From 34e482dd1ec8c493ed5ecbd24714d7b8f6e72506 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 12 Aug 2024 18:25:37 +0200 Subject: [PATCH 01/16] Add new testing tree. --- testing/apt-mark/all | 12 + testing/apt-mark/h610m | 10 + testing/apt-mark/user | 56 ++ .../apt/apt.conf.d/99_minimize_dependencies | 4 + testing/etc_files/all/etc/apt/sources.list | 2 + testing/etc_files/all/etc/default/locale | 1 + testing/etc_files/all/etc/locale.gen | 483 ++++++++++++++++++ testing/etc_files/all/etc/timezone | 1 + testing/home_files/h610m/.xinitrc_bonus | 2 + testing/home_files/minimal/.bashrc | 30 ++ testing/home_files/root/.shell_prompt_color | 1 + testing/home_files/user/.Xresources | 56 ++ testing/home_files/user/.borgrepos | 4 + testing/home_files/user/.config/i3/config | 86 ++++ .../home_files/user/.config/i3status/config | 82 +++ testing/home_files/user/.emacs.d/init.el | 323 ++++++++++++ testing/home_files/user/.gitconfig | 3 + testing/home_files/user/.mbsyncrc | 28 + testing/home_files/user/.notmuch-config | 9 + testing/home_files/user/.shell_prompt_color | 1 + testing/home_files/user/.tridactylrc | 18 + testing/home_files/user/.xinitrc | 19 + testing/home_files/user/mail_sync.sh | 44 ++ testing/home_files/user/public_repos/repos | 8 + testing/setup_scripts/_setup.sh | 34 ++ testing/setup_scripts/copy_dirtree.sh | 29 ++ testing/setup_scripts/install_for_target.sh | 18 + testing/setup_scripts/misc.sh | 44 ++ .../setup_scripts/set_hostname_and_fqdn.sh | 49 ++ testing/setup_scripts/setup_desktop.sh | 44 ++ 30 files changed, 1501 insertions(+) create mode 100644 testing/apt-mark/all create mode 100644 testing/apt-mark/h610m create mode 100644 testing/apt-mark/user create mode 100644 testing/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies create mode 100644 testing/etc_files/all/etc/apt/sources.list create mode 100644 testing/etc_files/all/etc/default/locale create mode 100644 testing/etc_files/all/etc/locale.gen create mode 100644 testing/etc_files/all/etc/timezone create mode 100644 testing/home_files/h610m/.xinitrc_bonus create mode 100644 testing/home_files/minimal/.bashrc create mode 100644 testing/home_files/root/.shell_prompt_color create mode 100644 testing/home_files/user/.Xresources create mode 100644 testing/home_files/user/.borgrepos create mode 100644 testing/home_files/user/.config/i3/config create mode 100644 testing/home_files/user/.config/i3status/config create mode 100644 testing/home_files/user/.emacs.d/init.el create mode 100644 testing/home_files/user/.gitconfig create mode 100644 testing/home_files/user/.mbsyncrc create mode 100644 testing/home_files/user/.notmuch-config create mode 100644 testing/home_files/user/.shell_prompt_color create mode 100644 testing/home_files/user/.tridactylrc create mode 100644 testing/home_files/user/.xinitrc create mode 100755 testing/home_files/user/mail_sync.sh create mode 100644 testing/home_files/user/public_repos/repos create mode 100755 testing/setup_scripts/_setup.sh create mode 100755 testing/setup_scripts/copy_dirtree.sh create mode 100755 testing/setup_scripts/install_for_target.sh create mode 100644 testing/setup_scripts/misc.sh create mode 100755 testing/setup_scripts/set_hostname_and_fqdn.sh create mode 100755 testing/setup_scripts/setup_desktop.sh diff --git a/testing/apt-mark/all b/testing/apt-mark/all new file mode 100644 index 0000000..617b707 --- /dev/null +++ b/testing/apt-mark/all @@ -0,0 +1,12 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales +# extremely useful for basic network debugging; missed these more than once in an emergency +netcat-traditional +iputils-ping diff --git a/testing/apt-mark/h610m b/testing/apt-mark/h610m new file mode 100644 index 0000000..fac5b05 --- /dev/null +++ b/testing/apt-mark/h610m @@ -0,0 +1,10 @@ +# for X to start at all +linux-headers-amd64 +#nvidia-driver +#firmware-misc-nonfree +# X input: keyboard +xserver-xorg-input-evdev +# CUDA +#nvidia-cuda-dev +#nvidia-cuda-toolkit + diff --git a/testing/apt-mark/user b/testing/apt-mark/user new file mode 100644 index 0000000..1a6301d --- /dev/null +++ b/testing/apt-mark/user @@ -0,0 +1,56 @@ +# to avoid booting problems with encrypted LVM, see +cryptsetup-initramfs +lvm2 +# this provides setupcon which reads /etc/default/console-setup +console-setup +# for startx +xinit +# for xrdb +x11-xserver-utils +# for startx to run for non-root user +libpam-systemd +# window environment +i3 +i3status +suckless-tools +xterm +# to get sleepy at night +redshift +# for alsamixer +alsa-utils +# also useful +vim +sudo +less +man-db +manpages +procps +## firefox install dependencies +#wget +#bzip2 +## firefox running dependencies +#libgtk-3-0 +#libdbus-glib-1-2 +# tridactyl install recommendations +vim-gtk3 +curl +## for firefox to emit sound +#pulseaudio +# emacs +emacs +emacs-common-non-dfsg +emacs-el +elpa-ledger +ledger +# to mount encrypted USB stick and use its contents +pmount +cryptsetup +openssh-client +# for syncing +borgbackup +# mail setup +isync +notmuch +elpa-notmuch +pinentry-gtk2 +# diff --git a/testing/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/testing/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/testing/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/testing/etc_files/all/etc/apt/sources.list b/testing/etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..a270a56 --- /dev/null +++ b/testing/etc_files/all/etc/apt/sources.list @@ -0,0 +1,2 @@ +deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware +deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware diff --git a/testing/etc_files/all/etc/default/locale b/testing/etc_files/all/etc/default/locale new file mode 100644 index 0000000..dd6eee3 --- /dev/null +++ b/testing/etc_files/all/etc/default/locale @@ -0,0 +1 @@ +LANG="en_US.UTF-8" diff --git a/testing/etc_files/all/etc/locale.gen b/testing/etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/testing/etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/testing/etc_files/all/etc/timezone b/testing/etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/testing/etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/testing/home_files/h610m/.xinitrc_bonus b/testing/home_files/h610m/.xinitrc_bonus new file mode 100644 index 0000000..1eaa7e8 --- /dev/null +++ b/testing/home_files/h610m/.xinitrc_bonus @@ -0,0 +1,2 @@ +# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions. +xset s noblank diff --git a/testing/home_files/minimal/.bashrc b/testing/home_files/minimal/.bashrc new file mode 100644 index 0000000..5c1d6b2 --- /dev/null +++ b/testing/home_files/minimal/.bashrc @@ -0,0 +1,30 @@ +# Settings for interactive shells. + +# Fancy colors for ls. +alias ls="ls --color=auto" + +# Other helpful aliases +alias sshauth='eval $(ssh-agent) && ssh-add' +# alias xrandrbig='xrandr --output LVDS-1 --off' + +# Use vim as default editor for anything. +export VISUAL=vim +export EDITOR=$VISUAL + +# Colored prompt with username, hostname, date/time, directory. +colornumber=7 # Default to white if no color set via colornumber dotfile. +colornumber_file=~/.shell_prompt_color +if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` +fi +tput_color="$(tput setaf $colornumber)$(tput bold)" +tput_reset="$(tput sgr0)" +# Bash confuses the line length when not told to not count escape sequences. +if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" +fi +PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" +PS2="${tput_color}> $tput_reset" +PS3="${tput_color}select: $tput_reset" +PS4="${tput_color}+ $tput_reset" diff --git a/testing/home_files/root/.shell_prompt_color b/testing/home_files/root/.shell_prompt_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/testing/home_files/root/.shell_prompt_color @@ -0,0 +1 @@ +1 diff --git a/testing/home_files/user/.Xresources b/testing/home_files/user/.Xresources new file mode 100644 index 0000000..45b10af --- /dev/null +++ b/testing/home_files/user/.Xresources @@ -0,0 +1,56 @@ +! otherwise various applications will assume merely 8 colors +XTerm.termName: xterm-256color + +! font +! actually, "mono" is already the default for faceName (it will +! pick whatever fc-match mono delivers), but we need to set _some_ +! faceName to trigger XTerm activating TrueType fonts +! (XTerm*fontRender by itself won't do the trick), and we want +! TrueType fonts because, well, they scale better, and XTerm lets them +! fall back on alternatives (hi there ttf-unifont) when a Unicode +! glyph is not found +XTerm*faceName: mono + +! white on black +XTerm*reverseVideo: on + +! blink screen instead of sound +XTerm*visualBell: on + +! proper ALT as META key treatment +XTerm*eightBitInput: false + +! font sizes +XTerm*faceSize: 8 +XTerm*faceSize1: 4 +XTerm*faceSize2: 5 +XTerm*faceSize3: 6 +XTerm*faceSize4: 8 +XTerm*faceSize5: 14 +XTerm*faceSize6: 25 + +! colors +! black +XTerm*color0: #202020 +XTerm*color8: #3F3F3F +! red +XTerm*color1: #A82020 +XTerm*color9: #E82020 +! green +XTerm*color2: #20A820 +XTerm*color10: #20E820 +! yellow +XTerm*color3: #A8A820 +XTerm*color11: #E8E820 +! blue +XTerm*color4: #3F3FFF +XTerm*color12: #9F9FFF +! magenta +XTerm*color5: #A83FFF +XTerm*color13: #E89FFF +! cyan +XTerm*color6: #3FA8FF +XTerm*color14: #9FE8FF +! white +XTerm*color7: #A8A8A8 +XTerm*color15: #E8E8E8 diff --git a/testing/home_files/user/.borgrepos b/testing/home_files/user/.borgrepos new file mode 100644 index 0000000..c40eee3 --- /dev/null +++ b/testing/home_files/user/.borgrepos @@ -0,0 +1,4 @@ +plom@plomlompom.com +plom@mail.plomlompom.com +plom@play.plomlompom.com +# file read ends at last newline diff --git a/testing/home_files/user/.config/i3/config b/testing/home_files/user/.config/i3/config new file mode 100644 index 0000000..7e4af34 --- /dev/null +++ b/testing/home_files/user/.config/i3/config @@ -0,0 +1,86 @@ +# plomlompom's i3-wm configuration + +# Font for i3 text +font pango:Terminus 8px + +# Force "tabbed" as default layout for new windows. +workspace_layout tabbed + +# Make the Windows key the modifier key for all i3-wm actions. +set $mod Mod4 +floating_modifier $mod + +# Launch xterm. +bindsym $mod+Return exec xterm + +# Launch programs via dmenu. +bindsym $mod+d exec dmenu_run +bindsym $mod+x exec dmenu_run + +# Kill window. +bindsym $mod+Shift+Q kill + +# Move focus between windows. +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Don't move focus with mouse. +focus_follows_mouse no + +# Move windows. +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# Resize windows +bindsym $mod+h resize shrink width 1 px or 1 ppt +bindsym $mod+l resize grow width 1 px or 1 ppt +bindsym $mod+j resize shrink height +bindsym $mod+k resize grow height + +# Toggle fullscreen for focused window. +bindsym $mod+f fullscreen + +# Toggle floating of window, focus on floating or tabbed windows. +bindsym $mod+Shift+space floating toggle +bindsym $mod+space focus mode_toggle + +# Switch to workspace x. +bindsym $mod+1 workspace 1 +bindsym $mod+2 workspace 2 +bindsym $mod+3 workspace 3 +bindsym $mod+4 workspace 4 +bindsym $mod+5 workspace 5 +bindsym $mod+6 workspace 6 +bindsym $mod+7 workspace 7 +bindsym $mod+8 workspace 8 +bindsym $mod+9 workspace 9 +bindsym $mod+0 workspace 10 + +# Move window to workspace x. +bindsym $mod+Shift+exclam move workspace 1 +bindsym $mod+Shift+quotedbl move workspace 2 +bindsym $mod+Shift+section move workspace 3 +bindsym $mod+Shift+dollar move workspace 4 +bindsym $mod+Shift+percent move workspace 5 +bindsym $mod+Shift+ampersand move workspace 6 +bindsym $mod+Shift+slash move workspace 7 +bindsym $mod+Shift+parenleft move workspace 8 +bindsym $mod+Shift+parenright move workspace 9 +bindsym $mod+Shift+equal move workspace 10 + +# Reload i3 config file, restart (keeping sesion) i3, exit i3. +bindsym $mod+Shift+C reload +bindsym $mod+Shift+R restart +bindsym $mod+Shift+P exit + +# Select "i3status" as i3 status bar, hide systray icons. +bar { + tray_output none + status_command i3status +} + +include ~/.config/i3/config_bonus diff --git a/testing/home_files/user/.config/i3status/config b/testing/home_files/user/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/testing/home_files/user/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/testing/home_files/user/.emacs.d/init.el b/testing/home_files/user/.emacs.d/init.el new file mode 100644 index 0000000..3868a75 --- /dev/null +++ b/testing/home_files/user/.emacs.d/init.el @@ -0,0 +1,323 @@ +;; general layout +;; ============== + +;; need no stinkin emacs help screen as start up, and no menu bar +(setq inhibit-startup-screen t) +(menu-bar-mode -1) + +;; highlight cursor line, parentheses +(global-hl-line-mode 1) +(show-paren-mode 1) + +;; show line numbers, use separator space +(global-linum-mode) +(setq linum-format "%d ") + +;; count cursor column, row in mode line +(setq column-number-mode t) + +;; settings to make GUI tolerable +(if window-system + (progn + (add-to-list 'default-frame-alist '(foreground-color . "white")) + (add-to-list 'default-frame-alist '(background-color . "black")) + (set-face-attribute 'default nil :height 80) + (scroll-bar-mode -1) + (setq visible-bell t) + (setq linum-format "%d"))) + +;; use as default browser what XDG offers +(setq-default browse-url-browser-function 'browse-url-xdg-open) + + + +;; general keybindings +;; =================== + +;; create and use a minimal global map using just the self-insert command +;; bindings and a selection of some to me very common keystrokes +(setq minimal-map (make-sparse-keymap)) +(substitute-key-definition 'self-insert-command 'self-insert-command + minimal-map global-map) +(use-global-map minimal-map) +(global-set-key (kbd "DEL") 'backward-delete-char-untabify) +(global-set-key (kbd "RET") 'newline) +(global-set-key (kbd "TAB") 'indent-for-tab-command) +(global-set-key (kbd "") 'previous-line) +(global-set-key (kbd "") 'next-line) +(global-set-key (kbd "") 'left-char) +(global-set-key (kbd "") 'right-char) +(global-set-key (kbd "") 'scroll-down-command) +(global-set-key (kbd "") 'scroll-up-command) +(global-set-key (kbd "M-x") 'execute-extended-command) +(global-set-key (kbd "C-g") 'keyboard-quit) +;(global-set-key (kbd "") 'kmacro-start-macro-or-insert-counter) +;(global-set-key (kbd "") 'kmacro-end-or-call-macro) +;; note how to switch back to the original map: (use-global-map global-map) +(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs + + + +;; minibuffer +;; ========== + +;; incremental minibuffer completion +(icomplete-mode 1) + + + +;; text editing +;; ============ + +;; tabs are evil +(setq-default indent-tabs-mode nil) +(setq-default tab-width 4) +(setq indent-line-function 'insert-tab) + +;; show trailing whitespace +(setq-default show-trailing-whitespace 1) + +;; on save, ask whether to ensure text file's last line ends in a +;; newline character +(setq require-final-newline 1) + +;; use dedicated directory for version-controlled, endless backups; +;; never delete old versions +(setq make-backup-files t + backup-directory-alist `(("." . "~/.emacs_backups")) + backup-by-copying t + version-control t + delete-old-versions 1) ;; neither t nor nil: never delete + + +;; package management +;; ================== + +;; where we get packages from +(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") + ("melpa-unstable" . "https://melpa.org/packages/") + ("melpa-stable" . "https://stable.melpa.org/packages/"))) + +;; ensure certain packages are installed (actually, we use Debian repos here) +;; credit to +;(setq package-list '(elfeed ledger-mode)) +;(package-initialize) +;(dolist (package package-list) +; (unless (package-installed-p package) +; (package-install package))) + + + +;;; window management +;;; ================= +; +;;; track window configurations to allow window config undo +;(winner-mode 1) + + + +;; mail setup +;; ========== + +(setq send-mail-function 'smtpmail-send-it) +(setq smtpmail-smtp-server "mail.plomlompom.com") +(setq smtpmail-smtp-service 465) +(setq smtpmail-stream-type 'ssl) +(setq smtpmail-smtp-user "plom") +(setq mml-secure-openpgp-encrypt-to-self t) +(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) + +;(setq gnutls-log-level 0) + +;; if we don't set this, we get this warning: +;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange +;; has been lowered to 256 bits and this may allow decryption of the session data +(setq gnutls-min-prime-bits 1024) + +;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the +;; stream process, seemingly unless the /message/ function is called at the right +;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest +;; in /network-stream-get-response/ right after "(goto-char start)"; this works +;; unless /inhibit_message/ is set, indicating that writing to the *Messages* +;; buffer is not relevant, but maybe writing to the echo area is); activing the +;; gnutls logging is just a hack to achieve such calls to /message/ in the +;; /network-stream-open-tls/ flow. +(setq gnutls-log-level 1) ; miraculously makes smtpmail work + +;; constructs From: domain if mail composer directly called (from without +;; notmuch), but we don't actually intend to do that +;(setq mail-host-address "plomlompom.com") + +;; otherwise notmuch becomes extremely slow in some cases +(setq-default notmuch-show-indent-content nil) + +;; this only works if we use notmuch-mua-send instead of message-send +(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) + +;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" +;; in the message ID +(setq mail-host-address "plomlompom.com") + +;; notmuch saved searches +(setq notmuch-saved-searches + '((:name "inbox" :query "tag:unread and folder:inbox") + (:name "all" :query "tag:unread not folder:maildir/Trash") + (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") + (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") + (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") + (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") + (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) + + + +;; org mode +;; ======== + +;; unsure why, but to re-set the key map, we not only have to explicitely do it +;; only after org-mode loading, but also have to explicitely overwrite the +;; C-c keybinding; TODO: investigate +(with-eval-after-load 'org + (setq org-mode-map (make-sparse-keymap)) + (define-key org-mode-map (kbd "C-c") nil) + (define-key org-mode-map (kbd "TAB") 'org-cycle) + (define-key org-mode-map (kbd "") 'org-shifttab)) + +;; don't truncate lines by default +(setq org-startup-truncated nil) + +;; basic org-capture config +(setq org-capture-templates + '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) +(add-hook 'org-capture-mode-hook 'evil-insert-state) + +;; agenda view on startup +(load-library "find-lisp") +(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) +(setq org-agenda-span 90) +(setq org-agenda-use-time-grid nil) +(add-hook 'emacs-startup-hook (lambda () + (org-agenda-list) + (switch-to-buffer "*Org Agenda*") + (other-window 1))) + +;;; for calendar, use ISO date style +;(setq calendar-date-style 'iso) +;(setq diary-number-of-entries 7) +;(diary) +;(setq org-agenda-time-grid '((today require-timed remove-match) +; #("----------------" 0 16 (org-heading t)) +; (0 200 400 600 800 1000 1200 +; 1400 1600 1800 2000 2200))) + +;; empty org-agenda-mode keybindings +(add-hook 'org-agenda-mode-hook + (lambda () + (setq org-agenda-mode-map (make-sparse-keymap)))) +(add-hook 'org-agenda-mode-hook + (lambda () + (use-local-map (make-sparse-keymap)))) + +;; org-publish-all +(setq org-publish-project-alist + '( + ("website" + :base-directory "~/org/web/" + :base-extension "org" + :publishing-directory "~/html/" + :recursive t + :publishing-function org-html-publish-to-html + :headline-levels 4 ; Just the default for this project. + :auto-preamble t + ))) + +;; use [ki:] syntax to hide stuff from exports +(defun classify-information (text backend info) + "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." + (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) +(add-hook 'org-export-filter-plain-text-functions 'classify-information) + +;; add HTML validator link to exports +(setq org-html-validation-link "Validate") + + + +;;; Info mode +;;; ========= + +(setq Info-mode-map (make-sparse-keymap)) +(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) +(define-key Info-mode-map (kbd "u") 'Info-up) +(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) +(define-key Info-mode-map (kbd "") 'Info-prev-reference) +(define-key Info-mode-map (kbd "H") 'Info-history-back) +(define-key Info-mode-map (kbd "L") 'Info-history-forward) +(define-key Info-mode-map (kbd "I") 'Info-goto-node) +(define-key Info-mode-map (kbd "i") 'Info-index) + + + +;; help mode +;; ========= + +(setq help-mode-map (make-sparse-keymap)) +(define-key help-mode-map (kbd "TAB") 'forward-button) +(define-key help-mode-map (kbd "RET") 'help-follow) +(define-key help-mode-map (kbd "") 'backward-button) + + + +; ;; elfeed +; ;; ====== +; +; (require 'elfeed) ; needed so we can set the font faces +; (set-face-background 'elfeed-search-title-face "magenta") +; (set-face-background 'elfeed-search-unread-count-face "magenta") +; (setq elfeed-feeds +; '("https://capsurvival.blogspot.com/feeds/posts/default" +; "https://jungle.world/rss.xml" +; "http://news.dieweltistgarnichtso.net/bin/index.xml" +; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" +; "http://www.tagesschau.de/xml/atom")) +; (setq elfeed-search-mode-map (make-sparse-keymap)) +; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) +; (defun elfeed-search-mark-as-read() (interactive) +; (elfeed-search-untag-all 'unread)) +; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) +; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) +; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) +; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) +; (setq elfeed-show-mode-map (make-sparse-keymap)) +; (define-key elfeed-show-mode-map (kbd "u") 'elfeed) +; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) +; (define-key elfeed-show-mode-map (kbd "") 'shr-previous-link) +; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) +; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) +; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) +; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) +; +; +; +; ;; eww +; ;; === +; +; (setq eww-mode-map (make-sparse-keymap)) +; (define-key eww-mode-map (kbd "TAB") 'shr-next-link) +; (define-key eww-mode-map (kbd "") 'shr-previous-link) +; (define-key eww-mode-map (kbd "H") 'eww-back-url) +; (define-key eww-mode-map (kbd "L") 'eww-forward-url) + + + +;; ledger +;; ====== +(setq ledger-mode-map (make-sparse-keymap)) +(define-key ledger-mode-map (kbd "TAB") 'completion-at-point) + + + +;;; plomvi mode +;;; =========== + +(defvar plomvi-return-combo (kbd "C-c")) +(load "~/public_repos/plomvi.el/plomvi.el") +(plomvi-global-mode 1) diff --git a/testing/home_files/user/.gitconfig b/testing/home_files/user/.gitconfig new file mode 100644 index 0000000..8967d25 --- /dev/null +++ b/testing/home_files/user/.gitconfig @@ -0,0 +1,3 @@ +[user] + email = c.heller@plomlompom.de + name = Christian Heller diff --git a/testing/home_files/user/.mbsyncrc b/testing/home_files/user/.mbsyncrc new file mode 100644 index 0000000..59d01a9 --- /dev/null +++ b/testing/home_files/user/.mbsyncrc @@ -0,0 +1,28 @@ +IMAPAccount plom +# Address to connect to +Host mail.plomlompom.com +User plom +# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, +# therefore the pw in ~/.authinfo should not be longer than that. +PassCmd "cat ~/.authinfo | cut -d' ' -f8-" +SSLType IMAPS +AuthMechs LOGIN + +IMAPStore core-remote +Account plom + +MaildirStore core-local +# The trailing "/" is important +Path ~/mail/maildir/ +Inbox ~/mail/inbox/ + +Channel core +Far :core-remote: +Near :core-local: +Patterns * +# Automatically create missing mailboxes, both locally and on the server +Create Both +# Save the synchronization state files in the relevant directory +SyncState * +# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere +Expunge Both diff --git a/testing/home_files/user/.notmuch-config b/testing/home_files/user/.notmuch-config new file mode 100644 index 0000000..9532761 --- /dev/null +++ b/testing/home_files/user/.notmuch-config @@ -0,0 +1,9 @@ +[database] +path=/home/plom/mail +[search] +exclude_tags=deleted;spam; +# the fields below set the From: if the mail composer is called from +# within notmuch +[user] +name=Christian Heller +primary_email=plom@plomlompom.com diff --git a/testing/home_files/user/.shell_prompt_color b/testing/home_files/user/.shell_prompt_color new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/testing/home_files/user/.shell_prompt_color @@ -0,0 +1 @@ +2 diff --git a/testing/home_files/user/.tridactylrc b/testing/home_files/user/.tridactylrc new file mode 100644 index 0000000..8da0831 --- /dev/null +++ b/testing/home_files/user/.tridactylrc @@ -0,0 +1,18 @@ +# sanitize tridactyllocal tridactylsync +# guiset tabs always +# guiset hoverlink left +# guiset statuspanel right +autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit +# bind ö fillcmdline find +# bind n findnext 1 +# bind N findnext -1 +bind j scrollline 3 +bind k scrollline -3 +set hintuppercase false +set searchengine duckduckgo +set theme midnight +set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search= +set searchurls.dictcc https://www.dict.cc/?s= +set hintchars 123456qwertasdfgyxcvb +guiset gui none +escapehatch diff --git a/testing/home_files/user/.xinitrc b/testing/home_files/user/.xinitrc new file mode 100644 index 0000000..e1cbd6a --- /dev/null +++ b/testing/home_files/user/.xinitrc @@ -0,0 +1,19 @@ +# X init configuration + +# Set keymap. +setxkbmap de + +# Map CapsLock to Compose key. +xmodmap -e "clear Lock" +xmodmap -e "keycode 66 = Multi_key" + +# Load xterm settings +xrdb -merge ~/.Xresources + +# Redshift to Berlin, Germany. +redshift -rl 53:13 & + +sh .xinitrc_bonus + +# Launch window manager. +i3 diff --git a/testing/home_files/user/mail_sync.sh b/testing/home_files/user/mail_sync.sh new file mode 100755 index 0000000..ffe6b4a --- /dev/null +++ b/testing/home_files/user/mail_sync.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e + +basedir="/home/plom/mail/maildir/" +# Ensure directories exist for all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + if [ ! -d "${target_dir}" ]; then + echo "Directory ${target_dir} does not exist." + exit 1 + fi +done + +# Ensure all "dir:*"-tagged mails are in proper directories, +# remove all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + for f in $(notmuch search --output=files tag:"${tag}"); do + new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') + target_path="${target_dir}${new_name}" + if [ ! "${target_path}" = "${f}" ]; then + echo "Moving ${f} to ${target_path}." + mv "${f}" "${target_path}" + # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix + fi + done + notmuch tag -"${tag}" tag:"${tag}" +done + +# Remove all "deleted"-tagged files from maildirs. +notmuch search --output=files tag:deleted | while read f; do + echo "Deleting ${f}" + rm "${f}" +done + +# Sync changes back to server and update notmuch index. +mbsync -a +notmuch new diff --git a/testing/home_files/user/public_repos/repos b/testing/home_files/user/public_repos/repos new file mode 100644 index 0000000..2414eec --- /dev/null +++ b/testing/home_files/user/public_repos/repos @@ -0,0 +1,8 @@ +# List of repos we want cloned in ~/public_repos +config +pingmail.git +plomlombot-irc.git +plomrogue +plomrogue2-experiments +plomvi.el +misc diff --git a/testing/setup_scripts/_setup.sh b/testing/setup_scripts/_setup.sh new file mode 100755 index 0000000..0c28d60 --- /dev/null +++ b/testing/setup_scripts/_setup.sh @@ -0,0 +1,34 @@ +#!/bin/sh +set -e +. ./misc.sh + +expect_n_args 2 "(hostname, FQDN)" "$@" +hostname="$1" +fqdn="$2" +shift 2 + +cd "${setup_scripts_dir}" + +# Adapt /etc/ to our needs by copying from ./etc_files. This will set +# basic configurations affecting following steps, such as setup of APT +# and the locale selection, so needs to be right at the beginning. +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@" + +# Set hostname and FQDN. +./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" + +# Ensure package installation state as defined by what packages are +# defined as required by Debian policy and by settings in ./apt-mark/. +apt update +./install_for_target.sh all "$@" +./purge_nonrequireds.sh all "$@" + +# Ensure our desired locale is available. +locale-gen + +# Only upgrade after reducing the system to the desired minimum, so that +# we don't need to get more data than necessary. +apt -y dist-upgrade + +# Set Berlin localtime. +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime diff --git a/testing/setup_scripts/copy_dirtree.sh b/testing/setup_scripts/copy_dirtree.sh new file mode 100755 index 0000000..2c385f0 --- /dev/null +++ b/testing/setup_scripts/copy_dirtree.sh @@ -0,0 +1,29 @@ +#!/bin/sh +# Copy files in argument-selected subdirectories of $1 to subdirectories +# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2 +# of "" and $3 of "all", copy files below etc_files/all such as +# etc_files/all/etc/foo/bar to equivalent locations below / such as +# /etc/foo/bar. Create directories as necessary. Multiple arguments after +# $3 are possible. +# +# CAUTION: This removes original files at the affected paths. +set -e +. ./misc.sh + +expect_n_args 3 "(source root, target root, modules)" "$@" + +source_root="$1" +target_root="$2" +shift 2 + +for target_module in "$@"; do + mkdir -p "${source_root}/${target_module}" + cd "${source_root}/${target_module}" + for path in $(find . -type f); do + target_path="${target_root}"$(echo "${path}" | cut -c2-) + source_path=$(realpath "${path}") + dir=$(dirname "${target_path}") + mkdir -p "${dir}" + cp "${source_path}" "${target_path}" + done +done diff --git a/testing/setup_scripts/install_for_target.sh b/testing/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..6d04152 --- /dev/null +++ b/testing/setup_scripts/install_for_target.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e +. ./misc.sh + +for target in "$@"; do + path="${aptmark_dir}/${target}" + # TODO: continue if file at $path not found, to get rid of dummy files + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" + fi + done +done diff --git a/testing/setup_scripts/misc.sh b/testing/setup_scripts/misc.sh new file mode 100644 index 0000000..64a8916 --- /dev/null +++ b/testing/setup_scripts/misc.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e +debian_version="testing" +legal_system_names="x220 w530 h610m" +config_tree_prefix="${HOME}/public_repos/config/${debian_version}" +if [ ! -d "${config_tree_prefix}" ]; then + config_tree_prefix="${HOME}/config/${debian_version}" +fi +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +aptmark_dir="${config_tree_prefix}/apt-mark" + +expect_n_args() { + min_args="$1" + explainer="$2" + shift 2 + if [ "$#" -lt "${min_args}" ]; then + echo "Need at least ${1} arguments … ${explainer}" + false + fi +} + +expect_setup_finished_file() { + filename="$1" + setup_script="$2" + if [ ! -f "${HOME}/${filename}" ]; then + echo "First need to run ${setup_script}." + false + fi +} + +get_system_name_arg() { + found=0 + for system_name_i in $legal_system_names; do + if [ "$1" = "$system_name_i" ]; then + found=1 + system_name="${system_name_i}" + continue + fi + done + if [ "$found" = 0 ]; then + echo "Need legal system name." + false + fi +} diff --git a/testing/setup_scripts/set_hostname_and_fqdn.sh b/testing/setup_scripts/set_hostname_and_fqdn.sh new file mode 100755 index 0000000..b367906 --- /dev/null +++ b/testing/setup_scripts/set_hostname_and_fqdn.sh @@ -0,0 +1,49 @@ +#!/bin/sh +# Sets hostname and optionally FQDN. +# +# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts +# writing follows recommendations from Debian manual at +# +# (section "The hostname resolution") on how to map hostname and possibly +# FQDN to a permanent IP if present (we assume here any non-private IP +# and non-loopback IP returned by hostname -I to fulfill that criterion +# on our systems) or to 127.0.1.1 if not. On the reasoning for separating +# localhost and hostname mapping to different IPs, see +# . +# +# Ignores IPv6s. +set -e +. ./misc.sh + +expect_n_args 1 "(hostname, fqdn)" "$@" + +hostname="$1" +fqdn="$2" +echo "${hostname}" > /etc/hostname +hostname "${hostname}" + +final_ip="127.0.1.1" +for ip in $(hostname -I); do + if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then + continue + fi + range_1=$(echo "${ip}" | cut -d "." -f 1) + range_2=$(echo "${ip}" | cut -d "." -f 2) + if [ "${range_1}" -eq 127 ]; then + continue + elif [ "${range_1}" -eq 10 ]; then + continue + elif [ "${range_1}" -eq 172 ]; then + if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then + continue + fi + elif [ "${range_1}" -eq 192 ]; then + if [ "${range_2}" -eq 168 ]; then + continue + fi + fi + final_ip="${ip}" +done + +echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts +echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/testing/setup_scripts/setup_desktop.sh b/testing/setup_scripts/setup_desktop.sh new file mode 100755 index 0000000..df8c81c --- /dev/null +++ b/testing/setup_scripts/setup_desktop.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e +. ./misc.sh + +expect_n_args 1 "(system name)" "$@" +get_system_name_arg "$1" + +# Set up system without user environment. +cd "${setup_scripts_dir}" +if [ "$system_name" = "w530" || "$system_name" = "x220"]; then + ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}" +else + ./_setup.sh "${system_name}" "" user desktop "${system_name}" +fi + +# # Set up NVIDIA eGPU config. +# if [ "$system_name" = "w530" ]; then +# cd +# git clone https://github.com/NVIDIA/open-gpu-kernel-modules +# cd open-gpu-kernel-modules +# git checkout 337e28e +# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf +# make modules -j$(nproc) +# make modules_install +# cd +# driver_version=535.86.05 +# # driver_version=545.29.06 +# runscript=NVIDIA-Linux-x86_64-${driver_version}.run +# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript} +# rmmod nouveau +# chmod u+x ${runscript} +# ./${runscript} --no-kernel-modules --silent +# depmod +# # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init +# fi + +# Set up user environments. +cd "${setup_scripts_dir}" +./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root +adduser --disabled-password --gecos "" plom +usermod -a -G sudo plom +passwd plom +cp -a ~/config /home/plom +chown -R plom:plom /home/plom/config -- 2.30.2 From ca94a7ce5793013b2b132ceec7d9aaef1b48950b Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 12 Aug 2024 18:31:58 +0200 Subject: [PATCH 02/16] Add some missing stuff. --- testing/setup_scripts/misc.sh | 2 +- testing/setup_scripts/purge_nonrequireds.sh | 30 +++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100755 testing/setup_scripts/purge_nonrequireds.sh diff --git a/testing/setup_scripts/misc.sh b/testing/setup_scripts/misc.sh index 64a8916..f6d2367 100644 --- a/testing/setup_scripts/misc.sh +++ b/testing/setup_scripts/misc.sh @@ -14,7 +14,7 @@ expect_n_args() { explainer="$2" shift 2 if [ "$#" -lt "${min_args}" ]; then - echo "Need at least ${1} arguments … ${explainer}" + echo "Need at least ${min_args} arguments … ${explainer}" false fi } diff --git a/testing/setup_scripts/purge_nonrequireds.sh b/testing/setup_scripts/purge_nonrequireds.sh new file mode 100755 index 0000000..48065fc --- /dev/null +++ b/testing/setup_scripts/purge_nonrequireds.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# This script removes all Debian packages that are not of Priority +# "required" or not depended on by packages of priority "required" +# or not listed in the argument-selected files of apt-mark/. +set -e +. ./misc.sh + +# FIXME packages listed twice in the aptmark_dir get blacklisted? + +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + echo "${line}" >> /tmp/list_white_unsorted + fi + done +done +sort /tmp/list_white_unsorted > /tmp/list_white +dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages +sort /tmp/list_all_packages > /tmp/foo +mv /tmp/foo /tmp/list_all_packages +comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black +apt-mark auto `cat /tmp/list_black` +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black + +# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab. +# TODO: Find out why. +mount -a -- 2.30.2 From cc1f507ac2c3626cc4af8e049be5f8c8fde745c0 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 12 Aug 2024 18:38:10 +0200 Subject: [PATCH 03/16] More additions to testing setup. --- testing/setup_scripts/setup_desktop.sh | 2 +- testing/setup_scripts/setup_home.sh | 108 +++++++++++++++++++++++++ 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100755 testing/setup_scripts/setup_home.sh diff --git a/testing/setup_scripts/setup_desktop.sh b/testing/setup_scripts/setup_desktop.sh index df8c81c..1947321 100755 --- a/testing/setup_scripts/setup_desktop.sh +++ b/testing/setup_scripts/setup_desktop.sh @@ -7,7 +7,7 @@ get_system_name_arg "$1" # Set up system without user environment. cd "${setup_scripts_dir}" -if [ "$system_name" = "w530" || "$system_name" = "x220"]; then +if [ "$system_name" = "w530" ] || [ "$system_name" = "x220" ]; then ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}" else ./_setup.sh "${system_name}" "" user desktop "${system_name}" diff --git a/testing/setup_scripts/setup_home.sh b/testing/setup_scripts/setup_home.sh new file mode 100755 index 0000000..130bbad --- /dev/null +++ b/testing/setup_scripts/setup_home.sh @@ -0,0 +1,108 @@ +#!/bin/sh +set -e +. ./misc.sh + +expect_n_args 1 "(system name)" "$@" +get_system_name_arg "$1" + +cd $setup_scripts_dir +./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}" + +# secrets_dev="sdb" +# source_dir_secrets="/media/${secrets_dev}/to_usb" +# target_dir_secrets="${HOME}/tmp_secrets" +# echo "Put secrets drive into slot for /dev/${secrets_dev}." +# while [ ! -e /dev/"${secrets_dev}" ]; do +# sleep 1 +# done +# stty -echo +# printf "Secrets passphrase: " +# read SECRETS_PASS +# stty echo +# echo "" # newline so user knows their input return was accepted +# sudo -v +# echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}" +# cp -a "${source_dir_secrets}" "${target_dir_secrets}" +# sudo chown -R plom:plom "${target_dir_secrets}" +# sudo pumount "${secrets_dev}" +# echo "You can remove /dev/${secrets_dev} now." + +# Set up iniitial non-public parts of infrastructure: SSH authentication. +ssh_dir=~/.ssh +cd "${target_dir_secrets}" +mkdir -p "${ssh_dir}" +echo "Setting up .ssh" +cp id_rsa ~/.ssh +stty -echo +ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub +stty echo +eval $(ssh-agent) +ssh-add +ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts + +# Fill ~/public_repos. +public_repos_dir="${HOME}/public_repos" +repos_list_file="${public_repos_dir}/repos" +mkdir -p "${public_repos_dir}" +cat "${repos_list_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo_name="${line}" + if [ ! -d "${public_repos_dir}/${repo_name}" ]; then + cd "${public_repos_dir}" + git clone plom@plomlompom.com:/var/repos/${repo_name} + fi +done + +# Remove redundant config repo copy. +config_tree_prefix="${public_repos_dir}/config/${debian_version}" +rm -rf ~/config + +# # Set up native messenger for tridactyl. +# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a' +# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash + +# Set up further non-public parts of infrastructure. +cd "${target_dir_secrets}" +script -c 'gpg --import secret_keys.asc' /dev/null +path_borgscript="${config_tree_prefix}//borg.sh" + +# # borg setup +# borgkeys_dir=~/.config/borg/keys +# borgrepos_file=~/.borgrepos +# tar xf borg_keyfiles.tar +# mkdir -p "${borgkeys_dir}" +# mv borg_keyfiles/* "${borgkeys_dir}" +# # Sync org dir via borgbackup. For this we need the borgbackup servers +# # in our .ssh/known_hosts file. +# cat "${borgrepos_file}" | while read line; do +# first_char=$(echo "${line}" | cut -c1) +# if [ "${first_char}" = "#" ]; then +# continue +# fi +# server=$(echo "${line}" | sed 's/.*@//') +# ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts +# done +# BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull +# +# # .authinfo may not be present on every secrets drive yet +# authinfo_file=.authinfo +# if [ -f "${authinfo_file}" ]; then +# cp "${authinfo_file}" ~ +# fi +# cd +# +# maildir=~/mail/maildir +# # # Set up e-mail system. Note that we only do mbsync if the imap pass file +# # # is found. It may not be present on every secrets drive yet, so we have to +# # # deal with the possibility of it being absent at this point. +# mkdir -p "${maildir}" # expected by mbsync/isync +# if [ -f "${HOME}/${authinfo_file}" ]; then +# mbsync -a +# notmuch new +# fi + +# # Final note on how to integrate tridactyl. +# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." -- 2.30.2 From c9e6b52836b55f141dd3dc53bffb4940a8ce990e Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Mon, 12 Aug 2024 19:41:39 +0200 Subject: [PATCH 04/16] Improve h610m testing nvidia setup. --- testing/apt-mark/h610m | 6 +- testing/setup_scripts/setup_desktop.sh | 27 +++----- testing/setup_scripts/setup_home.sh | 86 +++++++++++++------------- 3 files changed, 53 insertions(+), 66 deletions(-) diff --git a/testing/apt-mark/h610m b/testing/apt-mark/h610m index fac5b05..645086f 100644 --- a/testing/apt-mark/h610m +++ b/testing/apt-mark/h610m @@ -1,10 +1,10 @@ # for X to start at all linux-headers-amd64 -#nvidia-driver -#firmware-misc-nonfree +nvidia-driver +firmware-misc-nonfree # X input: keyboard xserver-xorg-input-evdev -# CUDA +## CUDA #nvidia-cuda-dev #nvidia-cuda-toolkit diff --git a/testing/setup_scripts/setup_desktop.sh b/testing/setup_scripts/setup_desktop.sh index 1947321..b9eba61 100755 --- a/testing/setup_scripts/setup_desktop.sh +++ b/testing/setup_scripts/setup_desktop.sh @@ -13,26 +13,13 @@ else ./_setup.sh "${system_name}" "" user desktop "${system_name}" fi -# # Set up NVIDIA eGPU config. -# if [ "$system_name" = "w530" ]; then -# cd -# git clone https://github.com/NVIDIA/open-gpu-kernel-modules -# cd open-gpu-kernel-modules -# git checkout 337e28e -# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf -# make modules -j$(nproc) -# make modules_install -# cd -# driver_version=535.86.05 -# # driver_version=545.29.06 -# runscript=NVIDIA-Linux-x86_64-${driver_version}.run -# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript} -# rmmod nouveau -# chmod u+x ${runscript} -# ./${runscript} --no-kernel-modules --silent -# depmod -# # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init -# fi +# Upgrade to testing, but hold kernel known to work with nvidia-drivers. +sed -i 's/bookworm/testing/g' /etc/apt/sources.list +if [ "$system_name" = "h610m" ]; then + apt-mark hold linux-image-amd64 linux-headers-amd64 +fi +apt update +apt dist-upgrade # Set up user environments. cd "${setup_scripts_dir}" diff --git a/testing/setup_scripts/setup_home.sh b/testing/setup_scripts/setup_home.sh index 130bbad..592573a 100755 --- a/testing/setup_scripts/setup_home.sh +++ b/testing/setup_scripts/setup_home.sh @@ -26,49 +26,49 @@ cd $setup_scripts_dir # sudo chown -R plom:plom "${target_dir_secrets}" # sudo pumount "${secrets_dev}" # echo "You can remove /dev/${secrets_dev} now." - -# Set up iniitial non-public parts of infrastructure: SSH authentication. -ssh_dir=~/.ssh -cd "${target_dir_secrets}" -mkdir -p "${ssh_dir}" -echo "Setting up .ssh" -cp id_rsa ~/.ssh -stty -echo -ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub -stty echo -eval $(ssh-agent) -ssh-add -ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts - -# Fill ~/public_repos. -public_repos_dir="${HOME}/public_repos" -repos_list_file="${public_repos_dir}/repos" -mkdir -p "${public_repos_dir}" -cat "${repos_list_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo_name="${line}" - if [ ! -d "${public_repos_dir}/${repo_name}" ]; then - cd "${public_repos_dir}" - git clone plom@plomlompom.com:/var/repos/${repo_name} - fi -done - -# Remove redundant config repo copy. -config_tree_prefix="${public_repos_dir}/config/${debian_version}" -rm -rf ~/config - +# +# # Set up iniitial non-public parts of infrastructure: SSH authentication. +# ssh_dir=~/.ssh +# cd "${target_dir_secrets}" +# mkdir -p "${ssh_dir}" +# echo "Setting up .ssh" +# cp id_rsa ~/.ssh +# stty -echo +# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub +# stty echo +# eval $(ssh-agent) +# ssh-add +# ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts +# +# # Fill ~/public_repos. +# public_repos_dir="${HOME}/public_repos" +# repos_list_file="${public_repos_dir}/repos" +# mkdir -p "${public_repos_dir}" +# cat "${repos_list_file}" | while read line; do +# first_char=$(echo "${line}" | cut -c1) +# if [ "${first_char}" = "#" ]; then +# continue +# fi +# repo_name="${line}" +# if [ ! -d "${public_repos_dir}/${repo_name}" ]; then +# cd "${public_repos_dir}" +# git clone plom@plomlompom.com:/var/repos/${repo_name} +# fi +# done +# +# # Remove redundant config repo copy. +# config_tree_prefix="${public_repos_dir}/config/${debian_version}" +# rm -rf ~/config +# # # Set up native messenger for tridactyl. # version='ef9f02d0da258f68d7faf8898707f6d83d90d07a' # curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash - -# Set up further non-public parts of infrastructure. -cd "${target_dir_secrets}" -script -c 'gpg --import secret_keys.asc' /dev/null -path_borgscript="${config_tree_prefix}//borg.sh" - +# +# # Set up further non-public parts of infrastructure. +# cd "${target_dir_secrets}" +# script -c 'gpg --import secret_keys.asc' /dev/null +# path_borgscript="${config_tree_prefix}//borg.sh" +# # # borg setup # borgkeys_dir=~/.config/borg/keys # borgrepos_file=~/.borgrepos @@ -103,6 +103,6 @@ path_borgscript="${config_tree_prefix}//borg.sh" # mbsync -a # notmuch new # fi - -# # Final note on how to integrate tridactyl. -# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." +# +# # # Final note on how to integrate tridactyl. +# # echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." -- 2.30.2 From 207374ccd0944ec606823c4590bbe4b565af0cee Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Thu, 5 Sep 2024 21:40:40 +0200 Subject: [PATCH 05/16] Update Firefox. --- bookworm/setup_scripts/setup_firefox.sh | 2 +- testing/apt-mark/user | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/bookworm/setup_scripts/setup_firefox.sh b/bookworm/setup_scripts/setup_firefox.sh index 2e92f8d..5dc3f4a 100755 --- a/bookworm/setup_scripts/setup_firefox.sh +++ b/bookworm/setup_scripts/setup_firefox.sh @@ -3,7 +3,7 @@ set -e . ./misc.sh # Install Firefox directly from Mozilla. -firefox_release="115.14.0esr" +firefox_release="115.15.0esr" firefox_filename="firefox-${firefox_release}.tar.bz2" url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}" wget "${url_firefox}" diff --git a/testing/apt-mark/user b/testing/apt-mark/user index 1a6301d..c390f17 100644 --- a/testing/apt-mark/user +++ b/testing/apt-mark/user @@ -25,12 +25,9 @@ less man-db manpages procps -## firefox install dependencies -#wget -#bzip2 -## firefox running dependencies -#libgtk-3-0 -#libdbus-glib-1-2 +# browsers +firefox-esr +chromium # tridactyl install recommendations vim-gtk3 curl -- 2.30.2 From 1afd2ea2e4407705d914eed7d1f96e06dc5ab421 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 04:01:40 +0200 Subject: [PATCH 06/16] Some more updates. --- bookworm/setup_scripts/_setup.sh | 1 + bookworm/setup_scripts/copy_dirtree.sh | 1 + .../init_user_and_keybased_login.sh | 51 +++++++++++++++++++ bookworm/setup_scripts/init_user_login.sh | 11 ++-- bookworm/setup_scripts/migrate_borg.sh | 1 + bookworm/setup_scripts/mirror_dir.sh | 1 + bookworm/setup_scripts/misc.sh | 10 ---- .../setup_scripts/prepare_to_meet_server.sh | 1 + .../setup_scripts/set_hostname_and_fqdn.sh | 1 + bookworm/setup_scripts/setup_desktop.sh | 1 + bookworm/setup_scripts/setup_home.sh | 1 + bookworm/setup_scripts/setup_nvidia.sh | 24 +++++++++ bookworm/setup_scripts/setup_server.sh | 1 + .../setup_scripts/setup_static_website.sh | 1 + bookworm/setup_scripts/setup_web.sh | 1 + .../setup_scripts/upgrade_from_bullseye.sh | 11 ++++ .../init_user_and_keybased_login.sh | 18 +++---- bullseye/setup_scripts/init_user_login.sh | 20 +++----- misc.sh | 16 ++++++ 19 files changed, 129 insertions(+), 43 deletions(-) create mode 100755 bookworm/setup_scripts/init_user_and_keybased_login.sh create mode 100755 bookworm/setup_scripts/setup_nvidia.sh create mode 100644 bookworm/setup_scripts/upgrade_from_bullseye.sh create mode 100644 misc.sh diff --git a/bookworm/setup_scripts/_setup.sh b/bookworm/setup_scripts/_setup.sh index 0c28d60..1b8cae2 100755 --- a/bookworm/setup_scripts/_setup.sh +++ b/bookworm/setup_scripts/_setup.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/copy_dirtree.sh b/bookworm/setup_scripts/copy_dirtree.sh index 2c385f0..387ba39 100755 --- a/bookworm/setup_scripts/copy_dirtree.sh +++ b/bookworm/setup_scripts/copy_dirtree.sh @@ -9,6 +9,7 @@ # CAUTION: This removes original files at the affected paths. set -e . ./misc.sh +. ./../misc.sh expect_n_args 3 "(source root, target root, modules)" "$@" diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..3f73562 --- /dev/null +++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in reach. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(server)" "$@" +server="$1" +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +# has "PermitRootLogin no" and "PasswordAuthentication no". +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# This will be used to log-in as root from plom account. +echo 'First, enter the old root password; then enter new password twice.' +ssh root@"${server}" "passwd" + +# Save root password for sshpass +stty -echo +printf "Re-enter new server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh index 820b5ab..a0652eb 100755 --- a/bookworm/setup_scripts/init_user_login.sh +++ b/bookworm/setup_scripts/init_user_login.sh @@ -1,6 +1,4 @@ #!/bin/sh -# This script assumes a server with key-based root access into one of -# key-based access only to a new non-root account plom. # # CAUTION: This is optimized for a *fresh* setup. It will overwrite any # old /etc/ssh/sshd_config. @@ -8,16 +6,15 @@ # Dependencies: ssh, scp, properly configured sshd_config file in reach. set -e . ./misc.sh +. ../../misc.sh -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". +expect_n_args 1 "(server)" "$@" +server="$1" linkable_files_dir="${config_tree_prefix}/etc_files/server" system_path_sshd_config='/etc/ssh/sshd_config' +# has "PermitRootLogin no" and "PasswordAuthentication no". local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" -expect_n_args 1 "(server)" "$@" -server="$1" - # If we already knew that host … ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" diff --git a/bookworm/setup_scripts/migrate_borg.sh b/bookworm/setup_scripts/migrate_borg.sh index 4409c86..65ae67d 100755 --- a/bookworm/setup_scripts/migrate_borg.sh +++ b/bookworm/setup_scripts/migrate_borg.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(old server IP)" "$@" old_server="$1" diff --git a/bookworm/setup_scripts/mirror_dir.sh b/bookworm/setup_scripts/mirror_dir.sh index 0660142..aef69f1 100755 --- a/bookworm/setup_scripts/mirror_dir.sh +++ b/bookworm/setup_scripts/mirror_dir.sh @@ -2,6 +2,7 @@ # Mirror directory tree from remote to local server, keeping the path. set -e . ./misc.sh +. ./../misc.sh expect_n_args 2 "(server, directory)" "$@" server=$1 diff --git a/bookworm/setup_scripts/misc.sh b/bookworm/setup_scripts/misc.sh index 4aad4a4..30f8e8c 100644 --- a/bookworm/setup_scripts/misc.sh +++ b/bookworm/setup_scripts/misc.sh @@ -9,16 +9,6 @@ fi setup_scripts_dir="${config_tree_prefix}/setup_scripts" aptmark_dir="${config_tree_prefix}/apt-mark" -expect_n_args() { - min_args="$1" - explainer="$2" - shift 2 - if [ "$#" -lt "${min_args}" ]; then - echo "Need at least ${1} arguments … ${explainer}" - false - fi -} - expect_setup_finished_file() { filename="$1" setup_script="$2" diff --git a/bookworm/setup_scripts/prepare_to_meet_server.sh b/bookworm/setup_scripts/prepare_to_meet_server.sh index d8e4e83..5f55362 100755 --- a/bookworm/setup_scripts/prepare_to_meet_server.sh +++ b/bookworm/setup_scripts/prepare_to_meet_server.sh @@ -2,6 +2,7 @@ # Do some of the steps necessary to SSH (key-based) with another server. set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(server IP)" "$@" target="$1" diff --git a/bookworm/setup_scripts/set_hostname_and_fqdn.sh b/bookworm/setup_scripts/set_hostname_and_fqdn.sh index b367906..bcf3d9d 100755 --- a/bookworm/setup_scripts/set_hostname_and_fqdn.sh +++ b/bookworm/setup_scripts/set_hostname_and_fqdn.sh @@ -14,6 +14,7 @@ # Ignores IPv6s. set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(hostname, fqdn)" "$@" diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh index a617e0e..2eb19b3 100755 --- a/bookworm/setup_scripts/setup_desktop.sh +++ b/bookworm/setup_scripts/setup_desktop.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh index 6467ef9..a065bd4 100755 --- a/bookworm/setup_scripts/setup_home.sh +++ b/bookworm/setup_scripts/setup_home.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_nvidia.sh b/bookworm/setup_scripts/setup_nvidia.sh new file mode 100755 index 0000000..d05c8d1 --- /dev/null +++ b/bookworm/setup_scripts/setup_nvidia.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e +. ./misc.sh + +# Set up NVIDIA eGPU config. +cd +# git clone https://github.com/NVIDIA/open-gpu-kernel-modules +# cd open-gpu-kernel-modules +# git checkout 337e28e +# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf +# make modules -j$(nproc) +# make modules_install +# cd +driver_version=535.86.05 +# driver_version=545.29.06 +runscript=NVIDIA-Linux-x86_64-${driver_version}.run +# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript} +set +e +rmmod nouveau +set -e +chmod u+x ${runscript} +./${runscript} --no-kernel-modules --silent +depmod +# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh index e77d17f..43d5cc0 100755 --- a/bookworm/setup_scripts/setup_server.sh +++ b/bookworm/setup_scripts/setup_server.sh @@ -3,6 +3,7 @@ # the outside via ./init_user_login.sh. set -e . ./misc.sh +. ./../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/setup_static_website.sh b/bookworm/setup_scripts/setup_static_website.sh index 1ab6a18..bdfb7d3 100755 --- a/bookworm/setup_scripts/setup_static_website.sh +++ b/bookworm/setup_scripts/setup_static_website.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ../../misc.sh expect_setup_finished_file setup_web_has_been_run setup_web.sh diff --git a/bookworm/setup_scripts/setup_web.sh b/bookworm/setup_scripts/setup_web.sh index c9cc0ac..d7c651f 100755 --- a/bookworm/setup_scripts/setup_web.sh +++ b/bookworm/setup_scripts/setup_web.sh @@ -1,6 +1,7 @@ #!/bin/sh set -e . ./misc.sh +. ./../misc.sh expect_setup_finished_file setup_server_has_been_run setup_server.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh new file mode 100644 index 0000000..2349b30 --- /dev/null +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -0,0 +1,11 @@ +#!/bin/sh +apt update +apt -y upgrade +apt -y full-upgrade +path_sources_list="/etc/apt/sources.list" +cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" +apt clean +apt update +apt -y upgrade +apt --force-yes full-upgrade +apt -y autoremove diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index f237a84..a70c3ee 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -10,21 +10,15 @@ # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly # configured sshd_config file in reach. set -e +. ./misc.sh +. ../../misc.sh -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/bullseye" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi +expect_n_args 1 "(server)" "$@" server="$1" +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" + # This will be used to log-in as root from plom account. echo 'First, enter the old root password; then enter new password twice.' ssh root@"${server}" "passwd" diff --git a/bullseye/setup_scripts/init_user_login.sh b/bullseye/setup_scripts/init_user_login.sh index 21a8062..35abb90 100755 --- a/bullseye/setup_scripts/init_user_login.sh +++ b/bullseye/setup_scripts/init_user_login.sh @@ -1,27 +1,19 @@ #!/bin/sh -# This script assumes a server with key-based root access into one of -# key-based access only to a new non-root account plom. # # CAUTION: This is optimized for a *fresh* setup. It will overwrite any # old /etc/ssh/sshd_config. # # Dependencies: ssh, scp, properly configured sshd_config file in reach. set -e +. ./misc.sh +. ../../misc.sh -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/bullseye" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi +expect_n_args 1 "(server)" "$@" server="$1" +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" + # So we're only asked once … eval $(ssh-agent) ssh-add diff --git a/misc.sh b/misc.sh new file mode 100644 index 0000000..adf8e1b --- /dev/null +++ b/misc.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +expect_n_args() { + min_args="$1" + explainer="$2" + shift 2 + if [ "$#" -lt "${min_args}" ]; then + echo "Need at least ${min_args} arguments … ${explainer}" + false + fi +} + -- 2.30.2 From 58a708602244994e622bf719a41158403c80325a Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 04:07:53 +0200 Subject: [PATCH 07/16] Update. --- bookworm/setup_scripts/upgrade_from_bullseye.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) mode change 100644 => 100755 bookworm/setup_scripts/upgrade_from_bullseye.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh old mode 100644 new mode 100755 index 2349b30..6a006e0 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -1,7 +1,8 @@ #!/bin/sh +. ./misc.sh apt update apt -y upgrade -apt -y full-upgrade +apt --force-yes full-upgrade path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" apt clean -- 2.30.2 From 211392e1a65fd72fd93c9061296d17d6ea48c54b Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 04:16:14 +0200 Subject: [PATCH 08/16] Update. --- .../setup_scripts/init_user_and_keybased_login.sh | 12 ++++++------ bookworm/setup_scripts/init_user_login.sh | 14 ++++++++------ bookworm/setup_scripts/upgrade_from_bullseye.sh | 4 ++-- .../setup_scripts/init_user_and_keybased_login.sh | 4 ++-- bullseye/setup_scripts/init_user_login.sh | 9 +++++++-- 5 files changed, 25 insertions(+), 18 deletions(-) diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh index 3f73562..ad45834 100755 --- a/bookworm/setup_scripts/init_user_and_keybased_login.sh +++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -8,20 +8,19 @@ # /etc/ssh/sshd_config. # # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. +# configured sshd_config file in misc.sh:$linkable_files_dir set -e . ./misc.sh . ../../misc.sh expect_n_args 1 "(server)" "$@" server="$1" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -# has "PermitRootLogin no" and "PasswordAuthentication no". -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. -echo 'First, enter the old root password; then enter new password twice.' +echo 'First, enter the old root password; then enter new password three times.' ssh root@"${server}" "passwd" # Save root password for sshpass @@ -49,3 +48,4 @@ sshpass -e ssh root@"${server}" \ 'mv /tmp/authorized_keys /home/plom/.ssh/' sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" sshpass -e ssh root@"${server}" 'service ssh restart' + diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh index a0652eb..a36a5bd 100755 --- a/bookworm/setup_scripts/init_user_login.sh +++ b/bookworm/setup_scripts/init_user_login.sh @@ -1,19 +1,20 @@ #!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. # # CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# old /etc/ssh/sshd_config. +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. # -# Dependencies: ssh, scp, properly configured sshd_config file in reach. +# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config +# file in misc.sh:$linkable_files_dir set -e . ./misc.sh . ../../misc.sh expect_n_args 1 "(server)" "$@" server="$1" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -# has "PermitRootLogin no" and "PasswordAuthentication no". -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" # If we already knew that host … ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" @@ -36,3 +37,4 @@ ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys' # Set up SSH config and remove direct SSH login to root. scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart' + diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh index 6a006e0..d7c07bd 100755 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -2,11 +2,11 @@ . ./misc.sh apt update apt -y upgrade -apt --force-yes full-upgrade +apt -y full-upgrade path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" apt clean apt update apt -y upgrade -apt --force-yes full-upgrade +apt -y -o Dpkg::Options::="--force-confnew" full-upgrade apt -y autoremove diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index a70c3ee..4fcc062 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -8,7 +8,7 @@ # /etc/ssh/sshd_config. # # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. +# configured sshd_config file in misc.sh:$linkable_files_dir set -e . ./misc.sh . ../../misc.sh @@ -20,7 +20,7 @@ server="$1" ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. -echo 'First, enter the old root password; then enter new password twice.' +echo 'First, enter the old root password; then enter new password three times.' ssh root@"${server}" "passwd" # Save root password for sshpass diff --git a/bullseye/setup_scripts/init_user_login.sh b/bullseye/setup_scripts/init_user_login.sh index 35abb90..b63d0d8 100755 --- a/bullseye/setup_scripts/init_user_login.sh +++ b/bullseye/setup_scripts/init_user_login.sh @@ -1,9 +1,14 @@ #!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. # # CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# old /etc/ssh/sshd_config. +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. # -# Dependencies: ssh, scp, properly configured sshd_config file in reach. +# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config +# file in misc.sh:$linkable_files_dir set -e . ./misc.sh . ../../misc.sh -- 2.30.2 From aba79b11a72b5352f7dacf0db5b2b1d81d531b34 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 04:17:24 +0200 Subject: [PATCH 09/16] Update. --- bookworm/setup_scripts/upgrade_from_bullseye.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh index d7c07bd..7c51c0d 100755 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -1,4 +1,7 @@ #!/bin/sh + +# as per https://wiki.debian.org/DebianUpgrade +set -e . ./misc.sh apt update apt -y upgrade -- 2.30.2 From cc988979cafd6453756a53a00da5a05a9d93e204 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 04:41:10 +0200 Subject: [PATCH 10/16] Update. --- bookworm/etc_files/server/etc/ssh/sshd_config | 5 +++-- bookworm/setup_scripts/setup_server.sh | 2 +- bookworm/setup_scripts/upgrade_from_bullseye.sh | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/bookworm/etc_files/server/etc/ssh/sshd_config b/bookworm/etc_files/server/etc/ssh/sshd_config index 94363eb..e952cb3 100644 --- a/bookworm/etc_files/server/etc/ssh/sshd_config +++ b/bookworm/etc_files/server/etc/ssh/sshd_config @@ -30,7 +30,8 @@ Include /etc/ssh/sshd_config.d/*.conf # Authentication: #LoginGraceTime 2m -PermitRootLogin no +#PermitRootLogin prohibit-password +PermitRootLogin no # plomlompom's security rule #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -54,7 +55,7 @@ PermitRootLogin no #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no +PasswordAuthentication no #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh index 43d5cc0..93bfa1c 100755 --- a/bookworm/setup_scripts/setup_server.sh +++ b/bookworm/setup_scripts/setup_server.sh @@ -1,6 +1,6 @@ #!/bin/sh # Next setup steps for a server whose login policy has just been set from -# the outside via ./init_user_login.sh. +# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh set -e . ./misc.sh . ./../misc.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh index 7c51c0d..6db4f2e 100755 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -4,7 +4,7 @@ set -e . ./misc.sh apt update -apt -y upgrade +apt -y -o Dpkg::Options::="--force-confnew" upgrade apt -y full-upgrade path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" -- 2.30.2 From 96232db450bb7bad167361abc461516b048edf66 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Sep 2024 06:22:02 +0200 Subject: [PATCH 11/16] Various fixes. --- bookworm/setup_scripts/copy_dirtree.sh | 2 +- bookworm/setup_scripts/migrate_borg.sh | 2 +- bookworm/setup_scripts/mirror_dir.sh | 2 +- bookworm/setup_scripts/prepare_to_meet_server.sh | 2 +- bookworm/setup_scripts/set_hostname_and_fqdn.sh | 2 +- bookworm/setup_scripts/setup_desktop.sh | 2 +- bookworm/setup_scripts/setup_home.sh | 2 +- bookworm/setup_scripts/setup_server.sh | 2 +- bookworm/setup_scripts/setup_web.sh | 2 +- bookworm/setup_scripts/upgrade_from_bullseye.sh | 10 +++++++--- bullseye/etc_files/server/etc/ssh/sshd_config | 4 ++-- bullseye/setup_scripts/init_user_and_keybased_login.sh | 4 ++-- 12 files changed, 20 insertions(+), 16 deletions(-) diff --git a/bookworm/setup_scripts/copy_dirtree.sh b/bookworm/setup_scripts/copy_dirtree.sh index 387ba39..fbc3d9d 100755 --- a/bookworm/setup_scripts/copy_dirtree.sh +++ b/bookworm/setup_scripts/copy_dirtree.sh @@ -9,7 +9,7 @@ # CAUTION: This removes original files at the affected paths. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 3 "(source root, target root, modules)" "$@" diff --git a/bookworm/setup_scripts/migrate_borg.sh b/bookworm/setup_scripts/migrate_borg.sh index 65ae67d..b08cf2d 100755 --- a/bookworm/setup_scripts/migrate_borg.sh +++ b/bookworm/setup_scripts/migrate_borg.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(old server IP)" "$@" old_server="$1" diff --git a/bookworm/setup_scripts/mirror_dir.sh b/bookworm/setup_scripts/mirror_dir.sh index aef69f1..d650165 100755 --- a/bookworm/setup_scripts/mirror_dir.sh +++ b/bookworm/setup_scripts/mirror_dir.sh @@ -2,7 +2,7 @@ # Mirror directory tree from remote to local server, keeping the path. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 2 "(server, directory)" "$@" server=$1 diff --git a/bookworm/setup_scripts/prepare_to_meet_server.sh b/bookworm/setup_scripts/prepare_to_meet_server.sh index 5f55362..8e54ca5 100755 --- a/bookworm/setup_scripts/prepare_to_meet_server.sh +++ b/bookworm/setup_scripts/prepare_to_meet_server.sh @@ -2,7 +2,7 @@ # Do some of the steps necessary to SSH (key-based) with another server. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(server IP)" "$@" target="$1" diff --git a/bookworm/setup_scripts/set_hostname_and_fqdn.sh b/bookworm/setup_scripts/set_hostname_and_fqdn.sh index bcf3d9d..929d8bc 100755 --- a/bookworm/setup_scripts/set_hostname_and_fqdn.sh +++ b/bookworm/setup_scripts/set_hostname_and_fqdn.sh @@ -14,7 +14,7 @@ # Ignores IPv6s. set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(hostname, fqdn)" "$@" diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh index 2eb19b3..fe11b83 100755 --- a/bookworm/setup_scripts/setup_desktop.sh +++ b/bookworm/setup_scripts/setup_desktop.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh index a065bd4..54f0db1 100755 --- a/bookworm/setup_scripts/setup_home.sh +++ b/bookworm/setup_scripts/setup_home.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 1 "(system name)" "$@" get_system_name_arg "$1" diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh index 93bfa1c..c854b95 100755 --- a/bookworm/setup_scripts/setup_server.sh +++ b/bookworm/setup_scripts/setup_server.sh @@ -3,7 +3,7 @@ # the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/setup_web.sh b/bookworm/setup_scripts/setup_web.sh index d7c651f..4807e8a 100755 --- a/bookworm/setup_scripts/setup_web.sh +++ b/bookworm/setup_scripts/setup_web.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_setup_finished_file setup_server_has_been_run setup_server.sh diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_bullseye.sh index 6db4f2e..ed246e1 100755 --- a/bookworm/setup_scripts/upgrade_from_bullseye.sh +++ b/bookworm/setup_scripts/upgrade_from_bullseye.sh @@ -1,11 +1,15 @@ #!/bin/sh -# as per https://wiki.debian.org/DebianUpgrade +# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't +# expect any customized config files to survive this. If you run this on a +# remote machine, take care not to loose anything you need to re-connect, e.g. +# any relevant adaptations you did to /etc/ssh/sshd_config … + set -e . ./misc.sh apt update -apt -y -o Dpkg::Options::="--force-confnew" upgrade -apt -y full-upgrade +apt -y upgrade +apt -y -o Dpkg::Options::="--force-confnew" full-upgrade path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" apt clean diff --git a/bullseye/etc_files/server/etc/ssh/sshd_config b/bullseye/etc_files/server/etc/ssh/sshd_config index 8effa74..811e93a 100644 --- a/bullseye/etc_files/server/etc/ssh/sshd_config +++ b/bullseye/etc_files/server/etc/ssh/sshd_config @@ -79,7 +79,7 @@ ChallengeResponseAuthentication no # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes +# the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. @@ -121,4 +121,4 @@ Subsystem sftp /usr/lib/openssh/sftp-server # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server -ClientAliveInterval 120 +ClientAliveInterval 15 diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index 4fcc062..475b12f 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -21,7 +21,8 @@ ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. echo 'First, enter the old root password; then enter new password three times.' -ssh root@"${server}" "passwd" +#ssh root@"${server}" "passwd" +ssh root@"${server}" "ls" # Save root password for sshpass stty -echo @@ -40,7 +41,6 @@ export SSHPASS="${PW_ROOT}" # would require setting a password for user plom otherwise not needed. sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ 'mkdir /home/plom/.ssh && '\ 'chown plom:plom /home/plom/.ssh && '\ 'chown plom:plom /tmp/authorized_keys && '\ -- 2.30.2 From fd775924eb94791f7efb1f44a7d4935823bf0ee2 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 27 Sep 2024 00:27:39 +0200 Subject: [PATCH 12/16] Various updates. --- bookworm/apt-mark/all | 4 ++++ bookworm/setup_scripts/_setup.sh | 2 +- bookworm/setup_scripts/init_user_and_keybased_login.sh | 4 ++-- ...grade_from_bullseye.sh => upgrade_from_older_release.sh} | 0 bullseye/setup_scripts/init_user_and_keybased_login.sh | 6 +++--- 5 files changed, 10 insertions(+), 6 deletions(-) rename bookworm/setup_scripts/{upgrade_from_bullseye.sh => upgrade_from_older_release.sh} (100%) diff --git a/bookworm/apt-mark/all b/bookworm/apt-mark/all index 617b707..aa1b30d 100644 --- a/bookworm/apt-mark/all +++ b/bookworm/apt-mark/all @@ -10,3 +10,7 @@ locales # extremely useful for basic network debugging; missed these more than once in an emergency netcat-traditional iputils-ping +# what would we do without this … +apt +# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown +systemd-sysv diff --git a/bookworm/setup_scripts/_setup.sh b/bookworm/setup_scripts/_setup.sh index 1b8cae2..5f4bfda 100755 --- a/bookworm/setup_scripts/_setup.sh +++ b/bookworm/setup_scripts/_setup.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e . ./misc.sh -. ./../misc.sh +. ../../misc.sh expect_n_args 2 "(hostname, FQDN)" "$@" hostname="$1" diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh index ad45834..ed24e87 100755 --- a/bookworm/setup_scripts/init_user_and_keybased_login.sh +++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -20,8 +20,8 @@ server="$1" ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. -echo 'First, enter the old root password; then enter new password three times.' -ssh root@"${server}" "passwd" +printf '\nFirst, enter the old root password; then enter new password three times.\n\n' +ssh root@"${server}" 'printf "\n\n" && passwd' # Save root password for sshpass stty -echo diff --git a/bookworm/setup_scripts/upgrade_from_bullseye.sh b/bookworm/setup_scripts/upgrade_from_older_release.sh similarity index 100% rename from bookworm/setup_scripts/upgrade_from_bullseye.sh rename to bookworm/setup_scripts/upgrade_from_older_release.sh diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index 475b12f..b69a095 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -20,9 +20,8 @@ server="$1" ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. -echo 'First, enter the old root password; then enter new password three times.' -#ssh root@"${server}" "passwd" -ssh root@"${server}" "ls" +printf '\nFirst, enter the old root password; then enter new password three times.\n\n' +ssh root@"${server}" 'printf "\n\n" && passwd' # Save root password for sshpass stty -echo @@ -41,6 +40,7 @@ export SSHPASS="${PW_ROOT}" # would require setting a password for user plom otherwise not needed. sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ 'mkdir /home/plom/.ssh && '\ 'chown plom:plom /home/plom/.ssh && '\ 'chown plom:plom /tmp/authorized_keys && '\ -- 2.30.2 From 74ee1d23b009cbed67c83b4732222bf39ee311be Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 27 Sep 2024 00:27:56 +0200 Subject: [PATCH 13/16] Various updates. --- bullseye/setup_scripts/misc.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 bullseye/setup_scripts/misc.sh diff --git a/bullseye/setup_scripts/misc.sh b/bullseye/setup_scripts/misc.sh new file mode 100644 index 0000000..bf38bf6 --- /dev/null +++ b/bullseye/setup_scripts/misc.sh @@ -0,0 +1,3 @@ +#!/bin/sh +#set -e +config_tree_prefix="${HOME}/public_repos/config/bullseye" -- 2.30.2 From 6284595116e39a3bf5e90b62ed52365de70b312f Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 27 Sep 2024 00:55:46 +0200 Subject: [PATCH 14/16] Various fixes. --- bookworm/apt-mark/all | 2 -- bookworm/apt-mark/server | 2 ++ bookworm/setup_scripts/init_user_and_keybased_login.sh | 2 +- bookworm/setup_scripts/init_user_login.sh | 6 +++--- bookworm/setup_scripts/upgrade_from_older_release.sh | 9 ++++++--- bullseye/setup_scripts/init_user_and_keybased_login.sh | 4 ++-- misc.sh | 4 ++-- 7 files changed, 16 insertions(+), 13 deletions(-) diff --git a/bookworm/apt-mark/all b/bookworm/apt-mark/all index aa1b30d..abd02d6 100644 --- a/bookworm/apt-mark/all +++ b/bookworm/apt-mark/all @@ -12,5 +12,3 @@ netcat-traditional iputils-ping # what would we do without this … apt -# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown -systemd-sysv diff --git a/bookworm/apt-mark/server b/bookworm/apt-mark/server index 2ab22d2..6003591 100644 --- a/bookworm/apt-mark/server +++ b/bookworm/apt-mark/server @@ -4,3 +4,5 @@ openssh-server nftables # We want to be able to use ALL our servers as borg backup destinations. borgbackup +# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown +systemd-sysv diff --git a/bookworm/setup_scripts/init_user_and_keybased_login.sh b/bookworm/setup_scripts/init_user_and_keybased_login.sh index ed24e87..f2d83ee 100755 --- a/bookworm/setup_scripts/init_user_and_keybased_login.sh +++ b/bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -8,7 +8,7 @@ # /etc/ssh/sshd_config. # # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in misc.sh:$linkable_files_dir +# configured sshd_config file in misc.sh:$local_etc_server set -e . ./misc.sh . ../../misc.sh diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh index a36a5bd..f9733ff 100755 --- a/bookworm/setup_scripts/init_user_login.sh +++ b/bookworm/setup_scripts/init_user_login.sh @@ -8,7 +8,7 @@ # /etc/ssh/sshd_config. # # Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config -# file in misc.sh:$linkable_files_dir +# file in misc.sh:local_etc_server$ set -e . ./misc.sh . ../../misc.sh @@ -24,8 +24,8 @@ eval $(ssh-agent) ssh-add # This will be used to log-in as root from plom account. -echo 'Asking for new root password.' -ssh root@"${server}" "passwd" +printf '\nAsking for new root password.\n\n' +ssh root@"${server}" 'printf "\n\n" && passwd' # Set up plom's ~/.ssh/authorized_keys from root's. ssh root@"${server}" 'useradd -m plom' diff --git a/bookworm/setup_scripts/upgrade_from_older_release.sh b/bookworm/setup_scripts/upgrade_from_older_release.sh index ed246e1..5175547 100755 --- a/bookworm/setup_scripts/upgrade_from_older_release.sh +++ b/bookworm/setup_scripts/upgrade_from_older_release.sh @@ -7,13 +7,16 @@ set -e . ./misc.sh + +path_sources_list="/etc/apt/sources.list" + apt update -apt -y upgrade +apt -y -o Dpkg::Options::="--force-confnew" upgrade apt -y -o Dpkg::Options::="--force-confnew" full-upgrade -path_sources_list="/etc/apt/sources.list" cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" apt clean apt update -apt -y upgrade +apt -y -o Dpkg::Options::="--force-confnew" upgrade apt -y -o Dpkg::Options::="--force-confnew" full-upgrade apt -y autoremove +cp "${locall_path_sshd_config}" "${system_path_sshd_config}" diff --git a/bullseye/setup_scripts/init_user_and_keybased_login.sh b/bullseye/setup_scripts/init_user_and_keybased_login.sh index b69a095..544f3c6 100755 --- a/bullseye/setup_scripts/init_user_and_keybased_login.sh +++ b/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -8,7 +8,7 @@ # /etc/ssh/sshd_config. # # Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in misc.sh:$linkable_files_dir +# configured sshd_config file in misc.sh:$local_etc_server set -e . ./misc.sh . ../../misc.sh @@ -21,7 +21,7 @@ ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" # This will be used to log-in as root from plom account. printf '\nFirst, enter the old root password; then enter new password three times.\n\n' -ssh root@"${server}" 'printf "\n\n" && passwd' +ssh root@"${server}" 'printf "\n" && passwd' # Save root password for sshpass stty -echo diff --git a/misc.sh b/misc.sh index adf8e1b..61ad026 100644 --- a/misc.sh +++ b/misc.sh @@ -1,8 +1,8 @@ #!/bin/sh -linkable_files_dir="${config_tree_prefix}/etc_files/server" +local_etc_server="${config_tree_prefix}/etc_files/server" system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" +local_path_sshd_config="${local_etc_server}${system_path_sshd_config}" expect_n_args() { min_args="$1" -- 2.30.2 From e55b15122444fef74e620b7ae97aa35bd76212a5 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Fri, 27 Sep 2024 01:14:44 +0200 Subject: [PATCH 15/16] Various fixes. --- bookworm/setup_scripts/upgrade_from_older_release.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bookworm/setup_scripts/upgrade_from_older_release.sh b/bookworm/setup_scripts/upgrade_from_older_release.sh index 5175547..776bb7a 100755 --- a/bookworm/setup_scripts/upgrade_from_older_release.sh +++ b/bookworm/setup_scripts/upgrade_from_older_release.sh @@ -7,6 +7,7 @@ set -e . ./misc.sh +. ../../misc.sh path_sources_list="/etc/apt/sources.list" @@ -19,4 +20,4 @@ apt update apt -y -o Dpkg::Options::="--force-confnew" upgrade apt -y -o Dpkg::Options::="--force-confnew" full-upgrade apt -y autoremove -cp "${locall_path_sshd_config}" "${system_path_sshd_config}" +cp "${local_path_sshd_config}" "${system_path_sshd_config}" -- 2.30.2 From 9721c6df2320038920e8faf01948c271157f87c1 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Tue, 1 Oct 2024 07:16:29 +0200 Subject: [PATCH 16/16] Add missing deps for server to remain accessible. --- bookworm/apt-mark/server | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bookworm/apt-mark/server b/bookworm/apt-mark/server index 6003591..ecca45d 100644 --- a/bookworm/apt-mark/server +++ b/bookworm/apt-mark/server @@ -6,3 +6,7 @@ nftables borgbackup # not only pull in systemd, but also /sbin/reboot and /sbin/shutdown systemd-sysv +# necessary on _some_ vservers +net-tools +quota + -- 2.30.2