}
+mns() { # mount namespace
+ ns=$1
+ shift
+ s mkdir -p /root/mount_namespaces
+ if ! s mountpoint /root/mount_namespaces >/dev/null; then
+ m s mount --bind /root/mount_namespaces /root/mount_namespaces
+ fi
+ m s mount --make-private /root/mount_namespaces
+ if [[ ! -e /root/mount_namespaces/$ns ]]; then
+ s touch /root/mount_namespaces/$ns
+ fi
+ if ! s mountpoint /root/mount_namespaces/$ns >/dev/null; then
+ m unshare --propagation slave --mount=/root/mount_namespaces/$ns /bin/true
+ fi
+ m sudo -E /usr/bin/nsenter --mount=/root/mount_namespaces/$ns "$@"
+}
+
+mnsnonet() {
+ ns=$1
+ if ! s ip netns list | grep -Fx nonet &>/dev/null; then
+ s ip netns add nonet
+ fi
+ mns $ns --net=/var/run/netns/nonet sudo -E -u iank /bin/bash
+}
+
+
lom() {
local l base
if [[ $1 == /* ]]; then
fi
fi
m sudo mkdir -p /mnt/$base
- m sudo mount /dev/mapper/$base /mnt/$base
- m sudo chown $USER:$USER /mnt/$base
+ m mns mount /dev/mapper/$base /mnt/$base
+ m mns chown $USER:$USER /mnt/$base
else
base=$1
- if mountpoint /mnt/$base &>/dev/null; then
- m sudo umount /mnt/$base
+ if mns mountpoint /mnt/$base &>/dev/null; then
+ m mns umount /mnt/$base
fi
if sudo cryptsetup status /dev/mapper/$base &>/dev/null; then
if ! m sudo cryptsetup luksClose /dev/mapper/$base; then
prospective_mps=(/i)
;;
*)
- prospective_mps=(/a /q)
+ prospective_mps=()
if [[ $source ]]; then
source_state="$(ssh $source cat /a/bin/bash_unpublished/source-state)"
eval "$source_state"
fi
fi
fi
+ # note: put q last just in case its specific retention options were to
+ # affect other config sections. I havent tested if that is the case.
+ prospective_mps+=(/a /q)
;;
esac
fi
snapshot_preserve 18h 14d 8w 24m
snapshot_preserve_min 2h
snapshot_dir btrbk
-
# so, total backups = ~58
target_preserve 18h 14d 8w 24m
target_preserve_min 2h
volume $vol
subvolume $sub
EOF
+ case $sub in
+ q)
+ # q has sensitive data i dont want to backup for so long
+ cat >>/etc/btrbk.conf <<EOF
+snapshot_preserve 18h 14d
+snapshot_preserve_min 2h
+snapshot_dir btrbk
+target_preserve 18h 14d
+target_preserve_min 2h
+EOF
+ ;;
+ esac
for tg in ${targets[@]}; do
# handle ipv6
if [[ $tg == *:* ]]; then
Link or otherwise install configuration files.
-f For fast. Dont use lnf, use ln -sf. Good for updating existing files.
+-v Verbose show all the files getting linked and whatnot.
EOF
exit $1
}
m() {
- echo "$*"
"$@"
}
s() { sudo "$@"; }
+v() {
+ echo "$*"
+ "$@"
+}
lnf() { /a/exe/lnf "$@"; }
+
+
+##### begin command line parsing ########
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
fast=false
-if [[ $1 == -f ]]; then # f for fast
- fast=true
+verbose=false
+temp=$(getopt -l help hvf "$@") || usage 1
+eval set -- "$temp"
+while true; do
+ case $1 in
+ -v) verbose=true ;;
+ -f) fast=true ;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
+ esac
shift
-elif
- [[ $1 ]]; then
- echo "error: unrecognized arguments" >&2
- exit 0
-fi
+done
+readonly fast verbose
+
+##### end command line parsing ########
+
if $fast; then
lnf() { ln -sf "$@"; }
fi
+if $verbose; then
+ m() {
+ echo "$*"
+ "$@"
+ }
+fi
+
shopt -s nullglob
shopt -s extglob
shopt -s dotglob
case $HOSTNAME in
kd)
if systemctl is-active prometheus &>/dev/null; then
- m s systemctl reload prometheus
+ v s systemctl reload prometheus
fi
;;
esac
m lnf ${x[@]} ~
done
if $reload_systemd; then
- m s systemctl daemon-reload
+ v s systemctl daemon-reload
fi
for service in ${restart_services[@]}; do
if systemctl is-active $service >/dev/null; then
- m s systemctl restart $service
+ v s systemctl restart $service
fi
done
}
for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do
f=/etc/systemd/system/$t.timer
if [[ -e $f ]]; then
- s systemctl stop $t.timer
- s systemctl disable $t.timer
+ v systemctl stop $t.timer
+ v systemctl disable $t.timer
s rm -fv $f
reload_systemd=true
fi
if [[ -e /etc/cron.daily/check-lets-encrypt-ssl-settings ]]; then
m s rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings
fi
-
+ # conversion from whole folder subdir to individual files.
+ if [[ -L /home/iank/.config/copyq ]]; then
+ rm -fv /home/iank/.config/copyq
+ fi
/a/bin/ds/install-my-scripts
files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
# cabal update
# cabal install --upgrade-dependencies --force-reinstalls arbtt
# also, i assume syncing this between machines somehow messed up the data.
-if mountpoint /p &>/dev/null; then
- case $codename in
- etiona|nabia)
- pi arbtt
- # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
- # Failed to connect to bus: No such file or directory
- lnf -T /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
- # allow failure
- seru start arbtt ||:
- ;;
- esac
-fi
+
+## not using arbtt for now
+# if mountpoint /p &>/dev/null; then
+# case $codename in
+# etiona|nabia)
+# pi arbtt
+# # same as seru enable arbtt, but works over ssh when systemctl --user causes error:
+# # Failed to connect to bus: No such file or directory
+# lnf -T /a/bin/ds/subdir_files/.config/systemd/user/arbtt.service /home/iank/.config/systemd/user/default.target.wants/arbtt.service
+# # allow failure
+# seru start arbtt ||:
+# ;;
+# esac
+# fi
+rm -fv /home/iank/.config/systemd/user/default.target.wants/arbtt.service
m primary-setup
annotations:
summary: 'jr -u mailtest-check -e'
+ - alert: mailtest_check_missing_dnswl
+ expr: |-
+ mailtest_check_missing_dnswl >= 1
+ for: 30m
+ labels:
+ severity: day
+ annotations:
+ summary: 'jr -u mailtest-check -e'
# We expect to be getting metrics, if we come up and notice we have
# any missing in the past, and it wasn't from a reboot, and we haven't
x="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd ${x%/*} # directory of this file
+m() {
+ "$@"
+}
+
+# be a bit more verbose if we are connected to a terminal
+if test -t 0; then
+ #echo debug: in terminal
+ m() {
+ echo "$*"
+ "$@"
+ }
+fi
# scripts that would interfere with unmounting /a, put them elsewhere.
# note: previously used the install command, but it had this habit of
# changed, so that should fix it.
/a/bin/log-quiet/setup
rsync -t --chmod=755 --chown=root:root switch-mail-host btrbk-run mount-latest-subvol \
- check-subvol-stale myi3status mailtest-check \
+ check-subvol-stale myi3status \
mailbindwatchdog \
check-mailq \
unsaved-buffers.el \
epanic-clean
system-status
btrfsmaint
+ mailtest-check
dynamic-ip-update /usr/local/bin
)
if [[ $(systemctl is-active $1.service ||:) != inactive ]]; then
# just fire and forget. sometimes a script restart can fail, but then
# then auto restart mechanism makes it succeed.
- systemctl restart $service ||: &
+ m systemctl restart $service ||: &
fi
}
while read -r line; do
file="${line:12}"
+ #echo debug: file: $file
case $file in
btrfsmaint)
- sre btrfsmaintstop &
+ sre btrfsmaintstop
+ ;;
+ mailtest-check)
+ # we stopped removing the dashes in services recently.
+ sre $file
;;
*)
- sre ${file//-/} &
+ sre ${file//-/}
;;
esac
done < <("${cmd[@]}")
fi
tmpfile=$(mktemp)
declare -i unexpected=0
+ declare -i missing_dnswl=0
for folder in ${folders[@]}; do
for from in ${froms[@]}; do
latest=
echo # ends our printf string buildup
cat $resultfile
echo mailtest-check: end of spam debug results
-
# lets just handle 1 failure at a time in interactive mode.
if $int; then
echo mailtest-check: from: $from, to: $to
#fi
fi
rm -f $resultfile
- unexpected=$(( unexpected + ${#results[@]} + ${#missing[@]} ))
+ unexpected=$(( unexpected + ${#results[@]} ))
+ for miss in ${missing[@]}; do
+ # We expect dns reputation services to go down from time to time, so
+ # we count them separately and alert differently.
+ case $miss in
+ RCVD_IN_DNSWL_MED|DKIMWL_WL_HIGH)
+ missing_dnswl+=1
+ ;;
+ *)
+ unexpected+=1
+ ;;
+ esac
+ done
fi # if spamdpid
fi # if $slow
done # end for folder in ${folders[@]}
if $slow; then
pr <<EOF
+mailtest_check_missing_dnswl $missing_dnswl
mailtest_check_unexpected_spamd_results $unexpected
EOF
fi
continue
fi
- if [[ $vol == q ]]; then
- # allow to fail, user might not be logged in
- x sudo -u $(id -nu 1000) XDG_RUNTIME_DIR=/run/user/1000 systemctl --user stop arbtt ||:
- fi
+ ## not using arbtt at the moment
+ # if [[ $vol == q ]]; then
+ # ## allow to fail, user might not be logged in
+ # x sudo -u $(id -nu 1000) XDG_RUNTIME_DIR=/run/user/1000 systemctl --user stop arbtt ||:
+ # fi
umount_ret=true
unmounted=()
for dir in $(echo $d ${binds[*]}\ |tac -s\ ); do
for dir in $d ${binds[@]}; do
m mnt $dir
done
- if [[ $vol == q ]]; then
- # maybe this will fail if X is not running
- x sudo -u $(id -nu 1000) XDG_RUNTIME_DIR=/run/user/1000 systemctl --user start arbtt ||:
- fi
+
+ ## arbtt disabled for now
+ # if [[ $vol == q ]]; then
+ # # maybe this will fail if X is not running
+ # x sudo -u $(id -nu 1000) XDG_RUNTIME_DIR=/run/user/1000 systemctl --user start arbtt ||:
+ # fi
+
stale_dir=/nocow/btrfs-stale
rm -f $stale_dir/$d
done
offlineimap
oathtool
opendkim-tools
- p7zip
+ p7zip-full
paprefs
parted-doc
pass
iankelling.org / git / distro-setup / commitdiff