X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;ds=inline;f=distro-end;h=91c7a832ebd0b5e5af1d9b2eae1bbe08d172b200;hb=7cc6197f74e97cb522894046718712cd03d3d385;hp=c22e1130be39b67136dd60c5581f0776c1674771;hpb=4f13ea60bec1126f54b9da543b549d29d5013a69;p=distro-setup
diff --git a/distro-end b/distro-end
index c22e113..91c7a83 100755
--- a/distro-end
+++ b/distro-end
@@ -131,6 +131,7 @@ fi
### end docker install ####
+
### begin certbot install ###
case $distro in
debian)
@@ -180,6 +181,34 @@ sgo certbotmail.timer
pi ${p1[@]}
+##### begin automatic upgrades ####
+# this makes it so we upgrade everything
+debconf-set-selections <<'EOF'
+unattended-upgrades unattended-upgrades/origins_pattern string "codename=${distro_codename}";
+EOF
+dpkg-reconfigure -u -fnoninteractive unattended-upgrades
+
+# Setup daily reboots, so all unattended upgrades go into affect
+# unattended upgrades happen at 6 am + rand(60 min).
+echo '20 7 * * * root /usr/local/bin/zelous-unattended-reboot' >/etc/cron.d/unattended-upgrade-reboot
+##### end automatic upgrades ####
+
+
+## prometheus node exporter setup
+web-conf -f 9100 -p 9101 apache2 $(hostname -f) <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
+
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/prometheus-htpasswd"
+ Require valid-user
+
+EOF
+
+
# website setup
case $HOSTNAME in
lj|li)
@@ -592,25 +621,27 @@ fi
sgo fsf-vpn-dns-cleanup
-case $distro in
- debian)
- pi chromium ;;
- trisquel|ubuntu)
- wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
- t=$(mktemp)
- cat >$t <$t <