iankelling.org
/
git
/
distro-setup
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fixes
[distro-setup]
/
distro-end
diff --git
a/distro-end
b/distro-end
index 539856c1127e304105722eb6aade001f8bb035f8..27cefeaed8aa5c32a7dda61791b3b09fce54b05e 100755
(executable)
--- a/
distro-end
+++ b/
distro-end
@@
-525,9
+525,13
@@
Pin-Priority: 500
EOF
;;
nabia)
EOF
;;
nabia)
+ # note, to get the latest, it would be n=bullseye*
+ # but that has conflicting package versions, so this does the old one.
+ # I only use it for special rare purposes. Just keep in mind it is an
+ # outdated insecure version.
sd /etc/apt/preferences.d/chromium-bullseye <<EOF
Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
sd /etc/apt/preferences.d/chromium-bullseye <<EOF
Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
-Pin: release o=Debian*,n=bullseye
*
+Pin: release o=Debian*,n=bullseye
Pin-Priority: 500
EOF
;;
Pin-Priority: 500
EOF
;;
@@
-606,6
+610,7
@@
case $HOSTNAME in
fi
pi prometheus-node-exporter
fi
pi prometheus-node-exporter
+ /a/bin/buildscripts/prom-node-exporter -l
# ex for exporter
web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
# ex for exporter
web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
@@
-842,7
+847,7
@@
EOF
# also would be nice if erc supported
# https://wiki.znc.in/self-message
# https://wiki.znc.in/Query_buffers \
# also would be nice if erc supported
# https://wiki.znc.in/self-message
# https://wiki.znc.in/Query_buffers \
- #
+
#
# for geekshed, there was no sasl support as far as I can tell,
# so I set to msg nickserv to identify upon connect.
if ! getent passwd znc > /dev/null; then
# for geekshed, there was no sasl support as far as I can tell,
# so I set to msg nickserv to identify upon connect.
if ! getent passwd znc > /dev/null; then
@@
-1403,6
+1408,7
@@
tu /etc/schroot/desktop/fstab <<'EOF'
/run/user/0 /run/user/0 none rw,bind 0 0
EOF
/run/user/0 /run/user/0 none rw,bind 0 0
EOF
+# todo: consider if this should use the new sysd-prom-fail
sd /etc/systemd/system/schrootupdate.service <<'EOF'
[Unit]
Description=schrootupdate
sd /etc/systemd/system/schrootupdate.service <<'EOF'
[Unit]
Description=schrootupdate
@@
-1888,8
+1894,7
@@
esac
case $HOSTNAME in
kd)
case $HOSTNAME in
kd)
- # ive got these + a needed dependency pinned to bullseye, just to get
- # versions more in line with the main docs.
+ /a/bin/buildscripts/prometheus
# Font awesome is needed for the alertmanager ui.
pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
# Font awesome is needed for the alertmanager ui.
pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
@@
-1902,6
+1907,18
@@
AuthUserFile "/etc/prometheus-htpasswd"
Require valid-user
</Location>
EOF
Require valid-user
</Location>
EOF
+
+ web-conf -p 9094 -f 9093 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+
# by default, the alertmanager web ui is not enabled other than a page
# that suggests to use the amtool cli. that tool is good, but you cant
# silence things nearly as fast.
# by default, the alertmanager web ui is not enabled other than a page
# that suggests to use the amtool cli. that tool is good, but you cant
# silence things nearly as fast.
@@
-1944,8
+1961,7
@@
Require valid-user
</Location>
EOF
# For work, i think we will just use the firewall for hosts in the main data center, and
</Location>
EOF
# For work, i think we will just use the firewall for hosts in the main data center, and
- # apache/nginx + tls + basic auth outside of it. or consider stunnel.
-
+ # vpn for hosts outside it.
# TODO: figure out how to detect the ping failure and try again.
# TODO: figure out how to detect the ping failure and try again.