From f46ee5570766081a5a73ce0d2132c8a06ee966fb Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sun, 13 Nov 2022 12:00:21 -0500 Subject: [PATCH] fixes --- btrfsmaint | 218 +----------------- distro-end | 2 +- .../etc/systemd/system/btrfsmaint.service | 2 +- .../etc/systemd/system/btrfsmaint.timer | 5 +- mail-setup | 85 +++---- 5 files changed, 43 insertions(+), 269 deletions(-) mode change 100755 => 120000 btrfsmaint diff --git a/btrfsmaint b/btrfsmaint deleted file mode 100755 index d226325..0000000 --- a/btrfsmaint +++ /dev/null @@ -1,217 +0,0 @@ -#!/bin/bash - - -[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" - -source /a/bin/errhandle/err - -# inspired from -# https://github.com/kdave/btrfsmaintenance - - -# Man page says we could also use a range, i suppose it would be -# logical to use a pattern like 5..10 10..20, -# but I don't know if this would help us at all. -dusage="5 10" -musage="5" - -e() { - echo "cron: $*" - if ! $dryrun; then - "$@" - fi -} - -check-idle() { - type -p xprintidle &>/dev/null || return 0 - export DISPLAY=:0 - # a hours, a movie could run that long. - idle_limit=$((1000 * 60 * 60 * 2)) - idle_time=$idle_limit - while read -r user; do - new_idle_time=$(sudo -u $user xprintidle 2>/dev/null) ||: - if [[ $new_idle_time && $new_idle_time -lt $idle_time ]]; then - idle_time=$new_idle_time - fi - done < <(users | tr " " "\n" | sort -u) - if (( idle_time < idle_limit )); then - idle=false - else - idle=true - fi -} - -usage() { - cat <&2 - usage 1 - ;; - esac -fi - - -main() { - idle=true - if ! $force; then - check-idle - if ! $check; then - min=0 - max_min=300 - # When the cron kicks in, we may not be idle (physically sleeping) yet, so - # wait. - while ! $idle && (( min < max_min )); do - min=$(( min + 1 )) - sleep 60 - check-idle - done - # If we've waited a really long time for idle, just give up. - if (( min == max_min )); then - return - fi - fi - fi - - - fnd="findmnt --types btrfs --noheading" - for x in $($fnd --output "SOURCE" --nofsroot | sort -u); do - mnt=$($fnd --output "TARGET" --first-only --source $x) - [[ $mnt ]] || continue - - #### begin look for diff in stats, eg: increasing error count #### - - # Only run for $check, since it runs in parallel to non-check, avoid - # race condition. - if $check; then - tmp=$(mktemp) - # if mnt is /, avoid making a buggy looking path - stats_path=${mnt%/}/btrfs-dev-stats - if [[ ! -e $stats_path ]]; then - btrfs dev stats -c $mnt >$stats_path ||: # populate initial reading - elif ! btrfs dev stats -c $mnt >$tmp; then - if ! diff -q $stats_path $tmp; then - exim -t <$stats_path - fi - fi - rm -f $tmp - fi - #### end look for diff in stats, eg: increasing error count #### - - if $check; then - if ! $idle; then - if $dryrun; then - echo "$0: not idle. if this wasnt a dry run, btrfs scrub cancel $mnt" - else - btrfs scrub cancel $mnt &>/dev/null ||: - fi - fi - continue - fi - - # for comparing before and after balance. - # the log is already fairly verbose, so commented. - # e btrfs filesystem df $mnt - # e df -H $mnt - if btrfs filesystem df $mnt | grep -q "Data+Metadata"; then - for usage in $dusage; do - e ionice -c 3 btrfs balance start -dusage=$usage -musage=$usage $mnt - done - else - e ionice -c 3 btrfs balance start -dusage=0 $mnt - for usage in $dusage; do - e ionice -c 3 btrfs balance start -dusage=$usage $mnt - done - e ionice -c 3 btrfs balance start -musage=0 $mnt - for usage in $musage; do - e ionice -c 3 btrfs balance start -musage=$usage $mnt - done - fi - date= - scrub_status=$(btrfs scrub status $mnt) - if printf "%s\n" "$scrub_status" | grep -i '^status:[[:space:]]*finished$' &>/dev/null; then - date=$(printf "%s\n" "$scrub_status" | sed -rn 's/^Scrub started:[[:space:]]*(.*)/\1/p') - fi - if [[ ! $date ]]; then - # output from older versions, at least btrfs v4.15.1 - date=$( - printf "%s\n" "$scrub_status" | \ - sed -rn 's/^\s*scrub started at (.*) and finished.*/\1/p' - ) - fi - if ! $force && [[ $date ]]; then - if $dryrun; then - echo "$0: last scrub finish for $mnt: $date" - fi - date=$(date --date="$date" +%s) - # if date is sooner than 60 days ago - # the wiki recommends 30 days or so, but - # I'm going with 60 days. - if (( date > EPOCHSECONDS - 60*60*24*60 )); then - if $dryrun; then - echo "$0: skiping scrub of $mnt, last was $(( (EPOCHSECONDS - date) / 60/60/24 )) days ago, < 30 days" - fi - continue - fi - fi - # btrfsmaintenance does -c 2 -n 4, but I want lowest pri. - e btrfs scrub start -Bd -c 3 $mnt - - # We normally only do one disk since this is meant to be run while I sleep - # and if we try to do all disks, we invariably end up doing a scrub still - # after I've woken up. So, just do one per day. - if ! $force; then - return 0 - fi - done -} - -loop-main() { - while true; do - main - sleep 60 - done -} - -if $check; then - loop-main -else - main -fi diff --git a/btrfsmaint b/btrfsmaint new file mode 120000 index 0000000..4de4b76 --- /dev/null +++ b/btrfsmaint @@ -0,0 +1 @@ +/a/f/ans/roles/btrfs/files/btrfsmaint \ No newline at end of file diff --git a/distro-end b/distro-end index ce51793..61fec8a 100755 --- a/distro-end +++ b/distro-end @@ -2048,7 +2048,7 @@ esac ### begin nagios ### pi nagios4 -s rm /etc/apache2/conf-enabled/nagios4-cgi.conf +s rm -fv /etc/apache2/conf-enabled/nagios4-cgi.conf # to add a password for admin: # htdigest /etc/nagios4/htdigest.users Nagios4 iank diff --git a/filesystem/etc/systemd/system/btrfsmaint.service b/filesystem/etc/systemd/system/btrfsmaint.service index e2937a7..04f8f25 100644 --- a/filesystem/etc/systemd/system/btrfsmaint.service +++ b/filesystem/etc/systemd/system/btrfsmaint.service @@ -4,6 +4,6 @@ After=multi-user.target [Service] Type=simple -ExecStart=/usr/local/bin/sysd-mail-once -1 btrfsmaint /usr/local/bin/btrfsmaint +ExecStart=/usr/local/bin/btrfsmaint --no-stats IOSchedulingClass=idle CPUSchedulingPolicy=idle diff --git a/filesystem/etc/systemd/system/btrfsmaint.timer b/filesystem/etc/systemd/system/btrfsmaint.timer index 355cda4..a60d347 100644 --- a/filesystem/etc/systemd/system/btrfsmaint.timer +++ b/filesystem/etc/systemd/system/btrfsmaint.timer @@ -7,9 +7,10 @@ Description=btrfsmaint # or # readlink /etc/localtime | sed -r 's,^.*/([^/]+/[^/]+)$,\1,' -# previously, was running weekly. -#OnCalendar=Thu *-*-* 02:00:00 America/New_York +# run daily OnCalendar=*-*-* 02:00:00 America/New_York +# previously, was running weekly: +#OnCalendar=Thu *-*-* 02:00:00 America/New_York [Install] WantedBy=timers.target diff --git a/mail-setup b/mail-setup index 8283d7c..22d1e3d 100755 --- a/mail-setup +++ b/mail-setup @@ -918,7 +918,7 @@ fi # and see someone is banned. sed 's/^ *before *= *iptables-common.conf/before = iptables-common-exim.conf/' \ - /etc/fail2ban/action.d/iptables-multiport.conf| i /etc/fail2ban/action.d/iptables-exim.conf + /etc/fail2ban/action.d/iptables-multiport.conf| u /etc/fail2ban/action.d/iptables-exim.conf u /etc/fail2ban/action.d/iptables-common-exim.conf <<'EOF' # iank: same as iptables-common, except iptables is iptables-exim, ip6tables is ip6tables-exim @@ -1136,26 +1136,26 @@ rm -fv /etc/exim4/conf.d/retry/37_retry cat >/etc/exim4/conf.d/retry/17_retry <<'EOF' # Retry fast for my own domains -iankelling.org * F,1d,4m;F,14d,1h -amnimal.ninja * F,1d,4m;F,14d,1h -expertpathologyreview.com * F,1d,4m;F,14d,1h -je.b8.nz * F,1d,4m;F,14d,1h -zroe.org * F,1d,4m;F,14d,1h -eximbackup.b8.nz * F,1d,4m;F,14d,1h +iankelling.org * F,1d,1m;F,14d,1h +amnimal.ninja * F,1d,1m;F,14d,1h +expertpathologyreview.com * F,1d,1m;F,14d,1h +je.b8.nz * F,1d,1m;F,14d,1h +zroe.org * F,1d,1m;F,14d,1h +eximbackup.b8.nz * F,1d,1m;F,14d,1h # The spec says the target domain will be used for temporary host errors, # but i've found that isn't correct, the hostname is required # at least sometimes. -nn.b8.nz * F,1d,4m;F,14d,1h -defaultnn.b8.nz * F,1d,4m;F,14d,1h -mx.iankelling.org * F,1d,4m;F,14d,1h -bk.b8.nz * F,1d,4m;F,14d,1h -eggs.gnu.org * F,1d,4m;F,14d,1h -fencepost.gnu.org * F,1d,4m;F,14d,1h +nn.b8.nz * F,1d,1m;F,14d,1h +defaultnn.b8.nz * F,1d,1m;F,14d,1h +mx.iankelling.org * F,1d,1m;F,14d,1h +bk.b8.nz * F,1d,1m;F,14d,1h +eggs.gnu.org * F,1d,1m;F,14d,1h +fencepost.gnu.org * F,1d,1m;F,14d,1h # afaik our retry doesnt need this, but just using everything -mx.amnimal.ninja * F,1d,4m;F,14d,1h -mx.expertpathologyreview.com * F,1d,4m;F,14d,1h +mx.amnimal.ninja * F,1d,1m;F,14d,1h +mx.expertpathologyreview.com * F,1d,1m;F,14d,1h mail.fsf.org * F,1d,15m;F,14d,1h @@ -1177,27 +1177,16 @@ cd /etc/exim4 for f in *-private.pem; do echo ${f%-private.pem} done -} | i /etc/exim4/conf.d/my-dkim-domains - -if grep -Fq REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS \ - /etc/exim4/conf.d/transport/10_exim4-config_transport-macros; then - cat >/etc/exim4/conf.d/transport/11_iank <<'EOF' -# This unsets the default macro defined in on t11 in -# /etc/exim4/conf.d/transport/10_exim4-config_transport-macros -# It seems like a very odd choice that this has become -# the default in t11. Normal smarthost clients use username/password -# auth. Oh well. -REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS == -EOF -else - rm -f /etc/exim4/conf.d/transport/11_iank -fi +} | u /etc/exim4/conf.d/my-dkim-domains + +rm -f /etc/exim4/conf.d/transport/11_iank cat >/etc/exim4/conf.d/main/000_local <<'EOF' MAIN_TLS_ENABLE = true # require tls connections for all smarthosts -REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = * +REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = ! nn.b8.nz +REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS = nn.b8.nz # debian exim config added this in 2016 or so? # it's part of the smtp spec, to limit lines to 998 chars @@ -1210,7 +1199,7 @@ REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = * IGNORE_SMTP_LINE_LENGTH_LIMIT = true # more verbose logs. used to use +all, but made it less for more efficiency. -MAIN_LOG_SELECTOR = -tls_cipher -tls_certificate_verified +pid +received_recipients +received_sender +sender_on_delivery +return_path_on_delivery +msg_id_created +subject +address_rewrite +smtp_confirmation +MAIN_LOG_SELECTOR = -skip_delivery -tls_cipher -tls_certificate_verified +all_parents +address_rewrite +arguments +deliver_time +pid +queue_time +queue_time_overall +received_recipients +received_sender +return_path_on_delivery +sender_on_delivery +smtp_confirmation +subject # Based on spec, seems like a good idea to be nice. smtp_return_error_details = true @@ -1710,7 +1699,6 @@ EOF cat >/etc/exim4/update-exim4.conf.conf <<'EOF' # default stuff, i havent checked if its needed dc_minimaldns='false' -dc_relay_nets='' CFILEMODE='644' dc_use_split_config='true' dc_mailname_in_oh='true' @@ -2805,7 +2793,7 @@ EOF mmm_mail4root ) for f in ${files[@]}; do - echo "# iank: removed due to running nonroot"|i /etc/exim4/conf.d/router/$f + echo "# iank: removed due to running nonroot"|u /etc/exim4/conf.d/router/$f done ;; esac @@ -2815,7 +2803,7 @@ case $HOSTNAME in # ** $MAIL_HOST|bk|je) $MAIL_HOST|bk|je) - echo|i /etc/exim4/conf.d/router/165_backup_local + echo|u /etc/exim4/conf.d/router/165_backup_local cat >>/etc/exim4/update-exim4.conf.conf <>/etc/exim4/conf.d/main/000_local <>/etc/exim4/update-exim4.conf.conf <