From 318c3e403eeab1ec2a507ec6d43881672ff6922f Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 2 Apr 2016 00:09:40 -0700
Subject: [PATCH] various fixes

---
 distro-begin | 194 ++++++++++-----------------------------------------
 distro-end   |  36 +++++++---
 2 files changed, 66 insertions(+), 164 deletions(-)

diff --git a/distro-begin b/distro-begin
index 5dc0359..833ab0b 100755
--- a/distro-begin
+++ b/distro-begin
@@ -66,68 +66,40 @@ umask 0002
 ####### end command line parsing
 
 
-if frodo; then
-    x=/usr/local/bin/iancryptsetup
-    sudo dd of=$x <<'EOF'
-#!/bin/bash -x
-
-# man systemd-cryptsetup-generator
-#man systemd-cryptsetup
-#man systemd-cryptsetup@.service
-
-f=/tmp/iancryptsetup
-ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null \
-  -T -i /p/cryptkeyssh/id_rsa ian@treetowl > $f || exit 0
-
-# example of initial setup of a disk
-#disk=/dev/sdg2
-#echo YES|cryptsetup --verbose luksFormat $disk $f
-## copy $f into paste buffer, then enter memorized pass, which we can use
-## This is for the case of ssh not being available
-#cryptsetup --verbose --verify-passphrase luksAddKey $disk
-
-# initial keyfile can be generated like any random pass
-# head -c 200 /dev/urandom | tr -cd '[:alnum:]' | head -c 80 > keyfile
-
-
-data=(
-b1d7f102-c7cd-40a0-bff0-2d498692b5a7 crypta7
-80649f08-1977-441b-ad8f-246931571702 crypt02
-3ae71d1a-dbd5-4cbe-afa2-c7529c0c4d31 crypt31
-bd4bbf8e-35c1-48e5-bb15-106c1b47792b crypt2b
-c061a929-54fe-4a47-939d-c008ba418246 crypt46
-ec709a4b-1ba7-463f-a1cd-841cb40868f0 cryptf0
-b9f2a980-f57c-4c58-9313-055da09d579c crypt9c
-747b9932-aa98-4552-86ab-657d0ccd4fb0 cryptb0
-afb44dd6-28ba-443b-9ca4-34dc2a95a213 crypt13
-)
-for ((i=0; i<${#data[@]}; i+=2)); do
-  cryptsetup luksOpen --key-file $f UUID=${data[i]} ${data[i+1]}
-done
-for x in a q /mnt/btrfs_root; do
-  mount /$x
-done
-#/a/bin/firefox-link
-exit 0
-EOF
-    sudo chmod +x $x
-    # todo, it needs to wait for networking
-    sudo dd of=/etc/systemd/system/iancrypt.service <<'EOF'
+if encrypted; then
+    # I tried making a service which was dependent on reboot.target,
+    # but it happened too late in the shutdown process.
+    sudo dd of=/etc/systemd/system/keyscripton.service <<'EOF'
 [Unit]
-Description=iancrypt
+Description=Turn on automatic decryption of drives on boot
+After=multi-user.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/local/bin/iancryptsetup
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecStop=/a/bin/keyscript-on
 
 [Install]
 WantedBy=multi-user.target
 EOF
-    sudo systemctl enable iancrypt.service
-    sudo systemctl restart iancrypt.service
-fi
+    sudo systemctl start keyscripton.service
+    sudo systemctl enable keyscripton.service
 
+    sudo dd of=/etc/systemd/system/keyscriptoff.service <<'EOF'
+[Unit]
+Description=Turn off automatic decryption of drives on boot
 
+[Service]
+Type=oneshot
+ExecStart=/a/bin/keyscript-off
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    sudo systemctl enable keyscriptoff.service
+    sudo systemctl start keyscriptoff.service
+fi
 
 if iank-dev; then
     desktop=$(ssh root@iankelling.org grep desktop /etc/hosts | grep -o "^.* ")
@@ -143,31 +115,10 @@ if iank-dev; then
     fi
 fi
 
-# example which will be usefull when redoing desktop
-# if x2; then
-#     f=/etc/fstab
-#     line='/dev/mapper/fedora-a /a  btrfs  noatime 0  1'
-#     if ! grep -Fxq "$line" $f; then
-#         echo "$line" | sudo tee -a $f >/dev/null
-#     fi
-#     if ! mount | grep -q '^/dev/mapper/fedora-a'; then
-#         dir=/a
-#         sudo mkdir -p $dir
-#         sudo chown ian:ian $dir
-#         sudo mount $dir
-#     fi
-# fi
-
-# set noatime.
-sudo sed -ri '/noatime/!s/(ext[234]|btrfs)[[:space:]]+/\1  noatime,/' /etc/fstab
-sudo sed -ri '/noatime/s/relatime,?|defaults,?//g' /etc/fstab
-
-
 # this script has been designed to be idempotent
 # todo, it would be nice to cut down on some of the output
 
 
-
 # output is below so shellcheck can verify sources
 for x in /a/bin/bash-programs-by-ian/repos/{errhandle,tee-unique,lnf}/*-function; do
     echo "# shellcheck source=$x";
@@ -239,20 +190,20 @@ isfedora && tu /etc/sysctl.conf 'kernel.sysrq = 1'
 
 if isdebian; then
     # add contrib non-free to sources for main
-    s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list
+    s sed -i 's/^\(deb.* main\).*/\1 contrib non-free/' /etc/apt/sources.list.d/*
 
     # non-existent var, as Im not planning to use stable right now
     if isdebian-stable; then
         code=$(debian-codename)
-        s dd of=/etc/apt/sources.list.d/mozilla-iceweasel <<EOF
-deb http://mozilla.debian.net/ $code-backports iceweasel-release
-deb-src http://mozilla.debian.net/ $code-backports iceweasel-release
+        s dd of=/etc/apt/sources.list.d/mozilla-iceweasel.list <<EOF
+deb http://mozilla.debian.net/ $code-backports firefox-release
+deb-src http://mozilla.debian.net/ $code-backports firefox-release
 EOF
 
         # we change the mirror from the default, so we cant use tu
-        s dd of=/etc/apt/sources.list.d/main-backports <<EOF
-deb http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
-deb-src http://ftp.us.debian.org/debian/ $code-backports main contrib non-free
+        s dd of=/etc/apt/sources.list.d/main-backports.list <<EOF
+deb http://http.debian.net/debian $code-backports main contrib non-free
+deb-src http://http.debian.net/debian $code-backports main contrib non-free
 EOF
 
         p update
@@ -326,12 +277,11 @@ s lnf /a/sdx{,d} /
 # NOTE: only /a needs to be mounted for creating links!
 ###########################################
 
-# todo: this is desktop specific. on work comp, mkdir /p/.editor-backups
 # todo: reconcile ~/.ssh/config work/home
+s lnf -T /q/p /p
 if has_p; then
     lnf -T /p/offlineimap ~/Maildir
     lnf -T /p/News ~/News
-    s lnf -T /q/p /p
     # don't use /* because I don't want to require it to be mounted
     s lnf /q/root/.editor-backups /q/root/.undo-tree-history \
       /q/root/.ssh /a/opt \
@@ -354,7 +304,7 @@ fi
 # basic needed packages
 case $(distro-name) in
     debian)
-        pi $( isdebian-stable && e -t $code-backports ) iceweasel
+        pi  firefox$( isdebian-stable && e /$code-backports )
         # for hosts which require nonfree drivers
         case $HOSTNAME in
             tp|x2) : ;;
@@ -393,7 +343,7 @@ case $(distro-name) in
         ;;&
 esac
 
-pi xbindkeys xkbset cryptsetup unison
+pi xbindkeys xkbset cryptsetup
 
 pi lvm2
 # enables trim for volume delete, other rare commands.
@@ -425,55 +375,10 @@ if has_p; then
     s chown root:ian /q
     s chmod 755 /q
 
-    if treetowl; then
-        # get uuids from blkid and lvdisplay
-        # at times Ive done this through the installer. not anymore
-        tu /etc/fstab<<'EOF'
-/dev/mapper/cswap1  none  swap  sw  0 0
-/dev/mapper/q  /q  ext4  noatime  0 2
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715  /i  btrfs  noatime  0 2
-UUID=3f7b31cd-f299-40b4-a86b-7604282e2715  /mnt/btrfs_root  btrfs noatime,subvolid=0  0 2
-EOF
-        s mkdir -p /mnt/btrfs_root
-        s dd of=/etc/crypttab <<'EOF'
-# i used to use UUID=<uuid> from cryptsetup luksUUID /dev/mapper/ianvg1-q
-# however, it doesn't work for lvm volumes when opening on the command line,
-# So, just using the thing which works both ways.
-q /dev/mapper/vg_treetowl00-lv01 none luks,discard,noauto
-# based on cryptsetup's README.Debian, and FAQ
-cswap1 /dev/mapper/vg_treetowl00-lv00  /dev/urandom	swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,discard,noearly
-EOF
-        s chmod 600 /etc/crypttab
-
-        s systemctl daemon-reload
-        s systemctl restart systemd-cryptsetup@q.service
-        s mount /q
-
-        s systemctl restart systemd-cryptsetup@cswap1.service
-        # old ways:
-        # s update-rc.d cryptdisks enable
-
-        # misc notes about when messing around with jessie:
-        # # this was useful on debian jessie:
-        # systemd-tty-ask-password-agent --query
-        # according to the broadcast message
-        # jessie also still had /etc/init.d/cryptdisks,
-        # which seemed to work only with reload, and it seems deprecated
-        # and cryptdisks_start q, also prolly deprecated
-
-    fi
-
-
 
 fi
 
 
-
-# exptected directory for .editor-backups
-if ! has_p; then
-    s lnf /a/p /
-fi
-
 /a/bin/conflink
 
 
@@ -586,6 +491,7 @@ if isarch; then
     makepkg -si --noconfirm
     popd
     rm -rf $x
+    pi hunspell hunspell-en
 else
     # to disable emacs git build,
     # s apt-get install emacs
@@ -628,33 +534,10 @@ pi cabal-install
 cabal update
 PATH="$PATH:$HOME/.cabal/bin"
 
-# trying out the distro's versions newer distros
-if isdebian-stable || isubuntu; then
-    # todo: on ubuntu 12.04, needed to install  zlib1g-dev
-    cabal install cabal-install
-    pu cabal-install
-    # just guessed at this after getting /bin/ld cannot find -lHSmtl or something
-    t ~/.ghc
-
-
-    cabal update
-    # todo, work machine required some packages libx11-dev libxrandr-dev libxft2-dev
-    cabal install xmonad
-    cabal install xmonad-contrib
-    # work machine:
-    # pi tasksel. select openssh server, basic server, large font selection
-
-    #http://comments.gmane.org/gmane.comp.lang.haskell.xmonad/13871
-    cat <<'EOF'
-manual steps required:
-xfce, "Session and Startup" > "Application Autostart"
-Add
-Name: xmonad
-Description: xmonad --replace
-Command: delayed-xmonad
-EOF
+# todo, on older ubuntu I used cabal xmonad + xfce,
+# see /a/bin/old-unused/xmonad-cabal.sh
 
-else
+# trying out the distro's versions newer distros
     pi xmonad
     if isarch; then
         # for displaying error messages.
@@ -668,7 +551,6 @@ else
     else
         pi suckless-tools
     fi
-fi
 pi dmenu
 
 if isdeb && (tp || x2); then
diff --git a/distro-end b/distro-end
index 40282d0..8ba5ffd 100755
--- a/distro-end
+++ b/distro-end
@@ -26,7 +26,6 @@ x=(
     bwm-ng
     chromium
     duplicity
-    fail2ban
     fdupes
     filelight
     gdb
@@ -66,7 +65,6 @@ esac
 
 ####### misc packages ###########
 
-
 case $distro in
     # tk for gitk
     arch) pi git tk ;;
@@ -329,6 +327,11 @@ case $distro in
     # others unknown
 esac
 
+case $distro in
+    arch) pi apg  ;;
+    # already in debian jessie
+esac
+
 ######### end misc packages #########
 
 
@@ -368,6 +371,17 @@ DEVICESCAN -a -o on -S on -n standby,q $sched\
 
 ############# end unfinished
 
+########### misc stuff
+
+if [[ `debian-archive` == stable ]]; then
+    s dd of=/etc/apt/preferences.d/unison-gtk <<'EOF'
+Explanation: Allow unison-gtk to be upgraded
+Package: unison-gtk
+Pin: release a=unstable
+Pin-Priority: 500
+EOF
+fi
+
 case $distro in
     arch)
         # default is alsa, doesn\'t work with with pianobar
@@ -383,7 +397,10 @@ case $distro in
     # others unknown
 esac
 
-if [[ $HOSTNAME == treetowl ]]; then
+if [[ $HOSTNAME == treetowl ]] && [[ `debian-archive` != testing ]]; then
+        # fail2 ban is broken, with a workaround, per
+    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
+    # ill wait a while to see if it gets fixed
     pi fail2ban
     sgo fail2ban
 fi
@@ -432,9 +449,10 @@ Unattended-Upgrade::Origins-Pattern {
 EOF
       if isdebian-testing; then
           cat <<'EOF'
-# for stable, only do security updates.
+# for testing, only do security updates.
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
 EOF
+      else
           cat <<'EOF'
 # These are stable packages only getting bugfixes anyways.
        "origin=*";
@@ -455,13 +473,15 @@ fi
 # but postfix didn't like that
 if [[ ! -L /var/spool/postfix ]]; then
     ser stop postfix
-    if [[ -e /q/postfix ]]; then
+    n=/q/postfix-`distro-name``debian-archive`
+    if [[ -e $n ]]; then
         echo "$0: error: /q/postfix exists but not the link to it"
+        exit 1
     fi
-    s mv /var/spool/postfix /q
-    s lnf /q/postfix /var/spool
+    s mv /var/spool/postfix $n
+    s lnf -T $n /var/spool/postfix
     ser start postfix
-    journalctl -n 20
+    journalctl -n 20 | cat
 fi
 
 
-- 
2.30.2