radioelephant
/
admin-scripts
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add startup script section to README

This commit is contained in:
Robin Meier 2024-03-15 23:06:15 +01:00
parent 089078eec5
commit cee105b338
1 changed files with 54 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@ -3,6 +3,7 @@
This repo contains some administration scripts for administrering a debian machine.
The covered tasks range from file change tracking via http/ssh monitoring to zfs health checking.
## Installation
The scripts in this repo ***must*** be checked out into `/root/scripts`.
@ -13,8 +14,12 @@ git clone ssh://git@git.mneun.ch:2222/radioelephant/admin-scripts.git scripts
mkdir -p /root/logs
```
## Config Files
For each script there is a `.script_name_env.EXAMPLE` file, which you must copy (remove `.EXAMPLE` part) and edit while providing your own information.
If you want to use the example configuration, you can symbolic link the files. This really only makes sense for `.system_health_check`.
If you want to use the example configuration, you can symbolic link the files.
This really only makes sense for `.system_health_check`.
The command for this is:
```shell
@ -22,6 +27,29 @@ cd /root/scripts
ln -s .system_health_check.EXAMPLE .system_health_check
```
### Shutdown Notification
To be notified immediately before sever shutdown the contained `run-before-shutdown.service` can be installed as follows.
This service file will send a telegram notification informing about the pending shutdown.
```shell
ln -s /root/scripts/run-before-shutdown.service /etc/systemd/system/shutdown.target.wants/run-before-shutdown.service
systemctl daemon-reload
```
### Startup Helper
To install the startup helper script into the regular user home use the following commands, while supplying your username on the first line.
```shell
USRNAME=radioelephant
ln -s /root/scripts/post_startup.sh /home/$USRNAME/post_startup
cp /root/scripts/.post_startup_env.EXAMPLE /home/$USRNAME/.post_startup_env
vim /home/$USRNAME/.post_startup_env
```
*Just shutdown your computer if you don't know how to exit VIM at this point.*
### Updating
You can update the admin scripts by pulling from the git remote.
@ -31,6 +59,7 @@ cd /root/scripts
git pull
```
## Usage
The check and monitoring scripts in this repo can be run periodically be run and if any problems are detected, they produce output.
@ -44,7 +73,7 @@ Make sure you created this folder during installation.
### Crontab
You can schedule regular execution of these scripts with "cron".
To configure "cron" use the `crontab -e` command, which opens vim, *our favourite text editor*, containing the cron schedule.
To configure "cron" use the `crontab -e` command, which opens VIM, *our favourite text editor*, containing the cron schedule.
If you are unsure about the cron schedule, use [Crontab Guru](https://crontab.guru).
My current crontab looks like this:
@ -61,14 +90,32 @@ My current crontab looks like this:
@reboot sleep 30 && bash -c '/root/scripts/zfs_health_check.sh | /root/scripts/telegram_notification.sh'
```
### Shutdown
Adapt this to your needs, you might also implement other checks and only use the `telegram_notification.sh` script from this repo.
Or you might implement your own notification script to notify you via another service.
The `telegram_notification.sh` can easily be adapted to forward all notifications to `STDOUT` which typically sends an email.
To be notified immediately before sever shutdown the contained `run-before-shutdown.service` can be installed as follows.
This service file will send a telegram notification informing about the pending shutdown.
### Startup
The `post_startup.sh` script is a helper script which should be run as soon as possible after a system boot.
It will check for encrypted datasets with user provided passwords which are not mounted yet.
After decrypting the datasets this script starts the configured docker containers which are depending on the encrypted datasets.
Because my containers struggle with DNS which depends on a docker container itself, the script also restarts some configured docker containers at this point.
To complete the post startup tasks use the following command after logging in as your regular user:
```shell
ln -s /root/scripts/run-before-shutdown.service /etc/systemd/system/shutdown.target.wants/run-before-shutdown.service
systemctl daemon-reload
./post_startup.sh
```
You can permit your user to run all of the commands in the script with out having to enter the users password by adapting the "sudoers" file.
Beware that this is a security concern, as the regular user can thus manage all docker containers, which can hijack your host network, amongst other things.
But as I connect to my servers via SSH keys which are stored reasonably securely on Yubikeys, I waive this security measure.
To edit the "sudoers" file use the `visudo` command as root, which also opens VIM, *our favourite text editor*.
My relevant part of the "sudoers" file looks as follows:
```sudoers
radioelephant ALL=NOPASSWD: /usr/bin/zfs mount -a -l
radioelephant ALL=(docker) NOPASSWD: /usr/bin/docker
```
## Contributors