Compare commits

..

No commits in common. "main" and "updates" have entirely different histories.

101 changed files with 1163 additions and 1616 deletions

View file

@ -1,22 +0,0 @@
[server]
host-name=${node.name.split('.')[-1]}
use-ipv4=yes
use-ipv6=yes
allow-interfaces=${','.join(sorted(node.metadata.get('interfaces', {}).keys()))}
ratelimit-interval-usec=1000000
ratelimit-burst=1000
[wide-area]
enable-wide-area=yes
[publish]
disable-publishing=no
disable-user-service-publishing=no
publish-hinfo=yes
publish-workstation=no
publish-aaaa-on-ipv4=yes
publish-a-on-ipv6=no
[reflector]
[rlimits]

View file

@ -1,18 +0,0 @@
directories['/etc/avahi/services'] = {
'purge': True,
}
files['/etc/avahi/avahi-daemon.conf'] = {
'content_type': 'mako',
'triggers': {
'svc_systemd:avahi-daemon:restart',
},
}
svc_systemd['avahi-daemon'] = {
'needs': {
'file:/etc/avahi/avahi-daemon.conf',
'pkg_apt:avahi-daemon',
'pkg_apt:libnss-mdns',
},
}

View file

@ -1,8 +0,0 @@
defaults = {
'apt': {
'packages': {
'avahi-daemon': {},
'libnss-mdns': {},
},
},
}

View file

@ -160,7 +160,7 @@ def monitoring(metadata):
client,
config['one_backup_every_hours'],
),
'vars.sshmon_timeout': 40,
'vars.sshmon_timeout': 20,
}
return {

View file

@ -1,39 +0,0 @@
#!/usr/bin/env python3
from json import loads
from subprocess import check_output
from sys import argv
try:
container_name = argv[1]
docker_ps = check_output([
'docker',
'container',
'ls',
'--all',
'--format',
'json',
'--filter',
f'name={container_name}'
])
containers = loads(f"[{','.join([l for l in docker_ps.decode().splitlines() if l])}]")
if not containers:
print(f'CRITICAL: container {container_name} not found!')
exit(2)
if len(containers) > 1:
print(f'Found more than one container matching {container_name}!')
print(docker_ps)
exit(3)
if containers[0]['State'] != 'running':
print(f'WARNING: container {container_name} not "running"')
exit(2)
print(f"OK: {containers[0]['Status']}")
except Exception as e:
print(repr(e))
exit(2)

View file

@ -1,50 +0,0 @@
#!/bin/bash
[[ -n "$DEBUG" ]] && set -x
ACTION="$1"
set -euo pipefail
if [[ -z "$ACTION" ]]
then
echo "Usage: $0 start|stop"
exit 1
fi
PUID="$(id -u "docker-${name}")"
PGID="$(id -g "docker-${name}")"
if [ "$ACTION" == "start" ]
then
docker run -d \
--name "${name}" \
--env "PUID=$PUID" \
--env "PGID=$PGID" \
--env "TZ=${timezone}" \
% for k, v in sorted(environment.items()):
--env "${k}=${v}" \
% endfor
--network host \
% for host_port, container_port in sorted(ports.items()):
--expose "127.0.0.1:${host_port}:${container_port}" \
% endfor
% for host_path, container_path in sorted(volumes.items()):
--volume "/var/opt/docker-engine/${name}/${host_path}:${container_path}" \
% endfor
--restart unless-stopped \
"${image}"
elif [ "$ACTION" == "stop" ]
then
docker stop "${name}"
docker rm "${name}"
else
echo "Unknown action $ACTION"
exit 1
fi
% if node.has_bundle('nftables'):
systemctl reload nftables
% endif

View file

@ -1,14 +0,0 @@
[Unit]
Description=docker-engine app ${name}
After=network.target
Requires=${' '.join(sorted(requires))}
[Service]
WorkingDirectory=/var/opt/docker-engine/${name}/
ExecStart=/opt/docker-engine/${name} start
ExecStop=/opt/docker-engine/${name} stop
Type=simple
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

View file

@ -1,99 +0,0 @@
from bundlewrap.metadata import metadata_to_json
deps = {
'pkg_apt:docker-ce',
'pkg_apt:docker-ce-cli',
}
directories['/opt/docker-engine'] = {
'purge': True,
}
directories['/var/opt/docker-engine'] = {}
files['/etc/docker/daemon.json'] = {
'content': metadata_to_json(node.metadata.get('docker-engine/config')),
'triggers': {
'svc_systemd:docker:restart',
},
# install config before installing packages to ensure the config is
# applied to the first start as well
'before': deps,
}
svc_systemd['docker'] = {
'needs': deps,
}
files['/usr/local/share/icinga/plugins/check_docker_container'] = {
'mode': '0755',
}
for app, config in node.metadata.get('docker-engine/containers', {}).items():
volumes = config.get('volumes', {})
files[f'/opt/docker-engine/{app}'] = {
'source': 'docker-wrapper',
'content_type': 'mako',
'context': {
'environment': config.get('environment', {}),
'image': config['image'],
'name': app,
'ports': config.get('ports', {}),
'timezone': node.metadata.get('timezone'),
'volumes': volumes,
},
'mode': '0755',
'triggers': {
f'svc_systemd:docker-{app}:restart',
},
}
users[f'docker-{app}'] = {
'home': f'/var/opt/docker-engine/{app}',
'groups': {
'docker',
},
'after': {
# provides docker group
'pkg_apt:docker-ce',
},
}
files[f'/usr/local/lib/systemd/system/docker-{app}.service'] = {
'source': 'docker-wrapper.service',
'content_type': 'mako',
'context': {
'name': app,
'requires': {
*set(config.get('requires', set())),
'docker.service',
}
},
'triggers': {
'action:systemd-reload',
f'svc_systemd:docker-{app}:restart',
},
}
svc_systemd[f'docker-{app}'] = {
'needs': {
*deps,
f'file:/opt/docker-engine/{app}',
f'file:/usr/local/lib/systemd/system/docker-{app}.service',
f'user:docker-{app}',
'svc_systemd:docker',
*set(config.get('needs', set())),
},
}
for volume in volumes:
directories[f'/var/opt/docker-engine/{app}/{volume}'] = {
'owner': f'docker-{app}',
'group': f'docker-{app}',
'needed_by': {
f'svc_systemd:docker-{app}',
},
# don't do anything if the directory exists, docker images
# mangle owners
'unless': f'test -d /var/opt/docker-engine/{app}/{volume}',
}

View file

@ -1,83 +0,0 @@
defaults = {
'apt': {
'packages': {
'docker-ce': {},
'docker-ce-cli': {},
'docker-compose-plugin': {},
},
'repos': {
'docker': {
'items': {
'deb https://download.docker.com/linux/debian {os_release} stable',
},
},
},
},
'backups': {
'paths': {
'/var/opt/docker-engine',
},
},
'hosts': {
'entries': {
'172.17.0.1': {
'host.docker.internal',
},
},
},
'docker-engine': {
'config': {
'iptables': False,
'no-new-privileges': True,
},
},
'zfs': {
'datasets': {
'tank/docker-data': {
'mountpoint': '/var/opt/docker-engine',
},
},
},
}
@metadata_reactor.provides(
'icinga2_api/docker-engine/services',
)
def monitoring(metadata):
services = {
'DOCKER PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C dockerd -c 1:',
},
}
for app in metadata.get('docker-engine/containers', {}):
services[f'DOCKER CONTAINER {app}'] = {
'command_on_monitored_host': f'sudo /usr/local/share/icinga/plugins/check_docker_container {app}'
}
return {
'icinga2_api': {
'docker-engine': {
'services': services,
},
},
}
@metadata_reactor.provides(
'zfs/datasets',
)
def zfs(metadata):
datasets = {}
for app in metadata.get('docker-engine/containers', {}):
datasets[f'tank/docker-data/{app}'] = {
'mountpoint': f'/var/opt/docker-engine/{app}'
}
return {
'zfs': {
'datasets': datasets,
},
}

View file

@ -1,64 +0,0 @@
assert node.has_bundle('docker-engine')
assert node.has_bundle('redis')
assert not node.has_bundle('postgresql') # docker container uses that port
defaults = {
'docker-engine': {
'containers': {
'immich': {
'image': 'ghcr.io/imagegenius/immich:latest',
'environment': {
'DB_DATABASE_NAME': 'immich',
'DB_HOSTNAME': 'host.docker.internal',
'DB_PASSWORD': repo.vault.password_for(f'{node.name} postgresql immich'),
'DB_USERNAME': 'immich',
'REDIS_HOSTNAME': 'host.docker.internal',
},
'volumes': {
'config': '/config',
'libraries': '/libraries',
'photos': '/photos',
},
'needs': {
'svc_systemd:docker-postgresql14',
},
'requires': {
'docker-postgresql14.service',
},
},
'postgresql14': {
'image': 'tensorchord/pgvecto-rs:pg14-v0.2.0',
'environment': {
'POSTGRES_PASSWORD': repo.vault.password_for(f'{node.name} postgresql immich'),
'POSTGRES_USER': 'immich',
'POSTGRES_DB': 'immich',
},
'volumes': {
'database': '/var/lib/postgresql/data',
},
},
},
},
'nginx': {
'vhosts': {
'immich': {
'locations': {
'/': {
'target': 'http://127.0.0.1:8080/',
'websockets': True,
'max_body_size': '500m',
},
#'/api/socket.io/': {
# 'target': 'http://127.0.0.1:8081/',
# 'websockets': True,
#},
},
},
},
},
'redis': {
'bind': '0.0.0.0',
},
}

View file

@ -29,8 +29,8 @@ mail_location = maildir:/var/mail/vmail/%d/%n
protocols = imap lmtp sieve
ssl = required
ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/privkey.pem
ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
ssl_dh = </etc/ssl/certs/dhparam.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305

View file

@ -20,7 +20,7 @@ def nodejs(metadata):
if version >= (1, 11, 71):
return {
'nodejs': {
'version': 22,
'version': 20,
},
}
else:

View file

@ -100,7 +100,7 @@ def nginx(metadata):
},
},
'website_check_path': '/user/login',
'website_check_string': 'Sign in',
'website_check_string': 'Sign In',
},
},
},

View file

@ -2,42 +2,48 @@
from sys import exit
from packaging.version import parse
from requests import get
import requests
from packaging import version
API_TOKEN = "${token}"
DOMAIN = "${domain}"
bearer = "${bearer}"
domain = "${domain}"
OK = 0
WARN = 1
CRITICAL = 2
UNKNOWN = 3
status = 3
message = "Unknown Update Status"
domain = "hass.home.kunbox.net"
s = requests.Session()
s.headers.update({"Content-Type": "application/json"})
try:
r = get("https://version.home-assistant.io/stable.json")
r.raise_for_status()
stable_version = parse(r.json()["homeassistant"]["generic-x86-64"])
except Exception as e:
print(f"Could not get stable version information from home-assistant.io: {e!r}")
exit(3)
try:
r = get(
f"https://{DOMAIN}/api/config",
headers={"Authorization": f"Bearer {API_TOKEN}", "Content-Type": "application/json"},
stable_version = version.parse(
s.get("https://version.home-assistant.io/stable.json").json()["homeassistant"][
"generic-x86-64"
]
)
r.raise_for_status()
running_version = parse(r.json()["version"])
except Exception as e:
print(f"Could not get running version information from homeassistant: {e!r}")
exit(3)
try:
if stable_version > running_version:
print(
f"There is a newer version available: {stable_version} (currently installed: {running_version})"
)
exit(2)
s.headers.update(
{"Authorization": f"Bearer {bearer}", "Content-Type": "application/json"}
)
running_version = version.parse(
s.get(f"https://{domain}/api/config").json()["version"]
)
if running_version == stable_version:
status = 0
message = f"OK - running version {running_version} equals stable version {stable_version}"
elif running_version > stable_version:
status = 1
message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
else:
print(
f"Currently running version {running_version} matches newest release on home-assistant.io"
)
exit(0)
status = 2
message = f"CRITICAL - update necessary, running version {running_version} is lower than stable version {stable_version}"
except Exception as e:
print(repr(e))
exit(3)
message = f"{message}: {repr(e)}"
print(message)
exit(status)

View file

@ -5,8 +5,6 @@ After=network-online.target
[Service]
Type=simple
User=homeassistant
Environment="VIRTUAL_ENV=/opt/homeassistant/venv"
Environment="PATH=/opt/homeassistant/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
WorkingDirectory=/var/opt/homeassistant
ExecStart=/opt/homeassistant/venv/bin/hass -c "/var/opt/homeassistant"
RestartForceExitStatus=100

View file

@ -30,7 +30,7 @@ files = {
'/usr/local/share/icinga/plugins/check_homeassistant_update': {
'content_type': 'mako',
'context': {
'token': node.metadata.get('homeassistant/api_secret'),
'bearer': repo.vault.decrypt(node.metadata.get('homeassistant/api_secret')),
'domain': node.metadata.get('homeassistant/domain'),
},
'mode': '0755',

View file

@ -129,14 +129,11 @@ def notify_per_ntfy():
data=message_text,
headers=headers,
auth=(CONFIG['ntfy']['user'], CONFIG['ntfy']['password']),
timeout=10,
)
r.raise_for_status()
except Exception as e:
log_to_syslog('Sending a Notification failed: {}'.format(repr(e)))
return False
return True
def notify_per_mail():
@ -202,8 +199,7 @@ if __name__ == '__main__':
notify_per_mail()
if args.sms:
ntfy_worked = False
if CONFIG['ntfy']['user']:
ntfy_worked = notify_per_ntfy()
if not args.service_name or not ntfy_worked:
if not args.service_name:
notify_per_sms()
if CONFIG['ntfy']['user']:
notify_per_ntfy()

View file

@ -17,6 +17,7 @@ defaults = {
'icinga2': {},
'icinga2-ido-pgsql': {},
'icingaweb2': {},
'icingaweb2-module-monitoring': {},
'python3-easysnmp': {},
'python3-flask': {},
'snmp': {},

View file

@ -23,7 +23,7 @@ actions = {
git_deploy = {
'/opt/infobeamer-cms/src': {
'rev': 'master',
'repo': 'https://github.com/voc/infobeamer-cms.git',
'repo': 'https://github.com/sophieschi/36c3-cms.git',
'needs': {
'directory:/opt/infobeamer-cms/src',
},
@ -96,6 +96,14 @@ files = {
},
}
pkg_pip = {
'github-flask': {
'needed_by': {
'svc_systemd:infobeamer-cms',
},
},
}
svc_systemd = {
'infobeamer-cms': {
'needs': {

View file

@ -1,13 +1,10 @@
from datetime import datetime, timedelta
assert node.has_bundle('redis')
defaults = {
'infobeamer-cms': {
'config': {
'MAX_UPLOADS': 5,
'PREFERRED_URL_SCHEME': 'https',
'REDIS_HOST': '127.0.0.1',
'SESSION_COOKIE_NAME': '__Host-sess',
'STATIC_PATH': '/opt/infobeamer-cms/static',
'URL_KEY': repo.vault.password_for(f'{node.name} infobeamer-cms url key'),

View file

@ -1,10 +1,9 @@
#!/usr/bin/env python3
import logging
from datetime import datetime
from datetime import datetime, timezone
from json import dumps
from time import sleep
from zoneinfo import ZoneInfo
import paho.mqtt.client as mqtt
from requests import RequestException, get
@ -25,8 +24,7 @@ logging.basicConfig(
)
LOG = logging.getLogger("main")
TZ = ZoneInfo("Europe/Berlin")
DUMP_TIME = "0900"
MLOG = logging.getLogger("mqtt")
state = None
@ -40,10 +38,7 @@ def mqtt_out(message, level="INFO", device=None):
key = "infobeamer"
if device:
key += f"/{device['id']}"
if device["description"]:
message = f"[{device['description']}] {message}"
else:
message = f"[{device['serial']}] {message}"
message = f"[{device['description']}] {message}"
client.publish(
CONFIG["mqtt"]["topic"],
@ -66,14 +61,14 @@ def mqtt_dump_state(device):
out.append("Location: {}".format(device["location"]))
out.append("Setup: {} ({})".format(device["setup"]["name"], device["setup"]["id"]))
out.append("Resolution: {}".format(device["run"].get("resolution", "unknown")))
if not device["is_synced"]:
out.append("syncing ...")
mqtt_out(
" - ".join(out),
device=device,
)
def is_dump_time():
return datetime.now(TZ).strftime("%H%M") == DUMP_TIME
mqtt_out("Monitor starting up")
while True:
@ -86,14 +81,15 @@ while True:
r.raise_for_status()
ib_state = r.json()["devices"]
except RequestException as e:
LOG.exception("Could not get device data from info-beamer")
LOG.exception("Could not get data from info-beamer")
mqtt_out(
f"Could not get device data from info-beamer: {e!r}",
f"Could not get data from info-beamer: {e!r}",
level="WARN",
)
else:
new_state = {}
for device in sorted(ib_state, key=lambda x: x["id"]):
online_devices = set()
for device in ib_state:
did = str(device["id"])
if did in new_state:
@ -101,8 +97,7 @@ while True:
continue
new_state[did] = device
# force information output for every online device at 09:00 CE(S)T
must_dump_state = is_dump_time()
must_dump_state = False
if state is not None:
if did not in state:
@ -145,15 +140,16 @@ while True:
if device["is_online"]:
if device["maintenance"]:
mqtt_out(
"maintenance required: {}".format(
" ".join(sorted(device["maintenance"]))
),
"maintenance required: {}".format(' '.join(
sorted(device["maintenance"])
)),
level="WARN",
device=device,
)
if (
device["location"] != state[did]["location"]
device["is_synced"] != state[did]["is_synced"]
or device["location"] != state[did]["location"]
or device["setup"]["id"] != state[did]["setup"]["id"]
or device["run"].get("resolution")
!= state[did]["run"].get("resolution")
@ -165,52 +161,23 @@ while True:
else:
LOG.info("adding device {} to empty state".format(device["id"]))
if device["is_online"]:
online_devices.add(
"{} ({})".format(
device["id"],
device["description"],
)
)
state = new_state
try:
r = get(
"https://info-beamer.com/api/v1/account",
auth=("", CONFIG["api_key"]),
)
r.raise_for_status()
ib_account = r.json()
except RequestException as e:
LOG.exception("Could not get account data from info-beamer")
mqtt_out(
f"Could not get account data from info-beamer: {e!r}",
level="WARN",
)
else:
available_credits = ib_account["balance"]
if is_dump_time():
mqtt_out(f"Available Credits: {available_credits}")
if available_credits < 50:
mqtt_out(
f"balance has dropped below 50 credits! (available: {available_credits})",
level="ERROR",
)
elif available_credits < 100:
mqtt_out(
f"balance has dropped below 100 credits! (available: {available_credits})",
level="WARN",
)
for quota_name, quota_config in sorted(ib_account["quotas"].items()):
value = quota_config["count"]["value"]
limit = quota_config["count"]["limit"]
if value > limit * 0.9:
mqtt_out(
f"quota {quota_name} is over 90% (limit {limit}, value {value})",
level="ERROR",
)
elif value > limit * 0.8:
mqtt_out(
f"quota {quota_name} is over 80% (limit {limit}, value {value})",
level="WARN",
)
sleep(60)
if (
datetime.now(timezone.utc).strftime("%H%M") == "1312"
and online_devices
and int(datetime.now(timezone.utc).strftime("%S")) < 30
):
mqtt_out("Online Devices: {}".format(", ".join(sorted(online_devices))))
sleep(30)
except KeyboardInterrupt:
break

View file

@ -23,8 +23,9 @@ table inet filter {
icmp type timestamp-request drop
icmp type timestamp-reply drop
meta l4proto {icmp, ipv6-icmp} accept
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
% for ruleset, rules in sorted(input.items()):
# ${ruleset}

View file

@ -29,7 +29,7 @@ defaults = {
},
}
if not node.has_bundle('vmhost') and not node.has_bundle('docker-engine'):
if not node.has_bundle('vmhost'):
# see comment in bundles/vmhost/items.py
defaults['apt']['packages']['iptables'] = {
'installed': False,

View file

@ -11,7 +11,7 @@ events {
http {
include /etc/nginx/mime.types;
types {
application/javascript mjs;
application/javascript js mjs;
}
default_type application/octet-stream;
charset UTF-8;

View file

@ -149,18 +149,18 @@ server {
% if 'target' in options:
proxy_pass ${options['target']};
proxy_http_version ${options.get('http_version', '1.1')};
proxy_set_header Host ${options.get('proxy_pass_host', domain)};
proxy_set_header Host ${domain};
% if options.get('websockets', False):
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
% endif
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host ${options.get('x_forwarded_host', options.get('proxy_pass_host', domain))};
proxy_set_header X-Forwarded-Host ${options.get('x_forwarded_host', domain)};
% for option, value in options.get('proxy_set_header', {}).items():
proxy_set_header ${option} ${value};
% endfor
% if location != '/' and location != '= /':
% if location != '/':
proxy_set_header X-Script-Name ${location};
% endif
proxy_buffering off;

View file

@ -32,9 +32,21 @@ Include = /etc/pacman.d/mirrorlist
Server = ${node.metadata.get('pacman/repository')}
Include = /etc/pacman.d/mirrorlist
% endif
% if node.metadata.get('pacman/enable_aurto'):
% if node.metadata.get('pacman/enable_aurto', True):
[aurto]
Server = https://aurto.kunbox.net/
SigLevel = Optional TrustAll
% endif
% if node.has_bundle('zfs'):
[archzfs]
Server = http://archzfs.com/archzfs/x86_64
% if node.metadata.get('pacman/linux-lts', False):
[zfs-linux-lts]
% else:
[zfs-linux]
% endif
Server = http://kernels.archzfs.com/$repo/
% endif

View file

@ -33,7 +33,6 @@ svc_systemd['paccache.timer'] = {
}
pkg_pacman = {
'acpi_call-lts': {},
'at': {},
'autoconf': {},
'automake': {},
@ -62,7 +61,6 @@ pkg_pacman = {
'ldns': {},
'less': {},
'libtool': {},
'linux-lts': {},
'logrotate': {},
'lsof': {},
'm4': {},
@ -104,6 +102,12 @@ pkg_pacman = {
'zip': {},
}
if node.metadata.get('pacman/linux-lts', False):
pkg_pacman['linux-lts'] = {}
pkg_pacman['acpi_call-lts'] = {}
else:
pkg_pacman['linux'] = {}
pkg_pacman['acpi_call'] = {}
for pkg, config in node.metadata.get('pacman/packages', {}).items():
pkg_pacman[pkg] = config

View file

@ -4,7 +4,6 @@ defaults = {
'glibc',
'pacman',
},
'enable_aurto': True,
'no_extract': {
'etc/cron.d/0hourly',
# don't install systemd-homed pam module. It produces a lot of spam in

View file

@ -34,7 +34,7 @@ defaults = {
},
},
'nodejs': {
'version': 22,
'version': 18,
},
'postgresql': {
'roles': {

View file

@ -1,5 +1,3 @@
devnull@${node.metadata.get('postfix/myhostname')} DISCARD DEV-NULL
% for address in sorted(blocked):
${address} REJECT
% endfor

View file

@ -3,7 +3,7 @@ biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
myhostname = ${node.metadata.get('postfix/myhostname')}
myhostname = ${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}
myorigin = /etc/mailname
mydestination = $myhostname, localhost
mynetworks = ${' '.join(sorted(mynetworks))}
@ -25,6 +25,7 @@ inet_interfaces = 127.0.0.1
% endif
<%text>
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@ -37,8 +38,8 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
</%text>
% if node.has_bundle('postfixadmin'):
smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/fullchain.pem
smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/privkey.pem
smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
<%text>
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
@ -47,7 +48,7 @@ smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/blocked_recipients, permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/blocked_recipients
smtpd_relay_before_recipient_restrictions = yes
# https://ssl-config.mozilla.org/#server=postfix&version=3.7.10&config=intermediate&openssl=3.0.11&guideline=5.7

View file

@ -25,7 +25,7 @@ my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix'
files = {
'/etc/mailname': {
'content': node.metadata.get('postfix/myhostname'),
'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
'before': {
my_package,
},

View file

@ -87,7 +87,7 @@ def letsencrypt(metadata):
}
result['domains'] = {
metadata.get('postfix/myhostname'): set(),
metadata.get('postfix/myhostname', metadata.get('hostname')): set(),
}
return {
@ -148,14 +148,3 @@ def icinga2(metadata):
},
},
}
@metadata_reactor.provides(
'postfix/myhostname',
)
def myhostname(metadata):
return {
'postfix': {
'myhostname': metadata.get('hostname'),
},
}

View file

@ -57,7 +57,7 @@ files = {
},
}
if node.has_bundle('backup-client'):
if node.has_bundle('backup-client') and not node.has_bundle('zfs'):
files['/etc/backup-pre-hooks.d/90-postgresql-dump-all'] = {
'source': 'backup-pre-hook',
'content_type': 'mako',
@ -67,6 +67,10 @@ if node.has_bundle('backup-client'):
'mode': '0700',
}
directories['/var/tmp/postgresdumps'] = {}
else:
files['/var/tmp/postgresdumps'] = {
'delete': True,
}
postgres_roles = {
'root': {

View file

@ -11,7 +11,6 @@ defaults = {
'backups': {
'paths': {
'/var/lib/postgresql',
'/var/tmp/postgresdumps',
},
},
'bash_functions': {
@ -75,6 +74,8 @@ if node.has_bundle('zfs'):
},
},
}
else:
defaults['backups']['paths'].add('/var/tmp/postgresdumps')
@metadata_reactor.provides(

View file

@ -3,8 +3,6 @@ from os import listdir
from os.path import isfile, join
from subprocess import check_output
from bundlewrap.utils.ui import io
zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
nameservers = set()
@ -81,10 +79,9 @@ if node.metadata.get('powerdns/features/bind', False):
continue
try:
output = check_output(['git', 'log', '-1', '--pretty=%ci']).decode('utf-8').strip()
output = check_output(['git', 'log', '-1', '--pretty=%ci', join(zone_path, zone)]).decode('utf-8').strip()
serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M')
except Exception as e:
io.stderr(f"Error while parsing commit time for {zone} serial: {e!r}")
except:
serial = datetime.now().strftime('%y%m%d0000')
primary_zones.add(zone)

View file

@ -71,8 +71,8 @@ actions = {
'chown -R powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static/',
]),
'needs': {
'action:nodejs_install_yarn',
'action:powerdnsadmin_install_deps',
'bundle:nodejs',
'pkg_apt:',
},
},

View file

@ -14,7 +14,7 @@ defaults = {
},
},
'nodejs': {
'version': 22,
'version': 18,
},
'users': {
'powerdnsadmin': {

View file

@ -7,6 +7,7 @@ from subprocess import check_output
from requests import get
UPDATE_URL = '${url}'
USERNAME = '${username}'
PASSWORD = '${password}'

View file

@ -5,6 +5,7 @@ from ipaddress import ip_address
from json import loads
from subprocess import check_output, run
DOMAIN = '${domain}'
# <%text>

View file

@ -1,5 +1,5 @@
assert node.has_bundle('redis'), f'{node.name}: pretalx needs redis'
assert node.has_bundle('nodejs'), f'{node.name}: pretalx needs nodejs for rebuild step'
assert node.has_bundle('nodejs'), f'{node.name}: pretalx needs nodejs for rebuild and regenerate_css step'
actions = {
'pretalx_create_virtualenv': {
@ -53,6 +53,17 @@ actions = {
},
'triggered': True,
},
'pretalx_regenerate-css': {
'command': 'sudo -u pretalx PRETALX_CONFIG_FILE=/opt/pretalx/pretalx.cfg /opt/pretalx/venv/bin/python -m pretalx regenerate_css',
'needs': {
'action:pretalx_migrate',
'directory:/opt/pretalx/data',
'directory:/opt/pretalx/static',
'file:/opt/pretalx/pretalx.cfg',
'bundle:nodejs',
},
'triggered': True,
},
}
users = {
@ -79,6 +90,7 @@ git_deploy = {
'action:pretalx_install',
'action:pretalx_migrate',
'action:pretalx_rebuild',
'action:pretalx_regenerate-css',
'svc_systemd:pretalx-web:restart',
'svc_systemd:pretalx-worker:restart',
},
@ -109,6 +121,7 @@ svc_systemd = {
'action:pretalx_install',
'action:pretalx_migrate',
'action:pretalx_rebuild',
'action:pretalx_regenerate-css',
'file:/etc/systemd/system/pretalx-web.service',
'file:/opt/pretalx/pretalx.cfg',
},
@ -117,7 +130,6 @@ svc_systemd = {
'needs': {
'action:pretalx_install',
'action:pretalx_migrate',
'action:pretalx_rebuild',
'file:/etc/systemd/system/pretalx-worker.service',
'file:/opt/pretalx/pretalx.cfg',
},
@ -192,6 +204,7 @@ for plugin_name, plugin_config in node.metadata.get('pretalx/plugins', {}).items
'triggers': {
'action:pretalx_migrate',
'action:pretalx_rebuild',
'action:pretalx_regenerate-css',
'svc_systemd:pretalx-web:restart',
'svc_systemd:pretalx-worker:restart',
},

View file

@ -27,7 +27,7 @@ defaults = {
},
},
'nodejs': {
'version': 22,
'version': 18,
},
'pretalx': {
'database': {

View file

@ -1,13 +0,0 @@
files['/etc/proftpd/proftpd.conf'] = {
'source': f'{node.name}.conf',
'triggers': {
'svc_systemd:proftpd:restart',
},
}
svc_systemd['proftpd'] = {
'needs': {
'file:/etc/proftpd/proftpd.conf',
'pkg_apt:proftpd-core',
},
}

View file

@ -1,26 +0,0 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'proftpd-core': {},
},
},
}
@metadata_reactor.provides(
'firewall/port_rules',
)
def firewall(metadata):
sources = atomic(metadata.get('mosquitto/restrict-to', set()))
return {
'firewall': {
'port_rules': {
'20/tcp': sources,
'21/tcp': sources,
'49152-50192/tcp': sources,
},
},
}

View file

@ -48,4 +48,3 @@ tcp-keepalive 0
timeout 0
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
protected-mode no

View file

@ -2,6 +2,7 @@ import re
from json import load
from os.path import join
with open(join(repo.path, 'configs', 'netbox', f'{node.name}.json')) as f:
netbox = load(f)

View file

@ -1,7 +1,7 @@
reporting {
enabled = true;
email = 'devnull@${node.metadata.get('postfix/myhostname')}';
domain = '${node.metadata.get('postfix/myhostname')}';
email = 'dmarc+${node.name.replace('.', '-')}@kunbox.net';
domain = '${node.metadata.get('hostname')}';
org_name = 'kunbox.net';
smtp = '127.0.0.1';
smtp_port = 25;

View file

@ -6,11 +6,6 @@ defaults = {
'rsyslog': {},
},
},
'backups': {
'paths': {
'/var/log/rsyslog',
},
},
'icinga2_api': {
'rsyslog': {
'services': {

View file

@ -13,13 +13,6 @@ map to guest = bad user
load printers = no
usershare allow guests = yes
allow insecure wide links = yes
min protocol = SMB2
% if timemachine:
vfs objects = fruit
fruit:aapl = yes
fruit:copyfile = yes
fruit:model = MacSamba
% endif
% for name, opts in sorted(node.metadata.get('samba/shares', {}).items()):
[${name}]
@ -44,24 +37,3 @@ follow symlinks = yes
wide links = yes
% endif
% endfor
% for name in sorted(timemachine):
[timemachine-${name}]
comment = Time Machine backup for ${name}
available = yes
browseable = yes
guest ok = no
read only = false
valid users = timemachine-${name}
path = /srv/timemachine/${name}
durable handles = yes
vfs objects = catia fruit streams_xattr
fruit:delete_empty_adfiles = yes
fruit:metadata = stream
fruit:posix_rename = yes
fruit:time machine = yes
fruit:time machine max size = 750G
fruit:veto_appledouble = no
fruit:wipe_intentionally_left_blank_rfork = yes
% endfor

View file

@ -1,21 +0,0 @@
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=RackMac1,2</txt-record>
</service>
<service>
<type>_adisk._tcp</type>
% for idx, share_name in enumerate(sorted(shares)):
<txt-record>dk${idx}=adVN=timemachine-${share_name},adVF=0x82</txt-record>
% endfor
<txt-record>sys=waMa=0,adVF=0x100</txt-record>
</service>
</service-group>

View file

@ -11,14 +11,9 @@ svc_systemd = {
},
}
timemachine_shares = node.metadata.get('samba/timemachine-shares', set())
files = {
'/etc/samba/smb.conf': {
'content_type': 'mako',
'context': {
'timemachine': timemachine_shares,
},
'triggers': {
'svc_systemd:nmbd:restart',
'svc_systemd:smbd:restart',
@ -62,24 +57,3 @@ for user, uconfig in node.metadata.get('users', {}).items():
last_action = {
f'action:smbpasswd_for_user_{user}',
}
if timemachine_shares:
assert node.has_bundle('avahi-daemon'), f'{node.name}: samba needs avahi-daemon to publish time machine shares'
files['/etc/avahi/services/timemachine.service'] = {
'content_type': 'mako',
'context': {
'shares': timemachine_shares,
},
}
for share_name in timemachine_shares:
users[f'timemachine-{share_name}'] = {
'home': f'/srv/timemachine/{share_name}',
}
directories[f'/srv/timemachine/{share_name}'] = {
'owner': f'timemachine-{share_name}',
'group': f'timemachine-{share_name}',
'mode': '0700',
}

View file

@ -24,30 +24,3 @@ def firewall(metadata):
},
},
}
@metadata_reactor.provides(
'zfs/datasets',
)
def timemachine_zfs(metadata):
shares = metadata.get('samba/timemachine-shares', set())
if not shares:
return {}
assert node.has_bundle('zfs'), f'{node.name}: time machine backups require zfs'
datasets = {
'tank/timemachine': {},
}
for share_name in shares:
datasets[f'tank/timemachine/{share_name}'] = {
'mountpoint': f'/srv/timemachine/{share_name}',
}
return {
'zfs': {
'datasets': datasets,
},
}

View file

@ -0,0 +1,21 @@
#!/bin/bash
set -euo pipefail
DATE=$(date +%F_%H-%M-%S)
cd "$1"
convert *.tiff no_ocr.pdf
ocrmypdf -l deu no_ocr.pdf has_ocr.pdf
rm -f *.tiff
rm -f no_ocr.pdf
chown nobody:nogroup has_ocr.pdf
mv has_ocr.pdf "/srv/scansnap/${DATE}.pdf"
cd /
rm -r "$1"

View file

@ -0,0 +1,9 @@
#!/bin/bash
set -euo pipefail
OUTFILE=$(mktemp -d)
scanimage --source 'ADF Duplex' --format tiff --mode Color --brightness 23 --resolution 300 --page-width 210 --page-height 297.3 -x 210 -y 297.3 --batch=${OUTFILE}/p%04d.tiff
/etc/scanbd/scripts/ocr.sh "$OUTFILE" &

View file

@ -0,0 +1,52 @@
global {
debug = true
debug-level = 2
user = saned
group = scanner
saned = "/usr/sbin/saned"
saned_opt = {}
saned_env = { "SANE_CONFIG_DIR=/etc/scanbd" }
scriptdir = /etc/scanbd/scripts
timeout = 500
pidfile = "/var/run/scanbd.pid"
environment {
device = "SCANBD_DEVICE"
action = "SCANBD_ACTION"
}
function function_knob {
filter = "^message.*"
desc = "The value of the function knob / wheel / selector"
env = "SCANBD_FUNCTION"
}
function function_mode {
filter = "^mode.*"
desc = "Color mode"
env = "SCANBD_FUNCTION_MODE"
}
multiple_actions = false
action scan {
filter = "^scan.*"
numerical-trigger {
from-value = 0
to-value = 1
}
desc = "Scan to file"
script = "scan.sh"
}
}
include(scanner.d/avision.conf)
include(scanner.d/fujitsu.conf)
include(scanner.d/hp.conf)
include(scanner.d/pixma.conf)
include(scanner.d/snapscan.conf)
include(scanner.d/canon.conf)
include(scanner.d/plustek.conf)

39
bundles/scansnap/items.py Normal file
View file

@ -0,0 +1,39 @@
directories = {
'/etc/scanbd/scripts': {
'purge': True,
},
'/srv/scansnap': {
'owner': 'nobody',
'group': 'nogroup',
},
}
files = {
'/etc/scanbd/scanbd.conf': {
'triggers': {
'svc_systemd:scanbd:restart',
},
},
'/etc/scanbd/scripts/ocr.sh': {
'mode': '0755',
'needs': {
'directory:/srv/scansnap',
},
},
'/etc/scanbd/scripts/scan.sh': {
'mode': '0755',
'needs': {
'directory:/srv/scansnap',
'file:/etc/scanbd/scripts/ocr.sh',
},
},
}
svc_systemd = {
'scanbd': {
'needs': {
'file:/etc/scanbd/scanbd.conf',
'pkg_apt:scanbd',
},
},
}

View file

@ -0,0 +1,22 @@
defaults = {
'apt': {
'packages': {
'sane-utils': {},
'scanbd': {},
'imagemagick': {},
'ocrmypdf': {},
'tesseract-ocr-deu': {},
},
},
'backups': {
'paths': {
'/srv/scansnap',
},
},
'cron': {
'jobs': {
# Automatically remove files which are older than 14 days
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
},
},
}

View file

@ -43,6 +43,30 @@ if node.has_bundle('telegraf'):
}
@metadata_reactor.provides(
'smartd/disks',
)
def zfs_disks_to_metadata(metadata):
disks = set()
for config in metadata.get('zfs/pools', {}).values():
for option in config['when_creating']['config']:
if option.get('type', '') in {'log', 'cache'}:
continue
for disk in option['devices']:
if search(r'p([0-9]+)$', disk) or disk.startswith('/dev/mapper/'):
continue
disks.add(disk)
return {
'smartd': {
'disks': disks,
},
}
@metadata_reactor.provides(
'icinga2_api/smartd/services',
)

View file

@ -4,30 +4,27 @@ from re import findall
from subprocess import check_output
from sys import exit
ITERATIONS = 10
try:
top_output = None
top_output = check_output(rf"top -b -n{ITERATIONS} -d1 | grep -i '^%cpu'", shell=True).decode('UTF-8')
for line in check_output(['top', '-b', '-n1', '-d1']).decode('UTF-8').splitlines():
if line.lower().strip().startswith('%cpu'):
top_output = line.lower().split(':', 2)[1]
break
if not top_output:
print('%cpu not found in top output')
exit(3)
cpu_usage = {}
for value, identifier in findall(r'([0-9\.\,]{3,5}) ([a-z]{2})', top_output):
if identifier not in cpu_usage:
cpu_usage[identifier] = 0.0
cpu_usage[identifier] += float(value.replace(',', '.'))
output = []
for identifier, value_added in cpu_usage.items():
value = value_added / ITERATIONS
output.append(f"{value:.2f} {identifier}")
cpu_usage[identifier] = value
print(f"Average over {ITERATIONS} seconds: " + ", ".join(output))
for value, identifier in findall('([0-9\.\,]{3,5}) ([a-z]{2})', top_output):
cpu_usage[identifier] = float(value.replace(',', '.'))
warn = set()
crit = set()
print(top_output)
# steal
if cpu_usage['st'] > 10:
crit.add('CPU steal is {}% (>10%)'.format(cpu_usage['st']))

View file

@ -22,8 +22,7 @@ case "$issuer_hash" in
# 462422cf: issuer=C = US, O = Let's Encrypt, CN = E5
# 9aad238c: issuer=C = US, O = Let's Encrypt, CN = E6
# 31dfb39d: issuer=C = US, O = Let's Encrypt, CN = R11
# aa578057: issuer=C = US, O = Let's Encrypt, CN = R10
4f06f81d|8d33f237|462422cf|9aad238c|31dfb39d|aa578057)
4f06f81d|8d33f237|462422cf|9aad238c|31dfb39d)
warn_days=10
crit_days=3
;;

View file

@ -19,8 +19,6 @@ defaults = {
'services': {
'CPU': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_cpu_stats',
# takes samples over 10 seconds
'vars.sshmon_timeout': 20
},
'LOAD': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_load -r -w 4,2,1 -c 8,4,2',

View file

@ -1,4 +1,4 @@
timezone = node.metadata.get('timezone')
timezone = node.metadata.get('timezone', 'UTC')
actions['systemd-reload'] = {
'command': 'systemctl daemon-reload',

View file

@ -21,7 +21,6 @@ defaults = {
},
},
},
'timezone': 'UTC',
}
if not node.has_bundle('rsyslogd'):

View file

@ -2,9 +2,6 @@ from json import dumps
from bundlewrap.metadata import MetadataJSONEncoder
if node.has_bundle('pacman'):
assert node.metadata.get('pacman/enable_aurto'), f'{node.name}: bundle:zfs needs aurto for zfs-linux-lts package'
files = {
'/etc/modprobe.d/zfs.conf': {
'source': 'zfs-modprobe.conf',

View file

@ -48,12 +48,6 @@ defaults = {
'etc/sudoers.d/zfs',
},
'packages': {
'zfs-linux-lts': {
'needed_by': {
'zfs_dataset:',
'zfs_pool:',
},
},
'zfs-utils': {
'needed_by': {
'svc_systemd:zfs-zed',
@ -127,6 +121,27 @@ if node.has_bundle('telegraf'):
}
@metadata_reactor.provides(
'pacman/packages',
)
def packages(metadata):
if node.metadata.get('pacman/linux-lts', False):
pkgname = 'zfs-linux-lts'
else:
pkgname = 'zfs-linux'
return {
'pacman': {
'packages': {
pkgname: {
'needed_by': {
'zfs_dataset:',
'zfs_pool:',
},
},
},
},
}
@metadata_reactor.provides(
'apt/packages',
)
@ -155,7 +170,7 @@ def scrub_timer(metadata):
'systemd-timers': {
'timers': {
'zfs-scrub': {
'when': metadata.get('zfs/scrub_when', 'Sun 02:00:00 UTC'),
'when': 'Sun 02:00:00 UTC',
'command': scrubs,
},
},

View file

@ -1,7 +1,5 @@
109.237.176.0/20
109.72.116.0/24
116.50.16.0/21
128.65.164.0/22
129.181.208.0/21
129.181.216.0/22
137.170.112.0/24
@ -17,12 +15,13 @@
139.12.4.0/24
141.169.240.0/20
141.77.0.0/16
141.98.44.0/24
143.99.213.0/24
145.225.16.0/23
146.247.58.0/24
147.136.84.0/22
147.161.22.0/24
147.78.17.0/24
147.79.8.0/21
149.208.250.0/23
149.208.252.0/24
149.208.253.0/24
@ -35,7 +34,6 @@
149.249.244.0/22
149.249.244.0/23
149.249.246.0/23
153.17.244.8/29
153.17.249.0/24
153.17.250.0/24
153.17.251.0/24
@ -48,11 +46,7 @@
153.97.32.0/24
158.116.231.0/24
160.211.126.0/24
163.5.156.0/24
163.5.170.0/24
163.5.186.0/24
163.5.220.0/24
163.5.66.0/24
163.5.168.0/24
164.133.10.0/24
164.133.11.0/24
164.133.150.0/24
@ -66,9 +60,11 @@
168.199.192.0/22
168.199.212.0/22
170.237.92.0/23
171.25.178.0/24
176.221.24.0/24
176.221.25.0/24
176.53.136.0/24
176.53.137.0/24
176.57.59.0/24
185.100.160.0/22
185.101.244.0/23
185.101.246.0/23
@ -80,38 +76,45 @@
185.131.239.0/24
185.133.12.0/22
185.136.115.0/24
185.149.25.0/24
185.149.26.0/24
185.149.27.0/24
185.149.52.0/24
185.157.101.0/24
185.161.176.0/22
185.162.72.0/23
185.163.76.0/24
185.163.77.0/24
185.163.78.0/24
185.163.79.0/24
185.172.38.0/24
185.172.39.0/24
185.180.224.0/24
185.183.212.0/23
185.183.214.0/23
185.188.64.0/24
185.195.239.0/24
185.198.13.0/24
185.202.32.0/21
185.203.148.0/22
185.207.46.0/24
185.21.247.0/24
185.235.71.0/24
185.237.0.0/24
185.237.1.0/24
185.237.2.0/24
185.240.85.0/24
185.242.224.0/24
185.243.44.0/22
185.243.44.0/24
185.243.45.0/24
185.243.46.0/24
185.243.47.0/24
185.250.42.0/23
185.28.208.0/22
185.39.12.0/22
185.48.0.0/22
185.57.231.0/24
185.57.24.0/24
185.82.160.0/23
188.214.139.0/24
185.91.204.0/22
192.109.121.0/24
192.109.122.0/24
192.109.124.0/24
@ -173,6 +176,7 @@
193.110.102.0/23
193.110.102.0/24
193.110.103.0/24
193.124.35.0/24
193.138.91.0/24
193.141.143.0/24
193.141.180.0/23
@ -239,6 +243,7 @@
193.41.10.0/23
193.47.164.0/24
193.53.93.0/24
193.56.21.0/24
193.58.253.0/24
193.84.136.0/22
193.96.230.0/24
@ -248,7 +253,6 @@
193.98.224.0/24
193.99.96.0/20
194.0.151.0/24
194.0.232.0/24
194.110.133.0/24
194.113.160.0/22
194.113.20.0/23
@ -291,13 +295,6 @@
194.15.64.0/21
194.15.72.0/22
194.150.228.0/23
194.152.128.0/24
194.152.129.0/24
194.152.132.0/24
194.152.141.0/24
194.152.142.0/24
194.152.154.0/24
194.152.155.0/24
194.153.86.0/24
194.156.128.0/22
194.156.148.0/24
@ -340,20 +337,26 @@
194.39.63.0/24
194.39.88.0/21
194.39.97.0/24
194.45.144.0/21
194.49.110.0/24
194.49.117.0/24
194.49.118.0/23
194.49.125.0/24
194.49.48.0/24
194.49.54.0/24
194.49.72.0/24
194.49.73.0/24
194.49.74.0/23
194.49.85.0/24
194.55.158.0/24
194.55.180.0/24
194.55.183.0/24
194.55.192.0/19
194.55.63.0/24
194.55.64.0/20
194.55.87.0/24
194.58.40.0/24
194.58.56.0/23
194.59.143.0/24
194.59.150.0/24
194.59.151.0/24
@ -379,22 +382,34 @@
194.76.52.0/24
194.77.41.0/24
194.77.42.0/24
194.85.248.0/24
194.85.251.0/24
194.87.10.0/24
194.87.17.0/24
194.87.255.0/24
194.87.77.0/24
194.88.112.0/20
194.88.16.0/21
194.88.24.0/23
194.88.26.0/24
194.88.28.0/23
194.88.96.0/21
194.99.118.0/24
194.99.34.0/24
194.99.76.0/23
194.99.83.0/24
194.99.92.0/22
195.133.20.0/24
195.133.64.0/22
195.133.7.0/24
195.133.76.0/24
195.137.216.0/23
195.138.223.0/24
195.144.15.0/24
195.145.0.0/16
195.149.79.0/24
195.160.248.0/22
195.178.132.0/22
195.190.2.0/24
195.192.254.0/24
195.200.207.0/24
@ -421,14 +436,12 @@
198.40.90.0/24
198.57.10.0/24
2.160.0.0/12
2.58.100.0/24
2.58.102.0/24
204.52.120.0/24
204.52.121.0/24
204.69.32.0/24
205.142.63.0/24
212.184.0.0/15
212.185.0.0/16
212.87.217.0/24
213.145.90.0/23
213.145.92.0/23
213.173.0.0/19
@ -437,7 +450,6 @@
213.209.156.0/24
217.0.0.0/13
217.117.96.0/24
217.198.189.0/24
217.224.0.0/11
217.24.32.0/20
217.24.33.0/24
@ -447,21 +459,35 @@
31.224.0.0/11
31.6.56.0/23
37.143.0.0/22
37.230.56.0/24
37.230.57.0/24
37.230.58.0/23
37.230.60.0/24
37.230.63.0/24
37.46.11.0/24
37.50.0.0/15
37.80.0.0/12
45.128.14.0/23
45.132.217.0/24
45.132.80.0/22
45.141.54.0/24
45.145.16.0/24
45.140.208.0/24
45.141.130.0/24
45.142.236.0/24
45.145.241.0/24
45.145.243.0/24
45.147.227.0/24
45.155.77.0/24
45.81.255.0/24
45.83.136.0/22
45.84.214.0/24
45.93.186.0/23
46.20.216.0/21
46.250.224.0/21
46.250.232.0/21
46.78.0.0/15
46.80.0.0/12
5.10.208.0/24
5.10.209.0/24
5.10.220.0/24
5.133.112.0/24
5.249.188.0/22
5.35.192.0/21
@ -477,11 +503,14 @@
64.137.119.0/24
64.137.125.0/24
64.137.127.0/24
77.242.149.0/24
77.47.152.0/22
77.83.136.0/23
77.83.138.0/23
77.83.32.0/22
77.90.156.0/24
77.90.184.0/24
79.139.52.0/22
79.192.0.0/10
80.128.0.0/11
80.128.0.0/12
@ -493,47 +522,38 @@
80.157.8.0/21
80.187.0.0/16
80.187.160.0/20
80.244.13.0/24
80.64.240.0/22
80.71.231.0/24
80.71.233.0/24
80.71.235.0/24
80.71.236.0/24
80.71.238.0/24
80.83.80.0/21
81.201.32.0/20
81.31.210.0/23
82.163.104.0/21
81.30.96.0/20
82.152.178.0/24
82.163.60.0/22
82.206.32.0/21
82.206.40.0/21
82.206.48.0/21
82.215.70.0/24
83.136.208.0/22
83.147.36.0/22
83.243.48.0/21
84.128.0.0/10
84.234.16.0/20
84.246.108.0/24
84.32.108.0/22
84.32.48.0/22
84.55.0.0/24
84.55.1.0/24
84.55.2.0/24
84.55.3.0/24
84.55.4.0/24
84.55.5.0/24
84.55.6.0/24
84.55.7.0/24
85.116.28.0/24
85.116.29.0/24
85.116.30.0/24
85.116.31.0/24
85.119.160.0/23
85.204.181.0/24
85.204.160.0/22
85.208.248.0/24
85.208.249.0/24
85.208.250.0/24
85.208.251.0/24
86.105.211.0/24
86.107.164.0/24
85.237.76.0/22
86.38.248.0/21
86.38.37.0/24
87.128.0.0/10
@ -544,40 +564,10 @@
88.216.60.0/22
89.116.64.0/22
89.213.186.0/23
89.39.97.0/24
89.35.127.0/24
89.43.34.0/24
91.0.0.0/10
91.103.240.0/21
91.124.135.0/24
91.124.19.0/24
91.124.20.0/24
91.124.21.0/24
91.124.22.0/24
91.124.23.0/24
91.124.24.0/24
91.124.26.0/24
91.124.27.0/24
91.124.28.0/24
91.124.31.0/24
91.124.32.0/24
91.124.33.0/24
91.124.34.0/24
91.124.36.0/24
91.124.37.0/24
91.124.38.0/24
91.124.39.0/24
91.124.40.0/24
91.124.41.0/24
91.124.42.0/24
91.124.43.0/24
91.124.44.0/24
91.124.45.0/24
91.124.46.0/24
91.124.47.0/24
91.124.50.0/24
91.124.51.0/24
91.124.6.0/24
91.124.7.0/24
91.189.192.0/21
91.194.232.0/23
91.198.113.0/24
@ -602,40 +592,19 @@
91.216.242.0/24
91.216.45.0/24
91.217.214.0/24
91.221.12.0/23
91.222.232.0/22
91.227.98.0/23
91.232.136.0/22
91.232.54.0/24
92.112.128.0/24
92.112.155.0/24
92.112.157.0/24
92.112.16.0/22
92.112.160.0/24
92.112.162.0/24
92.112.165.0/24
92.112.167.0/24
92.112.20.0/22
92.112.48.0/24
92.112.49.0/24
92.112.52.0/24
92.112.54.0/24
92.112.59.0/24
92.112.63.0/24
92.112.64.0/24
92.112.67.0/24
92.112.79.0/24
92.112.81.0/24
92.112.83.0/24
92.112.94.0/24
92.114.44.0/22
92.119.164.0/22
92.119.208.0/24
92.119.209.0/24
92.119.210.0/24
92.119.211.0/24
93.113.70.0/24
93.119.201.0/24
93.119.184.0/21
93.192.0.0/10
93.95.119.0/24
94.126.98.0/24
94.26.110.0/23
94.26.64.0/23
@ -651,6 +620,7 @@
2001:678:b38::/48
2001:678:bdc::/48
2001:678:d4c::/48
2001:678:e9c::/48
2001:678:ff0::/48
2001:67c:11a4::/48
2001:67c:14c4::/48
@ -671,7 +641,6 @@
2001:67c:b80::/48
2001:67c:c84::/48
2001:67c:c9c::/48
2001:67c:ec0::/48
2003:3c0::/28
2003:3e0::/28
2003:8:1800::/48
@ -694,8 +663,6 @@
2003::/19
2003::/20
2003::/23
2a00:5c60:3::/48
2a00:5c60:a::/48
2a00:6680::/46
2a01:598::/29
2a01:8fa0::/32
@ -727,11 +694,8 @@
2a0d:480::/29
2a0d:480::/30
2a0d:484::/30
2a0e:cbc4::/32
2a0e:cbc5::/32
2a0e:cbc6::/32
2a0e:cbc7::/32
2a0e:eb40::/32
2a0f:15c0::/32
2a10:cd80::/29
2a11:7400:d1::/48
2a12:6900:1000::/40

View file

@ -1,13 +1,19 @@
104.151.0.0/17
109.250.0.0/16
109.250.0.0/18
109.250.0.0/20
109.250.128.0/19
109.250.16.0/20
109.250.160.0/19
109.250.192.0/19
109.250.224.0/19
109.250.64.0/18
109.250.32.0/19
109.250.64.0/19
109.250.80.0/22
109.250.84.0/22
109.250.88.0/22
109.250.92.0/22
109.250.96.0/19
134.101.0.0/21
14.102.90.0/24
143.58.64.0/18
149.233.32.0/19
153.94.0.0/20
@ -29,7 +35,6 @@
185.151.201.0/24
185.151.203.0/24
185.158.48.0/22
185.187.122.0/24
185.199.205.0/24
185.235.232.0/22
185.8.230.0/23
@ -40,13 +45,13 @@
192.166.84.0/22
192.166.87.0/24
192.166.88.0/21
192.189.14.0/24
193.101.4.0/23
193.102.10.0/24
193.101.5.0/24
193.111.212.0/22
193.111.212.0/24
193.163.13.0/24
193.17.225.0/24
193.163.13.0/25
193.163.13.128/25
193.219.15.0/24
193.22.120.0/21
193.22.120.0/24
@ -87,7 +92,7 @@
194.127.144.0/21
194.127.203.0/24
194.139.55.0/24
194.145.218.0/23
194.145.230.0/24
194.156.216.0/21
194.156.232.0/23
194.156.233.0/24
@ -110,23 +115,24 @@
194.99.0.0/21
195.149.80.0/23
195.167.208.0/20
195.191.20.0/23
195.202.32.0/19
195.226.160.0/19
195.226.96.0/19
195.234.139.0/24
195.238.233.0/24
195.238.238.0/24
195.244.10.0/23
195.64.176.0/23
195.93.158.0/23
202.71.128.0/20
202.71.141.0/24
212.204.0.0/19
212.7.128.0/19
212.8.0.0/19
212.80.224.0/19
212.80.224.0/20
212.80.240.0/20
212.93.0.0/19
213.138.32.0/19
213.138.35.0/24
213.139.128.0/19
213.182.128.0/19
213.30.192.0/18
@ -143,155 +149,307 @@
45.13.15.0/24
46.142.0.0/16
46.142.0.0/19
46.142.112.0/20
46.142.128.0/19
46.142.160.0/19
46.142.194.0/24
46.142.214.0/24
46.142.224.0/19
46.142.32.0/19
46.142.32.0/20
46.142.48.0/20
46.142.64.0/19
46.142.96.0/19
46.142.96.0/20
46.189.0.0/17
46.189.116.0/24
61.8.128.0/19
61.8.128.0/22
61.8.132.0/22
61.8.136.0/22
61.8.144.0/22
61.8.152.0/22
61.8.156.0/24
61.8.157.0/24
62.214.0.0/16
62.214.213.0/24
62.214.224.0/19
62.217.32.0/19
62.220.0.0/19
62.68.82.0/24
62.72.64.0/19
62.72.70.0/24
62.72.88.0/22
62.72.92.0/23
62.72.94.0/24
77.74.136.0/21
77.87.190.0/24
80.241.192.0/20
80.242.160.0/19
82.119.160.0/19
82.140.0.0/18
82.140.48.0/20
82.140.2.0/23
82.140.2.0/24
82.140.3.0/24
82.140.48.0/21
82.144.32.0/19
82.144.34.0/24
82.144.35.0/24
82.144.36.0/24
82.144.37.0/24
82.145.0.0/19
82.194.96.0/19
82.207.128.0/17
82.207.192.0/19
82.207.224.0/21
82.207.232.0/22
82.207.236.0/24
82.207.240.0/20
82.207.244.0/24
82.207.245.0/24
82.207.246.0/24
82.207.247.0/24
82.207.248.0/24
82.207.249.0/24
82.207.250.0/24
82.207.251.0/24
82.207.252.0/24
82.207.253.0/24
82.207.254.0/24
82.207.255.0/24
83.135.0.0/16
83.135.0.0/20
83.135.0.0/22
83.135.112.0/20
83.135.128.0/19
83.135.16.0/22
83.135.160.0/21
83.135.164.0/22
83.135.168.0/21
83.135.176.0/22
83.135.180.0/22
83.135.184.0/21
83.135.192.0/20
83.135.20.0/24
83.135.208.0/20
83.135.21.0/24
83.135.22.0/24
83.135.224.0/22
83.135.23.0/24
83.135.230.0/23
83.135.232.0/21
83.135.24.0/24
83.135.240.0/22
83.135.244.0/24
83.135.245.0/24
83.135.248.0/24
83.135.249.0/24
83.135.25.0/24
83.135.250.0/24
83.135.251.0/24
83.135.252.0/24
83.135.253.0/24
83.135.254.0/24
83.135.255.0/24
83.135.26.0/24
83.135.27.0/24
83.135.28.0/24
83.135.29.0/24
83.135.30.0/24
83.135.31.0/24
83.135.32.0/19
83.135.4.0/22
83.135.64.0/19
83.135.8.0/21
83.135.96.0/20
84.19.192.0/19
84.19.192.0/20
84.19.208.0/20
87.122.0.0/15
87.122.0.0/16
87.122.0.0/20
87.122.128.0/21
87.122.136.0/22
87.122.144.0/20
87.122.16.0/20
87.122.160.0/20
87.122.176.0/21
87.122.184.0/24
87.122.185.0/24
87.122.186.0/24
87.122.187.0/24
87.122.188.0/24
87.122.189.0/24
87.122.190.0/24
87.122.191.0/24
87.122.192.0/19
87.122.224.0/19
87.122.32.0/19
87.122.64.0/19
87.122.96.0/19
87.123.0.0/16
87.123.0.0/19
87.123.112.0/20
87.123.128.0/19
87.123.160.0/20
87.123.176.0/20
87.123.194.0/24
87.123.196.0/24
87.123.203.0/24
87.123.192.0/20
87.123.208.0/22
87.123.216.0/21
87.123.224.0/20
87.123.240.0/21
87.123.240.0/22
87.123.244.0/22
87.123.248.0/22
87.123.252.0/24
87.123.253.0/24
87.123.254.0/24
87.123.255.0/24
87.123.32.0/19
87.123.64.0/20
87.123.80.0/20
87.123.96.0/19
87.123.96.0/20
88.130.0.0/16
88.130.0.0/19
88.130.130.0/23
88.130.132.0/22
88.130.136.0/21
88.130.144.0/20
88.130.144.0/21
88.130.152.0/24
88.130.153.0/24
88.130.154.0/24
88.130.155.0/24
88.130.156.0/22
88.130.156.0/24
88.130.157.0/24
88.130.158.0/24
88.130.159.0/24
88.130.160.0/21
88.130.172.0/22
88.130.176.0/21
88.130.192.0/23
88.130.194.0/23
88.130.180.0/24
88.130.181.0/24
88.130.182.0/24
88.130.183.0/24
88.130.184.0/24
88.130.185.0/24
88.130.186.0/24
88.130.187.0/24
88.130.188.0/24
88.130.189.0/24
88.130.190.0/24
88.130.191.0/24
88.130.192.0/21
88.130.200.0/21
88.130.208.0/21
88.130.216.0/21
88.130.216.0/22
88.130.220.0/24
88.130.221.0/24
88.130.222.0/24
88.130.223.0/24
88.130.32.0/20
88.130.48.0/24
88.130.49.0/24
88.130.50.0/24
88.130.51.0/24
88.130.52.0/24
88.130.53.0/24
88.130.54.0/23
88.130.54.0/24
88.130.55.0/24
88.130.56.0/24
88.130.57.0/24
88.130.58.0/24
88.130.59.0/24
88.130.60.0/24
88.130.61.0/24
88.130.62.0/24
88.130.63.0/24
88.130.64.0/19
88.130.96.0/19
89.207.200.0/21
89.244.0.0/14
89.244.0.0/16
89.244.112.0/21
89.244.120.0/21
89.244.120.0/22
89.244.124.0/24
89.244.126.0/24
89.244.127.0/24
89.244.160.0/21
89.244.164.0/22
89.244.168.0/21
89.244.176.0/20
89.244.192.0/19
89.244.224.0/20
89.244.76.0/24
89.244.78.0/23
89.244.240.0/20
89.244.64.0/21
89.244.72.0/22
89.244.80.0/20
89.244.96.0/22
89.244.96.0/20
89.245.0.0/16
89.245.0.0/20
89.245.112.0/20
89.245.158.0/24
89.245.159.0/24
89.245.16.0/20
89.245.160.0/20
89.245.176.0/21
89.245.184.0/24
89.245.185.0/24
89.245.186.0/24
89.245.187.0/24
89.245.188.0/24
89.245.189.0/24
89.245.190.0/24
89.245.191.0/24
89.245.192.0/19
89.245.224.0/19
89.245.32.0/19
89.245.64.0/19
89.245.32.0/20
89.245.64.0/20
89.245.80.0/20
89.245.96.0/20
89.246.0.0/16
89.246.0.0/19
89.246.104.0/23
89.246.106.0/24
89.246.107.0/24
89.246.108.0/24
89.246.109.0/24
89.246.110.0/24
89.246.111.0/24
89.246.112.0/22
89.246.116.0/22
89.246.120.0/24
89.246.121.0/24
89.246.122.0/24
89.246.123.0/24
89.246.124.0/22
89.246.160.0/20
89.246.160.0/21
89.246.176.0/22
89.246.180.0/22
89.246.184.0/21
89.246.192.0/19
89.246.32.0/19
89.246.32.0/20
89.246.48.0/21
89.246.56.0/21
89.246.96.0/21
89.247.0.0/16
89.247.0.0/19
89.247.112.0/21
89.247.112.0/22
89.247.120.0/22
89.247.124.0/24
89.247.125.0/24
89.247.126.0/24
89.247.127.0/24
89.247.144.0/20
89.247.160.0/20
89.247.179.0/24
89.247.192.0/20
89.247.208.0/21
89.247.216.0/22
89.247.228.0/22
89.247.224.0/21
89.247.232.0/21
89.247.232.0/22
89.247.236.0/22
89.247.252.0/22
89.247.240.0/21
89.247.240.0/22
89.247.252.0/24
89.247.253.0/24
89.247.254.0/24
89.247.255.0/24
89.247.32.0/19
89.247.32.0/20
89.247.64.0/20
89.247.80.0/20
89.247.96.0/20
89.27.128.0/17
89.27.153.0/24
91.194.180.0/23
91.198.67.0/24
91.199.158.0/24
@ -310,7 +468,8 @@
92.116.120.0/21
92.116.128.0/18
92.116.16.0/20
92.116.192.0/18
92.116.192.0/19
92.116.224.0/19
92.116.32.0/19
92.116.64.0/18
92.116.96.0/19
@ -324,34 +483,67 @@
92.117.240.0/21
92.117.248.0/21
92.117.64.0/19
92.117.96.0/19
94.134.0.0/15
94.134.0.0/18
94.134.112.0/22
94.134.100.0/22
94.134.112.0/21
94.134.120.0/24
94.134.121.0/24
94.134.122.0/24
94.134.123.0/24
94.134.124.0/24
94.134.125.0/24
94.134.126.0/24
94.134.127.0/24
94.134.128.0/20
94.134.144.0/20
94.134.160.0/21
94.134.168.0/22
94.134.172.0/22
94.134.176.0/20
94.134.176.0/21
94.134.192.0/22
94.134.192.0/20
94.134.208.0/21
94.134.216.0/21
94.134.64.0/22
94.134.68.0/22
94.134.224.0/19
94.134.64.0/20
94.134.80.0/22
94.134.88.0/22
94.134.94.0/23
94.134.84.0/24
94.134.85.0/24
94.134.86.0/24
94.134.87.0/24
94.134.88.0/24
94.134.89.0/24
94.134.90.0/24
94.134.91.0/24
94.134.92.0/24
94.134.93.0/24
94.134.94.0/24
94.134.95.0/24
94.134.96.0/20
94.134.96.0/22
2001:1438:1000::/36
2001:1438:1:100::/56
2001:1438:1:200::/56
2001:1438:1:300::/56
2001:1438:1:400::/56
2001:1438:1:900::/56
2001:1438:1:a00::/56
2001:1438:2000::/36
2001:1438:3000::/36
2001:1438:4000::/36
2001:1438::/32
2001:1438:f000::/36
2001:1438:fff:10::/64
2001:1438:fff:11::/64
2001:1438:fff:12::/64
2001:1438:fff:3::/64
2001:1438:fff:4::/64
2001:1438:fff:5::/64
2001:1438:fff:6::/64
2001:1438:fff:7::/64
2001:1438:fff:8::/64
2001:1438:fff:9::/64
2001:1438:fff:a::/64
2001:1438:fff:b::/64
2001:1438:fff:c::/64
2001:1438:fff:d::/64
2001:1438:fff:e::/64
2001:1438:fff:f::/64
2001:16b8:1000::/40
2001:16b8:100::/40
2001:16b8:1100::/40
@ -401,14 +593,12 @@
2001:16b8:a000::/35
2001:16b8:a00::/40
2001:16b8:b00::/40
2001:16b8:c000::/35
2001:678:c74::/48
2001:67c:27ac::/48
2001:67c:2878::/48
2001:67c:2e8c::/48
2001:67c:660::/48
2001:67c:888::/48
2001:67c:ed8::/48
2001:7b0::/32
2001:9e8:2000::/35
2001:9e8:4000::/35
@ -425,11 +615,10 @@
2a00:fb8:4000::/35
2a00:fb8:6000::/35
2a00:fb8::/29
2a00:fb8::/32
2a00:fb8::/35
2a03:3fc0:2000::/48
2a07:9400::/29
2a0a:ed40::/29
2a0b:9e80:1000::/36
2a0d:240::/29
2a0d:ad00::/29
2a11:d00::/32

View file

@ -1,62 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -1,29 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mQINBGZMb30BEAC6c5P5lo5cLN2wX9+jA7TEEJ/NiiOM9VxBwB/c2PFd6AjdGBbe
28VcXWmFdETg1N3Woq08yNVXdxS1tMslyl9apmmyCiSC2OPMmTOveLzZ196IljYR
DeZMF8C+rdzNKXZzn7+nEp9xRy34QUZRfx6pEnugMd0VK0d/ZKgMbcq2IvcRQwap
60+9t8ppesXhgaRBsAzvrj1twngqXP90JwzKGaR+iaGzrvvJn6cgXkw3MyXhskKY
4J0c7TV6DmTOIfL6RmBp8+SSco8xXD/O/YIpG8LWe+sbMqSaq7jFvKCINWgK4RAt
7mBRHvx81Y8IwV6B2wch/lSyYxKXTbE7uMefy3vyP9A9IFhMbFpc0EJA/4tHYEL4
qPZyR44mizsxa+1h6AXO258ERtzL+FoksXnWTcQqBKjd6SHhLwN4BLsjrlWsJ6lD
VaSKsekEwMFTLvZiLxYXBLPU04dvGNgX7nbkFMEK6RxHqfMu+m6+0jPXzQ+ejuae
xoBBT61O7v5PPTqbZFBKnVzQPf7fBIHW5/AGAc+qAI459viwcCSlJ21RCzirFYc0
/KDuSoo61yyNcq4G271lbT5SNeMZNlDxKkiHjbCpIU6iEF7uK828F1ZGKOMRztok
bzE7j1IDIfDQ3P/zfq73Rr2S9FfHlXvEmLIuj5G4PO7p0IwUlCD1a9oY+QARAQAB
tCxJY2luZ2EgR21iSCAoQnVpbGQgc2VydmVyKSA8aW5mb0BpY2luZ2EuY29tPokC
TgQTAQoAOBYhBN069hmO0AC0wLc5VswRb1WqfyOCBQJmTG99AhsDBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEMwRb1WqfyOCGrIP/i/4fYEkdCi4nhQGMzSP0Eyh
UhJjsUP9mEqSQRqOAplvjYa1yBbrSPLfkRE0oAL/o+4eUKcAQFeDQtDXJ/D4xl3Q
J5MehRJYzklrSs5XkEscb73HoDBUfFSgCVM2zK+JkCX0CPJ4ZLWtZGJ+8pCLpnkH
nCPonbGc6sS+m2JsPRwxyxAhdXxWSAesXd8dUSW3MOQz9JlC4/idQcCFs03fdhuZ
4jGMry08OihWVudTDK8nkwRZLzNoOivAQ3mIeaTcRMmgPJfYN4k0o90lXJWAbG+2
j8p7Pyjv71OctI8KUbS4+f2H8i6r5Pc4M4hlUQh6QAN9o1oPJrXxurdp0EXgQXSy
rVH2MeguqprFJxGjdlTCSTYgQEmEXMixRAGzteEgCf/Qk9mPXoxFTNyNg4/Lkglb
Nj6dY6or6w+IsbdrcePqDAs+j9t5B97vU7Ldquloj85myQjkWPP8kjlsOlsXBkQ/
C+mD+5iW2AiWh+yCasf6mOZwUfINZF+VDpmfIsZZbWpcMgp1f32fpRFZ3ietnsnR
+luNb19hUHKyyDDHMe/YM7H9P5vtX9BGz6O9kNpo1LAnigkSQSFBZlK3Po3Yk9eg
XPbDT5HsU3TMyS5ZnSDRRPPJwsyGPXz+0pCADae9H9hCc2C2LZIrrtwlOFPWuViA
ifY/dQmUP37n5XgMADRc
=O0zm
mQGiBFKHzk4RBACSHMIFTtfw4ZsNKAA03Gf5t7ovsKWnS7kcMYleAidypqhOmkGg
0petiYsMPYT+MOepCJFGNzwQwJhZrdLUxxMSWay4Xj0ArgpD9vbvU+gj8Tb02l+x
SqNGP8jXMV5UnK4gZsrYGLUPvx47uNNYRIRJAGOPYTvohhnFJiG402dzlwCg4u5I
1RdFplkp9JM6vNM9VBIAmcED/2jr7UQGsPs8YOiPkskGHLh/zXgO8SvcNAxCLgbp
BjGcF4Iso/A2TAI/2KGJW6kBW/Paf722ltU6s/6mutdXJppgNAz5nfpEt4uZKZyu
oSWf77179B2B/Wl1BsX/Oc3chscAgQb2pD/qPF/VYRJU+hvdQkq1zfi6cVsxyREV
k+IwA/46nXh51CQxE29ayuy1BoIOxezvuXFUXZ8rP6aCh4KaiN9AJoy7pBieCzsq
d7rPEeGIzBjI+yhEu8p92W6KWzL0xduWfYg9I7a2GTk8CaLX2OCLuwnKd7RVDyyZ
yzRjWs0T5U7SRAWspLStYxMdKert9lLyQiRHtLwmlgBPqa0gh7Q+SWNpbmdhIE9w
ZW4gU291cmNlIE1vbml0b3JpbmcgKEJ1aWxkIHNlcnZlcikgPGluZm9AaWNpbmdh
Lm9yZz6IYAQTEQIAIAUCUofOTgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJ
EMbjGcM0QQaCgSQAnRjXdbsyqziqhmxfAKffNJYuMPwdAKCS/IRCVyQzApFBtIBQ
1xuoym/4C7kCDQRSh85OEAgAvPwjlURCi8z6+7i60no4n16dNcSzd6AT8Kizpv2r
9BmNBff/GNYGnHyob/DMtmO2esEuVG8w62rO9m1wzzXzjbtmtU7NZ1Tg+C+reU2I
GNVu3SYtEVK/UTJHAhLcgry9yD99610tYPN2Fx33Efse94mXOreBfCvDsmFGSc7j
GVNCWXpMR3jTYyGj1igYd5ztOzG63D8gPyOucTTl+RWN/G9EoGBv6sWqk5eCd1Fs
JlWyQX4BJn3YsCZx3uj1DWL0dAl2zqcn6m1M4oj1ozW47MqM/efKOcV6VvCs9SL8
F/NFvZcH4LKzeupCQ5jEONqcTlVlnLlIqId95Z4DI4AV9wADBQf/S6sKA4oH49tD
Yb5xAfUyEp5ben05TzUJbXs0Z7hfRQzy9+vQbWGamWLgg3QRUVPx1e4IT+W5vEm5
dggNTMEwlLMI7izCPDcD32B5oxNVxlfj428KGllYWCFj+edY+xKTvw/PHnn+drKs
LE65Gwx4BPHm9EqWHIBX6aPzbgbJZZ06f6jWVBi/N7e/5n8lkxXqS23DBKemapyu
S1i56sH7mQSMaRZP/iiOroAJemPNxv1IQkykxw2woWMmTLKLMCD/i+4DxejE50tK
dxaOLTc4HDCsattw/RVJO6fwE414IXHMv330z4HKWJevMQ+CmQGfswvCwgeBP9n8
PItLjBQAXIhJBBgRAgAJBQJSh85OAhsMAAoJEMbjGcM0QQaCzpAAmwUNoRyySf9p
5G3/2UD1PMueIwOtAKDVVDXEq5LJPVg4iafNu0SRMwgP0Q==
=icbY
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -1,74 +0,0 @@
Include /etc/proftpd/modules.conf
UseIPv6 on
<IfModule mod_ident.c>
IdentLookups off
</IfModule>
ServerName "home.paperless"
ServerType standalone
DeferWelcome off
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
RequireValidShell off
Port 21
PassivePorts 49152 50192
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
<Anonymous /mnt/paperless/consume/>
User nobody
Group nogroup
UserAlias anonymous ftp
<Directory *>
AllowAll
</Directory>
</Anonymous>

View file

@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDsDCCAzagAwIBAgISBGjVgPFJCHOuBJul17PsmUBlMAoGCCqGSM49BAMDMDIx
MIIDsDCCAzWgAwIBAgISBIi3muU9O51f4fWWUXJHNgRHMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDExMzAwOTM4MzNaFw0yNTAyMjgwOTM4MzJaMBoxGDAWBgNVBAMTD2hv
bWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABK+7B9tE5ejhYZWq
3gs8q4s6/A98pW5GGpkYl7iPsPM8ko0UvZ8tfBU+KuEavDmFoFa8W4ePEkPkypHo
gqRMhIm55/2wyTTh8/PnXp8vWCwMISmPHEqou2mphx0feLRAlqOCAiUwggIhMA4G
NjAeFw0yNDA5MDQxNjA1MThaFw0yNDEyMDMxNjA1MTdaMBoxGDAWBgNVBAMTD2hv
bWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA5vskMN8tWHCOsv
aUojW+t8otSpRgcU0tLsONhzQ7GhG5tC5DQ5pN7HiG14eejONQE4hRWC4rkP/e47
EVQd/rFK5m0lQesR68zogtW9KfQZUoINhlOuR4CxpBY1LrG5laOCAiQwggIgMA4G
A1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUicTvP+5xKDeHcAhxZi7CeD5xzCUwHwYDVR0j
VR0TAQH/BAIwADAdBgNVHQ4EFgQU3iCazGKeVwzCa84zl+qckbspEmEwHwYDVR0j
BBgwFoAUkydGmAOpUWiOmNbEQkjbI79YlNIwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vZTYuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9lNi5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5uZXSC
D2hvbWUua3VuYm94Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB
1nkCBAIEgfYEgfMA8QB3AM8RVu7VLnyv84db2Wkum+kacWdKsBfsrAHSW3fOzDsI
AAABk3ylPJIAAAQDAEgwRgIhAPf1V/hozFwCyj8rwHFrxslXPa77KFbbm1yrvikr
ypvZAiEAgsSapcCShSJcW21/Rig7MOjp8IjdirAzLDRnBcl4tooAdgB9WR4S4Xgq
exxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAZN8pURGAAAEAwBHMEUCIBF42g56
wBpQRx1aHM+tFrydhInIx+ji6o7d055uc7bAAiEA4bRrxTsQQIJ+5lY2XIYTpf5C
msc2KAHccsMqstH+ur8wCgYIKoZIzj0EAwMDaAAwZQIxAOTsntM8s/ik3N09mXq4
fVm1XQk2B2jALeTZLZevUY8jUjhKwoXTNVXQlMr1ilnC9QIwCa7zOQJQ2Y7D8xMv
uKfu7TMSLJlWMDHhIsggdPeQDYtNm85jsOXqB1SjWeCR25Mn
D2hvbWUua3VuYm94Lm5ldDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB
1nkCBAIEgfUEgfIA8AB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRu
AAABkb3+C2AAAAQDAEcwRQIhAMwv6NjH3Ggd1WfeSVvyToVaM15glwfSJcAW8+40
XbCKAiABUoDmQjhKi5VfwZ7e0WX5XjEmgBN2qTafK5RqlaCDJgB2AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABkb3+C3IAAAQDAEcwRQIgU9sxMGOG
aP3npu7vw3G9TiFRxuZRCI96My34WVSCOcsCIQDhDjS9QhJGtNT68Z0sx6DJCcco
L1AXGWwojxizcx48bTAKBggqhkjOPQQDAwNpADBmAjEA/SOZeiZrClB5EJlZFdQy
hrt2qh4HC5zvHdSLTWI4GAxDy8xRg/ANO6fp0Sb7Q7jdAjEAhiQgQfgUln08i/tv
3TGjVRIT/Y4A4QadodTROpfmFDH3QIsNwRPRhQUUSscBavK9
-----END CERTIFICATE-----

View file

@ -1 +1 @@
encrypt$gAAAAABnSurPS00unDJP1C7wyToyZOzKrEruyT6itqZG1Bbv6IZPVrkdcbgyfPrXY8ViPSRwtdVJsju-X8pvLHZGSHXvxhpNlNrNQTas2_VCMwYIihGnp7VI6ovQXd_iVHON5sXaNpKURRwCsvnYhHQfn4qPGLSN8II2QdpJ4A4nDschZwN2u-8X9omGPOcC6zeivoew4UcpossYuJDskHeJnRnR3roGwrHuPWfEKRgRJ_eTHgij00uyoJZxhWGRV9nS_MnacbGUP6KBXfaZP_23DFJPMMq734qVfcLObhYa8nam9kLHh4TaloET2pK-IVqcb_FOorWiipiGBSNCw9EQr57d8AOLEFAwMmb_1fgPCjpchVZaSKD4OhdjPt1CU3unzR-zPkrjBdL-az0ci984vJnLolr4z8nMW6oR1SyJGyccJ-lmoMf34M3oI3zIlNg2GPdGcZMFa6GhvmLYwDb7r0PHil_GRA==
encrypt$gAAAAABm2JL0vVqh3Zut-a1Gfn8iOtDZS8aBpGobV3-d3u8My0MPunYmbQ6kXUAw7U0Bu87AAPXNsmi1pxrxcu8vXvhw4uM445WwKj-UqaV5fmk-ZasHGq-O6K52YqEgK6wo-9u_sOBubbwJSwFVaHxT3gczLW_GVRHhFIFGgdnRlz4YoAz4NXcos_uNO9GMEOGhfGx9e2c2GOIg64vXkj_1LjXEDoV9HYMzy-2wLt4A6q-ZiZwCoKl8-lt8sY_rLk_yfmy3sMvzqg8JaE7T4sunmXDdf4HQlnvl_cu1uW33Rrsq4-080HKx6rKNsZQGhWD2yls016xBAYZvQbDjHd6-7bld1bs5RUF5tfEC3Kx567TBdMaf5C7-PnNB7O_MC4I6SkmUElGRdYyCHuP5HXf9dKtiGCtjHyfEzqTBrcI0xPt631_IGPWMNId7zyLqfLHpMFTPS9jgGVKoT1TXwKe4NSHaGxXO-A==

View file

@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDxzCCA02gAwIBAgISA1HOrGT03Yk2QXIKpt4i5P2mMAoGCCqGSM49BAMDMDIx
MIIDxzCCA02gAwIBAgISBDW3AazQEdYbYaSrLIoUKbvsMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDEyMTkwMTE2MTdaFw0yNTAzMTkwMTE2MTZaMCIxIDAeBgNVBAMTF2hv
bWUuc29waGllcy1raXRjaGVuLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEKI2X
YK5pxQUcBjOYQwH6OQBEaj2kVhtj1BgRXXrap/U3Zi9M1oKpDk22husbUDS4fACo
IFAsNYbFi15ayAwvkkcWEe4VkgYEdPVJes3XnkL1YOGzUpT9+eC6VbjCxjfdo4IC
NjAeFw0yNDA2MjExNjUzNDBaFw0yNDA5MTkxNjUzMzlaMCIxIDAeBgNVBAMTF2hv
bWUuc29waGllcy1raXRjaGVuLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEQDuO
QacqKUrKWbwBWgSqPkaBIb4t6f4kiRMvCyY8KiZmIvJadVD6iKnbcGzFQ0LRI+vt
+O6ZVpwsUOXvgF3PB7o7OfODlVsKRc4pYJPvoRRaz1VlK6eZW20GGivBVgl0o4IC
NDCCAjAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRQB7GGtPhw9dPLCx28NgPOq+Wa
jjAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBVBggrBgEFBQcBAQRJ
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRScRdoEyCVXr1PC0yvKusaOO5i
dTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBVBggrBgEFBQcBAQRJ
MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNyLm9yZzAiBggrBgEFBQcw
AoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzA9BgNVHREENjA0ghkqLmhvbWUuc29w
aGllcy1raXRjaGVuLmV1ghdob21lLnNvcGhpZXMta2l0Y2hlbi5ldTATBgNVHSAE
DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AKLjCuRF772t
m3447Udnd1PXgluElNcrXhssxLlQpEfnAAABk9yyNhIAAAQDAEgwRgIhAOsCeRvZ
GUN1z2lGajkrKcCtffuDhwNRPAIN2we+oXuzAiEA7XeLDROcGGcOYUMin5xKE+qr
XwitlCEyUejC5xKJm1QAdQDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwN
sAAAAZPcsjYwAAAEAwBGMEQCIFRahCu7PZCNkSF6+oyB3MAWoLQYmjlDXxeI91E0
QfOkAiBGaToUTmM1n16nkX0hMVhNm7icCFojHkNCUzfSJ0wk8zAKBggqhkjOPQQD
AwNoADBlAjAgbshjfMt0K8pG2NzhVW1m/es3HJEtK4QGAe/BR5lgjLy1bJG/iLr9
eXPh4xACg5wCMQDx7cF2C2T06e9ogshtJGODQSM9tGHbtt2rpAbUAzWNZgu+F3XL
mwaSjFAL7mBYSMM=
DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABkDvuwaIAAAQDAEYwRAIgP3lyMqvr
+a7XWoRLxzQzhv6umJ/hiQPTWen3qqTao34CIGLq9y9ZPZUuo2smf49h9v9I9B4t
o6ihFaHoOB68q37DAHcA3+FW66oFr7WcD4ZxjajAMk6uVtlup/WlagHRwTu+UlwA
AAGQO+7CZAAABAMASDBGAiEAjl1f87koOUNfTNL4IRO+BBEVeHCxPvYRaztVJoC0
x6ECIQDblc+Snmea3OSqydLcyi8xgdtMySyQgPElXLtM7H+RUjAKBggqhkjOPQQD
AwNoADBlAjA0FOSmTiYrA9Hd2T5DkI2TMOH2akk8SxXprkei6H37bI8O3br7ke8t
jwHWVtvN4d8CMQDohhdWUQ3G8Fl4ektN34oX6U3NcywBm96U3RVt5JYcfnn8ea68
Qboj263s/g0Ciqs=
-----END CERTIFICATE-----

View file

@ -1 +1 @@
encrypt$gAAAAABnY4Ga6MmpudhHnOVKVh3j6R071y-Bs6es3e3hNHkZP7Tfj6IomEhTSxWb_oG9HYZmhkadw66cmVRQcxp1wGChWWLye-ykadgy0xUCxGW3YmBWp4t--Yesvbjamaa5OlvDFWQVG5Zt4fsY7BloXRdio8XUdPKBkbi2MV0quvpqsFfOqr_ZmIOOkjLlZojfw9HQ7odM9lSAm8cVS5NXimOhA1ks_gK6CzJbzwhpbekCOcx5_sGhdb8XFUxLN-VBtmQ2HGIncou66rE1P3mBg2hDSyqiXapVMkqMjNoVM71V_5lUnAF7Lxce3nG72SnOe2oITnxRNcnaavxDEgd0ffM5revuCd-XWlaUW1iQrgSyQzJyD6Ukv-mM2IRpuoq79JdTZK_LNJkAmJozrGBT0c5ZwGVNLmZEcjQ1dk8jyYslF5s7rK1lmNvcTUaHGpFToXc1p-qFY8NNWj_Iu-MLE8PNrIscDg==
encrypt$gAAAAABmdb4pdFakOuqHPRpEu_RjEPVVS9Ef0kuvWKKT3Gr3056e0nhinh_THX1w7CqiZ4CQlvSIH7vlDNUORFWlqDuZJOh8FYPSzjr78aK1MqVGZHxQBK8VVNd0K5m1U3z9_4W_pB7Zr_5fLXDqtIW-t68GQPEfxCwy2h2eBepQ2zJiLupWa7JwuqiXH6QyB4gD5Y-9F30RjH52WtJLrx6XtgClPG0p-6FrHcNHqmMYqgpt11zvLa88lOBUoDGFrrqqFRbY039ay2b1jrQOAhTQLDxnAMsbr5jTSbST1modE-1u_Wis-Km-jcMwkiViZpK-HC6Ce_TNdt1NDarBat6nRhTrpqHXENlroVixHmGl1_-Y6mc75tJ-KHQKRRzwK8V_X62iA3vfSz1Xps8B1FZqxJWA2EdM0JkQecCuC-bnpedEoumYnif3vLhe91NV8SQ5FBlkd3NFT8vBAWCgnqT_jDf5YQW70w==

View file

@ -61,9 +61,6 @@ groups['home'] = {
}
groups['sophie'] = {
'supergroups': {
'linux',
},
'member_patterns': {
r"sophie\..*",
},
@ -71,9 +68,6 @@ groups['sophie'] = {
'icinga_options': {
'exclude_from_monitoring': True,
},
'backup-client': {
'target': 'htz-hel.backup-sophie',
},
'users': {
'sophie': {},
},

View file

@ -1,6 +1,5 @@
import bwpass
def demagify(something, vault):
if isinstance(something, str):
if something.startswith('!bwpass:'):

View file

@ -17,7 +17,7 @@ WG_AUTOGEN_NODES = [
'home.router',
'htz-cloud.wireguard',
'icinga2',
None, # daisy
'daisy',
]
WG_AUTOGEN_SETTINGS = {

View file

@ -4,9 +4,9 @@ from hashlib import sha3_224
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives.serialization import (Encoding,
NoEncryption,
PrivateFormat,
PublicFormat)
NoEncryption,
PrivateFormat,
PublicFormat)
from bundlewrap.utils import Fault

View file

@ -5,7 +5,7 @@ from bundlewrap.utils.text import bold, red
from bundlewrap.utils.ui import io
def resolve_identifier(repo, identifier, linklocal=False, only_physical=False, allow_private=True):
def resolve_identifier(repo, identifier, linklocal=False, only_physical=False):
"""
Try to resolve an identifier (group or node). Return a set of ip
addresses valid for this identifier.
@ -62,15 +62,10 @@ def resolve_identifier(repo, identifier, linklocal=False, only_physical=False, a
'ipv6': set(),
}
has_public_ips = bool([ip for ip in found_ips if not ip.is_private])
for ip in found_ips:
if ip.is_link_local and not linklocal:
continue
if ip.is_private and not allow_private and has_public_ips:
continue
if isinstance(ip, IPv4Address):
ip_dict['ipv4'].add(ip)
else:

View file

@ -1,7 +1,6 @@
from bundlewrap.utils.scm import get_rev
from bundlewrap.utils.text import bold, red
from bundlewrap.utils.ui import io
from bundlewrap.utils.scm import get_rev
from bundlewrap.utils.text import red, bold
@node_attribute
def needs_apply(node):

View file

@ -40,7 +40,7 @@ imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
[metadata.element-web]
url = "chat.franzi.business"
version = "v1.11.89"
version = "v1.11.76"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
default_server_config.'m.homeserver'.server_name = "franzi.business"
@ -49,8 +49,8 @@ defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.forgejo]
version = "9.0.3"
sha1 = "a04a8d5bee7321610d91da780a24e18f7407403c"
version = "8.0.2"
sha1 = "c842480b99445b70c314e20be144789711fa7deb"
domain = "git.franzi.business"
enable_git_hooks = true
install_ssh_key = true
@ -90,7 +90,7 @@ user_id = "@dimension:franzi.business"
admin_contact = "mailto:hostmaster@kunbox.net"
baseurl = "matrix.franzi.business"
server_name = "franzi.business"
trusted_key_servers = ["matrix.org", "161.rocks"]
trusted_key_servers = ["matrix.org", "finallycoffee.eu"]
additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net"
wellknown_also_on_vhosts = ["franzi.business"]
[metadata.matrix-synapse.sliding_sync]
@ -114,8 +114,8 @@ provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4g
"'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp]
version = "v0.11.2"
sha1 = "0bd8ebef237473989c4e9658c72595e9f7c09d44"
version = "v0.10.9"
sha1 = "1619579ec6b9fca84fec085a94842d309d3f730c"
permissions."'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp.homeserver]
domain = "franzi.business"
@ -126,7 +126,7 @@ domain = "rss.franzi.business"
[metadata.netbox]
domain = "netbox.franzi.business"
version = "v4.1.9"
version = "v4.1.0"
admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud]
@ -136,10 +136,6 @@ domain = "warnochwas.de"
contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"
[metadata.nginx.vhosts.'afra.berlin'.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302
[metadata.nginx.vhosts.forgejo]
domain_aliases = ["git.kunsmann.eu"]
@ -152,10 +148,8 @@ owner = "skye"
[metadata.nginx.vhosts.kunsitracker]
domain = "kunsitracker.de"
locations.'/'.target = "https://travelynx.franzi.business/"
locations.'/'.proxy_pass_host = "travelynx.franzi.business"
locations.'= /'.target = "https://travelynx.franzi.business/p/Kunsi"
locations.'= /'.proxy_pass_host = "travelynx.franzi.business"
locations.'/'.redirect = "https://travelynx.franzi.business/p/Kunsi"
locations.'/'.mode = 302
[metadata.nginx.vhosts.mta-sts]
domain = "mta-sts.kunbox.net"
@ -213,7 +207,7 @@ blocked_recipients = [
[metadata.postfixadmin]
domain = "postfixadmin.franzi.business"
setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=="
version = "3.3.15"
version = "3.3.13"
[metadata.postgresql]
version = 15
@ -257,12 +251,12 @@ dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416"
[metadata.smartd]
disks = [
"/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NF0W508470",
"/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NX0W114380",
"/dev/nvme0",
"/dev/nvme1",
]
[metadata.travelynx]
version = "2.9.6"
version = "2.8.35"
mail_from = "travelynx@franzi.business"
domain = "travelynx.franzi.business"

23
nodes/daisy.toml Normal file
View file

@ -0,0 +1,23 @@
hostname = "2a11:f2c0:3:4::120"
bundles = [
"bird",
"wireguard",
]
groups = [
"debian-bookworm",
]
[metadata]
location = "glauca"
nameservers = [
"2606:4700::1111",
"2606:4700:4700::1001",
]
backups.exclude_from_backups = true
icinga_options.period = "daytime"
[metadata.interfaces.ens18]
ips = [
"2a11:f2c0:3:4::120/64",
]
gateway6 = "fe80::220:91ff:fe45:e19e"

View file

@ -1,9 +0,0 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.75"]
dhcp = true
mac = "00:01:29:59:a9:8c"
[metadata.icinga_options]
exclude_from_monitoring = true

View file

@ -22,11 +22,17 @@ ram = 2
[metadata.homeassistant]
domain = 'hass.home.kunbox.net'
api_secret = '!decrypt:encrypt$gAAAAABm9lNg_mNhyzb4S6WRtVRDmQFBnPpoCwyqMnilRrAFUXc-EDvv-nYXPbSIbjTf7ZReTPtqr8k3WrGPqiuqhJ60LVv4A5DMqT5c6hTVr4WbhP4DPEIPgfd5aq6U9_-H9WDyQYHKjnunLJEYtEREzmhTq3XsYeQ05DyE7hfnQ-zVoBb0CsAK7GdhihRTdvhXv2N9M04_rigyBP-roRcUgCqwyHuWJc0IPAyn3R4Mr43ZqgR2fn6dNV_YUVKn9c0nWxIwRnYy6Ff_Te9NoGVmXxkiNUX-90bBLKFiCzrRAtizxrTiQb2SRipaWbgOlV6wbMy2KNux'
api_secret = 'encrypt$gAAAAABjpyuqXLoilokQW5c0zV8shHcOzN1zkEbS-I6WAAX-xDO_OF33YbjbkpELU2HGBzqiWX40J0hsaEbYJOnCHFk8gJ-Xt0vdqqbQ5vca_TGPNQHZPAS4qZoPTcUhmX_I-0EdT6ukhxejXFYBiYRZikTLjH3lcNM5qnckCm-H9NbRdjLb9hbCDIjbEglHmBl_g08S1_ukvX3dDSCIHIxgXXGsdK_Go1KxPJd8G22FL_MMhCfsTW-6ioIqoHSeSA1NGk3MZHEIM2errckiopKBxoBaROsacO9Uqk1zrrgXOs2NsgiTRtrbV1TNlFVaIX9mZdsUnMGZ'
[metadata.nginx]
restrict-to = [
'172.19.136.0/25',
'172.19.138.0/24',
]
[metadata.pyenv]
version = 'v2.4.23'
python_versions = ["3.13.1"]
version = 'v2.3.36'
python_versions = ["3.12.2"]
[metadata.nginx.vhosts.homeassistant]
ssl = '_.home.kunbox.net'

View file

@ -1,9 +0,0 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.98"]
dhcp = true
mac = "54:e1:ad:a6:0d:1f"
[metadata.icinga_options]
exclude_from_monitoring = true

View file

@ -1,15 +1,9 @@
hostname = "172.19.138.22"
groups = ["debian-bookworm"]
bundles = ["docker-engine", "nginx", "redis"]
[metadata]
icinga_options.exclude_from_monitoring = true
[metadata.docker-engine.config]
# this is a dev machine, it's fine if docker does shenanigans with
# iptables
iptables = true
[metadata.interfaces.eno3]
ips = [
"172.19.138.22/24",
@ -17,7 +11,7 @@ ips = [
gateway4 = "172.19.138.1"
ipv6_accept_ra = true
[metadata.nftables.forward]
[metadata.nftable.forward]
50-local-forward = [
'ct state { related, established } accept',
'iifname eno3 accept',

View file

@ -3,7 +3,6 @@
nodes['home.nas'] = {
'hostname': '172.19.138.20',
'bundles': {
'avahi-daemon',
'backup-client',
'dm-crypt',
'jellyfin',
@ -13,6 +12,7 @@ nodes['home.nas'] = {
'nfs-server',
'rsyslogd',
'samba',
'scansnap',
'smartd',
'vmhost',
'zfs',
@ -68,22 +68,6 @@ nodes['home.nas'] = {
'/storage/nas/normen',
},
},
'dm-crypt': {
'encrypted-devices': {
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K': {
'dm-name': 'sam-S5SSNJ0X409404K',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409404K'),
},
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F': {
'dm-name': 'sam-S5SSNJ0X409845F',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409845F'),
},
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J': {
'dm-name': 'sam-S5SSNJ0X409870J',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409870J'),
},
},
},
'groups': {
'nas': {},
},
@ -113,6 +97,11 @@ nodes['home.nas'] = {
},
},
},
'jellyfin': {
'restrict-to': {
'home.lgtv-wohnzimmer',
},
},
'mixcloud-downloader': {
'netrc': {
'soundcloud': {
@ -161,6 +150,9 @@ nodes['home.nas'] = {
'/srv/paperless': {
'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
},
'/srv/scansnap': {
'172.19.138.0/24': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
},
},
},
'nginx': {
@ -178,42 +170,22 @@ nodes['home.nas'] = {
},
'samba': {
'shares': {
'TV': {
'path': '/storage/nas/TV',
'force_group': 'nas',
},
'music': {
'path': '/storage/nas/Musik',
'force_group': 'nas',
},
'music_videos': {
'path': '/storage/nas/Musikvideos',
'force_group': 'nas',
},
},
'restrict-to': {
'172.19.138.0/24',
},
'timemachine-shares': {
#'apfelcomputer', # hostname TBD
},
},
'smartd': {
'disks': {
'/dev/nvme0',
# old nas disks
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJGN6R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V9JS5UYL',
# encrypted disks
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K',
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F',
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J',
# ZFS cache disks
#'/dev/disk/by-id/ata-TS64GSSD370_B807810503',
#'/dev/disk/by-id/ata-TS64GSSD370_B807810527',
},
},
'systemd-networkd': {
@ -268,7 +240,7 @@ nodes['home.nas'] = {
'zfs_arc_max_gb': 8,
},
'pools': {
'tank': {
'storage': {
'when_creating': {
'config': [
{
@ -282,75 +254,77 @@ nodes['home.nas'] = {
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
},
},
# {
# 'type': 'log',
# 'devices': {
# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part1',
# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part1',
# },
# },
# {
# 'type': 'cache',
# 'devices': {
# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part2',
# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part2',
# },
# },
],
'ashift': 12,
},
},
'encrypted': {
'when_creating': {
'config': [
{
'type': 'raidz',
'devices': {
'/dev/mapper/sam-S5SSNJ0X409404K',
'/dev/mapper/sam-S5SSNJ0X409845F',
'/dev/mapper/sam-S5SSNJ0X409870J',
},
},
],
'ashift': 12,
},
'needs': {
'action:dm-crypt_open_sam-S5SSNJ0X409404K',
'action:dm-crypt_open_sam-S5SSNJ0X409845F',
'action:dm-crypt_open_sam-S5SSNJ0X409870J',
},
# see comment in bundle:backup-server
'unless': 'zpool import encrypted',
},
},
'datasets': {
'encrypted': {
'storage': {
'primarycache': 'metadata',
},
'encrypted/nas': {
'storage/opt-yate': {
'mountpoint': '/opt/yate',
},
'storage/download': {
'mountpoint': '/storage/download',
},
'storage/inbox': {
'quota': str(1024*1024*1024*1024), # 1TB
'mountpoint': '/storage/inbox',
},
'storage/nas': {
'acltype': 'off',
'atime': 'off',
'compression': 'off',
'mountpoint': '/storage/nas',
},
'tank': {
'primarycache': 'metadata',
},
'tank/opt-yate': {
'mountpoint': '/opt/yate',
},
'tank/download': {
'mountpoint': '/storage/download',
},
'tank/paperless': {
'storage/paperless': {
'mountpoint': '/srv/paperless',
},
'storage/scan': {
'mountpoint': '/srv/scansnap',
},
},
'snapshots': {
'retain_per_dataset': {
'encrypted/nas': {
# juuuuuuuust to be sure.
'daily': 14,
'weekly': 6,
'monthly': 12,
},
'tank/download': {
'storage/download': {
'hourly': 48,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
'tank/paperless': {
'storage/nas': {
# juuuuuuuust to be sure.
'daily': 14,
'weekly': 6,
'monthly': 12,
},
'storage/paperless': {
'daily': 14,
'weekly': 6,
'monthly': 24,
},
'storage/scan': {
'hourly': 6,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
},
},
},

View file

@ -6,7 +6,6 @@ nodes['home.paperless'] = {
'redis',
'postgresql',
'paperless-ng',
'proftpd',
},
'groups': {
'debian-bookworm',
@ -48,17 +47,12 @@ nodes['home.paperless'] = {
},
'paperless': {
'domain': 'paperless.home.kunbox.net',
'version': 'v2.13.5',
'version': 'v2.11.6',
'timezone': 'Europe/Berlin',
},
'postgresql': {
'version': 15,
},
'proftpd': {
'restrict-to': {
'home.fujitsu-n7100',
},
},
'vm': {
'cpu': 2,
'ram': 2,

100
nodes/htz-cloud.afra.toml Normal file
View file

@ -0,0 +1,100 @@
hostname = "91.107.203.234"
bundles = [
"element-web",
"matrix-media-repo",
"matrix-registration",
"matrix-synapse",
"nodejs",
"postgresql",
"zfs",
]
groups = [
"debian-bookworm",
"webserver",
]
[metadata.icinga_options]
pretty_name = "afra.berlin"
[metadata.interfaces.eth0]
ips = [
"91.107.203.234/32",
"2a01:4f8:c010:b0e1::1/64",
]
gateway4 = '172.31.1.1'
gateway6 = 'fe80::1'
[metadata.interfaces.ens10]
ips = [
"172.19.137.7/32",
]
routes.'172.19.128.0/20'.via = "172.19.137.1"
[metadata.element-web]
url = "element.afra.berlin"
version = "v1.11.76"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.afra.berlin"
default_server_config.'m.homeserver'.server_name = "afra.berlin"
brand = "afra.berlin"
defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.matrix-media-repo]
admins = ['@administress:afra.berlin']
datastore_id = "e33b50474021fba9977f912414cdd7fe8890ed57"
sha1 = "3e2bb7089b0898b86000243a82cc58ae998dc9d9"
upload_max_mb = 50
version = "v1.3.7"
[metadata.matrix-media-repo.homeservers.'afra.berlin']
domain = "http://[::1]:20080/"
api = "synapse"
signing_key_path = "/etc/matrix-synapse/mmr.signing.key"
[metadata.matrix-registration]
base_path = "/matrix"
client_redirect = "https://element.afra.berlin"
[metadata.matrix-synapse]
server_name = "afra.berlin"
baseurl = "matrix.afra.berlin"
admin_contact = 'mailto:hostmaster@kunbox.net'
trusted_key_servers = [
"matrix.org",
"franzi.business",
]
wellknown_also_on_vhosts = ["redirect"]
[metadata.nginx.vhosts.redirect]
domain = "afra.berlin"
[metadata.nginx.vhosts.redirect.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/host-meta']
#redirect = "https://fedi.afra.berlin/.well-known/host-meta"
#mode = 301
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/nodeinfo']
#redirect = "https://fedi.afra.berlin/.well-known/nodeinfo"
#mode = 301
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/webfinger']
#redirect = "https://fedi.afra.berlin/.well-known/webfinger"
#mode = 301
[metadata.nginx.vhosts.redirect.locations.'/matrix/']
target = "http://127.0.0.1:20100/"
[metadata.postgresql]
version = "15"
work_mem = 1024
cache_size = 2048
[[metadata.zfs.pools.tank.when_creating.config]]
devices = ["/dev/disk/by-id/scsi-0HC_Volume_32207877"]
[metadata.vm]
cpu = 2
ram = 8

View file

@ -71,7 +71,7 @@ nodes['htz-cloud.pirmasens'] = {
},
'postfixadmin': {
'domain': 'mail.kunsmann.info',
'version': '3.3.15',
'version': '3.3.13',
'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='),
},
'postgresql': {

View file

@ -37,7 +37,6 @@ nodes['htz-cloud.wireguard'] = {
'172.19.137.0/24',
'172.19.136.62/31',
'172.19.136.64/31',
'192.168.100.0/24',
},
},
'nftables': {
@ -81,17 +80,6 @@ nodes['htz-cloud.wireguard'] = {
'10.73.0.0/16',
},
},
'fra-jana': {
'endpoint': 'gw.as212226.net:40000',
'my_ip': '192.168.48.11/24',
'my_port': 51802,
'their_ip': '192.168.48.1',
'pubkey': vault.decrypt('encrypt$gAAAAABnCA7M0Jg0cQwIaYCYEYN74MOSQK30rbhxD6tDIi2VEBqPh-UHrt7MdRzI4AUZ-p0MzjIdsps_DdGBkUTwA_UKD15Q_tg_LJNwDb04zvgSqc3hnJ4jeS2ZZEED0T1dVJ7E0YNS'),
'masquerade': True,
'routes': {
'192.168.100.0/24',
},
},
'kunsi-oneplus7': {
'endpoint': None,
'exclude_from_monitoring': True,

View file

@ -33,8 +33,5 @@ nodes['htz-hel.backup-kunsi'] = {
'/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1': bwpass.password('bw/backup-kunsi/encryption-passphrase'),
},
},
'zfs': {
'scrub_when': 'Wed 08:00 Europe/Berlin',
},
},
}

View file

@ -1,6 +1,5 @@
hostname = "2a01:4f9:6b:2d99::c0ff:ee"
#dummy = true
bundles = ["sshmon", "smartd"]
dummy = true
# How to install:
# - Get server at Hetzner (no IPv4)
@ -18,11 +17,3 @@ bundles = ["sshmon", "smartd"]
# - IPv6 only
# - IP from the /64 hetzner gives us
# - Gateway is the host itself, to work around the MAC filter hetzner uses
[metadata.smartd]
disks = [
"/dev/sda",
"/dev/sdb",
"/dev/sdc",
"/dev/sdd",
]

View file

@ -97,15 +97,16 @@ nodes['kunsi-p14s'] = {
'xf86-video-amdgpu': {},
# all that other random stuff one needs
#'abcde': {},
'abcde': {},
'apachedirectorystudio': {},
'claws-mail': {},
'claws-mail-themes': {},
'ferdium-bin': {},
'gumbo-parser': {}, # for claws litehtml
'inkstitch': {}, # for RZL embroidery machine
'obs-studio': {},
#'perl-musicbrainz-discid': {}, # for abcde
#'perl-webservice-musicbrainz': {}, # for abcde
'perl-musicbrainz-discid': {}, # for abcde
'perl-webservice-musicbrainz': {}, # for abcde
'sdl_ttf': {}, # for compiling testcard
'x32edit': {},
},
@ -115,10 +116,10 @@ nodes['kunsi-p14s'] = {
'entries': {
'arch': {
'title': 'Arch Linux',
'linux': '/vmlinuz-linux-lts',
'linux': '/vmlinuz-linux',
'initrd': [
'/amd-ucode.img',
'/initramfs-linux-lts.img',
'/initramfs-linux.img',
],
'options': {
'net.ifnames=0',
@ -128,9 +129,9 @@ nodes['kunsi-p14s'] = {
},
'arch-fallback': {
'title': 'Arch Linux (no ucode, fallback initramfs)',
'linux': '/vmlinuz-linux-lts',
'linux': '/vmlinuz-linux',
'initrd': [
'/initramfs-linux-lts-fallback.img',
'/initramfs-linux-fallback.img',
],
'options': {
'net.ifnames=0',

View file

@ -1,7 +0,0 @@
dummy = true
[metadata.icinga_options]
period = "daytime"
[metadata.interfaces.default]
ips = ["192.168.100.27/24"]

View file

@ -1,61 +0,0 @@
hostname = "91.198.192.207"
groups = [
"debian-bookworm",
"webserver",
]
bundles = [
"docker-engine",
"docker-immich",
"ipmitool",
"redis",
"smartd",
"zfs",
]
[metadata.icinga_options]
period = "daytime"
[metadata.interfaces.eno4]
ips = [
"91.198.192.207/27",
"2001:67c:b54:1::e/64",
]
gateway4 = "91.198.192.193"
gateway6 = "2001:67c:b54:1::1"
[metadata.nginx.vhosts.immich]
domain = "rr-immich.franzi.business"
[metadata.smartd]
disks = [
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0287704",
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0387139",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21133V800321",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21283J446103",
"/dev/disk/by-id/nvme-TOSHIBA-RC100_58UPC29HPW5S",
]
[metadata.zfs.pools.tank.when_creating]
ashift = 12
[[metadata.zfs.pools.tank.when_creating.config]]
type = "mirror"
devices = [
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0287704",
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0387139",
]
[[metadata.zfs.pools.tank.when_creating.config]]
type = "log"
devices = [
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21133V800321-part1",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21283J446103-part1",
]
[[metadata.zfs.pools.tank.when_creating.config]]
type = "cache"
devices = [
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21133V800321-part2",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21283J446103-part2",
]

View file

@ -37,7 +37,6 @@ nodes['htz-hel.backup-sophie'] = {
},
'backup-server': {
'zfs-base': 'tank/backups',
'my_hostname': 'backup.sophies-kitchen.eu',
},
'nftables': {
'input': {

View file

@ -1,260 +1,256 @@
# sophie's miniserver
nodes["htz-cloud.miniserver"] = {
"bundles": {
"element-web",
"hedgedoc",
"matrix-media-repo",
"matrix-synapse",
nodes['htz-cloud.miniserver'] = {
'bundles': {
'element-web',
'hedgedoc',
'matrix-media-repo',
'matrix-synapse',
"matrix-stickerpicker",
"nodejs",
"ntfy",
"mautrix-telegram",
"postgresql",
"zfs",
'nodejs',
'ntfy',
'mautrix-telegram',
'postgresql',
'zfs',
},
"groups": {
"debian-bookworm",
"sophie",
"webserver",
'groups': {
'debian-bookworm',
'sophie',
'webserver',
},
"metadata": {
"interfaces": {
"eth0": {
"ips": {
"157.90.20.62",
"2a01:4f8:c2c:840f::1/64",
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'157.90.20.62',
'2a01:4f8:c2c:840f::1/64',
},
"gateway4": "172.31.1.1",
"gateway6": "fe80::1",
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
},
"apt": {
"packages": {
"mosh": {},
"weechat": {},
"weechat-core": {},
"weechat-curses": {},
"weechat-perl": {},
"weechat-plugins": {},
"weechat-python": {},
"weechat-ruby": {},
'apt': {
'packages': {
'mosh': {},
'weechat': {},
'weechat-core': {},
'weechat-curses': {},
'weechat-perl': {},
'weechat-plugins': {},
'weechat-python': {},
'weechat-ruby': {},
},
"repos": {
"weechat": {
"items": {
"deb https://weechat.org/debian {os_release} main",
'repos': {
'weechat': {
'items': {
'deb https://weechat.org/debian {os_release} main',
},
},
},
},
"backup-client": {
"pre-hooks": {
"sophie-weechat": "echo 'core.weechat */layout store' >> /home/sophie/.weechat/weechat_fifo\n"
"echo 'core.weechat */save' >> /home/sophie/.weechat/weechat_fifo\n",
'backup-client': {
'pre-hooks': {
'sophie-weechat': \
'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \
'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
},
'target': "htz-hel.backup-sophie",
},
'backups': {
'paths': {
'/home/sophie/.weechat',
},
},
"backups": {
"paths": {
"/home/sophie/.weechat",
},
},
"element-web": {
"url": "chat.sophies-kitchen.eu",
"version": "v1.11.86",
"config": {
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.sophies-kitchen.eu",
"server_name": "sophies-kitchen.eu",
'element-web': {
'url': 'chat.sophies-kitchen.eu',
'version': 'v1.11.76',
'config': {
'default_server_config': {
'm.homeserver': {
'base_url': 'https://matrix.sophies-kitchen.eu',
'server_name': 'sophies-kitchen.eu',
},
},
"brand": "sophies-kitchen.eu",
"showLabsSettings": True,
"default_theme": "dark",
"defaultCountryCode": "DE",
"jitsi": {
"preferredDomain": "meet.ffmuc.net",
'brand': 'sophies-kitchen.eu',
'showLabsSettings': True,
'default_theme': 'dark',
'defaultCountryCode': 'DE',
'jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
"map_style_url": "https://api.maptiler.com/maps/openstreetmap/style.json?key=fU3vlMsMn4Jb6dnEIFsx",
'map_style_url': "https://api.maptiler.com/maps/openstreetmap/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
},
},
"hedgedoc": {
"version": "1.10.0",
"config": {
"production": {
"allowAnonymousEdits": True,
"domain": "pad.sophies-kitchen.eu",
'hedgedoc': {
'version': '1.9.9',
'config': {
'production': {
'allowAnonymousEdits': True,
'domain': 'pad.sophies-kitchen.eu',
},
},
},
"letsencrypt": {
"concat_and_deploy": {
"sophie-weechat": {
"match_domain": "i.sophies-kitchen.eu",
"target": "/home/sophie/.weechat/ssl/relay.pem",
"chown": "sophie:sophie",
"chmod": "0440",
"commands": [
"echo 'core.weechat */relay sslcertkey' >> /home/sophie/.weechat/weechat_fifo"
'letsencrypt': {
'concat_and_deploy': {
'sophie-weechat': {
'match_domain': 'i.sophies-kitchen.eu',
'target': '/home/sophie/.weechat/ssl/relay.pem',
'chown': 'sophie:sophie',
'chmod': '0440',
'commands': [
'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo'
],
},
},
"domains": {
"i.sophies-kitchen.eu": set(),
"webdump.sophies-kitchen.eu": set(),
"matrix.sophies-kitchen.eu": {
"sophies-kitchen.eu",
'domains': {
'i.sophies-kitchen.eu': set(),
'webdump.sophies-kitchen.eu': set(),
'matrix.sophies-kitchen.eu': {
'sophies-kitchen.eu',
},
},
},
"matrix-media-repo": {
"version": "v1.3.7",
"datastore_id": "99c09e24edc4e9be6c4c9486bc147e385bc87044",
"sha1": "3e2bb7089b0898b86000243a82cc58ae998dc9d9",
"homeservers": {
"sophies-kitchen.eu": {
"domain": "http://[::1]:20080/",
"api": "synapse",
"signing_key_path": "/etc/matrix-synapse/mmr.signing.key",
'matrix-media-repo': {
'version': 'v1.3.7',
'datastore_id': '99c09e24edc4e9be6c4c9486bc147e385bc87044',
'sha1': '3e2bb7089b0898b86000243a82cc58ae998dc9d9',
'homeservers': {
'sophies-kitchen.eu': {
'domain': 'http://[::1]:20080/',
'api': 'synapse',
'signing_key_path': "/etc/matrix-synapse/mmr.signing.key"
},
},
"admins": {
"@sophie:sophies-kitchen.eu",
'admins': {
'@sophie:sophies-kitchen.eu',
},
"upload_max_mb": 500,
'upload_max_mb': 500,
},
"matrix-stickerpicker": {
# use this bot token for telegram import: encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t
"domain": "matrix-stickers.sophies-kitchen.eu",
"config": {
"access_token": vault.decrypt(
"encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1"
),
"homeserver": "https://matrix.sophies-kitchen.eu",
"user_id": "@dimension:sophies-kitchen.eu",
'matrix-stickerpicker': {
# use this bot token for telegram import: encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t
'domain': "matrix-stickers.sophies-kitchen.eu",
'config': {
'access_token': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
'homeserver': "https://matrix.sophies-kitchen.eu",
'user_id': "@dimension:sophies-kitchen.eu",
},
},
"matrix-synapse": {
"server_name": "sophies-kitchen.eu",
"baseurl": "matrix.sophies-kitchen.eu",
"admin_contact": "mailto:foobar@sophies-kitchen.eu",
"trusted_key_servers": {
"matrix.org",
'matrix-synapse': {
'server_name': 'sophies-kitchen.eu',
'baseurl': 'matrix.sophies-kitchen.eu',
'admin_contact': 'mailto:foobar@sophies-kitchen.eu',
'trusted_key_servers': {
'matrix.org',
},
},
"mautrix-telegram": {
"version": "v0.15.2",
"homeserver": {
"domain": "sophies-kitchen.eu",
"url": "https://matrix.sophies-kitchen.eu",
'mautrix-telegram': {
'version': 'v0.15.2',
'homeserver': {
'domain': 'sophies-kitchen.eu',
'url': 'https://matrix.sophies-kitchen.eu',
},
"provisioning": {
"enabled": False,
"shared_secret": '""',
'provisioning': {
'enabled': False,
'shared_secret': '""',
},
"permissions": {
"sophies-kitchen.eu": "full",
"'@sophie:sophies-kitchen.eu'": "admin",
'permissions': {
'sophies-kitchen.eu': 'full',
"'@sophie:sophies-kitchen.eu'": 'admin',
},
"telegram": {
"api_id": vault.decrypt(
"encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=="
),
"api_token": vault.decrypt(
"encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6"
),
"bot_token": '""',
'telegram': {
'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='),
'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'),
'bot_token': '""',
},
},
"nameservers": {
"213.133.98.98",
"213.133.99.99",
"213.133.100.100",
"2a01:4f8:0:1::add:1010",
"2a01:4f8:0:1::add:9999",
"2a01:4f8:0:1::add:9898",
'nameservers': {
'213.133.98.98',
'213.133.99.99',
'213.133.100.100',
'2a01:4f8:0:1::add:1010',
'2a01:4f8:0:1::add:9999',
'2a01:4f8:0:1::add:9898',
},
"nftables": {
"input": {
"50-sophie-weechat": [
"udp dport { 60000-61000 } accept",
"tcp dport 9001 accept",
'nftables': {
'input': {
'50-sophie-weechat': [
'udp dport { 60000-61000 } accept',
'tcp dport 9001 accept',
],
},
},
"nginx": {
"vhosts": {
"sophies-kitchen.eu": {
"webroot": "/var/www/sophies-kitchen.eu/_site/",
"extras": True,
'nginx': {
'vhosts': {
'sophies-kitchen.eu': {
'webroot': '/var/www/sophies-kitchen.eu/_site/',
'extras': True,
},
"matrix-synapse": {
"domain": "matrix.sophies-kitchen.eu",
'matrix-synapse': {
'domain': 'matrix.sophies-kitchen.eu',
},
"webdump.sophies-kitchen.eu": {
"webroot_config": {
"owner": "sophie",
"group": "sophie",
"mode": "0755",
'webdump.sophies-kitchen.eu': {
'webroot_config': {
'owner': 'sophie',
'group': 'sophie',
'mode': '0755',
},
"extras": True,
'extras': True,
},
"recipes.sophies-kitchen.eu": {
"webroot_config": {
"owner": "sophie",
"group": "sophie",
"mode": "0755",
'recipes.sophies-kitchen.eu': {
'webroot_config': {
'owner': 'sophie',
'group': 'sophie',
'mode': '0755',
},
},
},
},
"nodejs": {
"version": 20,
'nodejs': {
'version': 20,
},
"ntfy": {
"domain": "ntfy.sophies-kitchen.eu",
"allow_unauthorized_write": True,
'ntfy': {
'domain': 'ntfy.sophies-kitchen.eu',
'allow_unauthorized_write': True,
},
"postgresql": {
"version": "11",
'postgresql': {
'version': '11',
},
"sysctl": {
"options": {
'sysctl': {
'options': {
# XXX find out if this is really needed
"net.ipv4.conf.all.forwarding": "1",
"net.ipv6.conf.all.forwarding": "1",
'net.ipv4.conf.all.forwarding': '1',
'net.ipv6.conf.all.forwarding': '1',
},
},
"vm": {
"cpu": 2,
"ram": 4,
'vm': {
'cpu': 2,
'ram': 4,
},
"users": {
"sophie": {
"enable_linger": True,
"ssh_pubkey": [
'users': {
'sophie': {
'enable_linger': True,
'ssh_pubkey': [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
],
},
},
"zfs": {
'zfs': {
"datasets": {
"tank/webdump": {
"mountpoint": "/var/www/webdump.sophies-kitchen.eu",
"needed_by": ["directory:/var/www/webdump.sophies-kitchen.eu"],
"needed_by": [
"directory:/var/www/webdump.sophies-kitchen.eu"
]
}
},
"pools": {
"tank": {
"when_creating": {
"config": [
{
"devices": {
"/dev/disk/by-id/scsi-0HC_Volume_23952298",
},
}
]
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/disk/by-id/scsi-0HC_Volume_23952298',
},
}]
},
},
},

View file

@ -1,32 +0,0 @@
nodes["sophie.unbound"] = {
"hostname": "172.19.164.4",
"bundles": {
"unbound",
},
"groups": {
"debian-bookworm",
},
"metadata": {
"interfaces": {
"enp1s0": {
"ips": {
"172.19.164.4/24",
"fe80::4/64",
},
"gateway4": "172.19.164.1",
"ipv6_accept_ra": True,
},
},
"vm": {
"cpu": 2,
"ram": 2,
},
"unbound": {
"dns64": False,
"restrict-to": {
"172.19.164.0/24",
"fe80::/64",
},
},
},
}

View file

@ -1,12 +1,12 @@
nodes['voc.infobeamer-cms'] = {
'hostname': 'infobeamer.c3voc.de',
'hostname': 'infobeamer-cms.c3voc.de',
'bundles': {
'infobeamer-cms',
'infobeamer-monitor',
'redis',
},
'groups': {
'debian-bookworm',
'debian-bullseye',
'webserver',
},
'metadata': {
@ -25,27 +25,27 @@ nodes['voc.infobeamer-cms'] = {
},
'infobeamer-cms': {
'domain': 'infobeamer.c3voc.de',
'event_start_date': '2024-12-26',
'event_start_date': '2024-05-29',
'event_duration_days': 5,
'config': {
'ADMIN_USERS': [
'evilscientress',
'hexchen',
'jbeyerstedt',
'jwacalex',
'kunsi',
'sophieschi',
'v0tti',
],
'NO_LIMIT_USERS': [
'stblassitude',
],
'GITHUB_CLIENT_ID': vault.decrypt('encrypt$gAAAAABiNwHfIu9PYFfJrF7qirn_9vdvvUlEhJnadoNSS5XlCDbI_aMyj21_ZYQxaCkc6_eVX6Cj1jEHZ7Vs6wM-XyQdW0nUOahtqG4uvnYCiM3GFKHW_wQ='),
'GITHUB_CLIENT_SECRET': vault.decrypt('encrypt$gAAAAABiNwHtdZC2XQ8IjosL7vsmrxZMwDIM6AD5dUlLo996tJs4qV7KJETHgYYZil2aMzClwhcE6JmxdhARRp7IJQ4rQQibelTNmyYSzj_V4puVpvma7SU0UZkTIG95SdPpoHY--Zba'),
'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'),
'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key 38c3', words=1),
'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key'),
'MQTT_MESSAGE': '{{"level":"info","component":"infobeamer-cms","msg":"{asset} uploaded by {user}. Check it at {url}"}}',
'MQTT_PASSWORD': vault.decrypt('encrypt$gAAAAABhxakfhhwWn0vxhoO1FiMEpdCkomWvo0dHIuBrqDKav8WDpI6dXpb0hoXiWRsPV6p5m-8RlbfFbjPhz47AY-nFOOAAW6Yis3-IVD-U-InKJo9dvms='),
'MQTT_SERVER': 'mqtt.c3voc.de',
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
'SETUP_IDS': [
255228,
250294,
],
# 'EXTRA_ASSETS': [{
# 'type': "image",
@ -56,32 +56,13 @@ nodes['voc.infobeamer-cms'] = {
# 'x2': 110,
# 'y2': 1070,
# }],
'NOTIFIER': {
'MQTT_PASSWORD': vault.decrypt('encrypt$gAAAAABhxakfhhwWn0vxhoO1FiMEpdCkomWvo0dHIuBrqDKav8WDpI6dXpb0hoXiWRsPV6p5m-8RlbfFbjPhz47AY-nFOOAAW6Yis3-IVD-U-InKJo9dvms='),
'MQTT_HOST': 'mqtt.c3voc.de',
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
'NTFY': [
vault.decrypt('encrypt$gAAAAABm_RXKqIgRfe24frA_uvUMwJECr0TmL6TWPOmrPlS0CJuuBlpN6vGHrMkm5pjD5c5h1brC-aqQavsTk_AHXwq8bHG1QiZtQwqPxGuD_fEVP4-xOZ3t-RjqG3kPLz6ebqPoqyPl'),
],
},
'FAQ': {
'SOURCE': 'https://github.com/voc/infobeamer-cms',
'CONTACT': '''
Please use the <a href="https://chat.hackint.org/?join=infobeamer">IRC
Channel #infobeamer on irc.hackint.org</a> (also
<a href="https://www.hackint.org/transport/matrix">bridged to matrix</a>)
or #info-beamer on the cccv rocketchat instance.
'''.strip(),
},
},
'rooms': {
'Saal 1': 34430, # s1
'Saal GLITCH': 37731, # s2
'Saal ZIGZAG': 26610, # s3
'Sendezentrum': 38641, # s4
'Stage YELL': 38642, # s5
'Stage HUFF': 35042, # s6
'Saal 1': 34430,
'Saal G': 26598,
'Saal Z': 26610,
'Saal E (SoS/Lightning-Talks)': 32814,
'Saal F (Sendezentrum/DLF)': 9717,
},
'interrupts': {
'Questions': 'questions',

Some files were not shown because too many files have changed in this diff Show more