diff --git a/README.md b/README.md index c102b84..7608202 100644 --- a/README.md +++ b/README.md @@ -6,4 +6,4 @@ May also include some dummy nodes, for example for deploying websites onto shared webhosting. `bw test` runs according to Jenkinsfile after every commit. -[![Build Status](https://jenkins.franzi.business/buildStatus/icon?job=kunsi%2Fbundlewrap%2Fmain)](https://jenkins.franzi.business/job/kunsi/job/bundlewrap/job/main/) +[![Build Status](https://jenkins.kunsmann.eu/buildStatus/icon?job=bundlewrap%2Fmain)](https://jenkins.kunsmann.eu/job/bundlewrap/job/main/) diff --git a/bundles/check-mail-received/files/check_imap_for_mail_from b/bundles/check-mail-received/files/check_imap_for_mail_from deleted file mode 100644 index f8db136..0000000 --- a/bundles/check-mail-received/files/check_imap_for_mail_from +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env python3 - -from imaplib import IMAP4_SSL -from subprocess import check_output -from sys import argv, exit -from time import time - -if len(argv) < 5: - print('Usage: {} '.format(argv[0])) - exit(3) - -NOW = time() - -try: - imap = IMAP4_SSL(argv[1]) - imap.login(argv[2], argv[3]) - - imap.select('Inbox') - - _, data = imap.search(None, 'ALL') - - something_found = False - - for item in data: - for index in item.split(): - received_in_this_mail = None - from_in_this_mail = False - - try: - message = imap.fetch(index, '(RFC822)') - - message_text = bytearray() - for part in message[1][0]: - message_text.extend(part) - message_text = message_text.decode().splitlines() - - for line in message_text: - lline = line.strip().lower() - - if lline.startswith('from:') and argv[4].lower() in line: - from_in_this_mail = True - - if lline.startswith('date:'): - date = line.strip()[5:].strip() - unixtime = int(check_output([ - 'date', - '--date={}'.format(date), - '+%s', - ]).decode().strip()) - - if unixtime > (NOW-(60*60*25)): - received_in_this_mail = date - - if received_in_this_mail and from_in_this_mail: - print('Found message from "{}" sent at "{}"'.format(argv[4], received_in_this_mail)) - received_in_this_mail = None - from_in_this_mail = False - something_found = True - except: - pass - - if something_found: - # there should be output above - exit(0) - - print('No Mails found') - exit(2) -except Exception as e: - print(repr(e)) - exit(3) diff --git a/bundles/check-mail-received/items.py b/bundles/check-mail-received/items.py deleted file mode 100644 index ed76f80..0000000 --- a/bundles/check-mail-received/items.py +++ /dev/null @@ -1,5 +0,0 @@ -files = { - '/usr/local/share/icinga/plugins/check_imap_for_mail_from': { - 'mode': '0755', - }, -} diff --git a/bundles/check-mail-received/metadata.py b/bundles/check-mail-received/metadata.py deleted file mode 100644 index 0eb666d..0000000 --- a/bundles/check-mail-received/metadata.py +++ /dev/null @@ -1,41 +0,0 @@ -@metadata_reactor.provides( - 'cron/check-mail-received', - 'icinga2_api/check-mail-received/services', -) -def process_metadata(metadata): - cron = set() - services = {} - - my_mail_address = 'root@{}'.format(metadata.get('hostname')) - - for name, config in metadata.get('check-mail-received', {}).items(): - cron.add('{minute} {hour} * * * root date | mail -s "daily test mail from {node}" -r {source} {target}'.format( - minute=node.magic_number%60, - hour=node.magic_number%24, - node=node.name, - source=my_mail_address, - target=config['email'], - )) - - services[f'MAIL RECEIVED ON {name}'] = { - 'command_on_monitored_host': repo.libs.faults.join_faults([ - '/usr/local/share/icinga/plugins/check_imap_for_mail_from', - config['imap_host'], - config.get('imap_user', config['email']), - config['imap_pass'], - my_mail_address, - ]), - 'check_interval': '15m', - 'retry_interval': '5m', - } - - return { - 'cron': { - 'check-mail-received': '\n'.join(sorted(cron)), - }, - 'icinga2_api': { - 'check-mail-received': { - 'services': services, - }, - }, - } diff --git a/bundles/gitea/items.py b/bundles/gitea/items.py index faf3578..f24768f 100644 --- a/bundles/gitea/items.py +++ b/bundles/gitea/items.py @@ -21,11 +21,6 @@ directories = { 'owner': 'git', 'group': 'git', }, - '/home/git/.ssh': { - 'mode': '0755', - 'owner': 'git', - 'group': 'git', - }, '/var/lib/gitea': { 'owner': 'git', 'mode': '0700', diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index 26eebac..e18b9fd 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -2,7 +2,6 @@ defaults = { 'backups': { 'paths': { '/home/git', - '/var/lib/gitea', }, }, 'gitea': { @@ -45,23 +44,6 @@ defaults = { }, }, }, - 'zfs': { - 'datasets': { - 'tank/gitea': {}, - 'tank/gitea/home': { - 'mountpoint': '/home/git', - 'needed_by': { - 'directory:/home/git', - }, - }, - 'tank/gitea/var': { - 'mountpoint': '/var/lib/gitea', - 'needed_by': { - 'directory:/var/lib/gitea', - }, - }, - }, - }, } @@ -75,8 +57,7 @@ def nginx(metadata): return { 'nginx': { 'vhosts': { - 'gitea': { - 'domain': metadata.get('gitea/domain'), + metadata.get('gitea/domain'): { 'locations': { '/': { 'target': 'http://127.0.0.1:22000', diff --git a/bundles/grafana/dashboard-rows/cpu.py b/bundles/grafana/dashboard-rows/cpu.py index 1279b2e..e370d5e 100644 --- a/bundles/grafana/dashboard-rows/cpu.py +++ b/bundles/grafana/dashboard-rows/cpu.py @@ -9,8 +9,6 @@ def dashboard_row_cpu(panel_id, node): 'iowait', 'nice', 'softirq', - 'guest', - 'guest_nice', ]: queries_cpu.append({ 'groupBy': [ diff --git a/bundles/jenkins-ci/files/ssh-config b/bundles/jenkins-ci/files/ssh-config deleted file mode 100644 index 564c5f9..0000000 --- a/bundles/jenkins-ci/files/ssh-config +++ /dev/null @@ -1,3 +0,0 @@ -Host * - UserKnownHostsFile /dev/null - StrictHostKeyChecking no diff --git a/bundles/jenkins-ci/items.py b/bundles/jenkins-ci/items.py index 03e627e..ff49882 100644 --- a/bundles/jenkins-ci/items.py +++ b/bundles/jenkins-ci/items.py @@ -1,41 +1,14 @@ -directories = { - '/var/lib/jenkins': { - 'owner': 'jenkins', - 'group': 'jenkins', - 'needs': { - 'pkg_apt:jenkins', - }, - }, - '/var/lib/jenkins/.ssh': { - 'mode': '0755', - 'owner': 'git', - 'group': 'git', - }, -} - files = { '/etc/default/jenkins': { 'triggers': { 'svc_systemd:jenkins:restart', }, }, - '/var/lib/jenkins/.ssh/config': { - 'source': 'ssh-config', - }, } -if node.metadata.get('jenkins-ci/install_ssh_key', False): - files['/var/lib/jenkins/.ssh/id_ed25519'] = { - 'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'), - 'mode': '0600', - 'owner': 'jenkins', - 'group': 'jenkins', - } - svc_systemd = { 'jenkins': { 'needs': { - 'directory:/var/lib/jenkins', 'pkg_apt:jenkins', }, }, diff --git a/bundles/jenkins-ci/metadata.py b/bundles/jenkins-ci/metadata.py index fae8052..0cd5e59 100644 --- a/bundles/jenkins-ci/metadata.py +++ b/bundles/jenkins-ci/metadata.py @@ -21,14 +21,4 @@ defaults = { '/var/lib/jenkins', }, }, - 'zfs': { - 'datasets': { - 'tank/jenkins': { - 'mountpoint': '/var/lib/jenkins', - 'needed_by': { - 'pkg_apt:jenkins', - }, - }, - }, - }, } diff --git a/bundles/mx-puppet-discord/files/config.yaml b/bundles/mx-puppet-discord/files/config.yaml index 6be98d2..a93c889 100644 --- a/bundles/mx-puppet-discord/files/config.yaml +++ b/bundles/mx-puppet-discord/files/config.yaml @@ -16,12 +16,6 @@ provisioning: - "${regex}" % endfor -namePatterns: - user: ":name (Discord)" - userOverride: ":displayname (Discord)" - room: "#:name (Discord - :guild)" - group: ":name" - database: connString: "postgres://${node.metadata['mx-puppet-discord']['database']['user']}:${node.metadata['mx-puppet-discord']['database']['password']}@${node.metadata['mx-puppet-discord']['database'].get('host', 'localhost')}/${node.metadata['mx-puppet-discord']['database']['database']}?sslmode=disable" diff --git a/bundles/php/files/8.0/fpm.conf b/bundles/php/files/8.0/fpm.conf deleted file mode 100644 index c4d6412..0000000 --- a/bundles/php/files/8.0/fpm.conf +++ /dev/null @@ -1,23 +0,0 @@ -[global] -pid=/run/php/php8.0-fpm.pid -; We're using journal, put logs there -error_log=/var/log/php8.0-fpm.log -daemonize=yes - -; The one and only worker pool we have -[www] -user=www-data -group=www-data -listen=/run/php/php8.0-fpm.sock -listen.owner=www-data -listen.group=www-data -listen.mode=0600 - -; Process Manager Settings -pm=dynamic -pm.max_children=${num_cpus*4} -pm.start_servers=${num_cpus} -pm.max_spare_servers=${num_cpus*2} -pm.min_spare_servers=${num_cpus} -pm.process_idle_timeout=30s -pm.max_requests=1024 diff --git a/bundles/php/files/8.0/php.ini b/bundles/php/files/8.0/php.ini deleted file mode 100644 index 45b78bf..0000000 --- a/bundles/php/files/8.0/php.ini +++ /dev/null @@ -1,99 +0,0 @@ -[PHP] -; Only needed for libapache2-mod-php? -engine = On -short_open_tag = Off -precision = 14 -output_buffering = 4096 -zlib.output_compression = Off -implicit_flush = Off -serialize_precision = -1 -disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals -ignore_user_abort = Off -zend.enable_gc = On -expose_php = Off - -max_execution_time = 30 -max_input_time = 60 -memory_limit = 256M - -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT -display_startup_errors = Off -log_errors = On -log_errors_max_len = 1024 -ignore_repeated_errors = Off -ignore_repeated_source = Off -report_memleaks = On -html_errors = On -error_log = syslog -syslog.ident = php7.4 -syslog.filter = ascii - -arg_separator.output = "&" -variables_order = "GPCS" -request_order = "GP" -register_argc_argv = Off -auto_globals_jit = On -post_max_size = ${post_max_size}M -default_mimetype = "text/html" -default_charset = "UTF-8" - -enable_dl = Off -file_uploads = On -upload_max_filesize = ${post_max_size}M -max_file_uploads = 20 - -allow_url_fopen = On -allow_url_include = Off -default_socket_timeout = 10 - -[CLI Server] -cli_server.color = On - -[mail function] -mail.add_x_header = Off - -[ODBC] -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 - -[PostgreSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 - -[bcmath] -bcmath.scale = 0 - -[Session] -session.save_handler = files -session.use_strict_mode = 0 -session.use_cookies = 1 -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 -session.cookie_lifetime = 0 -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = -session.cookie_samesite = -session.serialize_handler = php -session.gc_probability = 1 -session.gc_divisor = 1000 -session.gc_maxlifetime = 1440 -session.referer_check = -session.cache_limiter = nocache -session.cache_expire = 180 -session.use_trans_sid = 0 -session.sid_length = 32 -session.trans_sid_tags = "a=href,area=href,frame=src,form=" -session.sid_bits_per_character = 6 - -[Assertion] -zend.assertions = -1 diff --git a/bundles/postfix/files/arch-override.conf b/bundles/postfix/files/arch-override.conf deleted file mode 100644 index 3b3e46d..0000000 --- a/bundles/postfix/files/arch-override.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Service] -# arch postfix is not set up for chrooting by default -ExecStartPre=-/usr/sbin/mkdir -p /var/spool/postfix/etc -% for file in ['/etc/localtime', '/etc/nsswitch.conf', '/etc/resolv.conf', '/etc/services']: -ExecStartPre=-/usr/sbin/cp -p ${file} /var/spool/postfix${file} -% endfor diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index 7346fe3..1ca260b 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -21,7 +21,7 @@ for identifier in node.metadata.get('postfix/mynetworks', set()): netmask = '128' mynetworks.add(f'[{ip6}]/{netmask}') -my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix' +my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix' files = { '/etc/mailname': { @@ -86,13 +86,3 @@ svc_systemd = { }, }, } - -if node.os == 'arch': - files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = { - 'source': 'arch-override.conf', - 'content_type': 'mako', - 'triggers': { - 'action:systemd-reload', - 'svc_systemd:postfix:restart', - }, - } diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index b9219f1..759f693 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -25,7 +25,6 @@ defaults = { 'pacman': { 'packages': { 'postfix': {}, - 's-nail': {}, }, }, } diff --git a/bundles/simple-icinga-dashboard/items.py b/bundles/simple-icinga-dashboard/items.py index 74f05db..c69c9df 100644 --- a/bundles/simple-icinga-dashboard/items.py +++ b/bundles/simple-icinga-dashboard/items.py @@ -34,7 +34,7 @@ directories = { git_deploy = { '/opt/simple-icinga-dashboard/src': { - 'repo': 'https://git.franzi.business/sophie/simple-icinga-dashboard.git', + 'repo': 'https://git.kunsmann.eu/sophie/simple-icinga-dashboard.git', 'rev': 'main', 'triggers': { 'action:simple-icinga-dashboard_install_requirements', diff --git a/data/gitea/files/ssh-keys/rx300.key.vault b/data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault similarity index 100% rename from data/gitea/files/ssh-keys/rx300.key.vault rename to data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault diff --git a/data/gitea/files/ssh-keys/rx300.pub b/data/gitea/files/ssh-keys/htz.ex42-1048908.pub similarity index 100% rename from data/gitea/files/ssh-keys/rx300.pub rename to data/gitea/files/ssh-keys/htz.ex42-1048908.pub diff --git a/data/jenkins-ci/files/ssh-keys/rx300.key.vault b/data/jenkins-ci/files/ssh-keys/rx300.key.vault deleted file mode 100644 index e56190a..0000000 --- a/data/jenkins-ci/files/ssh-keys/rx300.key.vault +++ /dev/null @@ -1 +0,0 @@ -encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE \ No newline at end of file diff --git a/data/jenkins-ci/files/ssh-keys/rx300.pub b/data/jenkins-ci/files/ssh-keys/rx300.pub deleted file mode 100644 index 55ce7ec..0000000 --- a/data/jenkins-ci/files/ssh-keys/rx300.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index b811603..3fadfdb 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -2,9 +2,8 @@ ${header} $ORIGIN franzi.business. -; ends up on rx300.kunbox.net -@ IN A 31.47.232.106 - IN AAAA 2a00:f820:528::2 +@ IN A 94.130.52.224 + IN AAAA 2a01:4f8:10b:2a5f::2 IN MX 10 mx0.kunbox.net. IN TXT "v=spf1 mx ~all" @@ -14,9 +13,6 @@ chat IN AAAA 2a01:4f8:10b:2a5f::2 dimension IN A 94.130.52.224 dimension IN AAAA 2a01:4f8:10b:2a5f::2 -git IN CNAME rx300.kunbox.net. -jenkins IN CNAME rx300.kunbox.net. - matrix IN A 94.130.52.224 matrix IN AAAA 2a01:4f8:10b:2a5f::2 @@ -28,6 +24,7 @@ sewfile IN CNAME sewfile.htz-cloud.kunbox.net. rss IN CNAME rx300.kunbox.net. status IN CNAME icinga2.ovh.kunbox.net. + travelynx IN CNAME rx300.kunbox.net. unicornsden IN CNAME rx300.kunbox.net. diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index 8f10382..b38fcf0 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -10,11 +10,17 @@ $ORIGIN kunsmann.eu. dav IN A 94.130.52.224 dav IN AAAA 2a01:4f8:10b:2a5f::2 +git IN A 94.130.52.224 +git IN AAAA 2a01:4f8:10b:2a5f::2 + grafana IN CNAME influxdb.htz-cloud.kunbox.net. icinga IN CNAME icinga2.ovh.kunbox.net. influxdb IN CNAME influxdb.htz-cloud.kunbox.net. statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net. +jenkins IN A 94.130.52.224 +jenkins IN AAAA 2a01:4f8:10b:2a5f::2 + mta-sts IN A 94.130.52.224 mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 @@ -23,8 +29,8 @@ luther-ps IN CNAME luther.htz-cloud.kunbox.net. paste IN A 94.130.52.224 paste IN AAAA 2a01:4f8:10b:2a5f::2 -; legacy, for redirect -git IN CNAME ex42-1048908.htz.kunbox.net. +rss IN A 94.130.52.224 +rss IN AAAA 2a01:4f8:10b:2a5f::2 _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" _mta-sts IN TXT "v=STSv1;id=20201111;" diff --git a/data/travelynx/files/imprint/rx300 b/data/travelynx/files/imprint/rx300 index 031c68d..77cb78a 100644 --- a/data/travelynx/files/imprint/rx300 +++ b/data/travelynx/files/imprint/rx300 @@ -9,7 +9,7 @@

Datenschutz

Logdateien des Webservers

-

Der Webserver fertigt keine Logdateien an. Interessierte können sich in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen.

+

Der Webserver fertigt keine Logdateien an. Interessierte können sich in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen.

Account-spezifische Daten

diff --git a/libs/faults.py b/libs/faults.py index ad3735c..2995249 100644 --- a/libs/faults.py +++ b/libs/faults.py @@ -1,39 +1,6 @@ from json import loads, dumps from bundlewrap.metadata import metadata_to_json -from bundlewrap.utils import Fault - def resolve_faults(dictionary: dict) -> dict: return loads(metadata_to_json(dictionary)) - - -def ensure_fault_or_none(maybe_fault): - if maybe_fault is None or isinstance(maybe_fault, Fault): - return maybe_fault - - return Fault(maybe_fault, lambda f: f, f=maybe_fault) - - -def join_faults(faults, by=' '): - result = [] - id_list = [] - - for item in faults: - result.append(ensure_fault_or_none(item)) - - if isinstance(item, Fault): - id_list += item.id_list - else: - id_list.append(item) - - id_list += [ - 'joined_by', - by, - ] - - return Fault( - id_list, - lambda o: by.join([i.value for i in o]), - o=result, - ) diff --git a/nodes/aurto.py b/nodes/aurto.py index 45d1adf..69fda0b 100644 --- a/nodes/aurto.py +++ b/nodes/aurto.py @@ -2,7 +2,6 @@ nodes['aurto'] = { 'hostname': '31.47.232.107', 'bundles': { 'backup-client', - 'check-mail-received', }, 'groups': { 'arch', @@ -19,13 +18,6 @@ nodes['aurto'] = { '/var/cache/pacman/aurto', }, }, - 'check-mail-received': { - 't-online': { - 'email': 'franzi.kunsmann@t-online.de', - 'imap_host': 'secureimap.t-online.de', - 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), - }, - }, 'interfaces': { 'enp1s0': { 'ips': { @@ -63,9 +55,6 @@ nodes['aurto'] = { # kunsi 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYst1HK+gJYhNxzqJGnz4iB73pa89Xz2yH+8wufOcsA', 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971', - # n0emis - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu', - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== simeon@noemis.me (OLD)', }, }, 'kunsi': { diff --git a/nodes/htz-cloud/pirmasens.py b/nodes/htz-cloud/pirmasens.py index 18b1b76..5953245 100644 --- a/nodes/htz-cloud/pirmasens.py +++ b/nodes/htz-cloud/pirmasens.py @@ -1,6 +1,5 @@ nodes['htz-cloud.pirmasens'] = { 'bundles': { - 'check-mail-received', 'dovecot', 'php', 'postfixadmin', @@ -24,13 +23,6 @@ nodes['htz-cloud.pirmasens'] = { 'gateway6': 'fe80::1', }, }, - 'check-mail-received': { - 't-online': { - 'email': 'franzi.kunsmann@t-online.de', - 'imap_host': 'secureimap.t-online.de', - 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), - }, - }, 'icinga_options': { 'pretty_name': 'kunsmann.info', }, diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index cae81bf..f6d2418 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -1,10 +1,9 @@ nodes['htz.ex42-1048908'] = { 'bundles': { - 'check-mail-received', 'dovecot', 'element-web', -# 'gitea', -# 'jenkins-ci', + 'gitea', + 'jenkins-ci', 'lm-sensors', 'matrix-media-repo', 'matrix-synapse', @@ -87,12 +86,8 @@ nodes['htz.ex42-1048908'] = { '/opt/matrix/matrix-dimension', }, }, - 'check-mail-received': { - 't-online': { - 'email': 'franzi.kunsmann@t-online.de', - 'imap_host': 'secureimap.t-online.de', - 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), - }, + 'cron': { + 'telekom_nervkram': vault.decrypt('encrypt$gAAAAABfqXi23M96wrSLhqlbhqgePYX06LjPXfyQU2y_07kqYYLztj_PhS1-dk4r5FiiL2Ofmx5iCKW1sZNqiQSuHj2uKaitH0GnwHqj5CI2JwkAS9HrFxw=').format_into('0 0 * * * root date | mail -s \'daily test mail \' -r postmaster@mx0.kunbox.net {}'), }, 'element-web': { 'url': 'chat.franzi.business', @@ -118,27 +113,27 @@ nodes['htz.ex42-1048908'] = { }, }, }, -# 'gitea': { -# 'version': '1.14.3', -# 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', -# 'domain': 'git.kunsmann.eu', -# 'email_domain_blocklist': { -# 'gmail.com', -# 'yahoo.com', -# 'aol.com', -# 'comcast.net', -# 'verizon.net', -# 'hotmail.com', -# 'cox.net', -# 'msn.com', -# }, -# 'enable_git_hooks': True, -# 'install_ssh_key': True, -# 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), -# 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), -# 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), -# 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), -# }, + 'gitea': { + 'version': '1.14.3', + 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', + 'domain': 'git.kunsmann.eu', + 'email_domain_blocklist': { + 'gmail.com', + 'yahoo.com', + 'aol.com', + 'comcast.net', + 'verizon.net', + 'hotmail.com', + 'cox.net', + 'msn.com', + }, + 'enable_git_hooks': True, + 'install_ssh_key': True, + 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), + 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), + 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), + 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), + }, 'icinga_options': { 'pretty_name': 'kunsmann.eu', }, @@ -300,53 +295,46 @@ nodes['htz.ex42-1048908'] = { }, }, }, -# 'franzi.business': { -# 'webroot': '/var/www/franzi.business/_site/', -# 'locations': { -# '/.well-known/matrix/client': { -# 'return': json_dumps({ -# 'm.homeserver': { -# 'base_url': 'https://matrix.franzi.business', -# }, -# 'm.identity_server': { -# 'base_url': 'https://matrix.org', -# }, -# 'im.vector.riot.jitsi': { -# 'preferredDomain': 'meet.ffmuc.net', -# }, -# }, sort_keys=True), -# 'additional_config': { -# 'default_type application/json', -# 'add_header Access-Control-Allow-Origin *', -# }, -# }, -# '/.well-known/matrix/server': { -# 'return': json_dumps({ -# 'm.server': 'matrix.franzi.business:443', -# }, sort_keys=True), -# 'additional_config': { -# 'default_type application/json', -# 'add_header Access-Control-Allow-Origin *', -# }, -# }, -# }, -# }, - 'git.kunsmann.eu': { + 'franzi.business': { + 'webroot': '/var/www/franzi.business/_site/', 'locations': { - '/': { - 'redirect': 'https://git.franzi.business$request_uri', + '/.well-known/matrix/client': { + 'return': json_dumps({ + 'm.homeserver': { + 'base_url': 'https://matrix.franzi.business', + }, + 'm.identity_server': { + 'base_url': 'https://matrix.org', + }, + 'im.vector.riot.jitsi': { + 'preferredDomain': 'meet.ffmuc.net', + }, + }, sort_keys=True), + 'additional_config': { + 'default_type application/json', + 'add_header Access-Control-Allow-Origin *', + }, + }, + '/.well-known/matrix/server': { + 'return': json_dumps({ + 'm.server': 'https://matrix.franzi.business', + }, sort_keys=True), + 'additional_config': { + 'default_type application/json', + 'add_header Access-Control-Allow-Origin *', + }, }, }, }, -# 'jenkins.kunsmann.eu': { -# 'locations': { -# '/': { -# 'target': 'http://localhost:22010/', -# }, -# }, -# 'website_check_path': '/login', -# 'website_check_string': 'Welcome to Jenkins', -# }, + 'jenkins.kunsmann.eu': { + 'locations': { + '/': { + 'target': 'http://localhost:22010/', + }, + }, + 'website_check_path': '/login', + 'website_check_string': 'Welcome to Jenkins', + }, 'kunbox.net': {}, 'kunsmann.eu': { 'locations': { @@ -396,7 +384,7 @@ nodes['htz.ex42-1048908'] = { }, '/.well-known/matrix/server': { 'return': json_dumps({ - 'm.server': 'matrix.franzi.business:443', + 'm.server': 'https://matrix.franzi.business', }, sort_keys=True), 'additional_config': { 'default_type application/json', diff --git a/nodes/rx300.py b/nodes/rx300.py index d66a7b0..636ed45 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -7,12 +7,8 @@ nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { - 'check-mail-received', - 'gitea', - 'jenkins-ci', 'lm-sensors', 'miniflux', - 'php', 'postgresql', 'smartd', 'travelynx', @@ -37,15 +33,6 @@ nodes['rx300'] = { 'apt': { 'packages': { 'ipmitool': {}, - - # for franzi.business deployment - 'ruby': {}, - 'ruby-dev': {}, - 'ruby-bundler': {}, - - # more php - 'php-imagick': {}, - 'php-yaml': {}, }, # XXX remove this once nginx.org has packages for debian bullseye 'repos': { @@ -56,105 +43,23 @@ nodes['rx300'] = { }, }, }, - 'check-mail-received': { - 't-online': { - 'email': 'franzi.kunsmann@t-online.de', - 'imap_host': 'secureimap.t-online.de', - 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), - }, - }, - 'gitea': { - 'version': '1.14.4', - 'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0', - 'domain': 'git.franzi.business', - 'email_domain_blocklist': { - 'gmail.com', - 'yahoo.com', - 'aol.com', - 'comcast.net', - 'verizon.net', - 'hotmail.com', - 'cox.net', - 'msn.com', - }, - 'enable_git_hooks': True, - 'install_ssh_key': True, - 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), - 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), - 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), - 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), - }, 'icinga_options': { 'pretty_name': 'franzi.business', }, - 'jenkins-ci': { - 'install_ssh_key': True, - }, 'miniflux': { 'domain': 'rss.franzi.business', }, 'nginx': { 'vhosts': { - 'gitea': {'ssl': '_.franzi.business'}, - 'miniflux': {'ssl': '_.franzi.business'}, - 'franzi.business': { - 'webroot': '/var/www/franzi.business/_site/', + 'miniflux': { 'ssl': '_.franzi.business', - 'locations': { - '/.well-known/matrix/client': { - 'return': json_dumps({ - 'm.homeserver': { - 'base_url': 'https://matrix.franzi.business', - }, - 'm.identity_server': { - 'base_url': 'https://matrix.org', - }, - 'im.vector.riot.jitsi': { - 'preferredDomain': 'meet.ffmuc.net', - }, - }, sort_keys=True), - 'additional_config': { - 'default_type application/json', - 'add_header Access-Control-Allow-Origin *', - }, - }, - '/.well-known/matrix/server': { - 'return': json_dumps({ - 'm.server': 'matrix.franzi.business:443', - }, sort_keys=True), - 'additional_config': { - 'default_type application/json', - 'add_header Access-Control-Allow-Origin *', - }, - }, - }, - }, - 'jenkins': { - 'domain': 'jenkins.franzi.business', - 'ssl': '_.franzi.business', - 'locations': { - '/': { - 'target': 'http://localhost:22010/', - }, - }, - 'website_check_path': '/login', - 'website_check_string': 'Welcome to Jenkins', - }, - 'unicornsden-redirect': { - 'domain': 'unicornsden.franzi.business', - 'ssl': '_.franzi.business', - 'locations': { - '/': { - 'redirect': 'https://map.unicornsden.com/', - }, - }, }, 'unicornsden': { - 'domain': 'map.unicornsden.com', - 'php': True, + 'domain': 'unicornsden.franzi.business', + 'ssl': '_.franzi.business', 'webroot_config': { - 'owner': 'jenkins', - 'group': 'jenkins', + 'owner': 'kunsi', + 'group': 'kunsi', 'mode': '0755', }, }, @@ -175,19 +80,6 @@ nodes['rx300'] = { }, }, }, - 'php': { - 'version': '8.0', - 'packages': { - 'gd', - 'imap', - 'intl', - 'mbstring', - 'opcache', - 'pgsql', - 'readline', - 'xml', - }, - }, 'postgresql': { 'version': '13', },