wip

bundles/mariadb/items.py

@@ -11,7 +11,7 @@ directories = {
         'needs': [
             'zfs_dataset:tank/mariadb',
         ],
-        'needed_by': [
+        'needs': [
             'pkg_apt:mariadb-server',
             'pkg_apt:mariadb-client',
         ],

bundles/mariadb/metadata.py

@@ -3,12 +3,12 @@ defaults = {
         'packages': {
             'mariadb-server': {
                 'needs': {
-                    'zfs_dataset:tank/mariadb',
+                    #'zfs_dataset:tank/mariadb',
                 },
             },
             'mariadb-client': {
                 'needs': {
-                    'zfs_dataset:tank/mariadb',
+                    #'zfs_dataset:tank/mariadb',
                 },
             },
         },

bundles/systemd-networkd/files/resolv.conf

@@ -1,3 +1,3 @@
 % for nameserver in sorted(node.metadata.get('nameservers')):
-nameserver ${nameserver}
+nameserver 8.8.8.8
 % endfor

bundles/yourls/files/config.php

@@ -0,0 +1,24 @@
+<?php
+define( 'YOURLS_DB_USER', 'yourls' );
+define( 'YOURLS_DB_PASS', '${db_password}' );
+define( 'YOURLS_DB_NAME', 'yourls' );
+define( 'YOURLS_DB_HOST', 'localhost' );
+define( 'YOURLS_DB_PREFIX', 'yourls_' );
+
+define( 'YOURLS_SITE', '${url}' );
+define( 'YOURLS_LANG', '' );
+define( 'YOURLS_UNIQUE_URLS', true );
+define( 'YOURLS_PRIVATE', true );
+define( 'YOURLS_COOKIEKEY', '${cookiekey}' );
+
+$yourls_user_passwords = [
+% for username, password in users.items():
+	'${username}' => '${password}',
+% endfor
+];
+
+define( 'YOURLS_URL_CONVERT', 36 );
+
+define( 'YOURLS_DEBUG', false );
+
+$yourls_reserved_URL = [];

bundles/yourls/items.py

@@ -0,0 +1,38 @@
+directories = {
+    '/var/www/yourls/htdocs': {
+        'owner': 'www-data',
+        'group': 'www-data',
+        'mode': '0755',
+    },
+}
+
+git_deploy = {
+    '/var/www/yourls/htdocs': {
+        'repo': 'https://github.com/YOURLS/YOURLS.git',
+        'rev': node.metadata.get('yourls/version'),
+        'needs': [
+            'directory:/var/www/yourls/htdocs',
+        ],
+        'triggers': [
+            'svc_systemd:nginx:restart',
+        ],
+    },
+}
+
+files = {
+    f'/var/www/yourls/htdoc/user/config.php': {
+        'content_type': 'mako',
+        'mode': '0440',
+        'owner': 'www-data',
+        'group': 'www-data',
+        'context': {
+            'db_password': node.metadata.get('mariadb/databases/yourls/password'),
+            'url': node.metadata.get('yourls/url'),
+            'cookiekey': node.metadata.get('yourls/cookiekey'),
+            'users': node.metadata.get('yourls/users'),
+        },
+        'needs': [
+            'git_deploy:/var/www/yourls/htdocs',
+        ],
+    },
+}

bundles/yourls/metadata.py

@@ -0,0 +1,25 @@
+defaults = {
+    'mariadb': {
+        'databases': {
+            'yourls': {
+                'password': repo.vault.random_bytes_as_base64_for(f'{node.name} yourls DB', length=32).value,
+            },
+        },
+    },
+}
+
+
+metadata_reactor.provides(
+    'nginx/vhosts/yourls',
+)
+def nginx(metadata):
+    return {
+        'nginx': {
+            'vhosts': {
+                'yourls': {
+                    'server_name': metadata.get('yourls/url'),
+                    'php_version': metadata.get('php/version'),
+                },
+            },
+        },
+    }

data/yourls/vhost.conf

@@ -0,0 +1,22 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name ${server_name};
+
+  ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
+  ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
+
+  root /var/www/yourls/htdocs;
+
+  location / {
+    try_files $uri $uri/ /yourls-loader.php$is_args$args;
+  }
+
+  location ~ \.php$ {
+    include params/fastcgi;
+    fastcgi_index index.php;
+
+    # MUST BE EDITED TO REFLECT YOUR CONFIGURATION
+    fastcgi_pass unix:/var/run/php/php${php_version}-fpm.sock;
+  }
+}

nodes/mseibert.yourls.py

@@ -0,0 +1,56 @@
+# https://teamvault.apps.seibert-media.net/secrets/mkqMRv/
+# https://console.hetzner.cloud/projects/889138/servers/46578341
+
+{
+    'hostname': '168.119.250.114',
+    'groups': [
+        #'backup',
+        'debian-12',
+        #'monitored',
+        'webserver',
+    ],
+    'bundles': [
+        #'wireguard',
+        'mariadb',
+        'php',
+        'yourls',
+        'zfs',
+    ],
+    'metadata': {
+        'id': '52efcd47-edd8-426c-aead-c492553d14f9',
+        'network': {
+            'internal': {
+                'interface': 'ens10',
+                'ipv4': '10.0.227.4/24',
+            },
+            'external': {
+                'interface': 'eth0',
+                'ipv4': '168.119.250.114/32',
+                'gateway4': '172.31.1.1',
+                'ipv6': '2a01:4f8:c013:e321::2/64',
+                'gateway6': 'fe80::1',
+            },
+        },
+        'vm': {
+            'cores': 2,
+            'ram': 4096,
+        },
+        'yourls': {
+            'url': "https://direkt.oranienschule.de",
+            'cookiekey': "!decrypt:encrypt$gAAAAABoRvmcUs3t7PREllyeN--jBqs0XYewMHW16GWC-ikLzsDSe02YKGycOlgXuHU4hzKbNjGMEutpFXRLk9Zji6bbpy4GdyE6vStfwd8ZT0obAyoqBPwI47LwUlDSFMS51y5j8rG5",
+            'version': "1.10.1",
+            'users': {
+                'mseibert': "testtesttest",
+            },
+        },
+        'zfs': {
+            'pools': {
+                'tank': {
+                    'devices': [
+                        '/var/lib/zfs_file',
+                    ],
+                },
+            },
+        },
+    },
+}