364 lines
11 KiB
Plaintext
364 lines
11 KiB
Plaintext
|
########################################
|
||
|
# Cron (needed for email output of backup jobs)
|
||
|
########################################
|
||
|
|
||
|
pacman -S cronie
|
||
|
mkdir /etc/systemd/system/cronie.service.d
|
||
|
cat > /etc/systemd/system/cronie.service.d/override.conf <<EOF
|
||
|
[Service]
|
||
|
ExecStart=
|
||
|
ExecStart=/usr/bin/crond -n -m '/usr/bin/msmtp -t'
|
||
|
EOF
|
||
|
systemctl daemon-reload
|
||
|
systemctl enable --now cronie
|
||
|
|
||
|
|
||
|
########################################
|
||
|
# restic backups
|
||
|
########################################
|
||
|
|
||
|
pacman -S restic
|
||
|
btrfs subvolume create /tank/backup
|
||
|
restic init -r /tank/backup
|
||
|
cat > /root/restic_backup.sh <<EOF
|
||
|
#!/bin/bash
|
||
|
|
||
|
MACHINE=picture-frame
|
||
|
ZONE=root
|
||
|
|
||
|
export RESTIC_REPOSITORY=/tank/backup/
|
||
|
export RESTIC_PASSWORD=testing1234
|
||
|
|
||
|
/usr/bin/restic backup -v -q \
|
||
|
--tag $MACHINE --tag $ZONE \
|
||
|
/ \
|
||
|
--exclude /run \
|
||
|
--exclude /snapshots \
|
||
|
--exclude /tank \
|
||
|
--exclude /scratch \
|
||
|
--exclude /proc \
|
||
|
--exclude /sys \
|
||
|
--exclude /var/lib/schroot/mount \
|
||
|
--exclude /var/lib/docker \
|
||
|
--exclude /var/lib/lxcfs \
|
||
|
--exclude /mnt \
|
||
|
--exclude /root/.cache \
|
||
|
|
||
|
/usr/bin/restic forget -v \
|
||
|
--tag $MACHINE --tag $ZONE \
|
||
|
--keep-daily=7 \
|
||
|
--keep-weekly=4 \
|
||
|
--keep-monthly=12 \
|
||
|
--keep-yearly 1
|
||
|
|
||
|
# This can take a very, very long time
|
||
|
/usr/bin/restic prune && /usr/bin/restic check
|
||
|
EOF
|
||
|
chmod a+x /root/restic_backup.sh
|
||
|
crontab -e
|
||
|
0 7 * * * /root/restic_backup.sh
|
||
|
|
||
|
########################################
|
||
|
# web based admin panel / dashboard / app
|
||
|
########################################
|
||
|
|
||
|
# Remote management on http://ip:9090
|
||
|
pacman -S cockpit cockpit-pcp packagekit udisks2 networkmanager firewalld
|
||
|
systemctl enable --now firewalld
|
||
|
firewall-cmd --zone=public --permanent --add-port=9090/tcp
|
||
|
firewall-cmd --zone=public --permanent --add-service=ssh
|
||
|
firewall-cmd --reload
|
||
|
systemctl enable --now NetworkManager
|
||
|
systemctl enable --now cockpit.socket
|
||
|
|
||
|
########################################
|
||
|
# web server w/ useful links
|
||
|
########################################
|
||
|
|
||
|
pacman -S lighttpd
|
||
|
mkdir /etc/lighttpd/conf.d
|
||
|
echo "include \"/etc/lighttpd/conf.d/*.conf\"" >> /etc/lighttpd/lighttpd.conf
|
||
|
mkdir /srv/http
|
||
|
cat > /srv/http/index.html <<EOF
|
||
|
<html>
|
||
|
|
||
|
<head>
|
||
|
<title>PiFrame</title>
|
||
|
</head>
|
||
|
|
||
|
<body>
|
||
|
<p><a href="http://127.0.0.1:9090">CockPit Web Management</a></p>
|
||
|
<p><a href="http://127.0.0.1:2812">Monit Monitoring</a></p>
|
||
|
<p><a href="http://127.0.0.1:2813">Munin Monitoring</a></p>
|
||
|
<p><a href="http://127.0.0.1:8384">Syncthing Admin Interface</a></p>
|
||
|
<p><a href="http://127.0.0.1:9191">Picture File Browser</a></p>
|
||
|
</body>
|
||
|
</html>
|
||
|
EOF
|
||
|
firewall-cmd --zone=public --permanent --add-service=http
|
||
|
firewall-cmd --zone=public --permanent --add-service=https
|
||
|
firewall-cmd --reload
|
||
|
systemctl enable --now lighttpd
|
||
|
|
||
|
########################################
|
||
|
# system monitoring
|
||
|
########################################
|
||
|
|
||
|
pacman -S monit
|
||
|
mkdir /etc/monit.d
|
||
|
nano -w /etc/monitrc
|
||
|
include /etc/monit.d/*
|
||
|
set httpd port 2812 and
|
||
|
use address 0.0.0.0 # only accept connection from localhost (drop if you use M/Monit)
|
||
|
allow admin:monit # require user 'admin' with password 'monit'
|
||
|
|
||
|
|
||
|
set mailserver robomail.nusku.biz port 587
|
||
|
username "piframe@robomail.nusku.biz" password "r8QA6AEFaqtCdDjfvzY3gvsX"
|
||
|
using tls
|
||
|
cat > /etc/monit.d/rootfs <<EOF
|
||
|
check filesystem rootfs with path /
|
||
|
if space usage > 80% then alert
|
||
|
EOF
|
||
|
cat > /etc/monit.d/tankfs <<EOF
|
||
|
check filesystem tankfs with path /tank
|
||
|
if space usage > 80% then alert
|
||
|
EOF
|
||
|
cat > /etc/monit.d/feh <<EOF
|
||
|
check process feh matching /usr/bin/feh
|
||
|
start program = "/usr/bin/systemctl start greetd"
|
||
|
stop program = "/usr/bin/systemctl stop greetd"
|
||
|
if does not exist then alert
|
||
|
if does not exist for 2 cycles then restart
|
||
|
EOF
|
||
|
systemctl enable --now monit
|
||
|
firewall-cmd --zone=public --permanent --add-port=2812/tcp
|
||
|
firewall-cmd --reload
|
||
|
|
||
|
|
||
|
########################################
|
||
|
# system _resource_ monitoring
|
||
|
########################################
|
||
|
|
||
|
pacman -S munin perl-cgi-fast
|
||
|
nano -w /etc/munin/munin.conf
|
||
|
graph_strategy cgi
|
||
|
html_strategy cron
|
||
|
[piframe]
|
||
|
address 127.0.0.1
|
||
|
use_node_name yes
|
||
|
chown munin: /var/lib/munin/cgi-tmp
|
||
|
chown munin: -R /usr/share/munin/www
|
||
|
munin-node-configure --shell # activate useful plugins
|
||
|
sudo -sHu munin munin-cron # prime munin data
|
||
|
systemctl enable --now munin-node
|
||
|
crontab /etc/munin/munin-cron-entry -u munin
|
||
|
cat > /etc/lighttpd/lighttpd-munin.conf <<EOF
|
||
|
# Apply the following tweaks to the /etc/munin/munin.conf file ahead of running lighttpd for munin
|
||
|
## Use cgi rendering for graph and html
|
||
|
#graph_strategy cgi
|
||
|
#html_strategy cron
|
||
|
|
||
|
server.username = "munin"
|
||
|
server.groupname = "munin"
|
||
|
|
||
|
server.document-root = "/srv/http"
|
||
|
server.port = 2813
|
||
|
|
||
|
server.errorlog = "/var/log/munin/lighttpd-error.log"
|
||
|
dir-listing.activate = "disable"
|
||
|
server.modules = (
|
||
|
"mod_access",
|
||
|
"mod_accesslog",
|
||
|
"mod_alias",
|
||
|
"mod_rewrite",
|
||
|
"mod_redirect",
|
||
|
"mod_cgi",
|
||
|
"mod_fastcgi",
|
||
|
)
|
||
|
server.follow-symlink = "enable"
|
||
|
index-file.names = ( "index.html", "index.htm" )
|
||
|
|
||
|
url.redirect += ( "^/*$" => "/munin/" )
|
||
|
|
||
|
\$HTTP["url"] =~ "/munin-cgi/munin-cgi-graph" {
|
||
|
alias.url += ( "/munin-cgi/munin-cgi-graph" => "/usr/share/munin/cgi/munin-cgi-graph" )
|
||
|
cgi.assign = ( "" => "" )
|
||
|
}
|
||
|
|
||
|
#alias.url += ( "/munin/static" => "/etc/munin/static" )
|
||
|
alias.url += ( "/munin" => "/usr/share/munin/www" )
|
||
|
|
||
|
mimetype.assign = (
|
||
|
".html" => "text/html",
|
||
|
".txt" => "text/plain",
|
||
|
".css" => "text/css",
|
||
|
".js" => "application/x-javascript",
|
||
|
".jpg" => "image/jpeg",
|
||
|
".jpeg" => "image/jpeg",
|
||
|
".gif" => "image/gif",
|
||
|
".png" => "image/png",
|
||
|
"" => "application/octet-stream"
|
||
|
)
|
||
|
EOF
|
||
|
cat > /etc/systemd/system/lighttpd-munin.service <<EOF
|
||
|
[Unit]
|
||
|
Description=Lighttpd Web Server (munin)
|
||
|
After=syslog.target network.target
|
||
|
|
||
|
[Service]
|
||
|
PrivateTmp=true
|
||
|
ExecStart=/usr/bin/lighttpd-angel -D -f /etc/lighttpd/lighttpd-munin.conf
|
||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||
|
KillSignal=SIGINT
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
EOF
|
||
|
systemctl daemon-reload
|
||
|
systemctl enable --now lighttpd-munin
|
||
|
firewall-cmd --zone=public --permanent --add-port=2813/tcp
|
||
|
firewall-cmd --reload
|
||
|
|
||
|
########################################
|
||
|
# syncthing / rclone / web based file browser
|
||
|
########################################
|
||
|
|
||
|
curl https://rclone.org/install.sh | bash
|
||
|
pacman -S syncthing
|
||
|
touch /tank/pictures/.stfolder
|
||
|
chown feh: /tank/pictures/.stfolder
|
||
|
systemctl enable --now syncthing@feh.service # use feh user so perms are right for pics
|
||
|
ssh -L 8385:127.0.0.1:8384 user@piframe
|
||
|
http://localhost:8385
|
||
|
Change settings
|
||
|
General
|
||
|
Minimum free disk space : 10%
|
||
|
Anonymous usage reporting : Disabled
|
||
|
GUI
|
||
|
Listen address : 0.0.0.0:8384
|
||
|
GUI Auth user : admin
|
||
|
GUI Auth password : apassword
|
||
|
Delete default folder
|
||
|
Add /tank/pictures folder
|
||
|
Connect to upstream device w/ files you want to sync
|
||
|
Setup picture sync as inbound only
|
||
|
firewall-cmd --zone=public --permanent --add-port=8384/tcp
|
||
|
firewall-cmd --zone=public --permanent --add-port=22000/tcp
|
||
|
firewall-cmd --reload
|
||
|
|
||
|
curl -fsSL https://filebrowser.org/get.sh | bash
|
||
|
mkdir /home/feh/filebrowser
|
||
|
filebrowser -c /home/feh/filebrowser/pictures.json -d /home/feh/filebrowser/pictures.db \
|
||
|
config init
|
||
|
filebrowser -c /home/feh/filebrowser/pictures.json -d /home/feh/filebrowser/pictures.db \
|
||
|
config set --address 0.0.0.0
|
||
|
filebrowser -c /home/feh/filebrowser/pictures.json -d /home/feh/filebrowser/pictures.db \
|
||
|
config set --port 9191
|
||
|
filebrowser -c /home/feh/filebrowser/pictures.json -d /home/feh/filebrowser/pictures.db \
|
||
|
config set --branding.name "PiFrame - Pictures"
|
||
|
filebrowser -c /home/feh/filebrowser/pictures.json -d /home/feh/filebrowser/pictures.db \
|
||
|
users add admin apassword
|
||
|
chown feh: -R /home/feh/filebrowser
|
||
|
firewall-cmd --zone=public --permanent --add-port=9191/tcp
|
||
|
firewall-cmd --reload
|
||
|
cat > /etc/systemd/system/filebrowser-pictures.service <<EOF
|
||
|
[Unit]
|
||
|
Description=Filebrowser - Pictures
|
||
|
After=network.target
|
||
|
|
||
|
[Service]
|
||
|
User=feh
|
||
|
PrivateTmp=true
|
||
|
ExecStart=/usr/local/bin/filebrowser -c /home/feh/filebrowser/pictures.json -d /home/feh/filebrowser/pictures.db -r /tank/pictures --img-processors 1 --disable-thumbnails
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
EOF
|
||
|
systemctl daemon-reload
|
||
|
systemctl enable --now filebrowser-pictures
|
||
|
|
||
|
########################################
|
||
|
# wifi setup
|
||
|
########################################
|
||
|
|
||
|
nmtui # final wifi config to keep wires to a minimum (COCKPIT SETUP REQUIRED)
|
||
|
# use wifi-menu if not using network manger (network manager is part of cockpit setup)
|
||
|
|
||
|
########################################
|
||
|
# hdmi on/off commands
|
||
|
########################################
|
||
|
|
||
|
vcgencmd get_lcd_info
|
||
|
vcgencmd display_power 0
|
||
|
vcgencmd display_power 1
|
||
|
|
||
|
########################################
|
||
|
# schedule on/off of monitor
|
||
|
########################################
|
||
|
|
||
|
cat > /etc/systemd/system/screen-on.timer <<EOF
|
||
|
[Unit]
|
||
|
Description=Turn on display
|
||
|
|
||
|
[Timer]
|
||
|
OnCalendar=*-*-* 6:00:00
|
||
|
Persistent=true
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=timers.target
|
||
|
EOF
|
||
|
cat > /etc/systemd/system/screen-on.service <<EOF
|
||
|
[Unit]
|
||
|
Description=Turn on display
|
||
|
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
ExecStart=/opt/vc/bin/vcgencmd display_power 1
|
||
|
StandardOutput=journal
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
EOF
|
||
|
cat > /etc/systemd/system/screen-off.timer <<EOF
|
||
|
[Unit]
|
||
|
Description=Turn off display
|
||
|
|
||
|
[Timer]
|
||
|
OnCalendar=*-*-* 00:00:00
|
||
|
Persistent=true
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=timers.target
|
||
|
EOF
|
||
|
cat > /etc/systemd/system/screen-off.service <<EOF
|
||
|
[Unit]
|
||
|
Description=Turn off display
|
||
|
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
ExecStart=/opt/vc/bin/vcgencmd display_power 0
|
||
|
StandardOutput=journal
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
EOF
|
||
|
systemctl daemon-reload
|
||
|
systemctl enable screen-on.timer
|
||
|
systemctl enable screen-off.timer
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||
|
! Misc Notes
|
||
|
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||
|
|
||
|
https://www.raspberrypi.org/forums/viewtopic.php?f=29&t=24679
|
||
|
|
||
|
eyyy, 2560x1600 @ 50hz via hdmi on a pi4 is working!
|
||
|
|
||
|
hdmi_cvt=2560 1600 50 5 0 0 1
|
||
|
hdmi_group=2
|
||
|
hdmi_mode=88
|