Category Archives: Muppet Labs

WordPress Backup Script

Muppet Labs

My WordPress backup script, which keeps daily, weekly and monthly backups of website files and database dumps.

Installation:

This should work on your garden variety Debian or Ubuntu server running WordPress and Mysql.

Copy this script to /usr/local/sbin/backup-websites

cat /etc/cron.d/backup-websites
# Backup websites and databases at around 3am
15 03 * * * root /usr/local/sbin/backup-websites

btw. sorry the indentation seems to go missing when I use the /code tag in WordPress.

Obligatory Muppets Photo

The script…

backup-websites:


#!/bin/bash
# Backup websites and databases

####
# Set some variables and paths

BACKUP_DIR=home/backups/websites
# Must contain backup.monthly backup.weekly backup.daily folders

FILE_DIRS_BASE=var/www
DATABASES=`echo "show databases" | /usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf | grep -v Database | grep -v schema`

email=root@localhost

######
# Make appropriate destination directory

# Destination file names
date_daily=`date +"%Y-%m-%d"`

# Get current month and week day number
month_day=`date +"%d"`
week_day=`date +"%u"`

# On first month day do monthly
if [ "$month_day" -eq 1 ] ; then
destination=backup.monthly/$date_daily
else
# On Saturdays do weekly
if [ "$week_day" -eq 6 ] ; then
destination=backup.weekly/$date_daily
else
# On any regular day do daily
destination=backup.daily/$date_daily
fi
fi

cd /$BACKUP_DIR
mkdir $destination

# latest backup symlink
ln -snf $destination /$BACKUP_DIR/latest

####
# Create backup files in today's directory

stamp=`date +%Y-%m-%d_%H-%M-%S`

# Dump MySQL tables in incoming dir
for db in $DATABASES; do
/usr/bin/mysqldump --defaults-file=/etc/mysql/debian.cnf $db | bzip2 > \
/$BACKUP_DIR/$destination/$db.$stamp.sql.bz2
done

FILE_DIRS=`ls /$FILE_DIRS_BASE`

# Compress files, one tar file per sub directory
for filedir in $FILE_DIRS; do
tar -C / -cjf /$BACKUP_DIR/$destination/$filedir.$stamp.tar.bz2 $FILE_DIRS_BASE/$filedir
done

#####
# Email backup info

ls -l /$BACKUP_DIR/$destination/ | mail -s "[`uname -n`] Websites Backup $date_daily" $email

#####
# Clean up old backups

# Daily - keep for 7 days
find /$BACKUP_DIR/backup.daily/ -maxdepth 1 -mtime +7 -type d -exec rm -rf {} \;

# Weekly - keep for 30 days
find /$BACKUP_DIR/backup.weekly/ -maxdepth 1 -mtime +30 -type d -exec rm -rf {} \;

# Monthly - keep for 365 days
find /$BACKUP_DIR/backup.monthly/ -maxdepth 1 -mtime +365 -type d -exec rm -rf {} \;

#END

Keep your backups for less time by updating mtime above.

To recover your backups:

tar jxvf your-backup-file.tar.bz2
bunzip2 your-backup-file.sql.bz2

LLAP.

Afrikaans Spell Check for macOS and iOS

Muppet Labs, Rants

How to add Afrikaans spell checking and dictionaries to macOS 10.12…

I use Telegram Desktop a fair bit and it bugged me that Afrikaans spell checking was missing. Here is my current solution. I’m not sure it’s 100% tip-top, but it’s much better than it was.

Dictionary

Download these, unzip and copy into ~/Library/Dictionaries.

Open Dictionary.app, look in Preferences, enable the new dictionaries and move them into the order you want them.

Spell Check

Download en_af_ZA.zip, unzip, copy to ~/Library/Spelling. I found this on the translate.org.za site a few years back.

Settings > Keyboard > Text > Spelling drop down

Scroll down to “Set Up…” and enable Afrikaans.

Now set that drop down to Automatic by Language.

iOS

Just install SwiftKey app and enable Afrikaans.

Now, if only Telegram Desktop (Qt on macOS) would support spell checking. Until then, I’ll just have use the macOS Telegram app.

Install Debian on a Macbook Pro

Muppet Labs, Rants

How to install Debian 9 on an old-ish Macbook Pro.

In the future, everybody will run Debian – the universal operating system. Don’t resist. It’s way cooler than macOS. Install Wayland and Sway.

Re-install macOS. Partition the drive and give macOS about 40GB space. Keep the rest for Linux.

Get the Debian ISO: debian-mac-9.0.0-amd64-netinst.iso Note: you may want to download the one with non-free firmware. I just used the standard one.

Prep USB drive:

hdiutil convert debian.iso -format UDRW -o target.img
diskutil list
diskutil unmountDisk /dev/diskN
sudo dd if=target.img of=/dev/diskN bs=1m
diskutil eject /dev/diskN

Download rEFInd binary zip file. Unzip and run the refind-install script on the Macbook Pro. You should now have a nice boot menu.

With USB drive in the laptop, reboot and hold down the Alt key.

Follow the Debian install process, and make sure you select the Linux partition you created, in my case it was /dev/sda4.

Use the Ethernet port and connect to the internet. You may need to install the wifi firmware:

apt-get install firmware-b43-installer

Django Setup Notes – Ubuntu, Nginx, uWSGI

Muppet Labs, Rants

muppetlabslogo

Notes for getting Django running on Ubuntu 16.04… with Nginx, Supervisord, uWSGI in emperor mode and a bit of Postgres.

Start by setting up your Ubuntu environment.

Newish Python 3.6

add-apt-repository ppa:fkrull/deadsnakes
apt-get update
apt-get install python3.6
apt-get install python3.6-dev
apt-get install python-virtualenv

Postgres

apt-get install postgresql postgresql-contrib
su - postgres
createdb myapp
createuser -P

You may need to dump a database and import it again…

pg_dump -U myuser myapp > myapp.db
psql myapp < myapp.db

SSL Cert Setup

Grab a free SSL cert…

service nginx stop
apt-get install letsencrypt
letsencrypt certonly --standalone -d www.myapp.com -d myapp.com
service nginx start

Nginx

apt-get install nginx

This should give you a nice and secure HTTPS setup which also supports HTTP2…

/etc/nginx/sites-available/myapp.com


server {
server_name www.myapp.com;
listen 443 ssl http2;
charset utf-8;
client_max_body_size 75M;

ssl on;
ssl_certificate /etc/letsencrypt/live/www.myapp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.myapp.com/privkey.pem;

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers On;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

ssl_session_cache shared:SSL:128m;

add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Xss-Protection "1";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' *.google-analytics.com";
add_header Referrer-Policy origin-when-cross-origin;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;

access_log on;

location /static {
alias /var/www/www.myapp.com/api/static;
}

location / {
uwsgi_pass unix:///var/www/www.myapp.com/api.sock;
include /var/www/www.myapp.com/uwsgi_params;
}
}

/var/www/myapp/uwsgi_params


uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
uwsgi_param UWSGI_SCHEME $scheme;

Django Virtual Environment

cd /var/www
mkdir www.myapp.com
virtualenv -p /usr/bin/python3.6 env

cd /var/www/www.myapp.com
source env/bin/activate

git clone https://github.com/myco/myapp.git api

Note: my Django app name is “api” here.

pip install -r api/requirements.txt

pip install Django
pip install uwsgi

Install uWSGI System-wide

Using the latest Python, install uWSGI in /usr/local/bin…

Make sure you are not in a virtual environment or run “deactivate”.


python3.6 -m pip install --upgrade pip
python3.6 -m pip install uwsgi

Supervisord to Manage uWSGI in Emperor mode

apt-get install supervisor

/etc/supervisor/conf.d/uwsgi.conf


[program:uwsgi]
command=/usr/local/bin/uwsgi --emperor /etc/uwsgi/apps-enabled
autostart=true
autorestart=true
redirect_stderr=true
stopsignal=QUIT
stdout_logfile=/var/log/uwsgi.log

Setup /etc/uwsgi

cd /etc
mkdir uwsgi
cd uwsgi
mkdir apps-available
mkdir apps-enabled
cd apps-available

/etc/uwsgi/apps-available/myapp.ini

[uwsgi]
uwsgi-socket = /var/www/myapp/api.sock
pythonpath = /var/www/myapp/api
virtualenv = /var/www/myapp/env
processes = 2
reload-on-rss = 150
module = api.wsgi
uid = www-data
gid = www-data


cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/myapp.ini
service supervisor restart

You can now also edit / touch your myapp.ini to make uwsgi restart the worker processes.

Done. Test your setup.

Go make some tea and start coding.

More Notes

Let me know if something above can be done better.

Tune your Postgres database. Then su – postgres and run “pg_conftool show all” to see that your setting are up to date.

Tune your SSL setup.

You probably want 2x uwsgi processes for every CPU in your server.

Update: use pipenv


apt-get install python-pip
pip3 install pipenv
cd /home/fred/code
mkdir myproject
cd myproject
pipenv --three --python /usr/bin/python3.6
pipenv shell
python --version

to use:


su - www-data (or user which runs uwsgi)
pipenv shell

Ubuntu Server Tweaks 16.04

Muppet Labs, Rants

muppetlabslogo

Things you might want to tweak on your new Ubuntu 16.04 server – because you need a pretty prompt and a text editor.

I figured this is a good place to put some notes for next time I want to make a new server feel a bit more homely.

jed

apt-get install jed
/etc/jed.d/99defaults.sl
No_Backups = 1;

Locales

dpkg-reconfigure locales

Hostname

edit /etc/hosts and add a hostname for the server
edit /etc/hostname and add a hostname
run hostname -F /etc/hostname

apt via IPv4

echo ‘Acquire::ForceIPv4 “true”;’ | sudo tee /etc/apt/apt.conf.d/99force-ipv4

update packages

apt-get update
apt-get dist-upgrade

Clone some packages from another box, maybe?

Old:
sudo apt-get install apt-clone
apt-clone clone foo

New:
sudo apt-get install apt-clone
sudo apt-clone restore foo.apt-clone.tar.gz

ssh

apt-get install openssh-server
ssh-keygen -t ed25519
ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 2211 user@host

Setup ssh keys.
Change the port your server runs on in /etc/ssh/sshd_config

mosh

apt-get install mosh

Add something like this in .zshrc (on your laptop):
alias mocms=”mosh -p 2345 –ssh=\”ssh -p 2345 \” joe@cms.my.server.co”

motd

apt-get install update-motd landscape-common update-notifier-common
ln -s /var/run/motd.dynamic /etc/motd

Postfix

apt-get install postfix
edit /etc/mailname
edit /etc/aliases

newaliases

root: youremail@yourdomain.com

Auto Security Updates

apt-get install unattended-upgrades

/etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Download-Upgradeable-Packages “1”;
APT::Periodic::AutocleanInterval “7”;
APT::Periodic::Unattended-Upgrade “1”;

/etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Mail “your@email.address”;

sudo apt install apticron

/etc/apticron/apticron.conf
EMAIL=”your@email.address”

zsh

apt-get install zsh
apt-get install git

install oh-my-zsh:
sh -c “$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)”

use this .zshrc if you like.

edit your .zshrc
plugins=(autojump brew pip git django python docker screen)

change prompt colours like so:
base_prompt, play with integer values to change colours

emacs

apt-get install emacs aspell

install prelude:
wget –no-check-certificate https://github.com/bbatsov/prelude/raw/master/utils/installer.sh -O – | sh

edit .emacs.d/prelude-modules.el

You may want to run emacs as a daemon for more than one user on your server.

Add (setq server-use-tcp t) to the top of init.el config files – so emacs starts as a tcp server.

/home/joe/.zshrc:
alias emacsinit=”emacs -u joe –daemon=joe”
alias e=”emacsclient –server-file=joe -t”

/root/.zshrc:
alias emacsinit=”emacs -u root –daemon=root”
alias e=”emacsclient –server-file=root -t”

Apache HTTP2

apt-get install software-properties-common
add-apt-repository ppa:ondrej/apache2
apt-get update
apt-get dist-upgrade
install apache2
a2enmod http2
service apache2 restart

Add this to your vhosts:
Protocols h2 http/1.1

MySQL and PHP

apt-get install mysql-server
apt-get install php7.0
apt-get install libapache2-mod-php
apt-get install php7.0-mysql

Filter on attachment name with Procmail

Muppet Labs, Rants

After a recent spike in emails with .zip and .doc attachments… a quick way to filter them with procmail:


# Drop mails with lame attachments
:0 B
* .*filename=.*\.(zip|rar|rtf|doc|docm|xls|com|hlp|vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr|reg|bat)\"?\;?$
1in/spam/

Stick this in your .procmailrc

Updated: 7 April 2016, I’ll keep adding to this as I find things to block.

Make Slack behave like the Telegram Desktop app

Muppet Labs, Rants

This will help you remap some Slack keyboard commands so that Command + Enter sends a message and Enter creates a new line… for OSX.

I think this makes way more sense than using Command Enter to “create a new snippet”.

I use the Telegram Desktop app a lot – so accidentally creating snippets in Slack all the time was a bit painful.

You’ll need to install Karabiner and load the private.xml file below…

<?xml version="1.0"?>
<root>
    
    <appdef>
        <appname>SLACK</appname>
        <equal>com.tinyspeck.slackmacgap</equal>
    </appdef>
    
    <item>
        <name>Slack Customisation</name>
        <item>
            <name>Map Cmd+Enter to send, Enter to extra line</name>
            <identifier>remap.app_slack_cmd_enter</identifier>
            <only>SLACK</only>
            <autogen>
                __KeyToKey__
                KeyCode::RETURN, ModifierFlag::COMMAND_L,
                KeyCode::RETURN
            </autogen>
            <autogen>
                __KeyToKey__
                KeyCode::RETURN,
                KeyCode::RETURN, ModifierFlag::SHIFT_L
            </autogen>
        </item>
    </item>
    
</root>

and just for fun, OSX Messages app…

    <appdef>
        <appname>Messages</appname>
        <equal>com.apple.iChat</equal>
    </appdef>

    <item>
        <name>OSX Messages Customisation</name>
        <item>
            <name>Map Enter to extra line</name>
            <identifier>remap.app_messages_cmd_enter</identifier>
            <only>Messages</only>
            <autogen>
                __KeyToKey__
                KeyCode::RETURN, ModifierFlag::COMMAND_L,
                KeyCode::RETURN
            </autogen>
            <autogen>
                __KeyToKey__
                KeyCode::RETURN,
                KeyCode::RETURN, ModifierFlag::OPTION_L
            </autogen>
        </item>
    </item>

and Skype…

     <item>
        <name>Skype Customisation</name>
        <item>
            <name>Map Enter to extra line</name>
            <identifier>remap.app_skype_cmd_enter</identifier>
            <only>Skype</only>
            <autogen>
                __KeyToKey__
                KeyCode::RETURN, ModifierFlag::COMMAND_L,
                KeyCode::RETURN
            </autogen>
            <autogen>
                __KeyToKey__
                KeyCode::RETURN,
                KeyCode::RETURN, ModifierFlag::SHIFT_L
            </autogen>
        </item>
    </item>