From 5f8840a7eed21f8601ce5055e0e605c98f06d0d2 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 2 Aug 2023 02:43:30 +0200
Subject: [PATCH] Improve w530 bookworm setup.

---
 bookworm/apt-mark/user                       |  19 +++
 bookworm/apt-mark/w530                       |   1 -
 bookworm/setup_scripts/purge_nonrequireds.sh |   2 +
 bookworm/setup_scripts/setup.sh              |   6 +-
 bookworm/setup_scripts/setup_desktop.sh      |   2 +-
 bookworm/setup_scripts/setup_home.sh         | 170 ++++++++++---------
 6 files changed, 112 insertions(+), 88 deletions(-)

diff --git a/bookworm/apt-mark/user b/bookworm/apt-mark/user
index 52af906..ff4485d 100644
--- a/bookworm/apt-mark/user
+++ b/bookworm/apt-mark/user
@@ -33,4 +33,23 @@ bzip2
 # firefox running dependencies
 libgtk-3-0
 libdbus-glib-1-2
+# to use printer
+cups
+# emacs
+emacs
+emacs-common-non-dfsg
+emacs-el
+elpa-ledger
+ledger
+# to mount encrypted USB stick and use its contents
+pmount
+cryptsetup
+openssh-client
+# for syncing
+borgbackup
+# mail setup
+isync
+notmuch
+elpa-notmuch
+pinentry-gtk2
 #
diff --git a/bookworm/apt-mark/w530 b/bookworm/apt-mark/w530
index acef0de..6c2cfd7 100644
--- a/bookworm/apt-mark/w530
+++ b/bookworm/apt-mark/w530
@@ -5,7 +5,6 @@ make
 linux-headers-amd64
 xz-utils
 # for NVIDIA driver .run --no-kernel-modules
-wget
 libvulkan1
 libglvnd-dev
 pkg-config
diff --git a/bookworm/setup_scripts/purge_nonrequireds.sh b/bookworm/setup_scripts/purge_nonrequireds.sh
index 40d1405..48065fc 100755
--- a/bookworm/setup_scripts/purge_nonrequireds.sh
+++ b/bookworm/setup_scripts/purge_nonrequireds.sh
@@ -5,6 +5,8 @@
 set -e
 . ./misc.sh
 
+# FIXME packages listed twice in the aptmark_dir get blacklisted?
+
 dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
 for target in "$@"; do
     path="${aptmark_dir}/${target}"
diff --git a/bookworm/setup_scripts/setup.sh b/bookworm/setup_scripts/setup.sh
index b64080c..0502de7 100755
--- a/bookworm/setup_scripts/setup.sh
+++ b/bookworm/setup_scripts/setup.sh
@@ -3,11 +3,7 @@ set -e
 debian_version="bookworm"
 . ./misc.sh
 
-# Provide maximum input for set_hostname_and_fqdn.sh.
-if [ "$#" -lt 2 ]; then
-    echo 'Need at least two arguments (hostname, FQDN).'
-    false
-fi
+expect_n_args 2 "(hostname, FQDN)" "$@"
 hostname="$1"
 fqdn="$2"
 shift 2
diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh
index 88b722d..216bf7c 100755
--- a/bookworm/setup_scripts/setup_desktop.sh
+++ b/bookworm/setup_scripts/setup_desktop.sh
@@ -16,8 +16,8 @@ wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
 dpkg --add-architecture i386
 apt update
 apt install -y "./${ppd_deb}"
+service cups restart
 # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
-# service cups restart
 rm "./${ppd_deb}"
 # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
 
diff --git a/bookworm/setup_scripts/setup_home.sh b/bookworm/setup_scripts/setup_home.sh
index 9dfbf58..a2c65da 100755
--- a/bookworm/setup_scripts/setup_home.sh
+++ b/bookworm/setup_scripts/setup_home.sh
@@ -10,91 +10,99 @@ git clone https://plomlompom.com/repos/clone/config
 cd $setup_scripts_dir
 ./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
 
-# public_repos_dir="${HOME}/public_repos"
-# config_tree_prefix="${public_repos_dir}/config/${debian_version}"
-# # path_borgscript="${config_tree_prefix}//borg.sh"
-# setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-# repos_list_file="${public_repos_dir}/repos"
-# # dir_secrets="${HOME}/tmp_secrets"
-# # borgkeys_dir=~/.config/borg/keys
-# # borgrepos_file=~/.borgrepos
-# ssh_dir=~/.ssh
-# # authinfo_file=.authinfo
-# maildir=~/mail/maildir
-# 
-# ensure_repo() {
-#     repo_name="${1}"
-#     if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
-#         cd "${public_repos_dir}"
-#         git clone plom@plomlompom.com:/var/repos/${repo_name}
-#     fi
-# }
-# 
-# # Set up iniitial non-public parts of infrastructure: SSH authentication.
-# cd "${dir_secrets}"
-# mkdir -p "${ssh_dir}"
-# echo "Setting up .ssh"
-# cp id_rsa ~/.ssh
-# stty -echo
-# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
-# stty echo
-# eval $(ssh-agent)
-# ssh-add
-# ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
-# 
-# # Clone config to copy dotfiles etc. from it.
-# cd
-# mkdir -p "${public_repos_dir}"
-# ensure_repo config
-# cd "${setup_scripts_dir}"
-# ./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
-# 
+secrets_dev="sdb"
+source_dir_secrets="/media/${secrets_dev}/to_usb"
+target_dir_secrets="${HOME}/tmp_secrets"
+echo "Put secrets drive into slot for /dev/${secrets_dev}."
+while [ ! -e /dev/"${secrets_dev}" ]; do
+    sleep 1
+done
+stty -echo
+printf "Secrets passphrase: "
+read SECRETS_PASS 
+stty echo
+echo "" # newline so user knows their input return was accepted
+sudo -v
+echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
+cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+sudo chown -R plom:plom "${target_dir_secrets}"
+sudo pumount "${secrets_dev}"
+echo "You can remove /dev/${secrets_dev} now."
+
+# Set up iniitial non-public parts of infrastructure: SSH authentication.
+ssh_dir=~/.ssh
+cd "${target_dir_secrets}"
+mkdir -p "${ssh_dir}"
+echo "Setting up .ssh"
+cp id_rsa ~/.ssh
+stty -echo
+ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+stty echo
+eval $(ssh-agent)
+ssh-add
+ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+
+# Fill ~/public_repos.
+public_repos_dir="${HOME}/public_repos"
+repos_list_file="${public_repos_dir}/repos"
+mkdir -p "${public_repos_dir}"
+cat "${repos_list_file}" | while read line; do
+    first_char=$(echo "${line}" | cut -c1)
+    if [ "${first_char}" = "#" ]; then
+        continue
+    fi
+    repo_name="${line}"
+    if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+        cd "${public_repos_dir}"
+        git clone plom@plomlompom.com:/var/repos/${repo_name}
+    fi
+done
+
 # # Set up native messenger for tridactyl.
 # version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
 # curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
-# 
-# # Set up further non-public parts of infrastructure.
-# cd "${dir_secrets}"
-# script -c 'gpg --import secret_keys.asc' /dev/null
-# tar xf borg_keyfiles.tar
-# mkdir -p "${borgkeys_dir}"
-# mv borg_keyfiles/* "${borgkeys_dir}"
-# # .authinfo may not be present on every secrets drive yet
-# if [ -f "${authinfo_file}" ]; then
-#     cp "${authinfo_file}" ~
-# fi
-# cd
+
+# Set up further non-public parts of infrastructure.
+cd "${target_dir_secrets}"
+script -c 'gpg --import secret_keys.asc' /dev/null
+path_borgscript="${config_tree_prefix}//borg.sh"
+
+# borg setup
+borgkeys_dir=~/.config/borg/keys
+borgrepos_file=~/.borgrepos
+tar xf borg_keyfiles.tar
+mkdir -p "${borgkeys_dir}"
+mv borg_keyfiles/* "${borgkeys_dir}"
+# Sync org dir via borgbackup. For this we need the borgbackup servers
+# in our .ssh/known_hosts file.
+cat "${borgrepos_file}" | while read line; do
+    first_char=$(echo "${line}" | cut -c1)
+    if [ "${first_char}" = "#" ]; then
+        continue
+    fi
+    server=$(echo "${line}" | sed 's/.*@//')
+    ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+done
+BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+
+# .authinfo may not be present on every secrets drive yet
+authinfo_file=.authinfo
+if [ -f "${authinfo_file}" ]; then
+    cp "${authinfo_file}" ~
+fi
+cd
+
 # rm -rf "${dir_secrets}"
-# 
-# # Sync org dir via borgbackup. For this we need the borgbackup servers
-# # in our .ssh/known_hosts file.
-# cat "${borgrepos_file}" | while read line; do
-#     first_char=$(echo "${line}" | cut -c1)
-#     if [ "${first_char}" = "#" ]; then
-#         continue
-#     fi
-#     server=$(echo "${line}" | sed 's/.*@//')
-#     ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
-# done
-# BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
-# 
-# # Fill ~/public_repos.
-# cat "${repos_list_file}" | while read line; do
-#     first_char=$(echo "${line}" | cut -c1)
-#     if [ "${first_char}" = "#" ]; then
-#         continue
-#     fi
-#     ensure_repo "${line}"
-# done
-# 
+
+maildir=~/mail/maildir
 # # Set up e-mail system. Note that we only do mbsync if the imap pass file
 # # is found. It may not be present on every secrets drive yet, so we have to
 # # deal with the possibility of it being absent at this point.
-# mkdir -p "${maildir}"  # expected by mbsync/isync
-# if [ -f "${HOME}/${authinfo_file}" ]; then
-#     mbsync -a
-#     notmuch new
-# fi
-# 
-# # # Final note on how to integrate tridactyl.
-# # echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
+mkdir -p "${maildir}"  # expected by mbsync/isync
+if [ -f "${HOME}/${authinfo_file}" ]; then
+    mbsync -a
+    notmuch new
+fi
+
+# # Final note on how to integrate tridactyl.
+# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
-- 
2.30.2