From 3b79f3973f450bb18da2a4c5b8b05758aa9d0fe4 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 16:36:43 +0200 Subject: [PATCH 01/58] bw/bundle matrix-dimension add first draft --- .../files/matrix-dimension.service | 14 +++ .../matrix-dimension/files/production.yaml | 98 +++++++++++++++++++ bundles/matrix-dimension/items.py | 68 +++++++++++++ bundles/matrix-dimension/metadata.py | 75 ++++++++++++++ .../dimension.sophies-kitchen.eu | 13 ++- nodes/htz-cloud/miniserver.py | 35 ++++--- 6 files changed, 288 insertions(+), 15 deletions(-) create mode 100644 bundles/matrix-dimension/files/matrix-dimension.service create mode 100644 bundles/matrix-dimension/files/production.yaml create mode 100644 bundles/matrix-dimension/items.py create mode 100644 bundles/matrix-dimension/metadata.py diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service new file mode 100644 index 0000000..1b9333f --- /dev/null +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -0,0 +1,14 @@ +[Unit] +Description=Matrix Dimension +After=network.target + +[Service] +User=matrix-support +Group=matrix-support +Environment="NODE_ENV=production" +ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +WorkingDirectory=${config['install_dir']} +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml new file mode 100644 index 0000000..bb67228 --- /dev/null +++ b/bundles/matrix-dimension/files/production.yaml @@ -0,0 +1,98 @@ +# The web settings for the service (API and UI). +# It is best to have this run on localhost and use a reverse proxy to access Dimension. +web: + port: 8184 + address: '127.0.0.1' + +# Homeserver configuration +homeserver: + # The domain name of the homeserver. This is used in many places, such as with go-neb + # setups, to identify the homeserver. + name: "${config['homserver']['name']}" + + # The URL that Dimension, go-neb, and other services provisioned by Dimension should + # use to access the homeserver with. + clientServerUrl: "${config['homserver']['clientServeUrl']}" + + # The URL that Dimension should use when trying to communicate with federated APIs on + # the homeserver. If not supplied or left empty Dimension will try to resolve the address + # through the normal federation process. + #federationUrl: "https://t2bot.io:8448" + + # The URL that Dimension will redirect media requests to for downloading media such as + # stickers. If not supplied or left empty Dimension will use the clientServerUrl. + #mediaUrl: "https://t2bot.io" + + # The access token Dimension should use for miscellaneous access to the homeserver, and + # for tracking custom sticker pack updates. This should be a user configured on the homeserver + # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For + # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens + accessToken: "${config['homserver']['accessToken']}" + +# These users can modify the integrations this Dimension supports. +# To access the admin interface, open Dimension in Riot and click the settings icon. +admins: +% for i in config['admins']: + - "${i}" +% endfor +# IPs and CIDR ranges listed here will be blocked from being widgets. +# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. +widgetBlacklist: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 127.0.0.0/8 + +database: + # Where the database for Dimension is + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + + # Where to store misc information for the utility bot account. + botData: "${config['data_dir']}/dimension.bot.json" + +# Display settings that apply to self-hosted go-neb instances +goneb: + # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver + # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, + # make the bot's avatar an empty string. + avatars: + giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" + imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" + github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" + wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" + travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" + rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" + google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" + guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" + echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" + circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" + jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" + +# Settings for interacting with Telegram. Currently only applies for importing +# sticker packs from Telegram. +telegram: + # Talk to @BotFather on Telegram to get a token + botToken: "${config['telegram']['botToken']}" + +# Custom sticker pack options. +# Largely based on https://github.com/turt2live/matrix-sticker-manager +stickers: + # Whether or not to allow people to add custom sticker packs + enabled: true + + # The sticker manager bot to promote + stickerBot: "@stickers:t2bot.io" + + # The sticker manager URL to promote + managerUrl: "https://stickers.t2bot.io" + + +# Settings for controlling how logging works +logging: + file: "${config['data_dir']}/logs/dimension.log" + console: true + consoleLevel: info + fileLevel: verbose + rotate: + size: 52428800 # bytes, default is 50mb + count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py new file mode 100644 index 0000000..68375ea --- /dev/null +++ b/bundles/matrix-dimension/items.py @@ -0,0 +1,68 @@ +repo.libs.tools.require_bundle(node, 'nodejs') + + +directories = { + node.metadata['matrix-dimension']['install_dir']: {}, + node.metadata['matrix-dimension']['data_dir']: {}, +} + +git_deploy = { + node.metadata['matrix-dimension']['install_dir']: { + 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'repo': 'https://github.com/turt2live/matrix-dimension.git', + 'triggers': { + 'action:matrix_dimension_build', + }, + 'needs': { + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + }, + }, +} + +files = { + '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'needs': { + 'action:element-web_yarn', + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + }, + }, + '/etc/systemd/system/matrix-dimension.service': { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +actions = { + 'matrix_dimenson_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'needs': { + 'pkg_apt:nodejs', + }, + 'triggered': True, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +svc_systemd = { + 'matrix-dimension': { + 'needs': { + 'action:matrix-dimension_build', + 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'postgres_db:matrix-dimension', + 'postgres_role:matrix-dimension', + }, + }, +} diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py new file mode 100644 index 0000000..6db7c86 --- /dev/null +++ b/bundles/matrix-dimension/metadata.py @@ -0,0 +1,75 @@ +defaults = { + 'matrix-dimension': { + 'install_dir': '/opt/matrix-dimension', + 'data_dir': '/var/opt/dimension', + 'database': { + 'user': 'matrix-dimension', + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + 'database': 'matrix-dimension', + }, + }, + 'postgresql': { + 'roles': { + 'matrix-dimension': { + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + }, + }, + 'databases': { + 'matrix-dimension': { + 'owner': 'matrix-dimension', + }, + }, + }, + 'icinga2_api': { + 'mautrix-telegram': { + 'services': { + 'MAUTRIX-TELEGRAM PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + }, + }, + }, + }, +} + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx_config(metadata): + return { + 'nginx': { + 'vhosts': { + metadata.get('matrix-dimension/url'): { + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'do_not_set_content_security_headers': True, + 'max_body_size': '50M', + 'proxy': { + '/': { + 'target': 'http://127.0.0.1:8184', + }, + }, + }, + }, + }, + } + + +@metadata_reactor.provides( + 'icinga2_api/matrix-dimension/services', +) +def icinga_check_for_new_release(metadata): + return { + 'icinga2_api': { + 'matrix-dimension': { + 'services': { + 'MATRIX-DIMENSION UPDATE': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')), + 'vars.notification.mail': True, + 'check_interval': '60m', + }, + #'MATRIX-DIMENSION PROCESS': { + # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + #}, + }, + }, + }, + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index aa5cff2..b20254d 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,6 +1,15 @@ + add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - location /.well-known/matrix/ { - alias /etc/matrix-synapse/wellknown/; + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; + default_type application/json; add_header Access-Control-Allow-Origin *; } + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 1085b16..06eddd4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -4,6 +4,7 @@ nodes['htz-cloud.miniserver'] = { 'bundles': { 'element-web', + 'matrix-dimension', 'matrix-media-repo', 'matrix-synapse', 'nodejs', @@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = { }, 'brand': 'sophies-kitchen.eu', 'showLabsSettings': True, - 'integrations_ui_url': 'https://dimension.franzi.business/riot', - 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', + 'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot', + 'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar', 'integrations_widgets_urls': { - 'https://dimension.franzi.business/widgets' + 'https://dimension.sophies-kitchen.eu/widgets' }, 'default_theme': 'dark', 'defaultCountryCode': 'DE', @@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = { }, }, }, + 'matrix-dimension': { + 'url': 'dimension.sophies-kitchen.eu', + 'version': 'master', # doesn't have releases yet + 'homserver': { + 'name': 'sophies-kitchen.eu', + 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), + }, + 'admins': [ + '@sophie:sophies-kitchen.eu', + ], + 'telegram': { + 'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'), + }, + }, 'matrix-media-repo': { 'version': 'v1.2.8', 'homeservers': { @@ -156,16 +172,9 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - #'dimension.sophies-kitchen.eu': { - # 'extras': True, - # 'do_not_set_content_security_headers': True, - # 'max_body_size': '50M', - # 'locations': { - # '/': { - # 'target': 'http://127.0.0.1:8184', - # }, - # }, - #}, + 'dimension.sophies-kitchen.eu': { + 'extras': True, + }, 'sophies-kitchen.eu': { 'webroot': '/var/www/sophies-kitchen.eu/_site/', 'extras': True, From 3a26c766f92098c6d4bc833fb475217b3846c40e Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 18:04:48 +0200 Subject: [PATCH 02/58] bw/bundle matrix-dimension this might actually work --- .../files/matrix-dimension.service | 2 +- bundles/matrix-dimension/files/production.yaml | 2 +- bundles/matrix-dimension/items.py | 14 +++++++++----- bundles/matrix-dimension/metadata.py | 14 +++++--------- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service index 1b9333f..14b91f4 100644 --- a/bundles/matrix-dimension/files/matrix-dimension.service +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -6,7 +6,7 @@ After=network.target User=matrix-support Group=matrix-support Environment="NODE_ENV=production" -ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js WorkingDirectory=${config['install_dir']} Restart=on-failure diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index bb67228..738b1d9 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -45,7 +45,7 @@ widgetBlacklist: database: # Where the database for Dimension is - uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" # Where to store misc information for the utility bot account. botData: "${config['data_dir']}/dimension.bot.json" diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 68375ea..594ba89 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -2,8 +2,10 @@ repo.libs.tools.require_bundle(node, 'nodejs') directories = { - node.metadata['matrix-dimension']['install_dir']: {}, - node.metadata['matrix-dimension']['data_dir']: {}, + node.metadata['matrix-dimension']['install_dir']: { + 'owner': 'matrix-support', + 'group': 'matrix-support', + }, } git_deploy = { @@ -22,6 +24,8 @@ git_deploy = { files = { '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'owner': 'matrix-support', + 'group': 'matrix-support', 'content_type': 'mako', 'context': { 'config': node.metadata.get('matrix-dimension', {}), @@ -44,8 +48,8 @@ files = { } actions = { - 'matrix_dimenson_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'matrix_dimension_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-support npm install && sudo -u matrix-support npm run build', 'needs': { 'pkg_apt:nodejs', }, @@ -59,7 +63,7 @@ actions = { svc_systemd = { 'matrix-dimension': { 'needs': { - 'action:matrix-dimension_build', + 'action:matrix_dimension_build', 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 6db7c86..6172b56 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -1,7 +1,7 @@ defaults = { 'matrix-dimension': { 'install_dir': '/opt/matrix-dimension', - 'data_dir': '/var/opt/dimension', + 'data_dir': '/var/opt/matrix-dimension', 'database': { 'user': 'matrix-dimension', 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), @@ -20,13 +20,9 @@ defaults = { }, }, }, - 'icinga2_api': { - 'mautrix-telegram': { - 'services': { - 'MAUTRIX-TELEGRAM PROCESS': { - 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', - }, - }, + 'users': { + 'matrix-support': { + 'home': '/var/opt/matrix-dimension', }, }, } @@ -39,7 +35,7 @@ def nginx_config(metadata): 'nginx': { 'vhosts': { metadata.get('matrix-dimension/url'): { - 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', 'proxy': { From e7bd3fe27fcbcfd2c1a8a4c44bfd5f621efccdc6 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 18:48:22 +0200 Subject: [PATCH 03/58] bw/htz-cloud.miniserver set differend recursors --- nodes/htz-cloud/miniserver.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 06eddd4..50478cd 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -160,6 +160,14 @@ nodes['htz-cloud.miniserver'] = { 'bot_token': '""', }, }, + 'nameservers': { + '213.133.98.98', + '213.133.99.99', + '213.133.100.100', + '2a01:4f8:0:1::add:1010', + '2a01:4f8:0:1::add:9999', + '2a01:4f8:0:1::add:9898', + }, 'nftables': { 'rules': { 'input': { From a586454a788c519650dafd6818113a295999f7c9 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:15:19 +0200 Subject: [PATCH 04/58] bundle/matrix-dimension enable backups --- bundles/matrix-dimension/metadata.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 6172b56..23627ae 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -1,4 +1,10 @@ defaults = { + 'backups': { + 'paths': { + '/opt/matrix-dimension', + '/var/opt/matrix-dimension', + }, + }, 'matrix-dimension': { 'install_dir': '/opt/matrix-dimension', 'data_dir': '/var/opt/matrix-dimension', @@ -38,7 +44,7 @@ def nginx_config(metadata): 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', - 'proxy': { + 'locations': { '/': { 'target': 'http://127.0.0.1:8184', }, From f4c74e732d6c6c0ccd5de9f27ac180ed9d36568b Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:21:19 +0200 Subject: [PATCH 05/58] bw/matrix-dimension witespaaaaaaaace --- bundles/matrix-dimension/files/production.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 738b1d9..426af52 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -22,7 +22,7 @@ homeserver: # The URL that Dimension will redirect media requests to for downloading media such as # stickers. If not supplied or left empty Dimension will use the clientServerUrl. #mediaUrl: "https://t2bot.io" - + # The access token Dimension should use for miscellaneous access to the homeserver, and # for tracking custom sticker pack updates. This should be a user configured on the homeserver # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For From 49d3e36f9fe49acaf367580dcd075749b5f573c6 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:28:48 +0200 Subject: [PATCH 06/58] bw/htz-cloud.miniserver cleanup extras --- .../dimension.sophies-kitchen.eu | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index b20254d..e13c482 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,15 +1 @@ - - add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - - location /.well-known/matrix/client { - return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - - location /.well-known/matrix/server { - return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - +add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; From b87d3cc9754d36603517207fa9a2715f45bf34c8 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:38:27 +0200 Subject: [PATCH 07/58] bw/matrix-dimension switch to dedicated user --- .../matrix-dimension/files/matrix-dimension.service | 4 ++-- bundles/matrix-dimension/items.py | 10 +++++----- bundles/matrix-dimension/metadata.py | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service index 14b91f4..9d2bebc 100644 --- a/bundles/matrix-dimension/files/matrix-dimension.service +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -3,8 +3,8 @@ Description=Matrix Dimension After=network.target [Service] -User=matrix-support -Group=matrix-support +User=matrix-dimension +Group=matrix-dimension Environment="NODE_ENV=production" ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js WorkingDirectory=${config['install_dir']} diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 594ba89..8bdf28f 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -3,8 +3,8 @@ repo.libs.tools.require_bundle(node, 'nodejs') directories = { node.metadata['matrix-dimension']['install_dir']: { - 'owner': 'matrix-support', - 'group': 'matrix-support', + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', }, } @@ -24,8 +24,8 @@ git_deploy = { files = { '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { - 'owner': 'matrix-support', - 'group': 'matrix-support', + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', 'content_type': 'mako', 'context': { 'config': node.metadata.get('matrix-dimension', {}), @@ -49,7 +49,7 @@ files = { actions = { 'matrix_dimension_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-support npm install && sudo -u matrix-support npm run build', + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', 'needs': { 'pkg_apt:nodejs', }, diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 23627ae..b9cf3df 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -27,7 +27,7 @@ defaults = { }, }, 'users': { - 'matrix-support': { + 'matrix-dimension': { 'home': '/var/opt/matrix-dimension', }, }, From 2161698a975927eafc3f3196c79958e53a82a831 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:41:17 +0200 Subject: [PATCH 08/58] bw/matrix-dimension switch listening port --- PORT_MAP.md | 2 +- bundles/matrix-dimension/files/production.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PORT_MAP.md b/PORT_MAP.md index e15cfec..003339b 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 6667 | | bitlbee | | 8010 | | matrix-media-repo | | 8086 | influxdb2 | influx | -| 8184 | | matrix-dimension | | 11332-11334 | rspamd | rspamd | | 20000 | mx-puppet-discord | Bridge | | 20010 | mautrix-telegram | Bridge | | 20020 | mautrix-whatsapp | Bridge | +| 20030 | matrix-dimension | Matrix Integrations Manager| | 20080 | matrix-synapse | client, federation | | 20081 | matrix-synapse | prometheus metrics | | 20090 | matrix-media-repo | media_repo | diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 426af52..305ba54 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -1,7 +1,7 @@ # The web settings for the service (API and UI). # It is best to have this run on localhost and use a reverse proxy to access Dimension. web: - port: 8184 + port: 20030 address: '127.0.0.1' # Homeserver configuration From 8702e131dc48bb621f50aead2938f8a572a240ff Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:44:17 +0200 Subject: [PATCH 09/58] bw/matrix-dimensions fix typos --- bundles/matrix-dimension/files/production.yaml | 6 +++--- nodes/htz-cloud/miniserver.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 305ba54..5bfcfdd 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -8,11 +8,11 @@ web: homeserver: # The domain name of the homeserver. This is used in many places, such as with go-neb # setups, to identify the homeserver. - name: "${config['homserver']['name']}" + name: "${config['homeserver']['name']}" # The URL that Dimension, go-neb, and other services provisioned by Dimension should # use to access the homeserver with. - clientServerUrl: "${config['homserver']['clientServeUrl']}" + clientServerUrl: "${config['homeserver']['clientServerUrl']}" # The URL that Dimension should use when trying to communicate with federated APIs on # the homeserver. If not supplied or left empty Dimension will try to resolve the address @@ -27,7 +27,7 @@ homeserver: # for tracking custom sticker pack updates. This should be a user configured on the homeserver # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens - accessToken: "${config['homserver']['accessToken']}" + accessToken: "${config['homeserver']['accessToken']}" # These users can modify the integrations this Dimension supports. # To access the admin interface, open Dimension in Riot and click the settings icon. diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 50478cd..0a104d4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -107,7 +107,7 @@ nodes['htz-cloud.miniserver'] = { 'matrix-dimension': { 'url': 'dimension.sophies-kitchen.eu', 'version': 'master', # doesn't have releases yet - 'homserver': { + 'homeserver': { 'name': 'sophies-kitchen.eu', 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), From d74618f9a9f3046f70bfb5a94b2a7b8224ee33f9 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:47:40 +0200 Subject: [PATCH 10/58] bw/matrix-dimension enable process monitoring --- bundles/matrix-dimension/metadata.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index b9cf3df..ed7392a 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -68,9 +68,9 @@ def icinga_check_for_new_release(metadata): 'vars.notification.mail': True, 'check_interval': '60m', }, - #'MATRIX-DIMENSION PROCESS': { - # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', - #}, + 'MATRIX-DIMENSION PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:', + }, }, }, }, From a65301ee89113cfabcd1e3cb19518b6f4479c08c Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:58:56 +0200 Subject: [PATCH 11/58] bw/matrix-dimension switch to generic vhost name --- bundles/matrix-dimension/metadata.py | 5 +++-- .../{dimension.sophies-kitchen.eu => matrix-dimension} | 0 nodes/htz-cloud/miniserver.py | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) rename data/nginx/files/extras/htz-cloud.miniserver/{dimension.sophies-kitchen.eu => matrix-dimension} (100%) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index ed7392a..ddcdbd0 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -34,13 +34,14 @@ defaults = { } @metadata_reactor.provides( - 'nginx/vhosts', + 'nginx/vhosts/matrix-dimension', ) def nginx_config(metadata): return { 'nginx': { 'vhosts': { - metadata.get('matrix-dimension/url'): { + 'matrix-dimension': { + 'domain': metadata.get('matrix-dimension/url'), 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension similarity index 100% rename from data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu rename to data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 0a104d4..cb2ec71 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -109,7 +109,7 @@ nodes['htz-cloud.miniserver'] = { 'version': 'master', # doesn't have releases yet 'homeserver': { 'name': 'sophies-kitchen.eu', - 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'clientServerUrl': 'https://matrix.sophies-kitchen.eu', 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), }, 'admins': [ @@ -180,7 +180,7 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - 'dimension.sophies-kitchen.eu': { + 'matrix-dimension': { 'extras': True, }, 'sophies-kitchen.eu': { From 3fd20de1618d81318e2fd82acb30dd17ef5c1be4 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:06:51 +0200 Subject: [PATCH 12/58] bw/matrix-dimension disable logfile --- bundles/matrix-dimension/files/production.yaml | 5 ----- bundles/matrix-dimension/items.py | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 5bfcfdd..321f6d2 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -89,10 +89,5 @@ stickers: # Settings for controlling how logging works logging: - file: "${config['data_dir']}/logs/dimension.log" console: true consoleLevel: info - fileLevel: verbose - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 8bdf28f..8af625b 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -34,6 +34,9 @@ files = { 'action:element-web_yarn', 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), }, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, }, '/etc/systemd/system/matrix-dimension.service': { 'content_type': 'mako', From 07994de66cd85de94f1dbf32436df51c63602c78 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:11:23 +0200 Subject: [PATCH 13/58] bw/matrix-dimension get all the things --- bundles/matrix-dimension/items.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 8af625b..5fbb7d6 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -10,20 +10,20 @@ directories = { git_deploy = { node.metadata['matrix-dimension']['install_dir']: { - 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet 'repo': 'https://github.com/turt2live/matrix-dimension.git', 'triggers': { 'action:matrix_dimension_build', }, 'needs': { - 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), - 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + 'directory:{}'.format(node.metadatai.get('matrix-dimension/install_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir'), }, }, } files = { - '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'): { 'owner': 'matrix-dimension', 'group': 'matrix-dimension', 'content_type': 'mako', @@ -32,7 +32,7 @@ files = { }, 'needs': { 'action:element-web_yarn', - 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir'), }, 'triggers': { 'svc_systemd:matrix-dimension:restart', @@ -52,7 +52,7 @@ files = { actions = { 'matrix_dimension_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', + 'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', 'needs': { 'pkg_apt:nodejs', }, @@ -67,7 +67,7 @@ svc_systemd = { 'matrix-dimension': { 'needs': { 'action:matrix_dimension_build', - 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', }, From b9135aceca005439a9aa06c4b7b4c1f1d90b8dc3 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:17:12 +0200 Subject: [PATCH 14/58] bw/matrix-dimension remove unneeded metadata --- bundles/matrix-dimension/metadata.py | 1 - 1 file changed, 1 deletion(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index ddcdbd0..524e291 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -42,7 +42,6 @@ def nginx_config(metadata): 'vhosts': { 'matrix-dimension': { 'domain': metadata.get('matrix-dimension/url'), - 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', 'locations': { From d01a7f34a498b114defbcb009dabe0bdfaf49a6c Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:32:10 +0200 Subject: [PATCH 15/58] bw/matrix-dimension repair syntax errors --- bundles/matrix-dimension/items.py | 11 +++++------ bundles/matrix-dimension/metadata.py | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 5fbb7d6..a8a9a5c 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -16,14 +16,14 @@ git_deploy = { 'action:matrix_dimension_build', }, 'needs': { - 'directory:{}'.format(node.metadatai.get('matrix-dimension/install_dir'), - 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')), }, }, } files = { - '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'): { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): { 'owner': 'matrix-dimension', 'group': 'matrix-dimension', 'content_type': 'mako', @@ -31,8 +31,7 @@ files = { 'config': node.metadata.get('matrix-dimension', {}), }, 'needs': { - 'action:element-web_yarn', - 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), }, 'triggers': { 'svc_systemd:matrix-dimension:restart', @@ -67,7 +66,7 @@ svc_systemd = { 'matrix-dimension': { 'needs': { 'action:matrix_dimension_build', - 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'), + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', }, diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 524e291..2d41180 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -46,7 +46,7 @@ def nginx_config(metadata): 'max_body_size': '50M', 'locations': { '/': { - 'target': 'http://127.0.0.1:8184', + 'target': 'http://127.0.0.1:20030', }, }, }, From a51aad6a53fe90a8ffcb83effc9267ca61612547 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Mon, 5 Jul 2021 19:57:44 +0200 Subject: [PATCH 16/58] bw/htz-cloud.miniserver bump element-web version --- nodes/htz-cloud/miniserver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index cb2ec71..f28568c 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -59,7 +59,7 @@ nodes['htz-cloud.miniserver'] = { }, 'element-web': { 'url': 'chat.sophies-kitchen.eu', - 'version': 'v1.7.31', + 'version': 'v1.7.32', 'config': { 'default_server_config': { 'm.homeserver': { From 4a30aeaab6110a60eb15abb9391df35a8bbefab5 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 5 Jul 2021 20:05:47 +0200 Subject: [PATCH 17/58] nodes/htz.ex42-1048908: fix matrix server wellknown stuff --- nodes/htz/ex42-1048908.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index f6d2418..4266dec 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -317,7 +317,7 @@ nodes['htz.ex42-1048908'] = { }, '/.well-known/matrix/server': { 'return': json_dumps({ - 'm.server': 'https://matrix.franzi.business', + 'm.server': 'matrix.franzi.business:443', }, sort_keys=True), 'additional_config': { 'default_type application/json', @@ -384,7 +384,7 @@ nodes['htz.ex42-1048908'] = { }, '/.well-known/matrix/server': { 'return': json_dumps({ - 'm.server': 'https://matrix.franzi.business', + 'm.server': 'matrix.franzi.business:443', }, sort_keys=True), 'additional_config': { 'default_type application/json', From 95c5e0b6eaa30de363a9d71f135726cd979916a3 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 15:55:31 +0200 Subject: [PATCH 18/58] bundles/gitea: use generic vhost name --- bundles/gitea/metadata.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index e18b9fd..b211555 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -57,7 +57,8 @@ def nginx(metadata): return { 'nginx': { 'vhosts': { - metadata.get('gitea/domain'): { + 'gitea': { + 'domain': metadata.get('gitea/domain'), 'locations': { '/': { 'target': 'http://127.0.0.1:22000', From c2cb5a25466c6a26e04f4d060d8c4b536d55bb8f Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 15:56:26 +0200 Subject: [PATCH 19/58] move gitea to rx300 --- ...ex42-1048908.key.vault => rx300.key.vault} | 0 .../{htz.ex42-1048908.pub => rx300.pub} | 0 .../powerdns/files/bind-zones/franzi.business | 3 +- data/powerdns/files/bind-zones/kunsmann.eu | 6 --- nodes/htz/ex42-1048908.py | 44 +++++++++---------- nodes/rx300.py | 32 ++++++++++++-- 6 files changed, 53 insertions(+), 32 deletions(-) rename data/gitea/files/ssh-keys/{htz.ex42-1048908.key.vault => rx300.key.vault} (100%) rename data/gitea/files/ssh-keys/{htz.ex42-1048908.pub => rx300.pub} (100%) diff --git a/data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault b/data/gitea/files/ssh-keys/rx300.key.vault similarity index 100% rename from data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault rename to data/gitea/files/ssh-keys/rx300.key.vault diff --git a/data/gitea/files/ssh-keys/htz.ex42-1048908.pub b/data/gitea/files/ssh-keys/rx300.pub similarity index 100% rename from data/gitea/files/ssh-keys/htz.ex42-1048908.pub rename to data/gitea/files/ssh-keys/rx300.pub diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index 3fadfdb..dfcba6e 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -13,6 +13,8 @@ chat IN AAAA 2a01:4f8:10b:2a5f::2 dimension IN A 94.130.52.224 dimension IN AAAA 2a01:4f8:10b:2a5f::2 +git IN CNAME rx300.kunbox.net. + matrix IN A 94.130.52.224 matrix IN AAAA 2a01:4f8:10b:2a5f::2 @@ -24,7 +26,6 @@ sewfile IN CNAME sewfile.htz-cloud.kunbox.net. rss IN CNAME rx300.kunbox.net. status IN CNAME icinga2.ovh.kunbox.net. - travelynx IN CNAME rx300.kunbox.net. unicornsden IN CNAME rx300.kunbox.net. diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index b38fcf0..dde4e2c 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -10,9 +10,6 @@ $ORIGIN kunsmann.eu. dav IN A 94.130.52.224 dav IN AAAA 2a01:4f8:10b:2a5f::2 -git IN A 94.130.52.224 -git IN AAAA 2a01:4f8:10b:2a5f::2 - grafana IN CNAME influxdb.htz-cloud.kunbox.net. icinga IN CNAME icinga2.ovh.kunbox.net. influxdb IN CNAME influxdb.htz-cloud.kunbox.net. @@ -29,9 +26,6 @@ luther-ps IN CNAME luther.htz-cloud.kunbox.net. paste IN A 94.130.52.224 paste IN AAAA 2a01:4f8:10b:2a5f::2 -rss IN A 94.130.52.224 -rss IN AAAA 2a01:4f8:10b:2a5f::2 - _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" _mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 4266dec..8744c04 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -2,7 +2,7 @@ nodes['htz.ex42-1048908'] = { 'bundles': { 'dovecot', 'element-web', - 'gitea', +# 'gitea', 'jenkins-ci', 'lm-sensors', 'matrix-media-repo', @@ -113,27 +113,27 @@ nodes['htz.ex42-1048908'] = { }, }, }, - 'gitea': { - 'version': '1.14.3', - 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', - 'domain': 'git.kunsmann.eu', - 'email_domain_blocklist': { - 'gmail.com', - 'yahoo.com', - 'aol.com', - 'comcast.net', - 'verizon.net', - 'hotmail.com', - 'cox.net', - 'msn.com', - }, - 'enable_git_hooks': True, - 'install_ssh_key': True, - 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), - 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), - 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), - 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), - }, +# 'gitea': { +# 'version': '1.14.3', +# 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', +# 'domain': 'git.kunsmann.eu', +# 'email_domain_blocklist': { +# 'gmail.com', +# 'yahoo.com', +# 'aol.com', +# 'comcast.net', +# 'verizon.net', +# 'hotmail.com', +# 'cox.net', +# 'msn.com', +# }, +# 'enable_git_hooks': True, +# 'install_ssh_key': True, +# 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), +# 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), +# 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), +# 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), +# }, 'icinga_options': { 'pretty_name': 'kunsmann.eu', }, diff --git a/nodes/rx300.py b/nodes/rx300.py index 636ed45..97aec1d 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -7,6 +7,7 @@ nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { + 'gitea', 'lm-sensors', 'miniflux', 'postgresql', @@ -33,6 +34,11 @@ nodes['rx300'] = { 'apt': { 'packages': { 'ipmitool': {}, + + # for franzi.business deployment + 'jekyll': {}, + 'ruby-jekyll-feed': {}, + 'ruby-jekyll-paginate-v2': {}, }, # XXX remove this once nginx.org has packages for debian bullseye 'repos': { @@ -43,6 +49,27 @@ nodes['rx300'] = { }, }, }, + 'gitea': { + 'version': '1.14.3', + 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', + 'domain': 'git.franzi.business', + 'email_domain_blocklist': { + 'gmail.com', + 'yahoo.com', + 'aol.com', + 'comcast.net', + 'verizon.net', + 'hotmail.com', + 'cox.net', + 'msn.com', + }, + 'enable_git_hooks': True, + 'install_ssh_key': True, + 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), + 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), + 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), + 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), + }, 'icinga_options': { 'pretty_name': 'franzi.business', }, @@ -51,9 +78,8 @@ nodes['rx300'] = { }, 'nginx': { 'vhosts': { - 'miniflux': { - 'ssl': '_.franzi.business', - }, + 'gitea': {'ssl': '_.franzi.business'}, + 'miniflux': {'ssl': '_.franzi.business'}, 'unicornsden': { 'domain': 'unicornsden.franzi.business', 'ssl': '_.franzi.business', From bd77f8da936fb118a147c5fa0ff2a7990ebe7660 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 16:11:53 +0200 Subject: [PATCH 20/58] move franzi.business to rx300 --- .../powerdns/files/bind-zones/franzi.business | 5 +- nodes/htz/ex42-1048908.py | 62 +++++++++---------- nodes/rx300.py | 32 ++++++++++ 3 files changed, 66 insertions(+), 33 deletions(-) diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index dfcba6e..13c56cb 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -2,8 +2,9 @@ ${header} $ORIGIN franzi.business. -@ IN A 94.130.52.224 - IN AAAA 2a01:4f8:10b:2a5f::2 +; ends up on rx300.kunbox.net +@ IN A 31.47.232.106 + IN AAAA 2a00:f820:528::2 IN MX 10 mx0.kunbox.net. IN TXT "v=spf1 mx ~all" diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 8744c04..91f18bb 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -295,37 +295,37 @@ nodes['htz.ex42-1048908'] = { }, }, }, - 'franzi.business': { - 'webroot': '/var/www/franzi.business/_site/', - 'locations': { - '/.well-known/matrix/client': { - 'return': json_dumps({ - 'm.homeserver': { - 'base_url': 'https://matrix.franzi.business', - }, - 'm.identity_server': { - 'base_url': 'https://matrix.org', - }, - 'im.vector.riot.jitsi': { - 'preferredDomain': 'meet.ffmuc.net', - }, - }, sort_keys=True), - 'additional_config': { - 'default_type application/json', - 'add_header Access-Control-Allow-Origin *', - }, - }, - '/.well-known/matrix/server': { - 'return': json_dumps({ - 'm.server': 'matrix.franzi.business:443', - }, sort_keys=True), - 'additional_config': { - 'default_type application/json', - 'add_header Access-Control-Allow-Origin *', - }, - }, - }, - }, +# 'franzi.business': { +# 'webroot': '/var/www/franzi.business/_site/', +# 'locations': { +# '/.well-known/matrix/client': { +# 'return': json_dumps({ +# 'm.homeserver': { +# 'base_url': 'https://matrix.franzi.business', +# }, +# 'm.identity_server': { +# 'base_url': 'https://matrix.org', +# }, +# 'im.vector.riot.jitsi': { +# 'preferredDomain': 'meet.ffmuc.net', +# }, +# }, sort_keys=True), +# 'additional_config': { +# 'default_type application/json', +# 'add_header Access-Control-Allow-Origin *', +# }, +# }, +# '/.well-known/matrix/server': { +# 'return': json_dumps({ +# 'm.server': 'matrix.franzi.business:443', +# }, sort_keys=True), +# 'additional_config': { +# 'default_type application/json', +# 'add_header Access-Control-Allow-Origin *', +# }, +# }, +# }, +# }, 'jenkins.kunsmann.eu': { 'locations': { '/': { diff --git a/nodes/rx300.py b/nodes/rx300.py index 97aec1d..cd17656 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -80,6 +80,38 @@ nodes['rx300'] = { 'vhosts': { 'gitea': {'ssl': '_.franzi.business'}, 'miniflux': {'ssl': '_.franzi.business'}, + 'franzi.business': { + 'webroot': '/var/www/franzi.business/_site/', + 'ssl': '_.franzi.business', + 'locations': { + '/.well-known/matrix/client': { + 'return': json_dumps({ + 'm.homeserver': { + 'base_url': 'https://matrix.franzi.business', + }, + 'm.identity_server': { + 'base_url': 'https://matrix.org', + }, + 'im.vector.riot.jitsi': { + 'preferredDomain': 'meet.ffmuc.net', + }, + }, sort_keys=True), + 'additional_config': { + 'default_type application/json', + 'add_header Access-Control-Allow-Origin *', + }, + }, + '/.well-known/matrix/server': { + 'return': json_dumps({ + 'm.server': 'matrix.franzi.business:443', + }, sort_keys=True), + 'additional_config': { + 'default_type application/json', + 'add_header Access-Control-Allow-Origin *', + }, + }, + }, + }, 'unicornsden': { 'domain': 'unicornsden.franzi.business', 'ssl': '_.franzi.business', From 82dd354f929314ed0b45e85fccd386000b7f6666 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 16:15:38 +0200 Subject: [PATCH 21/58] bundles/gitea: fix permissions for /home/git/.ssh --- bundles/gitea/items.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bundles/gitea/items.py b/bundles/gitea/items.py index f24768f..faf3578 100644 --- a/bundles/gitea/items.py +++ b/bundles/gitea/items.py @@ -21,6 +21,11 @@ directories = { 'owner': 'git', 'group': 'git', }, + '/home/git/.ssh': { + 'mode': '0755', + 'owner': 'git', + 'group': 'git', + }, '/var/lib/gitea': { 'owner': 'git', 'mode': '0700', From 9bf0b8a0b090dc642e718e1d1b4f8e2e6c8e02da Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 16:22:10 +0200 Subject: [PATCH 22/58] bundles/gitea: use zfs datasets for all data --- bundles/gitea/metadata.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index b211555..e764729 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -44,6 +44,23 @@ defaults = { }, }, }, + 'zfs': { + 'datasets': { + 'tank/gitea': {}, + 'tank/gitea/home': { + 'mountpoint': '/home/git', + 'needed_by': { + 'directory:/home/git', + }, + }, + 'tank/gitea/var': { + 'mountpoint': '/var/lib/gitea', + 'needed_by': { + 'directory:/var/lib/gitea', + }, + }, + }, + }, } From 19278372054cd9db9314bd6ff80115eaf38e82fc Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 16:22:37 +0200 Subject: [PATCH 23/58] bundles/gitea: add /var/lib/gitea to backups --- bundles/gitea/metadata.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index e764729..26eebac 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -2,6 +2,7 @@ defaults = { 'backups': { 'paths': { '/home/git', + '/var/lib/gitea', }, }, 'gitea': { From d0bdcacc940dcc14865d86e399487d29c8cd2ed9 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 16:38:26 +0200 Subject: [PATCH 24/58] nodes/rx300: install correct dependencies for franzi.business deployment --- nodes/rx300.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nodes/rx300.py b/nodes/rx300.py index cd17656..153a8d2 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -36,9 +36,9 @@ nodes['rx300'] = { 'ipmitool': {}, # for franzi.business deployment - 'jekyll': {}, - 'ruby-jekyll-feed': {}, - 'ruby-jekyll-paginate-v2': {}, + 'ruby': {}, + 'ruby-dev': {}, + 'ruby-bundler': {}, }, # XXX remove this once nginx.org has packages for debian bullseye 'repos': { From 1f25d0052e58dcddc4ebcb029db9317932d0381f Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 17:26:54 +0200 Subject: [PATCH 25/58] add legacy redirect for git.kunsmann.eu --- data/powerdns/files/bind-zones/kunsmann.eu | 3 +++ nodes/htz/ex42-1048908.py | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index dde4e2c..41a2397 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -26,6 +26,9 @@ luther-ps IN CNAME luther.htz-cloud.kunbox.net. paste IN A 94.130.52.224 paste IN AAAA 2a01:4f8:10b:2a5f::2 +; legacy, for redirect +git IN CNAME ex42-1048908.htz.kunbox.net. + _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" _mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 91f18bb..655fb3f 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -326,6 +326,13 @@ nodes['htz.ex42-1048908'] = { # }, # }, # }, + 'git.kunsmann.eu': { + 'locations': { + '/': { + 'redirect': 'https://git.kunsmann.eu$request_uri', + }, + }, + }, 'jenkins.kunsmann.eu': { 'locations': { '/': { From 6a4b24c0f240aa00b191e3bf635a711ef54d61c6 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 17:27:12 +0200 Subject: [PATCH 26/58] fix git urls in repo --- bundles/simple-icinga-dashboard/items.py | 2 +- data/travelynx/files/imprint/rx300 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bundles/simple-icinga-dashboard/items.py b/bundles/simple-icinga-dashboard/items.py index c69c9df..74f05db 100644 --- a/bundles/simple-icinga-dashboard/items.py +++ b/bundles/simple-icinga-dashboard/items.py @@ -34,7 +34,7 @@ directories = { git_deploy = { '/opt/simple-icinga-dashboard/src': { - 'repo': 'https://git.kunsmann.eu/sophie/simple-icinga-dashboard.git', + 'repo': 'https://git.franzi.business/sophie/simple-icinga-dashboard.git', 'rev': 'main', 'triggers': { 'action:simple-icinga-dashboard_install_requirements', diff --git a/data/travelynx/files/imprint/rx300 b/data/travelynx/files/imprint/rx300 index 77cb78a..031c68d 100644 --- a/data/travelynx/files/imprint/rx300 +++ b/data/travelynx/files/imprint/rx300 @@ -9,7 +9,7 @@

Datenschutz

Logdateien des Webservers

-

Der Webserver fertigt keine Logdateien an. Interessierte können sich in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen.

+

Der Webserver fertigt keine Logdateien an. Interessierte können sich in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen.

Account-spezifische Daten

From 1e026c17697cd727098d2dc62de3339a47eccae6 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 18:19:15 +0200 Subject: [PATCH 27/58] nodes/rx300: update gitea to 1.14.4 --- nodes/rx300.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nodes/rx300.py b/nodes/rx300.py index 153a8d2..152999e 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -50,8 +50,8 @@ nodes['rx300'] = { }, }, 'gitea': { - 'version': '1.14.3', - 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', + 'version': '1.14.4', + 'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0', 'domain': 'git.franzi.business', 'email_domain_blocklist': { 'gmail.com', From b17ce5f905051cce122f091451c54ffa193986d4 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 9 Jul 2021 18:21:01 +0200 Subject: [PATCH 28/58] nodes/htz.ex42: fix git.kunsmann.eu redirect url --- nodes/htz/ex42-1048908.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 655fb3f..772226f 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -329,7 +329,7 @@ nodes['htz.ex42-1048908'] = { 'git.kunsmann.eu': { 'locations': { '/': { - 'redirect': 'https://git.kunsmann.eu$request_uri', + 'redirect': 'https://git.franzi.business$request_uri', }, }, }, From 6c9809b1650e0e5d7ac46d89f6f4b95e6663a475 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 10:05:26 +0200 Subject: [PATCH 29/58] bundles/grafana: add guest cpu time to cpu graph --- bundles/grafana/dashboard-rows/cpu.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bundles/grafana/dashboard-rows/cpu.py b/bundles/grafana/dashboard-rows/cpu.py index e370d5e..1279b2e 100644 --- a/bundles/grafana/dashboard-rows/cpu.py +++ b/bundles/grafana/dashboard-rows/cpu.py @@ -9,6 +9,8 @@ def dashboard_row_cpu(panel_id, node): 'iowait', 'nice', 'softirq', + 'guest', + 'guest_nice', ]: queries_cpu.append({ 'groupBy': [ From 5781869f03624f25171e32079c5611f4aa346bba Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 12:59:54 +0200 Subject: [PATCH 30/58] nodes/{aurto,rx300}: send a daily test message to a t-online address to keep our "reputation" --- nodes/aurto.py | 3 +++ nodes/rx300.py | 3 +++ 2 files changed, 6 insertions(+) diff --git a/nodes/aurto.py b/nodes/aurto.py index 69fda0b..21899f2 100644 --- a/nodes/aurto.py +++ b/nodes/aurto.py @@ -18,6 +18,9 @@ nodes['aurto'] = { '/var/cache/pacman/aurto', }, }, + 'cron': { + 'telekom_nervkram': vault.decrypt('encrypt$gAAAAABg6X1pOUs_jVkqyHYChM4P6lpdpAUmLXkDPy2grxcL-R8Ab10Isxj52dvUkLFET-LhNgxgnGbdYtMhv1_awgS9klHW1A==').format_into('0 0 * * * root date | mail -s \'daily test mail\' -r root@aurto.kunbox.net {}@t-online.de'), + }, 'interfaces': { 'enp1s0': { 'ips': { diff --git a/nodes/rx300.py b/nodes/rx300.py index 152999e..7ec072a 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -49,6 +49,9 @@ nodes['rx300'] = { }, }, }, + 'cron': { + 'telekom_nervkram': vault.decrypt('encrypt$gAAAAABg6X1pOUs_jVkqyHYChM4P6lpdpAUmLXkDPy2grxcL-R8Ab10Isxj52dvUkLFET-LhNgxgnGbdYtMhv1_awgS9klHW1A==').format_into('0 0 * * * root date | mail -s \'daily test mail\' -r root@rx300.kunbox.net {}@t-online.de'), + }, 'gitea': { 'version': '1.14.4', 'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0', From 76b859c62938ede6e4098cfcec1b5fa5909251b4 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 14:21:56 +0200 Subject: [PATCH 31/58] libs.faults: add ensure_fault_or_none() and join_faults() --- libs/faults.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/libs/faults.py b/libs/faults.py index 2995249..ad3735c 100644 --- a/libs/faults.py +++ b/libs/faults.py @@ -1,6 +1,39 @@ from json import loads, dumps from bundlewrap.metadata import metadata_to_json +from bundlewrap.utils import Fault + def resolve_faults(dictionary: dict) -> dict: return loads(metadata_to_json(dictionary)) + + +def ensure_fault_or_none(maybe_fault): + if maybe_fault is None or isinstance(maybe_fault, Fault): + return maybe_fault + + return Fault(maybe_fault, lambda f: f, f=maybe_fault) + + +def join_faults(faults, by=' '): + result = [] + id_list = [] + + for item in faults: + result.append(ensure_fault_or_none(item)) + + if isinstance(item, Fault): + id_list += item.id_list + else: + id_list.append(item) + + id_list += [ + 'joined_by', + by, + ] + + return Fault( + id_list, + lambda o: by.join([i.value for i in o]), + o=result, + ) From 3351767d565e1bfa2a5e81b6f92a9a79279c9fd2 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 14:22:19 +0200 Subject: [PATCH 32/58] add bundle:check-mail-received --- .../files/check_imap_for_mail_from | 70 +++++++++++++++++++ bundles/check-mail-received/items.py | 5 ++ bundles/check-mail-received/metadata.py | 41 +++++++++++ nodes/aurto.py | 9 ++- nodes/htz/ex42-1048908.py | 9 ++- nodes/rx300.py | 9 ++- 6 files changed, 137 insertions(+), 6 deletions(-) create mode 100644 bundles/check-mail-received/files/check_imap_for_mail_from create mode 100644 bundles/check-mail-received/items.py create mode 100644 bundles/check-mail-received/metadata.py diff --git a/bundles/check-mail-received/files/check_imap_for_mail_from b/bundles/check-mail-received/files/check_imap_for_mail_from new file mode 100644 index 0000000..f8db136 --- /dev/null +++ b/bundles/check-mail-received/files/check_imap_for_mail_from @@ -0,0 +1,70 @@ +#!/usr/bin/env python3 + +from imaplib import IMAP4_SSL +from subprocess import check_output +from sys import argv, exit +from time import time + +if len(argv) < 5: + print('Usage: {} '.format(argv[0])) + exit(3) + +NOW = time() + +try: + imap = IMAP4_SSL(argv[1]) + imap.login(argv[2], argv[3]) + + imap.select('Inbox') + + _, data = imap.search(None, 'ALL') + + something_found = False + + for item in data: + for index in item.split(): + received_in_this_mail = None + from_in_this_mail = False + + try: + message = imap.fetch(index, '(RFC822)') + + message_text = bytearray() + for part in message[1][0]: + message_text.extend(part) + message_text = message_text.decode().splitlines() + + for line in message_text: + lline = line.strip().lower() + + if lline.startswith('from:') and argv[4].lower() in line: + from_in_this_mail = True + + if lline.startswith('date:'): + date = line.strip()[5:].strip() + unixtime = int(check_output([ + 'date', + '--date={}'.format(date), + '+%s', + ]).decode().strip()) + + if unixtime > (NOW-(60*60*25)): + received_in_this_mail = date + + if received_in_this_mail and from_in_this_mail: + print('Found message from "{}" sent at "{}"'.format(argv[4], received_in_this_mail)) + received_in_this_mail = None + from_in_this_mail = False + something_found = True + except: + pass + + if something_found: + # there should be output above + exit(0) + + print('No Mails found') + exit(2) +except Exception as e: + print(repr(e)) + exit(3) diff --git a/bundles/check-mail-received/items.py b/bundles/check-mail-received/items.py new file mode 100644 index 0000000..ed76f80 --- /dev/null +++ b/bundles/check-mail-received/items.py @@ -0,0 +1,5 @@ +files = { + '/usr/local/share/icinga/plugins/check_imap_for_mail_from': { + 'mode': '0755', + }, +} diff --git a/bundles/check-mail-received/metadata.py b/bundles/check-mail-received/metadata.py new file mode 100644 index 0000000..0eb666d --- /dev/null +++ b/bundles/check-mail-received/metadata.py @@ -0,0 +1,41 @@ +@metadata_reactor.provides( + 'cron/check-mail-received', + 'icinga2_api/check-mail-received/services', +) +def process_metadata(metadata): + cron = set() + services = {} + + my_mail_address = 'root@{}'.format(metadata.get('hostname')) + + for name, config in metadata.get('check-mail-received', {}).items(): + cron.add('{minute} {hour} * * * root date | mail -s "daily test mail from {node}" -r {source} {target}'.format( + minute=node.magic_number%60, + hour=node.magic_number%24, + node=node.name, + source=my_mail_address, + target=config['email'], + )) + + services[f'MAIL RECEIVED ON {name}'] = { + 'command_on_monitored_host': repo.libs.faults.join_faults([ + '/usr/local/share/icinga/plugins/check_imap_for_mail_from', + config['imap_host'], + config.get('imap_user', config['email']), + config['imap_pass'], + my_mail_address, + ]), + 'check_interval': '15m', + 'retry_interval': '5m', + } + + return { + 'cron': { + 'check-mail-received': '\n'.join(sorted(cron)), + }, + 'icinga2_api': { + 'check-mail-received': { + 'services': services, + }, + }, + } diff --git a/nodes/aurto.py b/nodes/aurto.py index 21899f2..449aa61 100644 --- a/nodes/aurto.py +++ b/nodes/aurto.py @@ -2,6 +2,7 @@ nodes['aurto'] = { 'hostname': '31.47.232.107', 'bundles': { 'backup-client', + 'check-mail-received', }, 'groups': { 'arch', @@ -18,8 +19,12 @@ nodes['aurto'] = { '/var/cache/pacman/aurto', }, }, - 'cron': { - 'telekom_nervkram': vault.decrypt('encrypt$gAAAAABg6X1pOUs_jVkqyHYChM4P6lpdpAUmLXkDPy2grxcL-R8Ab10Isxj52dvUkLFET-LhNgxgnGbdYtMhv1_awgS9klHW1A==').format_into('0 0 * * * root date | mail -s \'daily test mail\' -r root@aurto.kunbox.net {}@t-online.de'), + 'check-mail-received': { + 't-online': { + 'email': 'franzi.kunsmann@t-online.de', + 'imap_host': 'secureimap.t-online.de', + 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), + }, }, 'interfaces': { 'enp1s0': { diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 772226f..925e9ec 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -1,5 +1,6 @@ nodes['htz.ex42-1048908'] = { 'bundles': { + 'check-mail-received', 'dovecot', 'element-web', # 'gitea', @@ -86,8 +87,12 @@ nodes['htz.ex42-1048908'] = { '/opt/matrix/matrix-dimension', }, }, - 'cron': { - 'telekom_nervkram': vault.decrypt('encrypt$gAAAAABfqXi23M96wrSLhqlbhqgePYX06LjPXfyQU2y_07kqYYLztj_PhS1-dk4r5FiiL2Ofmx5iCKW1sZNqiQSuHj2uKaitH0GnwHqj5CI2JwkAS9HrFxw=').format_into('0 0 * * * root date | mail -s \'daily test mail \' -r postmaster@mx0.kunbox.net {}'), + 'check-mail-received': { + 't-online': { + 'email': 'franzi.kunsmann@t-online.de', + 'imap_host': 'secureimap.t-online.de', + 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), + }, }, 'element-web': { 'url': 'chat.franzi.business', diff --git a/nodes/rx300.py b/nodes/rx300.py index 7ec072a..b3b34ef 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -7,6 +7,7 @@ nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { + 'check-mail-received', 'gitea', 'lm-sensors', 'miniflux', @@ -49,8 +50,12 @@ nodes['rx300'] = { }, }, }, - 'cron': { - 'telekom_nervkram': vault.decrypt('encrypt$gAAAAABg6X1pOUs_jVkqyHYChM4P6lpdpAUmLXkDPy2grxcL-R8Ab10Isxj52dvUkLFET-LhNgxgnGbdYtMhv1_awgS9klHW1A==').format_into('0 0 * * * root date | mail -s \'daily test mail\' -r root@rx300.kunbox.net {}@t-online.de'), + 'check-mail-received': { + 't-online': { + 'email': 'franzi.kunsmann@t-online.de', + 'imap_host': 'secureimap.t-online.de', + 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), + }, }, 'gitea': { 'version': '1.14.4', From fe5b7b73359c834e5870e17213f000c2d8d25dc6 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 15:54:02 +0200 Subject: [PATCH 33/58] nodes/htz-cloud.pirmasens: add bundle:check-mail-received --- nodes/htz-cloud/pirmasens.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nodes/htz-cloud/pirmasens.py b/nodes/htz-cloud/pirmasens.py index 5953245..18b1b76 100644 --- a/nodes/htz-cloud/pirmasens.py +++ b/nodes/htz-cloud/pirmasens.py @@ -1,5 +1,6 @@ nodes['htz-cloud.pirmasens'] = { 'bundles': { + 'check-mail-received', 'dovecot', 'php', 'postfixadmin', @@ -23,6 +24,13 @@ nodes['htz-cloud.pirmasens'] = { 'gateway6': 'fe80::1', }, }, + 'check-mail-received': { + 't-online': { + 'email': 'franzi.kunsmann@t-online.de', + 'imap_host': 'secureimap.t-online.de', + 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), + }, + }, 'icinga_options': { 'pretty_name': 'kunsmann.info', }, From 8f4db6f2ba2f50a84a72291bf9f4f8b3f90de7e9 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 15:59:03 +0200 Subject: [PATCH 34/58] bundles/postfix: install pkg_pacman:s-nail --- bundles/postfix/metadata.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 759f693..b9219f1 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -25,6 +25,7 @@ defaults = { 'pacman': { 'packages': { 'postfix': {}, + 's-nail': {}, }, }, } From b1939716256a132ba81c165b2c0e886356b58e59 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 16:16:56 +0200 Subject: [PATCH 35/58] bundles/postfix: fix some needed files not being present in chroot on arch --- bundles/postfix/files/arch-override.conf | 6 ++++++ bundles/postfix/items.py | 12 +++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 bundles/postfix/files/arch-override.conf diff --git a/bundles/postfix/files/arch-override.conf b/bundles/postfix/files/arch-override.conf new file mode 100644 index 0000000..3b3e46d --- /dev/null +++ b/bundles/postfix/files/arch-override.conf @@ -0,0 +1,6 @@ +[Service] +# arch postfix is not set up for chrooting by default +ExecStartPre=-/usr/sbin/mkdir -p /var/spool/postfix/etc +% for file in ['/etc/localtime', '/etc/nsswitch.conf', '/etc/resolv.conf', '/etc/services']: +ExecStartPre=-/usr/sbin/cp -p ${file} /var/spool/postfix${file} +% endfor diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index 1ca260b..7346fe3 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -21,7 +21,7 @@ for identifier in node.metadata.get('postfix/mynetworks', set()): netmask = '128' mynetworks.add(f'[{ip6}]/{netmask}') -my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix' +my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix' files = { '/etc/mailname': { @@ -86,3 +86,13 @@ svc_systemd = { }, }, } + +if node.os == 'arch': + files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = { + 'source': 'arch-override.conf', + 'content_type': 'mako', + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:postfix:restart', + }, + } From 7fef4d7a0089b8119a16f927ab9afa057c75040b Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 10 Jul 2021 21:57:04 +0200 Subject: [PATCH 36/58] nodes/aurto: add n0emis ssh keys --- nodes/aurto.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nodes/aurto.py b/nodes/aurto.py index 449aa61..45d1adf 100644 --- a/nodes/aurto.py +++ b/nodes/aurto.py @@ -63,6 +63,9 @@ nodes['aurto'] = { # kunsi 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYst1HK+gJYhNxzqJGnz4iB73pa89Xz2yH+8wufOcsA', 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971', + # n0emis + 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu', + 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== simeon@noemis.me (OLD)', }, }, 'kunsi': { From a66d9c57650e24c3d4a73f26e5d66be5eda74023 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 12:29:05 +0200 Subject: [PATCH 37/58] bundles/mx-puppet-discord: add (Discord) to room and user names --- bundles/mx-puppet-discord/files/config.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bundles/mx-puppet-discord/files/config.yaml b/bundles/mx-puppet-discord/files/config.yaml index a93c889..6be98d2 100644 --- a/bundles/mx-puppet-discord/files/config.yaml +++ b/bundles/mx-puppet-discord/files/config.yaml @@ -16,6 +16,12 @@ provisioning: - "${regex}" % endfor +namePatterns: + user: ":name (Discord)" + userOverride: ":displayname (Discord)" + room: "#:name (Discord - :guild)" + group: ":name" + database: connString: "postgres://${node.metadata['mx-puppet-discord']['database']['user']}:${node.metadata['mx-puppet-discord']['database']['password']}@${node.metadata['mx-puppet-discord']['database'].get('host', 'localhost')}/${node.metadata['mx-puppet-discord']['database']['database']}?sslmode=disable" From 8da40eab67262d873bea968f9c1f270652bc4972 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 15:23:49 +0200 Subject: [PATCH 38/58] nodes/rx300: add php 8.0 --- bundles/php/files/8.0/fpm.conf | 23 ++++++++ bundles/php/files/8.0/php.ini | 99 ++++++++++++++++++++++++++++++++++ nodes/rx300.py | 18 +++++++ 3 files changed, 140 insertions(+) create mode 100644 bundles/php/files/8.0/fpm.conf create mode 100644 bundles/php/files/8.0/php.ini diff --git a/bundles/php/files/8.0/fpm.conf b/bundles/php/files/8.0/fpm.conf new file mode 100644 index 0000000..c4d6412 --- /dev/null +++ b/bundles/php/files/8.0/fpm.conf @@ -0,0 +1,23 @@ +[global] +pid=/run/php/php8.0-fpm.pid +; We're using journal, put logs there +error_log=/var/log/php8.0-fpm.log +daemonize=yes + +; The one and only worker pool we have +[www] +user=www-data +group=www-data +listen=/run/php/php8.0-fpm.sock +listen.owner=www-data +listen.group=www-data +listen.mode=0600 + +; Process Manager Settings +pm=dynamic +pm.max_children=${num_cpus*4} +pm.start_servers=${num_cpus} +pm.max_spare_servers=${num_cpus*2} +pm.min_spare_servers=${num_cpus} +pm.process_idle_timeout=30s +pm.max_requests=1024 diff --git a/bundles/php/files/8.0/php.ini b/bundles/php/files/8.0/php.ini new file mode 100644 index 0000000..45b78bf --- /dev/null +++ b/bundles/php/files/8.0/php.ini @@ -0,0 +1,99 @@ +[PHP] +; Only needed for libapache2-mod-php? +engine = On +short_open_tag = Off +precision = 14 +output_buffering = 4096 +zlib.output_compression = Off +implicit_flush = Off +serialize_precision = -1 +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals +ignore_user_abort = Off +zend.enable_gc = On +expose_php = Off + +max_execution_time = 30 +max_input_time = 60 +memory_limit = 256M + +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_startup_errors = Off +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +html_errors = On +error_log = syslog +syslog.ident = php7.4 +syslog.filter = ascii + +arg_separator.output = "&" +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On +post_max_size = ${post_max_size}M +default_mimetype = "text/html" +default_charset = "UTF-8" + +enable_dl = Off +file_uploads = On +upload_max_filesize = ${post_max_size}M +max_file_uploads = 20 + +allow_url_fopen = On +allow_url_include = Off +default_socket_timeout = 10 + +[CLI Server] +cli_server.color = On + +[mail function] +mail.add_x_header = Off + +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.cookie_samesite = +session.serialize_handler = php +session.gc_probability = 1 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.sid_length = 32 +session.trans_sid_tags = "a=href,area=href,frame=src,form=" +session.sid_bits_per_character = 6 + +[Assertion] +zend.assertions = -1 diff --git a/nodes/rx300.py b/nodes/rx300.py index b3b34ef..c0bfa67 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -11,6 +11,7 @@ nodes['rx300'] = { 'gitea', 'lm-sensors', 'miniflux', + 'php', 'postgresql', 'smartd', 'travelynx', @@ -40,6 +41,10 @@ nodes['rx300'] = { 'ruby': {}, 'ruby-dev': {}, 'ruby-bundler': {}, + + # more php + 'php-imagick': {}, + 'php-yaml': {}, }, # XXX remove this once nginx.org has packages for debian bullseye 'repos': { @@ -146,6 +151,19 @@ nodes['rx300'] = { }, }, }, + 'php': { + 'version': '8.0', + 'packages': { + 'gd', + 'imap', + 'intl', + 'mbstring', + 'opcache', + 'pgsql', + 'readline', + 'xml', + }, + }, 'postgresql': { 'version': '13', }, From 3871893c9b1814b464c01e3c64b8c77d95feeb57 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 15:24:08 +0200 Subject: [PATCH 39/58] move jenkins to rx300 --- .../powerdns/files/bind-zones/franzi.business | 1 + data/powerdns/files/bind-zones/kunsmann.eu | 3 --- nodes/htz/ex42-1048908.py | 20 +++++++------- nodes/rx300.py | 27 ++++++++++++++++--- 4 files changed, 35 insertions(+), 16 deletions(-) diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index 13c56cb..b811603 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -15,6 +15,7 @@ dimension IN A 94.130.52.224 dimension IN AAAA 2a01:4f8:10b:2a5f::2 git IN CNAME rx300.kunbox.net. +jenkins IN CNAME rx300.kunbox.net. matrix IN A 94.130.52.224 matrix IN AAAA 2a01:4f8:10b:2a5f::2 diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index 41a2397..8f10382 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -15,9 +15,6 @@ icinga IN CNAME icinga2.ovh.kunbox.net. influxdb IN CNAME influxdb.htz-cloud.kunbox.net. statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net. -jenkins IN A 94.130.52.224 -jenkins IN AAAA 2a01:4f8:10b:2a5f::2 - mta-sts IN A 94.130.52.224 mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 925e9ec..cae81bf 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -4,7 +4,7 @@ nodes['htz.ex42-1048908'] = { 'dovecot', 'element-web', # 'gitea', - 'jenkins-ci', +# 'jenkins-ci', 'lm-sensors', 'matrix-media-repo', 'matrix-synapse', @@ -338,15 +338,15 @@ nodes['htz.ex42-1048908'] = { }, }, }, - 'jenkins.kunsmann.eu': { - 'locations': { - '/': { - 'target': 'http://localhost:22010/', - }, - }, - 'website_check_path': '/login', - 'website_check_string': 'Welcome to Jenkins', - }, +# 'jenkins.kunsmann.eu': { +# 'locations': { +# '/': { +# 'target': 'http://localhost:22010/', +# }, +# }, +# 'website_check_path': '/login', +# 'website_check_string': 'Welcome to Jenkins', +# }, 'kunbox.net': {}, 'kunsmann.eu': { 'locations': { diff --git a/nodes/rx300.py b/nodes/rx300.py index c0bfa67..78374b9 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -9,6 +9,7 @@ nodes['rx300'] = { 'bundles': { 'check-mail-received', 'gitea', + 'jenkins-ci', 'lm-sensors', 'miniflux', 'php', @@ -125,12 +126,32 @@ nodes['rx300'] = { }, }, }, - 'unicornsden': { + 'jenkins': { + 'domain': 'jenkins.franzi.business', + 'ssl': '_.franzi.business', + 'locations': { + '/': { + 'target': 'http://localhost:22010/', + }, + }, + 'website_check_path': '/login', + 'website_check_string': 'Welcome to Jenkins', + }, + 'unicornsden-redirect': { 'domain': 'unicornsden.franzi.business', 'ssl': '_.franzi.business', + 'locations': { + '/': { + 'redirect': 'https://map.unicornsden.com/', + }, + }, + }, + 'unicornsden': { + 'domain': 'map.unicornsden.com', + 'php': True, 'webroot_config': { - 'owner': 'kunsi', - 'group': 'kunsi', + 'owner': 'git', + 'group': 'git', 'mode': '0755', }, }, From 0a14d46cf23676218127c8bc779ccb93e8abebc1 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 15:29:42 +0200 Subject: [PATCH 40/58] bundles/jenkins: add zfs dataset --- bundles/jenkins-ci/items.py | 11 +++++++++++ bundles/jenkins-ci/metadata.py | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/bundles/jenkins-ci/items.py b/bundles/jenkins-ci/items.py index ff49882..da6ea1a 100644 --- a/bundles/jenkins-ci/items.py +++ b/bundles/jenkins-ci/items.py @@ -1,3 +1,13 @@ +directories = { + '/var/lib/jenkins': { + 'owner': 'jenkins', + 'group': 'jenkins', + 'needs': { + 'pkg_apt:jenkins', + }, + }, +} + files = { '/etc/default/jenkins': { 'triggers': { @@ -9,6 +19,7 @@ files = { svc_systemd = { 'jenkins': { 'needs': { + 'directory:/var/lib/jenkins', 'pkg_apt:jenkins', }, }, diff --git a/bundles/jenkins-ci/metadata.py b/bundles/jenkins-ci/metadata.py index 0cd5e59..fae8052 100644 --- a/bundles/jenkins-ci/metadata.py +++ b/bundles/jenkins-ci/metadata.py @@ -21,4 +21,14 @@ defaults = { '/var/lib/jenkins', }, }, + 'zfs': { + 'datasets': { + 'tank/jenkins': { + 'mountpoint': '/var/lib/jenkins', + 'needed_by': { + 'pkg_apt:jenkins', + }, + }, + }, + }, } From 72f148425a968bdebeef309bfd0f1bbc7ab5468a Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 15:47:45 +0200 Subject: [PATCH 41/58] bundles/jenkins-ci: add ssh keys and config --- bundles/jenkins-ci/files/ssh-config | 3 +++ bundles/jenkins-ci/items.py | 16 ++++++++++++++++ data/jenkins-ci/files/ssh-keys/rx300.key.vault | 1 + data/jenkins-ci/files/ssh-keys/rx300.pub | 1 + nodes/rx300.py | 7 +++++-- 5 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 bundles/jenkins-ci/files/ssh-config create mode 100644 data/jenkins-ci/files/ssh-keys/rx300.key.vault create mode 100644 data/jenkins-ci/files/ssh-keys/rx300.pub diff --git a/bundles/jenkins-ci/files/ssh-config b/bundles/jenkins-ci/files/ssh-config new file mode 100644 index 0000000..564c5f9 --- /dev/null +++ b/bundles/jenkins-ci/files/ssh-config @@ -0,0 +1,3 @@ +Host * + UserKnownHostsFile /dev/null + StrictHostKeyChecking no diff --git a/bundles/jenkins-ci/items.py b/bundles/jenkins-ci/items.py index da6ea1a..03e627e 100644 --- a/bundles/jenkins-ci/items.py +++ b/bundles/jenkins-ci/items.py @@ -6,6 +6,11 @@ directories = { 'pkg_apt:jenkins', }, }, + '/var/lib/jenkins/.ssh': { + 'mode': '0755', + 'owner': 'git', + 'group': 'git', + }, } files = { @@ -14,8 +19,19 @@ files = { 'svc_systemd:jenkins:restart', }, }, + '/var/lib/jenkins/.ssh/config': { + 'source': 'ssh-config', + }, } +if node.metadata.get('jenkins-ci/install_ssh_key', False): + files['/var/lib/jenkins/.ssh/id_ed25519'] = { + 'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'), + 'mode': '0600', + 'owner': 'jenkins', + 'group': 'jenkins', + } + svc_systemd = { 'jenkins': { 'needs': { diff --git a/data/jenkins-ci/files/ssh-keys/rx300.key.vault b/data/jenkins-ci/files/ssh-keys/rx300.key.vault new file mode 100644 index 0000000..e56190a --- /dev/null +++ b/data/jenkins-ci/files/ssh-keys/rx300.key.vault @@ -0,0 +1 @@ +encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE \ No newline at end of file diff --git a/data/jenkins-ci/files/ssh-keys/rx300.pub b/data/jenkins-ci/files/ssh-keys/rx300.pub new file mode 100644 index 0000000..55ce7ec --- /dev/null +++ b/data/jenkins-ci/files/ssh-keys/rx300.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH diff --git a/nodes/rx300.py b/nodes/rx300.py index 78374b9..d66a7b0 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -87,6 +87,9 @@ nodes['rx300'] = { 'icinga_options': { 'pretty_name': 'franzi.business', }, + 'jenkins-ci': { + 'install_ssh_key': True, + }, 'miniflux': { 'domain': 'rss.franzi.business', }, @@ -150,8 +153,8 @@ nodes['rx300'] = { 'domain': 'map.unicornsden.com', 'php': True, 'webroot_config': { - 'owner': 'git', - 'group': 'git', + 'owner': 'jenkins', + 'group': 'jenkins', 'mode': '0755', }, }, From a210ada21133452ebdfb2d708ee8d48935194b91 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 15:58:26 +0200 Subject: [PATCH 42/58] README: jenkins has moved --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7608202..c102b84 100644 --- a/README.md +++ b/README.md @@ -6,4 +6,4 @@ May also include some dummy nodes, for example for deploying websites onto shared webhosting. `bw test` runs according to Jenkinsfile after every commit. -[![Build Status](https://jenkins.kunsmann.eu/buildStatus/icon?job=bundlewrap%2Fmain)](https://jenkins.kunsmann.eu/job/bundlewrap/job/main/) +[![Build Status](https://jenkins.franzi.business/buildStatus/icon?job=kunsi%2Fbundlewrap%2Fmain)](https://jenkins.franzi.business/job/kunsi/job/bundlewrap/job/main/) From 801b21a35c5ecdc623ccce87eb3ee5a1c6d64233 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 16:36:43 +0200 Subject: [PATCH 43/58] bw/bundle matrix-dimension add first draft --- .../files/matrix-dimension.service | 14 +++ .../matrix-dimension/files/production.yaml | 98 +++++++++++++++++++ bundles/matrix-dimension/items.py | 68 +++++++++++++ bundles/matrix-dimension/metadata.py | 75 ++++++++++++++ .../dimension.sophies-kitchen.eu | 13 ++- nodes/htz-cloud/miniserver.py | 35 ++++--- 6 files changed, 288 insertions(+), 15 deletions(-) create mode 100644 bundles/matrix-dimension/files/matrix-dimension.service create mode 100644 bundles/matrix-dimension/files/production.yaml create mode 100644 bundles/matrix-dimension/items.py create mode 100644 bundles/matrix-dimension/metadata.py diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service new file mode 100644 index 0000000..1b9333f --- /dev/null +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -0,0 +1,14 @@ +[Unit] +Description=Matrix Dimension +After=network.target + +[Service] +User=matrix-support +Group=matrix-support +Environment="NODE_ENV=production" +ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +WorkingDirectory=${config['install_dir']} +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml new file mode 100644 index 0000000..bb67228 --- /dev/null +++ b/bundles/matrix-dimension/files/production.yaml @@ -0,0 +1,98 @@ +# The web settings for the service (API and UI). +# It is best to have this run on localhost and use a reverse proxy to access Dimension. +web: + port: 8184 + address: '127.0.0.1' + +# Homeserver configuration +homeserver: + # The domain name of the homeserver. This is used in many places, such as with go-neb + # setups, to identify the homeserver. + name: "${config['homserver']['name']}" + + # The URL that Dimension, go-neb, and other services provisioned by Dimension should + # use to access the homeserver with. + clientServerUrl: "${config['homserver']['clientServeUrl']}" + + # The URL that Dimension should use when trying to communicate with federated APIs on + # the homeserver. If not supplied or left empty Dimension will try to resolve the address + # through the normal federation process. + #federationUrl: "https://t2bot.io:8448" + + # The URL that Dimension will redirect media requests to for downloading media such as + # stickers. If not supplied or left empty Dimension will use the clientServerUrl. + #mediaUrl: "https://t2bot.io" + + # The access token Dimension should use for miscellaneous access to the homeserver, and + # for tracking custom sticker pack updates. This should be a user configured on the homeserver + # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For + # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens + accessToken: "${config['homserver']['accessToken']}" + +# These users can modify the integrations this Dimension supports. +# To access the admin interface, open Dimension in Riot and click the settings icon. +admins: +% for i in config['admins']: + - "${i}" +% endfor +# IPs and CIDR ranges listed here will be blocked from being widgets. +# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. +widgetBlacklist: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 127.0.0.0/8 + +database: + # Where the database for Dimension is + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + + # Where to store misc information for the utility bot account. + botData: "${config['data_dir']}/dimension.bot.json" + +# Display settings that apply to self-hosted go-neb instances +goneb: + # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver + # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, + # make the bot's avatar an empty string. + avatars: + giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" + imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" + github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" + wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" + travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" + rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" + google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" + guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" + echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" + circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" + jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" + +# Settings for interacting with Telegram. Currently only applies for importing +# sticker packs from Telegram. +telegram: + # Talk to @BotFather on Telegram to get a token + botToken: "${config['telegram']['botToken']}" + +# Custom sticker pack options. +# Largely based on https://github.com/turt2live/matrix-sticker-manager +stickers: + # Whether or not to allow people to add custom sticker packs + enabled: true + + # The sticker manager bot to promote + stickerBot: "@stickers:t2bot.io" + + # The sticker manager URL to promote + managerUrl: "https://stickers.t2bot.io" + + +# Settings for controlling how logging works +logging: + file: "${config['data_dir']}/logs/dimension.log" + console: true + consoleLevel: info + fileLevel: verbose + rotate: + size: 52428800 # bytes, default is 50mb + count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py new file mode 100644 index 0000000..68375ea --- /dev/null +++ b/bundles/matrix-dimension/items.py @@ -0,0 +1,68 @@ +repo.libs.tools.require_bundle(node, 'nodejs') + + +directories = { + node.metadata['matrix-dimension']['install_dir']: {}, + node.metadata['matrix-dimension']['data_dir']: {}, +} + +git_deploy = { + node.metadata['matrix-dimension']['install_dir']: { + 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'repo': 'https://github.com/turt2live/matrix-dimension.git', + 'triggers': { + 'action:matrix_dimension_build', + }, + 'needs': { + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + }, + }, +} + +files = { + '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'needs': { + 'action:element-web_yarn', + 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + }, + }, + '/etc/systemd/system/matrix-dimension.service': { + 'content_type': 'mako', + 'context': { + 'config': node.metadata.get('matrix-dimension', {}), + }, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +actions = { + 'matrix_dimenson_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'needs': { + 'pkg_apt:nodejs', + }, + 'triggered': True, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, + }, +} + +svc_systemd = { + 'matrix-dimension': { + 'needs': { + 'action:matrix-dimension_build', + 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'postgres_db:matrix-dimension', + 'postgres_role:matrix-dimension', + }, + }, +} diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py new file mode 100644 index 0000000..6db7c86 --- /dev/null +++ b/bundles/matrix-dimension/metadata.py @@ -0,0 +1,75 @@ +defaults = { + 'matrix-dimension': { + 'install_dir': '/opt/matrix-dimension', + 'data_dir': '/var/opt/dimension', + 'database': { + 'user': 'matrix-dimension', + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + 'database': 'matrix-dimension', + }, + }, + 'postgresql': { + 'roles': { + 'matrix-dimension': { + 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), + }, + }, + 'databases': { + 'matrix-dimension': { + 'owner': 'matrix-dimension', + }, + }, + }, + 'icinga2_api': { + 'mautrix-telegram': { + 'services': { + 'MAUTRIX-TELEGRAM PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + }, + }, + }, + }, +} + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx_config(metadata): + return { + 'nginx': { + 'vhosts': { + metadata.get('matrix-dimension/url'): { + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'do_not_set_content_security_headers': True, + 'max_body_size': '50M', + 'proxy': { + '/': { + 'target': 'http://127.0.0.1:8184', + }, + }, + }, + }, + }, + } + + +@metadata_reactor.provides( + 'icinga2_api/matrix-dimension/services', +) +def icinga_check_for_new_release(metadata): + return { + 'icinga2_api': { + 'matrix-dimension': { + 'services': { + 'MATRIX-DIMENSION UPDATE': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')), + 'vars.notification.mail': True, + 'check_interval': '60m', + }, + #'MATRIX-DIMENSION PROCESS': { + # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', + #}, + }, + }, + }, + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index aa5cff2..b20254d 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,6 +1,15 @@ + add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - location /.well-known/matrix/ { - alias /etc/matrix-synapse/wellknown/; + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; + default_type application/json; add_header Access-Control-Allow-Origin *; } + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 1085b16..06eddd4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -4,6 +4,7 @@ nodes['htz-cloud.miniserver'] = { 'bundles': { 'element-web', + 'matrix-dimension', 'matrix-media-repo', 'matrix-synapse', 'nodejs', @@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = { }, 'brand': 'sophies-kitchen.eu', 'showLabsSettings': True, - 'integrations_ui_url': 'https://dimension.franzi.business/riot', - 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', + 'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot', + 'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar', 'integrations_widgets_urls': { - 'https://dimension.franzi.business/widgets' + 'https://dimension.sophies-kitchen.eu/widgets' }, 'default_theme': 'dark', 'defaultCountryCode': 'DE', @@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = { }, }, }, + 'matrix-dimension': { + 'url': 'dimension.sophies-kitchen.eu', + 'version': 'master', # doesn't have releases yet + 'homserver': { + 'name': 'sophies-kitchen.eu', + 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), + }, + 'admins': [ + '@sophie:sophies-kitchen.eu', + ], + 'telegram': { + 'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'), + }, + }, 'matrix-media-repo': { 'version': 'v1.2.8', 'homeservers': { @@ -156,16 +172,9 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - #'dimension.sophies-kitchen.eu': { - # 'extras': True, - # 'do_not_set_content_security_headers': True, - # 'max_body_size': '50M', - # 'locations': { - # '/': { - # 'target': 'http://127.0.0.1:8184', - # }, - # }, - #}, + 'dimension.sophies-kitchen.eu': { + 'extras': True, + }, 'sophies-kitchen.eu': { 'webroot': '/var/www/sophies-kitchen.eu/_site/', 'extras': True, From 4d65d4847826fcdf9dc9275c111ee7f3d7bf9f8e Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 18:04:48 +0200 Subject: [PATCH 44/58] bw/bundle matrix-dimension this might actually work --- .../files/matrix-dimension.service | 2 +- bundles/matrix-dimension/files/production.yaml | 2 +- bundles/matrix-dimension/items.py | 14 +++++++++----- bundles/matrix-dimension/metadata.py | 14 +++++--------- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service index 1b9333f..14b91f4 100644 --- a/bundles/matrix-dimension/files/matrix-dimension.service +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -6,7 +6,7 @@ After=network.target User=matrix-support Group=matrix-support Environment="NODE_ENV=production" -ExecStart=/usr/bin/node /opt/matrix/matrix-dimension/build/app/index.js +ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js WorkingDirectory=${config['install_dir']} Restart=on-failure diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index bb67228..738b1d9 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -45,7 +45,7 @@ widgetBlacklist: database: # Where the database for Dimension is - uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" + uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}" # Where to store misc information for the utility bot account. botData: "${config['data_dir']}/dimension.bot.json" diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 68375ea..594ba89 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -2,8 +2,10 @@ repo.libs.tools.require_bundle(node, 'nodejs') directories = { - node.metadata['matrix-dimension']['install_dir']: {}, - node.metadata['matrix-dimension']['data_dir']: {}, + node.metadata['matrix-dimension']['install_dir']: { + 'owner': 'matrix-support', + 'group': 'matrix-support', + }, } git_deploy = { @@ -22,6 +24,8 @@ git_deploy = { files = { '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + 'owner': 'matrix-support', + 'group': 'matrix-support', 'content_type': 'mako', 'context': { 'config': node.metadata.get('matrix-dimension', {}), @@ -44,8 +48,8 @@ files = { } actions = { - 'matrix_dimenson_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && npm install && npm run build', + 'matrix_dimension_build': { + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-support npm install && sudo -u matrix-support npm run build', 'needs': { 'pkg_apt:nodejs', }, @@ -59,7 +63,7 @@ actions = { svc_systemd = { 'matrix-dimension': { 'needs': { - 'action:matrix-dimension_build', + 'action:matrix_dimension_build', 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 6db7c86..6172b56 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -1,7 +1,7 @@ defaults = { 'matrix-dimension': { 'install_dir': '/opt/matrix-dimension', - 'data_dir': '/var/opt/dimension', + 'data_dir': '/var/opt/matrix-dimension', 'database': { 'user': 'matrix-dimension', 'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)), @@ -20,13 +20,9 @@ defaults = { }, }, }, - 'icinga2_api': { - 'mautrix-telegram': { - 'services': { - 'MAUTRIX-TELEGRAM PROCESS': { - 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', - }, - }, + 'users': { + 'matrix-support': { + 'home': '/var/opt/matrix-dimension', }, }, } @@ -39,7 +35,7 @@ def nginx_config(metadata): 'nginx': { 'vhosts': { metadata.get('matrix-dimension/url'): { - 'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')), + 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', 'proxy': { From e3db16bc62460e30e1df3ee29708dc43a3be6f82 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 18:48:22 +0200 Subject: [PATCH 45/58] bw/htz-cloud.miniserver set differend recursors --- nodes/htz-cloud/miniserver.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 06eddd4..50478cd 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -160,6 +160,14 @@ nodes['htz-cloud.miniserver'] = { 'bot_token': '""', }, }, + 'nameservers': { + '213.133.98.98', + '213.133.99.99', + '213.133.100.100', + '2a01:4f8:0:1::add:1010', + '2a01:4f8:0:1::add:9999', + '2a01:4f8:0:1::add:9898', + }, 'nftables': { 'rules': { 'input': { From b1473a09408022d34ca606949263ab3d0e1cfbce Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:15:19 +0200 Subject: [PATCH 46/58] bundle/matrix-dimension enable backups --- bundles/matrix-dimension/metadata.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 6172b56..23627ae 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -1,4 +1,10 @@ defaults = { + 'backups': { + 'paths': { + '/opt/matrix-dimension', + '/var/opt/matrix-dimension', + }, + }, 'matrix-dimension': { 'install_dir': '/opt/matrix-dimension', 'data_dir': '/var/opt/matrix-dimension', @@ -38,7 +44,7 @@ def nginx_config(metadata): 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', - 'proxy': { + 'locations': { '/': { 'target': 'http://127.0.0.1:8184', }, From 459a08a7a527ff52fbf761c5ca9655b7b75a9e24 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:21:19 +0200 Subject: [PATCH 47/58] bw/matrix-dimension witespaaaaaaaace --- bundles/matrix-dimension/files/production.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 738b1d9..426af52 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -22,7 +22,7 @@ homeserver: # The URL that Dimension will redirect media requests to for downloading media such as # stickers. If not supplied or left empty Dimension will use the clientServerUrl. #mediaUrl: "https://t2bot.io" - + # The access token Dimension should use for miscellaneous access to the homeserver, and # for tracking custom sticker pack updates. This should be a user configured on the homeserver # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For From 3bcda42a7737f046838166accd3ffa387b349ac4 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:28:48 +0200 Subject: [PATCH 48/58] bw/htz-cloud.miniserver cleanup extras --- .../dimension.sophies-kitchen.eu | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu index b20254d..e13c482 100644 --- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -1,15 +1 @@ - - add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; - - location /.well-known/matrix/client { - return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"},"im.vector.riot.jitsi": {"preferredDomain": "meet.ffmuc.net"}}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - - location /.well-known/matrix/server { - return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - +add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; From ad7582e38ad96447434def27f1feb363c8d74881 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:38:27 +0200 Subject: [PATCH 49/58] bw/matrix-dimension switch to dedicated user --- .../matrix-dimension/files/matrix-dimension.service | 4 ++-- bundles/matrix-dimension/items.py | 10 +++++----- bundles/matrix-dimension/metadata.py | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bundles/matrix-dimension/files/matrix-dimension.service b/bundles/matrix-dimension/files/matrix-dimension.service index 14b91f4..9d2bebc 100644 --- a/bundles/matrix-dimension/files/matrix-dimension.service +++ b/bundles/matrix-dimension/files/matrix-dimension.service @@ -3,8 +3,8 @@ Description=Matrix Dimension After=network.target [Service] -User=matrix-support -Group=matrix-support +User=matrix-dimension +Group=matrix-dimension Environment="NODE_ENV=production" ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js WorkingDirectory=${config['install_dir']} diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 594ba89..8bdf28f 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -3,8 +3,8 @@ repo.libs.tools.require_bundle(node, 'nodejs') directories = { node.metadata['matrix-dimension']['install_dir']: { - 'owner': 'matrix-support', - 'group': 'matrix-support', + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', }, } @@ -24,8 +24,8 @@ git_deploy = { files = { '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { - 'owner': 'matrix-support', - 'group': 'matrix-support', + 'owner': 'matrix-dimension', + 'group': 'matrix-dimension', 'content_type': 'mako', 'context': { 'config': node.metadata.get('matrix-dimension', {}), @@ -49,7 +49,7 @@ files = { actions = { 'matrix_dimension_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-support npm install && sudo -u matrix-support npm run build', + 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', 'needs': { 'pkg_apt:nodejs', }, diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 23627ae..b9cf3df 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -27,7 +27,7 @@ defaults = { }, }, 'users': { - 'matrix-support': { + 'matrix-dimension': { 'home': '/var/opt/matrix-dimension', }, }, From 65849daa75da7b992d7cf0ee7b6b11a42bd8cf8e Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:41:17 +0200 Subject: [PATCH 50/58] bw/matrix-dimension switch listening port --- PORT_MAP.md | 2 +- bundles/matrix-dimension/files/production.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PORT_MAP.md b/PORT_MAP.md index e15cfec..003339b 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 6667 | | bitlbee | | 8010 | | matrix-media-repo | | 8086 | influxdb2 | influx | -| 8184 | | matrix-dimension | | 11332-11334 | rspamd | rspamd | | 20000 | mx-puppet-discord | Bridge | | 20010 | mautrix-telegram | Bridge | | 20020 | mautrix-whatsapp | Bridge | +| 20030 | matrix-dimension | Matrix Integrations Manager| | 20080 | matrix-synapse | client, federation | | 20081 | matrix-synapse | prometheus metrics | | 20090 | matrix-media-repo | media_repo | diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 426af52..305ba54 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -1,7 +1,7 @@ # The web settings for the service (API and UI). # It is best to have this run on localhost and use a reverse proxy to access Dimension. web: - port: 8184 + port: 20030 address: '127.0.0.1' # Homeserver configuration From 71e5a828d42bb847ed735e587d2acb7c99f1582e Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:44:17 +0200 Subject: [PATCH 51/58] bw/matrix-dimensions fix typos --- bundles/matrix-dimension/files/production.yaml | 6 +++--- nodes/htz-cloud/miniserver.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 305ba54..5bfcfdd 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -8,11 +8,11 @@ web: homeserver: # The domain name of the homeserver. This is used in many places, such as with go-neb # setups, to identify the homeserver. - name: "${config['homserver']['name']}" + name: "${config['homeserver']['name']}" # The URL that Dimension, go-neb, and other services provisioned by Dimension should # use to access the homeserver with. - clientServerUrl: "${config['homserver']['clientServeUrl']}" + clientServerUrl: "${config['homeserver']['clientServerUrl']}" # The URL that Dimension should use when trying to communicate with federated APIs on # the homeserver. If not supplied or left empty Dimension will try to resolve the address @@ -27,7 +27,7 @@ homeserver: # for tracking custom sticker pack updates. This should be a user configured on the homeserver # and be dedicated to Dimension (create a user named "dimension" on your homeserver). For # information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens - accessToken: "${config['homserver']['accessToken']}" + accessToken: "${config['homeserver']['accessToken']}" # These users can modify the integrations this Dimension supports. # To access the admin interface, open Dimension in Riot and click the settings icon. diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 50478cd..0a104d4 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -107,7 +107,7 @@ nodes['htz-cloud.miniserver'] = { 'matrix-dimension': { 'url': 'dimension.sophies-kitchen.eu', 'version': 'master', # doesn't have releases yet - 'homserver': { + 'homeserver': { 'name': 'sophies-kitchen.eu', 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), From 7d5b26f66cff08160390a3c6db92f1d98c53b6c0 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:47:40 +0200 Subject: [PATCH 52/58] bw/matrix-dimension enable process monitoring --- bundles/matrix-dimension/metadata.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index b9cf3df..ed7392a 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -68,9 +68,9 @@ def icinga_check_for_new_release(metadata): 'vars.notification.mail': True, 'check_interval': '60m', }, - #'MATRIX-DIMENSION PROCESS': { - # 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a mautrix-telegram -c 1:', - #}, + 'MATRIX-DIMENSION PROCESS': { + 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:', + }, }, }, }, From 19e331fe07f35bd6da12ed3a915edc3e84af544e Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 20:58:56 +0200 Subject: [PATCH 53/58] bw/matrix-dimension switch to generic vhost name --- bundles/matrix-dimension/metadata.py | 5 +++-- .../{dimension.sophies-kitchen.eu => matrix-dimension} | 0 nodes/htz-cloud/miniserver.py | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) rename data/nginx/files/extras/htz-cloud.miniserver/{dimension.sophies-kitchen.eu => matrix-dimension} (100%) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index ed7392a..ddcdbd0 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -34,13 +34,14 @@ defaults = { } @metadata_reactor.provides( - 'nginx/vhosts', + 'nginx/vhosts/matrix-dimension', ) def nginx_config(metadata): return { 'nginx': { 'vhosts': { - metadata.get('matrix-dimension/url'): { + 'matrix-dimension': { + 'domain': metadata.get('matrix-dimension/url'), 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension similarity index 100% rename from data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu rename to data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 0a104d4..cb2ec71 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -109,7 +109,7 @@ nodes['htz-cloud.miniserver'] = { 'version': 'master', # doesn't have releases yet 'homeserver': { 'name': 'sophies-kitchen.eu', - 'clientServeUrl': 'https://matrix.sophies-kitchen.eu', + 'clientServerUrl': 'https://matrix.sophies-kitchen.eu', 'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), }, 'admins': [ @@ -180,7 +180,7 @@ nodes['htz-cloud.miniserver'] = { }, 'nginx': { 'vhosts': { - 'dimension.sophies-kitchen.eu': { + 'matrix-dimension': { 'extras': True, }, 'sophies-kitchen.eu': { From 05f7d912b0a6e37099b7009d4b16d6fab4b18235 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:06:51 +0200 Subject: [PATCH 54/58] bw/matrix-dimension disable logfile --- bundles/matrix-dimension/files/production.yaml | 5 ----- bundles/matrix-dimension/items.py | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bundles/matrix-dimension/files/production.yaml b/bundles/matrix-dimension/files/production.yaml index 5bfcfdd..321f6d2 100644 --- a/bundles/matrix-dimension/files/production.yaml +++ b/bundles/matrix-dimension/files/production.yaml @@ -89,10 +89,5 @@ stickers: # Settings for controlling how logging works logging: - file: "${config['data_dir']}/logs/dimension.log" console: true consoleLevel: info - fileLevel: verbose - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 8bdf28f..8af625b 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -34,6 +34,9 @@ files = { 'action:element-web_yarn', 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), }, + 'triggers': { + 'svc_systemd:matrix-dimension:restart', + }, }, '/etc/systemd/system/matrix-dimension.service': { 'content_type': 'mako', From 2ec5fe408ae2132492b79de0c548cc5bb469837e Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:11:23 +0200 Subject: [PATCH 55/58] bw/matrix-dimension get all the things --- bundles/matrix-dimension/items.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 8af625b..5fbb7d6 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -10,20 +10,20 @@ directories = { git_deploy = { node.metadata['matrix-dimension']['install_dir']: { - 'rev': node.metadata.get('matrix-dimension', {}).get('version', 'master'), # doesn't have releases yet + 'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet 'repo': 'https://github.com/turt2live/matrix-dimension.git', 'triggers': { 'action:matrix_dimension_build', }, 'needs': { - 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), - 'directory:{}'.format(node.metadata['matrix-dimension']['data_dir']), + 'directory:{}'.format(node.metadatai.get('matrix-dimension/install_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir'), }, }, } files = { - '{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']): { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'): { 'owner': 'matrix-dimension', 'group': 'matrix-dimension', 'content_type': 'mako', @@ -32,7 +32,7 @@ files = { }, 'needs': { 'action:element-web_yarn', - 'directory:{}'.format(node.metadata['matrix-dimension']['install_dir']), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir'), }, 'triggers': { 'svc_systemd:matrix-dimension:restart', @@ -52,7 +52,7 @@ files = { actions = { 'matrix_dimension_build': { - 'command': 'cd ' + node.metadata['matrix-dimension']['install_dir'] + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', + 'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build', 'needs': { 'pkg_apt:nodejs', }, @@ -67,7 +67,7 @@ svc_systemd = { 'matrix-dimension': { 'needs': { 'action:matrix_dimension_build', - 'file:{}/config/production.yaml'.format(node.metadata['matrix-dimension']['install_dir']), + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', }, From baad1ad24debfa9c8612a5821e621dec359c07d8 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:17:12 +0200 Subject: [PATCH 56/58] bw/matrix-dimension remove unneeded metadata --- bundles/matrix-dimension/metadata.py | 1 - 1 file changed, 1 deletion(-) diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index ddcdbd0..524e291 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -42,7 +42,6 @@ def nginx_config(metadata): 'vhosts': { 'matrix-dimension': { 'domain': metadata.get('matrix-dimension/url'), - 'webroot': '/var/www/{}/webapp/'.format(metadata.get('matrix-dimension/url')), 'do_not_set_content_security_headers': True, 'max_body_size': '50M', 'locations': { From 8a89fefac979604128ae0f75d94d0f3817b84e12 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Sun, 4 Jul 2021 21:32:10 +0200 Subject: [PATCH 57/58] bw/matrix-dimension repair syntax errors --- bundles/matrix-dimension/items.py | 11 +++++------ bundles/matrix-dimension/metadata.py | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bundles/matrix-dimension/items.py b/bundles/matrix-dimension/items.py index 5fbb7d6..a8a9a5c 100644 --- a/bundles/matrix-dimension/items.py +++ b/bundles/matrix-dimension/items.py @@ -16,14 +16,14 @@ git_deploy = { 'action:matrix_dimension_build', }, 'needs': { - 'directory:{}'.format(node.metadatai.get('matrix-dimension/install_dir'), - 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), + 'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')), }, }, } files = { - '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'): { + '{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): { 'owner': 'matrix-dimension', 'group': 'matrix-dimension', 'content_type': 'mako', @@ -31,8 +31,7 @@ files = { 'config': node.metadata.get('matrix-dimension', {}), }, 'needs': { - 'action:element-web_yarn', - 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir'), + 'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')), }, 'triggers': { 'svc_systemd:matrix-dimension:restart', @@ -67,7 +66,7 @@ svc_systemd = { 'matrix-dimension': { 'needs': { 'action:matrix_dimension_build', - 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir'), + 'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')), 'postgres_db:matrix-dimension', 'postgres_role:matrix-dimension', }, diff --git a/bundles/matrix-dimension/metadata.py b/bundles/matrix-dimension/metadata.py index 524e291..2d41180 100644 --- a/bundles/matrix-dimension/metadata.py +++ b/bundles/matrix-dimension/metadata.py @@ -46,7 +46,7 @@ def nginx_config(metadata): 'max_body_size': '50M', 'locations': { '/': { - 'target': 'http://127.0.0.1:8184', + 'target': 'http://127.0.0.1:20030', }, }, }, From bce70561c252020aa90835677a078578a11a5b15 Mon Sep 17 00:00:00 2001 From: Sophie Schiller Date: Mon, 5 Jul 2021 19:57:44 +0200 Subject: [PATCH 58/58] bw/htz-cloud.miniserver bump element-web version --- nodes/htz-cloud/miniserver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index cb2ec71..f28568c 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -59,7 +59,7 @@ nodes['htz-cloud.miniserver'] = { }, 'element-web': { 'url': 'chat.sophies-kitchen.eu', - 'version': 'v1.7.31', + 'version': 'v1.7.32', 'config': { 'default_server_config': { 'm.homeserver': {