mostly fixes

[distro-setup] / distro-end

diff --git a/distro-end b/distro-end
index 539856c1127e304105722eb6aade001f8bb035f8..feabc624979261f14aa2ac5cafbd86db0cefaf2b 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -525,9 +525,13 @@ Pin-Priority: 500
 EOF
     ;;
   nabia)
+    # note, to get the latest, it would be n=bullseye*
+    # but that has conflicting package versions, so this does the old one.
+    # I only use it for special rare purposes. Just keep in mind it is an
+    # outdated insecure version.
     sd /etc/apt/preferences.d/chromium-bullseye <<EOF
 Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
-Pin: release o=Debian*,n=bullseye*
+Pin: release o=Debian*,n=bullseye
 Pin-Priority: 500
 EOF
     ;;
@@ -842,7 +846,7 @@ EOF
     # also would be nice if erc supported
     # https://wiki.znc.in/self-message
     # https://wiki.znc.in/Query_buffers                                                \
-    #
+      #
     # for geekshed, there was no sasl support as far as I can tell,
     # so I set to msg nickserv to identify upon connect.
     if ! getent passwd znc > /dev/null; then
@@ -1403,6 +1407,7 @@ tu /etc/schroot/desktop/fstab <<'EOF'
 /run/user/0    /run/user/0     none    rw,bind         0       0
 EOF
 
+# todo: consider if this should use the new sysd-prom-fail
 sd /etc/systemd/system/schrootupdate.service <<'EOF'
 [Unit]
 Description=schrootupdate
@@ -1888,8 +1893,7 @@ esac
 
 case $HOSTNAME in
   kd)
-    # ive got these + a needed dependency pinned to bullseye, just to get
-    # versions more in line with the main docs.
+    /a/bin/buildscripts/prometheus
     # Font awesome is needed for the alertmanager ui.
     pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
     web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
@@ -1902,6 +1906,18 @@ AuthUserFile "/etc/prometheus-htpasswd"
 Require valid-user
 </Location>
 EOF
+
+    web-conf -p 9094 -f 9093 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+
     # by default, the alertmanager web ui is not enabled other than a page
     # that suggests to use the amtool cli. that tool is good, but you cant
     # silence things nearly as fast.
@@ -1944,8 +1960,7 @@ Require valid-user
 </Location>
 EOF
     # For work, i think we will just use the firewall for hosts in the main data center, and
-    # apache/nginx + tls + basic auth outside of it. or consider stunnel.
-
+    # vpn for hosts outside it.
 
     # TODO: figure out how to detect the ping failure and try again.