From: Ian Kelling Date: Tue, 9 Aug 2016 22:54:23 +0000 (-0700) Subject: use better practice to avoid overwriting symlnks X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=7b7a6de94fdeb15d53efbb3036643a36a8fdd68b use better practice to avoid overwriting symlnks --- diff --git a/distro-begin b/distro-begin index 045af1a..b0fcdf5 100755 --- a/distro-begin +++ b/distro-begin @@ -87,6 +87,7 @@ Description=Turn on automatic decryption of drives on boot # service that happens late in the game. After=postfix.service DefaultDependencies=no +# not sure if needed, makes sure we shut down before reboot.target Conflicts=reboot.target [Service] @@ -155,12 +156,12 @@ echo path:$PATH if isfedora; then # comment out line disallowing calling sudo in scripts - sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers + sudo sed -i --follow-symlinks 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers # turn on magic sysrq commands for this boot cycle echo 1 > sudo dd of=/proc/sys/kernel/sysrq # selinux is not user friendly. Like, you enable samba, but you haven't run the magic selinux commands so it doesn't work # and you have no idea why. - sudo sed -i 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config + sudo sed -i --follow-symlinks 's/^\(SELINUX=\).*/\1disabled/' /etc/selinux/config selinuxenabled && sudo setenforce 0 fi @@ -278,17 +279,6 @@ if isarch; then } aurpi cower pacaur - # for aur, automatically dl & add gpg keys. - # Just the keyserver-options line goes in dirmngr.conf once - # this bug is fixed: https://bugs.gnupg.org/gnupg/issue2147 - for homedir in /home/*; do - # this creates ~/.gnupg. addgnupghome is kinda broken on arch. - HOME=$homedir gpg -k - teeu $homedir/.gnupg/gpg.conf <$x sudo dd of=/etc/pacman.conf if=$x; rm $x @@ -333,10 +323,10 @@ s lnf /q/root/.editor-backups /q/root/.undo-tree-history \ /a/opt /a/c/.emacs.d $HOME/mw_vars /k/backup /root d=/q/p/c/machine_specific/$HOSTNAME/.unison -if ! s test -L /root/.unison && [[ ! $(s find /root/.unison -prune -empty) ]]; then +if ! s test -L /root/.unison && [[ $(s find /root/.unison -prune -empty) ]]; then mkdir -p $d s chown -R $USER:$USER /root/.unison - mv -f /root/.unison/* $d + s cp -rT /root/.unison $d fi s lnf -T $d /root/.unison diff --git a/distro-end b/distro-end index 1f2c324..d24964a 100755 --- a/distro-end +++ b/distro-end @@ -78,9 +78,16 @@ esac -########### begin section including lj ################ +########### begin section including li ################ +case $distro in + debian) + if [[ `debian-archive` == testing ]]; then + pi acme-tiny + fi +esac + case $distro in fedora) spa unrar ;; *) spa unrar-free ;; @@ -196,10 +203,6 @@ if isdebian; then debian-setup-auto-update fi -# cron -/a/bin/crons/all - - case $HOSTNAME in lj|li) @@ -208,7 +211,7 @@ case $HOSTNAME in lj) domain=iank.bid ;; li) domain=iankelling.org ;; esac - homepage-setup $domain + /a/h/setup.sh $domain s rld /a/h/_site/ /var/www/$domain/html curl https://$domain/git/?p=mediawiki-setup/.git;a=blob_plain;f=mw-setup-script;hb=HEAD | bash @@ -402,13 +405,16 @@ case $HOSTNAME in cd /a/opt wget -nv -N https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb errallow + set -o pipefail s dpkg -i google-chrome-stable_current_amd64.deb |& tee $log code=$? errcatch case $code in 0) : ;; *) - if grep '^dpkg: dependency problems prevent configuration of' \ + # previously I had a more specific search, but dpkg + # changed it's output as of 7/2016 + if grep 'dependency problems' \ $log &>/dev/null; then s apt-get -fy install else @@ -557,7 +563,7 @@ case $distro in bridge-utils dnsmasq qemu bind-tools # otherwise we get error about accessing kvm module. # seems like there might be a better way, but google was a bit vague. - s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf + s sed -ri --follow-symlinks '/^ *user *=/d' /etc/libvirt/qemu.conf echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf # https://bbs.archlinux.org/viewtopic.php?id=206206 # # this should prolly go in the wiki @@ -748,7 +754,7 @@ pi smartmontools # -o on, turn on 4 hour period non-performance degrading testing. # short test daily 2-3am, extended tests Saturdays between 3-4am: sched="-s (S/../.././02|L/../../6/03)" -s sed -i "s#^[[:space:]]*DEVICESCAN.*#\ +s sed -i --follow-symlinks "s#^[[:space:]]*DEVICESCAN.*#\ DEVICESCAN -a -o on -S on -n standby,q $sched\ -m ian@iankelling.org -M exec /usr/local/bin/smart-notify#" /etc/smartd.conf @@ -758,7 +764,7 @@ DEVICESCAN -a -o on -S on -n standby,q $sched\ # consulted first. This is often slower and undesirable, ie. local dns # queries go from 0ms to 10+ or 100+ ms. To reverse the ordering, you # can do: -#sudo sed -i '/tun\*\|tap\*/d' /etc/resolvconf/interface-order +#sudo sed -i --follow-symlinks '/tun\*\|tap\*/d' /etc/resolvconf/interface-order # however, this breaks dns lookup for hosts on the openvpn lan. # I can\'t figure out why hosts on the normal lan would not be # broken under the default ordering, except the host I was @@ -769,6 +775,11 @@ DEVICESCAN -a -o on -S on -n standby,q $sched\ ########### misc stuff +if ! sudo test -e /etc/openvpn/client.key; then + /a/bin/vpn-setup/vpn-mk-client-cert +fi + + case $distro in debian|ubuntu) case `debian-archive` in @@ -1001,11 +1012,11 @@ case $distro in esac # add 2 lines after workgroup option -s sed -ri '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf -s sed -ri '/^\s*map to guest\s*=/d' /etc/samba/smb.conf -s sed -i 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf +s sed -ri --follow-symlinks '/^\s*encrypt passwords\s*=/d' /etc/samba/smb.conf +s sed -ri --follow-symlinks '/^\s*map to guest\s*=/d' /etc/samba/smb.conf +s sed -i --follow-symlinks 's/\(\s*workgroup\s*=\).*/\1 WORKGROUP\n\tencrypt passwords = yes\n\tmap to guest = bad password/' /etc/samba/smb.conf # remove default homes section. not sharing that. -s sed -ri '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf +s sed -ri --follow-symlinks '/^\s*\[homes\]/,/\s*\[/d' /etc/samba/smb.conf if ! grep -xF '[public]' /etc/samba/smb.conf &>/dev/null; then s tee -a /etc/samba/smb.conf <<'EOF' diff --git a/dsremote b/dsremote index 173f48b..c32b510 100755 --- a/dsremote +++ b/dsremote @@ -11,5 +11,5 @@ if [[ ! $host || $host == -h ]]; then fi rlu $host /a/bin/distro-setup/ -ssh $host /a/bin/distro-begin -ssh $host /a/bin/distro-end +ssh $host /a/bin/distro-setup/distro-begin +ssh $host /a/bin/distro-setup/distro-end diff --git a/homepage-setup b/homepage-setup deleted file mode 100755 index bea0126..0000000 --- a/homepage-setup +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash -l -# Copyright (C) 2016 Ian Kelling -# This program is under GPL v. 3 or later, see - -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -domain=$1 - -if [[ ! $1 ]]; then - echo "$0: error: expected domain argument" - exit 1 -fi - -gitroot=/a/bin/githtml - -type -P a2enmod &>/dev/null || pi apache2 - -acme-tiny-wrapper $domain - -# debian has the package gitweb, which seems to mainly -# have some example apache config, and a minimal gitweb config. -# I'll just use the config as example and not use the package. -# It's example apache config seems to say we can use cgi or cgid, -# and googling cgid it seems a newer faster alternative. -sudo a2enmod cgid - -# so, highlight is not highlighting my -pi highlight - -# additional settings from browsing https://git-scm.com/docs/gitweb.conf -s dd of=/etc/gitweb.conf < - # to run python scripts with cgi - Options +ExecCGI - AddHandler cgi-script .py - - - -# All below is for gitweb + git-http-web. -# A simple builtin way to have a read only git website. -# I didn't find any significantly better alternatives out there. -SetEnv GIT_PROJECT_ROOT $gitroot -SetEnv GIT_HTTP_EXPORT_ALL - -# note: cgi scripts can go anywhere into the filesystem, -# so there is no need to do a directory block for $gitroot - -# fot git-http-web - - AllowOverride None - Require all granted - - - - Options +FollowSymLinks +ExecCGI - AddHandler cgi-script .cgi - - -# from man-git-http-backend, so git-http-web ang gitweb can both be used. -# it is instead of this: -# #ScriptAlias / /usr/lib/git-core/git-http-backend/ -ScriptAliasMatch \\ - "(?x)^/git/(.*/(HEAD | \\ - info/refs | \\ - objects/(info/[^/]+ | \\ - [0-9a-f]{2}/[0-9a-f]{38} | \\ - pack/pack-[0-9a-f]{40}\\.(pack|idx)) | \\ - git-(upload|receive)-pack))\$" \\ - /usr/lib/git-core/git-http-backend/\$1 - - - -# man-git-http-backend claims we should do this, but -# it causes no css/images to be displayed. Instead, -# just stick with the standard gitweb example directive -# from debian. -#ScriptAlias /git /usr/share/gitweb/gitweb.cgi/ -Alias /git /usr/share/gitweb -EOF diff --git a/phab-setup b/phab-setup index e654246..8873609 100755 --- a/phab-setup +++ b/phab-setup @@ -65,7 +65,7 @@ phab-sel pi phabricator/unstable # debian sets http, but we want https -s sed -i 's/http:/https:/' /usr/share/phabricator/conf/local/local.json +s sed -i --follow-symlinks 's/http:/https:/' /usr/share/phabricator/conf/local/local.json acme-tiny-wrapper $domain diff --git a/postfix-setup b/postfix-setup index 2c8fe5e..d2af80c 100755 --- a/postfix-setup +++ b/postfix-setup @@ -59,7 +59,7 @@ fi # This also works instead of ~/.forward -# s sed -i '/^root/d' /etc/aliases ||: +# s sed -i --follow-symlinks '/^root/d' /etc/aliases ||: #echo "root: $HOSTNAME@$SOME_DOMAIN" | s tee -a /etc/aliases # this can't be a symlink and has permission restrictions # it might work in /etc/aliases, but this seems more proper.