#!/bin/sh # choose internode... software-properties-gtk # set root pwd sudo passwd # use previous install's conf export OD=/mnt/old_distro cp -f $OD/etc/sudoers.d/ddp /etc/sudoers.d/ ; # make sudo not ask for passwd for sudo group (that is all this does) cp -f $OD/etc/default/grub /etc/default/grub ; # GRUB_TIMEOUT=1, GRUB_BACKGROUND=/home/ddp/Pictures/star-for-grub.png # TEST this for borric #/home/ddp/bin/upgrade-script-common/fix-fstab grep 192.168.2.2 $OD/etc/fstab >> /etc/fstab # this should be created with min installer, but just in case: # grep backup $OD/etc/fstab >> /etc/fstab # FINALLY: set final number to 0 on /boot/efi so it does not fail fsck on every boot mkdir /myth mkdir -p /backup #echo "192.168.2.2:/export/myth /myth nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=1048576,wsize=1048576,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax #echo "192.168.2.2:/export/home /home nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min,rsize=1048576,wsize=1048576,timeo=14,intr" >> /etc/fstab ; # stupid nfs mounts via systemd need this kooky syntax apt-get update # update everything :^) apt-get -y dist-upgrade apt-get -y install gimp vim gnome-games openssh-server mplayer unrar nmap \ thunderbird iftop ethtool gsmartcontrol imagemagick fonts-cascadia-code \ freerdp2-x11 vlc nethogs tcl sysstat nfs-common faenza-icon-theme steam \ gimp-plugin-registry elinks mesa-utils xscreensaver-gl alien \ wmctrl grub2-splashimages libcrypt-ssleay-perl ntp traceroute \ ubuntu-restricted-extras smbclient devilspie2 net-tools grub2-theme-mint-2k \ fonts-crosextra-carlito fonts-crosextra-caladea git restic nvme-cli dkms iotop-c ### dkms/secureboot -> Will also need me to put the signing key into the bios on any new mobo (google it) cp -f $OD/etc/dkms/framework.conf /etc/dkms/ ; # OR just enable the sign tool line cp -f $OD/etc/dkms/sign-tool /etc/dkms/ ; # OR tweak this to have passphrase in it # catch new grub.conf and grub2-theme-mint-2k update-grub # wireguard VPN to work #apt-get -y install wireguard-tools resolvconf unbound #cp -f $OD/etc/wireguard/wg100.conf /etc/wireguard/wg100.conf #cp -f $OD/etc/unbound/unbound.conf.d/wg-deakin.conf /etc/unbound/unbound.conf.d/wg-deakin.conf #systemctl disable systemd-resolved #systemctl enable wg-quick@wg100 #systemctl restart unbound #systemctl restart wg-quick@wg100 ## this copies over the 'search ddp.net' part #cp -f $OD/etc/resolvconf/resolv.conf.d/tail /etc/resolvconf/resolv.conf.d/tail # get nvidia drivers ubuntu-drivers install ### half-way through linuxmint 20, needed to add this: ExecStartPre=modprobe nvidia #to /etc/systemd/system/display-manager.service: like below... [Service] # temporary safety check until all DMs are converted to correct # display-manager.service symlink handling ExecStartPre=modprobe nvidia ExecStartPre=/bin/sh -c '[ "$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))" = "lightdm" ]' ExecStart=/usr/sbin/lightdm Restart=always BusName=org.freedesktop.DisplayManager # ensure we can log in with last user, but also by typing own user name: cp $OD/etc/lightdm/lightdm.conf.d/10-borric.conf /etc/lightdm/lightdm.conf.d/10-borric.conf # WARNING / HACK had 10 minute network timeout in Mint22, so change this /lib/systemd/system/NetworkManager.service # to set TimeoutStartSec=2 sec and added ExecStartPre to modprobe my r8169 module # before the Exec* in the file ## ExecStartPre=/sbin/modprobe r8169 ## TimeoutStartSec=2 # steam needed the 32-bit nvidia-gl lib to match the above one it installed, e.g. -430 (not needed this time) #apt-get -y install libnvidia-gl-435:i386 # remember to say yes to hddtemp #sensors-detect ; # remember to say yes explicitly to the last question # get system to use ldap /home/ddp/bin/upgrade-script-common/ldap-conf # test this: should see output id mandy ## ## Now, need to get home dir back... ## # firewall sudo ufw allow from 192.168.0.0/21 to any port 22 ; # ssh sudo ufw allow from 128.184.0.0/16 to any port 22 ; # ssh from sys interact sudo ufw enable # fix wake on lan /home/ddp/bin/upgrade-script-common/wol reboot ; # should fix nvidia drivers and ldap and NFS of /home, /myth ################################### zoom/teams ################################### # zoom from a repo (this is some guys hack, not official - so check): wget -qO- "https://mirror.mwt.me/zoom/install.sh" | sudo -s apt update apt install -y zoom ################################### MYTH ################################### # get myth on the box ### if you need a newer version: sudo add-apt-repository ppa:mythbuntu/32 && apt update mkdir /myth apt-get -y install mythweather mythmusic mythtv-frontend nfs-common # for myth... (I think this is no longer needed with ldap now) # uid=500, gid=500 for mythtv:mythtv # vi /etc/passwd ; # make mythtv - 500:500 # vi /etc/group ; # make mythtv - 500 #chown -R mythtv:mythtv /home/mythtv chown -R mythtv:mythtv /var/log/mythtv/ #for i in $USERS; do # gpasswd -a $i mythtv #done /home/ddp/bin/upgrade-script-common/delete-pkgs ################################### VPN ################################### # VPN: #sudo apt -y install network-manager-openconnect-gnome # openconnect -> use NetworkManager after this, and set: # gateway -> vpn.deakin.edu.au/encrypted # User Agent -> AnyConnect Linux_64 4.7.00136 sudo apt -y install network-manager-openconnect-gnome # NOTE: had to make a wrapper to cisco vpn (/home/ddp/bin/vpn-wrapper.txt) and change # that in cinammon menus (bit weird, but preferences, panel edit mode, edit menu, change the binary) -> # resulted in: ~/.local/share/applications/com.cisco.secureclient.gui.desktop ### SO all this should survive reinstalls ## smart & external drive: # consider /etc/smartd.conf (I added disk-by-id -d ignore -- but its h/w specific) ## need to get Deakin cisco one (https://www.deakin.edu.au/software/) -- maybe: https://software.deakin.edu.au/2019/04/16/cisco-anyconnect/ #cd /home/ddp/tmp #tar zxf /home/ddp/installed/anyconnect-linux64-*.gz #cd anyconnect-linux64-*/vpn #sudo ./vpn_install.sh #run from menu, and when it has a connection box, need to use: vpn.deakin.edu.au/unencrypted ################################### borric ################################### # keyboard (do these by hand, 1-by-1, needs kbd input between cmds) add-apt-repository ppa:openrazer/stable add-apt-repository ppa:polychromatic/stable apt update apt install -y openrazer-meta polychromatic # do this to get keys into correct files/format #apt-key export 22E2C8C5 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/polychromatic.gpg #apt-key export 7B2AEE37 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/OpenRazer.gpg # as ddp/etc: sudo gpasswd -a $USER plugdev # install brave instead (follow this: https://brave.com/linux/#linux) curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|tee /etc/apt/sources.list.d/brave-browser-release.list apt update sudo apt install -y brave-browser # spotify if we want it (have seen at least once, the hex sig for key change - apt update will complain, but puts out the hex key # just replace C8...001 with new hex key curl -sS https://download.spotify.com/debian/pubkey_C85668DF69375001.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/repository-spotify-com-keyring.gpg sudo apt update sudo apt install -y spotify-client # vs code: # get new version from: https://code.visualstudio.com/docs/setup/linux sudo apt install ./Downloads/code_1.54.3-1615806378_amd64.deb # sqldeveloper if needed # browse to https://www.oracle.com/database/sqldeveloper/technologies/download/ # grab latest (sqldeveloper-23.1.1.345.2114-no-jre.zip <- last time I did this) # cd /opt # sudo unzip ~/sqldeveloper* # /opt/sqldeveloper/sqldeveloper.sh # add vim plugin: # https://marketplace.visualstudio.com/items?itemName=vscodevim.vim # consider adding ~/bin/manage_teams & ~/bin/cinnamon_is_slow to crontab for ddp # b/c windows dual boot messes with time/date, do this: timedatectl set-local-rtc 1 --adjust-system-clock # catch any personal crons: was only using this for scripts I no longer need (cinnamon slow / manage_teams) #########sudo rsync -axv $OD/var/spool/cron/crontabs/ /var/spool/cron/crontabs # Brother printer # download installer # (https://support.brother.com/g/b/downloadhowto.aspx?c=au&lang=en&prod=mfcj4440dw_as&os=128&dlid=dlf006893_000&flang=4&type3=625) sudo bash ./linux-brprinter-installer-2.2.4-1 MFC-J4440DW # it broke with the scanning software install, did the sudo apt --fix-broken install # not sure what scanning s/w or if it works #DOCKER (for dcm at least): sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin # fix usb mouse sometimes not powering on... #cp $OD/etc/systemd/system/usb-reset.service /etc/systemd/system/usb-reset.service #systemctl daemon-reexec #systemctl enable usb-reset.service #systemctl start usb-reset.service # howdy / login via face recognition #add-apt-repository ppa:boltgolt/howdy #apt update #apt install -y howdy