diff --git a/bin/botany b/bin/botany new file mode 100755 index 0000000..1a7c2fb --- /dev/null +++ b/bin/botany @@ -0,0 +1,4 @@ +#!/bin/bash + +python3 /opt/services/botany/botany.py + diff --git a/bin/envs.net/envs_sysinfo.sh b/bin/envs.net/envs_sysinfo.sh index 24356c8..3a1d3ea 100755 --- a/bin/envs.net/envs_sysinfo.sh +++ b/bin/envs.net/envs_sysinfo.sh @@ -11,7 +11,7 @@ DOMAIN='envs.net' ### # define packages by category for sysinfo.php Page -services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon jetforce jitsi-meet mariadb-server matrix nginx +services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon ipinfo jetforce jitsi-meet mariadb-server matrix nginx openssh-server pleroma privatebin riot-web searx termbin tt-rss thelounge znc) readarray -t sorted_services < <(printf '%s\n' "${services[@]}" | sort) @@ -163,7 +163,7 @@ cat< "$TMP_JSON" }, "ipinfo": { "desc": "ip address info", - "version": "", + "version": "-", "url": "https://ip.envs.net/" }, "jetforce": { diff --git a/etc/etc/hosts b/etc/etc/hosts index bc48f00..9fb95a2 100644 --- a/etc/etc/hosts +++ b/etc/etc/hosts @@ -19,7 +19,7 @@ ff02::2 ip6-allrouters 192.168.1.2 ns1.envs.net ns1 dns 192.168.1.3 mail.envs.net mail 192.168.1.4 lists.envs.net lists -192.168.1.5 ldap.envs.net ldap ldap1 +192.168.1.5 ldap.envs.net ldap 192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana 192.168.1.10 git.envs.net gitea diff --git a/etc/nginx/sites-available/envs.net.conf b/etc/nginx/sites-available/envs.net.conf index 80389bd..3d82424 100644 --- a/etc/nginx/sites-available/envs.net.conf +++ b/etc/nginx/sites-available/envs.net.conf @@ -15,6 +15,13 @@ server { location /.well-known/acme-challenge/ { alias /var/lib/letsencrypt/.well-known/acme-challenge/; } + + location /nginx_status { + stub_status on; + allow 127.0.0.1; + allow 192.168.1.6; + deny all; + } } server { @@ -60,22 +67,16 @@ server { # } # matrix - location /.well-known/matrix/ { - add_header Access-Control-Allow-Origin "*"; - add_header Content-Type application/json; - return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}'; - } - location /.well-known/matrix/support { add_header Access-Control-Allow-Origin "*"; add_header Content-Type application/json; return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}'; } - location /.well-known/matrix/integrations { + location /.well-known/matrix/ { add_header Access-Control-Allow-Origin "*"; add_header Content-Type application/json; - return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}'; + return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}'; } location /_matrix { diff --git a/etc/sysctl.d/fs.conf b/etc/sysctl.d/fs.conf index 15377f4..fa1d80a 100644 --- a/etc/sysctl.d/fs.conf +++ b/etc/sysctl.d/fs.conf @@ -1,2 +1,4 @@ +fs.file-max = 2097152 + fs.inotify.max_queued_events=16384 fs.inotify.max_user_watches=524288 diff --git a/root/backup-server.sh b/root/backup-server.sh index a4ce47d..409ef99 100755 --- a/root/backup-server.sh +++ b/root/backup-server.sh @@ -2,12 +2,13 @@ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "$(id -u)" -ne 0 ] && printf 'Please run as root!\n' && exit 1 +[ "$(ps ax | grep -ce 'restic\|ch_bak:core.envs.net')" -gt 1 ] && printf 'Backup runs already!\n' && exit 1 ### export RESTIC_PASSWORD=';)' -restic='ionice -c0 nice -n-19 restic -r' +restic='nice -n19 ionice -n7 restic -r' rsync='rsync -av --delete --numeric-ids' ### @@ -74,16 +75,16 @@ mysqldump -u root --opt --order-by-primary --all-databases | gzip -c > /var/db-b #pg_dumpall -U postgres | gzip -c > /var/db-backups/pgsql-dump-$(date +%F.%H%M%S).gz # Backup git -lxc-attach -n gitea -- bash -c "sudo -Hiu git /usr/local/bin/gitea dump -c /etc/gitea/app.ini" +lxc-attach -n gitea -- bash -c "sudo -Hiu git nice -n19 ionice -n7 /usr/local/bin/gitea dump -c /etc/gitea/app.ini" # Backup matrix -lxc-attach -n matrix -- bash -c "sudo -Hiu postgres pg_dump -F t matrix > /var/db-backups/matrix.tar" +lxc-attach -n matrix -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t matrix > /var/db-backups/matrix.tar" # Backup pleroma -lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres pg_dump -F t pleroma > /var/db-backups/pleroma.tar" +lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t pleroma > /var/db-backups/pleroma.tar" # Backup ttrss -lxc-attach -n rss -- bash -c "mysqldump -u root ttrss | gzip -c > /var/db-backups/ttrss.gz" +lxc-attach -n rss -- bash -c "nice -n10 ionice -n7 mysqldump -u root ttrss | nice -n19 ionice -n7 gzip -c > /var/db-backups/ttrss.gz" ### @@ -100,11 +101,11 @@ apt-key exportall | tee "$BACKUP_DIR"_local/repo.keys &>/dev/null # # Restic Backups # -lp='/var/lib/lxc/**/rootfs' +lp='/var/lib/lxc/*/rootfs' exclude_lxc="$lp/dev,$lp/media,$lp/mnt,$lp/proc,$lp/run,$lp/sys,$lp/tmp,$lp/var/tmp" for BH in $BACKUP_HOST; do - $restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc} + eval $restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude=\{/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc\} ## $restic sftp:"$BH":"$REMOTE_DIR"_lxc backup "$BACKUP_DIR_LXC" done @@ -116,7 +117,7 @@ CHECKEOM="$(date --date=tomorrow +%d)" if [ "$CHECKEOM" -eq 01 ]; then for BH in $BACKUP_HOST; do for RLN in $RESTIC_LOC_NAME; do - restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 3 + restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 1 restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" prune done done