From: Ian Kelling Date: Thu, 6 Apr 2017 21:05:50 +0000 (-0700) Subject: add pump.io X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=commitdiff_plain;h=f37d0d46227306bfc4d098aec71fa4e1832fc2b8 add pump.io --- diff --git a/distro-end b/distro-end index dde7a10..8bedbc7 100755 --- a/distro-end +++ b/distro-end @@ -297,8 +297,15 @@ EOF ser daemon-reload ser enable vpnmail.service acme-tiny-wrapper mail.iankelling.org + # needed for li's local mail delivery. there might + # be a better way to do it that doesn't require disabling + # it during le verification, but whatever for now. + f=/etc/cron.daily/lets-encrypt-mail_iankelling_org + l="10.8.0.4 mail.iankelling.org" + tu /etc/hosts <<<"$l" + s sed -i '/^\s*sysv acme-tiny-wrapper/i sed -i /^10\.8\.0\.4/d /etc/hosts' $f + echo "echo $l >>/etc/hosts" | s tee -a $f sgo openvpn - tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org" domain=cal.iankelling.org acme-tiny-wrapper $domain apache-site -f 10.8.0.4:5232 - $domain <<'EOF' @@ -318,6 +325,100 @@ EOF # auth_basic_user_file /etc/nginx/caldav/htpasswd; + ########## begin pump.io setup ########## + + # once pump adds a logrotation script, turn off nologger, + # and add + # "logfile": "/var/log/pumpio/pumpio.log", + # + s dd of=/etc/pump.io.json <<'EOF' +{ + "secret": "SECRET_REPLACE_ME", + "driver": "mongodb", + "params": { "dbname": "pumpio" }, + "noweb": false, + "site": "pump.iankelling.org", + "owner": "Ian Kelling", + "ownerURL": "https://pump.iankelling.org/", + "port": 8001, + "urlPort": 443, + "hostname": "pump.iankelling.org", + "nologger": true, + "datadir": "/home/pumpio/pumpdata", + "enableUploads": true, + "debugClient": false, + "disableRegistration": true, + "noCDN": true, + "key": "/home/pumpio/pump.iankelling.org-domain.key", + "cert": "/home/pumpio/pump.iankelling.org-chained.pem", + "address": "localhost", + "sockjs": false +} +EOF + s sed -i "s#SECRET_REPLACE_ME#$(cat /p/c/machine_specific/li/pump-secret)#" /etc/pump.io.json + + # jessie\'s node is too old + # https://nodejs.org/en/download/package-manager/ + curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - + pi nodejs + cd /home/ian + rm -rf pump.io.git + git clone https://github.com/pump-io/pump.io.git + cd pump.io + # note: doing this or the npm install pump.io as root had problems. + npm install + npm run build + # normally, next command would be + # s npm install -g databank-mongodb + # but it\'s this until a bug in pump gets fixed + s npm install -g databank-mongodb@0.19.2 + s useradd -m -s /bin/false pumpio + sudo -u pumpio mkdir -p /home/pumpio/pumpdata + # for testing browser when only listening to localhost, + # in the pump.io.json, set hostname localhost, urlPort 5233 + #ssh -L 5233:localhost:5233 li + acme-tiny-wrapper -c /home/pumpio pump.iankelling.org + + s mkdir -p /var/log/pumpio/ + s chown pumpio:pumpio /var/log/pumpio/ + + apache-site -c /home/pumpio - pump.iankelling.org <<'EOF' +# currently a bug in pump that we cant terminate ssl + SSLProxyEngine On + ProxyPreserveHost On + ProxyPass / https://127.0.0.1:8001/ + ProxyPassReverse / https://127.0.0.1:8001/ + # i have sockjs disabled per people suggesting that + # it won't work with apache right now. + # not sure if it would work with this, + # but afaik, this is pointless atm. + + ProxyPass wss://127.0.0.1:8001/main/realtime/sockjs/ + ProxyPassReverse wss://127.0.0.1:8001/main/realtime/sockjs/ + +EOF + + s dd of=/etc/systemd/system/pump.service <<'EOF' +[Unit] +Description=pump.io +After=syslog.target network.target + +[Service] +Type=simple +User=pumpio +Group=pumpio +ExecStart=/home/ian/pump.io/bin/pump +Environment=NODE_ENV=production +# failed to find databank-mongodb without this. +# I just looked at my environment variables took a guess. +Environment=NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript + +[Install] +WantedBy=multi-user.target +EOF + ser daemon-reload + sgo pump + ########## end pump.io setup ############ echo "$0: $(date): ending now)" exit 0 @@ -327,6 +428,33 @@ esac ########### end section including li/lj ############### +# pump.io periodic backup +if [[ $HOSTNAME == treetowl ]]; then + s dd of=/etc/systemd/system/pumpbackup.service <<'EOF' +[Unit] +Description=pump li backup +After=multi-user.target + +[Service] +User=ian +Type=oneshot +ExecStart=/a/bin/log-quiet/sysd-mail-once pump-backup /a/bin/distro-setup/pump-backup +EOF + + s dd of=/etc/systemd/system/pumpbackup.timer <<'EOF' +[Unit] +Description=pump li backup hourly + +[Timer] +OnCalendar=hourly + +[Install] +WantedBy=timers.target +EOF + s systemctl daemon-reload + sgo pumpbackup.timer +fi + case $distro in debian|ubuntu) # suggests because we want the resolvconf package. @@ -335,7 +463,7 @@ case $distro in # pi-nostart does not disable ser disable openvpn ;; - *) pi openvpn;; +*) pi openvpn;; esac if private-host; then @@ -438,32 +566,32 @@ fi -# no equivalent in other distros: -case $distro in - debian|ubuntu) - # for gui bug reporting - spa python-vte - ;; -esac + # no equivalent in other distros: + case $distro in + debian|ubuntu) + # for gui bug reporting + spa python-vte + ;; + esac -####### misc packages ########### + ####### misc packages ########### -if [[ $HOSTNAME == treetowl ]]; then - case $distro in - debian|ubuntu) - # note i had to do this, which is persistent: - # cd /i/k - # s chgrp debian-transmission torrents partial-torrents - - # syslog says things like - # 'Failed to set receive buffer: requested 4194304, got 425984' - # google suggets giving it even more than that - tu /etc/sysctl.conf<<'EOF' + if [[ $HOSTNAME == treetowl ]]; then + case $distro in + debian|ubuntu) + # note i had to do this, which is persistent: + # cd /i/k + # s chgrp debian-transmission torrents partial-torrents + + # syslog says things like + # 'Failed to set receive buffer: requested 4194304, got 425984' + # google suggets giving it even more than that + tu /etc/sysctl.conf<<'EOF' net.core.rmem_max = 67108864 net.core.wmem_max = 16777216 EOF - s sysctl -p + s sysctl -p # some reason it doesn't seem to start automatically anyways pi-nostart transmission-daemon @@ -507,32 +635,32 @@ EOF ser disable transmission-daemon sgo transmission-daemon-nn ;; - # todo: others unknown - esac -fi + # todo: others unknown + esac + fi -# adapted from /var/lib/dpkg/info/transmission-daemon.postinst -if ! getent passwd debian-transmission > /dev/null; then - case $distro in - arch) - s useradd \ - --system \ - --create-home \ - --home-dir /var/lib/transmission-daemon \ - --shell /bin/false \ - debian-transmission - ;; - *) - s adduser --quiet \ - --system \ - --group \ - --no-create-home \ - --disabled-password \ - --home /var/lib/transmission-daemon \ - debian-transmission - ;; - esac -fi + # adapted from /var/lib/dpkg/info/transmission-daemon.postinst + if ! getent passwd debian-transmission > /dev/null; then + case $distro in + arch) + s useradd \ + --system \ + --create-home \ + --home-dir /var/lib/transmission-daemon \ + --shell /bin/false \ + debian-transmission + ;; + *) + s adduser --quiet \ + --system \ + --group \ + --no-create-home \ + --disabled-password \ + --home /var/lib/transmission-daemon \ + debian-transmission + ;; + esac + fi # dunno why it's there, but get rid of it case $HOSTNAME in @@ -751,6 +879,17 @@ case $distro in esac # general known for debian/ubuntu, not for fedora + +case $distro in + debian|ubuntu) + pi golang-go + # a bit of googling, and added settings to bashrc + go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl + ;; + # others unknown +esac + + case $distro in arch) # cdrkit for cloud-init isos @@ -817,7 +956,7 @@ if [[ $HOSTNAME == treetowl ]]; then d=jm; jm=d # being clever for succinctness for s in d jm; do s $sed -ri "/^\s*\[Unit\]/a Conflicts=bitcoin${!s}.service" \ - /etc/systemd/system/bitcoin${s}.service + /etc/systemd/system/bitcoin${s}.service done ser daemon-reload @@ -889,73 +1028,73 @@ EOF done sed -ri "s/^\s*(blockchain_source\s*=).*/\1 bitcoin-rpc/" joinmarket.cfg -fi + fi -# proprietary flash. going without for now -# case $distro in -# debian) -# pi flashplugin-nonfree -# esac + # proprietary flash. going without for now + # case $distro in + # debian) + # pi flashplugin-nonfree + # esac -case $distro in - fedora) - cd $(mktemp -d) - wget http://tamacom.com/global/global-6.3.2.tar.gz - ex global* - cd global-6.3.2 - # based on https://github.com/leoliu/ggtags - ./configure --with-exuberant-ctags=/usr/bin/ctags - make - s make install - s pip install pygments - ;; - *) - pi global - ;;& - arch) - pi python2-pygments - ;; - debian|ubuntu) - pi python-pygments - ;; -esac + case $distro in + fedora) + cd $(mktemp -d) + wget http://tamacom.com/global/global-6.3.2.tar.gz + ex global* + cd global-6.3.2 + # based on https://github.com/leoliu/ggtags + ./configure --with-exuberant-ctags=/usr/bin/ctags + make + s make install + s pip install pygments + ;; + *) + pi global + ;;& + arch) + pi python2-pygments + ;; + debian|ubuntu) + pi python-pygments + ;; + esac -case $distro in - debian) - pi task-cinnamon-desktop - # in settings, change scrolling to two-finger, - # because the default edge scroll doesn\'t work. - pu transmission-gtk - ;; - # others unknown -esac + case $distro in + debian) + pi task-cinnamon-desktop + # in settings, change scrolling to two-finger, + # because the default edge scroll doesn\'t work. + pu transmission-gtk + ;; + # others unknown + esac -case $distro in - arch) spa apg ;; + case $distro in + arch) spa apg ;; - # already in debian jessie -esac + # already in debian jessie + esac -# note this failed running at the beginning of this file, -# because no systemd user instance was running. -# Doing systemd --user resulted in -# Trying to run as user instance, but $XDG_RUNTIME_DIR is not set + # note this failed running at the beginning of this file, + # because no systemd user instance was running. + # Doing systemd --user resulted in + # Trying to run as user instance, but $XDG_RUNTIME_DIR is not set -if isdebian-testing; then - # as of 7/2016, has no unstable deps, and is not in testing anymore. - pi synergy/unstable -else - pi synergy -fi + if isdebian-testing; then + # as of 7/2016, has no unstable deps, and is not in testing anymore. + pi synergy/unstable + else + pi synergy + fi # case $distro in # # ubuntu unknown. probably the same as debian, just check if the diff --git a/pump-backup b/pump-backup new file mode 100755 index 0000000..65a346a --- /dev/null +++ b/pump-backup @@ -0,0 +1,3 @@ +#!/bin/bash +ssh li mongodump >/dev/null # too verbose by default +rsync -r --delete root@li:{/home/ian/dump,/home/pumpio/pumpdata} /w/backup/pump