kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

Compare commits

base: kunsi:main
Branches Tags
kunsi:main
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer
..
compare: kunsi:sophiesheomenetwork
Branches Tags
kunsi:main
kunsi:new-wildcard-sophies-kitchen
kunsi:updates
kunsi:update-miniserver
kunsi:vmhostumzug
kunsi:jhtoolz
kunsi:sophiesheomenetwork
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer

No commits in common. "main" and "sophiesheomenetwork" have entirely different histories.
main ... sophiesheo

97 changed files with 1293 additions and 1649 deletions
Show stats Expand all files Collapse all files

1
bundles/apt/files/sources.list-raspbian-buster Normal file
View file

@ -0,0 +1 @@
deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

7
bundles/apt/items.py
View file

@ -7,6 +7,9 @@ supported_os = {
12: 'bookworm', 12: 'bookworm',
99: 'unstable', 99: 'unstable',
}, },
'raspbian': {
10: 'buster',
},
} }
try: try:
@ -24,10 +27,6 @@ actions = {
'triggered': True, 'triggered': True,
'cascade_skip': False, 'cascade_skip': False,
}, },
'apt_execute_update_commands': {
'command': ' && '.join(sorted(node.metadata.get('apt/additional_update_commands', {'true'}))),
'triggered': True,
},
} }
files = { files = {

3
bundles/apt/metadata.py
View file

@ -21,9 +21,6 @@ defaults = {
'cron/jobs/upgrade-and-reboot' 'cron/jobs/upgrade-and-reboot'
) )
def patchday(metadata): def patchday(metadata):
if not node.metadata.get('apt/unattended-upgrades/enabled', True):
return {}
day = metadata.get('apt/unattended-upgrades/day') day = metadata.get('apt/unattended-upgrades/day')
hour = metadata.get('apt/unattended-upgrades/hour') hour = metadata.get('apt/unattended-upgrades/hour')

2
bundles/arch-with-gui/metadata.py
View file

@ -33,7 +33,7 @@ defaults = {
# networking # networking
'avahi': {}, 'avahi': {},
'netctl': {}, 'netctl': {},
'util-linux': {}, # provides rfkill 'rfkill': {},
'wpa_supplicant': {}, 'wpa_supplicant': {},
'wpa_actiond': {}, 'wpa_actiond': {},

11
bundles/backup-client/files/generate-backup
View file

@ -62,13 +62,10 @@ trap "on_exit" EXIT
# redirect stdout and stderr to logfile # redirect stdout and stderr to logfile
prepare_and_cleanup_logdir prepare_and_cleanup_logdir
if [[ -z "$DEBUG" ]] logfile="$logdir/backup--$(date '+%F--%H-%M-%S')--$$.log.gz"
then echo "All log output will go to $logfile" | logger -it backup-client
logfile="$logdir/backup--$(date '+%F--%H-%M-%S')--$$.log.gz" exec > >(gzip >"$logfile")
echo "All log output will go to $logfile" | logger -it backup-client exec 2>&1
exec > >(gzip >"$logfile")
exec 2>&1
fi
# this is where the real work starts # this is where the real work starts
ts_begin=$(date +%s) ts_begin=$(date +%s)

2
bundles/backup-server/metadata.py
View file

@ -160,7 +160,7 @@ def monitoring(metadata):
client, client,
config['one_backup_every_hours'], config['one_backup_every_hours'],
), ),
'vars.sshmon_timeout': 40, 'vars.sshmon_timeout': 20,
} }
return { return {

7
bundles/c3voc-addons/items.py
View file

@ -7,6 +7,9 @@ supported_os = {
12: 'bookworm', 12: 'bookworm',
99: 'unstable', 99: 'unstable',
}, },
'raspbian': {
10: 'buster',
},
} }
try: try:
@ -79,10 +82,6 @@ actions = {
'triggered': True, 'triggered': True,
'cascade_skip': False, 'cascade_skip': False,
}, },
'apt_execute_update_commands': {
'command': ' && '.join(sorted(node.metadata.get('apt/additional_update_commands', {'true'}))),
'triggered': True,
},
} }
directories = { directories = {

2
bundles/element-web/items.py
View file

@ -33,7 +33,7 @@ actions = {
'yarn build', 'yarn build',
]), ]),
'needs': { 'needs': {
'action:apt_execute_update_commands', 'action:nodejs_install_yarn',
'pkg_apt:nodejs', 'pkg_apt:nodejs',
}, },
'triggered': True, 'triggered': True,

20
bundles/element-web/metadata.py
View file

@ -11,26 +11,6 @@ defaults = {
}, },
} }
@metadata_reactor.provides(
'nodejs/version',
)
def nodejs(metadata):
version = tuple([int(i) for i in metadata.get('element-web/version')[1:].split('.')])
if version >= (1, 11, 71):
return {
'nodejs': {
'version': 20,
},
}
else:
return {
'nodejs': {
'version': 18,
},
}
@metadata_reactor.provides( @metadata_reactor.provides(
'nginx/vhosts/element-web', 'nginx/vhosts/element-web',
) )

1
bundles/grafana/metadata.py
View file

@ -43,7 +43,6 @@ def nginx(metadata):
'locations': { 'locations': {
'/': { '/': {
'target': 'http://127.0.0.1:21010', 'target': 'http://127.0.0.1:21010',
'websockets': True,
}, },
'/api/ds/query': { '/api/ds/query': {
'target': 'http://127.0.0.1:21010', 'target': 'http://127.0.0.1:21010',

1
bundles/hedgedoc/items.py
View file

@ -72,6 +72,7 @@ actions = {
'yarn build', 'yarn build',
]), ]),
'needs': { 'needs': {
'action:nodejs_install_yarn',
'file:/opt/hedgedoc/config.json', 'file:/opt/hedgedoc/config.json',
'git_deploy:/opt/hedgedoc', 'git_deploy:/opt/hedgedoc',
'pkg_apt:nodejs', 'pkg_apt:nodejs',

70
bundles/homeassistant/files/check_homeassistant_update
View file

@ -2,42 +2,48 @@
from sys import exit from sys import exit
import requests
from packaging import version from packaging import version
from requests import get
API_TOKEN = "${token}" bearer = "${bearer}"
DOMAIN = "${domain}" domain = "${domain}"
OK = 0
WARN = 1
CRITICAL = 2
UNKNOWN = 3
status = 3
message = "Unknown Update Status"
domain = "hass.home.kunbox.net"
s = requests.Session()
s.headers.update({"Content-Type": "application/json"})
try: try:
r = get("https://version.home-assistant.io/stable.json") stable_version = version.parse(
r.raise_for_status() s.get("https://version.home-assistant.io/stable.json").json()["homeassistant"][
stable_version = r.json()["homeassistant"]["generic-x86-64"] "generic-x86-64"
except Exception as e: ]
print(f"Could not get stable version information from home-assistant.io: {e!r}")
exit(3)
try:
r = get(
f"https://{DOMAIN}/api/config",
headers={"Authorization": f"Bearer {API_TOKEN}", "Content-Type": "application/json"},
) )
r.raise_for_status() s.headers.update(
running_version = r.json()["version"] {"Authorization": f"Bearer {bearer}", "Content-Type": "application/json"}
except Exception as e: )
print(f"Could not get running version information from homeassistant: {e!r}") running_version = version.parse(
exit(3) s.get(f"https://{domain}/api/config").json()["version"]
)
try: if running_version == stable_version:
if stable_version > running_version: status = 0
print( message = f"OK - running version {running_version} equals stable version {stable_version}"
f"There is a newer version available: {stable_version} (currently installed: {running_version})" elif running_version > stable_version:
) status = 1
exit(2) message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
else: else:
print( status = 2
f"Currently running version {running_version} matches newest release on home-assistant.io" message = f"CRITICAL - update necessary, running version {running_version} is lower than stable version {stable_version}"
)
exit(0)
except Exception as e: except Exception as e:
print(repr(e)) message = f"{message}: {repr(e)}"
exit(3)
print(message)
exit(status)

2
bundles/homeassistant/items.py
View file

@ -30,7 +30,7 @@ files = {
'/usr/local/share/icinga/plugins/check_homeassistant_update': { '/usr/local/share/icinga/plugins/check_homeassistant_update': {
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'token': node.metadata.get('homeassistant/api_secret'), 'bearer': repo.vault.decrypt(node.metadata.get('homeassistant/api_secret')),
'domain': node.metadata.get('homeassistant/domain'), 'domain': node.metadata.get('homeassistant/domain'),
}, },
'mode': '0755', 'mode': '0755',

18
bundles/icinga2/files/check_spam_blocklist
View file

@ -50,13 +50,17 @@ def check_list(ip_list, blocklist, warn_ips):
]).decode().splitlines() ]).decode().splitlines()
for item in result: for item in result:
if item.startswith(';;'): if item.startswith(';;'):
continue msgs.append('{} - {}'.format(
msgs.append('{} listed in {} as {}'.format( blocklist,
ip, item,
blocklist, ))
item, else:
)) msgs.append('{} listed in {} as {}'.format(
if item in warn_ips and returncode < 2: ip,
blocklist,
item,
))
if (item in warn_ips or item.startswith(';;')) and returncode < 2:
returncode = 1 returncode = 1
else: else:
returncode = 2 returncode = 2

2
bundles/icinga2/files/scripts/icinga_notification_wrapper
View file

@ -199,7 +199,7 @@ if __name__ == '__main__':
notify_per_mail() notify_per_mail()
if args.sms: if args.sms:
if not args.service_name: if args.service_name:
notify_per_sms() notify_per_sms()
if CONFIG['ntfy']['user']: if CONFIG['ntfy']['user']:
notify_per_ntfy() notify_per_ntfy()

10
bundles/infobeamer-cms/items.py
View file

@ -23,7 +23,7 @@ actions = {
git_deploy = { git_deploy = {
'/opt/infobeamer-cms/src': { '/opt/infobeamer-cms/src': {
'rev': 'master', 'rev': 'master',
'repo': 'https://github.com/voc/infobeamer-cms.git', 'repo': 'https://github.com/sophieschi/36c3-cms.git',
'needs': { 'needs': {
'directory:/opt/infobeamer-cms/src', 'directory:/opt/infobeamer-cms/src',
}, },
@ -96,6 +96,14 @@ files = {
}, },
} }
pkg_pip = {
'github-flask': {
'needed_by': {
'svc_systemd:infobeamer-cms',
},
},
}
svc_systemd = { svc_systemd = {
'infobeamer-cms': { 'infobeamer-cms': {
'needs': { 'needs': {

5
bundles/infobeamer-monitor/files/monitor.py
View file

@ -140,12 +140,13 @@ while True:
if device["is_online"]: if device["is_online"]:
if device["maintenance"]: if device["maintenance"]:
mqtt_out( mqtt_out(
"maintenance required: {}".format(' '.join( "maintenance required: {}".join(
sorted(device["maintenance"]) sorted(device["maintenance"])
)), ),
level="WARN", level="WARN",
device=device, device=device,
) )
must_dump_state = True
if ( if (
device["is_synced"] != state[did]["is_synced"] device["is_synced"] != state[did]["is_synced"]

24
bundles/matrix-media-repo/files/config.yaml
View file

@ -3,9 +3,6 @@ repo:
bindAddress: '${node.metadata.get('matrix-media-repo/listen-addr', '127.0.0.1')}' bindAddress: '${node.metadata.get('matrix-media-repo/listen-addr', '127.0.0.1')}'
port: ${node.metadata.get('matrix-media-repo/port', 20090)} port: ${node.metadata.get('matrix-media-repo/port', 20090)}
logDirectory: '-' logDirectory: '-'
logColors: false
jsonLogs: false
logLevel: 'info'
trustAnyForwardedAddress: false trustAnyForwardedAddress: false
useForwardedHost: true useForwardedHost: true
@ -25,13 +22,10 @@ homeservers:
csApi: "${config['domain']}" csApi: "${config['domain']}"
backoffAt: ${config.get('backoff_at', 10)} backoffAt: ${config.get('backoff_at', 10)}
adminApiKind: "${config.get('api', 'matrix')}" adminApiKind: "${config.get('api', 'matrix')}"
% if config.get('signing_key_path'):
signingKeyPath: "${config['signing_key_path']}"
% endif
% endfor % endfor
accessTokens: accessTokens:
maxCacheTimeSeconds: 10 maxCacheTimeSeconds: 0
useLocalAppserviceConfig: false useLocalAppserviceConfig: false
admins: admins:
@ -59,9 +53,7 @@ archiving:
uploads: uploads:
maxBytes: ${node.metadata.get('matrix-media-repo/upload_max_mb')*1024*1024} maxBytes: ${node.metadata.get('matrix-media-repo/upload_max_mb')*1024*1024}
minBytes: 100 minBytes: 100
#reportedMaxBytes: 0 reportedMaxBytes: 0
maxPending: 5
maxAgeSeconds: 1800
quotas: quotas:
enabled: false enabled: false
@ -69,6 +61,14 @@ downloads:
maxBytes: ${node.metadata.get('matrix-media-repo/download_max_mb')*1024*1024} maxBytes: ${node.metadata.get('matrix-media-repo/download_max_mb')*1024*1024}
numWorkers: ${node.metadata.get('matrix-media-repo/workers')} numWorkers: ${node.metadata.get('matrix-media-repo/workers')}
failureCacheMinutes: 5 failureCacheMinutes: 5
cache:
enabled: true
maxSizeBytes: ${node.metadata.get('matrix-media-repo/download_max_mb')*10*1024*1024}
maxFileSizeBytes: ${node.metadata.get('matrix-media-repo/download_max_mb')*1024*1024}
trackedMinutes: 30
minDownloads: 5
minCacheTimeSeconds: 300
minEvictedTimeSeconds: 60
expireAfterDays: 0 expireAfterDays: 0
urlPreviews: urlPreviews:
@ -137,8 +137,8 @@ thumbnails:
rateLimit: rateLimit:
enabled: true enabled: true
requestsPerSecond: 100 requestsPerSecond: 10
burst: 5000 burst: 50
identicons: identicons:
enabled: true enabled: true

3
bundles/matrix-media-repo/items.py
View file

@ -19,6 +19,9 @@ files = {
'/opt/matrix-media-repo/config.yaml': { '/opt/matrix-media-repo/config.yaml': {
'owner': 'matrix-media-repo', 'owner': 'matrix-media-repo',
'content_type': 'mako', 'content_type': 'mako',
'triggers': {
'svc_systemd:matrix-media-repo:restart',
},
}, },
'/etc/systemd/system/matrix-media-repo.service': { '/etc/systemd/system/matrix-media-repo.service': {
'triggers': { 'triggers': {

15
bundles/matrix-synapse/metadata.py
View file

@ -144,14 +144,13 @@ def nginx(metadata):
} }
if node.has_bundle('matrix-media-repo'): if node.has_bundle('matrix-media-repo'):
for path in ('/_matrix/media', '/_matrix/client/v1/media', '/_matrix/federation/v1/media'): locations['/_matrix/media'] = {
locations[path] = { 'target': 'http://localhost:20090',
'target': 'http://localhost:20090', 'max_body_size': '{}M'.format(metadata.get('matrix-media-repo/upload_max_mb')),
'max_body_size': '{}M'.format(metadata.get('matrix-media-repo/upload_max_mb')), # matrix-media-repo needs this to be the
# matrix-media-repo needs this to be the # homeserver address.
# homeserver address. 'x_forwarded_host': metadata.get('matrix-synapse/server_name'),
'x_forwarded_host': metadata.get('matrix-synapse/server_name'), }
}
vhosts = { vhosts = {
'matrix-synapse': { 'matrix-synapse': {

8
bundles/mixcloud-downloader/files/download.sh
View file

@ -1,15 +1,11 @@
#!/bin/bash #!/bin/bash
OPTS="--netrc" OPTS=""
OPTS="$OPTS --netrc-location /opt/mixcloud-downloader/netrc"
OPTS="$OPTS --retry-sleep linear=1::2"
OPTS="$OPTS --retry-sleep fragment:exp=1:60"
OPTS="$OPTS --extractor-retries 5"
if [[ -n "$DEBUG" ]] if [[ -n "$DEBUG" ]]
then then
set -x set -x
else else
OPTS="$OPTS -q" OPTS="-q"
fi fi
set -euo pipefail set -euo pipefail

3
bundles/mixcloud-downloader/files/netrc
View file

@ -1,3 +0,0 @@
% for domain, data in sorted(node.metadata.get('mixcloud-downloader/netrc', {}).items()):
machine ${domain} login ${data['username']} password ${data['password']}
% endfor

6
bundles/mixcloud-downloader/items.py
View file

@ -6,9 +6,3 @@ files['/opt/mixcloud-downloader/download.sh'] = {
directories['/opt/mixcloud-downloader'] = { directories['/opt/mixcloud-downloader'] = {
'owner': 'kunsi', 'owner': 'kunsi',
} }
files['/opt/mixcloud-downloader/netrc'] = {
'content_type': 'mako',
'mode': '0400',
'owner': 'kunsi',
}

16
bundles/mosquitto/items.py
View file

@ -5,6 +5,12 @@ files = {
'svc_systemd:mosquitto:restart', 'svc_systemd:mosquitto:restart',
}, },
}, },
'/usr/local/bin/tasmota-telegraf-plugin': {
'mode': '0755',
'needs': {
'pkg_apt:python3-paho-mqtt',
},
},
} }
svc_systemd = { svc_systemd = {
@ -17,12 +23,6 @@ svc_systemd = {
} }
if node.has_bundle('telegraf'): if node.has_bundle('telegraf'):
files['/usr/local/bin/tasmota-telegraf-plugin'] = { files['/usr/local/bin/tasmota-telegraf-plugin']['triggers'] = {
'mode': '0755', 'svc_systemd:telegraf:restart',
'needs': {
'pkg_apt:python3-paho-mqtt',
},
'triggers': {
'svc_systemd:telegraf:restart',
},
} }

4
bundles/mosquitto/metadata.py
View file

@ -5,6 +5,7 @@ defaults = {
'packages': { 'packages': {
'mosquitto': {}, 'mosquitto': {},
'mosquitto-clients': {}, 'mosquitto-clients': {},
'python3-paho-mqtt': {}, # for telegraf plugin
}, },
}, },
'icinga2_api': { 'icinga2_api': {
@ -23,9 +24,6 @@ defaults = {
}, },
} }
if node.has_bundle('telegraf'):
defaults['apt']['packages']['python3-paho-mqtt'] = {}
@metadata_reactor.provides( @metadata_reactor.provides(
'firewall/port_rules', 'firewall/port_rules',

3
bundles/nftables/files/nftables.conf
View file

@ -23,8 +23,9 @@ table inet filter {
icmp type timestamp-request drop icmp type timestamp-request drop
icmp type timestamp-reply drop icmp type timestamp-reply drop
meta l4proto {icmp, ipv6-icmp} accept ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
% for ruleset, rules in sorted(input.items()): % for ruleset, rules in sorted(input.items()):
# ${ruleset} # ${ruleset}

2
bundles/nginx/files/site_template
View file

@ -201,8 +201,6 @@ server {
fastcgi_hide_header X-XSS-Protection; fastcgi_hide_header X-XSS-Protection;
% endif % endif
fastcgi_hide_header Permissions-Policy; fastcgi_hide_header Permissions-Policy;
fastcgi_request_buffering off;
proxy_buffering off;
} }
% if not max_body_size: % if not max_body_size:
client_max_body_size 5M; client_max_body_size 5M;

9
bundles/nodejs/items.py
View file

@ -0,0 +1,9 @@
actions = {
'nodejs_install_yarn': {
'command': 'npm install -g yarn@latest',
'unless': 'test -e /usr/lib/node_modules/yarn',
'after': {
'pkg_apt:',
},
},
}

56
bundles/nodejs/metadata.py
View file

@ -1,40 +1,54 @@
defaults = { defaults = {
'apt': { 'apt': {
'additional_update_commands': { 'additional_update_commands': {
# update npm and yarn to latest version # update npm to latest version
'npm install -g npm@latest',
'npm install -g yarn@latest', 'npm install -g yarn@latest',
}, },
'packages': { 'packages': {
'nodejs': { 'nodejs': {},
'triggers': {
'action:apt_execute_update_commands',
},
},
'npm': {
'installed': False,
'triggers': {
'action:apt_execute_update_commands',
},
},
}, },
}, },
'nodejs': {
'version': 18,
},
}
VERSIONS_SHIPPED_BY_DEBIAN = {
10: 10,
11: 12,
12: 18,
13: 18,
} }
@metadata_reactor.provides( @metadata_reactor.provides(
'apt/repos/nodejs/items', 'apt/repos/nodejs/items',
'apt/additional_update_commands',
) )
def nodejs_from_version(metadata): def nodejs_from_version(metadata):
version = metadata.get('nodejs/version') version = metadata.get('nodejs/version')
return { if version != VERSIONS_SHIPPED_BY_DEBIAN[node.os_version[0]]:
'apt': { return {
'repos': { 'apt': {
'nodejs': { 'additional_update_commands': {
'items': { # update npm to latest version
f'deb https://deb.nodesource.com/node_{version}.x nodistro main', 'npm install -g npm@latest',
},
'repos': {
'nodejs': {
'items': {
f'deb https://deb.nodesource.com/node_{version}.x {{os_release}} main',
f'deb-src https://deb.nodesource.com/node_{version}.x {{os_release}} main',
},
}, },
}, },
}, },
}, }
} else:
return {
'apt': {
'packages': {
'npm': {},
},
},
}

3
bundles/paperless-ng/metadata.py
View file

@ -33,9 +33,6 @@ defaults = {
'/mnt/paperless', '/mnt/paperless',
}, },
}, },
'nodejs': {
'version': 18,
},
'postgresql': { 'postgresql': {
'roles': { 'roles': {
'paperless': { 'paperless': {

4
bundles/powerdns/items.py
View file

@ -65,7 +65,7 @@ svc_systemd = {
actions = { actions = {
'powerdns_reload_zones': { 'powerdns_reload_zones': {
'triggered': True, 'triggered': True,
'command': r'pdns_control rediscover; pdns_control reload; pdns_control notify \*', 'command': 'pdns_control rediscover; pdns_control reload; pdns_control notify \*',
'after': { 'after': {
'svc_systemd:pdns', 'svc_systemd:pdns',
}, },
@ -160,7 +160,7 @@ if node.metadata.get('powerdns/features/pgsql', node.has_bundle('postgresql')):
actions['powerdns_load_pgsql_schema'] = { actions['powerdns_load_pgsql_schema'] = {
'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /usr/share/pdns-backend-pgsql/schema/schema.pgsql.sql'), 'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /usr/share/pdns-backend-pgsql/schema/schema.pgsql.sql'),
'unless': r'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null', 'unless': 'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null',
'needs': { 'needs': {
'bundle:postgresql', 'bundle:postgresql',
'pkg_apt:pdns-backend-pgsql', 'pkg_apt:pdns-backend-pgsql',

2
bundles/powerdnsadmin/items.py
View file

@ -71,8 +71,8 @@ actions = {
'chown -R powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static/', 'chown -R powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static/',
]), ]),
'needs': { 'needs': {
'action:nodejs_install_yarn',
'action:powerdnsadmin_install_deps', 'action:powerdnsadmin_install_deps',
'bundle:nodejs',
'pkg_apt:', 'pkg_apt:',
}, },
}, },

3
bundles/powerdnsadmin/metadata.py
View file

@ -13,9 +13,6 @@ defaults = {
'python3-wheel': {}, 'python3-wheel': {},
}, },
}, },
'nodejs': {
'version': 18,
},
'users': { 'users': {
'powerdnsadmin': { 'powerdnsadmin': {
'home': '/opt/powerdnsadmin', 'home': '/opt/powerdnsadmin',

3
bundles/pretalx/metadata.py
View file

@ -26,9 +26,6 @@ defaults = {
}, },
}, },
}, },
'nodejs': {
'version': 18,
},
'pretalx': { 'pretalx': {
'database': { 'database': {
'user': 'pretalx', 'user': 'pretalx',

13
bundles/proftpd/items.py
View file

@ -1,13 +0,0 @@
files['/etc/proftpd/proftpd.conf'] = {
'source': f'{node.name}.conf',
'triggers': {
'svc_systemd:proftpd:restart',
},
}
svc_systemd['proftpd'] = {
'needs': {
'file:/etc/proftpd/proftpd.conf',
'pkg_apt:proftpd-core',
},
}

26
bundles/proftpd/metadata.py
View file

@ -1,26 +0,0 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'proftpd-core': {},
},
},
}
@metadata_reactor.provides(
'firewall/port_rules',
)
def firewall(metadata):
sources = atomic(metadata.get('mosquitto/restrict-to', set()))
return {
'firewall': {
'port_rules': {
'20/tcp': sources,
'21/tcp': sources,
'49152-50192/tcp': sources,
},
},
}

24
bundles/raspberrypi/files/config.txt
View file

@ -1,30 +1,22 @@
disable_overscan=1 disable_overscan=1
hdmi_force_hotplug=1
dtparam=spi=on
dtparam=audio=on dtparam=audio=on
dtoverlay=vc4-kms-v3d dtoverlay=vc4-fkms-v3d
max_framebuffers=2 max_framebuffers=2
hdmi_drive=2
force_turbo=1 force_turbo=1
gpu_mem=${node.metadata.get('raspberrypi/gpu_mem', 128)} gpu_mem=${node.metadata['raspberrypi'].get('gpu_mem', 128)}
% if node.metadata.get('raspberrypi/enable_display'):
display_auto_detect=1
% else:
dtparam=i2c_arm=on
dtparam=i2s=on
dtparam=spi=on
hdmi_drive=2
hdmi_force_hotplug=1
% endif
% if node.os == 'debian': % if node.os == 'debian':
arm_64bit=1 arm_64bit=1
% endif % endif
arm_boost=1
% for item in sorted(node.metadata.get('raspberrypi/config.txt', set())): % for item in sorted(node.metadata['raspberrypi'].get('config.txt', set())):
${item} ${item}
% endfor % endfor
% if node.metadata.get('raspberrypi/enable_camera', False): % if node.metadata['raspberrypi'].get('camera', False):
camera_auto_detect=1 start_x=1
% endif % endif

4
bundles/raspberrypi/items.py
View file

@ -15,11 +15,11 @@ actions = {
} }
files = { files = {
'/boot/firmware/cmdline.txt': { '/boot/cmdline.txt': {
'content': ' '.join(sorted(node.metadata['raspberrypi']['cmdline'])), 'content': ' '.join(sorted(node.metadata['raspberrypi']['cmdline'])),
**file_perms, **file_perms,
}, },
'/boot/firmware/config.txt': { '/boot/config.txt': {
'content_type': 'mako', 'content_type': 'mako',
'context': node.metadata['raspberrypi'], 'context': node.metadata['raspberrypi'],
**file_perms, **file_perms,

28
bundles/raspberrypi/metadata.py
View file

@ -1,6 +1,5 @@
defaults = { defaults = {
'apt': { 'apt': {
'clean_old_kernels': False,
'packages': { 'packages': {
'dhcpcd5': { 'dhcpcd5': {
'installed': False, 'installed': False,
@ -15,16 +14,9 @@ defaults = {
'installed': False, 'installed': False,
}, },
}, },
'repos': {
'raspi': {
'install_gpg_key': False,
'items': {
'deb http://archive.raspberrypi.org/debian/ {os_release} main',
},
},
},
}, },
'raspberrypi': { 'raspberrypi': {
'default-target': 'multi-user.target',
'cmdline': { 'cmdline': {
'console=tty1', 'console=tty1',
'root=/dev/mmcblk0p2', 'root=/dev/mmcblk0p2',
@ -36,8 +28,6 @@ defaults = {
'plymouth.ignore-serial-consoles', 'plymouth.ignore-serial-consoles',
'net.ifnames=0', 'net.ifnames=0',
}, },
'default-target': 'multi-user.target',
'enable_display': False,
}, },
'systemd': { 'systemd': {
'journal': { 'journal': {
@ -47,19 +37,3 @@ defaults = {
}, },
}, },
} }
@metadata_reactor.provides(
'raspberrypi/cmdline',
)
def display(metadata):
if not metadata.get('raspberrypi/enable_display'):
return {}
return {
'raspberrypi': {
'cmdline': {
'video=DSI-1:800x480@60,rotate=180',
},
},
}

175
bundles/routeros/metadata.py
View file

@ -2,85 +2,6 @@ import re
from json import load from json import load
from os.path import join from os.path import join
with open(join(repo.path, 'configs', 'netbox', f'{node.name}.json')) as f:
netbox = load(f)
ips = {}
ports = {}
vlans = {
v['name']: {
'id': v['vid'],
'delete': False,
'tagged': set(),
'untagged': set(),
}
for v in netbox['vlans']
}
for port, conf in netbox['interfaces'].items():
for ip in conf['ips']:
ips[ip] = {'interface': port}
if conf['type'].lower() == 'virtual':
# these are VLAN interfaces (for management IPs)
if conf['ips']:
# this makes management services available in the VLAN
try:
vlans[port]['tagged'].add('bridge')
except KeyError:
raise ValueError(
f'name of virtual interface "{port}" on {node.name} '
f'matches none of the known VLANs: {list(vlans.keys())} '
'(you probably need to rename the interface in Netbox '
'and/or run netbox-dump)'
)
# We do not create the actual VLAN interface here, that
# happens automatically in items.py.
continue
elif not conf['enabled'] or not conf['mode']:
# disable unconfigured ports
ports[port] = {
'disabled': True,
'description': conf.get('description', ''),
}
# dont add vlans for this port
continue
else:
ports[port] = {
'disabled': False,
'description': conf.get('description', ''),
}
if conf.get('ips', []):
ports[port]['ips'] = set(conf['ips'])
if conf['type'] in (
'1000base-t',
'10gbase-x-sfpp',
'A_1000BASE_T',
'A_10GBASE_X_SFPP',
):
ports[port]['hw'] = True
if conf['untagged_vlan']:
vlans[conf['untagged_vlan']]['untagged'].add(port)
if conf['ips']:
# this makes management services available in the VLAN
vlans[conf['untagged_vlan']]['tagged'].add('bridge')
# tagged
if conf['mode'] in ('TAGGED_ALL', 'tagged-all'):
tagged = set(vlans.keys()) - {conf['untagged_vlan']}
else:
tagged = conf['tagged_vlans']
for vlan in tagged:
vlans[vlan]['tagged'].add(port)
# this makes management services available in the VLAN
if conf['ips']:
vlans[vlan]['tagged'].add('bridge')
defaults = { defaults = {
'icinga2_api': { 'icinga2_api': {
'routeros': { 'routeros': {
@ -96,14 +17,100 @@ defaults = {
}, },
}, },
}, },
'routeros': {
'ips': ips,
'ports': ports,
'vlans': vlans,
},
} }
@metadata_reactor.provides(
'routeros/ips',
'routeros/ports',
'routeros/vlans',
)
def get_ports_from_netbox_dump(metadata):
with open(join(repo.path, 'configs', f'netbox_device_{node.name}.json')) as f:
netbox = load(f)
ips = {}
ports = {}
vlans = {
v['name']: {
'id': v['vid'],
'delete': False,
'tagged': set(),
'untagged': set(),
}
for v in netbox['vlans']
}
for port, conf in netbox['interfaces'].items():
for ip in conf['ips']:
ips[ip] = {'interface': port}
if conf['type'] == 'VIRTUAL':
# these are VLAN interfaces (for management IPs)
if conf['ips']:
# this makes management services available in the VLAN
try:
vlans[port]['tagged'].add('bridge')
except KeyError:
raise ValueError(
f'name of virtual interface "{port}" on {node.name} '
f'matches none of the known VLANs: {list(vlans.keys())} '
'(you probably need to rename the interface in Netbox '
'and/or run netbox-dump)'
)
# We do not create the actual VLAN interface here, that
# happens automatically in items.py.
continue
elif not conf['enabled'] or not conf['mode']:
# disable unconfigured ports
ports[port] = {
'disabled': True,
'description': conf.get('description', ''),
}
# dont add vlans for this port
continue
else:
ports[port] = {
'disabled': False,
'description': conf.get('description', ''),
}
if conf.get('ips', []):
ports[port]['ips'] = set(conf['ips'])
if conf['type'] in (
'A_1000BASE_T',
'A_10GBASE_X_SFPP',
):
ports[port]['hw'] = True
if conf['untagged_vlan']:
vlans[conf['untagged_vlan']]['untagged'].add(port)
if conf['ips']:
# this makes management services available in the VLAN
vlans[conf['untagged_vlan']]['tagged'].add('bridge')
# tagged
if conf['mode'] == 'TAGGED_ALL':
tagged = set(vlans.keys()) - {conf['untagged_vlan']}
else:
tagged = conf['tagged_vlans']
for vlan in tagged:
vlans[vlan]['tagged'].add(port)
# this makes management services available in the VLAN
if conf['ips']:
vlans[vlan]['tagged'].add('bridge')
return {
'routeros': {
'ips': ips,
'ports': ports,
'vlans': vlans,
}
}
@metadata_reactor.provides('routeros/gateway') @metadata_reactor.provides('routeros/gateway')
def gateway(metadata): def gateway(metadata):
ip_pattern = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.)\d{1,3}') ip_pattern = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.)\d{1,3}')

5
bundles/rsyslogd/metadata.py
View file

@ -6,11 +6,6 @@ defaults = {
'rsyslog': {}, 'rsyslog': {},
}, },
}, },
'backups': {
'paths': {
'/var/log/rsyslog',
},
},
'icinga2_api': { 'icinga2_api': {
'rsyslog': { 'rsyslog': {
'services': { 'services': {

3
bundles/samba/files/override.conf
View file

@ -1,3 +0,0 @@
[Service]
RestartSec=10
Restart=on-failure

39
bundles/samba/files/smb.conf
View file

@ -1,39 +0,0 @@
[global]
workgroup = KUNBOX
server string = ${node.name} samba
dns proxy = no
max log size = 1000
syslog = 1
syslog only = 1
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
map to guest = bad user
load printers = no
usershare allow guests = yes
allow insecure wide links = yes
% for name, opts in sorted(node.metadata.get('samba/shares', {}).items()):
[${name}]
browseable = yes
comment = ${opts.get('comment', f'share of {opts["path"]}')}
fake oplocks = yes
force group = ${opts.get('force_group', 'nogroup')}
force user = ${opts.get('force_user', 'nobody')}
% if opts.get('guest_ok', True):
guest ok = yes
% else:
guest ok = no
% endif
locking = no
path = ${opts['path']}
printable = no
read only = no
vfs objects = catia fruit
writable = ${'yes' if opts.get('writable', False) else 'no'}
% if opts.get('follow_symlinks', True):
follow symlinks = yes
wide links = yes
% endif
% endfor

59
bundles/samba/items.py
View file

@ -1,59 +0,0 @@
svc_systemd = {
'nmbd': {
'needs': {
'pkg_apt:samba',
},
},
'smbd': {
'needs': {
'pkg_apt:samba',
},
},
}
files = {
'/etc/samba/smb.conf': {
'content_type': 'mako',
'triggers': {
'svc_systemd:nmbd:restart',
'svc_systemd:smbd:restart',
},
},
'/etc/systemd/system/nmbd.service.d/bundlewrap.conf': {
'source': 'override.conf',
'triggers': {
'action:systemd-reload',
'svc_systemd:nmbd:restart',
},
},
'/etc/systemd/system/smbd.service.d/bundlewrap.conf': {
'source': 'override.conf',
'triggers': {
'action:systemd-reload',
'svc_systemd:smbd:restart',
},
},
}
last_action = set()
for user, uconfig in node.metadata.get('users', {}).items():
if (
'password' not in uconfig
or uconfig.get('delete')
or user in ('root',)
):
continue
actions[f'smbpasswd_for_user_{user}'] = {
'command': f'smbpasswd -a -s {user}',
'unless': f'pdbedit -L | grep -E "^{user}:"',
'data_stdin': uconfig['password'] + '\n' + uconfig['password'],
'needs': {
'pkg_apt:samba',
f'user:{user}',
},
'after': last_action,
}
last_action = {
f'action:smbpasswd_for_user_{user}',
}

26
bundles/samba/metadata.py
View file

@ -1,26 +0,0 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'samba': {},
'samba-vfs-modules': {},
}
}
}
@metadata_reactor.provides(
'firewall/port_rules',
)
def firewall(metadata):
return {
'firewall': {
'port_rules': {
'137/udp': atomic(metadata.get('samba/restrict-to', set())),
'138/udp': atomic(metadata.get('samba/restrict-to', set())),
'139/tcp': atomic(metadata.get('samba/restrict-to', set())),
'445/tcp': atomic(metadata.get('samba/restrict-to', set())),
},
},
}

21
bundles/scansnap/files/ocr.sh Normal file
View file

@ -0,0 +1,21 @@
#!/bin/bash
set -euo pipefail
DATE=$(date +%F_%H-%M-%S)
cd "$1"
convert *.tiff no_ocr.pdf
ocrmypdf -l deu no_ocr.pdf has_ocr.pdf
rm -f *.tiff
rm -f no_ocr.pdf
chown nobody:nogroup has_ocr.pdf
mv has_ocr.pdf "/srv/scansnap/${DATE}.pdf"
cd /
rm -r "$1"

9
bundles/scansnap/files/scan.sh Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
set -euo pipefail
OUTFILE=$(mktemp -d)
scanimage --source 'ADF Duplex' --format tiff --mode Color --brightness 23 --resolution 300 --page-width 210 --page-height 297.3 -x 210 -y 297.3 --batch=${OUTFILE}/p%04d.tiff
/etc/scanbd/scripts/ocr.sh "$OUTFILE" &

52
bundles/scansnap/files/scanbd.conf Normal file
View file

@ -0,0 +1,52 @@
global {
debug = true
debug-level = 2
user = saned
group = scanner
saned = "/usr/sbin/saned"
saned_opt = {}
saned_env = { "SANE_CONFIG_DIR=/etc/scanbd" }
scriptdir = /etc/scanbd/scripts
timeout = 500
pidfile = "/var/run/scanbd.pid"
environment {
device = "SCANBD_DEVICE"
action = "SCANBD_ACTION"
}
function function_knob {
filter = "^message.*"
desc = "The value of the function knob / wheel / selector"
env = "SCANBD_FUNCTION"
}
function function_mode {
filter = "^mode.*"
desc = "Color mode"
env = "SCANBD_FUNCTION_MODE"
}
multiple_actions = false
action scan {
filter = "^scan.*"
numerical-trigger {
from-value = 0
to-value = 1
}
desc = "Scan to file"
script = "scan.sh"
}
}
include(scanner.d/avision.conf)
include(scanner.d/fujitsu.conf)
include(scanner.d/hp.conf)
include(scanner.d/pixma.conf)
include(scanner.d/snapscan.conf)
include(scanner.d/canon.conf)
include(scanner.d/plustek.conf)

39
bundles/scansnap/items.py Normal file
View file

@ -0,0 +1,39 @@
directories = {
'/etc/scanbd/scripts': {
'purge': True,
},
'/srv/scansnap': {
'owner': 'nobody',
'group': 'nogroup',
},
}
files = {
'/etc/scanbd/scanbd.conf': {
'triggers': {
'svc_systemd:scanbd:restart',
},
},
'/etc/scanbd/scripts/ocr.sh': {
'mode': '0755',
'needs': {
'directory:/srv/scansnap',
},
},
'/etc/scanbd/scripts/scan.sh': {
'mode': '0755',
'needs': {
'directory:/srv/scansnap',
'file:/etc/scanbd/scripts/ocr.sh',
},
},
}
svc_systemd = {
'scanbd': {
'needs': {
'file:/etc/scanbd/scanbd.conf',
'pkg_apt:scanbd',
},
},
}

22
bundles/scansnap/metadata.py Normal file
View file

@ -0,0 +1,22 @@
defaults = {
'apt': {
'packages': {
'sane-utils': {},
'scanbd': {},
'imagemagick': {},
'ocrmypdf': {},
'tesseract-ocr-deu': {},
},
},
'backups': {
'paths': {
'/srv/scansnap',
},
},
'cron': {
'jobs': {
# Automatically remove files which are older than 14 days
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
},
},
}

21
bundles/sdm630_mqtt/files/sdm630_printout.service
View file

@ -1,21 +0,0 @@
[Unit]
Description=SDM630 stats printout
Conflicts=getty@tty1.service
After=systemd-user-sessions.service getty@tty1.service plymouth-quit.service
[Service]
User=sdm630_mqtt
Group=sdm630_mqtt
ExecStart=/opt/sdm630_mqtt/venv/bin/python printout.py /opt/sdm630_mqtt/config.toml
WorkingDirectory=/opt/sdm630_mqtt/src
Restart=always
RestartSec=10
StandardInput=tty
StandardOutput=tty
StandardError=journal
TTYPath=/dev/tty1
TTYReset=yes
TTYVHangup=yes
[Install]
WantedBy=multi-user.target

14
bundles/sdm630_mqtt/files/sdm630_to_mqtt.service
View file

@ -1,14 +0,0 @@
[Unit]
Description=SDM630-to-MQTT bridge
After=network.target
[Service]
User=sdm630_mqtt
Group=sdm630_mqtt
ExecStart=/opt/sdm630_mqtt/venv/bin/python sdm630_mqtt.py /opt/sdm630_mqtt/config.toml
WorkingDirectory=/opt/sdm630_mqtt/src
Restart=always
RestartSec=1
[Install]
WantedBy=multi-user.target

76
bundles/sdm630_mqtt/items.py
View file

@ -1,76 +0,0 @@
directories['/opt/sdm630_mqtt/src'] = {}
git_deploy['/opt/sdm630_mqtt/src'] = {
'repo': 'https://git.franzi.business/kunsi/sdm630_mqtt.git',
'rev': 'main',
'triggers': {
'action:sdm630_mqtt_install_deps',
},
}
actions['sdm630_mqtt_create_virtualenv'] = {
'command': 'python3 -m virtualenv /opt/sdm630_mqtt/venv',
'unless': 'test -x /opt/sdm630_mqtt/venv/bin/python3',
'needs': {
'directory:/opt/sdm630_mqtt/src',
},
}
actions['sdm630_mqtt_install_deps'] = {
'command': 'cd /opt/sdm630_mqtt/src && /opt/sdm630_mqtt/venv/bin/pip install -r requirements.txt',
'triggered': True,
'needs': {
'action:sdm630_mqtt_create_virtualenv',
},
}
users['sdm630_mqtt'] = {
'home': '/opt/sdm630_mqtt',
}
files['/opt/sdm630_mqtt/config.toml'] = {
'content': repo.libs.faults.dict_as_toml(node.metadata.get('sdm630_mqtt/config')),
'triggers': set(),
}
if node.has_bundle('telegraf'):
files['/opt/sdm630_mqtt/config.toml']['triggers'].add('svc_systemd:telegraf:restart')
git_deploy['/opt/sdm630_mqtt/src']['triggers'].add('svc_systemd:telegraf:restart')
if node.metadata.get('sdm630_mqtt/enable_stats_collection', True):
files['/usr/local/lib/systemd/system/sdm630_to_mqtt.service'] = {
'triggers': {
'action:systemd-reload',
'svc_systemd:sdm630_to_mqtt:restart',
},
}
svc_systemd['sdm630_to_mqtt'] = {
'needs': {
'git_deploy:/opt/sdm630_mqtt/src',
'action:sdm630_mqtt_install_deps',
'file:/usr/local/lib/systemd/system/sdm630_to_mqtt.service',
},
}
files['/opt/sdm630_mqtt/config.toml']['triggers'].add('svc_systemd:sdm630_to_mqtt:restart')
git_deploy['/opt/sdm630_mqtt/src']['triggers'].add('svc_systemd:sdm630_to_mqtt:restart')
if node.metadata.get('sdm630_mqtt/enable_local_printout', False):
files['/usr/local/lib/systemd/system/sdm630_printout.service'] = {
'triggers': {
'action:systemd-reload',
'svc_systemd:sdm630_printout:restart',
},
}
svc_systemd['sdm630_printout'] = {
'needs': {
'git_deploy:/opt/sdm630_mqtt/src',
'action:sdm630_mqtt_install_deps',
'file:/usr/local/lib/systemd/system/sdm630_printout.service',
},
}
files['/opt/sdm630_mqtt/config.toml']['triggers'].add('svc_systemd:sdm630_printout:restart')
git_deploy['/opt/sdm630_mqtt/src']['triggers'].add('svc_systemd:sdm630_printout:restart')

38
bundles/sdm630_mqtt/metadata.py
View file

@ -1,38 +0,0 @@
defaults = {
'sdm630_mqtt': {
'config': {
'modbus': {
'host': '127.0.0.1',
'port': 501,
'unit_id': 1,
},
'mqtt': {
'prefix': 'sdm630',
'host': '127.0.0.1',
'port': 1883,
},
'printout': {
'title': 'SDM630',
},
'telegraf': {
'identifier': 'unknown',
},
},
},
'telegraf': {
'input_plugins': {
'execd': {
'sdm630_mqtt': {
'command': [
'/opt/sdm630_mqtt/venv/bin/python',
'/opt/sdm630_mqtt/src/telegraf.py',
'/opt/sdm630_mqtt/config.toml',
],
'signal': 'none',
'restart_delay': '1s',
'data_format': 'influx',
},
},
},
},
}

27
bundles/sshmon/files/check_cpu_stats
View file

@ -4,30 +4,27 @@ from re import findall
from subprocess import check_output from subprocess import check_output
from sys import exit from sys import exit
ITERATIONS = 10
try: try:
top_output = None top_output = None
top_output = check_output(rf"top -b -n{ITERATIONS} -d1 | grep -i '^%cpu'", shell=True).decode('UTF-8') for line in check_output(['top', '-b', '-n1', '-d1']).decode('UTF-8').splitlines():
if line.lower().strip().startswith('%cpu'):
top_output = line.lower().split(':', 2)[1]
break
if not top_output:
print('%cpu not found in top output')
exit(3)
cpu_usage = {} cpu_usage = {}
for value, identifier in findall(r'([0-9\.\,]{3,5}) ([a-z]{2})', top_output): for value, identifier in findall('([0-9\.\,]{3,5}) ([a-z]{2})', top_output):
if identifier not in cpu_usage: cpu_usage[identifier] = float(value.replace(',', '.'))
cpu_usage[identifier] = 0.0
cpu_usage[identifier] += float(value.replace(',', '.'))
output = []
for identifier, value_added in cpu_usage.items():
value = value_added / ITERATIONS
output.append(f"{value:.2f} {identifier}")
cpu_usage[identifier] = value
print(f"Average over {ITERATIONS} seconds: " + ", ".join(output))
warn = set() warn = set()
crit = set() crit = set()
print(top_output)
# steal # steal
if cpu_usage['st'] > 10: if cpu_usage['st'] > 10:
crit.add('CPU steal is {}% (>10%)'.format(cpu_usage['st'])) crit.add('CPU steal is {}% (>10%)'.format(cpu_usage['st']))

5
bundles/sshmon/files/check_https_certificate_at_url
View file

@ -19,10 +19,7 @@ crit_days=30
case "$issuer_hash" in case "$issuer_hash" in
# 4f06f81d: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 # 4f06f81d: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
# 8d33f237: issuer=C = US, O = Let's Encrypt, CN = R3 # 8d33f237: issuer=C = US, O = Let's Encrypt, CN = R3
# 462422cf: issuer=C = US, O = Let's Encrypt, CN = E5 4f06f81d|8d33f237)
# 9aad238c: issuer=C = US, O = Let's Encrypt, CN = E6
# 31dfb39d: issuer=C = US, O = Let's Encrypt, CN = R11
4f06f81d|8d33f237|462422cf|9aad238c|31dfb39d)
warn_days=10 warn_days=10
crit_days=3 crit_days=3
;; ;;

2
bundles/sshmon/metadata.py
View file

@ -19,8 +19,6 @@ defaults = {
'services': { 'services': {
'CPU': { 'CPU': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_cpu_stats', 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_cpu_stats',
# takes samples over 10 seconds
'vars.sshmon_timeout': 20
}, },
'LOAD': { 'LOAD': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_load -r -w 4,2,1 -c 8,4,2', 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_load -r -w 4,2,1 -c 8,4,2',

3
bundles/systemd-networkd/files/template-bridge.network
View file

@ -3,6 +3,3 @@ Name=${' '.join(sorted(match))}
[Network] [Network]
Bridge=${bridge} Bridge=${bridge}
[Link]
ActivationPolicy=always-up

3
bundles/systemd-networkd/metadata.py
View file

@ -4,9 +4,6 @@ defaults = {
'isc-dhcp-client': { 'isc-dhcp-client': {
'installed': False, 'installed': False,
}, },
'network-manager': {
'installed': False,
},
'resolvconf': { 'resolvconf': {
'installed': False, 'installed': False,
}, },

28
bundles/telegraf/items.py
View file

@ -11,19 +11,7 @@ telegraf_config = {
'quiet': False, 'quiet': False,
'round_interval': False, 'round_interval': False,
}, },
'outputs': { 'inputs': {
'influxdb_v2': [{
'urls': [node.metadata.get('telegraf/influxdb_url', repo.libs.defaults.influxdb_url)],
'token': node.metadata.get('telegraf/influxdb_token', repo.vault.decrypt(repo.libs.defaults.influxdb_token)),
'organization': node.metadata.get('telegraf/influxdb_org', repo.vault.decrypt(repo.libs.defaults.influxdb_org)),
'bucket': node.metadata.get('telegraf/influxdb_bucket', repo.vault.decrypt(repo.libs.defaults.influxdb_bucket)),
}],
},
'inputs': {},
}
if node.metadata.get('telegraf/collect_default_metrics', True):
telegraf_config['inputs'] = {
'cpu': [{ 'cpu': [{
'percpu': False, 'percpu': False,
'totalcpu': True, 'totalcpu': True,
@ -55,9 +43,17 @@ if node.metadata.get('telegraf/collect_default_metrics', True):
'nstat': [{}], 'nstat': [{}],
'processes': [{}], 'processes': [{}],
'system': [{}], 'system': [{}],
} **node.metadata.get('telegraf/input_plugins/builtin', {}),
},
telegraf_config['inputs'].update(node.metadata.get('telegraf/input_plugins/builtin', {})) 'outputs': {
'influxdb_v2': [{
'urls': [node.metadata.get('telegraf/influxdb_url', repo.libs.defaults.influxdb_url)],
'token': node.metadata.get('telegraf/influxdb_token', repo.vault.decrypt(repo.libs.defaults.influxdb_token)),
'organization': node.metadata.get('telegraf/influxdb_org', repo.vault.decrypt(repo.libs.defaults.influxdb_org)),
'bucket': node.metadata.get('telegraf/influxdb_bucket', repo.vault.decrypt(repo.libs.defaults.influxdb_bucket)),
}],
},
}
# Bundlewrap can't merge lists. To work around this, telegraf/input_plugins/exec(d) # Bundlewrap can't merge lists. To work around this, telegraf/input_plugins/exec(d)
# is a dict, of which we only use the value of it. This also allows us # is a dict, of which we only use the value of it. This also allows us

2
bundles/zfs/metadata.py
View file

@ -170,7 +170,7 @@ def scrub_timer(metadata):
'systemd-timers': { 'systemd-timers': {
'timers': { 'timers': {
'zfs-scrub': { 'zfs-scrub': {
'when': metadata.get('zfs/scrub_when', 'Sun 02:00:00 UTC'), 'when': 'Sun 02:00:00 UTC',
'command': scrubs, 'command': scrubs,
}, },
}, },

178
configs/as3320.txt
View file

@ -1,7 +1,5 @@
109.237.176.0/20 109.237.176.0/20
109.72.116.0/24
116.50.16.0/21 116.50.16.0/21
128.65.164.0/22
129.181.208.0/21 129.181.208.0/21
129.181.216.0/22 129.181.216.0/22
137.170.112.0/24 137.170.112.0/24
@ -17,12 +15,13 @@
139.12.4.0/24 139.12.4.0/24
141.169.240.0/20 141.169.240.0/20
141.77.0.0/16 141.77.0.0/16
141.98.44.0/24
143.99.213.0/24 143.99.213.0/24
145.225.16.0/23 145.225.16.0/23
146.247.58.0/24 146.247.58.0/24
147.136.84.0/22
147.161.22.0/24 147.161.22.0/24
147.78.17.0/24 147.78.17.0/24
147.79.8.0/21
149.208.250.0/23 149.208.250.0/23
149.208.252.0/24 149.208.252.0/24
149.208.253.0/24 149.208.253.0/24
@ -35,7 +34,6 @@
149.249.244.0/22 149.249.244.0/22
149.249.244.0/23 149.249.244.0/23
149.249.246.0/23 149.249.246.0/23
153.17.244.8/29
153.17.249.0/24 153.17.249.0/24
153.17.250.0/24 153.17.250.0/24
153.17.251.0/24 153.17.251.0/24
@ -48,11 +46,7 @@
153.97.32.0/24 153.97.32.0/24
158.116.231.0/24 158.116.231.0/24
160.211.126.0/24 160.211.126.0/24
163.5.156.0/24 163.5.168.0/24
163.5.170.0/24
163.5.186.0/24
163.5.220.0/24
163.5.66.0/24
164.133.10.0/24 164.133.10.0/24
164.133.11.0/24 164.133.11.0/24
164.133.150.0/24 164.133.150.0/24
@ -66,9 +60,11 @@
168.199.192.0/22 168.199.192.0/22
168.199.212.0/22 168.199.212.0/22
170.237.92.0/23 170.237.92.0/23
171.25.178.0/24
176.221.24.0/24
176.221.25.0/24
176.53.136.0/24 176.53.136.0/24
176.53.137.0/24 176.53.137.0/24
176.57.59.0/24
185.100.160.0/22 185.100.160.0/22
185.101.244.0/23 185.101.244.0/23
185.101.246.0/23 185.101.246.0/23
@ -80,38 +76,45 @@
185.131.239.0/24 185.131.239.0/24
185.133.12.0/22 185.133.12.0/22
185.136.115.0/24 185.136.115.0/24
185.149.25.0/24
185.149.26.0/24
185.149.27.0/24
185.149.52.0/24 185.149.52.0/24
185.157.101.0/24 185.157.101.0/24
185.161.176.0/22 185.161.176.0/22
185.162.72.0/23
185.163.76.0/24 185.163.76.0/24
185.163.77.0/24 185.163.77.0/24
185.163.78.0/24 185.163.78.0/24
185.163.79.0/24 185.163.79.0/24
185.172.38.0/24
185.172.39.0/24
185.180.224.0/24 185.180.224.0/24
185.183.212.0/23 185.183.212.0/23
185.183.214.0/23 185.183.214.0/23
185.188.64.0/24 185.188.64.0/24
185.195.239.0/24
185.198.13.0/24 185.198.13.0/24
185.202.32.0/21 185.202.32.0/21
185.203.148.0/22
185.207.46.0/24 185.207.46.0/24
185.21.247.0/24 185.235.71.0/24
185.237.0.0/24 185.237.0.0/24
185.237.1.0/24 185.237.1.0/24
185.237.2.0/24 185.237.2.0/24
185.240.85.0/24
185.242.224.0/24 185.242.224.0/24
185.243.44.0/22 185.243.44.0/22
185.243.44.0/24 185.243.44.0/24
185.243.45.0/24 185.243.45.0/24
185.243.46.0/24 185.243.46.0/24
185.243.47.0/24 185.243.47.0/24
185.250.42.0/23
185.28.208.0/22 185.28.208.0/22
185.39.12.0/22 185.39.12.0/22
185.48.0.0/22 185.48.0.0/22
185.57.231.0/24
185.57.24.0/24 185.57.24.0/24
185.82.160.0/23 185.82.160.0/23
188.214.139.0/24 185.91.204.0/22
192.109.121.0/24 192.109.121.0/24
192.109.122.0/24 192.109.122.0/24
192.109.124.0/24 192.109.124.0/24
@ -173,6 +176,7 @@
193.110.102.0/23 193.110.102.0/23
193.110.102.0/24 193.110.102.0/24
193.110.103.0/24 193.110.103.0/24
193.124.35.0/24
193.138.91.0/24 193.138.91.0/24
193.141.143.0/24 193.141.143.0/24
193.141.180.0/23 193.141.180.0/23
@ -239,6 +243,7 @@
193.41.10.0/23 193.41.10.0/23
193.47.164.0/24 193.47.164.0/24
193.53.93.0/24 193.53.93.0/24
193.56.21.0/24
193.58.253.0/24 193.58.253.0/24
193.84.136.0/22 193.84.136.0/22
193.96.230.0/24 193.96.230.0/24
@ -248,7 +253,6 @@
193.98.224.0/24 193.98.224.0/24
193.99.96.0/20 193.99.96.0/20
194.0.151.0/24 194.0.151.0/24
194.0.232.0/24
194.110.133.0/24 194.110.133.0/24
194.113.160.0/22 194.113.160.0/22
194.113.20.0/23 194.113.20.0/23
@ -291,13 +295,6 @@
194.15.64.0/21 194.15.64.0/21
194.15.72.0/22 194.15.72.0/22
194.150.228.0/23 194.150.228.0/23
194.152.128.0/24
194.152.129.0/24
194.152.132.0/24
194.152.141.0/24
194.152.142.0/24
194.152.154.0/24
194.152.155.0/24
194.153.86.0/24 194.153.86.0/24
194.156.128.0/22 194.156.128.0/22
194.156.148.0/24 194.156.148.0/24
@ -340,20 +337,26 @@
194.39.63.0/24 194.39.63.0/24
194.39.88.0/21 194.39.88.0/21
194.39.97.0/24 194.39.97.0/24
194.45.144.0/21
194.49.110.0/24
194.49.117.0/24 194.49.117.0/24
194.49.118.0/23 194.49.118.0/23
194.49.125.0/24 194.49.125.0/24
194.49.48.0/24 194.49.48.0/24
194.49.54.0/24 194.49.54.0/24
194.49.72.0/24
194.49.73.0/24 194.49.73.0/24
194.49.74.0/23 194.49.74.0/23
194.49.85.0/24 194.49.85.0/24
194.55.158.0/24
194.55.180.0/24 194.55.180.0/24
194.55.183.0/24 194.55.183.0/24
194.55.192.0/19 194.55.192.0/19
194.55.63.0/24 194.55.63.0/24
194.55.64.0/20 194.55.64.0/20
194.55.87.0/24 194.55.87.0/24
194.58.40.0/24
194.58.56.0/23
194.59.143.0/24 194.59.143.0/24
194.59.150.0/24 194.59.150.0/24
194.59.151.0/24 194.59.151.0/24
@ -379,22 +382,34 @@
194.76.52.0/24 194.76.52.0/24
194.77.41.0/24 194.77.41.0/24
194.77.42.0/24 194.77.42.0/24
194.85.248.0/24
194.85.251.0/24
194.87.10.0/24
194.87.17.0/24
194.87.255.0/24
194.87.77.0/24
194.88.112.0/20
194.88.16.0/21 194.88.16.0/21
194.88.24.0/23 194.88.24.0/23
194.88.26.0/24 194.88.26.0/24
194.88.28.0/23 194.88.28.0/23
194.88.96.0/21
194.99.118.0/24 194.99.118.0/24
194.99.34.0/24 194.99.34.0/24
194.99.76.0/23 194.99.76.0/23
194.99.83.0/24 194.99.83.0/24
194.99.92.0/22 194.99.92.0/22
195.133.20.0/24
195.133.64.0/22
195.133.7.0/24 195.133.7.0/24
195.133.76.0/24
195.137.216.0/23 195.137.216.0/23
195.138.223.0/24 195.138.223.0/24
195.144.15.0/24 195.144.15.0/24
195.145.0.0/16 195.145.0.0/16
195.149.79.0/24 195.149.79.0/24
195.160.248.0/22 195.160.248.0/22
195.178.132.0/22
195.190.2.0/24 195.190.2.0/24
195.192.254.0/24 195.192.254.0/24
195.200.207.0/24 195.200.207.0/24
@ -421,14 +436,12 @@
198.40.90.0/24 198.40.90.0/24
198.57.10.0/24 198.57.10.0/24
2.160.0.0/12 2.160.0.0/12
2.58.100.0/24
2.58.102.0/24 2.58.102.0/24
204.52.120.0/24
204.52.121.0/24
204.69.32.0/24 204.69.32.0/24
205.142.63.0/24 205.142.63.0/24
212.184.0.0/15 212.184.0.0/15
212.185.0.0/16 212.185.0.0/16
212.87.217.0/24
213.145.90.0/23 213.145.90.0/23
213.145.92.0/23 213.145.92.0/23
213.173.0.0/19 213.173.0.0/19
@ -437,7 +450,6 @@
213.209.156.0/24 213.209.156.0/24
217.0.0.0/13 217.0.0.0/13
217.117.96.0/24 217.117.96.0/24
217.198.189.0/24
217.224.0.0/11 217.224.0.0/11
217.24.32.0/20 217.24.32.0/20
217.24.33.0/24 217.24.33.0/24
@ -447,21 +459,35 @@
31.224.0.0/11 31.224.0.0/11
31.6.56.0/23 31.6.56.0/23
37.143.0.0/22 37.143.0.0/22
37.230.56.0/24
37.230.57.0/24
37.230.58.0/23
37.230.60.0/24
37.230.63.0/24
37.46.11.0/24 37.46.11.0/24
37.50.0.0/15 37.50.0.0/15
37.80.0.0/12 37.80.0.0/12
45.128.14.0/23
45.132.217.0/24
45.132.80.0/22 45.132.80.0/22
45.141.54.0/24 45.140.208.0/24
45.145.16.0/24 45.141.130.0/24
45.142.236.0/24
45.145.241.0/24
45.145.243.0/24
45.147.227.0/24 45.147.227.0/24
45.155.77.0/24
45.81.255.0/24 45.81.255.0/24
45.83.136.0/22 45.83.136.0/22
45.84.214.0/24
45.93.186.0/23 45.93.186.0/23
46.20.216.0/21
46.250.224.0/21 46.250.224.0/21
46.250.232.0/21 46.250.232.0/21
46.78.0.0/15 46.78.0.0/15
46.80.0.0/12 46.80.0.0/12
5.10.208.0/24
5.10.209.0/24
5.10.220.0/24
5.133.112.0/24 5.133.112.0/24
5.249.188.0/22 5.249.188.0/22
5.35.192.0/21 5.35.192.0/21
@ -477,11 +503,14 @@
64.137.119.0/24 64.137.119.0/24
64.137.125.0/24 64.137.125.0/24
64.137.127.0/24 64.137.127.0/24
77.242.149.0/24
77.47.152.0/22 77.47.152.0/22
77.83.136.0/23 77.83.136.0/23
77.83.138.0/23 77.83.138.0/23
77.83.32.0/22
77.90.156.0/24 77.90.156.0/24
77.90.184.0/24 77.90.184.0/24
79.139.52.0/22
79.192.0.0/10 79.192.0.0/10
80.128.0.0/11 80.128.0.0/11
80.128.0.0/12 80.128.0.0/12
@ -493,47 +522,38 @@
80.157.8.0/21 80.157.8.0/21
80.187.0.0/16 80.187.0.0/16
80.187.160.0/20 80.187.160.0/20
80.244.13.0/24
80.64.240.0/22 80.64.240.0/22
80.71.231.0/24 80.71.231.0/24
80.71.233.0/24 80.71.233.0/24
80.71.235.0/24 80.71.235.0/24
80.71.236.0/24 80.71.236.0/24
80.71.238.0/24 80.71.238.0/24
80.83.80.0/21
81.201.32.0/20 81.201.32.0/20
81.31.210.0/23 81.30.96.0/20
82.163.104.0/21 82.152.178.0/24
82.163.60.0/22 82.163.60.0/22
82.206.32.0/21 82.206.32.0/21
82.206.40.0/21 82.206.40.0/21
82.206.48.0/21
82.215.70.0/24 82.215.70.0/24
83.136.208.0/22
83.147.36.0/22
83.243.48.0/21 83.243.48.0/21
84.128.0.0/10 84.128.0.0/10
84.234.16.0/20
84.246.108.0/24 84.246.108.0/24
84.32.108.0/22 84.32.108.0/22
84.32.48.0/22 84.32.48.0/22
84.55.0.0/24
84.55.1.0/24
84.55.2.0/24
84.55.3.0/24
84.55.4.0/24
84.55.5.0/24
84.55.6.0/24
84.55.7.0/24
85.116.28.0/24 85.116.28.0/24
85.116.29.0/24 85.116.29.0/24
85.116.30.0/24 85.116.30.0/24
85.116.31.0/24 85.116.31.0/24
85.119.160.0/23 85.119.160.0/23
85.204.181.0/24 85.204.160.0/22
85.208.248.0/24 85.208.248.0/24
85.208.249.0/24 85.208.249.0/24
85.208.250.0/24 85.208.250.0/24
85.208.251.0/24 85.208.251.0/24
86.105.211.0/24 85.237.76.0/22
86.107.164.0/24
86.38.248.0/21 86.38.248.0/21
86.38.37.0/24 86.38.37.0/24
87.128.0.0/10 87.128.0.0/10
@ -544,40 +564,10 @@
88.216.60.0/22 88.216.60.0/22
89.116.64.0/22 89.116.64.0/22
89.213.186.0/23 89.213.186.0/23
89.39.97.0/24 89.35.127.0/24
89.43.34.0/24 89.43.34.0/24
91.0.0.0/10 91.0.0.0/10
91.103.240.0/21 91.103.240.0/21
91.124.135.0/24
91.124.19.0/24
91.124.20.0/24
91.124.21.0/24
91.124.22.0/24
91.124.23.0/24
91.124.24.0/24
91.124.26.0/24
91.124.27.0/24
91.124.28.0/24
91.124.31.0/24
91.124.32.0/24
91.124.33.0/24
91.124.34.0/24
91.124.36.0/24
91.124.37.0/24
91.124.38.0/24
91.124.39.0/24
91.124.40.0/24
91.124.41.0/24
91.124.42.0/24
91.124.43.0/24
91.124.44.0/24
91.124.45.0/24
91.124.46.0/24
91.124.47.0/24
91.124.50.0/24
91.124.51.0/24
91.124.6.0/24
91.124.7.0/24
91.189.192.0/21 91.189.192.0/21
91.194.232.0/23 91.194.232.0/23
91.198.113.0/24 91.198.113.0/24
@ -602,40 +592,19 @@
91.216.242.0/24 91.216.242.0/24
91.216.45.0/24 91.216.45.0/24
91.217.214.0/24 91.217.214.0/24
91.221.12.0/23
91.222.232.0/22 91.222.232.0/22
91.227.98.0/23 91.227.98.0/23
91.232.136.0/22
91.232.54.0/24 91.232.54.0/24
92.112.128.0/24
92.112.155.0/24
92.112.157.0/24
92.112.16.0/22
92.112.160.0/24
92.112.162.0/24
92.112.165.0/24
92.112.167.0/24
92.112.20.0/22
92.112.48.0/24
92.112.49.0/24
92.112.52.0/24
92.112.54.0/24
92.112.59.0/24
92.112.63.0/24
92.112.64.0/24
92.112.67.0/24
92.112.79.0/24
92.112.81.0/24
92.112.83.0/24
92.112.94.0/24
92.114.44.0/22 92.114.44.0/22
92.119.164.0/22 92.119.164.0/22
92.119.208.0/24 92.119.208.0/24
92.119.209.0/24 92.119.209.0/24
92.119.210.0/24 92.119.210.0/24
92.119.211.0/24 92.119.211.0/24
93.113.70.0/24 93.119.184.0/21
93.119.201.0/24
93.192.0.0/10 93.192.0.0/10
93.95.119.0/24
94.126.98.0/24 94.126.98.0/24
94.26.110.0/23 94.26.110.0/23
94.26.64.0/23 94.26.64.0/23
@ -651,6 +620,7 @@
2001:678:b38::/48 2001:678:b38::/48
2001:678:bdc::/48 2001:678:bdc::/48
2001:678:d4c::/48 2001:678:d4c::/48
2001:678:e9c::/48
2001:678:ff0::/48 2001:678:ff0::/48
2001:67c:11a4::/48 2001:67c:11a4::/48
2001:67c:14c4::/48 2001:67c:14c4::/48
@ -671,7 +641,6 @@
2001:67c:b80::/48 2001:67c:b80::/48
2001:67c:c84::/48 2001:67c:c84::/48
2001:67c:c9c::/48 2001:67c:c9c::/48
2001:67c:ec0::/48
2003:3c0::/28 2003:3c0::/28
2003:3e0::/28 2003:3e0::/28
2003:8:1800::/48 2003:8:1800::/48
@ -694,8 +663,6 @@
2003::/19 2003::/19
2003::/20 2003::/20
2003::/23 2003::/23
2a00:5c60:3::/48
2a00:5c60:a::/48
2a00:6680::/46 2a00:6680::/46
2a01:598::/29 2a01:598::/29
2a01:8fa0::/32 2a01:8fa0::/32
@ -727,11 +694,8 @@
2a0d:480::/29 2a0d:480::/29
2a0d:480::/30 2a0d:480::/30
2a0d:484::/30 2a0d:484::/30
2a0e:cbc4::/32
2a0e:cbc5::/32
2a0e:cbc6::/32
2a0e:cbc7::/32
2a0e:eb40::/32 2a0e:eb40::/32
2a0f:15c0::/32
2a10:cd80::/29 2a10:cd80::/29
2a11:7400:d1::/48 2a11:7400:d1::/48
2a12:6900:1000::/40 2a12:6900:1000::/40

315
configs/as8881.txt
View file

@ -1,13 +1,19 @@
104.151.0.0/17 104.151.0.0/17
109.250.0.0/16 109.250.0.0/16
109.250.0.0/18 109.250.0.0/20
109.250.128.0/19 109.250.128.0/19
109.250.16.0/20
109.250.160.0/19 109.250.160.0/19
109.250.192.0/19 109.250.192.0/19
109.250.224.0/19 109.250.224.0/19
109.250.64.0/18 109.250.32.0/19
109.250.64.0/19
109.250.80.0/22
109.250.84.0/22
109.250.88.0/22
109.250.92.0/22
109.250.96.0/19
134.101.0.0/21 134.101.0.0/21
14.102.90.0/24
143.58.64.0/18 143.58.64.0/18
149.233.32.0/19 149.233.32.0/19
153.94.0.0/20 153.94.0.0/20
@ -29,7 +35,6 @@
185.151.201.0/24 185.151.201.0/24
185.151.203.0/24 185.151.203.0/24
185.158.48.0/22 185.158.48.0/22
185.187.122.0/24
185.199.205.0/24 185.199.205.0/24
185.235.232.0/22 185.235.232.0/22
185.8.230.0/23 185.8.230.0/23
@ -40,13 +45,13 @@
192.166.84.0/22 192.166.84.0/22
192.166.87.0/24 192.166.87.0/24
192.166.88.0/21 192.166.88.0/21
192.189.14.0/24
193.101.4.0/23 193.101.4.0/23
193.102.10.0/24 193.101.5.0/24
193.111.212.0/22 193.111.212.0/22
193.111.212.0/24 193.111.212.0/24
193.163.13.0/24 193.163.13.0/24
193.17.225.0/24 193.163.13.0/25
193.163.13.128/25
193.219.15.0/24 193.219.15.0/24
193.22.120.0/21 193.22.120.0/21
193.22.120.0/24 193.22.120.0/24
@ -87,7 +92,7 @@
194.127.144.0/21 194.127.144.0/21
194.127.203.0/24 194.127.203.0/24
194.139.55.0/24 194.139.55.0/24
194.145.218.0/23 194.145.230.0/24
194.156.216.0/21 194.156.216.0/21
194.156.232.0/23 194.156.232.0/23
194.156.233.0/24 194.156.233.0/24
@ -110,23 +115,24 @@
194.99.0.0/21 194.99.0.0/21
195.149.80.0/23 195.149.80.0/23
195.167.208.0/20 195.167.208.0/20
195.191.20.0/23
195.202.32.0/19 195.202.32.0/19
195.226.160.0/19 195.226.160.0/19
195.226.96.0/19 195.226.96.0/19
195.234.139.0/24 195.234.139.0/24
195.238.233.0/24 195.238.233.0/24
195.238.238.0/24 195.244.10.0/23
195.64.176.0/23 195.64.176.0/23
195.93.158.0/23 195.93.158.0/23
202.71.128.0/20 202.71.128.0/20
202.71.141.0/24
212.204.0.0/19 212.204.0.0/19
212.7.128.0/19 212.7.128.0/19
212.8.0.0/19 212.8.0.0/19
212.80.224.0/19 212.80.224.0/19
212.80.224.0/20
212.80.240.0/20
212.93.0.0/19 212.93.0.0/19
213.138.32.0/19 213.138.32.0/19
213.138.35.0/24
213.139.128.0/19 213.139.128.0/19
213.182.128.0/19 213.182.128.0/19
213.30.192.0/18 213.30.192.0/18
@ -143,155 +149,307 @@
45.13.15.0/24 45.13.15.0/24
46.142.0.0/16 46.142.0.0/16
46.142.0.0/19 46.142.0.0/19
46.142.112.0/20
46.142.128.0/19 46.142.128.0/19
46.142.160.0/19 46.142.160.0/19
46.142.194.0/24
46.142.214.0/24 46.142.214.0/24
46.142.224.0/19 46.142.224.0/19
46.142.32.0/19 46.142.32.0/20
46.142.48.0/20
46.142.64.0/19 46.142.64.0/19
46.142.96.0/19
46.142.96.0/20 46.142.96.0/20
46.189.0.0/17 46.189.0.0/17
46.189.116.0/24
61.8.128.0/19 61.8.128.0/19
61.8.128.0/22
61.8.132.0/22
61.8.136.0/22
61.8.144.0/22
61.8.152.0/22
61.8.156.0/24
61.8.157.0/24
62.214.0.0/16 62.214.0.0/16
62.214.213.0/24
62.214.224.0/19 62.214.224.0/19
62.217.32.0/19 62.217.32.0/19
62.220.0.0/19 62.220.0.0/19
62.68.82.0/24 62.68.82.0/24
62.72.64.0/19 62.72.64.0/19
62.72.70.0/24 62.72.88.0/22
62.72.92.0/23
62.72.94.0/24
77.74.136.0/21 77.74.136.0/21
77.87.190.0/24 77.87.190.0/24
80.241.192.0/20
80.242.160.0/19 80.242.160.0/19
82.119.160.0/19 82.119.160.0/19
82.140.0.0/18 82.140.0.0/18
82.140.48.0/20 82.140.2.0/23
82.140.2.0/24
82.140.3.0/24
82.140.48.0/21
82.144.32.0/19 82.144.32.0/19
82.144.34.0/24
82.144.35.0/24
82.144.36.0/24
82.144.37.0/24
82.145.0.0/19 82.145.0.0/19
82.194.96.0/19 82.194.96.0/19
82.207.128.0/17 82.207.128.0/17
82.207.192.0/19 82.207.192.0/19
82.207.224.0/21
82.207.232.0/22
82.207.236.0/24
82.207.240.0/20
82.207.244.0/24
82.207.245.0/24
82.207.246.0/24
82.207.247.0/24
82.207.248.0/24
82.207.249.0/24
82.207.250.0/24
82.207.251.0/24
82.207.252.0/24
82.207.253.0/24
82.207.254.0/24
82.207.255.0/24
83.135.0.0/16 83.135.0.0/16
83.135.0.0/20 83.135.0.0/22
83.135.112.0/20 83.135.112.0/20
83.135.128.0/19 83.135.128.0/19
83.135.16.0/22
83.135.160.0/21 83.135.160.0/21
83.135.164.0/22
83.135.168.0/21 83.135.168.0/21
83.135.176.0/22 83.135.176.0/22
83.135.180.0/22
83.135.184.0/21 83.135.184.0/21
83.135.192.0/20 83.135.192.0/20
83.135.20.0/24
83.135.208.0/20 83.135.208.0/20
83.135.21.0/24
83.135.22.0/24
83.135.224.0/22 83.135.224.0/22
83.135.23.0/24
83.135.230.0/23
83.135.232.0/21 83.135.232.0/21
83.135.24.0/24
83.135.240.0/22 83.135.240.0/22
83.135.244.0/24
83.135.245.0/24
83.135.248.0/24
83.135.249.0/24
83.135.25.0/24
83.135.250.0/24
83.135.251.0/24
83.135.252.0/24
83.135.253.0/24
83.135.254.0/24
83.135.255.0/24
83.135.26.0/24
83.135.27.0/24
83.135.28.0/24
83.135.29.0/24
83.135.30.0/24
83.135.31.0/24
83.135.32.0/19
83.135.4.0/22
83.135.64.0/19 83.135.64.0/19
83.135.8.0/21
83.135.96.0/20 83.135.96.0/20
84.19.192.0/19 84.19.192.0/19
84.19.192.0/20
84.19.208.0/20
87.122.0.0/15 87.122.0.0/15
87.122.0.0/16
87.122.0.0/20 87.122.0.0/20
87.122.128.0/21 87.122.128.0/21
87.122.136.0/22
87.122.144.0/20 87.122.144.0/20
87.122.16.0/20 87.122.16.0/20
87.122.160.0/20 87.122.160.0/20
87.122.176.0/21 87.122.176.0/21
87.122.184.0/24
87.122.185.0/24
87.122.186.0/24
87.122.187.0/24
87.122.188.0/24
87.122.189.0/24
87.122.190.0/24
87.122.191.0/24
87.122.192.0/19 87.122.192.0/19
87.122.224.0/19 87.122.224.0/19
87.122.32.0/19 87.122.32.0/19
87.122.64.0/19 87.122.64.0/19
87.122.96.0/19 87.122.96.0/19
87.123.0.0/16
87.123.0.0/19 87.123.0.0/19
87.123.112.0/20
87.123.128.0/19 87.123.128.0/19
87.123.160.0/20 87.123.160.0/20
87.123.176.0/20 87.123.176.0/20
87.123.194.0/24 87.123.192.0/20
87.123.196.0/24 87.123.208.0/22
87.123.203.0/24
87.123.216.0/21 87.123.216.0/21
87.123.224.0/20 87.123.224.0/20
87.123.240.0/21 87.123.240.0/22
87.123.244.0/22
87.123.248.0/22
87.123.252.0/24
87.123.253.0/24
87.123.254.0/24
87.123.255.0/24
87.123.32.0/19 87.123.32.0/19
87.123.64.0/20 87.123.64.0/20
87.123.80.0/20 87.123.80.0/20
87.123.96.0/19 87.123.96.0/19
87.123.96.0/20
88.130.0.0/16 88.130.0.0/16
88.130.0.0/19
88.130.130.0/23
88.130.132.0/22
88.130.136.0/21 88.130.136.0/21
88.130.144.0/20 88.130.144.0/21
88.130.152.0/24
88.130.153.0/24
88.130.154.0/24
88.130.155.0/24
88.130.156.0/22
88.130.156.0/24
88.130.157.0/24
88.130.158.0/24
88.130.159.0/24
88.130.160.0/21
88.130.172.0/22
88.130.176.0/21 88.130.176.0/21
88.130.192.0/23 88.130.180.0/24
88.130.194.0/23 88.130.181.0/24
88.130.182.0/24
88.130.183.0/24
88.130.184.0/24
88.130.185.0/24
88.130.186.0/24
88.130.187.0/24
88.130.188.0/24
88.130.189.0/24
88.130.190.0/24
88.130.191.0/24
88.130.192.0/21
88.130.200.0/21
88.130.208.0/21
88.130.216.0/21 88.130.216.0/21
88.130.216.0/22
88.130.220.0/24
88.130.221.0/24
88.130.222.0/24
88.130.223.0/24
88.130.32.0/20
88.130.48.0/24 88.130.48.0/24
88.130.49.0/24 88.130.49.0/24
88.130.50.0/24 88.130.50.0/24
88.130.51.0/24
88.130.52.0/24 88.130.52.0/24
88.130.53.0/24 88.130.53.0/24
88.130.54.0/23 88.130.54.0/24
88.130.55.0/24
88.130.56.0/24 88.130.56.0/24
88.130.57.0/24 88.130.57.0/24
88.130.58.0/24 88.130.58.0/24
88.130.59.0/24 88.130.59.0/24
88.130.60.0/24
88.130.61.0/24 88.130.61.0/24
88.130.62.0/24
88.130.63.0/24 88.130.63.0/24
88.130.64.0/19 88.130.64.0/19
88.130.96.0/19 88.130.96.0/19
89.207.200.0/21
89.244.0.0/14 89.244.0.0/14
89.244.0.0/16
89.244.112.0/21
89.244.120.0/21 89.244.120.0/21
89.244.120.0/22
89.244.124.0/24
89.244.126.0/24
89.244.127.0/24
89.244.160.0/21 89.244.160.0/21
89.244.164.0/22
89.244.168.0/21
89.244.176.0/20 89.244.176.0/20
89.244.192.0/19 89.244.192.0/19
89.244.224.0/20 89.244.224.0/20
89.244.76.0/24 89.244.240.0/20
89.244.78.0/23 89.244.64.0/21
89.244.72.0/22
89.244.80.0/20 89.244.80.0/20
89.244.96.0/22 89.244.96.0/20
89.245.0.0/16
89.245.0.0/20 89.245.0.0/20
89.245.112.0/20
89.245.158.0/24
89.245.159.0/24
89.245.16.0/20 89.245.16.0/20
89.245.160.0/20 89.245.160.0/20
89.245.176.0/21 89.245.176.0/21
89.245.184.0/24
89.245.185.0/24
89.245.186.0/24
89.245.187.0/24
89.245.188.0/24
89.245.189.0/24
89.245.190.0/24
89.245.191.0/24
89.245.192.0/19 89.245.192.0/19
89.245.224.0/19 89.245.224.0/19
89.245.32.0/19 89.245.32.0/19
89.245.64.0/19 89.245.32.0/20
89.245.64.0/20
89.245.80.0/20
89.245.96.0/20 89.245.96.0/20
89.246.0.0/16
89.246.0.0/19 89.246.0.0/19
89.246.104.0/23
89.246.106.0/24
89.246.107.0/24
89.246.108.0/24
89.246.109.0/24
89.246.110.0/24
89.246.111.0/24
89.246.112.0/22 89.246.112.0/22
89.246.116.0/22
89.246.120.0/24
89.246.121.0/24
89.246.122.0/24 89.246.122.0/24
89.246.123.0/24
89.246.124.0/22 89.246.124.0/22
89.246.160.0/20
89.246.160.0/21 89.246.160.0/21
89.246.176.0/22
89.246.180.0/22
89.246.184.0/21 89.246.184.0/21
89.246.192.0/19 89.246.192.0/19
89.246.32.0/19 89.246.32.0/20
89.246.48.0/21
89.246.56.0/21
89.246.96.0/21 89.246.96.0/21
89.247.0.0/16
89.247.0.0/19 89.247.0.0/19
89.247.112.0/21 89.247.112.0/21
89.247.112.0/22
89.247.120.0/22 89.247.120.0/22
89.247.124.0/24
89.247.125.0/24
89.247.126.0/24
89.247.127.0/24
89.247.144.0/20 89.247.144.0/20
89.247.160.0/20 89.247.160.0/20
89.247.179.0/24
89.247.192.0/20 89.247.192.0/20
89.247.208.0/21
89.247.216.0/22 89.247.216.0/22
89.247.228.0/22 89.247.224.0/21
89.247.232.0/21 89.247.232.0/21
89.247.232.0/22
89.247.236.0/22 89.247.236.0/22
89.247.252.0/22 89.247.240.0/21
89.247.240.0/22
89.247.252.0/24
89.247.253.0/24
89.247.254.0/24
89.247.255.0/24
89.247.32.0/19 89.247.32.0/19
89.247.32.0/20 89.247.32.0/20
89.247.64.0/20 89.247.64.0/20
89.247.80.0/20 89.247.80.0/20
89.247.96.0/20
89.27.128.0/17 89.27.128.0/17
89.27.153.0/24
91.194.180.0/23 91.194.180.0/23
91.198.67.0/24 91.198.67.0/24
91.199.158.0/24 91.199.158.0/24
@ -310,7 +468,8 @@
92.116.120.0/21 92.116.120.0/21
92.116.128.0/18 92.116.128.0/18
92.116.16.0/20 92.116.16.0/20
92.116.192.0/18 92.116.192.0/19
92.116.224.0/19
92.116.32.0/19 92.116.32.0/19
92.116.64.0/18 92.116.64.0/18
92.116.96.0/19 92.116.96.0/19
@ -324,34 +483,67 @@
92.117.240.0/21 92.117.240.0/21
92.117.248.0/21 92.117.248.0/21
92.117.64.0/19 92.117.64.0/19
92.117.96.0/19
94.134.0.0/15 94.134.0.0/15
94.134.0.0/18 94.134.0.0/18
94.134.112.0/22 94.134.100.0/22
94.134.112.0/21
94.134.120.0/24
94.134.121.0/24
94.134.122.0/24
94.134.123.0/24
94.134.124.0/24
94.134.125.0/24
94.134.126.0/24
94.134.127.0/24
94.134.128.0/20
94.134.144.0/20 94.134.144.0/20
94.134.160.0/21 94.134.160.0/21
94.134.168.0/22 94.134.168.0/22
94.134.172.0/22 94.134.172.0/22
94.134.176.0/20
94.134.176.0/21 94.134.176.0/21
94.134.192.0/22 94.134.192.0/20
94.134.208.0/21
94.134.216.0/21 94.134.216.0/21
94.134.64.0/22 94.134.224.0/19
94.134.68.0/22 94.134.64.0/20
94.134.80.0/22 94.134.80.0/22
94.134.88.0/22 94.134.84.0/24
94.134.94.0/23 94.134.85.0/24
94.134.86.0/24
94.134.87.0/24
94.134.88.0/24
94.134.89.0/24
94.134.90.0/24
94.134.91.0/24
94.134.92.0/24
94.134.93.0/24
94.134.94.0/24
94.134.95.0/24
94.134.96.0/20 94.134.96.0/20
94.134.96.0/22
2001:1438:1000::/36 2001:1438:1000::/36
2001:1438:1:100::/56
2001:1438:1:200::/56
2001:1438:1:300::/56
2001:1438:1:400::/56
2001:1438:1:900::/56
2001:1438:1:a00::/56
2001:1438:2000::/36 2001:1438:2000::/36
2001:1438:3000::/36 2001:1438:3000::/36
2001:1438:4000::/36 2001:1438:4000::/36
2001:1438::/32 2001:1438::/32
2001:1438:f000::/36
2001:1438:fff:10::/64
2001:1438:fff:11::/64
2001:1438:fff:12::/64
2001:1438:fff:3::/64
2001:1438:fff:4::/64
2001:1438:fff:5::/64
2001:1438:fff:6::/64
2001:1438:fff:7::/64
2001:1438:fff:8::/64
2001:1438:fff:9::/64
2001:1438:fff:a::/64
2001:1438:fff:b::/64
2001:1438:fff:c::/64
2001:1438:fff:d::/64
2001:1438:fff:e::/64
2001:1438:fff:f::/64
2001:16b8:1000::/40 2001:16b8:1000::/40
2001:16b8:100::/40 2001:16b8:100::/40
2001:16b8:1100::/40 2001:16b8:1100::/40
@ -401,14 +593,12 @@
2001:16b8:a000::/35 2001:16b8:a000::/35
2001:16b8:a00::/40 2001:16b8:a00::/40
2001:16b8:b00::/40 2001:16b8:b00::/40
2001:16b8:c000::/35
2001:678:c74::/48 2001:678:c74::/48
2001:67c:27ac::/48 2001:67c:27ac::/48
2001:67c:2878::/48 2001:67c:2878::/48
2001:67c:2e8c::/48 2001:67c:2e8c::/48
2001:67c:660::/48 2001:67c:660::/48
2001:67c:888::/48 2001:67c:888::/48
2001:67c:ed8::/48
2001:7b0::/32 2001:7b0::/32
2001:9e8:2000::/35 2001:9e8:2000::/35
2001:9e8:4000::/35 2001:9e8:4000::/35
@ -425,11 +615,10 @@
2a00:fb8:4000::/35 2a00:fb8:4000::/35
2a00:fb8:6000::/35 2a00:fb8:6000::/35
2a00:fb8::/29 2a00:fb8::/29
2a00:fb8::/32
2a00:fb8::/35 2a00:fb8::/35
2a03:3fc0:2000::/48 2a03:3fc0:2000::/48
2a07:9400::/29 2a07:9400::/29
2a0a:ed40::/29 2a0a:ed40::/29
2a0b:9e80:1000::/36
2a0d:240::/29 2a0d:240::/29
2a0d:ad00::/29 2a0d:ad00::/29
2a11:d00::/32

118
configs/netbox/home.switch-rack.json → configs/netbox_device_home.switch-rack.json
View file

@ -4,225 +4,225 @@
"description": "home.router (enp1s0)", "description": "home.router (enp1s0)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "tagged-all", "mode": "TAGGED_ALL",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": null "untagged_vlan": null
}, },
"ether10": { "ether10": {
"description": "home.mitel-rfp35 (LAN)", "description": "home.mitel-rfp35 (LAN)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether11": { "ether11": {
"description": "home.usv01 (LAN)", "description": "home.usv01 (LAN)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether12": { "ether12": {
"description": "", "description": "home.rechenmonster (IPMI)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether13": { "ether13": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether14": { "ether14": {
"description": "", "description": "home.rechenmonster (LAN)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether15": { "ether15": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether16": { "ether16": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether17": { "ether17": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether18": { "ether18": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether19": { "ether19": {
"description": "home.lgtv-wohnzimmer", "description": "home.lgtv-wohnzimmer",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether2": { "ether2": {
"description": "Fritz!Box (LAN1)", "description": "Fritz!Box (LAN1)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.wan" "untagged_vlan": "home.wan"
}, },
"ether20": { "ether20": {
"description": "Franzi Laptop", "description": "Franzi Laptop",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether21": { "ether21": {
"description": "", "description": "Sophie Laptop",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether22": { "ether22": {
"description": "Arbeitsplatz Regal", "description": "Sophie Desktop",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether23": { "ether23": {
"description": "Wohnzimmer Kabel", "description": "Wohnzimmer Kabel",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether24": { "ether24": {
"description": "home.snom-wohnzimmer", "description": "home.snom-wohnzimmer",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether3": { "ether3": {
"description": "home.aruba325-schlafzimmer", "description": "home.aruba325-schlafzimmer",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "tagged", "mode": "TAGGED",
"tagged_vlans": [ "tagged_vlans": [
"ffwi.client", "ffwi.client",
"home.v6only" "home.v6only"
], ],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether4": { "ether4": {
"description": "home.aruba325-wohnzimmer", "description": "home.aruba325-wohnzimmer",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "tagged", "mode": "TAGGED",
"tagged_vlans": [ "tagged_vlans": [
"ffwi.client", "ffwi.client",
"home.v6only" "home.v6only"
], ],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether5": { "ether5": {
"description": "home.nas (eno1)", "description": "home.nas (eno1)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "tagged-all", "mode": "TAGGED_ALL",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": null "untagged_vlan": null
}, },
"ether6": { "ether6": {
"description": "home.aruba325-office", "description": "home.aruba325-office",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "tagged", "mode": "TAGGED",
"tagged_vlans": [ "tagged_vlans": [
"ffwi.client", "ffwi.client",
"home.v6only" "home.v6only"
], ],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether7": { "ether7": {
"description": "RIPE-Probe #28280 (LAN)", "description": "RIPE-Probe #28280 (LAN)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.dmz" "untagged_vlan": "home.dmz"
}, },
"ether8": { "ether8": {
"description": "home.drucker-franzi", "description": "home.drucker-sophie",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether9": { "ether9": {
"description": "info-beamer 12199 (LAN)", "description": "info-beamer 12199 (LAN)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "access", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "1000base-t", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"home.clients": { "home.clients": {
@ -231,27 +231,27 @@
"ips": [ "ips": [
"172.19.138.4/24" "172.19.138.4/24"
], ],
"mode": "", "mode": null,
"tagged_vlans": [], "tagged_vlans": [],
"type": "virtual", "type": "VIRTUAL",
"untagged_vlan": null "untagged_vlan": null
}, },
"sfp-sfpplus1": { "sfp-sfpplus1": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "", "mode": null,
"tagged_vlans": [], "tagged_vlans": [],
"type": "10gbase-x-sfpp", "type": "A_10GBASE_X_SFPP",
"untagged_vlan": null "untagged_vlan": null
}, },
"sfp-sfpplus2": { "sfp-sfpplus2": {
"description": "", "description": "",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "", "mode": null,
"tagged_vlans": [], "tagged_vlans": [],
"type": "10gbase-x-sfpp", "type": "A_10GBASE_X_SFPP",
"untagged_vlan": null "untagged_vlan": null
} }
}, },

98
data/apt/files/gpg-keys/grafana.asc
View file

@ -1,46 +1,4 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFiHXVIBCADr3VDEAGpq9Sg/xrPVu1GGqWGXdbnTbbNKeveCtFHZz7/GSATW
iwiY1skvlAOBiIKCqJEji0rZZgd8WxuhdfugiCBk1hDTMWCpjI0P+YymV77jHjYB
jHrKNlhb+aLjEd9Gf2EtbKUT1fvGUkzlVrcRGSX/XR9MBZlgja7NIyuVbn3uwZQ4
jflWSNSlvMpohNxTFkrBFTRrCJXhbDLfCS46+so22CP3+1VQyqJ7/6RWK9v9KYdS
AVNgILXMggSrMqha4WA1a/ktczVQXNtP8IuPxTdp9pNYsklOTmrFVeq3mXsvWh9Q
lIhpYHIZlTZ5wVBq4wTRchsXC5MubIhz+ASDABEBAAG0GkdyYWZhbmEgPGluZm9A
Z3JhZmFuYS5jb20+iQE4BBMBAgAiBQJYh11SAhsDBgsJCAcDAgYVCAIJCgsEFgID
AQIeAQIXgAAKCRCMjDTFJAmMthxJB/9Id6JrwqRkJW+eSBb71FGQmRsJvNFR8J+3
NPVhJNkTFFOM7TnjAMUIv+LYEURqGcceTNAN1aHq/7n/8ybXucCS0CnDYyNYpyVs
tWJ3FOQK3jPrmziDCWPQATqMM/Z2auXVFWrDFqfh2xKZNjuix0w2nyuWB8U0CG2U
89w+ksPJblGGU5xLPPzDQoAqyZXY3gpGGTkCuohMq2RWYbp/QJSQagYhQkKZoJhr
XJlnw4At6R1A5UUPzDw6WJqMRkGrkieE6ApIgf1vZSmnLRpXkqquRTAEyGT8Pugg
ee6YkD19/LK6ED6gn32StY770U9ti560U7oRjrOPK/Kjp4+qBtkQuQENBFiHXVIB
CACz4hO1g/4fKO9QWLcbSWpB75lbNgt1kHXP0UcW8TE0DIgqrifod09lC85adIz0
zdhs+00lLqckM5wNbp2r+pd5rRaxOsMw2V+c/y1Pt3qZxupmPc5l5lL6jzbEVR9g
ygPaE+iabTk9Np2OZQ7Qv5gIDzivqK2mRHXaHTzoQn2dA/3xpFcxnen9dvu7LCpA
CdScSj9/UIRKk9PHIgr2RJhcjzLx0u1PxN9MEqfIsIJUUgZOoDsr8oCs44PGGIMm
cK1CKALLLiC4ZM58B56jRyXo18MqB6VYsC1X9wkcIs72thL3tThXO70oDGcoXzoo
ywAHBH63EzEyduInOhecDIKlABEBAAGJAR8EGAECAAkFAliHXVICGwwACgkQjIw0
xSQJjLbWSwf/VIM5wEFBY4QLGUAfqfjDyfGXpcha58Y24Vv3n6MwJqnCIbTAaeWf
30CZ/wHg3NNIMB7I31vgmMOEbHQdv0LPTi9TG205VQeehcpNtZRZQ0D8TIetbxyi
Emmn9osig9U3/7jaAWBabE/9bGx4TF3eLlEH9wmFrNYeXvgRqmyqVoqhIMCNAAOY
REYyHyy9mzr9ywkwl0aroBqhzKIPyFlatZy9oRKllY/CCKO9RJy4DZidLphuwzqU
ymdQ1sqe5nKvwG5GvcncPc3O7LMevDBWnpNNkgERnVxCqpm90TuE3ONbirnU4+/S
tUsVU1DERc1fjOCnAm4pKIlNYphISIE7OQ==
=0pMC
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: This is a revocation certificate
iQE2BCABCgAgFiEETkDd9tduKEpKZ4DkjIw0xSQJjLYFAmO9q0cCHQIACgkQjIw0
xSQJjLarJAf+JJU0CHTMSSs5WH6ohVy54HN+ev7p7vfcgvvFBAWZLTLrG5+eFUH0
w0m9KegxAs+H/H/68ld1jY/P62fvkOR7WCWQ7HH+8ClKLwuWS4DpOHK9IOkHDK0w
0pVJ6NBiwhv8/B7EmiBf9zndjMtYa/wf8JZYVOXb0XE0L+Ec0WZSRZH+/WGA1E1s
MSgPwqDF7RKXDCJ65elYxi9CPZvXhj6RVldn/aRuHf5/SCDE/HmnDB9+v6ReEsWV
r/Xis2J0pWphpF/xtYxGf+Iy5fAHwDd4z9uKs9mBHSR0aDisuAW/eHF6KvBzQ7y0
Yf3KxEyDvLwuAA5NBi7Xsd2wSKdfBGUGcQ==
=KTb+
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGO4aiUBDAC82zo3vUyQH3yTCabQ7ZpospBg/xXBbJWbQNksIbEP/+I12CjB mQGNBGO4aiUBDAC82zo3vUyQH3yTCabQ7ZpospBg/xXBbJWbQNksIbEP/+I12CjB
zac1QcMFd27MJlyXpsTqqSo1ZHOisNy0Tmyl/WlqMyoMeChg+LmIHLNbvAK0jPOX zac1QcMFd27MJlyXpsTqqSo1ZHOisNy0Tmyl/WlqMyoMeChg+LmIHLNbvAK0jPOX
@ -81,59 +39,3 @@ Fj8eP2CocfRC+Lqv0azQwyEVMkYSMKoFbhXmjiBZn9JxblndKnVbByA1/nMAa0Q7
HTJC50jDJfpM9d1xQW/W5LBSQjd3czM6zlRXsliX HTJC50jDJfpM9d1xQW/W5LBSQjd3czM6zlRXsliX
=lSMJ =lSMJ
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: This is a revocation certificate
iQG2BCABCAAgFiEEDiLriOOeEid6d2CunkObECzzwMYFAmO4amECHQAACgkQnkOb
ECzzwMYiDQv/bbRnEhrFhr5XyA2vnu6nTZezbMwArC/ZwtFxtnj2iAwGZYY/pbPx
L8cHTpvK99I6J02SBHpmzthwHSindddPjuuQENdqH/TDlGvPH/mECJVTN9/kpjlg
HtO0MVKAKyXGbij7fR8prfPMRqOFbo4Rn9nQZZ/eY9KwkKVKxKHymppNbUbvv1qQ
NGfOi2QWkF+T8dbihbJHJgYpPb7uEmJ2EOX0KHu9nlYGX4jxtql+M3yeOi3juaXH
hLFWqVn3FkQW7N4IV+bVTkYcxQg01rWqY/h7BvL88AiMoiUXhOvE5iAS4sJe+EVB
bDfRaLr1Ju1CXYm5B+Q9b2pU0SWAbBNlVxYGs+NOeBh9YzwdGTFW2l/S/VLLv0bE
hBYuLwOIs0BqrL4TWwlB1ucEikg+r3O7OZL8Dnw0mnBVBmQxKhl1p8dLcYtylG3B
aEIbN6wHQe03xYvAmaHDdG0kjPiwhOlpZ+YU3ux8F2YnENXm9J+25GMyTXqybKQl
ltTE4hHgRH2v
=n71X
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGTnhmkBDADUE+SzjRRyitIm1siGxiHlIlnn6KO4C4GfEuV+PNzqxvwYO+1r
mcKlGDU0ugo8ohXruAOC77Kwc4keVGNU89BeHvrYbIftz/yxEneuPsCbGnbDMIyC
k44UOetRtV9/59Gj5YjNqnsZCr+e5D/JfrHUJTTwKLv88A9eHKxskrlZr7Un7j3i
Ef3NChlOh2Zk9Wfk8IhAqMMTferU4iTIhQk+5fanShtXIuzBaxU3lkzFSG7VuAH4
CBLPWitKRMn5oqXUE0FZbRYL/6Qz0Gt6YCJsZbaQ3Am7FCwWCp9+ZHbR9yU+bkK0
Dts4PNx4Wr9CktHIvbypT4Lk2oJEPWjcCJQHqpPQZXbnclXRlK5Ea0NVpaQdGK+v
JS4HGxFFjSkvTKAZYgwOk93qlpFeDML3TuSgWxuw4NIDitvewudnaWzfl9tDIoVS
Bb16nwJ8bMDzovC/RBE14rRKYtMLmBsRzGYHWd0NnX+FitAS9uURHuFxghv9GFPh
eTaXvc4glM94HBUAEQEAAbQmR3JhZmFuYSBMYWJzIDxlbmdpbmVlcmluZ0BncmFm
YW5hLmNvbT6JAdQEEwEKAD4WIQS1Oud7rbYwpoMEYAWWP6J3EEWFRQUCZOeGaQIb
AwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCWP6J3EEWFRUiADACa
i+xytv2keEFJWjXNnFAx6/obnHRcXOI3w6nH/zL8gNI7YN5jcdQT2NYvKVYTb3fW
GuMsjHWgat5Gq3AtJrOKABpZ6qeYNPk0Axn/dKtOTwXjZ4pKX3bbUYvVfs0fCEZv
B0HHIj2wI9kgMpoTrkj22LE8layZTPOoQ+3/FbLzS8hN3CYZj25mHN7bpZq8EbV3
8FW9EU0HM0tg6CvoxkRiVqAuAC0KnVIZAdhD4dlYKuncq64nMvT1A5wxSYbnE+uf
mnWQQhhS6BOwRqN054yw1FrWNDFsvnOSHmr8dIiriv+aZYvx5JQFJ7oZP3LwdYyg
ocQcAJA8HFTIk3P6uJiIF/zdDzocgdKs+IYDoId0hxX7sGCvqdrsveq8n3m7uQiN
7FvSiV0eXIdV4F7340kc8EKiYwpuYSaZX0UWKLenzlUvD+W4pZCWtoXzPsW7PKUt
q1xdW0+NY+AGLCvSJCc5F4S5kFCObfBAYBbldjwwJFocdq/YOvvWYTPyV7kJeJS5
AY0EZOeGaQEMALNIFUricEIwtZiX7vSDjwxobbqPKqzdek8x3ud0CyYlrbGHy0k+
FDEXstjJQQ1s9rjJSu3sv5wyg9GDAUH3nzO976n/ZZvKPti3p2XU2UFx5gYkaaFV
D56yYxqGY0YU5ft6BG+RUz3iEPg3UBUzt0sCIYnG9+CsDqGOnRYIIa46fu2/H9Vu
8JvvSq9xbsK9CfoQDkIcoQOixPuI4P7eHtswCeYR/1LUTWEnYQWsBCf57cEpzR6t
7mlQnzQo9z4i/kp4S0ybDB77wnn+isMADOS+/VpXO+M7Zj5tpfJ6PkKch3SGXdUy
3zht8luFOYpJr2lVzp7n3NwB4zW08RptTzTgFAaW/NH2JjYI+rDvQm4jNs08Dtsp
nm4OQvBA9Df/6qwMEOZ9i10ixqk+55UpQFJ3nf4uKlSUM7bKXXVcD/odq804Y/K4
y3csE059YVIyaPexEvYSYlHE2odJWRg2Q1VehmrOSC8Qps3xpU7dTHXD74ZpaYbr
haViRS5v/lCsiwARAQABiQG8BBgBCgAmFiEEtTrne622MKaDBGAFlj+idxBFhUUF
AmTnhmkCGwwFCQPCZwAACgkQlj+idxBFhUUNbQv8DCcfi3GbWfvp9pfY0EJuoFJX
LNgci7z7smXq7aqDp2huYQ+MulnPAydjRCVW2fkHItF2Ks6l+2/8t5Xz0eesGxST
xTyR31ARENMXaq78Lq+itZ+usOSDNuwJcEmJM6CceNMLs4uFkX2GRYhchkry7P0C
lkLxUTiB43ooi+CqILtlNxH7kM1O4Ncs6UGZMXf2IiG9s3JDCsYVPkC5QDMOPkTy
2ZriF56uPerlJveF0dC61RZ6RlM3iSJ9Fwvea0Oy4rwkCcs5SHuwoDTFyxiyz0QC
9iqi3fG3iSbLvY9UtJ6X+BtDqdXLAT9Pq527mukPP3LwpEqFVyNQKnGLdLOu2YXc
TWWWseSQkHRzBmjD18KTD74mg4aXxEabyT4snrXpi5+UGLT4KXGV5syQO6Lc0OGw
9O/0qAIU+YW7ojbKv8fr+NB31TGhGYWASjYlN1NvPotRAK6339O0/Rqr9xGgy3AY
SR+ic2Y610IM7xccKuTVAW9UofKQwJZChqae9VVZ
=J9CI
-----END PGP PUBLIC KEY BLOCK-----

75
data/apt/files/gpg-keys/nodejs.asc
View file

@ -1,29 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
Comment: GPGTools - https://gpgtools.org
mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+
hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM W6DHY3kK3a+2bxrax9EqKe7uxkSKf95gfns+I9+R+RJfRpb1qvljURr54y35IZgs
Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32 fMG22Np+TmM2RLgdFCZa18h0+RbH9i0b+ZrB9XPZmLb/h9ou7SowGqQ3wwOtT3Vy
9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR qmif0A2GCcjFTqWW6TXaY8eZJ9BCEqW3k/0Cjw7K/mSy/utxYiUIvZNKgaG/P8U7
TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z 89QyvxeRxAf93YFAVzMXhoKxu12IuH4VnSwAfb8gQyxKRyiGOUwk0YoBPpqRnMmD
E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk Dl7SdmY3oQHEJzBelTMjTM8AjbB9mWoPBX5G8t4u47/FZ6PgdfmRg9hsKXhkLJc7
LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI C1btblOHNgDx19fzASWX+xOjZiKpP6MkEEzq1bilUFul6RDtxkTWsTa5TGixgCB/
AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc G2fK8I9JL/yQhDc6OGY9mjPOxMb5PgUlT8ox3v8wt25erWj9z30QoEBwfSg4tzLc
NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o Jq6N/iepQemNfo6Is+TG+JzI6vhXjlsBm/Xmz0ZiFPPObAH/vGCY5I6886vXQ7ft
xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk qWHYHT8jz/R4tigMGC+tvZ/kcmYBsLCCI5uSEP6JJRQQhHrCvOX0UaytItfsQfLm
Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4 EYRd2F72o1yGh3yvWWfDIBXRmaBuIGXGpajC0JyBGSOWb9UxMNZY/2LJEwARAQAB
hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg tB9Ob2RlU291cmNlIDxncGdAbm9kZXNvdXJjZS5jb20+iQI4BBMBAgAiBQJTmyS2
BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5 AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWVaCraFdigHTmD/9OKhUy
AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u jJ+h8gMRg6ri5EQxOExccSRU0i7UHktecSs0DVC4lZG9AOzBe+Q36cym5Z1di6JQ
JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu kHl69q3zBdV3KTW+H1pdmnZlebYGz8paG9iQ/wS9gpnSeEyx0Enyi167Bzm0O4A1
ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi GK0prkLnz/yROHHEfHjsTgMvFwAnf9uaxwWgE1d1RitIWgJpAnp1DZ5O0uVlsPPm
0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp XAhuBJ32mU8S5BezPTuJJICwBlLYECGb1Y65Cil4OALU7T7sbUqfLCuaRKxuPtcU
Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ VnJ6/qiyPygvKZWhV6Od0Yxlyed1kftMJyYoL8kPHfeHJ+vIyt0s7cropfiwXoka
YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb 1iJB5nKyt/eqMnPQ9aRpqkm9ABS/r7AauMA/9RALudQRHBdWIzfIg0Mlqb52yyTI
DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE IgQJHNGNX1T3z1XgZhI+Vi8SLFFSh8x9FeUZC6YJu0VXXj5iz+eZmk/nYjUt4Mtc
IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet pVsVYIB7oIDIbImODm8ggsgrIzqxOzQVP1zsCGek5U6QFc9GYrQ+Wv3/fG8hfkDn
y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao xXLww0OGaEQxfodm8cLFZ5b8JaG3+Yxfe7JkNclwvRimvlAjqIiW5OK0vvfHco+Y
x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2 gANhQrlMnTx//IdZssaxvYytSHpPZTYw+qPEjbBJOLpoLrz8ZafN1uekpAqQjffI
K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw AOqW9SdIzq/kSHgl0bzWbPJPw86XzzftewjKNbkCDQRTmyS2ARAAxSSdQi+WpPQZ
FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa fOflkx9sYJa0cWzLl2w++FQnZ1Pn5F09D/kPMNh4qOsyvXWlekaV/SseDZtVziHJ
=MARt Km6V8TBG3flmFlC3DWQfNNFwn5+pWSB8WHG4bTA5RyYEEYfpbekMtdoWW/Ro8Kmh
41nuxZDSuBJhDeFIp0ccnN2Lp1o6XfIeDYPegyEPSSZqrudfqLrSZhStDlJgXjea
JjW6UP6txPtYaaila9/Hn6vF87AQ5bR2dEWB/xRJzgNwRiax7KSU0xca6xAuf+TD
xCjZ5pp2JwdCjquXLTmUnbIZ9LGV54UZ/MeiG8yVu6pxbiGnXo4Ekbk6xgi1ewLi
vGmz4QRfVklV0dba3Zj0fRozfZ22qUHxCfDM7ad0eBXMFmHiN8hg3IUHTO+UdlX/
aH3gADFAvSVDv0v8t6dGc6XE9Dr7mGEFnQMHO4zhM1HaS2Nh0TiL2tFLttLbfG5o
QlxCfXX9/nasj3K9qnlEg9G3+4T7lpdPmZRRe1O8cHCI5imVg6cLIiBLPO16e0fK
yHIgYswLdrJFfaHNYM/SWJxHpX795zn+iCwyvZSlLfH9mlegOeVmj9cyhN/VOmS3
QRhlYXoA2z7WZTNoC6iAIlyIpMTcZr+ntaGVtFOLS6fwdBqDXjmSQu66mDKwU5Ek
fNlbyrpzZMyFCDWEYo4AIR/18aGZBYUAEQEAAYkCHwQYAQIACQUCU5sktgIbDAAK
CRAWVaCraFdigIPQEACcYh8rR19wMZZ/hgYv5so6Y1HcJNARuzmffQKozS/rxqec
0xM3wceL1AIMuGhlXFeGd0wRv/RVzeZjnTGwhN1DnCDy1I66hUTgehONsfVanuP1
PZKoL38EAxsMzdYgkYH6T9a4wJH/IPt+uuFTFFy3o8TKMvKaJk98+Jsp2X/QuNxh
qpcIGaVbtQ1bn7m+k5Qe/fz+bFuUeXPivafLLlGc6KbdgMvSW9EVMO7yBy/2JE15
ZJgl7lXKLQ31VQPAHT3an5IV2C/ie12eEqZWlnCiHV/wT+zhOkSpWdrheWfBT+ac
hR4jDH80AS3F8jo3byQATJb3RoCYUCVc3u1ouhNZa5yLgYZ/iZkpk5gKjxHPudFb
DdWjbGflN9k17VCf4Z9yAb9QMqHzHwIGXrb7ryFcuROMCLLVUp07PrTrRxnO9A/4
xxECi0l/BzNxeU1gK88hEaNjIfviPR/h6Gq6KOcNKZ8rVFdwFpjbvwHMQBWhrqfu
G3KaePvbnObKHXpfIKoAM7X2qfO+IFnLGTPyhFTcrl6vZBTMZTfZiC1XDQLuGUnd
sckuXINIU3DFWzZGr0QrqkuE/jyr7FXeUJj9B7cLo+s/TXo+RaVfi3kOc9BoxIvy
/qiNGs/TKy2/Ujqp/affmIMoMXSozKmga81JSwkADO1JMgUy6dApXz9kP4EE3g==
=CLGF
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

74
data/proftpd/files/home.paperless.conf
View file

@ -1,74 +0,0 @@
Include /etc/proftpd/modules.conf
UseIPv6 on
<IfModule mod_ident.c>
IdentLookups off
</IfModule>
ServerName "home.paperless"
ServerType standalone
DeferWelcome off
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
RequireValidShell off
Port 21
PassivePorts 49152 50192
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
<Anonymous /mnt/paperless/consume/>
User nobody
Group nogroup
UserAlias anonymous ftp
<Directory *>
AllowAll
</Directory>
</Anonymous>

34
data/ssl/_.home.kunbox.net.crt.pem
View file

@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDsDCCAzWgAwIBAgISBIi3muU9O51f4fWWUXJHNgRHMAoGCCqGSM49BAMDMDIx MIIDsDCCAzWgAwIBAgISBMRgrLMPa1cucom1daU3fmCaMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA5MDQxNjA1MThaFw0yNDEyMDMxNjA1MTdaMBoxGDAWBgNVBAMTD2hv NTAeFw0yNDA2MTExNDQyMzdaFw0yNDA5MDkxNDQyMzZaMBoxGDAWBgNVBAMTD2hv
bWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA5vskMN8tWHCOsv bWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABGlCPITmq729xoLb
aUojW+t8otSpRgcU0tLsONhzQ7GhG5tC5DQ5pN7HiG14eejONQE4hRWC4rkP/e47 DkSn6SYxnP7Mns9dBSqUv1WktnYjwbavlbXKN3Bz0yCGcXSCZA+Nq576DBK9L9X6
EVQd/rFK5m0lQesR68zogtW9KfQZUoINhlOuR4CxpBY1LrG5laOCAiQwggIgMA4G tTeIvqG1akyNxY+1eDK3vhH4FKmZE6oOyh1jqfG2LY7dvLYCQKOCAiQwggIgMA4G
A1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD A1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQU3iCazGKeVwzCa84zl+qckbspEmEwHwYDVR0j VR0TAQH/BAIwADAdBgNVHQ4EFgQUt6i+27R0AAj+AUgSNg3Gmm5GzLYwHwYDVR0j
BBgwFoAUkydGmAOpUWiOmNbEQkjbI79YlNIwVQYIKwYBBQUHAQEESTBHMCEGCCsG BBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vZTYuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 AQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9lNi5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5uZXSC Ly9lNS5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5uZXSC
D2hvbWUua3VuYm94Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB D2hvbWUua3VuYm94Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB
1nkCBAIEgfUEgfIA8AB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRu 1nkCBAIEgfUEgfIA8AB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7Wb
AAABkb3+C2AAAAQDAEcwRQIhAMwv6NjH3Ggd1WfeSVvyToVaM15glwfSJcAW8+40 AAABkAf3K9YAAAQDAEcwRQIhAPFpuj8ZoOmqhDNJDSuJ3BWyUuOUyY2QXjIVRHop
XbCKAiABUoDmQjhKi5VfwZ7e0WX5XjEmgBN2qTafK5RqlaCDJgB2AO7N0GTV2xrO dKyPAiAa2cwsyBFOjWOEYRCZ/7UgBA5axt8ZCrRYseefFwpvSQB2AN/hVuuqBa+1
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABkb3+C3IAAAQDAEcwRQIgU9sxMGOG nA+GcY2owDJOrlbZbqf1pWoB0cE7vlJcAAABkAf3LJ8AAAQDAEcwRQIhAL9+dxTj
aP3npu7vw3G9TiFRxuZRCI96My34WVSCOcsCIQDhDjS9QhJGtNT68Z0sx6DJCcco 34moGhk32PnQZg2+nVNiVxLxYjDL9fk1R+bXAiAA7EjWqcZgktinTpt1pVQMmuUn
L1AXGWwojxizcx48bTAKBggqhkjOPQQDAwNpADBmAjEA/SOZeiZrClB5EJlZFdQy FQ1IRh5AdycNn0lL2jAKBggqhkjOPQQDAwNpADBmAjEAubnofDBEyrcSJAiGxlqc
hrt2qh4HC5zvHdSLTWI4GAxDy8xRg/ANO6fp0Sb7Q7jdAjEAhiQgQfgUln08i/tv EpUndlnkT/irfl/As8EUt0KMSPhnV3i7oEq89bi0KDghAjEA+XHccaWUi7BJEoV7
3TGjVRIT/Y4A4QadodTROpfmFDH3QIsNwRPRhQUUSscBavK9 nCUOCct64mb2LmXkvYiFVicsV9ubp4kVbziWjLgng6TC3HoM
-----END CERTIFICATE----- -----END CERTIFICATE-----

36
data/ssl/_.home.kunbox.net.crt_intermediate.pem
View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL 2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH 6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
Ig46v9mFmBvyH04= VQD9F6Na/+zmXCc=
-----END CERTIFICATE----- -----END CERTIFICATE-----

2
data/ssl/_.home.kunbox.net.key.pem.vault
View file

@ -1 +1 @@
encrypt$gAAAAABm2JL0vVqh3Zut-a1Gfn8iOtDZS8aBpGobV3-d3u8My0MPunYmbQ6kXUAw7U0Bu87AAPXNsmi1pxrxcu8vXvhw4uM445WwKj-UqaV5fmk-ZasHGq-O6K52YqEgK6wo-9u_sOBubbwJSwFVaHxT3gczLW_GVRHhFIFGgdnRlz4YoAz4NXcos_uNO9GMEOGhfGx9e2c2GOIg64vXkj_1LjXEDoV9HYMzy-2wLt4A6q-ZiZwCoKl8-lt8sY_rLk_yfmy3sMvzqg8JaE7T4sunmXDdf4HQlnvl_cu1uW33Rrsq4-080HKx6rKNsZQGhWD2yls016xBAYZvQbDjHd6-7bld1bs5RUF5tfEC3Kx567TBdMaf5C7-PnNB7O_MC4I6SkmUElGRdYyCHuP5HXf9dKtiGCtjHyfEzqTBrcI0xPt631_IGPWMNId7zyLqfLHpMFTPS9jgGVKoT1TXwKe4NSHaGxXO-A== encrypt$gAAAAABmaHBwHXKZDN_8bEa47lNIX25-wvvW1RcC689Hod4HAsY2tT6fd9k7zdnbK8KWedRNopdRIlhQUkU0xBVh5J5maiYfn5R8Kp_VpkXiWY0LVY3XMWjB4oHmU29VEbl490oesAhUUH6hb7lwfvsbV4WTM_7aL0_sPfF1udxO89gg-9z2nbl-7zmTdSBY651fZQngd4SlwK17N1fedkHgYamGLdgE10oPZiRsOJKrUGv-Pxi4ICQ7J_AF6bO05PyZkeNqqUP19g2f5EsKNnT0bxQHCP5sbofvYzli-fU2bW-leuvm-VU8lV27t39lQZyF-WcWnB7626w0semrg7cCJ4qoHJVekEFWzJBLhagSNdCDWHAwdV2_MHzSgbXvyXz0maga8-1wBoa8Ueinp2oPQMPaUsVzy6NVX7mAsB6Rw9CXDSEf8WPSKWaz7324qhxKmhMHt0r68z0qM28mHb98F_vbS6geCw==

6
groups/locations.py
View file

@ -61,9 +61,6 @@ groups['home'] = {
} }
groups['sophie'] = { groups['sophie'] = {
'supergroups': {
'linux',
},
'member_patterns': { 'member_patterns': {
r"sophie\..*", r"sophie\..*",
}, },
@ -71,9 +68,6 @@ groups['sophie'] = {
'icinga_options': { 'icinga_options': {
'exclude_from_monitoring': True, 'exclude_from_monitoring': True,
}, },
'backup-client': {
'target': 'htz-hel.backup-sophie',
},
'users': { 'users': {
'sophie': {}, 'sophie': {},
}, },

2
libs/s2s.py
View file

@ -17,7 +17,7 @@ WG_AUTOGEN_NODES = [
'home.router', 'home.router',
'htz-cloud.wireguard', 'htz-cloud.wireguard',
'icinga2', 'icinga2',
None, # daisy 'daisy',
] ]
WG_AUTOGEN_SETTINGS = { WG_AUTOGEN_SETTINGS = {

29
nodes/carlene.toml
View file

@ -40,7 +40,7 @@ imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
[metadata.element-web] [metadata.element-web]
url = "chat.franzi.business" url = "chat.franzi.business"
version = "v1.11.78" version = "v1.11.69"
[metadata.element-web.config] [metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business" default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
default_server_config.'m.homeserver'.server_name = "franzi.business" default_server_config.'m.homeserver'.server_name = "franzi.business"
@ -49,8 +49,8 @@ defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net" jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.forgejo] [metadata.forgejo]
version = "8.0.3" version = "7.0.4"
sha1 = "a19aa24f26c1ff5a38cf12619b6a6064242d0cf2" sha1 = "2ca8a4b6d9abae666b84a3b03a5c017f4a774651"
domain = "git.franzi.business" domain = "git.franzi.business"
enable_git_hooks = true enable_git_hooks = true
install_ssh_key = true install_ssh_key = true
@ -59,7 +59,7 @@ lfs_secret_key = "!decrypt:encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76kl
oauth_secret_key = "!decrypt:encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz" oauth_secret_key = "!decrypt:encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz"
security_secret_key = "!decrypt:encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4=" security_secret_key = "!decrypt:encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4="
[metadata.interfaces.'eno*'] [metadata.interfaces.eno2]
ips = [ ips = [
"193.135.9.29/24", "193.135.9.29/24",
"2a0a:51c0:0:225::2/64", "2a0a:51c0:0:225::2/64",
@ -70,13 +70,12 @@ gateway6 = "2a0a:51c0:0:225::1"
[metadata.matrix-media-repo] [metadata.matrix-media-repo]
admins = ["@kunsi:franzi.business"] admins = ["@kunsi:franzi.business"]
datastore_id = "3fff5da324ed784c771d638bb6be5917" datastore_id = "3fff5da324ed784c771d638bb6be5917"
sha1 = "3e2bb7089b0898b86000243a82cc58ae998dc9d9" sha1 = "55d353b472894547c61b11567089eb2cf40ce5ba"
upload_max_mb = 500 upload_max_mb = 500
version = "v1.3.7" version = "v1.3.4"
[metadata.matrix-media-repo.homeservers.'franzi.business'] [metadata.matrix-media-repo.homeservers.'franzi.business']
api = "synapse" api = "synapse"
domain = "http://[::1]:20080/" domain = "http://[::1]:20080/"
signing_key_path = "/etc/matrix-synapse/mmr.signing.key"
[metadata.matrix-stickerpicker] [metadata.matrix-stickerpicker]
# use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q # use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q
@ -90,7 +89,7 @@ user_id = "@dimension:franzi.business"
admin_contact = "mailto:hostmaster@kunbox.net" admin_contact = "mailto:hostmaster@kunbox.net"
baseurl = "matrix.franzi.business" baseurl = "matrix.franzi.business"
server_name = "franzi.business" server_name = "franzi.business"
trusted_key_servers = ["matrix.org", "161.rocks"] trusted_key_servers = ["matrix.org", "finallycoffee.eu"]
additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net" additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net"
wellknown_also_on_vhosts = ["franzi.business"] wellknown_also_on_vhosts = ["franzi.business"]
[metadata.matrix-synapse.sliding_sync] [metadata.matrix-synapse.sliding_sync]
@ -99,7 +98,7 @@ sha1 = "cecb371ff5f1dd528cfc490484a0967dcc28cd82"
secret = "!decrypt:encrypt$gAAAAABl9yJlbEZafJ2mumtg03rW0-440NIgFcgdWGMo3Axrypugwctacy9Cq7MYtCBGjnDyNvVLI5B2QMJ9ssCD46NCsFRN3-X4u9rDtxPhRZV7rls_LQ_Csc_GsffJfvpmHbn_wsljd3I74h4ouWlYhhEQUIKwb3eErSZ_VTZhu_bC4jTa0FY=" secret = "!decrypt:encrypt$gAAAAABl9yJlbEZafJ2mumtg03rW0-440NIgFcgdWGMo3Axrypugwctacy9Cq7MYtCBGjnDyNvVLI5B2QMJ9ssCD46NCsFRN3-X4u9rDtxPhRZV7rls_LQ_Csc_GsffJfvpmHbn_wsljd3I74h4ouWlYhhEQUIKwb3eErSZ_VTZhu_bC4jTa0FY="
[metadata.mautrix-telegram] [metadata.mautrix-telegram]
version = "v0.15.2" version = "v0.15.1"
homeserver.domain = "franzi.business" homeserver.domain = "franzi.business"
homeserver.url = "https://matrix.franzi.business" homeserver.url = "https://matrix.franzi.business"
telegram.api_id = "!decrypt:encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ==" telegram.api_id = "!decrypt:encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=="
@ -114,8 +113,8 @@ provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4g
"'@kunsi:franzi.business'" = "admin" "'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp] [metadata.mautrix-whatsapp]
version = "v0.10.9" version = "v0.10.7"
sha1 = "1619579ec6b9fca84fec085a94842d309d3f730c" sha1 = "7ebfadc247c3fb4c6c9503f7c48234fcc976cadf"
permissions."'@kunsi:franzi.business'" = "admin" permissions."'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp.homeserver] [metadata.mautrix-whatsapp.homeserver]
domain = "franzi.business" domain = "franzi.business"
@ -126,7 +125,7 @@ domain = "rss.franzi.business"
[metadata.netbox] [metadata.netbox]
domain = "netbox.franzi.business" domain = "netbox.franzi.business"
version = "v4.1.2" version = "v4.0.5"
admins.kunsi = "hostmaster@kunbox.net" admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud] [metadata.nextcloud]
@ -136,10 +135,6 @@ domain = "warnochwas.de"
contact = "mailto:security@kunsmann.eu" contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc" Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"
[metadata.nginx.vhosts.'afra.berlin'.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302
[metadata.nginx.vhosts.forgejo] [metadata.nginx.vhosts.forgejo]
domain_aliases = ["git.kunsmann.eu"] domain_aliases = ["git.kunsmann.eu"]
@ -260,7 +255,7 @@ disks = [
] ]
[metadata.travelynx] [metadata.travelynx]
version = "2.8.40" version = "2.6.9"
mail_from = "travelynx@franzi.business" mail_from = "travelynx@franzi.business"
domain = "travelynx.franzi.business" domain = "travelynx.franzi.business"

23
nodes/daisy.toml Normal file
View file

@ -0,0 +1,23 @@
hostname = "2a11:f2c0:3:4::120"
bundles = [
"bird",
"wireguard",
]
groups = [
"debian-bookworm",
]
[metadata]
location = "glauca"
nameservers = [
"2606:4700::1111",
"2606:4700:4700::1001",
]
backups.exclude_from_backups = true
icinga_options.period = "daytime"
[metadata.interfaces.ens18]
ips = [
"2a11:f2c0:3:4::120/64",
]
gateway6 = "fe80::220:91ff:fe45:e19e"

9
nodes/home.appletv-wohnzimmer.toml
View file

@ -1,9 +0,0 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.73"]
dhcp = true
mac = "c0:95:6d:5e:82:47"
[metadata.icinga_options]
exclude_from_monitoring = true

2
nodes/home.encoder96.toml → nodes/home.ejgwdesk.toml
View file

@ -3,7 +3,7 @@ dummy = true
[metadata.interfaces.default] [metadata.interfaces.default]
ips = ["172.19.138.99"] ips = ["172.19.138.99"]
dhcp = true dhcp = true
mac = "6c:4b:90:5c:e3:6d" mac = "54:04:A6:EF:A8:01"
[metadata.icinga_options] [metadata.icinga_options]
exclude_from_monitoring = true exclude_from_monitoring = true

9
nodes/home.fujitsu-n7100.toml
View file

@ -1,9 +0,0 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.75"]
dhcp = true
mac = "00:01:29:59:a9:8c"
[metadata.icinga_options]
exclude_from_monitoring = true

5
nodes/home.hass.toml
View file

@ -6,9 +6,6 @@ bundles = [
] ]
groups = ["debian-bookworm"] groups = ["debian-bookworm"]
[metadata.icinga_options]
also_affected_by = ['home.nas']
[metadata.interfaces.enp1s0] [metadata.interfaces.enp1s0]
ips = [ ips = [
"172.19.138.25/24", "172.19.138.25/24",
@ -22,7 +19,7 @@ ram = 2
[metadata.homeassistant] [metadata.homeassistant]
domain = 'hass.home.kunbox.net' domain = 'hass.home.kunbox.net'
api_secret = '!decrypt:encrypt$gAAAAABm9lNg_mNhyzb4S6WRtVRDmQFBnPpoCwyqMnilRrAFUXc-EDvv-nYXPbSIbjTf7ZReTPtqr8k3WrGPqiuqhJ60LVv4A5DMqT5c6hTVr4WbhP4DPEIPgfd5aq6U9_-H9WDyQYHKjnunLJEYtEREzmhTq3XsYeQ05DyE7hfnQ-zVoBb0CsAK7GdhihRTdvhXv2N9M04_rigyBP-roRcUgCqwyHuWJc0IPAyn3R4Mr43ZqgR2fn6dNV_YUVKn9c0nWxIwRnYy6Ff_Te9NoGVmXxkiNUX-90bBLKFiCzrRAtizxrTiQb2SRipaWbgOlV6wbMy2KNux' api_secret = 'encrypt$gAAAAABjpyuqXLoilokQW5c0zV8shHcOzN1zkEbS-I6WAAX-xDO_OF33YbjbkpELU2HGBzqiWX40J0hsaEbYJOnCHFk8gJ-Xt0vdqqbQ5vca_TGPNQHZPAS4qZoPTcUhmX_I-0EdT6ukhxejXFYBiYRZikTLjH3lcNM5qnckCm-H9NbRdjLb9hbCDIjbEglHmBl_g08S1_ukvX3dDSCIHIxgXXGsdK_Go1KxPJd8G22FL_MMhCfsTW-6ioIqoHSeSA1NGk3MZHEIM2errckiopKBxoBaROsacO9Uqk1zrrgXOs2NsgiTRtrbV1TNlFVaIX9mZdsUnMGZ'
[metadata.nginx] [metadata.nginx]
restrict-to = [ restrict-to = [

6
nodes/home.r630-ipmi.toml
View file

@ -1,6 +0,0 @@
dummy = true
[metadata.interfaces.eth0]
ips = ["172.19.138.23"]
dhcp = true
mac = "50:9a:4c:ad:f9:c4"

26
nodes/home.r630.toml
View file

@ -1,26 +0,0 @@
hostname = "172.19.138.22"
groups = ["debian-bookworm"]
[metadata]
icinga_options.exclude_from_monitoring = true
[metadata.interfaces.eno3]
ips = [
"172.19.138.22/24",
]
gateway4 = "172.19.138.1"
ipv6_accept_ra = true
[metadata.nftable.forward]
50-local-forward = [
'ct state { related, established } accept',
'iifname eno3 accept',
'ip6 nexthdr ipv6-icmp accept',
]
[metadata.users.molly]
password = "!decrypt:dummy$no"
[metadata.vm]
cpu = 56
ram = 128

3
nodes/home.winkeeinhorn-vm.toml
View file

@ -1,8 +1,5 @@
dummy = true dummy = true
[metadata.icinga_options]
also_affected_by = ['home.nas']
[metadata.interfaces.default] [metadata.interfaces.default]
ips = ["172.19.138.10"] ips = ["172.19.138.10"]
dhcp = true dhcp = true

5
nodes/home/downloadhelper.py
View file

@ -8,11 +8,6 @@ nodes['home.downloadhelper'] = {
'debian-bullseye', 'debian-bullseye',
}, },
'metadata': { 'metadata': {
'icinga_options': {
'also_affected_by': {
'home.nas',
},
},
'interfaces': { 'interfaces': {
'enp1s0.3001': { 'enp1s0.3001': {
'dhcp': True, 'dhcp': True,

147
nodes/home/nas.py
View file

@ -11,7 +11,7 @@ nodes['home.nas'] = {
'mosquitto', 'mosquitto',
'nfs-server', 'nfs-server',
'rsyslogd', 'rsyslogd',
'samba', 'scansnap',
'smartd', 'smartd',
'vmhost', 'vmhost',
'zfs', 'zfs',
@ -69,17 +69,21 @@ nodes['home.nas'] = {
}, },
'dm-crypt': { 'dm-crypt': {
'encrypted-devices': { 'encrypted-devices': {
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K': { '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06JV7-part1': {
'dm-name': 'sam-S5SSNJ0X409404K', 'dm-name': 'sg-ZVV06JV7-1',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409404K'), 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06JV7-1'),
}, },
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F': { '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06JV7-part2': {
'dm-name': 'sam-S5SSNJ0X409845F', 'dm-name': 'sg-ZVV06JV7-2',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409845F'), 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06JV7-2'),
}, },
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J': { '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06SLR-part1': {
'dm-name': 'sam-S5SSNJ0X409870J', 'dm-name': 'sg-ZVV06SLR-1',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409870J'), 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06SLR-1'),
},
'/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06SLR-part2': {
'dm-name': 'sg-ZVV06SLR-2',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06SLR-2'),
}, },
}, },
}, },
@ -112,12 +116,9 @@ nodes['home.nas'] = {
}, },
}, },
}, },
'mixcloud-downloader': { 'jellyfin': {
'netrc': { 'restrict-to': {
'soundcloud': { 'home.lgtv-wohnzimmer',
'username': 'oauth',
'password': bwpass.attr('soundcloud.com/hi@kunsmann.eu', 'oauth_token'),
},
}, },
}, },
'mosquitto': { 'mosquitto': {
@ -160,6 +161,9 @@ nodes['home.nas'] = {
'/srv/paperless': { '/srv/paperless': {
'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check', 'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
}, },
'/srv/scansnap': {
'172.19.138.0/24': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
},
}, },
}, },
'nginx': { 'nginx': {
@ -175,25 +179,17 @@ nodes['home.nas'] = {
'home', 'home',
}, },
}, },
'samba': {
'shares': {
'music': {
'path': '/storage/nas/Musik',
'force_group': 'nas',
},
},
'restrict-to': {
'172.19.138.0/24',
},
},
'smartd': { 'smartd': {
'disks': { 'disks': {
'/dev/nvme0', '/dev/nvme0',
# encrypted disks # encrypted disks
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K', '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06JV7',
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F', '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06SLR',
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J',
# ZFS cache disks
#'/dev/disk/by-id/ata-TS64GSSD370_B807810503',
#'/dev/disk/by-id/ata-TS64GSSD370_B807810527',
}, },
}, },
'systemd-networkd': { 'systemd-networkd': {
@ -208,11 +204,6 @@ nodes['home.nas'] = {
'br0.1138', 'br0.1138',
}, },
}, },
'br1139': {
'match': {
'br0.1139',
},
},
}, },
}, },
'systemd-timers': { 'systemd-timers': {
@ -262,6 +253,20 @@ nodes['home.nas'] = {
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
}, },
}, },
# {
# 'type': 'log',
# 'devices': {
# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part1',
# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part1',
# },
# },
# {
# 'type': 'cache',
# 'devices': {
# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part2',
# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part2',
# },
# },
], ],
'ashift': 12, 'ashift': 12,
}, },
@ -269,21 +274,31 @@ nodes['home.nas'] = {
'encrypted': { 'encrypted': {
'when_creating': { 'when_creating': {
'config': [ 'config': [
# These are new and fancy "dual actuator"
# drives, partitioned into two partitions
# taking 50% of the disk each.
{ {
'type': 'raidz', 'type': 'mirror',
'devices': { 'devices': {
'/dev/mapper/sam-S5SSNJ0X409404K', '/dev/mapper/sg-ZVV06JV7-1',
'/dev/mapper/sam-S5SSNJ0X409845F', '/dev/mapper/sg-ZVV06SLR-1',
'/dev/mapper/sam-S5SSNJ0X409870J', },
},
{
'type': 'mirror',
'devices': {
'/dev/mapper/sg-ZVV06JV7-2',
'/dev/mapper/sg-ZVV06SLR-2',
}, },
}, },
], ],
'ashift': 12, 'ashift': 12
}, },
'needs': { 'needs': {
'action:dm-crypt_open_sam-S5SSNJ0X409404K', 'action:dm-crypt_open_sg-ZVV06JV7-1',
'action:dm-crypt_open_sam-S5SSNJ0X409845F', 'action:dm-crypt_open_sg-ZVV06JV7-2',
'action:dm-crypt_open_sam-S5SSNJ0X409870J', 'action:dm-crypt_open_sg-ZVV06SLR-1',
'action:dm-crypt_open_sg-ZVV06SLR-2',
}, },
# see comment in bundle:backup-server # see comment in bundle:backup-server
'unless': 'zpool import encrypted', 'unless': 'zpool import encrypted',
@ -293,17 +308,11 @@ nodes['home.nas'] = {
'encrypted': { 'encrypted': {
'primarycache': 'metadata', 'primarycache': 'metadata',
}, },
'encrypted/download': {
'mountpoint': '/media/download',
},
'encrypted/nas': { 'encrypted/nas': {
'acltype': 'off', 'acltype': 'off',
'atime': 'off', 'atime': 'off',
'compression': 'off', 'compression': 'off',
'mountpoint': '/storage/nas', 'mountpoint': '/media/nas',
},
'encrypted/paperless': {
'mountpoint': '/media/paperless',
}, },
'storage': { 'storage': {
'primarycache': 'metadata', 'primarycache': 'metadata',
@ -311,38 +320,28 @@ nodes['home.nas'] = {
'storage/opt-yate': { 'storage/opt-yate': {
'mountpoint': '/opt/yate', 'mountpoint': '/opt/yate',
}, },
'storage/f2k1de': {
'mountpoint': '/storage/f2k1de',
},
'storage/download': { 'storage/download': {
'mountpoint': '/storage/download', 'mountpoint': '/storage/download',
}, },
'storage/inbox': {
'quota': str(1024*1024*1024*1024), # 1TB
'mountpoint': '/storage/inbox',
},
'storage/nas': { 'storage/nas': {
'acltype': 'off', 'mountpoint': '/storage/nas',
'atime': 'off',
'compression': 'off',
'mountpoint': '/media/nas_old',
}, },
'storage/paperless': { 'storage/paperless': {
'mountpoint': '/srv/paperless', 'mountpoint': '/srv/paperless',
}, },
'storage/scan': {
'mountpoint': '/srv/scansnap',
},
}, },
'snapshots': { 'snapshots': {
'retain_per_dataset': { 'retain_per_dataset': {
'encrypted/download': {
'hourly': 6,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
'encrypted/nas': {
# juuuuuuuust to be sure.
'daily': 14,
'weekly': 6,
'monthly': 12,
},
'encrypted/paperless': {
'daily': 14,
'weekly': 6,
'monthly': 24,
},
'storage/download': { 'storage/download': {
'hourly': 48, 'hourly': 48,
'daily': 0, 'daily': 0,
@ -360,6 +359,12 @@ nodes['home.nas'] = {
'weekly': 6, 'weekly': 6,
'monthly': 24, 'monthly': 24,
}, },
'storage/scan': {
'hourly': 6,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
}, },
}, },
}, },

13
nodes/home/paperless.py
View file

@ -6,18 +6,12 @@ nodes['home.paperless'] = {
'redis', 'redis',
'postgresql', 'postgresql',
'paperless-ng', 'paperless-ng',
'proftpd',
}, },
'groups': { 'groups': {
'debian-bookworm', 'debian-bookworm',
'webserver', 'webserver',
}, },
'metadata': { 'metadata': {
'icinga_options': {
'also_affected_by': {
'home.nas',
},
},
'interfaces': { 'interfaces': {
'enp1s0': { 'enp1s0': {
'ips': { 'ips': {
@ -48,17 +42,12 @@ nodes['home.paperless'] = {
}, },
'paperless': { 'paperless': {
'domain': 'paperless.home.kunbox.net', 'domain': 'paperless.home.kunbox.net',
'version': 'v2.12.1', 'version': 'v2.10.0',
'timezone': 'Europe/Berlin', 'timezone': 'Europe/Berlin',
}, },
'postgresql': { 'postgresql': {
'version': 15, 'version': 15,
}, },
'proftpd': {
'restrict-to': {
'home.fujitsu-n7100',
},
},
'vm': { 'vm': {
'cpu': 2, 'cpu': 2,
'ram': 2, 'ram': 2,

99
nodes/htz-cloud.afra.toml Normal file
View file

@ -0,0 +1,99 @@
hostname = "91.107.203.234"
bundles = [
"element-web",
"matrix-media-repo",
"matrix-registration",
"matrix-synapse",
"nodejs",
"postgresql",
"zfs",
]
groups = [
"debian-bookworm",
"webserver",
]
[metadata.icinga_options]
pretty_name = "afra.berlin"
[metadata.interfaces.eth0]
ips = [
"91.107.203.234/32",
"2a01:4f8:c010:b0e1::1/64",
]
gateway4 = '172.31.1.1'
gateway6 = 'fe80::1'
[metadata.interfaces.ens10]
ips = [
"172.19.137.7/32",
]
routes.'172.19.128.0/20'.via = "172.19.137.1"
[metadata.element-web]
url = "element.afra.berlin"
version = "v1.11.69"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.afra.berlin"
default_server_config.'m.homeserver'.server_name = "afra.berlin"
brand = "afra.berlin"
defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.matrix-media-repo]
admins = ['@administress:afra.berlin']
datastore_id = "e33b50474021fba9977f912414cdd7fe8890ed57"
sha1 = "55d353b472894547c61b11567089eb2cf40ce5ba"
upload_max_mb = 50
version = "v1.3.4"
[metadata.matrix-media-repo.homeservers.'afra.berlin']
domain = "http://[::1]:20080/"
api = "synapse"
[metadata.matrix-registration]
base_path = "/matrix"
client_redirect = "https://element.afra.berlin"
[metadata.matrix-synapse]
server_name = "afra.berlin"
baseurl = "matrix.afra.berlin"
admin_contact = 'mailto:hostmaster@kunbox.net'
trusted_key_servers = [
"matrix.org",
"franzi.business",
]
wellknown_also_on_vhosts = ["redirect"]
[metadata.nginx.vhosts.redirect]
domain = "afra.berlin"
[metadata.nginx.vhosts.redirect.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/host-meta']
#redirect = "https://fedi.afra.berlin/.well-known/host-meta"
#mode = 301
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/nodeinfo']
#redirect = "https://fedi.afra.berlin/.well-known/nodeinfo"
#mode = 301
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/webfinger']
#redirect = "https://fedi.afra.berlin/.well-known/webfinger"
#mode = 301
[metadata.nginx.vhosts.redirect.locations.'/matrix/']
target = "http://127.0.0.1:20100/"
[metadata.postgresql]
version = "15"
work_mem = 1024
cache_size = 2048
[[metadata.zfs.pools.tank.when_creating.config]]
devices = ["/dev/disk/by-id/scsi-0HC_Volume_32207877"]
[metadata.vm]
cpu = 2
ram = 8

17
nodes/htz-hel/backup-kunsi.py
View file

@ -32,9 +32,22 @@ nodes['htz-hel.backup-kunsi'] = {
'encrypted-devices': { 'encrypted-devices': {
'/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1': bwpass.password('bw/backup-kunsi/encryption-passphrase'), '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1': bwpass.password('bw/backup-kunsi/encryption-passphrase'),
}, },
'clients': {
'kunsi-t470': {
'user': 'kunsi-t470',
'exclude_from_monitoring': True,
'retain': {
'daily': 30,
'weekly': 6,
'monthly': 12,
},
},
},
}, },
'zfs': { 'openssh': {
'scrub_when': 'Wed 08:00 Europe/Berlin', 'allowed_users': {
'kunsi-t470', # backup user
},
}, },
}, },
} }

11
nodes/htz-hel/proxmox-backupstorage.toml
View file

@ -1,6 +1,5 @@
hostname = "2a01:4f9:6b:2d99::c0ff:ee" hostname = "2a01:4f9:6b:2d99::c0ff:ee"
#dummy = true dummy = true
bundles = ["sshmon", "smartd"]
# How to install: # How to install:
# - Get server at Hetzner (no IPv4) # - Get server at Hetzner (no IPv4)
@ -18,11 +17,3 @@ bundles = ["sshmon", "smartd"]
# - IPv6 only # - IPv6 only
# - IP from the /64 hetzner gives us # - IP from the /64 hetzner gives us
# - Gateway is the host itself, to work around the MAC filter hetzner uses # - Gateway is the host itself, to work around the MAC filter hetzner uses
[metadata.smartd]
disks = [
"/dev/sda",
"/dev/sdb",
"/dev/sdc",
"/dev/sdd",
]

2
nodes/kunsi-p14s.py
View file

@ -101,7 +101,7 @@ nodes['kunsi-p14s'] = {
'apachedirectorystudio': {}, 'apachedirectorystudio': {},
'claws-mail': {}, 'claws-mail': {},
'claws-mail-themes': {}, 'claws-mail-themes': {},
'ferdium-bin': {}, 'ferdi-bin': {},
'gumbo-parser': {}, # for claws litehtml 'gumbo-parser': {}, # for claws litehtml
'inkstitch': {}, # for RZL embroidery machine 'inkstitch': {}, # for RZL embroidery machine
'obs-studio': {}, 'obs-studio': {},

8
nodes/ns-mephisto.toml
View file

@ -11,11 +11,11 @@ groups = [
[metadata.interfaces.ens192] [metadata.interfaces.ens192]
ips = [ ips = [
"82.165.52.168/32", "82.165.52.168",
"2a01:239:31c:9b00::1/80" "2001:8d8:1801:7d4::1/64",
] ]
gateway4 = "82.165.52.1" gateway4 = "10.255.255.1"
gateway6 = "fe80::1" gateway6 = "fe80::250:56ff:fea8:628f"
[metadata.nginx.vhosts.powerdnsadmin] [metadata.nginx.vhosts.powerdnsadmin]
domain = "ns-mephisto.kunbox.net" domain = "ns-mephisto.kunbox.net"

40
nodes/rottenraptor-stromdisplay.toml
View file

@ -1,40 +0,0 @@
hostname = "192.168.1.252"
os = "debian"
os_version = [12,]
bundles = [
"apt",
"basic",
"kernel-modules",
"openssh",
"raspberrypi",
"sdm630_mqtt",
"sudo",
"sysctl",
"systemd",
"systemd-networkd",
"users",
]
[metadata.apt.unattended-upgrades]
enabled = false
[metadata.icinga_options]
exclude_from_monitoring = true
[metadata.interfaces.eth0]
ips = [
"192.168.1.252/24",
]
dhcp = true
[metadata.raspberrypi]
enable_display = true
[metadata.sdm630_mqtt]
enable_stats_collection = false
enable_local_printout = true
config.mqtt.host = "192.168.1.253"
[metadata.users.kutscher]
password = "!decrypt:encrypt$gAAAAABmqQgvrVuPqFJWJSu8Yxd9NV4ppo5STfCPFqUWn0KepLRdFCktEMla0EJPPxZR5HbNnD6K2Vp-c63raeWwahFUT24SUrAoBFeWfToYWaRDi5WeXJU="
sudo_commands = ["ALL"]

46
nodes/rottenraptor-stromzaehler.toml
View file

@ -1,46 +0,0 @@
hostname = "192.168.1.253"
os = "debian"
os_version = [12,]
bundles = [
"apt",
"basic",
"kernel-modules",
"mosquitto",
"openssh",
"raspberrypi",
"sdm630_mqtt",
"sudo",
"sysctl",
"systemd",
"systemd-networkd",
"telegraf",
"users",
]
[metadata.apt.unattended-upgrades]
enabled = false
[metadata.icinga_options]
exclude_from_monitoring = true
[metadata.interfaces.eth0]
ips = [
"192.168.1.253/24",
]
dhcp = true
[metadata.sdm630_mqtt]
enable_local_printout = true
config.modbus.host = "192.168.1.254"
config.modbus.port = 4196
config.telegraf.identifier = 'rottenraptor_truck'
[metadata.sysctl.options]
'net.ipv6.conf.all.disable_ipv6' = '1'
[metadata.telegraf]
collect_default_metrics = false
[metadata.users.kutscher]
password = "!decrypt:encrypt$gAAAAABmqQgvrVuPqFJWJSu8Yxd9NV4ppo5STfCPFqUWn0KepLRdFCktEMla0EJPPxZR5HbNnD6K2Vp-c63raeWwahFUT24SUrAoBFeWfToYWaRDi5WeXJU="
sudo_commands = ["ALL"]

12
nodes/sophie/miniserver.py
View file

@ -54,6 +54,7 @@ nodes['htz-cloud.miniserver'] = {
'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \ 'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \
'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n', 'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
}, },
'target': "htz-hel.backup-sophie",
}, },
'backups': { 'backups': {
'paths': { 'paths': {
@ -62,7 +63,7 @@ nodes['htz-cloud.miniserver'] = {
}, },
'element-web': { 'element-web': {
'url': 'chat.sophies-kitchen.eu', 'url': 'chat.sophies-kitchen.eu',
'version': 'v1.11.76', 'version': 'v1.11.69',
'config': { 'config': {
'default_server_config': { 'default_server_config': {
'm.homeserver': { 'm.homeserver': {
@ -110,14 +111,13 @@ nodes['htz-cloud.miniserver'] = {
}, },
}, },
'matrix-media-repo': { 'matrix-media-repo': {
'version': 'v1.3.7', 'version': 'v1.3.4',
'datastore_id': '99c09e24edc4e9be6c4c9486bc147e385bc87044', 'datastore_id': '99c09e24edc4e9be6c4c9486bc147e385bc87044',
'sha1': '3e2bb7089b0898b86000243a82cc58ae998dc9d9', 'sha1': '55d353b472894547c61b11567089eb2cf40ce5ba',
'homeservers': { 'homeservers': {
'sophies-kitchen.eu': { 'sophies-kitchen.eu': {
'domain': 'http://[::1]:20080/', 'domain': 'http://[::1]:20080/',
'api': 'synapse', 'api': 'synapse',
'signing_key_path': "/etc/matrix-synapse/mmr.signing.key"
}, },
}, },
'admins': { 'admins': {
@ -143,7 +143,7 @@ nodes['htz-cloud.miniserver'] = {
}, },
}, },
'mautrix-telegram': { 'mautrix-telegram': {
'version': 'v0.15.2', 'version': 'v0.15.1',
'homeserver': { 'homeserver': {
'domain': 'sophies-kitchen.eu', 'domain': 'sophies-kitchen.eu',
'url': 'https://matrix.sophies-kitchen.eu', 'url': 'https://matrix.sophies-kitchen.eu',
@ -205,7 +205,7 @@ nodes['htz-cloud.miniserver'] = {
}, },
}, },
'nodejs': { 'nodejs': {
'version': 20, 'version': 18,
}, },
'ntfy': { 'ntfy': {
'domain': 'ntfy.sophies-kitchen.eu', 'domain': 'ntfy.sophies-kitchen.eu',

2
nodes/sophie/vmhost.py
View file

@ -53,7 +53,7 @@ nodes['sophie.vmhost'] = {
'bridges': { 'bridges': {
'br0': { 'br0': {
'match': { 'match': {
'eno1', 'eno2',
}, },
}, },
'br1': { 'br1': {

42
nodes/voc/infobeamer-cms.py
View file

@ -1,12 +1,12 @@
nodes['voc.infobeamer-cms'] = { nodes['voc.infobeamer-cms'] = {
'hostname': 'infobeamer.c3voc.de', 'hostname': 'infobeamer-cms.c3voc.de',
'bundles': { 'bundles': {
'infobeamer-cms', 'infobeamer-cms',
'infobeamer-monitor', 'infobeamer-monitor',
'redis', 'redis',
}, },
'groups': { 'groups': {
'debian-bookworm', 'debian-bullseye',
'webserver', 'webserver',
}, },
'metadata': { 'metadata': {
@ -25,8 +25,8 @@ nodes['voc.infobeamer-cms'] = {
}, },
'infobeamer-cms': { 'infobeamer-cms': {
'domain': 'infobeamer.c3voc.de', 'domain': 'infobeamer.c3voc.de',
'event_start_date': '2024-10-03', 'event_start_date': '2024-05-29',
'event_duration_days': 4, 'event_duration_days': 5,
'config': { 'config': {
'ADMIN_USERS': [ 'ADMIN_USERS': [
'hexchen', 'hexchen',
@ -39,6 +39,11 @@ nodes['voc.infobeamer-cms'] = {
'GITHUB_CLIENT_SECRET': vault.decrypt('encrypt$gAAAAABiNwHtdZC2XQ8IjosL7vsmrxZMwDIM6AD5dUlLo996tJs4qV7KJETHgYYZil2aMzClwhcE6JmxdhARRp7IJQ4rQQibelTNmyYSzj_V4puVpvma7SU0UZkTIG95SdPpoHY--Zba'), 'GITHUB_CLIENT_SECRET': vault.decrypt('encrypt$gAAAAABiNwHtdZC2XQ8IjosL7vsmrxZMwDIM6AD5dUlLo996tJs4qV7KJETHgYYZil2aMzClwhcE6JmxdhARRp7IJQ4rQQibelTNmyYSzj_V4puVpvma7SU0UZkTIG95SdPpoHY--Zba'),
'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'), 'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'),
'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key'), 'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key'),
'MQTT_MESSAGE': '{{"level":"info","component":"infobeamer-cms","msg":"{asset} uploaded by {user}. Check it at {url}"}}',
'MQTT_PASSWORD': vault.decrypt('encrypt$gAAAAABhxakfhhwWn0vxhoO1FiMEpdCkomWvo0dHIuBrqDKav8WDpI6dXpb0hoXiWRsPV6p5m-8RlbfFbjPhz47AY-nFOOAAW6Yis3-IVD-U-InKJo9dvms='),
'MQTT_SERVER': 'mqtt.c3voc.de',
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
'SETUP_IDS': [ 'SETUP_IDS': [
250294, 250294,
], ],
@ -51,32 +56,17 @@ nodes['voc.infobeamer-cms'] = {
# 'x2': 110, # 'x2': 110,
# 'y2': 1070, # 'y2': 1070,
# }], # }],
'NOTIFIER': {
'MQTT_PASSWORD': vault.decrypt('encrypt$gAAAAABhxakfhhwWn0vxhoO1FiMEpdCkomWvo0dHIuBrqDKav8WDpI6dXpb0hoXiWRsPV6p5m-8RlbfFbjPhz47AY-nFOOAAW6Yis3-IVD-U-InKJo9dvms='),
'MQTT_HOST': 'mqtt.c3voc.de',
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
},
'FAQ': {
'SOURCE': 'https://github.com/voc/infobeamer-cms',
'CONTACT': '''
Please use the <a href="https://webirc.hackint.org/#ircs://irc.hackint.org/#infobeamer">IRC
Channel #infobeamer on irc.hackint.org</a> (also
<a href="https://www.hackint.org/transport/matrix">bridged to matrix</a>)
or #info-beamer on the cccv rocketchat instance.
'''.strip(),
},
}, },
'rooms': { 'rooms': {
# 'Saal 1': 34430, 'Saal 1': 34430,
# 'Saal G': 26598, 'Saal G': 26598,
# 'Saal Z': 26610, 'Saal Z': 26610,
# 'Saal E (SoS/Lightning-Talks)': 32814, 'Saal E (SoS/Lightning-Talks)': 32814,
# 'Saal F (Sendezentrum/DLF)': 9717, 'Saal F (Sendezentrum/DLF)': 9717,
}, },
'interrupts': { 'interrupts': {
# 'Questions': 'questions', 'Questions': 'questions',
# 'Translations': 'translations', 'Translations': 'translations',
}, },
}, },
'infobeamer-monitor': { 'infobeamer-monitor': {

4
nodes/voc/pretalx.py
View file

@ -49,7 +49,7 @@ nodes['voc.pretalx'] = {
}, },
}, },
'pretalx': { 'pretalx': {
'version': 'v2024.2.1', 'version': 'v2024.1.0',
'domain': 'pretalx.c3voc.de', 'domain': 'pretalx.c3voc.de',
'mail_from': 'pretalx@c3voc.de', 'mail_from': 'pretalx@c3voc.de',
'administrators-from-group-id': 1, 'administrators-from-group-id': 1,
@ -64,7 +64,7 @@ nodes['voc.pretalx'] = {
}, },
'halfnarp': { 'halfnarp': {
'repo': 'https://github.com/seibert-media/pretalx-halfnarp.git', 'repo': 'https://github.com/seibert-media/pretalx-halfnarp.git',
'rev': '1.1.2', 'rev': '1.1.0',
}, },
'media.ccc.de': { 'media.ccc.de': {
'repo': 'https://github.com/pretalx/pretalx-media-ccc-de.git', 'repo': 'https://github.com/pretalx/pretalx-media-ccc-de.git',

350
scripts/netbox-dump
View file

@ -1,240 +1,158 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
from argparse import ArgumentParser
from json import dump from json import dump
from os import environ, makedirs, remove, scandir from os import environ
from os.path import abspath, dirname, join from os.path import dirname, join
from sys import exit from sys import exit
import bwpass import bwpass
from requests import post from requests import post
from bundlewrap.utils.text import bold, red, validate_name from bundlewrap.utils.text import validate_name
from bundlewrap.utils.ui import io
TOKEN = environ.get("NETBOX_AUTH_TOKEN") TOKEN = environ.get("NETBOX_AUTH_TOKEN")
# editorconfig-checker-disable
QUERY = """{
device_list(tag: "bundlewrap") {
name
site {
id
}
interfaces {
id
name
enabled
description
mode
type
ip_addresses {
address
}
untagged_vlan {
name
}
tagged_vlans {
name
}
link_peers {
... on InterfaceType {
name
device {
name
}
}
... on FrontPortType {
name
device {
name
}
}
}
connected_endpoints {
... on InterfaceType {
name
device {
name
}
}
}
}
}
site_list {
id
vlans {
name
vid
}
}
}"""
# editorconfig-checker-enable
if not TOKEN: if not TOKEN:
try: try:
TOKEN = bwpass.attr("netbox.franzi.business/kunsi", "token") TOKEN = bwpass.attr("netbox.franzi.business/kunsi", "token")
except Exception: except Exception:
print("NETBOX_AUTH_TOKEN missing") print("NETBOX_AUTH_TOKEN is missing")
exit(1) exit(1)
TARGET_PATH = join(dirname(dirname(abspath(__file__))), "configs", "netbox") r = post(
"https://netbox.franzi.business/graphql/",
headers={
"Accept": "application/json",
"Authorization": f"Token {TOKEN}",
},
json={
"query": QUERY,
},
)
r.raise_for_status()
QUERY_SITES = """{ data = r.json()["data"]
site_list {
name site_vlans = {site["id"]: site["vlans"] for site in data["site_list"]}
id
vlans { for device in data["device_list"]:
name if not device["name"] or not validate_name(device["name"]):
vid # invalid node name, ignore
} continue
result = {
"interfaces": {},
"vlans": site_vlans[device["site"]["id"]],
} }
}"""
QUERY_DEVICES = """{ for interface in device["interfaces"]:
device_list(filters: {tag: "bundlewrap", site_id: "SITE_ID"}) { description = ""
name peers = None
id
}
}"""
QUERY_DEVICE_DETAILS = """{ if interface["connected_endpoints"]:
device(id: DEVICE_ID) { peers = interface["connected_endpoints"]
name elif interface["link_peers"]:
interfaces { peers = interface["link_peers"]
id
name
enabled
description
mode
type
ip_addresses {
address
}
untagged_vlan {
name
}
tagged_vlans {
name
}
link_peers {
... on InterfaceType {
name
device {
name
}
}
... on FrontPortType {
name
device {
name
}
}
}
connected_endpoints {
... on InterfaceType {
name
device {
name
}
}
}
}
}
}"""
if interface["description"]:
description = interface["description"]
elif peers:
peer_list = set()
def graphql(query): for i in peers:
r = post( peer_list.add(
"https://netbox.franzi.business/graphql/", "{} ({})".format(
headers={ i["device"]["name"],
"Accept": "application/json", i["name"],
"Authorization": f"Token {TOKEN}", )
},
json={
"query": query,
},
)
r.raise_for_status()
return r.json()["data"]
def filter_results(results, filter_by):
if filter_by is None:
return results
out = []
for result in results:
if str(result["id"]) in filter_by or result["name"] in filter_by:
out.append(result)
return out
parser = ArgumentParser()
parser.add_argument("--only-site", nargs="+", type=str)
parser.add_argument("--only-device", nargs="+", type=str)
args = parser.parse_args()
try:
io.activate()
filenames_used = set()
with io.job("getting sites"):
sites = filter_results(
graphql(QUERY_SITES).get("site_list", []), args.only_site
)
io.stdout(f"Processing {len(sites)} sites in total")
for site in sites:
with io.job(f"{bold(site['name'])} getting devices"):
devices = filter_results(
graphql(QUERY_DEVICES.replace("SITE_ID", site["id"])).get(
"device_list", []
),
args.only_device,
)
io.stdout(f"Site {bold(site['name'])} has {len(devices)} devices to process")
for device in devices:
if not device["name"] or not validate_name(device["name"]):
# invalid node name, ignore
continue
with io.job(
f"{bold(site['name'])} {bold(device['name'])} getting interfaces"
):
details = graphql(
QUERY_DEVICE_DETAILS.replace("DEVICE_ID", device["id"])
)["device"]
result = {
"interfaces": {},
"vlans": site["vlans"],
}
for interface in details["interfaces"]:
peers = None
if interface["connected_endpoints"]:
peers = interface["connected_endpoints"]
elif interface["link_peers"]:
peers = interface["link_peers"]
if interface["description"]:
description = interface["description"]
elif peers:
peer_list = set()
for i in peers:
peer_list.add(
"{} ({})".format(
i["device"]["name"],
i["name"],
)
)
description = "; ".join(sorted(peer_list))
else:
description = ""
assert description.isascii()
result["interfaces"][interface["name"]] = {
"description": description,
"enabled": interface["enabled"],
"mode": interface["mode"],
"type": interface["type"],
"ips": sorted(
{i["address"] for i in interface["ip_addresses"]}
),
"untagged_vlan": (
interface["untagged_vlan"]["name"]
if interface["untagged_vlan"]
else None
),
"tagged_vlans": sorted(
{v["name"] for v in interface["tagged_vlans"]}
),
}
if result["interfaces"]:
filename = f"{device['name']}.json"
filenames_used.add(filename)
file_with_path = join(TARGET_PATH, filename)
with io.job(
f"{bold(site['name'])} {bold(device['name'])} writing to {file_with_path}"
):
with open(
file_with_path,
"w+",
) as f:
dump(
result,
f,
indent=4,
sort_keys=True,
)
else:
io.stdout(
f"device {bold(device['name'])} has no interfaces, {red('not')} dumping!"
) )
if not args.only_site and not args.only_device and filenames_used: description = "; ".join(sorted(peer_list))
with io.job(f"cleaning leftover files from {TARGET_PATH}"): else:
for direntry in scandir(TARGET_PATH): description = ""
filename = direntry.name
if filename.startswith("."): assert description.isascii()
continue
if not direntry.is_file(): result["interfaces"][interface["name"]] = {
io.stderr( "description": description,
f"found non-file {filename} in {TARGET_PATH}, please check what's going on!" "enabled": interface["enabled"],
) "mode": interface["mode"],
continue "type": interface["type"],
if filename not in filenames_used: "ips": sorted({i['address'] for i in interface['ip_addresses']}),
remove(join(TARGET_PATH, filename)) "untagged_vlan": interface["untagged_vlan"]["name"]
finally: if interface["untagged_vlan"]
io.deactivate() else None,
"tagged_vlans": sorted({v["name"] for v in interface["tagged_vlans"]}),
}
with open(
join(
dirname(dirname(__file__)),
"configs",
"netbox_device_{}.json".format(device["name"]),
),
"w+",
) as f:
dump(
result,
f,
indent=4,
sort_keys=True,
)