Compare commits

..

88 commits

Author SHA1 Message Date
a9b16c18ad
bundles/postfix: remove smtp_use_tls option
Log says:

postconf: warning: /etc/postfix/main.cf: support for parameter "smtp_use_tls" will be removed; instead, specify "smtp_tls_security_level"
2024-11-22 20:50:52 +01:00
8f705fc8e3
update mautrix-whatsapp to 0.11.1 2024-11-17 11:48:08 +01:00
b3070a8b8b
bundles/infobeamer-monitor: announce online devices at 09:00 CE(S)T 2024-11-16 14:14:05 +01:00
6a203085b9
bundles/pretalx: we do not need to regenerate_css anymore 2024-11-16 13:35:24 +01:00
669b28f6ed
voc.pretalx: update to 2023.3.1 2024-11-16 13:02:39 +01:00
9884b703cd
update forgejo to 9.0.2 2024-11-16 12:11:01 +01:00
fa63ad72d5
update paperless-ngx to 2.13.5 2024-11-15 10:24:42 +01:00
3a56995ab1
update netbox to 4.1.6 2024-11-15 10:24:28 +01:00
50b71bc8b8
update element-web to 1.11.85 2024-11-15 10:24:13 +01:00
fcd097599d
home.nas: samba share for music videos 2024-11-15 10:17:37 +01:00
563ba266ff
fix icinga2 bundle (gpg key / packages) 2024-11-10 18:56:35 +01:00
209dedccf9
isort the whole repo 2024-11-08 06:39:59 +01:00
e51c24f837
bundles/powerdns: use *repo* commit time instead of *file* commit time for serial 2024-11-08 06:39:05 +01:00
72638e0856
bundles/infobeamer-monitor: add account data monitoring 2024-11-03 17:51:12 +01:00
2c83a5c4fc
voc.infobeamer-cms: prepare for 38c3 2024-10-31 16:58:26 +01:00
ec49c8d3ff
voc.infobeamer-cms: hackint changed their webirc service 2024-10-31 16:36:07 +01:00
46ec4cc2e7
bundles/postgresql: please also always do dumps 2024-10-28 16:55:10 +01:00
e29a838fad
bundles/forgejo: fix website_check_string 2024-10-28 16:54:53 +01:00
f6cb540007
update paperless-ngx to 2.13.0 2024-10-28 16:17:16 +01:00
6eb2c6651b
update netbox to 4.1.4 2024-10-28 16:16:48 +01:00
c006748165
update mautrix-whatsapp to 0.11.0 2024-10-28 16:16:36 +01:00
1be5ab268b
update forgejo to 9.0.1 2024-10-28 16:16:24 +01:00
12c735f4aa
update element-web to 1.11.82 2024-10-28 16:16:10 +01:00
9b0e627274
bundles/homeassistant: ensure virtualenv is in PATH 2024-10-27 17:45:22 +01:00
4f0ced4d9a
bundles/homeassistant: fix version check 2024-10-27 17:37:14 +01:00
af78e959ae Merge pull request 'new-wildcard-sophies-kitchen' (#72) from new-wildcard-sophies-kitchen into main
Reviewed-on: #72
2024-10-27 10:40:32 +00:00
58964cc10f
bundles/rspamd: send dmarc report emails from devnull address 2024-10-27 11:21:12 +01:00
ec8af84fb1
bundles/postfix: add devnull@myhostname mail address 2024-10-27 11:19:42 +01:00
9bfb531214
kunsi-p14s: clean up packages 2024-10-27 11:19:26 +01:00
84867ff1e6
bundles/postfix: provide myhostname from reactor 2024-10-27 11:19:05 +01:00
6647e71484
rottenraptor-server: add docker-immich 2024-10-26 16:28:09 +02:00
2e8cbd6061
add bundle:docker-immich 2024-10-26 16:27:54 +02:00
453d2a7889
home.r630: add docker, fix firewall 2024-10-26 16:27:16 +02:00
4238eeb6d8
add bundle:docker-engine 2024-10-26 16:25:54 +02:00
729b975b77
bundles/redis: ensure protected mode is off 2024-10-26 16:25:06 +02:00
c4e3d0abc2
bundles/nginx: we need a type definition for .mjs 2024-10-26 16:24:47 +02:00
078d52c075
carlene: rework kunsitracker 2024-10-26 08:20:01 +02:00
a83b380490
bundles/nginx: more config options 2024-10-26 08:19:43 +02:00
ed9607433d
rottenraptor-server: add smartd and zfs 2024-10-24 19:25:23 +02:00
d1b369fb26
bundles/smartd: do not try to guess disk names 2024-10-24 19:25:00 +02:00
07a44598d2
rottenraptor-server is in its colo now 2024-10-24 18:18:35 +02:00
e35fbdd183
add rottenraptor-server 2024-10-10 19:40:01 +02:00
c5fb1b8a28
htz-cloud.wireguard: add wg connection to fra-jana 2024-10-10 19:39:38 +02:00
814b67a9d0
voc.infobeamer-cms add v0tti to admins 2024-10-05 16:58:50 +02:00
3ff7db7d6d
bundles/sshmon: more letsencrypt issuer hashes 2024-10-03 22:43:25 +02:00
b57f205696
voc.infobeamer-cms: prepare for mrmcd24 2024-10-02 17:45:58 +02:00
ef8d3368c1
voc.infobeamer-cms: add FAQ entries 2024-10-01 11:03:50 +02:00
a5ea87b4e9
voc.infobeamer-cms: fix mqtt config 2024-10-01 10:53:04 +02:00
df69b876a9
voc.infobeamer-cms: prepare for mrmcd 2024-09-30 22:40:07 +02:00
4fbbf83952
update infobeamer-cms to debian bookworm 2024-09-30 22:24:53 +02:00
a1d1351411
update infobeamer-cms to current version 2024-09-30 22:24:34 +02:00
e2b430fd0e
update travelynx to 2.8.40 2024-09-30 10:21:05 +02:00
663f7eec9f
remove finallycoffee.eu from trusted key servers 2024-09-30 10:20:57 +02:00
95860e978b
remove htz-cloud.afra 2024-09-29 16:17:48 +02:00
52e891d3a7
move afra.berlin redirect to carlene 2024-09-29 16:17:10 +02:00
8ba63e112c
bundles/sshmon: fix SyntaxWarning 2024-09-27 10:22:58 +02:00
67f901c1c9
bundles/powerdnsadmin: fix dependencies 2024-09-27 10:19:01 +02:00
8c28d612cb
groups/sophie: fix group conflict 2024-09-27 10:16:07 +02:00
54f669313a
home.nas: nas dataset goes ssd 2024-09-27 10:15:50 +02:00
7b6d811128
bundles/sshmon: better cpu check 2024-09-27 10:02:27 +02:00
2564f416c2
update paperless to 2.12.1 2024-09-27 08:51:20 +02:00
8a28886012
update netbox to 4.1.2 2024-09-27 08:51:08 +02:00
c699f0d510
update element-web to 1.11.78 2024-09-27 08:50:52 +02:00
4a28bc55c0
bundles/homeassistant: rework check_homeassistant_update 2024-09-27 08:42:58 +02:00
abdc7f751e
update pretalx-halfnarp to 1.1.2 2024-09-25 21:45:52 +02:00
423049667f
bundles/nftables: improve handling for icmp 2024-09-23 18:09:49 +02:00
c6421c7bd4
update travelynx to 2.8.39 2024-09-20 15:34:14 +02:00
95c5b28469
basic monitoring for proxmox-backupstorage 2024-09-20 15:34:12 +02:00
7dc0afe299 Merge pull request 'miniserver: element-web update' (#71) from updates into main
Reviewed-on: #71
2024-09-19 20:59:48 +00:00
Sophie Schiller
0d28883da3 fix name of backup server 2024-09-19 22:55:15 +02:00
Sophie Schiller
8980c05c74 new wildcard for sophie's home infra 2024-09-19 22:52:01 +02:00
9415b281ce
update travelynx to 2.8.38 2024-09-15 13:33:23 +02:00
64fb1906d1
htz-hel.backup-kunsi: move scrub to wednesday 2024-09-15 10:27:08 +02:00
ce76b03fe7
bundles/zfs: configurable scrub time 2024-09-15 10:26:51 +02:00
a712c098c6
update netbox to 4.1.1 2024-09-14 18:32:39 +02:00
ec834f2a92
update element-web to 1.11.77 2024-09-14 18:32:27 +02:00
aa30b78fcf
remove daisy 2024-09-14 18:29:55 +02:00
be3a7a44d6
home.nas: new ssd-based pool 2024-09-12 19:58:15 +02:00
2e72f107e9
update paperles to 2.12.0 2024-09-10 06:15:48 +02:00
07f6fb99f2
bundles/backup-server: more time for monitoring please 2024-09-10 06:14:55 +02:00
3f9f84f230
home.paperless: add proftpd for paperless ingest 2024-09-08 19:42:27 +02:00
40fcaf56ee
add home.fujitsu-n7100 2024-09-08 19:42:15 +02:00
06a94d7cba
home.nas: clean up nodefile 2024-09-08 17:19:13 +02:00
6483f863ff
bundles/rsyslogd: add backups 2024-09-08 17:19:03 +02:00
3a52cf55c4
remove bundle:scansnap 2024-09-08 17:17:25 +02:00
455c5c5ce5
update as3320 and as8881 2024-09-07 13:01:37 +02:00
5e55dc6fb9
update forgejo to 8.0.3 2024-09-07 09:09:03 +02:00
d5881da154
fix sophie backup locations 2024-09-07 09:07:40 +02:00
76 changed files with 1198 additions and 896 deletions

View file

@ -160,7 +160,7 @@ def monitoring(metadata):
client, client,
config['one_backup_every_hours'], config['one_backup_every_hours'],
), ),
'vars.sshmon_timeout': 20, 'vars.sshmon_timeout': 40,
} }
return { return {

View file

@ -0,0 +1,39 @@
#!/usr/bin/env python3
from json import loads
from subprocess import check_output
from sys import argv
try:
container_name = argv[1]
docker_ps = check_output([
'docker',
'container',
'ls',
'--all',
'--format',
'json',
'--filter',
f'name={container_name}'
])
containers = loads(f"[{','.join([l for l in docker_ps.decode().splitlines() if l])}]")
if not containers:
print(f'CRITICAL: container {container_name} not found!')
exit(2)
if len(containers) > 1:
print(f'Found more than one container matching {container_name}!')
print(docker_ps)
exit(3)
if containers[0]['State'] != 'running':
print(f'WARNING: container {container_name} not "running"')
exit(2)
print(f"OK: {containers[0]['Status']}")
except Exception as e:
print(repr(e))
exit(2)

View file

@ -0,0 +1,50 @@
#!/bin/bash
[[ -n "$DEBUG" ]] && set -x
ACTION="$1"
set -euo pipefail
if [[ -z "$ACTION" ]]
then
echo "Usage: $0 start|stop"
exit 1
fi
PUID="$(id -u "docker-${name}")"
PGID="$(id -g "docker-${name}")"
if [ "$ACTION" == "start" ]
then
docker run -d \
--name "${name}" \
--env "PUID=$PUID" \
--env "PGID=$PGID" \
--env "TZ=${timezone}" \
% for k, v in sorted(environment.items()):
--env "${k}=${v}" \
% endfor
--network host \
% for host_port, container_port in sorted(ports.items()):
--expose "127.0.0.1:${host_port}:${container_port}" \
% endfor
% for host_path, container_path in sorted(volumes.items()):
--volume "/var/opt/docker-engine/${name}/${host_path}:${container_path}" \
% endfor
--restart unless-stopped \
"${image}"
elif [ "$ACTION" == "stop" ]
then
docker stop "${name}"
docker rm "${name}"
else
echo "Unknown action $ACTION"
exit 1
fi
% if node.has_bundle('nftables'):
systemctl reload nftables
% endif

View file

@ -0,0 +1,14 @@
[Unit]
Description=docker-engine app ${name}
After=network.target
Requires=${' '.join(sorted(requires))}
[Service]
WorkingDirectory=/var/opt/docker-engine/${name}/
ExecStart=/opt/docker-engine/${name} start
ExecStop=/opt/docker-engine/${name} stop
Type=simple
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,99 @@
from bundlewrap.metadata import metadata_to_json
deps = {
'pkg_apt:docker-ce',
'pkg_apt:docker-ce-cli',
}
directories['/opt/docker-engine'] = {
'purge': True,
}
directories['/var/opt/docker-engine'] = {}
files['/etc/docker/daemon.json'] = {
'content': metadata_to_json(node.metadata.get('docker-engine/config')),
'triggers': {
'svc_systemd:docker:restart',
},
# install config before installing packages to ensure the config is
# applied to the first start as well
'before': deps,
}
svc_systemd['docker'] = {
'needs': deps,
}
files['/usr/local/share/icinga/plugins/check_docker_container'] = {
'mode': '0755',
}
for app, config in node.metadata.get('docker-engine/containers', {}).items():
volumes = config.get('volumes', {})
files[f'/opt/docker-engine/{app}'] = {
'source': 'docker-wrapper',
'content_type': 'mako',
'context': {
'environment': config.get('environment', {}),
'image': config['image'],
'name': app,
'ports': config.get('ports', {}),
'timezone': node.metadata.get('timezone'),
'volumes': volumes,
},
'mode': '0755',
'triggers': {
f'svc_systemd:docker-{app}:restart',
},
}
users[f'docker-{app}'] = {
'home': f'/var/opt/docker-engine/{app}',
'groups': {
'docker',
},
'after': {
# provides docker group
'pkg_apt:docker-ce',
},
}
files[f'/usr/local/lib/systemd/system/docker-{app}.service'] = {
'source': 'docker-wrapper.service',
'content_type': 'mako',
'context': {
'name': app,
'requires': {
*set(config.get('requires', set())),
'docker.service',
}
},
'triggers': {
'action:systemd-reload',
f'svc_systemd:docker-{app}:restart',
},
}
svc_systemd[f'docker-{app}'] = {
'needs': {
*deps,
f'file:/opt/docker-engine/{app}',
f'file:/usr/local/lib/systemd/system/docker-{app}.service',
f'user:docker-{app}',
'svc_systemd:docker',
*set(config.get('needs', set())),
},
}
for volume in volumes:
directories[f'/var/opt/docker-engine/{app}/{volume}'] = {
'owner': f'docker-{app}',
'group': f'docker-{app}',
'needed_by': {
f'svc_systemd:docker-{app}',
},
# don't do anything if the directory exists, docker images
# mangle owners
'unless': f'test -d /var/opt/docker-engine/{app}/{volume}',
}

View file

@ -0,0 +1,83 @@
defaults = {
'apt': {
'packages': {
'docker-ce': {},
'docker-ce-cli': {},
'docker-compose-plugin': {},
},
'repos': {
'docker': {
'items': {
'deb https://download.docker.com/linux/debian {os_release} stable',
},
},
},
},
'backups': {
'paths': {
'/var/opt/docker-engine',
},
},
'hosts': {
'entries': {
'172.17.0.1': {
'host.docker.internal',
},
},
},
'docker-engine': {
'config': {
'iptables': False,
'no-new-privileges': True,
},
},
'zfs': {
'datasets': {
'tank/docker-data': {
'mountpoint': '/var/opt/docker-engine',
},
},
},
}
@metadata_reactor.provides(
'icinga2_api/docker-engine/services',
)
def monitoring(metadata):
services = {
'DOCKER PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C dockerd -c 1:',
},
}
for app in metadata.get('docker-engine/containers', {}):
services[f'DOCKER CONTAINER {app}'] = {
'command_on_monitored_host': f'sudo /usr/local/share/icinga/plugins/check_docker_container {app}'
}
return {
'icinga2_api': {
'docker-engine': {
'services': services,
},
},
}
@metadata_reactor.provides(
'zfs/datasets',
)
def zfs(metadata):
datasets = {}
for app in metadata.get('docker-engine/containers', {}):
datasets[f'tank/docker-data/{app}'] = {
'mountpoint': f'/var/opt/docker-engine/{app}'
}
return {
'zfs': {
'datasets': datasets,
},
}

View file

@ -0,0 +1,64 @@
assert node.has_bundle('docker-engine')
assert node.has_bundle('redis')
assert not node.has_bundle('postgresql') # docker container uses that port
defaults = {
'docker-engine': {
'containers': {
'immich': {
'image': 'ghcr.io/imagegenius/immich:latest',
'environment': {
'DB_DATABASE_NAME': 'immich',
'DB_HOSTNAME': 'host.docker.internal',
'DB_PASSWORD': repo.vault.password_for(f'{node.name} postgresql immich'),
'DB_USERNAME': 'immich',
'REDIS_HOSTNAME': 'host.docker.internal',
},
'volumes': {
'config': '/config',
'libraries': '/libraries',
'photos': '/photos',
},
'needs': {
'svc_systemd:docker-postgresql14',
},
'requires': {
'docker-postgresql14.service',
},
},
'postgresql14': {
'image': 'tensorchord/pgvecto-rs:pg14-v0.2.0',
'environment': {
'POSTGRES_PASSWORD': repo.vault.password_for(f'{node.name} postgresql immich'),
'POSTGRES_USER': 'immich',
'POSTGRES_DB': 'immich',
},
'volumes': {
'database': '/var/lib/postgresql/data',
},
},
},
},
'nginx': {
'vhosts': {
'immich': {
'locations': {
'/': {
'target': 'http://127.0.0.1:8080/',
'websockets': True,
'max_body_size': '500m',
},
#'/api/socket.io/': {
# 'target': 'http://127.0.0.1:8081/',
# 'websockets': True,
#},
},
},
},
},
'redis': {
'bind': '0.0.0.0',
},
}

View file

@ -29,8 +29,8 @@ mail_location = maildir:/var/mail/vmail/%d/%n
protocols = imap lmtp sieve protocols = imap lmtp sieve
ssl = required ssl = required
ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/privkey.pem
ssl_dh = </etc/ssl/certs/dhparam.pem ssl_dh = </etc/ssl/certs/dhparam.pem
ssl_min_protocol = TLSv1.2 ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305

View file

@ -100,7 +100,7 @@ def nginx(metadata):
}, },
}, },
'website_check_path': '/user/login', 'website_check_path': '/user/login',
'website_check_string': 'Sign In', 'website_check_string': 'Sign in',
}, },
}, },
}, },

View file

@ -2,48 +2,42 @@
from sys import exit from sys import exit
import requests from packaging.version import parse
from packaging import version from requests import get
bearer = "${bearer}" API_TOKEN = "${token}"
domain = "${domain}" DOMAIN = "${domain}"
OK = 0
WARN = 1
CRITICAL = 2
UNKNOWN = 3
status = 3
message = "Unknown Update Status"
domain = "hass.home.kunbox.net"
s = requests.Session()
s.headers.update({"Content-Type": "application/json"})
try: try:
stable_version = version.parse( r = get("https://version.home-assistant.io/stable.json")
s.get("https://version.home-assistant.io/stable.json").json()["homeassistant"][ r.raise_for_status()
"generic-x86-64" stable_version = parse(r.json()["homeassistant"]["generic-x86-64"])
]
)
s.headers.update(
{"Authorization": f"Bearer {bearer}", "Content-Type": "application/json"}
)
running_version = version.parse(
s.get(f"https://{domain}/api/config").json()["version"]
)
if running_version == stable_version:
status = 0
message = f"OK - running version {running_version} equals stable version {stable_version}"
elif running_version > stable_version:
status = 1
message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
else:
status = 2
message = f"CRITICAL - update necessary, running version {running_version} is lower than stable version {stable_version}"
except Exception as e: except Exception as e:
message = f"{message}: {repr(e)}" print(f"Could not get stable version information from home-assistant.io: {e!r}")
exit(3)
print(message) try:
exit(status) r = get(
f"https://{DOMAIN}/api/config",
headers={"Authorization": f"Bearer {API_TOKEN}", "Content-Type": "application/json"},
)
r.raise_for_status()
running_version = parse(r.json()["version"])
except Exception as e:
print(f"Could not get running version information from homeassistant: {e!r}")
exit(3)
try:
if stable_version > running_version:
print(
f"There is a newer version available: {stable_version} (currently installed: {running_version})"
)
exit(2)
else:
print(
f"Currently running version {running_version} matches newest release on home-assistant.io"
)
exit(0)
except Exception as e:
print(repr(e))
exit(3)

View file

@ -5,6 +5,8 @@ After=network-online.target
[Service] [Service]
Type=simple Type=simple
User=homeassistant User=homeassistant
Environment="VIRTUAL_ENV=/opt/homeassistant/venv"
Environment="PATH=/opt/homeassistant/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
WorkingDirectory=/var/opt/homeassistant WorkingDirectory=/var/opt/homeassistant
ExecStart=/opt/homeassistant/venv/bin/hass -c "/var/opt/homeassistant" ExecStart=/opt/homeassistant/venv/bin/hass -c "/var/opt/homeassistant"
RestartForceExitStatus=100 RestartForceExitStatus=100

View file

@ -30,7 +30,7 @@ files = {
'/usr/local/share/icinga/plugins/check_homeassistant_update': { '/usr/local/share/icinga/plugins/check_homeassistant_update': {
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'bearer': repo.vault.decrypt(node.metadata.get('homeassistant/api_secret')), 'token': node.metadata.get('homeassistant/api_secret'),
'domain': node.metadata.get('homeassistant/domain'), 'domain': node.metadata.get('homeassistant/domain'),
}, },
'mode': '0755', 'mode': '0755',

View file

@ -17,7 +17,6 @@ defaults = {
'icinga2': {}, 'icinga2': {},
'icinga2-ido-pgsql': {}, 'icinga2-ido-pgsql': {},
'icingaweb2': {}, 'icingaweb2': {},
'icingaweb2-module-monitoring': {},
'python3-easysnmp': {}, 'python3-easysnmp': {},
'python3-flask': {}, 'python3-flask': {},
'snmp': {}, 'snmp': {},

View file

@ -23,7 +23,7 @@ actions = {
git_deploy = { git_deploy = {
'/opt/infobeamer-cms/src': { '/opt/infobeamer-cms/src': {
'rev': 'master', 'rev': 'master',
'repo': 'https://github.com/sophieschi/36c3-cms.git', 'repo': 'https://github.com/voc/infobeamer-cms.git',
'needs': { 'needs': {
'directory:/opt/infobeamer-cms/src', 'directory:/opt/infobeamer-cms/src',
}, },
@ -96,14 +96,6 @@ files = {
}, },
} }
pkg_pip = {
'github-flask': {
'needed_by': {
'svc_systemd:infobeamer-cms',
},
},
}
svc_systemd = { svc_systemd = {
'infobeamer-cms': { 'infobeamer-cms': {
'needs': { 'needs': {

View file

@ -1,9 +1,10 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import logging import logging
from datetime import datetime, timezone from datetime import datetime
from json import dumps from json import dumps
from time import sleep from time import sleep
from zoneinfo import ZoneInfo
import paho.mqtt.client as mqtt import paho.mqtt.client as mqtt
from requests import RequestException, get from requests import RequestException, get
@ -61,8 +62,6 @@ def mqtt_dump_state(device):
out.append("Location: {}".format(device["location"])) out.append("Location: {}".format(device["location"]))
out.append("Setup: {} ({})".format(device["setup"]["name"], device["setup"]["id"])) out.append("Setup: {} ({})".format(device["setup"]["name"], device["setup"]["id"]))
out.append("Resolution: {}".format(device["run"].get("resolution", "unknown"))) out.append("Resolution: {}".format(device["run"].get("resolution", "unknown")))
if not device["is_synced"]:
out.append("syncing ...")
mqtt_out( mqtt_out(
" - ".join(out), " - ".join(out),
@ -73,6 +72,9 @@ def mqtt_dump_state(device):
mqtt_out("Monitor starting up") mqtt_out("Monitor starting up")
while True: while True:
try: try:
online_devices = set()
available_credits = None
try: try:
r = get( r = get(
"https://info-beamer.com/api/v1/device/list", "https://info-beamer.com/api/v1/device/list",
@ -88,7 +90,6 @@ while True:
) )
else: else:
new_state = {} new_state = {}
online_devices = set()
for device in ib_state: for device in ib_state:
did = str(device["id"]) did = str(device["id"])
@ -140,16 +141,15 @@ while True:
if device["is_online"]: if device["is_online"]:
if device["maintenance"]: if device["maintenance"]:
mqtt_out( mqtt_out(
"maintenance required: {}".format(' '.join( "maintenance required: {}".format(
sorted(device["maintenance"]) " ".join(sorted(device["maintenance"]))
)), ),
level="WARN", level="WARN",
device=device, device=device,
) )
if ( if (
device["is_synced"] != state[did]["is_synced"] device["location"] != state[did]["location"]
or device["location"] != state[did]["location"]
or device["setup"]["id"] != state[did]["setup"]["id"] or device["setup"]["id"] != state[did]["setup"]["id"]
or device["run"].get("resolution") or device["run"].get("resolution")
!= state[did]["run"].get("resolution") != state[did]["run"].get("resolution")
@ -171,13 +171,56 @@ while True:
state = new_state state = new_state
if ( try:
datetime.now(timezone.utc).strftime("%H%M") == "1312" r = get(
and online_devices "https://info-beamer.com/api/v1/account",
and int(datetime.now(timezone.utc).strftime("%S")) < 30 auth=("", CONFIG["api_key"]),
): )
mqtt_out("Online Devices: {}".format(", ".join(sorted(online_devices)))) r.raise_for_status()
sleep(30) ib_account = r.json()
except RequestException as e:
LOG.exception("Could not get data from info-beamer")
mqtt_out(
f"Could not get data from info-beamer: {e!r}",
level="WARN",
)
else:
available_credits = ib_account["balance"]
if available_credits < 50:
mqtt_out(
f"balance has dropped below 50 credits! (available: {available_credits})",
level="ERROR",
)
elif available_credits < 100:
mqtt_out(
f"balance has dropped below 100 credits! (available: {available_credits})",
level="WARN",
)
for quota_name, quota_config in sorted(ib_account["quotas"].items()):
value = quota_config["count"]["value"]
limit = quota_config["count"]["limit"]
if value > limit * 0.9:
mqtt_out(
f"quota {quota_name} is over 90% (limit {limit}, value {value})",
level="ERROR",
)
elif value > limit * 0.8:
mqtt_out(
f"quota {quota_name} is over 80% (limit {limit}, value {value})",
level="WARN",
)
if datetime.now(ZoneInfo("Europe/Berlin")).strftime("%H%M") == "0900":
if available_credits is not None:
mqtt_out(f"Available Credits: {available_credits}")
if online_devices:
mqtt_out(
"Online Devices: {}".format(", ".join(sorted(online_devices)))
)
sleep(60)
except KeyboardInterrupt: except KeyboardInterrupt:
break break

View file

@ -23,9 +23,8 @@ table inet filter {
icmp type timestamp-request drop icmp type timestamp-request drop
icmp type timestamp-reply drop icmp type timestamp-reply drop
ip protocol icmp accept meta l4proto {icmp, ipv6-icmp} accept
ip6 nexthdr ipv6-icmp accept
% for ruleset, rules in sorted(input.items()): % for ruleset, rules in sorted(input.items()):
# ${ruleset} # ${ruleset}

View file

@ -29,7 +29,7 @@ defaults = {
}, },
} }
if not node.has_bundle('vmhost'): if not node.has_bundle('vmhost') and not node.has_bundle('docker-engine'):
# see comment in bundles/vmhost/items.py # see comment in bundles/vmhost/items.py
defaults['apt']['packages']['iptables'] = { defaults['apt']['packages']['iptables'] = {
'installed': False, 'installed': False,

View file

@ -11,7 +11,7 @@ events {
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
types { types {
application/javascript js mjs; application/javascript mjs;
} }
default_type application/octet-stream; default_type application/octet-stream;
charset UTF-8; charset UTF-8;

View file

@ -149,18 +149,18 @@ server {
% if 'target' in options: % if 'target' in options:
proxy_pass ${options['target']}; proxy_pass ${options['target']};
proxy_http_version ${options.get('http_version', '1.1')}; proxy_http_version ${options.get('http_version', '1.1')};
proxy_set_header Host ${domain}; proxy_set_header Host ${options.get('proxy_pass_host', domain)};
% if options.get('websockets', False): % if options.get('websockets', False):
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
% endif % endif
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host ${options.get('x_forwarded_host', domain)}; proxy_set_header X-Forwarded-Host ${options.get('x_forwarded_host', options.get('proxy_pass_host', domain))};
% for option, value in options.get('proxy_set_header', {}).items(): % for option, value in options.get('proxy_set_header', {}).items():
proxy_set_header ${option} ${value}; proxy_set_header ${option} ${value};
% endfor % endfor
% if location != '/': % if location != '/' and location != '= /':
proxy_set_header X-Script-Name ${location}; proxy_set_header X-Script-Name ${location};
% endif % endif
proxy_buffering off; proxy_buffering off;

View file

@ -1,3 +1,5 @@
devnull@${node.metadata.get('postfix/myhostname')} DISCARD DEV-NULL
% for address in sorted(blocked): % for address in sorted(blocked):
${address} REJECT ${address} REJECT
% endfor % endfor

View file

@ -3,7 +3,7 @@ biff = no
append_dot_mydomain = no append_dot_mydomain = no
readme_directory = no readme_directory = no
compatibility_level = 2 compatibility_level = 2
myhostname = ${node.metadata.get('postfix/myhostname', node.metadata['hostname'])} myhostname = ${node.metadata.get('postfix/myhostname')}
myorigin = /etc/mailname myorigin = /etc/mailname
mydestination = $myhostname, localhost mydestination = $myhostname, localhost
mynetworks = ${' '.join(sorted(mynetworks))} mynetworks = ${' '.join(sorted(mynetworks))}
@ -25,7 +25,6 @@ inet_interfaces = 127.0.0.1
% endif % endif
<%text> <%text>
smtp_use_tls = yes
smtp_tls_loglevel = 1 smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@ -38,8 +37,8 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
</%text> </%text>
% if node.has_bundle('postfixadmin'): % if node.has_bundle('postfixadmin'):
smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem smtpd_tls_cert_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/fullchain.pem
smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem smtpd_tls_key_file = /var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname')}/privkey.pem
<%text> <%text>
smtpd_use_tls=yes smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
@ -48,7 +47,7 @@ smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_helo_required = yes smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
smtpd_data_restrictions = reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/blocked_recipients smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/blocked_recipients, permit_mynetworks
smtpd_relay_before_recipient_restrictions = yes smtpd_relay_before_recipient_restrictions = yes
# https://ssl-config.mozilla.org/#server=postfix&version=3.7.10&config=intermediate&openssl=3.0.11&guideline=5.7 # https://ssl-config.mozilla.org/#server=postfix&version=3.7.10&config=intermediate&openssl=3.0.11&guideline=5.7

View file

@ -25,7 +25,7 @@ my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix'
files = { files = {
'/etc/mailname': { '/etc/mailname': {
'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']), 'content': node.metadata.get('postfix/myhostname'),
'before': { 'before': {
my_package, my_package,
}, },

View file

@ -87,7 +87,7 @@ def letsencrypt(metadata):
} }
result['domains'] = { result['domains'] = {
metadata.get('postfix/myhostname', metadata.get('hostname')): set(), metadata.get('postfix/myhostname'): set(),
} }
return { return {
@ -148,3 +148,14 @@ def icinga2(metadata):
}, },
}, },
} }
@metadata_reactor.provides(
'postfix/myhostname',
)
def myhostname(metadata):
return {
'postfix': {
'myhostname': metadata.get('hostname'),
},
}

View file

@ -57,7 +57,7 @@ files = {
}, },
} }
if node.has_bundle('backup-client') and not node.has_bundle('zfs'): if node.has_bundle('backup-client'):
files['/etc/backup-pre-hooks.d/90-postgresql-dump-all'] = { files['/etc/backup-pre-hooks.d/90-postgresql-dump-all'] = {
'source': 'backup-pre-hook', 'source': 'backup-pre-hook',
'content_type': 'mako', 'content_type': 'mako',
@ -67,10 +67,6 @@ if node.has_bundle('backup-client') and not node.has_bundle('zfs'):
'mode': '0700', 'mode': '0700',
} }
directories['/var/tmp/postgresdumps'] = {} directories['/var/tmp/postgresdumps'] = {}
else:
files['/var/tmp/postgresdumps'] = {
'delete': True,
}
postgres_roles = { postgres_roles = {
'root': { 'root': {

View file

@ -11,6 +11,7 @@ defaults = {
'backups': { 'backups': {
'paths': { 'paths': {
'/var/lib/postgresql', '/var/lib/postgresql',
'/var/tmp/postgresdumps',
}, },
}, },
'bash_functions': { 'bash_functions': {
@ -74,8 +75,6 @@ if node.has_bundle('zfs'):
}, },
}, },
} }
else:
defaults['backups']['paths'].add('/var/tmp/postgresdumps')
@metadata_reactor.provides( @metadata_reactor.provides(

View file

@ -3,6 +3,8 @@ from os import listdir
from os.path import isfile, join from os.path import isfile, join
from subprocess import check_output from subprocess import check_output
from bundlewrap.utils.ui import io
zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones') zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
nameservers = set() nameservers = set()
@ -79,9 +81,10 @@ if node.metadata.get('powerdns/features/bind', False):
continue continue
try: try:
output = check_output(['git', 'log', '-1', '--pretty=%ci', join(zone_path, zone)]).decode('utf-8').strip() output = check_output(['git', 'log', '-1', '--pretty=%ci']).decode('utf-8').strip()
serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M') serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M')
except: except Exception as e:
io.stderr(f"Error while parsing commit time for {zone} serial: {e!r}")
serial = datetime.now().strftime('%y%m%d0000') serial = datetime.now().strftime('%y%m%d0000')
primary_zones.add(zone) primary_zones.add(zone)

View file

@ -71,8 +71,8 @@ actions = {
'chown -R powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static/', 'chown -R powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static/',
]), ]),
'needs': { 'needs': {
'action:nodejs_install_yarn',
'action:powerdnsadmin_install_deps', 'action:powerdnsadmin_install_deps',
'bundle:nodejs',
'pkg_apt:', 'pkg_apt:',
}, },
}, },

View file

@ -7,7 +7,6 @@ from subprocess import check_output
from requests import get from requests import get
UPDATE_URL = '${url}' UPDATE_URL = '${url}'
USERNAME = '${username}' USERNAME = '${username}'
PASSWORD = '${password}' PASSWORD = '${password}'

View file

@ -5,7 +5,6 @@ from ipaddress import ip_address
from json import loads from json import loads
from subprocess import check_output, run from subprocess import check_output, run
DOMAIN = '${domain}' DOMAIN = '${domain}'
# <%text> # <%text>

View file

@ -1,5 +1,5 @@
assert node.has_bundle('redis'), f'{node.name}: pretalx needs redis' assert node.has_bundle('redis'), f'{node.name}: pretalx needs redis'
assert node.has_bundle('nodejs'), f'{node.name}: pretalx needs nodejs for rebuild and regenerate_css step' assert node.has_bundle('nodejs'), f'{node.name}: pretalx needs nodejs for rebuild step'
actions = { actions = {
'pretalx_create_virtualenv': { 'pretalx_create_virtualenv': {
@ -53,17 +53,6 @@ actions = {
}, },
'triggered': True, 'triggered': True,
}, },
'pretalx_regenerate-css': {
'command': 'sudo -u pretalx PRETALX_CONFIG_FILE=/opt/pretalx/pretalx.cfg /opt/pretalx/venv/bin/python -m pretalx regenerate_css',
'needs': {
'action:pretalx_migrate',
'directory:/opt/pretalx/data',
'directory:/opt/pretalx/static',
'file:/opt/pretalx/pretalx.cfg',
'bundle:nodejs',
},
'triggered': True,
},
} }
users = { users = {
@ -90,7 +79,6 @@ git_deploy = {
'action:pretalx_install', 'action:pretalx_install',
'action:pretalx_migrate', 'action:pretalx_migrate',
'action:pretalx_rebuild', 'action:pretalx_rebuild',
'action:pretalx_regenerate-css',
'svc_systemd:pretalx-web:restart', 'svc_systemd:pretalx-web:restart',
'svc_systemd:pretalx-worker:restart', 'svc_systemd:pretalx-worker:restart',
}, },
@ -121,7 +109,6 @@ svc_systemd = {
'action:pretalx_install', 'action:pretalx_install',
'action:pretalx_migrate', 'action:pretalx_migrate',
'action:pretalx_rebuild', 'action:pretalx_rebuild',
'action:pretalx_regenerate-css',
'file:/etc/systemd/system/pretalx-web.service', 'file:/etc/systemd/system/pretalx-web.service',
'file:/opt/pretalx/pretalx.cfg', 'file:/opt/pretalx/pretalx.cfg',
}, },
@ -129,7 +116,8 @@ svc_systemd = {
'pretalx-worker': { 'pretalx-worker': {
'needs': { 'needs': {
'action:pretalx_install', 'action:pretalx_install',
'action:pretalx_migrate', 'action:pretalx_migrate',,
'action:pretalx_rebuild',
'file:/etc/systemd/system/pretalx-worker.service', 'file:/etc/systemd/system/pretalx-worker.service',
'file:/opt/pretalx/pretalx.cfg', 'file:/opt/pretalx/pretalx.cfg',
}, },
@ -204,7 +192,6 @@ for plugin_name, plugin_config in node.metadata.get('pretalx/plugins', {}).items
'triggers': { 'triggers': {
'action:pretalx_migrate', 'action:pretalx_migrate',
'action:pretalx_rebuild', 'action:pretalx_rebuild',
'action:pretalx_regenerate-css',
'svc_systemd:pretalx-web:restart', 'svc_systemd:pretalx-web:restart',
'svc_systemd:pretalx-worker:restart', 'svc_systemd:pretalx-worker:restart',
}, },

13
bundles/proftpd/items.py Normal file
View file

@ -0,0 +1,13 @@
files['/etc/proftpd/proftpd.conf'] = {
'source': f'{node.name}.conf',
'triggers': {
'svc_systemd:proftpd:restart',
},
}
svc_systemd['proftpd'] = {
'needs': {
'file:/etc/proftpd/proftpd.conf',
'pkg_apt:proftpd-core',
},
}

View file

@ -0,0 +1,26 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'proftpd-core': {},
},
},
}
@metadata_reactor.provides(
'firewall/port_rules',
)
def firewall(metadata):
sources = atomic(metadata.get('mosquitto/restrict-to', set()))
return {
'firewall': {
'port_rules': {
'20/tcp': sources,
'21/tcp': sources,
'49152-50192/tcp': sources,
},
},
}

View file

@ -48,3 +48,4 @@ tcp-keepalive 0
timeout 0 timeout 0
zset-max-ziplist-entries 128 zset-max-ziplist-entries 128
zset-max-ziplist-value 64 zset-max-ziplist-value 64
protected-mode no

View file

@ -2,7 +2,6 @@ import re
from json import load from json import load
from os.path import join from os.path import join
with open(join(repo.path, 'configs', 'netbox', f'{node.name}.json')) as f: with open(join(repo.path, 'configs', 'netbox', f'{node.name}.json')) as f:
netbox = load(f) netbox = load(f)

View file

@ -1,7 +1,7 @@
reporting { reporting {
enabled = true; enabled = true;
email = 'dmarc+${node.name.replace('.', '-')}@kunbox.net'; email = 'devnull@${node.metadata.get('postfix/myhostname')}';
domain = '${node.metadata.get('hostname')}'; domain = '${node.metadata.get('postfix/myhostname')}';
org_name = 'kunbox.net'; org_name = 'kunbox.net';
smtp = '127.0.0.1'; smtp = '127.0.0.1';
smtp_port = 25; smtp_port = 25;

View file

@ -6,6 +6,11 @@ defaults = {
'rsyslog': {}, 'rsyslog': {},
}, },
}, },
'backups': {
'paths': {
'/var/log/rsyslog',
},
},
'icinga2_api': { 'icinga2_api': {
'rsyslog': { 'rsyslog': {
'services': { 'services': {

View file

@ -1,21 +0,0 @@
#!/bin/bash
set -euo pipefail
DATE=$(date +%F_%H-%M-%S)
cd "$1"
convert *.tiff no_ocr.pdf
ocrmypdf -l deu no_ocr.pdf has_ocr.pdf
rm -f *.tiff
rm -f no_ocr.pdf
chown nobody:nogroup has_ocr.pdf
mv has_ocr.pdf "/srv/scansnap/${DATE}.pdf"
cd /
rm -r "$1"

View file

@ -1,9 +0,0 @@
#!/bin/bash
set -euo pipefail
OUTFILE=$(mktemp -d)
scanimage --source 'ADF Duplex' --format tiff --mode Color --brightness 23 --resolution 300 --page-width 210 --page-height 297.3 -x 210 -y 297.3 --batch=${OUTFILE}/p%04d.tiff
/etc/scanbd/scripts/ocr.sh "$OUTFILE" &

View file

@ -1,52 +0,0 @@
global {
debug = true
debug-level = 2
user = saned
group = scanner
saned = "/usr/sbin/saned"
saned_opt = {}
saned_env = { "SANE_CONFIG_DIR=/etc/scanbd" }
scriptdir = /etc/scanbd/scripts
timeout = 500
pidfile = "/var/run/scanbd.pid"
environment {
device = "SCANBD_DEVICE"
action = "SCANBD_ACTION"
}
function function_knob {
filter = "^message.*"
desc = "The value of the function knob / wheel / selector"
env = "SCANBD_FUNCTION"
}
function function_mode {
filter = "^mode.*"
desc = "Color mode"
env = "SCANBD_FUNCTION_MODE"
}
multiple_actions = false
action scan {
filter = "^scan.*"
numerical-trigger {
from-value = 0
to-value = 1
}
desc = "Scan to file"
script = "scan.sh"
}
}
include(scanner.d/avision.conf)
include(scanner.d/fujitsu.conf)
include(scanner.d/hp.conf)
include(scanner.d/pixma.conf)
include(scanner.d/snapscan.conf)
include(scanner.d/canon.conf)
include(scanner.d/plustek.conf)

View file

@ -1,39 +0,0 @@
directories = {
'/etc/scanbd/scripts': {
'purge': True,
},
'/srv/scansnap': {
'owner': 'nobody',
'group': 'nogroup',
},
}
files = {
'/etc/scanbd/scanbd.conf': {
'triggers': {
'svc_systemd:scanbd:restart',
},
},
'/etc/scanbd/scripts/ocr.sh': {
'mode': '0755',
'needs': {
'directory:/srv/scansnap',
},
},
'/etc/scanbd/scripts/scan.sh': {
'mode': '0755',
'needs': {
'directory:/srv/scansnap',
'file:/etc/scanbd/scripts/ocr.sh',
},
},
}
svc_systemd = {
'scanbd': {
'needs': {
'file:/etc/scanbd/scanbd.conf',
'pkg_apt:scanbd',
},
},
}

View file

@ -1,22 +0,0 @@
defaults = {
'apt': {
'packages': {
'sane-utils': {},
'scanbd': {},
'imagemagick': {},
'ocrmypdf': {},
'tesseract-ocr-deu': {},
},
},
'backups': {
'paths': {
'/srv/scansnap',
},
},
'cron': {
'jobs': {
# Automatically remove files which are older than 14 days
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
},
},
}

View file

@ -43,30 +43,6 @@ if node.has_bundle('telegraf'):
} }
@metadata_reactor.provides(
'smartd/disks',
)
def zfs_disks_to_metadata(metadata):
disks = set()
for config in metadata.get('zfs/pools', {}).values():
for option in config['when_creating']['config']:
if option.get('type', '') in {'log', 'cache'}:
continue
for disk in option['devices']:
if search(r'p([0-9]+)$', disk) or disk.startswith('/dev/mapper/'):
continue
disks.add(disk)
return {
'smartd': {
'disks': disks,
},
}
@metadata_reactor.provides( @metadata_reactor.provides(
'icinga2_api/smartd/services', 'icinga2_api/smartd/services',
) )

View file

@ -4,27 +4,30 @@ from re import findall
from subprocess import check_output from subprocess import check_output
from sys import exit from sys import exit
ITERATIONS = 10
try: try:
top_output = None top_output = None
for line in check_output(['top', '-b', '-n1', '-d1']).decode('UTF-8').splitlines(): top_output = check_output(rf"top -b -n{ITERATIONS} -d1 | grep -i '^%cpu'", shell=True).decode('UTF-8')
if line.lower().strip().startswith('%cpu'):
top_output = line.lower().split(':', 2)[1]
break
if not top_output:
print('%cpu not found in top output')
exit(3)
cpu_usage = {} cpu_usage = {}
for value, identifier in findall('([0-9\.\,]{3,5}) ([a-z]{2})', top_output): for value, identifier in findall(r'([0-9\.\,]{3,5}) ([a-z]{2})', top_output):
cpu_usage[identifier] = float(value.replace(',', '.')) if identifier not in cpu_usage:
cpu_usage[identifier] = 0.0
cpu_usage[identifier] += float(value.replace(',', '.'))
output = []
for identifier, value_added in cpu_usage.items():
value = value_added / ITERATIONS
output.append(f"{value:.2f} {identifier}")
cpu_usage[identifier] = value
print(f"Average over {ITERATIONS} seconds: " + ", ".join(output))
warn = set() warn = set()
crit = set() crit = set()
print(top_output)
# steal # steal
if cpu_usage['st'] > 10: if cpu_usage['st'] > 10:
crit.add('CPU steal is {}% (>10%)'.format(cpu_usage['st'])) crit.add('CPU steal is {}% (>10%)'.format(cpu_usage['st']))

View file

@ -22,7 +22,8 @@ case "$issuer_hash" in
# 462422cf: issuer=C = US, O = Let's Encrypt, CN = E5 # 462422cf: issuer=C = US, O = Let's Encrypt, CN = E5
# 9aad238c: issuer=C = US, O = Let's Encrypt, CN = E6 # 9aad238c: issuer=C = US, O = Let's Encrypt, CN = E6
# 31dfb39d: issuer=C = US, O = Let's Encrypt, CN = R11 # 31dfb39d: issuer=C = US, O = Let's Encrypt, CN = R11
4f06f81d|8d33f237|462422cf|9aad238c|31dfb39d) # aa578057: issuer=C = US, O = Let's Encrypt, CN = R10
4f06f81d|8d33f237|462422cf|9aad238c|31dfb39d|aa578057)
warn_days=10 warn_days=10
crit_days=3 crit_days=3
;; ;;

View file

@ -19,6 +19,8 @@ defaults = {
'services': { 'services': {
'CPU': { 'CPU': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_cpu_stats', 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_cpu_stats',
# takes samples over 10 seconds
'vars.sshmon_timeout': 20
}, },
'LOAD': { 'LOAD': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_load -r -w 4,2,1 -c 8,4,2', 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_load -r -w 4,2,1 -c 8,4,2',

View file

@ -170,7 +170,7 @@ def scrub_timer(metadata):
'systemd-timers': { 'systemd-timers': {
'timers': { 'timers': {
'zfs-scrub': { 'zfs-scrub': {
'when': 'Sun 02:00:00 UTC', 'when': metadata.get('zfs/scrub_when', 'Sun 02:00:00 UTC'),
'command': scrubs, 'command': scrubs,
}, },
}, },

View file

@ -1,5 +1,7 @@
109.237.176.0/20 109.237.176.0/20
109.72.116.0/24
116.50.16.0/21 116.50.16.0/21
128.65.164.0/22
129.181.208.0/21 129.181.208.0/21
129.181.216.0/22 129.181.216.0/22
137.170.112.0/24 137.170.112.0/24
@ -15,13 +17,12 @@
139.12.4.0/24 139.12.4.0/24
141.169.240.0/20 141.169.240.0/20
141.77.0.0/16 141.77.0.0/16
141.98.44.0/24
143.99.213.0/24 143.99.213.0/24
145.225.16.0/23 145.225.16.0/23
146.247.58.0/24 146.247.58.0/24
147.136.84.0/22
147.161.22.0/24 147.161.22.0/24
147.78.17.0/24 147.78.17.0/24
147.79.8.0/21
149.208.250.0/23 149.208.250.0/23
149.208.252.0/24 149.208.252.0/24
149.208.253.0/24 149.208.253.0/24
@ -34,6 +35,7 @@
149.249.244.0/22 149.249.244.0/22
149.249.244.0/23 149.249.244.0/23
149.249.246.0/23 149.249.246.0/23
153.17.244.8/29
153.17.249.0/24 153.17.249.0/24
153.17.250.0/24 153.17.250.0/24
153.17.251.0/24 153.17.251.0/24
@ -46,7 +48,11 @@
153.97.32.0/24 153.97.32.0/24
158.116.231.0/24 158.116.231.0/24
160.211.126.0/24 160.211.126.0/24
163.5.168.0/24 163.5.156.0/24
163.5.170.0/24
163.5.186.0/24
163.5.220.0/24
163.5.66.0/24
164.133.10.0/24 164.133.10.0/24
164.133.11.0/24 164.133.11.0/24
164.133.150.0/24 164.133.150.0/24
@ -60,11 +66,9 @@
168.199.192.0/22 168.199.192.0/22
168.199.212.0/22 168.199.212.0/22
170.237.92.0/23 170.237.92.0/23
171.25.178.0/24
176.221.24.0/24
176.221.25.0/24
176.53.136.0/24 176.53.136.0/24
176.53.137.0/24 176.53.137.0/24
176.57.59.0/24
185.100.160.0/22 185.100.160.0/22
185.101.244.0/23 185.101.244.0/23
185.101.246.0/23 185.101.246.0/23
@ -76,45 +80,38 @@
185.131.239.0/24 185.131.239.0/24
185.133.12.0/22 185.133.12.0/22
185.136.115.0/24 185.136.115.0/24
185.149.25.0/24
185.149.26.0/24
185.149.27.0/24
185.149.52.0/24 185.149.52.0/24
185.157.101.0/24 185.157.101.0/24
185.161.176.0/22 185.161.176.0/22
185.162.72.0/23
185.163.76.0/24 185.163.76.0/24
185.163.77.0/24 185.163.77.0/24
185.163.78.0/24 185.163.78.0/24
185.163.79.0/24 185.163.79.0/24
185.172.38.0/24
185.172.39.0/24
185.180.224.0/24 185.180.224.0/24
185.183.212.0/23 185.183.212.0/23
185.183.214.0/23 185.183.214.0/23
185.188.64.0/24 185.188.64.0/24
185.195.239.0/24
185.198.13.0/24 185.198.13.0/24
185.202.32.0/21 185.202.32.0/21
185.203.148.0/22
185.207.46.0/24 185.207.46.0/24
185.235.71.0/24 185.21.247.0/24
185.237.0.0/24 185.237.0.0/24
185.237.1.0/24 185.237.1.0/24
185.237.2.0/24 185.237.2.0/24
185.240.85.0/24
185.242.224.0/24 185.242.224.0/24
185.243.44.0/22 185.243.44.0/22
185.243.44.0/24 185.243.44.0/24
185.243.45.0/24 185.243.45.0/24
185.243.46.0/24 185.243.46.0/24
185.243.47.0/24 185.243.47.0/24
185.250.42.0/23
185.28.208.0/22 185.28.208.0/22
185.39.12.0/22 185.39.12.0/22
185.48.0.0/22 185.48.0.0/22
185.57.231.0/24
185.57.24.0/24 185.57.24.0/24
185.82.160.0/23 185.82.160.0/23
185.91.204.0/22 188.214.139.0/24
192.109.121.0/24 192.109.121.0/24
192.109.122.0/24 192.109.122.0/24
192.109.124.0/24 192.109.124.0/24
@ -176,7 +173,6 @@
193.110.102.0/23 193.110.102.0/23
193.110.102.0/24 193.110.102.0/24
193.110.103.0/24 193.110.103.0/24
193.124.35.0/24
193.138.91.0/24 193.138.91.0/24
193.141.143.0/24 193.141.143.0/24
193.141.180.0/23 193.141.180.0/23
@ -243,7 +239,6 @@
193.41.10.0/23 193.41.10.0/23
193.47.164.0/24 193.47.164.0/24
193.53.93.0/24 193.53.93.0/24
193.56.21.0/24
193.58.253.0/24 193.58.253.0/24
193.84.136.0/22 193.84.136.0/22
193.96.230.0/24 193.96.230.0/24
@ -253,6 +248,7 @@
193.98.224.0/24 193.98.224.0/24
193.99.96.0/20 193.99.96.0/20
194.0.151.0/24 194.0.151.0/24
194.0.232.0/24
194.110.133.0/24 194.110.133.0/24
194.113.160.0/22 194.113.160.0/22
194.113.20.0/23 194.113.20.0/23
@ -295,6 +291,13 @@
194.15.64.0/21 194.15.64.0/21
194.15.72.0/22 194.15.72.0/22
194.150.228.0/23 194.150.228.0/23
194.152.128.0/24
194.152.129.0/24
194.152.132.0/24
194.152.141.0/24
194.152.142.0/24
194.152.154.0/24
194.152.155.0/24
194.153.86.0/24 194.153.86.0/24
194.156.128.0/22 194.156.128.0/22
194.156.148.0/24 194.156.148.0/24
@ -337,26 +340,20 @@
194.39.63.0/24 194.39.63.0/24
194.39.88.0/21 194.39.88.0/21
194.39.97.0/24 194.39.97.0/24
194.45.144.0/21
194.49.110.0/24
194.49.117.0/24 194.49.117.0/24
194.49.118.0/23 194.49.118.0/23
194.49.125.0/24 194.49.125.0/24
194.49.48.0/24 194.49.48.0/24
194.49.54.0/24 194.49.54.0/24
194.49.72.0/24
194.49.73.0/24 194.49.73.0/24
194.49.74.0/23 194.49.74.0/23
194.49.85.0/24 194.49.85.0/24
194.55.158.0/24
194.55.180.0/24 194.55.180.0/24
194.55.183.0/24 194.55.183.0/24
194.55.192.0/19 194.55.192.0/19
194.55.63.0/24 194.55.63.0/24
194.55.64.0/20 194.55.64.0/20
194.55.87.0/24 194.55.87.0/24
194.58.40.0/24
194.58.56.0/23
194.59.143.0/24 194.59.143.0/24
194.59.150.0/24 194.59.150.0/24
194.59.151.0/24 194.59.151.0/24
@ -382,34 +379,22 @@
194.76.52.0/24 194.76.52.0/24
194.77.41.0/24 194.77.41.0/24
194.77.42.0/24 194.77.42.0/24
194.85.248.0/24
194.85.251.0/24
194.87.10.0/24
194.87.17.0/24
194.87.255.0/24
194.87.77.0/24
194.88.112.0/20
194.88.16.0/21 194.88.16.0/21
194.88.24.0/23 194.88.24.0/23
194.88.26.0/24 194.88.26.0/24
194.88.28.0/23 194.88.28.0/23
194.88.96.0/21
194.99.118.0/24 194.99.118.0/24
194.99.34.0/24 194.99.34.0/24
194.99.76.0/23 194.99.76.0/23
194.99.83.0/24 194.99.83.0/24
194.99.92.0/22 194.99.92.0/22
195.133.20.0/24
195.133.64.0/22
195.133.7.0/24 195.133.7.0/24
195.133.76.0/24
195.137.216.0/23 195.137.216.0/23
195.138.223.0/24 195.138.223.0/24
195.144.15.0/24 195.144.15.0/24
195.145.0.0/16 195.145.0.0/16
195.149.79.0/24 195.149.79.0/24
195.160.248.0/22 195.160.248.0/22
195.178.132.0/22
195.190.2.0/24 195.190.2.0/24
195.192.254.0/24 195.192.254.0/24
195.200.207.0/24 195.200.207.0/24
@ -436,12 +421,14 @@
198.40.90.0/24 198.40.90.0/24
198.57.10.0/24 198.57.10.0/24
2.160.0.0/12 2.160.0.0/12
2.58.100.0/24
2.58.102.0/24 2.58.102.0/24
204.52.120.0/24
204.52.121.0/24
204.69.32.0/24 204.69.32.0/24
205.142.63.0/24 205.142.63.0/24
212.184.0.0/15 212.184.0.0/15
212.185.0.0/16 212.185.0.0/16
212.87.217.0/24
213.145.90.0/23 213.145.90.0/23
213.145.92.0/23 213.145.92.0/23
213.173.0.0/19 213.173.0.0/19
@ -450,6 +437,7 @@
213.209.156.0/24 213.209.156.0/24
217.0.0.0/13 217.0.0.0/13
217.117.96.0/24 217.117.96.0/24
217.198.189.0/24
217.224.0.0/11 217.224.0.0/11
217.24.32.0/20 217.24.32.0/20
217.24.33.0/24 217.24.33.0/24
@ -459,35 +447,21 @@
31.224.0.0/11 31.224.0.0/11
31.6.56.0/23 31.6.56.0/23
37.143.0.0/22 37.143.0.0/22
37.230.56.0/24
37.230.57.0/24
37.230.58.0/23
37.230.60.0/24
37.230.63.0/24
37.46.11.0/24 37.46.11.0/24
37.50.0.0/15 37.50.0.0/15
37.80.0.0/12 37.80.0.0/12
45.128.14.0/23
45.132.217.0/24
45.132.80.0/22 45.132.80.0/22
45.140.208.0/24 45.141.54.0/24
45.141.130.0/24 45.145.16.0/24
45.142.236.0/24
45.145.241.0/24
45.145.243.0/24
45.147.227.0/24 45.147.227.0/24
45.155.77.0/24
45.81.255.0/24 45.81.255.0/24
45.83.136.0/22 45.83.136.0/22
45.84.214.0/24
45.93.186.0/23 45.93.186.0/23
46.20.216.0/21
46.250.224.0/21 46.250.224.0/21
46.250.232.0/21 46.250.232.0/21
46.78.0.0/15 46.78.0.0/15
46.80.0.0/12 46.80.0.0/12
5.10.208.0/24
5.10.209.0/24
5.10.220.0/24
5.133.112.0/24 5.133.112.0/24
5.249.188.0/22 5.249.188.0/22
5.35.192.0/21 5.35.192.0/21
@ -503,14 +477,11 @@
64.137.119.0/24 64.137.119.0/24
64.137.125.0/24 64.137.125.0/24
64.137.127.0/24 64.137.127.0/24
77.242.149.0/24
77.47.152.0/22 77.47.152.0/22
77.83.136.0/23 77.83.136.0/23
77.83.138.0/23 77.83.138.0/23
77.83.32.0/22
77.90.156.0/24 77.90.156.0/24
77.90.184.0/24 77.90.184.0/24
79.139.52.0/22
79.192.0.0/10 79.192.0.0/10
80.128.0.0/11 80.128.0.0/11
80.128.0.0/12 80.128.0.0/12
@ -522,38 +493,47 @@
80.157.8.0/21 80.157.8.0/21
80.187.0.0/16 80.187.0.0/16
80.187.160.0/20 80.187.160.0/20
80.244.13.0/24
80.64.240.0/22 80.64.240.0/22
80.71.231.0/24 80.71.231.0/24
80.71.233.0/24 80.71.233.0/24
80.71.235.0/24 80.71.235.0/24
80.71.236.0/24 80.71.236.0/24
80.71.238.0/24 80.71.238.0/24
80.83.80.0/21
81.201.32.0/20 81.201.32.0/20
81.30.96.0/20 81.31.210.0/23
82.152.178.0/24 82.163.104.0/21
82.163.60.0/22 82.163.60.0/22
82.206.32.0/21 82.206.32.0/21
82.206.40.0/21 82.206.40.0/21
82.206.48.0/21
82.215.70.0/24 82.215.70.0/24
83.136.208.0/22
83.147.36.0/22
83.243.48.0/21 83.243.48.0/21
84.128.0.0/10 84.128.0.0/10
84.234.16.0/20
84.246.108.0/24 84.246.108.0/24
84.32.108.0/22 84.32.108.0/22
84.32.48.0/22 84.32.48.0/22
84.55.0.0/24
84.55.1.0/24
84.55.2.0/24
84.55.3.0/24
84.55.4.0/24
84.55.5.0/24
84.55.6.0/24
84.55.7.0/24
85.116.28.0/24 85.116.28.0/24
85.116.29.0/24 85.116.29.0/24
85.116.30.0/24 85.116.30.0/24
85.116.31.0/24 85.116.31.0/24
85.119.160.0/23 85.119.160.0/23
85.204.160.0/22 85.204.181.0/24
85.208.248.0/24 85.208.248.0/24
85.208.249.0/24 85.208.249.0/24
85.208.250.0/24 85.208.250.0/24
85.208.251.0/24 85.208.251.0/24
85.237.76.0/22 86.105.211.0/24
86.107.164.0/24
86.38.248.0/21 86.38.248.0/21
86.38.37.0/24 86.38.37.0/24
87.128.0.0/10 87.128.0.0/10
@ -564,10 +544,40 @@
88.216.60.0/22 88.216.60.0/22
89.116.64.0/22 89.116.64.0/22
89.213.186.0/23 89.213.186.0/23
89.35.127.0/24 89.39.97.0/24
89.43.34.0/24 89.43.34.0/24
91.0.0.0/10 91.0.0.0/10
91.103.240.0/21 91.103.240.0/21
91.124.135.0/24
91.124.19.0/24
91.124.20.0/24
91.124.21.0/24
91.124.22.0/24
91.124.23.0/24
91.124.24.0/24
91.124.26.0/24
91.124.27.0/24
91.124.28.0/24
91.124.31.0/24
91.124.32.0/24
91.124.33.0/24
91.124.34.0/24
91.124.36.0/24
91.124.37.0/24
91.124.38.0/24
91.124.39.0/24
91.124.40.0/24
91.124.41.0/24
91.124.42.0/24
91.124.43.0/24
91.124.44.0/24
91.124.45.0/24
91.124.46.0/24
91.124.47.0/24
91.124.50.0/24
91.124.51.0/24
91.124.6.0/24
91.124.7.0/24
91.189.192.0/21 91.189.192.0/21
91.194.232.0/23 91.194.232.0/23
91.198.113.0/24 91.198.113.0/24
@ -592,19 +602,40 @@
91.216.242.0/24 91.216.242.0/24
91.216.45.0/24 91.216.45.0/24
91.217.214.0/24 91.217.214.0/24
91.221.12.0/23
91.222.232.0/22 91.222.232.0/22
91.227.98.0/23 91.227.98.0/23
91.232.136.0/22
91.232.54.0/24 91.232.54.0/24
92.112.128.0/24
92.112.155.0/24
92.112.157.0/24
92.112.16.0/22
92.112.160.0/24
92.112.162.0/24
92.112.165.0/24
92.112.167.0/24
92.112.20.0/22
92.112.48.0/24
92.112.49.0/24
92.112.52.0/24
92.112.54.0/24
92.112.59.0/24
92.112.63.0/24
92.112.64.0/24
92.112.67.0/24
92.112.79.0/24
92.112.81.0/24
92.112.83.0/24
92.112.94.0/24
92.114.44.0/22 92.114.44.0/22
92.119.164.0/22 92.119.164.0/22
92.119.208.0/24 92.119.208.0/24
92.119.209.0/24 92.119.209.0/24
92.119.210.0/24 92.119.210.0/24
92.119.211.0/24 92.119.211.0/24
93.119.184.0/21 93.113.70.0/24
93.119.201.0/24
93.192.0.0/10 93.192.0.0/10
93.95.119.0/24
94.126.98.0/24 94.126.98.0/24
94.26.110.0/23 94.26.110.0/23
94.26.64.0/23 94.26.64.0/23
@ -620,7 +651,6 @@
2001:678:b38::/48 2001:678:b38::/48
2001:678:bdc::/48 2001:678:bdc::/48
2001:678:d4c::/48 2001:678:d4c::/48
2001:678:e9c::/48
2001:678:ff0::/48 2001:678:ff0::/48
2001:67c:11a4::/48 2001:67c:11a4::/48
2001:67c:14c4::/48 2001:67c:14c4::/48
@ -641,6 +671,7 @@
2001:67c:b80::/48 2001:67c:b80::/48
2001:67c:c84::/48 2001:67c:c84::/48
2001:67c:c9c::/48 2001:67c:c9c::/48
2001:67c:ec0::/48
2003:3c0::/28 2003:3c0::/28
2003:3e0::/28 2003:3e0::/28
2003:8:1800::/48 2003:8:1800::/48
@ -663,6 +694,8 @@
2003::/19 2003::/19
2003::/20 2003::/20
2003::/23 2003::/23
2a00:5c60:3::/48
2a00:5c60:a::/48
2a00:6680::/46 2a00:6680::/46
2a01:598::/29 2a01:598::/29
2a01:8fa0::/32 2a01:8fa0::/32
@ -694,8 +727,11 @@
2a0d:480::/29 2a0d:480::/29
2a0d:480::/30 2a0d:480::/30
2a0d:484::/30 2a0d:484::/30
2a0e:cbc4::/32
2a0e:cbc5::/32
2a0e:cbc6::/32
2a0e:cbc7::/32
2a0e:eb40::/32 2a0e:eb40::/32
2a0f:15c0::/32
2a10:cd80::/29 2a10:cd80::/29
2a11:7400:d1::/48 2a11:7400:d1::/48
2a12:6900:1000::/40 2a12:6900:1000::/40

View file

@ -1,19 +1,13 @@
104.151.0.0/17 104.151.0.0/17
109.250.0.0/16 109.250.0.0/16
109.250.0.0/20 109.250.0.0/18
109.250.128.0/19 109.250.128.0/19
109.250.16.0/20
109.250.160.0/19 109.250.160.0/19
109.250.192.0/19 109.250.192.0/19
109.250.224.0/19 109.250.224.0/19
109.250.32.0/19 109.250.64.0/18
109.250.64.0/19
109.250.80.0/22
109.250.84.0/22
109.250.88.0/22
109.250.92.0/22
109.250.96.0/19
134.101.0.0/21 134.101.0.0/21
14.102.90.0/24
143.58.64.0/18 143.58.64.0/18
149.233.32.0/19 149.233.32.0/19
153.94.0.0/20 153.94.0.0/20
@ -35,6 +29,7 @@
185.151.201.0/24 185.151.201.0/24
185.151.203.0/24 185.151.203.0/24
185.158.48.0/22 185.158.48.0/22
185.187.122.0/24
185.199.205.0/24 185.199.205.0/24
185.235.232.0/22 185.235.232.0/22
185.8.230.0/23 185.8.230.0/23
@ -45,13 +40,13 @@
192.166.84.0/22 192.166.84.0/22
192.166.87.0/24 192.166.87.0/24
192.166.88.0/21 192.166.88.0/21
192.189.14.0/24
193.101.4.0/23 193.101.4.0/23
193.101.5.0/24 193.102.10.0/24
193.111.212.0/22 193.111.212.0/22
193.111.212.0/24 193.111.212.0/24
193.163.13.0/24 193.163.13.0/24
193.163.13.0/25 193.17.225.0/24
193.163.13.128/25
193.219.15.0/24 193.219.15.0/24
193.22.120.0/21 193.22.120.0/21
193.22.120.0/24 193.22.120.0/24
@ -92,7 +87,7 @@
194.127.144.0/21 194.127.144.0/21
194.127.203.0/24 194.127.203.0/24
194.139.55.0/24 194.139.55.0/24
194.145.230.0/24 194.145.218.0/23
194.156.216.0/21 194.156.216.0/21
194.156.232.0/23 194.156.232.0/23
194.156.233.0/24 194.156.233.0/24
@ -115,24 +110,23 @@
194.99.0.0/21 194.99.0.0/21
195.149.80.0/23 195.149.80.0/23
195.167.208.0/20 195.167.208.0/20
195.191.20.0/23
195.202.32.0/19 195.202.32.0/19
195.226.160.0/19 195.226.160.0/19
195.226.96.0/19 195.226.96.0/19
195.234.139.0/24 195.234.139.0/24
195.238.233.0/24 195.238.233.0/24
195.244.10.0/23 195.238.238.0/24
195.64.176.0/23 195.64.176.0/23
195.93.158.0/23 195.93.158.0/23
202.71.128.0/20 202.71.128.0/20
202.71.141.0/24
212.204.0.0/19 212.204.0.0/19
212.7.128.0/19 212.7.128.0/19
212.8.0.0/19 212.8.0.0/19
212.80.224.0/19 212.80.224.0/19
212.80.224.0/20
212.80.240.0/20
212.93.0.0/19 212.93.0.0/19
213.138.32.0/19 213.138.32.0/19
213.138.35.0/24
213.139.128.0/19 213.139.128.0/19
213.182.128.0/19 213.182.128.0/19
213.30.192.0/18 213.30.192.0/18
@ -149,307 +143,155 @@
45.13.15.0/24 45.13.15.0/24
46.142.0.0/16 46.142.0.0/16
46.142.0.0/19 46.142.0.0/19
46.142.112.0/20
46.142.128.0/19 46.142.128.0/19
46.142.160.0/19 46.142.160.0/19
46.142.194.0/24
46.142.214.0/24 46.142.214.0/24
46.142.224.0/19 46.142.224.0/19
46.142.32.0/20 46.142.32.0/19
46.142.48.0/20
46.142.64.0/19 46.142.64.0/19
46.142.96.0/19
46.142.96.0/20 46.142.96.0/20
46.189.0.0/17 46.189.0.0/17
46.189.116.0/24
61.8.128.0/19 61.8.128.0/19
61.8.128.0/22
61.8.132.0/22
61.8.136.0/22
61.8.144.0/22
61.8.152.0/22
61.8.156.0/24
61.8.157.0/24
62.214.0.0/16 62.214.0.0/16
62.214.213.0/24
62.214.224.0/19 62.214.224.0/19
62.217.32.0/19 62.217.32.0/19
62.220.0.0/19 62.220.0.0/19
62.68.82.0/24 62.68.82.0/24
62.72.64.0/19 62.72.64.0/19
62.72.88.0/22 62.72.70.0/24
62.72.92.0/23
62.72.94.0/24
77.74.136.0/21 77.74.136.0/21
77.87.190.0/24 77.87.190.0/24
80.241.192.0/20
80.242.160.0/19 80.242.160.0/19
82.119.160.0/19 82.119.160.0/19
82.140.0.0/18 82.140.0.0/18
82.140.2.0/23 82.140.48.0/20
82.140.2.0/24
82.140.3.0/24
82.140.48.0/21
82.144.32.0/19 82.144.32.0/19
82.144.34.0/24
82.144.35.0/24
82.144.36.0/24
82.144.37.0/24
82.145.0.0/19 82.145.0.0/19
82.194.96.0/19 82.194.96.0/19
82.207.128.0/17 82.207.128.0/17
82.207.192.0/19 82.207.192.0/19
82.207.224.0/21
82.207.232.0/22
82.207.236.0/24
82.207.240.0/20
82.207.244.0/24
82.207.245.0/24
82.207.246.0/24
82.207.247.0/24
82.207.248.0/24
82.207.249.0/24
82.207.250.0/24
82.207.251.0/24
82.207.252.0/24
82.207.253.0/24
82.207.254.0/24
82.207.255.0/24
83.135.0.0/16 83.135.0.0/16
83.135.0.0/22 83.135.0.0/20
83.135.112.0/20 83.135.112.0/20
83.135.128.0/19 83.135.128.0/19
83.135.16.0/22
83.135.160.0/21 83.135.160.0/21
83.135.164.0/22
83.135.168.0/21 83.135.168.0/21
83.135.176.0/22 83.135.176.0/22
83.135.180.0/22
83.135.184.0/21 83.135.184.0/21
83.135.192.0/20 83.135.192.0/20
83.135.20.0/24
83.135.208.0/20 83.135.208.0/20
83.135.21.0/24
83.135.22.0/24
83.135.224.0/22 83.135.224.0/22
83.135.23.0/24
83.135.230.0/23
83.135.232.0/21 83.135.232.0/21
83.135.24.0/24
83.135.240.0/22 83.135.240.0/22
83.135.244.0/24
83.135.245.0/24
83.135.248.0/24
83.135.249.0/24
83.135.25.0/24
83.135.250.0/24
83.135.251.0/24
83.135.252.0/24
83.135.253.0/24
83.135.254.0/24
83.135.255.0/24
83.135.26.0/24
83.135.27.0/24
83.135.28.0/24
83.135.29.0/24
83.135.30.0/24
83.135.31.0/24
83.135.32.0/19
83.135.4.0/22
83.135.64.0/19 83.135.64.0/19
83.135.8.0/21
83.135.96.0/20 83.135.96.0/20
84.19.192.0/19 84.19.192.0/19
84.19.192.0/20
84.19.208.0/20
87.122.0.0/15 87.122.0.0/15
87.122.0.0/16
87.122.0.0/20 87.122.0.0/20
87.122.128.0/21 87.122.128.0/21
87.122.136.0/22
87.122.144.0/20 87.122.144.0/20
87.122.16.0/20 87.122.16.0/20
87.122.160.0/20 87.122.160.0/20
87.122.176.0/21 87.122.176.0/21
87.122.184.0/24
87.122.185.0/24
87.122.186.0/24
87.122.187.0/24
87.122.188.0/24
87.122.189.0/24
87.122.190.0/24
87.122.191.0/24
87.122.192.0/19 87.122.192.0/19
87.122.224.0/19 87.122.224.0/19
87.122.32.0/19 87.122.32.0/19
87.122.64.0/19 87.122.64.0/19
87.122.96.0/19 87.122.96.0/19
87.123.0.0/16
87.123.0.0/19 87.123.0.0/19
87.123.112.0/20
87.123.128.0/19 87.123.128.0/19
87.123.160.0/20 87.123.160.0/20
87.123.176.0/20 87.123.176.0/20
87.123.192.0/20 87.123.194.0/24
87.123.208.0/22 87.123.196.0/24
87.123.203.0/24
87.123.216.0/21 87.123.216.0/21
87.123.224.0/20 87.123.224.0/20
87.123.240.0/22 87.123.240.0/21
87.123.244.0/22
87.123.248.0/22
87.123.252.0/24
87.123.253.0/24
87.123.254.0/24
87.123.255.0/24
87.123.32.0/19 87.123.32.0/19
87.123.64.0/20 87.123.64.0/20
87.123.80.0/20 87.123.80.0/20
87.123.96.0/19 87.123.96.0/19
87.123.96.0/20
88.130.0.0/16 88.130.0.0/16
88.130.0.0/19
88.130.130.0/23
88.130.132.0/22
88.130.136.0/21 88.130.136.0/21
88.130.144.0/21 88.130.144.0/20
88.130.152.0/24
88.130.153.0/24
88.130.154.0/24
88.130.155.0/24
88.130.156.0/22
88.130.156.0/24
88.130.157.0/24
88.130.158.0/24
88.130.159.0/24
88.130.160.0/21
88.130.172.0/22
88.130.176.0/21 88.130.176.0/21
88.130.180.0/24 88.130.192.0/23
88.130.181.0/24 88.130.194.0/23
88.130.182.0/24
88.130.183.0/24
88.130.184.0/24
88.130.185.0/24
88.130.186.0/24
88.130.187.0/24
88.130.188.0/24
88.130.189.0/24
88.130.190.0/24
88.130.191.0/24
88.130.192.0/21
88.130.200.0/21
88.130.208.0/21
88.130.216.0/21 88.130.216.0/21
88.130.216.0/22
88.130.220.0/24
88.130.221.0/24
88.130.222.0/24
88.130.223.0/24
88.130.32.0/20
88.130.48.0/24 88.130.48.0/24
88.130.49.0/24 88.130.49.0/24
88.130.50.0/24 88.130.50.0/24
88.130.51.0/24
88.130.52.0/24 88.130.52.0/24
88.130.53.0/24 88.130.53.0/24
88.130.54.0/24 88.130.54.0/23
88.130.55.0/24
88.130.56.0/24 88.130.56.0/24
88.130.57.0/24 88.130.57.0/24
88.130.58.0/24 88.130.58.0/24
88.130.59.0/24 88.130.59.0/24
88.130.60.0/24
88.130.61.0/24 88.130.61.0/24
88.130.62.0/24
88.130.63.0/24 88.130.63.0/24
88.130.64.0/19 88.130.64.0/19
88.130.96.0/19 88.130.96.0/19
89.207.200.0/21
89.244.0.0/14 89.244.0.0/14
89.244.0.0/16
89.244.112.0/21
89.244.120.0/21 89.244.120.0/21
89.244.120.0/22
89.244.124.0/24
89.244.126.0/24
89.244.127.0/24
89.244.160.0/21 89.244.160.0/21
89.244.164.0/22
89.244.168.0/21
89.244.176.0/20 89.244.176.0/20
89.244.192.0/19 89.244.192.0/19
89.244.224.0/20 89.244.224.0/20
89.244.240.0/20 89.244.76.0/24
89.244.64.0/21 89.244.78.0/23
89.244.72.0/22
89.244.80.0/20 89.244.80.0/20
89.244.96.0/20 89.244.96.0/22
89.245.0.0/16
89.245.0.0/20 89.245.0.0/20
89.245.112.0/20
89.245.158.0/24
89.245.159.0/24
89.245.16.0/20 89.245.16.0/20
89.245.160.0/20 89.245.160.0/20
89.245.176.0/21 89.245.176.0/21
89.245.184.0/24
89.245.185.0/24
89.245.186.0/24
89.245.187.0/24
89.245.188.0/24
89.245.189.0/24
89.245.190.0/24
89.245.191.0/24
89.245.192.0/19 89.245.192.0/19
89.245.224.0/19 89.245.224.0/19
89.245.32.0/19 89.245.32.0/19
89.245.32.0/20 89.245.64.0/19
89.245.64.0/20
89.245.80.0/20
89.245.96.0/20 89.245.96.0/20
89.246.0.0/16
89.246.0.0/19 89.246.0.0/19
89.246.104.0/23
89.246.106.0/24
89.246.107.0/24
89.246.108.0/24
89.246.109.0/24
89.246.110.0/24
89.246.111.0/24
89.246.112.0/22 89.246.112.0/22
89.246.116.0/22
89.246.120.0/24
89.246.121.0/24
89.246.122.0/24 89.246.122.0/24
89.246.123.0/24
89.246.124.0/22 89.246.124.0/22
89.246.160.0/20
89.246.160.0/21 89.246.160.0/21
89.246.176.0/22
89.246.180.0/22
89.246.184.0/21 89.246.184.0/21
89.246.192.0/19 89.246.192.0/19
89.246.32.0/20 89.246.32.0/19
89.246.48.0/21
89.246.56.0/21
89.246.96.0/21 89.246.96.0/21
89.247.0.0/16
89.247.0.0/19 89.247.0.0/19
89.247.112.0/21 89.247.112.0/21
89.247.112.0/22
89.247.120.0/22 89.247.120.0/22
89.247.124.0/24
89.247.125.0/24
89.247.126.0/24
89.247.127.0/24
89.247.144.0/20 89.247.144.0/20
89.247.160.0/20 89.247.160.0/20
89.247.179.0/24
89.247.192.0/20 89.247.192.0/20
89.247.208.0/21
89.247.216.0/22 89.247.216.0/22
89.247.224.0/21 89.247.228.0/22
89.247.232.0/21 89.247.232.0/21
89.247.232.0/22
89.247.236.0/22 89.247.236.0/22
89.247.240.0/21 89.247.252.0/22
89.247.240.0/22
89.247.252.0/24
89.247.253.0/24
89.247.254.0/24
89.247.255.0/24
89.247.32.0/19 89.247.32.0/19
89.247.32.0/20 89.247.32.0/20
89.247.64.0/20 89.247.64.0/20
89.247.80.0/20 89.247.80.0/20
89.247.96.0/20
89.27.128.0/17 89.27.128.0/17
89.27.153.0/24
91.194.180.0/23 91.194.180.0/23
91.198.67.0/24 91.198.67.0/24
91.199.158.0/24 91.199.158.0/24
@ -468,8 +310,7 @@
92.116.120.0/21 92.116.120.0/21
92.116.128.0/18 92.116.128.0/18
92.116.16.0/20 92.116.16.0/20
92.116.192.0/19 92.116.192.0/18
92.116.224.0/19
92.116.32.0/19 92.116.32.0/19
92.116.64.0/18 92.116.64.0/18
92.116.96.0/19 92.116.96.0/19
@ -483,67 +324,34 @@
92.117.240.0/21 92.117.240.0/21
92.117.248.0/21 92.117.248.0/21
92.117.64.0/19 92.117.64.0/19
92.117.96.0/19
94.134.0.0/15 94.134.0.0/15
94.134.0.0/18 94.134.0.0/18
94.134.100.0/22 94.134.112.0/22
94.134.112.0/21
94.134.120.0/24
94.134.121.0/24
94.134.122.0/24
94.134.123.0/24
94.134.124.0/24
94.134.125.0/24
94.134.126.0/24
94.134.127.0/24
94.134.128.0/20
94.134.144.0/20 94.134.144.0/20
94.134.160.0/21 94.134.160.0/21
94.134.168.0/22 94.134.168.0/22
94.134.172.0/22 94.134.172.0/22
94.134.176.0/20
94.134.176.0/21 94.134.176.0/21
94.134.192.0/20 94.134.192.0/22
94.134.208.0/21
94.134.216.0/21 94.134.216.0/21
94.134.224.0/19 94.134.64.0/22
94.134.64.0/20 94.134.68.0/22
94.134.80.0/22 94.134.80.0/22
94.134.84.0/24 94.134.88.0/22
94.134.85.0/24 94.134.94.0/23
94.134.86.0/24
94.134.87.0/24
94.134.88.0/24
94.134.89.0/24
94.134.90.0/24
94.134.91.0/24
94.134.92.0/24
94.134.93.0/24
94.134.94.0/24
94.134.95.0/24
94.134.96.0/20 94.134.96.0/20
94.134.96.0/22
2001:1438:1000::/36 2001:1438:1000::/36
2001:1438:1:100::/56
2001:1438:1:200::/56
2001:1438:1:300::/56
2001:1438:1:400::/56
2001:1438:1:900::/56
2001:1438:1:a00::/56
2001:1438:2000::/36 2001:1438:2000::/36
2001:1438:3000::/36 2001:1438:3000::/36
2001:1438:4000::/36 2001:1438:4000::/36
2001:1438::/32 2001:1438::/32
2001:1438:f000::/36
2001:1438:fff:10::/64
2001:1438:fff:11::/64
2001:1438:fff:12::/64
2001:1438:fff:3::/64
2001:1438:fff:4::/64
2001:1438:fff:5::/64
2001:1438:fff:6::/64
2001:1438:fff:7::/64
2001:1438:fff:8::/64
2001:1438:fff:9::/64
2001:1438:fff:a::/64
2001:1438:fff:b::/64
2001:1438:fff:c::/64
2001:1438:fff:d::/64
2001:1438:fff:e::/64
2001:1438:fff:f::/64
2001:16b8:1000::/40 2001:16b8:1000::/40
2001:16b8:100::/40 2001:16b8:100::/40
2001:16b8:1100::/40 2001:16b8:1100::/40
@ -593,12 +401,14 @@
2001:16b8:a000::/35 2001:16b8:a000::/35
2001:16b8:a00::/40 2001:16b8:a00::/40
2001:16b8:b00::/40 2001:16b8:b00::/40
2001:16b8:c000::/35
2001:678:c74::/48 2001:678:c74::/48
2001:67c:27ac::/48 2001:67c:27ac::/48
2001:67c:2878::/48 2001:67c:2878::/48
2001:67c:2e8c::/48 2001:67c:2e8c::/48
2001:67c:660::/48 2001:67c:660::/48
2001:67c:888::/48 2001:67c:888::/48
2001:67c:ed8::/48
2001:7b0::/32 2001:7b0::/32
2001:9e8:2000::/35 2001:9e8:2000::/35
2001:9e8:4000::/35 2001:9e8:4000::/35
@ -615,10 +425,11 @@
2a00:fb8:4000::/35 2a00:fb8:4000::/35
2a00:fb8:6000::/35 2a00:fb8:6000::/35
2a00:fb8::/29 2a00:fb8::/29
2a00:fb8::/32
2a00:fb8::/35 2a00:fb8::/35
2a03:3fc0:2000::/48 2a03:3fc0:2000::/48
2a07:9400::/29 2a07:9400::/29
2a0a:ed40::/29 2a0a:ed40::/29
2a0b:9e80:1000::/36
2a0d:240::/29 2a0d:240::/29
2a0d:ad00::/29 2a0d:ad00::/29
2a11:d00::/32

View file

@ -0,0 +1,62 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -1,30 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mQGiBFKHzk4RBACSHMIFTtfw4ZsNKAA03Gf5t7ovsKWnS7kcMYleAidypqhOmkGg mQINBGZMb30BEAC6c5P5lo5cLN2wX9+jA7TEEJ/NiiOM9VxBwB/c2PFd6AjdGBbe
0petiYsMPYT+MOepCJFGNzwQwJhZrdLUxxMSWay4Xj0ArgpD9vbvU+gj8Tb02l+x 28VcXWmFdETg1N3Woq08yNVXdxS1tMslyl9apmmyCiSC2OPMmTOveLzZ196IljYR
SqNGP8jXMV5UnK4gZsrYGLUPvx47uNNYRIRJAGOPYTvohhnFJiG402dzlwCg4u5I DeZMF8C+rdzNKXZzn7+nEp9xRy34QUZRfx6pEnugMd0VK0d/ZKgMbcq2IvcRQwap
1RdFplkp9JM6vNM9VBIAmcED/2jr7UQGsPs8YOiPkskGHLh/zXgO8SvcNAxCLgbp 60+9t8ppesXhgaRBsAzvrj1twngqXP90JwzKGaR+iaGzrvvJn6cgXkw3MyXhskKY
BjGcF4Iso/A2TAI/2KGJW6kBW/Paf722ltU6s/6mutdXJppgNAz5nfpEt4uZKZyu 4J0c7TV6DmTOIfL6RmBp8+SSco8xXD/O/YIpG8LWe+sbMqSaq7jFvKCINWgK4RAt
oSWf77179B2B/Wl1BsX/Oc3chscAgQb2pD/qPF/VYRJU+hvdQkq1zfi6cVsxyREV 7mBRHvx81Y8IwV6B2wch/lSyYxKXTbE7uMefy3vyP9A9IFhMbFpc0EJA/4tHYEL4
k+IwA/46nXh51CQxE29ayuy1BoIOxezvuXFUXZ8rP6aCh4KaiN9AJoy7pBieCzsq qPZyR44mizsxa+1h6AXO258ERtzL+FoksXnWTcQqBKjd6SHhLwN4BLsjrlWsJ6lD
d7rPEeGIzBjI+yhEu8p92W6KWzL0xduWfYg9I7a2GTk8CaLX2OCLuwnKd7RVDyyZ VaSKsekEwMFTLvZiLxYXBLPU04dvGNgX7nbkFMEK6RxHqfMu+m6+0jPXzQ+ejuae
yzRjWs0T5U7SRAWspLStYxMdKert9lLyQiRHtLwmlgBPqa0gh7Q+SWNpbmdhIE9w xoBBT61O7v5PPTqbZFBKnVzQPf7fBIHW5/AGAc+qAI459viwcCSlJ21RCzirFYc0
ZW4gU291cmNlIE1vbml0b3JpbmcgKEJ1aWxkIHNlcnZlcikgPGluZm9AaWNpbmdh /KDuSoo61yyNcq4G271lbT5SNeMZNlDxKkiHjbCpIU6iEF7uK828F1ZGKOMRztok
Lm9yZz6IYAQTEQIAIAUCUofOTgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJ bzE7j1IDIfDQ3P/zfq73Rr2S9FfHlXvEmLIuj5G4PO7p0IwUlCD1a9oY+QARAQAB
EMbjGcM0QQaCgSQAnRjXdbsyqziqhmxfAKffNJYuMPwdAKCS/IRCVyQzApFBtIBQ tCxJY2luZ2EgR21iSCAoQnVpbGQgc2VydmVyKSA8aW5mb0BpY2luZ2EuY29tPokC
1xuoym/4C7kCDQRSh85OEAgAvPwjlURCi8z6+7i60no4n16dNcSzd6AT8Kizpv2r TgQTAQoAOBYhBN069hmO0AC0wLc5VswRb1WqfyOCBQJmTG99AhsDBQsJCAcCBhUK
9BmNBff/GNYGnHyob/DMtmO2esEuVG8w62rO9m1wzzXzjbtmtU7NZ1Tg+C+reU2I CQgLAgQWAgMBAh4BAheAAAoJEMwRb1WqfyOCGrIP/i/4fYEkdCi4nhQGMzSP0Eyh
GNVu3SYtEVK/UTJHAhLcgry9yD99610tYPN2Fx33Efse94mXOreBfCvDsmFGSc7j UhJjsUP9mEqSQRqOAplvjYa1yBbrSPLfkRE0oAL/o+4eUKcAQFeDQtDXJ/D4xl3Q
GVNCWXpMR3jTYyGj1igYd5ztOzG63D8gPyOucTTl+RWN/G9EoGBv6sWqk5eCd1Fs J5MehRJYzklrSs5XkEscb73HoDBUfFSgCVM2zK+JkCX0CPJ4ZLWtZGJ+8pCLpnkH
JlWyQX4BJn3YsCZx3uj1DWL0dAl2zqcn6m1M4oj1ozW47MqM/efKOcV6VvCs9SL8 nCPonbGc6sS+m2JsPRwxyxAhdXxWSAesXd8dUSW3MOQz9JlC4/idQcCFs03fdhuZ
F/NFvZcH4LKzeupCQ5jEONqcTlVlnLlIqId95Z4DI4AV9wADBQf/S6sKA4oH49tD 4jGMry08OihWVudTDK8nkwRZLzNoOivAQ3mIeaTcRMmgPJfYN4k0o90lXJWAbG+2
Yb5xAfUyEp5ben05TzUJbXs0Z7hfRQzy9+vQbWGamWLgg3QRUVPx1e4IT+W5vEm5 j8p7Pyjv71OctI8KUbS4+f2H8i6r5Pc4M4hlUQh6QAN9o1oPJrXxurdp0EXgQXSy
dggNTMEwlLMI7izCPDcD32B5oxNVxlfj428KGllYWCFj+edY+xKTvw/PHnn+drKs rVH2MeguqprFJxGjdlTCSTYgQEmEXMixRAGzteEgCf/Qk9mPXoxFTNyNg4/Lkglb
LE65Gwx4BPHm9EqWHIBX6aPzbgbJZZ06f6jWVBi/N7e/5n8lkxXqS23DBKemapyu Nj6dY6or6w+IsbdrcePqDAs+j9t5B97vU7Ldquloj85myQjkWPP8kjlsOlsXBkQ/
S1i56sH7mQSMaRZP/iiOroAJemPNxv1IQkykxw2woWMmTLKLMCD/i+4DxejE50tK C+mD+5iW2AiWh+yCasf6mOZwUfINZF+VDpmfIsZZbWpcMgp1f32fpRFZ3ietnsnR
dxaOLTc4HDCsattw/RVJO6fwE414IXHMv330z4HKWJevMQ+CmQGfswvCwgeBP9n8 +luNb19hUHKyyDDHMe/YM7H9P5vtX9BGz6O9kNpo1LAnigkSQSFBZlK3Po3Yk9eg
PItLjBQAXIhJBBgRAgAJBQJSh85OAhsMAAoJEMbjGcM0QQaCzpAAmwUNoRyySf9p XPbDT5HsU3TMyS5ZnSDRRPPJwsyGPXz+0pCADae9H9hCc2C2LZIrrtwlOFPWuViA
5G3/2UD1PMueIwOtAKDVVDXEq5LJPVg4iafNu0SRMwgP0Q== ifY/dQmUP37n5XgMADRc
=icbY =O0zm
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

View file

@ -0,0 +1,74 @@
Include /etc/proftpd/modules.conf
UseIPv6 on
<IfModule mod_ident.c>
IdentLookups off
</IfModule>
ServerName "home.paperless"
ServerType standalone
DeferWelcome off
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
RequireValidShell off
Port 21
PassivePorts 49152 50192
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
<Anonymous /mnt/paperless/consume/>
User nobody
Group nogroup
UserAlias anonymous ftp
<Directory *>
AllowAll
</Directory>
</Anonymous>

View file

@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDxzCCA02gAwIBAgISBDW3AazQEdYbYaSrLIoUKbvsMAoGCCqGSM49BAMDMDIx MIIDxjCCA0ygAwIBAgISBIbwgyWchKDri2pD+Lk46M3eMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA2MjExNjUzNDBaFw0yNDA5MTkxNjUzMzlaMCIxIDAeBgNVBAMTF2hv NTAeFw0yNDA5MTkxOTQ5NDFaFw0yNDEyMTgxOTQ5NDBaMCIxIDAeBgNVBAMTF2hv
bWUuc29waGllcy1raXRjaGVuLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEQDuO bWUuc29waGllcy1raXRjaGVuLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4rKd
QacqKUrKWbwBWgSqPkaBIb4t6f4kiRMvCyY8KiZmIvJadVD6iKnbcGzFQ0LRI+vt PfAtfQts90WjdnsscizZzlUF/HZBx97kT4/eWgyU/MNOFGF4WqGA92OX0ymZVJ7l
+O6ZVpwsUOXvgF3PB7o7OfODlVsKRc4pYJPvoRRaz1VlK6eZW20GGivBVgl0o4IC D4CnHq96odx0LqHBQ+W+MXNlsWnwBTUOPKp8XyUeDhZbkgNJDR8nGtHje9a8o4IC
NDCCAjAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF MzCCAi8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRScRdoEyCVXr1PC0yvKusaOO5i BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSONIAWFPI0mqJYBqnWk1J0Ea27
dTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBVBggrBgEFBQcBAQRJ sDAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZwi9LXDTBVBggrBgEFBQcBAQRJ
MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNyLm9yZzAiBggrBgEFBQcw MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxlbmNyLm9yZzAiBggrBgEFBQcw
AoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzA9BgNVHREENjA0ghkqLmhvbWUuc29w AoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzA9BgNVHREENjA0ghkqLmhvbWUuc29w
aGllcy1raXRjaGVuLmV1ghdob21lLnNvcGhpZXMta2l0Y2hlbi5ldTATBgNVHSAE aGllcy1raXRjaGVuLmV1ghdob21lLnNvcGhpZXMta2l0Y2hlbi5ldTATBgNVHSAE
DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AEiw42vapkc0 DDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABkDvuwaIAAAQDAEYwRAIgP3lyMqvr D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABkgwK350AAAQDAEYwRAIga5zPs7YZ
+a7XWoRLxzQzhv6umJ/hiQPTWen3qqTao34CIGLq9y9ZPZUuo2smf49h9v9I9B4t mJqbxhinEJKKQ9XCe1w/MhBzFMzwHFGbaPgCIHeprkwET14Y3h5dmUF7szwTg1Ey
o6ihFaHoOB68q37DAHcA3+FW66oFr7WcD4ZxjajAMk6uVtlup/WlagHRwTu+UlwA zqLM+GQL3t7EAX2cAHYAPxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4A
AAGQO+7CZAAABAMASDBGAiEAjl1f87koOUNfTNL4IRO+BBEVeHCxPvYRaztVJoC0 AAGSDArfogAABAMARzBFAiEA0faR1cyqpmCyHo/0KCv04fkpwgzWdMY+WopJXDLD
x6ECIQDblc+Snmea3OSqydLcyi8xgdtMySyQgPElXLtM7H+RUjAKBggqhkjOPQQD zz8CIEBKANatmiRstc5D69jKhq2beHldLZB3jRfm1WlWqmxJMAoGCCqGSM49BAMD
AwNoADBlAjA0FOSmTiYrA9Hd2T5DkI2TMOH2akk8SxXprkei6H37bI8O3br7ke8t A2gAMGUCMCrpe2jxoTH410jNJPOnbN4ae0Ng54JtRNcFWHlcwpk07NrByJSTPWDd
jwHWVtvN4d8CMQDohhdWUQ3G8Fl4ektN34oX6U3NcywBm96U3RVt5JYcfnn8ea68 zr7AYsbbVQIxAOGboJcIxsuf+rN30iWoe5KwCY3sd5XW8bEKFQnugIVHxAQKnHNc
Qboj263s/g0Ciqs= 0InWz2sVWYKNBA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL 2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH 6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
Ig46v9mFmBvyH04= VQD9F6Na/+zmXCc=
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -1 +1 @@
encrypt$gAAAAABmdb4pdFakOuqHPRpEu_RjEPVVS9Ef0kuvWKKT3Gr3056e0nhinh_THX1w7CqiZ4CQlvSIH7vlDNUORFWlqDuZJOh8FYPSzjr78aK1MqVGZHxQBK8VVNd0K5m1U3z9_4W_pB7Zr_5fLXDqtIW-t68GQPEfxCwy2h2eBepQ2zJiLupWa7JwuqiXH6QyB4gD5Y-9F30RjH52WtJLrx6XtgClPG0p-6FrHcNHqmMYqgpt11zvLa88lOBUoDGFrrqqFRbY039ay2b1jrQOAhTQLDxnAMsbr5jTSbST1modE-1u_Wis-Km-jcMwkiViZpK-HC6Ce_TNdt1NDarBat6nRhTrpqHXENlroVixHmGl1_-Y6mc75tJ-KHQKRRzwK8V_X62iA3vfSz1Xps8B1FZqxJWA2EdM0JkQecCuC-bnpedEoumYnif3vLhe91NV8SQ5FBlkd3NFT8vBAWCgnqT_jDf5YQW70w== encrypt$gAAAAABm7I7N50TwtCs2LUt_MArRJnLQ-xLFVhr-zDtdWUVMejViIN2O9h5d_RP45jWt5BpxIkTORarcULXprEXp7zbb-CR5CTwbsNK6HnvSHPwuwXuxJQKRJtT4wWfYEFOxY9aUR9gxvXc3arsYHwVsGyLOeWA_6YzjO5IpL1LfQrsJuUE_1p9sKRyPpslmOJtD5OihMtIfAJNzBDwOSE_gdtLa8iae3DHtSvmKbGKSvwQEZ0pkJxVTVXJY4wddQmdsuV0ky04ls_tUINH8t6IMTJCt_5_ELzpTSdcHgV6W4yh8r_LTEH38n2boYnz3fKgieHnDHDWxFW1EYA2JWjkamH7hQ8iOMl8bqQieFAENnYjF41iz6tSCjfxVyKt_OfJUAwMScVMhPsuaI_i_ZB0Ge6BLsMwkw0d3yw06CwRQ3N7PcPPJLhL_eQS3EuV7Y-7Vv64secplJJIkcFfm1t5zcGkkm4-pDw==

View file

@ -61,6 +61,9 @@ groups['home'] = {
} }
groups['sophie'] = { groups['sophie'] = {
'supergroups': {
'linux',
},
'member_patterns': { 'member_patterns': {
r"sophie\..*", r"sophie\..*",
}, },
@ -68,6 +71,9 @@ groups['sophie'] = {
'icinga_options': { 'icinga_options': {
'exclude_from_monitoring': True, 'exclude_from_monitoring': True,
}, },
'backup-client': {
'target': 'htz-hel.backup-sophie',
},
'users': { 'users': {
'sophie': {}, 'sophie': {},
}, },

View file

@ -1,5 +1,6 @@
import bwpass import bwpass
def demagify(something, vault): def demagify(something, vault):
if isinstance(something, str): if isinstance(something, str):
if something.startswith('!bwpass:'): if something.startswith('!bwpass:'):

View file

@ -17,7 +17,7 @@ WG_AUTOGEN_NODES = [
'home.router', 'home.router',
'htz-cloud.wireguard', 'htz-cloud.wireguard',
'icinga2', 'icinga2',
'daisy', None, # daisy
] ]
WG_AUTOGEN_SETTINGS = { WG_AUTOGEN_SETTINGS = {

View file

@ -4,9 +4,9 @@ from hashlib import sha3_224
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives.serialization import (Encoding, from cryptography.hazmat.primitives.serialization import (Encoding,
NoEncryption, NoEncryption,
PrivateFormat, PrivateFormat,
PublicFormat) PublicFormat)
from bundlewrap.utils import Fault from bundlewrap.utils import Fault

View file

@ -1,6 +1,7 @@
from bundlewrap.utils.ui import io
from bundlewrap.utils.scm import get_rev from bundlewrap.utils.scm import get_rev
from bundlewrap.utils.text import red, bold from bundlewrap.utils.text import bold, red
from bundlewrap.utils.ui import io
@node_attribute @node_attribute
def needs_apply(node): def needs_apply(node):

View file

@ -40,7 +40,7 @@ imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
[metadata.element-web] [metadata.element-web]
url = "chat.franzi.business" url = "chat.franzi.business"
version = "v1.11.76" version = "v1.11.85"
[metadata.element-web.config] [metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business" default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
default_server_config.'m.homeserver'.server_name = "franzi.business" default_server_config.'m.homeserver'.server_name = "franzi.business"
@ -49,8 +49,8 @@ defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net" jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.forgejo] [metadata.forgejo]
version = "8.0.2" version = "9.0.2"
sha1 = "c842480b99445b70c314e20be144789711fa7deb" sha1 = "5aecc64f93e8ef05c6d6f83d4b647bdb2c831d9f"
domain = "git.franzi.business" domain = "git.franzi.business"
enable_git_hooks = true enable_git_hooks = true
install_ssh_key = true install_ssh_key = true
@ -90,7 +90,7 @@ user_id = "@dimension:franzi.business"
admin_contact = "mailto:hostmaster@kunbox.net" admin_contact = "mailto:hostmaster@kunbox.net"
baseurl = "matrix.franzi.business" baseurl = "matrix.franzi.business"
server_name = "franzi.business" server_name = "franzi.business"
trusted_key_servers = ["matrix.org", "finallycoffee.eu"] trusted_key_servers = ["matrix.org", "161.rocks"]
additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net" additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net"
wellknown_also_on_vhosts = ["franzi.business"] wellknown_also_on_vhosts = ["franzi.business"]
[metadata.matrix-synapse.sliding_sync] [metadata.matrix-synapse.sliding_sync]
@ -114,8 +114,8 @@ provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4g
"'@kunsi:franzi.business'" = "admin" "'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp] [metadata.mautrix-whatsapp]
version = "v0.10.9" version = "v0.11.1"
sha1 = "1619579ec6b9fca84fec085a94842d309d3f730c" sha1 = "ada2dc6acfd5cb15fae341266b383d3f6e8b42bd"
permissions."'@kunsi:franzi.business'" = "admin" permissions."'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp.homeserver] [metadata.mautrix-whatsapp.homeserver]
domain = "franzi.business" domain = "franzi.business"
@ -126,7 +126,7 @@ domain = "rss.franzi.business"
[metadata.netbox] [metadata.netbox]
domain = "netbox.franzi.business" domain = "netbox.franzi.business"
version = "v4.1.0" version = "v4.1.6"
admins.kunsi = "hostmaster@kunbox.net" admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud] [metadata.nextcloud]
@ -136,6 +136,10 @@ domain = "warnochwas.de"
contact = "mailto:security@kunsmann.eu" contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc" Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"
[metadata.nginx.vhosts.'afra.berlin'.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302
[metadata.nginx.vhosts.forgejo] [metadata.nginx.vhosts.forgejo]
domain_aliases = ["git.kunsmann.eu"] domain_aliases = ["git.kunsmann.eu"]
@ -148,8 +152,10 @@ owner = "skye"
[metadata.nginx.vhosts.kunsitracker] [metadata.nginx.vhosts.kunsitracker]
domain = "kunsitracker.de" domain = "kunsitracker.de"
locations.'/'.redirect = "https://travelynx.franzi.business/p/Kunsi" locations.'/'.target = "https://travelynx.franzi.business/"
locations.'/'.mode = 302 locations.'/'.proxy_pass_host = "travelynx.franzi.business"
locations.'= /'.target = "https://travelynx.franzi.business/p/Kunsi"
locations.'= /'.proxy_pass_host = "travelynx.franzi.business"
[metadata.nginx.vhosts.mta-sts] [metadata.nginx.vhosts.mta-sts]
domain = "mta-sts.kunbox.net" domain = "mta-sts.kunbox.net"
@ -251,12 +257,12 @@ dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416"
[metadata.smartd] [metadata.smartd]
disks = [ disks = [
"/dev/nvme0", "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NF0W508470",
"/dev/nvme1", "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NX0W114380",
] ]
[metadata.travelynx] [metadata.travelynx]
version = "2.8.35" version = "2.8.40"
mail_from = "travelynx@franzi.business" mail_from = "travelynx@franzi.business"
domain = "travelynx.franzi.business" domain = "travelynx.franzi.business"

View file

@ -1,23 +0,0 @@
hostname = "2a11:f2c0:3:4::120"
bundles = [
"bird",
"wireguard",
]
groups = [
"debian-bookworm",
]
[metadata]
location = "glauca"
nameservers = [
"2606:4700::1111",
"2606:4700:4700::1001",
]
backups.exclude_from_backups = true
icinga_options.period = "daytime"
[metadata.interfaces.ens18]
ips = [
"2a11:f2c0:3:4::120/64",
]
gateway6 = "fe80::220:91ff:fe45:e19e"

View file

@ -0,0 +1,9 @@
dummy = true
[metadata.interfaces.default]
ips = ["172.19.138.75"]
dhcp = true
mac = "00:01:29:59:a9:8c"
[metadata.icinga_options]
exclude_from_monitoring = true

View file

@ -22,7 +22,7 @@ ram = 2
[metadata.homeassistant] [metadata.homeassistant]
domain = 'hass.home.kunbox.net' domain = 'hass.home.kunbox.net'
api_secret = 'encrypt$gAAAAABjpyuqXLoilokQW5c0zV8shHcOzN1zkEbS-I6WAAX-xDO_OF33YbjbkpELU2HGBzqiWX40J0hsaEbYJOnCHFk8gJ-Xt0vdqqbQ5vca_TGPNQHZPAS4qZoPTcUhmX_I-0EdT6ukhxejXFYBiYRZikTLjH3lcNM5qnckCm-H9NbRdjLb9hbCDIjbEglHmBl_g08S1_ukvX3dDSCIHIxgXXGsdK_Go1KxPJd8G22FL_MMhCfsTW-6ioIqoHSeSA1NGk3MZHEIM2errckiopKBxoBaROsacO9Uqk1zrrgXOs2NsgiTRtrbV1TNlFVaIX9mZdsUnMGZ' api_secret = '!decrypt:encrypt$gAAAAABm9lNg_mNhyzb4S6WRtVRDmQFBnPpoCwyqMnilRrAFUXc-EDvv-nYXPbSIbjTf7ZReTPtqr8k3WrGPqiuqhJ60LVv4A5DMqT5c6hTVr4WbhP4DPEIPgfd5aq6U9_-H9WDyQYHKjnunLJEYtEREzmhTq3XsYeQ05DyE7hfnQ-zVoBb0CsAK7GdhihRTdvhXv2N9M04_rigyBP-roRcUgCqwyHuWJc0IPAyn3R4Mr43ZqgR2fn6dNV_YUVKn9c0nWxIwRnYy6Ff_Te9NoGVmXxkiNUX-90bBLKFiCzrRAtizxrTiQb2SRipaWbgOlV6wbMy2KNux'
[metadata.nginx] [metadata.nginx]
restrict-to = [ restrict-to = [

View file

@ -1,9 +1,15 @@
hostname = "172.19.138.22" hostname = "172.19.138.22"
groups = ["debian-bookworm"] groups = ["debian-bookworm"]
bundles = ["docker-engine", "nginx", "redis"]
[metadata] [metadata]
icinga_options.exclude_from_monitoring = true icinga_options.exclude_from_monitoring = true
[metadata.docker-engine.config]
# this is a dev machine, it's fine if docker does shenanigans with
# iptables
iptables = true
[metadata.interfaces.eno3] [metadata.interfaces.eno3]
ips = [ ips = [
"172.19.138.22/24", "172.19.138.22/24",
@ -11,7 +17,7 @@ ips = [
gateway4 = "172.19.138.1" gateway4 = "172.19.138.1"
ipv6_accept_ra = true ipv6_accept_ra = true
[metadata.nftable.forward] [metadata.nftables.forward]
50-local-forward = [ 50-local-forward = [
'ct state { related, established } accept', 'ct state { related, established } accept',
'iifname eno3 accept', 'iifname eno3 accept',

View file

@ -12,7 +12,6 @@ nodes['home.nas'] = {
'nfs-server', 'nfs-server',
'rsyslogd', 'rsyslogd',
'samba', 'samba',
'scansnap',
'smartd', 'smartd',
'vmhost', 'vmhost',
'zfs', 'zfs',
@ -68,6 +67,22 @@ nodes['home.nas'] = {
'/storage/nas/normen', '/storage/nas/normen',
}, },
}, },
'dm-crypt': {
'encrypted-devices': {
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K': {
'dm-name': 'sam-S5SSNJ0X409404K',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409404K'),
},
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F': {
'dm-name': 'sam-S5SSNJ0X409845F',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409845F'),
},
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J': {
'dm-name': 'sam-S5SSNJ0X409870J',
'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409870J'),
},
},
},
'groups': { 'groups': {
'nas': {}, 'nas': {},
}, },
@ -97,11 +112,6 @@ nodes['home.nas'] = {
}, },
}, },
}, },
'jellyfin': {
'restrict-to': {
'home.lgtv-wohnzimmer',
},
},
'mixcloud-downloader': { 'mixcloud-downloader': {
'netrc': { 'netrc': {
'soundcloud': { 'soundcloud': {
@ -150,9 +160,6 @@ nodes['home.nas'] = {
'/srv/paperless': { '/srv/paperless': {
'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check', 'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
}, },
'/srv/scansnap': {
'172.19.138.0/24': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
},
}, },
}, },
'nginx': { 'nginx': {
@ -174,6 +181,10 @@ nodes['home.nas'] = {
'path': '/storage/nas/Musik', 'path': '/storage/nas/Musik',
'force_group': 'nas', 'force_group': 'nas',
}, },
'music_videos': {
'path': '/storage/nas/Musikvideos',
'force_group': 'nas',
},
}, },
'restrict-to': { 'restrict-to': {
'172.19.138.0/24', '172.19.138.0/24',
@ -183,9 +194,18 @@ nodes['home.nas'] = {
'disks': { 'disks': {
'/dev/nvme0', '/dev/nvme0',
# ZFS cache disks # old nas disks
#'/dev/disk/by-id/ata-TS64GSSD370_B807810503', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR',
#'/dev/disk/by-id/ata-TS64GSSD370_B807810527', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJGN6R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V9JS5UYL',
# encrypted disks
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K',
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F',
'/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J',
}, },
}, },
'systemd-networkd': { 'systemd-networkd': {
@ -254,26 +274,49 @@ nodes['home.nas'] = {
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR', '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
}, },
}, },
# {
# 'type': 'log',
# 'devices': {
# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part1',
# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part1',
# },
# },
# {
# 'type': 'cache',
# 'devices': {
# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part2',
# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part2',
# },
# },
], ],
'ashift': 12, 'ashift': 12,
}, },
}, },
'encrypted': {
'when_creating': {
'config': [
{
'type': 'raidz',
'devices': {
'/dev/mapper/sam-S5SSNJ0X409404K',
'/dev/mapper/sam-S5SSNJ0X409845F',
'/dev/mapper/sam-S5SSNJ0X409870J',
},
},
],
'ashift': 12,
},
'needs': {
'action:dm-crypt_open_sam-S5SSNJ0X409404K',
'action:dm-crypt_open_sam-S5SSNJ0X409845F',
'action:dm-crypt_open_sam-S5SSNJ0X409870J',
},
# see comment in bundle:backup-server
'unless': 'zpool import encrypted',
},
}, },
'datasets': { 'datasets': {
'encrypted': {
'primarycache': 'metadata',
},
'encrypted/download': {
'mountpoint': '/media/download',
},
'encrypted/nas': {
'acltype': 'off',
'atime': 'off',
'compression': 'off',
'mountpoint': '/storage/nas',
},
'encrypted/paperless': {
'mountpoint': '/media/paperless',
},
'storage': { 'storage': {
'primarycache': 'metadata', 'primarycache': 'metadata',
}, },
@ -283,25 +326,35 @@ nodes['home.nas'] = {
'storage/download': { 'storage/download': {
'mountpoint': '/storage/download', 'mountpoint': '/storage/download',
}, },
'storage/inbox': {
'quota': str(1024*1024*1024*1024), # 1TB
'mountpoint': '/storage/inbox',
},
'storage/nas': { 'storage/nas': {
'acltype': 'off', 'acltype': 'off',
'atime': 'off', 'atime': 'off',
'compression': 'off', 'compression': 'off',
'mountpoint': '/storage/nas', 'mountpoint': '/media/nas_old',
}, },
'storage/paperless': { 'storage/paperless': {
'mountpoint': '/srv/paperless', 'mountpoint': '/srv/paperless',
}, },
'storage/scan': {
'mountpoint': '/srv/scansnap',
},
}, },
'snapshots': { 'snapshots': {
'retain_per_dataset': { 'retain_per_dataset': {
'encrypted/download': {
'hourly': 6,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
'encrypted/nas': {
# juuuuuuuust to be sure.
'daily': 14,
'weekly': 6,
'monthly': 12,
},
'encrypted/paperless': {
'daily': 14,
'weekly': 6,
'monthly': 24,
},
'storage/download': { 'storage/download': {
'hourly': 48, 'hourly': 48,
'daily': 0, 'daily': 0,
@ -319,12 +372,6 @@ nodes['home.nas'] = {
'weekly': 6, 'weekly': 6,
'monthly': 24, 'monthly': 24,
}, },
'storage/scan': {
'hourly': 6,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
}, },
}, },
}, },

View file

@ -6,6 +6,7 @@ nodes['home.paperless'] = {
'redis', 'redis',
'postgresql', 'postgresql',
'paperless-ng', 'paperless-ng',
'proftpd',
}, },
'groups': { 'groups': {
'debian-bookworm', 'debian-bookworm',
@ -47,12 +48,17 @@ nodes['home.paperless'] = {
}, },
'paperless': { 'paperless': {
'domain': 'paperless.home.kunbox.net', 'domain': 'paperless.home.kunbox.net',
'version': 'v2.11.6', 'version': 'v2.13.5',
'timezone': 'Europe/Berlin', 'timezone': 'Europe/Berlin',
}, },
'postgresql': { 'postgresql': {
'version': 15, 'version': 15,
}, },
'proftpd': {
'restrict-to': {
'home.fujitsu-n7100',
},
},
'vm': { 'vm': {
'cpu': 2, 'cpu': 2,
'ram': 2, 'ram': 2,

View file

@ -1,100 +0,0 @@
hostname = "91.107.203.234"
bundles = [
"element-web",
"matrix-media-repo",
"matrix-registration",
"matrix-synapse",
"nodejs",
"postgresql",
"zfs",
]
groups = [
"debian-bookworm",
"webserver",
]
[metadata.icinga_options]
pretty_name = "afra.berlin"
[metadata.interfaces.eth0]
ips = [
"91.107.203.234/32",
"2a01:4f8:c010:b0e1::1/64",
]
gateway4 = '172.31.1.1'
gateway6 = 'fe80::1'
[metadata.interfaces.ens10]
ips = [
"172.19.137.7/32",
]
routes.'172.19.128.0/20'.via = "172.19.137.1"
[metadata.element-web]
url = "element.afra.berlin"
version = "v1.11.76"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.afra.berlin"
default_server_config.'m.homeserver'.server_name = "afra.berlin"
brand = "afra.berlin"
defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.matrix-media-repo]
admins = ['@administress:afra.berlin']
datastore_id = "e33b50474021fba9977f912414cdd7fe8890ed57"
sha1 = "3e2bb7089b0898b86000243a82cc58ae998dc9d9"
upload_max_mb = 50
version = "v1.3.7"
[metadata.matrix-media-repo.homeservers.'afra.berlin']
domain = "http://[::1]:20080/"
api = "synapse"
signing_key_path = "/etc/matrix-synapse/mmr.signing.key"
[metadata.matrix-registration]
base_path = "/matrix"
client_redirect = "https://element.afra.berlin"
[metadata.matrix-synapse]
server_name = "afra.berlin"
baseurl = "matrix.afra.berlin"
admin_contact = 'mailto:hostmaster@kunbox.net'
trusted_key_servers = [
"matrix.org",
"franzi.business",
]
wellknown_also_on_vhosts = ["redirect"]
[metadata.nginx.vhosts.redirect]
domain = "afra.berlin"
[metadata.nginx.vhosts.redirect.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/host-meta']
#redirect = "https://fedi.afra.berlin/.well-known/host-meta"
#mode = 301
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/nodeinfo']
#redirect = "https://fedi.afra.berlin/.well-known/nodeinfo"
#mode = 301
#[metadata.nginx.vhosts.redirect.locations.'/.well-known/webfinger']
#redirect = "https://fedi.afra.berlin/.well-known/webfinger"
#mode = 301
[metadata.nginx.vhosts.redirect.locations.'/matrix/']
target = "http://127.0.0.1:20100/"
[metadata.postgresql]
version = "15"
work_mem = 1024
cache_size = 2048
[[metadata.zfs.pools.tank.when_creating.config]]
devices = ["/dev/disk/by-id/scsi-0HC_Volume_32207877"]
[metadata.vm]
cpu = 2
ram = 8

View file

@ -37,6 +37,7 @@ nodes['htz-cloud.wireguard'] = {
'172.19.137.0/24', '172.19.137.0/24',
'172.19.136.62/31', '172.19.136.62/31',
'172.19.136.64/31', '172.19.136.64/31',
'192.168.100.0/24',
}, },
}, },
'nftables': { 'nftables': {
@ -80,6 +81,17 @@ nodes['htz-cloud.wireguard'] = {
'10.73.0.0/16', '10.73.0.0/16',
}, },
}, },
'fra-jana': {
'endpoint': 'gw.as212226.net:40000',
'my_ip': '192.168.48.11/24',
'my_port': 51802,
'their_ip': '192.168.48.1',
'pubkey': vault.decrypt('encrypt$gAAAAABnCA7M0Jg0cQwIaYCYEYN74MOSQK30rbhxD6tDIi2VEBqPh-UHrt7MdRzI4AUZ-p0MzjIdsps_DdGBkUTwA_UKD15Q_tg_LJNwDb04zvgSqc3hnJ4jeS2ZZEED0T1dVJ7E0YNS'),
'masquerade': True,
'routes': {
'192.168.100.0/24',
},
},
'kunsi-oneplus7': { 'kunsi-oneplus7': {
'endpoint': None, 'endpoint': None,
'exclude_from_monitoring': True, 'exclude_from_monitoring': True,

View file

@ -33,5 +33,8 @@ nodes['htz-hel.backup-kunsi'] = {
'/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1': bwpass.password('bw/backup-kunsi/encryption-passphrase'), '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1': bwpass.password('bw/backup-kunsi/encryption-passphrase'),
}, },
}, },
'zfs': {
'scrub_when': 'Wed 08:00 Europe/Berlin',
},
}, },
} }

View file

@ -1,5 +1,6 @@
hostname = "2a01:4f9:6b:2d99::c0ff:ee" hostname = "2a01:4f9:6b:2d99::c0ff:ee"
dummy = true #dummy = true
bundles = ["sshmon", "smartd"]
# How to install: # How to install:
# - Get server at Hetzner (no IPv4) # - Get server at Hetzner (no IPv4)
@ -17,3 +18,11 @@ dummy = true
# - IPv6 only # - IPv6 only
# - IP from the /64 hetzner gives us # - IP from the /64 hetzner gives us
# - Gateway is the host itself, to work around the MAC filter hetzner uses # - Gateway is the host itself, to work around the MAC filter hetzner uses
[metadata.smartd]
disks = [
"/dev/sda",
"/dev/sdb",
"/dev/sdc",
"/dev/sdd",
]

View file

@ -97,16 +97,15 @@ nodes['kunsi-p14s'] = {
'xf86-video-amdgpu': {}, 'xf86-video-amdgpu': {},
# all that other random stuff one needs # all that other random stuff one needs
'abcde': {}, #'abcde': {},
'apachedirectorystudio': {},
'claws-mail': {}, 'claws-mail': {},
'claws-mail-themes': {}, 'claws-mail-themes': {},
'ferdium-bin': {}, 'ferdium-bin': {},
'gumbo-parser': {}, # for claws litehtml 'gumbo-parser': {}, # for claws litehtml
'inkstitch': {}, # for RZL embroidery machine 'inkstitch': {}, # for RZL embroidery machine
'obs-studio': {}, 'obs-studio': {},
'perl-musicbrainz-discid': {}, # for abcde #'perl-musicbrainz-discid': {}, # for abcde
'perl-webservice-musicbrainz': {}, # for abcde #'perl-webservice-musicbrainz': {}, # for abcde
'sdl_ttf': {}, # for compiling testcard 'sdl_ttf': {}, # for compiling testcard
'x32edit': {}, 'x32edit': {},
}, },

View file

@ -0,0 +1,7 @@
dummy = true
[metadata.icinga_options]
period = "daytime"
[metadata.interfaces.default]
ips = ["192.168.100.27/24"]

View file

@ -0,0 +1,61 @@
hostname = "91.198.192.207"
groups = [
"debian-bookworm",
"webserver",
]
bundles = [
"docker-engine",
"docker-immich",
"ipmitool",
"redis",
"smartd",
"zfs",
]
[metadata.icinga_options]
period = "daytime"
[metadata.interfaces.eno4]
ips = [
"91.198.192.207/27",
"2001:67c:b54:1::e/64",
]
gateway4 = "91.198.192.193"
gateway6 = "2001:67c:b54:1::1"
[metadata.nginx.vhosts.immich]
domain = "rr-immich.franzi.business"
[metadata.smartd]
disks = [
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0287704",
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0387139",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21133V800321",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21283J446103",
"/dev/disk/by-id/nvme-TOSHIBA-RC100_58UPC29HPW5S",
]
[metadata.zfs.pools.tank.when_creating]
ashift = 12
[[metadata.zfs.pools.tank.when_creating.config]]
type = "mirror"
devices = [
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0287704",
"/dev/disk/by-id/ata-WDC_WD30EZRX-00DC0B0_WD-WMC1T0387139",
]
[[metadata.zfs.pools.tank.when_creating.config]]
type = "log"
devices = [
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21133V800321-part1",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21283J446103-part1",
]
[[metadata.zfs.pools.tank.when_creating.config]]
type = "cache"
devices = [
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21133V800321-part2",
"/dev/disk/by-id/ata-WDC_WDS100T1R0A-68A4W0_21283J446103-part2",
]

View file

@ -54,7 +54,6 @@ nodes['htz-cloud.miniserver'] = {
'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \ 'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \
'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n', 'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
}, },
'target': "htz-hel.backup-sophie",
}, },
'backups': { 'backups': {
'paths': { 'paths': {

View file

@ -1,12 +1,12 @@
nodes['voc.infobeamer-cms'] = { nodes['voc.infobeamer-cms'] = {
'hostname': 'infobeamer-cms.c3voc.de', 'hostname': 'infobeamer.c3voc.de',
'bundles': { 'bundles': {
'infobeamer-cms', 'infobeamer-cms',
'infobeamer-monitor', 'infobeamer-monitor',
'redis', 'redis',
}, },
'groups': { 'groups': {
'debian-bullseye', 'debian-bookworm',
'webserver', 'webserver',
}, },
'metadata': { 'metadata': {
@ -25,7 +25,7 @@ nodes['voc.infobeamer-cms'] = {
}, },
'infobeamer-cms': { 'infobeamer-cms': {
'domain': 'infobeamer.c3voc.de', 'domain': 'infobeamer.c3voc.de',
'event_start_date': '2024-05-29', 'event_start_date': '2024-12-26',
'event_duration_days': 5, 'event_duration_days': 5,
'config': { 'config': {
'ADMIN_USERS': [ 'ADMIN_USERS': [
@ -34,18 +34,14 @@ nodes['voc.infobeamer-cms'] = {
'jwacalex', 'jwacalex',
'kunsi', 'kunsi',
'sophieschi', 'sophieschi',
'v0tti',
], ],
'GITHUB_CLIENT_ID': vault.decrypt('encrypt$gAAAAABiNwHfIu9PYFfJrF7qirn_9vdvvUlEhJnadoNSS5XlCDbI_aMyj21_ZYQxaCkc6_eVX6Cj1jEHZ7Vs6wM-XyQdW0nUOahtqG4uvnYCiM3GFKHW_wQ='), 'GITHUB_CLIENT_ID': vault.decrypt('encrypt$gAAAAABiNwHfIu9PYFfJrF7qirn_9vdvvUlEhJnadoNSS5XlCDbI_aMyj21_ZYQxaCkc6_eVX6Cj1jEHZ7Vs6wM-XyQdW0nUOahtqG4uvnYCiM3GFKHW_wQ='),
'GITHUB_CLIENT_SECRET': vault.decrypt('encrypt$gAAAAABiNwHtdZC2XQ8IjosL7vsmrxZMwDIM6AD5dUlLo996tJs4qV7KJETHgYYZil2aMzClwhcE6JmxdhARRp7IJQ4rQQibelTNmyYSzj_V4puVpvma7SU0UZkTIG95SdPpoHY--Zba'), 'GITHUB_CLIENT_SECRET': vault.decrypt('encrypt$gAAAAABiNwHtdZC2XQ8IjosL7vsmrxZMwDIM6AD5dUlLo996tJs4qV7KJETHgYYZil2aMzClwhcE6JmxdhARRp7IJQ4rQQibelTNmyYSzj_V4puVpvma7SU0UZkTIG95SdPpoHY--Zba'),
'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'), 'HOSTED_API_KEY': vault.decrypt('encrypt$gAAAAABhxJPH2sIGMAibU2Us1HoCVlNfF0SQQnVl0eiod48Zu8webL_-xk3wDw3yXw1Hkglj-2usl-D3Yd095yTSq0vZMCv2fh-JWwSPdJewQ45x9Ai4vXVD4CNz5vuJBESKS9xQWXTc'),
'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key'), 'INTERRUPT_KEY': vault.human_password_for('infobeamer-cms interrupt key 38c3', words=1),
'MQTT_MESSAGE': '{{"level":"info","component":"infobeamer-cms","msg":"{asset} uploaded by {user}. Check it at {url}"}}',
'MQTT_PASSWORD': vault.decrypt('encrypt$gAAAAABhxakfhhwWn0vxhoO1FiMEpdCkomWvo0dHIuBrqDKav8WDpI6dXpb0hoXiWRsPV6p5m-8RlbfFbjPhz47AY-nFOOAAW6Yis3-IVD-U-InKJo9dvms='),
'MQTT_SERVER': 'mqtt.c3voc.de',
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
'SETUP_IDS': [ 'SETUP_IDS': [
250294, 253559,
], ],
# 'EXTRA_ASSETS': [{ # 'EXTRA_ASSETS': [{
# 'type': "image", # 'type': "image",
@ -56,17 +52,35 @@ nodes['voc.infobeamer-cms'] = {
# 'x2': 110, # 'x2': 110,
# 'y2': 1070, # 'y2': 1070,
# }], # }],
'NOTIFIER': {
'MQTT_PASSWORD': vault.decrypt('encrypt$gAAAAABhxakfhhwWn0vxhoO1FiMEpdCkomWvo0dHIuBrqDKav8WDpI6dXpb0hoXiWRsPV6p5m-8RlbfFbjPhz47AY-nFOOAAW6Yis3-IVD-U-InKJo9dvms='),
'MQTT_HOST': 'mqtt.c3voc.de',
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
'NTFY': [
vault.decrypt('encrypt$gAAAAABm_RXKqIgRfe24frA_uvUMwJECr0TmL6TWPOmrPlS0CJuuBlpN6vGHrMkm5pjD5c5h1brC-aqQavsTk_AHXwq8bHG1QiZtQwqPxGuD_fEVP4-xOZ3t-RjqG3kPLz6ebqPoqyPl'),
],
},
'FAQ': {
'SOURCE': 'https://github.com/voc/infobeamer-cms',
'CONTACT': '''
Please use the <a href="https://chat.hackint.org/?join=infobeamer">IRC
Channel #infobeamer on irc.hackint.org</a> (also
<a href="https://www.hackint.org/transport/matrix">bridged to matrix</a>)
or #info-beamer on the cccv rocketchat instance.
'''.strip(),
},
}, },
'rooms': { 'rooms': {
'Saal 1': 34430, # 'Saal 1': 34430,
'Saal G': 26598, # 'Saal G': 26598,
'Saal Z': 26610, # 'Saal Z': 26610,
'Saal E (SoS/Lightning-Talks)': 32814, # 'Saal E (SoS/Lightning-Talks)': 32814,
'Saal F (Sendezentrum/DLF)': 9717, # 'Saal F (Sendezentrum/DLF)': 9717,
}, },
'interrupts': { 'interrupts': {
'Questions': 'questions', # 'Questions': 'questions',
'Translations': 'translations', # 'Translations': 'translations',
}, },
}, },
'infobeamer-monitor': { 'infobeamer-monitor': {

View file

@ -49,14 +49,15 @@ nodes['voc.pretalx'] = {
}, },
}, },
'pretalx': { 'pretalx': {
'version': 'v2024.2.1', # 2023.3.1 with some bugfixes
'version': '05e377398cecdd45d3ca6013040c5857bbe225d6',
'domain': 'pretalx.c3voc.de', 'domain': 'pretalx.c3voc.de',
'mail_from': 'pretalx@c3voc.de', 'mail_from': 'pretalx@c3voc.de',
'administrators-from-group-id': 1, 'administrators-from-group-id': 1,
'plugins': { 'plugins': {
'broadcast_tools': { 'broadcast_tools': {
'repo': 'https://github.com/Kunsi/pretalx-plugin-broadcast-tools.git', 'repo': 'https://github.com/Kunsi/pretalx-plugin-broadcast-tools.git',
'rev': 'main', 'rev': '2.4.0',
}, },
'downstream': { 'downstream': {
'repo': 'https://github.com/pretalx/pretalx-downstream.git', 'repo': 'https://github.com/pretalx/pretalx-downstream.git',
@ -64,7 +65,7 @@ nodes['voc.pretalx'] = {
}, },
'halfnarp': { 'halfnarp': {
'repo': 'https://github.com/seibert-media/pretalx-halfnarp.git', 'repo': 'https://github.com/seibert-media/pretalx-halfnarp.git',
'rev': '1.1.0', 'rev': '1.1.2',
}, },
'media.ccc.de': { 'media.ccc.de': {
'repo': 'https://github.com/pretalx/pretalx-media-ccc-de.git', 'repo': 'https://github.com/pretalx/pretalx-media-ccc-de.git',
@ -81,6 +82,6 @@ nodes['voc.pretalx'] = {
}, },
}, },
'os': 'debian', 'os': 'debian',
'os_version': (11,), 'os_version': (12,),
'pip_command': 'pip3', 'pip_command': 'pip3',
} }