From 67d5a4bff8481567046b76b84533caa1d9252612 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Wed, 18 Sep 2024 11:24:58 +0200 Subject: [PATCH] TOTAL FACKUP --- .../icinga2/files/conf.d/notifications.conf | 8 +-- bundles/kea-dhcpd/items.py | 20 ++++++ bundles/kea-dhcpd/metadata.py | 37 ++++++++++ bundles/left4dead2/files/server.cfg | 18 ++--- bundles/letsencrypt/items.py | 1 + bundles/linux/items.py | 41 +++++++++++ bundles/linux/metadata.py | 3 + .../files/autodiscover.php | 22 +++--- bundles/mariadb/items.py | 2 + bundles/mariadb/metadata.py | 11 ++- bundles/postfix/items.py | 4 ++ bundles/postgresql/metadata.py | 6 +- bundles/roundcube/files/config.inc.php | 64 ----------------- .../roundcube/files/password.config.inc.php | 2 - bundles/roundcube/items.py | 16 +++-- groups/os/linux.py | 7 +- libs/tools.py | 1 + nodes/home.homeassistant.py | 6 +- nodes/home.router.py | 70 ++++++++++++++++--- nodes/home.server.py | 27 +++---- nodes/htz.games.py | 2 +- nodes/{netcup.mails.py => htz.mails.py} | 40 ++++++----- nodes/mseibert.freescout.py | 4 +- nodes/ovh.secondary.py | 8 +-- nodes/wb.offsite-backups.py | 5 +- 25 files changed, 267 insertions(+), 158 deletions(-) create mode 100644 bundles/kea-dhcpd/items.py create mode 100644 bundles/kea-dhcpd/metadata.py create mode 100644 bundles/linux/items.py create mode 100644 bundles/linux/metadata.py rename nodes/{netcup.mails.py => htz.mails.py} (88%) diff --git a/bundles/icinga2/files/conf.d/notifications.conf b/bundles/icinga2/files/conf.d/notifications.conf index ac65875..40c75dd 100644 --- a/bundles/icinga2/files/conf.d/notifications.conf +++ b/bundles/icinga2/files/conf.d/notifications.conf @@ -13,9 +13,9 @@ apply Notification "mail-icingaadmin" to Host { user_groups = host.vars.notification.mail.groups users = host.vars.notification.mail.users - //interval = 2h - //vars.notification_logtosyslog = true + + assign where host.vars.notification.mail } @@ -25,9 +25,9 @@ apply Notification "mail-icingaadmin" to Service { user_groups = host.vars.notification.mail.groups users = host.vars.notification.mail.users - //interval = 2h - //vars.notification_logtosyslog = true + + assign where host.vars.notification.mail } diff --git a/bundles/kea-dhcpd/items.py b/bundles/kea-dhcpd/items.py new file mode 100644 index 0000000..f1ed971 --- /dev/null +++ b/bundles/kea-dhcpd/items.py @@ -0,0 +1,20 @@ +from json import dumps +from bundlewrap.metadata import MetadataJSONEncoder + +files = { + '/etc/kea/kea-dhcp4.conf': { + 'content': dumps(node.metadata.get('kea'), indent=4, sort_keys=True, cls=MetadataJSONEncoder), + 'triggers': [ + 'svc_systemd:kea-dhcp4-server:restart', + ], + }, +} + +svc_systemd = { + 'kea-dhcp4-server': { + 'needs': [ + 'pkg_apt:kea-dhcp4-server', + 'file:/etc/kea/kea-dhcp4.conf', + ], + }, +} diff --git a/bundles/kea-dhcpd/metadata.py b/bundles/kea-dhcpd/metadata.py new file mode 100644 index 0000000..860c04e --- /dev/null +++ b/bundles/kea-dhcpd/metadata.py @@ -0,0 +1,37 @@ +defaults = { + 'apt': { + 'packages': { + 'kea-dhcp4-server': {}, + }, + }, + 'kea': { + 'Dhcp4': { + 'interfaces-config': { + 'interfaces': [], + }, + 'lease-database': { + 'type': 'memfile', + 'lfc-interval': 3600 + }, + 'subnet4': [], + 'loggers': [ + { + 'name': 'kea-dhcp4', + 'output_options': [ + { + 'output': 'syslog', + } + ], + 'severity': 'INFO', + }, + ], + }, + }, +} + + +@metadata_reactor.provides( + +) +def subnets(metadata): + pass diff --git a/bundles/left4dead2/files/server.cfg b/bundles/left4dead2/files/server.cfg index 9201575..9f60c4b 100644 --- a/bundles/left4dead2/files/server.cfg +++ b/bundles/left4dead2/files/server.cfg @@ -1,36 +1,36 @@ hostname "CroneKorkN : ${name}" sv_contact "admin@sublimity.de" -// assign serevr to steam group + sv_steamgroup "${','.join(steamgroups)}" rcon_password "${rcon_password}" -// no annoying message of the day + motd_enabled 0 -// enable cheats + sv_cheats 1 -// allow inconsistent files on clients (weapon mods for example) + sv_consistency 0 -// connect from internet + sv_lan 0 -// join game at any point + sv_allow_lobby_connect_only 0 -// allowed modes + sv_gametypes "coop,realism,survival,versus,teamversus,scavenge,teamscavenge" -// network + sv_minrate 30000 sv_maxrate 60000 sv_mincmdrate 66 sv_maxcmdrate 101 -// logging + sv_logsdir "logs-${name}" //Folder in the game directory where server logs will be stored. log on //Creates a logfile (on | off) sv_logecho 0 //default 0; Echo log information to the console. diff --git a/bundles/letsencrypt/items.py b/bundles/letsencrypt/items.py index ff28e68..b24a9f1 100644 --- a/bundles/letsencrypt/items.py +++ b/bundles/letsencrypt/items.py @@ -56,6 +56,7 @@ for domain in node.metadata.get('letsencrypt/domains').keys(): 'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true', 'needs': { 'file:/etc/dehydrated/letsencrypt-ensure-some-certificate', + 'pkg_apt:dehydrated', }, 'needed_by': { 'svc_systemd:nginx', diff --git a/bundles/linux/items.py b/bundles/linux/items.py new file mode 100644 index 0000000..5229c7f --- /dev/null +++ b/bundles/linux/items.py @@ -0,0 +1,41 @@ +from shlex import quote + +def generate_sysctl_key_value_pairs_from_json(json_data, parents=[]): + if isinstance(json_data, dict): + for key, value in json_data.items(): + yield from generate_sysctl_key_value_pairs_from_json(value, [*parents, key]) + elif isinstance(json_data, list): + raise ValueError(f"List not supported: '{json_data}'") + else: + # If it's a leaf node, yield the path + yield (parents, json_data) + +key_value_pairs = generate_sysctl_key_value_pairs_from_json(node.metadata.get('sysctl')) + + +files= { + '/etc/sysctl.conf': { + 'content': '\n'.join( + sorted( + f"{'.'.join(path)}={value}" + for path, value in key_value_pairs + ), + ), + 'triggers': [ + 'svc_systemd:systemd-sysctl.service:restart', + ], + }, +} + +svc_systemd = { + 'systemd-sysctl.service': {}, +} + +for path, value in key_value_pairs: + actions[f'reload_sysctl.conf_{path}'] = { + 'command': f"sysctl --values {'.'.join(path)} | grep -q {quote('^'+value+'$')}", + 'needs': [ + f'action:systemd-sysctl.service', + f'action:systemd-sysctl.service:restart', + ], + } diff --git a/bundles/linux/metadata.py b/bundles/linux/metadata.py new file mode 100644 index 0000000..f6f36f2 --- /dev/null +++ b/bundles/linux/metadata.py @@ -0,0 +1,3 @@ +defaults = { + 'sysctl': {}, +} diff --git a/bundles/mailserver-autoconfig/files/autodiscover.php b/bundles/mailserver-autoconfig/files/autodiscover.php index 1134fac..d592b80 100644 --- a/bundles/mailserver-autoconfig/files/autodiscover.php +++ b/bundles/mailserver-autoconfig/files/autodiscover.php @@ -1,6 +1,6 @@ (.*?)\<\/EMailAddress\>/", $request, $email ); -// check for invalid mail, to prevent XSS + if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) { throw new Exception('Invalid E-Mail provided'); } -// get domain from email address + $domain = substr( strrchr( $email[1], "@" ), 1 ); /************************************** * Port and server settings below * **************************************/ -// IMAP settings + $imapServer = 'imap.' . $domain; // imap.example.com $imapPort = 993; $imapSSL = true; -// SMTP settings + $smtpServer = 'smtp.' . $domain; // smtp.example.com $smtpPort = 587; $smtpSSL = true; -//set Content-Type + header( 'Content-Type: application/xml' ); ?> '; ?> diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 031a386..07dffc3 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -13,6 +13,7 @@ directories = { ], 'needed_by': [ 'pkg_apt:mariadb-server', + 'pkg_apt:mariadb-client', ], }, } @@ -30,6 +31,7 @@ svc_systemd = { 'mariadb.service': { 'needs': [ 'pkg_apt:mariadb-server', + 'pkg_apt:mariadb-client', ], }, } diff --git a/bundles/mariadb/metadata.py b/bundles/mariadb/metadata.py index 869e3e6..ee406cb 100644 --- a/bundles/mariadb/metadata.py +++ b/bundles/mariadb/metadata.py @@ -1,7 +1,16 @@ defaults = { 'apt': { 'packages': { - 'mariadb-server': {}, + 'mariadb-server': { + 'needs': { + 'zfs_dataset:tank/mariadb', + }, + }, + 'mariadb-client': { + 'needs': { + 'zfs_dataset:tank/mariadb', + }, + }, }, }, 'mariadb': { diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index 3adef9f..69c52e5 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -86,6 +86,8 @@ if node.has_bundle('telegraf'): 'needs': [ 'pkg_apt:acl', 'svc_systemd:postfix', + 'svc_systemd:postfix:reload', + 'svc_systemd:postfix:restart', ], } actions['postfix_setfacl_default_telegraf'] = { @@ -94,5 +96,7 @@ if node.has_bundle('telegraf'): 'needs': [ 'pkg_apt:acl', 'svc_systemd:postfix', + 'svc_systemd:postfix:reload', + 'svc_systemd:postfix:restart', ], } diff --git a/bundles/postgresql/metadata.py b/bundles/postgresql/metadata.py index 7188b9a..a7baafd 100644 --- a/bundles/postgresql/metadata.py +++ b/bundles/postgresql/metadata.py @@ -6,7 +6,11 @@ root_password = repo.vault.password_for(f'{node.name} postgresql root') defaults = { 'apt': { 'packages': { - 'postgresql': {}, + 'postgresql': { + 'needs': { + 'zfs_dataset:tank/postgresql', + }, + }, }, }, 'backup': { diff --git a/bundles/roundcube/files/config.inc.php b/bundles/roundcube/files/config.inc.php index aad1a7f..8ab67d1 100644 --- a/bundles/roundcube/files/config.inc.php +++ b/bundles/roundcube/files/config.inc.php @@ -6,80 +6,16 @@ $config['enable_installer'] = true; /* Local configuration for Roundcube Webmail */ -// ---------------------------------- -// SQL DATABASE -// ---------------------------------- -// Database connection string (DSN) for read+write operations -// Format (compatible with PEAR MDB2): db_provider://user:password@host/database -// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv -// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php -// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646' $config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}'; - -// ---------------------------------- -// IMAP -// ---------------------------------- -// The mail host chosen to perform the log-in. -// Leave blank to show a textbox at login, give a list of hosts -// to display a pulldown menu or set one host as string. -// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// -// Supported replacement variables: -// %n - hostname ($_SERVER['SERVER_NAME']) -// %t - hostname without the first part -// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) -// %s - domain name after the '@' from e-mail address provided at login screen -// For example %n = mail.domain.tld, %t = domain.tld -// WARNING: After hostname change update of mail_host column in users table is -// required to match old user data records with the new host. $config['imap_host'] = 'localhost'; - -// ---------------------------------- -// SMTP -// ---------------------------------- -// SMTP server host (for sending mails). -// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// -// If left blank, the PHP mail() function is used -// Supported replacement variables: -// %h - user's IMAP hostname -// %n - hostname ($_SERVER['SERVER_NAME']) -// %t - hostname without the first part -// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) -// %z - IMAP domain (IMAP hostname without the first part) -// For example %n = mail.domain.tld, %t = domain.tld $config['smtp_host'] = 'tls://localhost'; - -// SMTP username (if required) if you use %u as the username Roundcube -// will use the current username for login $config['smtp_user'] = '%u'; - -// SMTP password (if required) if you use %p as the password Roundcube -// will use the current user's password for login $config['smtp_pass'] = '%p'; - -// provide an URL where a user can get support for this Roundcube installation -// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! $config['support_url'] = ''; - -// this key is used to encrypt the users imap password which is stored -// in the session record (and the client cookie if remember password is enabled). -// please provide a string of exactly 24 chars. $config['des_key'] = '${des_key}'; - -// Name your service. This is displayed on the login screen and in the window title $config['product_name'] = '${product_name}'; - -// ---------------------------------- -// PLUGINS -// ---------------------------------- -// List of active plugins (in plugins/ directory) $config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)}); - -// the default locale setting (leave empty for auto-detection) -// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR $config['language'] = 'de_DE'; - - -// https://serverfault.com/a/991304 $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, diff --git a/bundles/roundcube/files/password.config.inc.php b/bundles/roundcube/files/password.config.inc.php index c6b9135..c7a4776 100644 --- a/bundles/roundcube/files/password.config.inc.php +++ b/bundles/roundcube/files/password.config.inc.php @@ -1,7 +1,5 @@