib/dpkg/info/transmission-daemon.postinst
+ if ! getent passwd debian-transmission > /dev/null; then
+ case $distro in
+ arch)
+ s useradd \
+ --system \
+ --create-home \
+ --home-dir /var/lib/transmission-daemon \
+ --shell /bin/false \
+ debian-transmission
+ ;;
+ *)
+ s adduser --quiet \
+ --system \
+ --group \
+ --no-create-home \
+ --disabled-password \
+ --home /var/lib/transmission-daemon \
+ debian-transmission
+ ;;
+ esac
+ fi
# dunno why it's there, but get rid of it
case $HOSTNAME in
esac
# general known for debian/ubuntu, not for fedora
+
+case $distro in
+ debian|ubuntu)
+ pi golang-go
+ # a bit of googling, and added settings to bashrc
+ go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl
+ ;;
+ # others unknown
+esac
+
+
case $distro in
arch)
# cdrkit for cloud-init isos
d=jm; jm=d # being clever for succinctness
for s in d jm; do
s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \
- /etc/systemd/system/bitcoin${s}.service
+ /etc/systemd/system/bitcoin${s}.service
done
ser daemon-reload
done
sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg
-fi
+ fi
-# proprietary flash. going without for now
-# case $distro in
-# debian)
-# pi flashplugin-nonfree
-# esac
+ # proprietary flash. going without for now
+ # case $distro in
+ # debian)
+ # pi flashplugin-nonfree
+ # esac
-case $distro in
- fedora)
- cd $(mktemp -d)
- wget http://tamacom.com/global/global-6.3.2.tar.gz
- ex global*
- cd global-6.3.2
- # based on https://github.com/leoliu/ggtags
- ./configure --with-exuberant-ctags=/usr/bin/ctags
- make
- s make install
- s pip install pygments
- ;;
- *)
- pi global
- ;;&
- arch)
- pi python2-pygments
- ;;
- debian|ubuntu)
- pi python-pygments
- ;;
-esac
+ case $distro in
+ fedora)
+ cd $(mktemp -d)
+ wget http://tamacom.com/global/global-6.3.2.tar.gz
+ ex global*
+ cd global-6.3.2
+ # based on https://github.com/leoliu/ggtags
+ ./configure --with-exuberant-ctags=/usr/bin/ctags
+ make
+ s make install
+ s pip install pygments
+ ;;
+ *)
+ pi global
+ ;;&
+ arch)
+ pi python2-pygments
+ ;;
+ debian|ubuntu)
+ pi python-pygments
+ ;;
+ esac
-case $distro in
- debian)
- pi task-cinnamon-desktop
- # in settings, change scrolling to two-finger,
- # because the default edge scroll doesn\'t work.
- pu transmission-gtk
- ;;
- # others unknown
-esac
+ case $distro in
+ debian)
+ pi task-cinnamon-desktop
+ # in settings, change scrolling to two-finger,
+ # because the default edge scroll doesn\'t work.
+ pu transmission-gtk
+ ;;
+ # others unknown
+ esac
-case $distro in
- arch) spa apg ;;
+ case $distro in
+ arch) spa apg ;;
- # already in debian jessie
-esac
+ # already in debian jessie
+ esac
-# note this failed running at the beginning of this file,
-# because no systemd user instance was running.
-# Doing systemd --user resulted in
-# Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
+ # note this failed running at the beginning of this file,
+ # because no systemd user instance was running.
+ # Doing systemd --user resulted in
+ # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set
-if isdebian-testing; then
- # as of 7/2016, has no unstable deps, and is not in testing anymore.
- pi synergy/unstable
-else
- pi synergy
-fi
+ if isdebian-testing; then
+ # as of 7/2016, has no unstable deps, and is not in testing anymore.
+ pi synergy/unstable
+ else
+ pi synergy
+ fi
# case $distro in
# # ubuntu unknown. probably the same as debian, just check if the
iankelling.org / git / distro-setup / commitdiff