diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 07dffc3..58fd34e 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -11,7 +11,7 @@ directories = { 'needs': [ 'zfs_dataset:tank/mariadb', ], - 'needed_by': [ + 'needs': [ 'pkg_apt:mariadb-server', 'pkg_apt:mariadb-client', ], diff --git a/bundles/mariadb/metadata.py b/bundles/mariadb/metadata.py index ee406cb..8b65e31 100644 --- a/bundles/mariadb/metadata.py +++ b/bundles/mariadb/metadata.py @@ -3,12 +3,12 @@ defaults = { 'packages': { 'mariadb-server': { 'needs': { - 'zfs_dataset:tank/mariadb', + #'zfs_dataset:tank/mariadb', }, }, 'mariadb-client': { 'needs': { - 'zfs_dataset:tank/mariadb', + #'zfs_dataset:tank/mariadb', }, }, }, diff --git a/bundles/systemd-networkd/files/resolv.conf b/bundles/systemd-networkd/files/resolv.conf index e4f8999..3d4ed1a 100644 --- a/bundles/systemd-networkd/files/resolv.conf +++ b/bundles/systemd-networkd/files/resolv.conf @@ -1,3 +1,3 @@ % for nameserver in sorted(node.metadata.get('nameservers')): -nameserver ${nameserver} +nameserver 8.8.8.8 % endfor diff --git a/bundles/yourls/files/config.php b/bundles/yourls/files/config.php new file mode 100644 index 0000000..821e139 --- /dev/null +++ b/bundles/yourls/files/config.php @@ -0,0 +1,24 @@ + '${password}', +% endfor +]; + +define( 'YOURLS_URL_CONVERT', 36 ); + +define( 'YOURLS_DEBUG', false ); + +$yourls_reserved_URL = []; \ No newline at end of file diff --git a/bundles/yourls/items.py b/bundles/yourls/items.py new file mode 100644 index 0000000..6efd7ed --- /dev/null +++ b/bundles/yourls/items.py @@ -0,0 +1,38 @@ +directories = { + '/var/www/yourls/htdocs': { + 'owner': 'www-data', + 'group': 'www-data', + 'mode': '0755', + }, +} + +git_deploy = { + '/var/www/yourls/htdocs': { + 'repo': 'https://github.com/YOURLS/YOURLS.git', + 'rev': node.metadata.get('yourls/version'), + 'needs': [ + 'directory:/var/www/yourls/htdocs', + ], + 'triggers': [ + 'svc_systemd:nginx:restart', + ], + }, +} + +files = { + f'/var/www/yourls/htdoc/user/config.php': { + 'content_type': 'mako', + 'mode': '0440', + 'owner': 'www-data', + 'group': 'www-data', + 'context': { + 'db_password': node.metadata.get('mariadb/databases/yourls/password'), + 'url': node.metadata.get('yourls/url'), + 'cookiekey': node.metadata.get('yourls/cookiekey'), + 'users': node.metadata.get('yourls/users'), + }, + 'needs': [ + 'git_deploy:/var/www/yourls/htdocs', + ], + }, +} diff --git a/bundles/yourls/metadata.py b/bundles/yourls/metadata.py new file mode 100644 index 0000000..967d978 --- /dev/null +++ b/bundles/yourls/metadata.py @@ -0,0 +1,25 @@ +defaults = { + 'mariadb': { + 'databases': { + 'yourls': { + 'password': repo.vault.random_bytes_as_base64_for(f'{node.name} yourls DB', length=32).value, + }, + }, + }, +} + + +metadata_reactor.provides( + 'nginx/vhosts/yourls', +) +def nginx(metadata): + return { + 'nginx': { + 'vhosts': { + 'yourls': { + 'server_name': metadata.get('yourls/url'), + 'php_version': metadata.get('php/version'), + }, + }, + }, + } diff --git a/data/yourls/vhost.conf b/data/yourls/vhost.conf new file mode 100644 index 0000000..0fef8a5 --- /dev/null +++ b/data/yourls/vhost.conf @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${server_name}; + + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + + root /var/www/yourls/htdocs; + + location / { + try_files $uri $uri/ /yourls-loader.php$is_args$args; + } + + location ~ \.php$ { + include params/fastcgi; + fastcgi_index index.php; + + # MUST BE EDITED TO REFLECT YOUR CONFIGURATION + fastcgi_pass unix:/var/run/php/php${php_version}-fpm.sock; + } +} \ No newline at end of file diff --git a/nodes/mseibert.yourls.py b/nodes/mseibert.yourls.py new file mode 100644 index 0000000..5bbdaf7 --- /dev/null +++ b/nodes/mseibert.yourls.py @@ -0,0 +1,56 @@ +# https://teamvault.apps.seibert-media.net/secrets/mkqMRv/ +# https://console.hetzner.cloud/projects/889138/servers/46578341 + +{ + 'hostname': '168.119.250.114', + 'groups': [ + #'backup', + 'debian-12', + #'monitored', + 'webserver', + ], + 'bundles': [ + #'wireguard', + 'mariadb', + 'php', + 'yourls', + 'zfs', + ], + 'metadata': { + 'id': '52efcd47-edd8-426c-aead-c492553d14f9', + 'network': { + 'internal': { + 'interface': 'ens10', + 'ipv4': '10.0.227.4/24', + }, + 'external': { + 'interface': 'eth0', + 'ipv4': '168.119.250.114/32', + 'gateway4': '172.31.1.1', + 'ipv6': '2a01:4f8:c013:e321::2/64', + 'gateway6': 'fe80::1', + }, + }, + 'vm': { + 'cores': 2, + 'ram': 4096, + }, + 'yourls': { + 'url': "https://direkt.oranienschule.de", + 'cookiekey': "!decrypt:encrypt$gAAAAABoRvmcUs3t7PREllyeN--jBqs0XYewMHW16GWC-ikLzsDSe02YKGycOlgXuHU4hzKbNjGMEutpFXRLk9Zji6bbpy4GdyE6vStfwd8ZT0obAyoqBPwI47LwUlDSFMS51y5j8rG5", + 'version': "1.10.1", + 'users': { + 'mseibert': "testtesttest", + }, + }, + 'zfs': { + 'pools': { + 'tank': { + 'devices': [ + '/var/lib/zfs_file', + ], + }, + }, + }, + }, +}