ddp/bin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tweaked for new mara IP (some are in comments), moved to using common scripts, added fonts-cascasdia-code, commented out wireguard added cisco vpn (anyconnect) and openconnect for gui, updated spotify, added sqldeveloper, updated zoom upgrades/repo, added brother printer, added docker to do local DCM on borric, tried a usb-reset (now commented out) to fix mouse not starting on boot sometimes, but it is the cause of the loud speaker pop, and added howdy (face login) - but its not working in recent Ubuntus so commented out for now

Browse Source
This commit is contained in:
Damien De Paoli
2025-08-16 11:29:20 +10:00
parent 8a1b2b7c22
commit 06a976863e
1 changed files with 93 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
Mint-Linux-Upgrade
View File

@@ -10,22 +10,26 @@ sudo passwd
export OD=/mnt/old_distro export OD=/mnt/old_distro
cp -f $OD/etc/sudoers.d/ddp /etc/sudoers.d/ ; # make sudo not ask for passwd for sudo group (that is all this does) cp -f $OD/etc/sudoers.d/ddp /etc/sudoers.d/ ; # make sudo not ask for passwd for sudo group (that is all this does)
cp -f $OD/etc/default/grub /etc/default/grub ; # GRUB_TIMEOUT=1, GRUB_BACKGROUND=/home/ddp/Pictures/star-for-grub.png cp -f $OD/etc/default/grub /etc/default/grub ; # GRUB_TIMEOUT=1, GRUB_BACKGROUND=/home/ddp/Pictures/star-for-grub.png
grep 192.168.0.2 $OD/etc/fstab >> /etc/fstab
# TEST this for borric
#/home/ddp/bin/upgrade-script-common/fix-fstab
grep 192.168.2.2 $OD/etc/fstab >> /etc/fstab
# this should be created with min installer, but just in case: # this should be created with min installer, but just in case:
# grep backup $OD/etc/fstab >> /etc/fstab # grep backup $OD/etc/fstab >> /etc/fstab
# FINALLY: set final number to 0 on /boot/efi so it does not fail fsck on every boot # FINALLY: set final number to 0 on /boot/efi so it does not fail fsck on every boot
mkdir /myth mkdir /myth
mkdir -p /backup mkdir -p /backup
#echo "192.168.0.2:/export/myth /myth nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=65536,wsize=65536,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax #echo "192.168.2.2:/export/myth /myth nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=1048576,wsize=1048576,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax
#echo "192.168.0.2:/export/home /home nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=65536,wsize=65536,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax #echo "192.168.2.2:/export/home /home nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=1048576,wsize=1048576,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax
apt-get update apt-get update
# update everything :^) # update everything :^)
apt-get -y dist-upgrade apt-get -y dist-upgrade
apt-get -y install gimp vim gnome-games openssh-server mplayer unrar \ apt-get -y install gimp vim gnome-games openssh-server mplayer unrar nmap \
thunderbird nmap iftop ethtool gsmartcontrol imagemagick \ thunderbird iftop ethtool gsmartcontrol imagemagick fonts-cascadia-code \
freerdp2-x11 vlc nethogs tcl sysstat nfs-common faenza-icon-theme steam \ freerdp2-x11 vlc nethogs tcl sysstat nfs-common faenza-icon-theme steam \
gimp-plugin-registry elinks mesa-utils xscreensaver-gl alien \ gimp-plugin-registry elinks mesa-utils xscreensaver-gl alien \
wmctrl grub2-splashimages libcrypt-ssleay-perl ntp traceroute \ wmctrl grub2-splashimages libcrypt-ssleay-perl ntp traceroute \
@@ -41,15 +45,15 @@ cp -f $OD/etc/dkms/sign-tool /etc/dkms/ ; # OR tweak this to have passphrase in
update-grub update-grub
# wireguard VPN to work # wireguard VPN to work
apt-get -y install wireguard-tools resolvconf unbound #apt-get -y install wireguard-tools resolvconf unbound
cp -f $OD/etc/wireguard/wg100.conf /etc/wireguard/wg100.conf #cp -f $OD/etc/wireguard/wg100.conf /etc/wireguard/wg100.conf
cp -f $OD/etc/unbound/unbound.conf.d/wg-deakin.conf /etc/unbound/unbound.conf.d/wg-deakin.conf #cp -f $OD/etc/unbound/unbound.conf.d/wg-deakin.conf /etc/unbound/unbound.conf.d/wg-deakin.conf
systemctl disable systemd-resolved #systemctl disable systemd-resolved
systemctl enable wg-quick@wg100 #systemctl enable wg-quick@wg100
systemctl restart unbound #systemctl restart unbound
systemctl restart wg-quick@wg100 #systemctl restart wg-quick@wg100
# this copies over the 'search ddp.net' part ## this copies over the 'search ddp.net' part
cp -f $OD/etc/resolvconf/resolv.conf.d/tail /etc/resolvconf/resolv.conf.d/tail #cp -f $OD/etc/resolvconf/resolv.conf.d/tail /etc/resolvconf/resolv.conf.d/tail
# get nvidia drivers # get nvidia drivers
@@ -68,6 +72,13 @@ ubuntu-drivers install
Restart=always Restart=always
BusName=org.freedesktop.DisplayManager BusName=org.freedesktop.DisplayManager
# ensure we can log in with last user, but also by typing own user name:
cp $OD/etc/lightdm/lightdm.conf.d/10-borric.conf /etc/lightdm/lightdm.conf.d/10-borric.conf
# WARNING / HACK had 10 minute network timeout in Mint22, so change this /lib/systemd/system/NetworkManager.service
# to set TimeoutStartSec=2 sec and added ExecStartPre to modprobe my r8169 module # before the Exec* in the file
## ExecStartPre=/sbin/modprobe r8169
## TimeoutStartSec=2
# steam needed the 32-bit nvidia-gl lib to match the above one it installed, e.g. -430 (not needed this time) # steam needed the 32-bit nvidia-gl lib to match the above one it installed, e.g. -430 (not needed this time)
#apt-get -y install libnvidia-gl-435:i386 #apt-get -y install libnvidia-gl-435:i386
@@ -75,59 +86,31 @@ ubuntu-drivers install
# remember to say yes to hddtemp # remember to say yes to hddtemp
#sensors-detect ; # remember to say yes explicitly to the last question #sensors-detect ; # remember to say yes explicitly to the last question
# LDAP for client auth # get system to use ldap
sudo apt install libnss-ldap libpam-ldap ldap-utils nscd /home/ddp/bin/upgrade-script-common/ldap-conf
# answer: # test this: should see output
#1) ldap://192.168.0.2 id mandy
#2) dc=depaoli,dc=id,dc=au
#3) 3
#4) Yes
#5) No
#6) cn=admin,dc=depaoli,dc=id,dc=au
#7) a_real_admin_pass_word_for_2o20
# in case you screw up a step above, do this:
dpkg-reconfigure ldap-auth-config
# add ldap to end of passwd group shadow in /etc/nsswitch.conf
#### passwd: files systemd ldap
#### group: files systemd ldap
sudo pam-auth-update ; # tick on home dir creation
# add bind_policy soft to /etc/ldap.conf (as root)
echo "bind_policy soft" >> /etc/ldap.conf
## ##
## Now, need to get home dir back... ## Now, need to get home dir back...
## ##
# firewall # firewall
sudo ufw allow from 192.168.0.0/24 to any port 22 ; # ssh sudo ufw allow from 192.168.0.0/21 to any port 22 ; # ssh
sudo ufw allow from 128.184.0.0/16 to any port 22 ; # ssh from sys interact sudo ufw allow from 128.184.0.0/16 to any port 22 ; # ssh from sys interact
sudo ufw enable sudo ufw enable
# ensure wol works in new systemd world # fix wake on lan
eth=`ifconfig | grep en | head -n1 | cut -f1 -d:` /home/ddp/bin/upgrade-script-common/wol
sudo ethtool -s $eth wol g
reboot ; # should fix nvidia drivers and ldap and NFS of /home, /myth reboot ; # should fix nvidia drivers and ldap and NFS of /home, /myth
#######
################################### zoom/teams ################################### ################################### zoom/teams ###################################
# zoom from a repo (this is some guys hack, not official - so check): # zoom from a repo (this is some guys hack, not official - so check):
wget -qO- https://mirror.mwt.me/my/gpgkey | sudo tee /usr/share/keyrings/mwt.asc > /dev/null wget -qO- "https://mirror.mwt.me/zoom/install.sh" | sudo -s
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mwt.asc by-hash=force] https://mirror.mwt.me/my/deb any rstudio zoom" | sudo tee /etc/apt/sources.list.d/mwt.list
apt update apt update
apt install -y zoom apt install -y zoom
# I'm using teams in browser now, so dont need this?
#curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg/microsoft.asc
#echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" | sudo tee /etc/apt/sources.list.d/teams.list
#apt update
#apt install -y teams
################################### MYTH ################################### ################################### MYTH ###################################
# get myth on the box # get myth on the box
@@ -144,22 +127,30 @@ chown -R mythtv:mythtv /var/log/mythtv/
# gpasswd -a $i mythtv # gpasswd -a $i mythtv
#done #done
apt-get -y purge mythtv-dbg /home/ddp/bin/upgrade-script-common/delete-pkgs
# if on pug:
#sudo cp -r /mnt/old_distro/usr/share/mythtv/mythweather/scripts/bom* /usr/share/mythtv/mythweather/scripts
################################### VPN ################################### ################################### VPN ###################################
# VPN: # VPN:
#sudo apt -y install network-manager-openconnect-gnome #sudo apt -y install network-manager-openconnect-gnome
# openconnect -> use NetworkManager after this, and set:
# gateway -> vpn.deakin.edu.au/encrypted
# User Agent -> AnyConnect Linux_64 4.7.00136
sudo apt -y install network-manager-openconnect-gnome
# NOTE: had to make a wrapper to cisco vpn (/home/ddp/bin/vpn-wrapper.txt) and change
# that in cinammon menus (bit weird, but preferences, panel edit mode, edit menu, change the binary) ->
# resulted in: ~/.local/share/applications/com.cisco.secureclient.gui.desktop
### SO all this should survive reinstalls
## smart & external drive: ## smart & external drive:
# consider /etc/smartd.conf (I added disk-by-id -d ignore -- but its h/w specific) # consider /etc/smartd.conf (I added disk-by-id -d ignore -- but its h/w specific)
## need to get Deakin cisco one (https://www.deakin.edu.au/software/) -- maybe: https://software.deakin.edu.au/2019/04/16/cisco-anyconnect/ ## need to get Deakin cisco one (https://www.deakin.edu.au/software/) -- maybe: https://software.deakin.edu.au/2019/04/16/cisco-anyconnect/
#cd /home/ddp/tmp #cd /home/ddp/tmp
#tar zxf /home/ddp/installed/anyconnect-linux64-4.10.00093-predeploy-k9.tar.gz #tar zxf /home/ddp/installed/anyconnect-linux64-*.gz
#cd anyconnect-linux64-*/vpn #cd anyconnect-linux64-*/vpn
#sudo ./vpn_install.sh #sudo ./vpn_install.sh
#run from menu, and when it has a connection box, need to use: vpn.deakin.edu.au/unencrypted #run from menu, and when it has a connection box, need to use: vpn.deakin.edu.au/unencrypted
@@ -183,14 +174,23 @@ echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=
apt update apt update
sudo apt install -y brave-browser sudo apt install -y brave-browser
# spotify if we want it # spotify if we want it (have seen at least once, the hex sig for key change - apt update will complain, but puts out the hex key
curl -sS https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/repository-spotify-com-keyring.gpg # just replace C8...001 with new hex key
curl -sS https://download.spotify.com/debian/pubkey_C85668DF69375001.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/repository-spotify-com-keyring.gpg
sudo apt update
sudo apt install -y spotify-client sudo apt install -y spotify-client
# vs code: # vs code:
# get new version from: https://code.visualstudio.com/docs/setup/linux # get new version from: https://code.visualstudio.com/docs/setup/linux
sudo apt install ./Downloads/code_1.54.3-1615806378_amd64.deb sudo apt install ./Downloads/code_1.54.3-1615806378_amd64.deb
# sqldeveloper if needed
# browse to https://www.oracle.com/database/sqldeveloper/technologies/download/
# grab latest (sqldeveloper-23.1.1.345.2114-no-jre.zip <- last time I did this)
# cd /opt
# sudo unzip ~/sqldeveloper*
# /opt/sqldeveloper/sqldeveloper.sh
# add vim plugin: # add vim plugin:
# https://marketplace.visualstudio.com/items?itemName=vscodevim.vim # https://marketplace.visualstudio.com/items?itemName=vscodevim.vim
@@ -199,4 +199,39 @@ sudo apt install ./Downloads/code_1.54.3-1615806378_amd64.deb
timedatectl set-local-rtc 1 --adjust-system-clock timedatectl set-local-rtc 1 --adjust-system-clock
# catch any personal crons: was only using this for scripts I no longer need (cinnamon slow / manage_teams) # catch any personal crons: was only using this for scripts I no longer need (cinnamon slow / manage_teams)
#########sudo rsync -axv $OD/var/spool/cron/crontabs/ /var/spool/cron/crontabs/ #########sudo rsync -axv $OD/var/spool/cron/crontabs/ /var/spool/cron/crontabs
# Brother printer
# download installer # (https://support.brother.com/g/b/downloadhowto.aspx?c=au&lang=en&prod=mfcj4440dw_as&os=128&dlid=dlf006893_000&flang=4&type3=625)
sudo bash ./linux-brprinter-installer-2.2.4-1 MFC-J4440DW
# it broke with the scanning software install, did the
sudo apt --fix-broken install
# not sure what scanning s/w or if it works
#DOCKER (for dcm at least):
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# fix usb mouse sometimes not powering on...
#cp $OD/etc/systemd/system/usb-reset.service /etc/systemd/system/usb-reset.service
#systemctl daemon-reexec
#systemctl enable usb-reset.service
#systemctl start usb-reset.service
# howdy / login via face recognition
#add-apt-repository ppa:boltgolt/howdy
#apt update
#apt install -y howdy