# EOF
# fi
-# website setup
+
+######### begin flidas pinned packages ######
+case $(debian-codename) in
+ # needed for debootstrap scripts for fai since fai requires debian
+ flidas)
+ curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
+ s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
+Package: *
+Pin: release a=xenial
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-security
+Pin-Priority: -100
+EOF
+ s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ xenial main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
+EOF
+
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
+Package: *
+Pin: release a=bionic
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-security
+Pin-Priority: -100
+EOF
+
+ # better to run btrfs-progs which matches our kernel version
+ # (note, renamed from btrfs-tools)
+ s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
+Package: btrfs-progs libzstd1
+Pin: release a=bionic
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-updates
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-security
+Pin-Priority: 1005
+EOF
+
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ bionic main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
+EOF
+ f=/etc/apt/sources.list.d/bionic.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ # no special reason, but its better for btrfs-progs to
+ # be closer to our kernel version
+ pi btrfs-progs
+
+ t=$(mktemp -d)
+ cd $t
+ aptitude download debootstrap/xenial
+ ex ./*
+ s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+
+ s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
+Package: *
+Pin: release a=etiona
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-security
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-backports
+Pin-Priority: -100
+EOF
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://mirror.fsf.org/trisquel/ etiona main
+deb http://mirror.fsf.org/trisquel/ etiona-updates main
+deb http://archive.trisquel.info/trisquel/ etiona-security main
+deb http://mirror.fsf.org/trisquel/ etiona-backports main
+EOF
+ f=/etc/apt/sources.list.d/etiona.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
+Package: debian-goodies
+Pin: release n=etiona
+Pin-Priority: 1005
+EOF
+
+
+ s dd of=/etc/apt/preferences.d/flidas-buster <<EOF
+Package: *
+Pin: release n=buster
+Pin-Priority: -100
+
+Package: *
+Pin: release n=buster-updates
+Pin-Priority: -100
+EOF
+
+ # dont use buster because it causes dist-upgrade to think its downgrading
+ # packages while really just reinstalling the same version.
+ f=/etc/apt/apt.conf.d/01iank
+ rm -f $f
+ # # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
+ # s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
+ # Acquire::AllowInsecureRepositories "true";
+ # EOF
+
+ f=/etc/apt/sources.list.d/buster.list
+ rm -f $f
+ # t=$(mktemp)
+ # cat >$t <<EOF
+ # deb http://http.us.debian.org/debian buster main
+ # deb-src http://http.us.debian.org/debian buster main
+
+ # deb http://security.debian.org/ buster/updates main
+ # deb-src http://security.debian.org/ buster/updates main
+
+ # deb http://http.us.debian.org/debian buster-updates main
+ # deb-src http://http.us.debian.org/debian buster-updates main
+ # EOF
+ # if ! diff -q $t $f; then
+ # s cp $t $f
+ # s chmod 644 $f
+ # p update
+ # fi
+
+ # newer version needed for false positive in checkrestart.
+ # I did buster at first, but other problem above with having
+ # buster repos. not sure if the false positive exists in etiona.
+ p install -y --allow-unauthenticated debian-goodies
+
+ s dd of=/etc/apt/preferences.d/shellcheck <<EOF
+Package: shellcheck
+Pin: release a=etiona
+Pin-Priority: 1005
+
+Package: shellcheck
+Pin: release a=etiona-updates
+Pin-Priority: 1005
+
+Package: shellcheck
+Pin: release a=etiona-security
+Pin-Priority: 1005
+EOF
+
+ s dd of=/etc/apt/preferences.d/bash <<EOF
+Package: bash
+Pin: release a=etiona
+Pin-Priority: 1005
+
+Package: bash
+Pin: release a=etiona-updates
+Pin-Priority: 1005
+
+Package: bash
+Pin: release a=etiona-security
+Pin-Priority: 1005
+EOF
+
+
+ ;;
+ *)
+ if isdeb; then
+ pi debian-goodies shellcheck
+ fi
+ ;;
+esac
+######### end flidas pinned packages ######
+
+##### begin automatic upgrades (after checkrestart has been installed) ####
+s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
+# this file was mostly just comments.
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
+EOF
+
+s dd of=/etc/apt/apt.conf.d/50unattended-upgrades <<EOF
+# fyi: default file has comments about available options,
+# you may want to read that, do pkx unattended-upgrades
+Unattended-Upgrade::Mail "root";
+Unattended-Upgrade::MailOnlyOnError "true";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::Origins-Pattern {
+ # default is just security updates. this list found from reading
+ # match_whitelist_string() in `which unattended-upgrades`
+ "o=*,l=*,a=*,c=*,site=*,n=*";
+};
+EOF
+
+# old names, too verbose
+s rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot
+
+s dd of=/etc/cron.d/myupgrade <<'EOF'
+# Setup reboots when running outdated stuff, unattended upgrades happen
+# at 6 am + rand(60 min).
+20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
+0 * * * * root /usr/local/bin/mycheckrestart | /usr/local/bin/log-once -1 mycheckrestart
+EOF
+##### end automatic upgrades ####
+
+
+
+###### begin website setup
case $HOSTNAME in
li)
###### stop znc setup #####
- ######### begin flidas pinned packages ######
- case $(debian-codename) in
- # needed for debootstrap scripts for fai since fai requires debian
- flidas)
- curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
- s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
-Package: *
-Pin: release a=xenial
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-security
-Pin-Priority: -100
-EOF
- s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ xenial main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
-EOF
-
- s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
- s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
-Package: *
-Pin: release a=bionic
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-security
-Pin-Priority: -100
-EOF
-
- # better to run btrfs-progs which matches our kernel version
- # (note, renamed from btrfs-tools)
- s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
-Package: btrfs-progs libzstd1
-Pin: release a=bionic
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-updates
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-security
-Pin-Priority: 1005
-EOF
-
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ bionic main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
-EOF
- f=/etc/apt/sources.list.d/bionic.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
-
- # no special reason, but its better for btrfs-progs to
- # be closer to our kernel version
- pi btrfs-progs
-
- t=$(mktemp -d)
- cd $t
- aptitude download debootstrap/xenial
- ex ./*
- s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
-
- s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
-Package: *
-Pin: release a=etiona
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-security
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-backports
-Pin-Priority: -100
-EOF
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://mirror.fsf.org/trisquel/ etiona main
-deb http://mirror.fsf.org/trisquel/ etiona-updates main
-deb http://archive.trisquel.info/trisquel/ etiona-security main
-deb http://mirror.fsf.org/trisquel/ etiona-backports main
-EOF
- f=/etc/apt/sources.list.d/etiona.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
-
- s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
-Package: debian-goodies
-Pin: release n=etiona
-Pin-Priority: 1005
-EOF
-
-
- s dd of=/etc/apt/preferences.d/flidas-buster <<EOF
-Package: *
-Pin: release n=buster
-Pin-Priority: -100
-
-Package: *
-Pin: release n=buster-updates
-Pin-Priority: -100
-EOF
-
- # dont use buster because it causes dist-upgrade to think its downgrading
- # packages while really just reinstalling the same version.
- f=/etc/apt/apt.conf.d/01iank
- rm -f $f
-# # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
-# s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
-# Acquire::AllowInsecureRepositories "true";
-# EOF
-
- f=/etc/apt/sources.list.d/buster.list
- rm -f $f
-# t=$(mktemp)
-# cat >$t <<EOF
-# deb http://http.us.debian.org/debian buster main
-# deb-src http://http.us.debian.org/debian buster main
-
-# deb http://security.debian.org/ buster/updates main
-# deb-src http://security.debian.org/ buster/updates main
-
-# deb http://http.us.debian.org/debian buster-updates main
-# deb-src http://http.us.debian.org/debian buster-updates main
-# EOF
-# if ! diff -q $t $f; then
-# s cp $t $f
-# s chmod 644 $f
-# p update
-# fi
-
- # newer version needed for false positive in checkrestart.
- # I did buster at first, but other problem above with having
- # buster repos. not sure if the false positive exists in etiona.
- p install -y --allow-unauthenticated debian-goodies
-
- s dd of=/etc/apt/preferences.d/shellcheck <<EOF
-Package: shellcheck
-Pin: release a=etiona
-Pin-Priority: 1005
-
-Package: shellcheck
-Pin: release a=etiona-updates
-Pin-Priority: 1005
-
-Package: shellcheck
-Pin: release a=etiona-security
-Pin-Priority: 1005
-EOF
-
- s dd of=/etc/apt/preferences.d/bash <<EOF
-Package: bash
-Pin: release a=etiona
-Pin-Priority: 1005
-
-Package: bash
-Pin: release a=etiona-updates
-Pin-Priority: 1005
-
-Package: bash
-Pin: release a=etiona-security
-Pin-Priority: 1005
-EOF
-
-
- ;;
- *)
- if isdeb; then
- pi debian-goodies shellcheck
- fi
- ;;
- esac
- ######### end flidas pinned packages ######
-
- ##### begin automatic upgrades (after checkrestart has been installed) ####
- s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
-# this file was mostly just comments.
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::AutocleanInterval "7";
-APT::Periodic::Unattended-Upgrade "1";
-EOF
-
- s dd of=/etc/apt/apt.conf.d/50unattended-upgrades <<EOF
-# fyi: default file has comments about available options,
-# you may want to read that, do pkx unattended-upgrades
-Unattended-Upgrade::Mail "root";
-Unattended-Upgrade::MailOnlyOnError "true";
-Unattended-Upgrade::Remove-Unused-Dependencies "true";
-Unattended-Upgrade::Origins-Pattern {
- # default is just security updates. this list found from reading
- # match_whitelist_string() in `which unattended-upgrades`
- "o=*,l=*,a=*,c=*,site=*,n=*";
-};
-EOF
-
- # old names, too verbose
- s rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot
-
- s dd of=/etc/cron.d/myupgrade <<'EOF'
-# Setup reboots when running outdated stuff, unattended upgrades happen
-# at 6 am + rand(60 min).
-20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
-0 * * * * root /usr/local/bin/mycheckrestart | /usr/local/bin/log-once -1 mycheckrestart
-EOF
- ##### end automatic upgrades ####
-
echo "$0: $(date): ending now)"
exit 0
;;
esac
+###### end website setup
########### end section including li/lj ###############
iankelling.org / git / distro-setup / commitdiff