nickboldt/F31.sh

## F31.sh

##########################
# VM CONFIG
##########################

# install rpmfusion free, non-free
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

# install kernel headers and gcc
dnf -y update
dnf -y install kernel kernel-headers kernel-devel gcc alien yum-utils

reboot

dnf -y install kernel-headers-$(uname -r)
# install VBox extensions; reboot


##########################
# BASE SOFTWARE INSTALLS
##########################

# download/install chrome, sublime, beyond compare

dnf -y install xfce4-screenshooter-plugin xfce4-notes-plugin xfce4-timer-plugin xfce4-screenshooter \
xfce4-datetime-plugin xfce4-pulseaudio-plugin xfce4-terminal xfce4-clipman-plugin arandr pidgin firefox \
ccrypt vim vim-common vim-enhanced httpd php perl python ruby java jre maven mock git sshfs openssl \
kernel kernel-headers kernel-devel gcc-c++ gcc alien vpnc Xvfb gimp ImageMagick vinagre \
krb5-auth-dialog krb5-libs kstart sssd-krb5-common sssd krb5-workstation bison sqlite-devel zlib-devel \
java-1.8.0-openjdk-devel java-11-openjdk-devel libffi-devel libtool readline-devel jq \
libyaml-devel openssl-devel maven-surefire-report-parser libreoffice-writer libreoffice-calc xsel xdotool xclip ncdu \
podman buildah skopeo

# note, if using JDK 11 and latest Maven 3.6.2, also need plexus-utils 3.2+, eg.,
yum install -y https://rpmfind.net/linux/fedora/linux/releases/31/Everything/x86_64/os/Packages/p/plexus-utils-3.2.0-2.fc31.noarch.rpm

# note: you want skopeo 0.1.40 or newer from F30 or F31 repo
# https://mirror.dst.ca/fedora/releases/30/Everything/x86_64/os/ (requires zip compression)
# https://mirror.dst.ca/fedora/releases/31/Everything/x86_64/os/ (requires Zstd compression; not compatible with RHEL 7)

sudo rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg
sudo dnf config-manager --add-repo https://download.sublimetext.com/rpm/stable/x86_64/sublime-text.repo
sudo dnf install sublime-text

# get chrome and vscode
# https://code.visualstudio.com/download#

################################################################
# Forgot something? Here's the complete list of installs!
for i in $(dnf history | grep -v "Altered" | grep install | sed -e "s#[\t ]\+\([0-9]\+\)[\t ]\+|.\+#\1#" | tac); do
  dnf history info $i | grep Command | sed -e "s#.\+ : #dnf -y #";
done
################################################################


##########################
# PANEL CONFIG
##########################

# panel prefs: 24px wide
# launchers: screenshooter, terminal, thunar, sublime, chrome, [others]

# terminal: xfce4-terminal --maximize
# chrome: /usr/bin/google-chrome-stable --auth-server-whitelist="*.openshift.com, *.redhat.com" --ignore-certificate-errors %U

# Set chrome launcher to use:
#  /usr/bin/google-chrome-stable --auth-server-whitelist="*.redhat.com" %U

# Orage Panel clock
#  font: Sans 8
#  height: 32
#  width: 70
#  line1: %Y-%m-%d %H:%M
#  tooltip: %x %X / W%V


##########################
# HOME DIR SETUP
##########################

# set up symlinks
cd ~; mv ~/Downloads ~/tmp; ln -s tmp/ Downloads

# Copy to new machine:
	~/bin folder (including sublime & bcompare licenses)
	~/.alias, ~/.bashrc, ~/.bash_profile, ~/.gitconfig
	~/.docker
	~/.ssh
	~/tmp, ~/4 ~/5
	~/.purple (pidgin)
	~/Documents/2017 - 2020
	~/RedHat/2017 - 2020

# copy sublime settings and plugins to new machine
unzip ~/bin/dot-config-sublime-text-3.zip -d ~/.config/

# copy yum.repos.d files - add in RH internal URLs for Brew, etc.
scpr ~/bin/etc-yum.repos.d /etc/yum/repos.d/

#	disable selinux in /etc/selinux/config

#	set up visudo

##########################
# VPN SETUP
##########################

# see http://hdn.corp.redhat.com/rhel7-csb-stage/repoview/redhat-internal-cert-install.html
# and http://hdn.corp.redhat.com/rhel7-csb-stage/RPMS/noarch/?C=M;O=D

# install vpn stuff (see ~/RedHat/2017/vpn/*.rpm)
dnf install -y redhat-internal-cert-install-* redhat-internal-NetworkManager-openvpn-profiles-0.1-29.el7.csb.noarch.rpm \
redhat-internal-NetworkManager-openvpn-profiles-non-gnome-0.1-29.el7.csb.noarch.rpm redhat-internal-openvpn-profiles-0.1-29.el7.csb.noarch.rpm

#run VPN
V

##########################
# DEV ENV SETUP
##########################

# add ant-contrib to ant lib folder so it's available for mirroring devstudio TP requirements
# sudo yum -y install ant-contrib
# mkdir -p $HOME/.ant/lib
# cp /usr/share/java/ant-contrib/ant-contrib.jar $HOME/.ant/lib/

# install pip and required packages
cd /tmp
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install --upgrade pip
pip install PyXB jira pygithub
pip install yq jsonschema --user

##########################
# RHEL SUBSCRIPTION
##########################

# subscription-manager register --auto-attach --username "$SUBSCRIPTION_USERNAME" --password "$SUBSCRIPTION_PASSWORD"

##########################
# set up rhpkg & fedpkg
##########################

# 1. install rpms
# from http://download-ipv4.eng.brq.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-31/compose/Everything/x86_64/os/
# from http://download-node-02.eng.bos.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-30/compose/Everything/x86_64/os/
dnf install -y javapackages-local fedora-packager brew-tools koji rhpkg brewkoji-test brewkoji-stage brewkoji \
  fedpkg python2-rpkg python-virtualenvwrapper libffi-devel sssd krb5-workstation krb5-auth-dialog xmvn
# 2. install certs: see https://docs.engineering.redhat.com/display/KB/Troubleshooting+Tips#TroubleshootingTips-SSLerrortroubleshooting and https://mojo.redhat.com/docs/DOC-999615#jive_content_id_Certificates
# 3. fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993
echo ""  >> ~/.bashrc
echo "fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993" >> ~/.bashrc
echo "export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" >> ~/.bashrc

# Set up kerberos/kinit (needed for rhpkg and many RCM systems accessed via chrome):
google-chrome https://mojo.redhat.com/docs/DOC-1011190
# set up keytab file for kinit:
google-chrome https://mojo.redhat.com/docs/DOC-957809

##########################
# install hub and rvm
##########################

google-chrome https://github.com/github/hub/releases
# google-chrome https://rvm.io/rvm/install

# fix up perms in ~/.ssh and ~
pushd ~/.ssh
chmod 700 . *
chmod 644 *.pub
chmod 770 known_hosts
chmod 755 ~
popd

# install git hook via https://til.hashrocket.com/posts/c89a35a66c-global-git-hooks
mkdir -p ~/.git-templates/hooks
git config --global init.templatedir '~/.git-templates'
# use this hook to add Change-Id to all commits, so we can edit gerrits (push changes) instead of having to submit new ones
scp -p -P 29418 nickb@git.eclipse.org:hooks/commit-msg ~/.git-templates/hooks/

# install node and npm
dnf install -y node npm

# enable JDK 11 as default instead of 8
alternatives --config javac
alternatives --config java

# TODO: rebuild hudson-job-sync-plugin
#	import certs from ~/bin/certs into JDK cert store using ~/bin/cert.import.sh
	cd ~/2/maven-plugins/hudson-job-sync-plugin && mvn clean install
	cp ~/bin/pom-*-internal.xml ~/truu/jbdevstudio-ci

# WHY? open ephemeral and 8080 ports on firewall
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 1 -i eth0 -p tcp --dport 8080 -j ACCEPT

#############################################
# install docker-ce (not docker)
# from https://docs.docker.com/install/linux/docker-ce/fedora/#install-using-the-repository
dnf -y remove docker
dnf -y install dnf-plugins-core
dnf -y config-manager     --add-repo     https://download.docker.com/linux/fedora/docker-ce.repo
dnf -y install docker-ce docker-ce-cli containerd.io

# enable docker daemon
sudo systemctl start docker # started
sudo systemctl enable docker # enabled on startup
sudo groupadd docker
sudo usermod -aG docker $USER

# get oc and kubectl
cd /opt
OC_VERSION=4.2.13
curl -o - -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-${OC_VERSION}.tar.gz \
  | tar xvz oc

# symlink from a PATH-visible folder like ~/bin
cd ~/bin/
rm -f oc kubectl
ln -s /opt/oc
ln -s /opt/kubectl

# TODO: install chectl and crwctl
wget https://access.cdn.redhat.com/content/origin/files/sha256/ea/eaed71152067e4d70e3f9f11d4dd1603521fc67c1a43140ba07b56928987c810/codeready-workspaces-2.0.0-crwctl-linux-x64.tar.gz?_auth_=1578933105_4c5e6689c524459e90bbf848ad2610b4

# fix missing symlinks in ~/bin
mkdir -p ~/bin; cd ~/bin
ln -s /opt/chectl/bin/chectl
ln -s /opt/crwctl/bin/crwctl

ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpull-CRWCI.sh jpull-CRWCI.sh
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpush-CRWCI.sh jpush-CRWCI.sh

ln -s /home/nboldt/51/codeready-workspaces/product/getLatestImageTags.sh getLatestImageTags.sh
ln -s /home/nboldt/51/codeready-workspaces/product/updateBaseImages.sh updateBaseImages.sh
ln -s /home/nboldt/51/codeready-workspaces/product/getCommitSHAForTag.sh getCommitSHAForTag.sh

ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpull-eclipseJIPP.sh hudpull-eclipseJIPP.sh
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpush-eclipseJIPP.sh hudpush-eclipseJIPP.sh

# use alternative bashrc/profile/alias for root user
sudo su
cd ~/
mv .bashrc{,_OLD}; mv .bash_profile{,_OLD}
ln -s /home/nboldt/.bashrc
ln -s /home/nboldt/.bash_profile
ln -s /home/nboldt/.alias
exit

# get .gitconfig file
curl -o ~/.gitconfig https://gist.githubusercontent.com/nickboldt/67ad86895d1b10164ea0fdbcdadefd02/raw/a1a35a882fa4139c47811fb77906c044f5081002/.gitconfig

# enable hardware acceleration in Chrome
# see https://www.lifewire.com/hardware-acceleration-in-chrome-4125122


# gpg key generation - rsa/dsa, 4096, 5yr
# see https://mojo.redhat.com/docs/DOC-1146306
# then https://mojo.redhat.com/docs/DOC-1166450#jive_content_id_Configuring_a_freshly_installed_system
sudo yum -y localinstall http://sat63capsule.corp.redhat.com/pulp/repos/rhit/Library/custom/iam-idm/idm-legacy-configs/Packages/r/rhit-legacy-configs-1.0.0-21.noarch.rpm
echo "keyserver hkp://pool.sks-keyservers.net" > ~/.gnupg/gpg.conf
# then send your key with:
gpg --list-keys # get your key id
gpg --send-key F00BAFCAFEBABE00
gpg --search-keys F00BAFCAFEBABE00
gpg --keyserver pool.sks-keyservers.net --search-keys nboldt
# now ldap setup
gpg --fingerprint F00BAFCAFEBABE00 # get fingerprint
echo "dn: uid=nboldt,ou=users,dc=redhat,dc=com
changetype: modify
add: rhatGPGFingerprint
rhatGPGFingerprint: FING ERPR INT GOES HERE" > ~/bin/keytabs/ldap.fingerprint.txt
ldapmodify -Q -h ldapmaster.corp.redhat.com -f ~/bin/keytabs/ldap.fingerprint.txt

# verify
email=nboldt@redhat.com
gpg --fingerprint "$email"
ldapsearch -Q -LLL "mail=$email" mail rhatGPGFingerprint

	##########################
	# VM CONFIG
	##########################

	# install rpmfusion free, non-free
	sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

	# install kernel headers and gcc
	dnf -y update
	dnf -y install kernel kernel-headers kernel-devel gcc alien yum-utils

	reboot

	dnf -y install kernel-headers-$(uname -r)
	# install VBox extensions; reboot


	##########################
	# BASE SOFTWARE INSTALLS
	##########################

	# download/install chrome, sublime, beyond compare

	dnf -y install xfce4-screenshooter-plugin xfce4-notes-plugin xfce4-timer-plugin xfce4-screenshooter \
	xfce4-datetime-plugin xfce4-pulseaudio-plugin xfce4-terminal xfce4-clipman-plugin arandr pidgin firefox \
	ccrypt vim vim-common vim-enhanced httpd php perl python ruby java jre maven mock git sshfs openssl \
	kernel kernel-headers kernel-devel gcc-c++ gcc alien vpnc Xvfb gimp ImageMagick vinagre \
	krb5-auth-dialog krb5-libs kstart sssd-krb5-common sssd krb5-workstation bison sqlite-devel zlib-devel \
	java-1.8.0-openjdk-devel java-11-openjdk-devel libffi-devel libtool readline-devel jq \
	libyaml-devel openssl-devel maven-surefire-report-parser libreoffice-writer libreoffice-calc xsel xdotool xclip ncdu \
	podman buildah skopeo

	# note, if using JDK 11 and latest Maven 3.6.2, also need plexus-utils 3.2+, eg.,
	yum install -y https://rpmfind.net/linux/fedora/linux/releases/31/Everything/x86_64/os/Packages/p/plexus-utils-3.2.0-2.fc31.noarch.rpm

	# note: you want skopeo 0.1.40 or newer from F30 or F31 repo
	# https://mirror.dst.ca/fedora/releases/30/Everything/x86_64/os/ (requires zip compression)
	# https://mirror.dst.ca/fedora/releases/31/Everything/x86_64/os/ (requires Zstd compression; not compatible with RHEL 7)

	sudo rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg
	sudo dnf config-manager --add-repo https://download.sublimetext.com/rpm/stable/x86_64/sublime-text.repo
	sudo dnf install sublime-text

	# get chrome and vscode
	# https://code.visualstudio.com/download#

	################################################################
	# Forgot something? Here's the complete list of installs!
	for i in $(dnf history \| grep -v "Altered" \| grep install \| sed -e "s#[\t ]\+\([0-9]\+\)[\t ]\+\|.\+#\1#" \| tac); do
	dnf history info $i \| grep Command \| sed -e "s#.\+ : #dnf -y #";
	done
	################################################################


	##########################
	# PANEL CONFIG
	##########################

	# panel prefs: 24px wide
	# launchers: screenshooter, terminal, thunar, sublime, chrome, [others]

	# terminal: xfce4-terminal --maximize
	# chrome: /usr/bin/google-chrome-stable --auth-server-whitelist=".openshift.com, .redhat.com" --ignore-certificate-errors %U

	# Set chrome launcher to use:
	# /usr/bin/google-chrome-stable --auth-server-whitelist="*.redhat.com" %U

	# Orage Panel clock
	# font: Sans 8
	# height: 32
	# width: 70
	# line1: %Y-%m-%d %H:%M
	# tooltip: %x %X / W%V


	##########################
	# HOME DIR SETUP
	##########################

	# set up symlinks
	cd ~; mv ~/Downloads ~/tmp; ln -s tmp/ Downloads

	# Copy to new machine:
	~/bin folder (including sublime & bcompare licenses)
	~/.alias, ~/.bashrc, ~/.bash_profile, ~/.gitconfig
	~/.docker
	~/.ssh
	~/tmp, ~/4 ~/5
	~/.purple (pidgin)
	~/Documents/2017 - 2020
	~/RedHat/2017 - 2020

	# copy sublime settings and plugins to new machine
	unzip ~/bin/dot-config-sublime-text-3.zip -d ~/.config/

	# copy yum.repos.d files - add in RH internal URLs for Brew, etc.
	scpr ~/bin/etc-yum.repos.d /etc/yum/repos.d/

	# disable selinux in /etc/selinux/config

	# set up visudo

	##########################
	# VPN SETUP
	##########################

	# see http://hdn.corp.redhat.com/rhel7-csb-stage/repoview/redhat-internal-cert-install.html
	# and http://hdn.corp.redhat.com/rhel7-csb-stage/RPMS/noarch/?C=M;O=D

	# install vpn stuff (see ~/RedHat/2017/vpn/*.rpm)
	dnf install -y redhat-internal-cert-install-* redhat-internal-NetworkManager-openvpn-profiles-0.1-29.el7.csb.noarch.rpm \
	redhat-internal-NetworkManager-openvpn-profiles-non-gnome-0.1-29.el7.csb.noarch.rpm redhat-internal-openvpn-profiles-0.1-29.el7.csb.noarch.rpm

	#run VPN
	V

	##########################
	# DEV ENV SETUP
	##########################

	# add ant-contrib to ant lib folder so it's available for mirroring devstudio TP requirements
	# sudo yum -y install ant-contrib
	# mkdir -p $HOME/.ant/lib
	# cp /usr/share/java/ant-contrib/ant-contrib.jar $HOME/.ant/lib/

	# install pip and required packages
	cd /tmp
	wget https://bootstrap.pypa.io/get-pip.py
	python get-pip.py
	pip install --upgrade pip
	pip install PyXB jira pygithub
	pip install yq jsonschema --user

	##########################
	# RHEL SUBSCRIPTION
	##########################

	# subscription-manager register --auto-attach --username "$SUBSCRIPTION_USERNAME" --password "$SUBSCRIPTION_PASSWORD"

	##########################
	# set up rhpkg & fedpkg
	##########################

	# 1. install rpms
	# from http://download-ipv4.eng.brq.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-31/compose/Everything/x86_64/os/
	# from http://download-node-02.eng.bos.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-30/compose/Everything/x86_64/os/
	dnf install -y javapackages-local fedora-packager brew-tools koji rhpkg brewkoji-test brewkoji-stage brewkoji \
	fedpkg python2-rpkg python-virtualenvwrapper libffi-devel sssd krb5-workstation krb5-auth-dialog xmvn
	# 2. install certs: see https://docs.engineering.redhat.com/display/KB/Troubleshooting+Tips#TroubleshootingTips-SSLerrortroubleshooting and https://mojo.redhat.com/docs/DOC-999615#jive_content_id_Certificates
	# 3. fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993
	echo "" >> ~/.bashrc
	echo "fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993" >> ~/.bashrc
	echo "export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" >> ~/.bashrc

	# Set up kerberos/kinit (needed for rhpkg and many RCM systems accessed via chrome):
	google-chrome https://mojo.redhat.com/docs/DOC-1011190
	# set up keytab file for kinit:
	google-chrome https://mojo.redhat.com/docs/DOC-957809

	##########################
	# install hub and rvm
	##########################

	google-chrome https://github.com/github/hub/releases
	# google-chrome https://rvm.io/rvm/install

	# fix up perms in ~/.ssh and ~
	pushd ~/.ssh
	chmod 700 . *
	chmod 644 *.pub
	chmod 770 known_hosts
	chmod 755 ~
	popd

	# install git hook via https://til.hashrocket.com/posts/c89a35a66c-global-git-hooks
	mkdir -p ~/.git-templates/hooks
	git config --global init.templatedir '~/.git-templates'
	# use this hook to add Change-Id to all commits, so we can edit gerrits (push changes) instead of having to submit new ones
	scp -p -P 29418 nickb@git.eclipse.org:hooks/commit-msg ~/.git-templates/hooks/

	# install node and npm
	dnf install -y node npm

	# enable JDK 11 as default instead of 8
	alternatives --config javac
	alternatives --config java

	# TODO: rebuild hudson-job-sync-plugin
	# import certs from ~/bin/certs into JDK cert store using ~/bin/cert.import.sh
	cd ~/2/maven-plugins/hudson-job-sync-plugin && mvn clean install
	cp ~/bin/pom-*-internal.xml ~/truu/jbdevstudio-ci

	# WHY? open ephemeral and 8080 ports on firewall
	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -I INPUT 1 -i eth0 -p tcp --dport 8080 -j ACCEPT

	#############################################
	# install docker-ce (not docker)
	# from https://docs.docker.com/install/linux/docker-ce/fedora/#install-using-the-repository
	dnf -y remove docker
	dnf -y install dnf-plugins-core
	dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
	dnf -y install docker-ce docker-ce-cli containerd.io

	# enable docker daemon
	sudo systemctl start docker # started
	sudo systemctl enable docker # enabled on startup
	sudo groupadd docker
	sudo usermod -aG docker $USER

	# get oc and kubectl
	cd /opt
	OC_VERSION=4.2.13
	curl -o - -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-${OC_VERSION}.tar.gz \
	\| tar xvz oc

	# symlink from a PATH-visible folder like ~/bin
	cd ~/bin/
	rm -f oc kubectl
	ln -s /opt/oc
	ln -s /opt/kubectl

	# TODO: install chectl and crwctl
	wget https://access.cdn.redhat.com/content/origin/files/sha256/ea/eaed71152067e4d70e3f9f11d4dd1603521fc67c1a43140ba07b56928987c810/codeready-workspaces-2.0.0-crwctl-linux-x64.tar.gz?_auth_=1578933105_4c5e6689c524459e90bbf848ad2610b4

	# fix missing symlinks in ~/bin
	mkdir -p ~/bin; cd ~/bin
	ln -s /opt/chectl/bin/chectl
	ln -s /opt/crwctl/bin/crwctl

	ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpull-CRWCI.sh jpull-CRWCI.sh
	ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpush-CRWCI.sh jpush-CRWCI.sh

	ln -s /home/nboldt/51/codeready-workspaces/product/getLatestImageTags.sh getLatestImageTags.sh
	ln -s /home/nboldt/51/codeready-workspaces/product/updateBaseImages.sh updateBaseImages.sh
	ln -s /home/nboldt/51/codeready-workspaces/product/getCommitSHAForTag.sh getCommitSHAForTag.sh

	ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpull-eclipseJIPP.sh hudpull-eclipseJIPP.sh
	ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpush-eclipseJIPP.sh hudpush-eclipseJIPP.sh

	# use alternative bashrc/profile/alias for root user
	sudo su
	cd ~/
	mv .bashrc{,_OLD}; mv .bash_profile{,_OLD}
	ln -s /home/nboldt/.bashrc
	ln -s /home/nboldt/.bash_profile
	ln -s /home/nboldt/.alias
	exit

	# get .gitconfig file
	curl -o ~/.gitconfig https://gist.githubusercontent.com/nickboldt/67ad86895d1b10164ea0fdbcdadefd02/raw/a1a35a882fa4139c47811fb77906c044f5081002/.gitconfig

	# enable hardware acceleration in Chrome
	# see https://www.lifewire.com/hardware-acceleration-in-chrome-4125122


	# gpg key generation - rsa/dsa, 4096, 5yr
	# see https://mojo.redhat.com/docs/DOC-1146306
	# then https://mojo.redhat.com/docs/DOC-1166450#jive_content_id_Configuring_a_freshly_installed_system
	sudo yum -y localinstall http://sat63capsule.corp.redhat.com/pulp/repos/rhit/Library/custom/iam-idm/idm-legacy-configs/Packages/r/rhit-legacy-configs-1.0.0-21.noarch.rpm
	echo "keyserver hkp://pool.sks-keyservers.net" > ~/.gnupg/gpg.conf
	# then send your key with:
	gpg --list-keys # get your key id
	gpg --send-key F00BAFCAFEBABE00
	gpg --search-keys F00BAFCAFEBABE00
	gpg --keyserver pool.sks-keyservers.net --search-keys nboldt
	# now ldap setup
	gpg --fingerprint F00BAFCAFEBABE00 # get fingerprint
	echo "dn: uid=nboldt,ou=users,dc=redhat,dc=com
	changetype: modify
	add: rhatGPGFingerprint
	rhatGPGFingerprint: FING ERPR INT GOES HERE" > ~/bin/keytabs/ldap.fingerprint.txt
	ldapmodify -Q -h ldapmaster.corp.redhat.com -f ~/bin/keytabs/ldap.fingerprint.txt

	# verify
	email=nboldt@redhat.com
	gpg --fingerprint "$email"
	ldapsearch -Q -LLL "mail=$email" mail rhatGPGFingerprint