cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-14 01:31:45 +02:00
parent 49d2572998
commit 72581c28ec
13 changed files with 390 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bundles/gitea/items.py
View file

@ -1,6 +1,8 @@
version = version=node.metadata.get('gitea/version')
downloads['/usr/local/bin/gitea'] = { downloads['/usr/local/bin/gitea'] = {
'url': 'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64'.format(version=node.metadata['gitea']['version']), 'url': f'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64',
'sha256': node.metadata['gitea']['sha256'], 'sha256': node.metadataget('gitea/sha256'),
'triggers': { 'triggers': {
'svc_systemd:gitea:restart', 'svc_systemd:gitea:restart',
}, },

1
bundles/mailserver/items.py
View file

@ -1,3 +1,4 @@
assert node.has_bundle('postfix') assert node.has_bundle('postfix')
assert node.has_bundle('dovecot') assert node.has_bundle('dovecot')
assert node.has_bundle('letsencrypt') assert node.has_bundle('letsencrypt')
assert node.has_bundle('roundcube')

27
bundles/nginx/files/fastcgi.conf Normal file
View file

@ -0,0 +1,27 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
# This is the only thing that's different to the debian default.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

5
bundles/nginx/items.py
View file

@ -38,6 +38,11 @@ files = {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
}, },
'/etc/nginx/fastcgi.conf': {
'triggers': {
'svc_systemd:nginx:restart',
},
},
} }
actions = { actions = {

102
bundles/php/files/php.ini Normal file
View file

@ -0,0 +1,102 @@
[PHP]
; Only needed for libapache2-mod-php?
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals
ignore_user_abort = Off
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
html_errors = On
error_log = syslog
syslog.ident = php7.4
syslog.filter = ascii
arg_separator.output = "&"
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = ${post_max_size}M
default_mimetype = "text/html"
default_charset = "UTF-8"
enable_dl = Off
file_uploads = On
upload_max_filesize = ${post_max_size}M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 10
[CLI Server]
cli_server.color = On
[mail function]
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 32
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 6
[Assertion]
zend.assertions = -1
[Date]
date.timezone = Europe/London

37
bundles/php/items.py Normal file
View file

@ -0,0 +1,37 @@
version = node.metadata.get('php/version')
php_ini_context = {
'num_cpus': node.metadata.get('vm/cpu'),
'post_max_size': node.metadata.get('php/post_max_size', 10),
}
files = {
f'/etc/php/{version}/fpm/php.ini': {
'content_type': 'mako',
'context': php_ini_context,
'needs': {
# "all php packages"
'pkg_apt:'
},
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
},
},
f'/etc/php/{version}/cli/php.ini': {
'content_type': 'mako',
'context': php_ini_context,
'needs': {
# "all php packages"
'pkg_apt:'
},
},
}
svc_systemd = {
f'php{version}-fpm': {
'needs': {
'pkg_apt:',
f'file:/etc/php/{version}/fpm/php.ini',
},
},
}

7
bundles/php/metadata.py Normal file
View file

@ -0,0 +1,7 @@
defaults = {
'apt': {
'packages': {
'php': {},
},
},
}

79
bundles/roundcube/files/config.inc.php Normal file
View file

@ -0,0 +1,79 @@
<?php
% if installer:
$config['enable_installer'] = true;
% endif
/* Local configuration for Roundcube Webmail */
// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}';
// ----------------------------------
// IMAP
// ----------------------------------
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
// required to match old user data records with the new host.
$config['default_host'] = 'localhost';
// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = '';
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = '${des_key}';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = '${product_name}';
// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)});
// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$config['language'] = 'de_DE';

34
bundles/roundcube/items.py Normal file
View file

@ -0,0 +1,34 @@
assert node.has_bundle('php')
assert node.has_bundle('mailserver')
git_deploy['/opt/roundcube'] = {
'repo': "https://github.com/roundcube/roundcubemail.git",
'rev': node.metadata.get('roundcube/version'),
}
files['/opt/roundcube/config/config.inc.php'] = {
'content_type': 'mako',
'context': {
'installer': node.metadata.get('roundcube/installer'),
'product_name': node.metadata.get('roundcube/product_name'),
'des_key': node.metadata.get('roundcube/des_key'),
'database': node.metadata.get('roundcube/database'),
'plugins': node.metadata.get('roundcube/plugins'),
},
'needs': [
'git_deploy:/opt/roundcube',
],
}
directories['/opt/roundcube/logs'] = {
'owner': 'www-data',
'needs': [
'git_deploy:/opt/roundcube',
],
}
directories['/opt/roundcube/temp'] = {
'owner': 'www-data',
'needs': [
'git_deploy:/opt/roundcube',
],
}

71
bundles/roundcube/metadata.py Normal file
View file

@ -0,0 +1,71 @@
database_password = repo.vault.password_for(f'{node.name} postgresql roundcube')
defaults = {
'apt': {
'packages': {
'php': {},
'php-auth-sasl': {},
'php-cli': {},
'php-fpm': {},
'php-imagick': {},
'php-intl': {},
'php-mail-mime': {},
'php-mbstring': {},
'php-net-idna2': {},
'php-net-smtp': {},
'php-net-socket': {},
'php-pear': {},
'php-pgsql': {},
'php-xml': {},
'php-zip': {},
},
},
'nginx': {
'vhosts': {
'roundcube': {
'webroot': '/opt/roundcube',
'php': True,
},
},
},
'roundcube': {
'database': {
'provider': 'pgsql',
'host': 'localhost',
'name': 'roundcube',
'user': 'roundcube',
'password': database_password,
},
'plugins': [
'managesieve',
'password',
],
'des_key': repo.vault.password_for(f'{node.name} roundcube des_key'),
},
'postgresql': {
'roles': {
'roundcube': {
'password': database_password,
},
},
'databases': {
'roundcube': {
'owner': 'roundcube',
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/roundcube/domain'
)
def domain(metadata):
return {
'nginx': {
'vhosts': {
'roundcube': {
'domain': metadata.get('mailserver/hostname'),
},
},
},
}

2
groups/applications/mailserver.py
View file

@ -3,7 +3,9 @@
'dovecot', 'dovecot',
'letsencrypt', 'letsencrypt',
'mailserver', 'mailserver',
'php',
'postfix', 'postfix',
'postgresql', 'postgresql',
'roundcube',
], ],
} }

9
groups/os/debian-10.py
View file

@ -3,9 +3,12 @@
'debian', 'debian',
], ],
'metadata': { 'metadata': {
'php': {
'version': '7.3',
},
'postgresql': { 'postgresql': {
'version': 11, 'version': '11',
} },
}, },
'os_version': (10,) 'os_version': (10,),
} }

22
nodes/htz.mails.py
View file

@ -39,8 +39,22 @@
}, },
}, },
'mailserver': { 'mailserver': {
'hostname': 'mail2.sublimity.de',
'admin_email': 'postmaster@sublimity.de', 'admin_email': 'postmaster@sublimity.de',
'hostname': 'mail.sublimity.de', },
'roundcube': {
'product_name': 'Sublimity Mail',
'version': '1.4.11',
'installer': True,
},
'vm': {
'cpu': 2,
},
'wireguard': {
'my_ip': '172.19.136.2/22',
'peers': {
'home.server': {},
},
}, },
'zfs': { 'zfs': {
'pools': { 'pools': {
@ -49,11 +63,5 @@
}, },
}, },
}, },
'wireguard': {
'my_ip': '172.19.136.2/22',
'peers': {
'home.server': {},
},
},
}, },
} }