summaryrefslogtreecommitdiffstats
path: root/hosts/logi1/postinst
blob: cd797cdb68558fb6cbf6c736e10be23d8f37d036 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
#!/bin/sh

# Make swap file and set vm.swappiness.
# mkswap needs to be given the full path to the swap file including the
# root file system's mount point, or else this false error happens:
#   mkswap: error: /var/swap is mounted; will not make swapspace
fallocate -l 4GiB "${target}/var/swap" || return 1  # TODO: Increase
chmod 0600 "${target}/var/swap" || return 1
mkswap "${target}/var/swap" || return 1
printf 'vm.swappiness = 10\n' >"${target}/etc/sysctl.d/vm-swappiness.conf"

# Hibernation.
root="UUID=$(blkid -o value -s UUID "${dev}1")"
offset="$(in_target filefrag -v /var/swap | sed -n '
	/physical_offset:/{
		n;
		s/^[ 0-9.]*:[ 0-9.]*: *\([0-9][0-9]*\)...*$/\1/;
		p;
		q;
	};')"
cmdline="quiet iommu=pt resume=${root} resume_offset=${offset}"
# TODO: cmdline="${cmdline} nouveau.config=NvBios=vbios.rom"
cp -p "${target}/etc/default/grub" "${target}/etc/default/grub.dist"
sed 's|^\(GRUB_CMDLINE_LINUX_DEFAULT\)=.*$|\1="'"${cmdline}"'"|;' \
	"${target}/etc/default/grub.dist" >"${target}/etc/default/grub"

# Disable ast and snd_hda_intel Linux driver modules.
cat >"${target}/etc/modprobe.d/ast.conf" <<-EOF
	blacklist ast
	EOF
cat >"${target}/etc/modprobe.d/alsa.conf" <<-EOF
	blacklist snd_hda_intel
	EOF

# Set up sensors and fancontrol.  Ensure that k10temp and fam15h_power are
# loaded in a predictable order.  Also load i2c-dev, needed for ddcutil.
cat >"${target}/etc/modprobe.d/sensors.conf" <<-EOF
	blacklist k10temp
	blacklist fam15h_power
	EOF
cat >"${target}/etc/modules" <<-EOF
	k10temp
	fam15h_power
	w83627ehf
	w83795
	i2c-dev
	EOF
cat >"${target}/etc/fancontrol" <<-EOF
	# Configuration file generated by pwmconfig, changes will be lost
	INTERVAL=5
	DEVPATH=hwmon1=devices/pci0000:00/0000:00:18.3 hwmon4=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f
	DEVNAME=hwmon1=k10temp hwmon4=w83795g
	FCTEMPS=hwmon4/device/pwm1=hwmon1/temp1_input
	FCFANS= hwmon4/device/pwm1=hwmon4/device/fan1_input
	MINTEMP=hwmon4/device/pwm1=30
	MAXTEMP=hwmon4/device/pwm1=60
	MINSTART=hwmon4/device/pwm1=150
	MINSTOP=hwmon4/device/pwm1=0
	EOF

# Set up Network UPS Tools (NUT).
sed -i 's/^MODE=.*$/MODE=standalone/' >"${target}/etc/nut/nut.conf"
cat >>"${target}/etc/nut/ups.conf" <<EOF
[5sc]
	driver = usbhid-ups
	port = auto
	vendorid = 0463
	desc = "EATON 5SC1500"
	pollinterval = 15
EOF

# Turn on numlock on the VTs.
cat >"${target}/etc/rc.local" <<'EOF'
#!/bin/sh -e

for tty in /dev/tty[1-6]; do
	/usr/bin/setleds -D +num 0<"${tty}"
done
EOF

# Disable mpd service.
in_target update-rc.d mpd disable

# Install backported packages.
in_target apt-get -q -y install kicad/stretch-backports || return 1
in_target apt-get -q -y install tor/stretch-backports torsocks || return 1
in_target apt-get -q -y -t stretch-backports install debhelper || return 1
in_target apt-get -q -y install gajim/stretch-backports \
	gajim-omemo/stretch-backports python3-nbxmpp/stretch-backports

# Install diffoscope (needs "--no-install-recommends") and related packages.
in_target apt-get -q -y --no-install-recommends install diffoscope \
	jsbeautifier trydiffoscope

# Install backported minetest and mods from buster.
in_target apt-get -q -y -t stretch-backports install minetest || return 1
in_target apt-get -q -y install minetest-mod-craftguide minetest-mod-homedecor \
	minetest-mod-mesecons minetest-mod-moreblocks minetest-mod-moreores \
	minetest-mod-pipeworks || return 1

# Set default x-www-browser.
in_target update-alternatives --set x-www-browser /usr/bin/midori

# Purge systemd.
in_target apt-get -q -y purge libpam-systemd systemd || return 1
in_target apt-get -q -y --purge autoremove || return 1

# Remove packages from APT cache.
in_target apt-get clean || return 1

# Install GRUB.
in_target update-grub
in_target grub-install "${dev}"

# Update initramfs.
in_target update-initramfs -u

# Configure X.
cat >"${target}/etc/X11/xorg.conf" <<EOF
Section "Device"
	Identifier "Card0"
	Driver "nouveau"
	BusID "PCI:1:0:0"
EndSection
EOF

# Increase ImageMagick resource limits.
install -u 0 -g 0 -m 0644 "$(dirname "${0}")/hosts/${host}/im6-policy.xml" \
	"${target}/etc/ImageMagick-6/policy.xml"

# Add user to groups created by postinst_pkgs.
in_target adduser pj scanner || return 1
in_target adduser pj wireshark || return 1
in_target adduser pj sbuild || return 1

# Allow sudo without password.
cat >"${target}/etc/sudoers.d/sudo" <<-EOF
	%sudo	ALL=(ALL) NOPASSWD:ALL

	Cmnd_Alias PBUILDER = /usr/sbin/pbuilder, /usr/bin/pdebuild, /usr/bin/debuild-pbuilder, /usr/sbin/cowbuilder
	Defaults!PBUILDER env_keep+="DIST ARCH BUILD* TMPFS SIGNED HOME"
	%sudo	ALL=(ALL) SETENV: NOPASSWD: PBUILDER
	EOF

# Add udev rule for USBtinyISP(-compatible) programmers.
cat >"${target}/etc/udev/rules.d/10-usbtinyisp.rules" <<-EOF
	SUBSYSTEM=="usb", ATTR{idVendor}=="1781", ATTR{idProduct}=="0c9f", MODE="0660", GROUP="adm"
	EOF

# Add udev rule for CH341A-based programmers.
cat >"${target}/etc/udev/rules.d/10-ch341a.rules" <<-EOF
	SUBSYSTEM=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="5512", MODE="0666"
	EOF

# Install Vertex themes.
in_target apt-get -q -y install gnome-themes-standard gtk2-engines-murrine \
	libgtk-3-dev
in_target sudo -u pj sh <<-EOF
	set -e
	git clone https://github.com/horst3180/vertex-theme \
		/home/pj/src/vertex-theme/
	cd /home/pj/src/vertex-theme/
	./autogen.sh
	ln -s /usr/local/share/themes/ /home/pj/.themes
	EOF
[ ${?} -ne 0 ] && return 1
in_target sh <<-EOF
	cd /home/pj/src/vertex-theme/
	set -e
	make install
	EOF
[ ${?} -ne 0 ] && return 1

# Install skippy-xd.
in_target sudo -u pj sh <<-EOF
	set -e
	git clone https://github.com/richardgv/skippy-xd \
		/home/pj/src/skippy-xd/
	cd /home/pj/src/skippy-xd/
	make
	EOF
[ ${?} -ne 0 ] && return 1
in_target sh <<-EOF
	set -e
	cd /home/pj/src/skippy-xd/
	make PREFIX=/usr/local install
	EOF
[ ${?} -ne 0 ] && return 1

# Install fbpanel patched to set _NET_WM_STATE_SKIP_TASKBAR and
# _NET_WM_STATE_SKIP_PAGER.
in_target wget 'http://www.pehjota.net/~pj/fbpanel/fbpanel_7.0-3.1_amd64.deb'
printf '%s  %s\n' \
	'65d78c522f6df5f7b378a8e2520f4ab4f9c4c34d20da00820973e915f95393d0' \
	'fbpanel_7.0-3.1_amd64.deb' | in_target sha256sum -c
in_target dpkg -i 'fbpanel_7.0-3.1_amd64.deb'
in_target rm -f 'fbpanel_7.0-3.1_amd64.deb'

# Install inkscape patched to match document size against known paper sizes.
in_target wget \
	'http://www.pehjota.net/~pj/inkscape/inkscape_0.92.3-1~bpo9+1_amd64.deb'
printf '%s  %s\n' \
	'1742aeef4a878714a05fbd85451fd65982b88da109ea01fe5cb94100b90f723f' \
	'inkscape_0.92.3-1~bpo9+1_amd64.deb' | in_target sha256sum -c
in_target dpkg -i 'inkscape_0.92.3-1~bpo9+1_amd64.deb'
in_target rm -f 'inkscape_0.92.3-1~bpo9+1_amd64.deb'

# Install ssic.
in_target wget 'http://www.pehjota.net/~pj/ssic/ssic_1.0.0-1_all.deb'
printf '%s  %s\n' \
	'324ef3522f932e20be28f3f9fa8f3b1cad01a4739863be3d97fe7ceffaa1b2b4' \
	'ssic_1.0.0-1_all.deb' | in_target sha256sum -c
in_target dpkg -i 'ssic_1.0.0-1_all.deb'
in_target rm -f 'ssic_1.0.0-1_all.deb'

# Convert wallpaper.
wp_dir='/usr/share/desktop-base/softwaves-theme/wallpaper/contents/images'
in_target sudo -u pj sh <<-EOF
	rsvg-convert '${wp_dir}/1280x1024.svg' >'/home/pj/.wallpaper'
	EOF

# Use temporary configuation SSH key.
install -d -o 1000 -g 1000 -m 0700 "${target}/home/pj/.ssh" || return 1
cat >"${target}/home/pj/.ssh/id_rsa" <<-EOF
	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQCzAF0zqeS2X0TuVOIxqMec3lMzZy/MHQswPP+BQkmc2D3YVb2x
	px1YAAweQnfZ27pGJkDztStOtMQJeaOsnAVdm2NSe+hEdaKAOxf9p6t+F930HM/w
	1wkm1ddlsnCaaCipzGVOM77Q/brEItWvuq8G0+/fgN1o4pZzl4Bub/4D4QIDAQAB
	AoGAS+wKnAAiXuv3m7LrIa75w2JVHcdVcZicB0DICnYoLNtXF+v+AlzkSE/009zT
	YtccoeZVxEiCbuajA3XRY0PlzgGHTbsGn1BWqI9cjdXTiotnjzOH8zr3JiMZMWwf
	hqwbtleP+yruNPHMxQ8dKVXv875NKJW+aArmQWtjeMOy/vECQQDdsvPJ4bUu8M7/
	MXqGtz8CJbrRp+ZMKUw0WuwSwTfHRs/Jp27mWf5+t/u+RN8WK/RRD8FHvz4azLhr
	sNUFiE69AkEAzrI/DFBFOM5mUECujs2UvCCeWZiAi9QoJ7kDrrAkcG+hMalpNUU3
	SUZ76stBUk3hZNpc82aq0a0o8ac0VrBd9QJAB3nbYrlrxLN2J4Dhot1XEJl5HUzO
	JU9XNITEZTWCzgODSkeNI9NxE5DcumPUKgk9aeZgHC1EyN6ScX87D76y+QJAL8DE
	ii69X1toDeBzs7BRTYlnrCFsiWGRiWPYMvKk6IkRv6x5DwKXvEkZdexRghdWHHvK
	f71Xd6u+yt2rXN/QRQJBALv6SwbokdXp5qKJV48QG452dSOT7FQEINnCsIeNUKP6
	9YyaZxqLia6pEbEKTSRdztXaMqRsrmOG8E084sFg8DQ=
	-----END RSA PRIVATE KEY-----
	EOF
in_target chown pj:pj '/home/pj/.ssh/id_rsa'
in_target chmod 0600 '/home/pj/.ssh/id_rsa'

# Set up SSH known hosts.
cat >"${target}/home/pj/.ssh/known_hosts" <<-EOF
	|1|fypb7kn7NH0fqHGj9Xs/rdpO71s=|SCtg2BdMNB9zL5bAPYkJy1uiNSM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXcG5BuZi4947D9WqY1L6CzaH4Qjw7YA7Dja+09y0nZjLVDd1saZCPkTjo1PEHxVCvSHvc0VmRqIZ2wUGtuqIlgGPMphCPAtdHN63YcNXqIhjEygLsaSZgy1Qz33YQF+YSANbeZQ4vnqiYr3C1IA7Cw4km/0s1BvP3t9yJf/iYODZqjVqUhqB4hzXJcBZHrgnM4LmPD4NH81fCqpwfRviNQNFAqd/aT1YTvgdn46HTVz7dV8ahW6SLXBTJZvO9dLAAKOPPZwuluaRphBqjPLC83zsihQ884SAH+AKcpN1ne73UZUuA1Gyk3HW+a/ngbzm1nmoeC0Sm1nNlTvC4WrLD
	|1|z7it+otnWcn/98YKdeaBCXl+ug8=|NFRpdQZBMTAuWbUDAqXLptFR5Ao= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXcG5BuZi4947D9WqY1L6CzaH4Qjw7YA7Dja+09y0nZjLVDd1saZCPkTjo1PEHxVCvSHvc0VmRqIZ2wUGtuqIlgGPMphCPAtdHN63YcNXqIhjEygLsaSZgy1Qz33YQF+YSANbeZQ4vnqiYr3C1IA7Cw4km/0s1BvP3t9yJf/iYODZqjVqUhqB4hzXJcBZHrgnM4LmPD4NH81fCqpwfRviNQNFAqd/aT1YTvgdn46HTVz7dV8ahW6SLXBTJZvO9dLAAKOPPZwuluaRphBqjPLC83zsihQ884SAH+AKcpN1ne73UZUuA1Gyk3HW+a/ngbzm1nmoeC0Sm1nNlTvC4WrLD
	EOF
in_target chown pj:pj '/home/pj/.ssh/known_hosts'
in_target chmod 0600 '/home/pj/.ssh/known_hosts'

# Bootstrap vcsh and mr.
rm -f "${target}/home/pj/.profile" "${target}/home/pj/.bashrc" \
	"${target}/home/pj/.bash_logout"
in_target sudo -u pj vcsh clone ssh://git@git.pehjota.net/dotfiles/mr.git mr \
	|| return 1
in_target sudo -u pj mr update || return 1
in_target sudo -u pj /home/pj/bin/dfen anacron claws-mail clipit fluxbox \
	geeqie gimp gpicview gtk htop icecat keychain kicad midori mpd mpv \
	offlineimap openscad partsdb-backup pbuilder printrun redshift slic3r \
	trisquel xdg-user-dirs xfce4-terminal xscreensaver

# Create XDG directories.
sed 's/#.*$//; /^$/d;' "${target}/home/pj/.config/user-dirs.dirs" | \
	while IFS='=' read var val; do
		in_target sudo -u pj sh -c "HOME='/home/pj'; mkdir \"${val}\""
	done

# Add empty folder list to prevent Claws Mail wizard from running.
cat >"${target}/home/pj/.claws-mail/folderlist.xml" <<-EOF
	<?xml version="1.0" encoding="UTF-8"?>
	<folderlist>
	    <folder type="imap" sort="0" collapsed="0" account_id="1" name="pj@pehjota.net">
	    </folder>
	    <folder type="imap" sort="0" collapsed="0" account_id="2" name="patrick.mcdermott@libiquity.com">
	    </folder>
	</folderlist>
	EOF
in_target chown pj:pj '/home/pj/.claws-mail/folderlist.xml'

# Install master crontab and any dotfile crontabs.
in_target sudo -u pj sh -c 'mkdir -p ~/.config/cron ~/.config/cron.reboot'
cat >"${target}/home/pj/.config/cron/CRONTAB" <<-EOF
	SHELL = /bin/sh
	PATH = /home/pj/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

	#      d  m d
	#      o  o o
	#m  h  m  n w  command
	@reboot        run-parts --report ~/.config/cron.reboot
	 0  *  *  * *  run-parts --list ~/.config/cron | xargs cat | crontab -

	EOF
in_target chown pj:pj '/home/pj/.config/cron/CRONTAB'
in_target sudo -u pj sh -c \
	'run-parts --list ~/.config/cron | xargs cat | crontab -'

# Generate target's SSH keypair.
rm -f "${target}/home/pj/.ssh/id_rsa" "${target}/home/pj/.ssh/id_rsa.pub" || \
	return 1
install -o 1000 -g 1000 -m 0600 '/home/pj/.ssh/id_rsa' \
	"${target}/home/pj/.ssh/id_rsa" || return 1
install -o 1000 -g 1000 -m 0600 '/home/pj/.ssh/id_rsa.pub' \
	"${target}/home/pj/.ssh/id_rsa.pub" || return 1
#in_target ssh-keygen -b 4096 -C pj@alsvid200 -t rsa -f /home/pj/.ssh/id_rsa \
#	</dev/null || return 1
#cp "${target}/home/pj/.ssh/id_rsa.pub" 'pj@alsvid200.pub' || return 1

return 0