various updates
This commit is contained in:
parent
f1c4a08ae3
commit
ae80866c76
@ -1,15 +1,16 @@
|
|||||||
#!/usr/bin/env ruby
|
#!/usr/bin/env ruby
|
||||||
require 'json'
|
require "json"
|
||||||
require 'pathname'
|
require "pathname"
|
||||||
require 'fileutils'
|
require "fileutils"
|
||||||
require 'open3'
|
require "open3"
|
||||||
|
require 'socket'
|
||||||
|
|
||||||
LXC_PATH = Pathname.new("/data/containers")
|
LXC_PATH = Pathname.new("/lxc/")
|
||||||
BACKUP_LOCATIONS = %w{home srv etc usr/local}
|
BACKUP_LOCATIONS = %w{home srv etc usr/local var opt}
|
||||||
CONFIG_PATH = "/etc/lxc/container.json"
|
CONFIG_PATH = "/etc/nixos/lxc/container.json"
|
||||||
BACKUP_PATH = "/mnt/backup/attic"
|
BACKUP_PATH = "eve-backup@backup:backup"
|
||||||
ATTIC_PATH = Pathname.new("/data/attic")
|
BORG_PATH = Pathname.new("/data/borg")
|
||||||
PASSWORD_FILE = ATTIC_PATH.join("passwordfile").to_s
|
PASSWORD_FILE = BORG_PATH.join("passwordfile").to_s
|
||||||
KEEP_DAILY = 7
|
KEEP_DAILY = 7
|
||||||
KEEP_WEEKLY = 4
|
KEEP_WEEKLY = 4
|
||||||
KEEP_MONTHLY = 0
|
KEEP_MONTHLY = 0
|
||||||
@ -67,7 +68,7 @@ class Container
|
|||||||
if backupname.nil?
|
if backupname.nil?
|
||||||
abort("backupname not set for backup-scripts for container '#{@name}'")
|
abort("backupname not set for backup-scripts for container '#{@name}'")
|
||||||
end
|
end
|
||||||
backupname = ATTIC_PATH.join(backupname.gsub("/", ""))
|
backupname = BORG_PATH.join(backupname.gsub("/", ""))
|
||||||
FileUtils.mkdir_p(backupname)
|
FileUtils.mkdir_p(backupname)
|
||||||
puts "cd #{backupname}"
|
puts "cd #{backupname}"
|
||||||
Dir.chdir(backupname) do
|
Dir.chdir(backupname) do
|
||||||
@ -83,9 +84,7 @@ class Container
|
|||||||
end
|
end
|
||||||
|
|
||||||
config = load_config
|
config = load_config
|
||||||
backup_paths = BACKUP_LOCATIONS.map do |location|
|
backup_paths = BACKUP_LOCATIONS.map { |location| "/#{location}" }
|
||||||
"/#{location}"
|
|
||||||
end
|
|
||||||
config["network"].each do |container, data|
|
config["network"].each do |container, data|
|
||||||
next if data["lxc"] == false
|
next if data["lxc"] == false
|
||||||
container = Container.new(container, data["backup-paths"], data["backup-scripts"])
|
container = Container.new(container, data["backup-paths"], data["backup-scripts"])
|
||||||
@ -93,15 +92,23 @@ config["network"].each do |container, data|
|
|||||||
backup_paths += container.run_backup_scripts
|
backup_paths += container.run_backup_scripts
|
||||||
end
|
end
|
||||||
|
|
||||||
env = { "ATTIC_PASSPHRASE" => File.read(PASSWORD_FILE).chomp }
|
env = { "BORG_PASSPHRASE" => File.read(PASSWORD_FILE).chomp }
|
||||||
now = Time.now.strftime("%Y-%m-%d-%H:%M:%S")
|
now = Time.now.strftime("%Y-%m-%d-%H:%M:%S")
|
||||||
paths = backup_paths.map {|path| path.to_s }
|
paths = backup_paths.map {|path| path.to_s }
|
||||||
sh("attic", env, "create", "--stats", "#{BACKUP_PATH}::eve-#{now}",
|
|
||||||
'--exclude', '*/srv/repo',
|
TCPSocket.open('home.devkid.net', 22198) do |socket|
|
||||||
'--exclude', '*/home/joerg/git',
|
socket.write(File.read("/etc/nixos/secrets/nas-wakeup-password"))
|
||||||
'--exclude', '*/home/joerg/login/git',
|
end
|
||||||
*paths)
|
|
||||||
sh("attic", env, "prune", "-v", BACKUP_PATH,
|
sh("borg", env, "create", "--stats",
|
||||||
"--keep-daily", KEEP_DAILY.to_s,
|
"--compression", "zlib,9",
|
||||||
"--keep-weekly", KEEP_WEEKLY.to_s,
|
"--exclude", "*/srv/repo",
|
||||||
"--keep-monthly", KEEP_MONTHLY.to_s)
|
"--exclude", "*/srv/deluge",
|
||||||
|
"--exclude", "*/var/lib/lxcfs",
|
||||||
|
"--exclude", "*/joerg/git/openwrt",
|
||||||
|
"#{BACKUP_PATH}::eve-#{now}", *paths)
|
||||||
|
sh("borg", env, "prune", "-v",
|
||||||
|
"--keep-daily", KEEP_DAILY.to_s,
|
||||||
|
"--keep-weekly", KEEP_WEEKLY.to_s,
|
||||||
|
"--keep-monthly", KEEP_MONTHLY.to_s,
|
||||||
|
BACKUP_PATH)
|
||||||
|
@ -1,109 +0,0 @@
|
|||||||
#!/usr/bin/env ruby
|
|
||||||
require 'json'
|
|
||||||
require 'pathname'
|
|
||||||
require 'fileutils'
|
|
||||||
require 'open3'
|
|
||||||
|
|
||||||
LXC_PATH = Pathname.new("/data/containers")
|
|
||||||
BACKUP_LOCATIONS = %w{home srv etc usr/local}
|
|
||||||
CONFIG_PATH = "/etc/lxc/container.json"
|
|
||||||
BACKUP_PATH = "/mnt/backup/borg"
|
|
||||||
BORG_PATH = Pathname.new("/data/borg")
|
|
||||||
PASSWORD_FILE = BORG_PATH.join("passwordfile").to_s
|
|
||||||
KEEP_DAILY = 7
|
|
||||||
KEEP_WEEKLY = 4
|
|
||||||
KEEP_MONTHLY = 0
|
|
||||||
|
|
||||||
def load_config
|
|
||||||
return JSON.load(File.open(CONFIG_PATH))
|
|
||||||
rescue SystemCallError => e
|
|
||||||
abort "failed to open configuration '#{CONFIG_PATH}', #{e}"
|
|
||||||
rescue JSON::ParserError => e
|
|
||||||
abort "failed to parse configuration '#{CONFIG_PATH}', #{e}"
|
|
||||||
end
|
|
||||||
|
|
||||||
def sh(cmd, env={}, *args)
|
|
||||||
pretty_args = args.map {|arg| "'#{arg}'"}
|
|
||||||
puts ([cmd] + pretty_args).join(" ")
|
|
||||||
system(env, cmd, *args)
|
|
||||||
end
|
|
||||||
|
|
||||||
class Container
|
|
||||||
def initialize(name, backup_paths, backup_scripts)
|
|
||||||
@name = name
|
|
||||||
@backup_paths = backup_paths
|
|
||||||
@backup_scripts = backup_scripts
|
|
||||||
@path = LXC_PATH.join(name, "rootfs")
|
|
||||||
end
|
|
||||||
def backup_paths
|
|
||||||
paths = BACKUP_LOCATIONS
|
|
||||||
if @backup_paths.is_a?(Array)
|
|
||||||
paths += @backup_paths
|
|
||||||
end
|
|
||||||
paths.map do |relative_path|
|
|
||||||
@path.join(relative_path)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
def run_backup_scripts
|
|
||||||
if @backup_scripts.is_a?(Array)
|
|
||||||
@backup_scripts.map do |script|
|
|
||||||
backup_script(script)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
[]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
|
||||||
def backup_script(script)
|
|
||||||
unless script.is_a?(Hash)
|
|
||||||
abort("backup-scripts: Expected an Object, got #{script.class}")
|
|
||||||
end
|
|
||||||
command = script["command"]
|
|
||||||
if command.nil?
|
|
||||||
abort("command not set for backup-scripts for container '#{@name}'")
|
|
||||||
end
|
|
||||||
backupname = script["backupname"]
|
|
||||||
if backupname.nil?
|
|
||||||
abort("backupname not set for backup-scripts for container '#{@name}'")
|
|
||||||
end
|
|
||||||
backupname = BORG_PATH.join(backupname.gsub("/", ""))
|
|
||||||
FileUtils.mkdir_p(backupname)
|
|
||||||
puts "cd #{backupname}"
|
|
||||||
Dir.chdir(backupname) do
|
|
||||||
sh(command)
|
|
||||||
end
|
|
||||||
backupname
|
|
||||||
end
|
|
||||||
|
|
||||||
def empty_directory?(path)
|
|
||||||
return false unless Dir.exists?(path)
|
|
||||||
return Dir.entries(path).size <= 2 # - [".", ".."]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
config = load_config
|
|
||||||
backup_paths = BACKUP_LOCATIONS.map do |location|
|
|
||||||
"/#{location}"
|
|
||||||
end
|
|
||||||
config["network"].each do |container, data|
|
|
||||||
next if data["lxc"] == false
|
|
||||||
container = Container.new(container, data["backup-paths"], data["backup-scripts"])
|
|
||||||
backup_paths += container.backup_paths
|
|
||||||
backup_paths += container.run_backup_scripts
|
|
||||||
end
|
|
||||||
|
|
||||||
env = { "BORG_PASSPHRASE" => File.read(PASSWORD_FILE).chomp }
|
|
||||||
now = Time.now.strftime("%Y-%m-%d-%H:%M:%S")
|
|
||||||
paths = backup_paths.map {|path| path.to_s }
|
|
||||||
sh("borg", env, "create", "--stats", "#{BACKUP_PATH}::eve-#{now}",
|
|
||||||
'--compression', 'zlib,9',
|
|
||||||
'--exclude', '*/srv/repo',
|
|
||||||
'--exclude', '*/srv/deluge',
|
|
||||||
'--exclude', '*/home/joerg/git',
|
|
||||||
'--exclude', '*/home/joerg/login/git',
|
|
||||||
*paths)
|
|
||||||
sh("borg", env, "prune", "-v", BACKUP_PATH,
|
|
||||||
"--keep-daily", KEEP_DAILY.to_s,
|
|
||||||
"--keep-weekly", KEEP_WEEKLY.to_s,
|
|
||||||
"--keep-monthly", KEEP_MONTHLY.to_s)
|
|
10
backup-mysql
10
backup-mysql
@ -2,14 +2,18 @@
|
|||||||
# TARGET: Backup-Ziel
|
# TARGET: Backup-Ziel
|
||||||
# IGNORE: Liste zu ignorierender Datenbanken (durch | getrennt)
|
# IGNORE: Liste zu ignorierender Datenbanken (durch | getrennt)
|
||||||
IGNORE="mysql|information_schema|performance_schema|test"
|
IGNORE="mysql|information_schema|performance_schema|test"
|
||||||
PASSWORD="DtkXaU6ZeWeizvcZjRQJqY3no9dGf3ASa7N73Y8Z8PULxJVrvvrq7AAak4s2HvD2"
|
PASSWORD="$(cat /etc/nixos/secrets/mysql-password)"
|
||||||
|
|
||||||
DBS="$(/usr/bin/mysql --host="mysql" --user="root" --password="$PASSWORD" -Bse 'show databases' | /usr/bin/grep -Ev $IGNORE)"
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
export PATH="/usr/bin/:$PATH"
|
||||||
|
|
||||||
|
DBS="$(lxc-attach -n mysql -- mysql --host="mysql" --user="root" --password="$PASSWORD" -Bse 'show databases' | grep -Ev $IGNORE)"
|
||||||
|
|
||||||
rm -f *.sql.bz2
|
rm -f *.sql.bz2
|
||||||
|
|
||||||
for DB in $DBS; do
|
for DB in $DBS; do
|
||||||
/usr/bin/mysqldump --host="mysql" --user="root" --password="$PASSWORD" --skip-extended-insert --skip-comments "$DB" | bzip2 -c > "$DB.sql.bz2"
|
lxc-attach -n mysql -- mysqldump --host="localhost" --user="root" --password="$PASSWORD" --skip-extended-insert --skip-comments "$DB" | bzip2 -c > "$DB.sql.bz2"
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "$0 - Backup erfolgreich durchgefuehrt"
|
echo "$0 - Backup erfolgreich durchgefuehrt"
|
||||||
|
@ -1,13 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
export PGPASS=/root/.pgpass
|
set -eu -o pipefail
|
||||||
|
|
||||||
# restore:
|
# restore:
|
||||||
# psql -f $database.dump postgres
|
# psql -f $database.dump postgres
|
||||||
LIST=$(psql -h postgres -U postgres -At -c "select datname from pg_database order by datname;")
|
export PATH="/usr/bin/:$PATH"
|
||||||
for d in $LIST
|
LIST=$(lxc-attach -n postgres -- psql -h postgres -U postgres -At -c "select datname from pg_database order by datname;")
|
||||||
do
|
for d in $LIST; do
|
||||||
if [ "$d" != "template0" ]; then
|
[ "$d" == "template0" ] && continue
|
||||||
pg_dump -h postgres -U postgres "$d" | gzip -c > "$d.dump.gz"
|
lxc-attach -n postgres -- pg_dump -h postgres -U postgres "$d" | gzip -c > "$d.dump.gz"
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
if [ $# -lt 1 ]
|
if [ $# -lt 1 ]
|
||||||
then
|
then
|
||||||
echo "Usage: $0 <username>"
|
echo "Usage: $0 <username>"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [ $EUID -eq 0 ]
|
if ! [ $EUID -eq 0 ]
|
||||||
then
|
then
|
||||||
echo "Must be root!" >&2
|
echo "Must be root!" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
USER="$1"
|
USER="$1"
|
||||||
|
@ -1,99 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -u
|
|
||||||
bold=`tput bold`
|
|
||||||
normal=`tput sgr0`
|
|
||||||
|
|
||||||
if ! [ $EUID -eq 0 ]
|
|
||||||
then
|
|
||||||
echo "Must be root!" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $# -lt 2 ]
|
|
||||||
then
|
|
||||||
echo "Usage: $0 <name> <domain> [<features>]" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
NAME="$1"
|
|
||||||
DOMAIN="$2"
|
|
||||||
ROOTFS="/data/containers/$NAME/rootfs"
|
|
||||||
WEBFS="/data/containers/web/rootfs"
|
|
||||||
WEBPATH="/srv/http/$DOMAIN"
|
|
||||||
NGINX="$WEBFS/etc/nginx"
|
|
||||||
PHP_MODULES=('')
|
|
||||||
shift 2
|
|
||||||
|
|
||||||
# handle extra options
|
|
||||||
while (( "$#" ))
|
|
||||||
do
|
|
||||||
case $1 in
|
|
||||||
mysql)
|
|
||||||
PHP_MODULES=(mysqli mysql pdo_mysql)
|
|
||||||
;;
|
|
||||||
postgres)
|
|
||||||
PHP_MODULES=(pgsql pdo_pgsql)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
|
|
||||||
# clone container
|
|
||||||
echo "${bold}Cloning container ...$normal"
|
|
||||||
TEMPFILE=$(mktemp)
|
|
||||||
ruby -rjson -e 'puts ({php_extensions: ARGV}).to_json' "$PHP_MODULES[@]" > "$TEMPFILE"
|
|
||||||
lxc-clone -o base -n "$NAME" -- --group php --vars "$TEMPFILE"
|
|
||||||
rm "$TEMPFILE"
|
|
||||||
|
|
||||||
# configure bind mount
|
|
||||||
UNIT_NAME=$(systemd-escape --path --suffix=mount "${WEBFS}${WEBPATH}")
|
|
||||||
cat << EOF > "/etc/systemd/system/$UNIT_NAME"
|
|
||||||
[Mount]
|
|
||||||
What = ${ROOTFS}${WEBPATH}
|
|
||||||
Where = ${WEBFS}${WEBPATH}
|
|
||||||
Type = none
|
|
||||||
Options = bind,ro
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=lxc-mount.target
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl enable "$UNIT_NAME"
|
|
||||||
systemctl start "$UNIT_NAME"
|
|
||||||
|
|
||||||
# configure nginx
|
|
||||||
echo "${bold}Configuring nginx ...$normal"
|
|
||||||
cat << EOF > "$NGINX/sites-available/$DOMAIN"
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen 443 ssl;
|
|
||||||
index index.php index.html index.htm;
|
|
||||||
|
|
||||||
server_name $DOMAIN;
|
|
||||||
|
|
||||||
root /srv/http/$DOMAIN;
|
|
||||||
location ~ \.(php|php5)$ {
|
|
||||||
fastcgi_pass $NAME:9000;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
include fastcgi.conf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
chroot "$WEBFS" nginx_ensite "$DOMAIN"
|
|
||||||
|
|
||||||
# restart nginx
|
|
||||||
echo "${bold}Reload nginx ...$normal"
|
|
||||||
lxc-attach -n web -- systemctl reload nginx
|
|
||||||
|
|
||||||
# configure filewall
|
|
||||||
echo "${bold}Configuring firewall ...$normal"
|
|
||||||
cat << EOF > "/etc/ferm.d/services/45-$NAME"
|
|
||||||
&def_service($NAME, $NAME, tcp, 9000);
|
|
||||||
&allow_service_for($NAME, web);
|
|
||||||
EOF
|
|
||||||
fw-apply
|
|
||||||
|
|
||||||
# start container
|
|
||||||
echo "${bold}Starting container ...$normal"
|
|
||||||
lxc-start -d -n "$NAME"
|
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
@ -17,9 +17,8 @@ fi
|
|||||||
USER="$1"
|
USER="$1"
|
||||||
DBPASSWORD="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64)"
|
DBPASSWORD="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64)"
|
||||||
DATABASE="${2:-$USER}"
|
DATABASE="${2:-$USER}"
|
||||||
export PGPASSFILE=/root/.pgpass
|
|
||||||
|
|
||||||
psql --host postgres --user postgres <<EOF
|
lxc-attach -n postgres -- su postgres -c psql <<EOF
|
||||||
create user "$USER";
|
create user "$USER";
|
||||||
alter user "$USER" with password '$DBPASSWORD';
|
alter user "$USER" with password '$DBPASSWORD';
|
||||||
create database "$DATABASE" with owner "$USER";
|
create database "$DATABASE" with owner "$USER";
|
||||||
|
38
decrypt-zfs
38
decrypt-zfs
@ -1,38 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if ! [ "$EUID" -eq 0 ]
|
|
||||||
then
|
|
||||||
echo "This must be run as root!" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
echo -n "Password for data storage: "
|
|
||||||
read -s password
|
|
||||||
echo
|
|
||||||
|
|
||||||
echo $password | cryptsetup luksOpen /dev/sda3 zfs_hd_1
|
|
||||||
echo $password | cryptsetup luksOpen /dev/sdb3 zfs_hd_2
|
|
||||||
|
|
||||||
echo "import zfs pool"
|
|
||||||
retry=0
|
|
||||||
until [ $retry -ge 10 ]; do
|
|
||||||
zpool list | grep -q data && break || true
|
|
||||||
zpool import -f data
|
|
||||||
retry=$[$retry+1]
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "mount zfs datasets"
|
|
||||||
zfs mount -a
|
|
||||||
|
|
||||||
echo "do bind mounts"
|
|
||||||
ruby /etc/lxc/hooks/update-mounts
|
|
||||||
mount -o bind /data/containers/login/rootfs/home/joerg /home/joerg/login
|
|
||||||
mount -o bind /data/containers/login/rootfs/home/devkid /home/devkid/login
|
|
||||||
mount -o bind /data/containers/pyload/rootfs/var/lib/pyload /data/pyload
|
|
||||||
mount -o bind /data/pacman/pkg /var/cache/pacman/pkg
|
|
||||||
mount -o bind /data/pacman/sync /var/lib/pacman/sync
|
|
||||||
|
|
||||||
systemctl start lxc.target
|
|
@ -1,42 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
bold=`tput bold`
|
|
||||||
normal=`tput sgr0`
|
|
||||||
|
|
||||||
if ! [ $EUID -eq 0 ]
|
|
||||||
then
|
|
||||||
echo "Must be root!" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $# -lt 2 ]
|
|
||||||
then
|
|
||||||
echo "Usage: $0 <name> <domain> [<features>]" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
NAME="$1"
|
|
||||||
DOMAIN="$2"
|
|
||||||
ROOTFS="/data/containers/$NAME/rootfs"
|
|
||||||
WEBFS="/data/containers/web/rootfs"
|
|
||||||
WEBPATH="/srv/http/$DOMAIN"
|
|
||||||
NGINX="$WEBFS/etc/nginx"
|
|
||||||
|
|
||||||
# destroy container
|
|
||||||
lxc-stop -n "$NAME"
|
|
||||||
/usr/bin/lxc-destroy -n "$NAME"
|
|
||||||
|
|
||||||
# unconfigure nginx
|
|
||||||
chroot "$WEBFS" nginx_dissite "$DOMAIN"
|
|
||||||
rmdir "$WEBFS$WEBPATH"
|
|
||||||
rm -f "$WEBFS/etc/nginx/sites-available/$DOMAIN"
|
|
||||||
|
|
||||||
# restart nginx
|
|
||||||
lxc-attach -n web -- systemctl restart nginx
|
|
||||||
|
|
||||||
# unconfigure firewall
|
|
||||||
rm -f "/etc/ferm.d/services/45-$NAME"
|
|
||||||
fw-apply
|
|
||||||
|
|
||||||
# clean up container.json
|
|
||||||
/etc/lxc/scripts/cleanup-container-file.rb
|
|
23
dkms-update
23
dkms-update
@ -1,23 +0,0 @@
|
|||||||
#!/usr/bin/env ruby
|
|
||||||
|
|
||||||
kernel_package = ARGV[0] || "linux"
|
|
||||||
|
|
||||||
content = ""
|
|
||||||
IO.popen(["pacman", "-Ql", kernel_package]) {|io| content = io.read }
|
|
||||||
kernel = /\/usr\/lib\/modules\/(?<version>.*)\/kernel/.match(content)
|
|
||||||
abort "no kernel version found in package" unless kernel
|
|
||||||
|
|
||||||
mods = Dir["/usr/src/*"].sort
|
|
||||||
mods.each do |mod|
|
|
||||||
match = /(?<name>[^\/-]+)-(?<version>.+)$/.match(mod)
|
|
||||||
unless match
|
|
||||||
puts "Skip module '#{mod}' (not following the name standard)"
|
|
||||||
next
|
|
||||||
end
|
|
||||||
args = ["dkms",
|
|
||||||
"install",
|
|
||||||
"-m", "#{match[:name]}/#{match[:version]}",
|
|
||||||
"-k", kernel[:version]]
|
|
||||||
puts "$ #{args.join(" ")}"
|
|
||||||
system(*args)
|
|
||||||
end
|
|
15
fw-apply
15
fw-apply
@ -1,15 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
if ! [ $EUID -eq 0 ]
|
|
||||||
then
|
|
||||||
echo "Must be root!" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd /etc
|
|
||||||
|
|
||||||
if ferm --interactive --timeout 10 ferm.conf
|
|
||||||
then
|
|
||||||
ferm -n -l --domain ip ferm.conf > /etc/iptables/iptables.rules
|
|
||||||
ferm -n -l --domain ip6 ferm.conf > /etc/iptables/ip6tables.rules
|
|
||||||
fi
|
|
@ -1,11 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
(
|
(
|
||||||
for c in /data/containers/*
|
for c in /lxc/*
|
||||||
do
|
do
|
||||||
if [ -d "$c/rootfs" ]
|
if [ -d "$c/rootfs" ]
|
||||||
then
|
then
|
||||||
pacman -r "$c/rootfs" -Q
|
pacman -r "$c/rootfs" -Q
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
) | cut -d ' ' -f 1 | sort | uniq
|
) | cut -d ' ' -f 1 | sort | uniq
|
||||||
|
9
lxc-attach
Executable file
9
lxc-attach
Executable file
@ -0,0 +1,9 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
export HOME=/root
|
||||||
|
cd /root
|
||||||
|
exec /run/current-system/sw/bin/lxc-attach \
|
||||||
|
--clear-env \
|
||||||
|
--keep-var TERM \
|
||||||
|
--keep-var HOME \
|
||||||
|
"$@"
|
29
lxc-create-container
Executable file
29
lxc-create-container
Executable file
@ -0,0 +1,29 @@
|
|||||||
|
#!/usr/bin/env ruby
|
||||||
|
|
||||||
|
require "optparse"
|
||||||
|
|
||||||
|
def sh(cmd, *args)
|
||||||
|
puts "$ #{cmd} " + args.map {|a| "'#{a}'" }.join(" ")
|
||||||
|
system(cmd, *args) or abort "command failed"
|
||||||
|
end
|
||||||
|
|
||||||
|
options = {}
|
||||||
|
OptionParser.new do |opts|
|
||||||
|
opts.banner = "Usage: lxc-create-container [options]"
|
||||||
|
opts.on("-nNAME", "--name=NAME", "container name") do |n|
|
||||||
|
options[:name] = n
|
||||||
|
end
|
||||||
|
end.parse!
|
||||||
|
|
||||||
|
unless options[:name]
|
||||||
|
$stderr.puts "no option for --name supplied"
|
||||||
|
exit(1)
|
||||||
|
end
|
||||||
|
|
||||||
|
sh("systemctl", "stop", "lxc-base")
|
||||||
|
sh("/run/current-system/sw/bin/lxc-copy", "-n", "base", "-B", "zfs", "-N", options[:name])
|
||||||
|
puts "$ cd /etc/nixos/ansible"
|
||||||
|
Dir.chdir("/etc/nixos/ansible") do
|
||||||
|
sh("nix-shell", "--command", "ansible-playbook -i inventory site.yml --limit #{options[:name]}")
|
||||||
|
end
|
||||||
|
sh("lxc-info", "--name", "#{options[:name]}")
|
33
lxc-destroy
33
lxc-destroy
@ -1,3 +1,32 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env ruby
|
||||||
|
|
||||||
echo use /usr/bin/lxc-destroy instead >&2
|
require "optparse"
|
||||||
|
|
||||||
|
def sh(*args)
|
||||||
|
puts("$ #{args.join(" ")}")
|
||||||
|
system(*args)
|
||||||
|
end
|
||||||
|
|
||||||
|
options = {}
|
||||||
|
OptionParser.new do |opts|
|
||||||
|
opts.banner = "Usage: lxc-destroy [options]"
|
||||||
|
opts.on("-nNAME", "--name=NAME", "container name") do |n|
|
||||||
|
options[:name] = n
|
||||||
|
end
|
||||||
|
end.parse!
|
||||||
|
|
||||||
|
unless options[:name]
|
||||||
|
$stderr.puts "no option for --name supplied"
|
||||||
|
exit(1)
|
||||||
|
end
|
||||||
|
|
||||||
|
print "enter the name of the container to delete: "
|
||||||
|
unless options[:name] == STDIN.gets.chomp
|
||||||
|
puts "does not match"
|
||||||
|
exit(1)
|
||||||
|
end
|
||||||
|
|
||||||
|
PREFIX="/run/current-system/sw/bin"
|
||||||
|
|
||||||
|
#sh "#{PREFIX}/lxc-stop", "-n", options[:name]
|
||||||
|
sh "#{PREFIX}/lxc-destroy", "-n", options[:name]
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
lxc_root=/data/containers
|
lxc_root=/lxc/
|
||||||
for n in `lxc-ls`; do
|
for n in `lxc-ls`; do
|
||||||
name=n
|
name=n
|
||||||
r=$lxc_root/$n/rootfs
|
r=$lxc_root/$n/rootfs
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
if [ $EUID -ne 0 ]; then
|
if [ $EUID -ne 0 ]; then
|
||||||
echo "Must be root!" >&2
|
echo "Must be root!" >&2
|
||||||
@ -7,5 +7,5 @@ fi
|
|||||||
|
|
||||||
cd "${DIR:-/tmp}"
|
cd "${DIR:-/tmp}"
|
||||||
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
||||||
lxc-attach --name login -- sudo -u aurrepo -- gem2arch "$@"
|
lxc-attach --name login -- sudo -u aurrepo -- gem2arch "$@"
|
||||||
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
||||||
|
4
lxc-log
4
lxc-log
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
@ -18,7 +18,7 @@ case "$1" in
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
CONTAINER_PATH="/data/containers/$CONTAINER"
|
CONTAINER_PATH="/lxc/$CONTAINER"
|
||||||
|
|
||||||
[ $EUID -eq 0 ] || die "Needs root permission"
|
[ $EUID -eq 0 ] || die "Needs root permission"
|
||||||
[ -d "$CONTAINER_PATH" ] || die "No such container found: $CONTAINER"
|
[ -d "$CONTAINER_PATH" ] || die "No such container found: $CONTAINER"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
if [ $EUID -ne 0 ]; then
|
if [ $EUID -ne 0 ]; then
|
||||||
echo "Must be root!" >&2
|
echo "Must be root!" >&2
|
||||||
|
4
lxc-path
4
lxc-path
@ -1,3 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
echo /data/containers/$1/rootfs/$2
|
echo /lxc/$1/rootfs/$2
|
||||||
|
@ -1,12 +1,13 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
if [ $EUID -ne 0 ]; then
|
if [ $EUID -ne 0 ]; then
|
||||||
echo "Must be root!" >&2
|
echo "Must be root!" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cd "${DIR:-/}"
|
cd /
|
||||||
|
export PATH=$PATH:/usr/local/bin CWD=/
|
||||||
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
||||||
lxc-attach --name login -- sudo -u aurrepo -- yaourt "$@"
|
lxc-attach --name login -- sudo -u aurrepo -- yaourt "$@"
|
||||||
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
lxc-attach --name login -- sudo -u aurrepo -- aurrepo --sign --verbose
|
||||||
lxc-attach --name login -- pacman -Sy
|
lxc-attach --name login -- pacman -Sy
|
||||||
|
45
matemat-stats.py
Normal file
45
matemat-stats.py
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
import requests
|
||||||
|
from datetime import datetime
|
||||||
|
from influxdb import InfluxDBClient
|
||||||
|
|
||||||
|
url = "http://matemat.hq.c3d2.de/{}"
|
||||||
|
|
||||||
|
def main():
|
||||||
|
resp = requests.get(url.format("backup/inventory.json"))
|
||||||
|
fields = {}
|
||||||
|
tags = {}
|
||||||
|
json_body = []
|
||||||
|
|
||||||
|
for article in resp.json():
|
||||||
|
json_body.append(dict(
|
||||||
|
measurement="inventory",
|
||||||
|
tags=dict(name=article["name"]),
|
||||||
|
fields=dict(filter(lambda t: t[0] not in ["artNr", "name"], article.items()))
|
||||||
|
))
|
||||||
|
|
||||||
|
client = InfluxDBClient('influxdb.thalheim.io',
|
||||||
|
port=8086,
|
||||||
|
ssl=True,
|
||||||
|
username="matemat",
|
||||||
|
password="eig0NaGoahCia5oo",
|
||||||
|
database="matemat")
|
||||||
|
client.write_points(json_body)
|
||||||
|
resp2 = requests.get(url.format("statistics.json"))
|
||||||
|
json_body = resp2.json()
|
||||||
|
|
||||||
|
if "total_balance" in json_body:
|
||||||
|
json_body["total_balance"] = float(json_body["total_balance"])
|
||||||
|
if "total_loss_retail_price" in json_body:
|
||||||
|
json_body["total_loss_retail_price"] = float(json_body["total_loss_retail_price"])
|
||||||
|
if "positive_balance" in json_body:
|
||||||
|
json_body["positive_balance"] = float(json_body["positive_balance"])
|
||||||
|
if "negative_balance" in json_body:
|
||||||
|
json_body["negative_balance"] = int(json_body["negative_balance"])
|
||||||
|
|
||||||
|
if "inactive_users_negative_balance" in json_body:
|
||||||
|
json_body["inactive_users_negative_balance"] = float(json_body["inactive_users_negative_balance"])
|
||||||
|
|
||||||
|
client.write_points([dict(measurement="statistics", fields=json_body, tags={})])
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
9
netdata-rauter.rb
Normal file
9
netdata-rauter.rb
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
require 'open-uri'
|
||||||
|
req = open('http://rauter.evenet.dn42:19999/api/v1/allmetrics?format=prometheus')
|
||||||
|
req.each_line do |l|
|
||||||
|
l.gsub!(/#.*/,"")
|
||||||
|
if l =~ /([^{]+){[^}]+}\s+(\d+)\s+\d+/
|
||||||
|
metric, val = $1, $2
|
||||||
|
puts "#{metric.gsub("_", ".")} #{val} #{Time.new.utc.to_i}"
|
||||||
|
end
|
||||||
|
end
|
11
nixos-safe-rebuild
Executable file
11
nixos-safe-rebuild
Executable file
@ -0,0 +1,11 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
if [ $EUID -ne 0 ]; then
|
||||||
|
echo "Must be root!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
nixos-rebuild switch
|
||||||
|
echo "Press Ctrl-C to apply changes permanently (Rollback in 10s)"
|
||||||
|
sleep 10
|
||||||
|
nixos-rebuild switch --rollback
|
@ -7,8 +7,9 @@ fi
|
|||||||
pkgs=""
|
pkgs=""
|
||||||
for pkg in "$@"
|
for pkg in "$@"
|
||||||
do
|
do
|
||||||
cp -- "$pkg" "/data/containers/login/rootfs/var/lib/aurrepo/"
|
cp -- "$pkg" "/lxc/login/rootfs/var/lib/aurrepo/"
|
||||||
name="$(basename $pkg)"
|
name="$(basename $pkg)"
|
||||||
|
chown 102013:102013 "/lxc/login/rootfs/var/lib/aurrepo/$name"
|
||||||
lxc-attach -n login -- sudo -u aurrepo gpg --detach-sign --no-armor "/var/lib/aurrepo/$name"
|
lxc-attach -n login -- sudo -u aurrepo gpg --detach-sign --no-armor "/var/lib/aurrepo/$name"
|
||||||
pkgs="$pkgs /var/lib/aurrepo/$name"
|
pkgs="$pkgs /var/lib/aurrepo/$name"
|
||||||
done
|
done
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
# Send mail
|
|
||||||
echo "$SMARTD_MESSAGE" | mail -s "$SMARTD_FAILTYPE" "$SMARTD_ADDRESS"
|
|
||||||
|
|
||||||
# Notify user
|
|
||||||
wall "$SMARTD_MESSAGE"
|
|
@ -1,3 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
pacman -S linux-lts linux-lts-headers spl-lts spl-utils-lts zfs-lts zfs-utils-lts
|
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
#Script to update motd with relevant information.
|
#Script to update motd with relevant information.
|
||||||
#Define output file
|
#Define output file
|
||||||
motd="/etc/motd"
|
motd="/etc/motd"
|
||||||
|
5
wakeup-nas.rb
Normal file
5
wakeup-nas.rb
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
require 'socket'
|
||||||
|
|
||||||
|
TCPSocket.open('home.devkid.net', 22198) do |socket|
|
||||||
|
socket.write(File.read("/etc/nixos/secrets/nas-wakeup-password"))
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user