From eede422e9ae094c47a3cba1d9f22cca1b9cdcf0c Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 20 Sep 2020 10:29:19 +0200 Subject: [PATCH 1/3] shuffle some ports around --- PORT_MAP.md | 19 +++++++++++++------ bundles/gitea/files/app.ini | 2 +- bundles/gitea/metadata.py | 2 +- bundles/jenkins-ci/files/jenkins | 2 +- bundles/matrix-synapse/files/homeserver.yaml | 4 ++-- bundles/mautrix-telegram/files/config.yaml | 4 ++-- .../mautrix-telegram/files/registration.yaml | 2 +- bundles/travelynx/files/travelynx.conf | 2 +- .../htz.ex42-1048908/matrix.franzi.business | 2 +- 9 files changed, 23 insertions(+), 16 deletions(-) diff --git a/PORT_MAP.md b/PORT_MAP.md index e3a2417..443c4a8 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -4,6 +4,13 @@ All the ports which are used by bundles. Collected here to be able to easily find available ports for other bundles. ## TCP +Rule of thumb: keep ports below 10000 free for stuff that reserves ports. + +| Port range | reserved for | + ----------- | ------------ | +| 200.. | Matrix | +| 220.. | Generic Web services | + | Port | bundle | usage | | ----------- | -------------------- | ----- | | 22 | | sshd | @@ -15,7 +22,6 @@ easily find available ports for other bundles. | 443 | nginx | https | | 587 | | postfix submission | | 993 | | dovecot imap -| 3000 | gitea | gitea | | 3100 | | grafana | | 3700 | | codimd | | 4090 | | dovecot managesieve | @@ -24,17 +30,18 @@ easily find available ports for other bundles. | 5900 | vmhost | qemu-system-x86 | | 6379 | | redis | | 6667 | | bitlbee | -| 8008 | matrix-synapse | client, federation | -| 8009 | matrix-synapse | prometheus metrics | | 8010 | | matrix-media-repo | | 8020 | | mautrix-whatsapp | | 8080 | | miniflux | -| 8093 | travelynx | Travelynx Web | | 8184 | | matrix-dimension | -| 9000 | jenkins-ci | Jenkins CI | | 11332-11334 | | rspamd | | 20000 | mx-puppet-discord | Bridge | -| 21000 | mautrix-telegram | Bridge | +| 20010 | mautrix-telegram | Bridge | +| 20080 | matrix-synapse | client, federation | +| 20081 | matrix-synapse | prometheus metrics | +| 22000 | gitea | gitea | +| 22010 | jenkins-ci | Jenkins CI | +| 22020 | travelynx | Travelynx Web | | 45923 | | grafana | ## UDP diff --git a/bundles/gitea/files/app.ini b/bundles/gitea/files/app.ini index 7fbe73f..da1c881 100644 --- a/bundles/gitea/files/app.ini +++ b/bundles/gitea/files/app.ini @@ -16,7 +16,7 @@ PROTOCOL = http SSH_DOMAIN = ${domain} DOMAIN = ${domain} HTTP_ADDR = 127.0.0.1 -HTTP_PORT = 3000 +HTTP_PORT = 22000 ROOT_URL = https://${domain}/ DISABLE_SSH = false SSH_PORT = 22 diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index a12c034..075bd44 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -42,7 +42,7 @@ def nginx(metadata): 'vhosts': { metadata.get('gitea/domain'): { 'proxy': { - '/': 'http://127.0.0.1:3000', + '/': 'http://127.0.0.1:22000', }, }, }, diff --git a/bundles/jenkins-ci/files/jenkins b/bundles/jenkins-ci/files/jenkins index b357613..9c4fede 100644 --- a/bundles/jenkins-ci/files/jenkins +++ b/bundles/jenkins-ci/files/jenkins @@ -13,7 +13,7 @@ JENKINS_ENABLE_ACCESS_LOG="no" JENKINS_WAR=/usr/share/$NAME/$NAME.war RUN_STANDALONE=true -HTTP_PORT=9000 +HTTP_PORT=22010 PREFIX=/ MAXOPENFILES=8192 diff --git a/bundles/matrix-synapse/files/homeserver.yaml b/bundles/matrix-synapse/files/homeserver.yaml index a754d88..cb76cc7 100644 --- a/bundles/matrix-synapse/files/homeserver.yaml +++ b/bundles/matrix-synapse/files/homeserver.yaml @@ -17,7 +17,7 @@ federation_ip_range_blacklist: - 'fc00::/7' listeners: - - port: 8009 + - port: 20081 tls: false bind_addresses: ['::1'] type: http @@ -27,7 +27,7 @@ listeners: - names: [metrics] compress: false - - port: 8008 + - port: 20080 tls: false bind_addresses: ['::1'] type: http diff --git a/bundles/mautrix-telegram/files/config.yaml b/bundles/mautrix-telegram/files/config.yaml index ddb6f77..25d0518 100644 --- a/bundles/mautrix-telegram/files/config.yaml +++ b/bundles/mautrix-telegram/files/config.yaml @@ -4,11 +4,11 @@ homeserver: verify_ssl: true appservice: - address: http://${node.metadata['mautrix-telegram'].get('listen-addr', '127.0.0.1')}:${node.metadata['mautrix-telegram'].get('port', 21000)} + address: http://${node.metadata['mautrix-telegram'].get('listen-addr', '127.0.0.1')}:${node.metadata['mautrix-telegram'].get('port', 20010)} tls_cert: false tls_key: false hostname: ${node.metadata['mautrix-telegram'].get('listen-addr', '127.0.0.1')} - port: ${node.metadata['mautrix-telegram'].get('port', 21000)} + port: ${node.metadata['mautrix-telegram'].get('port', 20010)} max_body_size: ${node.metadata['mautrix-telegram'].get('max-body-size', 1)} database: postgres://${node.metadata['mautrix-telegram']['database']['user']}:${node.metadata['mautrix-telegram']['database']['password']}@${node.metadata['mautrix-telegram']['database'].get('host', 'localhost')}/${node.metadata['mautrix-telegram']['database']['database']} public: diff --git a/bundles/mautrix-telegram/files/registration.yaml b/bundles/mautrix-telegram/files/registration.yaml index dedca65..8a7825a 100644 --- a/bundles/mautrix-telegram/files/registration.yaml +++ b/bundles/mautrix-telegram/files/registration.yaml @@ -10,6 +10,6 @@ namespaces: aliases: - exclusive: true regex: '#telegram_.+:${node.metadata['mautrix-telegram']['homeserver']['domain']}' -url: http://${node.metadata['mautrix-telegram'].get('listen-addr', '127.0.0.1')}:${node.metadata['mautrix-telegram'].get('port', 21000)} +url: http://${node.metadata['mautrix-telegram'].get('listen-addr', '127.0.0.1')}:${node.metadata['mautrix-telegram'].get('port', 20010)} sender_localpart: ${node.metadata['mautrix-telegram']['sender_localpart']} rate_limited: false diff --git a/bundles/travelynx/files/travelynx.conf b/bundles/travelynx/files/travelynx.conf index f265f9b..bc8e128 100644 --- a/bundles/travelynx/files/travelynx.conf +++ b/bundles/travelynx/files/travelynx.conf @@ -27,7 +27,7 @@ hypnotoad => { accepts => 100, clients => 10, - listen => [ 'http://127.0.0.1:8093' ], + listen => [ 'http://127.0.0.1:22020' ], pid_file => '/var/cache/travelynx/travelynx.pid', workers => ${workers}, spare => ${spare_workers}, diff --git a/data/nginx/files/extras/htz.ex42-1048908/matrix.franzi.business b/data/nginx/files/extras/htz.ex42-1048908/matrix.franzi.business index 8c5c786..5052639 100644 --- a/data/nginx/files/extras/htz.ex42-1048908/matrix.franzi.business +++ b/data/nginx/files/extras/htz.ex42-1048908/matrix.franzi.business @@ -7,7 +7,7 @@ } location /_matrix { - proxy_pass http://[::1]:8008; + proxy_pass http://[::1]:20080; proxy_set_header X-Forwarded-For $remote_addr; } From 3242d97cfac3bff63d07ec9addcdbd2789bda2ba Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 20 Sep 2020 10:30:13 +0200 Subject: [PATCH 2/3] bundles/mautrix-telegram: use pkg_pip --- bundles/mautrix-telegram/items.py | 23 +++++++++++++---------- groups/all.py | 5 +++-- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/bundles/mautrix-telegram/items.py b/bundles/mautrix-telegram/items.py index b2db9a4..254548e 100644 --- a/bundles/mautrix-telegram/items.py +++ b/bundles/mautrix-telegram/items.py @@ -6,16 +6,6 @@ actions = { 'directory:/opt/mautrix-telegram', # provided by bundle:users }, }, - 'mautrix-telegram_install_bridge': { - # TODO find out how we can check if *this package* requires an update - 'command': '/opt/mautrix-telegram/venv/bin/pip install --upgrade mautrix-telegram[all]', - 'needs': { - 'action:mautrix-telegram_create_virtualenv', - }, - 'triggers': { - 'action:mautrix-telegram_upgrade_database', - }, - }, 'mautrix-telegram_init_alembic': { 'command': '/opt/mautrix-telegram/venv/bin/alembic -c /opt/mautrix-telegram/alembic.ini -x /opt/mautrix-telegram/config.yaml init /opt/mautrix-telegram/alembic', 'unless': 'test -d /opt/mautrix-telegram/alembic', @@ -34,6 +24,19 @@ actions = { }, } +pkg_pip = { + '/opt/mautrix-telegram/venv/mautrix-telegram': { + 'needs': { + 'action:mautrix-telegram_create_virtualenv', + }, + 'triggers': { + 'action:mautrix-telegram_upgrade_database', + 'svc_systemd:mautrix-telegram:restart', + }, + }, +} + + svc_systemd = { 'mautrix-telegram': { 'needs': { diff --git a/groups/all.py b/groups/all.py index ef43a30..1f47061 100644 --- a/groups/all.py +++ b/groups/all.py @@ -1,7 +1,7 @@ groups['all'] = { - 'member_patterns': ( + 'member_patterns': { r".*", - ), + }, 'bundles': { 'apt', 'cron', @@ -31,5 +31,6 @@ groups['all'] = { }, }, }, + 'pip_command': 'pip3', } From 750f1ef20c971fc4d0efe2c20c91bc882107bad9 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 26 Sep 2020 15:17:00 +0200 Subject: [PATCH 3/3] update bw to 4.2 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 226cb18..c8edcaf 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -bundlewrap>=4.0.0 +bundlewrap>=4.2.0