From: Ian Kelling Date: Mon, 17 Jul 2017 02:41:43 +0000 (-0700) Subject: lots of stuff lumped together X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=1ad20724a44a0ee3adc2f4a1d002850fbad7a372 lots of stuff lumped together --- diff --git a/btrbk-run b/btrbk-run index 4642a70..7a1d946 100755 --- a/btrbk-run +++ b/btrbk-run @@ -35,7 +35,16 @@ conf_only=false dry_run=false # mostly for testing resume_arg= do_i=true -do_o=true +if [[ $HOSTNAME == $MAIL_HOST ]]; then + do_o=true +else + do_o=false +fi + +default_args_file=/etc/btrbk-run.conf +if [[ -r $default_args_file ]]; then + set -- $(< $default_args_file) "$@" +fi temp=$(getopt -l help hcinoprt: "$@") || usage 1 eval set -- "$temp" @@ -150,10 +159,12 @@ if [[ ! $targets ]]; then targets=(frodo) ;; esac - echo "targets: ${targets[*]}" fi +echo "targets: ${targets[*]}" + + # for i, we just do a 1 way sync from master to backup, # and manually manage any changes to that. i_possible=false diff --git a/certbot-renew-hook b/certbot-renew-hook index fb7a895..70aa418 100755 --- a/certbot-renew-hook +++ b/certbot-renew-hook @@ -16,8 +16,18 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -d=/etc/letsencrypt/live/pump.iankelling.org -if [[ $RENEWED_LINEAGE == $d ]]; then - install -m 640 -g pumpio $d/{privkey.pem,fullchain.pem} /home/pumpio -fi -exit 0 +domain_user=( + pump.iankelling.org pumpio + mumble.iankelling.org mumble-server +) + +for ((i=0; i<${#domain_user[@]}; i+=2)); do + domain=${domain_user[i]} + user=${domain_user[i+1]} + + d=/etc/letsencrypt/live/$domain + if [[ $RENEWED_LINEAGE == $d ]]; then + install -m 640 -g $user $d/{privkey.pem,fullchain.pem} $(eval echo ~$user) + exit 0 + fi +done diff --git a/conflink b/conflink index 1fb519d..7a597e3 100755 --- a/conflink +++ b/conflink @@ -55,7 +55,7 @@ common-file-setup() { fi if [[ -e $dir/subdir_files ]]; then - subdir-link-r $dir/subdir_files + m subdir-link-r $dir/subdir_files fi local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) ) (( ${#x[@]} >= 1 )) || continue @@ -74,19 +74,19 @@ c_dirs=(/a/c{,/machine_specific/$HOSTNAME}) case $USER in ian) # p needs to go first so .ssh link is created, then config link inside it - common-file-setup ${all_dirs[@]} + m common-file-setup ${all_dirs[@]} if [[ -d /etc/bind/bind-writable ]]; then # need bind writable dir for nsupdate, or else we get # named[20823]: /etc/bind/db.iank.pw.jnl: create: permission denied - s chgrp bind /etc/bind/bind-writable + m s chgrp bind /etc/bind/bind-writable fi if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then s chgrp www-data /etc/davpass fi - sudo -u traci "$BASH_SOURCE" + m sudo -H -u traci "$BASH_SOURCE" ;; traci) - common-file-setup ${c_dirs[@]} + m common-file-setup ${c_dirs[@]} ;; *) echo "$0: error: unexpected user"; exit 1 diff --git a/desktop-20-autostart.sh b/desktop-20-autostart.sh index a86864a..3d5b719 100755 --- a/desktop-20-autostart.sh +++ b/desktop-20-autostart.sh @@ -49,4 +49,5 @@ fi if isarch; then pulseaudio --start fi +#indicator-kdeconnect date "+%A, %B %d, %r, %S seconds" > /tmp/desktop-20-autostart-log diff --git a/distro-begin b/distro-begin index 9f232c5..2577879 100755 --- a/distro-begin +++ b/distro-begin @@ -165,7 +165,7 @@ fi # already ran for pxe installs, but used for vps & updates distro=$(distro-name) case $distro in - ubuntu|debian) + ubuntu|debian|trisquel) sudo bash -c ". /a/bin/fai/fai-wrapper && /a/bin/fai/fai/config/scripts/GRUB_PC/11-ian" ;; *) @@ -209,6 +209,9 @@ $interactive || set -x tu /etc/sudoers <<'EOF' ian ALL=(ALL) NOPASSWD: ALL Defaults env_keep += SUDOD +# makes ubuntu be like debian +# https://unix.stackexchange.com/a/91572 +Defaults always_set_home EOF @@ -216,9 +219,9 @@ EOF isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1' -if isdebian; then - codename=$(debian-codename) +if isdeb; then if isdebian-stable && has_x; then + codename=$(debian-codename) s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list </dev/null; then # this condition is just a speed optimization @@ -212,13 +223,13 @@ case $distro in esac case $distro in - ubuntu|debian) spa ack-grep ;; + ubuntu|trisquel|debian) spa ack-grep ;; arch|fedora) spa ack ;; # fedora unknown esac case $distro in - arch|debian|ubuntu) + arch|debian|ubuntu|trisquel) spa bash-completion ;; # others unknown @@ -242,7 +253,7 @@ case $distro in s update-rc.d motd disable fi ;; - ubuntu) + ubuntu|trisquel) # this isn't a complete solution. It still shows me when updates are available, # but it's no big deal. s t /etc/update-motd.d/10-help-text /etc/update-motd.d/00-header @@ -264,6 +275,20 @@ pi "${simple_packages[@]}" simple_packages=() +### begin docker install #### +# https://store.docker.com/editions/community/docker-ce-server-debian?tab=description +pi software-properties-common apt-transport-https +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - +sudo add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/debian \ + $(lsb_release -cs) \ + stable" +p update +pi docker-ce +sgo docker +### end docker install #### + + case $distro in debian) # note, need python-certbot-nginx for nginx, but it depends on nginx, @@ -304,9 +329,24 @@ case $HOSTNAME in pi-nostart mumble-server s $sed -ri "s/^ *(serverpassword=).*/\1$(< /a/bin/bash_unpublished/mumble_pass)/" /etc/mumble-server.ini + + # do certificate to avoid warning about unsigned cert, + # which is overkill for my use, but hey, I'm cool, I know + # how to do this. + web-conf apache2 mumble.iankelling.org + s rm -f /etc/apache2/sites-enabled/mumble.iankelling.org + sudo -i <<'EOF' +export RENEWED_LINEAGE=/etc/letsencrypt/live/mumble.iankelling.org +/a/bin/distro-setup/certbot-renew-hook +EOF + sgo mumble-server vpn-server-setup -d + tee /etc/openvpn/client-config/mail <<'EOF' +ifconfig-push 10.8.0.4 255.255.255.0 +EOF + sudo dd of=/etc/systemd/system/vpnmail.service < +# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication + Options +FollowSymLinks +Multiviews +Indexes AllowOverride None AuthType basic @@ -342,7 +383,7 @@ EOF # setup one time, with root:www-data, 640 AuthUserFile "/etc/caldav-htpasswd" Require valid-user - + EOF # nginx version of above would be: # auth_basic "Not currently available"; @@ -451,29 +492,29 @@ EOF ############# begin setup mastodon ############## - # https://store.docker.com/editions/community/docker-ce-server-debian?tab=description - pi software-properties-common apt-transport-https - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - - sudo add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/debian \ - $(lsb_release -cs) \ - stable" - p update - pi docker-ce - sgo docker + # I'd like to try gnu social just cuz of gnu, but it's not being + # well maintained, for example, simple pull requests + # languishing: + # https://git.gnu.io/gnu/gnu-social/merge_requests/143 + # and I submitted my own bugs, basic docs are broken + # https://git.gnu.io/gnu/gnu-social/issues/269 - curl -L https://github.com/docker/compose/releases/download/1.12.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose - s chmod +x /usr/local/bin/docker-compose + # note, docker required, but we installed it earlier # i subscrubed to https://github.com/docker/compose/releases.atom - # to deal with updates manually. + # to deal with updates manually. So far, it means just reving the + # version number, then restarting docker-compose with + # cd ~/mastodon + # docker-compose up -d + curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` | s dd of=/usr/local/bin/docker-compose + s chmod +x /usr/local/bin/docker-compose + cd ~ i clone https://github.com/tootsuite/mastodon cd mastodon - # https://github.com/tootsuite/mastodon/tree/v1.1.2 # subbed to atom feed to deal with updates - i co v1.1.2 + git checkout $(git tag | grep -v rc | tail -n1) # per instructions, uncomment redis/postgres persistence in docker-compose.yml sed -i 's/^#//' docker-compose.yml @@ -622,7 +663,7 @@ fi ######### end pump.io periodic backup ############# case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) # suggests because we want the resolvconf package. # todo: check other distros to make sure it\'s installed pi-nostart --install-suggests openvpn @@ -632,20 +673,7 @@ case $distro in *) pi openvpn;; esac -if private-host; then - vpn-mk-client-cert -n mail li - cn=$(s openssl x509 -noout -nameopt multiline -subject \ - -in /etc/openvpn/client/mail.crt | \ - sed -rn 's/^\s*commonName\s*=\s*(.*)/\1/p') - echo "ifconfig-push 10.8.0.4 255.255.255.0" | \ - ssh root@li dd of=/etc/openvpn/client-config/"$cn" -fi -ser enable mailroute -if [[ $HOSTNAME == treetowl ]]; then - # note, this will need to be changed when the mail/contacts host changes - sgo openvpn-client@mail - /a/bin/distro-setup/radicale-setup -fi +/a/bin/distro-setup/radicale-setup ## android studio setup # this contains the setting for android sdk to point to @@ -669,7 +697,7 @@ if [[ $HOSTNAME == treetowl ]]; then # syncs between comps. case $distro in arch) pi syncthing ;; - ubuntu|debian) + ubuntu|trisquel|debian) # testing has relatively up to date packages if ! isdebian-testing; then # based on error when doing apt-get update: @@ -738,7 +766,7 @@ fi # no equivalent in other distros: case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) # for gui bug reporting spa python-vte ;; @@ -747,8 +775,41 @@ esac ####### misc packages ########### +# nagstamon setting which were set through the ui +# in filters tab: +# all unknown sources +# all warning services +# acknowledged hosts & services +# hosts & services down for maintenence +# services on down hosts +# services on hosts in maintenece +# services on unreachable osts +# hosts in soft state +# services in soft state +# in display tab: icon in systray. + +case $distro in + debian|ubuntu|trisquel) + # it asks if it should make users in it's group capture packets without root, + # which is arguably more secure than running wireshark as root. default is no, + # which is what i prefer, since I plan to use tcpdump to input to wireshark. + s DEBIAN_FRONTEND=noninteractive pi wireshark-gtk + ;; + # others unknown +esac + + +case $distro in + debian|ubuntu|trisquel) + # no recommends because it wanted some other unstable package, something to + # do with math or something, which I didn't want to deal with. + p -y --no-install-recommends install python3-send2trash/unstable anki/unstable + ;; + # others unknown +esac + case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) # note i had to do this, which is persistent: # cd /i/k # s chgrp debian-transmission torrents partial-torrents @@ -903,7 +964,7 @@ pi wget case $HOSTNAME in tp|frodo) case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) log=$(mktemp) cd /a/opt wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb @@ -945,7 +1006,7 @@ case $distro in # In debian, I could use hte recommended driver, # in arch, I had to pick out the 6L driver. ;; - debian|ubuntu) + debian|ubuntu|trisquel) spa hplip ;; # other distros unknown @@ -994,7 +1055,7 @@ case $distro in esac case $distro in - fedora|ubuntu|debian) spa gnupg-agent ;; + fedora|ubuntu|trisquel|debian) spa gnupg-agent ;; arch) : ;; esac @@ -1012,20 +1073,20 @@ esac case $distro in arch) spa ttf-dejavu;; - debian|ubuntu) spa fonts-dejavu ;; + debian|ubuntu|trisquel) spa fonts-dejavu ;; # others unknown esac case $distro in arch) spa xorg-xev;; - debian|ubuntu) spa x11-utils ;; + debian|ubuntu|trisquel) spa x11-utils ;; # others unknown esac case $distro in arch) pi virt-install;;& - debian|ubuntu) pi virtinst ;;& + debian|ubuntu|trisquel) pi virtinst ;;& *) pi virt-manager ;; # creates the libvirt group in debian at least # others unknown esac @@ -1045,20 +1106,20 @@ for x in ian traci; do s usermod -a -G libvirt,kvm $x; done case $distro in arch) spa cdrkit;; - debian|ubuntu) spa genisoimage;; + debian|ubuntu|trisquel) spa genisoimage;; # others unknown esac case $distro in arch) spa spice-gtk3 ;; - debian|ubuntu) spa spice-client-gtk;; + debian|ubuntu|trisquel) spa spice-client-gtk;; # others unknown esac # general known for debian/ubuntu, not for fedora case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) pi golang-go # a bit of googling, and added settings to bashrc go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl @@ -1104,14 +1165,15 @@ esac case $distro in - arch|debian|ubuntu) spa pumpa ;; + arch|debian|ubuntu|trisquel) spa pumpa ;; # others unknown. do have a buildscript: # /a/bin/buildscripts/pumpa ;; esac case $distro in - debian|ubuntu) spa android-tools-adbd/unstable ;; + debian) pi adb ;; + debian|ubuntu|trisquel) spa android-tools-adbd/unstable ;; arch) spa android-tools ;; # other distros unknown esac @@ -1227,7 +1289,7 @@ case $distro in arch) pi python2-pygments ;; - debian|ubuntu) + debian|ubuntu|trisquel) pi python-pygments ;; esac @@ -1336,6 +1398,17 @@ fi # esac + +### kdeconnect for gnome. started in /a/bin/distro-setup/desktop-20-autostart.sh +pi libgtk-3-dev python3-requests-oauthlib valac cmake python-nautilus +cd /a/opt/indicator-kdeconnect +mkdir -p build +cd build +cmake .. -DCMAKE_INSTALL_PREFIX=/usr +make +sudo make install + + ######### end misc packages ######### @@ -1412,7 +1485,7 @@ EOF case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) case `debian-archive` in stable) s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF' @@ -1448,7 +1521,7 @@ esac # # # disabled due to my patch being in btrbk # case $distro in -# arch|debian|ubuntu) pi btrbk ;; +# arch|debian|ubuntu|trisquel) pi btrbk ;; # # others unknown # esac cd /a/opt/btrbk @@ -1474,7 +1547,7 @@ fi case $distro in - debian|ubuntu) s gpasswd -a ian adm ;; #needed for reading logs + debian|ubuntu|trisquel) s gpasswd -a ian adm ;; #needed for reading logs esac # tor @@ -1552,7 +1625,7 @@ EOF pi nfs-utils sgo nfs-server ;; - debian|ubuntu) + debian|ubuntu|trisquel) pi nfs-server ;; arch) @@ -1657,7 +1730,7 @@ e "$end_msg_var" # persistent virtual machines case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) pi libosinfo-bin; ;; esac @@ -1742,7 +1815,7 @@ EOF fi case $distro in - debian|ubuntu) + debian|ubuntu|trisquel) # systemd claims it generates units from /etc/init.d, but it # clearly doesn\'t in debian. I have no idea how they are # related. fuck debian right now. It\'s not documented. samba diff --git a/input-setup b/input-setup index 2f595f3..91bede6 100755 --- a/input-setup +++ b/input-setup @@ -13,6 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. +case $HOSTNAME in + x2|tp) type=laptop ;; + treetowl*|iank-dev|frodo) type=kinesis ;; +esac + + + +case $1 in + l) type=laptop ;; + k) type=kinesis ;; +esac + #set -x mi() { xinput --get-feedbacks "$1" | grep "threshold" @@ -35,12 +47,14 @@ set_device_id() { fi } -case $HOSTNAME in - tp|x2) - # original saved with: xkbcomp $DISPLAY /a/c/stretch-11-2016.xkb - xkbcomp /a/c/x2.xkb $DISPLAY - ;; - treetowl*|iank-dev|frodo) +case $type in + laptop) + # original saved with: xkbcomp $DISPLAY /a/c/stretch-11-2016.xkb + xkbcomp /a/c/x2.xkb $DISPLAY + xkbset -m # remove mouse keys + + ;; + kinesis) # todo, differentiate for work pc #/a/bin/radl if [[ -z $DISPLAY ]]; then @@ -92,8 +106,6 @@ case $HOSTNAME in fi . /a/bin/bash_unpublished/duplicity-gpg-agent-setup ;; - frodo*) - ;; esac # for desktop and htpc diff --git a/mail-route b/mail-route index dc74c7b..d130ca9 100755 --- a/mail-route +++ b/mail-route @@ -65,11 +65,16 @@ esac for port in 25 143; do # smtp and imap. e iptables -t mangle $iptables_op \ OUTPUT -m tcp -p tcp -m multiport --ports $port -j MARK --set-mark 0x1 + e iptables -t mangle $iptables_op \ + OUTPUT -m tcp -p tcp -m multiport --ports $port -j MARK --set-mark 0x0 \ + -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 +# note, we could have used a custom chain and returned instead of setting the mark again. + # in case anyone was ever curious, the inverse of private ips is: #0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3 + done e iptables -t nat $iptables_op POSTROUTING -o tun0 -m mark --mark 0x1 -j SNAT --to-source 10.8.0.4 e ip rule $ip_op fwmark 1 table 1 # note, this rule does not persist when the tun interface is deleted e ip route $ip_op default via 10.8.0.1 table 1 -e ip route $ip_op 192.168.1.0/24 via 192.168.1.1 dev br0 table 1 exit 0 diff --git a/mail-setup b/mail-setup index 19676b2..33ad75a 100755 --- a/mail-setup +++ b/mail-setup @@ -257,8 +257,54 @@ EOF # inet_protocols service postfix restart -else # exim. has debian specific stuff for now +else # begin exim. has debian specific stuff for now + if [[ -e /p/c/filesystem ]]; then + /a/exe/vpn-mk-client-cert -n mail li + fi + + cat >/etc/systemd/system/mailroute.service <<'EOF' +[Unit] +# this unit is configured to start and stop whenever openvpn-client@mail.service +# does +Description=Routing for email vpn +After=network.target +BindsTo=openvpn-client@mail.service +After=openvpn-client@mail.service + +[Service] +Type=oneshot +ExecStart=/a/bin/distro-setup/mail-route start +ExecStop=/a/bin/distro-setup/mail-route stop +RemainAfterExit=yes + +[Install] +RequiredBy=openvpn-client@mail.service +EOF + + cat >/etc/systemd/system/offlineimapsync.timer <<'EOF' +[Unit] +Description=Run offlineimap-sync once every 5 mins + +[Timer] +OnCalendar=*:0/5 + +[Install] +WantedBy=timers.target +EOF + + cat >/etc/systemd/system/offlineimapsync.service <<'EOF' +[Unit] +Description=Offlineimap sync +After=multi-user.target + +[Service] +User=ian +Type=oneshot +ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync +EOF + systemctl daemon-reload + systemctl enable mailroute # wording of question from dpkg-reconfigure exim4-config # 1. internet site; mail is sent and received directly using SMTP @@ -286,6 +332,8 @@ EOF source /a/bin/bash_unpublished/source-semi-priv exim_main_dir=/etc/exim4/conf.d/main mkdir -p $exim_main_dir + + if [[ $HOSTNAME == $MAIL_HOST ]]; then debconf-set-selections </etc/systemd/system/offlineimapsync.timer <<'EOF' -[Unit] -Description=Run offlineimap-sync once every 5 mins - -[Timer] -OnCalendar=*:0/5 - -[Install] -WantedBy=timers.target -EOF - - cat >/etc/systemd/system/offlineimapsync.service <<'EOF' -[Unit] -Description=Offlineimap sync -After=multi-user.target - -[Service] -User=ian -Type=oneshot -ExecStart=/a/bin/log-quiet/sysd-mail-once offlineimap-sync /a/bin/distro-setup/offlineimap-sync -EOF - systemctl daemon-reload systemctl enable offlineimapsync.timer systemctl start offlineimapsync.timer + systemctl restart openvpn-client@mail + systemctl enable openvpn-client@mail else # $HOSTNAME != $MAIL_HOST systemctl disable offlineimapsync.timer &>/dev/null ||: systemctl stop offlineimapsync.timer &>/dev/null ||: + systemctl disable openvpn-client@mail + systemctl stop openvpn-client@mail # # # would only exist because I wrote it i the previous condition, @@ -471,6 +501,7 @@ EOF exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail exim4-config exim4/dc_smarthost string $smarthost EOF + fi # end $HOSTNAME != $MAIL_HOST # if we already have it installed, need to reconfigure, without being prompted @@ -494,6 +525,7 @@ EOF # just noticed this in the config file, seems like a good idea. sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin e 'NICE="--nicelevel 15"' >>/etc/default/spamassassin + systemctl start spamassassin systemctl reload spamassassin cat >/etc/systemd/system/spamddnsfix.service <<'EOF' @@ -734,6 +766,7 @@ EOF # begin setup passwd.client f=/etc/exim4/passwd.client + rm -f /etc/exim4/passwd.client install -m 640 -g Debian-exim /dev/null $f cat /etc/mailpass| while read -r domain port pass; do # reference: exim4_passwd_client(5) @@ -767,6 +800,9 @@ fi # put spool dir in directory that spans multiple distros. # based on http://www.postfix.org/qmgr.8.html and my notes in gnus +# +# todo: I'm suspicious of uids for Debian-exim being the same across +# distros. It would be good to test this. dir=/nocow/$type sdir=/var/spool/$type # we only do this if our system has $dir diff --git a/mastodon-upgrade b/mastodon-upgrade new file mode 100755 index 0000000..00cda2a --- /dev/null +++ b/mastodon-upgrade @@ -0,0 +1,22 @@ +#!/bin/bash + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +# based on +# https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Docker-Guide.md + +[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@" + +cd /home/ian/mastodon +git fetch +git stash +git checkout $(git tag | grep -v rc | tail -n1) +git stash pop +docker-compose build +# these 2 may not be needed in all upgrades, but +# simpler to just do them always. +docker-compose run --rm web rake db:migrate +docker-compose run --rm web rake assets:precompile +# restart the app +docker-compose up -d diff --git a/radicale-setup b/radicale-setup index b885f36..2f22e64 100755 --- a/radicale-setup +++ b/radicale-setup @@ -11,12 +11,10 @@ # created password file with: -# htpasswd -c /etc/nginx/caldav/htpasswd ian +# htpasswd -c /etc/davpass dav -# python-dulwich, to track changes with git, per -# http://radicale.org/user_documentation/#idgit-support -pi nginx python-dulwich radicale +pi radicale # I moved /var/lib/radicale after it's initialization. # I did a sudo -u radicale git init in the collections subfolder @@ -40,9 +38,12 @@ setini() { setini hosts 10.8.0.4:5232 server sgo radicale -# davdroid from f-droid. username ian, +# davdroid from f-droid. +# login with url and user name +# username ian, # url https://cal.iankelling.org # username ian +# pass, see password manager # I disabled power management feature, it's got 240 min sync interval, # so it shouldn't be bad. # @@ -74,3 +75,6 @@ sgo radicale # https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/ # # Note, url above says only cayanogenmod 13+ and omnirom can manage groups. + +# Note, radicale had built-in git support to track changes, but they +# removed it in 2.0. diff --git a/rootsshsync b/rootsshsync index 9d9140a..5be639c 100755 --- a/rootsshsync +++ b/rootsshsync @@ -28,5 +28,5 @@ else fi # -t times, so it won't rewrite the file every time, # -L resolve links -rsync -rtL $(eval echo ~${SUDO_USER:-$USER})/.ssh/ $dest +rsync -rtL --delete $(eval echo ~${SUDO_USER:-$USER})/.ssh/ $dest chown -R root:root /root/.ssh