kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Compare commits

base: kunsi:2914f463ff04524963b817935e76b9cc751ff51e
Branches Tags
kunsi:main
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer
..
compare: kunsi:d282d77a99877e87804eaf2a16dcf11760667e55
Branches Tags
kunsi:main
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer

70 commits
2914f463ff ... d282d77a99

Author SHA1 Message Date
Franziska Kunsmann
d282d77a99
bundles/docker-ce: sort nftables rules 2023-02-17 05:11:29 +01:00
Franziska Kunsmann
cb4d28c994
bundles/woodpecker-agent: fix metadata reactor 2023-02-17 05:11:26 +01:00
Franziska Kunsmann
071250d798
bundles/docker-ce: add nftables rules 2023-02-17 05:11:23 +01:00
Franziska Kunsmann
efdff6ef28
ci: fix editorconfig 2023-02-17 05:11:20 +01:00
Franziska Kunsmann
d2caadb41b
ci: determinism tests need to run using dummy mode 2023-02-17 05:11:18 +01:00
Franziska Kunsmann
9b44bcf3a8
try running the test pipeline in woodpecker 2023-02-17 05:11:15 +01:00
Franziska Kunsmann
24f9f87734
add bundle:woodpecker-agent 2023-02-17 05:11:12 +01:00
Franziska Kunsmann
019cc69371
add bundle:docker-ce 2023-02-17 05:11:09 +01:00
Franziska Kunsmann
eee786fabf
bundles/woodpecker-server: add GODEBUG=netns=go 2023-02-17 05:11:06 +01:00
Franziska Kunsmann
c2e93c0abb
bundles/woodpecker: try to get it working 2023-02-17 05:11:03 +01:00
Franziska Kunsmann
cc767867cf
add bundle:woodpecker-server 2023-02-17 05:10:57 +01:00
Franziska Kunsmann
6cb56ab2ec
rx300: allow more postgresql connections 2023-02-17 05:03:39 +01:00
Franziska Kunsmann
5c4fc37a37
update mautrix-whatsapp to 0.8.2 2023-02-17 05:03:25 +01:00
Franziska Kunsmann
68d51450fd
update forgejo to 1.18.3-1 2023-02-17 05:03:01 +01:00
Franziska Kunsmann
d57844928d
update matrix-media-repo to 1.2.13 2023-02-17 05:02:40 +01:00
Franziska Kunsmann
4975562fbc
update element-web to 1.11.23 2023-02-17 05:02:13 +01:00
Franziska Kunsmann
25e03582b0
entropia-jira- stuff has changed 2023-02-17 05:01:28 +01:00
Franziska Kunsmann
b49dc56c33
Jenkinsfile: also check using isort 2023-02-05 17:36:16 +01:00
Franziska Kunsmann
4122a7ccf8
isort the repo 2023-02-05 17:30:58 +01:00
Franziska Kunsmann
429bc2a7c6
bundles/homeassistant: fix .provides() 2023-02-05 17:28:52 +01:00
Franziska Kunsmann
6f9fb78d4e
rx300: update netbox to 3.4.4 2023-02-05 17:25:37 +01:00
Franziska Kunsmann
bb1b430d16
rx300: update forgejo to 1.18.3-0 2023-02-05 17:25:18 +01:00
Franziska Kunsmann
1906e7c256
bundles/gitea: derive version number from installed gitea 2023-02-05 17:24:50 +01:00
Franziska Kunsmann
7dcad0d584
update element-web to 1.11.22 2023-02-04 16:30:53 +01:00
Franziska Kunsmann
077b25f67e
bundles/miniflux: repo has changed 
... also now everything is unsigned, yeaaaaaaaaaaaah
 2023-02-02 19:29:28 +01:00
Franziska Kunsmann
527181bba8
home.router: fix dyndns hostname 2023-01-29 11:15:59 +01:00
Franziska Kunsmann
53e189c644
ssl: bump _.home.kunbox.net 2023-01-29 11:14:31 +01:00
Franziska Kunsmann
eeceebfd23
dns: add new primary nameserver 2023-01-29 11:06:58 +01:00
Franziska Kunsmann
7bd8237876
bashrc: add 'ipa' alias 2023-01-29 11:03:38 +01:00
Franziska Kunsmann
55bebda4d4
bundles/powerdns: fix socket path for telegraf 2023-01-29 11:02:49 +01:00
Franziska Kunsmann
ef16a2d081
bundles/powerdns: rework zone file generation 2023-01-29 11:01:48 +01:00
Franziska Kunsmann
264ea3e8a7
bundles/systemd-networkd: remove isc-dhcp-client 2023-01-29 10:13:26 +01:00
Franziska Kunsmann
109914c039
bundles/powerdnsadmin: create virtualenv after packages are installed 2023-01-29 10:04:47 +01:00
Franziska Kunsmann
8df4441028
rx300: update netbox to 3.4.3 2023-01-29 09:44:28 +01:00
Franziska Kunsmann
733e4bf0e5
rx300: update mautrix-whatsapp to 0.8.1 2023-01-29 09:44:09 +01:00
Franziska Kunsmann
6cec7e2c9c
rx300: update element-web to 1.11.20 2023-01-29 09:43:49 +01:00
Franziska Kunsmann
f6b0c587d0
rename some gitea stuff to forgejo 2023-01-29 09:42:36 +01:00
Franziska Kunsmann
a8e2e6b5ad
bundles/gitea: adjust config for 1.18 2023-01-29 09:40:38 +01:00
Franziska Kunsmann
17aee0f6bb
update gitea to forgejo 1.18.2-1 2023-01-29 09:35:29 +01:00
Franziska Kunsmann
a3218ac41f
bundles/sshmon: fix hostname in check_forgejo_for_new_release 2023-01-29 09:35:05 +01:00
Franziska Kunsmann
932fd9e994
scripts/letsencrypt-wildcard: remove trailing dot from dns records 
we're now using a delegated zone, thus this is wrong there
 2023-01-29 09:26:52 +01:00
Franziska Kunsmann
2e6e6b663e
bundles/powerdns: also send out notify to all secondaries 2023-01-29 09:21:59 +01:00
Franziska Kunsmann
74d44535a8
dns: fix cname for acme-challenge 2023-01-29 09:11:02 +01:00
Franziska Kunsmann
cb2b01a2b4
dns: fix cname for acme-challenge 2023-01-29 08:56:13 +01:00
Franziska Kunsmann
9684e94e4d
dns: switch everything but kunbox.net to psql 2023-01-29 08:47:50 +01:00
Franziska Kunsmann
c93a4d0a99
powerdns: switch to AXFR for secondarie 2023-01-29 08:35:08 +01:00
Franziska Kunsmann
31e614ab3b
bundles/powerdns: allow exposing API to the world 2023-01-29 08:06:27 +01:00
Franziska Kunsmann
60585a3716
bundles/homeassistant: fix typo 2023-01-29 07:04:38 +01:00
Franziska Kunsmann
c717e86f70
bundles/homeassistant: fix website_check 2023-01-29 07:03:28 +01:00
Franziska Kunsmann
ff8928dd0b
remove openhab, move backups to hass 2023-01-29 06:54:48 +01:00
Franziska Kunsmann
ba97cd432f
bundles/icinga2: icingaweb2 apparently ships monitoring module by itself 2023-01-29 06:45:34 +01:00
Franziska Kunsmann
f45a759a43
ssl: bump _.franzi.business 2023-01-29 06:42:07 +01:00
Franziska Kunsmann
b4b3fec8a7
move franzi.business to psql-managed zone 2023-01-29 06:41:47 +01:00
Franziska Kunsmann
1899dfc278
dns: update to debian bullseye and postgresql 15 2023-01-28 18:10:35 +01:00
Franziska Kunsmann
d8aa1e80d0
get rid of molly-guard 2023-01-28 18:10:32 +01:00
Franziska Kunsmann
e634c184c0
data/powerdns: convert some zones to psql 2023-01-28 18:10:29 +01:00
Franziska Kunsmann
07dce73bca
bundles/sshmon: get rid of sysstat 2023-01-28 18:10:24 +01:00
Franziska Kunsmann
c5ccc31ad9
get rid of molly-guard 2023-01-28 18:10:21 +01:00
Franziska Kunsmann
ab76721ddb
bundles/powerdnsadmin: install psycopg2 in venv 2023-01-28 18:10:18 +01:00
Franziska Kunsmann
b460085bb0
bundles/powerdns: enable superslave if supported 2023-01-28 18:10:14 +01:00
Franziska Kunsmann
ba3bf20db7
new gpg key for influxdb repo 2023-01-28 18:10:12 +01:00
Franziska Kunsmann
5ed4c1e9bd
update netbox to 3.4.2 2023-01-28 18:10:09 +01:00
Franziska Kunsmann
446e0d057e
update travelynx to 1.29.4 2023-01-28 18:10:05 +01:00
Sophie Schiller
e393f3cc3c htz-cloud/miniserver element-web update 2023-01-27 20:35:49 +01:00
Sophie Schiller
7ee2d08007 element-web update 2023-01-19 17:53:32 +01:00
Franziska Kunsmann
c94aef55a5
bundles/dovecot: enable sieve logging 2022-12-31 16:33:10 +01:00
Franziska Kunsmann
970d97b0a2
nodes/home.wled-wohnzimmer: new mac address 2022-12-30 20:35:05 +01:00
Franziska Kunsmann
c04ce63c35
bundles/arch-with-gui: more packages via bundle, less via nodefile 2022-12-29 13:45:06 +01:00
Franziska Kunsmann
070b466abe
bundles/travelynx: update bundle for new version 2022-12-27 13:38:53 +01:00
Franziska Kunsmann
82143e34ad
update travelynx to 1.28.5 2022-12-27 13:38:39 +01:00
104 changed files with 334 additions and 778 deletions
Show stats Expand all files Collapse all files

33
Jenkinsfile vendored
View file

@ -1,15 +1,6 @@
pipeline {
agent any
stages {
stage('editorconfig-checker') {
steps {
sh """
wget -Oec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz
tar -xzf ec-linux-amd64.tar.gz && rm ec-linux-amd64.tar.gz
bin/ec-linux-amd64 -no-color -exclude '^bin/'
"""
}
}
stage('install_requirements') {
steps {
sh """
@ -18,13 +9,31 @@ pipeline {
virtualenv -p python3 venv
. venv/bin/activate
pip install --upgrade pip
pip install --upgrade pip isort
pip install -r requirements.txt
"""
}
}
stage('bw test') {
stage('tests') {
parallel {
stage('syntax checking using editorconfig-checker') {
steps {
sh """
wget -Oec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/latest/download/ec-linux-amd64.tar.gz
tar -xzf ec-linux-amd64.tar.gz && rm ec-linux-amd64.tar.gz
bin/ec-linux-amd64 -no-color -exclude '^bin/'
"""
}
}
stage('syntax checking using isort') {
steps {
sh """
. venv/bin/activate
isort --check .
"""
}
}
stage('config and metadata determinism') {
steps {
sh """
@ -36,7 +45,7 @@ pipeline {
"""
}
}
stage('other tests') {
stage('bw test -i') {
steps {
sh """
. venv/bin/activate

3
PORT_MAP.md
View file

@ -36,7 +36,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
| 20090 | matrix-media-repo | prometheus metrics |
| 21000 | pleroma | pleroma |
| 21010 | grafana | grafana |
| 22000 | gitea | gitea |
| 22000 | gitea | forgejo |
| 22010 | jenkins-ci | Jenkins CI |
| 22020 | travelynx | Travelynx Web |
| 22030 | octoprint | OctoPrint Web Interface |
@ -45,7 +45,6 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
| 22060 | pretalx | gunicorn |
| 22070 | paperless-ng | gunicorn |
| 22080 | netbox | gunicorn |
| 22090 | openhab | http |
| 22100 | woodpecker-server | http |
| 22101 | woodpecker-server | gRPC |
| 22999 | nginx | stub_status |

3
bundles/apt/items.py
View file

@ -143,6 +143,9 @@ pkg_apt = {
'cloud-init': {
'installed': False,
},
'molly-guard': {
'installed': False,
},
'netplan.io': {
'installed': False,
},

17
bundles/arch-with-gui/metadata.py
View file

@ -38,9 +38,14 @@ defaults = {
'rofi': {},
# sound
'calf': {},
'easyeffects': {},
'lsp-plugins': {},
'pavucontrol': {},
'pulseaudio': {},
'pulseaudio-zeroconf': {},
'pipewire': {},
'pipewire-jack': {},
'pipewire-pulse': {},
'qpwgraph': {},
# window management
'i3-wm': {},
@ -53,6 +58,7 @@ defaults = {
# Xorg
'xf86-input-libinput': {},
'xf86-input-wacom': {},
'xorg-server': {},
'xorg-setxkbmap': {},
'xorg-xev': {},
@ -62,20 +68,27 @@ defaults = {
# all them apps
'browserpass': {},
'browserpass-firefox': {},
'ffmpeg': {},
'firefox': {},
'gimp': {},
'imagemagick': {},
'inkscape': {},
'kdenlive': {},
'maim': {},
'mosh': {},
'mosquitto': {},
'mpv': {},
'pass': {},
'pass-otp': {},
'pdftk': {},
'pwgen': {},
'qpdfview': {},
'samba': {},
'shotcut': {},
'sipcalc': {},
'the_silver_searcher': {},
'tlp': {},
'virt-manager': {},
'xclip': {},
'xdotool': {}, # needed for maim window selection
},

1
bundles/backup-server/items.py
View file

@ -1,6 +1,7 @@
repo.libs.tools.require_bundle(node, 'zfs')
from os.path import join
from bundlewrap.metadata import metadata_to_json
dataset = node.metadata.get('backup-server/zfs-base')

1
bundles/bird/metadata.py
View file

@ -1,4 +1,5 @@
from ipaddress import ip_network
from bundlewrap.exceptions import NoSuchNode
from bundlewrap.metadata import atomic

15
bundles/docker-ce/metadata.py
View file

@ -12,14 +12,6 @@ defaults = {
'docker-ce-cli': {},
},
},
'nftables': {
'rules': {
'00-docker-ce': {
'inet filter forward ct state { related, established } accept',
'inet filter forward iifname docker0 accept',
},
},
},
}
@ -27,7 +19,10 @@ defaults = {
'nftables/rules/00-docker-ce',
)
def nftables_nat(metadata):
rules = set()
rules = {
'inet filter forward ct state { related, established } accept',
'inet filter forward iifname docker0 accept',
}
for iface in metadata.get('interfaces'):
rules.add(f'nat postrouting oifname {iface} masquerade')
@ -35,7 +30,7 @@ def nftables_nat(metadata):
return {
'nftables': {
'rules': {
'00-docker-ce': rules,
'00-docker-ce': sorted(rules),
},
},
}

7
bundles/dovecot/files/dovecot.conf
View file

@ -46,11 +46,12 @@ plugin {
zlib_save_level = 6
zlib_save = gz
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_dir = /var/mail/vmail/sieve/%d/%n/
sieve = /var/mail/vmail/sieve/%d/%n.sieve
sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin
sieve_dir = /var/mail/vmail/sieve/%d/%n/
sieve_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_user_log = /var/mail/vmail/sieve/%d/%n.log
old_stats_refresh = 30 secs
old_stats_track_cmds = yes

3
bundles/gitea/files/app.ini
View file

@ -21,7 +21,6 @@ ROOT_URL = https://${domain}/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET = ${lfs_secret_key}
OFFLINE_MODE = true
START_SSH_SERVER = false
@ -67,7 +66,7 @@ EMAIL_DOMAIN_BLOCKLIST = ${','.join(sorted(email_domain_blocklist))}
[mailer]
ENABLED = true
MAILER_TYPE = sendmail
PROTOCOL = sendmail
FROM = "${app_name}" <noreply@${domain}>
[session]

5
bundles/gitea/items.py
View file

@ -40,10 +40,7 @@ files = {
},
'/usr/local/bin/gitea': {
'content_type': 'download',
#'source': 'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64'.format(version=node.metadata.get('gitea/version')),
'source': 'https://github.com/go-gitea/gitea/releases/download/v{version}/gitea-{version}-linux-amd64'.format(
version=node.metadata.get('gitea/version'),
),
'source': node.metadata.get('gitea/url'),
'content_hash': node.metadata.get('gitea/sha1', None),
'mode': '0755',
'triggers': {

25
bundles/gitea/metadata.py
View file

@ -6,7 +6,7 @@ defaults = {
},
},
'gitea': {
'app_name': 'Gitea',
'app_name': 'Forgejo',
'database': {
'username': 'gitea',
'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
@ -23,9 +23,14 @@ defaults = {
'icinga2_api': {
'gitea': {
'services': {
'GITEA PROCESS': {
'FORGEJO PROCESS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit gitea',
},
'FORGEJO UPDATE': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v$(gitea --version | cut -d" " -f3)',
'vars.notification.mail': True,
'check_interval': '60m',
},
},
},
},
@ -67,7 +72,7 @@ defaults = {
@metadata_reactor.provides(
'nginx/vhosts/gitea',
'nginx/vhosts/forgejo',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
@ -76,7 +81,7 @@ def nginx(metadata):
return {
'nginx': {
'vhosts': {
'gitea': {
'forgejo': {
'domain': metadata.get('gitea/domain'),
'locations': {
'/': {
@ -99,16 +104,4 @@ def nginx(metadata):
)
def icinga_check_for_new_release(metadata):
return {
'icinga2_api': {
'gitea': {
'services': {
'GITEA UPDATE': {
# this is only temporary. We will switch to forgejo once they have their first stable release.
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v{}'.format(metadata.get('gitea/version')),
'vars.notification.mail': True,
'check_interval': '60m',
},
},
},
},
}

2
bundles/homeassistant/files/check_homeassistant_update
View file

@ -41,7 +41,7 @@ try:
message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
else:
status = 2
message = f"CRITICAL - update necessary, running verison {running_version} is lower than stable version {stable_version}"
message = f"CRITICAL - update necessary, running version {running_version} is lower than stable version {stable_version}"
except Exception as e:
message = f"{message}: {repr(e)}"

8
bundles/homeassistant/metadata.py
View file

@ -1,5 +1,3 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
@ -25,7 +23,7 @@ defaults = {
},
}
@metadata_reactor.provides(
'icinga2_api/homeassistant/services/HOMESSISTANT UPDATE',
'icinga2_api/homeassistant/services',
)
def icinga_check_for_new_release(metadata):
return {
@ -54,8 +52,8 @@ def nginx(metadata):
'vhosts': {
'homeassistant': {
'domain': metadata.get('homeassistant/domain'),
'website_check_path': '/',
'website_check_string': 'Homeassistant',
'website_check_path': '/auth/authorize',
'website_check_string': 'Home Assistant',
'locations': {
'/': {
'target': 'http://127.0.0.1:8123',

3
bundles/icinga2/files/check_freifunk_node
View file

@ -1,8 +1,9 @@
#!/usr/bin/env python3
from requests import get
from sys import argv, exit
from requests import get
meshviewer_url = argv[1]
node_id = argv[2]
node = None

3
bundles/icinga2/files/check_sipgate_account_balance
View file

@ -1,8 +1,9 @@
#!/usr/bin/env python3
from requests import get
from sys import exit
from requests import get
SIPGATE_USER = '${node.metadata['icinga2']['sipgate_user']}'
SIPGATE_PASS = '${node.metadata['icinga2']['sipgate_pass']}'

4
bundles/icinga2/files/check_spam_blocklist
View file

@ -1,12 +1,10 @@
#!/usr/bin/env python3
from concurrent.futures import ThreadPoolExecutor, as_completed
from ipaddress import ip_address, IPv6Address
from ipaddress import IPv6Address, ip_address
from subprocess import check_output
from sys import argv, exit
BLOCKLISTS = [
'0spam.fusionzero.com',
'bl.mailspike.org',

3
bundles/icinga2/files/scripts/icinga_notification_wrapper
View file

@ -4,10 +4,11 @@ import email.mime.text
import smtplib
from argparse import ArgumentParser
from json import dumps
from requests import post
from subprocess import run
from sys import argv
from requests import post
SIPGATE_USER='${node.metadata['icinga2']['sipgate_user']}'
SIPGATE_PASS='${node.metadata['icinga2']['sipgate_pass']}'

4
bundles/icinga2/metadata.py
View file

@ -17,7 +17,9 @@ defaults = {
'icinga2': {},
'icinga2-ido-pgsql': {},
'icingaweb2': {},
'icingaweb2-module-monitoring': {},
# apparently no longer needed
#'icingaweb2-module-monitoring': {},
# neeeded for statusmonitor
'python3-flask': {},

2
bundles/matrix-synapse/files/synapse-purge-unused-rooms
View file

@ -1,9 +1,9 @@
#!/usr/bin/env python3
from os import environ
from requests import get, post
from sys import argv, exit
from requests import get, post
SYNAPSE_MAX_ROOMS_TO_GET = 20000
SYNAPSE_HOST = 'http://[::1]:20080/'

2
bundles/miniflux/metadata.py
View file

@ -6,7 +6,7 @@ defaults = {
'repos': {
'miniflux': {
'items': {
'deb https://apt.miniflux.app/ /',
'deb [trusted=yes] https://repo.miniflux.app/apt/ /',
},
},
},

9
bundles/molly-guard/files/10-check-unattended-upgrades
View file

@ -1,9 +0,0 @@
#!/bin/bash
# Checks wether upgrade-and-reboot is currently running.
if [[ -f "/var/lib/bundlewrap/soft-${node.name}/UNATTENDED" ]]
then
echo "Sorry, can't $MOLLYGUARD_CMD now, upgrade-and-reboot is running"
exit 1
fi

29
bundles/molly-guard/files/30-query-hostname
View file

@ -1,29 +0,0 @@
#!/bin/sh
# This script will ask for the bundlewrap node name. This replaces the
# original script, which will ask for the hostname, which sometimes
# is not enough to properly identify the system.
NODE_NAME="${node.name}"
# If this is not a terminal, do nothing
test -t 0 || exit 0
sigh()
{
echo "Sorry, input does not match. Won't $MOLLYGUARD_CMD $NODE_NAME ..." >&2
exit 1
}
trap 'echo;sigh' 1 2 3 9 10 12 15
echo -n "Please enter the bundlewrap node name of this System to $MOLLYGUARD_CMD: "
read NODE_NAME_USER || :
NODE_NAME_USER="$(echo "$NODE_NAME_USER" | tr '[:upper:]' '[:lower:]')"
[ "$NODE_NAME_USER" = "$NODE_NAME" ] || sigh
trap - 1 2 3 9 10 12 15
exit 0

1
bundles/molly-guard/files/rc
View file

@ -1 +0,0 @@
# currently unused

27
bundles/molly-guard/items.py
View file

@ -1,27 +0,0 @@
directories = {
'/etc/molly-guard/messages.d': {
'purge': True,
'after': {
'pkg_apt:molly-guard',
},
},
'/etc/molly-guard/run.d': {
'purge': True,
'after': {
'pkg_apt:molly-guard',
},
},
}
files = {
'/etc/molly-guard/rc': {},
'/etc/molly-guard/run.d/10-check-unattended-upgrades': {
'content_type': 'mako',
'mode': '0755',
},
'/etc/molly-guard/run.d/30-query-hostname': {
'content_type': 'mako',
'mode': '0755',
},
}

7
bundles/molly-guard/metadata.py
View file

@ -1,7 +0,0 @@
defaults = {
'apt': {
'packages': {
'molly-guard': {},
},
},
}

1
bundles/mosquitto/files/tasmota-telegraf-plugin
View file

@ -7,7 +7,6 @@ from time import sleep
import paho.mqtt.client as mqtt
BROKER_HOST = argv[1]
BROKER_TOPIC = argv[2]

1
bundles/mosquitto/metadata.py
View file

@ -1,6 +1,5 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {

3
bundles/octoprint/files/check_octoprint_update
View file

@ -1,8 +1,9 @@
#!/usr/bin/env python3
from requests import get
from sys import exit
from requests import get
api_key = '${api_key}'
try:

5
bundles/openhab/files/backup-pre-hook
View file

@ -1,5 +0,0 @@
#!/bin/bash
find /var/lib/openhab/backups -type f -mtime +3 -delete
/usr/share/openhab/runtime/bin/backup --full

62
bundles/openhab/files/openhab
View file

@ -1,62 +0,0 @@
# openHAB service options
#########################
## PORTS
## The ports openHAB will bind its HTTP/HTTPS web server to.
OPENHAB_HTTP_PORT=22090
#OPENHAB_HTTPS_PORT=8443
#########################
## HTTP(S) LISTEN ADDRESS
## The listen address used by the HTTP(S) server.
## 0.0.0.0 (default) allows a connection from any location
## 127.0.0.1 only allows the local machine to connect
OPENHAB_HTTP_ADDRESS=127.0.0.1
#########################
## BACKUP DIRECTORY
## Set the following variable to specify the backup location.
## runtime/bin/backup and runtime/bin/restore will use this path for the zip files.
#OPENHAB_BACKUPS=/var/lib/openhab/backups
#########################
## JAVA OPTIONS
## Additional options for the JAVA_OPTS environment variable.
## These will be appended to the execution of the openHAB Java runtime in front of all other options.
##
## A couple of independent examples:
## EXTRA_JAVA_OPTS="-Dgnu.io.rxtx.SerialPorts=/dev/ttyZWAVE:/dev/ttyUSB0:/dev/ttyS0:/dev/ttyS2:/dev/ttyACM0:/dev/ttyAMA0"
## EXTRA_JAVA_OPTS="-Djna.library.path=/lib/arm-linux-gnueabihf/ -Duser.timezone=Europe/Berlin -Dgnu.io.rxtx.SerialPorts=/dev/ttyZWave"
EXTRA_JAVA_OPTS="${extra_java_opts}"
#########################
## OPENHAB DEFAULTS PATHS
## The following settings override the default apt/rpm locations and should be used with caution.
## openHAB will fail to update itself if you're using different paths.
## Only set these if you are testing and are confident in debugging.
#OPENHAB_HOME=/usr/share/openhab
#OPENHAB_CONF=/etc/openhab
#OPENHAB_RUNTIME=/usr/share/openhab/runtime
#OPENHAB_USERDATA=/var/lib/openhab
#OPENHAB_LOGDIR=/var/log/openhab
#########################
## OPENHAB USER AND GROUP
## The user and group that takes ownership of openHAB. Only available for init.d systems.
## To edit user and group for systemd, see the service file at /usr/lib/systemd/system/openhab.service.
#OPENHAB_USER=openhab
#OPENHAB_GROUP=openhab
#########################
## SYSTEMD START MODE
## The Karaf startmode for the openHAB runtime. Only available for systemctl/systemd systems.
## Defaults to daemon when unset here. Multiple options can be used without quotes.
## debug increases log output. daemon launches the Karaf/openHAB processes.
#OPENHAB_STARTMODE=debug

32
bundles/openhab/items.py
View file

@ -1,32 +0,0 @@
extra_java_opts = []
for opt, value in sorted(node.metadata.get('openhab/java_opts', {}).items()):
if value is None:
extra_java_opts.append(f'-D{opt}')
else:
extra_java_opts.append(f'-D{opt}={value}')
files = {
'/etc/default/openhab': {
'content_type': 'mako',
'context': {
'extra_java_opts': ' '.join(extra_java_opts),
},
'triggers': {
'svc_systemd:openhab:restart',
},
},
'/etc/backup-pre-hooks.d/40-openhab': {
'source': 'backup-pre-hook',
'mode': '0755',
}
}
svc_systemd = {
'openhab': {
'needs': {
'pkg_apt:openhab',
'pkg_apt:openhab-addons',
},
},
}

55
bundles/openhab/metadata.py
View file

@ -1,55 +0,0 @@
defaults = {
'apt': {
'packages': {
'openjdk-17-jre': {},
'openhab': {
'needs': {
'pkg_apt:openjdk-17-jre',
},
},
'openhab-addons': {
'needs': {
'pkg_apt:openhab',
},
},
},
'repos': {
'openhab': {
'items': {
'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main',
},
},
},
},
'backups': {
'paths': {
'/usr/share/openhab/addons', # not included in openhab backup
'/var/lib/openhab',
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/openhab',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'openhab': {
'domain': metadata.get('openhab/domain'),
'locations': {
'/': {
'target': 'http://localhost:22090/',
},
},
'website_check_path': '/',
'website_check_string': 'openHAB',
},
},
},
}

1
bundles/postfix/files/postfix-telegraf-queue
View file

@ -4,7 +4,6 @@
from json import loads
from subprocess import check_output
queue_counts = {}
queue_json = check_output(['sudo', '/usr/sbin/postqueue', '-j'])

2
bundles/powerdns/files/named.conf
View file

@ -1,6 +1,6 @@
% for zone in sorted(zones):
zone "${zone}" {
file "/var/lib/powerdns/zones/${zone}";
type native;
type master;
};
% endfor

7
bundles/powerdns/files/pdns.conf
View file

@ -20,12 +20,15 @@ setgid=pdns
allow-notify-from=${','.join(sorted(my_primary_servers))}
slave=yes
# FIXME enable once debian stable has 4.1.9
#superslave=yes
% if node.os_version[0] > 10:
superslave=yes
% endif
% else:
api=yes
api-key=${api_key}
webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=0.0.0.0/0
allow-notify-from=

55
bundles/powerdns/items.py
View file

@ -5,26 +5,12 @@ from subprocess import check_output
zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
ZONE_HEADER = """
; _ ____ _ _ _____ _ _ _ _ ____
; / \\ / ___| | | |_ _| | | | \\ | |/ ___|
; / _ \\| | | |_| | | | | | | | \\| | | _
; / ___ \\ |___| _ | | | | |_| | |\\ | |_| |
; /_/ \\_\\____|_| |_| |_| \\___/|_| \\_|\\____|
;
; --> Diese Datei wird von BundleWrap verwaltet! <--
$TTL 60
@ IN SOA ns-1.kunbox.net. hostmaster.kunbox.net. (
{serial}
3600
600
86400
300
)
"""
nameservers = set()
for rnode in sorted(repo.nodes_in_group('dns')):
ZONE_HEADER += '@ IN NS {}.\n'.format(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname')))
if not rnode.metadata.get('powerdns/is_secondary'):
# hide the primary nameserver from auto-generated nameserver lists
continue
nameservers.add(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname')))
directories = {
'/etc/powerdns/pdns.d': {
@ -50,11 +36,11 @@ files = {
'/etc/powerdns/pdns.conf': {
'content_type': 'mako',
'context': {
'api_key': node.metadata['powerdns']['api_key'],
'my_hostname': node.metadata['powerdns'].get('my_hostname', node.metadata.get('hostname')),
'is_secondary': node.metadata['powerdns'].get('is_secondary', False),
'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', set()),
'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', set()),
'api_key': node.metadata.get('powerdns/api_key'),
'my_hostname': node.metadata.get('powerdns/my_hostname', node.metadata.get('hostname')),
'is_secondary': node.metadata.get('powerdns/is_secondary', False),
'my_primary_servers': node.metadata.get('powerdns/my_primary_servers', set()),
'my_secondary_servers': node.metadata.get('powerdns/my_secondary_servers', set()),
},
'needs': {
'pkg_apt:pdns-server',
@ -78,7 +64,7 @@ svc_systemd = {
actions = {
'powerdns_reload_zones': {
'triggered': True,
'command': 'pdns_control rediscover; pdns_control reload',
'command': 'pdns_control rediscover; pdns_control reload; pdns_control notify \*',
'needs': {
'svc_systemd:pdns',
},
@ -102,7 +88,8 @@ if node.metadata.get('powerdns/features/bind', False):
files[f'/var/lib/powerdns/zones/{zone}'] = {
'content_type': 'mako',
'context': {
'header': ZONE_HEADER.format(serial=serial),
'NAMESERVERS': '\n'.join(sorted({f'@ IN NS {ns}.' for ns in nameservers})),
'SERIAL': serial,
'metadata_records': node.metadata.get(f'powerdns/bind-zones/{zone}/records', []),
},
'source': f'bind-zones/{zone}',
@ -142,12 +129,22 @@ if node.metadata.get('powerdns/features/bind', False):
'action:powerdns_reload_zones',
},
}
else:
files['/etc/powerdns/named.conf'] = {
'delete': True,
'needed_by': {
'svc_systemd:pdns',
},
'triggers': {
'action:powerdns_reload_zones',
},
}
if node.metadata.get('powerdns/features/pgsql', False):
if node.metadata.get('powerdns/features/pgsql', node.has_bundle('postgresql')):
files['/etc/powerdns/pdns.d/pgsql.conf'] = {
'content_type': 'mako',
'context': {
'password': node.metadata['postgresql']['roles']['powerdns']['password'],
'password': node.metadata.get('postgresql/roles/powerdns/password'),
},
'needs': {
'pkg_apt:pdns-backend-pgsql',
@ -163,7 +160,7 @@ if node.metadata.get('powerdns/features/pgsql', False):
files['/etc/powerdns/schema.pgsql.sql'] = {}
actions['powerdns_load_pgsql_schema'] = {
'command': node.metadata['postgresql']['roles']['powerdns']['password'].format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'),
'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'),
'unless': 'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null',
'needs': {
'bundle:postgresql',

31
bundles/powerdns/metadata.py
View file

@ -1,4 +1,4 @@
from ipaddress import ip_address, IPv4Address, IPv6Address
from ipaddress import IPv4Address, IPv6Address, ip_address
from bundlewrap.metadata import atomic
@ -43,7 +43,11 @@ if node.has_bundle('telegraf'):
defaults['telegraf'] = {
'input_plugins': {
'builtin': {
'powerdns': [{}],
'powerdns': [{
'unix_sockets': [
'/var/run/pdns/pdns.controlsocket',
],
}],
},
},
'additional_groups': {
@ -186,16 +190,16 @@ def hosts_entries_for_all_dns_servers(metadata):
if rnode.name == node.name:
continue
ip = rnode.metadata.get('external_ipv4')
found_ips = repo.libs.tools.resolve_identifier(repo, rnode.name)
for ip in sorted(found_ips['ipv4']):
if not ip.is_private:
entries[str(ip)] = {
rnode.metadata.get('hostname'),
rnode.name,
}
if ip:
entries[ip] = {
rnode.metadata.get('hostname'),
rnode.name,
}
if rnode.metadata.get('powerdns/my_hostname', None):
entries[ip].add(rnode.metadata.get('powerdns/my_hostname'))
if rnode.metadata.get('powerdns/my_hostname', None):
entries[str(ip)].add(rnode.metadata.get('powerdns/my_hostname'))
return {
'hosts': {
@ -211,8 +215,9 @@ def firewall(metadata):
return {
'firewall': {
'port_rules': {
'53': atomic(metadata.get('powerdns/restrict-to', {'*'})),
'53/udp': atomic(metadata.get('powerdns/restrict-to', {'*'})),
'53': atomic(metadata.get('powerdns/restrict-to/dns', {'*'})),
'53/udp': atomic(metadata.get('powerdns/restrict-to/dns', {'*'})),
'8081': atomic(metadata.get('powerdns/restrict-to/api', set())),
},
},
}

5
bundles/powerdnsadmin/items.py
View file

@ -36,10 +36,13 @@ actions = {
'needs': {
'directory:/opt/powerdnsadmin', # provided by bundle:users
},
'after': {
'pkg_apt:',
},
},
'powerdnsadmin_install_deps': {
'triggered': True,
'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt',
'command': '/opt/powerdnsadmin/venv/bin/pip install --upgrade psycopg2-binary -r /opt/powerdnsadmin/src/requirements.txt',
'needs': {
'action:powerdnsadmin_create_virtualenv',
'pkg_apt:',

1
bundles/powerdnsadmin/metadata.py
View file

@ -10,7 +10,6 @@ defaults = {
'libxmlsec1-dev': {},
'libxslt1-dev': {},
'pkg-config': {},
'python3-psycopg2': {},
'python3-wheel': {},
},
},

3
bundles/pppd/files/dyndns
View file

@ -1,8 +1,9 @@
#!/usr/bin/env python3
import requests
from sys import argv
import requests
INTERFACE = argv[1]
LOCAL_IP = argv[4]

3
bundles/pretalx/files/pretalx-administrators-from-group
View file

@ -1,9 +1,10 @@
#!/usr/bin/env python3
import psycopg2
from configparser import ConfigParser
from sys import argv, exit
import psycopg2
def main():
try:

3
bundles/rspamd/files/telegraf-rspamd-plugin
View file

@ -1,8 +1,9 @@
#!/usr/bin/env python3
from requests import get
from sys import argv, stderr
from requests import get
try:
r = get('http://127.0.0.1:11334/stat')
r.raise_for_status()

2
bundles/smartd/files/telegraf_plugin
View file

@ -1,7 +1,7 @@
#!/usr/bin/env python
from subprocess import check_output
from json import loads
from subprocess import check_output
from sys import stderr
devices = check_output(['smartctl', '--scan']).decode().splitlines()

5
bundles/sshmon/files/check_forgejo_for_new_release
View file

@ -55,8 +55,9 @@ try:
exit(2)
else:
print(
"Currently installed version {} matches newest release on github".format(
current_version
"Currently installed version {} matches newest release on {}".format(
current_version,
host,
)
)
exit(0)

2
bundles/sshmon/files/check_http_wget
View file

@ -2,8 +2,8 @@
#this is actually a python https requests query, its called check_http_wget cause it got replaced
from sys import exit
from argparse import ArgumentParser
from sys import exit
import requests

1
bundles/sshmon/files/check_mounts
View file

@ -5,7 +5,6 @@ from argparse import ArgumentParser
from subprocess import check_output
from tempfile import TemporaryFile
check_filesystem_types = {
'ext2',
'ext3',

6
bundles/sshmon/metadata.py
View file

@ -8,7 +8,10 @@ defaults = {
'monitoring-plugins': {},
'python3-requests': {},
'python3-setuptools': {}, # needed by check_github_for_new_release
'sysstat': {}, # needed by check_cpu_stats
'sysstat': {
# legacy
'installed': False,
},
},
},
'icinga2_api': {
@ -37,7 +40,6 @@ defaults = {
'perl-libwww': {},
'monitoring-plugins': {},
'python-requests': {},
'sysstat': {},
},
},
}

3
bundles/systemd-networkd/metadata.py
View file

@ -1,6 +1,9 @@
defaults = {
'apt': {
'packages': {
'isc-dhcp-client': {
'installed': False,
},
'resolvconf': {
'installed': False,
},

25
bundles/travelynx/files/travelynx.conf
View file

@ -5,15 +5,13 @@
# 'localhost'.
{
# Cache directories for schedule and realtime data. Mandatory. The parent
# directory ('/var/cache/travelynx' in this case) must already exist.
base_url => Mojo::URL->new('https://${domain}'),
cache => {
schedule => '/var/cache/travelynx/iris',
realtime => '/var/cache/travelynx/iris-rt',
},
# Database configuration. host and port are optional
# (defaulting to localhost:5432), the rest is mandatory.
db => {
host => '${database.get('host', 'localhost')}',
port => 5432,
@ -22,8 +20,6 @@
password => '${database['password']}',
},
# See the Mojo::Server::Hypnotoad manual for details on the following
# settings.
hypnotoad => {
accepts => 100,
clients => 10,
@ -34,21 +30,14 @@
},
mail => {
# If you want to disable outgoing mail for development purposes,
# uncomment the following line. Mails will instead be logged as
# Mojolicious "info" messages, causing their content to be printed on
# stdout.
## disabled => 1,
# Otherwise, specify the sender ("From" field) for mail sent by travelynx
# here. E.g. 'Travelynx <mail@example.org>'
from => '${mail_from}',
},
# Secrets used for cookie signing and verification. Must contain at least
# one random string. If you specify several strings, the first one will
# be used for signing new cookies, and the remaining ones will still be
# accepted for cookie validation.
ref => {
issues => 'https://github.com/derf/travelynx/issues',
source => 'https://github.com/derf/travelynx',
},
secrets => [
'${cookie_secret}',
],

6
bundles/travelynx/items.py
View file

@ -36,7 +36,7 @@ files = {
},
'/opt/travelynx/travelynx.conf': {
'content_type': 'mako',
'context': node.metadata['travelynx'],
'context': node.metadata.get('travelynx'),
'needs': {
'git_deploy:/opt/travelynx',
},
@ -61,7 +61,7 @@ if isfile(join(repo.path, 'data', 'travelynx', 'files', 'imprint', node.name)):
git_deploy = {
'/opt/travelynx': {
'repo': 'https://github.com/derf/travelynx.git',
'rev': node.metadata['travelynx']['version'],
'rev': node.metadata.get('travelynx/version'),
'needs': {
'directory:/opt/travelynx',
},
@ -84,7 +84,7 @@ actions = {
'triggered': True,
},
'travelynx_database_migrate': {
'command': 'cd /opt/travelynx && perl index.pl database migrate',
'command': 'export PERL5LIB=/opt/travelynx/local/lib/perl5; cd /opt/travelynx && perl index.pl database migrate',
# Because git_deploy does not put .git onto the server, the script
# will complain on STDERR about not finding a git repository.
# That's why we need to redirect stderr to /dev/null.

1
bundles/users/files/bashrc
View file

@ -36,6 +36,7 @@ export EDITOR=vim
export VISUAL=vim
alias ipb='ip -brief --color=auto'
alias ipa='ip -brief --color=always addr show; echo; ip --color=always route show; ip -6 --color=always route show'
alias l='ls -lAh'
alias s='sudo -i'
alias v='vim -p'

2
bundles/users/items.py
View file

@ -1,4 +1,4 @@
from os.path import join, exists
from os.path import exists, join
files = {
'/etc/bash.bashrc': {

1
bundles/wireguard/metadata.py
View file

@ -3,7 +3,6 @@ from ipaddress import ip_network
from bundlewrap.exceptions import NoSuchNode
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {

2
bundles/zfs/files/check_zpool_space
View file

@ -1,9 +1,9 @@
#!/usr/bin/env python3
import re
from subprocess import check_output
from sys import argv, exit
import re
def to_bytes(size):

1
bundles/zfs/files/zfs-auto-snapshot
View file

@ -2,7 +2,6 @@
import re
from datetime import datetime
from json import loads
from subprocess import check_call, check_output

1
bundles/zfs/items.py
View file

@ -1,5 +1,4 @@
from json import dumps
#from os.path import join
from bundlewrap.metadata import MetadataJSONEncoder

75
data/apt/files/gpg-keys/influxdb.asc
View file

@ -1,52 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFYJmwQBEADCw7mob8Vzk+DmkYyiv0dTU/xgoSlp4SQwrTzat8MB8jxmx60l
QjmhqEyuB8ho4zzZF9KV+gJWrG6Rj4t69JMTJWM7jFz+0B1PC7kJfNM+VcBmkTnj
fP+KJjqz50ETnsF0kQTG++UJeRYjG1dDK0JQNQJAM6NQpIWJI339lcDf15vzrMnb
OgIlNxV6j1ZZqkle4fvScF1NQxYScRiL+sRgVx92SI4SyD/xZnVGD/szB+4OCzah
+0Q/MnNGV6TtN0RiCDZjIUYiHoeT9iQXEONKf7T62T4zUafO734HyqGvht93MLVU
GQAeuyx0ikGsULfOsJfBmb3XJS9u+16v7oPFt5WIbeyyNuhUu0ocK/PKt5sPYR4u
ouPq6Ls3RY3BGCH9DpokcYsdalo51NMrMdnYwdkeq9MEpsEKrKIN5ke7fk4weamJ
BiLI/bTcfM7Fy5r4ghdI9Ksw/ULXLm4GNabkIOSfT7UjTzcBDOvWfKRBLX4qvsx4
YzA5kR+nX85u6I7W10aSqBiaLqk6vCj0QmBmCjlSeYqNQqSzH/6OoL6FZ7lP6AiG
F2NyGveJKjugoXlreLEhOYp20F81PNwlRBCAlMC2Q9mpcFu0dtAriVoG4gVDdYn5
t+BiGfD2rJlCinYLgYBDpTPcdRT3VKHWqL9fcC4HKmic0mwWg9homx550wARAQAB
tDFJbmZsdXhEQiBQYWNrYWdpbmcgU2VydmljZSA8c3VwcG9ydEBpbmZsdXhkYi5j
b20+iQI3BBMBCgAhBQJWCZsEAhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
EGhKFM8lguDF9XEQAK9rREnZt6ujh7GXfeNki35bkn39q8GYh0mouShFbFY9o0i3
UJVChsxokJSRPgFh9GOhOPTupl3rzfdpD+IlWI2Myt6han2HOjZKNZ4RGNrYJ5UR
uxt4dKMWlMbpkzL56bhHlx97RoXKv2d2zRQfw9nyZb6t3lw2k2kKXsMxjGa0agM+
2SropwYOXdtkz8UWaGd3LYxwEvW3AuhI8EEEHdLetQaYe9sANDvUEofgFbdsuICH
9QLmbYavk7wyGTPBKfPBbeyTxwW2rMUnFCNccMKLm1i5NpZYineBtQbX2cfx9Xsk
1JLOzEBmNal53H2ob0kjev6ufzOD3s8hLu4KMCivbIz4YT3fZyeExn0/0lUtsQ56
5fCxE983+ygDzKsCnfdXqm3GgjaI90OkNr1y4gWbcd5hicVDv5fD3TD9f0GbpDVw
yDz8YmvNzxMILt5Glisr6aH7gLG/u8jxy0D8YcBiyv5kfY4vMI2yXHpGg1cn/sVu
ZB01sU09VVIM2BznnimyAayI430wquxkZCyMx//BqFM1qetIgk1wDZTlFd0n6qtA
fDmXAC4s5pM5rfM5V57WmPaIqnRIaESJ35tFUFlCHfkfl/N/ribGVDg1z2KDW08r
96oEiIIiV4GfXl+NprJqpNS3Cn+aCXtd7/TsDScDEgs4sMaR29Lsf26cuWk8uQIN
BFYJmwQBEADDPi3fmwn6iwkiDcH2E2V31cHlBw9OdJfxKVUdyAQEhTtqmG9P8XFZ
ERRQF155XLQPLvRlUlq7vEYSROn5J6BAnsjdjsH9LmFMOEV8CIRCRIDePG/Mez2d
nIK5yiU6GkS3IFaQg2T9/tOBKxm0ZJPfqTXbT4jFSfvYJ3oUqc+AyYxtb8gj1GRk
X283/86/bA3C98u7re1vPtiDRyM8r0+lhEc59Yx/EAOL+X2gZyTgyUoH+LLuOWQK
s1egI8y80R8NZfM1nMiQk2ywMsTFwQjSVimScvzqv5Nt8k8CvHUQ3a6R+6doXGNX
5RnUqn9Qvmh0JY5sNgFsoaGbuk2PJrVaGBRnfnjaDqAlZpDhwkWhcCcguNhRbRHp
N7/a0pQr70bAG9VikzLyGC17EU0sxney/hyNHkr4Uyy2OXHpuJvRjVKy/BwZ3fxA
AYX2oZIOxQB3/OulzO/DppaCVhRtp1bt+Z5f+fpisiVb5DvZcMdeyAoQ4+oOr7v3
EasIs2XYcQ+kOE3Y2kdlHWBeuXzxgWgJZ1OOpwGMjR3Uy6IwhuSWtreJBA4er+Df
vgSPwKBsRLNLbPe3ftjArnC5GfMiGgikVdAUdN4OkEqvUbkRoAVGKTOMLUKm+ZkG
OskJOVYS+JAina0qkYEFF7haycMjf9olhqLmTIC+6X7Ox9R2plaOhQARAQABiQIf
BBgBCgAJBQJWCZsEAhsMAAoJEGhKFM8lguDF8ZIP/1q9Sdz8oMvf9AJXZ7AYxm77
V+kJzJqi62nZLWJnrFXDZJpU+LkYlb3fstsZ1rvBhnrEPSmFxoj72CP0RtcyX7wJ
dA7K1Fl9LpJi5H8300cC7UyG94MUYbrXijbLTbnFTfNr1tGx4a1T/7Yyxx/wZGrT
H/X8cvNybkl33SxDdlQQ9kx3lFOwC41e3TkGsUWxn3TCfvDh8VdA6Py6JeSPFGOb
MEO2/q7oUgvjfV+ivN5ayZi9bWgeqm1sgtmTHHQ4RqwwKrAb5ynXpn1b9QrkevgT
b91uzMA22Prl4DuzKiaMYDcZOQ3vtf0eFBP0GOSSgUKS4bQ3dGgi1JmQ7VuAM4uj
+Ug5TnGoLwclTwLksc7v89C5MMPgm2vVXvCUDzyzQA7bIHFeX+Rziby4nymec4Nr
eeXYNBJWrEp8XR7UNWmEgroXRoN1x9/6esh5pnoUXGAIWuKzSLQM70/wWxS67+v2
aC1GNb+pXXAzYeIIiyLWaZwCSr8sWMvshFT9REk2+lnb6sAeJswQtfTUWI00mVqZ
dvI3Wys2h0IyIejuwetTUvGhr9VgpqiLLfGzGlt/y2sg27wdHzSJbMh0VrVAK26/
BlvEwWDCFT0ZJUMG9Lvre25DD0ycbougLsRYjzmGb/3k3UktS3XTCxyBa/k3TPw3
vqIHrEqk446nGPDqJPS5
=9iF7
mQINBGPIEycBEACpG4qSjhxA6fh4QJVJxFVBvCFt9tVx/hDbKH0Ryy9iilyMeReC
AS1/CZnSv/fhDNKmVPckf6on72z/ODwZcVfMV6DHkxmZ6x/tQrS6CWfKkupsON2H
KS3t4HUivahwHPlWtbfDqsWNwTAsZqklKpJQWY2ADPwurkbCmtYSjsgbLuWe23Pd
nJpLTHtlChM0ntW/l7Le1zYjGPUGoxMJgjg1YG8fi2l/zS0Of8bdQ26ps+WRvrSQ
RKhfAkfIgUiCXxBpDlN1spN73ZlAkaSb+myTfEKyJR55Yt9pHfkDdJh26RVgE1+N
GuLmm6oidaD9lTlNJ9P8wlLzoof3xJXYprgLLz/HmgtawnJ+DxFIXoXNNpUmhORJ
6Hb2Z5IKIyGIwXhQVe2Lw7B8awBNV99zUw517Wuax3RYx7Hwhntz9gFxS4GRxaCo
uLCFQ0AgDCkMHyEHufQo1XdjIB7fz6U551y5GMQw6/rjMnUM9ZI68SQ/FWou2cQf
533PyayvWOYQM4pP7ZmbzyCd393XlMaPWA5dyUOqv7Vcmv0IsAbncX6/KJmZAhKG
qu19xb6rv3ab2RbcU422guK3C/h/URPZJbSjf2w4jUV5UDe2veZg6BEVn7Sk5bW0
ceX8n0GVbPNG7CvRduJPjXNzsz3FzmUS8QFFde3H5gl1T0f6GcfhmKgKEQARAQAB
tDdJbmZsdXhEYXRhIFBhY2thZ2UgU2lnbmluZyBLZXkgPHN1cHBvcnRAaW5mbHV4
ZGF0YS5jb20+iQJVBBMBCAA/BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUJBaOk
/BYhBJ1TnZDTMo3H1sjTudj/jh99+LB+BQJjyB9PAhsDAAoJENj/jh99+LB+klgQ
AKOKdwTyKOr6+mnRrACz5U3EFxfAXXFGan9Ka7Nzgz4K+FOnTtT1gWwqrPPmTKQk
epNUMcelfX1kCA08yCm0nyw2niqxES40W33ergKUj6jlDx7UQYXWsDQGD9IKksa8
MWfZlJ3zlrsGKXA4oa+kfY+vltWDVP8WhLcQzm2LywbKvr3WgY80GZbnRjoekiBK
oMKztQVMJG5yNZBo9B4JrqB3wMpnXZxEtqZcBPsJJdXTFKHsQ7kB9TMNorbUvDNH
ohwsprgMw84vHikEk9jyCypXpYq/E/wvkM0CeIUJ36S2vGvACib7BiY6Xv0BQbM4
rWq2Rrjag1y5vVAF9gJkeo/3rhM6lE1ahDCRq0QcBMVzbxiE+3COIzRPmz14J3Yn
0pkvzlVkNj5UZR8q91ESl+UxkFCP1wzcXgs0dpJWirQIOZ9E2eYv3LcjE68xjW1k
c5q1GOGvJI7aXADxUZ4lFbz+NUb4Ts4HXHc8gV1Gm0vvmIqv2YfAvL5DXbKLdZxh
73CxKvBMmTXIEQ+vQJ3p1ZnUnb+l6DoxEFWg/hXHmE5jY3P6HIVFdliXF5FEs1lr
9snU2Pn1BDL+TBN7SX0QbKqArWA4qyn6eGH8Z1ULoUVBPCjwC9QuInp/9fqifFYo
OM3A51MDGyc/HCVG6jNJEI5h71QGHlPfyQybpjy7rQSe
=YwXc
-----END PGP PUBLIC KEY BLOCK-----

52
data/apt/files/gpg-keys/openhab.asc
View file

@ -1,52 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFWz+OYBEACXcmKiL6ix1e4gJIWVoGMF7Hv0VOVKJgIUF/zJYBqk3sXQp/pi
JbIoODhrrIbEK33mqgy1EfzEmDhEurule59hq9HAQpOEz9hVbghhnsB8eXEQ9yJO
Wf8D8UGi2MKmqkvf7//jvdywNaQG/xhLu2xld7MxjuhswfiUWqoRFRpQoKY2QCe9
n92qS0MGGK0B6WgapZZPT6AGyqKYtkCA5qUn7bcoEM2236nXhOAYHJh0o4qJ+cBk
BbSx8KEdrZxKQH50gB//gk/K2s+6CbYYOcJX6z3SLa3fxzlbyH9xQhpumAv/++2v
IIJbJHJicsmCKe/SQ7x5xVh90j6xA3oiYZIG78xWL0xnGCPhFws861dR2iON6CSp
+UKDciEQJH+Ew40la+DcHH7tzHlpZpCC1Jv7VBDkhziPrsscgOtYEwfhsq0Pyfpo
0IsyVDBUyj3Nne1NcKShd6+SYFz+gtXkttELi+DZmyA6onatw7LPGFHs8gOVKYBM
PzmERQ1DjlFW+Dc8FEQquYiquzmkyhJUXHVD1G8Mkic8jhccWbv3S7ePanvpgyZ3
/KBAWk48/sym+zJTLWuJsCCNLI3K6gngexz1MMaRaPkbVK+4aboNLm6YhVlF5RCK
rTzIUAeB4dmu1k8Quqy/nYhYMokB9w5hiPwmGutjbpOntnrfqxvYy1EL1wARAQAB
tDBvcGVuSEFCIEJpbnRyYXkgUmVwb3NpdG9yaWVzIDxvd25lckBvcGVuaGFiLm9y
Zz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQTtt9AwTi/K
9infEWMHVyH2oiQGCgUCXTjCTAUJDwsFBgAKCRAHVyH2oiQGCmfMD/sGZickeBlA
+x8XxfzvwxTnW/8MCvFBa4l/GoK9bALylvekP4adk/aaySMk/zjk231mwmMuttnP
VDg6TwhxhthveAFdbJEkTNhWUqH0FzyN9QwEGfIodjkQSYWwosY+55V0uYp2zfo9
iHOtxzXjuLnkpZZPyY33qqGruqhnbyo2J09oLNw4MIwOepNMihP5u0nudTXiDivg
eg8lx/4WIIfwDwCe1gSBnU/731B0TIruxz3cQabLgeTuKB13+ajtJGuH1qrHxMVx
CFhD8wCugNj0qcI6NS06SXwLSAFr+xIeFXWVum2okWt2nzPpn7ll/FUG+qRECipt
m1IaEbelUrcuk7dUY75Fz5Fx8S0HtYAcCYYBDnhcaSSq7sK0NklrVz+bQZsJx4hY
ebkiNI/xFM3slOYoRzGWawuVpG/y1/VM/QRPS4uUS5rnvbGLVpn3bR+03FQwZWeb
yfMNke74TlM9+aEJZb1uxYQGLDFNDVNyALtGhDDp0R/FuDR0my3va3GJnZrtUGVg
M5Xfs/ebsKZ+CuLKqlbdZ0zjLUCJoT+tGGT1VPpi83jc+4wZXynj9b9/CWHoDfaN
VKTj95R7c7IOMRH5srpHX3qSzIF2Yav395SxJNuTTxcPCZ+n2M8jhvVnn4x8sWn5
Ms0cN2tKVmfIbLF/1JempVsifJmRkbqN+rkCDQRVs/jmARAAxrYK7y1WW/szELpQ
guGSJGIjLt3tNGHGLP3lX4G1DlbziysTx3fY+c+hzGAM8WInsABq5fOWqkiLfx3f
wlHdo7bxv3U+xWq+xV9OOx+tjJn2xI3EtZ632pOQtxj/+6Tdcf3tIwOSMKK5kpGw
DU1VoLkWMfJeq0md6TDRB49p82Q1UGTaVCCfHYpvwCyuv1FWhSQuPJJLdP0YRX2i
1L7zyJLUzjmlAmlNoSMSaoozNJoz/XKFOPoJ66Tu8j8j8W+yqcAKeRTPiZXCEjbh
3wgxrx3PWV77kOmtfb0sHyxRujdJvEUfixrSoi4qLrE8kCo2OR8d1C5DsMlbZzvF
kHWaNSkOtpWqEGD/+BLs6lejHvbBEvYSsQMF53yH8q1U+9+7CP9wwKKAtN7LQJcw
xUADv/UhSLA/ZZTisaeUVem9vZlnVfANSieYQvy6zWqvKF4FhBpQbVzSINWv/nzu
NR4gg3uJRMHUb4cyfy3mmJ7FwwF8oHQXU+mkILWmiwrMDbq0Mjc8FRL5Bg4iTwS5
jDGLZ0g4xU0GYi22eAWPL0dpQpA8t5Ja7W+x+VASOtbpnMAJO94YZ4yXlDcDeNJD
uo2y0z+xjuloPrGK+AssCpOBxpBlcrAFRMx5+rpkHSlLtkQNPeBPwXlryafDZ2PA
QsLBxUmFphyBraakmdGP3mR9ThUAEQEAAYkCPAQYAQoAJgIbDBYhBO230DBOL8r2
Kd8RYwdXIfaiJAYKBQJdOMOgBQkPDFfaAAoJEAdXIfaiJAYKDLgP/iuh/Kppaem/
wsRs6ehuCyEVz7ZJsKeq9ZL3d0jQy0CaFQRSICucptBeb14rTvf/i5+eEQI7E/bJ
9dLm1mepVS8M3wyn9+pP+Loa7bajEAD5ap08F88q56s+U70HO30qRHxp2yD9ZU0A
joX8pAIS/YaMicm1EFYajpyls/Jcyp2JG2AavRsrQ3iHvGv5Fc2/09E76lwje/Yh
royPhCrVm0adk6sxLfmKNiXBpLb5gzHR81oo20zk0+qYg2pRcVvfd6PvOcsrO4tl
K8kUMyfYixVKJu59xtMdg5ff6qlBrmTXkxyGb0t7VlhnX4UKcVU//+6b0TnBmUaG
61CZ4CGD2VvUMXcM0ihYl85g7+O9u/P2u3mhLX3xEa+rM4XpzqajL+jpt3CGQLkp
TnKZ8g1k9l7UkrHvVs/tBTCPvOEstzMwq2tWNuCbJ7Y9oB6FDPZGM3oFe2ubu2OH
MFT3KmOhD2jhWCXyB1hK/LOmINGfdfulBsK2KLKtKoJMWu2QLyMLa91l3AhzbH+s
7gQY6iC9rTy9qfHGOLTPjrHfkmrBky+KiDx1KVOnQvPqloLbKhkq1KHv8TAonqGK
THbU4Eod0DmWw80Z2zX7jV3BJs9VmDhr5NzpaZCVlrKrL+vIXzFClCYWQQMwfHpO
Yyq3xLVDG/Zs7LmgSAiEITxRFTR4qg7k
=r37a
-----END PGP PUBLIC KEY BLOCK-----

0
data/backup/keys/home.openhab.key.vault → data/backup/keys/home.hass.key.vault
View file

0
data/backup/keys/home.openhab.pub → data/backup/keys/home.hass.pub
View file

1
data/backup/keys/ns-primary.key.vault Normal file
View file

@ -0,0 +1 @@
encrypt$gAAAAABj1jTasX0XOFRWh7F0pxNgMoJIjrblvqOM8ohGVCsvVyMEQDiOmGaJCs9lW-lbeghlzRpiC8P7CNot6OOeNXBYWmxN_HgN3J2p6Q5-XoSJ62NUJWQNRNNENuiN1Yy0g0MREk4gVsNh8-VeoXuKgyLEXJQJI-SYLzl8faZoBnQGTK4FbTAiN6KSB4EbTPwxx-8dYp8kNIj4ipBjkQKNu-mXuVvdnf5fTUwTCQx6rz7yjlp7DOPuSJDASg5bE33dd8gt89grW5vBKeEnQsi7hpJCJF5vNfRay89IKfjf6UqxJHKCmS2tIWQ9Kz4Tv41MnNR0-jvnULq7TWcnqwo_SKb8JRLUA3dH2wLiOUu7aApYSkeSNiul2ILCtBPsjY_eWzqdd3tkpJBErOcFVe2mdjVRSIUOXTM_T3nNWCJgn5TxD4qbHklZoCaM6Ey9P_yQj-sSRGizgcDhGiqY8xJNmwbWz9IH5a_Fs6iRVhAh6VzSa1ZAKxcum87dj-KVA_SjG9hy7Dy28xK0D4NoSpYFOkEz4VHpa1tP0t8QJ2WtQiw-qjHFzokkIINEUKUPIBg6t_5oedJ24YMnyyzBZ2_uQ1HFVFjBx-7Iw73bTPNluVwXkobzEnrYFwDsEXGE6tR0HjbteNxj

1
data/backup/keys/ns-primary.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+FCn1sWP74+lVAyaXDpXxCCauh6LC2KEJmIMhDEYvJ kunsi@kunsi-p14s.kunbox.net

9
data/powerdns/files/bind-zones/cybert-media.net
View file

@ -1,9 +0,0 @@
${header}
$ORIGIN cybert-media.net.
@ IN A 159.69.11.231
IN AAAA 2a01:4f8:c2c:c410::1
IN TXT "v=spf1 a ~all"
www IN CNAME cybert-media.net.

9
data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org
View file

@ -1,9 +0,0 @@
${header}
$ORIGIN die-brontosaurier-waren-es.org.
; ends up on rx300.kunbox.net
@ IN A 31.47.232.106
IN AAAA 2a00:f820:528::2
IN MX 10 rx300.kunbox.net.
IN TXT "v=spf1 mx ~all"

3
data/powerdns/files/bind-zones/emails.sexy
View file

@ -1,3 +0,0 @@
${header}
$ORIGIN emails.sexy.

9
data/powerdns/files/bind-zones/eskalation.jetzt
View file

@ -1,9 +0,0 @@
${header}
$ORIGIN eskalation.jetzt.
queere IN NS ns1.athena7.eu.
queere IN NS ns2.athena7.eu.
queere IN NS ns3.athena7.eu.
queere IN NS ns4.athena7.eu.

5
data/powerdns/files/bind-zones/felix-kunsmann.de
View file

@ -1,5 +0,0 @@
${header}
$ORIGIN felix-kunsmann.de.
@ IN MX 10 rx300.kunbox.net.

15
data/powerdns/files/bind-zones/flauschehorn.sexy
View file

@ -1,15 +0,0 @@
${header}
$ORIGIN flauschehorn.sexy.
@ IN A 5.189.140.103
IN AAAA 2a02:c207:3002:8320:feed:f2c1:c0ff:ee
IN MX 10 rx300.kunbox.net.
IN TXT "v=spf1 mx ~all"
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
) ;

43
data/powerdns/files/bind-zones/franzi.business
View file

@ -1,43 +0,0 @@
${header}
$ORIGIN franzi.business.
; ends up on rx300.kunbox.net
@ IN A 31.47.232.106
IN AAAA 2a00:f820:528::2
IN MX 10 rx300.kunbox.net.
IN TXT "v=spf1 mx a:sewfile.htz-cloud.kunbox.net ~all"
chat IN CNAME rx300.kunbox.net.
dimension IN CNAME rx300.kunbox.net.
git IN CNAME rx300.kunbox.net.
jenkins IN CNAME rx300.kunbox.net.
matrix IN CNAME rx300.kunbox.net.
mta-sts IN CNAME rx300.kunbox.net.
netbox IN CNAME rx300.kunbox.net.
sewfile IN CNAME sewfile.htz-cloud.kunbox.net.
paste IN CNAME rx300.kunbox.net.
postfixadmin IN CNAME rx300.kunbox.net.
radicale IN CNAME rx300.kunbox.net.
rss IN CNAME rx300.kunbox.net.
status IN CNAME icinga2.ovh.kunbox.net.
tickets IN CNAME franzi-business.cname.pretix.eu.
travelynx IN CNAME rx300.kunbox.net.
wiki IN CNAME rx300.kunbox.net.
woodpecker IN CNAME rx300.kunbox.net.
_matrix._tcp IN SRV 10 10 443 matrix
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
_mta-sts IN TXT "v=STSv1;id=20201111;"
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
"vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
) ;
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
) ;

16
data/powerdns/files/bind-zones/kunbox.net
View file

@ -1,4 +1,14 @@
${header}
$TTL 60
@ IN SOA ns-primary.kunbox.net. hostmaster.kunbox.net. (
${SERIAL}
3600
600
86400
300
)
${NAMESERVERS}
$ORIGIN kunbox.net.
@ -10,6 +20,10 @@ $ORIGIN kunbox.net.
IN MX 10 rx300
IN TXT "v=spf1 mx ~all"
; delegate acme stuff to psql-managed zone
_acme-challenge IN CNAME _acme-challenge.kunbox.net.le.kunbox.net.
_acme-challenge.home IN CNAME _acme-challenge.home.kunbox.net.le.kunbox.net.
; Mail servers
mta-sts IN CNAME rx300

31
data/powerdns/files/bind-zones/kunsmann.eu
View file

@ -1,31 +0,0 @@
${header}
$ORIGIN kunsmann.eu.
; ends up on rx300.kunbox.net
@ IN A 31.47.232.106
IN AAAA 2a00:f820:528::2
IN MX 10 rx300.kunbox.net.
IN TXT "v=spf1 mx ~all"
git IN CNAME rx300.kunbox.net.
grafana IN CNAME influxdb.htz-cloud.kunbox.net.
icinga IN CNAME icinga2.ovh.kunbox.net.
influxdb IN CNAME influxdb.htz-cloud.kunbox.net.
luther-ps IN CNAME luther.htz-cloud.kunbox.net.
mta-sts IN CNAME rx300.kunbox.net.
statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net.
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
_mta-sts IN TXT "v=STSv1;id=20201111;"
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
"vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
) ;
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
) ;

4
data/powerdns/files/bind-zones/trans-agenda.de
View file

@ -1,4 +0,0 @@
${header}
$ORIGIN trans-agenda.de.

22
data/powerdns/files/bind-zones/trans-agenda.eu
View file

@ -1,22 +0,0 @@
${header}
$ORIGIN trans-agenda.eu.
@ IN MX 10 rx300.kunbox.net.
IN TXT "v=spf1 a mx ~all"
mta-sts IN CNAME rx300.kunbox.net.
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
_mta-sts IN TXT "v=STSv1;id=20201111;"
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
2019._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
"vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
) ;
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
"oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
) ;

3
data/powerdns/files/bind-zones/warnochwas.de
View file

@ -1,3 +0,0 @@
${header}
$ORIGIN warnochwas.de.

36
data/ssl/_.franzi.business.crt.pem
View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEiTCCA3GgAwIBAgISBEiaFE6qZ3+AhUkmqKta5OSuMA0GCSqGSIb3DQEBCwUA
MIIEijCCA3KgAwIBAgISA8l+oC4pMh1Q/UNiEPuiw39OMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjExMDYwNjA3MTZaFw0yMzAyMDQwNjA3MTVaMBoxGDAWBgNVBAMT
D2ZyYW56aS5idXNpbmVzczB2MBAGByqGSM49AgEGBSuBBAAiA2IABFdgHf2P15+0
as3iN/M7itWsdWCtH35cGIf871AeU5OhB4JDNbb5aDsho9ga/vIsjpB1Xh3EhNvP
I3b8KT9JUUE/dIRaWvNp8OSKihiU72mXIIlmslVW2AeqwBGMU0L+46OCAl0wggJZ
EwJSMzAeFw0yMzAxMjkwNDM5NTFaFw0yMzA0MjkwNDM5NTBaMBoxGDAWBgNVBAMT
D2ZyYW56aS5idXNpbmVzczB2MBAGByqGSM49AgEGBSuBBAAiA2IABMlQ1P5Y0aZ5
vUzB4TAP8iIuiO3GJnYhnKrbe/Lz3gf6Ct9bGM4JLY3RI9xcSmol3sNKdVmbHMRe
z63GW4twSnS517axo6jcT0YQkFVyhWHvLnpBW42M1FpjzaDCbs74zKOCAl4wggJa
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUsY9YAWIXWlFiQi/JImI6LFxrc6gwHwYD
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURw5+tfBU0aOBqfN40kz43fUcjx4wHwYD
VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG
CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5mcmFuemkuYnVzaW5l
c3OCD2ZyYW56aS5idXNpbmVzczBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE
AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y
ZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ALc++yTfnE26dfI5xbpY9Gxd/ELP
ep81xJ4dCYEl7bSZAAABhEvD10MAAAQDAEcwRQIhAM2BBzR9UWZNuK3+nk6AdaJL
1j8OvFPZnb+CJqdYtBe8AiAJM4kwOyZLzK/ZGXzwBJLjRTXs2hJZ4qXUzszhv/hs
+QB2AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhEvD2UYAAAQD
AEcwRQIgfMXcWDFe5IKe6n4D9t3zpecF7wCIje8pBd4WQ3OfxM4CIQDpGTCU2pUI
Hfwkq+6a2j6Lh3baERBbrfnGDF2AOjjelzANBgkqhkiG9w0BAQsFAAOCAQEAMGiD
9uo+WVO+p/HFA+bHM/1ZaTDBONP72YHPx0tdFvQAPQ59n8n6KsE2w9cioNHiRYVv
WhoHjWXtzsCiJzNvc4wuTCxJkBtfSAvsOGqGMQJ+cQym+aSBKqSKvKsIQQjOmz/p
sere5gqTkhuCfnbF8AL7JqDFld4knlbzzsdhj0SjcAO4OUA8SdHdGq192hVRB+nL
IFb6Ax4jD/fQ19j+uL+F1MgMmwUkVF77X279FGlax9PGpmQ47aLj5w7qDpZxfHf9
Z2nq14Bk6USZcz9hR+gq38lvo6aU/0MvPey9QiIzLg78K0gEQ1o3qoUIl+9erSLR
ssU+fmyZoeNBV6q8xw==
ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AHoyjFTYty22IOo44FIe6YQWcDIT
hU070ivBOlejUutSAAABhfwJ/TEAAAQDAEgwRgIhAINjOWzyMeYZYFNk5cdghSwA
JDuxKo8/ubIlsAV9ymJWAiEAuVZjp2GQ0RmFyGVDiF865uC4lTtzMIwmpgwYiBqg
DQsAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYX8Cf1OAAAE
AwBHMEUCIGoeOIHC8O+zj/3E89BHv+9siaKSOy/2I6i53V5faX3EAiEAsk/Lhr/0
NpogdjroYqt1sKvTzmO0BrxWJ5a41JQdtX0wDQYJKoZIhvcNAQELBQADggEBAIM4
moszjbZGKjaoCtsj5t7Dtxu/JmE9gOnwfxnUrDKn0T00dKQi8Mk6a4C5vdGnxorO
lj8VutznRvp1RKxb6WWyk0iW22rLm+kTudf/vf9lY0X7DmD/u3MO2tGumwjMdLRT
QgxP+yu8R03ZppnuzYZhERAbY6AuC/U+owiYjNfF4v1Eyn4zxe6L2v0UWGnBWObb
xv5RbhHFezr676GaLIrcVh0rN6YNK2J1Cei2pNtAVSLiSJvuuO5Qq1KE7wQqbGd+
lqK2tcEZRtzaFrpW7C0ZW7LpgO8zdeN4BtD25ozhGJO/0H5hhKpQ/wtWqXYKkhC/
G47QSheqKqJnHOCL0hA=
-----END CERTIFICATE-----

2
data/ssl/_.franzi.business.key.pem.vault
View file

@ -1 +1 @@
encrypt$gAAAAABjZ10m0BnUbl5777KN6VHf6uAdtcs15-osbqRoQq6epRuWllD-ziy_2N7BrOkRcmfSJaB8zZ1l1bLD6ws3SlI7jvbkahvWnuKinkGiE30SGGjqr6MY_NJGawdox8OJWrsWLFYJJjrePl_mmVtx9G41oBreKizj1YPswzbzsFociJ0zF0xlx99sjjLxRB5PEaI3fwK1eXDmODGZ__dwKxINGSB2zxPb10Vwtnsp3cmaUiKh1TfIghQAm523cAuHPys1-tNXuJpvhPY3tIxB5gHZYiBXMzcS64mD1KqEubsnplxQlK-N_mJ7Q6n0xReG00pqvm5twRI5g7PoHYLH7nZI7KYOSI2XMAS7gP6Uy-H60BQKAHXuX4yutznVRJspv0wa4kfW9vcBfFECBhFeC8tAAkgAc-NvAsDYk6tYSi2k3N2zXsiyHy0NL-JMnUEicQT3YZNnfkoYqjuxwFbQvgtZZun38w==
encrypt$gAAAAABj1gankGocRRCdH6WqCUFJ6UtA1f07KpXYh4KcelenJv0ZbQ98f2nwIk29iXWEIsS9FTiRyEG95u_Lmm_p7GbKCMDSIZfZgAC2I3tp_BxZPerhEkwxTT_BjEYHRjMDFrzwoAypTO1Mj_XiT_CYvAZptHI3MZcI9QwPVw-CMJ4KqzG-IztkW8KVnuM7agiBdUt4IYkLyeZ0IoL4nOIWANtdM-y4rILv6N7WIMw6dgsSvLPEQR-PYdNLq866IR0-yFGOfYcQKOvpBqAt6A69E6JxSm3AakaJaS75QYF2lzGVjTfrFoGz60LUjC60KuTsu3dUckGUm7JEq1BSMxvc5b_a6pCazvoAnM0gbtbM_DjL0phLj7VWZEg-_1CHfc2S0-UxbxBjLKJ3NPPs93_En5RWxqxkhvvZgxzWJqQWP2eBprge8Q_EEXkMbxumVVx9Ymdynlw2AgkQhVVJIu_vnsZ4Uc8vIA==

36
data/ssl/_.home.kunbox.net.crt.pem
View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgISA7oUZzeuZgmxMvP1zm5RtCGYMA0GCSqGSIb3DQEBCwUA
MIIEijCCA3KgAwIBAgISA28YyqkbxYen4u/lcNEqBY7lMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjExMDYwNjA3MTdaFw0yMzAyMDQwNjA3MTZaMBoxGDAWBgNVBAMT
D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABDcmJYSIKimG
w9hUy0guhMoubPJ+QcSioL4TjuqKmgVCXXEHzkGuaCQTwRX7BiHOyH+3nqcm7N1x
qF5rucOxJoKgGW40ZjemdWAVDGYm3euEU0Td0V+L6z/L/cWe25YwoKOCAl4wggJa
EwJSMzAeFw0yMzAxMjkwOTE0MjZaFw0yMzA0MjkwOTE0MjVaMBoxGDAWBgNVBAMT
D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABCsS8YhWoIvn
yMOjY8LtjQ8+Pa58DBckQ1lnktMo1T3bfwxMxTGH+iYdOT4kHWOen6aNzdXqrerA
YjTN/MRBCR8tMZglzmshUG7qpzI/s89QSL6+KoCV5Pl0mEWLSvrLFKOCAl4wggJa
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJkY/Eq6HUOrPZyW+Y+4/uiG0/8swHwYD
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtCIXQGA7PP7mGdMLuN3nYsynu4wwHwYD
VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG
CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5u
ZXSCD2hvbWUua3VuYm94Lm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE
AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y
ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AK33vvp8/xDIi509nB4+GGq0Zyld
z7EMJMqFhjTr3IKKAAABhEvD2XwAAAQDAEgwRgIhAMzxM2rXgjZDrPm6jKHUS4u3
BxokYdBgO63klZ5iuEyLAiEAinyT+YKDotIyWcUHvl0tpANYq+XlJaELvg7aCcwj
3MgAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYRLw9tCAAAE
AwBHMEUCIQDTNayLb2lW5oNnj1bJaqbcOnjOktsPSYUGaokd6iBeUQIgOak7kR7e
rAvW3CwA1QSZgqRHLn86UFfGc0pVHNDb3e4wDQYJKoZIhvcNAQELBQADggEBABdr
R6NgzfgNT2WVTpZOpgLEPO58WKBEofMtVTRDjDKinSvDUFRhJAEjoXKxZXtEG+yH
VhGGLcmh+6mn8+8yz1qEngA3uGiHS533aOUbP3cCbfqRCeuKMS+5ojjOlKb3xZj4
uRGvxw90wY3RYwn8k3/beEs+TaNnFU+NtBwScy+/8aRHG5rBQjdBWZHpcB4/wT0V
cLakTharwRHVw11GFlEk60k2JMEtCLkBjKq/CpbusQZHd1uVyzhWC802lWRqY4nq
YTO3Z8FNRGOaHVcydX6wMlQg/t+1hYgCC6HWhuOf8AOr+kkg4zSdv0YvAYuOzY8X
sc1/2y3z9deYm4qHw/w=
ZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELP
ep81xJ4dCYEl7bSZAAABhf0FYYAAAAQDAEcwRQIgLCh9130fH81/vY6Ps7inMh3l
GEM8GPiDEHk68oq2R9wCIQCnHdc9Seo+qTRnc6DcoKvyC9azNFEZBiikMgoIJkyq
6gB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhf0FYZgAAAQD
AEgwRgIhAM3M2KLdUfIiqVgaMqIH1ust2lUjR10gwN8juONeXZoMAiEA2KArQKYG
GbhN/dWqht+So4Ni3/K5Vwcfb91ewthPR6swDQYJKoZIhvcNAQELBQADggEBALhs
LaBZ27UoZOqukblSD8EyoLnJ3Cplg1r3J9+e4QNzySjsDpYr/w+Y4mUT/nGAGgGL
4b1cHD57XnQB1yvB3Dv9aowg+Udo4eTNY41FMgouYhYFowi5gWYoQhpIFOpwvd0v
Cmrl4PPta2Ytbg/FMNxOt47E0sUL2zASMCKTKcPsIpcpEG7w8jBGcCX7e3NCG36z
K4jZqW3Pd3BZe1e7ywUyF/SSw38Pv1rFbBxuSh+kDjQfcOWN75oOyyKgcLsGBxfy
850WclzgMTnRRlZGaiUTVQ7uPkB44DIhTT6afxPMDKrtRLkd5LHownE3NPUTyfDx
cK9weiaIniziAnEjUr4=
-----END CERTIFICATE-----

2
data/ssl/_.home.kunbox.net.key.pem.vault
View file

@ -1 +1 @@
encrypt$gAAAAABjZ10mtywN2Tx7b0-sZywDVcNo5gQbnzjwlMjQPktMwmRBwGMbQVcwuGhhopu5vd4Ztw8aGO5lf-SQmLWgdpR4aIrPNx1Iu4urF2LMV-BMLSgmF85ADQzlbiBvrzGAnIoVUjwXYyGj1Wst4feWMKBDc_kThinYhSplMZ_yjEbMj0eMGRzjSclkvAm24KWi7l_LQAklRELuQQyopHDo47AxehNI-nvLfO0FfXZJpkdrMV1V8lSqyXwBSW3McJKH8bbmVEX8qq-mNntBNpe3n5V2ninj72aC0D572hfMp-jKC6xccf-CqnmX1qaWGGj1yiFDdBxfOSU-kO6204BVtfspMtkI75YAYE_7aA-GUiHfXaNHvDhf2uMb8ssbJUdvGS_oLx1qnKiyeyJ6RRhl71xxXjNEo0hPYYY1BGj6hjq30R8aGknkQNCjyCD87Sc7qh95KpMmY4d82xI70xeS4mk8hEgCow==
encrypt$gAAAAABj1kcBpq8c_Ez3JkYJIB0evClkcblewwzBEbl4rfcd-3Z2xFlQ8OggIxGdlLGWjIN_ZBaENvXcqy4ZYlwpXgqrZJpBao8WyovZiKLK759r8qVRjbIBvHnH90t_JZ3-MydlpD1mUzHUy5oQq5Qn8jLoRTzHE2TM8VyhaBkMVQ9gacHdqNGW6dsvCRzXCQM1CNqs8pyc8nQxdARjv_FGwSeZlCxcYPSLEBeE-Hf-wJyVWnG7oyq9XKUyI8NWLPQNwWUjzMgKwumtDh21goRsSRAtLLFmqE_iU1IyZYwNh4J3SBMZKBl0fATtHXhnW1_k-RA1-l54PFMTR0KgS-uxYtqZ1Az0t1KEfEvyzfHAQLJ8RIwOOVtPNUvhSiMHr3jG0WpxymilOLfjFpnCZ8E_CA6L8hmytXEBfoM4ZHMCWzOIe_9tIKcMS146NOzaPnCXpKFganNuvV_S7zEn33zv-jYEHD4d8A==

4
groups/features.py
View file

@ -12,10 +12,6 @@ groups['dns'] = {
},
'metadata': {
'powerdns': {
'features': {
'bind': True,
'pgsql': True,
},
# Overridden in node metadata for primary server
'is_secondary': True,
},

1
groups/os.py
View file

@ -71,7 +71,6 @@ groups['debian'] = {
'bundles': {
'apt',
'backup-client',
'molly-guard',
},
'os': 'debian',
'pip_command': 'pip3',

1
hooks/test_backup_metadata.py
View file

@ -2,6 +2,7 @@ from bundlewrap.exceptions import BundleError
from bundlewrap.utils.text import bold, green, yellow
from bundlewrap.utils.ui import io
def test_node(repo, node, **kwargs):
if not node.has_bundle('backup-client'):
return

1
hooks/test_metadata_dashes_vs_underscores.py
View file

@ -4,6 +4,7 @@ from bundlewrap.exceptions import BundleError
from bundlewrap.utils.text import bold, green
from bundlewrap.utils.ui import io
def test_underscore_vs_dash(node, metadata, path=[]):
for k, v in metadata.items():
if not isinstance(k, str):

2
libs/faults.py
View file

@ -1,4 +1,4 @@
from json import loads, dumps
from json import dumps, loads
from bundlewrap.metadata import metadata_to_json
from bundlewrap.utils import Fault

2
libs/firewall.py
View file

@ -1,5 +1,5 @@
from ipaddress import IPv4Network, ip_network
from os.path import abspath, dirname, join
from ipaddress import ip_network, IPv4Network
REPO_PATH = dirname(dirname(abspath(__file__)))

5
libs/keys.py
View file

@ -1,8 +1,11 @@
import base64
from nacl.public import PrivateKey
from nacl.encoding import Base64Encoder
from nacl.public import PrivateKey
from bundlewrap.utils import Fault
def gen_privkey(repo, identifier):
return repo.vault.random_bytes_as_base64_for(identifier)

5
libs/tools.py
View file

@ -1,9 +1,10 @@
from ipaddress import ip_address, ip_network, IPv4Address, IPv4Network
from ipaddress import IPv4Address, IPv4Network, ip_address, ip_network
from bundlewrap.exceptions import NoSuchGroup, NoSuchNode, BundleError
from bundlewrap.exceptions import BundleError, NoSuchGroup, NoSuchNode
from bundlewrap.utils.text import bold, red
from bundlewrap.utils.ui import io
def resolve_identifier(repo, identifier):
"""
Try to resolve an identifier (group or node). Return a set of ip

1
nodes.py
View file

@ -3,6 +3,7 @@ from os.path import join
from pathlib import Path
import bwpass
from bundlewrap.metadata import atomic
from bundlewrap.utils import error_context

9
nodes/entropia-jira.toml
View file

@ -5,13 +5,18 @@ dummy = true
period = "daytime"
pretty_name = "ticket.gulas.ch"
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
[metadata.icinga2_api.nginx.services."NGINX VHOST ticket-redirect CERTIFICATE"]
check_command = "check_https_cert_at_url"
"vars.domain" = "ticket.gulas.ch"
"vars.notification.mail" = true
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
check_command = "check_https_cert_at_url"
"vars.domain" = "jira.gulas.ch"
"vars.notification.mail" = true
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CONTENT"]
check_command = "check_http_wget"
"vars.http_wget_contains" = "login.jsp"
"vars.http_wget_url" = "https://ticket.gulas.ch/secure/Dashboard.jspa"
"vars.http_wget_url" = "https://jira.gulas.ch/secure/Dashboard.jspa"
"vars.notification.sms" = true

6
nodes/fkusei-locutus.py
View file

@ -76,18 +76,12 @@ nodes['fkusei-locutus'] = {
# video drivers
'xf86-video-intel': {},
# for i3pystatus
'iw': {},
'wireless_tools': {},
# all that other random stuff one needs
'apachedirectorystudio': {},
'direnv': {},
'freerdp': {},
'mosquitto': {},
'sdl_ttf': {}, # for compiling testcard
'thermald': {},
'virt-manager': {},
},
},
'systemd-boot': {

29
nodes/gce/bind01.py
View file

@ -3,19 +3,12 @@
nodes['gce.bind01'] = {
'hostname': '34.89.208.78',
'bundles': {
'nodejs',
'powerdnsadmin',
},
'groups': {
'debian-buster',
'debian-bullseye',
'dns',
'webserver',
},
'metadata': {
'backups': {
# This is the primary DNS server. However, we only use
# replication for DynDNS, currently. No need for backups here.
'exclude_from_backups': True,
},
'interfaces': {
@ -30,30 +23,12 @@ nodes['gce.bind01'] = {
'icinga_options': {
'pretty_name': 'ns-1.kunbox.net',
},
'nginx': {
'vhosts': {
'ns-1.kunbox.net': {
'locations': {
'/': {
'target': 'http://127.0.0.1:8000/',
},
},
'website_check_path': '/login',
'website_check_string': 'PowerDNS',
},
},
},
'postgresql': {
'version': '11',
'version': '15',
},
'powerdns': {
'is_secondary': False,
'secondary_nameservers': 'dns',
'my_hostname': 'ns-1.kunbox.net',
},
'powerdnsadmin': {
'version': 'v0.3.0',
},
'vm': {
'cpu': 1,
'ram': 1,

4
nodes/gce/dns02.py
View file

@ -5,7 +5,7 @@ nodes['gce.dns02'] = {
'hostname': '35.187.109.249',
'bundles': set(),
'groups': {
'debian-buster',
'debian-bullseye',
'dns',
},
'metadata': {
@ -25,7 +25,7 @@ nodes['gce.dns02'] = {
'exclude_from_backups': True,
},
'postgresql': {
'version': '11',
'version': '15',
},
'powerdns': {
'my_hostname': 'ns-2.kunbox.net',

4
nodes/gce/dns03.py
View file

@ -5,7 +5,7 @@ nodes['gce.dns03'] = {
'hostname': '35.228.143.71',
'bundles': set(),
'groups': {
'debian-buster',
'debian-bullseye',
'dns',
},
'metadata': {
@ -25,7 +25,7 @@ nodes['gce.dns03'] = {
'exclude_from_backups': True,
},
'postgresql': {
'version': '11',
'version': '15',
},
'powerdns': {
'my_hostname': 'ns-3.kunbox.net',

3
nodes/home.hass.toml
View file

@ -5,9 +5,6 @@ bundles = [
]
groups = ["debian-bullseye"]
[metadata.backups]
exclude_from_backups = true
[metadata.interfaces.enp1s0]
ips = ["172.19.138.25/24"]
gateway4 = "172.19.138.1"

21
nodes/home.openhab.toml
View file

@ -1,21 +0,0 @@
hostname = "172.19.138.21"
bundles = ["nginx", "openhab"]
groups = ["debian-bullseye"]
[metadata.interfaces.enp1s0]
ips = ["172.19.138.21/24"]
gateway4 = "172.19.138.1"
ipv6_accept_ra = true
[metadata.nginx.vhosts.openhab]
ssl = "_.home.kunbox.net"
[metadata.openhab]
domain = "openhab.home.kunbox.net"
[metadata.openhab.java_opts]
"user.timezone" = "Europe/Berlin"
[metadata.vm]
cpu = 2
ram = 2

2
nodes/home.wled-wohnzimmer.toml
View file

@ -3,7 +3,7 @@ dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.70"]
dhcp = true
mac = "3c:61:05:d0:ba:1a"
mac = "3c:61:05:d0:f2:b9"
[metadata.icinga_options]
exclude_from_monitoring = true

6
nodes/home/router.py
View file

@ -133,13 +133,13 @@ nodes['home.router'] = {
'interface': 'enp1s0.100',
'dyndns': {
'domain': 'franzi-home.kunbox.net',
'url': 'https://ns-1.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}',
'url': 'https://ns-primary.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}',
'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
},
'nftables-rules.d': {
'inet filter forward iif enp1s0.23 oif $INTERFACE accept',
'inet filter forward iif enp1s0.42 accept',
'inet filter forward iifname enp1s0.23 oif $INTERFACE accept',
'inet filter forward iifname enp1s0.42 accept',
},
},
'unbound': {

6
nodes/htz-cloud/miniserver.py
View file

@ -62,7 +62,7 @@ nodes['htz-cloud.miniserver'] = {
},
'element-web': {
'url': 'chat.sophies-kitchen.eu',
'version': 'v1.11.17',
'version': 'v1.11.23',
'config': {
'default_server_config': {
'm.homeserver': {
@ -134,8 +134,8 @@ nodes['htz-cloud.miniserver'] = {
},
},
'matrix-media-repo': {
'version': 'v1.2.12',
'sha1': 'c2dfa521c2eea9a0dcde9f1c7803f52ce6d0352e',
'version': 'v1.2.13',
'sha1': '0915bdf7c461368859180419d1f66717969cbe32',
'homeservers': {
'sophies-kitchen.eu': {
'domain': 'http://[::1]:20080/',

10
nodes/kunsi-p14s.py
View file

@ -96,25 +96,15 @@ nodes['kunsi-p14s'] = {
'mesa-vdpau': {},
'xf86-video-amdgpu': {},
# for i3pystatus
'iw': {},
'wireless_tools': {},
# all that other random stuff one needs
'abcde': {},
'apachedirectorystudio': {},
'claws-mail': {},
'claws-mail-themes': {},
'ferdi-bin': {},
'ffmpeg': {},
'gumbo-parser': {}, # for claws litehtml
'imagemagick': {},
'inkscape': {},
'mosquitto': {},
'perl-musicbrainz-discid': {}, # for abcde
'perl-webservice-musicbrainz': {}, # for abcde
'samba': {},
'xf86-input-wacom': {},
},
},
'sysctl': {

43
nodes/ns-primary.toml Normal file
View file

@ -0,0 +1,43 @@
hostname = "82.165.52.168"
bundles = [
"nodejs",
"powerdnsadmin",
]
groups = [
"debian-bullseye",
"dns",
"webserver",
]
[metadata.interfaces.ens192]
ips = [
"82.165.52.168",
"2001:8d8:1801:7d4::1/64",
]
gateway4 = "10.255.255.1"
gateway6 = "fe80::250:56ff:fea8:628f"
[metadata.icinga_options]
pretty_name = "ns-primary.kunbox.net"
[metadata.nginx.vhosts."ns-primary.kunbox.net"]
website_check_path = "/login"
website_check_string = "PowerDNS"
[metadata.nginx.vhosts."ns-primary.kunbox.net".locations."/"]
target = "http://127.0.0.1:8000/"
[metadata.postgresql]
version = "15"
[metadata.powerdns]
is_secondary = false
secondary_nameservers = "dns"
features.bind = true
[metadata.powerdnsadmin]
version = "v0.3.0"
[metadata.vm]
cpu = 2
ram = 2

21
nodes/rx300.py
View file

@ -105,7 +105,7 @@ nodes['rx300'] = {
},
'element-web': {
'url': 'chat.franzi.business',
'version': 'v1.11.17',
'version': 'v1.11.23',
'config': {
'default_server_config': {
'm.homeserver': {
@ -128,8 +128,8 @@ nodes['rx300'] = {
},
},
'gitea': {
'version': '1.17.3',
'sha1': 'a78611a3e799150fbae3d45d2bd276d95ccffcd8',
'url': 'https://codeberg.org/attachments/be5952ea-6cfb-4be5-a593-3564c4bd8cc9',
'sha1': '0bcf3d6d6541a46571802d9e9276056ff860841e',
'domain': 'git.franzi.business',
'email_domain_blocklist': {
'aol.com',
@ -197,8 +197,8 @@ nodes['rx300'] = {
},
},
'matrix-media-repo': {
'version': 'v1.2.12',
'sha1': 'c2dfa521c2eea9a0dcde9f1c7803f52ce6d0352e',
'version': 'v1.2.13',
'sha1': '0915bdf7c461368859180419d1f66717969cbe32',
'homeservers': {
'franzi.business': {
'domain': 'http://[::1]:20080/',
@ -268,8 +268,8 @@ nodes['rx300'] = {
},
},
'mautrix-whatsapp': {
'version': 'v0.8.0',
'sha1': '4e561a96c8fae61edd8dee9abdd52b5146fa98b2',
'version': 'v0.8.2',
'sha1': '31779131b0524e84f980a7e3b5a818150833470d',
'homeserver': {
'domain': 'franzi.business',
'url': 'https://matrix.franzi.business',
@ -306,7 +306,7 @@ nodes['rx300'] = {
},
'netbox': {
'domain': 'netbox.franzi.business',
'version': 'v3.4.1',
'version': 'v3.4.4',
'changelog_retention_days': 360,
'admins': {
'kunsi': 'hostmaster@kunbox.net',
@ -327,7 +327,7 @@ nodes['rx300'] = {
},
'vhosts': {
'element-web': {'ssl': '_.franzi.business'},
'gitea': {'ssl': '_.franzi.business'},
'forgejo': {'ssl': '_.franzi.business'},
'jenkins-ci': {'ssl': '_.franzi.business'},
'matrix-dimension': {'ssl': '_.franzi.business'},
'matrix-synapse': {'ssl': '_.franzi.business'},
@ -450,6 +450,7 @@ nodes['rx300'] = {
},
'postgresql': {
'version': '13',
'max_connections': 500,
},
'radicale': {
'domain': 'radicale.franzi.business',
@ -523,7 +524,7 @@ nodes['rx300'] = {
},
},
'travelynx': {
'version': '1.23.12',
'version': '1.29.4',
'mail_from': 'travelynx@franzi.business',
'domain': 'travelynx.franzi.business',
},

Some files were not shown because too many files have changed in this diff Show more