diff options
| -rwxr-xr-x | freenas/snap_trimmer.py | 3 | ||||
| -rw-r--r-- | golang/recursiveWatcher/recursiveWatcher.go | 59 | ||||
| -rw-r--r-- | stackscripts/fedora_bootstrap.sh | 108 |
3 files changed, 169 insertions, 1 deletions
diff --git a/freenas/snap_trimmer.py b/freenas/snap_trimmer.py index fe884d9..675b2c9 100755 --- a/freenas/snap_trimmer.py +++ b/freenas/snap_trimmer.py @@ -5,7 +5,8 @@ Used to trim ZFS snapshots on a FreeNAS appliance if they're being sent from ano and rather than 1:1 replication you want a different retention policy on the backups. There is nothing elegant about this, and in fact it's fairly inefficient. It was a quick solution to a problem I had. PRs accepted. If you add an actual hostname, you could set -verify=True in your http(s) requests. +verify=True in your http(s) requests. I take no responsibility for whatever data loss you +may experience while using this. """ import requests diff --git a/golang/recursiveWatcher/recursiveWatcher.go b/golang/recursiveWatcher/recursiveWatcher.go new file mode 100644 index 0000000..3d26292 --- /dev/null +++ b/golang/recursiveWatcher/recursiveWatcher.go @@ -0,0 +1,59 @@ +package main + +import ( + "github.com/fsnotify/fsnotify" + "log" + "os" + "time" +) + +// IsDirectory - Returns a true/false if file is a directory +func IsDirectory(path string) bool { + fileInfo, err := os.Stat(path) + if err != nil { + log.Fatal(err) + } + return fileInfo.IsDir() +} + +func main() { + watcher, err := fsnotify.NewWatcher() + if err != nil { + log.Fatal(err) + } + defer watcher.Close() + done := make(chan bool) + + go func() { + for { + select { + case event, ok := <-watcher.Events: + if !ok { + return + } + log.Println("event:", event) + if IsDirectory(event.Name) == true { + log.Println("Adding new directory to watch: ", event.Name) + watcher.Add(event.Name) + } + if event.Op&fsnotify.Write == fsnotify.Write { + log.Println("modified file:", event.Name) + } + case err, ok := <-watcher.Errors: + if !ok { + return + } + log.Println("error:", err) + case <-time.After(10 * time.Second): + log.Println("TIMEOUT!") + close(done) + } + } + }() + + err = watcher.Add(os.Args[1]) + if err != nil { + log.Fatal(err) + } + <-done +} diff --git a/stackscripts/fedora_bootstrap.sh b/stackscripts/fedora_bootstrap.sh new file mode 100644 index 0000000..596f470 --- /dev/null +++ b/stackscripts/fedora_bootstrap.sh @@ -0,0 +1,108 @@ +#!/usr/bin/env bash + + +# Turn off selinux +setenforce 0 +sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config + +# Get rid of cockpit +systemctl stop cockpit +systemctl disable cockpit + +# Update all system packages +dnf update -y + +# Install a few extras +dnf install -y vim git + +# Set time and hostname +timedatectl set-ntp on +timedatectl set-timezone America/Denver +hostnamectl set-hostname fedora.jthan.io + +# Create normal user, make sudoer, and add ssh keys +useradd -m jonathan +usermod -a -G wheel jonathan +mkdir /home/jonathan/.ssh +chmod 700 /home/jonathan/.ssh +touch /home/jonathan/.ssh/authorized_keys +chmod 600 /home/jonathan/.ssh/authorized_keys +curl -sL https://github.com/jrdemasi.keys >> /home/jonathan/.ssh/authorized_keys +curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /home/jonathan/.vimrc +chown -R jonathan:jonathan /home/jonathan + +# Run ssh secure +curl -sL https://git.square-r00t.net/OpTools/plain/aif/scripts/post/sshsecure.py | python3 + +# Install kopia and start backing up important dirs +rpm --import https://kopia.io/signing-key + +cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo +[Kopia] +name=Kopia +baseurl=http://packages.kopia.io/rpm/stable/\$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://kopia.io/signing-key +EOF + +dnf install -y kopia + +# Create two repos +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository create filesystem --path /root/etc_backups +kopia repository create filesystem --path /root/jonathan_home_backups + +# Connect to etc repo, set global params for snap retention, take initial snapshot +kopia repository connect filesystem --path /root/etc_backups +kopia policy set --keep-latest 20 --global +kopia policy set --keep-annual 0 --global +kopia policy set --keep-monthly 3 --global +kopia policy set --keep-weekly 4 --global +kopia policy set --keep-daily 7 --global +kopia policy set --keep-hourly 24 --global +kopia snapshot create /etc +kopia repository disconnect + +# Connect to jonathan_home repo +kopia repository connect filesystem --path /root/jonathan_home_backups +kopia policy set --keep-latest 20 --global +kopia policy set --keep-annual 0 --global +kopia policy set --keep-monthly 3 --global +kopia policy set --keep-weekly 4 --global +kopia policy set --keep-daily 7 --global +kopia policy set --keep-hourly 24 --global +kopia snapshot create /home/jonathan +kopia repository disconnect + +# Setup snapshot scripts + cron +mkdir /root/bin +cat <<EOF > /root/bin/backup_etc.sh +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository connect filesystem --path /root/etc_backups +kopia snapshot create /etc +kopia maintenance run --full +kopia repository disconnect +EOF + +cat <<EOF > /root/bin/backup_jonathan_home.sh +export KOPIA_PASSWORD="ThisIsNotSecure" +kopia repository connect filesystem --path /root/jonathan_home_backups +kopia snapshot create /home/jonathan +kopia maintenance run --full +kopia repository disconnect +EOF + +chmod +x /root/bin/backup_* + +crontab -l > /root/crontab_new +echo "*/15 * * * * /root/bin/backup_etc.sh ; /root/bin/backup_jonathan_home.sh" >> crontab_new +crontab crontab_new +rm -rf /root/crontab_new + +# Couple of small finishing touches, ish +curl -sL https://git.jthan.io/configs/plain/dotfiles/.vimrc > /root/.vimrc + +# Reboot to apply updates, ssh config changes, etc. +reboot + |