some more small server optimations

bin/botany

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+python3 /opt/services/botany/botany.py
+

bin/envs.net/envs_sysinfo.sh

@@ -11,7 +11,7 @@ DOMAIN='envs.net'
 ###
 
 # define packages by category for sysinfo.php Page
-services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon jetforce jitsi-meet mariadb-server matrix nginx
+services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon ipinfo jetforce jitsi-meet mariadb-server matrix nginx
     openssh-server pleroma privatebin riot-web searx termbin tt-rss thelounge znc)
 readarray -t sorted_services < <(printf '%s\n' "${services[@]}" | sort)
 
@@ -163,7 +163,7 @@ cat<<EOM > "$TMP_JSON"
       },
       "ipinfo": {
         "desc":        "ip address info",
-        "version":     "",
+        "version":     "-",
         "url":         "https://ip.envs.net/"
       },
       "jetforce": {

etc/etc/hosts

@@ -19,7 +19,7 @@ ff02::2 ip6-allrouters
 192.168.1.2   ns1.envs.net ns1 dns
 192.168.1.3   mail.envs.net mail 
 192.168.1.4   lists.envs.net lists
-192.168.1.5   ldap.envs.net ldap ldap1
+192.168.1.5   ldap.envs.net ldap
 192.168.1.6   moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
 
 192.168.1.10  git.envs.net gitea

etc/nginx/sites-available/envs.net.conf

@@ -15,6 +15,13 @@ server {
 	location /.well-known/acme-challenge/ {
 		alias /var/lib/letsencrypt/.well-known/acme-challenge/;
 	}
+
+	location /nginx_status {
+		stub_status on;
+		allow 127.0.0.1;
+		allow 192.168.1.6;
+		deny all;
+	}
 }
 
 server {
@@ -60,22 +67,16 @@ server {
 #	}
 
 	# matrix
-	location /.well-known/matrix/ {
-		add_header Access-Control-Allow-Origin "*";
-		add_header Content-Type application/json;
-		return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
-	}
-
 	location /.well-known/matrix/support {
 		add_header Access-Control-Allow-Origin "*";
 		add_header Content-Type application/json;
 		return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
 	}
 
-	location /.well-known/matrix/integrations {
+	location /.well-known/matrix/ {
 		add_header Access-Control-Allow-Origin "*";
 		add_header Content-Type application/json;
-		return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
+		return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}';
 	}
 
 	location /_matrix {

etc/sysctl.d/fs.conf

@@ -1,2 +1,4 @@
+fs.file-max = 2097152
+
 fs.inotify.max_queued_events=16384
 fs.inotify.max_user_watches=524288

root/backup-server.sh

@@ -2,12 +2,13 @@
 export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 [ "$(id -u)" -ne 0 ] && printf 'Please run as root!\n' && exit 1
+[ "$(ps ax | grep -ce 'restic\|ch_bak:core.envs.net')" -gt 1 ] && printf 'Backup runs already!\n' && exit 1
 
 ###
 
 export RESTIC_PASSWORD=';)'
 
-restic='ionice -c0 nice -n-19 restic -r'
+restic='nice -n19 ionice -n7 restic -r'
 rsync='rsync -av --delete --numeric-ids'
 
 ###
@@ -74,16 +75,16 @@ mysqldump -u root --opt --order-by-primary --all-databases | gzip -c > /var/db-b
 #pg_dumpall -U postgres | gzip -c > /var/db-backups/pgsql-dump-$(date +%F.%H%M%S).gz
 
 # Backup git
-lxc-attach -n gitea -- bash -c "sudo -Hiu git /usr/local/bin/gitea dump -c /etc/gitea/app.ini"
+lxc-attach -n gitea -- bash -c "sudo -Hiu git nice -n19 ionice -n7 /usr/local/bin/gitea dump -c /etc/gitea/app.ini"
 
 # Backup matrix
-lxc-attach -n matrix -- bash -c "sudo -Hiu postgres pg_dump -F t matrix > /var/db-backups/matrix.tar"
+lxc-attach -n matrix -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t matrix > /var/db-backups/matrix.tar"
 
 # Backup pleroma
-lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres pg_dump -F t pleroma > /var/db-backups/pleroma.tar"
+lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t pleroma > /var/db-backups/pleroma.tar"
 
 # Backup ttrss
-lxc-attach -n rss -- bash -c "mysqldump -u root ttrss | gzip -c > /var/db-backups/ttrss.gz"
+lxc-attach -n rss -- bash -c "nice -n10 ionice -n7 mysqldump -u root ttrss | nice -n19 ionice -n7 gzip -c > /var/db-backups/ttrss.gz"
 
 ###
 
@@ -100,11 +101,11 @@ apt-key exportall | tee "$BACKUP_DIR"_local/repo.keys &>/dev/null
 #
 # Restic Backups
 #
-lp='/var/lib/lxc/**/rootfs'
+lp='/var/lib/lxc/*/rootfs'
 exclude_lxc="$lp/dev,$lp/media,$lp/mnt,$lp/proc,$lp/run,$lp/sys,$lp/tmp,$lp/var/tmp"
 
 for BH in $BACKUP_HOST; do
-	$restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc}
+	eval $restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude=\{/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc\}
 ##	$restic sftp:"$BH":"$REMOTE_DIR"_lxc backup "$BACKUP_DIR_LXC"
 done
 
@@ -116,7 +117,7 @@ CHECKEOM="$(date --date=tomorrow +%d)"
 if [ "$CHECKEOM" -eq 01 ]; then
 	for BH in $BACKUP_HOST; do
 		for RLN in $RESTIC_LOC_NAME; do
-			restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 3
+			restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 1
 			restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" prune
 		done
 	done