radioelephant
/
admin-scripts
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Improve CHANGELOG and add more links to README

This commit is contained in:
Robin Meier 2024-03-16 02:58:48 +01:00
parent d4560f5795
commit 53cb304d7e
2 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -1,5 +1,10 @@
# Admin Scripts # Admin Scripts
*This is the CHANGELOG, see [README](README.md) for more information.*
## Changelog ## Changelog
### 2024-03-16 - Initial Version ### 2024-03-16 - Initial Version
Initial commit of Admin Scripts.
You can follow the [installation instructions](README.md#installation) in the [README](README.md) and should be good to go!

25
README.md
View File

@ -16,7 +16,8 @@ git clone ssh://git@git.mneun.ch:2222/radioelephant/admin-scripts.git scripts
mkdir -p /root/logs mkdir -p /root/logs
``` ```
If you are unable to clone via ssh, try via https. If you are unable to clone via SSH, try via https.
SSH is preferrable.
```bash ```bash
cd /root cd /root
@ -25,11 +26,11 @@ mkdir -p /root/logs
``` ```
Please also quickly read the [CHANGELOG](CHANGELOG.md) and confirm this by running `date > /root/scripts/.last_changelog_read`. Please also quickly read the [CHANGELOG](CHANGELOG.md) and confirm this by running `date > /root/scripts/.last_changelog_read`.
This will be helpful when updating the admin scripts. This will be helpful when updating the admin scripts later on.
### Config Files ### Config Files
For each script there is a `.script_name_env.EXAMPLE` file, which you must copy (remove `.EXAMPLE` part) and edit while providing your own information. For each script there is a `.[script_name]_env.EXAMPLE` file, which you must copy (remove `.EXAMPLE` part) and edit while providing your own information.
```bash ```bash
SCRIPT_NAME=zfs_health_check SCRIPT_NAME=zfs_health_check
@ -58,7 +59,7 @@ systemctl daemon-reload
### Startup Helper ### Startup Helper
To install the startup helper script into the regular user home use the following commands, while supplying your username on the first line. To install the [startup helper script](#using-startup-helper) into the regular user home use the following commands, while supplying your username on the first line.
```bash ```bash
USRNAME=radioelephant USRNAME=radioelephant
@ -91,7 +92,7 @@ Read it with `cat /root/scripts/.last_changelog_read`.
#### Updating Startup Helper #### Updating Startup Helper
The startup helper script in the regular user home cannot be updated via `git pull` and needs to be compared and/or copied manually. The [startup helper script](#using-startup-helper) in the regular user home cannot be updated via `git pull` and needs to be compared and/or copied manually.
To compare use the following commands: To compare use the following commands:
```bash ```bash
@ -100,7 +101,7 @@ diff /root/scripts/post_startup.sh /home/$USRNAME/post_startup.sh
diff /root/scripts/.post_startup_env.EXAMPLE /home/$USRNAME/.post_startup_env diff /root/scripts/.post_startup_env.EXAMPLE /home/$USRNAME/.post_startup_env
``` ```
To copy the startup helper script again, use the following commands (first line not needed, if you just ran the last set of commands). To copy the [startup helper script](#using-startup-helper) again, use the following commands (first line not needed, if you just ran the last set of commands).
Please adapt the environment file `/home/[USRNAME]/.post_startup_env` manually. Please adapt the environment file `/home/[USRNAME]/.post_startup_env` manually.
```bash ```bash
@ -125,12 +126,12 @@ The output of these scripts can be redirected and used however you like.
Typically I redirect the output to the `telegram_notification.sh` script which notifies me of any noisy scripts. Typically I redirect the output to the `telegram_notification.sh` script which notifies me of any noisy scripts.
Regardless of any problems each script also logs its executions in `/root/logs`. Regardless of any problems each script also logs its executions in `/root/logs`.
Make sure you created this folder during installation. Make sure you created this folder during [installation](#installation).
### Crontab ### Crontab Scheduling
You can schedule regular execution of these scripts with "cron". You can schedule regular execution of these scripts with "cron".
To configure "cron" use the `crontab -e` command, which opens VIM, *our favourite text editor*, containing the cron schedule. To configure cron use the `crontab -e` command, which opens VIM, *our favourite text editor*, containing the cron schedule.
If you are unsure about the cron schedule, use [Crontab Guru](https://crontab.guru). If you are unsure about the cron schedule, use [Crontab Guru](https://crontab.guru).
My current crontab looks like this: My current crontab looks like this:
@ -151,7 +152,7 @@ Adapt this to your needs, you might also implement other checks and only use the
Or you might implement your own notification script to notify you via another service. Or you might implement your own notification script to notify you via another service.
The `telegram_notification.sh` can easily be adapted (just remove comment) to forward all notifications to `STDOUT` which typically makes cron send a mail. The `telegram_notification.sh` can easily be adapted (just remove comment) to forward all notifications to `STDOUT` which typically makes cron send a mail.
### Startup ### Using Startup Helper
The `post_startup.sh` script is a helper script which should be run as soon as possible after a system boot. The `post_startup.sh` script is a helper script which should be run as soon as possible after a system boot.
It will check for encrypted datasets with user provided passwords which are not mounted yet. It will check for encrypted datasets with user provided passwords which are not mounted yet.
@ -167,8 +168,8 @@ To complete the post startup tasks use the following command after logging in as
You can permit your user to run all of the commands in the script with out having to enter the users password by adapting the "sudoers" file. You can permit your user to run all of the commands in the script with out having to enter the users password by adapting the "sudoers" file.
Beware that this is a security concern, as the regular user can thus manage all docker containers, which can hijack your host network, amongst other things. Beware that this is a security concern, as the regular user can thus manage all docker containers, which can hijack your host network, amongst other things.
But as I connect to my servers via SSH keys which are stored reasonably securely on Yubikeys, I waive this security measure. But as I connect to my servers via SSH keys which are stored reasonably securely on Yubikeys, I waive this security measure.
To edit the "sudoers" file use the `visudo` command as root, which also opens VIM, *our favourite text editor*. To edit the sudoers file use the `visudo` command as root, which also opens VIM, *our favourite text editor*.
My relevant part of the "sudoers" file looks as follows: My relevant part of the sudoers file looks as follows:
```sudoers ```sudoers
radioelephant ALL=NOPASSWD: /usr/bin/zfs mount -a -l radioelephant ALL=NOPASSWD: /usr/bin/zfs mount -a -l