today

README.md

@@ -7,6 +7,8 @@ Check shell scripts: http://www.shellcheck.net/
 
 Code styling: https://google.github.io/styleguide/shell.xml
 
+Bashism: https://wiki.ubuntu.com/DashAsBinSh
+
 ### /backup
 
 Tools related to archiving.

debian-setup-auto.sh

@@ -62,7 +62,7 @@ for DEP in $(aptitude --disable-columns search \
  '?and(?installed, ?not(?automatic), ?not(?essential), ?not(?priority(required)), ?not(?priority(important)), ?not(?priority(standard)))' -F"%p"); do
     REGEXP="$(sed -e 's;\([^a-z0-9]\);[\1];g' <<< "$DEP")"
     if aptitude why "$DEP" 2>&1 | grep -Eq "^i.. \S+\s+(Pre)?Depends( | .* )${REGEXP}( |$)"; then
-        apt-mark auto "$DEP" || echo "[ERROR] Marking failed." 1>&2
+        apt-mark auto "$DEP" || echo "[ERROR] Marking package ${DEP} failed." 1>&2
     fi
 done
 
@@ -106,15 +106,16 @@ apt-get dist-upgrade -qq -y
 # Check for extra packages
 
 {
-    aptitude --disable-columns search '?garbage' -F"%p"
-    aptitude --disable-columns search '?broken' -F"%p"
-    aptitude --disable-columns search '?obsolete' -F"%p"
+    aptitude --disable-columns search '?garbage' -F"%p" | sed 's/$/ # garbage/'
+    aptitude --disable-columns search '?broken' -F"%p" | sed 's/$/ # broken/'
+    aptitude --disable-columns search '?obsolete' -F"%p" | sed 's/$/ # obsolete/'
     aptitude --disable-columns search \
-     '?and(?installed, ?or(?version(~~squeeze), ?version(\+deb6), ?version(python2\.6), ?version(~~wheezy), ?version(\+deb7)))' -F"%p"
-    aptitude --disable-columns search '?and(?installed, ?not(?origin(Debian)))' -F"%p"
+     '?and(?installed, ?or(?version(~~squeeze), ?version(\+deb6), ?version(python2\.6), ?version(~~wheezy), ?version(\+deb7)))' -F"%p" \
+     | sed 's/$/ # old/'
+    aptitude --disable-columns search '?and(?installed, ?not(?origin(Debian)))' -F"%p" | sed 's/$/ # non-Debian/'
     #aptitude --disable-columns search '?and(?installed, ?not(?origin(Ubuntu)))' -F"%p"
     # @TODO dpkg -l|grep "~[a-z]\+" -> whitelist + report only: cloud-init grub-common grub-pc grub-pc-bin grub2-common libgraphite2-3
-    # @TODO How to remove auto-intalled "-dev" packages? aptitude --disable-columns search '?and(?installed, ?name(-dev))' -F"%p"
+    # @TODO How to remove auto-intalled "-dev" packages? aptitude --disable-columns search '?and(?installed, ?name(-dev))' -F"%p" | sed 's/$/ # development/'
 } 2>&1 | tee extra.pkgs | grep -q "." && echo "Extra packages" 1>&2
 
 # Log cruft
@@ -175,7 +176,7 @@ lftp
 htop
 mc
 lynx
-# @TODO etckeeper
+# @TODO etckeeper dstat ?ethstatus
 
 cloud: https://docs.saltstack.com/en/latest/topics/cloud/index.html
 

debian-setup.sh

@@ -15,7 +15,7 @@
 #     Scripts should be able to install, update, remove: ?package management
 # - configure installed (essential) packages (prefer: debconf, add monit config)
 # - create metapackages (equivs) only_on_virt, only_on_physical(console-setup console-setup-linux kbd xkb-data)
-# - install services + configure (Linux daemons, ?etckeeper, mail delivery methods, fail2ban, nscd, /root/dist-mod) (add monit config)
+# - install services + configure (Linux daemons, ?etckeeper, ?needrestart, mail delivery methods, fail2ban, nscd, /root/dist-mod) (add monit config)
 # - (list of) custom shell scripts + cron jobs
 # - populate /root/server.yml for every installed component
 # - system-backup.sh (debconf, etc, /root, user data, service data)
@@ -589,6 +589,17 @@ sed -i "s/^#\s*\(EXTRA_OPTS='-L 5'\)/\1/" /etc/default/cron || echo "ERROR: cron
 service cron restart
 
 # Time synchronization
+cd ${D}; ./install.sh monitoring/ntp-alert.sh
+# Check clock source
+cat /sys/devices/system/clocksource/clocksource0/available_clocksource
+# KVM (no ntp)
+# https://s19n.net/articles/2011/kvm_clock.html
+dmesg | grep "kvm-clock"
+grep "kvm-clock" /sys/devices/system/clocksource/clocksource0/current_clocksource
+# VMware (no ntp)
+vmware-toolbox-cmd timesync enable
+vmware-toolbox-cmd timesync status
+# NTPdate
 cd ${D}; ./install.sh monitoring/ntpdated
 editor /etc/default/ntpdate
 # http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers
@@ -606,16 +617,14 @@ editor /etc/chrony/chrony.conf
 #     cmdport 0
 #     logchange 0.010
 #
+#     pool 0.de.pool.ntp.org offline iburst
 #     pool 0.cz.pool.ntp.org offline iburst
 #     pool 0.hu.pool.ntp.org offline iburst
 #     # OVH
 #     server ntp.ovh.net offline iburst
 #     # EZIT
 #     server ntp.ezit.hu offline iburst
 service chrony restart
-# VMware clock
-vmware-toolbox-cmd timesync enable
-vmware-toolbox-cmd timesync status
 
 # µnscd
 apt-get install -y unscd

mail/README.md

@@ -245,10 +245,10 @@ http://www.returnpath.com/solution-content/dmarc-support/what-is-dmarc/
 - :sunny: :sunny: Descriptive subject line
 - :sunny: Short preview line at top of the message
 - Link to online version (newsletter archive)
-- Short main header line
-- Subheader lines
-- :bulb: Sections: image + title + description + call2action  https://litmus.com/subscribe
+- Short main header
+- :bulb: Sections: image + title + description + call2action, see: https://litmus.com/subscribe
 - External resources should be able to load through HTTPS (opening in a HTTPS webmail)
+- :iphone: Mobile compatible
 
 #### Footer
 
@@ -262,7 +262,7 @@ http://www.returnpath.com/solution-content/dmarc-support/what-is-dmarc/
 - List-Unsubscribe: URL (invisible)
 - Precedence: bulk (invisible)
 - Return-Path: bounce@addre.ss (invisible)
-- Reply-to: reply@addre.ss (invisible)
+- Reply-to: reply@addre.ss (invisible) [How to video](https://youtu.be/mGSPj4CyOMQ?t=1m20s)
 - From: sender@domain.net
 - To: recipients@addre.ss
 - bounce X-Autoreply: yes

monitoring/cron-grandchild.sh

@@ -9,7 +9,7 @@
 # URL           :https://github.com/szepeviktor/debian-server-tools
 # BASH-VERSION  :4.2+
 # DEPENDS       :apt-get install libdate-manip-perl
-# DEPENDS       :cpan App:datagrep
+# DEPENDS       :cpan App:dategrep
 # LOCATION      :/usr/local/sbin/cron-grandchild.sh
 # CRON-HOURLY   :/usr/local/sbin/cron-grandchild.sh
 

monitoring/swap-refresh.sh

@@ -2,8 +2,8 @@
 #
 # Prevent increasing swap usage by turning swap off and on.
 #
-# VERSION       :0.4.0
-# DATE          :2015-10-11
+# VERSION       :0.5.0
+# DATE          :2016-03-10
 # AUTHOR        :Viktor Szépe <viktor@szepe.net>
 # LICENSE       :The MIT License (MIT)
 # URL           :https://github.com/szepeviktor/debian-server-tools
@@ -20,20 +20,22 @@ SELF="swap-refresh[$$]"
 #     SWAP_USED="$(( $(/sbin/swapon --noheadings --show=USED --bytes | head -n 1) / 1024 ))"
 SWAP_USED="$(sed -n '2s/^\(\S\+\s\+\)\{3\}\([0-9]\+\)\b.*$/\2/p' /proc/swaps)"
 MEM_FREE="$(/usr/bin/free -k | sed -n 's/^Mem:\(\s\+[0-9]\+\b\)\{2\}\s\+\([0-9]\+\)\b.*$/\2/p')"
+CACHES="$(/usr/bin/free -k | sed -n 's/^Mem:\(\s\+[0-9]\+\b\)\{5\}\s\+\([0-9]\+\)\b.*$/\2/p')"
+TOTAL_FREE="$((MEM_FREE + CACHES))"
 
 if [ "$SWAP_USED" -ge "$SWAP_MAX" ]; then
-    echo "Swap usage is over maximum! (${SWAP_USED} kB)" >&2
+    echo "Swap usage is over maximum! (${SWAP_USED} kB)" 1>&2
     exit 1
 fi
-if [ "$MEM_FREE" -le "$SWAP_USED" ]; then
-    echo "Not enough free memory! (${MEM_FREE} kB)" >&2
+if [ "$TOTAL_FREE" -le "$SWAP_USED" ]; then
+    echo "Not enough free memory! (${TOTAL_FREE} kB)" 1>&2
     exit 2
 fi
 
 logger -t "$SELF" "Swap OFF"
-/sbin/swapoff -a || echo "swapoff ERROR $?" >&2
+/sbin/swapoff -a || echo "swapoff ERROR $?" 1>&2
 
 logger -t "$SELF" "Reactivating swap"
-/sbin/swapon -a || echo "swapon ERROR $?" >&2
+/sbin/swapon -a || echo "swapon ERROR $?" 1>&2
 
 logger -t "$SELF" "Swap refresh done"

monitoring/syslog-errors-infrequent.sh

@@ -9,7 +9,7 @@
 # URL           :https://github.com/szepeviktor/debian-server-tools
 # BASH-VERSION  :4.2+
 # DEPENDS       :apt-get install libdate-manip-perl
-# DEPENDS       :cpan App:datagrep
+# DEPENDS       :cpan App:dategrep
 # LOCATION      :/usr/local/sbin/syslog-errors-infrequent.sh
 # CRON.D        :17 */3	* * *	root	/usr/local/sbin/syslog-errors-infrequent.sh
 

monitoring/syslog-errors.sh

@@ -9,7 +9,7 @@
 # URL           :https://github.com/szepeviktor/debian-server-tools
 # BASH-VERSION  :4.2+
 # DEPENDS       :apt-get install libdate-manip-perl
-# DEPENDS       :cpan App:datagrep
+# DEPENDS       :cpan App:dategrep
 # LOCATION      :/usr/local/sbin/syslog-errors.sh
 # CRON-HOURLY   :/usr/local/sbin/syslog-errors.sh
 

package/apt-sources/debian-archive.list

@@ -0,0 +1,3 @@
+# Debian 6 squeeze
+deb http://archive.debian.org/debian squeeze main contrib non-free
+#M: http://archive.debian.org/README

webserver/Production-website.md

@@ -39,9 +39,9 @@
 
 ### Install plugins
 
-`wp --allow-root plugin install --activate classic-smilies`
+`wp plugin install --activate classic-smilies`
 
-`wp --allow-root plugin install --activate wordpress-seo w3-total-cache contact-form-7`
+`wp plugin install --activate wordpress-seo w3-total-cache contact-form-7`
 
 Disable comments? `mu-disable-comments`
 
@@ -71,9 +71,9 @@ Custom maintenance page
 
 ### Set up mail sending
 
-`wp --allow-root plugin install --activate wp-mailfrom-ii smtp-uri`
+`wp plugin install --activate wp-mailfrom-ii smtp-uri`
 
-`wp --allow-root eval 'wp_mail("viktor@szepe.net","first outgoing",site_url());'`
+`wp eval 'wp_mail("viktor@szepe.net","first outgoing",site_url());'`
 
 - encode email addresses `antispambot( 'e@ma.il' )`
 - shortest route of delivery, add server as `RELAYCLIENT`
@@ -99,7 +99,7 @@ Mandrill API for WordPress: https://github.com/danielbachhuber/mandrill-wp-mail
 - Front page change notification (hourly)
 - Sucuri SiteCheck (SafeBrowsing), Virustotal (HTTP API, daily)
 - can-send-email (monitoring/cse, 6 hours)
-- Maxumum security: convert website into static HTML files + [formspree](https://formspree.io/)
+- Maximum security: convert website into static HTML files + [formspree](https://formspree.io/)
 
 ### Set up cron jobs
 
@@ -112,7 +112,7 @@ Remove left-over WP-Cron events.
 - General Settings
 - Writing Settings
 - Reading Settings
-- Media Settings (reduce generated image sizes)
+- Media Settings (fewer generated image sizes)
 - Permalink Settings
 - WP Mail From
 
@@ -157,7 +157,7 @@ Check database collation and table storage engines.
 
 See: `alter-table.sql`
 
-`wp --allow-root plugin install --activate wp-sweep`
+`wp plugin install --activate wp-sweep`
 
 Delete transients and object cache.
 
@@ -169,11 +169,11 @@ wp cache flush
 
 Purge cache.
 
-`wp --allow-root w3-total-cache flush`
+`wp w3-total-cache flush`
 
 `ls -l /home/${U}/website/html/static/cache/`
 
-`ls -l /home/${U}/website/pagespeed/; u touch /home/${U}/website/pagespeed/cache.flush`
+`ls -l /home/${U}/website/pagespeed/; touch /home/${U}/website/pagespeed/cache.flush`
 
 Check spam and trash comments.
 
@@ -201,7 +201,7 @@ Keep `git-dir` above document root.
 
 ### Redirect old URL-s (SEO)
 
-`wp --allow-root plugin install --activate safe-redirect-manager`
+`wp plugin install --activate safe-redirect-manager`
 
 `https://www.google.com/search?q=site:${DOMAIN}`
 
@@ -221,6 +221,7 @@ http://google-public-dns.appspot.com/cache
 
 ### Marketing
 
+- [Videos by one person!](https://wistia.com/blog/startup-ceo-makes-videos)
 - External URL-s should open in new window
 - Newsletter subscribe
 - Offer free download
@@ -284,7 +285,7 @@ http://google-public-dns.appspot.com/cache
 - image optimization `jpeg-recompress $JPG $OPTI_JPG`
 - JS, CSS concatenation, minimization `cat small_1.css small_2.css > large.css`
 - conditional, lazy or late loading (slider, map, facebook content, image gallery)
-- light loading: `&controls=2`
+- light loading, e.g. `&controls=2` for YouTube
 - HTTP/2 server push
 
 ### PHP errors
@@ -378,7 +379,7 @@ https://wiki.apache.org/httpd/ListOfErrors
 1. Connected services: trackers, API-s, CDN etc.
 1. Email delivery, also recipient accounts: `can-send-email`
 1. Also for email recipient domains: domain expiry, DNS, blacklist
-1. Speed: https://developers.google.com/speed/pagespeed/insights/ , https://www.webpagetest.org/
+1. Speed: https://developers.google.com/speed/pagespeed/insights/ https://www.webpagetest.org/
 1. Google Search Console
 1. Traffic: Analytics
 1. SEO ranking: SEO Panel
@@ -388,19 +389,22 @@ https://wiki.apache.org/httpd/ListOfErrors
 
 
 1. DB
-1. files
-1. settings (connected services)
-1. auth
+1. Files
+1. Settings (connected services)
+1. Authentication data
 
 
 ## Uninstallation
 
 
-- [Google Search Console](https://www.google.com/webmasters/tools/url-removal)
-- Monitoring
 - Archive for long term
+- Monitoring
 - Backups
 - DNS records
-- Webserver vhost / Placeholder page?
+- Webserver vhost, add placeholder page
+- Files
+- DB
 - Email accounts
+- External resources (3rd party services)
+- [Google Search Console](https://www.google.com/webmasters/tools/url-removal)
 - ... @TODO