#!/bin/sh # choose internode... software-properties-gtk # set root pwd sudo passwd # use previous install's conf export OD=/mnt/old_distro cp -f $OD/etc/sudoers.d/ddp /etc/sudoers.d/ ; # make sudo not ask for passwd for sudo group (that is all this does) cp -f $OD/etc/default/grub /etc/default/grub ; # GRUB_TIMEOUT=1, GRUB_BACKGROUND=/home/ddp/Pictures/star-for-grub.png grep 192.168.0.2 $OD/etc/fstab >> /etc/fstab # this should be created with min installer, but just in case: # grep backup $OD/etc/fstab >> /etc/fstab # FINALLY: set final number to 0 on /boot/efi so it does not fail fsck on every boot mkdir /myth mkdir -p /backup #echo "192.168.0.2:/export/myth /myth nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=65536,wsize=65536,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax #echo "192.168.0.2:/export/home /home nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=65536,wsize=65536,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax apt-get update # update everything :^) apt-get -y dist-upgrade apt-get -y install gimp vim gnome-games openssh-server mplayer unrar \ thunderbird nmap iftop ethtool gsmartcontrol imagemagick \ freerdp2-x11 vlc nethogs tcl sysstat nfs-common faenza-icon-theme steam \ gimp-plugin-registry elinks mesa-utils xscreensaver-gl alien \ wmctrl grub2-splashimages libcrypt-ssleay-perl ntp traceroute \ ubuntu-restricted-extras smbclient devilspie2 net-tools grub2-theme-mint-2k \ fonts-crosextra-carlito fonts-crosextra-caladea git restic nvme-cli dkms iotop-c ### dkms/secureboot -> Will also need me to put the signing key into the bios on any new mobo (google it) cp -f $OD/etc/dkms/framework.conf /etc/dkms/ ; # OR just enable the sign tool line cp -f $OD/etc/dkms/sign-tool /etc/dkms/ ; # OR tweak this to have passphrase in it # catch new grub.conf and grub2-theme-mint-2k update-grub # wireguard VPN to work apt-get -y install wireguard-tools resolvconf unbound cp -f $OD/etc/wireguard/wg100.conf /etc/wireguard/wg100.conf cp -f $OD/etc/unbound/unbound.conf.d/wg-deakin.conf /etc/unbound/unbound.conf.d/wg-deakin.conf systemctl disable systemd-resolved systemctl enable wg-quick@wg100 systemctl restart unbound systemctl restart wg-quick@wg100 # this copies over the 'search ddp.net' part cp -f $OD/etc/resolvconf/resolv.conf.d/tail /etc/resolvconf/resolv.conf.d/tail # get nvidia drivers ubuntu-drivers install ### half-way through linuxmint 20, needed to add this: ExecStartPre=modprobe nvidia #to /etc/systemd/system/display-manager.service: like below... [Service] # temporary safety check until all DMs are converted to correct # display-manager.service symlink handling ExecStartPre=modprobe nvidia ExecStartPre=/bin/sh -c '[ "$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))" = "lightdm" ]' ExecStart=/usr/sbin/lightdm Restart=always BusName=org.freedesktop.DisplayManager # steam needed the 32-bit nvidia-gl lib to match the above one it installed, e.g. -430 (not needed this time) #apt-get -y install libnvidia-gl-435:i386 # remember to say yes to hddtemp #sensors-detect ; # remember to say yes explicitly to the last question # LDAP for client auth sudo apt install libnss-ldap libpam-ldap ldap-utils nscd # answer: #1) ldap://192.168.0.2 #2) dc=depaoli,dc=id,dc=au #3) 3 #4) Yes #5) No #6) cn=admin,dc=depaoli,dc=id,dc=au #7) a_real_admin_pass_word_for_2o20 # in case you screw up a step above, do this: dpkg-reconfigure ldap-auth-config # add ldap to end of passwd group shadow in /etc/nsswitch.conf #### passwd: files systemd ldap #### group: files systemd ldap sudo pam-auth-update ; # tick on home dir creation # add bind_policy soft to /etc/ldap.conf (as root) echo "bind_policy soft" >> /etc/ldap.conf ## ## Now, need to get home dir back... ## # firewall sudo ufw allow from 192.168.0.0/24 to any port 22 ; # ssh sudo ufw allow from 128.184.0.0/16 to any port 22 ; # ssh from sys interact sudo ufw enable # ensure wol works in new systemd world eth=`ifconfig | grep en | head -n1 | cut -f1 -d:` sudo ethtool -s $eth wol g reboot ; # should fix nvidia drivers and ldap and NFS of /home, /myth ####### ################################### zoom/teams ################################### # zoom from a repo (this is some guys hack, not official - so check): wget -qO- https://mirror.mwt.me/my/gpgkey | sudo tee /usr/share/keyrings/mwt.asc > /dev/null echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mwt.asc by-hash=force] https://mirror.mwt.me/my/deb any rstudio zoom" | sudo tee /etc/apt/sources.list.d/mwt.list apt update apt install -y zoom # I'm using teams in browser now, so dont need this? #curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg/microsoft.asc #echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" | sudo tee /etc/apt/sources.list.d/teams.list #apt update #apt install -y teams ################################### MYTH ################################### # get myth on the box ### if you need a newer version: sudo add-apt-repository ppa:mythbuntu/32 && apt update mkdir /myth apt-get -y install mythweather mythmusic mythtv-frontend nfs-common # for myth... (I think this is no longer needed with ldap now) # uid=500, gid=500 for mythtv:mythtv # vi /etc/passwd ; # make mythtv - 500:500 # vi /etc/group ; # make mythtv - 500 #chown -R mythtv:mythtv /home/mythtv chown -R mythtv:mythtv /var/log/mythtv/ #for i in $USERS; do # gpasswd -a $i mythtv #done apt-get -y purge mythtv-dbg # if on pug: #sudo cp -r /mnt/old_distro/usr/share/mythtv/mythweather/scripts/bom* /usr/share/mythtv/mythweather/scripts ################################### VPN ################################### # VPN: #sudo apt -y install network-manager-openconnect-gnome ## smart & external drive: # consider /etc/smartd.conf (I added disk-by-id -d ignore -- but its h/w specific) ## need to get Deakin cisco one (https://www.deakin.edu.au/software/) -- maybe: https://software.deakin.edu.au/2019/04/16/cisco-anyconnect/ #cd /home/ddp/tmp #tar zxf /home/ddp/installed/anyconnect-linux64-4.10.00093-predeploy-k9.tar.gz #cd anyconnect-linux64-*/vpn #sudo ./vpn_install.sh #run from menu, and when it has a connection box, need to use: vpn.deakin.edu.au/unencrypted ################################### borric ################################### # keyboard (do these by hand, 1-by-1, needs kbd input between cmds) add-apt-repository ppa:openrazer/stable add-apt-repository ppa:polychromatic/stable apt update apt install -y openrazer-meta polychromatic # do this to get keys into correct files/format #apt-key export 22E2C8C5 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/polychromatic.gpg #apt-key export 7B2AEE37 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/OpenRazer.gpg # as ddp/etc: sudo gpasswd -a $USER plugdev # install brave instead (follow this: https://brave.com/linux/#linux) curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|tee /etc/apt/sources.list.d/brave-browser-release.list apt update sudo apt install -y brave-browser # spotify if we want it curl -sS https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/repository-spotify-com-keyring.gpg sudo apt install -y spotify-client # vs code: # get new version from: https://code.visualstudio.com/docs/setup/linux sudo apt install ./Downloads/code_1.54.3-1615806378_amd64.deb # add vim plugin: # https://marketplace.visualstudio.com/items?itemName=vscodevim.vim # consider adding ~/bin/manage_teams & ~/bin/cinnamon_is_slow to crontab for ddp # b/c windows dual boot messes with time/date, do this: timedatectl set-local-rtc 1 --adjust-system-clock # catch any personal crons: was only using this for scripts I no longer need (cinnamon slow / manage_teams) #########sudo rsync -axv $OD/var/spool/cron/crontabs/ /var/spool/cron/crontabs/