kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

remove a bunch of deprecated nodes

Browse source
This commit is contained in:
Franzi 2023-09-23 15:03:01 +02:00
parent 667fd6a2f0
commit 799cff884b
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 0 additions and 417 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

184
nodes/fkusei-locutus.py
View file

@ -1,184 +0,0 @@
nodes['fkusei-locutus'] = {
'hostname': '172.19.138.96',
'bundles': {
'arch-with-gui',
'bird',
'lldp',
'lm-sensors',
'nfs-client',
'systemd-boot',
'telegraf-battery-usage',
'wireguard',
'voc-tracker-worker',
'zfs',
},
'groups': {
'arch',
},
'metadata': {
'arch-with-gui': {
'autologin_as': 'fkunsmann',
},
'bird': {
'bgp_neighbors': {
'smedia': {
'local_as': 4200128002,
'local_ip': '10.200.128.2',
'neighbor_as': 64900,
'neighbor_ip': '10.200.128.1',
},
},
},
'firewall': {
'port_rules': {
# obs websocket thingie - just allow all RFC1918 ips here
#'4444': {
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
#},
# For the occasional file-share using `python -m http.server`
'8000': {'*'},
},
},
'interfaces': {
'enp0s31f6': {
'dhcp': True,
'ips': {
'172.19.138.96', # for static dhcp lease
},
'mac': 'e8:6a:64:ef:cc:5c',
},
# there is also wlp2s0, but that's managed by netctl
},
'location': 'home', # not actually true, but needed for static dhcp lease
'nfs-client': {
'mounts': {
'nas-storage': {
'mountpoint': '/mnt/nas',
'serverpath': '172.19.138.20:/storage/nas',
'mount_options': {
'retry=0',
'ro',
},
},
},
},
'openssh': {
'restrict-to': {
'rfc1918',
'ipv6',
},
},
'pacman': {
'linux-lts': True,
'packages': {
# video drivers
'xf86-video-intel': {},
# all that other random stuff one needs
'apachedirectorystudio': {},
'direnv': {},
'freerdp': {},
'sdl_ttf': {}, # for compiling testcard
'thermald': {},
},
},
'systemd-boot': {
'default': 'arch-lts',
'entries': {
'arch-lts': {
'title': 'Arch Linux (LTS kernel)',
'linux': '/vmlinuz-linux-lts',
'initrd': [
'/intel-ucode.img',
'/initramfs-linux-lts.img',
],
'options': {
'zfs=zroot/system/root',
'rw',
},
},
'arch-lts-fallback': {
'title': 'Arch Linux (LTS kernel, no ucode, fallback initramfs)',
'linux': '/vmlinuz-linux-lts',
'initrd': [
'/initramfs-linux-lts-fallback.img',
],
'options': {
'zfs=zroot/system/root',
'rw',
},
},
},
},
'timezone': 'Europe/Berlin',
'users': {
'fkunsmann': {
'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='),
'shell': '/usr/bin/fish',
'sudo_commands': {
'ALL',
},
},
'sophie': {
'delete': True,
},
},
'voc-tracker-worker': {
'url': 'https://tracker.c3voc.de/rpc',
'token': vault.decrypt('encrypt$gAAAAABiYqaFl4CqOc8DTQIn49Qq0KgAJSzA19GKPNMbyHIjYg0JkvY0sK43ps8CbJWMRR6hJHVK-nP4vrWLwyoWWqt8N8aASMur4odC2s8pEHQKM0TXg4cRwobQz_lyJgrYa2VYdhcD'),
'secret': vault.decrypt('encrypt$gAAAAABiYqaYbY-3IbnRk-S25pqxrOGN7ovgPo3kBYz8ZqKDedPRzskKZefpLHxBbCOZKjg1XNT4cKbIs5cPCLdj7HdY4beAhnXl4EHZZdxU1zVC7sJCmz9XOS_Ac0UOgOlUFMiet14U'),
},
'wireguard': {
'privatekey': vault.decrypt('smedia$NotViaThisRepository'),
'peers': {
'smedia': {
'endpoint': '185.122.180.82:51820',
'my_ip': '10.200.128.2/20',
'my_port': 51820,
'psk': vault.decrypt('smedia$NotViaThisRepository'),
'pubkey': vault.decrypt('smedia$NotViaThisRepository'),
'their_ip': '10.200.128.1',
},
},
},
'zfs': {
'datasets': {
# this is not a complete list, but we can't create that
# structure using bundlewrap anyway, so there's no point
# in adding it here.
'zroot': {
'compression': 'lz4',
'relatime': 'on',
'xattr': 'sa',
'primarycache': 'metadata'
# encryption is enabled, too.
},
'zroot/system/journal': {
'mountpoint': '/var/log/journal',
'acltype': 'posix',
},
'zroot/system/root': {
'canmount': 'noauto',
'mountpoint': '/',
},
'zroot/user/fkunsmann': {
'mountpoint': '/home/fkunsmann',
},
},
'snapshots': {
'retain_per_dataset': {
'zroot/user/fkunsmann': {
# juuuuuuuust to be sure
'hourly': 100,
},
},
'snapshot_never': {
'zroot/system/journal',
},
},
},
},
'os': 'arch',
}

171
nodes/ovh/icinga2.py
View file

@ -1,171 +0,0 @@
nodes['ovh.icinga2'] = {
'dummy': True, # gekündigt
'bundles': {
'bird',
'icinga2',
'php',
'postgresql',
'simple-icinga-dashboard',
'unbound',
'wireguard',
'zfs',
},
'groups': {
'debian-bullseye',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'51.195.44.8',
'2001:41d0:701:1100::2618/128'
},
'gateway4': '51.195.44.1',
'gateway6': '2001:41d0:701:1100::1'
},
'dummy-snat': {
'ips': {
'172.19.136.3',
},
},
},
'icinga_options': {
'exclude_from_monitoring': True,
},
'bird': {
'static_routes': {
'172.19.136.3/32',
},
},
'icinga2': {
'web_domain': 'icinga.kunsmann.eu',
'api_users': {
'dashboard': {
'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
'permissions': {
'objects/query/Service',
'objects/query/Host',
},
},
# Used with <https://git.franzi.business/kunsi/icinga2eamer>
'icinga2beamer': {
'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'),
'permissions': {
'objects/query/Host',
'objects/query/Service'
},
},
},
'restrict-to': {
'172.19.138.0/24',
},
'sipgate': {
'user': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_tokenid'),
'pass': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_token'),
},
'ntfy': {
'url': 'https://ntfy.franzi.business/icinga2',
'user': vault.decrypt('encrypt$gAAAAABkMtfW_tyGDUh7TkVX6AN8wSkKixWcQiOrPUWHtDZqnzjqrAkfD40fD8M_PiPDvW5pAa6xHNcUSU34jHolxnC44rDiLw=='),
'pass': vault.decrypt('encrypt$gAAAAABkMtfD8lenogwJc8uKeGZUQ8QVWHMpAqY_GLW3VhF3Jt0TOC4JiJn49qfaC9Ij5rw6GGsowNIsNBe1Ac83HXOLveANEU2o-O4fp5TxNF0xFWebCCtcaTkj_L2DjUbSUe8QVDn3'),
},
},
'icinga2_api': {
'custom': {
# redundant monitoring of services/hosts
'services': {
'flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'flauschekatze.space',
},
'matrix.flauschekatze.space CERTIFICATE': {
'check_command': 'check_https_cert_at_url',
'vars.domain': 'matrix.flauschekatze.space',
},
},
},
},
'nginx': {
'vhosts': {
'icingaweb': {
'domain': 'icinga.kunsmann.eu',
'webroot': '/usr/share/icingaweb2/public',
'extras': True,
},
'icinga_statusmonitor': {
'domain': 'statusmonitor.icinga.kunsmann.eu',
'locations': {
'/': {
'target': 'http://127.0.0.1:5000/',
}
},
},
'statuspage': {
'domain': 'status.franzi.business',
'ssl': '_.franzi.business',
'webroot': '/opt/simple-icinga-dashboard/out',
},
},
},
'php': {
'version': '8.0',
'packages': {
'curl',
'gd',
'intl',
'imagick',
'ldap',
'mysql',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'postgresql': {
'version': '11',
},
'simple-icinga-dashboard': {
'icinga2_api': {
'baseurl': 'https://127.0.0.1:5665',
'username': 'dashboard',
'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
},
'filters': {
'services': '"statuspage" in service.groups',
},
'output': {
'page_title': 'franzi.business Service Status',
},
'prettify': {
'CONTENT': '',
'NGINX': 'WEBSERVER',
'PROCESS': 'SERVICE',
},
},
'wireguard': {
'peers': {
'ovh.wireguard': {
'snat_to': '172.19.136.3',
},
},
},
'zfs': {
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/sdb'
},
}],
},
},
},
},
'vm': {
'cpu': 1,
'ram': 2,
},
},
}

62
nodes/ovh/wireguard.py
View file

@ -1,62 +0,0 @@
nodes['ovh.wireguard'] = {
'bundles': {
'bird',
'wireguard',
},
'groups': {
'debian-buster',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'51.195.47.180',
'2001:41d0:701:1100::20da/128'
},
'gateway4': '51.195.44.1',
'gateway6': '2001:41d0:701:1100::1'
},
},
'bird': {
'static_routes': {
'172.19.136.64/26',
},
},
'icinga_options': {
'exclude_from_monitoring': True,
},
'backups': {
'exclude_from_backups': True,
},
'vm': {
'cpu': 1,
'ram': 2,
},
'wireguard': {
'peers': {
'ovh.icinga2': {},
'home.router': {},
'htz-cloud.wireguard': {},
'kunsi-oneplus3': {
'their_ip': '172.19.136.65',
'my_ip': '172.19.136.64',
'my_port': 51819,
'psk': vault.decrypt('encrypt$gAAAAABgKYeeuPfokbk7lSbbJX-52kap5Cs3tdCHpezkKcExV-yLTHPjszIcAh1T9wW1BtGElRdZea7VTikV3qEu3bupiSqEW4l2lmD5cn2ERYRfuVCoYSkOlmEGokHUX7Nja4G_A2_x'),
'pubkey': vault.decrypt('encrypt$gAAAAABgKYdTqLG3DcB13QqQadUxyzIjvSxwgZQNjorQi-ADSLsNdDbhikSAGQnSmGelLB74V175awIIir768WEnpLJUKX6nt_i2BxOP3JazvKZSQECkiK8G-IRn8wWWgKarfmtqRwh6'),
'exclude_from_monitoring': True,
},
'sophie-ejgwthink': {
'their_ip': '172.19.136.67',
'my_ip': '172.19.136.66',
'my_port': 51818,
'psk': vault.decrypt('encrypt$gAAAAABhWWg7WWnVAl3R46oXfPHnmsuXIFELWoMb4wGeDDInKUAwjtI6Y9nYkMpvdxiPRbHnwG4sPxgUAu3l83E4BLTNwb-9_ZYPjz6bQQGYA7oYvCdsezWYYx22hmu8wJhq_j4sMyLK'),
'pubkey': vault.decrypt('encrypt$gAAAAABhWWg7fSm9snyXS_VLCpEv28_o2fvu6MRzrqngbKQ41DSAQE5fg4ADSbQpi0uwP_6VE_aGo56z1qmLV9wHpOUYCqgYk57w2KcuHR92r_Cw6iNs_h85k38nFGkmuvHzUecqpCNa'),
'exclude_from_monitoring': True,
},
},
'restrict-to': {
'*',
},
},
},
}