X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=27cefeaed8aa5c32a7dda61791b3b09fce54b05e;hb=97b78b0003982c6374f4d631694ba2746580cf1f;hp=6e86d21a8487225e12b2cf82f0cdab43271cf56b;hpb=4b3f043829a57215e1251122a8ab0019b717ca8d;p=distro-setup

diff --git a/distro-end b/distro-end
index 6e86d21..27cefea 100755
--- a/distro-end
+++ b/distro-end
@@ -525,9 +525,13 @@ Pin-Priority: 500
 EOF
     ;;
   nabia)
+    # note, to get the latest, it would be n=bullseye*
+    # but that has conflicting package versions, so this does the old one.
+    # I only use it for special rare purposes. Just keep in mind it is an
+    # outdated insecure version.
     sd /etc/apt/preferences.d/chromium-bullseye <<EOF
 Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
-Pin: release o=Debian*,n=bullseye*
+Pin: release o=Debian*,n=bullseye
 Pin-Priority: 500
 EOF
     ;;
@@ -606,6 +610,7 @@ case $HOSTNAME in
     fi
 
     pi prometheus-node-exporter
+    /a/bin/buildscripts/prom-node-exporter -l
 
     # ex for exporter
     web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
@@ -1403,6 +1408,7 @@ tu /etc/schroot/desktop/fstab <<'EOF'
 /run/user/0    /run/user/0     none    rw,bind         0       0
 EOF
 
+# todo: consider if this should use the new sysd-prom-fail
 sd /etc/systemd/system/schrootupdate.service <<'EOF'
 [Unit]
 Description=schrootupdate
@@ -1888,8 +1894,7 @@ esac
 
 case $HOSTNAME in
   kd)
-    # ive got these + a needed dependency pinned to bullseye, just to get
-    # versions more in line with the main docs.
+    /a/bin/buildscripts/prometheus
     # Font awesome is needed for the alertmanager ui.
     pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
     web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
@@ -1902,6 +1907,18 @@ AuthUserFile "/etc/prometheus-htpasswd"
 Require valid-user
 </Location>
 EOF
+
+    web-conf -p 9094 -f 9093 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+
     # by default, the alertmanager web ui is not enabled other than a page
     # that suggests to use the amtool cli. that tool is good, but you cant
     # silence things nearly as fast.
@@ -1916,31 +1933,6 @@ EOF
       sysd-prom-fail-install $ser
     done
 
-    ## get upstream because it has the react ui, which has localtime, and general better usability.
-    ## begin get latest upstream prometheus ###
-    cd /a/opt/promdl
-    url=$(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | jq -r '.assets[].browser_download_url | match(".*linux-amd64.tar.gz$").string')
-    f=${url##*/}
-    if [[ -e $f ]]; then
-      timestamp=$(stat -c %Y $f)
-    else
-      timestamp=0
-    fi
-    m wget -nv -N $url
-    new_timestamp=$(stat -c %Y $f)
-    if [[ $timestamp != $new_timestamp || ! -e /usr/local/bin/prometheus ]]; then
-      ngset
-      to_rm=( !($f) )
-      ngreset
-      if (( ${#to_rm[@]} )); then
-        rm -rf ${to_rm[@]}
-      fi
-      m ex $f
-      dir=${f%.tar.gz}
-      s install $dir/prometheus $dir/promtool /usr/local/bin
-    fi
-    ## end get latest upstream prometheus ###
-
     ;;
   *)
     pi prometheus-node-exporter
@@ -1969,8 +1961,7 @@ Require valid-user
 </Location>
 EOF
     # For work, i think we will just use the firewall for hosts in the main data center, and
-    # apache/nginx + tls + basic auth outside of it. or consider stunnel.
-
+    # vpn for hosts outside it.
 
     # TODO: figure out how to detect the ping failure and try again.