echo "EOF"
} | u /p/c/dnsmasq-data
+ b8_ip=$(dig +short b8.nz @iankelling.org | tail -1)
+ if [[ ! $b8_ip ]]; then
+ echo "$0: error: got empty b8.nz ip. returning 1"
+ return 1
+ fi
{
+ echo "@ A $b8_ip"
for host in ${!nonvpn_ips[@]}; do
ipsuf=${nonvpn_ips[$host]}
echo "$host A 10.2.0.$ipsuf"
echo checking for stray files:
- initial_dir=$PWD
+ initial_dir="$PWD"
cd /a/bin/ds/machine_specific
ngset
files=( */filesystem/etc/systemd/system/openvpn-client-tr@.service )
ngreset
- cd $initial_dir
+ cd "$initial_dir"
for f in "${files[@]}"; do
host=${f%%/*}
if [[ ! ${vpn_ips[$host]} ]]; then
# /a/bin/ds/filesystem/etc/prometheus/rules/iank.yml
#
# Update hostnames in /b/ds/check-remote-mailqs
+# Update hostnames in /b/ds/machine_specific/*.hosts /p/c/machine_specific/*.hosts
+# Update hostnames in this file
### end new machine setup
set +x
source /a/bin/distro-functions/src/identify-distros
$interactive || set -x
-for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo; do
+for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo so; do
eval "$f() { [[ $HOSTNAME == $f ]]; }"
done
codename=$(debian-codename)
### begin bitcoin ###
case $HOSTNAME in
- sy|kd)
- sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-26.0/bin/*
+ sy|kd|so)
+ sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-27.0/bin/*
# Note: i leave it to system-status to start and stop bitcoin.
# note: the bitcoin user & group are setup in fai
sudo usermod -a -G bitcoin iank
# iank: copied from /a/opt/bitcoin/contrib/init/bitcoind.service
-# for sources as of 2022-11-14
+# for sources as of 2024-04-22
# It is not recommended to modify this file in-place, because it will
# be overwritten during package upgrades. If you want to add further
# between 100% and 180% cpu and makes the fan spin annoyingly.
# 50% still had annoying fan spin. trying out 20%
CPUQuota=20%
-ExecStart=/usr/bin/bitcoind -daemonwait \
- -pid=/run/bitcoind/bitcoind.pid \
+ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
-conf=/etc/bitcoin/bitcoin.conf \
- -datadir=/var/lib/bitcoind
+ -datadir=/var/lib/bitcoind \
+ -startupnotify='systemd-notify --ready' \
+ -shutdownnotify='systemd-notify --stopping'
# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
# Process management
####################
-Type=forking
+Type=notify
+NotifyAccess=all
PIDFile=/run/bitcoind/bitcoind.pid
+
Restart=on-failure
TimeoutStartSec=infinity
TimeoutStopSec=600
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
+# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced
+SystemCallArchitectures=native
+
[Install]
WantedBy=multi-user.target
[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE[0]}"
-if [[ -e /tmp/no-bitcoinon ]]; then
+if [[ -e /tmp/no-bitcoinon || ! -d /var/lib/bitcoind || ! -x /usr/bin/bitcoind ]]; then
exit 0
fi
systemctl start bitcoind
# ld for local debbugs
-/a/exe/web-conf -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF'
+/a/exe/web-conf -l -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF'
# copied from debbugs upstream example
<Directory /var/lib/debbugs/www>
Options Indexes SymLinksIfOwnerMatch MultiViews
exit $ret
fi
-if ! $mail_only && [[ -e /p/profanity-here ]]; then
- m $new_shell systemctl --now enable profanity || ret=$?
- if (( ret )); then
- err "failed final systemctl --now enable profanity, just fix and rerun"
- exit $ret
- fi
-fi
-
m exit 0
iankelling.org / git / distro-setup / commitdiff