X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=593e91e598b89b510802fcb9f67a5fd3c43bfa67;hb=8d29de95be2b44cac6e2cc3d0643f542be05e4bd;hp=6f7b8718f5f96cb4c685963e738bf3f8237dd9e8;hpb=e8d684282c4b3cdd62859217f02711df5947a5c1;p=distro-setup

diff --git a/distro-end b/distro-end
index 6f7b871..593e91e 100755
--- a/distro-end
+++ b/distro-end
@@ -90,7 +90,6 @@ EOF
 ########### begin section including vps ################
 pi ${p2[@]}
 
-
 conflink
 
 sudo rm -fv
@@ -620,8 +619,7 @@ case $HOSTNAME in
       dnsb8
     fi
 
-    pi prometheus-node-exporter
-    /a/bin/buildscripts/prom-node-exporter -l
+    s /c/roles/prom-export/files/simple/usr/local/bin/fsf-install-node-exporter -l
 
     # ex for exporter
     web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
@@ -673,34 +671,18 @@ EOF
 client-to-client
 EOF
 
-    sd /etc/openvpn/client-config-hole/kd <<'EOF'
-ifconfig-push 10.5.5.2 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/tp <<'EOF'
-ifconfig-push 10.5.5.3 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/frodo <<'EOF'
-ifconfig-push 10.5.5.5 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/x2 <<'EOF'
-ifconfig-push 10.5.5.7 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/x3 <<'EOF'
-ifconfig-push 10.5.5.8 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/kw <<'EOF'
-ifconfig-push 10.5.5.9 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/sy <<'EOF'
-ifconfig-push 10.5.5.12 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/bo <<'EOF'
-ifconfig-push 10.5.5.13 255.255.255.0
-EOF
-    sd /etc/openvpn/client-config-hole/onep9 <<'EOF'
-ifconfig-push 10.5.5.14 255.255.255.0
+
+    ngset
+    files=(/etc/openvpn/client-config-hole/*)
+    if (( ${#files[@]} >= 1 )); then
+      rm -f ${files[@]}
+    fi
+    ngreset
+    for host in ${!vpn_ips[@]}; do
+      sd /etc/openvpn/client-config-hole/$host <<EOF
+ifconfig-push 10.5.5.${vpn_ips[$host]} 255.255.255.0
 EOF
-    # todo: add x8?
+    done
 
 
     # for adding cert to system with /p
@@ -715,6 +697,10 @@ EOF
     #
     # for wireguard hole vpn, use function:
     # wghole
+    # eg:
+    # wghole bo 28
+    # if it is going to want to connect to transmission-daemon on ok
+    # wghole bo 28 10.174.2.2/32
 
     # requested from linode via a support ticket.
     # https://www.linode.com/docs/networking/an-overview-of-ipv6-on-linode/
@@ -883,6 +869,16 @@ EOF
     end
     ;;
 esac
+
+case $HOSTNAME in
+  bk)
+    pi icecast2
+    # todo, save the config
+    /etc/cron.daily/stream-cert
+    web-conf -c /etc/cert-live.fsf.org -p 443 -f 8000 apache2 live.fsf.org
+    ;;
+esac
+
 ###### end website setup
 
 ########### end section including li/lj ###############
@@ -1555,6 +1551,8 @@ sudo chown -R debian-transmission:debian-transmission /var/lib/transmission-daem
 #
 # Changed the cache-size to 256 mb, reduces disk use.
 # It is a read & write cache.
+#
+# just fyi: default rpc port is 9091
 if ! systemctl is-active transmission-daemon-nn &>/dev/null && \
     ! systemctl is-active transmission-daemon; then
   tmp=$(mktemp)
@@ -1595,6 +1593,9 @@ esac
 
 ######### begin transmission client setup ######
 
+# to connect from a remote client, trans-remote-route in brc2
+
+
 if [[ -e /p/transmission-rpc-pass ]]; then
   # arch had a default config,
   # debian had nothing until you start it.
@@ -1636,7 +1637,7 @@ EOF
   "profiles" : [
       {
       "profile-name" : "Default",
-      "hostname" : "10.173.0.2",
+      "hostname" : "10.174.2.2",
       "rpc-url-path" : "/transmission/rpc",
       "username" : "",
       "password" : "$rpc_pass",
@@ -1687,7 +1688,8 @@ sudo gpasswd -a $USER lpadmin # based on ubuntu wiki
 # general known for debian/ubuntu, not for fedora
 
 m /a/bin/buildscripts/go
-m /a/bin/buildscripts/rust
+# only needed for rg. cargo takes up 11 gigs, filled up the disk on je.
+#m /a/bin/buildscripts/rust
 m /a/bin/buildscripts/misc
 m /a/bin/buildscripts/pithosfly
 #m /a/bin/buildscripts/alacritty
@@ -1948,6 +1950,10 @@ sgo dynamicipupdate
 if grep -xFq $HOSTNAME /a/bin/ds/machine_specific/btrbk.hosts; then
   sgo btrbk.timer
 fi
+if [[ $HOSTNAME == kd ]]; then
+  sgo btrbk-spread.timer
+fi
+
 # note: to see when it was last run,
 # ser list-timers
 
@@ -1961,12 +1967,11 @@ esac
 
 
 
-pi prometheus-node-exporter-collectors
 case $HOSTNAME in
   kd)
     # Font awesome is needed for the alertmanager ui.
     pi prometheus-alertmanager prometheus fonts-font-awesome
-    /a/bin/buildscripts/prometheus
+    /c/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus
     web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
 <Location "/">
 AuthType Basic
@@ -2002,7 +2007,7 @@ EOF
       ser restart prometheus-alertmanager
     fi
 
-    /a/bin/buildscripts/prom-node-exporter -l
+    s /c/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l
 
     for ser in prometheus-node-exporter prometheus-alertmanager prometheus; do
       sysd-prom-fail-install $ser
@@ -2010,7 +2015,7 @@ EOF
 
     ;;
   *)
-    /a/bin/buildscripts/prom-node-exporter
+    s /c/roles/prom-export/files/simple/usr/local/bin/fsf-install-node-exporter
     ;;
 esac
 
@@ -2065,9 +2070,12 @@ esac
 
 ### begin nagios ###
 
+pi nagios-nrpe-server
+
 case $HOSTNAME in
   kd)
-    pi nagios4
+    # the backport is for this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800345
+    pi nagios4 nagios-nrpe-plugin monitoring-plugins-basic/bullseye-backports
     s rm -fv /etc/apache2/conf-enabled/nagios4-cgi.conf
 
     # to add a password for admin:
@@ -2113,7 +2121,7 @@ Alias /nagios4 /usr/share/nagios4/htdocs
     #
 	AuthDigestDomain "Nagios4"
 	AuthDigestProvider file
-	AuthUserFile	"/etc/nagios4/htdigest.users"
+	AuthUserFile	"/etc/nagios4-htdigest.users"
 	AuthGroupFile	"/etc/group"
 	AuthName	"Nagios4"
 	AuthType	Digest
@@ -2156,18 +2164,21 @@ esac
 #       6 define timeperiod
 
 
+
+
 ### end nagios ###
 
 ### begin bitcoin ###
 
 case $HOSTNAME in
-  sy)
-    f=$dir/bitcoin.conf
-    sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-23.0/bin/*
+  sy|kd)
+    sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-24.0.1/bin/*
     sgo bitcoind
+    # note: the bitcoin user & group are setup in fai
     sudo usermod -a -G bitcoin iank
+    # todo: make bitcoin have a stable uid/gid
     if [[ ! $(readlink -f /var/lib/bitcoind/wallets) == /q/wallets ]]; then
-      sudo lnf /q/wallets /var/lib/bitcoind
+      s lnf /q/wallets /var/lib/bitcoind
       sudo chown -h bitcoin:bitcoin /var/lib/bitcoind/wallets
     fi
     # note, there exists