From ef95a0340c000f1b047928e92bbb82f538726c51 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 24 Apr 2024 15:22:48 -0400 Subject: [PATCH] update bitcoin, new host related fixes --- brc2 | 10 ++++++++-- distro-begin | 4 +++- distro-end | 4 ++-- filesystem/etc/systemd/system/bitcoind.service | 16 +++++++++++----- filesystem/usr/local/bin/bitcoinon | 2 +- machine_specific/btrbk.hosts | 1 + machine_specific/s76.hosts | 1 + mail-setup | 2 +- switch-mail-host | 8 -------- 9 files changed, 28 insertions(+), 20 deletions(-) diff --git a/brc2 b/brc2 index e936bad..45249e6 100644 --- a/brc2 +++ b/brc2 @@ -2749,7 +2749,13 @@ EOF echo "EOF" } | u /p/c/dnsmasq-data + b8_ip=$(dig +short b8.nz @iankelling.org | tail -1) + if [[ ! $b8_ip ]]; then + echo "$0: error: got empty b8.nz ip. returning 1" + return 1 + fi { + echo "@ A $b8_ip" for host in ${!nonvpn_ips[@]}; do ipsuf=${nonvpn_ips[$host]} echo "$host A 10.2.0.$ipsuf" @@ -2768,12 +2774,12 @@ EOF echo checking for stray files: - initial_dir=$PWD + initial_dir="$PWD" cd /a/bin/ds/machine_specific ngset files=( */filesystem/etc/systemd/system/openvpn-client-tr@.service ) ngreset - cd $initial_dir + cd "$initial_dir" for f in "${files[@]}"; do host=${f%%/*} if [[ ! ${vpn_ips[$host]} ]]; then diff --git a/distro-begin b/distro-begin index 5752961..e97c6c3 100755 --- a/distro-begin +++ b/distro-begin @@ -25,6 +25,8 @@ # /a/bin/ds/filesystem/etc/prometheus/rules/iank.yml # # Update hostnames in /b/ds/check-remote-mailqs +# Update hostnames in /b/ds/machine_specific/*.hosts /p/c/machine_specific/*.hosts +# Update hostnames in this file ### end new machine setup @@ -111,7 +113,7 @@ source $script_dir/pkgs set +x source /a/bin/distro-functions/src/identify-distros $interactive || set -x -for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo; do +for f in kd x2 x3 x8 frodo tp li bk je demohost kw sy bo so; do eval "$f() { [[ $HOSTNAME == $f ]]; }" done codename=$(debian-codename) diff --git a/distro-end b/distro-end index 19cdaba..066264b 100755 --- a/distro-end +++ b/distro-end @@ -1946,8 +1946,8 @@ esac ### begin bitcoin ### case $HOSTNAME in - sy|kd) - sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-26.0/bin/* + sy|kd|so) + sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-27.0/bin/* # Note: i leave it to system-status to start and stop bitcoin. # note: the bitcoin user & group are setup in fai sudo usermod -a -G bitcoin iank diff --git a/filesystem/etc/systemd/system/bitcoind.service b/filesystem/etc/systemd/system/bitcoind.service index 1a754e9..1c3377f 100644 --- a/filesystem/etc/systemd/system/bitcoind.service +++ b/filesystem/etc/systemd/system/bitcoind.service @@ -1,5 +1,5 @@ # iank: copied from /a/opt/bitcoin/contrib/init/bitcoind.service -# for sources as of 2022-11-14 +# for sources as of 2024-04-22 # It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further @@ -25,10 +25,11 @@ Wants=network-online.target # between 100% and 180% cpu and makes the fan spin annoyingly. # 50% still had annoying fan spin. trying out 20% CPUQuota=20% -ExecStart=/usr/bin/bitcoind -daemonwait \ - -pid=/run/bitcoind/bitcoind.pid \ +ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \ -conf=/etc/bitcoin/bitcoin.conf \ - -datadir=/var/lib/bitcoind + -datadir=/var/lib/bitcoind \ + -startupnotify='systemd-notify --ready' \ + -shutdownnotify='systemd-notify --stopping' # Make sure the config directory is readable by the service user PermissionsStartOnly=true @@ -37,8 +38,10 @@ ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin # Process management #################### -Type=forking +Type=notify +NotifyAccess=all PIDFile=/run/bitcoind/bitcoind.pid + Restart=on-failure TimeoutStartSec=infinity TimeoutStopSec=600 @@ -85,5 +88,8 @@ PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true +# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced +SystemCallArchitectures=native + [Install] WantedBy=multi-user.target diff --git a/filesystem/usr/local/bin/bitcoinon b/filesystem/usr/local/bin/bitcoinon index 0b64d4d..d2509c7 100755 --- a/filesystem/usr/local/bin/bitcoinon +++ b/filesystem/usr/local/bin/bitcoinon @@ -22,7 +22,7 @@ [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE[0]}" -if [[ -e /tmp/no-bitcoinon ]]; then +if [[ -e /tmp/no-bitcoinon || ! -d /var/lib/bitcoind || ! -x /usr/bin/bitcoind ]]; then exit 0 fi systemctl start bitcoind diff --git a/machine_specific/btrbk.hosts b/machine_specific/btrbk.hosts index 43e86f2..54f98fb 100644 --- a/machine_specific/btrbk.hosts +++ b/machine_specific/btrbk.hosts @@ -4,4 +4,5 @@ x2 x3 frodo sy +so bo diff --git a/machine_specific/s76.hosts b/machine_specific/s76.hosts index 90a6702..23f1aa3 100644 --- a/machine_specific/s76.hosts +++ b/machine_specific/s76.hosts @@ -1,2 +1,3 @@ bo sy +so diff --git a/mail-setup b/mail-setup index 050a716..9ada9b6 100755 --- a/mail-setup +++ b/mail-setup @@ -2868,7 +2868,7 @@ debbugsconfig # ld for local debbugs -/a/exe/web-conf -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF' +/a/exe/web-conf -l -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF' # copied from debbugs upstream example Options Indexes SymLinksIfOwnerMatch MultiViews diff --git a/switch-mail-host b/switch-mail-host index 56676b9..053134a 100644 --- a/switch-mail-host +++ b/switch-mail-host @@ -395,12 +395,4 @@ if (( ret )); then exit $ret fi -if ! $mail_only && [[ -e /p/profanity-here ]]; then - m $new_shell systemctl --now enable profanity || ret=$? - if (( ret )); then - err "failed final systemctl --now enable profanity, just fix and rerun" - exit $ret - fi -fi - m exit 0 -- 2.30.2