add Troubleshooting.md

update gitea theme name in app.ini.j2
ban more jerks
2025-06-14 03:48:49 -07:00 · 2025-06-14 03:47:59 -07:00 · 2025-05-24 19:36:17 -07:00 · 2025-05-24 19:36:17 -07:00 · 2025-03-09 10:39:23 -07:00 · 2025-03-07 16:13:15 -08:00
55 changed files with 495 additions and 328 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "mkdocs-material"]
 	path = mkdocs-material
-	url = git@github.com:charlesreid1-docker/mkdocs-material.git
+	url = https://github.com/charlesreid1/mkdocs-material
--- a/53
+++ b/53
@@ -63,13 +63,14 @@ help:
 templates:
 	@find * -name "*.service.j2" | xargs -I '{}' chmod 644 {}
 	@find * -name "*.timer.j2" | xargs -I '{}' chmod 644 {}
-	python3 $(POD_CHARLESREID1_DIR)/scripts/apply_templates.py
+	/home/charles/.pyenv/shims/python3 $(POD_CHARLESREID1_DIR)/scripts/apply_templates.py

 list-templates:
 	@find * -name "*.j2"

 clean-templates:
-	python3 $(POD_CHARLESREID1_DIR)/scripts/clean_templates.py
+	# sudo is required because bind-mounted gitea files end up owned by root. stupid docker.
+	sudo -E /home/charles/.pyenv/shims/python3 $(POD_CHARLESREID1_DIR)/scripts/clean_templates.py

 # Backups

@@ -97,31 +98,42 @@ mw-fix-skins:
 # /www Dir

 clone-www:
-	python3 $(POD_CHARLESREID1_DIR)/scripts/git_clone_www.py
+	/home/charles/.pyenv/shims/python3 $(POD_CHARLESREID1_DIR)/scripts/git_clone_www.py

 pull-www:
-	python3 $(POD_CHARLESREID1_DIR)/scripts/git_pull_www.py
+	/home/charles/.pyenv/shims/python3 $(POD_CHARLESREID1_DIR)/scripts/git_pull_www.py

 install:
 ifeq ($(shell which systemctl),)
 	$(error Please run this make command on a system with systemctl installed)
 endif
+	@/home/charles/.pyenv/shims/python3 -c 'import botocore' || (echo "Please install the botocore library using python3 or pip3 binary"; exit 1)
+	@/home/charles/.pyenv/shims/python3 -c 'import boto3' || (echo "Please install the boto3 library using python3 or pip3 binary"; exit 1)
+
 	sudo cp $(POD_CHARLESREID1_DIR)/scripts/pod-charlesreid1.service /etc/systemd/system/pod-charlesreid1.service
+
+	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-aws.{service,timer} /etc/systemd/system/.
+	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-cleanolderthan.{service,timer} /etc/systemd/system/.
+	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-gitea.{service,timer} /etc/systemd/system/.
 	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-wikidb.{service,timer} /etc/systemd/system/.
 	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-wikifiles.{service,timer} /etc/systemd/system/.
-	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-gitea.{service,timer} /etc/systemd/system/.
-	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/pod-charlesreid1-backups-aws.{service,timer} /etc/systemd/system/.
+
 	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/canary/pod-charlesreid1-canary.{service,timer} /etc/systemd/system/.
 	sudo cp $(POD_CHARLESREID1_DIR)/scripts/certbot/pod-charlesreid1-certbot.{service,timer} /etc/systemd/system/.

+	sudo cp $(POD_CHARLESREID1_DIR)/scripts/backups/10-pod-charlesreid1-rsyslog.conf /etc/rsyslog.d/.
+
 	sudo chmod 664 /etc/systemd/system/pod-charlesreid1*
 	sudo systemctl daemon-reload

+	sudo systemctl restart rsyslog
+
 	sudo systemctl enable pod-charlesreid1
 	sudo systemctl enable pod-charlesreid1-backups-wikidb.timer
 	sudo systemctl enable pod-charlesreid1-backups-wikifiles.timer
 	sudo systemctl enable pod-charlesreid1-backups-gitea.timer
 	sudo systemctl enable pod-charlesreid1-backups-aws.timer
+	sudo systemctl enable pod-charlesreid1-backups-cleanolderthan.timer
 	sudo systemctl enable pod-charlesreid1-canary.timer
 	sudo systemctl enable pod-charlesreid1-certbot.timer

@@ -129,37 +141,54 @@ endif
 	sudo systemctl start pod-charlesreid1-backups-wikifiles.timer
 	sudo systemctl start pod-charlesreid1-backups-gitea.timer
 	sudo systemctl start pod-charlesreid1-backups-aws.timer
+	sudo systemctl start pod-charlesreid1-backups-cleanolderthan.timer
 	sudo systemctl start pod-charlesreid1-canary.timer
 	sudo systemctl start pod-charlesreid1-certbot.timer

+	sudo chown syslog:syslog /var/log/pod-charlesreid1-backups-aws.service.log
+	sudo chown syslog:syslog /var/log/pod-charlesreid1-backups-cleanolderthan.service.log
+	sudo chown syslog:syslog /var/log/pod-charlesreid1-backups-gitea.service.log
+	sudo chown syslog:syslog /var/log/pod-charlesreid1-backups-wikidb.service.log
+	sudo chown syslog:syslog /var/log/pod-charlesreid1-backups-wikifiles.service.log
+	sudo chown syslog:syslog /var/log/pod-charlesreid1-canary.service.log
+
 uninstall:
 ifeq ($(shell which systemctl),)
 	$(error Please run this make command on a system with systemctl installed)
 endif
 	-sudo systemctl disable pod-charlesreid1
+	-sudo systemctl disable pod-charlesreid1-backups-aws.timer
+	-sudo systemctl disable pod-charlesreid1-backups-cleanolderthan.timer
+	-sudo systemctl disable pod-charlesreid1-backups-gitea.timer
 	-sudo systemctl disable pod-charlesreid1-backups-wikidb.timer
 	-sudo systemctl disable pod-charlesreid1-backups-wikifiles.timer
-	-sudo systemctl disable pod-charlesreid1-backups-gitea.timer
-	-sudo systemctl disable pod-charlesreid1-backups-aws.timer
 	-sudo systemctl disable pod-charlesreid1-canary.timer
 	-sudo systemctl disable pod-charlesreid1-certbot.timer

 	# Leave the pod running!
 	# -sudo systemctl stop pod-charlesreid1
+
+	-sudo systemctl stop pod-charlesreid1-backups-aws.timer
+	-sudo systemctl stop pod-charlesreid1-backups-cleanolderthan.timer
+	-sudo systemctl stop pod-charlesreid1-backups-gitea.timer
 	-sudo systemctl stop pod-charlesreid1-backups-wikidb.timer
 	-sudo systemctl stop pod-charlesreid1-backups-wikifiles.timer
-	-sudo systemctl stop pod-charlesreid1-backups-gitea.timer
-	-sudo systemctl stop pod-charlesreid1-backups-aws.timer
 	-sudo systemctl stop pod-charlesreid1-canary.timer
 	-sudo systemctl stop pod-charlesreid1-certbot.timer

 	-sudo rm -f /etc/systemd/system/pod-charlesreid1.service
+
+	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-aws.{service,timer}
+	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-cleanolderthan.{service,timer}
+	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-gitea.{service,timer}
 	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-wikidb.{service,timer}
 	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-wikifiles.{service,timer}
-	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-gitea.{service,timer}
-	-sudo rm -f /etc/systemd/system/pod-charlesreid1-backups-aws.{service,timer}
 	-sudo rm -f /etc/systemd/system/pod-charlesreid1-canary.{service,timer}
 	-sudo rm -f /etc/systemd/system/pod-charlesreid1-certbot.{service,timer}
+
 	sudo systemctl daemon-reload

+	-sudo rm -f /etc/rsyslog.d/10-pod-charlesreid1-rsyslog.conf
+	-sudo systemctl restart rsyslog
+
 .PHONY: help
--- a/Troubleshooting.md
+++ b/Troubleshooting.md
@@ -0,0 +1,19 @@
+To get a shell in a container that has been created, before it is runnning in a pod, use `docker run`:
+
+```
+docker run --rm -it --entrypoint bash <image-name-or-id>
+
+
+docker run --rm -it --entrypoint bash pod-charlesreid1_stormy_mediawiki
+```
+
+To get a shell in a container that is running in a pod, use `docker exec`:
+
+```
+docker exec -it <image-name> /bin/bash
+
+docker exec -it stormy_mw /bin/bash
+```
+
+Also, if no changes are picking up, and you've already tried rebuilding the container image, try editing the Dockerfile.
+
--- a/d-gitea/custom/conf/app.ini.j2
+++ b/d-gitea/custom/conf/app.ini.j2
@@ -6,12 +6,14 @@
 ;; https://github.com/go-gitea/gitea/blob/master/conf/app.ini
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-APP_NAME = {{ gitea_app_name }}
+APP_NAME = {{ pod_charlesreid1_gitea_app_name }}
 RUN_USER = git
 RUN_MODE = prod
+WORK_PATH = /data/gitea

 [ui]
-DEFAULT_THEME = arc-green
+DEFAULT_THEME = gitea-dark
+THEMES = gitea-dark

 [database]
 DB_TYPE  = sqlite3
@@ -31,17 +33,17 @@ DISABLE_HTTP_GIT = false

 [server]
 PROTOCOL     = http
-DOMAIN       = git.{{ server_name_default }}
+DOMAIN       = git.{{ pod_charlesreid1_server_name }}
 #CERT_FILE    = /www/gitea/certs/cert.pem
 #KEY_FILE     = /www/gitea/certs/key.pem
-SSH_DOMAIN   = git.{{ server_name_default }}
+SSH_DOMAIN   = git.{{ pod_charlesreid1_server_name }}
 HTTP_PORT    = 3000
 HTTP_ADDR    = 0.0.0.0
-ROOT_URL     = https://git.{{ server_name_default }}
+ROOT_URL     = https://git.{{ pod_charlesreid1_server_name }}
 ;ROOT_URL     = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 DISABLE_SSH  = false
 ; port to display in clone url:
-SSH_PORT     = 222
+;SSH_PORT     = 222
 ; port for built-in ssh server to listen on:
 SSH_LISTEN_PORT = 22
 OFFLINE_MODE = false
@@ -92,9 +94,9 @@ ENABLED      = false

 [security]
 INSTALL_LOCK        = true
-SECRET_KEY          = {{ gitea_secret_key }}
+SECRET_KEY          = {{ pod_charlesreid1_gitea_secretkey }}
 MIN_PASSWORD_LENGTH = 6
-INTERNAL_TOKEN      = {{ gitea_internal_token }}
+INTERNAL_TOKEN      = {{ pod_charlesreid1_gitea_internaltoken }}

 [other]
 SHOW_FOOTER_BRANDING           = false
--- a/d-mediawiki/Dockerfile
+++ b/d-mediawiki/Dockerfile
@@ -1,4 +1,4 @@
-FROM mediawiki
+FROM mediawiki:1.34

 EXPOSE 8989

@@ -41,17 +41,13 @@ RUN chown -R www-data:www-data /var/www/html/*
 # Skins
 COPY charlesreid1-config/mediawiki/skins /var/www/html/skins
 RUN chown -R www-data:www-data /var/www/html/skins
+RUN touch /var/www/html/skins

 # Settings
 COPY charlesreid1-config/mediawiki/LocalSettings.php /var/www/html/LocalSettings.php
 RUN chown -R www-data:www-data /var/www/html/LocalSettings*
 RUN chmod 600 /var/www/html/LocalSettings.php

-# MediaWiki Fail2ban log directory
-RUN mkdir -p /var/log/mwf2b
-RUN chown -R www-data:www-data /var/log/mwf2b
-RUN chmod 700 /var/log/mwf2b
-
 # Apache conf file
 COPY charlesreid1-config/apache/*.conf /etc/apache2/sites-enabled/
 RUN a2enmod rewrite
@@ -59,4 +55,10 @@ RUN service apache2 restart

 ## make texvc
 #CMD cd /var/www/html/extensions/Math && make && apache2-foreground
+
+# PHP conf file
+# https://hub.docker.com/_/php/
+COPY php/php.ini /usr/local/etc/php/
+
+# Start
 CMD apache2-foreground
--- a/d-mediawiki/Skins.md
+++ b/d-mediawiki/Skins.md
@@ -5,6 +5,10 @@ To update the MediaWiki skin:
 - Rebuild the MW container while the docker pod is still running (won't effect the docker pod)
 - When finished rebuilding the MW container, restart the docker pod.

+The skin currently in use is in `charlesreid1-config/mediawiki/skins/Bootstrap2`
+
+To rebuild and then restart the pod:
+
 ```
 # switch to main pod directory
 cd ../
--- a/d-mediawiki/charlesreid1-config/apache/charlesreid1.wiki.conf.j2
+++ b/d-mediawiki/charlesreid1-config/apache/charlesreid1.wiki.conf.j2
@@ -1,4 +1,4 @@
-ServerName {{ server_name_default }}
+ServerName {{ pod_charlesreid1_server_name }}

 Listen 8989

@@ -7,10 +7,10 @@ Listen 8989
    # talks to apache via 127.0.0.1
    # on port 8989

-    ServerAlias www.{{ server_name_default }}
+    ServerAlias www.{{ pod_charlesreid1_server_name }}

    LogLevel warn
-    ServerAdmin {{ admin_email }}
+    ServerAdmin {{ pod_charlesreid1_mediawiki_admin_email }}
    DirectoryIndex index.html index.cgi index.php


--- a/d-mediawiki/charlesreid1-config/mediawiki/LocalSettings.php.j2
+++ b/d-mediawiki/charlesreid1-config/mediawiki/LocalSettings.php.j2
@@ -13,8 +13,8 @@ if ( !defined( 'MEDIAWIKI' ) ) {
 }

 ## The protocol and server name to use in fully-qualified URLs
-$wgServer = 'https://{{ server_name_default }}';
-$wgCanonicalServer = 'https://{{ server_name_default }}';
+$wgServer = 'https://{{ pod_charlesreid1_server_name }}';
+$wgCanonicalServer = 'https://{{ pod_charlesreid1_server_name }}';

 ## The URL path to static resources (images, scripts, etc.)
 $wgStylePath = "$wgScriptPath/skins";
@@ -209,13 +209,6 @@ wfLoadExtension( 'EmbedVideo' );

 require_once "$IP/extensions/Math/Math.php";

-#############################################
-# Fail2banlog extension
-# https://www.mediawiki.org/wiki/Extension:Fail2banlog
-
-require_once "$IP/extensions/Fail2banlog/Fail2banlog.php";
-$wgFail2banlogfile = "/var/log/apache2/mwf2b.log";
-
 #############################################
 # Fix cookies crap

@@ -224,7 +217,7 @@ session_save_path("/tmp");
 ##############################################
 # Secure login

-$wgServer = "https://{{ server_name_default }}";
+$wgServer = "https://{{ pod_charlesreid1_server_name }}";
 $wgSecureLogin = true;

 ###################################
--- a/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh
+++ b/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh
@@ -1,93 +0,0 @@
-#!/bin/bash
-# 
-# clone or download each extension
-# and build o
-
-mkdir -p extensions
-(
-cd extensions
-
-##############################
-
-Extension="SyntaxHighlight_GeSHi"
-if [ ! -d ${Extension} ]
-then
-    ## This requires mediawiki > 1.31
-    ## (so does REL1_31)
-    #git clone https://github.com/wikimedia/mediawiki-extensions-SyntaxHighlight_GeSHi.git SyntaxHighlight_GeSHi
-
-    ## This manually downloads REL1_30
-    #wget https://extdist.wmflabs.org/dist/extensions/SyntaxHighlight_GeSHi-REL1_30-87392f1.tar.gz -O SyntaxHighlight_GeSHi.tar.gz
-    #tar -xzf SyntaxHighlight_GeSHi.tar.gz -C ${PWD}
-    #rm -f SyntaxHighlight_GeSHi.tar.gz
-
-    # Best of both worlds
-    git clone https://github.com/wikimedia/mediawiki-extensions-SyntaxHighlight_GeSHi.git SyntaxHighlight_GeSHi
-    (
-    cd ${Extension}
-    git checkout --track remotes/origin/REL1_34
-    )
-else
-    echo "Skipping ${Extension}"
-fi
-
-##############################
-
-Extension="ParserFunctions"
-if [ ! -d ${Extension} ]
-then
-    git clone https://github.com/wikimedia/mediawiki-extensions-ParserFunctions.git ${Extension}
-    (
-    cd ${Extension}
-    git checkout --track remotes/origin/REL1_34
-    )
-else
-    echo "Skipping ${Extension}"
-fi
-
-##############################
-
-Extension="EmbedVideo"
-if [ ! -d ${Extension} ]
-then
-    git clone https://github.com/HydraWiki/mediawiki-embedvideo.git ${Extension}
-    (
-    cd ${Extension}
-    git checkout v2.7.3
-    )
-else
-    echo "Skipping ${Extension}"
-fi
-
-##############################
-
-Extension="Math"
-if [ ! -d ${Extension} ]
-then
-    git clone https://github.com/wikimedia/mediawiki-extensions-Math.git ${Extension}
-    (
-    cd ${Extension}
-    git checkout REL1_34
-    )
-else
-    echo "Skipping ${Extension}"
-fi
-
-##############################
-
-Extension="Fail2banlog"
-if [ ! -d ${Extension} ]
-then
-    git clone https://github.com/charlesreid1-docker/mw-fail2ban.git ${Extension}
-    (
-    cd ${Extension}
-    git checkout master
-    )
-else
-    echo "Skipping ${Extension}"
-fi
-
-##############################
-
-# fin
-)
--- a/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/Bootstrap2.php.j2
+++ b/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/Bootstrap2.php.j2
@@ -106,7 +106,7 @@ include('/var/www/html/skins/Bootstrap2/navbar.php');
            <div class="container-fixed">
                <div class="navbar-header">
                    <a href="/wiki/" class="navbar-brand">
-                    {{ top_domain }} wiki
+                    {{ pod_charlesreid1_server_name }} wiki
                    </a>
                </div>
                <div>
--- a/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/footer.php
+++ b/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/footer.php
@@ -11,7 +11,7 @@
    </span>
    Made from the command line with vim by 
    <a href="http://charlesreid1.com">charlesreid1</a><br />
-    with help from <a href="https://getbootstrap.com/">Bootstrap</a> and <a href="http://getpelican.com">Pelican</a>.
+    with help from <a href="https://getbootstrap.com/">Bootstrap</a> and <a href="http://mediawiki.org">MediaWiki</a>.
 </p>

 <p style="text-align: center">
--- a/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/navbar.php.j2
+++ b/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/navbar.php.j2
@@ -6,14 +6,14 @@
                <span class="icon-bar"></span>
                <span class="icon-bar"></span> 
            </button>
-            <a href="/" class="navbar-brand">{{ top_domain }}</a>
+            <a href="/" class="navbar-brand">{{ pod_charlesreid1_server_name }}</a>
        </div>
        <div>
            <div class="collapse navbar-collapse" id="myNavbar">
                <ul class="nav navbar-nav">

                    <li>
-                        <a href="https://{{ top_domain }}/wiki">Wiki</a>
+                        <a href="https://{{ pod_charlesreid1_server_name }}/wiki">Wiki</a>
                    </li>

                </ul>
--- a/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/slate.css
+++ b/d-mediawiki/charlesreid1-config/mediawiki/skins/Bootstrap2/slate.css
@@ -1086,7 +1086,8 @@ html {
 }
 body {
  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
-  font-size: 14px;
+  /*font-size: 14px;*/
+  font-size: 20px;
  line-height: 1.42857143;
  color: #c8c8c8;
  background-color: #272b30;
--- a/d-mediawiki/php/php.ini
+++ b/d-mediawiki/php/php.ini
@@ -0,0 +1,3 @@
+post_max_size = 128M
+memory_limit = 128M
+upload_max_filesize = 100M
--- a/d-nginx-charlesreid1/conf.d/http.DOMAIN.conf.j2
+++ b/d-nginx-charlesreid1/conf.d/http.DOMAIN.conf.j2
@@ -1,6 +1,6 @@
 ####################
 # 
-# {{ server_name_default }}
+# {{ pod_charlesreid1_server_name }}
 # http/{{ port_default }}
 # 
 # basically, just redirects to https
@@ -10,20 +10,20 @@
 server {
    listen 80;
    listen [::]:80;
-    server_name {{ server_name_default }};
-    return 301 https://{{ server_name_default }}$request_uri;
+    server_name {{ pod_charlesreid1_server_name }};
+    return 301 https://{{ pod_charlesreid1_server_name }}$request_uri;
 }

 server {
    listen 80;
    listen [::]:80;
-    server_name www.{{ server_name_default }};
-    return 301 https://www.{{ server_name_default }}$request_uri;
+    server_name www.{{ pod_charlesreid1_server_name }};
+    return 301 https://www.{{ pod_charlesreid1_server_name }}$request_uri;
 }

 server {
    listen 80;
    listen [::]:80;
-    server_name git.{{ server_name_default }};
-    return 301 https://git.{{ server_name_default }}$request_uri;
+    server_name git.{{ pod_charlesreid1_server_name }};
+    return 301 https://git.{{ pod_charlesreid1_server_name }}$request_uri;
 }
--- a/d-nginx-charlesreid1/conf.d/https.DOMAIN.conf.j2
+++ b/d-nginx-charlesreid1/conf.d/https.DOMAIN.conf.j2
@@ -1,9 +1,9 @@
 ####################
 #
-# {{ server_name_default }}
+# {{ pod_charlesreid1_server_name }}
 # https/443
 # 
-# {{ server_name_default }} and www.{{ server_name_default }}
+# {{ pod_charlesreid1_server_name }} and www.{{ pod_charlesreid1_server_name }}
 # should handle the following cases:
 # - w/ and wiki/ should reverse proxy story_mw
 # - gitea subdomain should reverse proxy stormy_gitea
@@ -15,20 +15,24 @@
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
-    server_name {{ server_name_default }} default_server;
+    server_name {{ pod_charlesreid1_server_name }} default_server;

-    ssl_certificate /etc/letsencrypt/live/{{ server_name_default }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ server_name_default }}/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/{{ pod_charlesreid1_server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ pod_charlesreid1_server_name }}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    include /etc/nginx/conf.d/secheaders.conf;
    include /etc/nginx/conf.d/csp.conf;

    location / {
        try_files $uri $uri/ =404;
-        root /www/{{ server_name_default }}/htdocs;
+        root /www/{{ pod_charlesreid1_server_name }}/htdocs;
        index index.html;
    }

+    location = /robots.txt {
+        alias /var/www/robots/robots.txt;
+    }
+
    location /wiki/ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
@@ -55,21 +59,25 @@ server {
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
-    server_name www.{{ server_name_default }};
+    server_name www.{{ pod_charlesreid1_server_name }};

-    ssl_certificate /etc/letsencrypt/live/www.{{ server_name_default }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/www.{{ server_name_default }}/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/www.{{ pod_charlesreid1_server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.{{ pod_charlesreid1_server_name }}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    include /etc/nginx/conf.d/secheaders.conf;
    include /etc/nginx/conf.d/csp.conf;

-    root /www/{{ server_name_default }}/htdocs;
+    root /www/{{ pod_charlesreid1_server_name }}/htdocs;

    location / {
        try_files $uri $uri/ =404;
        index index.html;
    }

+    location = /robots.txt {
+        alias /var/www/robots/robots.txt;
+    }
+
    location /wiki/ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
@@ -94,18 +102,50 @@ server {
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
-    server_name git.{{ server_name_default }};
+    server_name git.{{ pod_charlesreid1_server_name }};

-    ssl_certificate /etc/letsencrypt/live/git.{{ server_name_default }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/git.{{ server_name_default }}/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/git.{{ pod_charlesreid1_server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/git.{{ pod_charlesreid1_server_name }}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    include /etc/nginx/conf.d/secheaders.conf;
    include /etc/nginx/conf.d/giteacsp.conf;

    location / {
+        # Ban jerks
+        deny 52.39.237.48;
+        deny 52.70.240.171;
+        deny 54.36.148.135;
+        deny 34.215.160.160;
+        deny 217.113.194.226;
+        deny 189.84.38.222;
+
+        deny 47.76.0.0/16;
+        deny 47.79.0.0/16;
+        # Fuck you in particular
+        deny 47.76.209.138;
+        deny 47.76.99.127;
+        deny 47.76.220.119;
+        deny 47.79.118.97;
+        deny 84.33.26.105;
+
+        deny 8.210.0.0/16;
+        deny 8.218.0.0/16;
+        # Fuck you in particular
+        deny 8.210.187.5;
+        deny 8.210.164.94;
+        deny 168.90.209.163;
+        deny 168.90.209.127;
+
+        deny 89.116.78.169;
+        allow all;
+
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://stormy_gitea:3000/;
    }
+
+    location = /robots.txt {
+        alias /var/www/robots/gitea.txt;
+    }
 }
--- a/d-nginx-charlesreid1/robots/gitea.txt
+++ b/d-nginx-charlesreid1/robots/gitea.txt
@@ -0,0 +1,16 @@
+User-agent: *
+Disallow: */commit/*
+Disallow: */src/*
+Disallow: */tree/*
+Disallow: */activity/*
+Disallow: */wiki/*
+Disallow: */releases/*
+Disallow: */pulls/*
+Disallow: */stars
+Disallow: */watchers
+Disallow: */forks
+Disallow: *?tab=activity
+Disallow: *?tab=stars
+Disallow: *?tab=following
+Disallow: *?tab=followers
+Disallow: *?lang=*
--- a/d-nginx-charlesreid1/robots/robots.txt
+++ b/d-nginx-charlesreid1/robots/robots.txt
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /w/
--- a/docker-compose.yml.j2
+++ b/docker-compose.yml.j2
@@ -13,6 +13,7 @@ services:
    restart: always
    volumes:
      - "stormy_gitea_data:/data"
+      - "./d-nginx-charlesreid1/robots:/var/www/robots:ro"
      - "./d-gitea/custom:/data/gitea"
      - "./d-gitea/data:/app/gitea/data"
      - "/gitea_repositories:/data/git/repositories"
@@ -35,26 +36,25 @@ services:
        max-size: 1m
        max-file: "10"
    environment:
-      - MYSQL_ROOT_PASSWORD={{ mysql_password }}
+      - MYSQL_ROOT_PASSWORD={{ pod_charlesreid1_mysql_password }}

  stormy_mw:
    build: d-mediawiki
    container_name: stormy_mw
    volumes:
      - "stormy_mw_data:/var/www/html"
-      - "./mwf2b:/var/log/mwf2b"
    logging:
      driver: "json-file"
      options:
        max-size: 1m
        max-file: "10"
    environment:
-      - MEDIAWIKI_SITE_SERVER=https://{{ server_name_default }}
-      - MEDIAWIKI_SECRETKEY={{ mediawiki_secretkey }}
+      - MEDIAWIKI_SITE_SERVER=https://{{ pod_charlesreid1_server_name }}
+      - MEDIAWIKI_SECRETKEY={{ pod_charlesreid1_mediawiki_secretkey }}
      - MYSQL_HOST=stormy_mysql
      - MYSQL_DATABASE=wikidb
      - MYSQL_USER=root
-      - MYSQL_PASSWORD={{ mysql_password }}
+      - MYSQL_PASSWORD={{ pod_charlesreid1_mysql_password }}
    depends_on:
      - stormy_mysql

@@ -62,14 +62,15 @@ services:
    restart: always
    image: nginx
    container_name: stormy_nginx
-    hostname: {{ server_name_default }}
+    hostname: {{ pod_charlesreid1_server_name }}
    hostname: charlesreid1.com
    command: /bin/bash -c "nginx -g 'daemon off;'"
    volumes:
      - "./d-nginx-charlesreid1/conf.d:/etc/nginx/conf.d:ro"
+      - "./d-nginx-charlesreid1/robots:/var/www/robots:ro"
      - "/etc/localtime:/etc/localtime:ro"
      - "/etc/letsencrypt:/etc/letsencrypt"
-      - "/www/{{ server_name_default }}/htdocs:/www/{{ server_name_default }}/htdocs:ro"
+      - "/www/{{ pod_charlesreid1_server_name }}/htdocs:/www/{{ pod_charlesreid1_server_name }}/htdocs:ro"
    logging:
      driver: "json-file"
      options:
--- a/docs/BlockIps.md
+++ b/docs/BlockIps.md
@@ -0,0 +1,9 @@
+To block IP address:
+
+* Modify the nginx config file template at 
+  `d-nginx-charlesreid1/conf.d/https.DOMAIN.conf.j2`
+* Re-render the Jinja templates into config files via
+  `make clean-templates && make templates`
+* Stop and restart the pod service:
+  `sudo systemctl stop pod-charlesreid1 && 
+  sudo systemctl start pod-charlesreid1`
--- a/environment.j2
+++ b/environment.j2
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# multiple templates:
+# -------------------
+export POD_CHARLESREID1_DIR="{{ pod_charlesreid1_pod_install_dir }}"
+export POD_CHARLESREID1_TLD="{{ pod_charlesreid1_server_name }}"
+export POD_CHARLESREID1_USER="{{ pod_charlesreid1_username }}"
+export POD_CHARLESREID1_VPN_IP_ADDR="{{ pod_charlesreid1_vpn_ip_addr }}"
+
+# mediawiki:
+# ----------
+export POD_CHARLESREID1_MW_ADMIN_EMAIL="{{ pod_charlesreid1_mediawiki_admin_email }}"
+export POD_CHARLESREID1_MW_SECRET_KEY="{{ pod_charlesreid1_mediawiki_secretkey }}"
+
+# mysql:
+# ------
+export POD_CHARLESREID1_MYSQL_PASSWORD="{{ pod_charlesreid1_mysql_password }}"
+
+# gitea:
+# ------
+export POD_CHARLESREID1_GITEA_APP_NAME="{{ pod_charlesreid1_gitea_app_name }}"
+export POD_CHARLESREID1_GITEA_SECRET_KEY="{{ pod_charlesreid1_gitea_secretkey }}"
+export POD_CHARLESREID1_GITEA_INTERNAL_TOKEN="{{ pod_charlesreid1_gitea_internaltoken }}"
+
+# aws:
+# ----
+export AWS_ACCESS_KEY_ID="{{ pod_charlesreid1_backups_aws_access_key }}"
+export AWS_SECRET_ACCESS_KEY="{{ pod_charlesreid1_backups_aws_secret_access_key }}"
+export AWS_DEFAULT_REGION="{{ pod_charlesreid1_backups_aws_region }}"
+
+# backups and scripts:
+# --------------------
+export POD_CHARLESREID1_BACKUP_DIR="{{ pod_charlesreid1_backups_dir }}"
+export POD_CHARLESREID1_BACKUP_S3BUCKET="{{ pod_charlesreid1_backups_bucket }}"
+export POD_CHARLESREID1_CANARY_WEBHOOK="{{ pod_charlesreid1_backups_canary_slack_url }}"
--- a/scripts/apply_templates.py
+++ b/scripts/apply_templates.py
@@ -12,21 +12,22 @@ OVERWRITE = False

 # Map of jinja variables to environment variables
 jinja_to_env = {
-    "pod_install_dir": "POD_CHARLESREID1_DIR",
-    "top_domain": "POD_CHARLESREID1_TLD",
-    "server_name_default" : "POD_CHARLESREID1_TLD",
-    "username": "POD_CHARLESREID1_USER",
-    # docker-compose:
-    "mysql_password" : "POD_CHARLESREID1_MYSQL_PASSWORD",
-    "mediawiki_secretkey" : "POD_CHARLESREID1_MW_SECRET_KEY",
-    # mediawiki:
-    "admin_email": "POD_CHARLESREID1_MW_ADMIN_EMAIL",
-    # gitea:
-    "gitea_app_name": "POD_CHARLESREID1_GITEA_APP_NAME",
-    "gitea_secret_key": "POD_CHARLESREID1_GITEA_SECRET_KEY",
-    "gitea_internal_token": "POD_CHARLESREID1_GITEA_INTERNAL_TOKEN",
-    # aws:
-    "backup_canary_webhook_url": "POD_CHARLESREID1_CANARY_WEBHOOK",
+    "pod_charlesreid1_pod_install_dir": "POD_CHARLESREID1_DIR",
+    "pod_charlesreid1_server_name": "POD_CHARLESREID1_TLD",
+    "pod_charlesreid1_username": "POD_CHARLESREID1_USER",
+    "pod_charlesreid1_vpn_ip_addr": "POD_CHARLESREID1_VPN_IP_ADDR",
+    "pod_charlesreid1_mediawiki_admin_email": "POD_CHARLESREID1_MW_ADMIN_EMAIL",
+    "pod_charlesreid1_mediawiki_secretkey": "POD_CHARLESREID1_MW_SECRET_KEY",
+    "pod_charlesreid1_mysql_password": "POD_CHARLESREID1_MYSQL_PASSWORD",
+    "pod_charlesreid1_gitea_app_name": "POD_CHARLESREID1_GITEA_APP_NAME",
+    "pod_charlesreid1_gitea_secretkey": "POD_CHARLESREID1_GITEA_SECRET_KEY",
+    "pod_charlesreid1_gitea_internaltoken": "POD_CHARLESREID1_GITEA_INTERNAL_TOKEN",
+    "pod_charlesreid1_backups_aws_access_key": "AWS_ACCESS_KEY_ID",
+    "pod_charlesreid1_backups_aws_secret_access_key": "AWS_SECRET_ACCESS_KEY",
+    "pod_charlesreid1_backups_aws_region": "AWS_DEFAULT_REGION",
+    "pod_charlesreid1_backups_dir": "POD_CHARLESREID1_BACKUP_DIR",
+    "pod_charlesreid1_backups_bucket": "POD_CHARLESREID1_BACKUP_S3BUCKET",
+    "pod_charlesreid1_backups_canary_slack_url": "POD_CHARLESREID1_CANARY_WEBHOOK",
 }

 scripts_dir = os.path.dirname(os.path.abspath(__file__))
--- a/scripts/backups/10-pod-charlesreid1-rsyslog.conf
+++ b/scripts/backups/10-pod-charlesreid1-rsyslog.conf
@@ -0,0 +1,28 @@
+if ( $programname startswith "pod-charlesreid1-canary" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-canary.service.log" flushOnTXEnd="off")
+    stop
+}
+if ( $programname startswith "pod-charlesreid1-certbot" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-certbot.service.log" flushOnTXEnd="off")
+    stop
+}
+if ( $programname startswith "pod-charlesreid1-backups-aws" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-backups-aws.service.log" flushOnTXEnd="off")
+    stop
+}
+if ( $programname startswith "pod-charlesreid1-backups-cleanolderthan" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-backups-cleanolderthan.service.log" flushOnTXEnd="off")
+    stop
+}
+if ( $programname startswith "pod-charlesreid1-backups-gitea" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-backups-gitea.service.log" flushOnTXEnd="off")
+    stop
+}
+if ( $programname startswith "pod-charlesreid1-backups-wikidb" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-backups-wikidb.service.log" flushOnTXEnd="on")
+    stop
+}
+if ( $programname startswith "pod-charlesreid1-backups-wikifiles" ) then {
+    action(type="omfile" file="/var/log/pod-charlesreid1-backups-wikifiles.service.log" flushOnTXEnd="on")
+    stop
+}
--- a/scripts/backups/Readme.md
+++ b/scripts/backups/Readme.md
@@ -13,3 +13,40 @@ for the systemd service.

 Use `make install` in the top level of this repo to install
 the rendered service and timer files.
+
+## syslog filtering
+
+Due to a bug in systemd bundled with Ubuntu 18.04, we can't just use the nice easy solution of
+directing output and error to a specific file.
+
+Instead, the services all send their stderr and stdout to the system log, and then rsyslog
+filters those messages and collects them into a separate log file.
+
+First, install the services.
+
+Then, install the following rsyslog config file:
+
+`/etc/rsyslog.d/10-pod-charlesreid1-rsyslog.conf`:
+
+```
+if $programname == 'pod-charlesreid1-canary' then /var/log/pod-charlesreid1-canary.service.log
+if $programname == 'pod-charlesreid1-canary' then stop
+
+if $programname == 'pod-charlesreid1-backups-aws' then /var/log/pod-charlesreid1-backups-aws.service.log
+if $programname == 'pod-charlesreid1-backups-aws' then stop
+
+if $programname == 'pod-charlesreid1-backups-cleanolderthan' then /var/log/pod-charlesreid1-backups-cleanolderthan.service.log
+if $programname == 'pod-charlesreid1-backups-cleanolderthan' then stop
+
+if $programname == 'pod-charlesreid1-backups-gitea' then /var/log/pod-charlesreid1-backups-gitea.service.log
+if $programname == 'pod-charlesreid1-backups-gitea' then stop
+
+if $programname == 'pod-charlesreid1-backups-wikidb' then /var/log/pod-charlesreid1-backups-wikidb.service.log
+if $programname == 'pod-charlesreid1-backups-wikidb' then stop
+
+if $programname == 'pod-charlesreid1-backups-wikifiles' then /var/log/pod-charlesreid1-backups-wikifiles.service.log
+if $programname == 'pod-charlesreid1-backups-wikifiles' then stop
+```
+
+
+
--- a/scripts/backups/aws_backup.sh
+++ b/scripts/backups/aws_backup.sh
@@ -47,12 +47,12 @@ if [ "$#" == "0" ]; then
    echo "Last backup found: ${LAST_BACKUP}"
    echo "Last backup directory: ${POD_CHARLESREID1_BACKUP_DIR}/${LAST_BACKUP}"

-    BACKUP_SIZE=$(du -hs ${POD_CHARLESREID1_BACKUP_DIR}/${LAST_BACKUP})
+    BACKUP_SIZE=$(/usr/bin/du -hs ${POD_CHARLESREID1_BACKUP_DIR}/${LAST_BACKUP} | cut -f 1)
    echo "Backup directory size: ${BACKUP_SIZE}"

    # Copy to AWS
    echo "Backing up directory ${POD_CHARLESREID1_BACKUP_DIR}/${LAST_BACKUP}"
-    aws s3 cp --only-show-errors --recursive ${POD_CHARLESREID1_BACKUP_DIR}/${LAST_BACKUP} s3://${POD_CHARLESREID1_BACKUP_S3BUCKET}/backups/${LAST_BACKUP}
+    aws s3 cp --only-show-errors --no-progress --recursive ${POD_CHARLESREID1_BACKUP_DIR}/${LAST_BACKUP} s3://${POD_CHARLESREID1_BACKUP_S3BUCKET}/backups/${LAST_BACKUP}
    echo "Done."

 else
--- a/scripts/backups/canary/backups_canary.py
+++ b/scripts/backups/canary/backups_canary.py
@@ -24,7 +24,7 @@ def main():
        alert(msg)

    # verify there is a backup newer than N days
-    newer_backups = subprocess.getoutput(f'find {backup_dir} -mtime -{N}').split('\n')
+    newer_backups = subprocess.getoutput(f'find {backup_dir}/* -mtime -{N}').split('\n')
    if len(newer_backups)==1 and newer_backups[0]=='':
        msg = "Local Backups Error:\n"
        msg += f"The backup directory `{backup_dir}` is missing backup files from the last {N} day(s)!"
@@ -97,7 +97,7 @@ def alert(msg):
        raise Exception(response.status_code, response.text)

    print("Goodbye.")
-    sys.exit(1)
+    sys.exit(0)


 if __name__ == '__main__':
--- a/scripts/backups/canary/pod-charlesreid1-canary.service.j2
+++ b/scripts/backups/canary/pod-charlesreid1-canary.service.j2
@@ -5,9 +5,10 @@ After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-canary.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-canary.service.output.log
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/backups/canary/vp/bin/python3 {{ pod_install_dir }}/scripts/backups/canary/backups_canary.py'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-canary
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; /home/charles/.pyenv/shims/python3 {{ pod_charlesreid1_pod_install_dir }}/scripts/backups/canary/backups_canary.py'
 User=charles
 Group=charles
-
--- a/scripts/backups/canary/pod-charlesreid1-canary.timer.j2
+++ b/scripts/backups/canary/pod-charlesreid1-canary.timer.j2
@@ -2,7 +2,7 @@
 Description=Timer to run the pod-charlesreid1 backups canary

 [Timer]
-OnCalendar=Sun *-*-* 9:03:00
+OnCalendar=*-*-* 7:01:00

 [Install]
 WantedBy=timers.target
--- a/scripts/backups/clean_olderthan.sh
+++ b/scripts/backups/clean_olderthan.sh
@@ -6,7 +6,7 @@ set -eux

 # Number of days of backups to retain.
 # Everything older than this many days will be deleted
-N="45"
+N="22"

 function usage {
    set +x
@@ -39,7 +39,7 @@ if [ "$#" == "0" ]; then
    echo "Backup directory: ${POD_CHARLESREID1_BACKUP_DIR}"
    echo ""

-    echo "Cleaning backups directory $BACKUP_DIR"
+    echo "Cleaning backups directory $POD_CHARLESREID1_BACKUP_DIR"
    echo "The following files older than $N days will be deleted:"
    find ${POD_CHARLESREID1_BACKUP_DIR} -mtime +${N}

--- a/scripts/backups/gitea_backup.sh
+++ b/scripts/backups/gitea_backup.sh
@@ -53,7 +53,7 @@ if [ "$#" == "0" ]; then
    # We don't need to use docker, since these directories
    # are both bind-mounted into the Docker container
    echo "Backing up custom directory"
-    tar czf ${CUSTOM_TARGET} ${POD_CHARLESREID1_DIR}/d-gitea/custom
+    tar --exclude='gitea.log' --ignore-failed-read -czf ${CUSTOM_TARGET} ${POD_CHARLESREID1_DIR}/d-gitea/custom
    echo "Backing up data directory"
    tar czf ${DATA_TARGET} ${POD_CHARLESREID1_DIR}/d-gitea/data

--- a/scripts/backups/pod-charlesreid1-backups-aws.service.j2
+++ b/scripts/backups/pod-charlesreid1-backups-aws.service.j2
@@ -5,10 +5,10 @@ After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-aws.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-aws.service.output.log
-ExecStartPre=/usr/bin/test -f {{ pod_install_dir }}/environment
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/backups/aws_backup.sh'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-backups-aws
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; {{ pod_charlesreid1_pod_install_dir }}/scripts/backups/aws_backup.sh'
 User=charles
 Group=charles
-
--- a/scripts/backups/pod-charlesreid1-backups-aws.timer.j2
+++ b/scripts/backups/pod-charlesreid1-backups-aws.timer.j2
@@ -3,6 +3,7 @@ Description=Timer to copy the lastest pod-charlesreid1 backup to an S3 bucket

 [Timer]
 OnCalendar=Sun *-*-* 2:56:00
+#OnCalendar=*-*-* 2:56:00

 [Install]
 WantedBy=timers.target
--- a/scripts/backups/pod-charlesreid1-backups-cleanolderthan.service.j2
+++ b/scripts/backups/pod-charlesreid1-backups-cleanolderthan.service.j2
@@ -1,12 +1,14 @@
 [Unit]
-Description=Copy the latest pod-charlesreid1 backup to an S3 bucket
+Description=Clean pod-charlesreid1 backups older than N days
 Requires=docker.service
 After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-cleanolderthan.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-cleanolderthan.service.output.log
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/backups/clean_olderthan.sh'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-backups-cleanolderthan
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; {{ pod_charlesreid1_pod_install_dir }}/scripts/backups/clean_olderthan.sh'
 User=charles
 Group=charles
--- a/scripts/backups/pod-charlesreid1-backups-cleanolderthan.timer.j2
+++ b/scripts/backups/pod-charlesreid1-backups-cleanolderthan.timer.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Timer to clean files older than N days from the pod-charlesreid1 backups dir
+
+[Timer]
+OnCalendar=Sun *-*-* 2:28:00
+#OnCalendar=*-*-* 2:28:00
+
+[Install]
+WantedBy=timers.target
--- a/scripts/backups/pod-charlesreid1-backups-gitea.service.j2
+++ b/scripts/backups/pod-charlesreid1-backups-gitea.service.j2
@@ -5,10 +5,10 @@ After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-gitea.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-gitea.service.output.log
-ExecStartPre=/usr/bin/test -f {{ pod_install_dir }}/environment
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/backups/gitea_backup.sh'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-backups-gitea
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; {{ pod_charlesreid1_pod_install_dir }}/scripts/backups/gitea_backup.sh'
 User=charles
 Group=charles
-
--- a/scripts/backups/pod-charlesreid1-backups-gitea.timer.j2
+++ b/scripts/backups/pod-charlesreid1-backups-gitea.timer.j2
@@ -3,6 +3,7 @@ Description=Timer to back up pod-charlesreid1 gitea files

 [Timer]
 OnCalendar=Sun *-*-* 2:12:00
+#OnCalendar=*-*-* 2:12:00

 [Install]
 WantedBy=timers.target
--- a/scripts/backups/pod-charlesreid1-backups-wikidb.service.j2
+++ b/scripts/backups/pod-charlesreid1-backups-wikidb.service.j2
@@ -5,10 +5,10 @@ After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-wikidb.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-wikidb.service.output.log
-ExecStartPre=/usr/bin/test -f {{ pod_install_dir }}/environment
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/backups/wikidb_dump.sh'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-backups-wikidb
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; {{ pod_charlesreid1_pod_install_dir }}/scripts/backups/wikidb_dump.sh'
 User=charles
 Group=charles
-
--- a/scripts/backups/pod-charlesreid1-backups-wikifiles.service.j2
+++ b/scripts/backups/pod-charlesreid1-backups-wikifiles.service.j2
@@ -1,13 +1,14 @@
 [Unit]
-Description=Back up the pod-charlesreid1 wiki files
+Description=Back up pod-charlesreid1 wiki files
 Requires=docker.service
 After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-wikifiles.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-backups-wikifiles.service.output.log
-ExecStartPre=/usr/bin/test -f {{ pod_install_dir }}/environment
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/backups/wikifiles_dump.sh'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-backups-wikifiles
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; {{ pod_charlesreid1_pod_install_dir }}/scripts/backups/wikifiles_dump.sh'
 User=charles
 Group=charles
--- a/scripts/backups/pod-charlesreid1-backups-wikifiles.timer.j2
+++ b/scripts/backups/pod-charlesreid1-backups-wikifiles.timer.j2
@@ -1,5 +1,5 @@
 [Unit]
-Description=Timer to back up the pod-charlesreid1 wiki files
+Description=Timer to back up pod-charlesreid1 wiki files

 [Timer]
 OnCalendar=Sun *-*-* 2:08:00
--- a/scripts/backups/wikidb_dump.sh
+++ b/scripts/backups/wikidb_dump.sh
@@ -5,7 +5,8 @@
 set -eux

 CONTAINER_NAME="stormy_mysql"
-STAMP="`date +"%Y%m%d"`"
+DATESTAMP="`date +"%Y%m%d"`"
+TIMESTAMP="`date +"%Y%m%d_%H%M%S"`"

 function usage {
    set +x
@@ -20,7 +21,7 @@ function usage {
    echo "Example:"
    echo ""
    echo "       ./wikidb_dump.sh"
-    echo "       (creates ${POD_CHARLESREID1_BACKUP_DIR}/20200101/wikidb_20200101.sql)"
+    echo "       (creates ${POD_CHARLESREID1_BACKUP_DIR}/YYYYMMDD/wikidb_YYYYMMDD_HHMMSS.sql)"
    echo ""
    exit 1;
 }
@@ -36,25 +37,33 @@ fi

 if [ "$#" == "0" ]; then

-    TARGET="wikidb_${STAMP}.sql"
-    BACKUP_TARGET="${POD_CHARLESREID1_BACKUP_DIR}/${STAMP}/${TARGET}"
+    TARGET="wikidb_${TIMESTAMP}.sql"
+    BACKUP_DIR="${POD_CHARLESREID1_BACKUP_DIR}/${DATESTAMP}"
+    BACKUP_TARGET="${BACKUP_DIR}/${TARGET}"

    echo ""
    echo "pod-charlesreid1: wikidb_dump.sh"
    echo "--------------------------------"
    echo ""
-    echo "Backup directory: ${POD_CHARLESREID1_BACKUP_DIR}"
+    echo "Backup directory: ${BACKUP_DIR}"
    echo "Backup target: ${BACKUP_TARGET}"
    echo ""

-    mkdir -p ${POD_CHARLESREID1_BACKUP_DIR}/${STAMP}
+    mkdir -p ${BACKUP_DIR}

    DOCKER=$(which docker)
    DOCKERX="${DOCKER} exec -t"

    echo "Running mysqldump inside the mysql container"
-    ${DOCKERX} ${CONTAINER_NAME} sh -c 'exec mysqldump wikidb --databases -uroot -p"$MYSQL_ROOT_PASSWORD"' 2>&1 | grep -v "Using a password" > ${BACKUP_TARGET}

+    # this works, except the first line is a stupid warning about passwords
+    ${DOCKERX} ${CONTAINER_NAME} sh -c 'exec mysqldump wikidb --databases -uroot -p"$MYSQL_ROOT_PASSWORD" --default-character-set=binary' > ${BACKUP_TARGET}
+
+    # trim stupid first line warning
+    tail -n +2 ${BACKUP_TARGET} > ${BACKUP_TARGET}.tmp
+    mv ${BACKUP_TARGET}.tmp ${BACKUP_TARGET}
+
+    echo "Successfully wrote SQL dump to file: ${BACKUP_TARGET}"
    echo "Done."

 else
--- a/scripts/backups/wikifiles_dump.sh
+++ b/scripts/backups/wikifiles_dump.sh
@@ -5,7 +5,8 @@
 set -eux

 CONTAINER_NAME="stormy_mw"
-STAMP="`date +"%Y%m%d"`"
+DATESTAMP="`date +"%Y%m%d"`"
+TIMESTAMP="`date +"%Y%m%d_%H%M%S"`"

 function usage {
    set +x
@@ -20,7 +21,7 @@ function usage {
    echo "Example:"
    echo ""
    echo "       ./wikifiles_dump.sh"
-    echo "       (creates ${POD_CHARLESREID1_BACKUP_DIR}/20200101/wikifiles_20200101.tar.gz)"
+    echo "       (creates ${POD_CHARLESREID1_BACKUP_DIR}/YYYYMMDD/wikifiles_YYYYMMDD_HHMMSS.tar.gz)"
    echo ""
    exit 1;
 }
@@ -36,18 +37,19 @@ fi

 if [ "$#" == "0" ]; then

-    TARGET="wikifiles_${STAMP}.tar.gz"
-    BACKUP_TARGET="${POD_CHARLESREID1_BACKUP_DIR}/${STAMP}/${TARGET}"
+    TARGET="wikifiles_${TIMESTAMP}.tar.gz"
+    BACKUP_DIR="${POD_CHARLESREID1_BACKUP_DIR}/${DATESTAMP}"
+    BACKUP_TARGET="${BACKUP_DIR}/${TARGET}"

    echo ""
    echo "pod-charlesreid1: wikifiles_dump.sh"
    echo "-----------------------------------"
    echo ""
-    echo "Backup directory: ${POD_CHARLESREID1_BACKUP_DIR}"
+    echo "Backup directory: ${BACKUP_DIR}"
    echo "Backup target: ${BACKUP_TARGET}"
    echo ""

-    mkdir -p ${POD_CHARLESREID1_BACKUP_DIR}/${STAMP}
+    mkdir -p ${BACKUP_DIR}

    DOCKER=$(which docker)
    DOCKERX="${DOCKER} exec -t"
@@ -62,6 +64,7 @@ if [ "$#" == "0" ]; then
    echo "Step 3: Clean up tar.gz file"
    ${DOCKERX} ${CONTAINER_NAME} /bin/rm -f /tmp/${TARGET}

+    echo "Successfully wrote wikifiles dump to file: ${BACKUP_TARGET}"
    echo "Done."

 else
--- a/scripts/backups/wikifiles_restore.sh
+++ b/scripts/backups/wikifiles_restore.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Restore wiki files from a tar file
+# into the stormy_mw container.
+set -eu
+
+function usage {
+    echo ""
+    echo "restore_wikifiles.sh script:"
+    echo "Restore wiki files from a tar file"
+    echo "into the stormy_mw container"
+    echo ""
+    echo "       ./restore_wikifiles.sh <tar-file>"
+    echo ""
+    echo "Example:"
+    echo ""
+    echo "       ./restore_wikifiles.sh /path/to/wikifiles.tar.gz"
+    echo ""
+    echo ""
+    exit 1;
+}
+
+# NOTE:
+# I assume images/ is the only directory to back up/restore.
+# If there are more I forgot, add them back in here.
+# (skins and extensions are static, added into image at build time.)
+
+if [[ "$#" -eq 1 ]];
+then
+
+    NAME="stormy_mw"
+    TAR=$(basename "$1")
+
+    echo "Checking that container ${NAME} exists"
+    docker ps --format '{{.Names}}' | grep ${NAME} || exit 1;
+
+    echo "Copying dir $1 into container ${NAME}"
+    set -x
+    docker cp $1 ${NAME}:/tmp/${TAR}
+    docker exec -it ${NAME} rm -rf /var/www/html/images.old
+    docker exec -it ${NAME} mv /var/www/html/images /var/www/html/images.old
+    docker exec -it ${NAME} tar -xf /tmp/${TAR} -C / && rm -f /tmp/${TAR}
+    docker exec -it ${NAME} chown -R www-data:www-data /var/www/html/images
+
+else
+    usage
+fi
--- a/scripts/certbot/pod-charlesreid1-certbot.service.j2
+++ b/scripts/certbot/pod-charlesreid1-certbot.service.j2
@@ -5,6 +5,8 @@ After=docker.service

 [Service]
 Type=oneshot
-StandardError=file:{{ pod_install_dir }}/.pod-charlesreid1-certbot.service.error.log
-StandardOutput=file:{{ pod_install_dir }}/.pod-charlesreid1-certbot.service.output.log
-ExecStart=/bin/bash -ac '. {{ pod_install_dir }}/environment; {{ pod_install_dir }}/scripts/certbot/renew_charlesreid1_certs.sh'
+StandardError=syslog
+StandardOutput=syslog
+SyslogIdentifier=pod-charlesreid1-certbot
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/environment
+ExecStart=/bin/bash -ac '. {{ pod_charlesreid1_pod_install_dir }}/environment; {{ pod_charlesreid1_pod_install_dir }}/scripts/certbot/renew_charlesreid1_certs.sh'
--- a/scripts/certbot/renew_charlesreid1_certs.sh.j2
+++ b/scripts/certbot/renew_charlesreid1_certs.sh.j2
@@ -34,7 +34,7 @@ if [ "$#" == "0" ]; then
    sudo systemctl stop ${SERVICE}
    
    echo "Stop pod"
-    docker-compose -f {{ pod_install_dir }}/docker-compose.yml down
+    docker-compose -f {{ pod_charlesreid1_pod_install_dir }}/docker-compose.yml down
    
    echo "Run certbot renew"
    SUBS="git www"
@@ -63,7 +63,7 @@ if [ "$#" == "0" ]; then
    done
    
    echo "Start pod"
-    docker-compose -f {{ pod_install_dir }}/docker-compose.yml up -d
+    docker-compose -f {{ pod_charlesreid1_pod_install_dir }}/docker-compose.yml up -d
    
    echo "Enable and start system service ${SERVICE}"
    sudo systemctl enable ${SERVICE}
--- a/scripts/clean_templates.py
+++ b/scripts/clean_templates.py
@@ -13,7 +13,9 @@ def clean():
        rname = tname[:-3]
        rpath = os.path.join(tdir, rname)

-        if os.path.exists(rpath):
+        ignore_list = ['environment']
+
+        if os.path.exists(rpath) and rname not in ignore_list:
            print(f"Removing file {rpath}")
            os.remove(rpath)
        else:
--- a/scripts/git_clone_www.py.j2
+++ b/scripts/git_clone_www.py.j2
@@ -11,8 +11,8 @@ directory structure for charlesreid1.com
 content. (Or, charlesreid1.XYZ, whatever.)
 """

-SERVER_NAME_DEFAULT = '{{ server_name_default }}'
-USERNAME = '{{ username }}'
+SERVER_NAME_DEFAULT = '{{ pod_charlesreid1_server_name }}'
+USERNAME = '{{ pod_charlesreid1_username }}'



--- a/scripts/git_pull_www.py.j2
+++ b/scripts/git_pull_www.py.j2
@@ -10,8 +10,8 @@ This script git pulls the /www directory
 for updating charlesreid1.com content.
 """

-SERVER_NAME_DEFAULT = '{{ server_name_default }}'
-USERNAME = '{{ username }}'
+SERVER_NAME_DEFAULT = '{{ pod_charlesreid1_server_name }}'
+USERNAME = '{{ pod_charlesreid1_username }}'



--- a/scripts/mw/build_extensions_dir.sh
+++ b/scripts/mw/build_extensions_dir.sh
@@ -80,19 +80,5 @@ fi

 ##############################

-Extension="Fail2banlog"
-if [ ! -d ${Extension} ]
-then
-    git clone https://github.com/charlesreid1-docker/mw-fail2ban.git ${Extension}
-    (
-    cd ${Extension}
-    git checkout master
-    )
-else
-    echo "Skipping ${Extension}"
-fi
-
-##############################
-
 # fin
 )
--- a/scripts/mw/fix_LocalSettings.sh
+++ b/scripts/mw/fix_LocalSettings.sh
@@ -1,13 +1,6 @@
 #!/bin/bash
 # 
 # fix LocalSettings.php in the mediawiki container.
-# 
-# docker is stupid, so it doesn't let you bind mount
-# a single file into a docker volume.
-# 
-# so, rather than rebuilding the entire goddamn container
-# just to update LocalSettings.php when it changes, we just
-# use a docker cp command to copy it into the container.
 set -eux

 NAME="stormy_mw"
--- a/scripts/mw/fix_extensions_dir.sh
+++ b/scripts/mw/fix_extensions_dir.sh
@@ -1,12 +1,6 @@
 #!/bin/bash
 # 
 # fix extensions dir in the mediawiki container
-#
-# in theory, we should be able to update the
-# extensions folder in d-mediawiki/charlesreid1-config,
-# but in reality this falls on its face.
-# So, we have to fix the fucking extensions directory
-# ourselves.
 set -eux

 NAME="stormy_mw"
--- a/scripts/mw/fix_skins.sh
+++ b/scripts/mw/fix_skins.sh
@@ -1,13 +1,6 @@
 #!/bin/bash
 # 
 # fix skins in the mediawiki container.
-# 
-# docker is stupid, so it doesn't let you bind mount
-# a single file into a docker volume.
-#
-# so, rather than rebuilding the entire goddamn container
-# just to update the skin when it changes, we just
-# use a docker cp command to copy it into the container.
 set -eux

 NAME="stormy_mw"
--- a/scripts/mw/restore_wikifiles.sh
+++ b/scripts/mw/restore_wikifiles.sh
@@ -2,7 +2,7 @@
 #
 # Restore wiki files from a tar file
 # into the stormy_mw container.
-set -eux
+set -eu

 function usage {
    echo ""
@@ -31,16 +31,16 @@ then
    NAME="stormy_mw"
    TAR=$(basename "$1")

-	echo "Checking that container exists"
+	echo "Checking that container ${NAME} exists"
 	docker ps --format '{{.Names}}' | grep ${NAME} || exit 1;

-	echo "Copying $1 into container ${NAME}"
+	echo "Copying dir $1 into container ${NAME}"
    set -x
    docker cp $1 ${NAME}:/tmp/${TAR}
+    docker exec -it ${NAME} rm -rf /var/www/html/images.old
    docker exec -it ${NAME} mv /var/www/html/images /var/www/html/images.old
    docker exec -it ${NAME} tar -xf /tmp/${TAR} -C / && rm -f /tmp/${TAR}
    docker exec -it ${NAME} chown -R www-data:www-data /var/www/html/images
-    set +x

 else
    usage
--- a/scripts/mysql/dump_database.sh
+++ b/scripts/mysql/dump_database.sh
@@ -1,35 +1,36 @@
 #!/bin/bash
+echo "this script is deprecated, see ../backups/wikidb_dump.sh"
+##
+## Dump a database to an .sql file
+## from the stormy_mysql container.
+#set -eu
 #
-# Dump a database to an .sql file
-# from the stormy_mysql container.
-set -x
-
-function usage {
-    echo ""
-    echo "dump_database.sh script:"
-    echo "Dump a database to an .sql file "
-    echo "from the stormy_mysql container."
-    echo ""
-    echo "       ./dump_database.sh <sql-dump-file>"
-    echo ""
-    echo "Example:"
-    echo ""
-    echo "       ./dump_database.sh /path/to/wikidb_dump.sql"
-    echo ""
-    echo ""
-    exit 1;
-}
-
-CONTAINER_NAME="stormy_mysql"
-
-if [[ "$#" -gt 0 ]];
-then
-
-    TARGET="$1"
-    mkdir -p $(dirname $TARGET)
-    docker exec -i ${CONTAINER_NAME} sh -c 'exec mysqldump wikidb --databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > $TARGET
-
-else
-    usage
-fi
-
+#function usage {
+#    echo ""
+#    echo "dump_database.sh script:"
+#    echo "Dump a database to an .sql file "
+#    echo "from the stormy_mysql container."
+#    echo ""
+#    echo "       ./dump_database.sh <sql-dump-file>"
+#    echo ""
+#    echo "Example:"
+#    echo ""
+#    echo "       ./dump_database.sh /path/to/wikidb_dump.sql"
+#    echo ""
+#    echo ""
+#    exit 1;
+#}
+#
+#CONTAINER_NAME="stormy_mysql"
+#
+#if [[ "$#" -gt 0 ]];
+#then
+#
+#    TARGET="$1"
+#    mkdir -p $(dirname $TARGET)
+#	set -x
+#    docker exec -i ${CONTAINER_NAME} sh -c 'exec mysqldump wikidb --databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > $TARGET
+#
+#else
+#    usage
+#fi
--- a/scripts/mysql/restore_database.sh
+++ b/scripts/mysql/restore_database.sh
@@ -6,6 +6,7 @@
 # Note that this expects the .sql dump
 # to create its own databases.
 # Use the --databases flag with mysqldump.
+set -eu

 function usage {
    echo ""
@@ -42,31 +43,23 @@ function usage {
 # because of all these one-off 
 # "whoopsie we don't do that" problems.

+if [[ "$#" -eq 1 ]];
+then
+
 	CONTAINER_NAME="stormy_mysql"
 	TARGET=$(basename $1)
 	TARGET_DIR=$(dirname $1)

-
-if [[ "$#" -eq 1 ]];
-then
-
-    # Step 1: Copy the sql dump into the container
    set -x
+    # Step 1: Copy the sql dump into the container
    docker cp $1 ${CONTAINER_NAME}:/tmp/${TARGET}
-    set +x

    # Step 2: Run sqldump inside the container
-    set -x
    docker exec -i ${CONTAINER_NAME} sh -c "/usr/bin/mysql --defaults-file=/root/.mysql.rootpw.cnf < /tmp/${TARGET}"
-    set +x

    # Step 3: Clean up sql dump from inside container
-    set -x
-    docker exec -i ${CONTAINER_NAME} sh -c "/bin/rm -fr /tmp/${TARGET}.sql"
-    set +x
+    docker exec -i ${CONTAINER_NAME} sh -c "/bin/rm -fr /tmp/${TARGET}"

-
-    set +x
 else
    usage
 fi
--- a/scripts/pod-charlesreid1.service.j2
+++ b/scripts/pod-charlesreid1.service.j2
@@ -7,9 +7,9 @@ After=docker.service
 Restart=always
 StandardError=null
 StandardOutput=null
-ExecStartPre=/usr/bin/test -f {{ pod_install_dir }}/docker-compose.yml
-ExecStart=/usr/local/bin/docker-compose -f {{ pod_install_dir }}/docker-compose.yml up
-ExecStop=/usr/local/bin/docker-compose  -f {{ pod_install_dir }}/docker-compose.yml stop
+ExecStartPre=/usr/bin/test -f {{ pod_charlesreid1_pod_install_dir }}/docker-compose.yml
+ExecStart=/usr/local/bin/docker-compose -f {{ pod_charlesreid1_pod_install_dir }}/docker-compose.yml up
+ExecStop=/usr/local/bin/docker-compose  -f {{ pod_charlesreid1_pod_install_dir }}/docker-compose.yml stop

 [Install]
 WantedBy=default.target
Author	SHA1	Message	Date
Charles Reid	3aba9729e6	add Troubleshooting.md	2025-06-14 03:48:49 -07:00
Charles Reid	eb840384d1	update gitea theme name in app.ini.j2	2025-06-14 03:47:59 -07:00
Charles Reid	5bf613cd56	ban more jerks	2025-05-24 19:36:17 -07:00
Charles Reid	ccfed3f3fc	update mw skin	2025-05-24 19:36:17 -07:00
Charles Reid	194e619537	3 weeks for backups	2025-03-09 10:39:23 -07:00
Charles Reid	a0f9548fcf	ban more jerks	2025-03-07 16:13:15 -08:00
Charles Reid	418315150a	ban more jerks	2025-03-07 15:55:14 -08:00
Charles Reid	ebb304d374	ban more jerks	2025-03-07 15:43:51 -08:00
Charles Reid	8580c2c1f0	ban jerks	2025-03-06 12:24:43 -08:00
Charles Reid	a3f460113a	add instructions for blocking IP addresses	2024-11-16 19:17:46 -08:00
Charles Reid	e94f911d99	add "ban jerks" section to nginx config	2024-11-16 19:17:31 -08:00
Charles Reid	f7446c5a2d	chmod the logs	2023-10-22 08:27:17 -07:00
Charles Reid	6d1fa940a7	add wikifiles restore script	2023-10-15 13:06:49 -07:00
Charles Reid	cfac7c69dc	fix env var problem	2023-10-15 13:06:48 -07:00
Charles Reid	3287d57554	fix script comment	2023-10-15 13:06:48 -07:00
Charles Reid	d347024939	update gitea app.ini jinja template	2023-10-02 07:34:19 -07:00
Charles Reid	8e4f86c8c6	smol makefile fix	2023-08-22 04:33:15 -07:00
Charles Reid	5b855a575a	make adjustments to bring all pod backup scripts in sync	2022-07-16 13:19:39 -07:00
Charles Reid	4248f86c64	fixup restore db script	2022-07-15 17:52:58 -07:00
Charles Reid	f36011d4cc	fixup restore wikifiles	2022-07-15 17:49:59 -07:00
Charles Reid	4953dfb8f3	remove tree subdomain	2022-06-05 21:05:20 -07:00
Charles Reid	d003935769	update php.ini upload size to match localsettings.php	2022-03-23 20:05:47 -07:00
Charles Reid	58e795bd98	fix backup canary script	2022-03-17 15:20:02 -07:00
Charles Reid	0709e883ea	8am	2022-03-17 14:37:04 -07:00
Charles Reid	8965515215	run backups canary every day	2022-03-17 14:36:00 -07:00
Charles Reid	69523ba027	remove tree	2022-03-17 14:18:04 -07:00
Charles Reid	2a4ed33024	add tree htpasswd to docker-compose	2022-03-09 20:32:57 -08:00
Charles Reid	f880c44b79	add .tree.htpasswd to tree subdomain for auth protection	2022-03-09 20:18:26 -08:00
Charles Reid	5cac0fa869	fix cert for tree subdomain	2022-03-09 09:01:14 -08:00
Charles Reid	303ebf8ea3	add tree subdomain to renew cert script	2022-03-09 08:36:49 -08:00
Charles Reid	4d638c456e	bind-mount /www tree subdomain htdocs	2022-03-08 09:09:11 -08:00
Charles Reid	72fc465d1d	add tree subdomain to nginx config	2022-03-08 09:08:52 -08:00
Charles Reid	2f579f4cfa	restore	2022-03-08 09:02:06 -08:00
Charles Reid	1bc4bb4902	add mw to skin footer	2022-03-06 18:49:12 -08:00
Charles Reid	d91b7dc735	flush wikifiles and wikidb	2022-02-20 19:13:45 -08:00
Charles Reid	acb2f57176	jerks	2022-02-20 19:13:45 -08:00
Charles Reid	3482004df0	add php.ini	2022-02-07 18:18:54 -08:00
Charles Reid	4ed1b479ef	JERKS	2022-02-07 16:08:44 -08:00
Charles Reid	5a931c2e38	another jerk	2022-02-07 15:49:43 -08:00
Charles Reid	17da345041	more jerks	2022-02-07 15:47:19 -08:00
Charles Reid	5e9be9e6c8	fix one more robots.txt	2022-02-07 15:20:27 -08:00
Charles Reid	0148fe3e55	fix bind-mounting robots.txt	2022-02-07 15:07:46 -08:00
Charles Reid	a144d6070b	fix parsing of du command	2022-02-06 17:36:38 -08:00
Charles Reid	989036ac21	add certbot to rsyslog filters	2022-02-06 17:36:38 -08:00
Charles Reid	523ed50647	tell tar to stop crying about the log file and just skip it	2022-01-23 12:12:48 -08:00
Charles Reid	03f81f4a25	more horrible hard-coded python binary	2022-01-18 22:02:34 -08:00
Charles Reid	002ad20d7d	stupid stupid stupid hard-coded shim path	2022-01-18 21:57:14 -08:00
Charles Reid	2cb6a39990	restore weekly schedule	2022-01-18 21:48:58 -08:00
Charles Reid	920ff3839e	update gitea robots	2022-01-16 13:37:47 -08:00
Charles Reid	d3dae75d38	add robots.txt to charlesreid1.com and git.charlesreid1.com	2022-01-16 13:27:27 -08:00
Charles Reid	4004ba6ccb	add robots dir	2022-01-16 13:27:15 -08:00
Charles Reid	cf982ee2c6	add robots.txt to docker-compose template	2022-01-16 13:26:52 -08:00
Charles Reid	efd9487953	add cut cmd to du cmd in aws backup script	2022-01-16 13:26:37 -08:00
Charles Reid	b2552b6345	fix gitea backup script	2022-01-16 12:28:06 -08:00
Charles Reid	1a8f699ab4	UGH more endless fixes	2022-01-16 12:07:09 -08:00
Charles Reid	5e3ab1768c	add boto/botocore checks, rearrange service installation steps	2022-01-16 11:53:43 -08:00
Charles Reid	291ff2d28a	restore daily runs	2022-01-16 11:53:11 -08:00
Charles Reid	229975883c	restore once a week schedule	2022-01-15 09:20:26 -08:00
Charles Reid	af7ef822f0	remove commented lines	2022-01-15 09:18:28 -08:00
Charles Reid	cc3688a982	add botocore/boto3 check for canary	2022-01-15 08:51:16 -08:00
Charles Reid	e080cda745	add missing directive to rsyslog conf file	2022-01-15 08:05:34 -08:00
Charles Reid	45c0f1390f	update certbot renewal service	2022-01-14 13:24:51 -08:00
Charles Reid	dacef1ac09	fix rsyslog config file	2022-01-14 13:22:52 -08:00
Charles Reid	03a8456a2a	fix execstartpre for canary service	2022-01-12 14:19:14 -08:00
Charles Reid	d1d749d8e4	update makefile and add rsyslog config file	2022-01-12 14:06:56 -08:00
Charles Reid	74adabc43a	update log strategy - all services log to syslog, rely on user to filter system log	2022-01-12 13:55:37 -08:00
Charles Reid	3566305577	add rsyslog filtering option	2022-01-12 13:53:36 -08:00
Charles Reid	7442b2ee87	completely remove StandardOutput: from all serivces	2022-01-10 11:17:07 -08:00
Charles Reid	9aa49166a6	remove StandardOutput from service files https://github.com/systemd/systemd/pull/10944	2022-01-10 10:38:02 -08:00
Charles Reid	f06ac24ecb	fix file: to append:	2022-01-10 01:36:18 -08:00
Charles Reid	b796cc9756	bump backup services schedule to daily	2022-01-09 11:52:24 -08:00
Charles Reid	25063ed251	pin mediawiki version to 1.34 in mw Dockerfile	2021-12-30 16:40:02 -08:00
Charles Reid	72a47d71f2	more fail2ban cleanup	2021-12-30 16:31:31 -08:00
Charles Reid	dba09976fb	remove non-functional fail2banlog ext	2021-12-30 16:30:03 -08:00
Charles Reid	7a3c76b9f9	remove unused script (use one in scripts/ instead)	2021-12-30 15:56:30 -08:00
Charles Reid	18fd6038df	fix clean-templates file	2021-12-30 15:56:30 -08:00
Charles Reid	18814b6a1d	fix pod install dir variable name	2021-12-30 15:43:08 -08:00
Charles Reid	fc35d94b3c	fix typos in apply templates script	2021-12-30 14:46:39 -08:00
Charles Reid	3604bc1378	ignore environment when cleaning rendered templates	2021-12-30 14:44:14 -08:00
Charles Reid	f0f65db9e3	make mkdocs-material submodule url https instad of git so it works without ssh key preconfigured	2021-12-30 14:37:15 -08:00
Charles Reid	e5686d4d9a	Merge branch 'feature/environment-template' * feature/environment-template: massive rename of all ansible variables prep apply templates script for ansible variable rename fix missing var name in environment.j2	2021-12-30 12:00:06 -08:00
Charles Reid	30c4a24b8d	massive rename of all ansible variables	2021-12-30 11:59:45 -08:00
Charles Reid	904122db17	prep apply templates script for ansible variable rename	2021-12-30 11:59:43 -08:00
Charles Reid	8760edf0c3	fix missing var name in environment.j2	2021-12-30 11:56:53 -08:00
Charles Reid	b4650771bc	add environment template	2021-12-30 11:41:26 -08:00
Charles Reid	b8182774a4	add --ignore-failed-read flag to gitea tar command	2021-12-26 19:26:48 -08:00
Charles Reid	bb3b6c027a	update certbot service to send logs to /var/log	2021-12-24 15:41:49 -08:00
Charles Reid	1d18b5e71c	send backup canary logs to /var/log	2021-12-24 15:41:22 -08:00
Charles Reid	858cb6c3c8	send backup service logs to /var/log	2021-12-24 15:41:04 -08:00
Charles Reid	0a5f9f99ac	fix service description	2021-12-24 15:39:32 -08:00
Charles Reid	2ac521e1c9	fix env var name in clean olderthan script	2021-12-19 10:48:58 -08:00
Charles Reid	ffc4f1d0c0	add --no-progress flag to aws bacup script	2021-12-19 10:48:40 -08:00
Charles Reid	7246b0845c	cover cleanolderthan service with makefile install/uninstall rules	2021-12-12 11:29:02 -08:00
Charles Reid	67acb4a32b	Merge branch 'clean-backups' * clean-backups: add systemd timer for clean backups service	2021-12-12 11:25:10 -08:00
Charles Reid	15d4bcecc7	add systemd timer for clean backups service	2021-12-12 11:24:56 -08:00
Charles Reid	9c92f3fd75	Merge branch 'service-updates' * service-updates: add service to clean files older than N days add ExecStartPre to existing backup services clean older than 45 days	2021-12-12 11:16:38 -08:00