sk() {
- # note, if you do something like this
- # x=( prefix* )
- # then disable the warning with:
- # shellcheck disable=SC2206 # globbing is intended
+ # disable a warning with:
+ # shellcheck disable=SC2206 # reasoning
- # 2029: "unescaped, this expands on the client side.": yes, I know how ssh works
- # 2164: "Use 'cd ... || exit' or 'cd ... || return' in case cd fails.": i have automatic error handling
- # 2086: unquoted $var: Quoting every var I set is way too much quotes.
- # 2068: Double quote array expansions to avoid re-splitting elements: same as above.
- # 2033: command arg is a function name: too many false positives.
+ # see bash-template/style-guide.md for justifications
-
- # these ones I had disabled, but without a good written explanation, so enabling them temporarily
- # 2046: unquoted $(cmd)
- # 2119: Functions with optional args get bad warnings when none are passed.
-
- shellcheck -W 999 -x -e 2029,2164,2086,2068,2033 "$@" || return $?
+ local quotes others
+ quotes=2048,2068,2086,2206
+ others=2029,2033,2164
+ shellcheck -W 999 -x -e $quotes,$others "$@" || return $?
}
fi
}
-
usage() {
cat <<EOF
Usage: ${0##*/} [ARGS]
Do btrfs maintence or stop if xprintidle shows a user
-force Run regardless of user idle status
+force Run regardless of user idle status on all disks.
check Only check if an existing maintence should be cancelled due to
nonidle user. Also, runs in a loop every 20 seconds for 10
minutes.
idle=true
if ! $force; then
check-idle
+ if ! $check; then
+ min=0
+ max_min=300
+ # When the cron kicks in, we may not be idle (physically sleeping) yet, so
+ # wait.
+ while ! $idle && (( min < max_min )); do
+ min=$(( min + 1 ))
+ sleep 60
+ check-idle
+ done
+ # If we've waited a really long time for idle, just give up.
+ if (( min == max_min )); then
+ return
+ fi
+ fi
fi
- tmp=$(mktemp)
+ tmp=$(mktemp)
fnd="findmnt --types btrfs --noheading"
for x in $($fnd --output "SOURCE" --nofsroot | sort -u); do
mnt=$($fnd --output "TARGET" --first-only --source $x)
[[ $mnt ]] || continue
- if ! btrfs dev stats -c $mnt >$tmp; then
- if diff -q $mnt/btrfs-dev-stats $tmp; then
- diff -u $mnt/btrfs-dev-stats $tmp | mail -s "$HOSTNAME: error: btrfs dev stats -c $mnt" root@localhost
- cat $tmp >$mnt/btrfs-dev-stats
- fi
- fi
- rm -f $tmp
+ #### begin look for diff in stats, eg: increasing error count ####
- if ! $idle; then
- if $dryrun; then
- echo "$0: not idle. if this wasnt a dry run, btrfs scrub cancel $mnt"
- else
- btrfs scrub cancel $mnt &>/dev/null ||:
- continue
+ # Only run for $check, since it runs in parallel to non-check, avoid
+ # race condition.
+ if $check; then
+ if ! btrfs dev stats -c $mnt >$tmp; then
+ if diff -q $mnt/btrfs-dev-stats $tmp; then
+ diff -u $mnt/btrfs-dev-stats $tmp | mail -s "$HOSTNAME: error: btrfs dev stats -c $mnt" root@localhost
+ cat $tmp >$mnt/btrfs-dev-stats
+ fi
fi
+ rm -f $tmp
fi
+ #### end look for diff in stats, eg: increasing error count ####
+
if $check; then
+ if ! $idle; then
+ if $dryrun; then
+ echo "$0: not idle. if this wasnt a dry run, btrfs scrub cancel $mnt"
+ else
+ btrfs scrub cancel $mnt &>/dev/null ||:
+ fi
+ fi
continue
fi
echo "$0: last scrub finish for $mnt: $date"
fi
date=$(date --date="$date" +%s)
- # if date is sooner than 90 days ago
+ # if date is sooner than 60 days ago
# the wiki recommends 30 days or so, but
- # it makes the comp lag like shit for a day,
- # so I'm going with 90 days.
- if (( date > EPOCHSECONDS - 60*60*24*30 )); then
+ # I'm going with 60 days.
+ if (( date > EPOCHSECONDS - 60*60*24*60 )); then
if $dryrun; then
echo "$0: skiping scrub of $mnt, last was $(( (EPOCHSECONDS - date) / 60/60/24 )) days ago, < 30 days"
fi
fi
# -c 2 -n 4 is from btrfsmaintenance, does ionice
e btrfs scrub start -Bd -c 2 -n 4 $mnt
+
+ # We normally only do one disk since this is meant to be run while I sleep
+ # and if we try to do all disks, we invariably end up doing a scrub still
+ # after I've woken up. So, just do one per day.
+ if ! $force; then
+ return 0
+ fi
done
}
# timedatectl show --property=Timezone | sed 's/^[^=]*=//'
# or
# readlink /etc/localtime | sed -r 's,^.*/([^/]+/[^/]+)$,\1,'
-OnCalendar=Thu *-*-* 02:00:00 America/New_York
+
+# previously, was running weekly.
+#OnCalendar=Thu *-*-* 02:00:00 America/New_York
+OnCalendar=*-*-* 02:00:00 America/New_York
[Install]
WantedBy=timers.target
cd $d
f=certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
-out=$(git log -p --since 2020-04-06 $f)
+out=$(git log -p --since 2022-05-14 $f)
if [[ $out ]]; then
cat <<EOF
Let's encrypt has new ssl settings.
-1. edit mail-setup and web-conf
-2. Update servers
-3. edit the date in $0
-4. rm $lock_file
+1. edit mail-setup if needed: search for check-lets-encrypt-ssl-settings
+2. edit web-conf, search for common_ssl_conf
+3. Update servers if needed
+4. edit the date in /a/bin/ds/filesystem/usr/local/bin/check-lets-encrypt-ssl-settings
+5. rm $lock_file
The change is:
$out
EOF
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
case $1 in
- # for first run, accept host key
+ # For first run, accept host key. Note, known_hosts is saved in /p.
-1)
opt=(-e 'ssh -oStrictHostKeyChecking=no')
;;
mxhost=mx.iankelling.org
mxport=587
-forward=$u@$mxhost
# old setup. left as comment for example
# mxhost=mail.messagingengine.com
cat <<'EOF'
# https://ssl-config.mozilla.org
ssl = required
-# this is the same as the certbot list, in my cert cronjob, I check if that has changed upstream.
+# this is the same as the certbot list, i check changes in /a/bin/ds/filesystem/usr/local/bin/check-lets-encrypt-ssl-settings
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_protocols = TLSv1.2
ssl_prefer_server_ciphers = no
mail_plugins = $mail_plugins sieve
}
EOF
- if dpkg --compare-versions $(dpkg-query -f='${Version}\n' --show dovecot-core) ge 1:2.3; then
+ if dpkg --compare-versions "$(dpkg-query -f='${Version}\n' --show dovecot-core)" ge 1:2.3; then
cat <<EOF
ssl_dh = </etc/dovecot/dhparam
EOF
$MAIL_HOST)
# < 2.1 (eg: in t9), uses a different data format which required manual
# migration. dont start if we are running an old version.
- if dpkg --compare-versions $(dpkg -s radicale | awk '$1 == "Version:" { print $2 }') ge 2.1; then
+ if dpkg --compare-versions "$(dpkg -s radicale | awk '$1 == "Version:" { print $2 }')" ge 2.1; then
m systemctl --now enable radicale
fi
;;&
iankelling.org / git / distro-setup / commitdiff