+++ /dev/null
-#!/bin/bash
-
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-source /a/bin/errhandle/err
-
-# inspired from
-# https://github.com/kdave/btrfsmaintenance
-
-
-# Man page says we could also use a range, i suppose it would be
-# logical to use a pattern like 5..10 10..20,
-# but I don't know if this would help us at all.
-dusage="5 10"
-musage="5"
-
-e() {
- echo "cron: $*"
- if ! $dryrun; then
- "$@"
- fi
-}
-
-check-idle() {
- type -p xprintidle &>/dev/null || return 0
- export DISPLAY=:0
- # a hours, a movie could run that long.
- idle_limit=$((1000 * 60 * 60 * 2))
- idle_time=$idle_limit
- while read -r user; do
- new_idle_time=$(sudo -u $user xprintidle 2>/dev/null) ||:
- if [[ $new_idle_time && $new_idle_time -lt $idle_time ]]; then
- idle_time=$new_idle_time
- fi
- done < <(users | tr " " "\n" | sort -u)
- if (( idle_time < idle_limit )); then
- idle=false
- else
- idle=true
- fi
-}
-
-usage() {
- cat <<EOF
-Usage: ${0##*/} [ARGS]
-Do btrfs maintence or stop if xprintidle shows a user
-
-force Run regardless of user idle status on all disks and do scrub
- regardless of when it was last run.
-check Only check if an existing maintence should be cancelled due to
- nonidle user. Also, runs in a loop every 20 seconds for 10
- minutes.
-
-Note: Uses util-linux getopt option parsing: spaces between args and
-options, short options can be combined, options before args.
-EOF
- exit $1
-}
-
-
-force=false
-check=false
-dryrun=false
-if [[ $1 ]]; then
- case $1 in
- check)
- check=true
- ;;
- force)
- force=true
- ;;
- dryrun)
- dryrun=true
- ;;
- *)
- echo "$0: error: unexpected arg" >&2
- usage 1
- ;;
- esac
-fi
-
-
-main() {
- idle=true
- if ! $force; then
- check-idle
- if ! $check; then
- min=0
- max_min=300
- # When the cron kicks in, we may not be idle (physically sleeping) yet, so
- # wait.
- while ! $idle && (( min < max_min )); do
- min=$(( min + 1 ))
- sleep 60
- check-idle
- done
- # If we've waited a really long time for idle, just give up.
- if (( min == max_min )); then
- return
- fi
- fi
- fi
-
-
- fnd="findmnt --types btrfs --noheading"
- for x in $($fnd --output "SOURCE" --nofsroot | sort -u); do
- mnt=$($fnd --output "TARGET" --first-only --source $x)
- [[ $mnt ]] || continue
-
- #### begin look for diff in stats, eg: increasing error count ####
-
- # Only run for $check, since it runs in parallel to non-check, avoid
- # race condition.
- if $check; then
- tmp=$(mktemp)
- # if mnt is /, avoid making a buggy looking path
- stats_path=${mnt%/}/btrfs-dev-stats
- if [[ ! -e $stats_path ]]; then
- btrfs dev stats -c $mnt >$stats_path ||: # populate initial reading
- elif ! btrfs dev stats -c $mnt >$tmp; then
- if ! diff -q $stats_path $tmp; then
- exim -t <<EOF
-From: root@$HOSTNAME.b8.nz
-To: alerts@iankelling.org
-Subject: btrfsmaintstop: btrfs dev stats -c $mnt
-
-$(diff -u $stats_path $tmp ||:)
-EOF
- mv $stats_path $stats_path.1
- cat $tmp >$stats_path
- fi
- fi
- rm -f $tmp
- fi
- #### end look for diff in stats, eg: increasing error count ####
-
- if $check; then
- if ! $idle; then
- if $dryrun; then
- echo "$0: not idle. if this wasnt a dry run, btrfs scrub cancel $mnt"
- else
- btrfs scrub cancel $mnt &>/dev/null ||:
- fi
- fi
- continue
- fi
-
- # for comparing before and after balance.
- # the log is already fairly verbose, so commented.
- # e btrfs filesystem df $mnt
- # e df -H $mnt
- if btrfs filesystem df $mnt | grep -q "Data+Metadata"; then
- for usage in $dusage; do
- e ionice -c 3 btrfs balance start -dusage=$usage -musage=$usage $mnt
- done
- else
- e ionice -c 3 btrfs balance start -dusage=0 $mnt
- for usage in $dusage; do
- e ionice -c 3 btrfs balance start -dusage=$usage $mnt
- done
- e ionice -c 3 btrfs balance start -musage=0 $mnt
- for usage in $musage; do
- e ionice -c 3 btrfs balance start -musage=$usage $mnt
- done
- fi
- date=
- scrub_status=$(btrfs scrub status $mnt)
- if printf "%s\n" "$scrub_status" | grep -i '^status:[[:space:]]*finished$' &>/dev/null; then
- date=$(printf "%s\n" "$scrub_status" | sed -rn 's/^Scrub started:[[:space:]]*(.*)/\1/p')
- fi
- if [[ ! $date ]]; then
- # output from older versions, at least btrfs v4.15.1
- date=$(
- printf "%s\n" "$scrub_status" | \
- sed -rn 's/^\s*scrub started at (.*) and finished.*/\1/p'
- )
- fi
- if ! $force && [[ $date ]]; then
- if $dryrun; then
- echo "$0: last scrub finish for $mnt: $date"
- fi
- date=$(date --date="$date" +%s)
- # if date is sooner than 60 days ago
- # the wiki recommends 30 days or so, but
- # I'm going with 60 days.
- if (( date > EPOCHSECONDS - 60*60*24*60 )); then
- if $dryrun; then
- echo "$0: skiping scrub of $mnt, last was $(( (EPOCHSECONDS - date) / 60/60/24 )) days ago, < 30 days"
- fi
- continue
- fi
- fi
- # btrfsmaintenance does -c 2 -n 4, but I want lowest pri.
- e btrfs scrub start -Bd -c 3 $mnt
-
- # We normally only do one disk since this is meant to be run while I sleep
- # and if we try to do all disks, we invariably end up doing a scrub still
- # after I've woken up. So, just do one per day.
- if ! $force; then
- return 0
- fi
- done
-}
-
-loop-main() {
- while true; do
- main
- sleep 60
- done
-}
-
-if $check; then
- loop-main
-else
- main
-fi
# and see someone is banned.
sed 's/^ *before *= *iptables-common.conf/before = iptables-common-exim.conf/' \
- /etc/fail2ban/action.d/iptables-multiport.conf| i /etc/fail2ban/action.d/iptables-exim.conf
+ /etc/fail2ban/action.d/iptables-multiport.conf| u /etc/fail2ban/action.d/iptables-exim.conf
u /etc/fail2ban/action.d/iptables-common-exim.conf <<'EOF'
# iank: same as iptables-common, except iptables is iptables-exim, ip6tables is ip6tables-exim
cat >/etc/exim4/conf.d/retry/17_retry <<'EOF'
# Retry fast for my own domains
-iankelling.org * F,1d,4m;F,14d,1h
-amnimal.ninja * F,1d,4m;F,14d,1h
-expertpathologyreview.com * F,1d,4m;F,14d,1h
-je.b8.nz * F,1d,4m;F,14d,1h
-zroe.org * F,1d,4m;F,14d,1h
-eximbackup.b8.nz * F,1d,4m;F,14d,1h
+iankelling.org * F,1d,1m;F,14d,1h
+amnimal.ninja * F,1d,1m;F,14d,1h
+expertpathologyreview.com * F,1d,1m;F,14d,1h
+je.b8.nz * F,1d,1m;F,14d,1h
+zroe.org * F,1d,1m;F,14d,1h
+eximbackup.b8.nz * F,1d,1m;F,14d,1h
# The spec says the target domain will be used for temporary host errors,
# but i've found that isn't correct, the hostname is required
# at least sometimes.
-nn.b8.nz * F,1d,4m;F,14d,1h
-defaultnn.b8.nz * F,1d,4m;F,14d,1h
-mx.iankelling.org * F,1d,4m;F,14d,1h
-bk.b8.nz * F,1d,4m;F,14d,1h
-eggs.gnu.org * F,1d,4m;F,14d,1h
-fencepost.gnu.org * F,1d,4m;F,14d,1h
+nn.b8.nz * F,1d,1m;F,14d,1h
+defaultnn.b8.nz * F,1d,1m;F,14d,1h
+mx.iankelling.org * F,1d,1m;F,14d,1h
+bk.b8.nz * F,1d,1m;F,14d,1h
+eggs.gnu.org * F,1d,1m;F,14d,1h
+fencepost.gnu.org * F,1d,1m;F,14d,1h
# afaik our retry doesnt need this, but just using everything
-mx.amnimal.ninja * F,1d,4m;F,14d,1h
-mx.expertpathologyreview.com * F,1d,4m;F,14d,1h
+mx.amnimal.ninja * F,1d,1m;F,14d,1h
+mx.expertpathologyreview.com * F,1d,1m;F,14d,1h
mail.fsf.org * F,1d,15m;F,14d,1h
for f in *-private.pem; do
echo ${f%-private.pem}
done
-} | i /etc/exim4/conf.d/my-dkim-domains
-
-if grep -Fq REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS \
- /etc/exim4/conf.d/transport/10_exim4-config_transport-macros; then
- cat >/etc/exim4/conf.d/transport/11_iank <<'EOF'
-# This unsets the default macro defined in on t11 in
-# /etc/exim4/conf.d/transport/10_exim4-config_transport-macros
-# It seems like a very odd choice that this has become
-# the default in t11. Normal smarthost clients use username/password
-# auth. Oh well.
-REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS ==
-EOF
-else
- rm -f /etc/exim4/conf.d/transport/11_iank
-fi
+} | u /etc/exim4/conf.d/my-dkim-domains
+
+rm -f /etc/exim4/conf.d/transport/11_iank
cat >/etc/exim4/conf.d/main/000_local <<'EOF'
MAIN_TLS_ENABLE = true
# require tls connections for all smarthosts
-REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
+REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = ! nn.b8.nz
+REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS = nn.b8.nz
# debian exim config added this in 2016 or so?
# it's part of the smtp spec, to limit lines to 998 chars
IGNORE_SMTP_LINE_LENGTH_LIMIT = true
# more verbose logs. used to use +all, but made it less for more efficiency.
-MAIN_LOG_SELECTOR = -tls_cipher -tls_certificate_verified +pid +received_recipients +received_sender +sender_on_delivery +return_path_on_delivery +msg_id_created +subject +address_rewrite +smtp_confirmation
+MAIN_LOG_SELECTOR = -skip_delivery -tls_cipher -tls_certificate_verified +all_parents +address_rewrite +arguments +deliver_time +pid +queue_time +queue_time_overall +received_recipients +received_sender +return_path_on_delivery +sender_on_delivery +smtp_confirmation +subject
# Based on spec, seems like a good idea to be nice.
smtp_return_error_details = true
cat >/etc/exim4/update-exim4.conf.conf <<'EOF'
# default stuff, i havent checked if its needed
dc_minimaldns='false'
-dc_relay_nets=''
CFILEMODE='644'
dc_use_split_config='true'
dc_mailname_in_oh='true'
mmm_mail4root
)
for f in ${files[@]}; do
- echo "# iank: removed due to running nonroot"|i /etc/exim4/conf.d/router/$f
+ echo "# iank: removed due to running nonroot"|u /etc/exim4/conf.d/router/$f
done
;;
esac
# ** $MAIL_HOST|bk|je)
$MAIL_HOST|bk|je)
- echo|i /etc/exim4/conf.d/router/165_backup_local
+ echo|u /etc/exim4/conf.d/router/165_backup_local
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# note: some things we don't set that are here by default because they are unused.
# senders = testlist-bounces+test=zroe.org@fsf.org
# message = iank-bounce
EOF
- echo|i /etc/exim4/conf.d/router/880_universal_forward
+ echo|u /etc/exim4/conf.d/router/880_universal_forward
cat >>/etc/exim4/conf.d/main/000_local <<EOF
# man page: is used to build the local_domains list, together with "localhost"
# this is duplicated in a later router.
dc_other_hostnames='iankelling.org;zroe.org;r2e.iankelling.org;mx.iankelling.org;!je.b8.nz;!bk.b8.nz;*.b8.nz;b8.nz'
+dc_relay_nets='defaultnn.b8.nz'
EOF
10.173.8.2 nn.b8.nz
EOF
- sed -r -f - /etc/init.d/exim4 <<'EOF' | i /etc/init.d/exim4in
+ sed -r -f - /etc/init.d/exim4 <<'EOF' |u /etc/init.d/exim4in
s,/etc/default/exim4,/etc/default/exim4in,g
s,/run/exim4/exim.pid,/run/exim4/eximin.pid,g
s,(^[ #]*Provides:).*,\1 exim4in,
*)
# this one should be removed for all non mail hosts, but
# bk and je never become mail_host
- echo|i /etc/exim4/conf.d/router/195_dnslookup_vpn
- echo|i /etc/exim4/conf.d/router/160_backup_redir
- echo|i /etc/exim4/conf.d/router/161_backup_redir_nn
- echo|i /etc/exim4/conf.d/router/185_sentarchive
- echo|i /etc/exim4/conf.d/router/186_sentarchive_nn
- echo|i /etc/exim4/conf.d/router/188_exim4-config_smarthost
- echo|i /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
- echo|i /etc/exim4/conf.d/rcpt_local_acl
- echo|i /etc/exim4/conf.d/main/000_local-nn
- echo|i /etc/exim4/conf.d/clamav_data_acl
+ echo|u /etc/exim4/conf.d/router/195_dnslookup_vpn
+ echo|u /etc/exim4/conf.d/router/160_backup_redir
+ echo|u /etc/exim4/conf.d/router/161_backup_redir_nn
+ echo|u /etc/exim4/conf.d/router/185_sentarchive
+ echo|u /etc/exim4/conf.d/router/186_sentarchive_nn
+ echo|u /etc/exim4/conf.d/router/188_exim4-config_smarthost
+ echo|u /etc/exim4/conf.d/router/190_exim4-config_fsfsmarthost
+ echo|u /etc/exim4/conf.d/rcpt_local_acl
+ echo|u /etc/exim4/conf.d/main/000_local-nn
+ echo|u /etc/exim4/conf.d/clamav_data_acl
if $bhost_t; then
dc_smarthost='$smarthost'
EOF
- hostname -f |i /etc/mailname
+ hostname -f |u /etc/mailname
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# The manpage incorrectly states this will do header rewriting, but
# that only happens if we have dc_hide_mailname is set.
iankelling.org / git / distro-setup / commitdiff