diff --git a/Jenkinsfile b/Jenkinsfile index ef990d1..f371f82 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,15 +1,6 @@ pipeline { agent any stages { - stage('editorconfig-checker') { - steps { - sh """ - wget -Oec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz - tar -xzf ec-linux-amd64.tar.gz && rm ec-linux-amd64.tar.gz - bin/ec-linux-amd64 -no-color -exclude '^bin/' - """ - } - } stage('install_requirements') { steps { sh """ @@ -18,13 +9,31 @@ pipeline { virtualenv -p python3 venv . venv/bin/activate - pip install --upgrade pip + pip install --upgrade pip isort pip install -r requirements.txt """ } } - stage('bw test') { + stage('tests') { parallel { + stage('syntax checking using editorconfig-checker') { + steps { + sh """ + wget -Oec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz + tar -xzf ec-linux-amd64.tar.gz && rm ec-linux-amd64.tar.gz + bin/ec-linux-amd64 -no-color -exclude '^bin/' + """ + } + } + stage('syntax checking using isort') { + steps { + sh """ + . venv/bin/activate + + isort --check . + """ + } + } stage('config and metadata determinism') { steps { sh """ @@ -36,7 +45,7 @@ pipeline { """ } } - stage('other tests') { + stage('bw test -i') { steps { sh """ . venv/bin/activate diff --git a/PORT_MAP.md b/PORT_MAP.md index 1e502c3..40f6d0a 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -36,7 +36,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 20090 | matrix-media-repo | prometheus metrics | | 21000 | pleroma | pleroma | | 21010 | grafana | grafana | -| 22000 | gitea | gitea | +| 22000 | gitea | forgejo | | 22010 | jenkins-ci | Jenkins CI | | 22020 | travelynx | Travelynx Web | | 22030 | octoprint | OctoPrint Web Interface | @@ -45,7 +45,6 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 22060 | pretalx | gunicorn | | 22070 | paperless-ng | gunicorn | | 22080 | netbox | gunicorn | -| 22090 | openhab | http | | 22100 | woodpecker-server | http | | 22101 | woodpecker-server | gRPC | | 22999 | nginx | stub_status | diff --git a/bundles/apt/items.py b/bundles/apt/items.py index ae0f87a..639417d 100644 --- a/bundles/apt/items.py +++ b/bundles/apt/items.py @@ -143,6 +143,9 @@ pkg_apt = { 'cloud-init': { 'installed': False, }, + 'molly-guard': { + 'installed': False, + }, 'netplan.io': { 'installed': False, }, diff --git a/bundles/arch-with-gui/metadata.py b/bundles/arch-with-gui/metadata.py index 869a7f9..4666cca 100644 --- a/bundles/arch-with-gui/metadata.py +++ b/bundles/arch-with-gui/metadata.py @@ -38,9 +38,14 @@ defaults = { 'rofi': {}, # sound + 'calf': {}, + 'easyeffects': {}, + 'lsp-plugins': {}, 'pavucontrol': {}, - 'pulseaudio': {}, - 'pulseaudio-zeroconf': {}, + 'pipewire': {}, + 'pipewire-jack': {}, + 'pipewire-pulse': {}, + 'qpwgraph': {}, # window management 'i3-wm': {}, @@ -53,6 +58,7 @@ defaults = { # Xorg 'xf86-input-libinput': {}, + 'xf86-input-wacom': {}, 'xorg-server': {}, 'xorg-setxkbmap': {}, 'xorg-xev': {}, @@ -62,20 +68,27 @@ defaults = { # all them apps 'browserpass': {}, 'browserpass-firefox': {}, + 'ffmpeg': {}, 'firefox': {}, 'gimp': {}, + 'imagemagick': {}, 'inkscape': {}, + 'kdenlive': {}, 'maim': {}, 'mosh': {}, + 'mosquitto': {}, 'mpv': {}, 'pass': {}, 'pass-otp': {}, 'pdftk': {}, 'pwgen': {}, 'qpdfview': {}, + 'samba': {}, + 'shotcut': {}, 'sipcalc': {}, 'the_silver_searcher': {}, 'tlp': {}, + 'virt-manager': {}, 'xclip': {}, 'xdotool': {}, # needed for maim window selection }, diff --git a/bundles/backup-server/items.py b/bundles/backup-server/items.py index c70512c..11d0624 100644 --- a/bundles/backup-server/items.py +++ b/bundles/backup-server/items.py @@ -1,6 +1,7 @@ repo.libs.tools.require_bundle(node, 'zfs') from os.path import join + from bundlewrap.metadata import metadata_to_json dataset = node.metadata.get('backup-server/zfs-base') diff --git a/bundles/bird/metadata.py b/bundles/bird/metadata.py index fd285d3..a5547d4 100644 --- a/bundles/bird/metadata.py +++ b/bundles/bird/metadata.py @@ -1,4 +1,5 @@ from ipaddress import ip_network + from bundlewrap.exceptions import NoSuchNode from bundlewrap.metadata import atomic diff --git a/bundles/docker-ce/metadata.py b/bundles/docker-ce/metadata.py index 1315d1c..cf6e2bb 100644 --- a/bundles/docker-ce/metadata.py +++ b/bundles/docker-ce/metadata.py @@ -12,14 +12,6 @@ defaults = { 'docker-ce-cli': {}, }, }, - 'nftables': { - 'rules': { - '00-docker-ce': { - 'inet filter forward ct state { related, established } accept', - 'inet filter forward iifname docker0 accept', - }, - }, - }, } @@ -27,7 +19,10 @@ defaults = { 'nftables/rules/00-docker-ce', ) def nftables_nat(metadata): - rules = set() + rules = { + 'inet filter forward ct state { related, established } accept', + 'inet filter forward iifname docker0 accept', + } for iface in metadata.get('interfaces'): rules.add(f'nat postrouting oifname {iface} masquerade') @@ -35,7 +30,7 @@ def nftables_nat(metadata): return { 'nftables': { 'rules': { - '00-docker-ce': rules, + '00-docker-ce': sorted(rules), }, }, } diff --git a/bundles/dovecot/files/dovecot.conf b/bundles/dovecot/files/dovecot.conf index 885b36a..9a294aa 100644 --- a/bundles/dovecot/files/dovecot.conf +++ b/bundles/dovecot/files/dovecot.conf @@ -46,11 +46,12 @@ plugin { zlib_save_level = 6 zlib_save = gz - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_dir = /var/mail/vmail/sieve/%d/%n/ sieve = /var/mail/vmail/sieve/%d/%n.sieve - sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin + sieve_dir = /var/mail/vmail/sieve/%d/%n/ sieve_extensions = +vnd.dovecot.pipe + sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve_user_log = /var/mail/vmail/sieve/%d/%n.log old_stats_refresh = 30 secs old_stats_track_cmds = yes diff --git a/bundles/gitea/files/app.ini b/bundles/gitea/files/app.ini index a904681..b55f210 100644 --- a/bundles/gitea/files/app.ini +++ b/bundles/gitea/files/app.ini @@ -21,7 +21,6 @@ ROOT_URL = https://${domain}/ DISABLE_SSH = false SSH_PORT = 22 LFS_START_SERVER = true -LFS_CONTENT_PATH = /var/lib/gitea/data/lfs LFS_JWT_SECRET = ${lfs_secret_key} OFFLINE_MODE = true START_SSH_SERVER = false @@ -67,7 +66,7 @@ EMAIL_DOMAIN_BLOCKLIST = ${','.join(sorted(email_domain_blocklist))} [mailer] ENABLED = true -MAILER_TYPE = sendmail +PROTOCOL = sendmail FROM = "${app_name}" [session] diff --git a/bundles/gitea/items.py b/bundles/gitea/items.py index 2e2f518..e071483 100644 --- a/bundles/gitea/items.py +++ b/bundles/gitea/items.py @@ -40,10 +40,7 @@ files = { }, '/usr/local/bin/gitea': { 'content_type': 'download', - #'source': 'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64'.format(version=node.metadata.get('gitea/version')), - 'source': 'https://github.com/go-gitea/gitea/releases/download/v{version}/gitea-{version}-linux-amd64'.format( - version=node.metadata.get('gitea/version'), - ), + 'source': node.metadata.get('gitea/url'), 'content_hash': node.metadata.get('gitea/sha1', None), 'mode': '0755', 'triggers': { diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index 6785b4b..2b9bcbe 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -6,7 +6,7 @@ defaults = { }, }, 'gitea': { - 'app_name': 'Gitea', + 'app_name': 'Forgejo', 'database': { 'username': 'gitea', 'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)), @@ -23,9 +23,14 @@ defaults = { 'icinga2_api': { 'gitea': { 'services': { - 'GITEA PROCESS': { + 'FORGEJO PROCESS': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit gitea', }, + 'FORGEJO UPDATE': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v$(gitea --version | cut -d" " -f3)', + 'vars.notification.mail': True, + 'check_interval': '60m', + }, }, }, }, @@ -67,7 +72,7 @@ defaults = { @metadata_reactor.provides( - 'nginx/vhosts/gitea', + 'nginx/vhosts/forgejo', ) def nginx(metadata): if not node.has_bundle('nginx'): @@ -76,7 +81,7 @@ def nginx(metadata): return { 'nginx': { 'vhosts': { - 'gitea': { + 'forgejo': { 'domain': metadata.get('gitea/domain'), 'locations': { '/': { @@ -99,16 +104,4 @@ def nginx(metadata): ) def icinga_check_for_new_release(metadata): return { - 'icinga2_api': { - 'gitea': { - 'services': { - 'GITEA UPDATE': { - # this is only temporary. We will switch to forgejo once they have their first stable release. - 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v{}'.format(metadata.get('gitea/version')), - 'vars.notification.mail': True, - 'check_interval': '60m', - }, - }, - }, - }, } diff --git a/bundles/homeassistant/files/check_homeassistant_update b/bundles/homeassistant/files/check_homeassistant_update index d01d830..ff2b0d7 100644 --- a/bundles/homeassistant/files/check_homeassistant_update +++ b/bundles/homeassistant/files/check_homeassistant_update @@ -41,7 +41,7 @@ try: message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary." else: status = 2 - message = f"CRITICAL - update necessary, running verison {running_version} is lower than stable version {stable_version}" + message = f"CRITICAL - update necessary, running version {running_version} is lower than stable version {stable_version}" except Exception as e: message = f"{message}: {repr(e)}" diff --git a/bundles/homeassistant/metadata.py b/bundles/homeassistant/metadata.py index 87855f8..0b41f39 100644 --- a/bundles/homeassistant/metadata.py +++ b/bundles/homeassistant/metadata.py @@ -1,5 +1,3 @@ -from bundlewrap.metadata import atomic - defaults = { 'apt': { 'packages': { @@ -25,7 +23,7 @@ defaults = { }, } @metadata_reactor.provides( - 'icinga2_api/homeassistant/services/HOMESSISTANT UPDATE', + 'icinga2_api/homeassistant/services', ) def icinga_check_for_new_release(metadata): return { @@ -54,8 +52,8 @@ def nginx(metadata): 'vhosts': { 'homeassistant': { 'domain': metadata.get('homeassistant/domain'), - 'website_check_path': '/', - 'website_check_string': 'Homeassistant', + 'website_check_path': '/auth/authorize', + 'website_check_string': 'Home Assistant', 'locations': { '/': { 'target': 'http://127.0.0.1:8123', diff --git a/bundles/icinga2/files/check_freifunk_node b/bundles/icinga2/files/check_freifunk_node index 2723f13..22725b7 100644 --- a/bundles/icinga2/files/check_freifunk_node +++ b/bundles/icinga2/files/check_freifunk_node @@ -1,8 +1,9 @@ #!/usr/bin/env python3 -from requests import get from sys import argv, exit +from requests import get + meshviewer_url = argv[1] node_id = argv[2] node = None diff --git a/bundles/icinga2/files/check_sipgate_account_balance b/bundles/icinga2/files/check_sipgate_account_balance index 8e8ce2d..843dfd9 100644 --- a/bundles/icinga2/files/check_sipgate_account_balance +++ b/bundles/icinga2/files/check_sipgate_account_balance @@ -1,8 +1,9 @@ #!/usr/bin/env python3 -from requests import get from sys import exit +from requests import get + SIPGATE_USER = '${node.metadata['icinga2']['sipgate_user']}' SIPGATE_PASS = '${node.metadata['icinga2']['sipgate_pass']}' diff --git a/bundles/icinga2/files/check_spam_blocklist b/bundles/icinga2/files/check_spam_blocklist index bf14a82..5cb350d 100644 --- a/bundles/icinga2/files/check_spam_blocklist +++ b/bundles/icinga2/files/check_spam_blocklist @@ -1,12 +1,10 @@ #!/usr/bin/env python3 from concurrent.futures import ThreadPoolExecutor, as_completed -from ipaddress import ip_address, IPv6Address +from ipaddress import IPv6Address, ip_address from subprocess import check_output from sys import argv, exit - - BLOCKLISTS = [ '0spam.fusionzero.com', 'bl.mailspike.org', diff --git a/bundles/icinga2/files/scripts/icinga_notification_wrapper b/bundles/icinga2/files/scripts/icinga_notification_wrapper index f988be8..72ab749 100644 --- a/bundles/icinga2/files/scripts/icinga_notification_wrapper +++ b/bundles/icinga2/files/scripts/icinga_notification_wrapper @@ -4,10 +4,11 @@ import email.mime.text import smtplib from argparse import ArgumentParser from json import dumps -from requests import post from subprocess import run from sys import argv +from requests import post + SIPGATE_USER='${node.metadata['icinga2']['sipgate_user']}' SIPGATE_PASS='${node.metadata['icinga2']['sipgate_pass']}' diff --git a/bundles/icinga2/metadata.py b/bundles/icinga2/metadata.py index 9bf7d26..fcbfd13 100644 --- a/bundles/icinga2/metadata.py +++ b/bundles/icinga2/metadata.py @@ -17,7 +17,9 @@ defaults = { 'icinga2': {}, 'icinga2-ido-pgsql': {}, 'icingaweb2': {}, - 'icingaweb2-module-monitoring': {}, + + # apparently no longer needed + #'icingaweb2-module-monitoring': {}, # neeeded for statusmonitor 'python3-flask': {}, diff --git a/bundles/matrix-synapse/files/synapse-purge-unused-rooms b/bundles/matrix-synapse/files/synapse-purge-unused-rooms index aa54ebb..4e5f1e1 100644 --- a/bundles/matrix-synapse/files/synapse-purge-unused-rooms +++ b/bundles/matrix-synapse/files/synapse-purge-unused-rooms @@ -1,9 +1,9 @@ #!/usr/bin/env python3 from os import environ -from requests import get, post from sys import argv, exit +from requests import get, post SYNAPSE_MAX_ROOMS_TO_GET = 20000 SYNAPSE_HOST = 'http://[::1]:20080/' diff --git a/bundles/miniflux/metadata.py b/bundles/miniflux/metadata.py index 8c51627..b14fd15 100644 --- a/bundles/miniflux/metadata.py +++ b/bundles/miniflux/metadata.py @@ -6,7 +6,7 @@ defaults = { 'repos': { 'miniflux': { 'items': { - 'deb https://apt.miniflux.app/ /', + 'deb [trusted=yes] https://repo.miniflux.app/apt/ /', }, }, }, diff --git a/bundles/molly-guard/files/10-check-unattended-upgrades b/bundles/molly-guard/files/10-check-unattended-upgrades deleted file mode 100644 index 6adafdb..0000000 --- a/bundles/molly-guard/files/10-check-unattended-upgrades +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -# Checks wether upgrade-and-reboot is currently running. - -if [[ -f "/var/lib/bundlewrap/soft-${node.name}/UNATTENDED" ]] -then - echo "Sorry, can't $MOLLYGUARD_CMD now, upgrade-and-reboot is running" - exit 1 -fi diff --git a/bundles/molly-guard/files/30-query-hostname b/bundles/molly-guard/files/30-query-hostname deleted file mode 100644 index 3e4fc4c..0000000 --- a/bundles/molly-guard/files/30-query-hostname +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -# This script will ask for the bundlewrap node name. This replaces the -# original script, which will ask for the hostname, which sometimes -# is not enough to properly identify the system. - -NODE_NAME="${node.name}" - -# If this is not a terminal, do nothing -test -t 0 || exit 0 - -sigh() -{ - echo "Sorry, input does not match. Won't $MOLLYGUARD_CMD $NODE_NAME ..." >&2 - exit 1 -} - -trap 'echo;sigh' 1 2 3 9 10 12 15 - -echo -n "Please enter the bundlewrap node name of this System to $MOLLYGUARD_CMD: " -read NODE_NAME_USER || : - -NODE_NAME_USER="$(echo "$NODE_NAME_USER" | tr '[:upper:]' '[:lower:]')" - -[ "$NODE_NAME_USER" = "$NODE_NAME" ] || sigh - -trap - 1 2 3 9 10 12 15 - -exit 0 diff --git a/bundles/molly-guard/files/rc b/bundles/molly-guard/files/rc deleted file mode 100644 index 4b6f808..0000000 --- a/bundles/molly-guard/files/rc +++ /dev/null @@ -1 +0,0 @@ -# currently unused diff --git a/bundles/molly-guard/items.py b/bundles/molly-guard/items.py deleted file mode 100644 index 1d6d82f..0000000 --- a/bundles/molly-guard/items.py +++ /dev/null @@ -1,27 +0,0 @@ -directories = { - '/etc/molly-guard/messages.d': { - 'purge': True, - 'after': { - 'pkg_apt:molly-guard', - }, - }, - '/etc/molly-guard/run.d': { - 'purge': True, - 'after': { - 'pkg_apt:molly-guard', - }, - }, -} - -files = { - '/etc/molly-guard/rc': {}, - - '/etc/molly-guard/run.d/10-check-unattended-upgrades': { - 'content_type': 'mako', - 'mode': '0755', - }, - '/etc/molly-guard/run.d/30-query-hostname': { - 'content_type': 'mako', - 'mode': '0755', - }, -} diff --git a/bundles/molly-guard/metadata.py b/bundles/molly-guard/metadata.py deleted file mode 100644 index d8571e2..0000000 --- a/bundles/molly-guard/metadata.py +++ /dev/null @@ -1,7 +0,0 @@ -defaults = { - 'apt': { - 'packages': { - 'molly-guard': {}, - }, - }, -} diff --git a/bundles/mosquitto/files/tasmota-telegraf-plugin b/bundles/mosquitto/files/tasmota-telegraf-plugin index 3aef6d6..4927002 100644 --- a/bundles/mosquitto/files/tasmota-telegraf-plugin +++ b/bundles/mosquitto/files/tasmota-telegraf-plugin @@ -7,7 +7,6 @@ from time import sleep import paho.mqtt.client as mqtt - BROKER_HOST = argv[1] BROKER_TOPIC = argv[2] diff --git a/bundles/mosquitto/metadata.py b/bundles/mosquitto/metadata.py index 08bd6de..c07a446 100644 --- a/bundles/mosquitto/metadata.py +++ b/bundles/mosquitto/metadata.py @@ -1,6 +1,5 @@ from bundlewrap.metadata import atomic - defaults = { 'apt': { 'packages': { diff --git a/bundles/octoprint/files/check_octoprint_update b/bundles/octoprint/files/check_octoprint_update index c7ae90a..ff89a3e 100644 --- a/bundles/octoprint/files/check_octoprint_update +++ b/bundles/octoprint/files/check_octoprint_update @@ -1,8 +1,9 @@ #!/usr/bin/env python3 -from requests import get from sys import exit +from requests import get + api_key = '${api_key}' try: diff --git a/bundles/openhab/files/backup-pre-hook b/bundles/openhab/files/backup-pre-hook deleted file mode 100644 index fbf0eda..0000000 --- a/bundles/openhab/files/backup-pre-hook +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -find /var/lib/openhab/backups -type f -mtime +3 -delete - -/usr/share/openhab/runtime/bin/backup --full diff --git a/bundles/openhab/files/openhab b/bundles/openhab/files/openhab deleted file mode 100644 index 9893987..0000000 --- a/bundles/openhab/files/openhab +++ /dev/null @@ -1,62 +0,0 @@ -# openHAB service options - -######################### -## PORTS -## The ports openHAB will bind its HTTP/HTTPS web server to. - -OPENHAB_HTTP_PORT=22090 -#OPENHAB_HTTPS_PORT=8443 - -######################### -## HTTP(S) LISTEN ADDRESS -## The listen address used by the HTTP(S) server. -## 0.0.0.0 (default) allows a connection from any location -## 127.0.0.1 only allows the local machine to connect - -OPENHAB_HTTP_ADDRESS=127.0.0.1 - -######################### -## BACKUP DIRECTORY -## Set the following variable to specify the backup location. -## runtime/bin/backup and runtime/bin/restore will use this path for the zip files. - -#OPENHAB_BACKUPS=/var/lib/openhab/backups - -######################### -## JAVA OPTIONS -## Additional options for the JAVA_OPTS environment variable. -## These will be appended to the execution of the openHAB Java runtime in front of all other options. -## -## A couple of independent examples: -## EXTRA_JAVA_OPTS="-Dgnu.io.rxtx.SerialPorts=/dev/ttyZWAVE:/dev/ttyUSB0:/dev/ttyS0:/dev/ttyS2:/dev/ttyACM0:/dev/ttyAMA0" -## EXTRA_JAVA_OPTS="-Djna.library.path=/lib/arm-linux-gnueabihf/ -Duser.timezone=Europe/Berlin -Dgnu.io.rxtx.SerialPorts=/dev/ttyZWave" - -EXTRA_JAVA_OPTS="${extra_java_opts}" - -######################### -## OPENHAB DEFAULTS PATHS -## The following settings override the default apt/rpm locations and should be used with caution. -## openHAB will fail to update itself if you're using different paths. -## Only set these if you are testing and are confident in debugging. - -#OPENHAB_HOME=/usr/share/openhab -#OPENHAB_CONF=/etc/openhab -#OPENHAB_RUNTIME=/usr/share/openhab/runtime -#OPENHAB_USERDATA=/var/lib/openhab -#OPENHAB_LOGDIR=/var/log/openhab - -######################### -## OPENHAB USER AND GROUP -## The user and group that takes ownership of openHAB. Only available for init.d systems. -## To edit user and group for systemd, see the service file at /usr/lib/systemd/system/openhab.service. - -#OPENHAB_USER=openhab -#OPENHAB_GROUP=openhab - -######################### -## SYSTEMD START MODE -## The Karaf startmode for the openHAB runtime. Only available for systemctl/systemd systems. -## Defaults to daemon when unset here. Multiple options can be used without quotes. -## debug increases log output. daemon launches the Karaf/openHAB processes. - -#OPENHAB_STARTMODE=debug diff --git a/bundles/openhab/items.py b/bundles/openhab/items.py deleted file mode 100644 index eabe1d0..0000000 --- a/bundles/openhab/items.py +++ /dev/null @@ -1,32 +0,0 @@ -extra_java_opts = [] - -for opt, value in sorted(node.metadata.get('openhab/java_opts', {}).items()): - if value is None: - extra_java_opts.append(f'-D{opt}') - else: - extra_java_opts.append(f'-D{opt}={value}') - -files = { - '/etc/default/openhab': { - 'content_type': 'mako', - 'context': { - 'extra_java_opts': ' '.join(extra_java_opts), - }, - 'triggers': { - 'svc_systemd:openhab:restart', - }, - }, - '/etc/backup-pre-hooks.d/40-openhab': { - 'source': 'backup-pre-hook', - 'mode': '0755', - } -} - -svc_systemd = { - 'openhab': { - 'needs': { - 'pkg_apt:openhab', - 'pkg_apt:openhab-addons', - }, - }, -} diff --git a/bundles/openhab/metadata.py b/bundles/openhab/metadata.py deleted file mode 100644 index e6a87cc..0000000 --- a/bundles/openhab/metadata.py +++ /dev/null @@ -1,55 +0,0 @@ -defaults = { - 'apt': { - 'packages': { - 'openjdk-17-jre': {}, - 'openhab': { - 'needs': { - 'pkg_apt:openjdk-17-jre', - }, - }, - 'openhab-addons': { - 'needs': { - 'pkg_apt:openhab', - }, - }, - }, - 'repos': { - 'openhab': { - 'items': { - 'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main', - }, - }, - }, - }, - 'backups': { - 'paths': { - '/usr/share/openhab/addons', # not included in openhab backup - '/var/lib/openhab', - }, - }, -} - - -@metadata_reactor.provides( - 'nginx/vhosts/openhab', -) -def nginx(metadata): - if not node.has_bundle('nginx'): - raise DoNotRunAgain - - return { - 'nginx': { - 'vhosts': { - 'openhab': { - 'domain': metadata.get('openhab/domain'), - 'locations': { - '/': { - 'target': 'http://localhost:22090/', - }, - }, - 'website_check_path': '/', - 'website_check_string': 'openHAB', - }, - }, - }, - } diff --git a/bundles/postfix/files/postfix-telegraf-queue b/bundles/postfix/files/postfix-telegraf-queue index f5abfe7..16b64e5 100644 --- a/bundles/postfix/files/postfix-telegraf-queue +++ b/bundles/postfix/files/postfix-telegraf-queue @@ -4,7 +4,6 @@ from json import loads from subprocess import check_output - queue_counts = {} queue_json = check_output(['sudo', '/usr/sbin/postqueue', '-j']) diff --git a/bundles/powerdns/files/named.conf b/bundles/powerdns/files/named.conf index 196e3f5..4154935 100644 --- a/bundles/powerdns/files/named.conf +++ b/bundles/powerdns/files/named.conf @@ -1,6 +1,6 @@ % for zone in sorted(zones): zone "${zone}" { file "/var/lib/powerdns/zones/${zone}"; - type native; + type master; }; % endfor diff --git a/bundles/powerdns/files/pdns.conf b/bundles/powerdns/files/pdns.conf index 1e2a5de..7fcb1ca 100644 --- a/bundles/powerdns/files/pdns.conf +++ b/bundles/powerdns/files/pdns.conf @@ -20,12 +20,15 @@ setgid=pdns allow-notify-from=${','.join(sorted(my_primary_servers))} slave=yes -# FIXME enable once debian stable has 4.1.9 -#superslave=yes +% if node.os_version[0] > 10: +superslave=yes +% endif % else: api=yes api-key=${api_key} webserver=yes +webserver-address=0.0.0.0 +webserver-allow-from=0.0.0.0/0 allow-notify-from= diff --git a/bundles/powerdns/items.py b/bundles/powerdns/items.py index a6db93a..2aad214 100644 --- a/bundles/powerdns/items.py +++ b/bundles/powerdns/items.py @@ -5,26 +5,12 @@ from subprocess import check_output zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones') -ZONE_HEADER = """ -; _ ____ _ _ _____ _ _ _ _ ____ -; / \\ / ___| | | |_ _| | | | \\ | |/ ___| -; / _ \\| | | |_| | | | | | | | \\| | | _ -; / ___ \\ |___| _ | | | | |_| | |\\ | |_| | -; /_/ \\_\\____|_| |_| |_| \\___/|_| \\_|\\____| -; -; --> Diese Datei wird von BundleWrap verwaltet! <-- - -$TTL 60 -@ IN SOA ns-1.kunbox.net. hostmaster.kunbox.net. ( - {serial} - 3600 - 600 - 86400 - 300 - ) -""" +nameservers = set() for rnode in sorted(repo.nodes_in_group('dns')): - ZONE_HEADER += '@ IN NS {}.\n'.format(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname'))) + if not rnode.metadata.get('powerdns/is_secondary'): + # hide the primary nameserver from auto-generated nameserver lists + continue + nameservers.add(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname'))) directories = { '/etc/powerdns/pdns.d': { @@ -50,11 +36,11 @@ files = { '/etc/powerdns/pdns.conf': { 'content_type': 'mako', 'context': { - 'api_key': node.metadata['powerdns']['api_key'], - 'my_hostname': node.metadata['powerdns'].get('my_hostname', node.metadata.get('hostname')), - 'is_secondary': node.metadata['powerdns'].get('is_secondary', False), - 'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', set()), - 'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', set()), + 'api_key': node.metadata.get('powerdns/api_key'), + 'my_hostname': node.metadata.get('powerdns/my_hostname', node.metadata.get('hostname')), + 'is_secondary': node.metadata.get('powerdns/is_secondary', False), + 'my_primary_servers': node.metadata.get('powerdns/my_primary_servers', set()), + 'my_secondary_servers': node.metadata.get('powerdns/my_secondary_servers', set()), }, 'needs': { 'pkg_apt:pdns-server', @@ -78,7 +64,7 @@ svc_systemd = { actions = { 'powerdns_reload_zones': { 'triggered': True, - 'command': 'pdns_control rediscover; pdns_control reload', + 'command': 'pdns_control rediscover; pdns_control reload; pdns_control notify \*', 'needs': { 'svc_systemd:pdns', }, @@ -102,7 +88,8 @@ if node.metadata.get('powerdns/features/bind', False): files[f'/var/lib/powerdns/zones/{zone}'] = { 'content_type': 'mako', 'context': { - 'header': ZONE_HEADER.format(serial=serial), + 'NAMESERVERS': '\n'.join(sorted({f'@ IN NS {ns}.' for ns in nameservers})), + 'SERIAL': serial, 'metadata_records': node.metadata.get(f'powerdns/bind-zones/{zone}/records', []), }, 'source': f'bind-zones/{zone}', @@ -142,12 +129,22 @@ if node.metadata.get('powerdns/features/bind', False): 'action:powerdns_reload_zones', }, } +else: + files['/etc/powerdns/named.conf'] = { + 'delete': True, + 'needed_by': { + 'svc_systemd:pdns', + }, + 'triggers': { + 'action:powerdns_reload_zones', + }, + } -if node.metadata.get('powerdns/features/pgsql', False): +if node.metadata.get('powerdns/features/pgsql', node.has_bundle('postgresql')): files['/etc/powerdns/pdns.d/pgsql.conf'] = { 'content_type': 'mako', 'context': { - 'password': node.metadata['postgresql']['roles']['powerdns']['password'], + 'password': node.metadata.get('postgresql/roles/powerdns/password'), }, 'needs': { 'pkg_apt:pdns-backend-pgsql', @@ -163,7 +160,7 @@ if node.metadata.get('powerdns/features/pgsql', False): files['/etc/powerdns/schema.pgsql.sql'] = {} actions['powerdns_load_pgsql_schema'] = { - 'command': node.metadata['postgresql']['roles']['powerdns']['password'].format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'), + 'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'), 'unless': 'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null', 'needs': { 'bundle:postgresql', diff --git a/bundles/powerdns/metadata.py b/bundles/powerdns/metadata.py index 57f46f5..e93c7de 100644 --- a/bundles/powerdns/metadata.py +++ b/bundles/powerdns/metadata.py @@ -1,4 +1,4 @@ -from ipaddress import ip_address, IPv4Address, IPv6Address +from ipaddress import IPv4Address, IPv6Address, ip_address from bundlewrap.metadata import atomic @@ -43,7 +43,11 @@ if node.has_bundle('telegraf'): defaults['telegraf'] = { 'input_plugins': { 'builtin': { - 'powerdns': [{}], + 'powerdns': [{ + 'unix_sockets': [ + '/var/run/pdns/pdns.controlsocket', + ], + }], }, }, 'additional_groups': { @@ -186,16 +190,16 @@ def hosts_entries_for_all_dns_servers(metadata): if rnode.name == node.name: continue - ip = rnode.metadata.get('external_ipv4') + found_ips = repo.libs.tools.resolve_identifier(repo, rnode.name) + for ip in sorted(found_ips['ipv4']): + if not ip.is_private: + entries[str(ip)] = { + rnode.metadata.get('hostname'), + rnode.name, + } - if ip: - entries[ip] = { - rnode.metadata.get('hostname'), - rnode.name, - } - - if rnode.metadata.get('powerdns/my_hostname', None): - entries[ip].add(rnode.metadata.get('powerdns/my_hostname')) + if rnode.metadata.get('powerdns/my_hostname', None): + entries[str(ip)].add(rnode.metadata.get('powerdns/my_hostname')) return { 'hosts': { @@ -211,8 +215,9 @@ def firewall(metadata): return { 'firewall': { 'port_rules': { - '53': atomic(metadata.get('powerdns/restrict-to', {'*'})), - '53/udp': atomic(metadata.get('powerdns/restrict-to', {'*'})), + '53': atomic(metadata.get('powerdns/restrict-to/dns', {'*'})), + '53/udp': atomic(metadata.get('powerdns/restrict-to/dns', {'*'})), + '8081': atomic(metadata.get('powerdns/restrict-to/api', set())), }, }, } diff --git a/bundles/powerdnsadmin/items.py b/bundles/powerdnsadmin/items.py index 7cdf08c..ea256ea 100644 --- a/bundles/powerdnsadmin/items.py +++ b/bundles/powerdnsadmin/items.py @@ -36,10 +36,13 @@ actions = { 'needs': { 'directory:/opt/powerdnsadmin', # provided by bundle:users }, + 'after': { + 'pkg_apt:', + }, }, 'powerdnsadmin_install_deps': { 'triggered': True, - 'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt', + 'command': '/opt/powerdnsadmin/venv/bin/pip install --upgrade psycopg2-binary -r /opt/powerdnsadmin/src/requirements.txt', 'needs': { 'action:powerdnsadmin_create_virtualenv', 'pkg_apt:', diff --git a/bundles/powerdnsadmin/metadata.py b/bundles/powerdnsadmin/metadata.py index 8389941..0617b03 100644 --- a/bundles/powerdnsadmin/metadata.py +++ b/bundles/powerdnsadmin/metadata.py @@ -10,7 +10,6 @@ defaults = { 'libxmlsec1-dev': {}, 'libxslt1-dev': {}, 'pkg-config': {}, - 'python3-psycopg2': {}, 'python3-wheel': {}, }, }, diff --git a/bundles/pppd/files/dyndns b/bundles/pppd/files/dyndns index a88d7c5..f1760d8 100644 --- a/bundles/pppd/files/dyndns +++ b/bundles/pppd/files/dyndns @@ -1,8 +1,9 @@ #!/usr/bin/env python3 -import requests from sys import argv +import requests + INTERFACE = argv[1] LOCAL_IP = argv[4] diff --git a/bundles/pretalx/files/pretalx-administrators-from-group b/bundles/pretalx/files/pretalx-administrators-from-group index c1dcf80..3253000 100644 --- a/bundles/pretalx/files/pretalx-administrators-from-group +++ b/bundles/pretalx/files/pretalx-administrators-from-group @@ -1,9 +1,10 @@ #!/usr/bin/env python3 -import psycopg2 from configparser import ConfigParser from sys import argv, exit +import psycopg2 + def main(): try: diff --git a/bundles/rspamd/files/telegraf-rspamd-plugin b/bundles/rspamd/files/telegraf-rspamd-plugin index 9cb2c3d..23e5ccb 100644 --- a/bundles/rspamd/files/telegraf-rspamd-plugin +++ b/bundles/rspamd/files/telegraf-rspamd-plugin @@ -1,8 +1,9 @@ #!/usr/bin/env python3 -from requests import get from sys import argv, stderr +from requests import get + try: r = get('http://127.0.0.1:11334/stat') r.raise_for_status() diff --git a/bundles/smartd/files/telegraf_plugin b/bundles/smartd/files/telegraf_plugin index 5a7a1a5..5bd10f2 100644 --- a/bundles/smartd/files/telegraf_plugin +++ b/bundles/smartd/files/telegraf_plugin @@ -1,7 +1,7 @@ #!/usr/bin/env python -from subprocess import check_output from json import loads +from subprocess import check_output from sys import stderr devices = check_output(['smartctl', '--scan']).decode().splitlines() diff --git a/bundles/sshmon/files/check_forgejo_for_new_release b/bundles/sshmon/files/check_forgejo_for_new_release index 99fb18d..3db5bcd 100644 --- a/bundles/sshmon/files/check_forgejo_for_new_release +++ b/bundles/sshmon/files/check_forgejo_for_new_release @@ -55,8 +55,9 @@ try: exit(2) else: print( - "Currently installed version {} matches newest release on github".format( - current_version + "Currently installed version {} matches newest release on {}".format( + current_version, + host, ) ) exit(0) diff --git a/bundles/sshmon/files/check_http_wget b/bundles/sshmon/files/check_http_wget index ade5dbe..c259871 100644 --- a/bundles/sshmon/files/check_http_wget +++ b/bundles/sshmon/files/check_http_wget @@ -2,8 +2,8 @@ #this is actually a python https requests query, its called check_http_wget cause it got replaced -from sys import exit from argparse import ArgumentParser +from sys import exit import requests diff --git a/bundles/sshmon/files/check_mounts b/bundles/sshmon/files/check_mounts index f387ce4..bc2fc4b 100644 --- a/bundles/sshmon/files/check_mounts +++ b/bundles/sshmon/files/check_mounts @@ -5,7 +5,6 @@ from argparse import ArgumentParser from subprocess import check_output from tempfile import TemporaryFile - check_filesystem_types = { 'ext2', 'ext3', diff --git a/bundles/sshmon/metadata.py b/bundles/sshmon/metadata.py index 4fc3df2..8d5bb6b 100644 --- a/bundles/sshmon/metadata.py +++ b/bundles/sshmon/metadata.py @@ -8,7 +8,10 @@ defaults = { 'monitoring-plugins': {}, 'python3-requests': {}, 'python3-setuptools': {}, # needed by check_github_for_new_release - 'sysstat': {}, # needed by check_cpu_stats + 'sysstat': { + # legacy + 'installed': False, + }, }, }, 'icinga2_api': { @@ -37,7 +40,6 @@ defaults = { 'perl-libwww': {}, 'monitoring-plugins': {}, 'python-requests': {}, - 'sysstat': {}, }, }, } diff --git a/bundles/systemd-networkd/metadata.py b/bundles/systemd-networkd/metadata.py index 303e0f3..46cd893 100644 --- a/bundles/systemd-networkd/metadata.py +++ b/bundles/systemd-networkd/metadata.py @@ -1,6 +1,9 @@ defaults = { 'apt': { 'packages': { + 'isc-dhcp-client': { + 'installed': False, + }, 'resolvconf': { 'installed': False, }, diff --git a/bundles/travelynx/files/travelynx.conf b/bundles/travelynx/files/travelynx.conf index bc8e128..7787d8b 100644 --- a/bundles/travelynx/files/travelynx.conf +++ b/bundles/travelynx/files/travelynx.conf @@ -5,15 +5,13 @@ # 'localhost'. { - # Cache directories for schedule and realtime data. Mandatory. The parent - # directory ('/var/cache/travelynx' in this case) must already exist. + base_url => Mojo::URL->new('https://${domain}'), + cache => { schedule => '/var/cache/travelynx/iris', realtime => '/var/cache/travelynx/iris-rt', }, - # Database configuration. host and port are optional - # (defaulting to localhost:5432), the rest is mandatory. db => { host => '${database.get('host', 'localhost')}', port => 5432, @@ -22,8 +20,6 @@ password => '${database['password']}', }, - # See the Mojo::Server::Hypnotoad manual for details on the following - # settings. hypnotoad => { accepts => 100, clients => 10, @@ -34,21 +30,14 @@ }, mail => { - # If you want to disable outgoing mail for development purposes, - # uncomment the following line. Mails will instead be logged as - # Mojolicious "info" messages, causing their content to be printed on - # stdout. - ## disabled => 1, - - # Otherwise, specify the sender ("From" field) for mail sent by travelynx - # here. E.g. 'Travelynx ' from => '${mail_from}', }, - # Secrets used for cookie signing and verification. Must contain at least - # one random string. If you specify several strings, the first one will - # be used for signing new cookies, and the remaining ones will still be - # accepted for cookie validation. + ref => { + issues => 'https://github.com/derf/travelynx/issues', + source => 'https://github.com/derf/travelynx', + }, + secrets => [ '${cookie_secret}', ], diff --git a/bundles/travelynx/items.py b/bundles/travelynx/items.py index dda92cf..5463a1b 100644 --- a/bundles/travelynx/items.py +++ b/bundles/travelynx/items.py @@ -36,7 +36,7 @@ files = { }, '/opt/travelynx/travelynx.conf': { 'content_type': 'mako', - 'context': node.metadata['travelynx'], + 'context': node.metadata.get('travelynx'), 'needs': { 'git_deploy:/opt/travelynx', }, @@ -61,7 +61,7 @@ if isfile(join(repo.path, 'data', 'travelynx', 'files', 'imprint', node.name)): git_deploy = { '/opt/travelynx': { 'repo': 'https://github.com/derf/travelynx.git', - 'rev': node.metadata['travelynx']['version'], + 'rev': node.metadata.get('travelynx/version'), 'needs': { 'directory:/opt/travelynx', }, @@ -84,7 +84,7 @@ actions = { 'triggered': True, }, 'travelynx_database_migrate': { - 'command': 'cd /opt/travelynx && perl index.pl database migrate', + 'command': 'export PERL5LIB=/opt/travelynx/local/lib/perl5; cd /opt/travelynx && perl index.pl database migrate', # Because git_deploy does not put .git onto the server, the script # will complain on STDERR about not finding a git repository. # That's why we need to redirect stderr to /dev/null. diff --git a/bundles/users/files/bashrc b/bundles/users/files/bashrc index 0a21add..2b2729d 100644 --- a/bundles/users/files/bashrc +++ b/bundles/users/files/bashrc @@ -36,6 +36,7 @@ export EDITOR=vim export VISUAL=vim alias ipb='ip -brief --color=auto' +alias ipa='ip -brief --color=always addr show; echo; ip --color=always route show; ip -6 --color=always route show' alias l='ls -lAh' alias s='sudo -i' alias v='vim -p' diff --git a/bundles/users/items.py b/bundles/users/items.py index 457c46a..d6df3cd 100644 --- a/bundles/users/items.py +++ b/bundles/users/items.py @@ -1,4 +1,4 @@ -from os.path import join, exists +from os.path import exists, join files = { '/etc/bash.bashrc': { diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index 21e9b8f..b19ca8c 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -3,7 +3,6 @@ from ipaddress import ip_network from bundlewrap.exceptions import NoSuchNode from bundlewrap.metadata import atomic - defaults = { 'apt': { 'packages': { diff --git a/bundles/zfs/files/check_zpool_space b/bundles/zfs/files/check_zpool_space index ff4b9bb..abb533e 100644 --- a/bundles/zfs/files/check_zpool_space +++ b/bundles/zfs/files/check_zpool_space @@ -1,9 +1,9 @@ #!/usr/bin/env python3 +import re from subprocess import check_output from sys import argv, exit -import re def to_bytes(size): diff --git a/bundles/zfs/files/zfs-auto-snapshot b/bundles/zfs/files/zfs-auto-snapshot index 4f1c919..8e38cf7 100644 --- a/bundles/zfs/files/zfs-auto-snapshot +++ b/bundles/zfs/files/zfs-auto-snapshot @@ -2,7 +2,6 @@ import re - from datetime import datetime from json import loads from subprocess import check_call, check_output diff --git a/bundles/zfs/items.py b/bundles/zfs/items.py index 8dda658..85ffdd7 100644 --- a/bundles/zfs/items.py +++ b/bundles/zfs/items.py @@ -1,5 +1,4 @@ from json import dumps -#from os.path import join from bundlewrap.metadata import MetadataJSONEncoder diff --git a/data/apt/files/gpg-keys/influxdb.asc b/data/apt/files/gpg-keys/influxdb.asc index c97d593..60aeaf6 100644 --- a/data/apt/files/gpg-keys/influxdb.asc +++ b/data/apt/files/gpg-keys/influxdb.asc @@ -1,52 +1,29 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 -mQINBFYJmwQBEADCw7mob8Vzk+DmkYyiv0dTU/xgoSlp4SQwrTzat8MB8jxmx60l -QjmhqEyuB8ho4zzZF9KV+gJWrG6Rj4t69JMTJWM7jFz+0B1PC7kJfNM+VcBmkTnj -fP+KJjqz50ETnsF0kQTG++UJeRYjG1dDK0JQNQJAM6NQpIWJI339lcDf15vzrMnb -OgIlNxV6j1ZZqkle4fvScF1NQxYScRiL+sRgVx92SI4SyD/xZnVGD/szB+4OCzah -+0Q/MnNGV6TtN0RiCDZjIUYiHoeT9iQXEONKf7T62T4zUafO734HyqGvht93MLVU -GQAeuyx0ikGsULfOsJfBmb3XJS9u+16v7oPFt5WIbeyyNuhUu0ocK/PKt5sPYR4u -ouPq6Ls3RY3BGCH9DpokcYsdalo51NMrMdnYwdkeq9MEpsEKrKIN5ke7fk4weamJ -BiLI/bTcfM7Fy5r4ghdI9Ksw/ULXLm4GNabkIOSfT7UjTzcBDOvWfKRBLX4qvsx4 -YzA5kR+nX85u6I7W10aSqBiaLqk6vCj0QmBmCjlSeYqNQqSzH/6OoL6FZ7lP6AiG -F2NyGveJKjugoXlreLEhOYp20F81PNwlRBCAlMC2Q9mpcFu0dtAriVoG4gVDdYn5 -t+BiGfD2rJlCinYLgYBDpTPcdRT3VKHWqL9fcC4HKmic0mwWg9homx550wARAQAB -tDFJbmZsdXhEQiBQYWNrYWdpbmcgU2VydmljZSA8c3VwcG9ydEBpbmZsdXhkYi5j -b20+iQI3BBMBCgAhBQJWCZsEAhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ -EGhKFM8lguDF9XEQAK9rREnZt6ujh7GXfeNki35bkn39q8GYh0mouShFbFY9o0i3 -UJVChsxokJSRPgFh9GOhOPTupl3rzfdpD+IlWI2Myt6han2HOjZKNZ4RGNrYJ5UR -uxt4dKMWlMbpkzL56bhHlx97RoXKv2d2zRQfw9nyZb6t3lw2k2kKXsMxjGa0agM+ -2SropwYOXdtkz8UWaGd3LYxwEvW3AuhI8EEEHdLetQaYe9sANDvUEofgFbdsuICH -9QLmbYavk7wyGTPBKfPBbeyTxwW2rMUnFCNccMKLm1i5NpZYineBtQbX2cfx9Xsk -1JLOzEBmNal53H2ob0kjev6ufzOD3s8hLu4KMCivbIz4YT3fZyeExn0/0lUtsQ56 -5fCxE983+ygDzKsCnfdXqm3GgjaI90OkNr1y4gWbcd5hicVDv5fD3TD9f0GbpDVw -yDz8YmvNzxMILt5Glisr6aH7gLG/u8jxy0D8YcBiyv5kfY4vMI2yXHpGg1cn/sVu -ZB01sU09VVIM2BznnimyAayI430wquxkZCyMx//BqFM1qetIgk1wDZTlFd0n6qtA -fDmXAC4s5pM5rfM5V57WmPaIqnRIaESJ35tFUFlCHfkfl/N/ribGVDg1z2KDW08r -96oEiIIiV4GfXl+NprJqpNS3Cn+aCXtd7/TsDScDEgs4sMaR29Lsf26cuWk8uQIN -BFYJmwQBEADDPi3fmwn6iwkiDcH2E2V31cHlBw9OdJfxKVUdyAQEhTtqmG9P8XFZ -ERRQF155XLQPLvRlUlq7vEYSROn5J6BAnsjdjsH9LmFMOEV8CIRCRIDePG/Mez2d -nIK5yiU6GkS3IFaQg2T9/tOBKxm0ZJPfqTXbT4jFSfvYJ3oUqc+AyYxtb8gj1GRk -X283/86/bA3C98u7re1vPtiDRyM8r0+lhEc59Yx/EAOL+X2gZyTgyUoH+LLuOWQK -s1egI8y80R8NZfM1nMiQk2ywMsTFwQjSVimScvzqv5Nt8k8CvHUQ3a6R+6doXGNX -5RnUqn9Qvmh0JY5sNgFsoaGbuk2PJrVaGBRnfnjaDqAlZpDhwkWhcCcguNhRbRHp -N7/a0pQr70bAG9VikzLyGC17EU0sxney/hyNHkr4Uyy2OXHpuJvRjVKy/BwZ3fxA -AYX2oZIOxQB3/OulzO/DppaCVhRtp1bt+Z5f+fpisiVb5DvZcMdeyAoQ4+oOr7v3 -EasIs2XYcQ+kOE3Y2kdlHWBeuXzxgWgJZ1OOpwGMjR3Uy6IwhuSWtreJBA4er+Df -vgSPwKBsRLNLbPe3ftjArnC5GfMiGgikVdAUdN4OkEqvUbkRoAVGKTOMLUKm+ZkG -OskJOVYS+JAina0qkYEFF7haycMjf9olhqLmTIC+6X7Ox9R2plaOhQARAQABiQIf -BBgBCgAJBQJWCZsEAhsMAAoJEGhKFM8lguDF8ZIP/1q9Sdz8oMvf9AJXZ7AYxm77 -V+kJzJqi62nZLWJnrFXDZJpU+LkYlb3fstsZ1rvBhnrEPSmFxoj72CP0RtcyX7wJ -dA7K1Fl9LpJi5H8300cC7UyG94MUYbrXijbLTbnFTfNr1tGx4a1T/7Yyxx/wZGrT -H/X8cvNybkl33SxDdlQQ9kx3lFOwC41e3TkGsUWxn3TCfvDh8VdA6Py6JeSPFGOb -MEO2/q7oUgvjfV+ivN5ayZi9bWgeqm1sgtmTHHQ4RqwwKrAb5ynXpn1b9QrkevgT -b91uzMA22Prl4DuzKiaMYDcZOQ3vtf0eFBP0GOSSgUKS4bQ3dGgi1JmQ7VuAM4uj -+Ug5TnGoLwclTwLksc7v89C5MMPgm2vVXvCUDzyzQA7bIHFeX+Rziby4nymec4Nr -eeXYNBJWrEp8XR7UNWmEgroXRoN1x9/6esh5pnoUXGAIWuKzSLQM70/wWxS67+v2 -aC1GNb+pXXAzYeIIiyLWaZwCSr8sWMvshFT9REk2+lnb6sAeJswQtfTUWI00mVqZ -dvI3Wys2h0IyIejuwetTUvGhr9VgpqiLLfGzGlt/y2sg27wdHzSJbMh0VrVAK26/ -BlvEwWDCFT0ZJUMG9Lvre25DD0ycbougLsRYjzmGb/3k3UktS3XTCxyBa/k3TPw3 -vqIHrEqk446nGPDqJPS5 -=9iF7 +mQINBGPIEycBEACpG4qSjhxA6fh4QJVJxFVBvCFt9tVx/hDbKH0Ryy9iilyMeReC +AS1/CZnSv/fhDNKmVPckf6on72z/ODwZcVfMV6DHkxmZ6x/tQrS6CWfKkupsON2H +KS3t4HUivahwHPlWtbfDqsWNwTAsZqklKpJQWY2ADPwurkbCmtYSjsgbLuWe23Pd +nJpLTHtlChM0ntW/l7Le1zYjGPUGoxMJgjg1YG8fi2l/zS0Of8bdQ26ps+WRvrSQ +RKhfAkfIgUiCXxBpDlN1spN73ZlAkaSb+myTfEKyJR55Yt9pHfkDdJh26RVgE1+N +GuLmm6oidaD9lTlNJ9P8wlLzoof3xJXYprgLLz/HmgtawnJ+DxFIXoXNNpUmhORJ +6Hb2Z5IKIyGIwXhQVe2Lw7B8awBNV99zUw517Wuax3RYx7Hwhntz9gFxS4GRxaCo +uLCFQ0AgDCkMHyEHufQo1XdjIB7fz6U551y5GMQw6/rjMnUM9ZI68SQ/FWou2cQf +533PyayvWOYQM4pP7ZmbzyCd393XlMaPWA5dyUOqv7Vcmv0IsAbncX6/KJmZAhKG +qu19xb6rv3ab2RbcU422guK3C/h/URPZJbSjf2w4jUV5UDe2veZg6BEVn7Sk5bW0 +ceX8n0GVbPNG7CvRduJPjXNzsz3FzmUS8QFFde3H5gl1T0f6GcfhmKgKEQARAQAB +tDdJbmZsdXhEYXRhIFBhY2thZ2UgU2lnbmluZyBLZXkgPHN1cHBvcnRAaW5mbHV4 +ZGF0YS5jb20+iQJVBBMBCAA/BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUJBaOk +/BYhBJ1TnZDTMo3H1sjTudj/jh99+LB+BQJjyB9PAhsDAAoJENj/jh99+LB+klgQ +AKOKdwTyKOr6+mnRrACz5U3EFxfAXXFGan9Ka7Nzgz4K+FOnTtT1gWwqrPPmTKQk +epNUMcelfX1kCA08yCm0nyw2niqxES40W33ergKUj6jlDx7UQYXWsDQGD9IKksa8 +MWfZlJ3zlrsGKXA4oa+kfY+vltWDVP8WhLcQzm2LywbKvr3WgY80GZbnRjoekiBK +oMKztQVMJG5yNZBo9B4JrqB3wMpnXZxEtqZcBPsJJdXTFKHsQ7kB9TMNorbUvDNH +ohwsprgMw84vHikEk9jyCypXpYq/E/wvkM0CeIUJ36S2vGvACib7BiY6Xv0BQbM4 +rWq2Rrjag1y5vVAF9gJkeo/3rhM6lE1ahDCRq0QcBMVzbxiE+3COIzRPmz14J3Yn +0pkvzlVkNj5UZR8q91ESl+UxkFCP1wzcXgs0dpJWirQIOZ9E2eYv3LcjE68xjW1k +c5q1GOGvJI7aXADxUZ4lFbz+NUb4Ts4HXHc8gV1Gm0vvmIqv2YfAvL5DXbKLdZxh +73CxKvBMmTXIEQ+vQJ3p1ZnUnb+l6DoxEFWg/hXHmE5jY3P6HIVFdliXF5FEs1lr +9snU2Pn1BDL+TBN7SX0QbKqArWA4qyn6eGH8Z1ULoUVBPCjwC9QuInp/9fqifFYo +OM3A51MDGyc/HCVG6jNJEI5h71QGHlPfyQybpjy7rQSe +=YwXc -----END PGP PUBLIC KEY BLOCK----- diff --git a/data/apt/files/gpg-keys/openhab.asc b/data/apt/files/gpg-keys/openhab.asc deleted file mode 100644 index 196e60e..0000000 --- a/data/apt/files/gpg-keys/openhab.asc +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFWz+OYBEACXcmKiL6ix1e4gJIWVoGMF7Hv0VOVKJgIUF/zJYBqk3sXQp/pi -JbIoODhrrIbEK33mqgy1EfzEmDhEurule59hq9HAQpOEz9hVbghhnsB8eXEQ9yJO -Wf8D8UGi2MKmqkvf7//jvdywNaQG/xhLu2xld7MxjuhswfiUWqoRFRpQoKY2QCe9 -n92qS0MGGK0B6WgapZZPT6AGyqKYtkCA5qUn7bcoEM2236nXhOAYHJh0o4qJ+cBk -BbSx8KEdrZxKQH50gB//gk/K2s+6CbYYOcJX6z3SLa3fxzlbyH9xQhpumAv/++2v -IIJbJHJicsmCKe/SQ7x5xVh90j6xA3oiYZIG78xWL0xnGCPhFws861dR2iON6CSp -+UKDciEQJH+Ew40la+DcHH7tzHlpZpCC1Jv7VBDkhziPrsscgOtYEwfhsq0Pyfpo -0IsyVDBUyj3Nne1NcKShd6+SYFz+gtXkttELi+DZmyA6onatw7LPGFHs8gOVKYBM -PzmERQ1DjlFW+Dc8FEQquYiquzmkyhJUXHVD1G8Mkic8jhccWbv3S7ePanvpgyZ3 -/KBAWk48/sym+zJTLWuJsCCNLI3K6gngexz1MMaRaPkbVK+4aboNLm6YhVlF5RCK -rTzIUAeB4dmu1k8Quqy/nYhYMokB9w5hiPwmGutjbpOntnrfqxvYy1EL1wARAQAB -tDBvcGVuSEFCIEJpbnRyYXkgUmVwb3NpdG9yaWVzIDxvd25lckBvcGVuaGFiLm9y -Zz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQTtt9AwTi/K -9infEWMHVyH2oiQGCgUCXTjCTAUJDwsFBgAKCRAHVyH2oiQGCmfMD/sGZickeBlA -+x8XxfzvwxTnW/8MCvFBa4l/GoK9bALylvekP4adk/aaySMk/zjk231mwmMuttnP -VDg6TwhxhthveAFdbJEkTNhWUqH0FzyN9QwEGfIodjkQSYWwosY+55V0uYp2zfo9 -iHOtxzXjuLnkpZZPyY33qqGruqhnbyo2J09oLNw4MIwOepNMihP5u0nudTXiDivg -eg8lx/4WIIfwDwCe1gSBnU/731B0TIruxz3cQabLgeTuKB13+ajtJGuH1qrHxMVx -CFhD8wCugNj0qcI6NS06SXwLSAFr+xIeFXWVum2okWt2nzPpn7ll/FUG+qRECipt -m1IaEbelUrcuk7dUY75Fz5Fx8S0HtYAcCYYBDnhcaSSq7sK0NklrVz+bQZsJx4hY -ebkiNI/xFM3slOYoRzGWawuVpG/y1/VM/QRPS4uUS5rnvbGLVpn3bR+03FQwZWeb -yfMNke74TlM9+aEJZb1uxYQGLDFNDVNyALtGhDDp0R/FuDR0my3va3GJnZrtUGVg -M5Xfs/ebsKZ+CuLKqlbdZ0zjLUCJoT+tGGT1VPpi83jc+4wZXynj9b9/CWHoDfaN -VKTj95R7c7IOMRH5srpHX3qSzIF2Yav395SxJNuTTxcPCZ+n2M8jhvVnn4x8sWn5 -Ms0cN2tKVmfIbLF/1JempVsifJmRkbqN+rkCDQRVs/jmARAAxrYK7y1WW/szELpQ -guGSJGIjLt3tNGHGLP3lX4G1DlbziysTx3fY+c+hzGAM8WInsABq5fOWqkiLfx3f -wlHdo7bxv3U+xWq+xV9OOx+tjJn2xI3EtZ632pOQtxj/+6Tdcf3tIwOSMKK5kpGw -DU1VoLkWMfJeq0md6TDRB49p82Q1UGTaVCCfHYpvwCyuv1FWhSQuPJJLdP0YRX2i -1L7zyJLUzjmlAmlNoSMSaoozNJoz/XKFOPoJ66Tu8j8j8W+yqcAKeRTPiZXCEjbh -3wgxrx3PWV77kOmtfb0sHyxRujdJvEUfixrSoi4qLrE8kCo2OR8d1C5DsMlbZzvF -kHWaNSkOtpWqEGD/+BLs6lejHvbBEvYSsQMF53yH8q1U+9+7CP9wwKKAtN7LQJcw -xUADv/UhSLA/ZZTisaeUVem9vZlnVfANSieYQvy6zWqvKF4FhBpQbVzSINWv/nzu -NR4gg3uJRMHUb4cyfy3mmJ7FwwF8oHQXU+mkILWmiwrMDbq0Mjc8FRL5Bg4iTwS5 -jDGLZ0g4xU0GYi22eAWPL0dpQpA8t5Ja7W+x+VASOtbpnMAJO94YZ4yXlDcDeNJD -uo2y0z+xjuloPrGK+AssCpOBxpBlcrAFRMx5+rpkHSlLtkQNPeBPwXlryafDZ2PA -QsLBxUmFphyBraakmdGP3mR9ThUAEQEAAYkCPAQYAQoAJgIbDBYhBO230DBOL8r2 -Kd8RYwdXIfaiJAYKBQJdOMOgBQkPDFfaAAoJEAdXIfaiJAYKDLgP/iuh/Kppaem/ -wsRs6ehuCyEVz7ZJsKeq9ZL3d0jQy0CaFQRSICucptBeb14rTvf/i5+eEQI7E/bJ -9dLm1mepVS8M3wyn9+pP+Loa7bajEAD5ap08F88q56s+U70HO30qRHxp2yD9ZU0A -joX8pAIS/YaMicm1EFYajpyls/Jcyp2JG2AavRsrQ3iHvGv5Fc2/09E76lwje/Yh -royPhCrVm0adk6sxLfmKNiXBpLb5gzHR81oo20zk0+qYg2pRcVvfd6PvOcsrO4tl -K8kUMyfYixVKJu59xtMdg5ff6qlBrmTXkxyGb0t7VlhnX4UKcVU//+6b0TnBmUaG -61CZ4CGD2VvUMXcM0ihYl85g7+O9u/P2u3mhLX3xEa+rM4XpzqajL+jpt3CGQLkp -TnKZ8g1k9l7UkrHvVs/tBTCPvOEstzMwq2tWNuCbJ7Y9oB6FDPZGM3oFe2ubu2OH -MFT3KmOhD2jhWCXyB1hK/LOmINGfdfulBsK2KLKtKoJMWu2QLyMLa91l3AhzbH+s -7gQY6iC9rTy9qfHGOLTPjrHfkmrBky+KiDx1KVOnQvPqloLbKhkq1KHv8TAonqGK -THbU4Eod0DmWw80Z2zX7jV3BJs9VmDhr5NzpaZCVlrKrL+vIXzFClCYWQQMwfHpO -Yyq3xLVDG/Zs7LmgSAiEITxRFTR4qg7k -=r37a ------END PGP PUBLIC KEY BLOCK----- diff --git a/data/backup/keys/home.openhab.key.vault b/data/backup/keys/home.hass.key.vault similarity index 100% rename from data/backup/keys/home.openhab.key.vault rename to data/backup/keys/home.hass.key.vault diff --git a/data/backup/keys/home.openhab.pub b/data/backup/keys/home.hass.pub similarity index 100% rename from data/backup/keys/home.openhab.pub rename to data/backup/keys/home.hass.pub diff --git a/data/backup/keys/ns-primary.key.vault b/data/backup/keys/ns-primary.key.vault new file mode 100644 index 0000000..52bb656 --- /dev/null +++ b/data/backup/keys/ns-primary.key.vault @@ -0,0 +1 @@ +encrypt$gAAAAABj1jTasX0XOFRWh7F0pxNgMoJIjrblvqOM8ohGVCsvVyMEQDiOmGaJCs9lW-lbeghlzRpiC8P7CNot6OOeNXBYWmxN_HgN3J2p6Q5-XoSJ62NUJWQNRNNENuiN1Yy0g0MREk4gVsNh8-VeoXuKgyLEXJQJI-SYLzl8faZoBnQGTK4FbTAiN6KSB4EbTPwxx-8dYp8kNIj4ipBjkQKNu-mXuVvdnf5fTUwTCQx6rz7yjlp7DOPuSJDASg5bE33dd8gt89grW5vBKeEnQsi7hpJCJF5vNfRay89IKfjf6UqxJHKCmS2tIWQ9Kz4Tv41MnNR0-jvnULq7TWcnqwo_SKb8JRLUA3dH2wLiOUu7aApYSkeSNiul2ILCtBPsjY_eWzqdd3tkpJBErOcFVe2mdjVRSIUOXTM_T3nNWCJgn5TxD4qbHklZoCaM6Ey9P_yQj-sSRGizgcDhGiqY8xJNmwbWz9IH5a_Fs6iRVhAh6VzSa1ZAKxcum87dj-KVA_SjG9hy7Dy28xK0D4NoSpYFOkEz4VHpa1tP0t8QJ2WtQiw-qjHFzokkIINEUKUPIBg6t_5oedJ24YMnyyzBZ2_uQ1HFVFjBx-7Iw73bTPNluVwXkobzEnrYFwDsEXGE6tR0HjbteNxj \ No newline at end of file diff --git a/data/backup/keys/ns-primary.pub b/data/backup/keys/ns-primary.pub new file mode 100644 index 0000000..442d8b9 --- /dev/null +++ b/data/backup/keys/ns-primary.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+FCn1sWP74+lVAyaXDpXxCCauh6LC2KEJmIMhDEYvJ kunsi@kunsi-p14s.kunbox.net diff --git a/data/powerdns/files/bind-zones/cybert-media.net b/data/powerdns/files/bind-zones/cybert-media.net deleted file mode 100644 index 9ce2544..0000000 --- a/data/powerdns/files/bind-zones/cybert-media.net +++ /dev/null @@ -1,9 +0,0 @@ -${header} - -$ORIGIN cybert-media.net. - -@ IN A 159.69.11.231 - IN AAAA 2a01:4f8:c2c:c410::1 - IN TXT "v=spf1 a ~all" - -www IN CNAME cybert-media.net. diff --git a/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org b/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org deleted file mode 100644 index 8633268..0000000 --- a/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org +++ /dev/null @@ -1,9 +0,0 @@ -${header} - -$ORIGIN die-brontosaurier-waren-es.org. - -; ends up on rx300.kunbox.net -@ IN A 31.47.232.106 - IN AAAA 2a00:f820:528::2 - IN MX 10 rx300.kunbox.net. - IN TXT "v=spf1 mx ~all" diff --git a/data/powerdns/files/bind-zones/emails.sexy b/data/powerdns/files/bind-zones/emails.sexy deleted file mode 100644 index c430731..0000000 --- a/data/powerdns/files/bind-zones/emails.sexy +++ /dev/null @@ -1,3 +0,0 @@ -${header} - -$ORIGIN emails.sexy. diff --git a/data/powerdns/files/bind-zones/eskalation.jetzt b/data/powerdns/files/bind-zones/eskalation.jetzt deleted file mode 100644 index fc09ecc..0000000 --- a/data/powerdns/files/bind-zones/eskalation.jetzt +++ /dev/null @@ -1,9 +0,0 @@ -${header} - -$ORIGIN eskalation.jetzt. - - -queere IN NS ns1.athena7.eu. -queere IN NS ns2.athena7.eu. -queere IN NS ns3.athena7.eu. -queere IN NS ns4.athena7.eu. diff --git a/data/powerdns/files/bind-zones/felix-kunsmann.de b/data/powerdns/files/bind-zones/felix-kunsmann.de deleted file mode 100644 index ea21366..0000000 --- a/data/powerdns/files/bind-zones/felix-kunsmann.de +++ /dev/null @@ -1,5 +0,0 @@ -${header} - -$ORIGIN felix-kunsmann.de. - -@ IN MX 10 rx300.kunbox.net. diff --git a/data/powerdns/files/bind-zones/flauschehorn.sexy b/data/powerdns/files/bind-zones/flauschehorn.sexy deleted file mode 100644 index accc22e..0000000 --- a/data/powerdns/files/bind-zones/flauschehorn.sexy +++ /dev/null @@ -1,15 +0,0 @@ -${header} - -$ORIGIN flauschehorn.sexy. - -@ IN A 5.189.140.103 - IN AAAA 2a02:c207:3002:8320:feed:f2c1:c0ff:ee - IN MX 10 rx300.kunbox.net. - IN TXT "v=spf1 mx ~all" - -_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" - -uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp" - "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" -) ; diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business deleted file mode 100644 index 0f17f37..0000000 --- a/data/powerdns/files/bind-zones/franzi.business +++ /dev/null @@ -1,43 +0,0 @@ -${header} - -$ORIGIN franzi.business. - -; ends up on rx300.kunbox.net -@ IN A 31.47.232.106 - IN AAAA 2a00:f820:528::2 - IN MX 10 rx300.kunbox.net. - IN TXT "v=spf1 mx a:sewfile.htz-cloud.kunbox.net ~all" - -chat IN CNAME rx300.kunbox.net. -dimension IN CNAME rx300.kunbox.net. -git IN CNAME rx300.kunbox.net. -jenkins IN CNAME rx300.kunbox.net. -matrix IN CNAME rx300.kunbox.net. -mta-sts IN CNAME rx300.kunbox.net. -netbox IN CNAME rx300.kunbox.net. -sewfile IN CNAME sewfile.htz-cloud.kunbox.net. -paste IN CNAME rx300.kunbox.net. -postfixadmin IN CNAME rx300.kunbox.net. -radicale IN CNAME rx300.kunbox.net. -rss IN CNAME rx300.kunbox.net. -status IN CNAME icinga2.ovh.kunbox.net. -tickets IN CNAME franzi-business.cname.pretix.eu. -travelynx IN CNAME rx300.kunbox.net. -wiki IN CNAME rx300.kunbox.net. -woodpecker IN CNAME rx300.kunbox.net. - -_matrix._tcp IN SRV 10 10 443 matrix - -_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" -_mta-sts IN TXT "v=STSv1;id=20201111;" -_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" -_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc" - -2019._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440" - "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" -) ; -uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp" - "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" -) ; diff --git a/data/powerdns/files/bind-zones/kunbox.net b/data/powerdns/files/bind-zones/kunbox.net index ba40c0b..25a0273 100644 --- a/data/powerdns/files/bind-zones/kunbox.net +++ b/data/powerdns/files/bind-zones/kunbox.net @@ -1,4 +1,14 @@ -${header} +$TTL 60 +@ IN SOA ns-primary.kunbox.net. hostmaster.kunbox.net. ( + ${SERIAL} + 3600 + 600 + 86400 + 300 + ) + + +${NAMESERVERS} $ORIGIN kunbox.net. @@ -10,6 +20,10 @@ $ORIGIN kunbox.net. IN MX 10 rx300 IN TXT "v=spf1 mx ~all" +; delegate acme stuff to psql-managed zone +_acme-challenge IN CNAME _acme-challenge.kunbox.net.le.kunbox.net. +_acme-challenge.home IN CNAME _acme-challenge.home.kunbox.net.le.kunbox.net. + ; Mail servers mta-sts IN CNAME rx300 diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu deleted file mode 100644 index ed4ff73..0000000 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ /dev/null @@ -1,31 +0,0 @@ -${header} - -$ORIGIN kunsmann.eu. - -; ends up on rx300.kunbox.net -@ IN A 31.47.232.106 - IN AAAA 2a00:f820:528::2 - IN MX 10 rx300.kunbox.net. - IN TXT "v=spf1 mx ~all" - -git IN CNAME rx300.kunbox.net. -grafana IN CNAME influxdb.htz-cloud.kunbox.net. -icinga IN CNAME icinga2.ovh.kunbox.net. -influxdb IN CNAME influxdb.htz-cloud.kunbox.net. -luther-ps IN CNAME luther.htz-cloud.kunbox.net. -mta-sts IN CNAME rx300.kunbox.net. -statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net. - -_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" -_mta-sts IN TXT "v=STSv1;id=20201111;" -_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" -_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg" - -2019._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440" - "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" -) ; -uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp" - "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" -) ; diff --git a/data/powerdns/files/bind-zones/trans-agenda.de b/data/powerdns/files/bind-zones/trans-agenda.de deleted file mode 100644 index 7da66d3..0000000 --- a/data/powerdns/files/bind-zones/trans-agenda.de +++ /dev/null @@ -1,4 +0,0 @@ -${header} - -$ORIGIN trans-agenda.de. - diff --git a/data/powerdns/files/bind-zones/trans-agenda.eu b/data/powerdns/files/bind-zones/trans-agenda.eu deleted file mode 100644 index 4c665ee..0000000 --- a/data/powerdns/files/bind-zones/trans-agenda.eu +++ /dev/null @@ -1,22 +0,0 @@ -${header} - -$ORIGIN trans-agenda.eu. - -@ IN MX 10 rx300.kunbox.net. - IN TXT "v=spf1 a mx ~all" - -mta-sts IN CNAME rx300.kunbox.net. - -_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" -_mta-sts IN TXT "v=STSv1;id=20201111;" -_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" -_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg" - -2019._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440" - "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" -) ; -uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp" - "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" -) ; diff --git a/data/powerdns/files/bind-zones/warnochwas.de b/data/powerdns/files/bind-zones/warnochwas.de deleted file mode 100644 index 2ff9e1f..0000000 --- a/data/powerdns/files/bind-zones/warnochwas.de +++ /dev/null @@ -1,3 +0,0 @@ -${header} - -$ORIGIN warnochwas.de. diff --git a/data/ssl/_.franzi.business.crt.pem b/data/ssl/_.franzi.business.crt.pem index 50d05c7..b55b2de 100644 --- a/data/ssl/_.franzi.business.crt.pem +++ b/data/ssl/_.franzi.business.crt.pem @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- -MIIEiTCCA3GgAwIBAgISBEiaFE6qZ3+AhUkmqKta5OSuMA0GCSqGSIb3DQEBCwUA +MIIEijCCA3KgAwIBAgISA8l+oC4pMh1Q/UNiEPuiw39OMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD -EwJSMzAeFw0yMjExMDYwNjA3MTZaFw0yMzAyMDQwNjA3MTVaMBoxGDAWBgNVBAMT -D2ZyYW56aS5idXNpbmVzczB2MBAGByqGSM49AgEGBSuBBAAiA2IABFdgHf2P15+0 -as3iN/M7itWsdWCtH35cGIf871AeU5OhB4JDNbb5aDsho9ga/vIsjpB1Xh3EhNvP -I3b8KT9JUUE/dIRaWvNp8OSKihiU72mXIIlmslVW2AeqwBGMU0L+46OCAl0wggJZ +EwJSMzAeFw0yMzAxMjkwNDM5NTFaFw0yMzA0MjkwNDM5NTBaMBoxGDAWBgNVBAMT +D2ZyYW56aS5idXNpbmVzczB2MBAGByqGSM49AgEGBSuBBAAiA2IABMlQ1P5Y0aZ5 +vUzB4TAP8iIuiO3GJnYhnKrbe/Lz3gf6Ct9bGM4JLY3RI9xcSmol3sNKdVmbHMRe +z63GW4twSnS517axo6jcT0YQkFVyhWHvLnpBW42M1FpjzaDCbs74zKOCAl4wggJa MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUsY9YAWIXWlFiQi/JImI6LFxrc6gwHwYD +DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURw5+tfBU0aOBqfN40kz43fUcjx4wHwYD VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0 dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5mcmFuemkuYnVzaW5l c3OCD2ZyYW56aS5idXNpbmVzczBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y -ZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALc++yTfnE26dfI5xbpY9Gxd/ELP -ep81xJ4dCYEl7bSZAAABhEvD10MAAAQDAEcwRQIhAM2BBzR9UWZNuK3+nk6AdaJL -1j8OvFPZnb+CJqdYtBe8AiAJM4kwOyZLzK/ZGXzwBJLjRTXs2hJZ4qXUzszhv/hs -+QB2AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhEvD2UYAAAQD -AEcwRQIgfMXcWDFe5IKe6n4D9t3zpecF7wCIje8pBd4WQ3OfxM4CIQDpGTCU2pUI -Hfwkq+6a2j6Lh3baERBbrfnGDF2AOjjelzANBgkqhkiG9w0BAQsFAAOCAQEAMGiD -9uo+WVO+p/HFA+bHM/1ZaTDBONP72YHPx0tdFvQAPQ59n8n6KsE2w9cioNHiRYVv -WhoHjWXtzsCiJzNvc4wuTCxJkBtfSAvsOGqGMQJ+cQym+aSBKqSKvKsIQQjOmz/p -sere5gqTkhuCfnbF8AL7JqDFld4knlbzzsdhj0SjcAO4OUA8SdHdGq192hVRB+nL -IFb6Ax4jD/fQ19j+uL+F1MgMmwUkVF77X279FGlax9PGpmQ47aLj5w7qDpZxfHf9 -Z2nq14Bk6USZcz9hR+gq38lvo6aU/0MvPey9QiIzLg78K0gEQ1o3qoUIl+9erSLR -ssU+fmyZoeNBV6q8xw== +ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AHoyjFTYty22IOo44FIe6YQWcDIT +hU070ivBOlejUutSAAABhfwJ/TEAAAQDAEgwRgIhAINjOWzyMeYZYFNk5cdghSwA +JDuxKo8/ubIlsAV9ymJWAiEAuVZjp2GQ0RmFyGVDiF865uC4lTtzMIwmpgwYiBqg +DQsAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYX8Cf1OAAAE +AwBHMEUCIGoeOIHC8O+zj/3E89BHv+9siaKSOy/2I6i53V5faX3EAiEAsk/Lhr/0 +NpogdjroYqt1sKvTzmO0BrxWJ5a41JQdtX0wDQYJKoZIhvcNAQELBQADggEBAIM4 +moszjbZGKjaoCtsj5t7Dtxu/JmE9gOnwfxnUrDKn0T00dKQi8Mk6a4C5vdGnxorO +lj8VutznRvp1RKxb6WWyk0iW22rLm+kTudf/vf9lY0X7DmD/u3MO2tGumwjMdLRT +QgxP+yu8R03ZppnuzYZhERAbY6AuC/U+owiYjNfF4v1Eyn4zxe6L2v0UWGnBWObb +xv5RbhHFezr676GaLIrcVh0rN6YNK2J1Cei2pNtAVSLiSJvuuO5Qq1KE7wQqbGd+ +lqK2tcEZRtzaFrpW7C0ZW7LpgO8zdeN4BtD25ozhGJO/0H5hhKpQ/wtWqXYKkhC/ +G47QSheqKqJnHOCL0hA= -----END CERTIFICATE----- diff --git a/data/ssl/_.franzi.business.key.pem.vault b/data/ssl/_.franzi.business.key.pem.vault index 60ada7b..9a5202f 100644 --- a/data/ssl/_.franzi.business.key.pem.vault +++ b/data/ssl/_.franzi.business.key.pem.vault @@ -1 +1 @@ -encrypt$gAAAAABjZ10m0BnUbl5777KN6VHf6uAdtcs15-osbqRoQq6epRuWllD-ziy_2N7BrOkRcmfSJaB8zZ1l1bLD6ws3SlI7jvbkahvWnuKinkGiE30SGGjqr6MY_NJGawdox8OJWrsWLFYJJjrePl_mmVtx9G41oBreKizj1YPswzbzsFociJ0zF0xlx99sjjLxRB5PEaI3fwK1eXDmODGZ__dwKxINGSB2zxPb10Vwtnsp3cmaUiKh1TfIghQAm523cAuHPys1-tNXuJpvhPY3tIxB5gHZYiBXMzcS64mD1KqEubsnplxQlK-N_mJ7Q6n0xReG00pqvm5twRI5g7PoHYLH7nZI7KYOSI2XMAS7gP6Uy-H60BQKAHXuX4yutznVRJspv0wa4kfW9vcBfFECBhFeC8tAAkgAc-NvAsDYk6tYSi2k3N2zXsiyHy0NL-JMnUEicQT3YZNnfkoYqjuxwFbQvgtZZun38w== \ No newline at end of file +encrypt$gAAAAABj1gankGocRRCdH6WqCUFJ6UtA1f07KpXYh4KcelenJv0ZbQ98f2nwIk29iXWEIsS9FTiRyEG95u_Lmm_p7GbKCMDSIZfZgAC2I3tp_BxZPerhEkwxTT_BjEYHRjMDFrzwoAypTO1Mj_XiT_CYvAZptHI3MZcI9QwPVw-CMJ4KqzG-IztkW8KVnuM7agiBdUt4IYkLyeZ0IoL4nOIWANtdM-y4rILv6N7WIMw6dgsSvLPEQR-PYdNLq866IR0-yFGOfYcQKOvpBqAt6A69E6JxSm3AakaJaS75QYF2lzGVjTfrFoGz60LUjC60KuTsu3dUckGUm7JEq1BSMxvc5b_a6pCazvoAnM0gbtbM_DjL0phLj7VWZEg-_1CHfc2S0-UxbxBjLKJ3NPPs93_En5RWxqxkhvvZgxzWJqQWP2eBprge8Q_EEXkMbxumVVx9Ymdynlw2AgkQhVVJIu_vnsZ4Uc8vIA== \ No newline at end of file diff --git a/data/ssl/_.home.kunbox.net.crt.pem b/data/ssl/_.home.kunbox.net.crt.pem index 317b57b..7449694 100644 --- a/data/ssl/_.home.kunbox.net.crt.pem +++ b/data/ssl/_.home.kunbox.net.crt.pem @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- -MIIEijCCA3KgAwIBAgISA7oUZzeuZgmxMvP1zm5RtCGYMA0GCSqGSIb3DQEBCwUA +MIIEijCCA3KgAwIBAgISA28YyqkbxYen4u/lcNEqBY7lMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD -EwJSMzAeFw0yMjExMDYwNjA3MTdaFw0yMzAyMDQwNjA3MTZaMBoxGDAWBgNVBAMT -D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABDcmJYSIKimG -w9hUy0guhMoubPJ+QcSioL4TjuqKmgVCXXEHzkGuaCQTwRX7BiHOyH+3nqcm7N1x -qF5rucOxJoKgGW40ZjemdWAVDGYm3euEU0Td0V+L6z/L/cWe25YwoKOCAl4wggJa +EwJSMzAeFw0yMzAxMjkwOTE0MjZaFw0yMzA0MjkwOTE0MjVaMBoxGDAWBgNVBAMT +D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABCsS8YhWoIvn +yMOjY8LtjQ8+Pa58DBckQ1lnktMo1T3bfwxMxTGH+iYdOT4kHWOen6aNzdXqrerA +YjTN/MRBCR8tMZglzmshUG7qpzI/s89QSL6+KoCV5Pl0mEWLSvrLFKOCAl4wggJa MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJkY/Eq6HUOrPZyW+Y+4/uiG0/8swHwYD +DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtCIXQGA7PP7mGdMLuN3nYsynu4wwHwYD VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0 dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5u ZXSCD2hvbWUua3VuYm94Lm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y -ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AK33vvp8/xDIi509nB4+GGq0Zyld -z7EMJMqFhjTr3IKKAAABhEvD2XwAAAQDAEgwRgIhAMzxM2rXgjZDrPm6jKHUS4u3 -BxokYdBgO63klZ5iuEyLAiEAinyT+YKDotIyWcUHvl0tpANYq+XlJaELvg7aCcwj -3MgAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYRLw9tCAAAE -AwBHMEUCIQDTNayLb2lW5oNnj1bJaqbcOnjOktsPSYUGaokd6iBeUQIgOak7kR7e -rAvW3CwA1QSZgqRHLn86UFfGc0pVHNDb3e4wDQYJKoZIhvcNAQELBQADggEBABdr -R6NgzfgNT2WVTpZOpgLEPO58WKBEofMtVTRDjDKinSvDUFRhJAEjoXKxZXtEG+yH -VhGGLcmh+6mn8+8yz1qEngA3uGiHS533aOUbP3cCbfqRCeuKMS+5ojjOlKb3xZj4 -uRGvxw90wY3RYwn8k3/beEs+TaNnFU+NtBwScy+/8aRHG5rBQjdBWZHpcB4/wT0V -cLakTharwRHVw11GFlEk60k2JMEtCLkBjKq/CpbusQZHd1uVyzhWC802lWRqY4nq -YTO3Z8FNRGOaHVcydX6wMlQg/t+1hYgCC6HWhuOf8AOr+kkg4zSdv0YvAYuOzY8X -sc1/2y3z9deYm4qHw/w= +ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELP +ep81xJ4dCYEl7bSZAAABhf0FYYAAAAQDAEcwRQIgLCh9130fH81/vY6Ps7inMh3l +GEM8GPiDEHk68oq2R9wCIQCnHdc9Seo+qTRnc6DcoKvyC9azNFEZBiikMgoIJkyq +6gB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhf0FYZgAAAQD +AEgwRgIhAM3M2KLdUfIiqVgaMqIH1ust2lUjR10gwN8juONeXZoMAiEA2KArQKYG +GbhN/dWqht+So4Ni3/K5Vwcfb91ewthPR6swDQYJKoZIhvcNAQELBQADggEBALhs +LaBZ27UoZOqukblSD8EyoLnJ3Cplg1r3J9+e4QNzySjsDpYr/w+Y4mUT/nGAGgGL +4b1cHD57XnQB1yvB3Dv9aowg+Udo4eTNY41FMgouYhYFowi5gWYoQhpIFOpwvd0v +Cmrl4PPta2Ytbg/FMNxOt47E0sUL2zASMCKTKcPsIpcpEG7w8jBGcCX7e3NCG36z +K4jZqW3Pd3BZe1e7ywUyF/SSw38Pv1rFbBxuSh+kDjQfcOWN75oOyyKgcLsGBxfy +850WclzgMTnRRlZGaiUTVQ7uPkB44DIhTT6afxPMDKrtRLkd5LHownE3NPUTyfDx +cK9weiaIniziAnEjUr4= -----END CERTIFICATE----- diff --git a/data/ssl/_.home.kunbox.net.key.pem.vault b/data/ssl/_.home.kunbox.net.key.pem.vault index 6dd0aa4..f3cc906 100644 --- a/data/ssl/_.home.kunbox.net.key.pem.vault +++ b/data/ssl/_.home.kunbox.net.key.pem.vault @@ -1 +1 @@ -encrypt$gAAAAABjZ10mtywN2Tx7b0-sZywDVcNo5gQbnzjwlMjQPktMwmRBwGMbQVcwuGhhopu5vd4Ztw8aGO5lf-SQmLWgdpR4aIrPNx1Iu4urF2LMV-BMLSgmF85ADQzlbiBvrzGAnIoVUjwXYyGj1Wst4feWMKBDc_kThinYhSplMZ_yjEbMj0eMGRzjSclkvAm24KWi7l_LQAklRELuQQyopHDo47AxehNI-nvLfO0FfXZJpkdrMV1V8lSqyXwBSW3McJKH8bbmVEX8qq-mNntBNpe3n5V2ninj72aC0D572hfMp-jKC6xccf-CqnmX1qaWGGj1yiFDdBxfOSU-kO6204BVtfspMtkI75YAYE_7aA-GUiHfXaNHvDhf2uMb8ssbJUdvGS_oLx1qnKiyeyJ6RRhl71xxXjNEo0hPYYY1BGj6hjq30R8aGknkQNCjyCD87Sc7qh95KpMmY4d82xI70xeS4mk8hEgCow== \ No newline at end of file +encrypt$gAAAAABj1kcBpq8c_Ez3JkYJIB0evClkcblewwzBEbl4rfcd-3Z2xFlQ8OggIxGdlLGWjIN_ZBaENvXcqy4ZYlwpXgqrZJpBao8WyovZiKLK759r8qVRjbIBvHnH90t_JZ3-MydlpD1mUzHUy5oQq5Qn8jLoRTzHE2TM8VyhaBkMVQ9gacHdqNGW6dsvCRzXCQM1CNqs8pyc8nQxdARjv_FGwSeZlCxcYPSLEBeE-Hf-wJyVWnG7oyq9XKUyI8NWLPQNwWUjzMgKwumtDh21goRsSRAtLLFmqE_iU1IyZYwNh4J3SBMZKBl0fATtHXhnW1_k-RA1-l54PFMTR0KgS-uxYtqZ1Az0t1KEfEvyzfHAQLJ8RIwOOVtPNUvhSiMHr3jG0WpxymilOLfjFpnCZ8E_CA6L8hmytXEBfoM4ZHMCWzOIe_9tIKcMS146NOzaPnCXpKFganNuvV_S7zEn33zv-jYEHD4d8A== \ No newline at end of file diff --git a/groups/features.py b/groups/features.py index 4605270..54a58a7 100644 --- a/groups/features.py +++ b/groups/features.py @@ -12,10 +12,6 @@ groups['dns'] = { }, 'metadata': { 'powerdns': { - 'features': { - 'bind': True, - 'pgsql': True, - }, # Overridden in node metadata for primary server 'is_secondary': True, }, diff --git a/groups/os.py b/groups/os.py index 4fa97f7..a1f3b72 100644 --- a/groups/os.py +++ b/groups/os.py @@ -71,7 +71,6 @@ groups['debian'] = { 'bundles': { 'apt', 'backup-client', - 'molly-guard', }, 'os': 'debian', 'pip_command': 'pip3', diff --git a/hooks/test_backup_metadata.py b/hooks/test_backup_metadata.py index 4937989..c8498eb 100644 --- a/hooks/test_backup_metadata.py +++ b/hooks/test_backup_metadata.py @@ -2,6 +2,7 @@ from bundlewrap.exceptions import BundleError from bundlewrap.utils.text import bold, green, yellow from bundlewrap.utils.ui import io + def test_node(repo, node, **kwargs): if not node.has_bundle('backup-client'): return diff --git a/hooks/test_metadata_dashes_vs_underscores.py b/hooks/test_metadata_dashes_vs_underscores.py index 698ab56..b7c7419 100644 --- a/hooks/test_metadata_dashes_vs_underscores.py +++ b/hooks/test_metadata_dashes_vs_underscores.py @@ -4,6 +4,7 @@ from bundlewrap.exceptions import BundleError from bundlewrap.utils.text import bold, green from bundlewrap.utils.ui import io + def test_underscore_vs_dash(node, metadata, path=[]): for k, v in metadata.items(): if not isinstance(k, str): diff --git a/libs/faults.py b/libs/faults.py index ad3735c..91d8b2f 100644 --- a/libs/faults.py +++ b/libs/faults.py @@ -1,4 +1,4 @@ -from json import loads, dumps +from json import dumps, loads from bundlewrap.metadata import metadata_to_json from bundlewrap.utils import Fault diff --git a/libs/firewall.py b/libs/firewall.py index 68b852d..b343824 100644 --- a/libs/firewall.py +++ b/libs/firewall.py @@ -1,5 +1,5 @@ +from ipaddress import IPv4Network, ip_network from os.path import abspath, dirname, join -from ipaddress import ip_network, IPv4Network REPO_PATH = dirname(dirname(abspath(__file__))) diff --git a/libs/keys.py b/libs/keys.py index 1565fee..4db382b 100644 --- a/libs/keys.py +++ b/libs/keys.py @@ -1,8 +1,11 @@ import base64 -from nacl.public import PrivateKey + from nacl.encoding import Base64Encoder +from nacl.public import PrivateKey + from bundlewrap.utils import Fault + def gen_privkey(repo, identifier): return repo.vault.random_bytes_as_base64_for(identifier) diff --git a/libs/tools.py b/libs/tools.py index 8e225a5..40afde2 100644 --- a/libs/tools.py +++ b/libs/tools.py @@ -1,9 +1,10 @@ -from ipaddress import ip_address, ip_network, IPv4Address, IPv4Network +from ipaddress import IPv4Address, IPv4Network, ip_address, ip_network -from bundlewrap.exceptions import NoSuchGroup, NoSuchNode, BundleError +from bundlewrap.exceptions import BundleError, NoSuchGroup, NoSuchNode from bundlewrap.utils.text import bold, red from bundlewrap.utils.ui import io + def resolve_identifier(repo, identifier): """ Try to resolve an identifier (group or node). Return a set of ip diff --git a/nodes.py b/nodes.py index 75e6f1f..b9110ad 100644 --- a/nodes.py +++ b/nodes.py @@ -3,6 +3,7 @@ from os.path import join from pathlib import Path import bwpass + from bundlewrap.metadata import atomic from bundlewrap.utils import error_context diff --git a/nodes/entropia-jira.toml b/nodes/entropia-jira.toml index d648b3a..84af119 100644 --- a/nodes/entropia-jira.toml +++ b/nodes/entropia-jira.toml @@ -5,13 +5,18 @@ dummy = true period = "daytime" pretty_name = "ticket.gulas.ch" -[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"] +[metadata.icinga2_api.nginx.services."NGINX VHOST ticket-redirect CERTIFICATE"] check_command = "check_https_cert_at_url" "vars.domain" = "ticket.gulas.ch" "vars.notification.mail" = true +[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"] +check_command = "check_https_cert_at_url" +"vars.domain" = "jira.gulas.ch" +"vars.notification.mail" = true + [metadata.icinga2_api.nginx.services."NGINX VHOST jira CONTENT"] check_command = "check_http_wget" "vars.http_wget_contains" = "login.jsp" -"vars.http_wget_url" = "https://ticket.gulas.ch/secure/Dashboard.jspa" +"vars.http_wget_url" = "https://jira.gulas.ch/secure/Dashboard.jspa" "vars.notification.sms" = true diff --git a/nodes/fkusei-locutus.py b/nodes/fkusei-locutus.py index 7340a46..397e851 100644 --- a/nodes/fkusei-locutus.py +++ b/nodes/fkusei-locutus.py @@ -76,18 +76,12 @@ nodes['fkusei-locutus'] = { # video drivers 'xf86-video-intel': {}, - # for i3pystatus - 'iw': {}, - 'wireless_tools': {}, - # all that other random stuff one needs 'apachedirectorystudio': {}, 'direnv': {}, 'freerdp': {}, - 'mosquitto': {}, 'sdl_ttf': {}, # for compiling testcard 'thermald': {}, - 'virt-manager': {}, }, }, 'systemd-boot': { diff --git a/nodes/gce/bind01.py b/nodes/gce/bind01.py index 3dce25c..7239082 100644 --- a/nodes/gce/bind01.py +++ b/nodes/gce/bind01.py @@ -3,19 +3,12 @@ nodes['gce.bind01'] = { 'hostname': '34.89.208.78', - 'bundles': { - 'nodejs', - 'powerdnsadmin', - }, 'groups': { - 'debian-buster', + 'debian-bullseye', 'dns', - 'webserver', }, 'metadata': { 'backups': { - # This is the primary DNS server. However, we only use - # replication for DynDNS, currently. No need for backups here. 'exclude_from_backups': True, }, 'interfaces': { @@ -30,30 +23,12 @@ nodes['gce.bind01'] = { 'icinga_options': { 'pretty_name': 'ns-1.kunbox.net', }, - 'nginx': { - 'vhosts': { - 'ns-1.kunbox.net': { - 'locations': { - '/': { - 'target': 'http://127.0.0.1:8000/', - }, - }, - 'website_check_path': '/login', - 'website_check_string': 'PowerDNS', - }, - }, - }, 'postgresql': { - 'version': '11', + 'version': '15', }, 'powerdns': { - 'is_secondary': False, - 'secondary_nameservers': 'dns', 'my_hostname': 'ns-1.kunbox.net', }, - 'powerdnsadmin': { - 'version': 'v0.3.0', - }, 'vm': { 'cpu': 1, 'ram': 1, diff --git a/nodes/gce/dns02.py b/nodes/gce/dns02.py index def2765..7eb1253 100644 --- a/nodes/gce/dns02.py +++ b/nodes/gce/dns02.py @@ -5,7 +5,7 @@ nodes['gce.dns02'] = { 'hostname': '35.187.109.249', 'bundles': set(), 'groups': { - 'debian-buster', + 'debian-bullseye', 'dns', }, 'metadata': { @@ -25,7 +25,7 @@ nodes['gce.dns02'] = { 'exclude_from_backups': True, }, 'postgresql': { - 'version': '11', + 'version': '15', }, 'powerdns': { 'my_hostname': 'ns-2.kunbox.net', diff --git a/nodes/gce/dns03.py b/nodes/gce/dns03.py index fb23f27..14a87d7 100644 --- a/nodes/gce/dns03.py +++ b/nodes/gce/dns03.py @@ -5,7 +5,7 @@ nodes['gce.dns03'] = { 'hostname': '35.228.143.71', 'bundles': set(), 'groups': { - 'debian-buster', + 'debian-bullseye', 'dns', }, 'metadata': { @@ -25,7 +25,7 @@ nodes['gce.dns03'] = { 'exclude_from_backups': True, }, 'postgresql': { - 'version': '11', + 'version': '15', }, 'powerdns': { 'my_hostname': 'ns-3.kunbox.net', diff --git a/nodes/home.hass.toml b/nodes/home.hass.toml index b451d32..643a7a5 100644 --- a/nodes/home.hass.toml +++ b/nodes/home.hass.toml @@ -5,9 +5,6 @@ bundles = [ ] groups = ["debian-bullseye"] -[metadata.backups] -exclude_from_backups = true - [metadata.interfaces.enp1s0] ips = ["172.19.138.25/24"] gateway4 = "172.19.138.1" diff --git a/nodes/home.openhab.toml b/nodes/home.openhab.toml deleted file mode 100644 index a2c0656..0000000 --- a/nodes/home.openhab.toml +++ /dev/null @@ -1,21 +0,0 @@ -hostname = "172.19.138.21" -bundles = ["nginx", "openhab"] -groups = ["debian-bullseye"] - -[metadata.interfaces.enp1s0] -ips = ["172.19.138.21/24"] -gateway4 = "172.19.138.1" -ipv6_accept_ra = true - -[metadata.nginx.vhosts.openhab] -ssl = "_.home.kunbox.net" - -[metadata.openhab] -domain = "openhab.home.kunbox.net" - -[metadata.openhab.java_opts] -"user.timezone" = "Europe/Berlin" - -[metadata.vm] -cpu = 2 -ram = 2 diff --git a/nodes/home.wled-wohnzimmer.toml b/nodes/home.wled-wohnzimmer.toml index 42b7212..c032230 100644 --- a/nodes/home.wled-wohnzimmer.toml +++ b/nodes/home.wled-wohnzimmer.toml @@ -3,7 +3,7 @@ dummy = true [metadata.interfaces.default] ips = ["172.19.138.70"] dhcp = true -mac = "3c:61:05:d0:ba:1a" +mac = "3c:61:05:d0:f2:b9" [metadata.icinga_options] exclude_from_monitoring = true diff --git a/nodes/home/router.py b/nodes/home/router.py index d033c1c..d7a7d20 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -133,13 +133,13 @@ nodes['home.router'] = { 'interface': 'enp1s0.100', 'dyndns': { 'domain': 'franzi-home.kunbox.net', - 'url': 'https://ns-1.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}', + 'url': 'https://ns-primary.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}', 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='), 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), }, 'nftables-rules.d': { - 'inet filter forward iif enp1s0.23 oif $INTERFACE accept', - 'inet filter forward iif enp1s0.42 accept', + 'inet filter forward iifname enp1s0.23 oif $INTERFACE accept', + 'inet filter forward iifname enp1s0.42 accept', }, }, 'unbound': { diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 633567a..5fdc86c 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -62,7 +62,7 @@ nodes['htz-cloud.miniserver'] = { }, 'element-web': { 'url': 'chat.sophies-kitchen.eu', - 'version': 'v1.11.17', + 'version': 'v1.11.23', 'config': { 'default_server_config': { 'm.homeserver': { @@ -134,8 +134,8 @@ nodes['htz-cloud.miniserver'] = { }, }, 'matrix-media-repo': { - 'version': 'v1.2.12', - 'sha1': 'c2dfa521c2eea9a0dcde9f1c7803f52ce6d0352e', + 'version': 'v1.2.13', + 'sha1': '0915bdf7c461368859180419d1f66717969cbe32', 'homeservers': { 'sophies-kitchen.eu': { 'domain': 'http://[::1]:20080/', diff --git a/nodes/kunsi-p14s.py b/nodes/kunsi-p14s.py index 8952f4d..3174722 100644 --- a/nodes/kunsi-p14s.py +++ b/nodes/kunsi-p14s.py @@ -96,25 +96,15 @@ nodes['kunsi-p14s'] = { 'mesa-vdpau': {}, 'xf86-video-amdgpu': {}, - # for i3pystatus - 'iw': {}, - 'wireless_tools': {}, - # all that other random stuff one needs 'abcde': {}, 'apachedirectorystudio': {}, 'claws-mail': {}, 'claws-mail-themes': {}, 'ferdi-bin': {}, - 'ffmpeg': {}, 'gumbo-parser': {}, # for claws litehtml - 'imagemagick': {}, - 'inkscape': {}, - 'mosquitto': {}, 'perl-musicbrainz-discid': {}, # for abcde 'perl-webservice-musicbrainz': {}, # for abcde - 'samba': {}, - 'xf86-input-wacom': {}, }, }, 'sysctl': { diff --git a/nodes/ns-primary.toml b/nodes/ns-primary.toml new file mode 100644 index 0000000..885b1f2 --- /dev/null +++ b/nodes/ns-primary.toml @@ -0,0 +1,43 @@ +hostname = "82.165.52.168" +bundles = [ + "nodejs", + "powerdnsadmin", +] +groups = [ + "debian-bullseye", + "dns", + "webserver", +] + +[metadata.interfaces.ens192] +ips = [ + "82.165.52.168", + "2001:8d8:1801:7d4::1/64", +] +gateway4 = "10.255.255.1" +gateway6 = "fe80::250:56ff:fea8:628f" + +[metadata.icinga_options] +pretty_name = "ns-primary.kunbox.net" + +[metadata.nginx.vhosts."ns-primary.kunbox.net"] +website_check_path = "/login" +website_check_string = "PowerDNS" + +[metadata.nginx.vhosts."ns-primary.kunbox.net".locations."/"] +target = "http://127.0.0.1:8000/" + +[metadata.postgresql] +version = "15" + +[metadata.powerdns] +is_secondary = false +secondary_nameservers = "dns" +features.bind = true + +[metadata.powerdnsadmin] +version = "v0.3.0" + +[metadata.vm] +cpu = 2 +ram = 2 diff --git a/nodes/rx300.py b/nodes/rx300.py index 7900321..eea38a1 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -105,7 +105,7 @@ nodes['rx300'] = { }, 'element-web': { 'url': 'chat.franzi.business', - 'version': 'v1.11.17', + 'version': 'v1.11.23', 'config': { 'default_server_config': { 'm.homeserver': { @@ -128,8 +128,8 @@ nodes['rx300'] = { }, }, 'gitea': { - 'version': '1.17.3', - 'sha1': 'a78611a3e799150fbae3d45d2bd276d95ccffcd8', + 'url': 'https://codeberg.org/attachments/be5952ea-6cfb-4be5-a593-3564c4bd8cc9', + 'sha1': '0bcf3d6d6541a46571802d9e9276056ff860841e', 'domain': 'git.franzi.business', 'email_domain_blocklist': { 'aol.com', @@ -197,8 +197,8 @@ nodes['rx300'] = { }, }, 'matrix-media-repo': { - 'version': 'v1.2.12', - 'sha1': 'c2dfa521c2eea9a0dcde9f1c7803f52ce6d0352e', + 'version': 'v1.2.13', + 'sha1': '0915bdf7c461368859180419d1f66717969cbe32', 'homeservers': { 'franzi.business': { 'domain': 'http://[::1]:20080/', @@ -268,8 +268,8 @@ nodes['rx300'] = { }, }, 'mautrix-whatsapp': { - 'version': 'v0.8.0', - 'sha1': '4e561a96c8fae61edd8dee9abdd52b5146fa98b2', + 'version': 'v0.8.2', + 'sha1': '31779131b0524e84f980a7e3b5a818150833470d', 'homeserver': { 'domain': 'franzi.business', 'url': 'https://matrix.franzi.business', @@ -306,7 +306,7 @@ nodes['rx300'] = { }, 'netbox': { 'domain': 'netbox.franzi.business', - 'version': 'v3.4.1', + 'version': 'v3.4.4', 'changelog_retention_days': 360, 'admins': { 'kunsi': 'hostmaster@kunbox.net', @@ -327,7 +327,7 @@ nodes['rx300'] = { }, 'vhosts': { 'element-web': {'ssl': '_.franzi.business'}, - 'gitea': {'ssl': '_.franzi.business'}, + 'forgejo': {'ssl': '_.franzi.business'}, 'jenkins-ci': {'ssl': '_.franzi.business'}, 'matrix-dimension': {'ssl': '_.franzi.business'}, 'matrix-synapse': {'ssl': '_.franzi.business'}, @@ -450,6 +450,7 @@ nodes['rx300'] = { }, 'postgresql': { 'version': '13', + 'max_connections': 500, }, 'radicale': { 'domain': 'radicale.franzi.business', @@ -523,7 +524,7 @@ nodes['rx300'] = { }, }, 'travelynx': { - 'version': '1.23.12', + 'version': '1.29.4', 'mail_from': 'travelynx@franzi.business', 'domain': 'travelynx.franzi.business', }, diff --git a/scripts/encrypt_file b/scripts/encrypt_file index 8fa272e..430aac0 100755 --- a/scripts/encrypt_file +++ b/scripts/encrypt_file @@ -5,7 +5,6 @@ from sys import argv from bundlewrap.repo import Repository - path = environ.get('BW_REPO_PATH', '.') repo = Repository(path) diff --git a/scripts/letsencrypt-wildcard b/scripts/letsencrypt-wildcard index 98eca7a..3d90231 100755 --- a/scripts/letsencrypt-wildcard +++ b/scripts/letsencrypt-wildcard @@ -39,7 +39,7 @@ then echo echo You must now provide this DNS record: - echo "$(tput bold)_acme-challenge.$domain. IN TXT $token_value$(tput sgr0)" + echo "$(tput bold)_acme-challenge.$domain IN TXT $token_value$(tput sgr0)" echo echo "Hit ENTER once it's available." read diff --git a/scripts/list-all-ips b/scripts/list-all-ips index f5f2bc5..04a05ea 100755 --- a/scripts/list-all-ips +++ b/scripts/list-all-ips @@ -5,7 +5,6 @@ from sys import argv from bundlewrap.repo import Repository from bundlewrap.utils.dicts import merge_dict - path = environ.get('BW_REPO_PATH', '.') repo = Repository(path) diff --git a/scripts/passwords-for b/scripts/passwords-for index 3aa0d53..c12fa7b 100755 --- a/scripts/passwords-for +++ b/scripts/passwords-for @@ -2,10 +2,9 @@ from os import environ from sys import argv +from bundlewrap.exceptions import FaultUnavailable from bundlewrap.repo import Repository from bundlewrap.utils import Fault -from bundlewrap.exceptions import FaultUnavailable - path = environ.get('BW_REPO_PATH', '.') repo = Repository(path)