2.4 KiB
author | published | title | description | category | |
---|---|---|---|---|---|
~ben and ~khuxkm | true | administration | ~team admin guide |
|
administration
- adding users
- backups
- bypassing resource limits as services user
- runaway processes/excessive resource usage
adding users
see the makeuser script's documentation
backups
tilde.team uses borg (via borgmatic) for backups and is configured to save 7 daily backups, 4 weekly backups, 6 monthly, and 1 yearly backup. backups run once daily during the night.
to see a list of the backups:
sudo borgmatic list
to see general backup stats:
sudo borgmatic info
to restore a backup:
sudo borgmatic extract --archive <archive name> --progress --restore-path=/path/to/restore
we keep backups of:
/home
/etc
- mysql and postgres databases (dumped before each backup run)
- nextcloud data
- tildegit database and repos
/var/spool/cron
- your crontabs/tilde
- user-submitted scripts- mailman3 list and archive data
bypassing resource limits
(by ~khuxkm)
So occasionally, when you're working with the services user, you'll run into "error: fork: retry: Resource temporarily unavailable" errors.
Here's how to fix it:
07:11 <~khuxkm> so this is seriously dumb
07:11 <~khuxkm> so how you fix limits is
07:12 <~khuxkm> sudo -iu services
07:12 <~khuxkm> use ps -aux to find the bash process ("-bash")
07:12 <~khuxkm> then `sudo prlimit --pid <pid> --nproc 1000000:100000000`
07:12 <~khuxkm> then do what you need to do
07:12 <~khuxkm> then exit the bash session
runaway processes
if a user consistently uses a lot of resources, send them a note via email
to request that they mind their usage levels. if they fail to respond within
a day or two, feel free to kill the process by pid or with killall
. if they
resume using excessive resources and haven't responded to communications, then
feel free to lock them out by changing their shell to /usr/sbin/nologin
.
sudo chsh -s /usr/sbin/nologin <username>
don't forget to kill their existing session with:
sudo loginctl terminate-user <username>