done
}
+# get ipv4 ip from HOST. or if it is already a number, return that
+hostip() {
+ local host="$1"
+ case $host in
+ [0-9:])
+ echo "$host"
+ ;;
+ *)
+ getent ahostsv4 "$host" | awk '{ print $1 }' | head -n1
+ ;;
+ esac
+}
+
dig() {
command dig +nostats +nocmd "$@"
}
ccomp du dus
-e() { printf "%s\n" "$@"; }
+e() { printf "%s\n" "$*"; }
# echo args
ea() {
local f=/var/lib/bind/db.b8.nz
m ser stop named
m sleep 1
- m sudo rm -fv $f.jnl
+ m sudo rm -fv $f.jnl $f.signed.jnl
m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
m ser restart named
}
# --no-messages because of annoying errors on broken symlinks
# -z = search .gz etc files
# -. = search dotfilesq
- rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore "$@" || return $?; }
+ rg() { command rg -. -z --no-messages -L -i -M 900 --no-ignore-parent --no-ignore-vcs -g '!.git' "$@" || return $?; }
#fails if not exist. ignore
complete -r rg 2>/dev/null ||:
else
sleep 5
fi
-early=false # quit early, just btrbk, no extra remounting etc.
+marchive=false
+early=false
cron=false
orig_args=("$@")
temp=$(getopt -l cron,pull-reexec,help ceil:m:npqrs:t:vh "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
+ # some behaviors specific to running under cron:
+ # - skip hosts where xprintidle haven't been idle recently
+ # - if we can't ssh to 1 or more hosts, still do the rest
+ # - if we aren't MAIL_HOST and no -m or -s, just exit
--cron)
cron=true
pre=
;;
# only creates the config file, does not run btrbk
-c) conf_only=true; shift ;;
+ # quit early, just btrbk, no extra remounting etc.
-e) early=true; shift ;;
-i) incremental_strict=true; shift ;;
# bytes per second, suffix k m g
# Comma separated mountpoints to backup. This has defaults set below.
-m) IFS=, mountpoints=($2); unset IFS; shift 2 ;;
-n) dry_run=true; dry_run_arg=-n; shift ;;
+ # show progress
-p) progress_arg="--progress"; shift ;;
+ # internal option for rerunning under newer SOURCE_HOST version.
--pull-reexec) pull_reexec=true; shift ;;
- -r) archive=false; shift ;;
+ # quiet
-q) verbose=false; verbose_arg=; progress_arg=; shift ;;
# source host to receive a backup from
-s)
# target hosts to send to. empty is valid for just doing local
# snapshot. we have default hosts we will populate.
-t) IFS=, targets=($2); unset IFS; shift 2 ;;
+ # verbose.
-v) verbose=true; verbose_arg=-v; shift ;;
-h|--help) usage ;;
--) shift; break ;;
# only tested commands are resume and archive
cmd_arg=${1:-run}
+
+std_preserve="18h 14d 8w 24m"
+q_preserve="18h 14d"
+
case $cmd_arg in
run|resume|archive) : ;;
+ marchive)
+ marchive=true
+ cmd=resume
+ std_preserve="999h 999d 999w 999m"
+ q_preserve="$std_preserve"
+ preserve_arg=-p
+ ;;
*) die "untested command arg" ;;
esac
fi
### end options parsing
+declare -A vols
+
# remove path from earlier version of btrbk
rm -f /usr/sbin/btrbk
# note, this still works as intended if there is no /usr/bin/btrbk
# I could make this different from target_preserve,
# if one disk had less space.
# for now, keeping them equal.
-snapshot_preserve 18h 14d 8w 24m
+snapshot_preserve $std_preserve
snapshot_preserve_min 2h
snapshot_dir btrbk
# so, total backups = ~58
-target_preserve 18h 14d 8w 24m
+target_preserve $std_preserve
target_preserve_min 2h
# if something fails and it's not obvious, try doing
case $m in
/o)
vol=/mnt/o
+ vols[$vol]=t
;;
*)
vol=/mnt/root
+ vols[$vol]=t
;;
esac
q)
# q has sensitive data i dont want to backup for so long
cat >>/etc/btrbk.conf <<EOF
-snapshot_preserve 18h 14d
+snapshot_preserve $std_preserve
snapshot_preserve_min 2h
snapshot_dir btrbk
-target_preserve 18h 14d
+target_preserve $std_preserve
target_preserve_min 2h
EOF
;;
mexit 0
elif [[ $cmd_arg == archive ]]; then
if [[ $source ]]; then
- m btrbk $verbose_arg $progress_arg $cmd_arg ssh://$source$vol $vol
+ for vol in ${!vols[@]}; do
+ m btrbk $verbose_arg $progress_arg $cmd_arg ssh://$source$vol $vol
+ done
else
for tg in ${targets[@]}; do
- m btrbk $verbose_arg $progress_arg $cmd_arg $vol ssh://$tg$vol
+ for vol in ${!vols[@]}; do
+ m btrbk $verbose_arg $progress_arg $cmd_arg $vol ssh://$tg$vol
+ done
done
fi
mexit 0
fi
# -q and just using the syslog option seemed nice,
# but it doesn't show when a send has a parent and when it doesn't.
-m btrbk $verbose_arg $progress_arg $cmd_arg
+m btrbk $preserve_arg $verbose_arg $progress_arg $cmd_arg
# todo: tp not valid anymore.
# if we have it, sync to systems which don't
case $HOSTNAME in
kd)
- /a/bin/buildscripts/prometheus
# Font awesome is needed for the alertmanager ui.
pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
+ /a/bin/buildscripts/prometheus
web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
<Location "/">
AuthType Basic
# by default, the alertmanager web ui is not enabled other than a page
# that suggests to use the amtool cli. that tool is good, but you cant
- # silence things nearly as fast.
+ # silence things nearly as easily as with the gui.
if [[ ! -e /usr/share/prometheus/alertmanager/ui/index.html ]]; then
- sudo chroot /nocow/schroot/bullseye prometheus-alertmanager
- sudo chroot /nocow/schroot/bullseye /usr/share/prometheus/alertmanager/generate-ui.sh
- sudo rsync -avih /nocow/schroot/bullseye/usr/share/prometheus/alertmanager/ui/ /usr/share/prometheus/alertmanager/ui
+ # default script didnt work, required some changes to get elm 19.1,
+ # which is a dependency of the latest alertmanager. I modified
+ # and copied it into /b/ds. In future, might need some other
+ # solution.
+ #sudo /usr/share/prometheus/alertmanager/generate-ui.sh
+ sudo /b/ds/generate-ui.sh
ser restart prometheus-alertmanager
fi
# in case.
LLMNR=no
MulticastDNS=no
-# this can be useful when working not on the vpn
-#Domains=fsf.org gnu.org
+Domains=fsf.org gnu.org
fi
done
+lnf -v /p/bin/* /a/exe
+
cd /a/exe
if (( ${#existing[@]} )); then
echo run manually:
# old.
#vpnser=mailvpn.service
-# todo: this hangs if it cant resolv the endpoint. we
-# want it to just retry in the background.
+# note: this hangs if it cant resolv the endpoint. we
+# want it to just retry in the background. i just use a static ip instead.
+#
+# Note: at least on t10, on reboot, the service fails to come up according to systemd, but
+# in reality it is up and working, then it tries to restart infinitely, and fails
+# because it detects that the interface exists.
+#
+# failing output:
+#
+# Aug 02 21:59:27 sy wg-quick[2092]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
+# Aug 02 21:59:27 sy wg-quick[2248]: [#] iptables-restore -n
+# Aug 02 21:59:27 sy wg-quick[2249]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
+# Aug 02 21:59:27 sy wg-quick[2259]: [#] iptables-restore -n
+# Aug 02 21:59:27 sy wg-quick[2260]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
+# Aug 02 21:59:27 sy systemd[1]: wg-quick@wgmail.service: Main process exited, code=exited, status=4/NOPERMISSION
+
+
+# successful output.
+# Aug 03 14:12:47 sy wg-quick[711336]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
+# Aug 03 14:12:47 sy wg-quick[711384]: [#] iptables-restore -n
+# Aug 03 14:12:47 sy wg-quick[711336]: [#] ping -w10 -c1 10.8.0.1 ||:
+# Aug 03 14:12:47 sy wg-quick[711389]: PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
+# Aug 03 14:12:47 sy wg-quick[711389]: 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=73.0 ms
+# Aug 03 14:12:47 sy wg-quick[711389]: --- 10.8.0.1 ping statistics ---
+# Aug 03 14:12:47 sy wg-quick[711389]: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
+# Aug 03 14:12:47 sy wg-quick[711389]: rtt min/avg/max/mdev = 72.993/72.993/72.993/0.000 ms
+# Aug 03 14:12:47 sy systemd[1]: Finished WireGuard via wg-quick(8) for wgmail.
+# Aug 02 21:59:27 sy systemd[1]: wg-quick@wgmail.service: Failed with result 'exit-code'.
+# Aug 02 21:59:27 sy systemd[1]: Failed to start WireGuard via wg-quick(8) for wgmail.
+# Aug 02 21:59:47 sy systemd[1]: wg-quick@wgmail.service: Scheduled restart job, restart counter is at 1.
+# Aug 02 21:59:47 sy systemd[1]: Stopped WireGuard via wg-quick(8) for wgmail.
+# Aug 02 21:59:47 sy systemd[1]: Starting WireGuard via wg-quick(8) for wgmail...
+# Aug 02 21:59:47 sy wg-quick[3424]: wg-quick: `wgmail' already exists
+# Aug 02 21:59:47 sy systemd[1]: wg-quick@wgmail.service: Main process exited, code=exited, status=1/FAILURE
+# Aug 02 21:59:47 sy systemd[1]: wg-quick@wgmail.service: Failed with result 'exit-code'.
+# Aug 02 21:59:47 sy systemd[1]: Failed to start WireGuard via wg-quick(8) for wgmail.
+
+
+# According to iptables -S and iptables -t nat -S,
+# there are no modifications to iptables rules on a succsfull run,
+# and
+
vpnser=wg-quick@wgmail.service
case $HOSTNAME in
rm -rf $tmpdir
}
-e $script_name
-exit 0
-
# i symlinked the script to another name to make it work different
trust=true
case $script_name in
iankelling.org / git / distro-setup / commitdiff