iankelling.org / git / distro-setup / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 97c0e05)
fix proxy nonroot, add vpn, backup services
authorIan Kelling <ian@iankelling.org>
Thu, 5 Jan 2017 16:32:37 +0000 (08:32 -0800)
committerIan Kelling <ian@iankelling.org>
Thu, 5 Jan 2017 16:32:37 +0000 (08:32 -0800)
filesystem/etc/apt/detect-http-proxy patch | blob | history
filesystem/etc/systemd/system/iptables.service [new file with mode: 0644] patch | blob
filesystem/etc/systemd/system/openvpn-client-nn@.service [new file with mode: 0644] patch | blob
filesystem/etc/systemd/system/transmission-daemon-nn.service [new file with mode: 0644] patch | blob
machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service [new file with mode: 0644] patch | blob
machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.timer [new file with mode: 0644] patch | blob

diff --git a/filesystem/etc/apt/detect-http-proxy b/filesystem/etc/apt/detect-http-proxy
index b5d502dbf4c844c1309968304da8e39802ed2b95..b8ec1d94ea39b01708b241e80ffb8078cdc08275 100755 (executable)
--- a/filesystem/etc/apt/detect-http-proxy
+++ b/filesystem/etc/apt/detect-http-proxy
@@ -16,11 +16,15 @@ if [[ -r $f ]]; then
         echo DIRECT
         exit 0
     else
-        rm $f
+        if [[ -w $f ]]; then
+            rm $f
+        fi
     fi
 fi
 if getent hosts $proxy_host && nc -z $proxy_host $proxy_port; then
     echo $proxy_url
 else
-    touch $f
+    if [[ ! -e $f || -w $f ]]; then
+        touch $f
+    fi
 fi
diff --git a/filesystem/etc/systemd/system/iptables.service b/filesystem/etc/systemd/system/iptables.service
new file mode 100644 (file)
index 0000000..403e076
--- /dev/null
+++ b/filesystem/etc/systemd/system/iptables.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Packet Filtering Framework
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /a/bin/transmission-firewall/default.rules
+ExecStop=/sbin/iptables-restore /a/bin/transmission-firewall/empty.rules
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filesystem/etc/systemd/system/openvpn-client-nn@.service b/filesystem/etc/systemd/system/openvpn-client-nn@.service
new file mode 100644 (file)
index 0000000..2f3b013
--- /dev/null
+++ b/filesystem/etc/systemd/system/openvpn-client-nn@.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=OpenVPN tunnel for %I
+After=syslog.target network-online.target
+Wants=network-online.target
+Documentation=man:openvpn(8)
+Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+Requires=iptables.service
+
+[Service]
+Type=notify
+RuntimeDirectory=openvpn-client
+RuntimeDirectoryMode=0710
+WorkingDirectory=/etc/openvpn/client
+ExecStart=/usr/bin/nsenter --mount=/root/mount_namespaces/%i /usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/%i.conf
+# until we get the next systemd version (233), which can do bind mounts
+# inside a mnt namespace via systemd, we have to setup our own, which requires
+# full priveledges.
+#CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+LimitNPROC=10
+# DeviceAllow=/dev/null rw
+# DeviceAllow=/dev/net/tun rw
+
+# ian: added just these  lines from upstream
+ExecStartPre=+/a/bin/nnnat/systemd-nnnat start %i
+ExecStartPre=+/sbin/iptables-restore /a/bin/transmission-firewall/netns.rules
+ExecStopPost=+/a/bin/nnnat/systemd-nnnat stop %i
+PrivateNetwork=true
+
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filesystem/etc/systemd/system/transmission-daemon-nn.service b/filesystem/etc/systemd/system/transmission-daemon-nn.service
new file mode 100644 (file)
index 0000000..ba3fc48
--- /dev/null
+++ b/filesystem/etc/systemd/system/transmission-daemon-nn.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Transmission BitTorrent Daemon netns
+After=network.target
+Requires=openvpn-client-nn@client.service
+After=openvpn-client-nn@client.service
+JoinsNamespaceOf=openvpn-client-nn@client.service
+
+[Service]
+#User=debian-transmission
+# notify type doesn't work with sudo
+#Type=notify
+ExecStart=/usr/bin/nsenter --mount=/root/mount_namespaces/client sudo -u debian-transmission /usr/bin/transmission-daemon -f --log-error
+ExecReload=/bin/kill -s HUP $MAINPID
+PrivateNetwork=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service b/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service
new file mode 100644 (file)
index 0000000..da692bb
--- /dev/null
+++ b/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Btrbk backup
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/a/exe/btrbk-run
diff --git a/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.timer b/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.timer
new file mode 100644 (file)
index 0000000..27113f6
--- /dev/null
+++ b/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Run btrbk-run once every 20 mins
+
+[Timer]
+OnCalendar=*:0/20
+
+[Install]
+WantedBy=timers.target
~16k lines of my .bashrc + lots of my configs