# set the scrollback to unlimited in case something goes wrong
if [[ $EUID == 0 ]]; then
- echo error: do not run as root
+ echo "error: do not run as root"
exit
fi
set -E
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
-headless=false
-debian_stable=false
+# headless=false # unused atm
recompile=true
# for copying to a new data fs
-bootstrapfs=false
+bootstrapfs=false # old flag, needs new look before using.
while [[ $1 == -* ]]; do
case $1 in
# avoid some of the longer compilation steps,
# when we need to rerun because we had an error
-n) recompile=false; shift ;;
- -b) boostrap_new_comp=true; shift ;;
esac
done
host=$HOSTNAME
fi
-for f in iank-dev htpc treetowl x2 frodo; do
+for f in iank-dev htpc treetowl x2 frodo tp; do
eval "$f() { [[ $host == $f ]]; }"
done
-encrypted() { iank-dev || x2 || frodo ; }
+has_p() { iank-dev || x2 || frodo; }
+encrypted() { has_p || tp; }
shopt -s extglob
export GLOBIGNORE=*/.:*/..
# this script has been designed to be idempotent
# todo, it would be nice to cut down on some of the output
+
+
+
+# output is below so shellcheck can verify sources
for x in /a/bin/bash-programs-by-ian/repos/{errhandle,tee-unique,lnf}/*-function; do
- source $x;
+ echo "# shellcheck source=$x";
+ # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/bash-trace-function
+ # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errallow-function
+ # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errcatch-function
+ # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errexit-function
+ # shellcheck source=/a/bin/bash-programs-by-ian/repos/tee-unique/teeu-function
+ # shellcheck source=/a/bin/bash-programs-by-ian/repos/lnf/lnf-function
+ source $x
done
+
+
set +e
$interactive || errcatch
source /a/bin/distro-functions/src/identify-distros
-
if isfedora; then
# comment out line disallowing calling sudo in scripts
sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list
# non-existent var, as Im not planning to use stable right now
- if $debian_stable; then
+ if isdebian-stable; then
code=$(debian-codename)
- tu /etc/apt/sources.list <<EOF
+ s dd of=/etc/apt/sources.list.d/mozilla-iceweasel <<EOF
deb http://mozilla.debian.net/ $code-backports iceweasel-release
deb-src http://mozilla.debian.net/ $code-backports iceweasel-release
EOF
# we change the mirror from the default, so we cant use tu
- if ! grep -qP "^deb [^ ]+ $code-backports main contrib non-free" /etc/apt/sources.list; then
- s tee -a /etc/apt/sources.list <<EOF
+ s dd of=/etc/apt/sources.list.d/main-backports <<EOF
deb http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
deb-src http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
EOF
- fi
p update
# take care of mozilla signing errors in previous command
pi pkg-mozilla-archive-keyring
else
- sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' \
- /etc/apt/sources.list
- pup
+ :
+ # this would change stable to testing, but I set that up already.
+ # It\'s just a no-op if its already testing.
+ # sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' /etc/apt/sources.list
+ p update
fi
- # doesnt exist on ubuntu. ubuntu has a mirror type url to use instead.
- pi netselect-apt
- debian_pick_mirror
fi
if isarch; then
sudo dd of=/etc/pacman.conf if=$x; rm $x
sudo systemctl enable pacserve.service
sudo systemctl start pacserve.service
+
+ # strange error if just installing trash-cli: "pyalpm requires python",
+ # so I see that it requires python2, and installing that manually fixes it.
+ # I didn't see this on earlier installation, main thing which changed was
+ # pacserve, so not sure if it's related.
+ pi python2
fi
+
pup
-# strange error if just installing trash-cli: "pyalpm requires python",
-# so I see that it requires python2, and installing that manually fixes it.
-# I didn't see this on earlier installation, main thing which changed was
-# pacserve, so not sure if it's related.
-pi python2 trash-cli
+pi trash-cli
###### link files ###########
# todo: this is desktop specific. on work comp, mkdir /p/.editor-backups
# todo: reconcile ~/.ssh/config work/home
-if encrypted; then
+if has_p; then
lnf -T /p/offlineimap ~/Maildir
lnf -T /p/News ~/News
s lnf -T /q/p /p
# don't use /* because I don't want to require it to be mounted
s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
- /q/root/.ssh /q/root/sasl_passwd /q/root/sasl_passwd.db /a/opt \
+ /q/root/.ssh /a/opt \
/a/c/.emacs.d ~/.unison /root
fi
-for x in /a/c/repos/*/!(.git); do
- [[ $x == */. || $x == */.. ]] && continue # workaround for ubuntu 14.04 bug
- lnf "$x" ~
-done
-
s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
if [[ $HOSTNAME == htpc ]]; then
lnf -T /i/Videos ~/Downloads
fi
-if encrypted; then
+if has_p; then
# for dovecot
lnf -T /i/mboxes ~/mail
fi
# basic needed packages
case $(distro-name) in
debian)
- pi $( $debian_stable && e -t $code-backports ) iceweasel \
- linux-image-amd64 firmware-linux-nonfree \
- firmware-linux-free linux-headers-amd64
+ pi $( isdebian-stable && e -t $code-backports ) iceweasel
+ # for hosts which require nonfree drivers
+ case $HOSTNAME in
+ tp|x2) : ;;
+ *) pi linux-image-amd64 firmware-linux-nonfree \
+ firmware-linux-free linux-headers-amd64
+ ;;
+ esac
;;&
ubuntu|debian)
pi xmacro gtk-redshift xinput
pi xbindkeys xkbset cryptsetup unison
+pi lvm2
# enables trim for volume delete, other rare commands.
sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+
if encrypted; then
if isdeb; then
sudo cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system
fi
# does weekly trim
sudo systemctl enable fstrim.timer
+fi
+if has_p; then
# relatime is default, but it still significantly increases writes
# in comparison because it writes on the first read after each
# write.
if ! frodo; then
dirs+=(/q)
fi
- s mkdir -p ${dirs[@]}
- s chown ian:ian ${dirs[@]}
+ s mkdir -p "${dirs[@]}"
+ s chown ian:ian "${dirs[@]}"
# ssh and probably some other things care about parent directory
# ownership, and ssh doesn\'t allow any group writable parent
# directories, so we are forced to use a directory structure similar
- # emacs dependencies.
+fi
- # dunno why debian installed postfix with yum-builddep emacs
- # but I will just explicitly install it here since
- # I use it for sending mail in emacs.
- if isdeb; then
- s debconf-set-selections<<EOF
-postfix postfix/main_mailer_type select Satellite system
-postfix postfix/mailname string $host
-postfix postfix/relayhost string [mail.messagingengine.com]:587
-EOF
- pi postfix
- else
- pi postfix
- s postconf -v 'relayhost = [mail.messagingengine.com]:587'
- s systemctl enable postfix
- s systemctl start postfix
- fi
+
+
+# exptected directory for .editor-backups
+if ! has_p; then
+ s lnf /a/p /
fi
/a/bin/conflink
EOF
+
+# emacs dependency.
+# dunno why debian installed postfix with yum-builddep emacs
+# but I will just explicitly install it here since
+# I use it for sending mail in emacs.
+if private-host; then
+ relayhost="[mail.messagingengine.com]:587"
+else
+ # ses initially suggests port 25, but I had problems connecting to that.
+ relayhost="[email-smtp.us-west-2.amazonaws.com]:587"
+fi
+if isdeb; then
+ s debconf-set-selections<<EOF
+postfix postfix/main_mailer_type select Satellite system
+postfix postfix/mailname string $host
+postfix postfix/relayhost string $relayhost
+EOF
+
+ pi postfix
+else
+ pi postfix
+ # Settings from reading the output when installing on debian,
+ # then seeing which were different in a default install on arch.
+ # I assume the same works for fedora.
+ postconfin <<EOF
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+relayhost = $relayhost
+inet_interfaces = loopback-only
+EOF
+
+ s systemctl enable postfix
+ s systemctl start postfix
+fi
+
+
if isarch; then
# install so it's build dependencies don't get removed.
x=$(mktemp -d)
popd
rm -rf $x
else
+ # to disable emacs git build,
+ # s apt-get install emacs
if $recompile; then
/a/bin/buildscripts/emacs
else
# fedora didn\'t have the 3.
dir=/etc/gdm
fi
- mkdir -p $dir/PostLogin
+ s mkdir -p $dir/PostLogin
s command cp /a/bin/desktop-20-autostart.sh $dir/PostLogin/Default
s mkdir /etc/lightdm/lightdm.conf.d
s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF'
PATH="$PATH:$HOME/.cabal/bin"
# trying out the distro's versions newer distros
-if $debian_stable || isubuntu; then
+if isdebian-stable || isubuntu; then
# todo: on ubuntu 12.04, needed to install zlib1g-dev
cabal install cabal-install
pu cabal-install
fi
fi
pi dmenu
+
+if isdeb && (tp || x2); then
+ pi task-laptop
+fi
set -x
-distro=$(distro-name)
+end_msg() {
+ local y
+ IFS= read -r -d '' y ||:
+ end_msg_var+="$y"
+}
+distro=$(distro-name)
-is_debian_testing() {
- grep -E '^[^#]debian.*\stesting\s+main\s*$' /etc/apt/sources.list &>/dev/null
-}
# template
case $distro in
duplicity
fail2ban
fdupes
+ filelight
gdb
gnome-screenshot
+ mailutils
meld
mpv
offlineimap
smartmontools
squashfs-tools
tree
+ virt-manager
)
pi "${x[@]}"
case $distro in
arch) pi the_silver_searcher ;;
- # others unknown
+ debian|ubuntu) pi silversearcher-ag ;;
+ # fedora unknown
esac
# printer
# In debian, I could use hte recommended driver,
# in arch, I had to pick out the 6L driver.
;;
+ debian|ubuntu)
+ pi hplip
+ ;;
# other distros unknown
esac
case $distro in
- ubuntu|debian) pi ack-grep nfs-client ;;
+ ubuntu|debian) pi ack-grep ;;
arch|fedora) pi ack ;;
# fedora unknown
esac
ubuntu|debian) pi par2 ;;
arch|fedora) pi par2cmdline ;;
esac
-case $distro in
- arch|fedora) pi unison ;;
- # deb/ubuntu, it depends what version they have.
- # arch and fedora have unison240 and unison-240-compat respectively,
- # but that failed to sync with an ubuntu 12.04 which had unson 2.40,
- # so I installed it manually, but hopefully never have to use it on 12.04 again.
-
- # wget http://caml.inria.fr/pub/distrib/ocaml-4.02/ocaml-4.02.3.tar.gz
- # ./configure
- # make world opt
- # s make install
-
- # wget http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.48.3.tar.gz
- # make
- # s cp unison /usr/local/bin
-esac
# needed for my tex resume
case $distro in
ubuntu|debian) pi texlive-full ;;
fedora)
pi yum-utils
# rpm fusion recommended codecs
- s su -c 'yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
+ s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
xine-lib-extras-freeworld
;;
esac
+
case $distro in
# optional dep for firefox for h.264 video
arch) pi gst-libav ;;
*) : ;; # comes default or with other packages
esac
-# general others are unknown bucket
+case $distro in
+ arch|debian|ubuntu)
+ pi bash-completion
+ ;;
+ # others unknown
+esac
+
+
+case $distro in
+ arch) pi ttf-dejavu;;
+ debian|ubuntu) pi fonts-dejavu ;;
+ # others unknown
+esac
+
+case $distro in
+ arch|debian|ubuntu) pi ntp;;
+ # others unknown
+esac
+
+case $distro in
+ arch) pi xorg-xev;;
+ debian|ubuntu) pi x11-utils ;;
+ # others unknown
+esac
+
+case $distro in
+ arch) pi virt-install;;
+ debian|ubuntu) pi virtinst ;;
+ # others unknown
+esac
+
+case $distro in
+ arch) pi cdrkit;;
+ debian|ubuntu) pi genisoimage;;
+ # others unknown
+esac
+
+case $distro in
+ arch) pi spice-gtk3 ;;
+ debian|ubuntu) pi spice-client-gtk;;
+ # others unknown
+esac
+
+# general known for debian/ubuntu, not for fedora
case $distro in
arch)
# cdrkit for cloud-init isos
# dnsmasq for nat networking in libvirt
# qemu for qemu-img, bind-tools for dig
- pi ttf-dejavu bash-completion unzip ntp wget xorg-xev xorg-xmodmap \
- virt-install bridge-utils cdrkit dnsmasq qemu spice-gtk3 bind-tools
+ pi unzip wget xorg-xmodmap \
+ bridge-utils dnsmasq qemu bind-tools
sgo ntpd
- s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
# otherwise we get error about accessing kvm module.
# seems like there might be a better way, but google was a bit vague.
+ s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
# https://bbs.archlinux.org/viewtopic.php?id=206206
# # this should prolly go in the wiki
esac
+
case $distro in
arch)
# ubuntu 14.04 uses b-cron,
case $distro in
- arch|arch) pi pumpa ;;
- *) /a/bin/buildscripts/pumpa ;;
+ arch|debian|ubuntu) pi pumpa ;;
+ # others unknown. do have a buildscript:
+ # /a/bin/buildscripts/pumpa ;;
esac
case $distro in
- ubuntu) pi android-tools-adb ;;
+ debian|ubuntu) pi android-tools-adb ;;
arch) pi android-tools ;;
# other distros unknown
esac
s pip install pygments
;;
*)
- pi global python2-pygments
+ pi global
+ ;;&
+ arch)
+ pi python2-pygments
+ ;;
+ debian|ubuntu)
+ pi python-pygments
;;
esac
-######### end misc packages #########
+# leave this for last so it doesn't do a bunch of other apps
+# which I want explicitly installed in case I switch DE's
+case $distro in
+ debian)
+ pi task-cinnamon-desktop
+ # in settings, change scrolling to two-finger,
+ # because the default edge scroll doesn\'t work.
+ ;;
+ # others unknown
+esac
+######### end misc packages #########
# packages I once used before and liked, but don't want installed now for
-# various reasons
+# various reasons:
# python-sqlite is used for offlineimap
# lxappearance python-sqlite dolphin paman dconf-editor
+
+
+######## unfinished
+
# todo, finish configuring smart.
# mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
# turn on smart. background on options:
# broken under the default ordering, except the host I was
# testing with previously had an entry in /etc/hosts.
+############# end unfinished
case $distro in
arch)
esac
+case $distro in
+ arch|debian|ubuntu) pi btrbk ;;
+ # others unknown
+esac
+
if [[ $HOSTNAME == treetowl ]]; then
- case $distro in
- arch) pi btrbk ;;
- # others unknown
- esac
pi fail2ban
- s systemctl enable fail2ban
- s systemctl start fail2ban
+ sgo fail2ban
fi
# /usr/share/doc/unattended-upgrades# cat README.md
# /etc/apt/apt.conf.d/50unattended-upgrades
if isdebian; then
- pi unattended-upgrade
+ pi unattended-upgrades
s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
+# this file was mostly just comments.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
Unattended-Upgrade::Mail "root";
Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::Origins-Pattern {
+# default is just upgrade main and security, not updates.
+EOF
+ if isdebian-testing; then
+ cat <<'EOF'
+# for stable, only do security updates.
+ "origin=Debian,codename=${distro_codename},label=Debian-Security";
EOF
- if ! is_debian_testing; then
cat <<'EOF'
-# default is just upgrade main and security, not updates.
-# If it's not testing, just upgrade everything.
# These are stable packages only getting bugfixes anyways.
-Unattended-Upgrade::Origins-Pattern {
"origin=*";
+EOF
+ cat <<'EOF'
};
EOF
fi
- } >/etc/apt/apt.conf.d/50unattended-upgrades
+ } | s dd of=/etc/apt/apt.conf.d/50unattended-upgrades
+ echo $- > /tmp/x
fi
# but postfix didn't like that
if [[ ! -L /var/spool/postfix ]]; then
ser stop postfix
- s t /q/postfix
+ if [[ -e /q/postfix ]]; then
+ echo "$0: error: /q/postfix exists but not the link to it"
+ fi
s mv /var/spool/postfix /q
s lnf /q/postfix /var/spool
ser start postfix
journalctl -n 20
fi
-# send mail to a better place than /var/mail/ian
-s sed -i '/^root/d' /etc/aliases ||:
-echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases
+
+# This also works instead of ~/.forward
+# s sed -i '/^root/d' /etc/aliases ||:
+#echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases
# this can't be a symlink and has permission restrictions
# it might work in /etc/aliases, but this seems more proper.
-e "$HOSTNAME@bog.mm.st" > ~/.forward
+
+if s grep amazonaws /etc/postfix/sasl_passwd &>/dev/null; then
+ forward=x@sallymae.club
+else
+ forward=$HOSTNAME@bog.mm.st
+fi
+e $forward > ~/.forward
+e $forward | s tee /root/.forward
s newaliases
+# if I wanted the from address to be renamed and sent to a different address,
+# echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
+# sudo postmap hash:/etc/postfix/recipient_canonical
+# sudo service postfix reload
+
+
# i'm assuming mail just won't work on systems without the sasl_passwd.
postconfin <<'EOF'
smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/q/root/sasl_passwd
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = secure
message_size_limit = 20480000
EOF
# ^ I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
+s postmap hash:/etc/postfix/sasl_passwd
# offlineimap uses this too, it is much easier to use one location than to
# condition it's config and postfix's config
case $distro in
*) :
esac
-ser enable postfix
-ser start postfix
+s service postfix reload
+sgo postfix
############ end postfix #######
sgo tor
/a/bin/buildscripts/tor-browser
;;
- debian)
- tu /etc/apt/sources.list 'deb http://deb.torproject.org/torproject.org trusty main'
+ ubuntu)
+ tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
p update
pi tor
/a/bin/buildscripts/tor-browser
;;
+ debian)
+ pi tor
+ /a/bin/buildscripts/tor-browser
+ ;;
arch)
pi tor tor-browser-en
sgo tor
# nfs server
case $distro in
fedora)
- read -r -d '' fedora_end_msg <<'EOF'
+ end_msg <<'EOF'
fedora todo: disable the firewall or find a way to automate it.
there's an unused section in t.org for tramikssion firewall setup
sgo nfs-server
;;
esac
-# nohide = export filesystems mounted deeper than the export point
-# fsid=0 makes this export the "root" export
-# not documented in the man page, but this means
-# 1. it can be mounted with a shorthand of server:/
-# 2. exports that are subdirectories of this one will automatically be mounted
-tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
-s exportfs -rav
-showmount -e localhost
+if [[ -e /i/video ]]; then
+ # nohide = export filesystems mounted deeper than the export point
+ # fsid=0 makes this export the "root" export
+ # not documented in the man page, but this means
+ # 1. it can be mounted with a shorthand of server:/
+ # 2. exports that are subdirectories of this one will automatically be mounted
+ tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
+ s exportfs -rav
+ showmount -e localhost
+fi
# cron
$f
fi
-
-if [[ ${distro}_end_msg ]]; then
- echo ${distro}_end_msg
-fi
+e "$end_msg_var"