# EOF
if [[ -e /etc/wireguard/wghole.conf ]]; then
+ reload=false
+ if [[ ! -e /etc/systemd/system/wg-quick@wghole.service.d/override.conf ]]; then
+ reload=true
+ fi
+ sudo mkdir -p /etc/systemd/system/wg-quick@wghole.service.d
+ sd /etc/systemd/system/wg-quick@wghole.service.d/override.conf <<'EOF'
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+Restart=on-failure
+RestartSec=20
+EOF
+ if $reload; then ser daemon-reload; fi
sgo wg-quick@wghole
fi
sd /etc/openvpn/client-config-hole/onep9 <<'EOF'
ifconfig-push 10.5.5.14 255.255.255.0
+EOF
+ sd /etc/openvpn/client-config-hole/bo <<'EOF'
+ifconfig-push 10.5.5.13 255.255.255.0
EOF
sd /etc/openvpn/client-config-hole/sy <<'EOF'
ifconfig-push 10.5.5.12 255.255.255.0
### system76 things ###
case $HOSTNAME in
- sy)
+ sy|bo)
# note, i stored the initial popos packages at /a/bin/data/popos-pkgs
if [[ ! -e /etc/apt/sources.list.d/system76.list ]]; then
# https://blog.zackad.dev/en/2017/08/17/add-ppa-simple-way.html
# Pin: release o=LP-PPA-system76-dev-stable
# Pin-Priority: 1001
# EOF
- pi system76-driver system76-firmware-cli
+ pi system76-driver system76-firmware
# if you get a notice about a firmware update, the notifier on i3
# is too dumb to do anything when you click it. so to see
# a changelog, cd to
esac
# user for short term use dropping of privileges
-s groupadd -g 1023 zu
-s useradd -g 1023 -u 1023 -c zu -s /bin/bash zu
+if ! getent group zu &>/dev/null; then
+ s groupadd -g 1023 zu
+fi
+if ! getent passwd zu &>/dev/null; then
+ s useradd -g 1023 -u 1023 -c zu -s /bin/bash zu
+fi
# these things persist in ~/.config/syncthing, which I save in
Description=schrootupdate
[Timer]
-OnCalendar=*-*-* 04:20:00
+OnCalendar=*-*-* 04:20:00 America/New_York
[Install]
WantedBy=timers.target
;;
esac
+### begin prometheus ###
+
+case $HOSTNAME in
+ kd)
+ # ive got these + a needed dependency pinned to bullseye, just to get
+ # versions more in line with the main docs.
+ pi prometheus-alertmanager prometheus prometheus-node-exporter
+ web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+ ;;
+ *)
+ pi prometheus-node-exporter
+ ;;
+esac
+
+case $HOSTNAME in
+ # frodo needs upgrade first.
+ frodo) : ;;
+ # todo, for limiting node exporter http,
+ # either use iptables or, in
+ # /etc/default/prometheus-node-exporter
+ # listen on the wireguard interface
+ ;;
+ li|je|bk)
+ # ex for exporter
+ web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-export-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-export-htpasswd"
+Require valid-user
+</Location>
+EOF
+ ;;
+ *)
+ wgip=$(sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf)
+ web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-export-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-export-htpasswd"
+Require valid-user
+</Location>
+EOF
+ ;;
+esac
+
+### end prometheus ###
+
+
end_msg <<'EOF'
In mate settings settings, change scrolling to two-finger,
because the default edge scroll doesn\'t work. Originally found this in debian.
iankelling.org / git / distro-setup / blobdiff