diff --git a/bundles/freescout/items.py b/bundles/freescout/items.py new file mode 100644 index 0000000..6168193 --- /dev/null +++ b/bundles/freescout/items.py @@ -0,0 +1,20 @@ +# https://github.com/freescout-helpdesk/freescout/wiki/Installation-Guide + +directories = { + '/opt/freescout': { + 'owner': 'www-data', + 'group': 'www-data', + # chown -R www-data:www-data /opt/freescout + }, +} + +git_deploy = { + '/opt/freescout': { + 'repo': 'https://github.com/freescout-helpdesk/freescout.git', + 'rev': 'master', + }, +} + + +files = { +} diff --git a/bundles/freescout/metadata.py b/bundles/freescout/metadata.py new file mode 100644 index 0000000..bc296d0 --- /dev/null +++ b/bundles/freescout/metadata.py @@ -0,0 +1,52 @@ +database_password = repo.vault.password_for(f'{node.name} postgresql freescout').value + +defaults = { + 'apt': { + 'packages': { + 'php': {}, + 'php-mysql': {}, + 'php-fpm': {}, + 'php-mbstring': {}, + 'php-xml': {}, + 'php-imap': {}, + 'php-zip': {}, + 'php-gd': {}, + 'php-curl': {}, + 'php-intl': {}, + }, + }, + 'php': { + 'php.ini': { + 'cgi': { + 'fix_pathinfo': '0', + }, + }, + }, + 'postgresql': { + 'roles': { + 'freescout': { + 'password': database_password, + }, + }, + 'databases': { + 'freescout': { + 'owner': 'freescout', + }, + }, + }, +} + + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx(metadata): + return { + 'nginx': { + 'vhosts': { + metadata.get('freescout/domain'): { + 'content': 'freescout/vhost.conf', + }, + }, + }, + } diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index 62785cb..e84697a 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -118,7 +118,7 @@ def nginx(metadata): 'content': 'nginx/proxy_pass.conf', 'context': { 'target': 'http://127.0.0.1:3500', - } + }, }, }, }, diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py index 861dc1f..af25d58 100644 --- a/bundles/icinga2/items.py +++ b/bundles/icinga2/items.py @@ -269,7 +269,7 @@ svc_systemd = { 'icinga2.service': { 'needs': [ 'pkg_apt:icinga2-ido-pgsql', - 'svc_systemd:postgresql', + 'svc_systemd:postgresql.service', ], }, } diff --git a/bundles/php/metadata.py b/bundles/php/metadata.py index 15e7f90..7ed8d22 100644 --- a/bundles/php/metadata.py +++ b/bundles/php/metadata.py @@ -113,7 +113,7 @@ def php_ini(metadata): 'opcache.revalidate_freq': '60', }, } - + return { 'php': { 'php.ini': { @@ -145,7 +145,7 @@ def www_conf(metadata): 'pm': 'dynamic', 'pm.max_children': int(threads*2), 'pm.start_servers': int(threads), - 'pm.min_spare_servers': int(threads/2), + 'pm.min_spare_servers': max([1, int(threads/2)]), 'pm.max_spare_servers': int(threads), 'pm.max_requests': int(threads*32), }, diff --git a/bundles/postgresql/items.py b/bundles/postgresql/items.py index 8a5f4c6..b7e7ba8 100644 --- a/bundles/postgresql/items.py +++ b/bundles/postgresql/items.py @@ -12,7 +12,7 @@ directories = { 'zfs_dataset:tank/postgresql', ], 'needed_by': [ - 'svc_systemd:postgresql', + 'svc_systemd:postgresql.service', ], } } @@ -25,16 +25,19 @@ files = { ) + '\n', 'owner': 'postgres', 'group': 'postgres', + 'needs': [ + 'pkg_apt:postgresql', + ], 'needed_by': [ - 'svc_systemd:postgresql', + 'svc_systemd:postgresql.service', ], 'triggers': [ - 'svc_systemd:postgresql:restart', + 'svc_systemd:postgresql.service:restart', ], }, } -svc_systemd['postgresql'] = { +svc_systemd['postgresql.service'] = { 'needs': [ 'pkg_apt:postgresql', ], @@ -43,13 +46,13 @@ svc_systemd['postgresql'] = { for user, config in node.metadata.get('postgresql/roles').items(): postgres_roles[user] = merge_dict(config, { 'needs': [ - 'svc_systemd:postgresql', + 'svc_systemd:postgresql.service', ], }) for database, config in node.metadata.get('postgresql/databases').items(): postgres_dbs[database] = merge_dict(config, { 'needs': [ - 'svc_systemd:postgresql', + 'svc_systemd:postgresql.service', ], }) diff --git a/data/freescout/vhost.conf b/data/freescout/vhost.conf new file mode 100644 index 0000000..628705a --- /dev/null +++ b/data/freescout/vhost.conf @@ -0,0 +1,53 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${server_name}; + + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + + root /opt/freescout/public; + + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php-handler; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include params/fastcgi; + } + # Uncomment this location if you want to improve attachments downloading speed. + # Also make sure to set APP_DOWNLOAD_ATTACHMENTS_VIA=nginx in the .env file. + #location ^~ /storage/app/attachment/ { + # internal; + # alias /var/www/html/storage/app/attachment/; + #} + location ~* ^/storage/attachment/ { + expires 1M; + access_log off; + try_files $uri $uri/ /index.php?$query_string; + } + location ~* ^/(?:css|js)/.*\.(?:css|js)$ { + expires 2d; + access_log off; + add_header Cache-Control "public, must-revalidate"; + } + # The list should be in sync with /storage/app/public/uploads/.htaccess and /config/app.php + location ~* ^/storage/.*\.((?!(jpg|jpeg|jfif|pjpeg|pjp|apng|bmp|gif|ico|cur|png|tif|tiff|webp|pdf|txt|diff|patch|json|mp3|wav|ogg|wma)).)*$ { + add_header Content-disposition "attachment; filename=$2"; + default_type application/octet-stream; + } + location ~* ^/(?:css|fonts|img|installer|js|modules|[^\\\]+\..*)$ { + expires 1M; + access_log off; + add_header Cache-Control "public"; + } + location ~ /\. { + deny all; + } +} diff --git a/groups/applications/freescout.py b/groups/applications/freescout.py new file mode 100644 index 0000000..d00e431 --- /dev/null +++ b/groups/applications/freescout.py @@ -0,0 +1,10 @@ +{ + 'supergroups': [ + 'webserver', + ], + 'bundles': [ + 'freescout', + 'php', + 'postgresql', + ], +} diff --git a/nodes/home.server.py b/nodes/home.server.py index 3d2734e..dc0737f 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -174,6 +174,7 @@ '10.0.10.0/24', '10.0.11.0/24', '192.168.179.0/24', + '10.0.238.0/24', # mseibert.freescout ], }, }, diff --git a/nodes/mseibert.freescout.py b/nodes/mseibert.freescout.py new file mode 100644 index 0000000..3c1c722 --- /dev/null +++ b/nodes/mseibert.freescout.py @@ -0,0 +1,60 @@ +{ + 'hostname': '88.198.202.28', + 'groups': [ + 'backup', + 'debian-12', + 'monitored', + 'webserver', + 'freescout', + ], + 'bundles': [ + 'wireguard', + 'zfs', + ], + 'metadata': { + 'id': '5333e3dd-0718-493a-a93c-529612a45079', + 'network': { + 'internal': { + 'interface': 'ens10', + 'ipv4': '10.0.238.2/32', + }, + 'external': { + 'interface': 'eth0', + 'ipv4': '88.198.202.28/32', + 'gateway4': '172.31.1.1', + 'ipv6': '2a01:4f8:c012:8e8f::1/64', + 'gateway6': 'fe80::1', + }, + }, + 'freescout': { + 'domain': 'freescout.foerderkreis-oranienschule.de', + }, + 'vm': { + 'cores': 1, + 'ram': 2048, + }, + 'wireguard': { + 'my_ip': '172.30.0.238/32', + 's2s': { + 'netcup.mails': { + 'allowed_ips': [ + '10.0.0.0/24', + '10.0.2.0/24', + '10.0.9.0/24', + '10.0.10.0/24', + '10.0.11.0/24', + ], + }, + }, + }, + 'zfs': { + 'pools': { + 'tank': { + 'devices': [ + '/dev/disk/by-id/scsi-0HC_Volume_100356294', + ], + }, + }, + }, + }, +} diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index 912c6e9..65b73a4 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -53,6 +53,7 @@ 'left4.me', 'elimu-kwanza.de', 'cronekorkn.de', + 'freescout.foerderkreis-oranienschule.de', }, }, 'dns': { @@ -216,6 +217,11 @@ '192.168.179.0/24', ], }, + 'mseibert.freescout': { + 'allowed_ips': [ + '10.0.238.0/24', + ], + }, }, 'clients': { 'macbook': {