X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=distro-end;h=e8e3ee031cf620ca9823a1c379a8d2cf9865a5b4;hb=b28eebdf9143aa17733f233b30b96f462008f3b6;hp=539856c1127e304105722eb6aade001f8bb035f8;hpb=fa5deaee2e0182ddfc7b39eea7ee2acedb259ddf;p=distro-setup

diff --git a/distro-end b/distro-end
index 539856c..e8e3ee0 100755
--- a/distro-end
+++ b/distro-end
@@ -525,9 +525,13 @@ Pin-Priority: 500
 EOF
     ;;
   nabia)
+    # note, to get the latest, it would be n=bullseye*
+    # but that has conflicting package versions, so this does the old one.
+    # I only use it for special rare purposes. Just keep in mind it is an
+    # outdated insecure version.
     sd /etc/apt/preferences.d/chromium-bullseye <<EOF
 Package: chromium chromium-* libicu67 libjpeg62-turbo libjsoncpp24 libre2-9 libwebpmux3
-Pin: release o=Debian*,n=bullseye*
+Pin: release o=Debian*,n=bullseye
 Pin-Priority: 500
 EOF
     ;;
@@ -606,6 +610,7 @@ case $HOSTNAME in
     fi
 
     pi prometheus-node-exporter
+    /a/bin/buildscripts/prom-node-exporter -l
 
     # ex for exporter
     web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
@@ -842,7 +847,7 @@ EOF
     # also would be nice if erc supported
     # https://wiki.znc.in/self-message
     # https://wiki.znc.in/Query_buffers                                                \
-    #
+      #
     # for geekshed, there was no sasl support as far as I can tell,
     # so I set to msg nickserv to identify upon connect.
     if ! getent passwd znc > /dev/null; then
@@ -1304,18 +1309,21 @@ m reset-xscreensaver
 # cabal update
 # cabal install --upgrade-dependencies  --force-reinstalls arbtt
 # also, i assume syncing this between machines somehow messed up the data.
-if mountpoint /p &>/dev/null; then
-  case $codename in
-    etiona|nabia)
-      pi arbtt
-      # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
-      # Failed to connect to bus: No such file or directory
-      lnf -T  /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
-      # allow failure
-      seru start arbtt ||:
-      ;;
-  esac
-fi
+
+## not using arbtt for now
+# if mountpoint /p &>/dev/null; then
+#   case $codename in
+#     etiona|nabia)
+#       pi arbtt
+#       # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
+#       # Failed to connect to bus: No such file or directory
+#       lnf -T  /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
+#       # allow failure
+#       seru start arbtt ||:
+#       ;;
+#   esac
+# fi
+rm -fv /home/iank/.config/systemd/user/default.target.wants/arbtt.service
 
 
 m primary-setup
@@ -1403,6 +1411,7 @@ tu /etc/schroot/desktop/fstab <<'EOF'
 /run/user/0    /run/user/0     none    rw,bind         0       0
 EOF
 
+# todo: consider if this should use the new sysd-prom-fail
 sd /etc/systemd/system/schrootupdate.service <<'EOF'
 [Unit]
 Description=schrootupdate
@@ -1715,13 +1724,23 @@ pi --no-install-recommends kdeconnect
 # # I'm not seeing the icon, but the clipboard replication is working
 
 
-### model 01 arduino support ###
+### begin model 01 arduino support ###
 # https://github.com/keyboardio/Kaleidoscope/wiki/Install-Arduino-support-on-Linux
 # also built latest arduino in /a/opt/Arduino, (just cd build; ant build; ant run )
 # set arduino var in bashrc,
 # have system config file setup too.
 sudo adduser $USER dialout
 
+# as of 2022-05,
+# download arduino ide, extract in /a/opt, ignore the install script, run ./arduino,
+# toolbar, preferences, add board manager url:
+# https://raw.githubusercontent.com/keyboardio/boardsmanager/master/package_keyboardio_index.json
+# toolbar, board manager, add keyboardio
+# toolbar, select model01 board
+# toolbar, examples, model01, compile
+
+###
+
 # this is for the mail command too. update-alternatives is kind of misleading
 # since at least it's main commands pretend mail does not exist.
 # bsd's mail got pulled in on some dumb dependency, i dunno how.
@@ -1888,8 +1907,7 @@ esac
 
 case $HOSTNAME in
   kd)
-    # ive got these + a needed dependency pinned to bullseye, just to get
-    # versions more in line with the main docs.
+    /a/bin/buildscripts/prometheus
     # Font awesome is needed for the alertmanager ui.
     pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
     web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
@@ -1902,6 +1920,18 @@ AuthUserFile "/etc/prometheus-htpasswd"
 Require valid-user
 </Location>
 EOF
+
+    web-conf -p 9094 -f 9093 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+
     # by default, the alertmanager web ui is not enabled other than a page
     # that suggests to use the amtool cli. that tool is good, but you cant
     # silence things nearly as fast.
@@ -1944,8 +1974,7 @@ Require valid-user
 </Location>
 EOF
     # For work, i think we will just use the firewall for hosts in the main data center, and
-    # apache/nginx + tls + basic auth outside of it. or consider stunnel.
-
+    # vpn for hosts outside it.
 
     # TODO: figure out how to detect the ping failure and try again.