kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Compare commits

base: kunsi:main
Branches Tags
kunsi:main
kunsi:hetzner-dyndns
kunsi:navidrome
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer
..
compare: kunsi:hetzner-dyndns
Branches Tags
kunsi:main
kunsi:hetzner-dyndns
kunsi:navidrome
kunsi:unbound-sophie
kunsi:miniserverupdates
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer

No commits in common. "main" and "hetzner-dyndns" have entirely different histories.
main ... hetzner-dy

83 changed files with 303 additions and 8673 deletions
Download patch file Download diff file Expand all files Collapse all files

4
bundles/apt/items.py
View file

@ -138,7 +138,6 @@ pkg_apt = {
'tmux': {}, 'tmux': {},
'tree': {}, 'tree': {},
'unzip': {}, 'unzip': {},
'util-linux': {},
'vim': {}, 'vim': {},
'wget': {}, 'wget': {},
'whois': {}, 'whois': {},
@ -156,6 +155,9 @@ pkg_apt = {
'popularity-contest': { 'popularity-contest': {
'installed': False, 'installed': False,
}, },
'python3-packaging': {
'installed': False,
},
'unattended-upgrades': { 'unattended-upgrades': {
'installed': False, 'installed': False,
}, },

15
bundles/backup-server/files/check_backup_for_node-cron
View file

@ -15,15 +15,16 @@ for line in check_output('LC_ALL=C zfs list -H -t snapshot -o name', shell=True)
line = line.decode('UTF-8') line = line.decode('UTF-8')
if line.startswith('{}/'.format(server_settings['zfs-base'])): if line.startswith('{}/'.format(server_settings['zfs-base'])):
try: dataset, snapname = line.split('@', 1)
dataset, snapname = line.split('@', 1)
dataset = dataset.split('/')[-1] dataset = dataset.split('/')[-1]
ts, bucket = snapname.split('-', 1) ts, bucket = snapname.split('-', 1)
snapshots[dataset].add(int(ts)) if not ts.isdigit():
except Exception as e: # garbage, ignore
print(f"Exception while parsing snapshot name {line!r}: {e!r}") continue
snapshots[dataset].add(int(ts))
backups = {} backups = {}
for dataset, snaps in snapshots.items(): for dataset, snaps in snapshots.items():

55
bundles/backup-server/metadata.py
View file

@ -83,26 +83,47 @@ def zfs_pool(metadata):
devices = metadata.get('backup-server/encrypted-devices') devices = metadata.get('backup-server/encrypted-devices')
pool_devices = set() # TODO remove this once we have migrated all systems
if isinstance(devices, dict):
pool_devices = set()
for device, dconfig in devices.items(): for number, (device, passphrase) in enumerate(sorted(devices.items())):
crypt_devices[dconfig['device']] = { crypt_devices[device] = {
'dm-name': f'backup-{device}', 'dm-name': f'backup{number}',
'passphrase': dconfig['passphrase'], 'passphrase': passphrase,
} }
pool_devices.add(f'/dev/mapper/backup-{device}') pool_devices.add(f'/dev/mapper/backup{number}')
unlock_actions.add(f'action:dm-crypt_open_backup-{device}') unlock_actions.add(f'action:dm-crypt_open_backup{number}')
pool_config = [{ pool_config = [{
'devices': pool_devices, 'devices': pool_devices,
}] }]
if len(pool_devices) > 3: if len(pool_devices) > 2:
pool_config[0]['type'] = 'raidz2' pool_config[0]['type'] = 'raidz'
elif len(pool_devices) > 2: elif len(pool_devices) > 1:
pool_config[0]['type'] = 'raidz' pool_config[0]['type'] = 'mirror'
elif len(pool_devices) > 1:
pool_config[0]['type'] = 'mirror' elif isinstance(devices, list):
pool_config = []
for idx, intended_pool in enumerate(devices):
pool_devices = set()
for number, (device, passphrase) in enumerate(sorted(intended_pool.items())):
crypt_devices[device] = {
'dm-name': f'backup{idx}-{number}',
'passphrase': passphrase,
}
pool_devices.add(f'/dev/mapper/backup{idx}-{number}')
unlock_actions.add(f'action:dm-crypt_open_backup{idx}-{number}')
pool_config.append({
'devices': pool_devices,
'type': 'raidz',
})
else:
raise BundleError(f'{node.name}: unsupported configuration for backup-server/encrypted-devices')
return { return {
'backup-server': { 'backup-server': {

0
bundles/basic/files/locale.conf → bundles/basic/files/locale
View file

20
bundles/basic/items.py
View file

@ -4,6 +4,12 @@ from uuid import UUID
from bundlewrap.utils.text import italic from bundlewrap.utils.text import italic
files = { files = {
'/etc/default/locale': {
'content_type': 'mako',
'needs': {
'action:locale-gen',
},
},
'/etc/hosts': { '/etc/hosts': {
'content_type': 'mako', 'content_type': 'mako',
}, },
@ -22,20 +28,6 @@ files = {
}, },
} }
if node.os_version[0] < 13:
locale_file = '/etc/default/locale'
else:
locale_file = '/etc/locale.conf'
files[locale_file] = {
'content_type': 'mako',
'source': 'locale.conf',
'needs': {
'action:locale-gen',
},
}
if node.has_any_bundle([ if node.has_any_bundle([
'dovecot', 'dovecot',
'nginx', 'nginx',

35
bundles/docker-immich/files/immich-auto-album-share.py
View file

@ -1,6 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import logging
from json import loads from json import loads
from os import environ from os import environ
from subprocess import check_output from subprocess import check_output
@ -13,8 +12,6 @@ PSQL_USER = environ['DB_USERNAME']
PSQL_PASS = environ['DB_PASSWORD'] PSQL_PASS = environ['DB_PASSWORD']
PSQL_DB = environ['DB_DATABASE_NAME'] PSQL_DB = environ['DB_DATABASE_NAME']
logging.basicConfig(level=logging.INFO)
docker_networks = loads(check_output(['docker', 'network', 'inspect', 'aaarghhh'])) docker_networks = loads(check_output(['docker', 'network', 'inspect', 'aaarghhh']))
container_ip = None container_ip = None
@ -29,11 +26,11 @@ for network in docker_networks:
container_ip = container['IPv4Address'].split('/')[0] container_ip = container['IPv4Address'].split('/')[0]
if not container_ip: if not container_ip:
logging.error(f'could not find ip address for container {PSQL_HOST=} in json') print(f'could not find ip address for container {PSQL_HOST=} in json')
logging.debug(f'{docker_networks=}') print(docker_networks)
exit(0) exit(1)
logging.debug(f'{PSQL_HOST=} {container_ip=}') print(f'{PSQL_HOST=} {container_ip=}')
conn = psycopg2.connect( conn = psycopg2.connect(
dbname=PSQL_DB, dbname=PSQL_DB,
@ -52,7 +49,6 @@ with conn:
} }
for i in cur.fetchall() for i in cur.fetchall()
} }
logging.debug(f'{albums=}')
with conn.cursor() as cur: with conn.cursor() as cur:
cur.execute('SELECT "id","name" FROM users;') cur.execute('SELECT "id","name" FROM users;')
@ -60,28 +56,25 @@ with conn:
i[0]: i[1] i[0]: i[1]
for i in cur.fetchall() for i in cur.fetchall()
} }
logging.debug(f'{users=}')
for album_id, album in albums.items(): for album_id, album in albums.items():
log = logging.getLogger(album["name"]) print(f'----- working on album: {album["name"]}')
with conn: with conn:
with conn.cursor() as cur: with conn.cursor() as cur:
cur.execute('SELECT "usersId" FROM albums_shared_users_users WHERE "albumsId" = %s;', (album_id,)) cur.execute('SELECT "usersId" FROM albums_shared_users_users WHERE "albumsId" = %s;', (album_id,))
album_shares = [i[0] for i in cur.fetchall()] album_shares = [i[0] for i in cur.fetchall()]
log.info(f'album is shared with {len(album_shares)} users') print(f' album is shared with {len(album_shares)} users: {album_shares}')
log.debug(f'{album_shares=}')
for user_id, user_name in users.items(): for user_id, user_name in users.items():
if user_id == album['owner'] or user_id in album_shares: if user_id == album['owner'] or user_id in album_shares:
continue continue
log.info(f'sharing album with user {user_name}') print(f' sharing album with user {user_name} ... ', end='')
try: with conn.cursor() as cur:
with conn.cursor() as cur: cur.execute(
cur.execute( 'INSERT INTO albums_shared_users_users ("albumsId","usersId","role") VALUES (%s, %s, %s);',
'INSERT INTO albums_shared_users_users ("albumsId","usersId","role") VALUES (%s, %s, %s);', (album_id, user_id, 'viewer'),
(album_id, user_id, 'viewer'), )
) print('done')
except Exception: print()
log.exception('failure while creating share')
conn.close() conn.close()

1
bundles/mautrix-telegram/files/config.yaml
View file

@ -46,7 +46,6 @@ bridge:
- username - username
- phone number - phone number
displayname_max_length: 100 displayname_max_length: 100
caption_in_message: true
allow_avatar_remove: false allow_avatar_remove: false
max_initial_member_sync: -1 max_initial_member_sync: -1
sync_channel_members: true sync_channel_members: true

44
bundles/navidrome/files/navidrome.service
View file

@ -1,44 +0,0 @@
[Unit]
Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
After=remote-fs.target network.target
AssertPathExists=/var/opt/navidrome
[Install]
WantedBy=multi-user.target
[Service]
User=navidrome
Group=navidrome
Type=simple
ExecStart=/opt/navidrome/navidrome --configfile "/opt/navidrome/config.toml"
WorkingDirectory=/var/opt/navidrome
TimeoutStopSec=20
KillMode=process
Restart=on-failure
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
DevicePolicy=closed
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
ReadWritePaths=/var/opt/navidrome
# You can uncomment the following line if you're not using the jukebox This
# will prevent navidrome from accessing any real (physical) devices
PrivateDevices=yes
# You can change the following line to `strict` instead of `full` if you don't
# want navidrome to be able to write anything on your filesystem outside of
# /var/lib/navidrome.
ProtectSystem=full
# You can uncomment the following line if you don't have any media in /home/*.
# This will prevent navidrome from ever reading/writing anything there.
ProtectHome=true

66
bundles/navidrome/items.py
View file

@ -1,66 +0,0 @@
# ensure users set this to avoid using the shared key
node.metadata.get('navidrome/config/PasswordEncryptionKey')
users = {
'navidrome': {
'home': '/opt/navidrome',
},
}
directories = {
'/opt/navidrome': {},
'/var/opt/navidrome': {
'owner': 'navidrome',
},
}
svc_systemd = {
'navidrome': {
'needs': {
'file:/etc/systemd/system/navidrome.service',
'file:/opt/navidrome/config.toml',
'action:navidrome_install',
},
},
}
actions['navidrome_install'] = {
'command': 'tar -C /opt/navidrome -xf /opt/navidrome/navidrome.tar.gz',
'after': {
'pkg_apt:',
},
'triggered': True,
'triggers': {
'svc_systemd:navidrome:restart',
},
}
files = {
'/opt/navidrome/config.toml': {
'content': repo.libs.faults.dict_as_toml(node.metadata.get('navidrome/config')),
'triggers': {
'svc_systemd:navidrome:restart',
},
},
'/etc/systemd/system/navidrome.service': {
'triggers': {
'action:systemd-reload',
},
'delete': True,
},
'/usr/local/lib/systemd/system/navidrome.service': {
'triggers': {
'action:systemd-reload',
'svc_systemd:navidrome:restart',
},
},
'/opt/navidrome/navidrome.tar.gz': {
'content_hash': node.metadata.get('navidrome/sha1', None),
'content_type': 'download',
'mode': '0755',
'source': f'https://github.com/navidrome/navidrome/releases/download/v{node.metadata.get('navidrome/version')}/navidrome_{node.metadata.get('navidrome/version')}_linux_amd64.tar.gz',
'triggers': {
'action:navidrome_install',
'svc_systemd:navidrome:restart',
},
},
}

131
bundles/navidrome/metadata.py
View file

@ -1,131 +0,0 @@
defaults = {
'apt': {
'packages': {
'ffmpeg': {},
'mpv': {},
},
},
'backups': {
'paths': {
'/var/opt/navidrome',
},
},
'navidrome': {
'config': {
'Address': '127.0.0.1',
'DataFolder': '/var/opt/navidrome',
'EnableExternalServices': False,
'EnableInsightsCollector': False,
'Port': 4533,
'LastFM': {
'Enabled': False,
},
'ListenBrainz': {
'Enabled': False,
},
'Scanner': {
'Schedule': '@every 72h',
},
},
},
}
if node.has_bundle('snapserver'):
defaults['navidrome']['config']['Jukebox'] = {
'Enabled': True,
}
defaults['navidrome']['config']['MPVCmdTemplate'] = 'mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapserver_navidrome_fifo'
defaults['snapserver'] = {
'sources': {
'pipe:///tmp/snapserver_navidrome_fifo?name=Navidrome',
},
}
@metadata_reactor.provides(
'zfs/datasets',
)
def zfs(metadata):
zfs_base = metadata.get('navidrome/zfs_base', 'tank')
return {
'zfs': {
'datasets': {
f'{zfs_base}/navidrome': {},
f'{zfs_base}/navidrome/install': {
'mountpoint': '/opt/navidrome',
'needed_by': {
'directory:/opt/navidrome',
},
},
f'{zfs_base}/navidrome/home': {
'mountpoint': '/var/opt/navidrome',
'needed_by': {
'directory:/var/opt/navidrome',
},
},
},
},
}
@metadata_reactor.provides(
'navidrome/config/baseurl',
)
def baseurl(metadata):
return {
'navidrome': {
'config': {
'BaseUrl': f'https://{metadata.get('navidrome/domain')}',
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/navidrome',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'navidrome': {
'domain': metadata.get('navidrome/domain'),
'locations': {
'/': {
'target': f'http://127.0.0.1:{metadata.get('navidrome/config/Port')}',
# some requests take a loooooong time (for example,
# "delete all missing files" will wait until
# everything has been purged from the database)
'proxy_read_timeout': '1h',
},
},
'website_check_path': '/app/',
'website_check_string': 'Navidrome Music Server',
},
},
},
}
@metadata_reactor.provides(
'icinga2_api/navidrome/services',
)
def icinga_check_for_new_release(metadata):
version = metadata.get('navidrome/version')
return {
'icinga2_api': {
'pretalx': {
'services': {
'NAVIDROME UPDATE': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release navidrome/navidrome {}'.format(version),
'vars.notification.mail': True,
'check_interval': '60m',
},
},
},
},
}

4
bundles/netbox/items.py
View file

@ -38,8 +38,8 @@ actions['netbox_install'] = {
'triggered': True, 'triggered': True,
'command': ' && '.join([ 'command': ' && '.join([
'cd /opt/netbox/src', 'cd /opt/netbox/src',
'/opt/netbox/venv/bin/pip install --upgrade --upgrade-strategy=eager pip wheel setuptools django-auth-ldap gunicorn', '/opt/netbox/venv/bin/pip install --upgrade pip wheel setuptools django-auth-ldap gunicorn',
'/opt/netbox/venv/bin/pip install --upgrade --upgrade-strategy=eager -r requirements.txt', '/opt/netbox/venv/bin/pip install --upgrade -r requirements.txt',
]), ]),
'needs': { 'needs': {
'pkg_apt:build-essential', 'pkg_apt:build-essential',

10
bundles/nfs-server/files/avahi.service
View file

@ -1,10 +0,0 @@
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">NFS ${path} on %h</name>
<service>
<type>_nfs._tcp</type>
<port>2049</port>
<txt-record>path=${path}</txt-record>
</service>
</service-group>

2
bundles/nfs-server/files/exports
View file

@ -1,4 +1,4 @@
% for path, shares in sorted(node.metadata.get('nfs-server/shares', {}).items()): % for path, shares in sorted(node.metadata['nfs-server']['shares'].items()):
% for share_target, share_options in sorted(shares.items()): % for share_target, share_options in sorted(shares.items()):
% for ip_list in repo.libs.tools.resolve_identifier(repo, share_target).values(): % for ip_list in repo.libs.tools.resolve_identifier(repo, share_target).values():
% for ip in sorted(ip_list): % for ip in sorted(ip_list):

51
bundles/nfs-server/items.py
View file

@ -1,40 +1,25 @@
from re import sub files = {
'/etc/exports': {
files['/etc/exports'] = { 'content_type': 'mako',
'content_type': 'mako', 'triggers': {
'triggers': { 'action:nfs_reload_shares',
'action:nfs_reload_shares', },
},
'/etc/default/nfs-kernel-server': {
'source': 'etc-default',
'triggers': {
'svc_systemd:nfs-server:restart',
},
}, },
} }
files['/etc/default/nfs-kernel-server'] = { actions = {
'source': 'etc-default', 'nfs_reload_shares': {
'triggers': { 'command': 'exportfs -a',
'svc_systemd:nfs-server:restart', 'triggered': True,
}, },
} }
actions['nfs_reload_shares'] = { svc_systemd = {
'command': 'exportfs -a', 'nfs-server': {},
'triggered': True,
} }
svc_systemd['nfs-server'] = {}
if node.has_bundle('avahi-daemon'):
for path, shares in node.metadata.get('nfs-server/shares', {}).items():
create_avahi_file = False
for share_target, share_options in shares.items():
if ',insecure,' in f',{share_options},':
create_avahi_file = True
if create_avahi_file:
share_name_normalized = sub('[^a-z0-9-_]+', '_', path)
files[f'/etc/avahi/services/nfs{share_name_normalized}.service'] = {
'source': 'avahi.service',
'content_type': 'mako',
'context': {
'path': path,
},
}

4
bundles/nginx/metadata.py
View file

@ -73,10 +73,6 @@ def letsencrypt(metadata):
for vhost, config in metadata.get('nginx/vhosts', {}).items(): for vhost, config in metadata.get('nginx/vhosts', {}).items():
if config.get('ssl', 'letsencrypt') == 'letsencrypt': if config.get('ssl', 'letsencrypt') == 'letsencrypt':
domain = config.get('domain', vhost) domain = config.get('domain', vhost)
if '.' not in domain:
continue
domains[domain] = config.get('domain_aliases', set()) domains[domain] = config.get('domain_aliases', set())
vhosts[vhost] = { vhosts[vhost] = {
'ssl': 'letsencrypt', 'ssl': 'letsencrypt',

5
bundles/paperless-ng/files/paperless-webserver.service
View file

@ -8,11 +8,8 @@ Requires=redis.service
User=paperless User=paperless
Group=paperless Group=paperless
Environment=PAPERLESS_CONFIGURATION_PATH=/opt/paperless/paperless.conf Environment=PAPERLESS_CONFIGURATION_PATH=/opt/paperless/paperless.conf
Environment=GRANIAN_PORT=22070
Environment=GRANIAN_WORKERS=4
Environment=GRANIAN_HOST=::1
WorkingDirectory=/opt/paperless/src/paperless-ngx/src WorkingDirectory=/opt/paperless/src/paperless-ngx/src
ExecStart=/opt/paperless/venv/bin/granian --interface asginl --ws "paperless.asgi:application" ExecStart=/opt/paperless/venv/bin/gunicorn -c /opt/paperless/src/paperless-ngx/gunicorn.conf.py -b 127.0.0.1:22070 paperless.asgi:application
Restart=always Restart=always
RestartSec=10 RestartSec=10
SyslogIdentifier=paperless-webserver SyslogIdentifier=paperless-webserver

1
bundles/paperless-ng/files/paperless.conf
View file

@ -17,7 +17,6 @@ PAPERLESS_FILENAME_FORMAT={{ created_year }}/{{ created_month }}/{{ corresponden
# Security and hosting # Security and hosting
PAPERLESS_SECRET_KEY=${repo.vault.random_bytes_as_base64_for(f'{node.name} paperless secret key')} PAPERLESS_SECRET_KEY=${repo.vault.random_bytes_as_base64_for(f'{node.name} paperless secret key')}
PAPERLESS_CSRF_TRUSTED_ORIGINS=https://${node.metadata.get('paperless/domain')}
PAPERLESS_ALLOWED_HOSTS=${node.metadata.get('paperless/domain')} PAPERLESS_ALLOWED_HOSTS=${node.metadata.get('paperless/domain')}
PAPERLESS_CORS_ALLOWED_HOSTS=http://${node.metadata.get('paperless/domain')},https://${node.metadata.get('paperless/domain')} PAPERLESS_CORS_ALLOWED_HOSTS=http://${node.metadata.get('paperless/domain')},https://${node.metadata.get('paperless/domain')}
#PAPERLESS_FORCE_SCRIPT_NAME= #PAPERLESS_FORCE_SCRIPT_NAME=

2
bundles/paperless-ng/metadata.py
View file

@ -99,7 +99,7 @@ def nginx(metadata):
'domain': metadata.get('paperless/domain'), 'domain': metadata.get('paperless/domain'),
'locations': { 'locations': {
'/': { '/': {
'target': 'http://[::1]:22070', 'target': 'http://127.0.0.1:22070',
'websockets': True, 'websockets': True,
'proxy_set_header': { 'proxy_set_header': {
'X-Forwarded-Host': '$server_name', 'X-Forwarded-Host': '$server_name',

45
bundles/powerdns/items.py
View file

@ -2,14 +2,13 @@ from datetime import datetime
from os import listdir from os import listdir
from os.path import isfile, join from os.path import isfile, join
from subprocess import check_output from subprocess import check_output
from textwrap import dedent
from bundlewrap.utils.ui import io from bundlewrap.utils.ui import io
zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones') zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
nameservers = set() nameservers = set()
for rnode in repo.nodes_in_group('dns'): for rnode in sorted(repo.nodes_in_group('dns')):
nameservers.add(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname'))) nameservers.add(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname')))
my_primary_servers = set() my_primary_servers = set()
@ -68,7 +67,7 @@ svc_systemd = {
actions = { actions = {
'powerdns_reload_zones': { 'powerdns_reload_zones': {
'triggered': True, 'triggered': True,
'command': r'pdns_control rediscover; pdns_control reload; sleep 5; pdns_control notify \*', 'command': r'pdns_control rediscover; pdns_control reload; pdns_control notify \*',
'after': { 'after': {
'svc_systemd:pdns', 'svc_systemd:pdns',
}, },
@ -76,45 +75,25 @@ actions = {
} }
if node.metadata.get('powerdns/features/bind', False): if node.metadata.get('powerdns/features/bind', False):
try:
output = check_output(['git', 'log', '-1', '--pretty=%ci']).decode('utf-8').strip()
serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M')
except Exception as e:
io.stderr(f"{node.name} Error while parsing commit time for powerdns zone serial: {e!r}")
serial = datetime.now().strftime('%y%m%d0000')
HEADER = dedent(f"""
$TTL 60
@ IN SOA ns-mephisto.kunbox.net. hostmaster.kunbox.net. (
{serial}
3600
600
86400
300
)
""").strip()
for ns in sorted(nameservers):
HEADER += f"\n@ IN NS {ns}."
primary_zones = set() primary_zones = set()
for zone in listdir(zone_path): for zone in listdir(zone_path):
if ( if not isfile(join(zone_path, zone)) or zone.startswith(".") or zone.startswith("_"):
not (
isfile(join(zone_path, zone))
or islink(join(zone_path, zone))
)
or zone.startswith(".")
or zone.startswith("_")
):
continue continue
try:
output = check_output(['git', 'log', '-1', '--pretty=%ci']).decode('utf-8').strip()
serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M')
except Exception as e:
io.stderr(f"Error while parsing commit time for {zone} serial: {e!r}")
serial = datetime.now().strftime('%y%m%d0000')
primary_zones.add(zone) primary_zones.add(zone)
files[f'/var/lib/powerdns/zones/{zone}'] = { files[f'/var/lib/powerdns/zones/{zone}'] = {
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'HEADER': HEADER + f"\n$ORIGIN {zone}.", 'NAMESERVERS': '\n'.join(sorted({f'@ IN NS {ns}.' for ns in nameservers})),
'SERIAL': serial,
'metadata_records': node.metadata.get(f'powerdns/bind-zones/{zone}/records', []), 'metadata_records': node.metadata.get(f'powerdns/bind-zones/{zone}/records', []),
}, },
'source': f'bind-zones/{zone}', 'source': f'bind-zones/{zone}',

53
bundles/routeros/items.py
View file

@ -1,5 +1,3 @@
ROUTEROS_VERSION = node.os_version[0]
routeros['/ip/dns'] = { routeros['/ip/dns'] = {
'servers': '8.8.8.8', 'servers': '8.8.8.8',
} }
@ -20,7 +18,7 @@ for service in (
'ssh', 'ssh',
'www', 'www',
): ):
routeros[f'/ip/service?name={service}&dynamic=false'] = { routeros[f'/ip/service?name={service}'] = {
'disabled': False, 'disabled': False,
} }
@ -59,26 +57,16 @@ routeros['/system/clock'] = {
'time-zone-name': 'UTC', 'time-zone-name': 'UTC',
} }
routeros['/ip/neighbor/discovery-settings'] = {
'protocol': 'lldp',
}
routeros['/system/identity'] = { routeros['/system/identity'] = {
'name': node.name, 'name': node.name,
# doing this first gives us some chance to notice an IP mixup # doing this first gives us some chance to notice an IP mixup
'before': {'routeros:'}, 'before': {'routeros:'},
} }
if ROUTEROS_VERSION < 7: routeros['/system/ntp/client'] = {
routeros['/system/ntp/client'] = { 'enabled': True,
'enabled': True, 'server-dns-names': 'de.pool.ntp.org',
'server-dns-names': 'de.pool.ntp.org', }
}
else:
routeros['/system/ntp/client'] = {
'enabled': True,
'servers': 'de.pool.ntp.org',
}
if node.metadata.get('routeros/gateway'): if node.metadata.get('routeros/gateway'):
routeros['/ip/route?dst-address=0.0.0.0/0'] = { routeros['/ip/route?dst-address=0.0.0.0/0'] = {
@ -88,7 +76,6 @@ if node.metadata.get('routeros/gateway'):
routeros['/interface/bridge?name=bridge'] = { routeros['/interface/bridge?name=bridge'] = {
'priority': node.metadata.get('routeros/bridge_priority', '0x8000'), 'priority': node.metadata.get('routeros/bridge_priority', '0x8000'),
'protocol-mode': 'rstp', 'protocol-mode': 'rstp',
'igmp-snooping': False,
'vlan-filtering': True, 'vlan-filtering': True,
} }
@ -172,13 +159,7 @@ for vlan, conf in node.metadata.get('routeros/vlans').items():
} }
# assign ports to vlans # assign ports to vlans
# routeros[f"/interface/bridge/vlan?vlan-ids={conf['id']}"] = {
# Be sure to only consider non-dynamic VLANs: When you remove a
# port from a VLAN (if that VLAN is the PVID of the port) while
# the port is UP, then a dynamic temporary VLAN object will be
# created in the switch. That is harmless and it will vanish as
# soon as the PVID of the port also changes.
routeros[f"/interface/bridge/vlan?vlan-ids={conf['id']}&dynamic=false"] = {
'bridge': 'bridge', 'bridge': 'bridge',
'untagged': sorted(conf['untagged']), 'untagged': sorted(conf['untagged']),
'tagged': sorted(conf['tagged']), 'tagged': sorted(conf['tagged']),
@ -189,25 +170,3 @@ for vlan, conf in node.metadata.get('routeros/vlans').items():
'tag:routeros-vlan', 'tag:routeros-vlan',
}, },
} }
# purge unused vlans
routeros['/interface/vlan'] = {
'purge': {
'id-by': 'name',
},
'needed_by': {
'tag:routeros-vlan',
}
}
routeros['/interface/bridge/vlan'] = {
'purge': {
'id-by': 'vlan-ids',
'keep': {
'dynamic': True,
},
},
'needed_by': {
'tag:routeros-vlan',
}
}

16
bundles/routeros/metadata.py
View file

@ -84,21 +84,13 @@ defaults = {
'icinga2_api': { 'icinga2_api': {
'routeros': { 'routeros': {
'services': { 'services': {
'BOARD TEMPERATURE': { 'TEMPERATURE': {
'check_command': 'snmp', 'check_command': 'snmp',
'vars.snmp_oid': '1.3.6.1.4.1.14988.1.1.3.100.1.3.7101', 'vars.snmp_oid': '1.3.6.1.4.1.14988.1.1.3.11.0',
'vars.snmp_version': '2c', 'vars.snmp_version': '2c',
'vars.snmp_community': 'public', 'vars.snmp_community': 'public',
'vars.warn': '@75:79', # °C 'vars.warn': '@750:799', # 1/10 °C
'vars.crit': '@80:999', 'vars.crit': '@800:9999',
},
'SWITCH TEMPERATURE': {
'check_command': 'snmp',
'vars.snmp_oid': '1.3.6.1.4.1.14988.1.1.3.100.1.3.51',
'vars.snmp_version': '2c',
'vars.snmp_community': 'public',
'vars.warn': '@75:79', # °C
'vars.crit': '@80:999',
}, },
}, },
}, },

6
bundles/samba/metadata.py
View file

@ -27,7 +27,6 @@ def firewall(metadata):
@metadata_reactor.provides( @metadata_reactor.provides(
'backups/paths',
'zfs/datasets', 'zfs/datasets',
) )
def timemachine_zfs(metadata): def timemachine_zfs(metadata):
@ -41,18 +40,13 @@ def timemachine_zfs(metadata):
datasets = { datasets = {
'tank/timemachine': {}, 'tank/timemachine': {},
} }
paths = set()
for share_name in shares: for share_name in shares:
datasets[f'tank/timemachine/{share_name}'] = { datasets[f'tank/timemachine/{share_name}'] = {
'mountpoint': f'/srv/timemachine/{share_name}', 'mountpoint': f'/srv/timemachine/{share_name}',
} }
paths.add(f'/srv/timemachine/{share_name}')
return { return {
'backups': {
'paths': paths,
},
'zfs': { 'zfs': {
'datasets': datasets, 'datasets': datasets,
}, },

24
bundles/snapserver/files/snapserver.conf
View file

@ -1,24 +0,0 @@
[server]
threads = -1
[stream]
bind_to_address = 0.0.0.0
port = 1704
% for source in sorted(node.metadata.get('snapserver/sources')):
source = ${source}
% endfor
[streaming_client]
initial_volume = 100
[http]
enabled = true
port = 1780
hostname = ${node.metadata.get('snapserver/domain')}
doc_root = /usr/share/snapweb/
[tcp]
enabled = true
bind_to_address = 0.0.0.0
port = 1705

13
bundles/snapserver/items.py
View file

@ -1,13 +0,0 @@
files['/etc/snapserver.conf'] = {
'content_type': 'mako',
'triggers': {
'svc_systemd:snapserver:restart',
},
}
svc_systemd['snapserver'] = {
'needs': {
'file:/etc/snapserver.conf',
'pkg_apt:snapserver',
},
}

58
bundles/snapserver/metadata.py
View file

@ -1,58 +0,0 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'snapserver': {},
},
},
'snapserver': {
'sources': set(),
},
'sysctl': {
'options': {
'fs.protected_fifos': '0',
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/snapserver',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'snapserver': {
'domain': metadata.get('snapserver/domain'),
'locations': {
'/': {
'target': f'http://127.0.0.1:1780',
'websockets': True,
},
},
'website_check_path': '/',
'website_check_string': 'Snapweb',
},
},
},
}
@metadata_reactor.provides(
'firewall/port_rules',
'firewall/port_rules',
)
def firewall(metadata):
return {
'firewall': {
'port_rules': {
'1704/tcp': atomic(metadata.get('snapserver/restrict-to', set())),
'1705/tcp': atomic(metadata.get('snapserver/restrict-to', set())),
},
},
}

2
bundles/sysctl/items.py
View file

@ -20,7 +20,7 @@ files = {
}, },
} }
if node.os == 'debian' and node.os_version < (13,): if node.os == 'debian':
# debian insists on creating that file during almost every # debian insists on creating that file during almost every
# unattended-upgrades run. Make it known to bundlewrap, so # unattended-upgrades run. Make it known to bundlewrap, so
# it does not get removed during applies. # it does not get removed during applies.

6
bundles/travelynx/files/travelynx.conf
View file

@ -33,12 +33,6 @@
from => '${mail_from}', from => '${mail_from}',
}, },
% if not enable_registration:
registration => {
disabled => 1,
},
% endif
ref => { ref => {
issues => 'https://github.com/derf/travelynx/issues', issues => 'https://github.com/derf/travelynx/issues',
source => 'https://github.com/derf/travelynx', source => 'https://github.com/derf/travelynx',

9
bundles/travelynx/metadata.py
View file

@ -10,12 +10,11 @@ defaults = {
'password': repo.vault.password_for('{} postgresql travelynx'.format(node.name)), 'password': repo.vault.password_for('{} postgresql travelynx'.format(node.name)),
'database': 'travelynx', 'database': 'travelynx',
}, },
'additional_cookie_secrets': set(),
'cookie_secret': repo.vault.password_for('{} travelynx cookie_secret'.format(node.name)),
'enable_registration': False,
'mail_from': 'travelynx@{}'.format(node.hostname),
'spare_workers': 2,
'workers': 4, 'workers': 4,
'spare_workers': 2,
'mail_from': 'travelynx@{}'.format(node.hostname),
'cookie_secret': repo.vault.password_for('{} travelynx cookie_secret'.format(node.name)),
'additional_cookie_secrets': set(),
}, },
'postgresql': { 'postgresql': {
'roles': { 'roles': {

2
bundles/zfs/items.py
View file

@ -67,7 +67,6 @@ svc_systemd = {
'file:/etc/systemd/system/zfs-import-scan.service.d/bundlewrap.conf', 'file:/etc/systemd/system/zfs-import-scan.service.d/bundlewrap.conf',
}, },
'after': { 'after': {
'bundle:dm-crypt', # might unlock disks
'pkg_apt:', 'pkg_apt:',
}, },
'before': { 'before': {
@ -84,7 +83,6 @@ svc_systemd = {
}, },
'zfs-mount.service': { 'zfs-mount.service': {
'after': { 'after': {
'bundle:dm-crypt', # might unlock disks
'pkg_apt:', 'pkg_apt:',
}, },
}, },

590
configs/netbox/home.switch-new.json
View file

@ -1,590 +0,0 @@
{
"interfaces": {
"ether1": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether10": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether11": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether12": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether13": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether14": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether15": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether16": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether17": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether18": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether19": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether2": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether20": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether21": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether22": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether23": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether24": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether25": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether26": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether27": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether28": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether29": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether3": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether30": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether31": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether32": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether33": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether34": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether35": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether36": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether37": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether38": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether39": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether4": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether40": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether41": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether42": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether43": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether44": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether45": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether46": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether47": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether48": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether49": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether5": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether6": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether7": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether8": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"ether9": {
"description": "",
"enabled": true,
"ips": [],
"mode": "access",
"tagged_vlans": [],
"type": "1000base-t",
"untagged_vlan": "home.clients"
},
"home.clients": {
"description": "",
"enabled": true,
"ips": [
"172.19.138.2/24"
],
"mode": null,
"tagged_vlans": [],
"type": "virtual",
"untagged_vlan": null
},
"qsfpplus1-1": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus1-2": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus1-3": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus1-4": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus2-1": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus2-2": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus2-3": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"qsfpplus2-4": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "40gbase-x-qsfpp",
"untagged_vlan": null
},
"sfp-sfpplus1": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "10gbase-x-sfpp",
"untagged_vlan": null
},
"sfp-sfpplus2": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "10gbase-x-sfpp",
"untagged_vlan": null
},
"sfp-sfpplus3": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "10gbase-x-sfpp",
"untagged_vlan": null
},
"sfp-sfpplus4": {
"description": "",
"enabled": true,
"ips": [],
"mode": null,
"tagged_vlans": [],
"type": "10gbase-x-sfpp",
"untagged_vlan": null
}
},
"vlans": [
{
"name": "home.wan",
"vid": 7
},
{
"name": "home.clients",
"vid": 1138
},
{
"name": "home.dmz",
"vid": 1139
},
{
"name": "home.v6only",
"vid": 2000
},
{
"name": "ffwi.mesh",
"vid": 3000
},
{
"name": "ffwi.client",
"vid": 3001
}
]
}

6
configs/netbox/home.switch-rack.json
View file

@ -231,7 +231,7 @@
"ips": [ "ips": [
"172.19.138.4/24" "172.19.138.4/24"
], ],
"mode": null, "mode": "",
"tagged_vlans": [], "tagged_vlans": [],
"type": "virtual", "type": "virtual",
"untagged_vlan": null "untagged_vlan": null
@ -240,7 +240,7 @@
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": null, "mode": "",
"tagged_vlans": [], "tagged_vlans": [],
"type": "10gbase-x-sfpp", "type": "10gbase-x-sfpp",
"untagged_vlan": null "untagged_vlan": null
@ -249,7 +249,7 @@
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": null, "mode": "",
"tagged_vlans": [], "tagged_vlans": [],
"type": "10gbase-x-sfpp", "type": "10gbase-x-sfpp",
"untagged_vlan": null "untagged_vlan": null

7003
data/apt/files/gpg-keys/tailscale.asc
View file

File diff suppressed because it is too large Load diff

36
data/nginx/files/extras/rottenraptor-server/radio
View file

@ -1,36 +0,0 @@
location / {
proxy_pass http://172.30.17.52:8000/;
# Ensure streams don't end after a short time.
proxy_read_timeout 7d;
# Disable request size limit, very important for uploading large files
client_max_body_size 0;
# Enable support `Transfer-Encoding: chunked`
chunked_transfer_encoding on;
# Disable request and response buffering, minimize latency to/from Icecast
proxy_buffering off;
proxy_request_buffering off;
# Icecast needs HTTP/1.1, not 1.0 or 2
proxy_http_version 1.1;
# Forward all original request headers
proxy_pass_request_headers on;
# Set some standard reverse proxy headers. Icecast server currently ignores these,
# but may support them in a future version so that access logs are more useful.
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Rotten City Eventradio";
auth_basic_user_file /etc/nginx/radio-htpasswd;
location /admin/ {
deny all;
}
}

2
data/powerdns/files/bind-zones/_mail_NULL
View file

@ -1,2 +0,0 @@
@ IN TXT "v=spf1 -all"
_dmarc IN TXT "v=DMARC1; p=reject"

11
data/powerdns/files/bind-zones/_mail_carlene
View file

@ -1,11 +0,0 @@
@ IN TXT "v=spf1 mx -all"
@ IN MX 10 mail.franzi.business.
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@kunbox.net; ruf=mailto:dmarc@kunbox.net; fo=0:d:s; adkim=s; aspf=s"
_mta-sts IN TXT "v=STSv1;id=20201111;"
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:tlsrpt@kunbox.net"
mta-sts IN CNAME carlene.kunbox.net.
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
uo4anejdvvdw8bkne3kjiqavcqmj0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"

3
data/powerdns/files/bind-zones/_parked
View file

@ -1,3 +0,0 @@
${HEADER}
<%include file="bind-zones/_mail_NULL" />

6
data/powerdns/files/bind-zones/afra.berlin
View file

@ -1,6 +0,0 @@
${HEADER}
@ IN AAAA 2a0a:51c0:0:225::2
@ IN A 193.135.9.29
<%include file="bind-zones/_mail_NULL" />

1
data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org
View file

@ -1 +0,0 @@
_parked

1
data/powerdns/files/bind-zones/emails.sexy
View file

@ -1 +0,0 @@
_parked

3
data/powerdns/files/bind-zones/eskalation.jetzt
View file

@ -1,3 +0,0 @@
${HEADER}
<%include file="bind-zones/_mail_NULL" />

3
data/powerdns/files/bind-zones/felix-kunsmann.de
View file

@ -1,3 +0,0 @@
${HEADER}
<%include file="bind-zones/_mail_carlene" />

8
data/powerdns/files/bind-zones/flauschehorn.sexy
View file

@ -1,8 +0,0 @@
${HEADER}
@ IN AAAA 2a03:4000:4d:5e::1
@ IN A 194.36.145.49
<%include file="bind-zones/_mail_carlene" />
_acme-challenge IN CNAME 63bc37c61bda3c1f4fa1f270f8890c7f89c24353.acme.ctu.cx.

29
data/powerdns/files/bind-zones/franzi.business
View file

@ -1,29 +0,0 @@
${HEADER}
@ IN AAAA 2a0a:51c0:0:225::2
@ IN A 193.135.9.29
<%include file="bind-zones/_mail_carlene" />
_atproto IN TXT "did=did:plc:d762mg6wvvmpeu66zojntlof"
_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
_matrix._tcp IN SRV 10 10 443 matrix.franzi.business.
; carlene
git IN CNAME carlene.kunbox.net.
irc IN CNAME carlene.kunbox.net.
mail IN CNAME carlene.kunbox.net.
matrix IN CNAME carlene.kunbox.net.
matrix-stickers IN CNAME carlene.kunbox.net.
netbox IN CNAME carlene.kunbox.net.
ntfy IN CNAME carlene.kunbox.net.
postfixadmin IN CNAME carlene.kunbox.net.
rss IN CNAME carlene.kunbox.net.
travelynx IN CNAME carlene.kunbox.net.
; icinga2
icinga IN CNAME icinga2.kunbox.net.
status IN CNAME icinga2.kunbox.net.
; pretix
tickets IN CNAME franzi-business.cname.pretix.eu.

16
data/powerdns/files/bind-zones/kunbox.net
View file

@ -1,4 +1,16 @@
${HEADER} $TTL 60
@ IN SOA ns-mephisto.kunbox.net. hostmaster.kunbox.net. (
${SERIAL}
3600
600
86400
300
)
${NAMESERVERS}
$ORIGIN kunbox.net.
; ends up on carlene.kunbox.net ; ends up on carlene.kunbox.net
@ IN A 193.135.9.29 @ IN A 193.135.9.29
@ -17,8 +29,6 @@ aurto IN CNAME aurto.htz-cloud
; stuff running at home ; stuff running at home
jellyfin.home IN CNAME nas.home jellyfin.home IN CNAME nas.home
navidrome.home IN CNAME nas.home
snapserver.home IN CNAME nas.home
; Mail servers ; Mail servers
mta-sts IN CNAME carlene mta-sts IN CNAME carlene

1
data/powerdns/files/bind-zones/kunsi.scot
View file

@ -1 +0,0 @@
_parked

6
data/powerdns/files/bind-zones/kunsitracker.de
View file

@ -1,6 +0,0 @@
${HEADER}
@ IN AAAA 2a0a:51c0:0:225::2
@ IN A 193.135.9.29
<%include file="bind-zones/_mail_carlene" />

14
data/powerdns/files/bind-zones/kunsmann.eu
View file

@ -1,14 +0,0 @@
${HEADER}
@ IN AAAA 2a0a:51c0:0:225::2
@ IN A 193.135.9.29
<%include file="bind-zones/_mail_carlene" />
@ IN TXT "google-site-verification=Xl-OBZpTL1maD2Qr8QmQ2aKRXZLnCmvddpFdrTT8L34"
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
git IN CNAME git.franzi.business.
grafana IN CNAME influxdb.htz-cloud.kunbox.net.
influxdb IN CNAME influxdb.htz-cloud.kunbox.net.

9
data/powerdns/files/bind-zones/lulu26.eu
View file

@ -1,9 +0,0 @@
${HEADER}
<%include file="bind-zones/_mail_NULL" />
jellyfin IN CNAME nas.home.kunbox.net.
navidrome IN CNAME nas.home.kunbox.net.
snapserver IN CNAME nas.home.kunbox.net.
vnstat IN CNAME router.home.kunbox.net.
homeassistant IN CNAME hass.home.kunbox.net.

1
data/powerdns/files/bind-zones/raptor.events
View file

@ -1 +0,0 @@
_parked

1
data/powerdns/files/bind-zones/trans-agenda.de
View file

@ -1 +0,0 @@
_parked

1
data/powerdns/files/bind-zones/trans-agenda.eu
View file

@ -1 +0,0 @@
_parked

6
data/powerdns/files/bind-zones/warnochwas.de
View file

@ -1,6 +0,0 @@
${HEADER}
@ IN AAAA 2a0a:51c0:0:225::2
@ IN A 193.135.9.29
<%include file="bind-zones/_mail_carlene" />

1
data/powerdns/files/bind-zones/winkeeinhorn.de
View file

@ -1 +0,0 @@
_parked

36
data/ssl/_.home.kunbox.net.crt.pem
View file

@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDvDCCA0OgAwIBAgISBo2CjJbnK8A0cN9OMOLwENx3MAoGCCqGSM49BAMDMDIx MIIDrTCCAzOgAwIBAgISAzN38KowyAxKJIRnBKR9SwXnMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNTA1MjEyMDMwMjFaFw0yNTA4MTkyMDMwMjBaMBoxGDAWBgNVBAMTD2hv NTAeFw0yNTAyMjMwOTAyMzdaFw0yNTA1MjQwOTAyMzZaMBoxGDAWBgNVBAMTD2hv
bWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABEDJ6ph3s2d7ZVer bWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABCySMhuLfj3x+wjp
hT1E3gDWKEWTzfyp65nB6wTomd0fk02HPk2kZNa03zLuF7w5ixeCHDvtGGaJ/oTR BFpNu+R3IRL0qsBazrTrz8jwA1Brs8jxFSlPZRGpKiycFFQDwX5dSDJu+usngNh7
a4KitE+7wr5yG603t5/hBfrFYQer0RsJC49leQFMRpmdKOM2KKOCAjIwggIuMA4G pAs1UsniV2d3yLYK6qTVB8C420Xc55jlqTsGW+cvv0Adeap8DaOCAiIwggIeMA4G
A1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD A1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUVTHSrsLErU3zaJr9R35Q5Bok+tQwHwYDVR0j VR0TAQH/BAIwADAdBgNVHQ4EFgQUDEclq7TWouOYtvpzzutWtxXmZB8wHwYDVR0j
BBgwFoAUkydGmAOpUWiOmNbEQkjbI79YlNIwMgYIKwYBBQUHAQEEJjAkMCIGCCsG BBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMC0GA1UdEQQmMCSCESouaG9t AQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
ZS5rdW5ib3gubmV0gg9ob21lLmt1bmJveC5uZXQwEwYDVR0gBAwwCjAIBgZngQwB Ly9lNS5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5uZXSC
AgEwLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL2U2LmMubGVuY3Iub3JnLzEyMC5j D2hvbWUua3VuYm94Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQIGCisGAQQB
cmwwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDtPEvW6AbCpKIAV9vLJOI4Ad9R 1nkCBAIEgfMEgfAA7gB1AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfn
L+3EhsVwDyDdtz4/4AAAAZb0v8oqAAAEAwBIMEYCIQDPMCZ/27O7ki58XOEXScxd AAABlTJA35QAAAQDAEYwRAIgK6RVpdOCgEWCLxyLM7P9LRYWmPJ9+oA8DQ6EhV1V
g5CTNBsfJ33xhiQ96Gy10gIhAIltz6edq7h8dFpnitREku9CAkLSRaM6FuA9H9FA e+cCICAtK2lRg+vPuCXkqSGRFQEPqidmcT1NMrAstl6zOF3uAHUATnWjJ1yaEMM4
tyzEAHYADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGW9L/Z0gAA W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGVMkDfigAABAMARjBEAiBH2f88Uh6R
BAMARzBFAiBBit+rBWA9W3r3TRU0bnY37odvJuYbNSKKsYk0UVD5VAIhAMIZ0Lgw tPyyZzuKT5t6jcYLOsSQVkWbrerG34Z1xwIgXmW3tlmgKlUiTrRjCFbltLNJ12Tf
8Y6CZgqt9cKTyAaXfnF6oaXIr/Wwjpa4J+ZhMAoGCCqGSM49BAMDA2cAMGQCMHGs xA/QCmSHAyKUnHIwCgYIKoZIzj0EAwMDaAAwZQIxAKT8YobI9cF1LpSwF8esUwhX
qPfsaLfclD5WSkaSR1t7uRWwtqaDerwHuf4St3vIRD5iCk5zU3c9T9EvIFOArgIw M1oK0TVOnpFn3dyUgweqVS5sCn3V81626qP+wGrENgIwWlDcbKhT4j0G19O43pKp
erdi4GyW/W9j+0oEzIUNWODF//huulu2+Wd3wTYh/LFNVDtQICG7vi4uubHLyvg4 6f9TqzcY4iH5+VAuKPjh7H5ag7B+qCn9No2p56SagQpv
-----END CERTIFICATE----- -----END CERTIFICATE-----

36
data/ssl/_.home.kunbox.net.crt_intermediate.pem
View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL 2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH 6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
Ig46v9mFmBvyH04= VQD9F6Na/+zmXCc=
-----END CERTIFICATE----- -----END CERTIFICATE-----

2
data/ssl/_.home.kunbox.net.key.pem.vault
View file

@ -1 +1 @@
encrypt$gAAAAABoLkWaAM6hx5Tl_6sPRVNmmcx9OmWYGmrNLIF4J-p7Xhj4O0fQuPcnph0ZFtmlBNWcfGb8G2ysTeEN1-Be2O4JQamvxUyGFT-Jste8GzAH6btiM6ef1E0FO6ovmzUxAiFZCbeXqKXF0opPz2B6rbDKiU-yTEZpid6-D-yz3uGuunhOjL3RpWJ1ArZRiOoX3DKPf5BXn51-71TEhB-lg41sDqnMfl4lo9_9xb5_2MBLsVZ9EYjcxvwgzq7qtdExtmpkWQ7pU6uPSP5w5wc8MFvRbiXNlOrFMLjslcGp7_cbfBMmA56UCVAe2n8HqWRcKHeYo_gNVUi1nDi2GjBmUYygA9yzFcUBqcV5ZUPK-7uwYxh2ZFbBcbwmTtvXYqEEvTLuZbsYwhV5mJR6b7L3MR81g--9D8pSulsKjbrUXXTZ373SWXz_aQoBLg5vOiL4zUo8T0isXIGcGMS8LUn-LvpQyptE-A== encrypt$gAAAAABnuvHlF1U1dT-xIICT5GmDxxqm0hQAgshQSA46WrVoo18ypjyxQE1qRzPNdp0xHKPYwpGmAoT7ftX7U3X3sjIvH8W5DUNMEBPZk6Z2yPxsyMDqUbxqJUOkjsSjVf1GZ_n3R5kZfb-THJMjNQMy3tL5RwrSvZjsYeYT-NwBle5rUKZpgE_6sDr5jSr8xpNx87gJr1vqgnZIBPllU47CJQy7LHEsVcCvbKhpVoau02LlPAoApVt_iYYm1fL_E6jFGfnCwGoeiytMc2fl1DPWS8q8oauQ1pNVTWQ2BXnLiXoc8u3hgp93PpT2LubYgIrVXpY8iErNtghuXi_HmqL37btdN5h-p1Div-R_5uva1maXffduwutCd5xWJK__G_bhqiSoEaKEMvo_H47vqbi7Hvwi70ckYek9KD_bIb2W8zBEPl1Q2436Uz54B0muXv6X7OoZlTj51_gZUcT3cp8SDJqAWDpnWg==

22
data/ssl/_.lulu26.eu.crt.pem
View file

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDqTCCAy+gAwIBAgISBf/j44SG75ESkF7/mqPJa9gJMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNTA3MDYwNzA0NTlaFw0yNTEwMDQwNzA0NThaMBQxEjAQBgNVBAMTCWx1
bHUyNi5ldTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJBGQbz1ZI+F6Pgzkhh2uK+X
l1gnghKFwX7blquOY+k2cFoB450JiwooqqPJqAQ0KfqLlNtHjO/uzovlsJ39emO3
FIHlnpLVsOulp/4O12xn+QHFRJxCtpKxM8xZWUTVHqOCAiQwggIgMA4GA1UdDwEB
/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQUnnncer6/V1pOnMF+2JH6zaEZpzEwHwYDVR0jBBgwFoAU
nytfzzwhT50Et+0rLMTGcIvS1w0wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
hhZodHRwOi8vZTUuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCCyoubHVsdTI2LmV1
gglsdWx1MjYuZXUwEwYDVR0gBAwwCjAIBgZngQwBAgEwLQYDVR0fBCYwJDAioCCg
HoYcaHR0cDovL2U1LmMubGVuY3Iub3JnLzEwLmNybDCCAQQGCisGAQQB1nkCBAIE
gfUEgfIA8AB2AKRCxQZJYGFUjw/U6pz7ei0mRU2HqX8v30VZ9idPOoRUAAABl97C
+fEAAAQDAEcwRQIhAIBf6lyZBN3IW7bdTIN3bCe//Nk96QIY9CWXrhlDO53fAiA7
dgK+GmDRfjCDuaOCoR4G4ca90k1y7TW3OSANHp8ycgB2AA3h8jAr0w3BQGISCepV
LvxHdHyx1+kw7w5CHrR+Tqo0AAABl97C+fEAAAQDAEcwRQIgPsmJu9NTcMI51LHw
sgBl6Gri9VQ+cROHIrNHqh1qanwCIQCO9UUdLEyOzSzQQFXU5JYunl4+5v/DBa9m
HcndhmIctzAKBggqhkjOPQQDAwNoADBlAjAm0qmSJLNLPPl5vdeuKlR2IaRjMIpm
ih6HgkxRC1nGd9yreJxdzdTZt5+fqEhNguICMQDGgetJyTFOETe56+VsY55R2cuD
toRSkkackL8p5x+n3yxF4IQHFVo3FqBDN6IuYek=
-----END CERTIFICATE-----

27
data/ssl/_.lulu26.eu.crt_intermediate.pem
View file

@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----

1
data/ssl/_.lulu26.eu.key.pem.vault
View file

@ -1 +0,0 @@
encrypt$gAAAAABoai3Td5dENNTBJ4VtAGAiNE8no6ulTh2jsTRh92-st4plTofp1g1eMdpaHbZDS5kSmUESezLWvbB8VIyFtKu3Zvwv97YOJN6Exub2M5mssWiS9PBEbpTtampMMH7JbCuHYOQRaCM_zcO1zExR2E3Ufdb0vk8nix7xNl9n387MdPUeZCwOCWXvXo9o_ijmb2BCJISFXyTpo6Gtbn2f-gsaY5_uk7mS-ZJhQLuEMw9HUHRqjeRNSqlhqGBFBeB4ziSFDXrA-FjMe6a3aOACXZMjtUwORzZBoPA194dgmOteMmbYkCgERcrz5fwVXkkTKbgQkxglX_JOMo1KhqoXSdhtbMVr09yw1AppId67HEHs5mBzpAP-i7sZVuSlaxMCri0iKnM0xC1OPnvmg68sosJ0l-ND2oOhcf4mvERRrb263RLWbvIkLAHmQPbf7sSCJbH5oN1_sP3zuwGY-37UnnnegNlw5Q==

1
libs/s2s.py
View file

@ -6,7 +6,6 @@ AS_NUMBERS = {
'htz-cloud': 4290000137, 'htz-cloud': 4290000137,
'ionos': 4290000002, 'ionos': 4290000002,
'revision': 4290000078, 'revision': 4290000078,
'rottenraptor': 4290000030,
} }
WG_AUTOGEN_NODES = [ WG_AUTOGEN_NODES = [

47
nodes/backup-kunsi.toml
View file

@ -1,22 +1,19 @@
hostname = "2a01:4f9:3b:436d::2" hostname = "2001:67c:b54:1::f"
bundles = [ bundles = ["backup-server", "dm-crypt", "zfs"]
"backup-server",
"dm-crypt",
"smartd",
"zfs",
]
groups = ["debian-bookworm"] groups = ["debian-bookworm"]
[metadata] [metadata]
nameservers = ["2001:4860:4860::8888"] nameservers = ["2001:4860:4860::8888"]
[metadata.apt.packages.qemu-guest-agent]
[metadata.apt.unattended-upgrades] [metadata.apt.unattended-upgrades]
# requires manual apply to unlock disks # requires manual apply to unlock disks
reboot_enabled = false reboot_enabled = false
[metadata.interfaces.enp0s31f6] [metadata.interfaces.ens18]
ips = ["2a01:4f9:3b:436d::2/64"] ips = ["2001:67c:b54:1::f/64"]
gateway6 = "fe80::1" gateway6 = "2001:67c:b54:1::1"
[metadata.backups] [metadata.backups]
# this is the backup server # this is the backup server
@ -25,29 +22,15 @@ exclude_from_backups = true
[metadata.backup-server.zpool_create_options] [metadata.backup-server.zpool_create_options]
ashift = 12 ashift = 12
[metadata.backup-server.encrypted-devices.ZR57ZPJ8] [[metadata.backup-server.encrypted-devices]]
device = "/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR57ZPJ8-part4" "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1" = "!bwpass:bw/backup-kunsi/ata-ST18000NM0092-3CX103_ZVV06SLR-part1"
passphrase = "!bwpass:bw/backup-kunsi/ata-ST16000NM001J-2TW113_ZR57ZPJ8-part4" "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2-part1" = "!bwpass:bw/backup-kunsi/ata-ST18000NM0092-3CX103_ZVV0686W-part1"
"/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3-part1" = "!bwpass:bw/backup-kunsi/ata-ST18000NM0092-3CX103_ZVV06JV7-part1"
[metadata.backup-server.encrypted-devices.ZR58YEYV] [[metadata.backup-server.encrypted-devices]]
device = "/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR58YEYV-part4" "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part2" = "!bwpass:bw/backup-kunsi/ata-ST18000NM0092-3CX103_ZVV06SLR-part2"
passphrase = "!bwpass:bw/backup-kunsi/ata-ST16000NM001J-2TW113_ZR58YEYV-part4" "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2-part2" = "!bwpass:bw/backup-kunsi/ata-ST18000NM0092-3CX103_ZVV0686W-part2"
"/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3-part2" = "!bwpass:bw/backup-kunsi/ata-ST18000NM0092-3CX103_ZVV06JV7-part2"
[metadata.backup-server.encrypted-devices.ZR5C2ER6]
device = "/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR5C2ER6-part4"
passphrase = "!bwpass:bw/backup-kunsi/ata-ST16000NM001J-2TW113_ZR5C2ER6-part4"
[metadata.backup-server.encrypted-devices.ZR5C6MF4]
device = "/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR5C6MF4-part4"
passphrase = "!bwpass:bw/backup-kunsi/ata-ST16000NM001J-2TW113_ZR5C6MF4-part4"
[metadata.smartd]
disks = [
"/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR57ZPJ8",
"/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR58YEYV",
"/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR5C2ER6",
"/dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR5C6MF4",
]
[metadata.zfs] [metadata.zfs]
scrub_when = "Wed 08:00 Europe/Berlin" scrub_when = "Wed 08:00 Europe/Berlin"

21
nodes/carlene.toml
View file

@ -31,17 +31,14 @@ bundles = [
# for auto-deployment of salonkatrin.de # for auto-deployment of salonkatrin.de
[metadata.apt.packages.jekyll] [metadata.apt.packages.jekyll]
[metadata.backups]
paths = ["/mnt/sewfile/"]
[metadata.check-mail-received.t-online] [metadata.check-mail-received.t-online]
email = "franzi.kunsmann@t-online.de" email = "franzi.kunsmann@t-online.de"
imap_host = "secureimap.t-online.de" imap_host = "secureimap.t-online.de"
imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap" imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
[metadata.forgejo] [metadata.forgejo]
version = "11.0.2" version = "10.0.3"
sha1 = "242d8df88938115466c9ed32690e3875b9eb86e8" sha1 = "d1199c43de9e69f6bb8058c15290e79862913413"
domain = "git.franzi.business" domain = "git.franzi.business"
enable_git_hooks = true enable_git_hooks = true
install_ssh_key = true install_ssh_key = true
@ -101,8 +98,8 @@ provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4g
"'@kunsi:franzi.business'" = "admin" "'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp] [metadata.mautrix-whatsapp]
version = "v0.12.2" version = "v0.11.4"
sha1 = "09ae3f46ab6efa0ee15e8570c09a828efbe3ae8d" sha1 = "71a064b82072d2cec3d655c8848af418c1f54c77"
permissions."'@kunsi:franzi.business'" = "admin" permissions."'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp.homeserver] [metadata.mautrix-whatsapp.homeserver]
domain = "franzi.business" domain = "franzi.business"
@ -113,7 +110,7 @@ domain = "rss.franzi.business"
[metadata.netbox] [metadata.netbox]
domain = "netbox.franzi.business" domain = "netbox.franzi.business"
version = "v4.3.3" version = "v4.2.6"
admins.kunsi = "hostmaster@kunbox.net" admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud] [metadata.nextcloud]
@ -193,7 +190,6 @@ message_size_limit_mb = 100
myhostname = "mail.franzi.business" myhostname = "mail.franzi.business"
blocked_recipients = [ blocked_recipients = [
"!decrypt:encrypt$gAAAAABlrPHMqx7o9pscfSx4Elayrzwun9jcTYOM4XrcAoUWaHJ9vP_7P5G7V3nwdB8pWfObNew-2IOihn5EPS-0ej2gn9rI4iDnMG_6S2IBCDYMqZMn1W0=", # deadname "!decrypt:encrypt$gAAAAABlrPHMqx7o9pscfSx4Elayrzwun9jcTYOM4XrcAoUWaHJ9vP_7P5G7V3nwdB8pWfObNew-2IOihn5EPS-0ej2gn9rI4iDnMG_6S2IBCDYMqZMn1W0=", # deadname
"lord@kunsmann.eu",
"tectu@kunsmann.eu", "tectu@kunsmann.eu",
] ]
@ -248,13 +244,8 @@ disks = [
"/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NX0W114380", "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NX0W114380",
] ]
[metadata.systemd-timers.timers.42c3-topic]
command = "/home/kunsi/42c3-topic.sh"
user = "kunsi"
when = "Mon 04:00:00 Europe/Berlin"
[metadata.travelynx] [metadata.travelynx]
version = "2.14.15" version = "2.11.13"
mail_from = "travelynx@franzi.business" mail_from = "travelynx@franzi.business"
domain = "travelynx.franzi.business" domain = "travelynx.franzi.business"

9
nodes/home.airgradient-wohnzimmer.toml
View file

@ -1,9 +0,0 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.76"]
dhcp = true
mac = "34:85:18:28:13:10"
[metadata.icinga_options]
exclude_from_monitoring = true

11
nodes/home.hass.toml
View file

@ -2,8 +2,9 @@ hostname = "172.19.138.25"
bundles = [ bundles = [
'homeassistant', 'homeassistant',
'nginx', 'nginx',
'pyenv',
] ]
groups = ["debian-trixie"] groups = ["debian-bookworm"]
[metadata.icinga_options] [metadata.icinga_options]
also_affected_by = ['home.nas'] also_affected_by = ['home.nas']
@ -20,8 +21,12 @@ cpu = 2
ram = 2 ram = 2
[metadata.homeassistant] [metadata.homeassistant]
domain = 'homeassistant.lulu26.eu' domain = 'hass.home.kunbox.net'
api_secret = '!decrypt:encrypt$gAAAAABm9lNg_mNhyzb4S6WRtVRDmQFBnPpoCwyqMnilRrAFUXc-EDvv-nYXPbSIbjTf7ZReTPtqr8k3WrGPqiuqhJ60LVv4A5DMqT5c6hTVr4WbhP4DPEIPgfd5aq6U9_-H9WDyQYHKjnunLJEYtEREzmhTq3XsYeQ05DyE7hfnQ-zVoBb0CsAK7GdhihRTdvhXv2N9M04_rigyBP-roRcUgCqwyHuWJc0IPAyn3R4Mr43ZqgR2fn6dNV_YUVKn9c0nWxIwRnYy6Ff_Te9NoGVmXxkiNUX-90bBLKFiCzrRAtizxrTiQb2SRipaWbgOlV6wbMy2KNux' api_secret = '!decrypt:encrypt$gAAAAABm9lNg_mNhyzb4S6WRtVRDmQFBnPpoCwyqMnilRrAFUXc-EDvv-nYXPbSIbjTf7ZReTPtqr8k3WrGPqiuqhJ60LVv4A5DMqT5c6hTVr4WbhP4DPEIPgfd5aq6U9_-H9WDyQYHKjnunLJEYtEREzmhTq3XsYeQ05DyE7hfnQ-zVoBb0CsAK7GdhihRTdvhXv2N9M04_rigyBP-roRcUgCqwyHuWJc0IPAyn3R4Mr43ZqgR2fn6dNV_YUVKn9c0nWxIwRnYy6Ff_Te9NoGVmXxkiNUX-90bBLKFiCzrRAtizxrTiQb2SRipaWbgOlV6wbMy2KNux'
[metadata.pyenv]
version = 'v2.4.23'
python_versions = ["3.13.1"]
[metadata.nginx.vhosts.homeassistant] [metadata.nginx.vhosts.homeassistant]
ssl = '_.lulu26.eu' ssl = '_.home.kunbox.net'

4
nodes/home.mitel-rfp35.toml Normal file
View file

@ -0,0 +1,4 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.41"]

9
nodes/home.router96.toml
View file

@ -1,9 +0,0 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.97"]
dhcp = true
#mac = ""
[metadata.icinga_options]
exclude_from_monitoring = true

5
nodes/home.switch-new.toml
View file

@ -1,5 +0,0 @@
locking_node = "carlene"
groups = ["switches-mikrotik"]
hostname = "172.19.138.2"
password = "encrypt$gAAAAABoWsrzHpdt8kVtWlIlNwgRtslW0iroluwdxeTIfVlsc4WuxawfFJ1dZgRHn2T2nMDzvayzRkpPP6Kx2whTBSJhIPOJ3RMgGLd4e5QRUjN75CZjLa2Q24jqpmPPxECDEb0WGMj-"
os_version = [7]

1
nodes/home.switch-rack.toml
View file

@ -1,4 +1,3 @@
groups = ["switches-mikrotik"] groups = ["switches-mikrotik"]
hostname = "172.19.138.4" hostname = "172.19.138.4"
password = "encrypt$gAAAAABkI1Eqsust7XuYFK2-FaRzXWM5fOXumhdi5fWNokLtM0CBAqVqc5zcg37XH_JIZvkhp3buKvswcvd_znaV3Rb8kKeJTs4_VJo6OsvbiWkujfT50HspoUXER0JSZSmeZts8a_2i" password = "encrypt$gAAAAABkI1Eqsust7XuYFK2-FaRzXWM5fOXumhdi5fWNokLtM0CBAqVqc5zcg37XH_JIZvkhp3buKvswcvd_znaV3Rb8kKeJTs4_VJo6OsvbiWkujfT50HspoUXER0JSZSmeZts8a_2i"
os_version = [6]

2
nodes/home/downloadhelper.py
View file

@ -42,7 +42,7 @@ nodes['home.downloadhelper'] = {
'mounts': { 'mounts': {
'storage': { 'storage': {
'mountpoint': '/mnt/nas', 'mountpoint': '/mnt/nas',
'serverpath': '172.19.138.20:/mnt/download', 'serverpath': '172.19.138.20:/storage/download',
'mount_options': { 'mount_options': {
'retry=0', 'retry=0',
'rw', 'rw',

152
nodes/home/nas.py
View file

@ -1,23 +1,24 @@
# Dell Local Node Manager running on <http://172.19.138.20:4679/>
nodes['home.nas'] = { nodes['home.nas'] = {
'hostname': '172.19.138.20', 'hostname': '172.19.138.20',
'bundles': { 'bundles': {
'avahi-daemon', 'avahi-daemon',
'backup-client', 'backup-client',
'dm-crypt',
'jellyfin', 'jellyfin',
'lm-sensors', 'lm-sensors',
'mixcloud-downloader', 'mixcloud-downloader',
'mosquitto', 'mosquitto',
'navidrome',
'nfs-server', 'nfs-server',
'rsyslogd', 'rsyslogd',
'samba', 'samba',
'smartd', 'smartd',
'snapserver',
'vmhost', 'vmhost',
'zfs', 'zfs',
}, },
'groups': { 'groups': {
'debian-bookworm', 'debian-bullseye',
'webserver', 'webserver',
}, },
'metadata': { 'metadata': {
@ -60,8 +61,6 @@ nodes['home.nas'] = {
}, },
'backups': { 'backups': {
'paths': { 'paths': {
'/home/kunsi/',
'/opt/yate/',
'/storage/nas/', '/storage/nas/',
}, },
}, },
@ -70,16 +69,38 @@ nodes['home.nas'] = {
'avahi-aruba-fixup': '17,47 * * * * root /usr/bin/systemctl restart avahi-daemon.service', 'avahi-aruba-fixup': '17,47 * * * * root /usr/bin/systemctl restart avahi-daemon.service',
}, },
}, },
'dm-crypt': {
'encrypted-devices': {
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K': {
'dm-name': 'sam-S5SSNJ0X409404K',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409404K'),
},
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F': {
'dm-name': 'sam-S5SSNJ0X409845F',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409845F'),
},
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J': {
'dm-name': 'sam-S5SSNJ0X409870J',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409870J'),
},
},
},
'groups': { 'groups': {
'nas': {}, 'nas': {},
}, },
'firewall': { 'firewall': {
'port_rules': { 'port_rules': {
'4679/tcp': { # Dell ULNM
'172.19.136.0/25',
'172.19.138.0/24',
},
'5060/tcp': { # yate SIP '5060/tcp': { # yate SIP
'home.snom-wohnzimmer', 'home.snom-wohnzimmer',
'home.mitel-rfp35',
}, },
'5061/tcp': { # yate SIPS '5061/tcp': { # yate SIPS
'home.snom-wohnzimmer', 'home.snom-wohnzimmer',
'home.mitel-rfp35',
}, },
# yate RTP uses some random UDP port. We cannot firewall # yate RTP uses some random UDP port. We cannot firewall
# it, because for incoming calls the other side decides # it, because for incoming calls the other side decides
@ -89,6 +110,7 @@ nodes['home.nas'] = {
# to deal with randomly changing IPs here. # to deal with randomly changing IPs here.
'*/udp': { '*/udp': {
'home.snom-wohnzimmer', 'home.snom-wohnzimmer',
'home.mitel-rfp35',
}, },
}, },
}, },
@ -130,32 +152,13 @@ nodes['home.nas'] = {
'htz-cloud.molly-connector', 'htz-cloud.molly-connector',
}, },
}, },
'navidrome': {
'domain': 'navidrome.lulu26.eu',
'version': '0.57.0',
'sha1': 'db590c5007a205ff58b1f679bb38ccd74e141417',
'zfs_base': 'ssdpool',
'config': {
'EnableExternalServices': True, # need spotify for artist images
'EnableSharing': True,
'EnableStarRating': False,
'IgnoredArticles': 'The El La Los Las Le Les Os As O A Der Die Das',
'MusicFolder': '/storage/nas/music',
'PasswordEncryptionKey': vault.decrypt('encrypt$gAAAAABoRXLELiE8_PQyh4elPnSgMDKi7mPpNZweAZQykvfUbeVHv2JVXyzbOOerL3STeTIv8QbGKAqVGyDSzACRdGg4S6DP6Q5FiKFFbkOgKgc7WXQfT59QRP8jMoc2QSe_SQ3SvHFv'),
# currently broken <https://github.com/navidrome/navidrome/issues/4026>
#'Spotify': {
# 'ID': vault.decrypt('encrypt$gAAAAABoRXGJc4qqAttRNsRIP6N9yJ5LPMwItFW4vwm6Dnf9LVgaYdsXD1D-yx32B5iHgLIDCoeds2IpCAZCtPpmN-75i9AeblQGmqEopUThdkpOxeCwwJtBFkhl36T_O5YjLRA5MAYo'),
# 'Secret': vault.decrypt('encrypt$gAAAAABoRXGOyOItedfJI10IkAlfHYeiJUcCzYqCLQMkMecK8X3d_tsssCeE5lWZshEvgWVqWW7Iyi-as22uI6PEa0Xm3uwJUNvvRR2qCnwpX0Adv-4NZ7WizA6KX6E6P2zIYZ6tneeG'),
#},
},
},
'nfs-server': { 'nfs-server': {
'shares': { 'shares': {
'/mnt/download': { '/storage/download': {
'home.downloadhelper': 'rw,all_squash,anonuid=65534,anongid=1012,no_subtree_check', 'home.downloadhelper': 'rw,all_squash,anonuid=65534,anongid=1012,no_subtree_check',
}, },
'/storage/nas': { '/storage/nas': {
'172.19.138.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check,insecure', '172.19.138.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
}, },
'/srv/paperless': { '/srv/paperless': {
'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check', 'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
@ -166,14 +169,8 @@ nodes['home.nas'] = {
'vhosts': { 'vhosts': {
'jellyfin': { 'jellyfin': {
'create_logs': True, 'create_logs': True,
'domain': 'jellyfin.lulu26.eu', 'domain': 'jellyfin.home.kunbox.net',
'ssl': '_.lulu26.eu', 'ssl': '_.home.kunbox.net',
},
'navidrome': {
'ssl': '_.lulu26.eu',
},
'snapserver': {
'ssl': '_.lulu26.eu',
}, },
}, },
}, },
@ -195,7 +192,7 @@ nodes['home.nas'] = {
'disks': { 'disks': {
'/dev/nvme0', '/dev/nvme0',
# nas/timemachine disks # old nas disks
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR',
@ -203,15 +200,10 @@ nodes['home.nas'] = {
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V9JS5UYL', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V9JS5UYL',
# ssdpool disks # encrypted disks
'/dev/disk/by-id/ata-INTEL_SSDSC2KB960G8_PHYF244001QU960CGN', '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K',
'/dev/disk/by-id/ata-INTEL_SSDSC2KB960G8_PHYF244002AS960CGN', '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F',
}, '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J',
},
'snapserver': {
'domain': 'snapserver.lulu26.eu',
'restrict-to': {
'172.19.138.0/24',
}, },
}, },
'systemd-networkd': { 'systemd-networkd': {
@ -241,7 +233,6 @@ nodes['home.nas'] = {
'chown -R :nas /storage/nas/', 'chown -R :nas /storage/nas/',
r'find /storage/nas/ -type d -exec chmod 0775 {} \;', r'find /storage/nas/ -type d -exec chmod 0775 {} \;',
r'find /storage/nas/ -type f -exec chmod 0664 {} \;', r'find /storage/nas/ -type f -exec chmod 0664 {} \;',
'find /storage/nas/ -type f -name "._*" -delete',
], ],
'when': '*-*-* 02:00:00', 'when': '*-*-* 02:00:00',
}, },
@ -267,20 +258,6 @@ nodes['home.nas'] = {
'zfs_arc_max_gb': 8, 'zfs_arc_max_gb': 8,
}, },
'pools': { 'pools': {
'ssdpool': {
'when_creating': {
'config': [
{
'type': 'mirror',
'devices': {
'/dev/disk/by-id/ata-INTEL_SSDSC2KB960G8_PHYF244001QU960CGN',
'/dev/disk/by-id/ata-INTEL_SSDSC2KB960G8_PHYF244002AS960CGN',
},
},
],
'ashift': 12,
},
},
'tank': { 'tank': {
'when_creating': { 'when_creating': {
'config': [ 'config': [
@ -299,46 +276,67 @@ nodes['home.nas'] = {
'ashift': 12, 'ashift': 12,
}, },
}, },
'encrypted': {
'when_creating': {
'config': [
{
'type': 'raidz',
'devices': {
'/dev/mapper/sam-S5SSNJ0X409404K',
'/dev/mapper/sam-S5SSNJ0X409845F',
'/dev/mapper/sam-S5SSNJ0X409870J',
},
},
],
'ashift': 12,
},
'needs': {
'action:dm-crypt_open_sam-S5SSNJ0X409404K',
'action:dm-crypt_open_sam-S5SSNJ0X409845F',
'action:dm-crypt_open_sam-S5SSNJ0X409870J',
},
# see comment in bundle:backup-server
'unless': 'zpool import encrypted',
},
}, },
'datasets': { 'datasets': {
'ssdpool': { 'encrypted': {
'primarycache': 'metadata', 'primarycache': 'metadata',
}, },
'ssdpool/yate': { 'encrypted/nas': {
'mountpoint': '/opt/yate',
},
'ssdpool/download': {
'mountpoint': '/mnt/download',
'quota': '858993459200', # 800 GB
},
'ssdpool/paperless': {
'mountpoint': '/srv/paperless',
},
'tank': {
'primarycache': 'metadata',
},
'tank/nas': {
'acltype': 'off', 'acltype': 'off',
'atime': 'off', 'atime': 'off',
'compression': 'off', 'compression': 'off',
'mountpoint': '/storage/nas', 'mountpoint': '/storage/nas',
}, },
'tank': {
'primarycache': 'metadata',
},
'tank/opt-yate': {
'mountpoint': '/opt/yate',
},
'tank/download': {
'mountpoint': '/storage/download',
},
'tank/paperless': {
'mountpoint': '/srv/paperless',
},
}, },
'snapshots': { 'snapshots': {
'retain_per_dataset': { 'retain_per_dataset': {
'tank/nas': { 'encrypted/nas': {
# juuuuuuuust to be sure. # juuuuuuuust to be sure.
'daily': 14, 'daily': 14,
'weekly': 6, 'weekly': 6,
'monthly': 12, 'monthly': 12,
}, },
'ssdpool/download': { 'tank/download': {
'hourly': 48, 'hourly': 48,
'daily': 0, 'daily': 0,
'weekly': 0, 'weekly': 0,
'monthly': 0, 'monthly': 0,
}, },
'ssdpool/paperless': { 'tank/paperless': {
'daily': 14, 'daily': 14,
'weekly': 6, 'weekly': 6,
'monthly': 24, 'monthly': 24,

2
nodes/home/paperless.py
View file

@ -49,7 +49,7 @@ nodes['home.paperless'] = {
}, },
'paperless': { 'paperless': {
'domain': 'paperless.home.kunbox.net', 'domain': 'paperless.home.kunbox.net',
'version': 'v2.17.1', 'version': 'v2.14.7',
'timezone': 'Europe/Berlin', 'timezone': 'Europe/Berlin',
}, },
'postgresql': { 'postgresql': {

8
nodes/home/router.py
View file

@ -2,6 +2,7 @@ nodes['home.router'] = {
'hostname': '172.19.138.1', 'hostname': '172.19.138.1',
'bundles': { 'bundles': {
'bird', 'bird',
'jool',
'kea-dhcp-server', 'kea-dhcp-server',
'nginx', 'nginx',
'pppd', 'pppd',
@ -16,9 +17,6 @@ nodes['home.router'] = {
}, },
'metadata': { 'metadata': {
'interfaces': { 'interfaces': {
'enp1s0.7': {
'dhcp': True,
},
'enp1s0.1138': { 'enp1s0.1138': {
'ips': { 'ips': {
'172.19.138.1/24', '172.19.138.1/24',
@ -102,8 +100,8 @@ nodes['home.router'] = {
}, },
'vhosts': { 'vhosts': {
'vnstat': { 'vnstat': {
'domain': 'vnstat.lulu26.eu', 'domain': 'router.home.kunbox.net',
'ssl': '_.lulu26.eu', 'ssl': '_.home.kunbox.net',
}, },
}, },
}, },

9
nodes/htz-cloud/wireguard.py
View file

@ -37,7 +37,6 @@ nodes['htz-cloud.wireguard'] = {
'172.19.137.0/24', '172.19.137.0/24',
'172.19.136.62/31', '172.19.136.62/31',
'172.19.136.64/31', '172.19.136.64/31',
'172.19.136.66/31',
'192.168.100.0/24', '192.168.100.0/24',
}, },
}, },
@ -53,7 +52,6 @@ nodes['htz-cloud.wireguard'] = {
'udp dport 1194 accept', 'udp dport 1194 accept',
'udp dport 51800 accept', 'udp dport 51800 accept',
'udp dport 51804 accept', 'udp dport 51804 accept',
'udp dport 51805 accept',
# wg.c3voc.de # wg.c3voc.de
'udp dport 51801 ip saddr 185.106.84.42 accept', 'udp dport 51801 ip saddr 185.106.84.42 accept',
@ -127,13 +125,6 @@ nodes['htz-cloud.wireguard'] = {
'my_ip': '172.19.136.66', 'my_ip': '172.19.136.66',
'their_ip': '172.19.136.67', 'their_ip': '172.19.136.67',
}, },
'rottenraptor-vpn': {
'endpoint': None,
'exclude_from_monitoring': True,
'my_port': 51805,
'my_ip': '172.19.136.68',
'their_ip': '172.19.136.69',
},
}, },
}, },
}, },

12
nodes/proxmox-backupstorage.toml
View file

@ -14,17 +14,17 @@ check_command = "sshmon"
check_command = "sshmon" check_command = "sshmon"
"vars.sshmon_command" = "CT480BX500SSD1_2314E6C5C6C8" "vars.sshmon_command" = "CT480BX500SSD1_2314E6C5C6C8"
[metadata.icinga2_api.smartd.services."SMART STATUS ST20000NM007D-3DJ103_WVT0RNKF"] [metadata.icinga2_api.smartd.services."SMART STATUS ST18000NM0092-3CX103_ZVV0686W"]
check_command = "sshmon" check_command = "sshmon"
"vars.sshmon_command" = "ST20000NM007D-3DJ103_WVT0RNKF" "vars.sshmon_command" = "ST18000NM0092-3CX103_ZVV0686W"
[metadata.icinga2_api.smartd.services."SMART STATUS ST20000NM007D-3DJ103_WVT0V0NQ"] [metadata.icinga2_api.smartd.services."SMART STATUS ST18000NM0092-3CX103_ZVV06JV7"]
check_command = "sshmon" check_command = "sshmon"
"vars.sshmon_command" = "ST20000NM007D-3DJ103_WVT0V0NQ" "vars.sshmon_command" = "ST18000NM0092-3CX103_ZVV06JV7"
[metadata.icinga2_api.smartd.services."SMART STATUS ST20000NM007D-3DJ103_WVT0W64H"] [metadata.icinga2_api.smartd.services."SMART STATUS ST18000NM0092-3CX103_ZVV06SLR"]
check_command = "sshmon" check_command = "sshmon"
"vars.sshmon_command" = "ST20000NM007D-3DJ103_WVT0W64H" "vars.sshmon_command" = "ST18000NM0092-3CX103_ZVV06SLR"
[metadata.icinga2_api.smartd.services."SMART STATUS ST8000NM0045-1RL112_ZA1EYQWR"] [metadata.icinga2_api.smartd.services."SMART STATUS ST8000NM0045-1RL112_ZA1EYQWR"]
check_command = "sshmon" check_command = "sshmon"

9
nodes/rottenraptor-server.toml
View file

@ -18,11 +18,6 @@ ipmi_username = "Administrator"
ipmi_password = "!bwpass:bw/rottenraptor-server/ipmi" ipmi_password = "!bwpass:bw/rottenraptor-server/ipmi"
ipmi_interface = "lanplus" ipmi_interface = "lanplus"
[metadata.apt.repos.tailscale]
items = [
"deb https://pkgs.tailscale.com/stable/debian {os_release} main",
]
[metadata.docker-immich] [metadata.docker-immich]
enable_auto_album_share = true enable_auto_album_share = true
@ -53,10 +48,6 @@ domain = "sso.rotten.city"
[metadata.nginx.vhosts.immich] [metadata.nginx.vhosts.immich]
domain = "immich.rotten.city" domain = "immich.rotten.city"
[metadata.nginx.vhosts.radio]
domain = "eventradio.rotten.city"
extras = true
[metadata.php] [metadata.php]
packages = [ packages = [
"xml", "xml",

27
nodes/rottenraptor-vpn.toml
View file

@ -1,27 +0,0 @@
hostname = "172.30.17.53"
bundles = ["bird", "wireguard"]
groups = ["debian-bookworm"]
[metadata]
location = "rottenraptor"
backups.exclude_from_backups = true
icinga_options.exclude_from_monitoring = true
[metadata.bird]
static_routes = [
"172.30.17.0/24",
]
[metadata.interfaces.ens18]
ips = ["172.30.17.53/24"]
gateway4 = "172.30.17.1"
[metadata.nftables.postrouting]
"50-router" = [
"oifname ens18 masquerade",
]
[metadata.wireguard.peers."htz-cloud.wireguard"]
my_port = 51804
my_ip = "172.19.136.69"
their_ip = "172.19.136.68"

8
nodes/sophie/miniserver.py
View file

@ -61,7 +61,7 @@ nodes["htz-cloud.miniserver"] = {
}, },
"element-web": { "element-web": {
"url": "chat.sophies-kitchen.eu", "url": "chat.sophies-kitchen.eu",
"version": "v1.11.106", "version": "v1.11.96",
"config": { "config": {
"default_server_config": { "default_server_config": {
"m.homeserver": { "m.homeserver": {
@ -109,7 +109,7 @@ nodes["htz-cloud.miniserver"] = {
}, },
}, },
"matrix-media-repo": { "matrix-media-repo": {
"version": "v1.3.8", "version": "v1.3.7",
"datastore_id": "99c09e24edc4e9be6c4c9486bc147e385bc87044", "datastore_id": "99c09e24edc4e9be6c4c9486bc147e385bc87044",
"sha1": "3e2bb7089b0898b86000243a82cc58ae998dc9d9", "sha1": "3e2bb7089b0898b86000243a82cc58ae998dc9d9",
"homeservers": { "homeservers": {
@ -144,7 +144,7 @@ nodes["htz-cloud.miniserver"] = {
}, },
}, },
"mautrix-telegram": { "mautrix-telegram": {
"version": "v0.15.3", "version": "v0.15.2",
"homeserver": { "homeserver": {
"domain": "sophies-kitchen.eu", "domain": "sophies-kitchen.eu",
"url": "https://matrix.sophies-kitchen.eu", "url": "https://matrix.sophies-kitchen.eu",
@ -210,7 +210,7 @@ nodes["htz-cloud.miniserver"] = {
}, },
}, },
"nodejs": { "nodejs": {
"version": 22, "version": 20,
}, },
"ntfy": { "ntfy": {
"domain": "ntfy.sophies-kitchen.eu", "domain": "ntfy.sophies-kitchen.eu",

2
nodes/sophie/sophie.homeassistant.toml
View file

@ -14,8 +14,6 @@ ips = [
] ]
gateway4 = "172.19.164.1" gateway4 = "172.19.164.1"
ipv6_accept_ra = true ipv6_accept_ra = true
[metadata.interfaces.enp7s0.routes."172.19.165.0/24"]
via = "172.19.164.2"
[metadata.vm] [metadata.vm]
cpu = 2 cpu = 2

47
nodes/sophie/sophie.navidrome.toml
View file

@ -1,47 +0,0 @@
hostname = "172.19.164.5"
bundles = [
'navidrome',
'nginx',
'nfs-client',
]
groups = [
"debian-bookworm",
]
[metadata.interfaces.enp1s0]
ips = [
"172.19.164.5/24",
]
gateway4 = "172.19.164.1"
ipv6_accept_ra = true
[metadata.interfaces.enp1s0.routes."172.19.165.0/24"]
via = "172.19.164.2"
[metadata.vm]
cpu = 2
ram = 4
[metadata.navidrome]
domain = 'navidrome.home.sophies-kitchen.eu'
version = '0.55.2'
sha1 = 'c5e513fb830f40bea33537ef0c649a3621bd443c'
[metadata.navidrome.config]
MusicFolder = "/mnt/media/Musik"
PasswordEncryptionKey = "!decrypt:encrypt$gAAAAABoRXLwSTeGRCvU-eVS-596B4UqjR6sC-AyB17JCLLEaGHDjJUnUXyn3dRKaLNoTCxKQkHIR4K0aAyQkPf7gVEwthZS4UoJCeQhvhFA9udtjSSAMt7E7sMnTFD8qCCoznqSRQzZ"
[metadata.nfs-client.mounts.media]
mountpoint = '/mnt/media'
serverpath = '172.19.164.2:/srv/nas'
mount_options =[
'retry=0',
'ro',
]
[metadata.nginx]
restrict-to = [
'172.19.164.0/22',
]
[metadata.nginx.vhosts.navidrome]
ssl = '_.home.sophies-kitchen.eu'

8
nodes/sophie/vmhost.py
View file

@ -18,8 +18,6 @@ nodes['sophie.vmhost'] = {
'apt': { 'apt': {
'packages': { 'packages': {
'irqbalance': {}, 'irqbalance': {},
'mosh': {},
'borgbackup': {},
}, },
}, },
'groups': { 'groups': {
@ -186,12 +184,6 @@ nodes['sophie.vmhost'] = {
} }
}, },
"datasets": { "datasets": {
'nas/ejgwthink': {
'mountpoint': '/mnt/backups/ejgwthink',
},
'nas/ejgwdesk': {
'mountpoint': '/mnt/backups/ejgwdesk',
},
"storage/libvirt": { "storage/libvirt": {
"mountpoint": "/var/lib/libvirt", "mountpoint": "/var/lib/libvirt",
}, },

12
nodes/voc/infobeamer-cms.py
View file

@ -25,15 +25,15 @@ nodes['voc.infobeamer-cms'] = {
}, },
'infobeamer-cms': { 'infobeamer-cms': {
'domain': 'infobeamer.c3voc.de', 'domain': 'infobeamer.c3voc.de',
'event_start_date': '2025-06-19', 'event_start_date': '2025-02-28',
'event_duration_days': 4, 'event_duration_days': 3,
'config': { 'config': {
'ADMIN_USERS': [], 'ADMIN_USERS': [],
'NO_LIMIT_USERS': [], 'NO_LIMIT_USERS': [],
'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'), 'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'),
'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key 38c3', words=1), 'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key 38c3', words=1),
'SETUP_IDS': [ 'SETUP_IDS': [
262628, 258552,
], ],
# 'EXTRA_ASSETS': [{ # 'EXTRA_ASSETS': [{
# 'type': "image", # 'type': "image",
@ -80,9 +80,9 @@ nodes['voc.infobeamer-cms'] = {
}, },
}, },
'rooms': { 'rooms': {
'Medientheater': 34430, # s1 'Saal 1': 34430, # s1
'Vortragssaal': 37731, # s2 'Saal GLITCH': 37731, # s2
'Kubus': 26610, # s3 'Saal ZIGZAG': 26610, # s3
'Sendezentrum': 38641, # s4 'Sendezentrum': 38641, # s4
'Stage YELL': 38642, # s5 'Stage YELL': 38642, # s5
'Stage HUFF': 35042, # s6 'Stage HUFF': 35042, # s6

2
scripts/letsencrypt-wildcard
View file

@ -39,7 +39,7 @@ then
echo echo
echo You must now provide this DNS record: echo You must now provide this DNS record:
echo "$(tput bold)_acme-challenge IN TXT $token_value$(tput sgr0)" echo "$(tput bold)_acme-challenge.$domain IN TXT $token_value$(tput sgr0)"
echo echo
echo "Hit ENTER once it's available." echo "Hit ENTER once it's available."
read read

2
scripts/netbox-dump
View file

@ -34,7 +34,7 @@ QUERY_SITES = """{
}""" }"""
QUERY_DEVICES = """{ QUERY_DEVICES = """{
device_list(filters: {site_id: "SITE_ID", tags: {name: {exact: "bundlewrap"}}}) { device_list(filters: {tag: "bundlewrap", site_id: "SITE_ID"}) {
name name
id id
} }