From: mhoellein Date: Tue, 27 Dec 2022 14:45:06 +0000 (+0100) Subject: committing changes in /etc after apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=6c024ed43137a134d344a99d36b4944b8103f1de;p=homeserver committing changes in /etc after apt run Package changes: +libupsclient4 2.7.4-5.1ubuntu2 amd64 +nut 2.7.4-5.1ubuntu2 all +nut-client 2.7.4-5.1ubuntu2 amd64 +nut-server 2.7.4-5.1ubuntu2 amd64 --- diff --git a/.etckeeper b/.etckeeper index 89a47041..4d6205e5 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1188,6 +1188,7 @@ maybe chmod 0755 'avahi/avahi-autoipd.action' maybe chmod 0644 'avahi/avahi-daemon.conf' maybe chmod 0644 'avahi/hosts' maybe chmod 0755 'avahi/services' +maybe chmod 0644 'avahi/services/nut.service' maybe chmod 0644 'avahi/services/udisks.service' maybe chmod 0644 'avrdude.conf' maybe chmod 0644 'avserver.conf' @@ -3391,6 +3392,8 @@ maybe chmod 0755 'init.d/nfs-common' maybe chmod 0755 'init.d/nfs-kernel-server' maybe chmod 0755 'init.d/nmbd' maybe chmod 0755 'init.d/ntp' +maybe chmod 0755 'init.d/nut-client' +maybe chmod 0755 'init.d/nut-server' maybe chmod 0755 'init.d/ondemand' maybe chmod 0755 'init.d/openbsd-inetd' maybe chmod 0755 'init.d/openvpn' @@ -8220,6 +8223,7 @@ maybe chmod 0644 'letsencrypt/csr/3836_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3837_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3838_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3839_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/3840_csr-certbot.pem' maybe chmod 0700 'letsencrypt/keys' maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem' @@ -12062,6 +12066,7 @@ maybe chmod 0600 'letsencrypt/keys/3837_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3838_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3839_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3840_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/3841_key-certbot.pem' maybe chmod 0755 'letsencrypt/live' maybe chmod 0755 'letsencrypt/live/ccu.hoellein.online' maybe chmod 0644 'letsencrypt/live/ccu.hoellein.online/README' @@ -12424,6 +12429,20 @@ maybe chmod 0644 'nginx/snippets/coolwsd.conf' maybe chmod 0644 'nginx/snippets/loolwsd.conf' maybe chmod 0644 'nsswitch.conf' maybe chmod 0644 'ntp.conf' +maybe chgrp 'nut' 'nut' +maybe chmod 0755 'nut' +maybe chgrp 'nut' 'nut/nut.conf' +maybe chmod 0640 'nut/nut.conf' +maybe chgrp 'nut' 'nut/ups.conf' +maybe chmod 0640 'nut/ups.conf' +maybe chgrp 'nut' 'nut/upsd.conf' +maybe chmod 0640 'nut/upsd.conf' +maybe chgrp 'nut' 'nut/upsd.users' +maybe chmod 0640 'nut/upsd.users' +maybe chgrp 'nut' 'nut/upsmon.conf' +maybe chmod 0640 'nut/upsmon.conf' +maybe chgrp 'nut' 'nut/upssched.conf' +maybe chmod 0640 'nut/upssched.conf' maybe chmod 0755 'nxagent' maybe chmod 0644 'nxagent/keystrokes.cfg' maybe chmod 0644 'nxagent/nxagent.keyboard' diff --git a/avahi/services/nut.service b/avahi/services/nut.service new file mode 100644 index 00000000..5ad6b319 --- /dev/null +++ b/avahi/services/nut.service @@ -0,0 +1,34 @@ + + + + + + + + + + %h + + + _nut._tcp + 3493 + + + diff --git a/group b/group index 4e539253..a3bce1ed 100644 --- a/group +++ b/group @@ -12,7 +12,7 @@ uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: -dialout:x:20:asterisk,alexa +dialout:x:20:asterisk,alexa,nut fax:x:21: voice:x:22: cdrom:x:24:mhoellein @@ -106,3 +106,4 @@ Debian-snmp:x:121: cool:x:137: sambauser:x:997: borg:x:5006: +nut:x:159: diff --git a/group- b/group- index 889d959f..5928ce3e 100644 --- a/group- +++ b/group- @@ -105,3 +105,5 @@ nelly:x:5005: Debian-snmp:x:121: cool:x:137: sambauser:x:997: +borg:x:5006: +nut:x:159: diff --git a/gshadow b/gshadow index 79014803..a1b0a131 100644 --- a/gshadow +++ b/gshadow @@ -12,7 +12,7 @@ uucp:*:: man:*:: proxy:*:: kmem:*:: -dialout:*::asterisk,alexa +dialout:*::asterisk,alexa,nut fax:*:: voice:*:: cdrom:*::mhoellein @@ -106,3 +106,4 @@ Debian-snmp:!:: cool:!:: sambauser:!:: borg:!:: +nut:!:: diff --git a/gshadow- b/gshadow- index 5986a2c5..d2cc4145 100644 --- a/gshadow- +++ b/gshadow- @@ -105,3 +105,5 @@ nelly:!:: Debian-snmp:!:: cool:!:: sambauser:!:: +borg:!:: +nut:!:: diff --git a/init.d/nut-client b/init.d/nut-client new file mode 100755 index 00000000..15a9f75f --- /dev/null +++ b/init.d/nut-client @@ -0,0 +1,180 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: nut-client upsmon ups-monitor +# Required-Start: $local_fs $syslog $network $remote_fs +# Required-Stop: $local_fs $syslog $network $remote_fs +# Should-Start: nut-server +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Network UPS Tools monitor initscript +# Description: This script take care of starting and stopping the +# Network UPS Tools monitoring component (upsmon). +### END INIT INFO + +# Author: Arnaud Quette + +PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin + +NAME=nut-client +DESC="NUT - power device monitor and shutdown controller" +CONFIG=/etc/nut/nut.conf +pid_dir=/var/run/nut +upsmon_pid=${pid_dir}/upsmon.pid +upsmon=/sbin/upsmon +log=">/dev/null 2>/dev/null" + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# set upsmon specific options. use "man upsmon" for more info +# this parameter is now located in nut.conf, and not in /etc/default/nut anymore +# FIXME: retrieved from 'nut' script during update +UPSMON_OPTIONS="" + +# Exit if the package is not installed +[ -x "$upsmon" ] || exit 0 + +# Include NUT nut.conf +[ -r $CONFIG ] && . $CONFIG + +# FIXME: put all common bits, between nut-client and nut-server, +# into a common nut-function + +# Explicitly require the configuration to be done in /etc/nut/nut.conf +if [ "x$MODE" = "xnone" -o -z "$MODE" ] ; then + log_action_msg "$NAME disabled, please adjust the configuration to your needs" + log_action_msg "Then set MODE to a suitable value in $CONFIG to enable it" + # exit success to avoid breaking the install process! + exit 0 +fi + +# Check if /var/run/nut exists and has the correct perms +check_var_directory() { + [ ! -d ${pid_dir} ] && mkdir -p ${pid_dir} \ + && chown root:nut ${pid_dir} \ + && chmod 770 ${pid_dir} \ + && [ -x /sbin/restorecon ] && /sbin/restorecon ${pid_dir} +} + +# check if the right components are running +check_status() { + case "$MODE" in + standalone|netserver|netclient) + status_of_proc -p $upsmon_pid $upsmon upsmon + ;; + none|*) + ;; + esac +} + +start_stop_client () { + case "$MODE" in + standalone|netserver|netclient) + # FIXME: for standalone|netserver, ensure 'nut-server status' returns ? + case "$1" in + start) + start-stop-daemon -S -q -p $upsmon_pid -x $upsmon \ + -- $UPSMON_OPTIONS >/dev/null 2>&1 && return 0 || return 1 + ;; + stop) + start-stop-daemon -K -o -q -p $upsmon_pid -n upsmon >/dev/null 2>&1 \ + && return 0 || return 1 + ;; + esac + ;; + none|*) + return 1 + ;; + esac +} + +case "$1" in + + start) + log_daemon_msg "Starting $DESC" "$NAME" + check_var_directory + start_stop_client start + log_end_msg $? + ;; + + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start_stop_client stop + log_end_msg $? + ;; + + reload) + log_daemon_msg "Reloading $DESC" "$NAME" + $upsmon -c reload >/dev/null 2>&1 + log_end_msg $? + ;; + + restart|force-reload) + # FIXME: lack consistency, due to initscript split. + # This only addresses partial reload. + # Full reload requires to: + # - stop nut-client + # - restart (Ie stop+start) nut-server + # - start nut-client + log_daemon_msg "Restarting $DESC" "$NAME" + start_stop_client stop || true + # should then 'start_stop_server stop', Ie /etc/init.d/nut-server stop + #sleep 5 + check_var_directory + # should first 'start_stop_server start', Ie /etc/init.d/nut-server start + start_stop_client start + log_end_msg $? + ;; + + status) + #log_daemon_msg "Checking status of $DESC" + echo "Checking status of $DESC" + check_status + exit $? + ;; + + poweroff) + case "$MODE" in + standalone|netserver) + # Sanity check + flag=`sed -ne 's#^ *POWERDOWNFLAG *\(.*\)$#\1#p' /etc/nut/upsmon.conf` + if [ -z "$flag" ] ; then + log_action_msg "##########################################################" + log_action_msg "## POWERDOWNFLAG is not defined in /etc/nut/upsmon.conf ##" + log_action_msg "## ##" + log_action_msg "## Please read the Manual page upsmon.conf(5) ##" + log_action_msg "##########################################################" + exit 1 + fi + + # Defer to nut-server to actually poweroff the UPS, if needed + # (the need is tested here though!) + if $upsmon -K >/dev/null 2>&1 ; then + log_daemon_msg "UPS poweroff required..." + log_end_msg 0 + if [ -x /etc/init.d/nut-server ] ; then + exec /etc/init.d/nut-server poweroff + else + log_action_msg "Failure: /etc/init.d/nut-server script missing" + fi + else + log_action_msg "Power down flag is not set (UPS poweroff not needed)" + fi + ;; + none|netclient|*) + # nothing to do + log_action_msg "'$MODE' configuration does not require UPS poweroff" + ;; + esac + ;; + + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|reload|restart|force-reload|status|poweroff}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/init.d/nut-server b/init.d/nut-server new file mode 100755 index 00000000..c539bd5e --- /dev/null +++ b/init.d/nut-server @@ -0,0 +1,179 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: nut-server upsd +# Required-Start: $local_fs $syslog $network $remote_fs udev +# Required-Stop: $local_fs $syslog $network $remote_fs udev +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Network UPS Tools initscript +# Description: This script take care of starting and stopping the +# Network UPS Tools components. When needed, it also +# handle the UPS hardware shutdown. +### END INIT INFO + +# Author: Arnaud Quette + +PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin + +NAME=nut-server +DESC="NUT - power devices information server and drivers" +CONFIG=/etc/nut/nut.conf +pid_dir=/var/run/nut +upsd_pid=${pid_dir}/upsd.pid +upsd=/sbin/upsd +upsdrvctl=/sbin/upsdrvctl +log=">/dev/null 2>/dev/null" + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# set upsd specific options. use "man upsd" for more info +# this parameter is now located in nut.conf, and not in /etc/default/nut anymore +# FIXME: retrieved from 'nut' script during update +UPSD_OPTIONS="" + +# Exit if the package is not installed +[ -x "$upsd" ] || exit 0 + +# Include NUT nut.conf +[ -r $CONFIG ] && . $CONFIG + +# Explicitly require the configuration to be done in /etc/nut/nut.conf +# redundant with nut-client +if [ "x$MODE" = "xnone" -o -z "$MODE" ] ; then + log_action_msg "$NAME disabled, please adjust the configuration to your needs" + log_action_msg "Then set MODE to a suitable value in $CONFIG to enable it" + # exit success to avoid breaking the install process! + exit 0 +fi + +# Check if /var/run/nut exists and has the correct perms +check_var_directory() { + [ ! -d ${pid_dir} ] && mkdir -p ${pid_dir} \ + && chown root:nut ${pid_dir} \ + && chmod 770 ${pid_dir} \ + && [ -x /sbin/restorecon ] && /sbin/restorecon ${pid_dir} +} + +# check if the right components are running +check_status() { + case "$MODE" in + standalone|netserver) + status_of_proc -p $upsd_pid $upsd upsd + # FIXME: need driver(s) status too! + ;; + none|netclient|*) + # defered to nut-client + #status_of_proc -p $upsmon_pid $upsmon upsmon + ;; + esac +} + +start_stop_server () { + case "$MODE" in + standalone|netserver) + case "$1" in + start) + # First, start driver(s) + ! $upsdrvctl start >/dev/null 2>&1 && \ + log_progress_msg " (driver(s) failed)." || log_progress_msg " driver(s)." + # Then, data server (upsd) + start-stop-daemon -S -p $upsd_pid -x $upsd \ + -- $UPSD_OPTIONS >/dev/null 2>&1 && + log_progress_msg "upsd" || log_progress_msg "(upsd failed)" + ;; + stop) + # FIXME: should stop nut-client first! + # Reverse order for stop + start-stop-daemon -K -o -p $upsd_pid -n upsd && #>/dev/null 2>&1 && + log_progress_msg "upsd" || log_progress_msg "(upsd failed)" + ! /sbin/upsdrvctl stop >/dev/null 2>&1 && \ + log_progress_msg "(driver(s) failed)" || log_progress_msg "driver(s)" + ;; + esac + ;; + none|netclient|*) + # now handled by nut-client + return 1 + ;; + esac +} + +case "$1" in + + start) + log_daemon_msg "Starting $DESC" + check_var_directory + start_stop_server start #&& log_progress_msg "upsd" + #start_stop_client start && log_progress_msg "upsmon" + log_end_msg 0 + ;; + + stop) + log_daemon_msg "Stopping $DESC" + start_stop_server stop #&& log_progress_msg "upsd" + #start_stop_client stop && log_progress_msg "upsmon" + log_end_msg 0 + ;; + + reload) + $upsd -c reload >/dev/null 2>&1 + #$upsmon -c reload >/dev/null 2>&1 + ;; + + restart|force-reload) + log_daemon_msg "Restarting $DESC" + #start_stop_client stop + start_stop_server stop + sleep 5 + check_var_directory + start_stop_server start #&& log_progress_msg "upsd" + #start_stop_client start && log_progress_msg "upsmon" + log_end_msg 0 + ;; + + status) + #log_daemon_msg "Checking status of $DESC" + echo "Checking status of $DESC" + check_status + exit $? + ;; + + poweroff) + wait_delay=`sed -ne 's#^ *POWEROFF_WAIT= *\(.*\)$#\1#p' /etc/nut/nut.conf` + # UPS poweroff action is actually done here. + # But nut-monitor (Ie nut-client) does the check and call nut-server if needed! + # This action MUST NOT be called directly, and thus is not exposed in 'Usage' + case "$MODE" in + standalone|netserver) + log_daemon_msg "Shutting down the UPS ..." + if $upsdrvctl shutdown ; then + # FIXME (needed?): sleep 5 + log_progress_msg "Waiting for UPS to cut the power" + log_end_msg 0 + else + log_progress_msg "Shutdown failed." + log_progress_msg "Waiting for UPS batteries to run down" + log_end_msg 0 + fi + if [ -n "$wait_delay" ] ; then + log_daemon_msg " (will reboot after $wait_delay) ..." + sleep "$wait_delay" + invoke-rc.d reboot stop + fi + ;; + none|netclient|*) + # nothing to do + ;; + esac + ;; + + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|reload|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/init.d/ups-monitor b/init.d/ups-monitor index d9d64e0c..8592e422 120000 --- a/init.d/ups-monitor +++ b/init.d/ups-monitor @@ -1 +1 @@ -../apcupsd/ups-monitor \ No newline at end of file +nut-client \ No newline at end of file diff --git a/letsencrypt/csr/3840_csr-certbot.pem b/letsencrypt/csr/3840_csr-certbot.pem new file mode 100644 index 00000000..2d2c16c3 --- /dev/null +++ b/letsencrypt/csr/3840_csr-certbot.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtI +RduFeXJFooF+ynGeS6Ou13JLEJGJKCwtVHCZdjU+RHaEk3r/w8S0D/fAQU1VRP9u +LhC/7DfYRLEYw9sQtSpRAHIizUOW99GrV16cRcymG8Q1gfWyr12ZIy8BStTjHR9T +G4kkd8y0Jila2vWiJvDzqoboAOMsW8wu1BFx/ZqTNB1jYyyQRCycKXVoxk/7eQIR +FTSms+9amBzNm4BaXPHxqjcK6iPNmJNhU93IjqT+Wk8ndIduT4vli6lpI1jUlyiM +A3YmFnw+wFiAsSuo4Nd6YcyYocRPX682D5e8jC04pzkrYbRhLENfxp5k0GlY03AG +E6WqLTEjCQCX66LtKZcCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw +FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQAA2hGmPRpg +jf0AQLRCSppI8GgUdWYxhALl/wpq9rA4ETtzI7nBW+B6ShjJom9Ixft/8n2o3wAY +PWx6WWc2lEgO2IRWmytbZkKZe28sJFJF6Z+XvWIx1c1CxHivh8xYVhnKEqMBJ+ja +c+55wMURtDYaonZdrbJbeARSWIyWtHNthSeEQRPQ86rz+h2Mvwogd2/SIK8rU+JZ +8nM3xnvobLF9ThOH8s5gttnZOZ1kdZMJJ924yEHQdoz8b8lFKdW6CWh1A6ALmCjy +cSHEUXiG4sJx7Zqp9YmkhPWi2TJ7UPfYG/T427ilDcInY6s158ysIIqseexVN0XW +BIik9/pWhuHQ +-----END CERTIFICATE REQUEST----- diff --git a/letsencrypt/keys/3841_key-certbot.pem b/letsencrypt/keys/3841_key-certbot.pem new file mode 100644 index 00000000..c50de5bf --- /dev/null +++ b/letsencrypt/keys/3841_key-certbot.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC7SEXbhXlyRaKB +fspxnkujrtdySxCRiSgsLVRwmXY1PkR2hJN6/8PEtA/3wEFNVUT/bi4Qv+w32ESx +GMPbELUqUQByIs1DlvfRq1denEXMphvENYH1sq9dmSMvAUrU4x0fUxuJJHfMtCYp +Wtr1oibw86qG6ADjLFvMLtQRcf2akzQdY2MskEQsnCl1aMZP+3kCERU0prPvWpgc +zZuAWlzx8ao3CuojzZiTYVPdyI6k/lpPJ3SHbk+L5YupaSNY1JcojAN2JhZ8PsBY +gLErqODXemHMmKHET1+vNg+XvIwtOKc5K2G0YSxDX8aeZNBpWNNwBhOlqi0xIwkA +l+ui7SmXAgMBAAECggEBALDKtvdVdqHCzncD48OBtNGdeVAxQEDCgyPA3tc0Zvw3 +/ZUL7dTMoFeNyw0Ldhm0ht/BeMbjBfBpvd6YDDs9+Gcr9AnKhI5rcyGAZ4euac2Y +eNmt0TLJLPZkW2xCAgwZISKy52l8/YJGBUhAtjXujmgi/TVAyaWp+DY1dofJXaeN +9NvKO96gomyFW+4uYWf88zdechCIbKHgETyWag1NBhNv4wLZUaZesRdCls0CN+0G +y60s+6ByPCiaczp3yMu7Wok3rIzExlHwS7hzH37pbwi7iP3Rjtq4juS4k5HFFmmU +7ayt13ZE1S3IiyAt5/Sr5IkepNR1bH51GRvkKzjtafECgYEA201gF949KR/WRV9r +yAYLmml/jfBrg4QvFIoIHbMRRaMcT0M5RKaDyiCUAaPYcTwC4zf/xsYiZTdlgG8g +/ttBCIMCAahx23sunZeiSdUU0p/JgDblxiJhQNwb1WnMYWjiT/zgDCS6DfMvz8+d +o4dfAl9G2Ij6mhFqFVeViXIy8q0CgYEA2p80fwCUCNAtabg2UHNwfUcZ9bR+Eg+r +DM+LD4BOcrsAEMv+YlkQJE/Hj5X8tP7bVcWGzJf3jlsgbrekSCD3xyLLdEhuT4zm +M/Key4B74beRjs+194eU+1LipQ/aM7GlBfehdiKEQQ2ZpwqGsETy1cUuxB/Hrbkr +J0gPPWH1WdMCgYEAmU3v3P+ZFcSRz5EzEXNYbStO5fSp1Bh1qRANOGXTrzClO6us +vxcAji5UCQl250GiayDchyI/LS6aoDwPftnbDo42ut38Kghkv/oekyqIEe1tuVmn +Kukhv2ufcYMyQu5FNtF59kM+ZT4ZsFZcxtJ9UnU0W272cPm3hQ/jE2BnyUkCgYEA +sc7GbXzU6Y4XQWK3mhsppFqNvI698oaXweWS3lqmcx2wYfjnvqldPYs9bYS5caPO +VCZBCmmWyEtJR4NIs/lMTMP54Wt/fGfGWv27NRwcpWodkp9RCi9VdkrlVwZbm6uh +4gaTZXeRRS+AhqFDBl4tervS22RVjO+LL3mmG3Bukk0CgYEA2JCt2CZpwcu/irVm +cnIsqITM3b8UfI7OBfHYAPRv5UszFjvUFReDbana8eWUCekUj8pfN8mhT46h1ZIt +AFDdksd/8dCHMfB0AFKPnsD7x1lbL9M9HR/jICR+VQktj/V+/J6EJ2GgHaIajFPs +hbv/8fU5t+Lnma5YtLWUHfbIEuc= +-----END PRIVATE KEY----- diff --git a/nut/nut.conf b/nut/nut.conf new file mode 100644 index 00000000..93098256 --- /dev/null +++ b/nut/nut.conf @@ -0,0 +1,32 @@ +# Network UPS Tools: example nut.conf +# +############################################################################## +# General section +############################################################################## +# The MODE determines which part of the NUT is to be started, and which +# configuration files must be modified. +# +# This file try to standardize the various files being found in the field, like +# /etc/default/nut on Debian based systems, /etc/sysconfig/ups on RedHat based +# systems, ... Distribution's init script should source this file to see which +# component(s) has to be started. +# +# The values of MODE can be: +# - none: NUT is not configured, or use the Integrated Power Management, or use +# some external system to startup NUT components. So nothing is to be started. +# - standalone: This mode address a local only configuration, with 1 UPS +# protecting the local system. This implies to start the 3 NUT layers (driver, +# upsd and upsmon) and the matching configuration files. This mode can also +# address UPS redundancy. +# - netserver: same as for the standalone configuration, but also need +# some more network access controls (firewall, tcp-wrappers) and possibly a +# specific LISTEN directive in upsd.conf. +# Since this MODE is opened to the network, a special care should be applied +# to security concerns. +# - netclient: this mode only requires upsmon. +# +# IMPORTANT NOTE: +# This file is intended to be sourced by shell scripts. +# You MUST NOT use spaces around the equal sign! + +MODE=none diff --git a/nut/ups.conf b/nut/ups.conf new file mode 100644 index 00000000..3ea13548 --- /dev/null +++ b/nut/ups.conf @@ -0,0 +1,140 @@ +# Network UPS Tools: example ups.conf +# +# --- SECURITY NOTE --- +# +# If you use snmp-ups and set a community string in here, you +# will have to secure this file to keep other users from obtaining +# that string. It needs to be readable by upsdrvctl and any drivers, +# and by upsd. +# +# --- +# +# This is where you configure all the UPSes that this system will be +# monitoring directly. These are usually attached to serial ports, but +# USB devices and SNMP devices are also supported. +# +# This file is used by upsdrvctl to start and stop your driver(s), and +# is also used by upsd to determine which drivers to monitor. The +# drivers themselves also read this file for configuration directives. +# +# The general form is: +# +# [upsname] +# driver = +# port = +# < any other directives here > +# +# The section header ([upsname]) can be just about anything as long as +# it is a single word inside brackets. upsd uses this to uniquely +# identify a UPS on this system. +# +# If you have a UPS called snoopy, your section header would be "[snoopy]". +# On a system called "doghouse", the line in your upsmon.conf to monitor +# it would look something like this: +# +# MONITOR snoopy@doghouse 1 upsmonuser mypassword master +# +# It might look like this if monitoring in slave mode: +# +# MONITOR snoopy@doghouse 1 upsmonuser mypassword slave +# +# Configuration directives +# ------------------------ +# +# These directives are used by upsdrvctl only and should be specified outside +# of a driver definition: +# +# maxretry: Optional. Specify the number of attempts to start the driver(s), +# in case of failure, before giving up. A delay of 'retrydelay' is +# inserted between each attempt. Caution should be taken when using +# this option, since it can impact the time taken by your system to +# start. +# +# The default is 1 attempt. +# +# retrydelay: Optional. Specify the delay between each restart attempt of the +# driver(s), as specified by 'maxretry'. Caution should be taken +# when using this option, since it can impact the time taken by your +# system to start. +# +# The default is 5 seconds. +# +# These directives are common to all drivers that support ups.conf: +# +# driver: REQUIRED. Specify the program to run to talk to this UPS. +# apcsmart, bestups, and sec are some examples. +# +# port: REQUIRED. The serial port where your UPS is connected. +# /dev/ttyS0 is usually the first port on Linux boxes, for example. +# +# sdorder: optional. When you have multiple UPSes on your system, you +# usually need to turn them off in a certain order. upsdrvctl +# shuts down all the 0s, then the 1s, 2s, and so on. To exclude +# a UPS from the shutdown sequence, set this to -1. +# +# The default value for this parameter is 0. +# +# nolock: optional, and not recommended for use in this file. +# +# If you put nolock in here, the driver will not lock the +# serial port every time it starts. This may allow other +# processes to seize the port if you start more than one by +# mistake. +# +# This is only intended to be used on systems where locking +# absolutely must be disabled for the software to work. +# +# maxstartdelay: optional. This can be set as a global variable +# above your first UPS definition and it can also be +# set in a UPS section. This value controls how long +# upsdrvctl will wait for the driver to finish starting. +# This keeps your system from getting stuck due to a +# broken driver or UPS. +# +# The default is 45 seconds. +# +# synchronous: optional. The driver work by default in asynchronous +# mode (i.e *synchronous=no*). This means that all data +# are pushed by the driver on the communication socket to +# upsd (Unix socket on Unix, Named pipe on Windows) without +# waiting for these data to be actually consumed. With +# some HW, such as ePDUs, that can produce a lot of data, +# asynchronous mode may cause some congestion, resulting in +# the socket to be full, and the driver to appear as not +# connected. By enabling the 'synchronous' flag +# (value = 'yes'), the driver will wait for data to be +# consumed by upsd, prior to publishing more. This can be +# enabled either globally or per driver. +# +# The default is 'no' (i.e. asynchronous mode) for backward +# compatibility of the driver behavior. +# +# Anything else is passed through to the hardware-specific part of +# the driver. +# +# Examples +# -------- +# +# A simple example for a UPS called "powerpal" that uses the blazer_ser +# driver on /dev/ttyS0 is: +# +# [powerpal] +# driver = blazer_ser +# port = /dev/ttyS0 +# desc = "Web server" +# +# If your UPS driver requires additional settings, you can specify them +# here. For example, if it supports a setting of "1234" for the +# variable "cable", it would look like this: +# +# [myups] +# driver = mydriver +# port = /dev/ttyS1 +# cable = 1234 +# desc = "Something descriptive" +# +# To find out if your driver supports any extra settings, start it with +# the -h option and/or read the driver's documentation. + +# Set maxretry to 3 by default, this should mitigate race with slow devices: +maxretry = 3 diff --git a/nut/upsd.conf b/nut/upsd.conf new file mode 100644 index 00000000..72927776 --- /dev/null +++ b/nut/upsd.conf @@ -0,0 +1,109 @@ +# Network UPS Tools: example upsd configuration file +# +# This file contains access control data, you should keep it secure. +# +# It should only be readable by the user that upsd becomes. See the FAQ. +# +# Each entry below provides usage and default value. + +# ======================================================================= +# MAXAGE +# MAXAGE 15 +# +# This defaults to 15 seconds. After a UPS driver has stopped updating +# the data for this many seconds, upsd marks it stale and stops making +# that information available to clients. After all, the only thing worse +# than no data is bad data. +# +# You should only use this if your driver has difficulties keeping +# the data fresh within the normal 15 second interval. Watch the syslog +# for notifications from upsd about staleness. + +# ======================================================================= +# STATEPATH +# STATEPATH /var/run/nut +# +# Tell upsd to look for the driver state sockets in 'path' rather +# than the default that was compiled into the program. + +# ======================================================================= +# LISTEN
[] +# LISTEN 127.0.0.1 3493 +# LISTEN ::1 3493 +# +# This defaults to the localhost listening addresses and port 3493. +# In case of IP v4 or v6 disabled kernel, only the available one will be used. +# +# You may specify each interface you want upsd to listen on for connections, +# optionally with a port number. +# +# You may need this if you have multiple interfaces on your machine and +# you don't want upsd to listen to all interfaces (for instance on a +# firewall, you may not want to listen to the external interface). +# +# This will only be read at startup of upsd. If you make changes here, +# you'll need to restart upsd, reload will have no effect. + +# ======================================================================= +# MAXCONN +# MAXCONN 1024 +# +# This defaults to maximum number allowed on your system. Each UPS, each +# LISTEN address and each client count as one connection. If the server +# runs out of connections, it will no longer accept new incoming client +# connections. Only set this if you know exactly what you're doing. + +# ======================================================================= +# CERTFILE +# CERTFILE /usr/local/ups/etc/upsd.pem +# +# When compiled with SSL support with OpenSSL backend, +# you can enter the certificate file here. +# The certificates must be in PEM format and must be sorted starting with +# the subject's certificate (server certificate), followed by intermediate +# CA certificates (if applicable_ and the highest level (root) CA. It should +# end with the server key. See 'docs/security.txt' or the Security chapter of +# NUT user manual for more information on the SSL support in NUT. +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# ======================================================================= +# CERTPATH +# CERTPATH /usr/local/ups/etc/cert/upsd +# +# When compiled with SSL support with NSS backend, +# you can enter the certificate path here. +# Certificates are stored in a dedicated database (splitted in 3 files). +# Specify the path of the database directory. +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# ======================================================================= +# CERTIDENT +# CERTIDENT "my nut server" "MyPasSw0rD" +# +# When compiled with SSL support with NSS backend, +# you can specify the certificate name to retrieve from database to +# authenticate itself and the password +# required to access certificate related private key. +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# ======================================================================= +# CERTREQUEST +# CERTREQUEST REQUIRE +# +# When compiled with SSL support with NSS backend and client certificate +# validation (disabled by default, see 'docs/security.txt'), +# you can specify if upsd requests or requires client's' certificates. +# Possible values are : +# - 0 to not request to clients to provide any certificate +# - 1 to require to all clients a certificate +# - 2 to require to all clients a valid certificate +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + diff --git a/nut/upsd.users b/nut/upsd.users new file mode 100644 index 00000000..ec78eb55 --- /dev/null +++ b/nut/upsd.users @@ -0,0 +1,72 @@ +# Network UPS Tools: Example upsd.users +# +# This file sets the permissions for upsd - the UPS network daemon. +# Users are defined here, are given passwords, and their privileges are +# controlled here too. Since this file will contain passwords, keep it +# secure, with only enough permissions for upsd to read it. + +# -------------------------------------------------------------------------- + +# Each user gets a section. To start a section, put the username in +# brackets on a line by itself. To set something for that user, specify +# it under that section heading. The username is case-sensitive, so +# admin and AdMiN are two different users. +# +# Possible settings: +# +# password: The user's password. This is case-sensitive. +# +# -------------------------------------------------------------------------- +# +# actions: Let the user do certain things with upsd. +# +# Valid actions are: +# +# SET - change the value of certain variables in the UPS +# FSD - set the "forced shutdown" flag in the UPS +# +# -------------------------------------------------------------------------- +# +# instcmds: Let the user initiate specific instant commands. Use "ALL" +# to grant all commands automatically. There are many possible +# commands, so use 'upscmd -l' to see what your hardware supports. Here +# are a few examples: +# +# test.panel.start - Start a front panel test +# test.battery.start - Start battery test +# test.battery.stop - Stop battery test +# calibrate.start - Start calibration +# calibrate.stop - Stop calibration +# +# -------------------------------------------------------------------------- +# +# Example: +# +# [admin] +# password = mypass +# actions = SET +# instcmds = ALL +# + +# +# --- Configuring for a user who can execute tests only +# +# [testuser] +# password = pass +# instcmds = test.battery.start +# instcmds = test.battery.stop + +# +# --- Configuring for upsmon +# +# To add a user for your upsmon, use this example: +# +# [upsmon] +# password = pass +# upsmon master +# or +# upsmon slave +# +# The matching MONITOR line in your upsmon.conf would look like this: +# +# MONITOR myups@localhost 1 upsmon pass master (or slave) diff --git a/nut/upsmon.conf b/nut/upsmon.conf new file mode 100644 index 00000000..f3a08629 --- /dev/null +++ b/nut/upsmon.conf @@ -0,0 +1,380 @@ +# Network UPS Tools: example upsmon configuration +# +# This file contains passwords, so keep it secure. + +# -------------------------------------------------------------------------- +# RUN_AS_USER +# +# By default, upsmon splits into two processes. One stays as root and +# waits to run the SHUTDOWNCMD. The other one switches to another userid +# and does everything else. +# +# The default nonprivileged user is set at compile-time with +# 'configure --with-user=...'. +# +# You can override it with '-u ' when starting upsmon, or just +# define it here for convenience. +# +# Note: if you plan to use the reload feature, this file (upsmon.conf) +# must be readable by this user! Since it contains passwords, DO NOT +# make it world-readable. Also, do not make it writable by the upsmon +# user, since it creates an opportunity for an attack by changing the +# SHUTDOWNCMD to something malicious. +# +# For best results, you should create a new normal user like "nutmon", +# and make it a member of a "nut" group or similar. Then specify it +# here and grant read access to the upsmon.conf for that group. +# +# This user should not have write access to upsmon.conf. +# +# RUN_AS_USER nut + +# -------------------------------------------------------------------------- +# MONITOR ("master"|"slave") +# +# List systems you want to monitor. Not all of these may supply power +# to the system running upsmon, but if you want to watch it, it has to +# be in this section. +# +# You must have at least one of these declared. +# +# is a UPS identifier in the form @[:] +# like ups@localhost, su700@mybox, etc. +# +# Examples: +# +# - "su700@mybox" means a UPS called "su700" on a system called "mybox" +# +# - "fenton@bigbox:5678" is a UPS called "fenton" on a system called +# "bigbox" which runs upsd on port "5678". +# +# The UPS names like "su700" and "fenton" are set in your ups.conf +# in [brackets] which identify a section for a particular driver. +# +# If the ups.conf on host "doghouse" has a section called "snoopy", the +# identifier for it would be "snoopy@doghouse". +# +# is an integer - the number of power supplies that this UPS +# feeds on this system. Most computers only have one power supply, so this +# is normally set to 1. You need a pretty big or special box to have any +# other value here. +# +# You can also set this to 0 for a system that doesn't supply any power, +# but you still want to monitor. Use this when you want to hear about +# changes for a given UPS without shutting down when it goes critical, +# unless is 0. +# +# and must match an entry in that system's +# upsd.users. If your username is "monmaster" and your password is +# "blah", the upsd.users would look like this: +# +# [monmaster] +# password = blah +# upsmon master (or slave) +# +# "master" means this system will shutdown last, allowing the slaves +# time to shutdown first. +# +# "slave" means this system shuts down immediately when power goes critical. +# +# Examples: +# +# MONITOR myups@bigserver 1 monmaster blah master +# MONITOR su700@server.example.com 1 upsmon secretpass slave +# MONITOR myups@localhost 1 upsmon pass master (or slave) + +# -------------------------------------------------------------------------- +# MINSUPPLIES +# +# Give the number of power supplies that must be receiving power to keep +# this system running. Most systems have one power supply, so you would +# put "1" in this field. +# +# Large/expensive server type systems usually have more, and can run with +# a few missing. The HP NetServer LH4 can run with 2 out of 4, for example, +# so you'd set that to 2. The idea is to keep the box running as long +# as possible, right? +# +# Obviously you have to put the redundant supplies on different UPS circuits +# for this to make sense! See big-servers.txt in the docs subdirectory +# for more information and ideas on how to use this feature. + +MINSUPPLIES 1 + +# -------------------------------------------------------------------------- +# SHUTDOWNCMD "" +# +# upsmon runs this command when the system needs to be brought down. +# +# This should work just about everywhere ... if it doesn't, well, change it. + +SHUTDOWNCMD "/sbin/shutdown -h +0" + +# -------------------------------------------------------------------------- +# NOTIFYCMD +# +# upsmon calls this to send messages when things happen +# +# This command is called with the full text of the message as one argument. +# The environment string NOTIFYTYPE will contain the type string of +# whatever caused this event to happen. +# +# Note that this is only called for NOTIFY events that have EXEC set with +# NOTIFYFLAG. See NOTIFYFLAG below for more details. +# +# Making this some sort of shell script might not be a bad idea. For more +# information and ideas, see docs/scheduling.txt +# +# Example: +# NOTIFYCMD /bin/notifyme + +# -------------------------------------------------------------------------- +# POLLFREQ +# +# Polling frequency for normal activities, measured in seconds. +# +# Adjust this to keep upsmon from flooding your network, but don't make +# it too high or it may miss certain short-lived power events. + +POLLFREQ 5 + +# -------------------------------------------------------------------------- +# POLLFREQALERT +# +# Polling frequency in seconds while UPS on battery. +# +# You can make this number lower than POLLFREQ, which will make updates +# faster when any UPS is running on battery. This is a good way to tune +# network load if you have a lot of these things running. +# +# The default is 5 seconds for both this and POLLFREQ. + +POLLFREQALERT 5 + +# -------------------------------------------------------------------------- +# HOSTSYNC - How long upsmon will wait before giving up on another upsmon +# +# The master upsmon process uses this number when waiting for slaves to +# disconnect once it has set the forced shutdown (FSD) flag. If they +# don't disconnect after this many seconds, it goes on without them. +# +# Similarly, upsmon slave processes wait up to this interval for the +# master upsmon to set FSD when a UPS they are monitoring goes critical - +# that is, on battery and low battery. If the master doesn't do its job, +# the slaves will shut down anyway to avoid damage to the file systems. +# +# This "wait for FSD" is done to avoid races where the status changes +# to critical and back between polls by the master. + +HOSTSYNC 15 + +# -------------------------------------------------------------------------- +# DEADTIME - Interval to wait before declaring a stale ups "dead" +# +# upsmon requires a UPS to provide status information every few seconds +# (see POLLFREQ and POLLFREQALERT) to keep things updated. If the status +# fetch fails, the UPS is marked stale. If it stays stale for more than +# DEADTIME seconds, the UPS is marked dead. +# +# A dead UPS that was last known to be on battery is assumed to have gone +# to a low battery condition. This may force a shutdown if it is providing +# a critical amount of power to your system. +# +# Note: DEADTIME should be a multiple of POLLFREQ and POLLFREQALERT. +# Otherwise you'll have "dead" UPSes simply because upsmon isn't polling +# them quickly enough. Rule of thumb: take the larger of the two +# POLLFREQ values, and multiply by 3. + +DEADTIME 15 + +# -------------------------------------------------------------------------- +# POWERDOWNFLAG - Flag file for forcing UPS shutdown on the master system +# +# upsmon will create a file with this name in master mode when it's time +# to shut down the load. You should check for this file's existence in +# your shutdown scripts and run 'upsdrvctl shutdown' if it exists. +# +# See the config-notes.txt file in the docs subdirectory for more information. +# Refer to the section: +# [[UPS_shutdown]] "Configuring automatic shutdowns for low battery events" +# or refer to the online version. + +POWERDOWNFLAG /etc/killpower + +# -------------------------------------------------------------------------- +# NOTIFYMSG - change messages sent by upsmon when certain events occur +# +# You can change the default messages to something else if you like. +# +# NOTIFYMSG "message" +# +# NOTIFYMSG ONLINE "UPS %s on line power" +# NOTIFYMSG ONBATT "UPS %s on battery" +# NOTIFYMSG LOWBATT "UPS %s battery is low" +# NOTIFYMSG FSD "UPS %s: forced shutdown in progress" +# NOTIFYMSG COMMOK "Communications with UPS %s established" +# NOTIFYMSG COMMBAD "Communications with UPS %s lost" +# NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" +# NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced" +# NOTIFYMSG NOCOMM "UPS %s is unavailable" +# NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible" +# +# Note that %s is replaced with the identifier of the UPS in question. +# +# Possible values for : +# +# ONLINE : UPS is back online +# ONBATT : UPS is on battery +# LOWBATT : UPS has a low battery (if also on battery, it's "critical") +# FSD : UPS is being shutdown by the master (FSD = "Forced Shutdown") +# COMMOK : Communications established with the UPS +# COMMBAD : Communications lost to the UPS +# SHUTDOWN : The system is being shutdown +# REPLBATT : The UPS battery is bad and needs to be replaced +# NOCOMM : A UPS is unavailable (can't be contacted for monitoring) +# NOPARENT : The process that shuts down the system has died (shutdown impossible) + +# -------------------------------------------------------------------------- +# NOTIFYFLAG - change behavior of upsmon when NOTIFY events occur +# +# By default, upsmon sends walls (global messages to all logged in users) +# and writes to the syslog when things happen. You can change this. +# +# NOTIFYFLAG [+][+] ... +# +# NOTIFYFLAG ONLINE SYSLOG+WALL +# NOTIFYFLAG ONBATT SYSLOG+WALL +# NOTIFYFLAG LOWBATT SYSLOG+WALL +# NOTIFYFLAG FSD SYSLOG+WALL +# NOTIFYFLAG COMMOK SYSLOG+WALL +# NOTIFYFLAG COMMBAD SYSLOG+WALL +# NOTIFYFLAG SHUTDOWN SYSLOG+WALL +# NOTIFYFLAG REPLBATT SYSLOG+WALL +# NOTIFYFLAG NOCOMM SYSLOG+WALL +# NOTIFYFLAG NOPARENT SYSLOG+WALL +# +# Possible values for the flags: +# +# SYSLOG - Write the message in the syslog +# WALL - Write the message to all users on the system +# EXEC - Execute NOTIFYCMD (see above) with the message +# IGNORE - Don't do anything +# +# If you use IGNORE, don't use any other flags on the same line. + +# -------------------------------------------------------------------------- +# RBWARNTIME - replace battery warning time in seconds +# +# upsmon will normally warn you about a battery that needs to be replaced +# every 43200 seconds, which is 12 hours. It does this by triggering a +# NOTIFY_REPLBATT which is then handled by the usual notify structure +# you've defined above. +# +# If this number is not to your liking, override it here. + +RBWARNTIME 43200 + +# -------------------------------------------------------------------------- +# NOCOMMWARNTIME - no communications warning time in seconds +# +# upsmon will let you know through the usual notify system if it can't +# talk to any of the UPS entries that are defined in this file. It will +# trigger a NOTIFY_NOCOMM by default every 300 seconds unless you +# change the interval with this directive. + +NOCOMMWARNTIME 300 + +# -------------------------------------------------------------------------- +# FINALDELAY - last sleep interval before shutting down the system +# +# On a master, upsmon will wait this long after sending the NOTIFY_SHUTDOWN +# before executing your SHUTDOWNCMD. If you need to do something in between +# those events, increase this number. Remember, at this point your UPS is +# almost depleted, so don't make this too high. +# +# Alternatively, you can set this very low so you don't wait around when +# it's time to shut down. Some UPSes don't give much warning for low +# battery and will require a value of 0 here for a safe shutdown. +# +# Note: If FINALDELAY on the slave is greater than HOSTSYNC on the master, +# the master will give up waiting for the slave to disconnect. + +FINALDELAY 5 + +# -------------------------------------------------------------------------- +# CERTPATH - path to certificates (database directory or directory with CA's) +# +# When compiled with SSL support, you can enter the certificate path here. +# +# With NSS: +# Certificates are stored in a dedicated database (splitted in 3 files). +# Specify the path of the database directory. +# +# CERTPATH /etc/nut/cert/upsmon +# +# With OpenSSL: +# Directory containing CA certificates in PEM format, used to verify +# the server certificate presented by the upsd server. The files each +# contain one CA certificate. The files are looked up by the CA subject +# name hash value, which must hence be available. +# +# CERTPATH /usr/ssl/certs +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# -------------------------------------------------------------------------- +# CERTIDENT - self certificate name and database password +# CERTIDENT +# +# When compiled with SSL support with NSS, you can specify the certificate +# name to retrieve from database to authenticate itself and the password +# required to access certificate related private key. +# +# CERTIDENT "my nut monitor" "MyPasSw0rD" +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# -------------------------------------------------------------------------- +# CERTHOST - security properties for an host +# CERTHOST +# +# When compiled with SSL support with NSS, you can specify security directive +# for each server you can contact. +# Each entry maps server name with the expected certificate name and flags +# indicating if the server certificate is verified and if the connection +# must be secure. +# +# CERTHOST localhost "My nut server" 1 1 +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# -------------------------------------------------------------------------- +# CERTVERIFY - make upsmon verify all connections with certificates +# CERTVERIFY 1 +# +# When compiled with SSL support, make upsmon verify all connections with +# certificates. +# Without this, there is no guarantee that the upsd is the right host. +# Enabling this greatly reduces the risk of man in the middle attacks. +# This effectively forces the use of SSL, so don't use this unless +# all of your upsd hosts are ready for SSL and have their certificates +# in order. +# When compiled with NSS support of SSL, can be overriden for host +# specified with a CERTHOST directive. + + +# -------------------------------------------------------------------------- +# FORCESSL - force upsmon to use SSL +# FORCESSL 1 +# +# When compiled with SSL, specify that a secured connection must be used +# to communicate with upsd. +# If you don't use 'CERTVERIFY 1', then this will at least make sure +# that nobody can sniff your sessions without a large effort. Setting +# this will make upsmon drop connections if the remote upsd doesn't +# support SSL, so don't use it unless all of them have it running. +# When compiled with NSS support of SSL, can be overriden for host +# specified with a CERTHOST directive. diff --git a/nut/upssched.conf b/nut/upssched.conf new file mode 100644 index 00000000..fe6de6a2 --- /dev/null +++ b/nut/upssched.conf @@ -0,0 +1,113 @@ +# Network UPS Tools - upssched.conf sample file +# +# ============================================================================ +# +# CMDSCRIPT +# +# This script gets called to invoke commands for timers that trigger. +# It is given a single argument - the in your +# AT ... START-TIMER defines. +# +# *** This must be defined *before* the first AT line. Otherwise the +# program will complain and exit without doing anything. +# +# A shell script with a big case..esac construct should work nicely for this. +# An example has been provided to help you get started. + +CMDSCRIPT /bin/upssched-cmd + +# ============================================================================ +# +# PIPEFN +# +# This sets the file name of the FIFO that will pass communications between +# processes to start and stop timers. This should be set to some path where +# normal users can't create the file, due to the possibility of symlinking +# and other evil. +# +# Note: if you are running Solaris or similar, the permissions that +# upssched sets on this file *are not enough* to keep you safe. If +# your OS ignores the permissions on a FIFO, then you MUST put this in +# a protected directory! +# +# Note 2: by default, upsmon will run upssched as whatever user you have +# defined with RUN_AS_USER in upsmon.conf. Make sure that user can +# create files and write to files in the path you use for PIPEFN and +# LOCKFN. +# +# My recommendation: create a special directory for upssched, make it +# owned by your upsmon user, then use it for both. +# +# This is commented out by default to make you visit this file and think +# about how your system works before potentially opening a hole. +# +# PIPEFN /var/run/nut/upssched/upssched.pipe + +# ============================================================================ +# +# LOCKFN +# +# REQUIRED. This was added after version 1.2.1. +# +# upssched needs to be able to create this filename in order to avoid +# a race condition when two events are dispatched from upsmon at nearly +# the same time. This file will only exist briefly. It must not be +# created by any other process. +# +# You should put this in the same directory as PIPEFN. +# +# LOCKFN /var/run/nut/upssched/upssched.lock + +# ============================================================================ +# +# AT +# +# Define a handler for a specific event on UPS . +# +# can be the special value * to apply this handler to every +# possible value of . +# +# Run the command via your CMDSCRIPT when it happens. +# +# Note that any AT that matches both the and the +# for the current event will be used. + +# ============================================================================ +# +# Possible AT commands +# +# - START-TIMER +# +# Start a timer called that will trigger after +# seconds, calling your CMDSCRIPT with as the first +# argument. +# +# Example: +# Start a timer that'll execute when any UPS (*) has been gone 10 seconds +# +# AT COMMBAD * START-TIMER upsgone 10 + +# ----------------------------------------------------------------------- +# +# - CANCEL-TIMER [cmd] +# +# Cancel a running timer called , if possible. If the timer +# has passed then pass the optional argument to CMDSCRIPT. +# +# Example: +# If a specific UPS (myups@localhost) comes back online, then stop the +# timer before it triggers +# +# AT COMMOK myups@localhost CANCEL-TIMER upsgone + +# ----------------------------------------------------------------------- +# +# - EXECUTE +# +# Immediately pass as an argument to CMDSCRIPT. +# +# Example: +# If any UPS (*) reverts to utility power, then execute +# 'ups-back-on-line' via CMDSCRIPT. +# +# AT ONLINE * EXECUTE ups-back-on-line diff --git a/passwd b/passwd index 8fa35b82..a618531e 100644 --- a/passwd +++ b/passwd @@ -78,3 +78,4 @@ Debian-snmp:x:133:121::/var/lib/snmp:/bin/false cool:x:145:137::/opt/cool:/usr/sbin/nologin sambauser:x:997:997::/home/sambauser:/bin/false borg:x:5006:5006::/home/borg:/bin/bash +nut:x:140:159::/var/lib/nut:/usr/sbin/nologin diff --git a/passwd- b/passwd- index 065e89c9..a618531e 100644 --- a/passwd- +++ b/passwd- @@ -60,7 +60,6 @@ mongodb:x:138:65534::/home/mongodb:/bin/false alexa:x:998:998::/home/alexa: x2gouser:x:125:131::/var/lib/x2go:/bin/false nagios:x:139:143::/var/lib/nagios:/bin/false -mosquitto:x:140:65534::/var/lib/mosquitto:/usr/sbin/nologin redis:x:141:146:redis server,,,:/var/lib/redis:/bin/false systemd-timesync:x:142:148:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:143:149:systemd Network Management,,,:/run/systemd/netif:/bin/false @@ -79,3 +78,4 @@ Debian-snmp:x:133:121::/var/lib/snmp:/bin/false cool:x:145:137::/opt/cool:/usr/sbin/nologin sambauser:x:997:997::/home/sambauser:/bin/false borg:x:5006:5006::/home/borg:/bin/bash +nut:x:140:159::/var/lib/nut:/usr/sbin/nologin diff --git a/rc0.d/K01nut-client b/rc0.d/K01nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc0.d/K01nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc0.d/K01nut-server b/rc0.d/K01nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc0.d/K01nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/rc1.d/K01nut-client b/rc1.d/K01nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc1.d/K01nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc1.d/K01nut-server b/rc1.d/K01nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc1.d/K01nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/rc2.d/S10nut-server b/rc2.d/S10nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc2.d/S10nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/rc2.d/S11nut-client b/rc2.d/S11nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc2.d/S11nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc3.d/S10nut-server b/rc3.d/S10nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc3.d/S10nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/rc3.d/S11nut-client b/rc3.d/S11nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc3.d/S11nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc4.d/S10nut-server b/rc4.d/S10nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc4.d/S10nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/rc4.d/S11nut-client b/rc4.d/S11nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc4.d/S11nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc5.d/S10nut-server b/rc5.d/S10nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc5.d/S10nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/rc5.d/S11nut-client b/rc5.d/S11nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc5.d/S11nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc6.d/K01nut-client b/rc6.d/K01nut-client new file mode 120000 index 00000000..e9a9f69f --- /dev/null +++ b/rc6.d/K01nut-client @@ -0,0 +1 @@ +../init.d/nut-client \ No newline at end of file diff --git a/rc6.d/K01nut-server b/rc6.d/K01nut-server new file mode 120000 index 00000000..4856bca3 --- /dev/null +++ b/rc6.d/K01nut-server @@ -0,0 +1 @@ +../init.d/nut-server \ No newline at end of file diff --git a/shadow b/shadow index 9b914e97..66adf1c1 100644 --- a/shadow +++ b/shadow @@ -78,3 +78,4 @@ Debian-snmp:!:18499:0:99999:7::: cool:*:18972:0:99999:7::: sambauser:!:19010:::::: borg:!:19012:0:99999:7::: +nut:*:19353:0:99999:7::: diff --git a/shadow- b/shadow- index c661b6a8..66adf1c1 100644 --- a/shadow- +++ b/shadow- @@ -60,7 +60,6 @@ mongodb:*:17458:0:99999:7::: alexa:!:17492:::::: x2gouser:!:17598:0:99999:7::: nagios:!:17618:0:99999:7::: -mosquitto:*:17682:0:99999:7::: redis:!:17732:0:99999:7::: systemd-timesync:*:17827:0:99999:7::: systemd-network:*:17827:0:99999:7::: @@ -79,3 +78,4 @@ Debian-snmp:!:18499:0:99999:7::: cool:*:18972:0:99999:7::: sambauser:!:19010:::::: borg:!:19012:0:99999:7::: +nut:*:19353:0:99999:7::: diff --git a/systemd/system/apcupsd.service b/systemd/system/apcupsd.service new file mode 120000 index 00000000..dc1dc0cd --- /dev/null +++ b/systemd/system/apcupsd.service @@ -0,0 +1 @@ +/dev/null \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/nut-monitor.service b/systemd/system/multi-user.target.wants/nut-monitor.service new file mode 120000 index 00000000..ac01fa8a --- /dev/null +++ b/systemd/system/multi-user.target.wants/nut-monitor.service @@ -0,0 +1 @@ +/lib/systemd/system/nut-monitor.service \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/nut-server.service b/systemd/system/multi-user.target.wants/nut-server.service new file mode 120000 index 00000000..79da3305 --- /dev/null +++ b/systemd/system/multi-user.target.wants/nut-server.service @@ -0,0 +1 @@ +/lib/systemd/system/nut-server.service \ No newline at end of file