########### begin section including vps ################
pi ${p2[@]}
-
conflink
sudo rm -fv
# for ziva
#p install --no-install-recommends minetest/buster libleveldb1d/buster libncursesw6/buster libtinfo6/buster
doupdate=false
+ # shellcheck disable=SC2043 # in case we want more than 1 in the loop later.
for n in bullseye; do
f=/etc/apt/sources.list.d/$n.list
t=$(mktemp)
deb http://us.archive.ubuntu.com/ubuntu/ focal-security main universe
EOF
if ! diff -q $t $f; then
- sudo dd if=$t of=$f 2>/dev/null
+ sudo dd if=$t of=$f status=none
p update
fi
deb-src http://mirror.fsf.org/trisquel/ nabia-backports main
EOF
if ! diff -q $t $f; then
- sudo dd if=$t of=$f 2>/dev/null
+ sudo dd if=$t of=$f status=none
p update
fi
deb-src http://mirror.fsf.org/trisquel/ aramo-backports main
EOF
if ! diff -q $t $f; then
- sudo dd if=$t of=$f 2>/dev/null
+ sudo dd if=$t of=$f status=none
p update
fi
dnsb8
fi
- pi prometheus-node-exporter
- /a/bin/buildscripts/prom-node-exporter -l
+ s /c/roles/prom-export/files/simple/usr/local/bin/fsf-install-node-exporter -l
# ex for exporter
web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
#
# for wireguard hole vpn, use function:
# wghole
+ # eg:
+ # wghole bo 28
+ # if it is going to want to connect to transmission-daemon on ok
+ # wghole bo 28 10.173.0.2/32
# requested from linode via a support ticket.
# https://www.linode.com/docs/networking/an-overview-of-ipv6-on-linode/
end
;;
esac
+
+case $HOSTNAME in
+ bk)
+ pi icecast2
+ # todo, save the config
+ /etc/cron.daily/stream-cert
+ web-conf -c /etc/cert-live.fsf.org -p 443 -f 8000 apache2 live.fsf.org
+ ;;
+esac
+
###### end website setup
########### end section including li/lj ###############
# way to install suggests even if the main package is already
# installed. reinstall doesn't work, uninstalling can cause removing
# dependent packages.
+# shellcheck disable=SC2046 # word splitting is intended
pi ${pall[@]} $(apt-cache search ruby[.0-9]+-doc| awk '{print $1}') $($src/distro-pkgs)
# schroot service will restart schroot sessions after reboot.
######### begin transmission client setup ######
+# to connect from a remote client, trans-remote-route in brc2
+
+
if [[ -e /p/transmission-rpc-pass ]]; then
# arch had a default config,
# debian had nothing until you start it.
# general known for debian/ubuntu, not for fedora
m /a/bin/buildscripts/go
-m /a/bin/buildscripts/rust
+# only needed for rg. cargo takes up 11 gigs, filled up the disk on je.
+#m /a/bin/buildscripts/rust
m /a/bin/buildscripts/misc
m /a/bin/buildscripts/pithosfly
#m /a/bin/buildscripts/alacritty
# "equivs-control <name>, edit the file produced to provide the right
# dependency and have a nice name, then run equivs-build <name> and
# finally dpkg -i the resulting .deb file"
-
-mkct
-# edited from output of equivs-control tox
-cat >tox <<'EOF'
+# as of 2023-02, the tox dependency was removed in debian unstable, so
+# this hack will probably go away in t12.
+
+if pcheck beets; then
+ tmpdir="$(mktemp -d)"
+ cd "$tmpdir"
+ # edited from output of equivs-control tox
+ cat >tox <<'EOF'
Section: python
Priority: optional
Standards-Version: 3.9.2
Package: tox
Description: tox-dummy
EOF
-equivs-build tox
-sudo dpkg -i tox_1.0_all.deb
-rm -rf ./tox*
-pi beets python3-discogs-client
+ equivs-build tox
+ sudo dpkg -i tox_1.0_all.deb
+ rm -rf ./tox*
+ pi beets python3-discogs-client
+ cd
+ rm -r "$tmpdir"
+fi
+
+# get rid of annoying message
+s sed -ri "s/^([[:space:]]*ui.print_\('Playing)/#\1/" /usr/share/beets/beetsplug/play.py
# notes about barrier
if grep -xFq $HOSTNAME /a/bin/ds/machine_specific/btrbk.hosts; then
sgo btrbk.timer
fi
+if [[ $HOSTNAME == kd ]]; then
+ sgo btrbk-spread.timer
+fi
+
# note: to see when it was last run,
# ser list-timers
### begin prometheus ###
+
+
case $HOSTNAME in
kd)
# Font awesome is needed for the alertmanager ui.
- pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
- /a/bin/buildscripts/prometheus
+ pi prometheus-alertmanager prometheus fonts-font-awesome
+ /c/roles/prom/files/simple/usr/local/bin/fsf-install-prometheus
web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
<Location "/">
AuthType Basic
ser restart prometheus-alertmanager
fi
+ s /c/roles/prom-export/files/simple/usr/local/bin/fsf-install-node-exporter -l
+
for ser in prometheus-node-exporter prometheus-alertmanager prometheus; do
sysd-prom-fail-install $ser
done
;;
*)
- pi prometheus-node-exporter
+ s /c/roles/prom-export/files/simple/usr/local/bin/fsf-install-node-exporter
;;
esac
+# cleanup old files. 2023-02
+x=(/var/lib/prometheus/node-exporter/*.premerge)
+if [[ -e ${x[0]} ]]; then
+ s rm /var/lib/prometheus/node-exporter/*
+fi
+
+
case $HOSTNAME in
# todo, for limiting node exporter http,
# either use iptables or, in
### begin nagios ###
+pi nagios-nrpe-server
+
case $HOSTNAME in
kd)
- pi nagios4
+ # the backport is for this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800345
+ pi nagios4 nagios-nrpe-plugin monitoring-plugins-basic/bullseye-backports
s rm -fv /etc/apache2/conf-enabled/nagios4-cgi.conf
# to add a password for admin:
#
AuthDigestDomain "Nagios4"
AuthDigestProvider file
- AuthUserFile "/etc/nagios4/htdigest.users"
+ AuthUserFile "/etc/nagios4-htdigest.users"
AuthGroupFile "/etc/group"
AuthName "Nagios4"
AuthType Digest
# 6 define timeperiod
+
+
### end nagios ###
### begin bitcoin ###
case $HOSTNAME in
- sy)
- f=$dir/bitcoin.conf
- sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-23.0/bin/*
+ sy|kd)
+ sudo install -m 0755 -o root -g root -t /usr/bin /a/opt/bitcoin-24.0.1/bin/*
sgo bitcoind
+ # note: the bitcoin user & group are setup in fai
sudo usermod -a -G bitcoin iank
- sudo ln -s /q/wallets /var/lib/bitcoind
+ # todo: make bitcoin have a stable uid/gid
+ if [[ ! $(readlink -f /var/lib/bitcoind/wallets) == /q/wallets ]]; then
+ s lnf /q/wallets /var/lib/bitcoind
+ sudo chown -h bitcoin:bitcoin /var/lib/bitcoind/wallets
+ fi
# note, there exists
# /a/bin/ds/disabled/bitcoin
;;
### end bitcoin
+case $HOSTNAME in
+ kw|x3)
+ sd /etc/cups/client.conf <<'EOF'
+ServerName printserver0.office.fsf.org
+EOF
+ ;;
+esac
+
end_msg <<'EOF'
In mate settings settings, change scrolling to two-finger,