X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=9d3f6f5048e9c33529e736366912f327f7a2ed73;hb=7c40848349654f32903ce11d14337b01e740ff89;hp=655ae7f4c19d68bf6f4aa1cb6c9ea25997f03b3b;hpb=0b6d44c7f3d567e0a26138509c8a24cb57c69b50;p=distro-setup
diff --git a/distro-end b/distro-end
index 655ae7f..9d3f6f5 100755
--- a/distro-end
+++ b/distro-end
@@ -114,7 +114,7 @@ if isdeb; then
l="deb [arch=amd64] $url $(debian-codename-compat) stable"
if ! grep -xFq "$l" /etc/apt/sources.list{,.d/*.list}; then
- sudo add-apt-repository $l
+ sudo add-apt-repository "$l"
p update
fi
# docker eats up a fair amount of cpu when doing nothing, so don't enable it unless
@@ -131,6 +131,7 @@ fi
### end docker install ####
+
### begin certbot install ###
case $distro in
debian)
@@ -180,6 +181,34 @@ sgo certbotmail.timer
pi ${p1[@]}
+##### begin automatic upgrades ####
+# this makes it so we upgrade everything
+debconf-set-selections <<'EOF'
+unattended-upgrades unattended-upgrades/origins_pattern string "codename=${distro_codename}";
+EOF
+dpkg-reconfigure -u -fnoninteractive unattended-upgrades
+
+# Setup daily reboots, so all unattended upgrades go into affect
+# unattended upgrades happen at 6 am + rand(60 min).
+echo '20 7 * * * root /usr/local/bin/zelous-unattended-reboot' >/etc/cron.d/unattended-upgrade-reboot
+##### end automatic upgrades ####
+
+
+## prometheus node exporter setup
+web-conf -f 9100 -p 9101 apache2 $(hostname -f) <<'EOF'
+#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
+# https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication
+
+ AllowOverride None
+ AuthType basic
+ AuthName "Authentication Required"
+ # setup one time, with root:www-data, 640
+ AuthUserFile "/etc/prometheus-htpasswd"
+ Require valid-user
+
+EOF
+
+
# website setup
case $HOSTNAME in
lj|li)
@@ -592,25 +621,27 @@ fi
sgo fsf-vpn-dns-cleanup
-case $distro in
- debian)
- pi chromium ;;
- trisquel|ubuntu)
- wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
- t=$(mktemp)
- cat >$t <$t <$t < /dev/null; then
+ s groupadd -g 450 debian-transmission
case $distro in
arch)
- s groupadd -g 450 debian-transmission
s useradd \
--system \
--create-home \
@@ -1106,7 +1202,6 @@ if ! getent passwd debian-transmission > /dev/null; then
--gid 450 \
--uid 450 \
--system \
- --group \
--no-create-home \
--disabled-password \
--home /var/lib/transmission-daemon \
@@ -1153,7 +1248,7 @@ EOF
fi
for f in /i/k/partial-torrents /i/k/torrents; do
if [[ -e $f ]]; then
- s chown -R debian-transmission:traci $f
+ s chown -R debian-transmission:user2 $f
fi
done
s chown -R debian-transmission:debian-transmission /var/lib/transmission-daemon
@@ -1254,8 +1349,11 @@ EOF
rpc_pass=$(