From 2d51e2001de2c0dc4e7222c7ce431e0af375bcdd Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 17 Aug 2025 20:50:37 -0500 Subject: [PATCH 1/3] gw1: Allow internal IPv6 clients Specifically to allow the Synology to synchronize its clock, as it only has an IPv6 address. We also need to explicitly override `chrony_servers` to an empty list for the firewall itself, since it syncs with the NTP pool, rather than its next hop router. --- host_vars/gw1.pyrocufflink.blue/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/host_vars/gw1.pyrocufflink.blue/main.yml b/host_vars/gw1.pyrocufflink.blue/main.yml index 4c68e0c..cdcfdf8 100644 --- a/host_vars/gw1.pyrocufflink.blue/main.yml +++ b/host_vars/gw1.pyrocufflink.blue/main.yml @@ -46,6 +46,8 @@ promtail_scrape_configs: dnf_automatic_reboot: never +chrony_servers: [] + chrony_pools: - 1.fedora.pool.ntp.org iburst - 2.fedora.pool.ntp.org iburst @@ -57,3 +59,4 @@ chrony_allow: - 172.31.1.0/24 - 172.24.100.0/24 - 192.168.1.0/24 +- fd68:c2d2:500e:3e00::/56 From 5dbe26fc60e0b07593c914508cc42ed9e7a75170 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 16 Aug 2025 09:22:51 -0500 Subject: [PATCH 2/3] r/repohost: Optimize createrepo queue loop Instead of waking every 30 seconds, the queue loop in `repohost-createrepo.sh` now only wakes when it receives an inotify event indicating the queue file has been modified. To avoid missing events that occured while a `createrepo` process was running, there's now an inner loop that runs until the queue is completely empty, before returning to blocking on `inotifywait`. --- roles/repohost/files/repohost-createrepo.sh | 30 ++++++++++++++------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/roles/repohost/files/repohost-createrepo.sh b/roles/repohost/files/repohost-createrepo.sh index 9883404..b476e57 100755 --- a/roles/repohost/files/repohost-createrepo.sh +++ b/roles/repohost/files/repohost-createrepo.sh @@ -1,18 +1,30 @@ #!/bin/sh +# vim: set sw=4 ts=4 sts=4 et : QFILE="${HOME}"/createrepo.queue REPOS_ROOT="${HOME}"/repos +wait_queue() { + inotifywait \ + --event close_write \ + --include "${QFILE##*/}" \ + "${QFILE%/*}" +} + createrepo_loop() { - while sleep 30; do - [ -f "${QFILE}" ] || continue - mv "${QFILE}" "${QFILE}.work" - sort -u "${QFILE}.work" > "${QFILE}.sorted" - while read dir; do - printf 'Generating repository metadata for %s\n' "${dir}" - createrepo_c "${dir}" - done < "${QFILE}.sorted" - rm -f "${QFILE}.work" "${QFILE}.sorted" + while wait_queue; do + while [ -f "${QFILE}" ]; do + sleep 10 + flock "${QFILE}" mv "${QFILE}" "${QFILE}.work" + sort -u "${QFILE}.work" > "${QFILE}.sorted" + while read dir; do + if [ -d "${dir}" ]; then + printf 'Generating repository metadata for %s\n' "${dir}" + createrepo_c "${dir}" + fi + done < "${QFILE}.sorted" + rm -f "${QFILE}.work" "${QFILE}.sorted" + done done } From 7fc3465d56f9b444360aafa1f50d7bdc990033d7 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 20 Aug 2025 07:09:47 -0500 Subject: [PATCH 3/3] smtp1: Fix mynetworks setting for k8s network The "Kubernetes" subnet is a /27, not a /28. There are hosts in that upper section that was masked out, and these were unable to send e-mails via the relay because they were excluded from the `mynetworks` value. --- host_vars/smtp1.pyrocufflink.blue/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_vars/smtp1.pyrocufflink.blue/main.yml b/host_vars/smtp1.pyrocufflink.blue/main.yml index 4b5b739..dd418d4 100644 --- a/host_vars/smtp1.pyrocufflink.blue/main.yml +++ b/host_vars/smtp1.pyrocufflink.blue/main.yml @@ -11,4 +11,4 @@ smtp_mynetworks: - '[2605:6000:3ccd:da01::]/64' - 172.30.0.240/28 - 172.31.1.0/24 -- 172.30.0.160/28 +- 172.30.0.160/27