ENH split post script into three (one of which needs a special user)
This commit is contained in:
parent
e46401ac36
commit
2946e33486
|
@ -0,0 +1,20 @@
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
# Build any binaries in necessary for my config to run at full capacity.
|
||||||
|
|
||||||
|
# ASSUME that stack is installed and that all repos with build scripts
|
||||||
|
# referenced here are already cloned.
|
||||||
|
|
||||||
|
run_stack_in_dir () {
|
||||||
|
local cur
|
||||||
|
cur="$(pwd)"
|
||||||
|
cd "$1" || return 1
|
||||||
|
stack install
|
||||||
|
cd "$cur" || return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
export STACK_ROOT=~/.local/share/stack
|
||||||
|
|
||||||
|
run_stack_in_dir ~/.config/rofi-extras
|
||||||
|
run_stack_in_dir ~/.config/xmonad
|
||||||
|
run_stack_in_dir ~/.config/xman
|
|
@ -1,116 +1,71 @@
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
## Install all required packages for this user. It only needs to be run once
|
# Install all required packages for this user. It only needs to be run once
|
||||||
## when setting up the HOME directory.
|
# when setting up the HOME directory.
|
||||||
##
|
|
||||||
## This script is designed not to ask the user over and over again for their
|
|
||||||
## sudo password. Since it uses yay and makepkg to install AUR and custom
|
|
||||||
## PKGBUILDs, the somewhat hacky way to do this is as follows:'
|
|
||||||
## 1. call this script as root
|
|
||||||
## 2. give the nobody user permission to run pacman with no password via sudo
|
|
||||||
## 3. set up a custom, temporary HOME directory for yay which is owned by nobody
|
|
||||||
## 4. run yay as nobody with HOME set to the directory made in (3)
|
|
||||||
## 5. run makepkg as nobody
|
|
||||||
## 6. remove the temporary HOME for yay
|
|
||||||
## 7. remove the pacman sudo privilege for nobody
|
|
||||||
|
|
||||||
home_user="$1"
|
# ASSUME
|
||||||
pkgsrc_dir="$2"
|
# - git repos referenced here are pulled/updated
|
||||||
emacs_dir="$3"
|
# - makepkg is installed/configured
|
||||||
|
# - yay is installed/configured
|
||||||
|
|
||||||
|
# NOTE to run without a sudo prompt, call with a user that has pacman
|
||||||
|
# permissions in sudoers.
|
||||||
|
|
||||||
|
pkgsrc_dir="$1"
|
||||||
makepkg_tmp=/tmp/bootstrap-makepkg
|
makepkg_tmp=/tmp/bootstrap-makepkg
|
||||||
yaytmp=/tmp/bootstrap-yay
|
|
||||||
nobody_sudo_conf="nobody ALL=(root) NOPASSWD: /usr/bin/pacman"
|
|
||||||
nobody_sudo_path=/etc/sudoers.d/10-nobody-pacman
|
|
||||||
|
|
||||||
mk_nobody_perms() {
|
|
||||||
echo "Giving user nobody permission to use pacman without password"
|
|
||||||
echo "$nobody_sudo_conf" > "$nobody_sudo_path"
|
|
||||||
}
|
|
||||||
|
|
||||||
mk_yaytmp() {
|
|
||||||
echo "Creating temporary build directory for yay at $yaytmp"
|
|
||||||
mkdir "$yaytmp"
|
|
||||||
chown -R nobody:nobody "$yaytmp"
|
|
||||||
}
|
|
||||||
|
|
||||||
mk_makepkg_dir() {
|
mk_makepkg_dir() {
|
||||||
echo "Creating temporary makepkg build directory at $makepkg_tmp"
|
echo "Creating temporary makepkg build directory at $makepkg_tmp"
|
||||||
mkdir -p "$makepkg_tmp"
|
mkdir -p "$makepkg_tmp"
|
||||||
echo "Populated with packages from $pkgsrc_dir"
|
echo "Populated with packages from $pkgsrc_dir"
|
||||||
cp -r "$pkgsrc_dir"/* "$makepkg_tmp"
|
cp -r "$pkgsrc_dir"/* "$makepkg_tmp"
|
||||||
chown -R nobody:nobody "$makepkg_tmp"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
try_nobody_update() {
|
try_update() {
|
||||||
## Try updating pacman as the nobody user. If this fails then something
|
if ! pacman -Syy; then
|
||||||
## went wrong when setting up sudo permissions for nobody
|
echo "Failed to update pacman cache as user $(whoami). Exiting."
|
||||||
echo "Testing pacman permissions for user nobody. Trying to update cache."
|
|
||||||
if ! sudo -u nobody -n sudo pacman -Syy; then
|
|
||||||
echo "Failed to obtain pacman permissions for user nobody. Exiting."
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
call_makepkg() {
|
call_makepkg() {
|
||||||
cd "$makepkg_tmp/$1" || return 1
|
cd "$makepkg_tmp/$1" || return 1
|
||||||
sudo -u nobody MAKEFLAGS="-j$(nproc)" makepkg -s -r -i -f --noconfirm
|
MAKEFLAGS="-j$(nproc)" makepkg -s -r -i -f --noconfirm
|
||||||
|
}
|
||||||
|
|
||||||
|
run_install_scripts() {
|
||||||
|
~/.config/rofi-extras/install_deps
|
||||||
|
~/.config/xmonad/install_deps
|
||||||
}
|
}
|
||||||
|
|
||||||
run_yay() {
|
run_yay() {
|
||||||
## TODO add template switches to control which of these get installed based
|
|
||||||
## on my config
|
|
||||||
|
|
||||||
## packages for emacs (install emacs first to read the config)
|
|
||||||
pacman --needed -S emacs
|
|
||||||
|
|
||||||
# call emacs once to initialize it
|
|
||||||
if sudo -u "$home_user" emacs -batch -l "$emacs_dir/init.el"; then
|
|
||||||
IFS=' ' read -r -a emacs_pkgs \
|
|
||||||
< <(sudo -u "$home_user" emacs -batch -l "$emacs_dir/init.el" --eval \
|
|
||||||
'(print (format "pkgs: %s" (s-join " " (nd/get-dependencies (list :pacman :aur)))))' \
|
|
||||||
2>/dev/null | \
|
|
||||||
sed -n -e 's/"pkgs: \(.*\)"/\1/p')
|
|
||||||
echo "Emacs requires the following system pkgs: ${emacs_pkgs[*]}"
|
|
||||||
else
|
|
||||||
echo "Could not get list of emacs dependencies. Install them later."
|
|
||||||
emacs_pkgs=()
|
|
||||||
fi
|
|
||||||
|
|
||||||
## other packages for random gizmos
|
|
||||||
dunst_pkgs=(dunst)
|
dunst_pkgs=(dunst)
|
||||||
flameshot_pkgs=(flameshot)
|
emacs_pkgs=(emacs)
|
||||||
gtk_pkgs=(zuki-themes)
|
gtk_pkgs=(zuki-themes)
|
||||||
nvidia_pkgs=(optimus-manager)
|
## TODO this requires some system-level config and thus should be an
|
||||||
r_pkgs=(r docker-rootless-extras-bin gcc-fortran texlive-bin tk)
|
## ansible role
|
||||||
|
# nvidia_pkgs=(optimus-manager)
|
||||||
|
## TODO docker rootless should be an ansible role since it needs some
|
||||||
|
## systemwide configuration
|
||||||
|
# r_pkgs=(r docker-rootless-extras-bin gcc-fortran texlive-bin tk)
|
||||||
|
r_pkgs=(r gcc-fortran texlive-bin tk)
|
||||||
redshift_pkgs=(redshift)
|
redshift_pkgs=(redshift)
|
||||||
rofi_pkgs=(rofi-git bitwarden-cli libnotify rofi-greenclip
|
seafile_pkgs=(seafile-client)
|
||||||
networkmanager-dmenu-git veracrypt sshfs jmtpfs)
|
|
||||||
seafile_pkgs=(seafile)
|
|
||||||
urxvt_pkgs=(urxvt-tabbedex rxvt-unicode urxvt-perls)
|
urxvt_pkgs=(urxvt-tabbedex rxvt-unicode urxvt-perls)
|
||||||
xmonad_pkgs=(stack-static autorandr feh xorg-server xorg-xset libpulse
|
|
||||||
playerctl wireless_tools acpid ttf-symbola-free ttf-symbola-free
|
|
||||||
ttf-dejavu awesome-terminal-fonts numlockx picom i3lock-color
|
|
||||||
xorg-xrandr xss-lock)
|
|
||||||
zsh_pkgs=(zsh zsh-completions zsh-syntax-highlighting)
|
zsh_pkgs=(zsh zsh-completions zsh-syntax-highlighting)
|
||||||
|
|
||||||
## AUR pkgs needed for spotify
|
## AUR pkgs needed for spotify
|
||||||
spotify_pkgs=(gconf)
|
spotify_pkgs=(gconf)
|
||||||
|
|
||||||
sudo -u nobody HOME="$yaytmp" MAKEFLAGS="-j$(nproc)" \
|
MAKEFLAGS="-j$(nproc)" \
|
||||||
yay --needed --noconfirm --norebuild --removemake -S \
|
yay --needed --noconfirm --norebuild --removemake -S \
|
||||||
"${dunst_pkgs[@]}" \
|
"${dunst_pkgs[@]}" \
|
||||||
"${emacs_pkgs[@]}" \
|
"${emacs_pkgs[@]}" \
|
||||||
"${flameshot_pkgs[@]}" \
|
|
||||||
"${gtk_pkgs[@]}" \
|
"${gtk_pkgs[@]}" \
|
||||||
"${nvidia_pkgs[@]}" \
|
|
||||||
"${nvidia_pkgs[@]}" \
|
|
||||||
"${r_pkgs[@]}" \
|
"${r_pkgs[@]}" \
|
||||||
"${redshift_pkgs[@]}" \
|
"${redshift_pkgs[@]}" \
|
||||||
"${rofi_pkgs[@]}" \
|
|
||||||
"${seafile_pkgs[@]}" \
|
"${seafile_pkgs[@]}" \
|
||||||
"${urxvt_pkgs[@]}" \
|
"${urxvt_pkgs[@]}" \
|
||||||
"${xmonad_pkgs[@]}" \
|
|
||||||
"${zsh_pkgs[@]}" \
|
"${zsh_pkgs[@]}" \
|
||||||
"${spotify_pkgs[@]}"
|
"${spotify_pkgs[@]}"
|
||||||
}
|
}
|
||||||
|
@ -129,44 +84,22 @@ rm_makepkg_dir() {
|
||||||
rm -r -f "$makepkg_tmp"
|
rm -r -f "$makepkg_tmp"
|
||||||
}
|
}
|
||||||
|
|
||||||
rm_yaytmp() {
|
|
||||||
echo "Removing temporary build directory for yay at $yaytmp"
|
|
||||||
rm -r -f "$yaytmp"
|
|
||||||
}
|
|
||||||
|
|
||||||
rm_nobody_perms() {
|
|
||||||
echo "Removing user nobody's permission to use pacman without password"
|
|
||||||
rm -f "$nobody_sudo_path"
|
|
||||||
}
|
|
||||||
|
|
||||||
clean_up() {
|
clean_up() {
|
||||||
rm_yaytmp
|
|
||||||
rm_makepkg_dir
|
rm_makepkg_dir
|
||||||
rm_nobody_perms
|
|
||||||
exit
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
trap 'clean_up' ERR
|
trap 'clean_up' ERR
|
||||||
|
|
||||||
if [[ ! "$(id -u)" = "0" ]]; then
|
if [ "$#" -ne 2 ]; then
|
||||||
echo "This script must be run as root. Exiting"
|
echo "Must supply custom package dir. Exiting"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$#" -ne 3 ]; then
|
try_update
|
||||||
echo "Must supply calling user, custom package dir, and emacs dir. Exiting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mk_nobody_perms
|
|
||||||
try_nobody_update
|
|
||||||
|
|
||||||
mk_yaytmp
|
|
||||||
run_yay
|
run_yay
|
||||||
rm_yaytmp
|
|
||||||
|
|
||||||
mk_makepkg_dir
|
mk_makepkg_dir
|
||||||
run_makepkg
|
run_makepkg
|
||||||
rm_makepkg_dir
|
rm_makepkg_dir
|
||||||
|
|
||||||
rm_nobody_perms
|
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
# This script pulls all my git repos that I use in my config and builds whatever
|
||||||
|
# is in them as necessary. It will only pull them if they don't exist. Rather
|
||||||
|
# than use the import approach suggested in the chezmoi howto, this doesn't
|
||||||
|
# require me to keep 'syncing' changes when I work in these repos directly. The
|
||||||
|
# tradeoff is that it will only pull the latest master, which is totally fine
|
||||||
|
# with me.
|
||||||
|
|
||||||
|
clone_maybe () {
|
||||||
|
if [ ! -d "$2" ]; then
|
||||||
|
echo cloning git repo: "$1"
|
||||||
|
git clone --recurse-submodules "$1" "$2"
|
||||||
|
else
|
||||||
|
echo git repo already exists: "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
clone_maybe https://github.com/ndwarshuis/.emacs.d.git ~/.config/emacs
|
||||||
|
clone_maybe https://github.com/ndwarshuis/rofi-extras.git ~/.config/rofi-extras
|
||||||
|
clone_maybe https://github.com/ndwarshuis/xman.git ~/.config/xman
|
||||||
|
clone_maybe https://github.com/ndwarshuis/xmonad-config.git ~/.config/xmonad
|
||||||
|
clone_maybe https://github.com/ndwarshuis/conky.git ~/.config/conky
|
|
@ -1,73 +0,0 @@
|
||||||
{{- if eq .chezmoi.hostname "petrucci4prez" -}}
|
|
||||||
#! /bin/bash
|
|
||||||
|
|
||||||
|
|
||||||
# This script installs all packages that my config needs. It also pulls all my
|
|
||||||
# git repos that I use in my config. It will only pull them if they don't
|
|
||||||
# exist. Rather than use the import approach suggested in the chezmoi howto,
|
|
||||||
# this doesn't require me to keep 'syncing' changes when I work in these repos
|
|
||||||
# directly. The tradeoff is that it will only pull the latest master, which is
|
|
||||||
# totally fine with me.
|
|
||||||
|
|
||||||
# Configuration is assumed to be handled elsewhere (for now) eg in etckeeper
|
|
||||||
# or with ansible.
|
|
||||||
|
|
||||||
clone_maybe () {
|
|
||||||
if [ ! -d "$2" ]; then
|
|
||||||
echo cloning git repo: "$1"
|
|
||||||
git clone --recurse-submodules "$1" "$2"
|
|
||||||
else
|
|
||||||
echo git repo already exists: "$1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
run_stack_in_dir () {
|
|
||||||
local cur
|
|
||||||
cur="$(pwd)"
|
|
||||||
cd "$1" || return 1
|
|
||||||
stack install
|
|
||||||
cd "$cur" || return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# CLONE EMACS CONFIG
|
|
||||||
#
|
|
||||||
|
|
||||||
# do this before installing packages because its config will spit out
|
|
||||||
# dependencies that it needs to run at full capacity
|
|
||||||
|
|
||||||
emacs_dir="$HOME/.config/emacs"
|
|
||||||
clone_maybe https://github.com/ndwarshuis/.emacs.d.git "$emacs_dir"
|
|
||||||
|
|
||||||
## INSTALL PACKAGES
|
|
||||||
|
|
||||||
# The script that installs packages must be run as root, which allows sudo to
|
|
||||||
# only be used once. Pass the emacs config directory so it can get a list of
|
|
||||||
# dependencies for emacs
|
|
||||||
|
|
||||||
sudo "$HOME/.bin/bootstrap_pkgs" "$(whoami)" "$HOME/.local/share/packages" "$emacs_dir"
|
|
||||||
|
|
||||||
## CLONE/BUILD HASKELL-BASED REPOS
|
|
||||||
|
|
||||||
# TODO not dry (this is in .pam_environment)
|
|
||||||
# TODO could use tmp for this and it would probably be faster and get around
|
|
||||||
# the DRY problem, at the expense that build xmonad the first time live will
|
|
||||||
# be a PITA
|
|
||||||
export STACK_ROOT="$HOME/.local/share/stack"
|
|
||||||
|
|
||||||
rofix_dir="$HOME/.config/rofi-extras"
|
|
||||||
clone_maybe https://github.com/ndwarshuis/rofi-extras.git "$rofix_dir"
|
|
||||||
run_stack_in_dir "$rofix_dir"
|
|
||||||
|
|
||||||
xman_dir="$HOME/.config/xman"
|
|
||||||
clone_maybe https://github.com/ndwarshuis/xman.git "$xman_dir"
|
|
||||||
run_stack_in_dir "$xman_dir"
|
|
||||||
|
|
||||||
xmonad_dir="$HOME/.config/xmonad"
|
|
||||||
clone_maybe https://github.com/ndwarshuis/xmonad-config.git "$xmonad_dir"
|
|
||||||
run_stack_in_dir "$xmonad_dir"
|
|
||||||
|
|
||||||
## CLONE OTHER REPOS
|
|
||||||
|
|
||||||
clone_maybe https://github.com/ndwarshuis/conky.git "$HOME/.config/conky"
|
|
||||||
{{- end }}
|
|
Loading…
Reference in New Issue