diff --git a/bundles/letsencrypt/items.py b/bundles/letsencrypt/items.py index ff28e68..b24a9f1 100644 --- a/bundles/letsencrypt/items.py +++ b/bundles/letsencrypt/items.py @@ -56,6 +56,7 @@ for domain in node.metadata.get('letsencrypt/domains').keys(): 'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true', 'needs': { 'file:/etc/dehydrated/letsencrypt-ensure-some-certificate', + 'pkg_apt:dehydrated', }, 'needed_by': { 'svc_systemd:nginx', diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 031a386..07dffc3 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -13,6 +13,7 @@ directories = { ], 'needed_by': [ 'pkg_apt:mariadb-server', + 'pkg_apt:mariadb-client', ], }, } @@ -30,6 +31,7 @@ svc_systemd = { 'mariadb.service': { 'needs': [ 'pkg_apt:mariadb-server', + 'pkg_apt:mariadb-client', ], }, } diff --git a/bundles/mariadb/metadata.py b/bundles/mariadb/metadata.py index 869e3e6..ee406cb 100644 --- a/bundles/mariadb/metadata.py +++ b/bundles/mariadb/metadata.py @@ -1,7 +1,16 @@ defaults = { 'apt': { 'packages': { - 'mariadb-server': {}, + 'mariadb-server': { + 'needs': { + 'zfs_dataset:tank/mariadb', + }, + }, + 'mariadb-client': { + 'needs': { + 'zfs_dataset:tank/mariadb', + }, + }, }, }, 'mariadb': { diff --git a/bundles/postgresql/metadata.py b/bundles/postgresql/metadata.py index 7188b9a..a7baafd 100644 --- a/bundles/postgresql/metadata.py +++ b/bundles/postgresql/metadata.py @@ -6,7 +6,11 @@ root_password = repo.vault.password_for(f'{node.name} postgresql root') defaults = { 'apt': { 'packages': { - 'postgresql': {}, + 'postgresql': { + 'needs': { + 'zfs_dataset:tank/postgresql', + }, + }, }, }, 'backup': { diff --git a/bundles/telegraf/items.py b/bundles/telegraf/items.py index 6974535..da58a3e 100644 --- a/bundles/telegraf/items.py +++ b/bundles/telegraf/items.py @@ -15,16 +15,16 @@ files = { 'svc_systemd:telegraf:restart', ], }, - '/usr/local/share/telegraf/procio': { - 'content_type': 'download', - 'source': f"https://dl.sublimity.de/telegraf-procio/telegraf-procio-{node.metadata.get('system/architecture')}-latest", - 'mode': '0755', - }, - '/usr/local/share/telegraf/pressure_stall': { - 'content_type': 'download', - 'source': f"https://dl.sublimity.de/telegraf-pressure-stall/telegraf-pressure-stall-{node.metadata.get('system/architecture')}-latest", - 'mode': '0755', - }, + # '/usr/local/share/telegraf/procio': { + # 'content_type': 'download', + # 'source': f"https://dl.sublimity.de/telegraf-procio/telegraf-procio-{node.metadata.get('system/architecture')}-latest", + # 'mode': '0755', + # }, + # '/usr/local/share/telegraf/pressure_stall': { + # 'content_type': 'download', + # 'source': f"https://dl.sublimity.de/telegraf-pressure-stall/telegraf-pressure-stall-{node.metadata.get('system/architecture')}-latest", + # 'mode': '0755', + # }, } svc_systemd['telegraf'] = { diff --git a/bundles/telegraf/metadata.py b/bundles/telegraf/metadata.py index 18bcb2f..38835cb 100644 --- a/bundles/telegraf/metadata.py +++ b/bundles/telegraf/metadata.py @@ -73,20 +73,20 @@ defaults = { 'system': {h({})}, 'net': {h({})}, 'exec': { - h({ - 'commands': [ - f'sudo /usr/local/share/telegraf/procio', - ], - 'data_format': 'influx', - 'interval': '20s', - }), - h({ - 'commands': [ - f'/usr/local/share/telegraf/pressure_stall', - ], - 'data_format': 'influx', - 'interval': '10s', - }), + # h({ + # 'commands': [ + # f'sudo /usr/local/share/telegraf/procio', + # ], + # 'data_format': 'influx', + # 'interval': '20s', + # }), + # h({ + # 'commands': [ + # f'/usr/local/share/telegraf/pressure_stall', + # ], + # 'data_format': 'influx', + # 'interval': '10s', + # }), }, }, }, diff --git a/groups/os/linux.py b/groups/os/linux.py index bd05e40..3b38dd0 100644 --- a/groups/os/linux.py +++ b/groups/os/linux.py @@ -23,16 +23,16 @@ 'metadata': { 'dns': {}, 'hosts': { - '10.0.11.3': [ + '10.0.10.2': [ 'resolver.name', 'secondary.resolver.name', ], }, 'letsencrypt': { - 'acme_node': 'netcup.mails', + 'acme_node': 'htz.mails', }, 'nameservers': { - '10.0.11.3', + '10.0.10.2', }, 'systemd-timers': { 'trim': { diff --git a/nodes/home.homeassistant.py b/nodes/home.homeassistant.py index 266c9e0..01516f1 100644 --- a/nodes/home.homeassistant.py +++ b/nodes/home.homeassistant.py @@ -68,20 +68,20 @@ }, }, 'hosts': { - '10.0.11.3': [ + '10.0.10.2': [ 'resolver.name', 'secondary.resolver.name', ], }, 'letsencrypt': { - 'acme_node': 'netcup.mails', + 'acme_node': 'htz.mails', }, 'homeassistant': { 'domain': 'homeassistant.ckn.li', 'os_agent_version': '1.6.0', }, 'nameservers': { - '10.0.11.3', + '10.0.10.2', }, 'users': { 'ckn': { diff --git a/nodes/home.server.py b/nodes/home.server.py index 50a3d8f..73c1465 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -63,7 +63,7 @@ 'target': 'aarch64-unknown-linux-gnu', }, }, - 'download_server': 'netcup.mails', + 'download_server': 'htz.mails', }, 'gitea': { 'version': '7.0.1', @@ -169,10 +169,10 @@ 'wireguard': { 'my_ip': '172.30.0.2/32', 's2s': { - 'netcup.mails': { + 'htz.mails': { 'allowed_ips': [ '10.0.10.0/24', - '10.0.11.0/24', + '10.0.10.0/24', '192.168.179.0/24', '10.0.227.0/24', # mseibert.freescout ], diff --git a/nodes/htz.games.py b/nodes/htz.games.py index ea6b19d..3cb8d82 100644 --- a/nodes/htz.games.py +++ b/nodes/htz.games.py @@ -37,7 +37,7 @@ 'network': { 'internal': { 'interface': 'ens10', - 'ipv4': '10.0.10.3/32', + 'ipv4': '10.0.10.2/32', }, 'external': { 'interface': 'eth0', diff --git a/nodes/netcup.mails.py b/nodes/htz.mails.py similarity index 87% rename from nodes/netcup.mails.py rename to nodes/htz.mails.py index 181d030..53d7765 100644 --- a/nodes/netcup.mails.py +++ b/nodes/htz.mails.py @@ -1,37 +1,47 @@ { - 'hostname': '202.61.255.108', + 'hostname': '49.12.184.229', 'groups': [ - 'backup', + #'backup', 'debian-12', + 'hetzner-cloud', 'mailserver', - 'monitored', + #'monitored', 'webserver', 'dnsserver', - 'wordpress', + #'wordpress', #'left4dead2', ], 'bundles': [ 'bind-acme', - 'build-ci', + #'build-ci', 'download-server', 'islamicstate.eu', - 'nginx-rtmps', + #'nginx-rtmps', #'steam', 'wireguard', 'zfs', ], 'metadata': { + + + 'users': { + 'root': { + #'password': 'November99!!..', + }, + }, + + 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'network': { 'internal': { - 'interface': 'eth1', - 'ipv4': '10.0.11.3/24', + 'interface': 'enp7s0', + 'ipv4': '10.0.10.2/24', }, 'external': { 'interface': 'eth0', - 'ipv4': '202.61.255.108/22', - 'gateway4': '202.61.252.1', - 'ipv6': '2a03:4000:55:a89::1/64', + 'ipv4': '49.12.184.229/32', + 'gateway4': '172.31.1.1', + 'ipv6': '2a01:4f8:c013:51f2::1', 'gateway6': 'fe80::1', } }, @@ -58,20 +68,20 @@ }, 'dns': { 'ckn.li': { - 'A': ['202.61.255.108'], - 'AAAA': ['2a01:4f8:1c1c:4121::1'], + 'A': ['49.12.184.229'], + 'AAAA': ['2a01:4f8:c013:51f2::1'], }, 'sublimity.de': { - 'A': ['202.61.255.108'], - 'AAAA': ['2a01:4f8:1c1c:4121::1'], + 'A': ['49.12.184.229'], + 'AAAA': ['2a01:4f8:c013:51f2::1'], }, 'freibrief.net': { - 'A': ['202.61.255.108'], - 'AAAA': ['2a01:4f8:1c1c:4121::1'], + 'A': ['49.12.184.229'], + 'AAAA': ['2a01:4f8:c013:51f2::1'], }, 'left4.me': { - 'A': ['202.61.255.108'], - 'AAAA': ['2a01:4f8:1c1c:4121::1'], + 'A': ['49.12.184.229'], + 'AAAA': ['2a01:4f8:c013:51f2::1'], }, 'elimu-kwanza.de': { 'TXT': ['google-site-verification=JwgcfXQ6nIXKxjMqUGHVBDISgMCQXgzMryPBsP2ZXnE'], @@ -209,7 +219,7 @@ }, 'ovh.secondary': { 'allowed_ips': [ - '10.0.11.0/24', + '10.0.10.0/24', ], }, 'wb.offsite-backups': { @@ -239,7 +249,7 @@ 'pools': { 'tank': { 'devices': [ - '/dev/sda4', + '/dev/disk/by-id/scsi-0HC_Volume_101332312', ], }, }, diff --git a/nodes/mseibert.freescout.py b/nodes/mseibert.freescout.py index 5d2f6c5..1577f8a 100644 --- a/nodes/mseibert.freescout.py +++ b/nodes/mseibert.freescout.py @@ -1,5 +1,5 @@ { - #'dummy': True, + 'dummy': True, 'hostname': '159.69.117.89', 'groups': [ 'backup', @@ -37,13 +37,13 @@ 'wireguard': { 'my_ip': '172.30.0.238/32', 's2s': { - 'netcup.mails': { + 'htz.mails': { 'allowed_ips': [ '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', '10.0.10.0/24', - '10.0.11.0/24', + '10.0.10.0/24', ], }, }, diff --git a/nodes/ovh.secondary.py b/nodes/ovh.secondary.py index 02ddf40..743271a 100644 --- a/nodes/ovh.secondary.py +++ b/nodes/ovh.secondary.py @@ -20,22 +20,22 @@ }, }, 'bind': { - 'master_node': 'netcup.mails', + 'master_node': 'htz.mails', 'hostname': 'secondary.resolver.name', }, # 'postfix': { - # 'master_node': 'netcup.mails', + # 'master_node': 'htz.mails', # 'hostname': 'mail2.sublimity.de', # }, 'wireguard': { 'my_ip': '172.30.0.3/32', 's2s': { - 'netcup.mails': { + 'htz.mails': { 'allowed_ips': [ '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', - '10.0.11.0/24', + '10.0.10.0/24', ], }, }, diff --git a/nodes/wb.offsite-backups.py b/nodes/wb.offsite-backups.py index 3948c41..870304d 100644 --- a/nodes/wb.offsite-backups.py +++ b/nodes/wb.offsite-backups.py @@ -43,13 +43,13 @@ 'wireguard': { 'my_ip': '172.30.0.4/32', 's2s': { - 'netcup.mails': { + 'htz.mails': { 'allowed_ips': [ '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', '10.0.10.0/24', - '10.0.11.0/24', + '10.0.10.0/24', ], }, },