kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Compare commits

base: kunsi:a51aad6a53fe90a8ffcb83effc9267ca61612547
Branches Tags
kunsi:main
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer
...
compare: kunsi:bce70561c252020aa90835677a078578a11a5b15
Branches Tags
kunsi:main
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer

42 commits
a51aad6a53 ... bce70561c2

Author SHA1 Message Date
Sophie Schiller
bce70561c2 bw/htz-cloud.miniserver bump element-web version
All checks were successful
kunsi/bundlewrap/pipeline/pr-main This commit looks good
Details
kunsi/bundlewrap/pipeline/head This commit looks good
Details
2021-07-11 16:29:15 +02:00
Sophie Schiller
8a89fefac9 bw/matrix-dimension repair syntax errors 2021-07-11 16:29:15 +02:00
Sophie Schiller
baad1ad24d bw/matrix-dimension remove unneeded metadata 2021-07-11 16:29:15 +02:00
Sophie Schiller
2ec5fe408a bw/matrix-dimension get all the things 2021-07-11 16:29:15 +02:00
Sophie Schiller
05f7d912b0 bw/matrix-dimension disable logfile 2021-07-11 16:29:15 +02:00
Sophie Schiller
19e331fe07 bw/matrix-dimension switch to generic vhost name 2021-07-11 16:29:15 +02:00
Sophie Schiller
7d5b26f66c bw/matrix-dimension enable process monitoring 2021-07-11 16:29:15 +02:00
Sophie Schiller
71e5a828d4 bw/matrix-dimensions fix typos 2021-07-11 16:29:15 +02:00
Sophie Schiller
65849daa75 bw/matrix-dimension switch listening port 2021-07-11 16:29:15 +02:00
Sophie Schiller
ad7582e38a bw/matrix-dimension switch to dedicated user 2021-07-11 16:29:15 +02:00
Sophie Schiller
3bcda42a77 bw/htz-cloud.miniserver cleanup extras 2021-07-11 16:29:15 +02:00
Sophie Schiller
459a08a7a5 bw/matrix-dimension witespaaaaaaaace 2021-07-11 16:29:15 +02:00
Sophie Schiller
b1473a0940 bundle/matrix-dimension enable backups 2021-07-11 16:29:15 +02:00
Sophie Schiller
e3db16bc62 bw/htz-cloud.miniserver set differend recursors 2021-07-11 16:29:15 +02:00
Sophie Schiller
4d65d48478 bw/bundle matrix-dimension this might actually work 2021-07-11 16:29:15 +02:00
Sophie Schiller
801b21a35c bw/bundle matrix-dimension add first draft 2021-07-11 16:29:15 +02:00
Franziska Kunsmann
a210ada211
README: jenkins has moved
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
Details
2021-07-11 15:58:26 +02:00
Franziska Kunsmann
72f148425a
bundles/jenkins-ci: add ssh keys and config
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-11 15:47:45 +02:00
Franziska Kunsmann
0a14d46cf2
bundles/jenkins: add zfs dataset 2021-07-11 15:29:42 +02:00
Franziska Kunsmann
3871893c9b
move jenkins to rx300 2021-07-11 15:24:08 +02:00
Franziska Kunsmann
8da40eab67
nodes/rx300: add php 8.0 2021-07-11 15:23:49 +02:00
Franziska Kunsmann
a66d9c5765
bundles/mx-puppet-discord: add (Discord) to room and user names
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-11 12:29:05 +02:00
Franziska Kunsmann
7fef4d7a00
nodes/aurto: add n0emis ssh keys
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-10 21:57:04 +02:00
Franziska Kunsmann
b193971625
bundles/postfix: fix some needed files not being present in chroot on arch
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-10 16:16:56 +02:00
Franziska Kunsmann
8f4db6f2ba
bundles/postfix: install pkg_pacman:s-nail 2021-07-10 15:59:03 +02:00
Franziska Kunsmann
fe5b7b7335
nodes/htz-cloud.pirmasens: add bundle:check-mail-received 2021-07-10 15:54:02 +02:00
Franziska Kunsmann
3351767d56
add bundle:check-mail-received
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-10 14:22:19 +02:00
Franziska Kunsmann
76b859c629
libs.faults: add ensure_fault_or_none() and join_faults() 2021-07-10 14:21:56 +02:00
Franziska Kunsmann
5781869f03
nodes/{aurto,rx300}: send a daily test message to a t-online address to keep our "reputation"
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-10 13:04:08 +02:00
Franziska Kunsmann
6c9809b165
bundles/grafana: add guest cpu time to cpu graph
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-10 10:05:26 +02:00
Franziska Kunsmann
b17ce5f905
nodes/htz.ex42: fix git.kunsmann.eu redirect url 2021-07-09 18:21:01 +02:00
Franziska Kunsmann
1e026c1769
nodes/rx300: update gitea to 1.14.4
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-09 18:19:15 +02:00
Franziska Kunsmann
6a4b24c0f2
fix git urls in repo
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-09 17:27:12 +02:00
Franziska Kunsmann
1f25d0052e
add legacy redirect for git.kunsmann.eu 2021-07-09 17:26:54 +02:00
Franziska Kunsmann
d0bdcacc94
nodes/rx300: install correct dependencies for franzi.business deployment
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Details
2021-07-09 16:38:26 +02:00
Franziska Kunsmann
1927837205
bundles/gitea: add /var/lib/gitea to backups 2021-07-09 16:22:37 +02:00
Franziska Kunsmann
9bf0b8a0b0
bundles/gitea: use zfs datasets for all data 2021-07-09 16:22:10 +02:00
Franziska Kunsmann
82dd354f92
bundles/gitea: fix permissions for /home/git/.ssh 2021-07-09 16:15:38 +02:00
Franziska Kunsmann
bd77f8da93
move franzi.business to rx300 2021-07-09 16:11:53 +02:00
Franziska Kunsmann
c2cb5a2546
move gitea to rx300 2021-07-09 15:57:39 +02:00
Franziska Kunsmann
95c5e0b6ea
bundles/gitea: use generic vhost name 2021-07-09 15:55:31 +02:00
Franziska Kunsmann
4a30aeaab6
nodes/htz.ex42-1048908: fix matrix server wellknown stuff
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-05 20:05:47 +02:00
37 changed files with 870 additions and 102 deletions
Show stats Expand all files Collapse all files

2
PORT_MAP.md
View file

@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
| 6667 | | bitlbee | | 6667 | | bitlbee |
| 8010 | | matrix-media-repo | | 8010 | | matrix-media-repo |
| 8086 | influxdb2 | influx | | 8086 | influxdb2 | influx |
| 8184 | | matrix-dimension |
| 11332-11334 | rspamd | rspamd | | 11332-11334 | rspamd | rspamd |
| 20000 | mx-puppet-discord | Bridge | | 20000 | mx-puppet-discord | Bridge |
| 20010 | mautrix-telegram | Bridge | | 20010 | mautrix-telegram | Bridge |
| 20020 | mautrix-whatsapp | Bridge | | 20020 | mautrix-whatsapp | Bridge |
| 20030 | matrix-dimension | Matrix Integrations Manager|
| 20080 | matrix-synapse | client, federation | | 20080 | matrix-synapse | client, federation |
| 20081 | matrix-synapse | prometheus metrics | | 20081 | matrix-synapse | prometheus metrics |
| 20090 | matrix-media-repo | media_repo | | 20090 | matrix-media-repo | media_repo |

2
README.md
View file

@ -6,4 +6,4 @@ May also include some dummy nodes, for example for deploying websites
onto shared webhosting. onto shared webhosting.
`bw test` runs according to Jenkinsfile after every commit. `bw test` runs according to Jenkinsfile after every commit.
[![Build Status](https://jenkins.kunsmann.eu/buildStatus/icon?job=bundlewrap%2Fmain)](https://jenkins.kunsmann.eu/job/bundlewrap/job/main/) [![Build Status](https://jenkins.franzi.business/buildStatus/icon?job=kunsi%2Fbundlewrap%2Fmain)](https://jenkins.franzi.business/job/kunsi/job/bundlewrap/job/main/)

70
bundles/check-mail-received/files/check_imap_for_mail_from Normal file
View file

@ -0,0 +1,70 @@
#!/usr/bin/env python3
from imaplib import IMAP4_SSL
from subprocess import check_output
from sys import argv, exit
from time import time
if len(argv) < 5:
print('Usage: {} <imap host> <username> <password> <message sender>'.format(argv[0]))
exit(3)
NOW = time()
try:
imap = IMAP4_SSL(argv[1])
imap.login(argv[2], argv[3])
imap.select('Inbox')
_, data = imap.search(None, 'ALL')
something_found = False
for item in data:
for index in item.split():
received_in_this_mail = None
from_in_this_mail = False
try:
message = imap.fetch(index, '(RFC822)')
message_text = bytearray()
for part in message[1][0]:
message_text.extend(part)
message_text = message_text.decode().splitlines()
for line in message_text:
lline = line.strip().lower()
if lline.startswith('from:') and argv[4].lower() in line:
from_in_this_mail = True
if lline.startswith('date:'):
date = line.strip()[5:].strip()
unixtime = int(check_output([
'date',
'--date={}'.format(date),
'+%s',
]).decode().strip())
if unixtime > (NOW-(60*60*25)):
received_in_this_mail = date
if received_in_this_mail and from_in_this_mail:
print('Found message from "{}" sent at "{}"'.format(argv[4], received_in_this_mail))
received_in_this_mail = None
from_in_this_mail = False
something_found = True
except:
pass
if something_found:
# there should be output above
exit(0)
print('No Mails found')
exit(2)
except Exception as e:
print(repr(e))
exit(3)

5
bundles/check-mail-received/items.py Normal file
View file

@ -0,0 +1,5 @@
files = {
'/usr/local/share/icinga/plugins/check_imap_for_mail_from': {
'mode': '0755',
},
}

41
bundles/check-mail-received/metadata.py Normal file
View file

@ -0,0 +1,41 @@
@metadata_reactor.provides(
'cron/check-mail-received',
'icinga2_api/check-mail-received/services',
)
def process_metadata(metadata):
cron = set()
services = {}
my_mail_address = 'root@{}'.format(metadata.get('hostname'))
for name, config in metadata.get('check-mail-received', {}).items():
cron.add('{minute} {hour} * * * root date | mail -s "daily test mail from {node}" -r {source} {target}'.format(
minute=node.magic_number%60,
hour=node.magic_number%24,
node=node.name,
source=my_mail_address,
target=config['email'],
))
services[f'MAIL RECEIVED ON {name}'] = {
'command_on_monitored_host': repo.libs.faults.join_faults([
'/usr/local/share/icinga/plugins/check_imap_for_mail_from',
config['imap_host'],
config.get('imap_user', config['email']),
config['imap_pass'],
my_mail_address,
]),
'check_interval': '15m',
'retry_interval': '5m',
}
return {
'cron': {
'check-mail-received': '\n'.join(sorted(cron)),
},
'icinga2_api': {
'check-mail-received': {
'services': services,
},
},
}

5
bundles/gitea/items.py
View file

@ -21,6 +21,11 @@ directories = {
'owner': 'git', 'owner': 'git',
'group': 'git', 'group': 'git',
}, },
'/home/git/.ssh': {
'mode': '0755',
'owner': 'git',
'group': 'git',
},
'/var/lib/gitea': { '/var/lib/gitea': {
'owner': 'git', 'owner': 'git',
'mode': '0700', 'mode': '0700',

21
bundles/gitea/metadata.py
View file

@ -2,6 +2,7 @@ defaults = {
'backups': { 'backups': {
'paths': { 'paths': {
'/home/git', '/home/git',
'/var/lib/gitea',
}, },
}, },
'gitea': { 'gitea': {
@ -44,6 +45,23 @@ defaults = {
}, },
}, },
}, },
'zfs': {
'datasets': {
'tank/gitea': {},
'tank/gitea/home': {
'mountpoint': '/home/git',
'needed_by': {
'directory:/home/git',
},
},
'tank/gitea/var': {
'mountpoint': '/var/lib/gitea',
'needed_by': {
'directory:/var/lib/gitea',
},
},
},
},
} }
@ -57,7 +75,8 @@ def nginx(metadata):
return { return {
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
metadata.get('gitea/domain'): { 'gitea': {
'domain': metadata.get('gitea/domain'),
'locations': { 'locations': {
'/': { '/': {
'target': 'http://127.0.0.1:22000', 'target': 'http://127.0.0.1:22000',

2
bundles/grafana/dashboard-rows/cpu.py
View file

@ -9,6 +9,8 @@ def dashboard_row_cpu(panel_id, node):
'iowait', 'iowait',
'nice', 'nice',
'softirq', 'softirq',
'guest',
'guest_nice',
]: ]:
queries_cpu.append({ queries_cpu.append({
'groupBy': [ 'groupBy': [

3
bundles/jenkins-ci/files/ssh-config Normal file
View file

@ -0,0 +1,3 @@
Host *
UserKnownHostsFile /dev/null
StrictHostKeyChecking no

27
bundles/jenkins-ci/items.py
View file

@ -1,14 +1,41 @@
directories = {
'/var/lib/jenkins': {
'owner': 'jenkins',
'group': 'jenkins',
'needs': {
'pkg_apt:jenkins',
},
},
'/var/lib/jenkins/.ssh': {
'mode': '0755',
'owner': 'git',
'group': 'git',
},
}
files = { files = {
'/etc/default/jenkins': { '/etc/default/jenkins': {
'triggers': { 'triggers': {
'svc_systemd:jenkins:restart', 'svc_systemd:jenkins:restart',
}, },
}, },
'/var/lib/jenkins/.ssh/config': {
'source': 'ssh-config',
},
} }
if node.metadata.get('jenkins-ci/install_ssh_key', False):
files['/var/lib/jenkins/.ssh/id_ed25519'] = {
'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'),
'mode': '0600',
'owner': 'jenkins',
'group': 'jenkins',
}
svc_systemd = { svc_systemd = {
'jenkins': { 'jenkins': {
'needs': { 'needs': {
'directory:/var/lib/jenkins',
'pkg_apt:jenkins', 'pkg_apt:jenkins',
}, },
}, },

10
bundles/jenkins-ci/metadata.py
View file

@ -21,4 +21,14 @@ defaults = {
'/var/lib/jenkins', '/var/lib/jenkins',
}, },
}, },
'zfs': {
'datasets': {
'tank/jenkins': {
'mountpoint': '/var/lib/jenkins',
'needed_by': {
'pkg_apt:jenkins',
},
},
},
},
} }

14
bundles/matrix-dimension/files/matrix-dimension.service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Matrix Dimension
After=network.target
[Service]
User=matrix-dimension
Group=matrix-dimension
Environment="NODE_ENV=production"
ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js
WorkingDirectory=${config['install_dir']}
Restart=on-failure
[Install]
WantedBy=multi-user.target

93
bundles/matrix-dimension/files/production.yaml Normal file
View file

@ -0,0 +1,93 @@
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 20030
address: '127.0.0.1'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "${config['homeserver']['name']}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "${config['homeserver']['clientServerUrl']}"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
#federationUrl: "https://t2bot.io:8448"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
#mediaUrl: "https://t2bot.io"
# The access token Dimension should use for miscellaneous access to the homeserver, and
# for tracking custom sticker pack updates. This should be a user configured on the homeserver
# and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
# information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "${config['homeserver']['accessToken']}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins:
% for i in config['admins']:
- "${i}"
% endfor
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
database:
# Where the database for Dimension is
uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
# Where to store misc information for the utility bot account.
botData: "${config['data_dir']}/dimension.bot.json"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for interacting with Telegram. Currently only applies for importing
# sticker packs from Telegram.
telegram:
# Talk to @BotFather on Telegram to get a token
botToken: "${config['telegram']['botToken']}"
# Custom sticker pack options.
# Largely based on https://github.com/turt2live/matrix-sticker-manager
stickers:
# Whether or not to allow people to add custom sticker packs
enabled: true
# The sticker manager bot to promote
stickerBot: "@stickers:t2bot.io"
# The sticker manager URL to promote
managerUrl: "https://stickers.t2bot.io"
# Settings for controlling how logging works
logging:
console: true
consoleLevel: info

74
bundles/matrix-dimension/items.py Normal file
View file

@ -0,0 +1,74 @@
repo.libs.tools.require_bundle(node, 'nodejs')
directories = {
node.metadata['matrix-dimension']['install_dir']: {
'owner': 'matrix-dimension',
'group': 'matrix-dimension',
},
}
git_deploy = {
node.metadata['matrix-dimension']['install_dir']: {
'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet
'repo': 'https://github.com/turt2live/matrix-dimension.git',
'triggers': {
'action:matrix_dimension_build',
},
'needs': {
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')),
},
},
}
files = {
'{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): {
'owner': 'matrix-dimension',
'group': 'matrix-dimension',
'content_type': 'mako',
'context': {
'config': node.metadata.get('matrix-dimension', {}),
},
'needs': {
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
},
'triggers': {
'svc_systemd:matrix-dimension:restart',
},
},
'/etc/systemd/system/matrix-dimension.service': {
'content_type': 'mako',
'context': {
'config': node.metadata.get('matrix-dimension', {}),
},
'triggers': {
'action:systemd-reload',
'svc_systemd:matrix-dimension:restart',
},
},
}
actions = {
'matrix_dimension_build': {
'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build',
'needs': {
'pkg_apt:nodejs',
},
'triggered': True,
'triggers': {
'svc_systemd:matrix-dimension:restart',
},
},
}
svc_systemd = {
'matrix-dimension': {
'needs': {
'action:matrix_dimension_build',
'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')),
'postgres_db:matrix-dimension',
'postgres_role:matrix-dimension',
},
},
}

77
bundles/matrix-dimension/metadata.py Normal file
View file

@ -0,0 +1,77 @@
defaults = {
'backups': {
'paths': {
'/opt/matrix-dimension',
'/var/opt/matrix-dimension',
},
},
'matrix-dimension': {
'install_dir': '/opt/matrix-dimension',
'data_dir': '/var/opt/matrix-dimension',
'database': {
'user': 'matrix-dimension',
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
'database': 'matrix-dimension',
},
},
'postgresql': {
'roles': {
'matrix-dimension': {
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
},
},
'databases': {
'matrix-dimension': {
'owner': 'matrix-dimension',
},
},
},
'users': {
'matrix-dimension': {
'home': '/var/opt/matrix-dimension',
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/matrix-dimension',
)
def nginx_config(metadata):
return {
'nginx': {
'vhosts': {
'matrix-dimension': {
'domain': metadata.get('matrix-dimension/url'),
'do_not_set_content_security_headers': True,
'max_body_size': '50M',
'locations': {
'/': {
'target': 'http://127.0.0.1:20030',
},
},
},
},
},
}
@metadata_reactor.provides(
'icinga2_api/matrix-dimension/services',
)
def icinga_check_for_new_release(metadata):
return {
'icinga2_api': {
'matrix-dimension': {
'services': {
'MATRIX-DIMENSION UPDATE': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
'vars.notification.mail': True,
'check_interval': '60m',
},
'MATRIX-DIMENSION PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:',
},
},
},
},
}

6
bundles/mx-puppet-discord/files/config.yaml
View file

@ -16,6 +16,12 @@ provisioning:
- "${regex}" - "${regex}"
% endfor % endfor
namePatterns:
user: ":name (Discord)"
userOverride: ":displayname (Discord)"
room: "#:name (Discord - :guild)"
group: ":name"
database: database:
connString: "postgres://${node.metadata['mx-puppet-discord']['database']['user']}:${node.metadata['mx-puppet-discord']['database']['password']}@${node.metadata['mx-puppet-discord']['database'].get('host', 'localhost')}/${node.metadata['mx-puppet-discord']['database']['database']}?sslmode=disable" connString: "postgres://${node.metadata['mx-puppet-discord']['database']['user']}:${node.metadata['mx-puppet-discord']['database']['password']}@${node.metadata['mx-puppet-discord']['database'].get('host', 'localhost')}/${node.metadata['mx-puppet-discord']['database']['database']}?sslmode=disable"

23
bundles/php/files/8.0/fpm.conf Normal file
View file

@ -0,0 +1,23 @@
[global]
pid=/run/php/php8.0-fpm.pid
; We're using journal, put logs there
error_log=/var/log/php8.0-fpm.log
daemonize=yes
; The one and only worker pool we have
[www]
user=www-data
group=www-data
listen=/run/php/php8.0-fpm.sock
listen.owner=www-data
listen.group=www-data
listen.mode=0600
; Process Manager Settings
pm=dynamic
pm.max_children=${num_cpus*4}
pm.start_servers=${num_cpus}
pm.max_spare_servers=${num_cpus*2}
pm.min_spare_servers=${num_cpus}
pm.process_idle_timeout=30s
pm.max_requests=1024

99
bundles/php/files/8.0/php.ini Normal file
View file

@ -0,0 +1,99 @@
[PHP]
; Only needed for libapache2-mod-php?
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals
ignore_user_abort = Off
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
html_errors = On
error_log = syslog
syslog.ident = php7.4
syslog.filter = ascii
arg_separator.output = "&amp;"
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = ${post_max_size}M
default_mimetype = "text/html"
default_charset = "UTF-8"
enable_dl = Off
file_uploads = On
upload_max_filesize = ${post_max_size}M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 10
[CLI Server]
cli_server.color = On
[mail function]
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 32
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 6
[Assertion]
zend.assertions = -1

6
bundles/postfix/files/arch-override.conf Normal file
View file

@ -0,0 +1,6 @@
[Service]
# arch postfix is not set up for chrooting by default
ExecStartPre=-/usr/sbin/mkdir -p /var/spool/postfix/etc
% for file in ['/etc/localtime', '/etc/nsswitch.conf', '/etc/resolv.conf', '/etc/services']:
ExecStartPre=-/usr/sbin/cp -p ${file} /var/spool/postfix${file}
% endfor

12
bundles/postfix/items.py
View file

@ -21,7 +21,7 @@ for identifier in node.metadata.get('postfix/mynetworks', set()):
netmask = '128' netmask = '128'
mynetworks.add(f'[{ip6}]/{netmask}') mynetworks.add(f'[{ip6}]/{netmask}')
my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix' my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix'
files = { files = {
'/etc/mailname': { '/etc/mailname': {
@ -86,3 +86,13 @@ svc_systemd = {
}, },
}, },
} }
if node.os == 'arch':
files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = {
'source': 'arch-override.conf',
'content_type': 'mako',
'triggers': {
'action:systemd-reload',
'svc_systemd:postfix:restart',
},
}

1
bundles/postfix/metadata.py
View file

@ -25,6 +25,7 @@ defaults = {
'pacman': { 'pacman': {
'packages': { 'packages': {
'postfix': {}, 'postfix': {},
's-nail': {},
}, },
}, },
} }

2
bundles/simple-icinga-dashboard/items.py
View file

@ -34,7 +34,7 @@ directories = {
git_deploy = { git_deploy = {
'/opt/simple-icinga-dashboard/src': { '/opt/simple-icinga-dashboard/src': {
'repo': 'https://git.kunsmann.eu/sophie/simple-icinga-dashboard.git', 'repo': 'https://git.franzi.business/sophie/simple-icinga-dashboard.git',
'rev': 'main', 'rev': 'main',
'triggers': { 'triggers': {
'action:simple-icinga-dashboard_install_requirements', 'action:simple-icinga-dashboard_install_requirements',

0
data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault → data/gitea/files/ssh-keys/rx300.key.vault
View file

0
data/gitea/files/ssh-keys/htz.ex42-1048908.pub → data/gitea/files/ssh-keys/rx300.pub
View file

1
data/jenkins-ci/files/ssh-keys/rx300.key.vault Normal file
View file

@ -0,0 +1 @@
encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE

1
data/jenkins-ci/files/ssh-keys/rx300.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH

6
data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu
View file

@ -1,6 +0,0 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
location /.well-known/matrix/ {
alias /etc/matrix-synapse/wellknown/;
add_header Access-Control-Allow-Origin *;
}

1
data/nginx/files/extras/htz-cloud.miniserver/matrix-dimension Normal file
View file

@ -0,0 +1 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";

9
data/powerdns/files/bind-zones/franzi.business
View file

@ -2,8 +2,9 @@ ${header}
$ORIGIN franzi.business. $ORIGIN franzi.business.
@ IN A 94.130.52.224 ; ends up on rx300.kunbox.net
IN AAAA 2a01:4f8:10b:2a5f::2 @ IN A 31.47.232.106
IN AAAA 2a00:f820:528::2
IN MX 10 mx0.kunbox.net. IN MX 10 mx0.kunbox.net.
IN TXT "v=spf1 mx ~all" IN TXT "v=spf1 mx ~all"
@ -13,6 +14,9 @@ chat IN AAAA 2a01:4f8:10b:2a5f::2
dimension IN A 94.130.52.224 dimension IN A 94.130.52.224
dimension IN AAAA 2a01:4f8:10b:2a5f::2 dimension IN AAAA 2a01:4f8:10b:2a5f::2
git IN CNAME rx300.kunbox.net.
jenkins IN CNAME rx300.kunbox.net.
matrix IN A 94.130.52.224 matrix IN A 94.130.52.224
matrix IN AAAA 2a01:4f8:10b:2a5f::2 matrix IN AAAA 2a01:4f8:10b:2a5f::2
@ -24,7 +28,6 @@ sewfile IN CNAME sewfile.htz-cloud.kunbox.net.
rss IN CNAME rx300.kunbox.net. rss IN CNAME rx300.kunbox.net.
status IN CNAME icinga2.ovh.kunbox.net. status IN CNAME icinga2.ovh.kunbox.net.
travelynx IN CNAME rx300.kunbox.net. travelynx IN CNAME rx300.kunbox.net.
unicornsden IN CNAME rx300.kunbox.net. unicornsden IN CNAME rx300.kunbox.net.

10
data/powerdns/files/bind-zones/kunsmann.eu
View file

@ -10,17 +10,11 @@ $ORIGIN kunsmann.eu.
dav IN A 94.130.52.224 dav IN A 94.130.52.224
dav IN AAAA 2a01:4f8:10b:2a5f::2 dav IN AAAA 2a01:4f8:10b:2a5f::2
git IN A 94.130.52.224
git IN AAAA 2a01:4f8:10b:2a5f::2
grafana IN CNAME influxdb.htz-cloud.kunbox.net. grafana IN CNAME influxdb.htz-cloud.kunbox.net.
icinga IN CNAME icinga2.ovh.kunbox.net. icinga IN CNAME icinga2.ovh.kunbox.net.
influxdb IN CNAME influxdb.htz-cloud.kunbox.net. influxdb IN CNAME influxdb.htz-cloud.kunbox.net.
statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net. statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net.
jenkins IN A 94.130.52.224
jenkins IN AAAA 2a01:4f8:10b:2a5f::2
mta-sts IN A 94.130.52.224 mta-sts IN A 94.130.52.224
mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 mta-sts IN AAAA 2a01:4f8:10b:2a5f::2
@ -29,8 +23,8 @@ luther-ps IN CNAME luther.htz-cloud.kunbox.net.
paste IN A 94.130.52.224 paste IN A 94.130.52.224
paste IN AAAA 2a01:4f8:10b:2a5f::2 paste IN AAAA 2a01:4f8:10b:2a5f::2
rss IN A 94.130.52.224 ; legacy, for redirect
rss IN AAAA 2a01:4f8:10b:2a5f::2 git IN CNAME ex42-1048908.htz.kunbox.net.
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
_mta-sts IN TXT "v=STSv1;id=20201111;" _mta-sts IN TXT "v=STSv1;id=20201111;"

2
data/travelynx/files/imprint/rx300
View file

@ -9,7 +9,7 @@
<div class="col s12"> <div class="col s12">
<h1>Datenschutz</h1> <h1>Datenschutz</h1>
<h2>Logdateien des Webservers</h2> <h2>Logdateien des Webservers</h2>
<p>Der Webserver fertigt keine Logdateien an. Interessierte können sich <a href="https://git.kunsmann.eu/kunsi/bundlewrap/src/branch/main/bundles/nginx/files/site_template">in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen</a>.</p> <p>Der Webserver fertigt keine Logdateien an. Interessierte können sich <a href="https://git.franzi.business/kunsi/bundlewrap/src/branch/main/bundles/nginx/files/site_template">in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen</a>.</p>
<h2>Account-spezifische Daten</h2> <h2>Account-spezifische Daten</h2>

33
libs/faults.py
View file

@ -1,6 +1,39 @@
from json import loads, dumps from json import loads, dumps
from bundlewrap.metadata import metadata_to_json from bundlewrap.metadata import metadata_to_json
from bundlewrap.utils import Fault
def resolve_faults(dictionary: dict) -> dict: def resolve_faults(dictionary: dict) -> dict:
return loads(metadata_to_json(dictionary)) return loads(metadata_to_json(dictionary))
def ensure_fault_or_none(maybe_fault):
if maybe_fault is None or isinstance(maybe_fault, Fault):
return maybe_fault
return Fault(maybe_fault, lambda f: f, f=maybe_fault)
def join_faults(faults, by=' '):
result = []
id_list = []
for item in faults:
result.append(ensure_fault_or_none(item))
if isinstance(item, Fault):
id_list += item.id_list
else:
id_list.append(item)
id_list += [
'joined_by',
by,
]
return Fault(
id_list,
lambda o: by.join([i.value for i in o]),
o=result,
)

11
nodes/aurto.py
View file

@ -2,6 +2,7 @@ nodes['aurto'] = {
'hostname': '31.47.232.107', 'hostname': '31.47.232.107',
'bundles': { 'bundles': {
'backup-client', 'backup-client',
'check-mail-received',
}, },
'groups': { 'groups': {
'arch', 'arch',
@ -18,6 +19,13 @@ nodes['aurto'] = {
'/var/cache/pacman/aurto', '/var/cache/pacman/aurto',
}, },
}, },
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'interfaces': { 'interfaces': {
'enp1s0': { 'enp1s0': {
'ips': { 'ips': {
@ -55,6 +63,9 @@ nodes['aurto'] = {
# kunsi # kunsi
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYst1HK+gJYhNxzqJGnz4iB73pa89Xz2yH+8wufOcsA', 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYst1HK+gJYhNxzqJGnz4iB73pa89Xz2yH+8wufOcsA',
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971', 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971',
# n0emis
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu',
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== simeon@noemis.me (OLD)',
}, },
}, },
'kunsi': { 'kunsi': {

45
nodes/htz-cloud/miniserver.py
View file

@ -4,6 +4,7 @@
nodes['htz-cloud.miniserver'] = { nodes['htz-cloud.miniserver'] = {
'bundles': { 'bundles': {
'element-web', 'element-web',
'matrix-dimension',
'matrix-media-repo', 'matrix-media-repo',
'matrix-synapse', 'matrix-synapse',
'nodejs', 'nodejs',
@ -58,7 +59,7 @@ nodes['htz-cloud.miniserver'] = {
}, },
'element-web': { 'element-web': {
'url': 'chat.sophies-kitchen.eu', 'url': 'chat.sophies-kitchen.eu',
'version': 'v1.7.31', 'version': 'v1.7.32',
'config': { 'config': {
'default_server_config': { 'default_server_config': {
'm.homeserver': { 'm.homeserver': {
@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = {
}, },
'brand': 'sophies-kitchen.eu', 'brand': 'sophies-kitchen.eu',
'showLabsSettings': True, 'showLabsSettings': True,
'integrations_ui_url': 'https://dimension.franzi.business/riot', 'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', 'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
'integrations_widgets_urls': { 'integrations_widgets_urls': {
'https://dimension.franzi.business/widgets' 'https://dimension.sophies-kitchen.eu/widgets'
}, },
'default_theme': 'dark', 'default_theme': 'dark',
'defaultCountryCode': 'DE', 'defaultCountryCode': 'DE',
@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = {
}, },
}, },
}, },
'matrix-dimension': {
'url': 'dimension.sophies-kitchen.eu',
'version': 'master', # doesn't have releases yet
'homeserver': {
'name': 'sophies-kitchen.eu',
'clientServerUrl': 'https://matrix.sophies-kitchen.eu',
'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
},
'admins': [
'@sophie:sophies-kitchen.eu',
],
'telegram': {
'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
},
},
'matrix-media-repo': { 'matrix-media-repo': {
'version': 'v1.2.8', 'version': 'v1.2.8',
'homeservers': { 'homeservers': {
@ -144,6 +160,14 @@ nodes['htz-cloud.miniserver'] = {
'bot_token': '""', 'bot_token': '""',
}, },
}, },
'nameservers': {
'213.133.98.98',
'213.133.99.99',
'213.133.100.100',
'2a01:4f8:0:1::add:1010',
'2a01:4f8:0:1::add:9999',
'2a01:4f8:0:1::add:9898',
},
'nftables': { 'nftables': {
'rules': { 'rules': {
'input': { 'input': {
@ -156,16 +180,9 @@ nodes['htz-cloud.miniserver'] = {
}, },
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
#'dimension.sophies-kitchen.eu': { 'matrix-dimension': {
# 'extras': True, 'extras': True,
# 'do_not_set_content_security_headers': True, },
# 'max_body_size': '50M',
# 'locations': {
# '/': {
# 'target': 'http://127.0.0.1:8184',
# },
# },
#},
'sophies-kitchen.eu': { 'sophies-kitchen.eu': {
'webroot': '/var/www/sophies-kitchen.eu/_site/', 'webroot': '/var/www/sophies-kitchen.eu/_site/',
'extras': True, 'extras': True,

8
nodes/htz-cloud/pirmasens.py
View file

@ -1,5 +1,6 @@
nodes['htz-cloud.pirmasens'] = { nodes['htz-cloud.pirmasens'] = {
'bundles': { 'bundles': {
'check-mail-received',
'dovecot', 'dovecot',
'php', 'php',
'postfixadmin', 'postfixadmin',
@ -23,6 +24,13 @@ nodes['htz-cloud.pirmasens'] = {
'gateway6': 'fe80::1', 'gateway6': 'fe80::1',
}, },
}, },
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'icinga_options': { 'icinga_options': {
'pretty_name': 'kunsmann.info', 'pretty_name': 'kunsmann.info',
}, },

134
nodes/htz/ex42-1048908.py
View file

@ -1,9 +1,10 @@
nodes['htz.ex42-1048908'] = { nodes['htz.ex42-1048908'] = {
'bundles': { 'bundles': {
'check-mail-received',
'dovecot', 'dovecot',
'element-web', 'element-web',
'gitea', # 'gitea',
'jenkins-ci', # 'jenkins-ci',
'lm-sensors', 'lm-sensors',
'matrix-media-repo', 'matrix-media-repo',
'matrix-synapse', 'matrix-synapse',
@ -86,8 +87,12 @@ nodes['htz.ex42-1048908'] = {
'/opt/matrix/matrix-dimension', '/opt/matrix/matrix-dimension',
}, },
}, },
'cron': { 'check-mail-received': {
'telekom_nervkram': vault.decrypt('encrypt$gAAAAABfqXi23M96wrSLhqlbhqgePYX06LjPXfyQU2y_07kqYYLztj_PhS1-dk4r5FiiL2Ofmx5iCKW1sZNqiQSuHj2uKaitH0GnwHqj5CI2JwkAS9HrFxw=').format_into('0 0 * * * root date | mail -s \'daily test mail \' -r postmaster@mx0.kunbox.net {}'), 't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
}, },
'element-web': { 'element-web': {
'url': 'chat.franzi.business', 'url': 'chat.franzi.business',
@ -113,27 +118,27 @@ nodes['htz.ex42-1048908'] = {
}, },
}, },
}, },
'gitea': { # 'gitea': {
'version': '1.14.3', # 'version': '1.14.3',
'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', # 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2',
'domain': 'git.kunsmann.eu', # 'domain': 'git.kunsmann.eu',
'email_domain_blocklist': { # 'email_domain_blocklist': {
'gmail.com', # 'gmail.com',
'yahoo.com', # 'yahoo.com',
'aol.com', # 'aol.com',
'comcast.net', # 'comcast.net',
'verizon.net', # 'verizon.net',
'hotmail.com', # 'hotmail.com',
'cox.net', # 'cox.net',
'msn.com', # 'msn.com',
}, # },
'enable_git_hooks': True, # 'enable_git_hooks': True,
'install_ssh_key': True, # 'install_ssh_key': True,
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), # 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), # 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), # 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), # 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
}, # },
'icinga_options': { 'icinga_options': {
'pretty_name': 'kunsmann.eu', 'pretty_name': 'kunsmann.eu',
}, },
@ -295,46 +300,53 @@ nodes['htz.ex42-1048908'] = {
}, },
}, },
}, },
'franzi.business': { # 'franzi.business': {
'webroot': '/var/www/franzi.business/_site/', # 'webroot': '/var/www/franzi.business/_site/',
'locations': { # 'locations': {
'/.well-known/matrix/client': { # '/.well-known/matrix/client': {
'return': json_dumps({ # 'return': json_dumps({
'm.homeserver': { # 'm.homeserver': {
'base_url': 'https://matrix.franzi.business', # 'base_url': 'https://matrix.franzi.business',
}, # },
'm.identity_server': { # 'm.identity_server': {
'base_url': 'https://matrix.org', # 'base_url': 'https://matrix.org',
}, # },
'im.vector.riot.jitsi': { # 'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net', # 'preferredDomain': 'meet.ffmuc.net',
}, # },
}, sort_keys=True), # }, sort_keys=True),
'additional_config': { # 'additional_config': {
'default_type application/json', # 'default_type application/json',
'add_header Access-Control-Allow-Origin *', # 'add_header Access-Control-Allow-Origin *',
}, # },
}, # },
'/.well-known/matrix/server': { # '/.well-known/matrix/server': {
'return': json_dumps({ # 'return': json_dumps({
'm.server': 'https://matrix.franzi.business', # 'm.server': 'matrix.franzi.business:443',
}, sort_keys=True), # }, sort_keys=True),
'additional_config': { # 'additional_config': {
'default_type application/json', # 'default_type application/json',
'add_header Access-Control-Allow-Origin *', # 'add_header Access-Control-Allow-Origin *',
}, # },
}, # },
}, # },
}, # },
'jenkins.kunsmann.eu': { 'git.kunsmann.eu': {
'locations': { 'locations': {
'/': { '/': {
'target': 'http://localhost:22010/', 'redirect': 'https://git.franzi.business$request_uri',
}, },
}, },
'website_check_path': '/login',
'website_check_string': 'Welcome to Jenkins',
}, },
# 'jenkins.kunsmann.eu': {
# 'locations': {
# '/': {
# 'target': 'http://localhost:22010/',
# },
# },
# 'website_check_path': '/login',
# 'website_check_string': 'Welcome to Jenkins',
# },
'kunbox.net': {}, 'kunbox.net': {},
'kunsmann.eu': { 'kunsmann.eu': {
'locations': { 'locations': {
@ -384,7 +396,7 @@ nodes['htz.ex42-1048908'] = {
}, },
'/.well-known/matrix/server': { '/.well-known/matrix/server': {
'return': json_dumps({ 'return': json_dumps({
'm.server': 'https://matrix.franzi.business', 'm.server': 'matrix.franzi.business:443',
}, sort_keys=True), }, sort_keys=True),
'additional_config': { 'additional_config': {
'default_type application/json', 'default_type application/json',

116
nodes/rx300.py
View file

@ -7,8 +7,12 @@
nodes['rx300'] = { nodes['rx300'] = {
'hostname': '31.47.232.106', 'hostname': '31.47.232.106',
'bundles': { 'bundles': {
'check-mail-received',
'gitea',
'jenkins-ci',
'lm-sensors', 'lm-sensors',
'miniflux', 'miniflux',
'php',
'postgresql', 'postgresql',
'smartd', 'smartd',
'travelynx', 'travelynx',
@ -33,6 +37,15 @@ nodes['rx300'] = {
'apt': { 'apt': {
'packages': { 'packages': {
'ipmitool': {}, 'ipmitool': {},
# for franzi.business deployment
'ruby': {},
'ruby-dev': {},
'ruby-bundler': {},
# more php
'php-imagick': {},
'php-yaml': {},
}, },
# XXX remove this once nginx.org has packages for debian bullseye # XXX remove this once nginx.org has packages for debian bullseye
'repos': { 'repos': {
@ -43,23 +56,105 @@ nodes['rx300'] = {
}, },
}, },
}, },
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'gitea': {
'version': '1.14.4',
'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0',
'domain': 'git.franzi.business',
'email_domain_blocklist': {
'gmail.com',
'yahoo.com',
'aol.com',
'comcast.net',
'verizon.net',
'hotmail.com',
'cox.net',
'msn.com',
},
'enable_git_hooks': True,
'install_ssh_key': True,
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'icinga_options': { 'icinga_options': {
'pretty_name': 'franzi.business', 'pretty_name': 'franzi.business',
}, },
'jenkins-ci': {
'install_ssh_key': True,
},
'miniflux': { 'miniflux': {
'domain': 'rss.franzi.business', 'domain': 'rss.franzi.business',
}, },
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
'miniflux': { 'gitea': {'ssl': '_.franzi.business'},
'miniflux': {'ssl': '_.franzi.business'},
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'ssl': '_.franzi.business', 'ssl': '_.franzi.business',
'locations': {
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'matrix.franzi.business:443',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
}, },
'unicornsden': { 'jenkins': {
'domain': 'jenkins.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'target': 'http://localhost:22010/',
},
},
'website_check_path': '/login',
'website_check_string': 'Welcome to Jenkins',
},
'unicornsden-redirect': {
'domain': 'unicornsden.franzi.business', 'domain': 'unicornsden.franzi.business',
'ssl': '_.franzi.business', 'ssl': '_.franzi.business',
'locations': {
'/': {
'redirect': 'https://map.unicornsden.com/',
},
},
},
'unicornsden': {
'domain': 'map.unicornsden.com',
'php': True,
'webroot_config': { 'webroot_config': {
'owner': 'kunsi', 'owner': 'jenkins',
'group': 'kunsi', 'group': 'jenkins',
'mode': '0755', 'mode': '0755',
}, },
}, },
@ -80,6 +175,19 @@ nodes['rx300'] = {
}, },
}, },
}, },
'php': {
'version': '8.0',
'packages': {
'gd',
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'postgresql': { 'postgresql': {
'version': '13', 'version': '13',
}, },