# Export beets ratings into navidrome
beetrating() {
local ssh_prefix
- if [[ $HOSTNAME != kd ]]; then
+ source /p/c/domain-info
+ if [[ $HOSTNAME != $d_host ]]; then
ssh_prefix="ssh b8.nz"
fi
# shellcheck disable=SC2016 # obvious reason
# note: logic duplicated in beetpull
local remote_p=true
- if [[ $HOSTNAME == kd ]]; then
+ source /p/c/domain-info
+ if [[ $HOSTNAME == $d_host ]]; then
remote_p=false
fi
beetpull() {
local sshfs_host sshfs_cmd
sshfs_host=b8.nz
- if [[ $HOSTNAME == kd ]]; then
+ source /p/c/domain-info
+ if [[ $HOSTNAME == $d_host ]]; then
return 0
fi
if [[ ! -e /i ]]; then
nav-rm-plists() {
local tmpf id
tmpf=$(mktemp)
- if [[ $HOSTNAME != kd ]]; then
+ source /p/c/domain-info
+ if [[ $HOSTNAME != $d_host ]]; then
echo "error: run on kd"
return 1
fi
# excluding emacs for now
#p=(/a/opt/{emacs-debian11{,-nox},mu,emacs} /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts})
p=(
- /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}
+ /a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts} /p/c/user-specific/{bind,znc,icecast2}
/a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter
/a/opt/fpaste
/a/opt/bbdb-csv-import
/a/opt/spray
- /p/c/user-specific/www-data/icecast-fsf{,-tech}-htpasswd
- /p/c/icecast.xml
+ /p/c/user-specific/www-data/{caldav,icecast-fsf{,-tech}}-htpasswd
)
a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
ret=0
m s rsync "$@" -ahviSAXPH root@li.b8.nz:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
return $ret
}
-bkpush() { # no emacs. for running faster.
+# compared to li, no emacs and some user-specific files.
+bkpush() {
p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/vps{,.hosts}
/a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter
)
EOF
done
echo "EOF"
- } >/p/c/cmc-firewall-data
+ } | cedit -s redir /p/c/cmc-firewall-data
local host ipsuf f files
} | cedit -e vpn-ips-update /p/c/machine_specific/vps/bind-initial/db.b8.nz
- echo checking for stray files:
-
+ stray_found=false
initial_dir="$PWD"
while read -r dir path; do
cd $dir
for f in "${files[@]}"; do
host=${f%%/*}
if [[ ! ${vpn_ips[$host]} ]]; then
+ if ! $stray_found; then
+ stray_found=true
+ echo hiup: begin found stray files. removal commands:
+ fi
e rm $dir/$f
fi
done
/a/bin/ds/machine_specific filesystem/etc/systemd/system/openvpn-client-tr@.service
/p/c/machine_specific filesystem/etc/wireguard/wghole.conf
EOF
+ if $stray_found; then
+ echo "hiup: end found stray files"
+ fi
files=( /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/* )
for f in "${files[@]}"; do
}
-# Tail all recent prof logs. Copying from profanity has unwanted line breaks
+# Tail all recent profanity logs. Copying from profanity has unwanted line breaks
# especially for links.
profr() {
+ source /p/c/domain-info
case $HOSTNAME in
- kd)
+ $d_host)
profr-local
;;
*)
# didn't check for pms beforehand. Assume the most recent logs are on kd.
# If that isn't the case, use prof-recent-local
prof-recent() {
+ source /p/c/domain-info
case $HOSTNAME in
- kd)
+ $d_host)
prof-recent-local
;;
*)
}
prof-sort() {
+ source /p/c/domain-info
case $HOSTNAME in
- kd)
+ $d_host)
prof-recent-sort
;;
*)
# ya, hacky hardcoded hostnames in 2023. we could do better
hssh-update() {
local -a failed_hosts hosts
- case $HOSTNAME in
- sy|so|kd)
- hosts=(
- kd.b8.nz x3.office.fsf.org sy so x2.b8.nz
- )
- ;;
- x3)
- hosts=(
- b8.nz sywg.b8.nz sowg.b8.nz
- )
- ;;
- esac
+ source /p/c/domain-info
+
+ for host in ${active_hosts[@]}; do
+ host=${host%wg}
+ if [[ $host == $HOSTNAME ]]; then
+ continue
+ fi
+ hosts+=($host)
+ done
+
for host in ${hosts[@]}; do
e $host
if ! scp /b/fai/fai/config/files/usr/local/bin/hssh/IANK root@$host:/usr/local/bin/hssh; then
units "tempF($1)" tempC
}
+set-cmc-http() {
+ echo http_ip=$1 | cedit http /p/c/cmc-firewall-data ||:
+}
+
# local icecast
localic() {
local mod=false
echo "error: failed to get ip: $ip" >&2
exit 1
fi
- cat >/p/c/cmc-firewall-data-http <<EOF
-http_ip=$ip
-EOF
+ echo http_ip=$ip | cedit -s http /p/c/cmc-firewall-data
+ EOF
bindpush
wrt-setup
fi
Usage: ${0##*/} TARGET_HOST
Send btrbk for root2
+Note, this hasn't been used in a long time. The general use case is:
+we collect ziva backups on $d_host, then we could use this script to
+push them all onto a laptop in order to restore them.
-h|--help Print help and exit.
#### begin special extra stuff ####
install -d -m700 ~/gpg-agent-socket
- if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then
- s chgrp www-data /etc/caldav-htpasswd
- fi
if [[ -e /p/c/user-specific/prometheus ]]; then
if getent passwd prometheus &>/dev/null; then
v s rsync -clpgoDiSAX --chmod=g+r --chown=root:prometheus /p/c/user-specific/prometheus/prometheus-pass /etc
# "var/lib/bind/dsset-*"
if [[ -e /p/c/user-specific/bind ]]; then
if getent group bind &>/dev/null; then
- v s rsync -clpgoDiSAX --chmod=g+r --chown=root:bind /p/c/user-specific/bind/etc/* /etc/bind
+ v s rsync -clpgoDiSAX --chmod=g+r --chown=root:bind /p/c/user-specific/bind/etc/bind/* /etc/bind
v s rsync -clpgoDiSAX --chmod=g+r --chown=root:bind /p/c/user-specific/bind/var/lib/bind/* /var/lib/bind
fi
fi
source $script_dir/pkgs
set +x
source /a/bin/distro-functions/src/identify-distros
+source /p/c/domain-info
$interactive || set -x
for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo so; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
+
codename=$(debian-codename)
bitfolk() { je || bk; }
has_wayland() { has_monitor && [[ $codename == buster ]]; }
sudo mkdir -p $dir
fi
+mnt-fstab() {
+ sudo mount $1
+ # strangely, mount will return success if the device in fstab does not
+ # exist. Here, we catch that.
+ mountpoint -q $1
+ }
case $HOSTNAME in
- kd)
+ $d_host)
sudo /a/exe/teeu /etc/fstab <<'EOF'
-/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0
+/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part6 /d btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,compress=zstd,subvol=d 0 0
/d/m /i none bind,compress=zstd 0 0
EOF
if ! mountpoint /d &>/dev/null; then
sudo mkdir -p /d
if [[ -d /mnt/r7/d ]]; then
- sudo mount /d
+ mnt-fstab /d
+ fi
+ if ! mountpoint /i &>/dev/null; then
+ sudo mkdir -p /i
+ mnt-fstab /i
fi
- fi
- if ! mountpoint /i &>/dev/null; then
- sudo mkdir -p /i
- sudo mount /i
fi
;;
esac
/a/exe/ssh-emacs-setup
fi
-if [[ $HOSTNAME == kd ]] && ! mountpoint /d &>/dev/null; then
+if [[ $HOSTNAME == $d_host ]] && ! mountpoint /d &>/dev/null; then
cat <<'EOFOUTER'
# if this is a fresh reinstall, need to run something like this
# to restore data:
# shellcheck disable=SC2317 # false positive
export LC_USEBASHRC=t
source /a/bin/ds/.bashrc
+source /a/bin/bash_unpublished/source-state
+source /p/c/domain-info
### setup
source /a/bin/bash-bear-trap/bash-bear
echo 1 >~/.local/distro-end
}
+d_host=frodo
+
# shellcheck source=./pkgs
source $src/pkgs
fi
-######### begin irc periodic backup #############
-if [[ $HOSTNAME == kd ]]; then
- sd /etc/systemd/system/ircbackup.service <<'EOF'
-[Unit]
-Description=irc li backup
-After=multi-user.target
-
-[Service]
-User=iank
-Type=oneshot
-ExecStart=/usr/local/bin/sysd-mail-once irc-backup rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /p/irc-backup
-EOF
- sd /etc/systemd/system/ircbackup.timer <<'EOF'
-[Unit]
-Description=irc li backup hourly
-
-[Timer]
-OnCalendar=hourly
-
-[Install]
-WantedBy=timers.target
-EOF
- sudo systemctl daemon-reload
- sgo ircbackup.timer
-fi
-
-
-######### end irc periodic backup #############
-
-
pi-nostart openvpn
# pi-nostart does not disable
ser disable openvpn
############# begin syncthing setup ###########
case $HOSTNAME in
- kd)
+ $d_host)
f=/usr/share/keyrings/syncthing-archive-keyring.gpg
if [[ ! -e $f ]]; then
s curl -s -o $f https://syncthing.net/release-key.gpg
fi
sgo syncthing@ziva
;;
+ *)
+ soff syncthing@ziva
+ ;;
esac
# user for short term use dropping of privileges
####### begin misc packages ###########
+# some $d_host switching commands. edit partition script. edit this. edit distro-begin.
+# cd /a/c
+# mkmv machine_specific/kd/filesystem/etc/btrbk/* machine_specific/frodo/filesystem/etc/btrbk
+# mv machine_specific/kd/filesystem/etc/systemd/system/btrbkrust* machine_specific/frodo/filesystem/etc/systemd/system
+# mkmv /b/ds/machine_specific/kd/filesystem/etc/cron.d/d_host /b/ds/machine_specific/frodo/filesystem/etc/cron.d
+# # edit file and then deploy:
+# scp /a/bin/ds/machine_specific/bo/filesystem/etc/btrbk/btrbk.conf bo:/etc/btrbk
+# mkmv /p/c/machine_specific/kd/subdir_files/.ssh/authorized_keys2 /p/c/machine_specific/frodo/subdir_files/.ssh/
+
+
# old location, 2023.
sudo rm -fv /etc/systemd/system/profanity.service
case $HOSTNAME in
- kd)
+ $d_host)
# i dunno why i put it here
ln -sfT /d/p/profanity ~/.local/share/profanity
ln -sfT /d/p/profanity-config ~/.config/profanity
- source /a/bin/bash_unpublished/source-state
if [[ $HOSTNAME == "$HOST2" || ! -e /p/profanity-here ]]; then
systemctl --user --now enable profanity
fi
;;
*)
-
ln -sfT /p/profanity ~/.local/share/profanity
ln -sfT /p/profanity-config ~/.config/profanity
;;
esac
+case $HOSTNAME in
+ $d_host)
+ sgo btrbkrust.timer
+ ;;
+ *)
+ soff btrbkrust.timer
+ s rm -f /etc/systemd/system/btrbkrust*
+ ;;
+esac
+
+
# template
case $codename in
flidas)
####### begin transmission
case $HOSTNAME in
- kd)
+ $d_host)
tdir=/d/tor
;;
*)
####### end transmission
case $HOSTNAME in
- kd)
+ $d_host)
# to persist upload/dl metadata. initially, moved all the stuff
# in /var/lib/transmission-daemon to /d/tor
s usermod --home /d/tor debian-transmission
sgo transmission-daemon-nn
-
+ ;;
+ *)
+ # set to the default
+ s usermod --home /var/lib/transmission-daemon debian-transmission
;;
esac
### printer setup
-pi cups
+pi-nostart cups
+# I don't need network printer shares. And, lets just start cups when we
+# need it, since I don't on most computers.
+ser disable cups-browsed
+ser mask cups-browsed
+ser disable cups
+
sudo gpasswd -a $USER lpadmin # based on ubuntu wiki
# goto http://127.0.0.1:631
### begin prometheus ###
case $HOSTNAME in
- kd)
+ $d_host)
# Font awesome is needed for the alertmanager ui.
pi prometheus-alertmanager prometheus fonts-font-awesome
/a/f/ans/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus
</Location>
EOF
- # by default, the alertmanager web ui is not enabled other than a page
- # that suggests to use the amtool cli. that tool is good, but you cant
- # silence things nearly as easily as with the gui.
- if [[ ! -e /usr/share/prometheus/alertmanager/ui/index.html ]]; then
- # default script didnt work, required some changes to get elm 19.1,
- # which is a dependency of the latest alertmanager. I modified
- # and copied it into /b/ds. In future, might need some other
- # solution.
- #sudo /usr/share/prometheus/alertmanager/generate-ui.sh
- sudo /b/ds/generate-ui.sh
- ser restart prometheus-alertmanager
- fi
-
s /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter -l 127.0.0.1
for ser in prometheus-node-exporter prometheus-alertmanager prometheus; do
;;
*)
+ ## Begin cleanup of prometheus install above. ##
+ #
+ #
+ # This is in case our host type has changed. We don't cleanup all
+ # stray files, just stop services we aren't using anymore.
+ #
+ f=/etc/apache2/sites-enabled/b8.nz-9091.conf
+ if [[ -e $f ]]; then
+ rm -f $f /etc/apache2/sites-enabled/b8.nz-9094.conf
+ if systemctl is-active apache2 &>/dev/null; then
+ systemctl reload apache2
+ fi
+ fi
+ soff prometheus prometheus-blackbox-exporter prometheus-alertmanager
+ ## End cleanup of prometheus install above. ##
+
s /a/f/ans/roles/prom_export/files/simple/usr/local/bin/fsf-install-node-exporter
;;
esac
# remove trisquel banner. it is cool but takes up too much space.
sudo rm -f /etc/update-motd.d/01-banner
-case $HOSTNAME in
- kw|x3)
- sd /etc/cups/client.conf <<'EOF'
-ServerName printserver1.office.fsf.org
-EOF
- ;;
-esac
-
end_msg <<'EOF'
In mate settings settings, change scrolling to two-finger,
# Remove dep that came in with desktop to fix associations.
m pu transmission-gtk
+f=/home/iank/Videos
case $HOSTNAME in
- kd)
- lnf -T /d/vidshare /home/iank/Videos
+ $d_host)
+ if [[ ! -L $f || $(readlink $f) != /d/vidshare ]]; then
+ fs=($f/*)
+ if (( ${#fs[@]} >= 1 )); then
+ echo "$0: I wanted to make a link $f -> /d/vidshare, but $f is not empty. Please do something with its contents. ll $f:"
+ ll $f
+ exit 1
+ fi
+ lnf -T /d/vidshare $f
+ fi
+ ;;
+ *)
+ if [[ -L $f && $(readlink $f) == /d/vidshare ]]; then
+ rm -f $f
+ mkdir $f
+ fi
;;
esac
case $HOSTNAME in
- kd)
+ $d_host)
web-conf -p 4500 -f 4533 -e ian@iankelling.org apache2 b8.nz
sgo navidrome
;;
+ *)
+ soff navidrome
+ f=/etc/apache2/sites-enabled/b8.nz.conf
+ if [[ -e $f ]]; then
+ rm -f $f
+ # todo: reload apache if enabled
+ fi
+ ;;
esac
# nfs server
# delete this once run everywhere. delete old file:
-
-rm -f /etc/systemd/system/openvpn-client@client.service.d/iank.conf
+sudo rm -f /etc/systemd/system/openvpn-client@client.service.d/iank.conf
# if I was going to create a persistent vm, i might do it like this:
# variant=something # from: virt-install --os-variant list
quit
EOF
- chronic nsupdate $ip_arg -k /p/c/user_specific/bind/etc/bind/Kb8.nz.*.private <$tmpf || nsupdate_fails=$((nsupdate_fails + 1))
+ chronic nsupdate $ip_arg -k /p/c/user-specific/bind/etc/bind/Kb8.nz.*.private <$tmpf || nsupdate_fails=$((nsupdate_fails + 1))
sed -i 's/^server .*/server bk.b8.nz/' $tmpf
- chronic nsupdate $ip_arg -k /p/c/user_specific/bind/etc/bind/Kb8.nz.*.private <$tmpf || nsupdate_fails=$((nsupdate_fails + 1))
+ chronic nsupdate $ip_arg -k /p/c/user-specific/bind/etc/bind/Kb8.nz.*.private <$tmpf || nsupdate_fails=$((nsupdate_fails + 1))
if (( nsupdate_fails > nsupdate_fail_limit )); then
echo error: nsupdate is persistently failing >&2
exit 1
20 7 * * * root myupgrade |& log-once -1 myupgrade
20 5 * * * root prof-backup |& log-once -1 prof-backup
19 * * * * root check-crypttab
+4 6,12,18 * * * root failmail rsync -rlptDhSAX root@iankelling.org:/var/lib/znc/moddata/log/iank/freenode/ /p/irc-backup
4 20 * * 5 iank check-lets-encrypt-ssl-settings
4 21 * * 5 iank auto-commit-changes /a /p
4 23 * * 5 iank failmail eggdrop-upgrade
+
# avoid dnssec expirations. This is a hack, what we should
# do instead is something like, sign only if expiration is
# coming soon, and send an email notication, because this
}
set-location() {
+ laptop=false
case $HOSTNAME in
kw)
at_work=true
at_home=true
;;
x2|x3|sy|so)
+ laptop=true
if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
&& ip n show 10.2.0.1 | grep . &>/dev/null; then
# note: logic duplicated in 11-iank
source /b/bash_unpublished/source-state
fi
+# get $d_host
+if [[ -e /p/c/domain-info ]]; then
+ source /p/c/domain-info
+fi
+
+
# note q is owned by root:1000
declare -A source_snaps
rm $localtmp $remotetmp
ret=1
fi
- if [[ $h == kd && $HOSTNAME == x3 && $HOSTNAME == "$MAIL_HOST" ]]; then
+ if $laptop && ! $at_home && [[ $h == $d_host && $HOSTNAME == "$MAIL_HOST" ]]; then
d ssh root@$tg 'btrbk-spread-wrap &>/dev/null </dev/null &'
fi
cmd=/usr/local/bin/mail-backup-clean
/a/exe/install-my-scripts
printf "%s\n" -k >/etc/btrbk-run-once.conf
# running start if it is already starting causes it to just wait until
-# it done starting. In that case, we'd need to run it twice, or we have
+# it is done starting. In that case, we'd need to run it twice, or we have
# another unit which has an After=, eg btrbk-spread, but that isn't as
# good because, we can't have btrbk have After= on btrbk-spread, and
# what if btrbk-spread is itself already running, we have the same
set -e; . /usr/local/lib/bash-bear; set +e
-
+# get $d_host, note that is not consistently used everywhere.
+source /a/bin/bash_unpublished/source-state
dossh=true
if (( $# >= 1 )); then
remote=$1
else
remote=prof
- if systemctl --user --quiet is-active profanity || [[ $HOSTNAME == kd ]]; then
+ if systemctl --user --quiet is-active profanity || [[ $HOSTNAME == $d_host ]]; then
dossh=false
fi
fi
for (( i=0; i<3; i++ )); do
- systemctl suspend
+ # -i fixes error such as: User root is logged in on sshd.
+ systemctl suspend -i
echo $$ suspending in 180 seconds
sleep 180
done
+++ /dev/null
-#!/bin/bash
-# I, Ian Kelling, follow the GNU license recommendations at
-# https://www.gnu.org/licenses/license-recommendations.en.html. They
-# recommend that small programs, < 300 lines, be licensed under the
-# Apache License 2.0. This file contains or is part of one or more small
-# programs. If a small program grows beyond 300 lines, I plan to switch
-# its license to GPL.
-
-# Copyright 2024 Ian Kelling
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# iank: fixed version of /usr/share/prometheus/alertmanager/generate-ui.sh, plus exit if already build
-set -e
-
-if [[ -e /usr/share/prometheus/alertmanager/ui/index.html ]]; then
- exit 0
-fi
-
-
-ELMDISTURL=https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz
-SRCDIR=/usr/share/gocode/src/github.com/prometheus/alertmanager/ui/app
-DSTDIR=/usr/share/prometheus/alertmanager/ui
-
-echo "Installing dependencies..." >&2
-apt install libjs-bootstrap4 fonts-font-awesome curl uglifyjs \
- golang-github-prometheus-alertmanager-dev
-
-#/usr/share/fonts-font-awesome/
-TMPDIR=$(mktemp -d)
-
-echo "Downloading Elm tools..." >&2
-cd $TMPDIR
-curl --location $ELMDISTURL | zcat >$TMPDIR/elm
-chmod +x $TMPDIR/elm
-
-echo "Compiling source code..." >&2
-ln -s $SRCDIR/src $SRCDIR/elm.json $TMPDIR
-(cd $TMPDIR; ./elm make src/Main.elm --optimize --output $TMPDIR/app.js)
-
-echo "Optimising source code..." >&2
-uglifyjs $TMPDIR/app.js \
- --compress 'pure_funcs="F2,F3,F4,F5,F6,F7,F8,F9,A2,A3,A4,A5,A6,A7,A8,A9",pure_getters,keep_fargs=false,unsafe_comps,unsafe' \
- --mangle --output $TMPDIR/script.js
-
-echo "Installing in Alertmanager directory..." >&2
-mkdir -p $DSTDIR
-mkdir -p $DSTDIR/lib
-cp $TMPDIR/script.js $DSTDIR
-cp $SRCDIR/index.html $SRCDIR/favicon.ico $DSTDIR
-ln -s /usr/share/fonts-font-awesome $DSTDIR/lib/font-awesome
-ln -s /usr/share/nodejs/bootstrap/dist $DSTDIR/lib/bootstrap4
-
-rm -rf $TMPDIR
-
-echo "Finished! Please, restart prometheus-alertmanager to activate UI." >&2
--- /dev/null
+ssh_identity /root/.ssh/id_ed25519
+transaction_syslog local7
+
+# note, i had this because man said 20% speedup, but ran into
+# this issue, https://github.com/digint/btrbk/issues/275
+#stream_buffer 512m
+
+# so we only run one at a time
+lockfile /var/lock/btrbk.lock
+
+# default format of short does not accomidate hourly preservation setting
+timestamp_format long-iso
+
+# only make a snapshot if things have changed
+snapshot_create onchange
+# I could make this different from target_preserve,
+# if one disk had less space.
+# for now, keeping them equal.
+snapshot_preserve_min 2h
+snapshot_dir btrbk
+
+target_preserve_min 2h
+stream_buffer 512m
+
+#rate_limit 2m
+volume /mnt/root
+snapshot_preserve 6h 14d 8w 24m
+target_preserve 6h 14d 8w 24m
+subvolume root_ubuntubionic
+target send-receive ssh://i.b8.nz:2234/mnt/r7/amy/root/btrbk
+
+volume /mnt/boot
+snapshot_preserve 6h 14d 8w 6m
+target_preserve 6h 14d 8w 6m
+subvolume boot_ubuntubionic
+target send-receive ssh://i.b8.nz:2234/mnt/r7/amy/boot/btrbk
--- /dev/null
+[Unit]
+Description=btrbk backup
+Documentation=man:btrbk(1)
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/btrbk run
--- /dev/null
+[Unit]
+Description=Run btrbk
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=timers.target
+++ /dev/null
-snapshot_create onchange
-
-snapshot_preserve_min 2h
-snapshot_dir btrbk
-target_preserve_min 2h
-
-
-ssh_identity /root/.ssh/home
-# Just a guess that local7 is a good facility to pick.
-# It's a bit odd that the transaction log has to be logged to
-# a file or syslog, while other output is sent to std out.
-# The man does not mention a way for them to be together, but
-# I dunno if setting a log level like warn might also output
-# transaction info.
-transaction_syslog local7
-
-# trying this out
-stream_compress zstd
-
-archive_preserve_min latest
-
-# so we only run one at a time
-lockfile /var/lock/btrbkroot2.lock
-
-# default format of short does not accomidate hourly preservation setting
-timestamp_format long-iso
-
-# dont make new snapshot, we only receive new snapshots
-snapshot_create no
-
-# if something fails and it's not obvious, try doing
-# btrbk -l debug -v dryrun
-
-rate_limit no
-volume ssh://syw/mnt/root
-snapshot_preserve 18h 14d 4w 24m
-target_preserve 18h 14d 4w 24m
-subvolume root_ubuntubionic
-target send-receive /mnt/r7/amy/root/btrbk
-
-volume ssh://syw/mnt/boot
-snapshot_preserve 18h 14d 4w 6m
-target_preserve 18h 14d 4w 6m
-subvolume boot_ubuntubionic
-target send-receive /mnt/r7/amy/boot/btrbk
#Debian-+ 23058 1954 0 36821 10564 0 20:38 ? 00:00:00 /usr/sbin/exim4 -bd -q30m
# todo: harden dovecot. need to do some research. one way is for it to only listen on a wireguard vpn interface, so only clients that are on the vpn can access it.
-# todo: consider hardening cups listening on 0.0.0.0
# todo: stop/disable local apache, and rpc.mountd, and kdeconnect when not in use.
# todo: hosts should only allow external mail that is authed and
# unattended-upgrades.log: Please install powermgmt-base package to check power status
powermgmt-base
profanity
+ # for pactl
+ pulseaudio-utils
pry
pv
python3-doc