From cf56b2a567a1ab3f803922bec0be74677cb373c0 Mon Sep 17 00:00:00 2001 From: alex Date: Tue, 11 Oct 2022 23:32:40 +0200 Subject: [PATCH] base: switch from daily to hourly updates in an event of a security vuln or other bug reports, nodes should get updates as quickly as possible. --- apply.sh | 2 +- base/void-pkg.sh | 11 ----------- base/voidlinux.sh | 30 ++++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 12 deletions(-) delete mode 100755 base/void-pkg.sh create mode 100755 base/voidlinux.sh diff --git a/apply.sh b/apply.sh index 42b09a5..96c520d 100755 --- a/apply.sh +++ b/apply.sh @@ -5,7 +5,7 @@ exit_code=0 # base os -./base/void-pkg.sh || exit 1 +./base/voidlinux.sh || exit 1 # lnd lightning . ./lnd/env diff --git a/base/void-pkg.sh b/base/void-pkg.sh deleted file mode 100755 index de51425..0000000 --- a/base/void-pkg.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -set -e - -xbps-install -y opendoas tar curl diffutils - -if [ ! -f /etc/doas.conf ]; then - cat < /etc/doas.conf -permit nopass root -permit setenv { -ENV PS1=\$DOAS_PS1 SSH_AUTH_SOCK } :wheel -EOF -fi diff --git a/base/voidlinux.sh b/base/voidlinux.sh new file mode 100755 index 0000000..19eb610 --- /dev/null +++ b/base/voidlinux.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# try to ensure sysupdates are running regularily before doing anoything else +xbps-install -y snooze +ln -sfT /etc/sv/snooze-hourly /var/service/snooze-hourly +mkdir -p /etc/cron.hourly +if [ ! -f /etc/cron.hourly/sysupdate ]; then + # may have been previously installed at daily schedule + if [ -f /etc/cron.daily/sysupdate ]; then + mv /etc/cron.daily/sysupdate /etc/cron.hourly/ + else + # run updates approx. every hour + cat < /etc/cron.hourly/sysupdate +#!/bin/sh +exec /ssd/sysupdates/update.sh +EOF + fi +fi +chmod +x /etc/cron.hourly/sysupdate + +# install required packages and config files +set -e +xbps-install -y opendoas tar gzip curl diffutils + +# openbsd's doas util config, a minial replacement of sudo +if [ ! -f /etc/doas.conf ]; then + cat < /etc/doas.conf +permit nopass root +permit setenv { -ENV PS1=\$DOAS_PS1 SSH_AUTH_SOCK } :wheel +EOF +fi