X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=distro-end;fp=distro-end;h=19cdaba738bda94a9c6b02808c0d25b80094057c;hp=e9b797ae28a78851549c70ab681f4c6432a5fb20;hb=c536de80536e71af6e69eb1a57575ca1a41101c6;hpb=9de134ab81ba8b62daaf276e02f06d5499d0aa3c diff --git a/distro-end b/distro-end index e9b797a..19cdaba 100755 --- a/distro-end +++ b/distro-end @@ -1906,10 +1906,11 @@ case $HOSTNAME in # listen on the wireguard interface *) - wgip=$(command sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf) - # old filename. remove once all hosts are updated. - s rm -fv /etc/apache2/sites-enabled/${HOSTNAME}wg.b8.nz.conf - web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF' + if [[ -e /etc/wireguard/wghole.conf ]]; then + wgip=$(command sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf) + # old filename. remove once all hosts are updated. + s rm -fv /etc/apache2/sites-enabled/${HOSTNAME}wg.b8.nz.conf + web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF' AuthType Basic AuthName "basic_auth" @@ -1919,14 +1920,14 @@ AuthUserFile "/etc/prometheus-export-htpasswd" Require valid-user EOF - # For work, i think we will just use the firewall for hosts in the main data center, and - # vpn for hosts outside it. + # For work, i think we will just use the firewall for hosts in the main data center, and + # vpn for hosts outside it. - # TODO: figure out how to detect the ping failure and try again. + # TODO: figure out how to detect the ping failure and try again. - # Binding to the wg interface, it might go down, so always restart, and wait for it on boot. - s mkdir /etc/systemd/system/apache2.service.d - sd /etc/systemd/system/apache2.service.d/restart.conf < - Options FollowSymLinks - DirectoryIndex index.php index.html - AllowOverride AuthConfig - # - # The default Debian nagios4 install sets use_authentication=0 in - # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication. - # This is insecure. As a compromise this default apache2 configuration - # only allows private IP addresses access. - # - # The ... below shows how you can secure the nagios4 - # web site so anybody can view it, but only authenticated users can issue - # commands (such as silence notifications). To do that replace the - # "Require all granted" with "Require valid-user", and use htdigest - # program from the apache2-utils package to add users to - # /etc/nagios4/htdigest.users. - # - # A step up is to insist all users validate themselves by moving - # the stanza's in the .. into the . - # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you - # can configure which people get to see a particular service from - # within the nagios configuration. - # - AuthDigestDomain "Nagios4" - AuthDigestProvider file - AuthUserFile "/etc/nagios4-htdigest.users" - AuthGroupFile "/etc/group" - AuthName "Nagios4" - AuthType Digest - Require valid-user - - - - Options +ExecCGI - -EOF - ;; -esac - -# when you alter a service through the web, it changes vars in /var/lib/nagios4/status.dat. for example: -# notifications_enabled=1 -# note, the same variable exists in the correspdonding "define service {" - -# in the default config, we have these definitions - -# 11 define command { -# 2 define contact { -# 1 define contactgroup { -# 9 define host { -# 4 define hostgroup { -# 23 define service { -# 5 define timeperiod { - - -# on klaxon - -# klaxon:/etc/nagios3 # grep -rho '^ *define [^{ ]*' | sort | uniq -c -# 76 define command -# 11 define contact -# 6 define contactgroup -# 162 define host -# 1 define hostextinfo -# 16 define hostgroup -# 3040 define service -# 2 define servicedependency -# 6 define timeperiod - - - - -### end nagios ### - ### begin bitcoin ### case $HOSTNAME in