cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

TOTAL FACKUP

Browse source
This commit is contained in:
cronekorkn 2024-09-18 11:24:58 +02:00
parent 6d64a5e52d
commit 67d5a4bff8
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
25 changed files with 267 additions and 158 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bundles/icinga2/files/conf.d/notifications.conf
View file

@ -13,9 +13,9 @@ apply Notification "mail-icingaadmin" to Host {
user_groups = host.vars.notification.mail.groups user_groups = host.vars.notification.mail.groups
users = host.vars.notification.mail.users users = host.vars.notification.mail.users
//interval = 2h
//vars.notification_logtosyslog = true
assign where host.vars.notification.mail assign where host.vars.notification.mail
} }
@ -25,9 +25,9 @@ apply Notification "mail-icingaadmin" to Service {
user_groups = host.vars.notification.mail.groups user_groups = host.vars.notification.mail.groups
users = host.vars.notification.mail.users users = host.vars.notification.mail.users
//interval = 2h
//vars.notification_logtosyslog = true
assign where host.vars.notification.mail assign where host.vars.notification.mail
} }

20
bundles/kea-dhcpd/items.py Normal file
View file

@ -0,0 +1,20 @@
from json import dumps
from bundlewrap.metadata import MetadataJSONEncoder
files = {
'/etc/kea/kea-dhcp4.conf': {
'content': dumps(node.metadata.get('kea'), indent=4, sort_keys=True, cls=MetadataJSONEncoder),
'triggers': [
'svc_systemd:kea-dhcp4-server:restart',
],
},
}
svc_systemd = {
'kea-dhcp4-server': {
'needs': [
'pkg_apt:kea-dhcp4-server',
'file:/etc/kea/kea-dhcp4.conf',
],
},
}

37
bundles/kea-dhcpd/metadata.py Normal file
View file

@ -0,0 +1,37 @@
defaults = {
'apt': {
'packages': {
'kea-dhcp4-server': {},
},
},
'kea': {
'Dhcp4': {
'interfaces-config': {
'interfaces': [],
},
'lease-database': {
'type': 'memfile',
'lfc-interval': 3600
},
'subnet4': [],
'loggers': [
{
'name': 'kea-dhcp4',
'output_options': [
{
'output': 'syslog',
}
],
'severity': 'INFO',
},
],
},
},
}
@metadata_reactor.provides(
)
def subnets(metadata):
pass

18
bundles/left4dead2/files/server.cfg
View file

@ -1,36 +1,36 @@
hostname "CroneKorkN : ${name}" hostname "CroneKorkN : ${name}"
sv_contact "admin@sublimity.de" sv_contact "admin@sublimity.de"
// assign serevr to steam group
sv_steamgroup "${','.join(steamgroups)}" sv_steamgroup "${','.join(steamgroups)}"
rcon_password "${rcon_password}" rcon_password "${rcon_password}"
// no annoying message of the day
motd_enabled 0 motd_enabled 0
// enable cheats
sv_cheats 1 sv_cheats 1
// allow inconsistent files on clients (weapon mods for example)
sv_consistency 0 sv_consistency 0
// connect from internet
sv_lan 0 sv_lan 0
// join game at any point
sv_allow_lobby_connect_only 0 sv_allow_lobby_connect_only 0
// allowed modes
sv_gametypes "coop,realism,survival,versus,teamversus,scavenge,teamscavenge" sv_gametypes "coop,realism,survival,versus,teamversus,scavenge,teamscavenge"
// network
sv_minrate 30000 sv_minrate 30000
sv_maxrate 60000 sv_maxrate 60000
sv_mincmdrate 66 sv_mincmdrate 66
sv_maxcmdrate 101 sv_maxcmdrate 101
// logging
sv_logsdir "logs-${name}" //Folder in the game directory where server logs will be stored. sv_logsdir "logs-${name}" //Folder in the game directory where server logs will be stored.
log on //Creates a logfile (on | off) log on //Creates a logfile (on | off)
sv_logecho 0 //default 0; Echo log information to the console. sv_logecho 0 //default 0; Echo log information to the console.

1
bundles/letsencrypt/items.py
View file

@ -56,6 +56,7 @@ for domain in node.metadata.get('letsencrypt/domains').keys():
'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true', 'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true',
'needs': { 'needs': {
'file:/etc/dehydrated/letsencrypt-ensure-some-certificate', 'file:/etc/dehydrated/letsencrypt-ensure-some-certificate',
'pkg_apt:dehydrated',
}, },
'needed_by': { 'needed_by': {
'svc_systemd:nginx', 'svc_systemd:nginx',

41
bundles/linux/items.py Normal file
View file

@ -0,0 +1,41 @@
from shlex import quote
def generate_sysctl_key_value_pairs_from_json(json_data, parents=[]):
if isinstance(json_data, dict):
for key, value in json_data.items():
yield from generate_sysctl_key_value_pairs_from_json(value, [*parents, key])
elif isinstance(json_data, list):
raise ValueError(f"List not supported: '{json_data}'")
else:
# If it's a leaf node, yield the path
yield (parents, json_data)
key_value_pairs = generate_sysctl_key_value_pairs_from_json(node.metadata.get('sysctl'))
files= {
'/etc/sysctl.conf': {
'content': '\n'.join(
sorted(
f"{'.'.join(path)}={value}"
for path, value in key_value_pairs
),
),
'triggers': [
'svc_systemd:systemd-sysctl.service:restart',
],
},
}
svc_systemd = {
'systemd-sysctl.service': {},
}
for path, value in key_value_pairs:
actions[f'reload_sysctl.conf_{path}'] = {
'command': f"sysctl --values {'.'.join(path)} | grep -q {quote('^'+value+'$')}",
'needs': [
f'action:systemd-sysctl.service',
f'action:systemd-sysctl.service:restart',
],
}

3
bundles/linux/metadata.py Normal file
View file

@ -0,0 +1,3 @@
defaults = {
'sysctl': {},
}

22
bundles/mailserver-autoconfig/files/autodiscover.php
View file

@ -1,6 +1,6 @@
<?php <?php
// https://raw.githubusercontent.com/Radiergummi/autodiscover/master/autodiscover/autodiscover.php
/******************************** /********************************
* Autodiscover responder * Autodiscover responder
@ -8,45 +8,45 @@
* This PHP script is intended to respond to any request to http(s)://mydomain.com/autodiscover/autodiscover.xml. * This PHP script is intended to respond to any request to http(s)://mydomain.com/autodiscover/autodiscover.xml.
* If configured properly, it will send a spec-complient autodiscover XML response, pointing mail clients to the * If configured properly, it will send a spec-complient autodiscover XML response, pointing mail clients to the
* appropriate mail services. * appropriate mail services.
* If you use MAPI or ActiveSync, stick with the Autodiscover service your mail server provides for you. But if * If you use MAPI or ActiveSync, stick with the Autodiscover service your mail server provides for you. But if
* you use POP/IMAP servers, this will provide autoconfiguration to Outlook, Apple Mail and mobile devices. * you use POP/IMAP servers, this will provide autoconfiguration to Outlook, Apple Mail and mobile devices.
* *
* To work properly, you'll need to set the service (sub)domains below in the settings section to the correct * To work properly, you'll need to set the service (sub)domains below in the settings section to the correct
* domain names, adjust ports and SSL. * domain names, adjust ports and SSL.
*/ */
//get raw POST data so we can extract the email address
$request = file_get_contents("php://input"); $request = file_get_contents("php://input");
// optional debug log
# file_put_contents( 'request.log', $request, FILE_APPEND ); # file_put_contents( 'request.log', $request, FILE_APPEND );
// retrieve email address from client request
preg_match( "/\<EMailAddress\>(.*?)\<\/EMailAddress\>/", $request, $email ); preg_match( "/\<EMailAddress\>(.*?)\<\/EMailAddress\>/", $request, $email );
// check for invalid mail, to prevent XSS
if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) { if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) {
throw new Exception('Invalid E-Mail provided'); throw new Exception('Invalid E-Mail provided');
} }
// get domain from email address
$domain = substr( strrchr( $email[1], "@" ), 1 ); $domain = substr( strrchr( $email[1], "@" ), 1 );
/************************************** /**************************************
* Port and server settings below * * Port and server settings below *
**************************************/ **************************************/
// IMAP settings
$imapServer = 'imap.' . $domain; // imap.example.com $imapServer = 'imap.' . $domain; // imap.example.com
$imapPort = 993; $imapPort = 993;
$imapSSL = true; $imapSSL = true;
// SMTP settings
$smtpServer = 'smtp.' . $domain; // smtp.example.com $smtpServer = 'smtp.' . $domain; // smtp.example.com
$smtpPort = 587; $smtpPort = 587;
$smtpSSL = true; $smtpSSL = true;
//set Content-Type
header( 'Content-Type: application/xml' ); header( 'Content-Type: application/xml' );
?> ?>
<?php echo '<?xml version="1.0" encoding="utf-8" ?>'; ?> <?php echo '<?xml version="1.0" encoding="utf-8" ?>'; ?>

2
bundles/mariadb/items.py
View file

@ -13,6 +13,7 @@ directories = {
], ],
'needed_by': [ 'needed_by': [
'pkg_apt:mariadb-server', 'pkg_apt:mariadb-server',
'pkg_apt:mariadb-client',
], ],
}, },
} }
@ -30,6 +31,7 @@ svc_systemd = {
'mariadb.service': { 'mariadb.service': {
'needs': [ 'needs': [
'pkg_apt:mariadb-server', 'pkg_apt:mariadb-server',
'pkg_apt:mariadb-client',
], ],
}, },
} }

11
bundles/mariadb/metadata.py
View file

@ -1,7 +1,16 @@
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
'mariadb-server': {}, 'mariadb-server': {
'needs': {
'zfs_dataset:tank/mariadb',
},
},
'mariadb-client': {
'needs': {
'zfs_dataset:tank/mariadb',
},
},
}, },
}, },
'mariadb': { 'mariadb': {

4
bundles/postfix/items.py
View file

@ -86,6 +86,8 @@ if node.has_bundle('telegraf'):
'needs': [ 'needs': [
'pkg_apt:acl', 'pkg_apt:acl',
'svc_systemd:postfix', 'svc_systemd:postfix',
'svc_systemd:postfix:reload',
'svc_systemd:postfix:restart',
], ],
} }
actions['postfix_setfacl_default_telegraf'] = { actions['postfix_setfacl_default_telegraf'] = {
@ -94,5 +96,7 @@ if node.has_bundle('telegraf'):
'needs': [ 'needs': [
'pkg_apt:acl', 'pkg_apt:acl',
'svc_systemd:postfix', 'svc_systemd:postfix',
'svc_systemd:postfix:reload',
'svc_systemd:postfix:restart',
], ],
} }

6
bundles/postgresql/metadata.py
View file

@ -6,7 +6,11 @@ root_password = repo.vault.password_for(f'{node.name} postgresql root')
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
'postgresql': {}, 'postgresql': {
'needs': {
'zfs_dataset:tank/postgresql',
},
},
}, },
}, },
'backup': { 'backup': {

64
bundles/roundcube/files/config.inc.php
View file

@ -6,80 +6,16 @@ $config['enable_installer'] = true;
/* Local configuration for Roundcube Webmail */ /* Local configuration for Roundcube Webmail */
// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}'; $config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}';
// ----------------------------------
// IMAP
// ----------------------------------
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
// required to match old user data records with the new host.
$config['imap_host'] = 'localhost'; $config['imap_host'] = 'localhost';
// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_host'] = 'tls://localhost'; $config['smtp_host'] = 'tls://localhost';
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u'; $config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p'; $config['smtp_pass'] = '%p';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = ''; $config['support_url'] = '';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = '${des_key}'; $config['des_key'] = '${des_key}';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = '${product_name}'; $config['product_name'] = '${product_name}';
// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)}); $config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)});
// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$config['language'] = 'de_DE'; $config['language'] = 'de_DE';
// https://serverfault.com/a/991304
$config['smtp_conn_options'] = array( $config['smtp_conn_options'] = array(
'ssl' => array( 'ssl' => array(
'verify_peer' => false, 'verify_peer' => false,

2
bundles/roundcube/files/password.config.inc.php
View file

@ -1,7 +1,5 @@
<?php <?php
// https://github.com/roundcube/roundcubemail/blob/357cc90001f997fd223fb48fcede6040f527c2f4/plugins/password/config.inc.php.dist
$config['password_driver'] = 'sql'; $config['password_driver'] = 'sql';
$config['password_strength_driver'] = null; $config['password_strength_driver'] = null;
$config['password_confirm_current'] = true; $config['password_confirm_current'] = true;

16
bundles/roundcube/items.py
View file

@ -1,7 +1,8 @@
assert node.has_bundle('php') assert node.has_bundle('php')
assert node.has_bundle('mailserver') assert node.has_bundle('mailserver')
version = node.metadata.get('roundcube/version') roundcube_version = node.metadata.get('roundcube/version')
php_version = node.metadata.get('php/version')
directories = { directories = {
'/opt/roundcube': { '/opt/roundcube': {
@ -22,9 +23,9 @@ directories = {
} }
files[f'/tmp/roundcube-{version}.tar.gz'] = { files[f'/tmp/roundcube-{roundcube_version}.tar.gz'] = {
'content_type': 'download', 'content_type': 'download',
'source': f'https://github.com/roundcube/roundcubemail/releases/download/{version}/roundcubemail-{version}-complete.tar.gz', 'source': f'https://github.com/roundcube/roundcubemail/releases/download/{roundcube_version}/roundcubemail-{roundcube_version}-complete.tar.gz',
'triggered': True, 'triggered': True,
} }
actions['delete_roundcube'] = { actions['delete_roundcube'] = {
@ -32,11 +33,11 @@ actions['delete_roundcube'] = {
'triggered': True, 'triggered': True,
} }
actions['extract_roundcube'] = { actions['extract_roundcube'] = {
'command': f'tar xfvz /tmp/roundcube-{version}.tar.gz --strip 1 -C /opt/roundcube', 'command': f'tar xfvz /tmp/roundcube-{roundcube_version}.tar.gz --strip 1 -C /opt/roundcube',
'unless': f'grep -q "Version {version}" /opt/roundcube/index.php', 'unless': f'grep -q "Version {roundcube_version}" /opt/roundcube/index.php',
'preceded_by': [ 'preceded_by': [
'action:delete_roundcube', 'action:delete_roundcube',
f'file:/tmp/roundcube-{version}.tar.gz', f'file:/tmp/roundcube-{roundcube_version}.tar.gz',
], ],
'needs': [ 'needs': [
'directory:/opt/roundcube', 'directory:/opt/roundcube',
@ -64,6 +65,9 @@ files['/opt/roundcube/config/config.inc.php'] = {
'needs': [ 'needs': [
'action:chown_roundcube', 'action:chown_roundcube',
], ],
'triggers': [
f'svc_systemd:php{php_version}-fpm.service:restart',
],
} }
files['/opt/roundcube/plugins/password/config.inc.php'] = { files['/opt/roundcube/plugins/password/config.inc.php'] = {
'source': 'password.config.inc.php', 'source': 'password.config.inc.php',

7
groups/os/linux.py
View file

@ -6,6 +6,7 @@
'hostname', 'hostname',
'hosts', 'hosts',
'htop', 'htop',
'linux',
'locale', 'locale',
'network', 'network',
'ssh', 'ssh',
@ -22,16 +23,16 @@
'metadata': { 'metadata': {
'dns': {}, 'dns': {},
'hosts': { 'hosts': {
'10.0.11.3': [ '10.0.10.2': [
'resolver.name', 'resolver.name',
'secondary.resolver.name', 'secondary.resolver.name',
], ],
}, },
'letsencrypt': { 'letsencrypt': {
'acme_node': 'netcup.mails', 'acme_node': 'htz.mails',
}, },
'nameservers': { 'nameservers': {
'10.0.11.3', '10.0.10.2',
}, },
'systemd-timers': { 'systemd-timers': {
'trim': { 'trim': {

1
libs/tools.py
View file

@ -92,3 +92,4 @@ from shlex import quote
def run_as(user, command): def run_as(user, command):
return f'sudo su - {user} -s /bin/bash -c {quote(command)}' return f'sudo su - {user} -s /bin/bash -c {quote(command)}'

6
nodes/home.homeassistant.py
View file

@ -68,20 +68,20 @@
}, },
}, },
'hosts': { 'hosts': {
'10.0.11.3': [ '10.0.10.2': [
'resolver.name', 'resolver.name',
'secondary.resolver.name', 'secondary.resolver.name',
], ],
}, },
'letsencrypt': { 'letsencrypt': {
'acme_node': 'netcup.mails', 'acme_node': 'htz.mails',
}, },
'homeassistant': { 'homeassistant': {
'domain': 'homeassistant.ckn.li', 'domain': 'homeassistant.ckn.li',
'os_agent_version': '1.6.0', 'os_agent_version': '1.6.0',
}, },
'nameservers': { 'nameservers': {
'10.0.11.3', '10.0.10.2',
}, },
'users': { 'users': {
'ckn': { 'ckn': {

70
nodes/home.router.py
View file

@ -1,25 +1,77 @@
{ {
'hostname': '10.0.0.120', 'hostname': '10.0.99.126',
'dummy': True,
'groups': [ 'groups': [
'autologin', 'autologin',
'debian-11', 'debian-12',
'hardware', 'hardware',
'home', 'home',
'monitored', 'monitored',
], ],
'bundles': [
'kea-dhcpd',
'wireguard',
],
'metadata': { 'metadata': {
'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c', 'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
'network': { 'network': {
'internal': { 'internal': {
'interface': 'eno1', 'interface': 'eno1',
'ipv4': '10.0.0.120/24', 'ipv4': '10.0.0.1/24',
'gateway4': '10.0.0.1',
}, },
'external': { 'temp': {
'interface': 'enx00e04c00135b', 'interface': 'enx00e04c220682',
'mac': '00:e0:4c:00:13:5b', 'ipv4': '10.0.99.126/24',
'dhcp': 'yes', 'gateway4': '10.0.99.1',
},
},
'kea': {
'Dhcp4': {
'interfaces-config': {
'interfaces': ['eno1'],
},
'subnet4': [
{
'subnet': '10.0.0.0/24',
'pools': [
{ 'pool': '10.0.0.100 - 10.0.0.200' },
],
'option-data': [
{ 'name': 'routers', 'data': '10.0.0.1' },
{ 'name': 'domain-name-servers', 'data': '10.0.10.2' },
],
},
],
},
},
'nftables': {
'forward': {
# Drop DHCP client requests (UDP port 68)
'udp sport 68 drop',
'udp dport 68 drop',
# Drop DHCP server responses (UDP port 67)
'udp sport 67 drop',
'udp dport 67 drop',
},
},
'sysctl': {
'net': {
'ipv4': {
'ip_forward': 1,
},
},
},
'wireguard': {
'my_ip': '172.30.0.2/32',
's2s': {
'htz.mails': {
'allowed_ips': [
'10.0.10.0/24',
'10.0.10.0/24',
'192.168.179.0/24',
'10.0.227.0/24', # mseibert.freescout
],
},
}, },
}, },
}, },

27
nodes/home.server.py
View file

@ -33,7 +33,6 @@
'twitch-clip-download', 'twitch-clip-download',
'raspberrymatic-cert', 'raspberrymatic-cert',
'tasmota-charge', 'tasmota-charge',
'wireguard',
'wol-waker', 'wol-waker',
'zfs', 'zfs',
], ],
@ -63,10 +62,10 @@
'target': 'aarch64-unknown-linux-gnu', 'target': 'aarch64-unknown-linux-gnu',
}, },
}, },
'download_server': 'netcup.mails', 'download_server': 'htz.mails',
}, },
'gitea': { 'gitea': {
'version': '7.0.1', 'version': '8.0.3',
'domain': 'git.sublimity.de', 'domain': 'git.sublimity.de',
'conf': { 'conf': {
'mailer': { 'mailer': {
@ -111,7 +110,7 @@
}, },
'nextcloud': { 'nextcloud': {
'hostname': 'cloud.sublimity.de', 'hostname': 'cloud.sublimity.de',
'version': '29.0.3', 'version': '29.0.7',
'config': { 'config': {
'instanceid': 'oci6dw1woodz', 'instanceid': 'oci6dw1woodz',
'secret': '!decrypt:encrypt$gAAAAABj96CFynVtEgsje7173zjQAcY7xQG3uyf5cxE-sJAvhyPh_KUykTKdwnExc8NTDJ8RIGUmVfgC6or5crnYaggARPIEg5-Cb0xVdEPPZ3oZ01ImLmynLu3qXT9O8kVM-H21--OKeztMRn7bySsbXdWEGtETFQ==', 'secret': '!decrypt:encrypt$gAAAAABj96CFynVtEgsje7173zjQAcY7xQG3uyf5cxE-sJAvhyPh_KUykTKdwnExc8NTDJ8RIGUmVfgC6or5crnYaggARPIEg5-Cb0xVdEPPZ3oZ01ImLmynLu3qXT9O8kVM-H21--OKeztMRn7bySsbXdWEGtETFQ==',
@ -145,6 +144,13 @@
'steam-chat-viewer': { 'steam-chat-viewer': {
'hostname': 'steam-chats.ckn.li', 'hostname': 'steam-chats.ckn.li',
}, },
'sysctl': {
'net': {
'ipv4': {
'ip_forward': 1,
},
},
},
'systemd-swap': 4_000_000_000, 'systemd-swap': 4_000_000_000,
'tasmota-charge': { 'tasmota-charge': {
'phone': { 'phone': {
@ -166,19 +172,6 @@
'threads': 32, 'threads': 32,
'ram': 49152, 'ram': 49152,
}, },
'wireguard': {
'my_ip': '172.30.0.2/32',
's2s': {
'netcup.mails': {
'allowed_ips': [
'10.0.10.0/24',
'10.0.11.0/24',
'192.168.179.0/24',
'10.0.227.0/24', # mseibert.freescout
],
},
},
},
'zfs': { 'zfs': {
'zfs_arc_max_percent': 80, 'zfs_arc_max_percent': 80,
'storage_classes': { 'storage_classes': {

2
nodes/htz.games.py
View file

@ -37,7 +37,7 @@
'network': { 'network': {
'internal': { 'internal': {
'interface': 'ens10', 'interface': 'ens10',
'ipv4': '10.0.10.3/32', 'ipv4': '10.0.10.2/32',
}, },
'external': { 'external': {
'interface': 'eth0', 'interface': 'eth0',

40
nodes/netcup.mails.py → nodes/htz.mails.py
View file

@ -1,8 +1,9 @@
{ {
'hostname': '202.61.255.108', 'hostname': '49.12.184.229',
'groups': [ 'groups': [
'backup', 'backup',
'debian-12', 'debian-12',
'hetzner-cloud',
'mailserver', 'mailserver',
'monitored', 'monitored',
'webserver', 'webserver',
@ -15,7 +16,7 @@
'build-ci', 'build-ci',
'download-server', 'download-server',
'islamicstate.eu', 'islamicstate.eu',
'nginx-rtmps', #'nginx-rtmps',
#'steam', #'steam',
'wireguard', 'wireguard',
'zfs', 'zfs',
@ -24,14 +25,14 @@
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': { 'network': {
'internal': { 'internal': {
'interface': 'eth1', 'interface': 'enp7s0',
'ipv4': '10.0.11.3/24', 'ipv4': '10.0.10.2/24',
}, },
'external': { 'external': {
'interface': 'eth0', 'interface': 'eth0',
'ipv4': '202.61.255.108/22', 'ipv4': '49.12.184.229/32',
'gateway4': '202.61.252.1', 'gateway4': '172.31.1.1',
'ipv6': '2a03:4000:55:a89::1/64', 'ipv6': '2a01:4f8:c013:51f2::1',
'gateway6': 'fe80::1', 'gateway6': 'fe80::1',
} }
}, },
@ -58,20 +59,20 @@
}, },
'dns': { 'dns': {
'ckn.li': { 'ckn.li': {
'A': ['202.61.255.108'], 'A': ['49.12.184.229'],
'AAAA': ['2a01:4f8:1c1c:4121::1'], 'AAAA': ['2a01:4f8:c013:51f2::1'],
}, },
'sublimity.de': { 'sublimity.de': {
'A': ['202.61.255.108'], 'A': ['49.12.184.229'],
'AAAA': ['2a01:4f8:1c1c:4121::1'], 'AAAA': ['2a01:4f8:c013:51f2::1'],
}, },
'freibrief.net': { 'freibrief.net': {
'A': ['202.61.255.108'], 'A': ['49.12.184.229'],
'AAAA': ['2a01:4f8:1c1c:4121::1'], 'AAAA': ['2a01:4f8:c013:51f2::1'],
}, },
'left4.me': { 'left4.me': {
'A': ['202.61.255.108'], 'A': ['49.12.184.229'],
'AAAA': ['2a01:4f8:1c1c:4121::1'], 'AAAA': ['2a01:4f8:c013:51f2::1'],
}, },
'elimu-kwanza.de': { 'elimu-kwanza.de': {
'TXT': ['google-site-verification=JwgcfXQ6nIXKxjMqUGHVBDISgMCQXgzMryPBsP2ZXnE'], 'TXT': ['google-site-verification=JwgcfXQ6nIXKxjMqUGHVBDISgMCQXgzMryPBsP2ZXnE'],
@ -195,21 +196,22 @@
}, },
'vm': { 'vm': {
'cores': 4, 'cores': 4,
'ram': 16384, 'ram': 8192,
}, },
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.1/24', 'my_ip': '172.30.0.1/24',
's2s': { 's2s': {
'home.server': { 'home.router': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.99.0/24',
], ],
}, },
'ovh.secondary': { 'ovh.secondary': {
'allowed_ips': [ 'allowed_ips': [
'10.0.11.0/24', '10.0.10.0/24',
], ],
}, },
'wb.offsite-backups': { 'wb.offsite-backups': {
@ -239,7 +241,7 @@
'pools': { 'pools': {
'tank': { 'tank': {
'devices': [ 'devices': [
'/dev/sda4', '/dev/disk/by-id/scsi-0HC_Volume_101332312',
], ],
}, },
}, },

4
nodes/mseibert.freescout.py
View file

@ -37,13 +37,13 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.238/32', 'my_ip': '172.30.0.238/32',
's2s': { 's2s': {
'netcup.mails': { 'htz.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.10.0/24', '10.0.10.0/24',
'10.0.11.0/24', '10.0.10.0/24',
], ],
}, },
}, },

8
nodes/ovh.secondary.py
View file

@ -20,22 +20,22 @@
}, },
}, },
'bind': { 'bind': {
'master_node': 'netcup.mails', 'master_node': 'htz.mails',
'hostname': 'secondary.resolver.name', 'hostname': 'secondary.resolver.name',
}, },
# 'postfix': { # 'postfix': {
# 'master_node': 'netcup.mails', # 'master_node': 'htz.mails',
# 'hostname': 'mail2.sublimity.de', # 'hostname': 'mail2.sublimity.de',
# }, # },
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.3/32', 'my_ip': '172.30.0.3/32',
's2s': { 's2s': {
'netcup.mails': { 'htz.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.11.0/24', '10.0.10.0/24',
], ],
}, },
}, },

5
nodes/wb.offsite-backups.py
View file

@ -1,4 +1,5 @@
{ {
'dummy': True,
'hostname': '192.168.179.20', 'hostname': '192.168.179.20',
'groups': [ 'groups': [
'debian-11', 'debian-11',
@ -43,13 +44,13 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.4/32', 'my_ip': '172.30.0.4/32',
's2s': { 's2s': {
'netcup.mails': { 'htz.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.10.0/24', '10.0.10.0/24',
'10.0.11.0/24', '10.0.10.0/24',
], ],
}, },
}, },