dnsup() {
conflink -f
- m ser reload bind9
+ m ser reload named
}
dnsb8() {
local f=/var/lib/bind/db.b8.nz
- m ser stop bind9
+ m ser stop named
m sleep 1
m sudo rm -fv $f.jnl
m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
- m ser restart bind9
+ m ser restart named
}
dnsecgen() {
# keys generated like this
if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
done
-# old files 2022-03
-for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do
- f=/etc/systemd/system/$t.timer
- if [[ -e $f ]]; then
- s systemctl stop $t.timer
- s systemctl disable $t.timer
- s rm -fv $f
- reload_systemd=true
- fi
-done
-rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings
c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
case $user in
iank)
+ # old files 2022-03
+ for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do
+ f=/etc/systemd/system/$t.timer
+ if [[ -e $f ]]; then
+ s systemctl stop $t.timer
+ s systemctl disable $t.timer
+ s rm -fv $f
+ reload_systemd=true
+ fi
+ done
+ # old 2022-04
+ if [[ -e /etc/cron.daily/check-lets-encrypt-ssl-settings ]]; then
+ m s rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings
+ fi
+
+
/a/bin/ds/install-my-scripts
files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
/p/c/machine_specific/*/filesystem/etc/openvpn/client/*.key
if vps; then
pi-nostart bind9
fi
+if bitfolk; then
+ pi-nostart unbound
+fi
# this needs to be before installing pacserve so we have gpg conf.
conflink
rootsshsync
bk)
sudo sed -i --follow-symlinks 's/^ *hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf
soff systemd-resolved
- ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
- sgo bind9
+ sudo ln -sf 127.0.0.1-resolv/stub-resolv.conf /etc/resolv.conf
+ sgo unbound
+ sgo named
# cautious measure to make sure bind is up
sleep 1
;;
# # push here?
# #myunison -ob li
# #ssh li conflink
-# ssh li.b8.nz systemctl reload bind9
+# ssh li.b8.nz systemctl reload named
# # b8.nz has address 65.96.178.16
annotations:
summary: '12 minutes down'
+ - alert: mailtest_check_unexpected_spamd_vps
+ expr: |-
+ mailtest_check_unexpected_spamd_results >= 1
+ labels:
+ severity: day
+ annotations:
+ summary: 'jr -u mailtest-check -e'
+
- alert: mailtest_check_mailhost
expr: |-
time() - max by (folder,from) (mailtest_check_last_usec{job="node"}) >= 60 * 12
annotations:
summary: '12 minutes down'
- # 42 mins: enough for a 30 min queue run plus 12
+ # 20 minutes. just allow for more due to prod alert.
- alert: mailtest_check_gnu_mailhost
expr: |-
- time() - max by (folder,from) (mailtest_check_last_usec{folder="/m/md/l/testignore", from="iank@gnu.org"}) >= 60 * 42
+ time() - max by (folder,from) (mailtest_check_last_usec{folder="/m/md/l/testignore", from="iank@gnu.org"}) >= 60 * 20
labels:
severity: prod
annotations:
- summary: '42 minutes down'
+ summary: '20 minutes down'
- alert: 1pmtest
;;
*)
soff mailtest-check.service
- rm -fv /etc/cron.d/mailtest
+ rm -fv /etc/cron.d/mailtest /var/lib/prometheus/node-exporter/mailtest-check.prom*
;;
esac
fi
}
pr() {
- if [[ -e /var/lib/prometheus/node-exporter ]]; then
+ if $doprom && [[ -e /var/lib/prometheus/node-exporter ]]; then
cat >>/var/lib/prometheus/node-exporter/mailtest-check.prom.$$
fi
}
# TODO, get je to deliver the local mailbox: /m/md/INBOX
# dovecot appears to setup, i can t be sure.
-
+source /a/bin/bash_unpublished/source-state
+
+doprom=false
+case $HOSTNAME in
+ $MAIL_HOST|bk|je)
+ doprom=true
+ ;;
+ *)
+ rm -f /var/lib/prometheus/node-exporter/mailtest-check.prom*
+ ;;
+esac
main() {
fi
p $var_mail_msg | loday -1 var_mail
-
- tmp=(/var/local/cron-errors/mailtest-check*)
- if (( ${#tmp[@]} )); then
- chars+=(MAILPING)
- fi
- tmp=(/var/local/cron-errors/mailtest-slow*)
- if (( ${#tmp[@]} )); then
- chars+=(SPAMD)
- fi
-
# early in install process, we dont have permission yet for exiqgrep.
# 1100 helps allow for system restarts
qlen=$(/usr/sbin/exiqgrep -o 1100 -c -b | awk '{print $1}') ||:
iankelling.org / git / distro-setup / commitdiff