kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Compare commits

base: kunsi:bce70561c252020aa90835677a078578a11a5b15
Branches Tags
kunsi:main
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer
..
compare: kunsi:a51aad6a53fe90a8ffcb83effc9267ca61612547
Branches Tags
kunsi:main
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer

16 commits
bce70561c2 ... a51aad6a53

Author SHA1 Message Date
Sophie Schiller
a51aad6a53 bw/htz-cloud.miniserver bump element-web version
Some checks failed
bundlewrap/pipeline/head This commit looks good
Details
bundlewrap/pipeline/pr-main There was a failure building this commit
Details
2021-07-05 19:57:44 +02:00
Sophie Schiller
d01a7f34a4 bw/matrix-dimension repair syntax errors
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-04 21:34:30 +02:00
Sophie Schiller
b9135aceca bw/matrix-dimension remove unneeded metadata
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Details
2021-07-04 21:17:12 +02:00
Sophie Schiller
07994de66c bw/matrix-dimension get all the things
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Details
2021-07-04 21:11:23 +02:00
Sophie Schiller
3fd20de161 bw/matrix-dimension disable logfile
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-04 21:06:51 +02:00
Sophie Schiller
a65301ee89 bw/matrix-dimension switch to generic vhost name
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-04 20:58:56 +02:00
Sophie Schiller
d74618f9a9 bw/matrix-dimension enable process monitoring
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Details
2021-07-04 20:47:40 +02:00
Sophie Schiller
8702e131dc bw/matrix-dimensions fix typos 2021-07-04 20:44:17 +02:00
Sophie Schiller
2161698a97 bw/matrix-dimension switch listening port 2021-07-04 20:41:17 +02:00
Sophie Schiller
b87d3cc975 bw/matrix-dimension switch to dedicated user 2021-07-04 20:38:27 +02:00
Sophie Schiller
49d3e36f9f bw/htz-cloud.miniserver cleanup extras
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-04 20:28:48 +02:00
Sophie Schiller
f4c74e732d bw/matrix-dimension witespaaaaaaaace
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
2021-07-04 20:24:10 +02:00
Sophie Schiller
a586454a78 bundle/matrix-dimension enable backups
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Details
2021-07-04 20:18:09 +02:00
Sophie Schiller
e7bd3fe27f bw/htz-cloud.miniserver set differend recursors 2021-07-04 20:18:09 +02:00
Sophie Schiller
3a26c766f9 bw/bundle matrix-dimension this might actually work 2021-07-04 20:18:09 +02:00
Sophie Schiller
3b79f3973f bw/bundle matrix-dimension add first draft 2021-07-04 20:18:09 +02:00
29 changed files with 83 additions and 581 deletions
Show stats Expand all files Collapse all files

2
README.md
View file

@ -6,4 +6,4 @@ May also include some dummy nodes, for example for deploying websites
onto shared webhosting.
`bw test` runs according to Jenkinsfile after every commit.
[![Build Status](https://jenkins.franzi.business/buildStatus/icon?job=kunsi%2Fbundlewrap%2Fmain)](https://jenkins.franzi.business/job/kunsi/job/bundlewrap/job/main/)
[![Build Status](https://jenkins.kunsmann.eu/buildStatus/icon?job=bundlewrap%2Fmain)](https://jenkins.kunsmann.eu/job/bundlewrap/job/main/)

70
bundles/check-mail-received/files/check_imap_for_mail_from
View file

@ -1,70 +0,0 @@
#!/usr/bin/env python3
from imaplib import IMAP4_SSL
from subprocess import check_output
from sys import argv, exit
from time import time
if len(argv) < 5:
print('Usage: {} <imap host> <username> <password> <message sender>'.format(argv[0]))
exit(3)
NOW = time()
try:
imap = IMAP4_SSL(argv[1])
imap.login(argv[2], argv[3])
imap.select('Inbox')
_, data = imap.search(None, 'ALL')
something_found = False
for item in data:
for index in item.split():
received_in_this_mail = None
from_in_this_mail = False
try:
message = imap.fetch(index, '(RFC822)')
message_text = bytearray()
for part in message[1][0]:
message_text.extend(part)
message_text = message_text.decode().splitlines()
for line in message_text:
lline = line.strip().lower()
if lline.startswith('from:') and argv[4].lower() in line:
from_in_this_mail = True
if lline.startswith('date:'):
date = line.strip()[5:].strip()
unixtime = int(check_output([
'date',
'--date={}'.format(date),
'+%s',
]).decode().strip())
if unixtime > (NOW-(60*60*25)):
received_in_this_mail = date
if received_in_this_mail and from_in_this_mail:
print('Found message from "{}" sent at "{}"'.format(argv[4], received_in_this_mail))
received_in_this_mail = None
from_in_this_mail = False
something_found = True
except:
pass
if something_found:
# there should be output above
exit(0)
print('No Mails found')
exit(2)
except Exception as e:
print(repr(e))
exit(3)

5
bundles/check-mail-received/items.py
View file

@ -1,5 +0,0 @@
files = {
'/usr/local/share/icinga/plugins/check_imap_for_mail_from': {
'mode': '0755',
},
}

41
bundles/check-mail-received/metadata.py
View file

@ -1,41 +0,0 @@
@metadata_reactor.provides(
'cron/check-mail-received',
'icinga2_api/check-mail-received/services',
)
def process_metadata(metadata):
cron = set()
services = {}
my_mail_address = 'root@{}'.format(metadata.get('hostname'))
for name, config in metadata.get('check-mail-received', {}).items():
cron.add('{minute} {hour} * * * root date | mail -s "daily test mail from {node}" -r {source} {target}'.format(
minute=node.magic_number%60,
hour=node.magic_number%24,
node=node.name,
source=my_mail_address,
target=config['email'],
))
services[f'MAIL RECEIVED ON {name}'] = {
'command_on_monitored_host': repo.libs.faults.join_faults([
'/usr/local/share/icinga/plugins/check_imap_for_mail_from',
config['imap_host'],
config.get('imap_user', config['email']),
config['imap_pass'],
my_mail_address,
]),
'check_interval': '15m',
'retry_interval': '5m',
}
return {
'cron': {
'check-mail-received': '\n'.join(sorted(cron)),
},
'icinga2_api': {
'check-mail-received': {
'services': services,
},
},
}

5
bundles/gitea/items.py
View file

@ -21,11 +21,6 @@ directories = {
'owner': 'git',
'group': 'git',
},
'/home/git/.ssh': {
'mode': '0755',
'owner': 'git',
'group': 'git',
},
'/var/lib/gitea': {
'owner': 'git',
'mode': '0700',

21
bundles/gitea/metadata.py
View file

@ -2,7 +2,6 @@ defaults = {
'backups': {
'paths': {
'/home/git',
'/var/lib/gitea',
},
},
'gitea': {
@ -45,23 +44,6 @@ defaults = {
},
},
},
'zfs': {
'datasets': {
'tank/gitea': {},
'tank/gitea/home': {
'mountpoint': '/home/git',
'needed_by': {
'directory:/home/git',
},
},
'tank/gitea/var': {
'mountpoint': '/var/lib/gitea',
'needed_by': {
'directory:/var/lib/gitea',
},
},
},
},
}
@ -75,8 +57,7 @@ def nginx(metadata):
return {
'nginx': {
'vhosts': {
'gitea': {
'domain': metadata.get('gitea/domain'),
metadata.get('gitea/domain'): {
'locations': {
'/': {
'target': 'http://127.0.0.1:22000',

2
bundles/grafana/dashboard-rows/cpu.py
View file

@ -9,8 +9,6 @@ def dashboard_row_cpu(panel_id, node):
'iowait',
'nice',
'softirq',
'guest',
'guest_nice',
]:
queries_cpu.append({
'groupBy': [

3
bundles/jenkins-ci/files/ssh-config
View file

@ -1,3 +0,0 @@
Host *
UserKnownHostsFile /dev/null
StrictHostKeyChecking no

27
bundles/jenkins-ci/items.py
View file

@ -1,41 +1,14 @@
directories = {
'/var/lib/jenkins': {
'owner': 'jenkins',
'group': 'jenkins',
'needs': {
'pkg_apt:jenkins',
},
},
'/var/lib/jenkins/.ssh': {
'mode': '0755',
'owner': 'git',
'group': 'git',
},
}
files = {
'/etc/default/jenkins': {
'triggers': {
'svc_systemd:jenkins:restart',
},
},
'/var/lib/jenkins/.ssh/config': {
'source': 'ssh-config',
},
}
if node.metadata.get('jenkins-ci/install_ssh_key', False):
files['/var/lib/jenkins/.ssh/id_ed25519'] = {
'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'),
'mode': '0600',
'owner': 'jenkins',
'group': 'jenkins',
}
svc_systemd = {
'jenkins': {
'needs': {
'directory:/var/lib/jenkins',
'pkg_apt:jenkins',
},
},

10
bundles/jenkins-ci/metadata.py
View file

@ -21,14 +21,4 @@ defaults = {
'/var/lib/jenkins',
},
},
'zfs': {
'datasets': {
'tank/jenkins': {
'mountpoint': '/var/lib/jenkins',
'needed_by': {
'pkg_apt:jenkins',
},
},
},
},
}

6
bundles/mx-puppet-discord/files/config.yaml
View file

@ -16,12 +16,6 @@ provisioning:
- "${regex}"
% endfor
namePatterns:
user: ":name (Discord)"
userOverride: ":displayname (Discord)"
room: "#:name (Discord - :guild)"
group: ":name"
database:
connString: "postgres://${node.metadata['mx-puppet-discord']['database']['user']}:${node.metadata['mx-puppet-discord']['database']['password']}@${node.metadata['mx-puppet-discord']['database'].get('host', 'localhost')}/${node.metadata['mx-puppet-discord']['database']['database']}?sslmode=disable"

23
bundles/php/files/8.0/fpm.conf
View file

@ -1,23 +0,0 @@
[global]
pid=/run/php/php8.0-fpm.pid
; We're using journal, put logs there
error_log=/var/log/php8.0-fpm.log
daemonize=yes
; The one and only worker pool we have
[www]
user=www-data
group=www-data
listen=/run/php/php8.0-fpm.sock
listen.owner=www-data
listen.group=www-data
listen.mode=0600
; Process Manager Settings
pm=dynamic
pm.max_children=${num_cpus*4}
pm.start_servers=${num_cpus}
pm.max_spare_servers=${num_cpus*2}
pm.min_spare_servers=${num_cpus}
pm.process_idle_timeout=30s
pm.max_requests=1024

99
bundles/php/files/8.0/php.ini
View file

@ -1,99 +0,0 @@
[PHP]
; Only needed for libapache2-mod-php?
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals
ignore_user_abort = Off
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
html_errors = On
error_log = syslog
syslog.ident = php7.4
syslog.filter = ascii
arg_separator.output = "&amp;"
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = ${post_max_size}M
default_mimetype = "text/html"
default_charset = "UTF-8"
enable_dl = Off
file_uploads = On
upload_max_filesize = ${post_max_size}M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 10
[CLI Server]
cli_server.color = On
[mail function]
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 32
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 6
[Assertion]
zend.assertions = -1

6
bundles/postfix/files/arch-override.conf
View file

@ -1,6 +0,0 @@
[Service]
# arch postfix is not set up for chrooting by default
ExecStartPre=-/usr/sbin/mkdir -p /var/spool/postfix/etc
% for file in ['/etc/localtime', '/etc/nsswitch.conf', '/etc/resolv.conf', '/etc/services']:
ExecStartPre=-/usr/sbin/cp -p ${file} /var/spool/postfix${file}
% endfor

12
bundles/postfix/items.py
View file

@ -21,7 +21,7 @@ for identifier in node.metadata.get('postfix/mynetworks', set()):
netmask = '128'
mynetworks.add(f'[{ip6}]/{netmask}')
my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix'
my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix'
files = {
'/etc/mailname': {
@ -86,13 +86,3 @@ svc_systemd = {
},
},
}
if node.os == 'arch':
files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = {
'source': 'arch-override.conf',
'content_type': 'mako',
'triggers': {
'action:systemd-reload',
'svc_systemd:postfix:restart',
},
}

1
bundles/postfix/metadata.py
View file

@ -25,7 +25,6 @@ defaults = {
'pacman': {
'packages': {
'postfix': {},
's-nail': {},
},
},
}

2
bundles/simple-icinga-dashboard/items.py
View file

@ -34,7 +34,7 @@ directories = {
git_deploy = {
'/opt/simple-icinga-dashboard/src': {
'repo': 'https://git.franzi.business/sophie/simple-icinga-dashboard.git',
'repo': 'https://git.kunsmann.eu/sophie/simple-icinga-dashboard.git',
'rev': 'main',
'triggers': {
'action:simple-icinga-dashboard_install_requirements',

0
data/gitea/files/ssh-keys/rx300.key.vault → data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault
View file

0
data/gitea/files/ssh-keys/rx300.pub → data/gitea/files/ssh-keys/htz.ex42-1048908.pub
View file

1
data/jenkins-ci/files/ssh-keys/rx300.key.vault
View file

@ -1 +0,0 @@
encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE

1
data/jenkins-ci/files/ssh-keys/rx300.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH

9
data/powerdns/files/bind-zones/franzi.business
View file

@ -2,9 +2,8 @@ ${header}
$ORIGIN franzi.business.
; ends up on rx300.kunbox.net
@ IN A 31.47.232.106
IN AAAA 2a00:f820:528::2
@ IN A 94.130.52.224
IN AAAA 2a01:4f8:10b:2a5f::2
IN MX 10 mx0.kunbox.net.
IN TXT "v=spf1 mx ~all"
@ -14,9 +13,6 @@ chat IN AAAA 2a01:4f8:10b:2a5f::2
dimension IN A 94.130.52.224
dimension IN AAAA 2a01:4f8:10b:2a5f::2
git IN CNAME rx300.kunbox.net.
jenkins IN CNAME rx300.kunbox.net.
matrix IN A 94.130.52.224
matrix IN AAAA 2a01:4f8:10b:2a5f::2
@ -28,6 +24,7 @@ sewfile IN CNAME sewfile.htz-cloud.kunbox.net.
rss IN CNAME rx300.kunbox.net.
status IN CNAME icinga2.ovh.kunbox.net.
travelynx IN CNAME rx300.kunbox.net.
unicornsden IN CNAME rx300.kunbox.net.

10
data/powerdns/files/bind-zones/kunsmann.eu
View file

@ -10,11 +10,17 @@ $ORIGIN kunsmann.eu.
dav IN A 94.130.52.224
dav IN AAAA 2a01:4f8:10b:2a5f::2
git IN A 94.130.52.224
git IN AAAA 2a01:4f8:10b:2a5f::2
grafana IN CNAME influxdb.htz-cloud.kunbox.net.
icinga IN CNAME icinga2.ovh.kunbox.net.
influxdb IN CNAME influxdb.htz-cloud.kunbox.net.
statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net.
jenkins IN A 94.130.52.224
jenkins IN AAAA 2a01:4f8:10b:2a5f::2
mta-sts IN A 94.130.52.224
mta-sts IN AAAA 2a01:4f8:10b:2a5f::2
@ -23,8 +29,8 @@ luther-ps IN CNAME luther.htz-cloud.kunbox.net.
paste IN A 94.130.52.224
paste IN AAAA 2a01:4f8:10b:2a5f::2
; legacy, for redirect
git IN CNAME ex42-1048908.htz.kunbox.net.
rss IN A 94.130.52.224
rss IN AAAA 2a01:4f8:10b:2a5f::2
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
_mta-sts IN TXT "v=STSv1;id=20201111;"

2
data/travelynx/files/imprint/rx300
View file

@ -9,7 +9,7 @@
<div class="col s12">
<h1>Datenschutz</h1>
<h2>Logdateien des Webservers</h2>
<p>Der Webserver fertigt keine Logdateien an. Interessierte können sich <a href="https://git.franzi.business/kunsi/bundlewrap/src/branch/main/bundles/nginx/files/site_template">in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen</a>.</p>
<p>Der Webserver fertigt keine Logdateien an. Interessierte können sich <a href="https://git.kunsmann.eu/kunsi/bundlewrap/src/branch/main/bundles/nginx/files/site_template">in meinem Gitea die aktuelle nginx-Konfiguration des Servers ansehen</a>.</p>
<h2>Account-spezifische Daten</h2>

33
libs/faults.py
View file

@ -1,39 +1,6 @@
from json import loads, dumps
from bundlewrap.metadata import metadata_to_json
from bundlewrap.utils import Fault
def resolve_faults(dictionary: dict) -> dict:
return loads(metadata_to_json(dictionary))
def ensure_fault_or_none(maybe_fault):
if maybe_fault is None or isinstance(maybe_fault, Fault):
return maybe_fault
return Fault(maybe_fault, lambda f: f, f=maybe_fault)
def join_faults(faults, by=' '):
result = []
id_list = []
for item in faults:
result.append(ensure_fault_or_none(item))
if isinstance(item, Fault):
id_list += item.id_list
else:
id_list.append(item)
id_list += [
'joined_by',
by,
]
return Fault(
id_list,
lambda o: by.join([i.value for i in o]),
o=result,
)

11
nodes/aurto.py
View file

@ -2,7 +2,6 @@ nodes['aurto'] = {
'hostname': '31.47.232.107',
'bundles': {
'backup-client',
'check-mail-received',
},
'groups': {
'arch',
@ -19,13 +18,6 @@ nodes['aurto'] = {
'/var/cache/pacman/aurto',
},
},
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'interfaces': {
'enp1s0': {
'ips': {
@ -63,9 +55,6 @@ nodes['aurto'] = {
# kunsi
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYst1HK+gJYhNxzqJGnz4iB73pa89Xz2yH+8wufOcsA',
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971',
# n0emis
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu',
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== simeon@noemis.me (OLD)',
},
},
'kunsi': {

8
nodes/htz-cloud/pirmasens.py
View file

@ -1,6 +1,5 @@
nodes['htz-cloud.pirmasens'] = {
'bundles': {
'check-mail-received',
'dovecot',
'php',
'postfixadmin',
@ -24,13 +23,6 @@ nodes['htz-cloud.pirmasens'] = {
'gateway6': 'fe80::1',
},
},
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'icinga_options': {
'pretty_name': 'kunsmann.info',
},

136
nodes/htz/ex42-1048908.py
View file

@ -1,10 +1,9 @@
nodes['htz.ex42-1048908'] = {
'bundles': {
'check-mail-received',
'dovecot',
'element-web',
# 'gitea',
# 'jenkins-ci',
'gitea',
'jenkins-ci',
'lm-sensors',
'matrix-media-repo',
'matrix-synapse',
@ -87,12 +86,8 @@ nodes['htz.ex42-1048908'] = {
'/opt/matrix/matrix-dimension',
},
},
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
'cron': {
'telekom_nervkram': vault.decrypt('encrypt$gAAAAABfqXi23M96wrSLhqlbhqgePYX06LjPXfyQU2y_07kqYYLztj_PhS1-dk4r5FiiL2Ofmx5iCKW1sZNqiQSuHj2uKaitH0GnwHqj5CI2JwkAS9HrFxw=').format_into('0 0 * * * root date | mail -s \'daily test mail \' -r postmaster@mx0.kunbox.net {}'),
},
'element-web': {
'url': 'chat.franzi.business',
@ -118,27 +113,27 @@ nodes['htz.ex42-1048908'] = {
},
},
},
# 'gitea': {
# 'version': '1.14.3',
# 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2',
# 'domain': 'git.kunsmann.eu',
# 'email_domain_blocklist': {
# 'gmail.com',
# 'yahoo.com',
# 'aol.com',
# 'comcast.net',
# 'verizon.net',
# 'hotmail.com',
# 'cox.net',
# 'msn.com',
# },
# 'enable_git_hooks': True,
# 'install_ssh_key': True,
# 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
# 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
# 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
# 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
# },
'gitea': {
'version': '1.14.3',
'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2',
'domain': 'git.kunsmann.eu',
'email_domain_blocklist': {
'gmail.com',
'yahoo.com',
'aol.com',
'comcast.net',
'verizon.net',
'hotmail.com',
'cox.net',
'msn.com',
},
'enable_git_hooks': True,
'install_ssh_key': True,
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'icinga_options': {
'pretty_name': 'kunsmann.eu',
},
@ -300,53 +295,46 @@ nodes['htz.ex42-1048908'] = {
},
},
},
# 'franzi.business': {
# 'webroot': '/var/www/franzi.business/_site/',
# 'locations': {
# '/.well-known/matrix/client': {
# 'return': json_dumps({
# 'm.homeserver': {
# 'base_url': 'https://matrix.franzi.business',
# },
# 'm.identity_server': {
# 'base_url': 'https://matrix.org',
# },
# 'im.vector.riot.jitsi': {
# 'preferredDomain': 'meet.ffmuc.net',
# },
# }, sort_keys=True),
# 'additional_config': {
# 'default_type application/json',
# 'add_header Access-Control-Allow-Origin *',
# },
# },
# '/.well-known/matrix/server': {
# 'return': json_dumps({
# 'm.server': 'matrix.franzi.business:443',
# }, sort_keys=True),
# 'additional_config': {
# 'default_type application/json',
# 'add_header Access-Control-Allow-Origin *',
# },
# },
# },
# },
'git.kunsmann.eu': {
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'locations': {
'/': {
'redirect': 'https://git.franzi.business$request_uri',
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'https://matrix.franzi.business',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
# 'jenkins.kunsmann.eu': {
# 'locations': {
# '/': {
# 'target': 'http://localhost:22010/',
# },
# },
# 'website_check_path': '/login',
# 'website_check_string': 'Welcome to Jenkins',
# },
'jenkins.kunsmann.eu': {
'locations': {
'/': {
'target': 'http://localhost:22010/',
},
},
'website_check_path': '/login',
'website_check_string': 'Welcome to Jenkins',
},
'kunbox.net': {},
'kunsmann.eu': {
'locations': {
@ -396,7 +384,7 @@ nodes['htz.ex42-1048908'] = {
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'matrix.franzi.business:443',
'm.server': 'https://matrix.franzi.business',
}, sort_keys=True),
'additional_config': {
'default_type application/json',

118
nodes/rx300.py
View file

@ -7,12 +7,8 @@
nodes['rx300'] = {
'hostname': '31.47.232.106',
'bundles': {
'check-mail-received',
'gitea',
'jenkins-ci',
'lm-sensors',
'miniflux',
'php',
'postgresql',
'smartd',
'travelynx',
@ -37,15 +33,6 @@ nodes['rx300'] = {
'apt': {
'packages': {
'ipmitool': {},
# for franzi.business deployment
'ruby': {},
'ruby-dev': {},
'ruby-bundler': {},
# more php
'php-imagick': {},
'php-yaml': {},
},
# XXX remove this once nginx.org has packages for debian bullseye
'repos': {
@ -56,105 +43,23 @@ nodes['rx300'] = {
},
},
},
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'gitea': {
'version': '1.14.4',
'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0',
'domain': 'git.franzi.business',
'email_domain_blocklist': {
'gmail.com',
'yahoo.com',
'aol.com',
'comcast.net',
'verizon.net',
'hotmail.com',
'cox.net',
'msn.com',
},
'enable_git_hooks': True,
'install_ssh_key': True,
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'icinga_options': {
'pretty_name': 'franzi.business',
},
'jenkins-ci': {
'install_ssh_key': True,
},
'miniflux': {
'domain': 'rss.franzi.business',
},
'nginx': {
'vhosts': {
'gitea': {'ssl': '_.franzi.business'},
'miniflux': {'ssl': '_.franzi.business'},
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'miniflux': {
'ssl': '_.franzi.business',
'locations': {
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'matrix.franzi.business:443',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
'jenkins': {
'domain': 'jenkins.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'target': 'http://localhost:22010/',
},
},
'website_check_path': '/login',
'website_check_string': 'Welcome to Jenkins',
},
'unicornsden-redirect': {
'domain': 'unicornsden.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'redirect': 'https://map.unicornsden.com/',
},
},
},
'unicornsden': {
'domain': 'map.unicornsden.com',
'php': True,
'domain': 'unicornsden.franzi.business',
'ssl': '_.franzi.business',
'webroot_config': {
'owner': 'jenkins',
'group': 'jenkins',
'owner': 'kunsi',
'group': 'kunsi',
'mode': '0755',
},
},
@ -175,19 +80,6 @@ nodes['rx300'] = {
},
},
},
'php': {
'version': '8.0',
'packages': {
'gd',
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'postgresql': {
'version': '13',
},