From: Ian Kelling <ian@iankelling.org>
Date: Mon, 8 Feb 2016 03:57:49 +0000 (-0800)
Subject: various fixes and updates
X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=ff20a265369c871004916fd162241d3219eb72c7

various fixes and updates
---

diff --git a/distro-begin b/distro-begin
index 89acacf..5dc0359 100755
--- a/distro-begin
+++ b/distro-begin
@@ -18,7 +18,7 @@ sudo bash -c 'source /a/c/repos/bash/.bashrc && source /a/bin/ssh-emacs-setup'
 # set the scrollback to unlimited in case something goes wrong
 
 if [[ $EUID == 0 ]]; then
-    echo error: do not run as root
+    echo "error: do not run as root"
     exit
 fi
 
@@ -34,17 +34,15 @@ fi
 set -E
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
 
-headless=false
-debian_stable=false
+# headless=false # unused atm
 recompile=true
 # for copying to a new data fs
-bootstrapfs=false
+bootstrapfs=false # old flag, needs new look before using.
 while [[ $1 == -* ]]; do
     case $1 in
         # avoid some of the longer compilation steps,
         # when we need to rerun because we had an error
         -n) recompile=false; shift ;;
-        -b) boostrap_new_comp=true; shift ;;
     esac
 done
 
@@ -54,10 +52,11 @@ else
     host=$HOSTNAME
 fi
 
-for f in iank-dev htpc treetowl x2 frodo; do
+for f in iank-dev htpc treetowl x2 frodo tp; do
     eval "$f() { [[ $host == $f ]]; }"
 done
-encrypted() { iank-dev || x2 || frodo ; }
+has_p() { iank-dev || x2 || frodo; }
+encrypted() { has_p || tp; }
 
 shopt -s extglob
 export GLOBIGNORE=*/.:*/..
@@ -166,9 +165,22 @@ sudo sed -ri '/noatime/s/relatime,?|defaults,?//g' /etc/fstab
 
 # this script has been designed to be idempotent
 # todo, it would be nice to cut down on some of the output
+
+
+
+# output is below so shellcheck can verify sources
 for x in /a/bin/bash-programs-by-ian/repos/{errhandle,tee-unique,lnf}/*-function; do
-    source $x;
+    echo "# shellcheck source=$x";
+    # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/bash-trace-function
+    # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errallow-function
+    # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errcatch-function
+    # shellcheck source=/a/bin/bash-programs-by-ian/repos/errhandle/errexit-function
+    # shellcheck source=/a/bin/bash-programs-by-ian/repos/tee-unique/teeu-function
+    # shellcheck source=/a/bin/bash-programs-by-ian/repos/lnf/lnf-function
+    source $x
 done
+
+
 set +e
 $interactive || errcatch
 source /a/bin/distro-functions/src/identify-distros
@@ -176,7 +188,6 @@ echo path:$PATH
 
 
 
-
 if isfedora; then
     # comment out line disallowing calling sudo in scripts
     sudo sed -i 's/^Defaults *requiretty/#\0 # ian commented/' /etc/sudoers
@@ -231,32 +242,29 @@ if isdebian; then
     s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list
 
     # non-existent var, as Im not planning to use stable right now
-    if $debian_stable; then
+    if isdebian-stable; then
         code=$(debian-codename)
-        tu /etc/apt/sources.list <<EOF
+        s dd of=/etc/apt/sources.list.d/mozilla-iceweasel <<EOF
 deb http://mozilla.debian.net/ $code-backports iceweasel-release
 deb-src http://mozilla.debian.net/ $code-backports iceweasel-release
 EOF
 
         # we change the mirror from the default, so we cant use tu
-        if ! grep -qP "^deb [^ ]+ $code-backports main contrib non-free" /etc/apt/sources.list; then
-            s tee -a /etc/apt/sources.list <<EOF
+        s dd of=/etc/apt/sources.list.d/main-backports <<EOF
 deb http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
 deb-src http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
 EOF
-        fi
 
         p update
         # take care of mozilla signing errors in previous command
         pi pkg-mozilla-archive-keyring
     else
-        sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' \
-             /etc/apt/sources.list
-        pup
+        :
+        # this would change stable to testing, but I set that up already.
+        # It\'s just a no-op if its already testing.
+        # sudo sed -ri 's!^( *[^ #]+ +[^ ]+ +)[[:alpha:]]+(.*)!\1testing\2!' /etc/apt/sources.list
+        p update
     fi
-    # doesnt exist on ubuntu. ubuntu has a mirror type url to use instead.
-    pi netselect-apt
-    debian_pick_mirror
 fi
 
 if isarch; then
@@ -291,13 +299,16 @@ EOF
     sudo dd of=/etc/pacman.conf if=$x; rm $x
     sudo systemctl enable pacserve.service
     sudo systemctl start pacserve.service
+
+    # strange error if just installing trash-cli: "pyalpm requires python",
+    # so I see that it requires python2, and installing that manually fixes it.
+    # I didn't see this on earlier installation, main thing which changed was
+    # pacserve, so not sure if it's related.
+    pi python2
 fi
+
 pup
-# strange error if just installing trash-cli: "pyalpm requires python",
-# so I see that it requires python2, and installing that manually fixes it.
-# I didn't see this on earlier installation, main thing which changed was
-# pacserve, so not sure if it's related.
-pi python2 trash-cli
+pi trash-cli
 
 
 ###### link files ###########
@@ -317,29 +328,24 @@ s lnf /a/sdx{,d} /
 
 # todo: this is desktop specific. on work comp, mkdir /p/.editor-backups
 # todo: reconcile ~/.ssh/config work/home
-if encrypted; then
+if has_p; then
     lnf -T /p/offlineimap ~/Maildir
     lnf -T /p/News ~/News
     s lnf -T /q/p /p
     # don't use /* because I don't want to require it to be mounted
     s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
-      /q/root/.ssh /q/root/sasl_passwd /q/root/sasl_passwd.db /a/opt \
+      /q/root/.ssh /a/opt \
       /a/c/.emacs.d ~/.unison /root
 
 fi
 
-for x in /a/c/repos/*/!(.git); do
-    [[ $x == */. || $x == */.. ]] && continue # workaround for ubuntu 14.04 bug
-    lnf "$x" ~
-done
-
 s lnf /a/c/.inputrc /a/c/.vim /a/c/.vimrc /a/c/.gvimrc /root
 
 if [[ $HOSTNAME == htpc ]]; then
     lnf -T /i/Videos ~/Downloads
 fi
 
-if encrypted; then
+if has_p; then
     # for dovecot
     lnf -T /i/mboxes ~/mail
 fi
@@ -348,9 +354,14 @@ fi
 # basic needed packages
 case $(distro-name) in
     debian)
-        pi $( $debian_stable && e -t $code-backports ) iceweasel \
-           linux-image-amd64 firmware-linux-nonfree \
-           firmware-linux-free linux-headers-amd64
+        pi $( isdebian-stable && e -t $code-backports ) iceweasel
+        # for hosts which require nonfree drivers
+        case $HOSTNAME in
+            tp|x2) : ;;
+            *) pi linux-image-amd64 firmware-linux-nonfree \
+                  firmware-linux-free linux-headers-amd64
+               ;;
+        esac
         ;;&
     ubuntu|debian)
         pi xmacro gtk-redshift xinput
@@ -384,15 +395,19 @@ esac
 
 pi xbindkeys xkbset cryptsetup unison
 
+pi lvm2
 # enables trim for volume delete, other rare commands.
 sudo sed -ri 's/( *issue_discards\b).*/\1 = 1/' /etc/lvm/lvm.conf
+
 if encrypted; then
     if isdeb; then
         sudo cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system
     fi
     # does weekly trim
     sudo systemctl enable fstrim.timer
+fi
 
+if has_p; then
     # relatime is default, but it still significantly increases writes
     # in comparison because it writes on the first read after each
     # write.
@@ -401,8 +416,8 @@ if encrypted; then
     if ! frodo; then
         dirs+=(/q)
     fi
-    s mkdir -p ${dirs[@]}
-    s chown ian:ian  ${dirs[@]}
+    s mkdir -p "${dirs[@]}"
+    s chown ian:ian  "${dirs[@]}"
     # ssh and probably some other things care about parent directory
     # ownership, and ssh doesn\'t allow any group writable parent
     # directories, so we are forced to use a directory structure similar
@@ -450,24 +465,13 @@ EOF
 
 
 
-    # emacs dependencies.
+fi
 
-    # dunno why debian installed postfix with yum-builddep emacs
-    # but I will just explicitly install it here since
-    # I use it for sending mail in emacs.
-    if isdeb; then
-        s debconf-set-selections<<EOF
-postfix postfix/main_mailer_type select Satellite system
-postfix postfix/mailname string $host
-postfix postfix/relayhost string [mail.messagingengine.com]:587
-EOF
-        pi postfix
-    else
-        pi postfix
-        s postconf -v 'relayhost = [mail.messagingengine.com]:587'
-        s systemctl enable postfix
-        s systemctl start postfix
-    fi
+
+
+# exptected directory for .editor-backups
+if ! has_p; then
+    s lnf /a/p /
 fi
 
 /a/bin/conflink
@@ -538,6 +542,42 @@ umask 002
 EOF
 
 
+
+# emacs dependency.
+# dunno why debian installed postfix with yum-builddep emacs
+# but I will just explicitly install it here since
+# I use it for sending mail in emacs.
+if private-host; then
+    relayhost="[mail.messagingengine.com]:587"
+else
+    # ses initially suggests port 25, but I had problems connecting to that.
+    relayhost="[email-smtp.us-west-2.amazonaws.com]:587"
+fi
+if isdeb; then
+    s debconf-set-selections<<EOF
+postfix postfix/main_mailer_type select Satellite system
+postfix postfix/mailname string $host
+postfix postfix/relayhost string $relayhost
+EOF
+
+    pi postfix
+else
+    pi postfix
+    # Settings from reading the output when installing on debian,
+    # then seeing which were different in a default install on arch.
+    # I assume the same works for fedora.
+    postconfin <<EOF
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+relayhost = $relayhost
+inet_interfaces = loopback-only
+EOF
+
+    s systemctl enable postfix
+    s systemctl start postfix
+fi
+
+
 if isarch; then
     # install so it's build dependencies don't get removed.
     x=$(mktemp -d)
@@ -547,6 +587,8 @@ if isarch; then
     popd
     rm -rf $x
 else
+    # to disable emacs git build,
+    # s apt-get install emacs
     if $recompile; then
         /a/bin/buildscripts/emacs
     else
@@ -563,7 +605,7 @@ if ! isarch; then
         # fedora didn\'t have the 3.
         dir=/etc/gdm
     fi
-    mkdir -p $dir/PostLogin
+    s mkdir -p $dir/PostLogin
     s command cp /a/bin/desktop-20-autostart.sh $dir/PostLogin/Default
     s mkdir /etc/lightdm/lightdm.conf.d
     s dd of=/etc/lightdm/lightdm.conf.d/12-ian.conf <<'EOF'
@@ -587,7 +629,7 @@ cabal update
 PATH="$PATH:$HOME/.cabal/bin"
 
 # trying out the distro's versions newer distros
-if $debian_stable || isubuntu; then
+if isdebian-stable || isubuntu; then
     # todo: on ubuntu 12.04, needed to install  zlib1g-dev
     cabal install cabal-install
     pu cabal-install
@@ -628,3 +670,7 @@ else
     fi
 fi
 pi dmenu
+
+if isdeb && (tp || x2); then
+    pi task-laptop
+fi
diff --git a/distro-end b/distro-end
index 1288c75..40282d0 100755
--- a/distro-end
+++ b/distro-end
@@ -6,12 +6,14 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
 
 set -x
 
-distro=$(distro-name)
+end_msg() {
+    local y
+    IFS= read -r -d '' y  ||:
+    end_msg_var+="$y"
+}
 
+distro=$(distro-name)
 
-is_debian_testing() {
-    grep -E '^[^#]debian.*\stesting\s+main\s*$' /etc/apt/sources.list &>/dev/null
-}
 
 # template
 case $distro in
@@ -26,8 +28,10 @@ x=(
     duplicity
     fail2ban
     fdupes
+    filelight
     gdb
     gnome-screenshot
+    mailutils
     meld
     mpv
     offlineimap
@@ -42,6 +46,7 @@ x=(
     smartmontools
     squashfs-tools
     tree
+    virt-manager
 )
 
 pi "${x[@]}"
@@ -70,7 +75,8 @@ esac
 
 case $distro in
     arch) pi the_silver_searcher ;;
-    # others unknown
+    debian|ubuntu) pi silversearcher-ag ;;
+    # fedora unknown
 esac
 
 # printer
@@ -85,12 +91,15 @@ case $distro in
         # In debian, I could use hte recommended driver,
         # in arch, I had to pick out the 6L driver.
         ;;
+    debian|ubuntu)
+        pi hplip
+        ;;
     # other distros unknown
 esac
 
 
 case $distro in
-    ubuntu|debian) pi ack-grep nfs-client ;;
+    ubuntu|debian) pi ack-grep ;;
     arch|fedora) pi ack ;;
     # fedora unknown
 esac
@@ -106,23 +115,7 @@ case $distro in
     ubuntu|debian) pi par2 ;;
     arch|fedora) pi par2cmdline ;;
 esac
-case $distro in
-    arch|fedora) pi unison ;;
-    # deb/ubuntu, it depends what version they have.
-    # arch and fedora have unison240 and unison-240-compat respectively,
-    # but that failed to sync with an ubuntu 12.04 which had unson 2.40,
-    # so I installed it manually, but hopefully never have to use it on 12.04 again.
-
-    # wget http://caml.inria.fr/pub/distrib/ocaml-4.02/ocaml-4.02.3.tar.gz
-    # ./configure
-    # make world opt
-    # s make install
-
-    # wget http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.48.3.tar.gz
-    # make
-    # s cp unison /usr/local/bin
 
-esac
 # needed for my tex resume
 case $distro in
     ubuntu|debian) pi texlive-full ;;
@@ -139,11 +132,12 @@ case $distro in
     fedora)
         pi yum-utils
         # rpm fusion recommended codecs
-        s su -c 'yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
+        s su -c "yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
         pi gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg\
            xine-lib-extras-freeworld
         ;;
 esac
+
 case $distro in
     # optional dep for firefox for h.264 video
     arch) pi gst-libav ;;
@@ -172,18 +166,61 @@ case $distro in
     *) : ;; # comes default or with other packages
 esac
 
-# general others are unknown bucket
+case $distro in
+    arch|debian|ubuntu)
+        pi bash-completion
+        ;;
+    # others unknown
+esac
+
+
+case $distro in
+    arch) pi ttf-dejavu;;
+    debian|ubuntu) pi fonts-dejavu ;;
+    # others unknown
+esac
+
+case $distro in
+    arch|debian|ubuntu) pi ntp;;
+    # others unknown
+esac
+
+case $distro in
+    arch) pi xorg-xev;;
+    debian|ubuntu) pi x11-utils ;;
+    # others unknown
+esac
+
+case $distro in
+    arch) pi virt-install;;
+    debian|ubuntu) pi virtinst ;;
+    # others unknown
+esac
+
+case $distro in
+    arch) pi cdrkit;;
+    debian|ubuntu) pi genisoimage;;
+    # others unknown
+esac
+
+case $distro in
+    arch) pi spice-gtk3 ;;
+    debian|ubuntu) pi spice-client-gtk;;
+    # others unknown
+esac
+
+# general known for debian/ubuntu, not for fedora
 case $distro in
     arch)
         # cdrkit for cloud-init isos
         # dnsmasq for nat networking in libvirt
         # qemu for qemu-img, bind-tools for dig
-        pi ttf-dejavu bash-completion unzip ntp wget xorg-xev xorg-xmodmap \
-           virt-install bridge-utils cdrkit dnsmasq qemu spice-gtk3 bind-tools
+        pi unzip wget xorg-xmodmap \
+           bridge-utils dnsmasq qemu bind-tools
         sgo ntpd
-        s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
         # otherwise we get error about accessing kvm module.
         # seems like there might be a better way, but google was a bit vague.
+        s sed -ri '/^ *user *=/d' /etc/libvirt/qemu.conf
         echo 'user = "root"' | s tee -a /etc/libvirt/qemu.conf
         # https://bbs.archlinux.org/viewtopic.php?id=206206
         # # this should prolly go in the wiki
@@ -203,6 +240,7 @@ case $distro in
 esac
 
 
+
 case $distro in
     arch)
         # ubuntu 14.04 uses b-cron,
@@ -224,13 +262,14 @@ esac
 
 
 case $distro in
-    arch|arch) pi pumpa ;;
-    *) /a/bin/buildscripts/pumpa ;;
+    arch|debian|ubuntu) pi pumpa ;;
+    # others unknown. do have a buildscript:
+    # /a/bin/buildscripts/pumpa ;;
 esac
 
 
 case $distro in
-    ubuntu) pi android-tools-adb ;;
+    debian|ubuntu) pi android-tools-adb ;;
     arch) pi android-tools ;;
     # other distros unknown
 esac
@@ -268,20 +307,40 @@ case $distro in
         s pip install pygments
         ;;
     *)
-        pi global python2-pygments
+        pi global
+        ;;&
+    arch)
+        pi  python2-pygments
+        ;;
+    debian|ubuntu)
+        pi python-pygments
         ;;
 esac
 
 
-######### end misc packages #########
+# leave this for last so it doesn't do a bunch of other apps
+# which I want explicitly installed in case I switch DE's
+case $distro in
+    debian)
+        pi task-cinnamon-desktop
+        # in settings, change scrolling to two-finger,
+        # because the default edge scroll doesn\'t work.
+        ;;
+    # others unknown
+esac
 
+######### end misc packages #########
 
 
 # packages I once used before and liked, but don't want installed now for
-# various reasons
+# various reasons:
 # python-sqlite is used for offlineimap
 # lxappearance python-sqlite dolphin paman dconf-editor
 
+
+
+######## unfinished
+
 # todo, finish configuring smart.
 # mostly from https://wiki.archlinux.org/index.php/S.M.A.R.T.
 # turn on smart. background on options:
@@ -307,6 +366,7 @@ DEVICESCAN -a -o on -S on -n standby,q $sched\
 # broken under the default ordering, except the host I was
 # testing with previously had an entry in /etc/hosts.
 
+############# end unfinished
 
 case $distro in
     arch)
@@ -318,14 +378,14 @@ EOF
 esac
 
 
+case $distro in
+    arch|debian|ubuntu) pi btrbk ;;
+    # others unknown
+esac
+
 if [[ $HOSTNAME == treetowl ]]; then
-    case $distro in
-        arch) pi btrbk ;;
-        # others unknown
-    esac
     pi fail2ban
-    s systemctl enable fail2ban
-    s systemctl start fail2ban
+    sgo fail2ban
 fi
 
 
@@ -355,8 +415,9 @@ esac
 # /usr/share/doc/unattended-upgrades# cat README.md
 # /etc/apt/apt.conf.d/50unattended-upgrades
 if isdebian; then
-    pi unattended-upgrade
+    pi unattended-upgrades
     s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
+# this file was mostly just comments.
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::AutocleanInterval "7";
@@ -366,18 +427,24 @@ EOF
 Unattended-Upgrade::Mail "root";
 Unattended-Upgrade::MailOnlyOnError "true";
 Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::Origins-Pattern {
+# default is just upgrade main and security, not updates.
+EOF
+      if isdebian-testing; then
+          cat <<'EOF'
+# for stable, only do security updates.
+       "origin=Debian,codename=${distro_codename},label=Debian-Security";
 EOF
-      if ! is_debian_testing; then
           cat <<'EOF'
-# default is just upgrade main and security, not updates.
-# If it's not testing, just upgrade everything.
 # These are stable packages only getting bugfixes anyways.
-Unattended-Upgrade::Origins-Pattern {
        "origin=*";
+EOF
+          cat <<'EOF'
 };
 EOF
       fi
-    } >/etc/apt/apt.conf.d/50unattended-upgrades
+    } | s dd of=/etc/apt/apt.conf.d/50unattended-upgrades
+    echo $- > /tmp/x
 fi
 
 
@@ -388,25 +455,41 @@ fi
 # but postfix didn't like that
 if [[ ! -L /var/spool/postfix ]]; then
     ser stop postfix
-    s t /q/postfix
+    if [[ -e /q/postfix ]]; then
+        echo "$0: error: /q/postfix exists but not the link to it"
+    fi
     s mv /var/spool/postfix /q
     s lnf /q/postfix /var/spool
     ser start postfix
     journalctl -n 20
 fi
 
-# send mail to a better place than /var/mail/ian
-s sed -i '/^root/d' /etc/aliases ||:
-echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases
+
+# This also works instead of ~/.forward
+# s sed -i '/^root/d' /etc/aliases ||:
+#echo "root: $HOSTNAME@bog.mm.st" | s tee -a /etc/aliases
 # this can't be a symlink and has permission restrictions
 # it might work in /etc/aliases, but this seems more proper.
-e "$HOSTNAME@bog.mm.st" > ~/.forward
+
+if s grep amazonaws /etc/postfix/sasl_passwd &>/dev/null; then
+    forward=x@sallymae.club
+else
+    forward=$HOSTNAME@bog.mm.st
+fi
+e $forward > ~/.forward
+e $forward | s tee /root/.forward
 s newaliases
 
+# if I wanted the from address to be renamed and sent to a different address,
+# echo "sdx@localhost development@localhost" | sudo dd of=/etc/postfix/recipient_canonical
+# sudo postmap hash:/etc/postfix/recipient_canonical
+# sudo service postfix reload
+
+
 # i'm assuming mail just won't work on systems without the sasl_passwd.
 postconfin <<'EOF'
 smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/q/root/sasl_passwd
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 smtp_tls_security_level = secure
 message_size_limit =  20480000
@@ -414,6 +497,7 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 EOF
 # ^ I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
 
+s postmap hash:/etc/postfix/sasl_passwd
 # offlineimap uses this too, it is much easier to use one location than to
 # condition it's config and postfix's config
 case $distro in
@@ -421,8 +505,8 @@ case $distro in
     *) :
 esac
 
-ser enable postfix
-ser start postfix
+s service postfix reload
+sgo postfix
 
 ############ end postfix #######
 
@@ -463,8 +547,8 @@ EOF
         sgo tor
         /a/bin/buildscripts/tor-browser
         ;;
-    debian)
-        tu /etc/apt/sources.list 'deb     http://deb.torproject.org/torproject.org trusty main'
+    ubuntu)
+        tu /etc/apt/sources.list "deb http://deb.torproject.org/torproject.org $(debian-codename) main"
         gpg --keyserver keys.gnupg.net --recv 886DDD89
         gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
         p update
@@ -472,6 +556,10 @@ EOF
         pi tor
         /a/bin/buildscripts/tor-browser
         ;;
+    debian)
+        pi tor
+        /a/bin/buildscripts/tor-browser
+        ;;
     arch)
         pi tor tor-browser-en
         sgo tor
@@ -482,7 +570,7 @@ esac
 # nfs server
 case $distro in
     fedora)
-        read -r -d '' fedora_end_msg <<'EOF'
+        end_msg <<'EOF'
 fedora todo: disable the firewall or find a way to automate it.
 there's an unused section in t.org for tramikssion firewall setup
 
@@ -511,15 +599,17 @@ EOF
         sgo nfs-server
         ;;
 esac
-# nohide = export filesystems mounted deeper than the export point
-# fsid=0 makes this export the "root" export
-# not documented in the man page, but this means
-# 1. it can be mounted with a shorthand of server:/
-# 2. exports that are subdirectories of this one will automatically be mounted
-tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
-s exportfs -rav
-showmount -e localhost
 
+if [[ -e /i/video ]]; then
+    # nohide = export filesystems mounted deeper than the export point
+    # fsid=0 makes this export the "root" export
+    # not documented in the man page, but this means
+    # 1. it can be mounted with a shorthand of server:/
+    # 2. exports that are subdirectories of this one will automatically be mounted
+    tu /etc/exports '/i/video 192.168.1.0/24(rw,fsid=0,nohide,no_root_squash,async,no_subtree_check,insecure)'
+    s exportfs -rav
+    showmount -e localhost
+fi
 
 
 # cron
@@ -528,7 +618,4 @@ if [[ -e $f ]]; then
     $f
 fi
 
-
-if [[ ${distro}_end_msg ]]; then
-    echo ${distro}_end_msg
-fi
+e "$end_msg_var"