some more small server optimations

pull/1/head
creme 2 years ago
parent 520057c544
commit b2800a38fa
  1. 4
      bin/botany
  2. 4
      bin/envs.net/envs_sysinfo.sh
  3. 2
      etc/etc/hosts
  4. 17
      etc/nginx/sites-available/envs.net.conf
  5. 2
      etc/sysctl.d/fs.conf
  6. 17
      root/backup-server.sh

@ -0,0 +1,4 @@
#!/bin/bash
python3 /opt/services/botany/botany.py

@ -11,7 +11,7 @@ DOMAIN='envs.net'
###
# define packages by category for sysinfo.php Page
services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon jetforce jitsi-meet mariadb-server matrix nginx
services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon ipinfo jetforce jitsi-meet mariadb-server matrix nginx
openssh-server pleroma privatebin riot-web searx termbin tt-rss thelounge znc)
readarray -t sorted_services < <(printf '%s\n' "${services[@]}" | sort)
@ -163,7 +163,7 @@ cat<<EOM > "$TMP_JSON"
},
"ipinfo": {
"desc": "ip address info",
"version": "",
"version": "-",
"url": "https://ip.envs.net/"
},
"jetforce": {

@ -19,7 +19,7 @@ ff02::2 ip6-allrouters
192.168.1.2 ns1.envs.net ns1 dns
192.168.1.3 mail.envs.net mail
192.168.1.4 lists.envs.net lists
192.168.1.5 ldap.envs.net ldap ldap1
192.168.1.5 ldap.envs.net ldap
192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
192.168.1.10 git.envs.net gitea

@ -15,6 +15,13 @@ server {
location /.well-known/acme-challenge/ {
alias /var/lib/letsencrypt/.well-known/acme-challenge/;
}
location /nginx_status {
stub_status on;
allow 127.0.0.1;
allow 192.168.1.6;
deny all;
}
}
server {
@ -60,22 +67,16 @@ server {
# }
# matrix
location /.well-known/matrix/ {
add_header Access-Control-Allow-Origin "*";
add_header Content-Type application/json;
return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
}
location /.well-known/matrix/support {
add_header Access-Control-Allow-Origin "*";
add_header Content-Type application/json;
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
}
location /.well-known/matrix/integrations {
location /.well-known/matrix/ {
add_header Access-Control-Allow-Origin "*";
add_header Content-Type application/json;
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}';
}
location /_matrix {

@ -1,2 +1,4 @@
fs.file-max = 2097152
fs.inotify.max_queued_events=16384
fs.inotify.max_user_watches=524288

@ -2,12 +2,13 @@
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ "$(id -u)" -ne 0 ] && printf 'Please run as root!\n' && exit 1
[ "$(ps ax | grep -ce 'restic\|ch_bak:core.envs.net')" -gt 1 ] && printf 'Backup runs already!\n' && exit 1
###
export RESTIC_PASSWORD=';)'
restic='ionice -c0 nice -n-19 restic -r'
restic='nice -n19 ionice -n7 restic -r'
rsync='rsync -av --delete --numeric-ids'
###
@ -74,16 +75,16 @@ mysqldump -u root --opt --order-by-primary --all-databases | gzip -c > /var/db-b
#pg_dumpall -U postgres | gzip -c > /var/db-backups/pgsql-dump-$(date +%F.%H%M%S).gz
# Backup git
lxc-attach -n gitea -- bash -c "sudo -Hiu git /usr/local/bin/gitea dump -c /etc/gitea/app.ini"
lxc-attach -n gitea -- bash -c "sudo -Hiu git nice -n19 ionice -n7 /usr/local/bin/gitea dump -c /etc/gitea/app.ini"
# Backup matrix
lxc-attach -n matrix -- bash -c "sudo -Hiu postgres pg_dump -F t matrix > /var/db-backups/matrix.tar"
lxc-attach -n matrix -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t matrix > /var/db-backups/matrix.tar"
# Backup pleroma
lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres pg_dump -F t pleroma > /var/db-backups/pleroma.tar"
lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t pleroma > /var/db-backups/pleroma.tar"
# Backup ttrss
lxc-attach -n rss -- bash -c "mysqldump -u root ttrss | gzip -c > /var/db-backups/ttrss.gz"
lxc-attach -n rss -- bash -c "nice -n10 ionice -n7 mysqldump -u root ttrss | nice -n19 ionice -n7 gzip -c > /var/db-backups/ttrss.gz"
###
@ -100,11 +101,11 @@ apt-key exportall | tee "$BACKUP_DIR"_local/repo.keys &>/dev/null
#
# Restic Backups
#
lp='/var/lib/lxc/**/rootfs'
lp='/var/lib/lxc/*/rootfs'
exclude_lxc="$lp/dev,$lp/media,$lp/mnt,$lp/proc,$lp/run,$lp/sys,$lp/tmp,$lp/var/tmp"
for BH in $BACKUP_HOST; do
$restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc}
eval $restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude=\{/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc\}
## $restic sftp:"$BH":"$REMOTE_DIR"_lxc backup "$BACKUP_DIR_LXC"
done
@ -116,7 +117,7 @@ CHECKEOM="$(date --date=tomorrow +%d)"
if [ "$CHECKEOM" -eq 01 ]; then
for BH in $BACKUP_HOST; do
for RLN in $RESTIC_LOC_NAME; do
restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 3
restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 1
restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" prune
done
done

Loading…
Cancel
Save