Compare commits
70 commits
2914f463ff
...
d282d77a99
| Author | SHA1 | Date | |
|---|---|---|---|
d282d77a99
|
|||
|
cb4d28c994
|
|||
|
071250d798
|
|||
|
efdff6ef28
|
|||
|
d2caadb41b
|
|||
|
9b44bcf3a8
|
|||
|
24f9f87734
|
|||
|
019cc69371
|
|||
|
eee786fabf
|
|||
|
c2e93c0abb
|
|||
|
cc767867cf
|
|||
|
6cb56ab2ec
|
|||
|
5c4fc37a37
|
|||
|
68d51450fd
|
|||
|
d57844928d
|
|||
|
4975562fbc
|
|||
|
25e03582b0
|
|||
|
b49dc56c33
|
|||
|
4122a7ccf8
|
|||
|
429bc2a7c6
|
|||
|
6f9fb78d4e
|
|||
|
bb1b430d16
|
|||
|
1906e7c256
|
|||
|
7dcad0d584
|
|||
|
077b25f67e
|
|||
|
527181bba8
|
|||
|
53e189c644
|
|||
|
eeceebfd23
|
|||
|
7bd8237876
|
|||
|
55bebda4d4
|
|||
|
ef16a2d081
|
|||
|
264ea3e8a7
|
|||
|
109914c039
|
|||
|
8df4441028
|
|||
|
733e4bf0e5
|
|||
|
6cec7e2c9c
|
|||
|
f6b0c587d0
|
|||
|
a8e2e6b5ad
|
|||
|
17aee0f6bb
|
|||
|
a3218ac41f
|
|||
|
932fd9e994
|
|||
|
2e6e6b663e
|
|||
|
74d44535a8
|
|||
|
cb2b01a2b4
|
|||
|
9684e94e4d
|
|||
|
c93a4d0a99
|
|||
|
31e614ab3b
|
|||
|
60585a3716
|
|||
|
c717e86f70
|
|||
|
ff8928dd0b
|
|||
|
ba97cd432f
|
|||
|
f45a759a43
|
|||
|
b4b3fec8a7
|
|||
|
1899dfc278
|
|||
|
d8aa1e80d0
|
|||
|
e634c184c0
|
|||
|
07dce73bca
|
|||
|
c5ccc31ad9
|
|||
|
ab76721ddb
|
|||
|
b460085bb0
|
|||
|
ba3bf20db7
|
|||
|
5ed4c1e9bd
|
|||
|
446e0d057e
|
|||
|
e393f3cc3c | ||
|
|
7ee2d08007 | ||
|
c94aef55a5
|
|||
|
970d97b0a2
|
|||
|
c04ce63c35
|
|||
|
070b466abe
|
|||
|
82143e34ad
|
116 changed files with 808 additions and 769 deletions
26
.woodpecker/bw-test.yml
Normal file
26
.woodpecker/bw-test.yml
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
pipeline:
|
||||
install-deps:
|
||||
image: python:3.10-slim
|
||||
commands:
|
||||
- pip install -r requirements.txt
|
||||
|
||||
test-dummymode:
|
||||
image: python:3.10-slim
|
||||
commands:
|
||||
- bw test
|
||||
environment:
|
||||
BW_VAULT_DUMMY_MODE: 1
|
||||
BW_PASS_DUMMY_MODE: 1
|
||||
|
||||
test-ignore-missing-faults:
|
||||
image: python:3.10-slim
|
||||
commands:
|
||||
- bw test --ignore-missing-faults
|
||||
|
||||
test-determinism:
|
||||
image: python:3.10-slim
|
||||
commands:
|
||||
- bw test --metadata-determinism 3 --config-determinism 3
|
||||
environment:
|
||||
BW_VAULT_DUMMY_MODE: 1
|
||||
BW_PASS_DUMMY_MODE: 1
|
||||
8
.woodpecker/editorconfig.yml
Normal file
8
.woodpecker/editorconfig.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
pipeline:
|
||||
editorconfig:
|
||||
image: alpine:latest
|
||||
commands:
|
||||
- wget -O ec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz
|
||||
- tar -xzf ec-linux-amd64.tar.gz
|
||||
- rm ec-linux-amd64.tar.gz
|
||||
- bin/ec-linux-amd64 -no-color -exclude '^bin/'
|
||||
33
Jenkinsfile
vendored
33
Jenkinsfile
vendored
|
|
@ -1,15 +1,6 @@
|
|||
pipeline {
|
||||
agent any
|
||||
stages {
|
||||
stage('editorconfig-checker') {
|
||||
steps {
|
||||
sh """
|
||||
wget -Oec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz
|
||||
tar -xzf ec-linux-amd64.tar.gz && rm ec-linux-amd64.tar.gz
|
||||
bin/ec-linux-amd64 -no-color -exclude '^bin/'
|
||||
"""
|
||||
}
|
||||
}
|
||||
stage('install_requirements') {
|
||||
steps {
|
||||
sh """
|
||||
|
|
@ -18,13 +9,31 @@ pipeline {
|
|||
virtualenv -p python3 venv
|
||||
. venv/bin/activate
|
||||
|
||||
pip install --upgrade pip
|
||||
pip install --upgrade pip isort
|
||||
pip install -r requirements.txt
|
||||
"""
|
||||
}
|
||||
}
|
||||
stage('bw test') {
|
||||
stage('tests') {
|
||||
parallel {
|
||||
stage('syntax checking using editorconfig-checker') {
|
||||
steps {
|
||||
sh """
|
||||
wget -Oec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz
|
||||
tar -xzf ec-linux-amd64.tar.gz && rm ec-linux-amd64.tar.gz
|
||||
bin/ec-linux-amd64 -no-color -exclude '^bin/'
|
||||
"""
|
||||
}
|
||||
}
|
||||
stage('syntax checking using isort') {
|
||||
steps {
|
||||
sh """
|
||||
. venv/bin/activate
|
||||
|
||||
isort --check .
|
||||
"""
|
||||
}
|
||||
}
|
||||
stage('config and metadata determinism') {
|
||||
steps {
|
||||
sh """
|
||||
|
|
@ -36,7 +45,7 @@ pipeline {
|
|||
"""
|
||||
}
|
||||
}
|
||||
stage('other tests') {
|
||||
stage('bw test -i') {
|
||||
steps {
|
||||
sh """
|
||||
. venv/bin/activate
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
|
|||
| 20090 | matrix-media-repo | prometheus metrics |
|
||||
| 21000 | pleroma | pleroma |
|
||||
| 21010 | grafana | grafana |
|
||||
| 22000 | gitea | gitea |
|
||||
| 22000 | gitea | forgejo |
|
||||
| 22010 | jenkins-ci | Jenkins CI |
|
||||
| 22020 | travelynx | Travelynx Web |
|
||||
| 22030 | octoprint | OctoPrint Web Interface |
|
||||
|
|
@ -45,7 +45,8 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
|
|||
| 22060 | pretalx | gunicorn |
|
||||
| 22070 | paperless-ng | gunicorn |
|
||||
| 22080 | netbox | gunicorn |
|
||||
| 22090 | openhab | http |
|
||||
| 22100 | woodpecker-server | http |
|
||||
| 22101 | woodpecker-server | gRPC |
|
||||
| 22999 | nginx | stub_status |
|
||||
| 22100 | ntfy | http |
|
||||
|
||||
|
|
|
|||
|
|
@ -143,6 +143,9 @@ pkg_apt = {
|
|||
'cloud-init': {
|
||||
'installed': False,
|
||||
},
|
||||
'molly-guard': {
|
||||
'installed': False,
|
||||
},
|
||||
'netplan.io': {
|
||||
'installed': False,
|
||||
},
|
||||
|
|
|
|||
|
|
@ -38,9 +38,14 @@ defaults = {
|
|||
'rofi': {},
|
||||
|
||||
# sound
|
||||
'calf': {},
|
||||
'easyeffects': {},
|
||||
'lsp-plugins': {},
|
||||
'pavucontrol': {},
|
||||
'pulseaudio': {},
|
||||
'pulseaudio-zeroconf': {},
|
||||
'pipewire': {},
|
||||
'pipewire-jack': {},
|
||||
'pipewire-pulse': {},
|
||||
'qpwgraph': {},
|
||||
|
||||
# window management
|
||||
'i3-wm': {},
|
||||
|
|
@ -53,6 +58,7 @@ defaults = {
|
|||
|
||||
# Xorg
|
||||
'xf86-input-libinput': {},
|
||||
'xf86-input-wacom': {},
|
||||
'xorg-server': {},
|
||||
'xorg-setxkbmap': {},
|
||||
'xorg-xev': {},
|
||||
|
|
@ -62,20 +68,27 @@ defaults = {
|
|||
# all them apps
|
||||
'browserpass': {},
|
||||
'browserpass-firefox': {},
|
||||
'ffmpeg': {},
|
||||
'firefox': {},
|
||||
'gimp': {},
|
||||
'imagemagick': {},
|
||||
'inkscape': {},
|
||||
'kdenlive': {},
|
||||
'maim': {},
|
||||
'mosh': {},
|
||||
'mosquitto': {},
|
||||
'mpv': {},
|
||||
'pass': {},
|
||||
'pass-otp': {},
|
||||
'pdftk': {},
|
||||
'pwgen': {},
|
||||
'qpdfview': {},
|
||||
'samba': {},
|
||||
'shotcut': {},
|
||||
'sipcalc': {},
|
||||
'the_silver_searcher': {},
|
||||
'tlp': {},
|
||||
'virt-manager': {},
|
||||
'xclip': {},
|
||||
'xdotool': {}, # needed for maim window selection
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
repo.libs.tools.require_bundle(node, 'zfs')
|
||||
|
||||
from os.path import join
|
||||
|
||||
from bundlewrap.metadata import metadata_to_json
|
||||
|
||||
dataset = node.metadata.get('backup-server/zfs-base')
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
from ipaddress import ip_network
|
||||
|
||||
from bundlewrap.exceptions import NoSuchNode
|
||||
from bundlewrap.metadata import atomic
|
||||
|
||||
|
|
|
|||
11
bundles/docker-ce/items.py
Normal file
11
bundles/docker-ce/items.py
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
from bundlewrap.metadata import metadata_to_json
|
||||
|
||||
files['/etc/docker/daemon.json'] = {
|
||||
'content': metadata_to_json({
|
||||
'iptables': False,
|
||||
}),
|
||||
'before': {
|
||||
'pkg_apt:docker-ce',
|
||||
'pkg_apt:docker-ce-cli',
|
||||
}
|
||||
}
|
||||
36
bundles/docker-ce/metadata.py
Normal file
36
bundles/docker-ce/metadata.py
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
defaults = {
|
||||
'apt': {
|
||||
'repos': {
|
||||
'docker': {
|
||||
'items': {
|
||||
'deb https://download.docker.com/linux/debian {os_release} stable',
|
||||
},
|
||||
},
|
||||
},
|
||||
'packages': {
|
||||
'docker-ce': {},
|
||||
'docker-ce-cli': {},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nftables/rules/00-docker-ce',
|
||||
)
|
||||
def nftables_nat(metadata):
|
||||
rules = {
|
||||
'inet filter forward ct state { related, established } accept',
|
||||
'inet filter forward iifname docker0 accept',
|
||||
}
|
||||
|
||||
for iface in metadata.get('interfaces'):
|
||||
rules.add(f'nat postrouting oifname {iface} masquerade')
|
||||
|
||||
return {
|
||||
'nftables': {
|
||||
'rules': {
|
||||
'00-docker-ce': sorted(rules),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -46,11 +46,12 @@ plugin {
|
|||
zlib_save_level = 6
|
||||
zlib_save = gz
|
||||
|
||||
sieve_plugins = sieve_imapsieve sieve_extprograms
|
||||
sieve_dir = /var/mail/vmail/sieve/%d/%n/
|
||||
sieve = /var/mail/vmail/sieve/%d/%n.sieve
|
||||
sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin
|
||||
sieve_dir = /var/mail/vmail/sieve/%d/%n/
|
||||
sieve_extensions = +vnd.dovecot.pipe
|
||||
sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin
|
||||
sieve_plugins = sieve_imapsieve sieve_extprograms
|
||||
sieve_user_log = /var/mail/vmail/sieve/%d/%n.log
|
||||
|
||||
old_stats_refresh = 30 secs
|
||||
old_stats_track_cmds = yes
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ ROOT_URL = https://${domain}/
|
|||
DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
|
||||
LFS_JWT_SECRET = ${lfs_secret_key}
|
||||
OFFLINE_MODE = true
|
||||
START_SSH_SERVER = false
|
||||
|
|
@ -67,7 +66,7 @@ EMAIL_DOMAIN_BLOCKLIST = ${','.join(sorted(email_domain_blocklist))}
|
|||
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
MAILER_TYPE = sendmail
|
||||
PROTOCOL = sendmail
|
||||
FROM = "${app_name}" <noreply@${domain}>
|
||||
|
||||
[session]
|
||||
|
|
|
|||
|
|
@ -40,10 +40,7 @@ files = {
|
|||
},
|
||||
'/usr/local/bin/gitea': {
|
||||
'content_type': 'download',
|
||||
#'source': 'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64'.format(version=node.metadata.get('gitea/version')),
|
||||
'source': 'https://github.com/go-gitea/gitea/releases/download/v{version}/gitea-{version}-linux-amd64'.format(
|
||||
version=node.metadata.get('gitea/version'),
|
||||
),
|
||||
'source': node.metadata.get('gitea/url'),
|
||||
'content_hash': node.metadata.get('gitea/sha1', None),
|
||||
'mode': '0755',
|
||||
'triggers': {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ defaults = {
|
|||
},
|
||||
},
|
||||
'gitea': {
|
||||
'app_name': 'Gitea',
|
||||
'app_name': 'Forgejo',
|
||||
'database': {
|
||||
'username': 'gitea',
|
||||
'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
|
||||
|
|
@ -23,9 +23,14 @@ defaults = {
|
|||
'icinga2_api': {
|
||||
'gitea': {
|
||||
'services': {
|
||||
'GITEA PROCESS': {
|
||||
'FORGEJO PROCESS': {
|
||||
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit gitea',
|
||||
},
|
||||
'FORGEJO UPDATE': {
|
||||
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v$(gitea --version | cut -d" " -f3)',
|
||||
'vars.notification.mail': True,
|
||||
'check_interval': '60m',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -67,7 +72,7 @@ defaults = {
|
|||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts/gitea',
|
||||
'nginx/vhosts/forgejo',
|
||||
)
|
||||
def nginx(metadata):
|
||||
if not node.has_bundle('nginx'):
|
||||
|
|
@ -76,7 +81,7 @@ def nginx(metadata):
|
|||
return {
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
'gitea': {
|
||||
'forgejo': {
|
||||
'domain': metadata.get('gitea/domain'),
|
||||
'locations': {
|
||||
'/': {
|
||||
|
|
@ -99,16 +104,4 @@ def nginx(metadata):
|
|||
)
|
||||
def icinga_check_for_new_release(metadata):
|
||||
return {
|
||||
'icinga2_api': {
|
||||
'gitea': {
|
||||
'services': {
|
||||
'GITEA UPDATE': {
|
||||
# this is only temporary. We will switch to forgejo once they have their first stable release.
|
||||
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v{}'.format(metadata.get('gitea/version')),
|
||||
'vars.notification.mail': True,
|
||||
'check_interval': '60m',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ try:
|
|||
message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
|
||||
else:
|
||||
status = 2
|
||||
message = f"CRITICAL - update necessary, running verison {running_version} is lower than stable version {stable_version}"
|
||||
message = f"CRITICAL - update necessary, running version {running_version} is lower than stable version {stable_version}"
|
||||
except Exception as e:
|
||||
message = f"{message}: {repr(e)}"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
from bundlewrap.metadata import atomic
|
||||
|
||||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
|
|
@ -25,7 +23,7 @@ defaults = {
|
|||
},
|
||||
}
|
||||
@metadata_reactor.provides(
|
||||
'icinga2_api/homeassistant/services/HOMESSISTANT UPDATE',
|
||||
'icinga2_api/homeassistant/services',
|
||||
)
|
||||
def icinga_check_for_new_release(metadata):
|
||||
return {
|
||||
|
|
@ -54,8 +52,8 @@ def nginx(metadata):
|
|||
'vhosts': {
|
||||
'homeassistant': {
|
||||
'domain': metadata.get('homeassistant/domain'),
|
||||
'website_check_path': '/',
|
||||
'website_check_string': 'Homeassistant',
|
||||
'website_check_path': '/auth/authorize',
|
||||
'website_check_string': 'Home Assistant',
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:8123',
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from requests import get
|
||||
from sys import argv, exit
|
||||
|
||||
from requests import get
|
||||
|
||||
meshviewer_url = argv[1]
|
||||
node_id = argv[2]
|
||||
node = None
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from requests import get
|
||||
from sys import exit
|
||||
|
||||
from requests import get
|
||||
|
||||
SIPGATE_USER = '${node.metadata['icinga2']['sipgate_user']}'
|
||||
SIPGATE_PASS = '${node.metadata['icinga2']['sipgate_pass']}'
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,10 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||
from ipaddress import ip_address, IPv6Address
|
||||
from ipaddress import IPv6Address, ip_address
|
||||
from subprocess import check_output
|
||||
from sys import argv, exit
|
||||
|
||||
|
||||
|
||||
BLOCKLISTS = [
|
||||
'0spam.fusionzero.com',
|
||||
'bl.mailspike.org',
|
||||
|
|
|
|||
|
|
@ -4,10 +4,11 @@ import email.mime.text
|
|||
import smtplib
|
||||
from argparse import ArgumentParser
|
||||
from json import dumps
|
||||
from requests import post
|
||||
from subprocess import run
|
||||
from sys import argv
|
||||
|
||||
from requests import post
|
||||
|
||||
SIPGATE_USER='${node.metadata['icinga2']['sipgate_user']}'
|
||||
SIPGATE_PASS='${node.metadata['icinga2']['sipgate_pass']}'
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,9 @@ defaults = {
|
|||
'icinga2': {},
|
||||
'icinga2-ido-pgsql': {},
|
||||
'icingaweb2': {},
|
||||
'icingaweb2-module-monitoring': {},
|
||||
|
||||
# apparently no longer needed
|
||||
#'icingaweb2-module-monitoring': {},
|
||||
|
||||
# neeeded for statusmonitor
|
||||
'python3-flask': {},
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from os import environ
|
||||
from requests import get, post
|
||||
from sys import argv, exit
|
||||
|
||||
from requests import get, post
|
||||
|
||||
SYNAPSE_MAX_ROOMS_TO_GET = 20000
|
||||
SYNAPSE_HOST = 'http://[::1]:20080/'
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ defaults = {
|
|||
'repos': {
|
||||
'miniflux': {
|
||||
'items': {
|
||||
'deb https://apt.miniflux.app/ /',
|
||||
'deb [trusted=yes] https://repo.miniflux.app/apt/ /',
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Checks wether upgrade-and-reboot is currently running.
|
||||
|
||||
if [[ -f "/var/lib/bundlewrap/soft-${node.name}/UNATTENDED" ]]
|
||||
then
|
||||
echo "Sorry, can't $MOLLYGUARD_CMD now, upgrade-and-reboot is running"
|
||||
exit 1
|
||||
fi
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# This script will ask for the bundlewrap node name. This replaces the
|
||||
# original script, which will ask for the hostname, which sometimes
|
||||
# is not enough to properly identify the system.
|
||||
|
||||
NODE_NAME="${node.name}"
|
||||
|
||||
# If this is not a terminal, do nothing
|
||||
test -t 0 || exit 0
|
||||
|
||||
sigh()
|
||||
{
|
||||
echo "Sorry, input does not match. Won't $MOLLYGUARD_CMD $NODE_NAME ..." >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
trap 'echo;sigh' 1 2 3 9 10 12 15
|
||||
|
||||
echo -n "Please enter the bundlewrap node name of this System to $MOLLYGUARD_CMD: "
|
||||
read NODE_NAME_USER || :
|
||||
|
||||
NODE_NAME_USER="$(echo "$NODE_NAME_USER" | tr '[:upper:]' '[:lower:]')"
|
||||
|
||||
[ "$NODE_NAME_USER" = "$NODE_NAME" ] || sigh
|
||||
|
||||
trap - 1 2 3 9 10 12 15
|
||||
|
||||
exit 0
|
||||
|
|
@ -1 +0,0 @@
|
|||
# currently unused
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
directories = {
|
||||
'/etc/molly-guard/messages.d': {
|
||||
'purge': True,
|
||||
'after': {
|
||||
'pkg_apt:molly-guard',
|
||||
},
|
||||
},
|
||||
'/etc/molly-guard/run.d': {
|
||||
'purge': True,
|
||||
'after': {
|
||||
'pkg_apt:molly-guard',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
files = {
|
||||
'/etc/molly-guard/rc': {},
|
||||
|
||||
'/etc/molly-guard/run.d/10-check-unattended-upgrades': {
|
||||
'content_type': 'mako',
|
||||
'mode': '0755',
|
||||
},
|
||||
'/etc/molly-guard/run.d/30-query-hostname': {
|
||||
'content_type': 'mako',
|
||||
'mode': '0755',
|
||||
},
|
||||
}
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
'molly-guard': {},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -7,7 +7,6 @@ from time import sleep
|
|||
|
||||
import paho.mqtt.client as mqtt
|
||||
|
||||
|
||||
BROKER_HOST = argv[1]
|
||||
BROKER_TOPIC = argv[2]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
from bundlewrap.metadata import atomic
|
||||
|
||||
|
||||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ defaults = {
|
|||
},
|
||||
}
|
||||
|
||||
if not node.has_bundle('vmhost'):
|
||||
if not node.has_bundle('vmhost') and not node.has_bundle('docker-ce'):
|
||||
# see comment in bundles/vmhost/items.py
|
||||
defaults['apt']['packages']['iptables'] = {
|
||||
'installed': False,
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from requests import get
|
||||
from sys import exit
|
||||
|
||||
from requests import get
|
||||
|
||||
api_key = '${api_key}'
|
||||
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
find /var/lib/openhab/backups -type f -mtime +3 -delete
|
||||
|
||||
/usr/share/openhab/runtime/bin/backup --full
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
# openHAB service options
|
||||
|
||||
#########################
|
||||
## PORTS
|
||||
## The ports openHAB will bind its HTTP/HTTPS web server to.
|
||||
|
||||
OPENHAB_HTTP_PORT=22090
|
||||
#OPENHAB_HTTPS_PORT=8443
|
||||
|
||||
#########################
|
||||
## HTTP(S) LISTEN ADDRESS
|
||||
## The listen address used by the HTTP(S) server.
|
||||
## 0.0.0.0 (default) allows a connection from any location
|
||||
## 127.0.0.1 only allows the local machine to connect
|
||||
|
||||
OPENHAB_HTTP_ADDRESS=127.0.0.1
|
||||
|
||||
#########################
|
||||
## BACKUP DIRECTORY
|
||||
## Set the following variable to specify the backup location.
|
||||
## runtime/bin/backup and runtime/bin/restore will use this path for the zip files.
|
||||
|
||||
#OPENHAB_BACKUPS=/var/lib/openhab/backups
|
||||
|
||||
#########################
|
||||
## JAVA OPTIONS
|
||||
## Additional options for the JAVA_OPTS environment variable.
|
||||
## These will be appended to the execution of the openHAB Java runtime in front of all other options.
|
||||
##
|
||||
## A couple of independent examples:
|
||||
## EXTRA_JAVA_OPTS="-Dgnu.io.rxtx.SerialPorts=/dev/ttyZWAVE:/dev/ttyUSB0:/dev/ttyS0:/dev/ttyS2:/dev/ttyACM0:/dev/ttyAMA0"
|
||||
## EXTRA_JAVA_OPTS="-Djna.library.path=/lib/arm-linux-gnueabihf/ -Duser.timezone=Europe/Berlin -Dgnu.io.rxtx.SerialPorts=/dev/ttyZWave"
|
||||
|
||||
EXTRA_JAVA_OPTS="${extra_java_opts}"
|
||||
|
||||
#########################
|
||||
## OPENHAB DEFAULTS PATHS
|
||||
## The following settings override the default apt/rpm locations and should be used with caution.
|
||||
## openHAB will fail to update itself if you're using different paths.
|
||||
## Only set these if you are testing and are confident in debugging.
|
||||
|
||||
#OPENHAB_HOME=/usr/share/openhab
|
||||
#OPENHAB_CONF=/etc/openhab
|
||||
#OPENHAB_RUNTIME=/usr/share/openhab/runtime
|
||||
#OPENHAB_USERDATA=/var/lib/openhab
|
||||
#OPENHAB_LOGDIR=/var/log/openhab
|
||||
|
||||
#########################
|
||||
## OPENHAB USER AND GROUP
|
||||
## The user and group that takes ownership of openHAB. Only available for init.d systems.
|
||||
## To edit user and group for systemd, see the service file at /usr/lib/systemd/system/openhab.service.
|
||||
|
||||
#OPENHAB_USER=openhab
|
||||
#OPENHAB_GROUP=openhab
|
||||
|
||||
#########################
|
||||
## SYSTEMD START MODE
|
||||
## The Karaf startmode for the openHAB runtime. Only available for systemctl/systemd systems.
|
||||
## Defaults to daemon when unset here. Multiple options can be used without quotes.
|
||||
## debug increases log output. daemon launches the Karaf/openHAB processes.
|
||||
|
||||
#OPENHAB_STARTMODE=debug
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
extra_java_opts = []
|
||||
|
||||
for opt, value in sorted(node.metadata.get('openhab/java_opts', {}).items()):
|
||||
if value is None:
|
||||
extra_java_opts.append(f'-D{opt}')
|
||||
else:
|
||||
extra_java_opts.append(f'-D{opt}={value}')
|
||||
|
||||
files = {
|
||||
'/etc/default/openhab': {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'extra_java_opts': ' '.join(extra_java_opts),
|
||||
},
|
||||
'triggers': {
|
||||
'svc_systemd:openhab:restart',
|
||||
},
|
||||
},
|
||||
'/etc/backup-pre-hooks.d/40-openhab': {
|
||||
'source': 'backup-pre-hook',
|
||||
'mode': '0755',
|
||||
}
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
'openhab': {
|
||||
'needs': {
|
||||
'pkg_apt:openhab',
|
||||
'pkg_apt:openhab-addons',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
'openjdk-17-jre': {},
|
||||
'openhab': {
|
||||
'needs': {
|
||||
'pkg_apt:openjdk-17-jre',
|
||||
},
|
||||
},
|
||||
'openhab-addons': {
|
||||
'needs': {
|
||||
'pkg_apt:openhab',
|
||||
},
|
||||
},
|
||||
},
|
||||
'repos': {
|
||||
'openhab': {
|
||||
'items': {
|
||||
'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'backups': {
|
||||
'paths': {
|
||||
'/usr/share/openhab/addons', # not included in openhab backup
|
||||
'/var/lib/openhab',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts/openhab',
|
||||
)
|
||||
def nginx(metadata):
|
||||
if not node.has_bundle('nginx'):
|
||||
raise DoNotRunAgain
|
||||
|
||||
return {
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
'openhab': {
|
||||
'domain': metadata.get('openhab/domain'),
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://localhost:22090/',
|
||||
},
|
||||
},
|
||||
'website_check_path': '/',
|
||||
'website_check_string': 'openHAB',
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -4,7 +4,6 @@
|
|||
from json import loads
|
||||
from subprocess import check_output
|
||||
|
||||
|
||||
queue_counts = {}
|
||||
|
||||
queue_json = check_output(['sudo', '/usr/sbin/postqueue', '-j'])
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
% for zone in sorted(zones):
|
||||
zone "${zone}" {
|
||||
file "/var/lib/powerdns/zones/${zone}";
|
||||
type native;
|
||||
type master;
|
||||
};
|
||||
% endfor
|
||||
|
|
|
|||
|
|
@ -20,12 +20,15 @@ setgid=pdns
|
|||
allow-notify-from=${','.join(sorted(my_primary_servers))}
|
||||
|
||||
slave=yes
|
||||
# FIXME enable once debian stable has 4.1.9
|
||||
#superslave=yes
|
||||
% if node.os_version[0] > 10:
|
||||
superslave=yes
|
||||
% endif
|
||||
% else:
|
||||
api=yes
|
||||
api-key=${api_key}
|
||||
webserver=yes
|
||||
webserver-address=0.0.0.0
|
||||
webserver-allow-from=0.0.0.0/0
|
||||
|
||||
allow-notify-from=
|
||||
|
||||
|
|
|
|||
|
|
@ -5,26 +5,12 @@ from subprocess import check_output
|
|||
|
||||
zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
|
||||
|
||||
ZONE_HEADER = """
|
||||
; _ ____ _ _ _____ _ _ _ _ ____
|
||||
; / \\ / ___| | | |_ _| | | | \\ | |/ ___|
|
||||
; / _ \\| | | |_| | | | | | | | \\| | | _
|
||||
; / ___ \\ |___| _ | | | | |_| | |\\ | |_| |
|
||||
; /_/ \\_\\____|_| |_| |_| \\___/|_| \\_|\\____|
|
||||
;
|
||||
; --> Diese Datei wird von BundleWrap verwaltet! <--
|
||||
|
||||
$TTL 60
|
||||
@ IN SOA ns-1.kunbox.net. hostmaster.kunbox.net. (
|
||||
{serial}
|
||||
3600
|
||||
600
|
||||
86400
|
||||
300
|
||||
)
|
||||
"""
|
||||
nameservers = set()
|
||||
for rnode in sorted(repo.nodes_in_group('dns')):
|
||||
ZONE_HEADER += '@ IN NS {}.\n'.format(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname')))
|
||||
if not rnode.metadata.get('powerdns/is_secondary'):
|
||||
# hide the primary nameserver from auto-generated nameserver lists
|
||||
continue
|
||||
nameservers.add(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname')))
|
||||
|
||||
directories = {
|
||||
'/etc/powerdns/pdns.d': {
|
||||
|
|
@ -50,11 +36,11 @@ files = {
|
|||
'/etc/powerdns/pdns.conf': {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'api_key': node.metadata['powerdns']['api_key'],
|
||||
'my_hostname': node.metadata['powerdns'].get('my_hostname', node.metadata.get('hostname')),
|
||||
'is_secondary': node.metadata['powerdns'].get('is_secondary', False),
|
||||
'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', set()),
|
||||
'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', set()),
|
||||
'api_key': node.metadata.get('powerdns/api_key'),
|
||||
'my_hostname': node.metadata.get('powerdns/my_hostname', node.metadata.get('hostname')),
|
||||
'is_secondary': node.metadata.get('powerdns/is_secondary', False),
|
||||
'my_primary_servers': node.metadata.get('powerdns/my_primary_servers', set()),
|
||||
'my_secondary_servers': node.metadata.get('powerdns/my_secondary_servers', set()),
|
||||
},
|
||||
'needs': {
|
||||
'pkg_apt:pdns-server',
|
||||
|
|
@ -78,7 +64,7 @@ svc_systemd = {
|
|||
actions = {
|
||||
'powerdns_reload_zones': {
|
||||
'triggered': True,
|
||||
'command': 'pdns_control rediscover; pdns_control reload',
|
||||
'command': 'pdns_control rediscover; pdns_control reload; pdns_control notify \*',
|
||||
'needs': {
|
||||
'svc_systemd:pdns',
|
||||
},
|
||||
|
|
@ -102,7 +88,8 @@ if node.metadata.get('powerdns/features/bind', False):
|
|||
files[f'/var/lib/powerdns/zones/{zone}'] = {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'header': ZONE_HEADER.format(serial=serial),
|
||||
'NAMESERVERS': '\n'.join(sorted({f'@ IN NS {ns}.' for ns in nameservers})),
|
||||
'SERIAL': serial,
|
||||
'metadata_records': node.metadata.get(f'powerdns/bind-zones/{zone}/records', []),
|
||||
},
|
||||
'source': f'bind-zones/{zone}',
|
||||
|
|
@ -142,12 +129,22 @@ if node.metadata.get('powerdns/features/bind', False):
|
|||
'action:powerdns_reload_zones',
|
||||
},
|
||||
}
|
||||
else:
|
||||
files['/etc/powerdns/named.conf'] = {
|
||||
'delete': True,
|
||||
'needed_by': {
|
||||
'svc_systemd:pdns',
|
||||
},
|
||||
'triggers': {
|
||||
'action:powerdns_reload_zones',
|
||||
},
|
||||
}
|
||||
|
||||
if node.metadata.get('powerdns/features/pgsql', False):
|
||||
if node.metadata.get('powerdns/features/pgsql', node.has_bundle('postgresql')):
|
||||
files['/etc/powerdns/pdns.d/pgsql.conf'] = {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'password': node.metadata['postgresql']['roles']['powerdns']['password'],
|
||||
'password': node.metadata.get('postgresql/roles/powerdns/password'),
|
||||
},
|
||||
'needs': {
|
||||
'pkg_apt:pdns-backend-pgsql',
|
||||
|
|
@ -163,7 +160,7 @@ if node.metadata.get('powerdns/features/pgsql', False):
|
|||
files['/etc/powerdns/schema.pgsql.sql'] = {}
|
||||
|
||||
actions['powerdns_load_pgsql_schema'] = {
|
||||
'command': node.metadata['postgresql']['roles']['powerdns']['password'].format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'),
|
||||
'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'),
|
||||
'unless': 'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null',
|
||||
'needs': {
|
||||
'bundle:postgresql',
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
from ipaddress import ip_address, IPv4Address, IPv6Address
|
||||
from ipaddress import IPv4Address, IPv6Address, ip_address
|
||||
|
||||
from bundlewrap.metadata import atomic
|
||||
|
||||
|
|
@ -43,7 +43,11 @@ if node.has_bundle('telegraf'):
|
|||
defaults['telegraf'] = {
|
||||
'input_plugins': {
|
||||
'builtin': {
|
||||
'powerdns': [{}],
|
||||
'powerdns': [{
|
||||
'unix_sockets': [
|
||||
'/var/run/pdns/pdns.controlsocket',
|
||||
],
|
||||
}],
|
||||
},
|
||||
},
|
||||
'additional_groups': {
|
||||
|
|
@ -186,16 +190,16 @@ def hosts_entries_for_all_dns_servers(metadata):
|
|||
if rnode.name == node.name:
|
||||
continue
|
||||
|
||||
ip = rnode.metadata.get('external_ipv4')
|
||||
found_ips = repo.libs.tools.resolve_identifier(repo, rnode.name)
|
||||
for ip in sorted(found_ips['ipv4']):
|
||||
if not ip.is_private:
|
||||
entries[str(ip)] = {
|
||||
rnode.metadata.get('hostname'),
|
||||
rnode.name,
|
||||
}
|
||||
|
||||
if ip:
|
||||
entries[ip] = {
|
||||
rnode.metadata.get('hostname'),
|
||||
rnode.name,
|
||||
}
|
||||
|
||||
if rnode.metadata.get('powerdns/my_hostname', None):
|
||||
entries[ip].add(rnode.metadata.get('powerdns/my_hostname'))
|
||||
if rnode.metadata.get('powerdns/my_hostname', None):
|
||||
entries[str(ip)].add(rnode.metadata.get('powerdns/my_hostname'))
|
||||
|
||||
return {
|
||||
'hosts': {
|
||||
|
|
@ -211,8 +215,9 @@ def firewall(metadata):
|
|||
return {
|
||||
'firewall': {
|
||||
'port_rules': {
|
||||
'53': atomic(metadata.get('powerdns/restrict-to', {'*'})),
|
||||
'53/udp': atomic(metadata.get('powerdns/restrict-to', {'*'})),
|
||||
'53': atomic(metadata.get('powerdns/restrict-to/dns', {'*'})),
|
||||
'53/udp': atomic(metadata.get('powerdns/restrict-to/dns', {'*'})),
|
||||
'8081': atomic(metadata.get('powerdns/restrict-to/api', set())),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,10 +36,13 @@ actions = {
|
|||
'needs': {
|
||||
'directory:/opt/powerdnsadmin', # provided by bundle:users
|
||||
},
|
||||
'after': {
|
||||
'pkg_apt:',
|
||||
},
|
||||
},
|
||||
'powerdnsadmin_install_deps': {
|
||||
'triggered': True,
|
||||
'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt',
|
||||
'command': '/opt/powerdnsadmin/venv/bin/pip install --upgrade psycopg2-binary -r /opt/powerdnsadmin/src/requirements.txt',
|
||||
'needs': {
|
||||
'action:powerdnsadmin_create_virtualenv',
|
||||
'pkg_apt:',
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ defaults = {
|
|||
'libxmlsec1-dev': {},
|
||||
'libxslt1-dev': {},
|
||||
'pkg-config': {},
|
||||
'python3-psycopg2': {},
|
||||
'python3-wheel': {},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import requests
|
||||
from sys import argv
|
||||
|
||||
import requests
|
||||
|
||||
INTERFACE = argv[1]
|
||||
LOCAL_IP = argv[4]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import psycopg2
|
||||
from configparser import ConfigParser
|
||||
from sys import argv, exit
|
||||
|
||||
import psycopg2
|
||||
|
||||
|
||||
def main():
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from requests import get
|
||||
from sys import argv, stderr
|
||||
|
||||
from requests import get
|
||||
|
||||
try:
|
||||
r = get('http://127.0.0.1:11334/stat')
|
||||
r.raise_for_status()
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
from subprocess import check_output
|
||||
from json import loads
|
||||
from subprocess import check_output
|
||||
from sys import stderr
|
||||
|
||||
devices = check_output(['smartctl', '--scan']).decode().splitlines()
|
||||
|
|
|
|||
|
|
@ -55,8 +55,9 @@ try:
|
|||
exit(2)
|
||||
else:
|
||||
print(
|
||||
"Currently installed version {} matches newest release on github".format(
|
||||
current_version
|
||||
"Currently installed version {} matches newest release on {}".format(
|
||||
current_version,
|
||||
host,
|
||||
)
|
||||
)
|
||||
exit(0)
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
#this is actually a python https requests query, its called check_http_wget cause it got replaced
|
||||
|
||||
from sys import exit
|
||||
from argparse import ArgumentParser
|
||||
from sys import exit
|
||||
|
||||
import requests
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ from argparse import ArgumentParser
|
|||
from subprocess import check_output
|
||||
from tempfile import TemporaryFile
|
||||
|
||||
|
||||
check_filesystem_types = {
|
||||
'ext2',
|
||||
'ext3',
|
||||
|
|
|
|||
|
|
@ -8,7 +8,10 @@ defaults = {
|
|||
'monitoring-plugins': {},
|
||||
'python3-requests': {},
|
||||
'python3-setuptools': {}, # needed by check_github_for_new_release
|
||||
'sysstat': {}, # needed by check_cpu_stats
|
||||
'sysstat': {
|
||||
# legacy
|
||||
'installed': False,
|
||||
},
|
||||
},
|
||||
},
|
||||
'icinga2_api': {
|
||||
|
|
@ -37,7 +40,6 @@ defaults = {
|
|||
'perl-libwww': {},
|
||||
'monitoring-plugins': {},
|
||||
'python-requests': {},
|
||||
'sysstat': {},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
'isc-dhcp-client': {
|
||||
'installed': False,
|
||||
},
|
||||
'resolvconf': {
|
||||
'installed': False,
|
||||
},
|
||||
|
|
|
|||
|
|
@ -5,15 +5,13 @@
|
|||
# 'localhost'.
|
||||
|
||||
{
|
||||
# Cache directories for schedule and realtime data. Mandatory. The parent
|
||||
# directory ('/var/cache/travelynx' in this case) must already exist.
|
||||
base_url => Mojo::URL->new('https://${domain}'),
|
||||
|
||||
cache => {
|
||||
schedule => '/var/cache/travelynx/iris',
|
||||
realtime => '/var/cache/travelynx/iris-rt',
|
||||
},
|
||||
|
||||
# Database configuration. host and port are optional
|
||||
# (defaulting to localhost:5432), the rest is mandatory.
|
||||
db => {
|
||||
host => '${database.get('host', 'localhost')}',
|
||||
port => 5432,
|
||||
|
|
@ -22,8 +20,6 @@
|
|||
password => '${database['password']}',
|
||||
},
|
||||
|
||||
# See the Mojo::Server::Hypnotoad manual for details on the following
|
||||
# settings.
|
||||
hypnotoad => {
|
||||
accepts => 100,
|
||||
clients => 10,
|
||||
|
|
@ -34,21 +30,14 @@
|
|||
},
|
||||
|
||||
mail => {
|
||||
# If you want to disable outgoing mail for development purposes,
|
||||
# uncomment the following line. Mails will instead be logged as
|
||||
# Mojolicious "info" messages, causing their content to be printed on
|
||||
# stdout.
|
||||
## disabled => 1,
|
||||
|
||||
# Otherwise, specify the sender ("From" field) for mail sent by travelynx
|
||||
# here. E.g. 'Travelynx <mail@example.org>'
|
||||
from => '${mail_from}',
|
||||
},
|
||||
|
||||
# Secrets used for cookie signing and verification. Must contain at least
|
||||
# one random string. If you specify several strings, the first one will
|
||||
# be used for signing new cookies, and the remaining ones will still be
|
||||
# accepted for cookie validation.
|
||||
ref => {
|
||||
issues => 'https://github.com/derf/travelynx/issues',
|
||||
source => 'https://github.com/derf/travelynx',
|
||||
},
|
||||
|
||||
secrets => [
|
||||
'${cookie_secret}',
|
||||
],
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ files = {
|
|||
},
|
||||
'/opt/travelynx/travelynx.conf': {
|
||||
'content_type': 'mako',
|
||||
'context': node.metadata['travelynx'],
|
||||
'context': node.metadata.get('travelynx'),
|
||||
'needs': {
|
||||
'git_deploy:/opt/travelynx',
|
||||
},
|
||||
|
|
@ -61,7 +61,7 @@ if isfile(join(repo.path, 'data', 'travelynx', 'files', 'imprint', node.name)):
|
|||
git_deploy = {
|
||||
'/opt/travelynx': {
|
||||
'repo': 'https://github.com/derf/travelynx.git',
|
||||
'rev': node.metadata['travelynx']['version'],
|
||||
'rev': node.metadata.get('travelynx/version'),
|
||||
'needs': {
|
||||
'directory:/opt/travelynx',
|
||||
},
|
||||
|
|
@ -84,7 +84,7 @@ actions = {
|
|||
'triggered': True,
|
||||
},
|
||||
'travelynx_database_migrate': {
|
||||
'command': 'cd /opt/travelynx && perl index.pl database migrate',
|
||||
'command': 'export PERL5LIB=/opt/travelynx/local/lib/perl5; cd /opt/travelynx && perl index.pl database migrate',
|
||||
# Because git_deploy does not put .git onto the server, the script
|
||||
# will complain on STDERR about not finding a git repository.
|
||||
# That's why we need to redirect stderr to /dev/null.
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ export EDITOR=vim
|
|||
export VISUAL=vim
|
||||
|
||||
alias ipb='ip -brief --color=auto'
|
||||
alias ipa='ip -brief --color=always addr show; echo; ip --color=always route show; ip -6 --color=always route show'
|
||||
alias l='ls -lAh'
|
||||
alias s='sudo -i'
|
||||
alias v='vim -p'
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
from os.path import join, exists
|
||||
from os.path import exists, join
|
||||
|
||||
files = {
|
||||
'/etc/bash.bashrc': {
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ from ipaddress import ip_network
|
|||
from bundlewrap.exceptions import NoSuchNode
|
||||
from bundlewrap.metadata import atomic
|
||||
|
||||
|
||||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
|
|
|
|||
42
bundles/woodpecker-agent/files/woodpecker-agent.service
Normal file
42
bundles/woodpecker-agent/files/woodpecker-agent.service
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
[Unit]
|
||||
Description=woodpecker ci agent
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=woodpecker
|
||||
Group=woodpecker
|
||||
WorkingDirectory=/var/lib/woodpecker
|
||||
ExecStart=/usr/local/bin/woodpecker-agent
|
||||
Restart=always
|
||||
ReadWritePaths=/var/lib/woodpecker
|
||||
CapabilityBoundingSet=
|
||||
NoNewPrivileges=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
PrivateUsers=true
|
||||
ProtectHostname=true
|
||||
ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
PrivateMounts=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
|
||||
|
||||
% for k, v in sorted(env.items()):
|
||||
Environment=${k}=${v}
|
||||
% endfor
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
43
bundles/woodpecker-agent/items.py
Normal file
43
bundles/woodpecker-agent/items.py
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
version = node.metadata.get('woodpecker-agent/version')
|
||||
|
||||
directories['/var/lib/woodpecker'] = {
|
||||
'owner': 'woodpecker',
|
||||
}
|
||||
|
||||
actions['install_woodpecker-agent'] = {
|
||||
'command': ' && '.join([
|
||||
f'wget -q -O/tmp/woodpecker-agent.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-agent_{version}_amd64.deb',
|
||||
'dpkg -i /tmp/woodpecker-agent.deb',
|
||||
]),
|
||||
'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''',
|
||||
'triggers': {
|
||||
'svc_systemd:woodpecker-agent:restart',
|
||||
},
|
||||
}
|
||||
|
||||
files['/usr/local/lib/systemd/system/woodpecker-agent.service'] = {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'env': node.metadata.get('woodpecker-agent/environment'),
|
||||
},
|
||||
'triggers': {
|
||||
'action:systemd-reload',
|
||||
'svc_systemd:woodpecker-agent:restart',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd['woodpecker-agent'] = {
|
||||
'after': {
|
||||
# to make sure we have docker and other eventual dependencies
|
||||
'pkg_apt:',
|
||||
},
|
||||
'needs': {
|
||||
'action:install_woodpecker-agent',
|
||||
'file:/usr/local/lib/systemd/system/woodpecker-agent.service',
|
||||
'user:woodpecker',
|
||||
},
|
||||
}
|
||||
|
||||
users['woodpecker'] = {
|
||||
'home': '/var/lib/woodpecker',
|
||||
}
|
||||
30
bundles/woodpecker-agent/metadata.py
Normal file
30
bundles/woodpecker-agent/metadata.py
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
@metadata_reactor.provides(
|
||||
'woodpecker-agent/environment',
|
||||
'woodpecker-agent/version',
|
||||
)
|
||||
def environment(metadata):
|
||||
env = {}
|
||||
server = repo.get_node(metadata.get('woodpecker-agent/server'))
|
||||
|
||||
domain = server.metadata.get('woodpecker-server/domain')
|
||||
port = server.metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')
|
||||
env['WOODPECKER_SERVER'] = f'{domain}{port}'
|
||||
|
||||
env['WOODPECKER_AGENT_SECRET'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_AGENT_SECRET')
|
||||
|
||||
env['WOODPECKER_MAX_PROCS'] = int(int(metadata.get('vm/cpu'))/2)
|
||||
|
||||
env['WOODPECKER_HOSTNAME'] = metadata.get('hostname')
|
||||
|
||||
env['WOODPECKER_LOG_LEVEL'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_LOG_LEVEL')
|
||||
|
||||
debug = server.metadata.get('woodpecker-server/environment/GODEBUG', None)
|
||||
if debug:
|
||||
env['GODEBUG'] = debug
|
||||
|
||||
return {
|
||||
'woodpecker-agent': {
|
||||
'environment': env,
|
||||
'version': server.metadata.get('woodpecker-server/version'),
|
||||
},
|
||||
}
|
||||
43
bundles/woodpecker-server/files/woodpecker-server.service
Normal file
43
bundles/woodpecker-server/files/woodpecker-server.service
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
[Unit]
|
||||
Description=woodpecker ci
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
Requires=postgresql.service
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=woodpecker
|
||||
Group=woodpecker
|
||||
WorkingDirectory=/var/lib/woodpecker
|
||||
ExecStart=/usr/local/bin/woodpecker-server
|
||||
Restart=always
|
||||
ReadWritePaths=/var/lib/woodpecker
|
||||
CapabilityBoundingSet=
|
||||
NoNewPrivileges=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
PrivateUsers=true
|
||||
ProtectHostname=true
|
||||
ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
PrivateMounts=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
|
||||
|
||||
% for k, v in sorted(env.items()):
|
||||
Environment=${k}=${v}
|
||||
% endfor
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
41
bundles/woodpecker-server/items.py
Normal file
41
bundles/woodpecker-server/items.py
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
version = node.metadata.get('woodpecker-server/version')
|
||||
|
||||
directories['/var/lib/woodpecker'] = {
|
||||
'owner': 'woodpecker',
|
||||
}
|
||||
|
||||
actions['install_woodpecker-server'] = {
|
||||
'command': ' && '.join([
|
||||
f'wget -q -O/tmp/woodpecker-server.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-server_{version}_amd64.deb',
|
||||
'dpkg -i /tmp/woodpecker-server.deb',
|
||||
]),
|
||||
'unless': f'''bash -c "[[ \"$(woodpecker-server --version | cut -d' ' -f3)\" == "{version}" ]]"''',
|
||||
'triggers': {
|
||||
'svc_systemd:woodpecker-server:restart',
|
||||
},
|
||||
}
|
||||
|
||||
files['/usr/local/lib/systemd/system/woodpecker-server.service'] = {
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'env': node.metadata.get('woodpecker-server/environment'),
|
||||
},
|
||||
'triggers': {
|
||||
'action:systemd-reload',
|
||||
'svc_systemd:woodpecker-server:restart',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd['woodpecker-server'] = {
|
||||
'needs': {
|
||||
'action:install_woodpecker-server',
|
||||
'file:/usr/local/lib/systemd/system/woodpecker-server.service',
|
||||
'postgres_db:woodpecker',
|
||||
'postgres_role:woodpecker',
|
||||
'user:woodpecker',
|
||||
},
|
||||
}
|
||||
|
||||
users['woodpecker'] = {
|
||||
'home': '/var/lib/woodpecker',
|
||||
}
|
||||
98
bundles/woodpecker-server/metadata.py
Normal file
98
bundles/woodpecker-server/metadata.py
Normal file
|
|
@ -0,0 +1,98 @@
|
|||
from bundlewrap.metadata import atomic
|
||||
|
||||
defaults = {
|
||||
'postgresql': {
|
||||
'roles': {
|
||||
'woodpecker': {
|
||||
'password': repo.vault.password_for(f'{node.name} postgresql woodpecker'),
|
||||
},
|
||||
},
|
||||
'databases': {
|
||||
'woodpecker': {
|
||||
'owner': 'woodpecker',
|
||||
},
|
||||
},
|
||||
},
|
||||
'woodpecker-server': {
|
||||
'environment': {
|
||||
'WOODPECKER_AGENT_SECRET': repo.vault.password_for(f'{node.name} WOODPECKER_AGENT_SECRET'),
|
||||
'WOODPECKER_DATABASE_DATASOURCE': repo.vault.password_for(f'{node.name} postgresql woodpecker').format_into(
|
||||
'postgres://woodpecker:{}@localhost/woodpecker?sslmode=disable'
|
||||
),
|
||||
'WOODPECKER_DATABASE_DRIVER': 'postgres',
|
||||
'WOODPECKER_GRPC_ADDR': ':22101',
|
||||
'WOODPECKER_LOG_LEVEL': 'warn',
|
||||
'WOODPECKER_OPEN': 'true',
|
||||
'WOODPECKER_SERVER_ADDR': ':22100',
|
||||
|
||||
# https://github.com/woodpecker-ci/woodpecker/issues/1497
|
||||
# https://github.com/woodpecker-ci/woodpecker/issues/748
|
||||
'GODEBUG': 'netdns=go'
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts/woodpecker-server',
|
||||
'woodpecker-server/environment/WOODPECKER_HOST',
|
||||
)
|
||||
def nginx(metadata):
|
||||
if not node.has_bundle('nginx'):
|
||||
raise DoNotRunAgain
|
||||
|
||||
ssl = metadata.get('nginx/vhosts/woodpecker-server/ssl', 'letsencrypt')
|
||||
domain = metadata.get('woodpecker-server/domain')
|
||||
prefix = 'https' if ssl else 'http'
|
||||
|
||||
return {
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
'woodpecker-server': {
|
||||
'domain': domain,
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22100',
|
||||
'additional_config': {
|
||||
'proxy_redirect off',
|
||||
'chunked_transfer_encoding off',
|
||||
},
|
||||
},
|
||||
'/metrics': {
|
||||
'return': 403,
|
||||
},
|
||||
'/debug': {
|
||||
'return': 403,
|
||||
},
|
||||
},
|
||||
'website_check_path': '/do-login',
|
||||
'website_check_string': 'Woodpecker',
|
||||
},
|
||||
},
|
||||
},
|
||||
'woodpecker-server': {
|
||||
'environment': {
|
||||
'WOODPECKER_HOST': f'{prefix}://{domain}',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'firewall/port_rules',
|
||||
)
|
||||
def firewall(metadata):
|
||||
port = metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')[1:]
|
||||
agents = set()
|
||||
|
||||
for node in repo.nodes:
|
||||
if node.has_bundle('woodpecker-agent'):
|
||||
agents.add(node.name)
|
||||
|
||||
return {
|
||||
'firewall': {
|
||||
'port_rules': {
|
||||
port: atomic(agents),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
|
||||
import re
|
||||
from subprocess import check_output
|
||||
from sys import argv, exit
|
||||
import re
|
||||
|
||||
|
||||
def to_bytes(size):
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
|
||||
import re
|
||||
|
||||
from datetime import datetime
|
||||
from json import loads
|
||||
from subprocess import check_call, check_output
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
from json import dumps
|
||||
#from os.path import join
|
||||
|
||||
from bundlewrap.metadata import MetadataJSONEncoder
|
||||
|
||||
|
|
|
|||
62
data/apt/files/gpg-keys/docker.asc
Normal file
62
data/apt/files/gpg-keys/docker.asc
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
|
||||
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
|
||||
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
|
||||
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
|
||||
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
|
||||
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
|
||||
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
|
||||
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
|
||||
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
|
||||
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
|
||||
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
|
||||
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
|
||||
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
|
||||
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
|
||||
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
|
||||
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
|
||||
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
|
||||
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
|
||||
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
|
||||
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
|
||||
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
|
||||
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
|
||||
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
|
||||
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
|
||||
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
|
||||
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
|
||||
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
|
||||
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
|
||||
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
|
||||
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
|
||||
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
|
||||
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
|
||||
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
|
||||
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
|
||||
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
|
||||
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
|
||||
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
|
||||
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
|
||||
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
|
||||
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
|
||||
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
|
||||
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
|
||||
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
|
||||
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
|
||||
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
|
||||
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
|
||||
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
|
||||
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
|
||||
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
|
||||
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
|
||||
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
|
||||
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
|
||||
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
|
||||
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
|
||||
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
|
||||
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
|
||||
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
|
||||
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
|
||||
=0YYh
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -1,52 +1,29 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQINBFYJmwQBEADCw7mob8Vzk+DmkYyiv0dTU/xgoSlp4SQwrTzat8MB8jxmx60l
|
||||
QjmhqEyuB8ho4zzZF9KV+gJWrG6Rj4t69JMTJWM7jFz+0B1PC7kJfNM+VcBmkTnj
|
||||
fP+KJjqz50ETnsF0kQTG++UJeRYjG1dDK0JQNQJAM6NQpIWJI339lcDf15vzrMnb
|
||||
OgIlNxV6j1ZZqkle4fvScF1NQxYScRiL+sRgVx92SI4SyD/xZnVGD/szB+4OCzah
|
||||
+0Q/MnNGV6TtN0RiCDZjIUYiHoeT9iQXEONKf7T62T4zUafO734HyqGvht93MLVU
|
||||
GQAeuyx0ikGsULfOsJfBmb3XJS9u+16v7oPFt5WIbeyyNuhUu0ocK/PKt5sPYR4u
|
||||
ouPq6Ls3RY3BGCH9DpokcYsdalo51NMrMdnYwdkeq9MEpsEKrKIN5ke7fk4weamJ
|
||||
BiLI/bTcfM7Fy5r4ghdI9Ksw/ULXLm4GNabkIOSfT7UjTzcBDOvWfKRBLX4qvsx4
|
||||
YzA5kR+nX85u6I7W10aSqBiaLqk6vCj0QmBmCjlSeYqNQqSzH/6OoL6FZ7lP6AiG
|
||||
F2NyGveJKjugoXlreLEhOYp20F81PNwlRBCAlMC2Q9mpcFu0dtAriVoG4gVDdYn5
|
||||
t+BiGfD2rJlCinYLgYBDpTPcdRT3VKHWqL9fcC4HKmic0mwWg9homx550wARAQAB
|
||||
tDFJbmZsdXhEQiBQYWNrYWdpbmcgU2VydmljZSA8c3VwcG9ydEBpbmZsdXhkYi5j
|
||||
b20+iQI3BBMBCgAhBQJWCZsEAhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
|
||||
EGhKFM8lguDF9XEQAK9rREnZt6ujh7GXfeNki35bkn39q8GYh0mouShFbFY9o0i3
|
||||
UJVChsxokJSRPgFh9GOhOPTupl3rzfdpD+IlWI2Myt6han2HOjZKNZ4RGNrYJ5UR
|
||||
uxt4dKMWlMbpkzL56bhHlx97RoXKv2d2zRQfw9nyZb6t3lw2k2kKXsMxjGa0agM+
|
||||
2SropwYOXdtkz8UWaGd3LYxwEvW3AuhI8EEEHdLetQaYe9sANDvUEofgFbdsuICH
|
||||
9QLmbYavk7wyGTPBKfPBbeyTxwW2rMUnFCNccMKLm1i5NpZYineBtQbX2cfx9Xsk
|
||||
1JLOzEBmNal53H2ob0kjev6ufzOD3s8hLu4KMCivbIz4YT3fZyeExn0/0lUtsQ56
|
||||
5fCxE983+ygDzKsCnfdXqm3GgjaI90OkNr1y4gWbcd5hicVDv5fD3TD9f0GbpDVw
|
||||
yDz8YmvNzxMILt5Glisr6aH7gLG/u8jxy0D8YcBiyv5kfY4vMI2yXHpGg1cn/sVu
|
||||
ZB01sU09VVIM2BznnimyAayI430wquxkZCyMx//BqFM1qetIgk1wDZTlFd0n6qtA
|
||||
fDmXAC4s5pM5rfM5V57WmPaIqnRIaESJ35tFUFlCHfkfl/N/ribGVDg1z2KDW08r
|
||||
96oEiIIiV4GfXl+NprJqpNS3Cn+aCXtd7/TsDScDEgs4sMaR29Lsf26cuWk8uQIN
|
||||
BFYJmwQBEADDPi3fmwn6iwkiDcH2E2V31cHlBw9OdJfxKVUdyAQEhTtqmG9P8XFZ
|
||||
ERRQF155XLQPLvRlUlq7vEYSROn5J6BAnsjdjsH9LmFMOEV8CIRCRIDePG/Mez2d
|
||||
nIK5yiU6GkS3IFaQg2T9/tOBKxm0ZJPfqTXbT4jFSfvYJ3oUqc+AyYxtb8gj1GRk
|
||||
X283/86/bA3C98u7re1vPtiDRyM8r0+lhEc59Yx/EAOL+X2gZyTgyUoH+LLuOWQK
|
||||
s1egI8y80R8NZfM1nMiQk2ywMsTFwQjSVimScvzqv5Nt8k8CvHUQ3a6R+6doXGNX
|
||||
5RnUqn9Qvmh0JY5sNgFsoaGbuk2PJrVaGBRnfnjaDqAlZpDhwkWhcCcguNhRbRHp
|
||||
N7/a0pQr70bAG9VikzLyGC17EU0sxney/hyNHkr4Uyy2OXHpuJvRjVKy/BwZ3fxA
|
||||
AYX2oZIOxQB3/OulzO/DppaCVhRtp1bt+Z5f+fpisiVb5DvZcMdeyAoQ4+oOr7v3
|
||||
EasIs2XYcQ+kOE3Y2kdlHWBeuXzxgWgJZ1OOpwGMjR3Uy6IwhuSWtreJBA4er+Df
|
||||
vgSPwKBsRLNLbPe3ftjArnC5GfMiGgikVdAUdN4OkEqvUbkRoAVGKTOMLUKm+ZkG
|
||||
OskJOVYS+JAina0qkYEFF7haycMjf9olhqLmTIC+6X7Ox9R2plaOhQARAQABiQIf
|
||||
BBgBCgAJBQJWCZsEAhsMAAoJEGhKFM8lguDF8ZIP/1q9Sdz8oMvf9AJXZ7AYxm77
|
||||
V+kJzJqi62nZLWJnrFXDZJpU+LkYlb3fstsZ1rvBhnrEPSmFxoj72CP0RtcyX7wJ
|
||||
dA7K1Fl9LpJi5H8300cC7UyG94MUYbrXijbLTbnFTfNr1tGx4a1T/7Yyxx/wZGrT
|
||||
H/X8cvNybkl33SxDdlQQ9kx3lFOwC41e3TkGsUWxn3TCfvDh8VdA6Py6JeSPFGOb
|
||||
MEO2/q7oUgvjfV+ivN5ayZi9bWgeqm1sgtmTHHQ4RqwwKrAb5ynXpn1b9QrkevgT
|
||||
b91uzMA22Prl4DuzKiaMYDcZOQ3vtf0eFBP0GOSSgUKS4bQ3dGgi1JmQ7VuAM4uj
|
||||
+Ug5TnGoLwclTwLksc7v89C5MMPgm2vVXvCUDzyzQA7bIHFeX+Rziby4nymec4Nr
|
||||
eeXYNBJWrEp8XR7UNWmEgroXRoN1x9/6esh5pnoUXGAIWuKzSLQM70/wWxS67+v2
|
||||
aC1GNb+pXXAzYeIIiyLWaZwCSr8sWMvshFT9REk2+lnb6sAeJswQtfTUWI00mVqZ
|
||||
dvI3Wys2h0IyIejuwetTUvGhr9VgpqiLLfGzGlt/y2sg27wdHzSJbMh0VrVAK26/
|
||||
BlvEwWDCFT0ZJUMG9Lvre25DD0ycbougLsRYjzmGb/3k3UktS3XTCxyBa/k3TPw3
|
||||
vqIHrEqk446nGPDqJPS5
|
||||
=9iF7
|
||||
mQINBGPIEycBEACpG4qSjhxA6fh4QJVJxFVBvCFt9tVx/hDbKH0Ryy9iilyMeReC
|
||||
AS1/CZnSv/fhDNKmVPckf6on72z/ODwZcVfMV6DHkxmZ6x/tQrS6CWfKkupsON2H
|
||||
KS3t4HUivahwHPlWtbfDqsWNwTAsZqklKpJQWY2ADPwurkbCmtYSjsgbLuWe23Pd
|
||||
nJpLTHtlChM0ntW/l7Le1zYjGPUGoxMJgjg1YG8fi2l/zS0Of8bdQ26ps+WRvrSQ
|
||||
RKhfAkfIgUiCXxBpDlN1spN73ZlAkaSb+myTfEKyJR55Yt9pHfkDdJh26RVgE1+N
|
||||
GuLmm6oidaD9lTlNJ9P8wlLzoof3xJXYprgLLz/HmgtawnJ+DxFIXoXNNpUmhORJ
|
||||
6Hb2Z5IKIyGIwXhQVe2Lw7B8awBNV99zUw517Wuax3RYx7Hwhntz9gFxS4GRxaCo
|
||||
uLCFQ0AgDCkMHyEHufQo1XdjIB7fz6U551y5GMQw6/rjMnUM9ZI68SQ/FWou2cQf
|
||||
533PyayvWOYQM4pP7ZmbzyCd393XlMaPWA5dyUOqv7Vcmv0IsAbncX6/KJmZAhKG
|
||||
qu19xb6rv3ab2RbcU422guK3C/h/URPZJbSjf2w4jUV5UDe2veZg6BEVn7Sk5bW0
|
||||
ceX8n0GVbPNG7CvRduJPjXNzsz3FzmUS8QFFde3H5gl1T0f6GcfhmKgKEQARAQAB
|
||||
tDdJbmZsdXhEYXRhIFBhY2thZ2UgU2lnbmluZyBLZXkgPHN1cHBvcnRAaW5mbHV4
|
||||
ZGF0YS5jb20+iQJVBBMBCAA/BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUJBaOk
|
||||
/BYhBJ1TnZDTMo3H1sjTudj/jh99+LB+BQJjyB9PAhsDAAoJENj/jh99+LB+klgQ
|
||||
AKOKdwTyKOr6+mnRrACz5U3EFxfAXXFGan9Ka7Nzgz4K+FOnTtT1gWwqrPPmTKQk
|
||||
epNUMcelfX1kCA08yCm0nyw2niqxES40W33ergKUj6jlDx7UQYXWsDQGD9IKksa8
|
||||
MWfZlJ3zlrsGKXA4oa+kfY+vltWDVP8WhLcQzm2LywbKvr3WgY80GZbnRjoekiBK
|
||||
oMKztQVMJG5yNZBo9B4JrqB3wMpnXZxEtqZcBPsJJdXTFKHsQ7kB9TMNorbUvDNH
|
||||
ohwsprgMw84vHikEk9jyCypXpYq/E/wvkM0CeIUJ36S2vGvACib7BiY6Xv0BQbM4
|
||||
rWq2Rrjag1y5vVAF9gJkeo/3rhM6lE1ahDCRq0QcBMVzbxiE+3COIzRPmz14J3Yn
|
||||
0pkvzlVkNj5UZR8q91ESl+UxkFCP1wzcXgs0dpJWirQIOZ9E2eYv3LcjE68xjW1k
|
||||
c5q1GOGvJI7aXADxUZ4lFbz+NUb4Ts4HXHc8gV1Gm0vvmIqv2YfAvL5DXbKLdZxh
|
||||
73CxKvBMmTXIEQ+vQJ3p1ZnUnb+l6DoxEFWg/hXHmE5jY3P6HIVFdliXF5FEs1lr
|
||||
9snU2Pn1BDL+TBN7SX0QbKqArWA4qyn6eGH8Z1ULoUVBPCjwC9QuInp/9fqifFYo
|
||||
OM3A51MDGyc/HCVG6jNJEI5h71QGHlPfyQybpjy7rQSe
|
||||
=YwXc
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
|||
|
|
@ -1,52 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFWz+OYBEACXcmKiL6ix1e4gJIWVoGMF7Hv0VOVKJgIUF/zJYBqk3sXQp/pi
|
||||
JbIoODhrrIbEK33mqgy1EfzEmDhEurule59hq9HAQpOEz9hVbghhnsB8eXEQ9yJO
|
||||
Wf8D8UGi2MKmqkvf7//jvdywNaQG/xhLu2xld7MxjuhswfiUWqoRFRpQoKY2QCe9
|
||||
n92qS0MGGK0B6WgapZZPT6AGyqKYtkCA5qUn7bcoEM2236nXhOAYHJh0o4qJ+cBk
|
||||
BbSx8KEdrZxKQH50gB//gk/K2s+6CbYYOcJX6z3SLa3fxzlbyH9xQhpumAv/++2v
|
||||
IIJbJHJicsmCKe/SQ7x5xVh90j6xA3oiYZIG78xWL0xnGCPhFws861dR2iON6CSp
|
||||
+UKDciEQJH+Ew40la+DcHH7tzHlpZpCC1Jv7VBDkhziPrsscgOtYEwfhsq0Pyfpo
|
||||
0IsyVDBUyj3Nne1NcKShd6+SYFz+gtXkttELi+DZmyA6onatw7LPGFHs8gOVKYBM
|
||||
PzmERQ1DjlFW+Dc8FEQquYiquzmkyhJUXHVD1G8Mkic8jhccWbv3S7ePanvpgyZ3
|
||||
/KBAWk48/sym+zJTLWuJsCCNLI3K6gngexz1MMaRaPkbVK+4aboNLm6YhVlF5RCK
|
||||
rTzIUAeB4dmu1k8Quqy/nYhYMokB9w5hiPwmGutjbpOntnrfqxvYy1EL1wARAQAB
|
||||
tDBvcGVuSEFCIEJpbnRyYXkgUmVwb3NpdG9yaWVzIDxvd25lckBvcGVuaGFiLm9y
|
||||
Zz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQTtt9AwTi/K
|
||||
9infEWMHVyH2oiQGCgUCXTjCTAUJDwsFBgAKCRAHVyH2oiQGCmfMD/sGZickeBlA
|
||||
+x8XxfzvwxTnW/8MCvFBa4l/GoK9bALylvekP4adk/aaySMk/zjk231mwmMuttnP
|
||||
VDg6TwhxhthveAFdbJEkTNhWUqH0FzyN9QwEGfIodjkQSYWwosY+55V0uYp2zfo9
|
||||
iHOtxzXjuLnkpZZPyY33qqGruqhnbyo2J09oLNw4MIwOepNMihP5u0nudTXiDivg
|
||||
eg8lx/4WIIfwDwCe1gSBnU/731B0TIruxz3cQabLgeTuKB13+ajtJGuH1qrHxMVx
|
||||
CFhD8wCugNj0qcI6NS06SXwLSAFr+xIeFXWVum2okWt2nzPpn7ll/FUG+qRECipt
|
||||
m1IaEbelUrcuk7dUY75Fz5Fx8S0HtYAcCYYBDnhcaSSq7sK0NklrVz+bQZsJx4hY
|
||||
ebkiNI/xFM3slOYoRzGWawuVpG/y1/VM/QRPS4uUS5rnvbGLVpn3bR+03FQwZWeb
|
||||
yfMNke74TlM9+aEJZb1uxYQGLDFNDVNyALtGhDDp0R/FuDR0my3va3GJnZrtUGVg
|
||||
M5Xfs/ebsKZ+CuLKqlbdZ0zjLUCJoT+tGGT1VPpi83jc+4wZXynj9b9/CWHoDfaN
|
||||
VKTj95R7c7IOMRH5srpHX3qSzIF2Yav395SxJNuTTxcPCZ+n2M8jhvVnn4x8sWn5
|
||||
Ms0cN2tKVmfIbLF/1JempVsifJmRkbqN+rkCDQRVs/jmARAAxrYK7y1WW/szELpQ
|
||||
guGSJGIjLt3tNGHGLP3lX4G1DlbziysTx3fY+c+hzGAM8WInsABq5fOWqkiLfx3f
|
||||
wlHdo7bxv3U+xWq+xV9OOx+tjJn2xI3EtZ632pOQtxj/+6Tdcf3tIwOSMKK5kpGw
|
||||
DU1VoLkWMfJeq0md6TDRB49p82Q1UGTaVCCfHYpvwCyuv1FWhSQuPJJLdP0YRX2i
|
||||
1L7zyJLUzjmlAmlNoSMSaoozNJoz/XKFOPoJ66Tu8j8j8W+yqcAKeRTPiZXCEjbh
|
||||
3wgxrx3PWV77kOmtfb0sHyxRujdJvEUfixrSoi4qLrE8kCo2OR8d1C5DsMlbZzvF
|
||||
kHWaNSkOtpWqEGD/+BLs6lejHvbBEvYSsQMF53yH8q1U+9+7CP9wwKKAtN7LQJcw
|
||||
xUADv/UhSLA/ZZTisaeUVem9vZlnVfANSieYQvy6zWqvKF4FhBpQbVzSINWv/nzu
|
||||
NR4gg3uJRMHUb4cyfy3mmJ7FwwF8oHQXU+mkILWmiwrMDbq0Mjc8FRL5Bg4iTwS5
|
||||
jDGLZ0g4xU0GYi22eAWPL0dpQpA8t5Ja7W+x+VASOtbpnMAJO94YZ4yXlDcDeNJD
|
||||
uo2y0z+xjuloPrGK+AssCpOBxpBlcrAFRMx5+rpkHSlLtkQNPeBPwXlryafDZ2PA
|
||||
QsLBxUmFphyBraakmdGP3mR9ThUAEQEAAYkCPAQYAQoAJgIbDBYhBO230DBOL8r2
|
||||
Kd8RYwdXIfaiJAYKBQJdOMOgBQkPDFfaAAoJEAdXIfaiJAYKDLgP/iuh/Kppaem/
|
||||
wsRs6ehuCyEVz7ZJsKeq9ZL3d0jQy0CaFQRSICucptBeb14rTvf/i5+eEQI7E/bJ
|
||||
9dLm1mepVS8M3wyn9+pP+Loa7bajEAD5ap08F88q56s+U70HO30qRHxp2yD9ZU0A
|
||||
joX8pAIS/YaMicm1EFYajpyls/Jcyp2JG2AavRsrQ3iHvGv5Fc2/09E76lwje/Yh
|
||||
royPhCrVm0adk6sxLfmKNiXBpLb5gzHR81oo20zk0+qYg2pRcVvfd6PvOcsrO4tl
|
||||
K8kUMyfYixVKJu59xtMdg5ff6qlBrmTXkxyGb0t7VlhnX4UKcVU//+6b0TnBmUaG
|
||||
61CZ4CGD2VvUMXcM0ihYl85g7+O9u/P2u3mhLX3xEa+rM4XpzqajL+jpt3CGQLkp
|
||||
TnKZ8g1k9l7UkrHvVs/tBTCPvOEstzMwq2tWNuCbJ7Y9oB6FDPZGM3oFe2ubu2OH
|
||||
MFT3KmOhD2jhWCXyB1hK/LOmINGfdfulBsK2KLKtKoJMWu2QLyMLa91l3AhzbH+s
|
||||
7gQY6iC9rTy9qfHGOLTPjrHfkmrBky+KiDx1KVOnQvPqloLbKhkq1KHv8TAonqGK
|
||||
THbU4Eod0DmWw80Z2zX7jV3BJs9VmDhr5NzpaZCVlrKrL+vIXzFClCYWQQMwfHpO
|
||||
Yyq3xLVDG/Zs7LmgSAiEITxRFTR4qg7k
|
||||
=r37a
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
1
data/backup/keys/ns-primary.key.vault
Normal file
1
data/backup/keys/ns-primary.key.vault
Normal file
|
|
@ -0,0 +1 @@
|
|||
encrypt$gAAAAABj1jTasX0XOFRWh7F0pxNgMoJIjrblvqOM8ohGVCsvVyMEQDiOmGaJCs9lW-lbeghlzRpiC8P7CNot6OOeNXBYWmxN_HgN3J2p6Q5-XoSJ62NUJWQNRNNENuiN1Yy0g0MREk4gVsNh8-VeoXuKgyLEXJQJI-SYLzl8faZoBnQGTK4FbTAiN6KSB4EbTPwxx-8dYp8kNIj4ipBjkQKNu-mXuVvdnf5fTUwTCQx6rz7yjlp7DOPuSJDASg5bE33dd8gt89grW5vBKeEnQsi7hpJCJF5vNfRay89IKfjf6UqxJHKCmS2tIWQ9Kz4Tv41MnNR0-jvnULq7TWcnqwo_SKb8JRLUA3dH2wLiOUu7aApYSkeSNiul2ILCtBPsjY_eWzqdd3tkpJBErOcFVe2mdjVRSIUOXTM_T3nNWCJgn5TxD4qbHklZoCaM6Ey9P_yQj-sSRGizgcDhGiqY8xJNmwbWz9IH5a_Fs6iRVhAh6VzSa1ZAKxcum87dj-KVA_SjG9hy7Dy28xK0D4NoSpYFOkEz4VHpa1tP0t8QJ2WtQiw-qjHFzokkIINEUKUPIBg6t_5oedJ24YMnyyzBZ2_uQ1HFVFjBx-7Iw73bTPNluVwXkobzEnrYFwDsEXGE6tR0HjbteNxj
|
||||
1
data/backup/keys/ns-primary.pub
Normal file
1
data/backup/keys/ns-primary.pub
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+FCn1sWP74+lVAyaXDpXxCCauh6LC2KEJmIMhDEYvJ kunsi@kunsi-p14s.kunbox.net
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN cybert-media.net.
|
||||
|
||||
@ IN A 159.69.11.231
|
||||
IN AAAA 2a01:4f8:c2c:c410::1
|
||||
IN TXT "v=spf1 a ~all"
|
||||
|
||||
www IN CNAME cybert-media.net.
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN die-brontosaurier-waren-es.org.
|
||||
|
||||
; ends up on rx300.kunbox.net
|
||||
@ IN A 31.47.232.106
|
||||
IN AAAA 2a00:f820:528::2
|
||||
IN MX 10 rx300.kunbox.net.
|
||||
IN TXT "v=spf1 mx ~all"
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN emails.sexy.
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN eskalation.jetzt.
|
||||
|
||||
|
||||
queere IN NS ns1.athena7.eu.
|
||||
queere IN NS ns2.athena7.eu.
|
||||
queere IN NS ns3.athena7.eu.
|
||||
queere IN NS ns4.athena7.eu.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN felix-kunsmann.de.
|
||||
|
||||
@ IN MX 10 rx300.kunbox.net.
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN flauschehorn.sexy.
|
||||
|
||||
@ IN A 5.189.140.103
|
||||
IN AAAA 2a02:c207:3002:8320:feed:f2c1:c0ff:ee
|
||||
IN MX 10 rx300.kunbox.net.
|
||||
IN TXT "v=spf1 mx ~all"
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
|
||||
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
|
||||
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
) ;
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN franzi.business.
|
||||
|
||||
; ends up on rx300.kunbox.net
|
||||
@ IN A 31.47.232.106
|
||||
IN AAAA 2a00:f820:528::2
|
||||
IN MX 10 rx300.kunbox.net.
|
||||
IN TXT "v=spf1 mx a:sewfile.htz-cloud.kunbox.net ~all"
|
||||
|
||||
chat IN CNAME rx300.kunbox.net.
|
||||
dimension IN CNAME rx300.kunbox.net.
|
||||
git IN CNAME rx300.kunbox.net.
|
||||
jenkins IN CNAME rx300.kunbox.net.
|
||||
matrix IN CNAME rx300.kunbox.net.
|
||||
mta-sts IN CNAME rx300.kunbox.net.
|
||||
netbox IN CNAME rx300.kunbox.net.
|
||||
sewfile IN CNAME sewfile.htz-cloud.kunbox.net.
|
||||
paste IN CNAME rx300.kunbox.net.
|
||||
postfixadmin IN CNAME rx300.kunbox.net.
|
||||
radicale IN CNAME rx300.kunbox.net.
|
||||
rss IN CNAME rx300.kunbox.net.
|
||||
status IN CNAME icinga2.ovh.kunbox.net.
|
||||
tickets IN CNAME franzi-business.cname.pretix.eu.
|
||||
travelynx IN CNAME rx300.kunbox.net.
|
||||
unicornsden IN CNAME rx300.kunbox.net.
|
||||
wiki IN CNAME rx300.kunbox.net.
|
||||
|
||||
_matrix._tcp IN SRV 10 10 443 matrix
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
|
||||
_mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
|
||||
|
||||
2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
|
||||
"vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
) ;
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
|
||||
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
) ;
|
||||
|
|
@ -1,4 +1,14 @@
|
|||
${header}
|
||||
$TTL 60
|
||||
@ IN SOA ns-primary.kunbox.net. hostmaster.kunbox.net. (
|
||||
${SERIAL}
|
||||
3600
|
||||
600
|
||||
86400
|
||||
300
|
||||
)
|
||||
|
||||
|
||||
${NAMESERVERS}
|
||||
|
||||
$ORIGIN kunbox.net.
|
||||
|
||||
|
|
@ -10,6 +20,10 @@ $ORIGIN kunbox.net.
|
|||
IN MX 10 rx300
|
||||
IN TXT "v=spf1 mx ~all"
|
||||
|
||||
; delegate acme stuff to psql-managed zone
|
||||
_acme-challenge IN CNAME _acme-challenge.kunbox.net.le.kunbox.net.
|
||||
_acme-challenge.home IN CNAME _acme-challenge.home.kunbox.net.le.kunbox.net.
|
||||
|
||||
; Mail servers
|
||||
mta-sts IN CNAME rx300
|
||||
|
||||
|
|
|
|||
|
|
@ -1,31 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN kunsmann.eu.
|
||||
|
||||
; ends up on rx300.kunbox.net
|
||||
@ IN A 31.47.232.106
|
||||
IN AAAA 2a00:f820:528::2
|
||||
IN MX 10 rx300.kunbox.net.
|
||||
IN TXT "v=spf1 mx ~all"
|
||||
|
||||
git IN CNAME rx300.kunbox.net.
|
||||
grafana IN CNAME influxdb.htz-cloud.kunbox.net.
|
||||
icinga IN CNAME icinga2.ovh.kunbox.net.
|
||||
influxdb IN CNAME influxdb.htz-cloud.kunbox.net.
|
||||
luther-ps IN CNAME luther.htz-cloud.kunbox.net.
|
||||
mta-sts IN CNAME rx300.kunbox.net.
|
||||
statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net.
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
|
||||
_mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
||||
|
||||
2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
|
||||
"vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
) ;
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
|
||||
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
) ;
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN trans-agenda.de.
|
||||
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN trans-agenda.eu.
|
||||
|
||||
@ IN MX 10 rx300.kunbox.net.
|
||||
IN TXT "v=spf1 a mx ~all"
|
||||
|
||||
mta-sts IN CNAME rx300.kunbox.net.
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
|
||||
_mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
||||
|
||||
2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
|
||||
"vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||
) ;
|
||||
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
|
||||
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||
) ;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
${header}
|
||||
|
||||
$ORIGIN warnochwas.de.
|
||||
|
|
@ -1,27 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEiTCCA3GgAwIBAgISBEiaFE6qZ3+AhUkmqKta5OSuMA0GCSqGSIb3DQEBCwUA
|
||||
MIIEijCCA3KgAwIBAgISA8l+oC4pMh1Q/UNiEPuiw39OMA0GCSqGSIb3DQEBCwUA
|
||||
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
|
||||
EwJSMzAeFw0yMjExMDYwNjA3MTZaFw0yMzAyMDQwNjA3MTVaMBoxGDAWBgNVBAMT
|
||||
D2ZyYW56aS5idXNpbmVzczB2MBAGByqGSM49AgEGBSuBBAAiA2IABFdgHf2P15+0
|
||||
as3iN/M7itWsdWCtH35cGIf871AeU5OhB4JDNbb5aDsho9ga/vIsjpB1Xh3EhNvP
|
||||
I3b8KT9JUUE/dIRaWvNp8OSKihiU72mXIIlmslVW2AeqwBGMU0L+46OCAl0wggJZ
|
||||
EwJSMzAeFw0yMzAxMjkwNDM5NTFaFw0yMzA0MjkwNDM5NTBaMBoxGDAWBgNVBAMT
|
||||
D2ZyYW56aS5idXNpbmVzczB2MBAGByqGSM49AgEGBSuBBAAiA2IABMlQ1P5Y0aZ5
|
||||
vUzB4TAP8iIuiO3GJnYhnKrbe/Lz3gf6Ct9bGM4JLY3RI9xcSmol3sNKdVmbHMRe
|
||||
z63GW4twSnS517axo6jcT0YQkFVyhWHvLnpBW42M1FpjzaDCbs74zKOCAl4wggJa
|
||||
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
|
||||
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUsY9YAWIXWlFiQi/JImI6LFxrc6gwHwYD
|
||||
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURw5+tfBU0aOBqfN40kz43fUcjx4wHwYD
|
||||
VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG
|
||||
CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
|
||||
dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5mcmFuemkuYnVzaW5l
|
||||
c3OCD2ZyYW56aS5idXNpbmVzczBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE
|
||||
AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y
|
||||
ZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALc++yTfnE26dfI5xbpY9Gxd/ELP
|
||||
ep81xJ4dCYEl7bSZAAABhEvD10MAAAQDAEcwRQIhAM2BBzR9UWZNuK3+nk6AdaJL
|
||||
1j8OvFPZnb+CJqdYtBe8AiAJM4kwOyZLzK/ZGXzwBJLjRTXs2hJZ4qXUzszhv/hs
|
||||
+QB2AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhEvD2UYAAAQD
|
||||
AEcwRQIgfMXcWDFe5IKe6n4D9t3zpecF7wCIje8pBd4WQ3OfxM4CIQDpGTCU2pUI
|
||||
Hfwkq+6a2j6Lh3baERBbrfnGDF2AOjjelzANBgkqhkiG9w0BAQsFAAOCAQEAMGiD
|
||||
9uo+WVO+p/HFA+bHM/1ZaTDBONP72YHPx0tdFvQAPQ59n8n6KsE2w9cioNHiRYVv
|
||||
WhoHjWXtzsCiJzNvc4wuTCxJkBtfSAvsOGqGMQJ+cQym+aSBKqSKvKsIQQjOmz/p
|
||||
sere5gqTkhuCfnbF8AL7JqDFld4knlbzzsdhj0SjcAO4OUA8SdHdGq192hVRB+nL
|
||||
IFb6Ax4jD/fQ19j+uL+F1MgMmwUkVF77X279FGlax9PGpmQ47aLj5w7qDpZxfHf9
|
||||
Z2nq14Bk6USZcz9hR+gq38lvo6aU/0MvPey9QiIzLg78K0gEQ1o3qoUIl+9erSLR
|
||||
ssU+fmyZoeNBV6q8xw==
|
||||
ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AHoyjFTYty22IOo44FIe6YQWcDIT
|
||||
hU070ivBOlejUutSAAABhfwJ/TEAAAQDAEgwRgIhAINjOWzyMeYZYFNk5cdghSwA
|
||||
JDuxKo8/ubIlsAV9ymJWAiEAuVZjp2GQ0RmFyGVDiF865uC4lTtzMIwmpgwYiBqg
|
||||
DQsAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYX8Cf1OAAAE
|
||||
AwBHMEUCIGoeOIHC8O+zj/3E89BHv+9siaKSOy/2I6i53V5faX3EAiEAsk/Lhr/0
|
||||
NpogdjroYqt1sKvTzmO0BrxWJ5a41JQdtX0wDQYJKoZIhvcNAQELBQADggEBAIM4
|
||||
moszjbZGKjaoCtsj5t7Dtxu/JmE9gOnwfxnUrDKn0T00dKQi8Mk6a4C5vdGnxorO
|
||||
lj8VutznRvp1RKxb6WWyk0iW22rLm+kTudf/vf9lY0X7DmD/u3MO2tGumwjMdLRT
|
||||
QgxP+yu8R03ZppnuzYZhERAbY6AuC/U+owiYjNfF4v1Eyn4zxe6L2v0UWGnBWObb
|
||||
xv5RbhHFezr676GaLIrcVh0rN6YNK2J1Cei2pNtAVSLiSJvuuO5Qq1KE7wQqbGd+
|
||||
lqK2tcEZRtzaFrpW7C0ZW7LpgO8zdeN4BtD25ozhGJO/0H5hhKpQ/wtWqXYKkhC/
|
||||
G47QSheqKqJnHOCL0hA=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
encrypt$gAAAAABjZ10m0BnUbl5777KN6VHf6uAdtcs15-osbqRoQq6epRuWllD-ziy_2N7BrOkRcmfSJaB8zZ1l1bLD6ws3SlI7jvbkahvWnuKinkGiE30SGGjqr6MY_NJGawdox8OJWrsWLFYJJjrePl_mmVtx9G41oBreKizj1YPswzbzsFociJ0zF0xlx99sjjLxRB5PEaI3fwK1eXDmODGZ__dwKxINGSB2zxPb10Vwtnsp3cmaUiKh1TfIghQAm523cAuHPys1-tNXuJpvhPY3tIxB5gHZYiBXMzcS64mD1KqEubsnplxQlK-N_mJ7Q6n0xReG00pqvm5twRI5g7PoHYLH7nZI7KYOSI2XMAS7gP6Uy-H60BQKAHXuX4yutznVRJspv0wa4kfW9vcBfFECBhFeC8tAAkgAc-NvAsDYk6tYSi2k3N2zXsiyHy0NL-JMnUEicQT3YZNnfkoYqjuxwFbQvgtZZun38w==
|
||||
encrypt$gAAAAABj1gankGocRRCdH6WqCUFJ6UtA1f07KpXYh4KcelenJv0ZbQ98f2nwIk29iXWEIsS9FTiRyEG95u_Lmm_p7GbKCMDSIZfZgAC2I3tp_BxZPerhEkwxTT_BjEYHRjMDFrzwoAypTO1Mj_XiT_CYvAZptHI3MZcI9QwPVw-CMJ4KqzG-IztkW8KVnuM7agiBdUt4IYkLyeZ0IoL4nOIWANtdM-y4rILv6N7WIMw6dgsSvLPEQR-PYdNLq866IR0-yFGOfYcQKOvpBqAt6A69E6JxSm3AakaJaS75QYF2lzGVjTfrFoGz60LUjC60KuTsu3dUckGUm7JEq1BSMxvc5b_a6pCazvoAnM0gbtbM_DjL0phLj7VWZEg-_1CHfc2S0-UxbxBjLKJ3NPPs93_En5RWxqxkhvvZgxzWJqQWP2eBprge8Q_EEXkMbxumVVx9Ymdynlw2AgkQhVVJIu_vnsZ4Uc8vIA==
|
||||
|
|
@ -1,27 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEijCCA3KgAwIBAgISA7oUZzeuZgmxMvP1zm5RtCGYMA0GCSqGSIb3DQEBCwUA
|
||||
MIIEijCCA3KgAwIBAgISA28YyqkbxYen4u/lcNEqBY7lMA0GCSqGSIb3DQEBCwUA
|
||||
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
|
||||
EwJSMzAeFw0yMjExMDYwNjA3MTdaFw0yMzAyMDQwNjA3MTZaMBoxGDAWBgNVBAMT
|
||||
D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABDcmJYSIKimG
|
||||
w9hUy0guhMoubPJ+QcSioL4TjuqKmgVCXXEHzkGuaCQTwRX7BiHOyH+3nqcm7N1x
|
||||
qF5rucOxJoKgGW40ZjemdWAVDGYm3euEU0Td0V+L6z/L/cWe25YwoKOCAl4wggJa
|
||||
EwJSMzAeFw0yMzAxMjkwOTE0MjZaFw0yMzA0MjkwOTE0MjVaMBoxGDAWBgNVBAMT
|
||||
D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABCsS8YhWoIvn
|
||||
yMOjY8LtjQ8+Pa58DBckQ1lnktMo1T3bfwxMxTGH+iYdOT4kHWOen6aNzdXqrerA
|
||||
YjTN/MRBCR8tMZglzmshUG7qpzI/s89QSL6+KoCV5Pl0mEWLSvrLFKOCAl4wggJa
|
||||
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
|
||||
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJkY/Eq6HUOrPZyW+Y+4/uiG0/8swHwYD
|
||||
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtCIXQGA7PP7mGdMLuN3nYsynu4wwHwYD
|
||||
VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG
|
||||
CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
|
||||
dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5u
|
||||
ZXSCD2hvbWUua3VuYm94Lm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE
|
||||
AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y
|
||||
ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AK33vvp8/xDIi509nB4+GGq0Zyld
|
||||
z7EMJMqFhjTr3IKKAAABhEvD2XwAAAQDAEgwRgIhAMzxM2rXgjZDrPm6jKHUS4u3
|
||||
BxokYdBgO63klZ5iuEyLAiEAinyT+YKDotIyWcUHvl0tpANYq+XlJaELvg7aCcwj
|
||||
3MgAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYRLw9tCAAAE
|
||||
AwBHMEUCIQDTNayLb2lW5oNnj1bJaqbcOnjOktsPSYUGaokd6iBeUQIgOak7kR7e
|
||||
rAvW3CwA1QSZgqRHLn86UFfGc0pVHNDb3e4wDQYJKoZIhvcNAQELBQADggEBABdr
|
||||
R6NgzfgNT2WVTpZOpgLEPO58WKBEofMtVTRDjDKinSvDUFRhJAEjoXKxZXtEG+yH
|
||||
VhGGLcmh+6mn8+8yz1qEngA3uGiHS533aOUbP3cCbfqRCeuKMS+5ojjOlKb3xZj4
|
||||
uRGvxw90wY3RYwn8k3/beEs+TaNnFU+NtBwScy+/8aRHG5rBQjdBWZHpcB4/wT0V
|
||||
cLakTharwRHVw11GFlEk60k2JMEtCLkBjKq/CpbusQZHd1uVyzhWC802lWRqY4nq
|
||||
YTO3Z8FNRGOaHVcydX6wMlQg/t+1hYgCC6HWhuOf8AOr+kkg4zSdv0YvAYuOzY8X
|
||||
sc1/2y3z9deYm4qHw/w=
|
||||
ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELP
|
||||
ep81xJ4dCYEl7bSZAAABhf0FYYAAAAQDAEcwRQIgLCh9130fH81/vY6Ps7inMh3l
|
||||
GEM8GPiDEHk68oq2R9wCIQCnHdc9Seo+qTRnc6DcoKvyC9azNFEZBiikMgoIJkyq
|
||||
6gB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhf0FYZgAAAQD
|
||||
AEgwRgIhAM3M2KLdUfIiqVgaMqIH1ust2lUjR10gwN8juONeXZoMAiEA2KArQKYG
|
||||
GbhN/dWqht+So4Ni3/K5Vwcfb91ewthPR6swDQYJKoZIhvcNAQELBQADggEBALhs
|
||||
LaBZ27UoZOqukblSD8EyoLnJ3Cplg1r3J9+e4QNzySjsDpYr/w+Y4mUT/nGAGgGL
|
||||
4b1cHD57XnQB1yvB3Dv9aowg+Udo4eTNY41FMgouYhYFowi5gWYoQhpIFOpwvd0v
|
||||
Cmrl4PPta2Ytbg/FMNxOt47E0sUL2zASMCKTKcPsIpcpEG7w8jBGcCX7e3NCG36z
|
||||
K4jZqW3Pd3BZe1e7ywUyF/SSw38Pv1rFbBxuSh+kDjQfcOWN75oOyyKgcLsGBxfy
|
||||
850WclzgMTnRRlZGaiUTVQ7uPkB44DIhTT6afxPMDKrtRLkd5LHownE3NPUTyfDx
|
||||
cK9weiaIniziAnEjUr4=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
encrypt$gAAAAABjZ10mtywN2Tx7b0-sZywDVcNo5gQbnzjwlMjQPktMwmRBwGMbQVcwuGhhopu5vd4Ztw8aGO5lf-SQmLWgdpR4aIrPNx1Iu4urF2LMV-BMLSgmF85ADQzlbiBvrzGAnIoVUjwXYyGj1Wst4feWMKBDc_kThinYhSplMZ_yjEbMj0eMGRzjSclkvAm24KWi7l_LQAklRELuQQyopHDo47AxehNI-nvLfO0FfXZJpkdrMV1V8lSqyXwBSW3McJKH8bbmVEX8qq-mNntBNpe3n5V2ninj72aC0D572hfMp-jKC6xccf-CqnmX1qaWGGj1yiFDdBxfOSU-kO6204BVtfspMtkI75YAYE_7aA-GUiHfXaNHvDhf2uMb8ssbJUdvGS_oLx1qnKiyeyJ6RRhl71xxXjNEo0hPYYY1BGj6hjq30R8aGknkQNCjyCD87Sc7qh95KpMmY4d82xI70xeS4mk8hEgCow==
|
||||
encrypt$gAAAAABj1kcBpq8c_Ez3JkYJIB0evClkcblewwzBEbl4rfcd-3Z2xFlQ8OggIxGdlLGWjIN_ZBaENvXcqy4ZYlwpXgqrZJpBao8WyovZiKLK759r8qVRjbIBvHnH90t_JZ3-MydlpD1mUzHUy5oQq5Qn8jLoRTzHE2TM8VyhaBkMVQ9gacHdqNGW6dsvCRzXCQM1CNqs8pyc8nQxdARjv_FGwSeZlCxcYPSLEBeE-Hf-wJyVWnG7oyq9XKUyI8NWLPQNwWUjzMgKwumtDh21goRsSRAtLLFmqE_iU1IyZYwNh4J3SBMZKBl0fATtHXhnW1_k-RA1-l54PFMTR0KgS-uxYtqZ1Az0t1KEfEvyzfHAQLJ8RIwOOVtPNUvhSiMHr3jG0WpxymilOLfjFpnCZ8E_CA6L8hmytXEBfoM4ZHMCWzOIe_9tIKcMS146NOzaPnCXpKFganNuvV_S7zEn33zv-jYEHD4d8A==
|
||||
|
|
@ -12,10 +12,6 @@ groups['dns'] = {
|
|||
},
|
||||
'metadata': {
|
||||
'powerdns': {
|
||||
'features': {
|
||||
'bind': True,
|
||||
'pgsql': True,
|
||||
},
|
||||
# Overridden in node metadata for primary server
|
||||
'is_secondary': True,
|
||||
},
|
||||
|
|
|
|||
|
|
@ -71,7 +71,6 @@ groups['debian'] = {
|
|||
'bundles': {
|
||||
'apt',
|
||||
'backup-client',
|
||||
'molly-guard',
|
||||
},
|
||||
'os': 'debian',
|
||||
'pip_command': 'pip3',
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ from bundlewrap.exceptions import BundleError
|
|||
from bundlewrap.utils.text import bold, green, yellow
|
||||
from bundlewrap.utils.ui import io
|
||||
|
||||
|
||||
def test_node(repo, node, **kwargs):
|
||||
if not node.has_bundle('backup-client'):
|
||||
return
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ from bundlewrap.exceptions import BundleError
|
|||
from bundlewrap.utils.text import bold, green
|
||||
from bundlewrap.utils.ui import io
|
||||
|
||||
|
||||
def test_underscore_vs_dash(node, metadata, path=[]):
|
||||
for k, v in metadata.items():
|
||||
if not isinstance(k, str):
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
from json import loads, dumps
|
||||
from json import dumps, loads
|
||||
|
||||
from bundlewrap.metadata import metadata_to_json
|
||||
from bundlewrap.utils import Fault
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
from ipaddress import IPv4Network, ip_network
|
||||
from os.path import abspath, dirname, join
|
||||
from ipaddress import ip_network, IPv4Network
|
||||
|
||||
REPO_PATH = dirname(dirname(abspath(__file__)))
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,11 @@
|
|||
import base64
|
||||
from nacl.public import PrivateKey
|
||||
|
||||
from nacl.encoding import Base64Encoder
|
||||
from nacl.public import PrivateKey
|
||||
|
||||
from bundlewrap.utils import Fault
|
||||
|
||||
|
||||
def gen_privkey(repo, identifier):
|
||||
return repo.vault.random_bytes_as_base64_for(identifier)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
from ipaddress import ip_address, ip_network, IPv4Address, IPv4Network
|
||||
from ipaddress import IPv4Address, IPv4Network, ip_address, ip_network
|
||||
|
||||
from bundlewrap.exceptions import NoSuchGroup, NoSuchNode, BundleError
|
||||
from bundlewrap.exceptions import BundleError, NoSuchGroup, NoSuchNode
|
||||
from bundlewrap.utils.text import bold, red
|
||||
from bundlewrap.utils.ui import io
|
||||
|
||||
|
||||
def resolve_identifier(repo, identifier):
|
||||
"""
|
||||
Try to resolve an identifier (group or node). Return a set of ip
|
||||
|
|
|
|||
1
nodes.py
1
nodes.py
|
|
@ -3,6 +3,7 @@ from os.path import join
|
|||
from pathlib import Path
|
||||
|
||||
import bwpass
|
||||
|
||||
from bundlewrap.metadata import atomic
|
||||
from bundlewrap.utils import error_context
|
||||
|
||||
|
|
|
|||
|
|
@ -5,13 +5,18 @@ dummy = true
|
|||
period = "daytime"
|
||||
pretty_name = "ticket.gulas.ch"
|
||||
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST ticket-redirect CERTIFICATE"]
|
||||
check_command = "check_https_cert_at_url"
|
||||
"vars.domain" = "ticket.gulas.ch"
|
||||
"vars.notification.mail" = true
|
||||
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
|
||||
check_command = "check_https_cert_at_url"
|
||||
"vars.domain" = "jira.gulas.ch"
|
||||
"vars.notification.mail" = true
|
||||
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CONTENT"]
|
||||
check_command = "check_http_wget"
|
||||
"vars.http_wget_contains" = "login.jsp"
|
||||
"vars.http_wget_url" = "https://ticket.gulas.ch/secure/Dashboard.jspa"
|
||||
"vars.http_wget_url" = "https://jira.gulas.ch/secure/Dashboard.jspa"
|
||||
"vars.notification.sms" = true
|
||||
|
|
|
|||
|
|
@ -76,18 +76,12 @@ nodes['fkusei-locutus'] = {
|
|||
# video drivers
|
||||
'xf86-video-intel': {},
|
||||
|
||||
# for i3pystatus
|
||||
'iw': {},
|
||||
'wireless_tools': {},
|
||||
|
||||
# all that other random stuff one needs
|
||||
'apachedirectorystudio': {},
|
||||
'direnv': {},
|
||||
'freerdp': {},
|
||||
'mosquitto': {},
|
||||
'sdl_ttf': {}, # for compiling testcard
|
||||
'thermald': {},
|
||||
'virt-manager': {},
|
||||
},
|
||||
},
|
||||
'systemd-boot': {
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue