some more small server optimations

This commit is contained in:
creme 2020-04-10 14:05:25 +00:00
parent 520057c544
commit b2800a38fa
6 changed files with 27 additions and 19 deletions

4
bin/botany Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
python3 /opt/services/botany/botany.py

View File

@ -11,7 +11,7 @@ DOMAIN='envs.net'
### ###
# define packages by category for sysinfo.php Page # define packages by category for sysinfo.php Page
services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon jetforce jitsi-meet mariadb-server matrix nginx services=(0x0 bbj cryptpad getwtxt gitea gophernicus halcyon ipinfo jetforce jitsi-meet mariadb-server matrix nginx
openssh-server pleroma privatebin riot-web searx termbin tt-rss thelounge znc) openssh-server pleroma privatebin riot-web searx termbin tt-rss thelounge znc)
readarray -t sorted_services < <(printf '%s\n' "${services[@]}" | sort) readarray -t sorted_services < <(printf '%s\n' "${services[@]}" | sort)
@ -163,7 +163,7 @@ cat<<EOM > "$TMP_JSON"
}, },
"ipinfo": { "ipinfo": {
"desc": "ip address info", "desc": "ip address info",
"version": "", "version": "-",
"url": "https://ip.envs.net/" "url": "https://ip.envs.net/"
}, },
"jetforce": { "jetforce": {

View File

@ -19,7 +19,7 @@ ff02::2 ip6-allrouters
192.168.1.2 ns1.envs.net ns1 dns 192.168.1.2 ns1.envs.net ns1 dns
192.168.1.3 mail.envs.net mail 192.168.1.3 mail.envs.net mail
192.168.1.4 lists.envs.net lists 192.168.1.4 lists.envs.net lists
192.168.1.5 ldap.envs.net ldap ldap1 192.168.1.5 ldap.envs.net ldap
192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana 192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
192.168.1.10 git.envs.net gitea 192.168.1.10 git.envs.net gitea

View File

@ -15,6 +15,13 @@ server {
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
alias /var/lib/letsencrypt/.well-known/acme-challenge/; alias /var/lib/letsencrypt/.well-known/acme-challenge/;
} }
location /nginx_status {
stub_status on;
allow 127.0.0.1;
allow 192.168.1.6;
deny all;
}
} }
server { server {
@ -60,22 +67,16 @@ server {
# } # }
# matrix # matrix
location /.well-known/matrix/ {
add_header Access-Control-Allow-Origin "*";
add_header Content-Type application/json;
return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
}
location /.well-known/matrix/support { location /.well-known/matrix/support {
add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Origin "*";
add_header Content-Type application/json; add_header Content-Type application/json;
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}'; return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
} }
location /.well-known/matrix/integrations { location /.well-known/matrix/ {
add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Origin "*";
add_header Content-Type application/json; add_header Content-Type application/json;
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}'; return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}';
} }
location /_matrix { location /_matrix {

View File

@ -1,2 +1,4 @@
fs.file-max = 2097152
fs.inotify.max_queued_events=16384 fs.inotify.max_queued_events=16384
fs.inotify.max_user_watches=524288 fs.inotify.max_user_watches=524288

View File

@ -2,12 +2,13 @@
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ "$(id -u)" -ne 0 ] && printf 'Please run as root!\n' && exit 1 [ "$(id -u)" -ne 0 ] && printf 'Please run as root!\n' && exit 1
[ "$(ps ax | grep -ce 'restic\|ch_bak:core.envs.net')" -gt 1 ] && printf 'Backup runs already!\n' && exit 1
### ###
export RESTIC_PASSWORD=';)' export RESTIC_PASSWORD=';)'
restic='ionice -c0 nice -n-19 restic -r' restic='nice -n19 ionice -n7 restic -r'
rsync='rsync -av --delete --numeric-ids' rsync='rsync -av --delete --numeric-ids'
### ###
@ -74,16 +75,16 @@ mysqldump -u root --opt --order-by-primary --all-databases | gzip -c > /var/db-b
#pg_dumpall -U postgres | gzip -c > /var/db-backups/pgsql-dump-$(date +%F.%H%M%S).gz #pg_dumpall -U postgres | gzip -c > /var/db-backups/pgsql-dump-$(date +%F.%H%M%S).gz
# Backup git # Backup git
lxc-attach -n gitea -- bash -c "sudo -Hiu git /usr/local/bin/gitea dump -c /etc/gitea/app.ini" lxc-attach -n gitea -- bash -c "sudo -Hiu git nice -n19 ionice -n7 /usr/local/bin/gitea dump -c /etc/gitea/app.ini"
# Backup matrix # Backup matrix
lxc-attach -n matrix -- bash -c "sudo -Hiu postgres pg_dump -F t matrix > /var/db-backups/matrix.tar" lxc-attach -n matrix -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t matrix > /var/db-backups/matrix.tar"
# Backup pleroma # Backup pleroma
lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres pg_dump -F t pleroma > /var/db-backups/pleroma.tar" lxc-attach -n pleroma -- bash -c "sudo -Hiu postgres nice -n19 ionice -n7 pg_dump -F t pleroma > /var/db-backups/pleroma.tar"
# Backup ttrss # Backup ttrss
lxc-attach -n rss -- bash -c "mysqldump -u root ttrss | gzip -c > /var/db-backups/ttrss.gz" lxc-attach -n rss -- bash -c "nice -n10 ionice -n7 mysqldump -u root ttrss | nice -n19 ionice -n7 gzip -c > /var/db-backups/ttrss.gz"
### ###
@ -100,11 +101,11 @@ apt-key exportall | tee "$BACKUP_DIR"_local/repo.keys &>/dev/null
# #
# Restic Backups # Restic Backups
# #
lp='/var/lib/lxc/**/rootfs' lp='/var/lib/lxc/*/rootfs'
exclude_lxc="$lp/dev,$lp/media,$lp/mnt,$lp/proc,$lp/run,$lp/sys,$lp/tmp,$lp/var/tmp" exclude_lxc="$lp/dev,$lp/media,$lp/mnt,$lp/proc,$lp/run,$lp/sys,$lp/tmp,$lp/var/tmp"
for BH in $BACKUP_HOST; do for BH in $BACKUP_HOST; do
$restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc} eval $restic sftp:"$BH":"$REMOTE_DIR"_system backup / --exclude=\{/dev,/media,/mnt,/proc,/run,/sys,/tmp,/root/.cache/,/var/tmp,/var/lib/lxcfs/cgroup,/data/tmp,/data/BACKUP,/data/BACKUP_LXC,$exclude_lxc\}
## $restic sftp:"$BH":"$REMOTE_DIR"_lxc backup "$BACKUP_DIR_LXC" ## $restic sftp:"$BH":"$REMOTE_DIR"_lxc backup "$BACKUP_DIR_LXC"
done done
@ -116,7 +117,7 @@ CHECKEOM="$(date --date=tomorrow +%d)"
if [ "$CHECKEOM" -eq 01 ]; then if [ "$CHECKEOM" -eq 01 ]; then
for BH in $BACKUP_HOST; do for BH in $BACKUP_HOST; do
for RLN in $RESTIC_LOC_NAME; do for RLN in $RESTIC_LOC_NAME; do
restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 3 restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" forget --keep-daily 1 --keep-weekly 4 --keep-monthly 1
restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" prune restic -r sftp:"$BH":"$REMOTE_DIR"_"$RLN" prune
done done
done done