diff --git a/bundles/mariadb/README.md b/bundles/mariadb/README.md new file mode 100644 index 0000000..854ce9e --- /dev/null +++ b/bundles/mariadb/README.md @@ -0,0 +1 @@ +https://mariadb.com/kb/en/systemd/#configuring-mariadb-to-write-the-error-log-to-syslog diff --git a/bundles/mariadb/files/override.conf b/bundles/mariadb/files/override.conf new file mode 100644 index 0000000..ae2fccd --- /dev/null +++ b/bundles/mariadb/files/override.conf @@ -0,0 +1,11 @@ +% for section, options in sorted(conf.items()): +[${section}] +% for key, value in sorted(options.items()): +% if value is None: +${key} +% else: +${key} = ${value} +% endif +% endfor + +% endfor diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py new file mode 100644 index 0000000..7eeb8f5 --- /dev/null +++ b/bundles/mariadb/items.py @@ -0,0 +1,40 @@ +from shlex import quote + +directories = { + '/var/lib/mysql': { + 'owner': 'mysql', + 'group': 'mysql', + 'needs': [ + 'zfs_dataset:tank/mariadb', + ], + 'needed_by': [ + 'pkg_apt:mariadb-server', + ], + }, +} + +files = { + '/etc/mysql/conf.d/override.conf': { + 'context': { + 'conf': node.metadata.get('mariadb/conf'), + }, + 'content_type': 'mako', + }, +} + +svc_systemd = { + 'mariadb.service': { + 'needs': [ + 'pkg_apt:mariadb-server', + ], + }, +} + +for db, conf in node.metadata.get('mariadb/databases', {}).items(): + actions[f'mariadb_create_database_{db}'] = { + 'command': 'mariadb -Bsr --execute ' + quote(f"CREATE DATABASE {db}"), + 'unless': '! mariadb -Bsr --execute ' + quote(f"SHOW DATABASES LIKE '{db}'") + ' | grep -q ^db$', + 'needs': [ + 'svc_systemd:mariadb.service', + ], + } diff --git a/bundles/mariadb/metadata.py b/bundles/mariadb/metadata.py new file mode 100644 index 0000000..869e3e6 --- /dev/null +++ b/bundles/mariadb/metadata.py @@ -0,0 +1,36 @@ +defaults = { + 'apt': { + 'packages': { + 'mariadb-server': {}, + }, + }, + 'mariadb': { + 'databases': {}, + 'conf': { + # https://www.reddit.com/r/zfs/comments/u1xklc/mariadbmysql_database_settings_for_zfs + 'mysqld': { + 'skip-innodb_doublewrite': None, + 'innodb_flush_method': 'fsync', + 'innodb_doublewrite': '0', + 'innodb_use_atomic_writes': '0', + 'innodb_use_native_aio': '0', + 'innodb_read_io_threads': '10', + 'innodb_write_io_threads': '10', + 'innodb_buffer_pool_size': '26G', + 'innodb_flush_log_at_trx_commit': '1', + 'innodb_log_file_size': '1G', + 'innodb_flush_neighbors': '0', + 'innodb_fast_shutdown': '2', + }, + }, + }, + 'zfs': { + 'datasets': { + 'tank/mariadb': { + 'mountpoint': '/var/lib/mysql', + 'recordsize': '16384', + 'atime': 'off', + }, + }, + }, +} diff --git a/bundles/wordpress/items.py b/bundles/wordpress/items.py new file mode 100644 index 0000000..e82bae3 --- /dev/null +++ b/bundles/wordpress/items.py @@ -0,0 +1,8 @@ +for domain, conf in node.metadata.get('wordpress').items(): + directories = { + f'/opt/wordpress/{domain}': { + 'owner': 'www-data', + 'group': 'www-data', + 'mode': '0755', + }, + } diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py new file mode 100644 index 0000000..3443120 --- /dev/null +++ b/bundles/wordpress/metadata.py @@ -0,0 +1,31 @@ +defaults = {} + + +@metadata_reactor.provides( + 'wordpress', +) +def wordpress(metadata): + return { + 'wordpress': { + site: { + 'db_password': repo.vault.password_for(f"wordpress {site} db"), + } + for site in metadata.get('wordpress', {}) + }, + } + + +@metadata_reactor.provides( + 'mariadb', +) +def mariadb(metadata): + return { + 'mariadb': { + 'databases': { + site: { + 'password': metadata.get(f'wordpress/{site}/db_password') + } + for site in metadata.get('wordpress', {}) + }, + }, + } diff --git a/groups/applications/wordpress.py b/groups/applications/wordpress.py new file mode 100644 index 0000000..f802d76 --- /dev/null +++ b/groups/applications/wordpress.py @@ -0,0 +1,8 @@ +{ + 'bundles': [ + 'letsencrypt', + 'mariadb', + 'nginx', + 'wordpress', + ], +} diff --git a/nodes/home.backups.py b/nodes/home.backups.py index aa0c79c..8d70e94 100644 --- a/nodes/home.backups.py +++ b/nodes/home.backups.py @@ -1,4 +1,5 @@ { + 'dummy': True, 'hostname': '10.0.0.5', 'groups': [ 'autologin', diff --git a/nodes/home.server.py b/nodes/home.server.py index 5dbf73d..70b9838 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -111,7 +111,7 @@ }, 'nextcloud': { 'hostname': 'cloud.sublimity.de', - 'version': '27.1.4', + 'version': '28.0.1', 'config': { 'instanceid': 'oci6dw1woodz', 'secret': '!decrypt:encrypt$gAAAAABj96CFynVtEgsje7173zjQAcY7xQG3uyf5cxE-sJAvhyPh_KUykTKdwnExc8NTDJ8RIGUmVfgC6or5crnYaggARPIEg5-Cb0xVdEPPZ3oZ01ImLmynLu3qXT9O8kVM-H21--OKeztMRn7bySsbXdWEGtETFQ==', diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index cf60377..31dd171 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -7,6 +7,7 @@ 'monitored', 'webserver', 'dnsserver', + 'wordpress', #'left4dead2', ], 'bundles': [ @@ -21,6 +22,11 @@ 'zfs', ], 'metadata': { + 'wordpress': { + 'elimukwanza': { + 'domain': 'elimu-kwanza.de', + }, + }, 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'network': { 'internal': {