voc.infobeamer-cms: gpn22

bundles/icinga2/files/check_omm.py

@@ -0,0 +1,132 @@
+#!/usr/bin/env python3
+
+import re
+from hashlib import md5
+from sys import argv, exit
+
+# Supress SSL certificate warnings for ssl_verify=False
+import urllib3
+from lxml import html
+from requests import Session
+
+USERNAME_FIELD = "g2"
+PASSWORD_FIELD = "g3"
+CRSF_FIELD = "password"
+
+STATUS_OK = 0
+STATUS_WARNING = 1
+STATUS_CRITICAL = 2
+STATUS_UNKNOWN = 3
+
+
+class OMMCrawler:
+    def __init__(self, hostname, username, password):
+        self.session = Session()
+        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+        self.session.verify = False
+
+        self.url = f"https://{hostname}"
+        self.login_data = {
+            USERNAME_FIELD: username,
+            PASSWORD_FIELD: password,
+            CRSF_FIELD: md5(password.encode()).hexdigest(),
+        }
+        self.logged_in = False
+
+    def login(self):
+        # if we have multiple dect masters, find out which one is the current master
+        current_master_url = self.session.get(self.url, verify=False).url
+        self.hostname = re.search(r"^(.*[\\\/])", current_master_url).group(0)[:-1]
+
+        response = self.session.post(f"{self.url}/login_set.html", data=self.login_data)
+        response.raise_for_status()
+
+        # set cookie
+        pass_value = re.search(r"(?<=pass=)\d+(?=;)", response.text).group(0)
+        self.session.cookies.set("pass", pass_value)
+        self.logged_in = True
+
+    def get_station_status(self):
+        if not self.logged_in:
+            self.login()
+
+        data = {}
+        response = self.session.get(f"{self.url}/fp_pnp_status.html")
+        response.raise_for_status()
+        tree = html.fromstring(response.text)
+        xpath_results = tree.xpath('//tr[@class="l0" or @class="l1"]')
+
+        for result in xpath_results:
+            bubble_is_in_inactive_cluster = False
+            bubble_is_connected = False
+            bubble_is_active = False
+
+            bubble_name = result.xpath("td[4]/text()")[0]
+            try:
+                bubble_is_connected = result.xpath("td[11]/img/@alt")[0] == "yes"
+
+                if bubble_is_connected:
+                    try:
+                        bubble_is_active = result.xpath("td[12]/img/@alt")[0] == "yes"
+                    except IndexError:
+                        # If an IndexError occurs, there is no image in the
+                        # 12th td. This means this bubble is in the not inside
+                        # an active DECT cluster, but is a backup bubble.
+                        # This is probably fine.
+                        bubble_is_active = False
+                        bubble_is_in_inactive_cluster = True
+                else:
+                    bubble_is_active = False
+            except:
+                # There is no Image in the 11th td. This usually means there
+                # is a warning message in the 10th td. We do not care about
+                # that, currently.
+                pass
+
+            data[bubble_name] = {
+                "is_connected": bubble_is_connected,
+                "is_active": bubble_is_active,
+                "is_in_inactive_cluster": bubble_is_in_inactive_cluster,
+            }
+        return data
+
+    def handle_station_data(self):
+        try:
+            data = self.get_station_status()
+        except Exception as e:
+            print(f"Something went wrong. You should take a look at {self.url}")
+            print(repr(e))
+            exit(STATUS_UNKNOWN)
+
+        critical = False
+        for name, status in data.items():
+            if not status["is_active"] and not status["is_connected"]:
+                print(
+                    f"Base station {name} is not active or connected! Check manually!"
+                )
+                critical = True
+            elif not status["is_active"] and not status["is_in_inactive_cluster"]:
+                # Bubble is part of an active DECT cluster, but not active.
+                # This shouldn't happen.
+                print(
+                    f"Base station {name} is not active but connected! Check manually!"
+                )
+                critical = True
+            elif not status["is_connected"]:
+                # This should never happen. Seeing this state means OMM
+                # itself is broken.
+                print(
+                    f"Base station {name} is not connected but active! Check manually!"
+                )
+                critical = True
+
+        if critical:
+            exit(STATUS_CRITICAL)
+        else:
+            print(f"OK - {len(data)} base stations connected")
+            exit(STATUS_OK)
+
+
+if __name__ == "__main__":
+    omm = OMMCrawler(argv[1], argv[2], argv[3])
+    omm.handle_station_data()

bundles/postfix/files/main.cf

@@ -57,7 +57,7 @@ smtpd_tls_auth_only = yes
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_mandatory_ciphers = medium
-smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem;
+smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem
 tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
 tls_preempt_cipherlist = no
 </%text>

data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu

@@ -8,3 +8,13 @@ location /.well-known/matrix/server {
     default_type application/json;
     add_header Access-Control-Allow-Origin *;
 }
+
+location /.well-known/webfinger {
+    return 302 'https://chaos.social/.well-known/webfinger?resource=acct:sophie@chaos.social';
+}
+
+location /social {
+    return 200 '<!doctype html><html><body><a rel="me" href="https://chaos.social/@sophie">Mastodon</a></body></html>';
+    default_type text/html;
+    add_header Access-Control-Allow-Origin *;
+}

nodes/carlene.toml

@@ -40,7 +40,7 @@ imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
 
 [metadata.element-web]
 url = "chat.franzi.business"
-version = "v1.11.66"
+version = "v1.11.67"
 [metadata.element-web.config]
 default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
 default_server_config.'m.homeserver'.server_name = "franzi.business"
@@ -49,8 +49,8 @@ defaultCountryCode = "DE"
 jitsi.preferredDomain = "meet.ffmuc.net"
 
 [metadata.forgejo]
-version = "7.0.2"
-sha1 = "8d8f463b875a114012d688b413b11501aaba2eee"
+version = "7.0.3"
+sha1 = "81b8adc6686bbaebdca6c17059fe6b4f67250e67"
 domain = "git.franzi.business"
 enable_git_hooks = true
 install_ssh_key = true
@@ -125,7 +125,7 @@ domain = "rss.franzi.business"
 
 [metadata.netbox]
 domain = "netbox.franzi.business"
-version = "v4.0.1"
+version = "v4.0.3"
 admins.kunsi = "hostmaster@kunbox.net"
 
 [metadata.nextcloud]

nodes/entropia-jira.toml

@@ -1,34 +0,0 @@
-hostname = "45.140.180.45"
-dummy = true
-
-[metadata.icinga_options]
-period = "daytime"
-show_on_statuspage = false
-
-[metadata.icinga2_api.nginx.services."NGINX VHOST ticket-redirect CERTIFICATE"]
-check_command = "check_https_cert_at_url"
-"vars.domain" = "ticket.gulas.ch"
-"vars.notification.mail" = true
-
-[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
-check_command = "check_https_cert_at_url"
-"vars.domain" = "jira.gulas.ch"
-"vars.notification.mail" = true
-
-[metadata.icinga2_api.nginx.services."NGINX VHOST jira CONTENT"]
-check_command = "check_http_wget"
-"vars.http_wget_contains" = "login.jsp"
-"vars.http_wget_url" = "https://jira.gulas.ch/secure/Dashboard.jspa"
-"vars.notification.sms" = true
-
-[metadata.icinga2_api.custom.services]
-# these checks do not get deployed onto the actual host by us, we only
-# execute those checks
-'DISK SPACE'.'vars.sshmon_command' = 'DISK_SPACE'
-'JIRA HEAP'.'vars.sshmon_command' = 'JIRA_HEAP'
-'JIRA THREADS'.'vars.sshmon_command' = 'JIRA_THREADS'
-'LOAD'.'vars.sshmon_command' = 'LOAD'
-'OOM KILLER'.'vars.sshmon_command' = 'OOM_KILLER'
-'RAM'.'vars.sshmon_command' = 'RAM'
-'USER PROCESS SECURITY jira'.'vars.sshmon_command' = 'USER_PROCESS_SECURITY_jira'
-'ZPOOL SPACE tank'.'vars.sshmon_command' = 'check_zpool_space_tank'

nodes/home/paperless.py

@@ -42,7 +42,7 @@ nodes['home.paperless'] = {
         },
         'paperless': {
             'domain': 'paperless.home.kunbox.net',
-            'version': 'v2.8.3',
+            'version': 'v2.8.6',
             'timezone': 'Europe/Berlin',
         },
         'postgresql': {

nodes/htz-cloud.afra.toml

@@ -32,7 +32,7 @@ routes.'172.19.128.0/20'.via = "172.19.137.1"
 
 [metadata.element-web]
 url = "element.afra.berlin"
-version = "v1.11.66"
+version = "v1.11.67"
 
 [metadata.element-web.config]
 default_server_config.'m.homeserver'.base_url = "https://matrix.afra.berlin"

nodes/htz-cloud/miniserver.py

@@ -62,7 +62,7 @@ nodes['htz-cloud.miniserver'] = {
         },
         'element-web': {
             'url': 'chat.sophies-kitchen.eu',
-            'version': 'v1.11.66',
+            'version': 'v1.11.67',
             'config': {
                 'default_server_config': {
                     'm.homeserver': {

nodes/voc/infobeamer-cms.py

@@ -25,7 +25,7 @@ nodes['voc.infobeamer-cms'] = {
         },
         'infobeamer-cms': {
             'domain': 'infobeamer.c3voc.de',
-            'event_start_date': '2023-12-26',
+            'event_start_date': '2024-05-29',
             'event_duration_days': 5,
             'config': {
                 'ADMIN_USERS': [
@@ -45,7 +45,7 @@ nodes['voc.infobeamer-cms'] = {
                 'MQTT_TOPIC': '/voc/alert',
                 'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
                 'SETUP_IDS': [
-                    245793,
+                    250294,
                 ],
 #                'EXTRA_ASSETS': [{
 #                    'type': "image",