diff --git a/bundles/homeassistant-supervised/README.md b/bundles/homeassistant-supervised/README.md new file mode 100644 index 0000000..aada33e --- /dev/null +++ b/bundles/homeassistant-supervised/README.md @@ -0,0 +1,21 @@ +https://github.com/home-assistant/supervised-installer?tab=readme-ov-file +https://github.com/home-assistant/os-agent/tree/main?tab=readme-ov-file#using-home-assistant-supervised-on-debian +https://docs.docker.com/engine/install/debian/ + + + + + +https://www.home-assistant.io/installation/linux#install-home-assistant-supervised +https://github.com/home-assistant/supervised-installer +https://github.com/home-assistant/architecture/blob/master/adr/0014-home-assistant-supervised.md + +DATA_SHARE=/usr/share/hassio dpkg --force-confdef --force-confold -i homeassistant-supervised.deb + +neu debian +ha installieren +gucken ob geht +dann bw drüberbügeln + + +https://www.home-assistant.io/integrations/http/#ssl_certificate diff --git a/bundles/homeassistant-supervised/items.py b/bundles/homeassistant-supervised/items.py new file mode 100644 index 0000000..e99f8c0 --- /dev/null +++ b/bundles/homeassistant-supervised/items.py @@ -0,0 +1,30 @@ +from shlex import quote + + +version = node.metadata.get('homeassistant/os_agent_version') + +directories = { + '/usr/share/hassio': {}, +} + +actions = { + 'install_os_agent': { + 'command': ' && '.join([ + f'wget -O /tmp/os-agent.deb https://github.com/home-assistant/os-agent/releases/download/{quote(version)}/os-agent_{quote(version)}_linux_aarch64.deb', + 'DEBIAN_FRONTEND=noninteractive dpkg -i /tmp/os-agent.deb', + ]), + 'unless': f'test "$(apt -qq list os-agent | cut -d" " -f2)" = "{quote(version)}"', + 'needs': { + 'pkg_apt:', + 'zfs_dataset:tank/homeassistant', + }, + }, + 'install_homeassistant_supervised': { + 'command': 'wget -O /tmp/homeassistant-supervised.deb https://github.com/home-assistant/supervised-installer/releases/latest/download/homeassistant-supervised.deb && apt install /tmp/homeassistant-supervised.deb', + 'unless': 'apt -qq list homeassistant-supervised | grep -q "installed"', + 'needs': { + 'action:install_os_agent', + }, + }, +} + diff --git a/bundles/homeassistant-supervised/metadata.py b/bundles/homeassistant-supervised/metadata.py new file mode 100644 index 0000000..80feb51 --- /dev/null +++ b/bundles/homeassistant-supervised/metadata.py @@ -0,0 +1,65 @@ +defaults = { + 'apt': { + 'packages': { + # homeassistant-supervised + 'apparmor': {}, + 'bluez': {}, + 'cifs-utils': {}, + 'curl': {}, + 'dbus': {}, + 'jq': {}, + 'libglib2.0-bin': {}, + 'lsb-release': {}, + 'network-manager': {}, + 'nfs-common': {}, + 'systemd-journal-remote': {}, + 'systemd-resolved': {}, + 'udisks2': {}, + 'wget': {}, + # docker + 'docker-ce': {}, + 'docker-ce-cli': {}, + 'containerd.io': {}, + 'docker-buildx-plugin': {}, + 'docker-compose-plugin': {}, + }, + 'sources': { + # docker: https://docs.docker.com/engine/install/debian/#install-using-the-repository + 'docker': { + 'urls': { + 'https://download.docker.com/linux/debian', + }, + 'suites': { + '{codename}', + }, + 'components': { + 'stable', + }, + }, + }, + }, + 'zfs': { + 'datasets': { + 'tank/homeassistant': { + 'mountpoint': '/usr/share/hassio', + 'needed_by': { + 'directory:/usr/share/hassio', + }, + }, + }, + }, +} + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx(metadata): + return { + 'nginx': { + 'vhosts': { + metadata.get('homeassistant/domain'): { + 'content': 'homeassistant/vhost.conf', + }, + }, + }, + } diff --git a/bundles/homeassistant/items.py b/bundles/homeassistant/items.py deleted file mode 100644 index cec20ba..0000000 --- a/bundles/homeassistant/items.py +++ /dev/null @@ -1,37 +0,0 @@ -users = { - 'homeassistant': { - 'home': '/opt/homeassistant', - 'groups': [ - 'dialout', - #'gpio', - #'i2c', - ], - }, -} - -directories = { - '/opt/homeassistant': { - 'owner': 'homeassistant', - 'group': 'homeassistant', - }, - '/opt/homeassistant/data': { - 'owner': 'homeassistant', - 'group': 'homeassistant', - }, - '/opt/homeassistant/venv': { - 'owner': 'homeassistant', - 'group': 'homeassistant', - }, -} - -svc_systemd = { - 'homeassistant.service': {}, -} - -# venv manually managed for now -''' -python3 -m venv /opt/homeassistant/venv -source /opt/homeassistant/venv/bin/activate -python3 -m pip install wheel -pip3 install homeassistant -''' diff --git a/bundles/homeassistant/metadata.py b/bundles/homeassistant/metadata.py deleted file mode 100644 index ed4797d..0000000 --- a/bundles/homeassistant/metadata.py +++ /dev/null @@ -1,73 +0,0 @@ -defaults = { - 'apt': { - 'packages': { - 'python3': {}, - 'python3-dev': {}, - 'python3-pip': {}, - 'python3-venv': {}, - 'libffi-dev': {}, - 'libssl-dev': {}, - 'libjpeg-dev': {}, - 'zlib1g-dev': {}, - 'autoconf': {}, - 'build-essential': {}, - 'libopenjp2-7': {}, - 'libturbojpeg0-dev': {}, - 'tzdata': {}, - 'bluez': {}, - 'libtiff6': {}, - 'ffmpeg': {}, - 'liblapack3': {}, - 'liblapack-dev': {}, - 'libatlas-base-dev': {}, - 'libpcap-dev': {}, - }, - }, - 'systemd': { - 'units': { - f'homeassistant.service': { - 'Unit': { - 'Description': "Home Assstant", - 'After': 'network.target', - }, - 'Service': { - 'User': 'homeassistant', - 'Group': 'homeassistant', - 'WorkingDirectory': "/opt/homeassistant", - 'ExecStart': "/opt/homeassistant/venv/bin/python3 /opt/homeassistant/venv/bin/hass -c /opt/homeassistant/data --debug", - }, - 'Install': { - 'WantedBy': { - 'multi-user.target' - }, - }, - } - }, - }, - 'zfs': { - 'datasets': { - 'tank/homeassistant': { - 'mountpoint': '/opt/homeassistant/data', - 'needed_by': { - 'user:homeassistant', - 'directory:/opt/homeassistant', - }, - }, - }, - }, -} - - -@metadata_reactor.provides( - 'nginx/vhosts', -) -def nginx(metadata): - return { - 'nginx': { - 'vhosts': { - metadata.get('homeassistant/domain'): { - 'content': 'homeassistant/vhost.conf', - }, - }, - }, - } diff --git a/bundles/pyenv/items.py b/bundles/pyenv/items.py new file mode 100644 index 0000000..95c8ad6 --- /dev/null +++ b/bundles/pyenv/items.py @@ -0,0 +1,25 @@ +from shlex import quote + +directories = { + '/opt/pyenv': {}, + '/opt/pyenv/install': {}, +} + +git_deploy = { + '/opt/pyenv/install': { + 'repo': 'https://github.com/pyenv/pyenv.git', + 'rev': 'master', + 'needs': { + 'directory:/opt/pyenv/install', + }, + }, +} + +for version in node.metadata.get('pyenv/versions'): + actions[f'pyenv_install_{version}'] = { + 'command': f'PYENV_ROOT=/opt/pyenv /opt/pyenv/install/bin/pyenv install {quote(version)}', + 'unless': f'PYENV_ROOT=/opt/pyenv /opt/pyenv/install/bin/pyenv versions --bare | grep -Fxq {quote(version)}', + 'needs': { + 'git_deploy:/opt/pyenv/install', + }, + } diff --git a/bundles/pyenv/metadata.py b/bundles/pyenv/metadata.py new file mode 100644 index 0000000..ee31c85 --- /dev/null +++ b/bundles/pyenv/metadata.py @@ -0,0 +1,23 @@ +defaults = { + 'apt': { + 'packages': { + 'build-essential': {}, + 'libssl-dev': {}, + 'zlib1g-dev': {}, + 'libbz2-dev': {}, + 'libreadline-dev': {}, + 'libsqlite3-dev': {}, + 'curl': {}, + 'libncurses-dev': {}, + 'xz-utils': {}, + 'tk-dev': {}, + 'libxml2-dev': {}, + 'libxmlsec1-dev': {}, + 'libffi-dev': {}, + 'liblzma-dev': {}, + }, + }, + 'pyenv': { + 'versions': set(), + }, +} diff --git a/bundles/systemd-journald/items.py b/bundles/systemd-journald/items.py index b2639d8..5e89558 100644 --- a/bundles/systemd-journald/items.py +++ b/bundles/systemd-journald/items.py @@ -1,7 +1,7 @@ files = { '/etc/systemd/journald.conf.d/managed.conf': { 'content': repo.libs.systemd.generate_unitfile({ - 'Jorunal': node.metadata.get('systemd-journald'), + 'Journal': node.metadata.get('systemd-journald'), }), 'triggers': { 'svc_systemd:systemd-journald:restart', diff --git a/bundles/zfs/items.py b/bundles/zfs/items.py index 4a6fffc..7084396 100644 --- a/bundles/zfs/items.py +++ b/bundles/zfs/items.py @@ -6,6 +6,7 @@ files = { '/etc/cron.weekly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}}, '/etc/cron.monthly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}}, '/etc/modprobe.d/zfs.conf': { + 'content_type': 'text', 'content': '\n'.join( f'options zfs {k}={v}' for k, v in node.metadata.get('zfs/kernel_params').items() diff --git a/data/apt/keys/docker.asc b/data/apt/keys/docker.asc new file mode 100644 index 0000000..ee7872e --- /dev/null +++ b/data/apt/keys/docker.asc @@ -0,0 +1,62 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth +lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh +38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq +L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7 +UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N +cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht +ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo +vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD +G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ +XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj +q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB +tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 +BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO +v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd +tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk +jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m +6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P +XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc +FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8 +g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm +ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh +9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5 +G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW +FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB +EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF +M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx +Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu +w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk +z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8 +eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb +VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa +1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X +zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ +pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7 +ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ +BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY +1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp +YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI +mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES +KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7 +JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ +cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0 +6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5 +U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z +VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f +irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk +SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz +QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W +9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw +24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe +dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y +Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR +H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh +/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ +M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S +xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O +jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG +YT90qFF93M3v01BbxP+EIY2/9tiIPbrd +=0YYh +-----END PGP PUBLIC KEY BLOCK----- diff --git a/nodes/home.homeassistant.py b/nodes/home.homeassistant.py index 441126f..266c9e0 100644 --- a/nodes/home.homeassistant.py +++ b/nodes/home.homeassistant.py @@ -1,18 +1,27 @@ { 'hostname': '10.0.0.16', 'groups': [ - 'autologin', + 'webserver', 'backup', - 'debian-12', - 'hardware', - 'home', 'monitored', 'raspberry-pi', - 'webserver', + 'autologin', ], 'bundles': [ - 'homeassistant', + 'apt', + 'homeassistant-supervised', + 'hostname', + 'hosts', + 'htop', + 'users', + 'ssh', + 'sudo', + 'locale', + 'zsh', 'zfs', + 'systemd', + 'systemd-timers', + 'systemd-journald', ], 'metadata': { 'id': '3d67964d-1270-4d3c-b93f-9c44219b3d59', @@ -23,8 +32,67 @@ 'gateway4': '10.0.0.1', }, }, + 'apt': { + 'sources': { + 'debian': { + 'urls': { + 'https://deb.debian.org/debian', + }, + 'suites': { + '{codename}', + '{codename}-updates', + }, + 'components': { + 'main', + 'contrib', + 'non-free', + 'non-free-firmware', + }, + 'key': 'debian-{version}', + }, + 'debian-security': { + 'urls': { + 'http://security.debian.org/debian-security', + }, + 'suites': { + '{codename}-security', + }, + 'components': { + 'main', + 'contrib', + 'non-free', + 'non-free-firmware', + }, + 'key': 'debian-{version}-security', + }, + }, + }, + 'hosts': { + '10.0.11.3': [ + 'resolver.name', + 'secondary.resolver.name', + ], + }, + 'letsencrypt': { + 'acme_node': 'netcup.mails', + }, 'homeassistant': { 'domain': 'homeassistant.ckn.li', + 'os_agent_version': '1.6.0', + }, + 'nameservers': { + '10.0.11.3', + }, + 'users': { + 'ckn': { + 'shell': '/usr/bin/zsh', + 'authorized_keys': { + 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I ckn', + }, + }, + }, + 'sudoers': { + 'ckn': {'ALL'}, }, 'zfs': { 'pools': { @@ -35,5 +103,9 @@ }, }, }, + 'os_codename': 'bookworm', }, + 'os': 'debian', + 'os_version': (12,), + 'pip_command': 'pip3', }