left4me: refresh README + opt ovh.left4me in via groups
README:
Updated metadata example to show domain as the only required key.
Documented the bundle's derived_from_domain reactor as the source of
nginx/letsencrypt/monitoring/nftables-input wiring, and the
bundle-defaults source of backup/paths.
nodes/ovh.left4me.py:
- groups: + backup, + left4me, + webserver
- bundles: dropped 'left4me' and 'nftables' (come via groups now;
nftables ships with debian-13).
- metadata: pinned vm/cores=4, vm/threads=8 (4-core HT box) so the
nginx bundle's worker_processes resolves; left4me block reduced to
{'domain': 'left4.me'} — git_url, git_branch, secret_key, and the
nginx/letsencrypt/monitoring/nftables/backup blocks now come from
bundle defaults / the derived_from_domain reactor.
This commit is contained in:
parent
90f14b69e4
commit
7b291acca1
SSH key fingerprint:
SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
2 changed files with 24 additions and 4 deletions
|
|
@ -11,19 +11,29 @@ external interface prioritizes srcds UDP over bulk traffic.
|
||||||
```python
|
```python
|
||||||
'metadata': {
|
'metadata': {
|
||||||
'left4me': {
|
'left4me': {
|
||||||
'git_url': 'git@git.sublimity.de:cronekorkn/left4me', # required
|
'domain': 'whatever.tld', # required — the only per-node knob
|
||||||
'git_branch': 'master', # required
|
# Everything below is optional and has a sensible default in the
|
||||||
'secret_key': '!32_random_bytes_as_base64_for:<node>_left4me_secret_key',
|
# bundle. Override per-node only if the default is wrong:
|
||||||
# optional, defaults shown:
|
# 'git_url': 'git@git.sublimity.de:cronekorkn/left4me',
|
||||||
|
# 'git_branch': 'master',
|
||||||
# 'gunicorn_workers': 1,
|
# 'gunicorn_workers': 1,
|
||||||
# 'gunicorn_threads': 32,
|
# 'gunicorn_threads': 32,
|
||||||
# 'job_worker_threads': 4,
|
# 'job_worker_threads': 4,
|
||||||
# 'port_range_start': 27015,
|
# 'port_range_start': 27015,
|
||||||
# 'port_range_end': 27115,
|
# 'port_range_end': 27115,
|
||||||
|
# secret_key is auto-derived per node
|
||||||
|
# (repo.vault.random_bytes_as_base64_for f'{node.name} left4me secret_key').
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The bundle's `derived_from_domain` reactor reads `left4me/domain` and
|
||||||
|
emits the corresponding `nginx/vhosts`, `letsencrypt/domains`,
|
||||||
|
`monitoring/services/left4me-web` (HTTPS health check), and the game-
|
||||||
|
port `nftables/input` accept rules. Backup paths
|
||||||
|
(`/var/lib/left4me`, `/etc/left4me`) are set-merged into `backup/paths`
|
||||||
|
from defaults. None of these need to be declared per-node.
|
||||||
|
|
||||||
## What this bundle does
|
## What this bundle does
|
||||||
|
|
||||||
- Creates system users `left4me` (uid/gid 980, home `/var/lib/left4me`,
|
- Creates system users `left4me` (uid/gid 980, home `/var/lib/left4me`,
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,21 @@
|
||||||
{
|
{
|
||||||
'hostname': '141.95.32.8',
|
'hostname': '141.95.32.8',
|
||||||
'groups': [
|
'groups': [
|
||||||
|
'backup',
|
||||||
'debian-13',
|
'debian-13',
|
||||||
|
'left4me',
|
||||||
'monitored',
|
'monitored',
|
||||||
|
'webserver',
|
||||||
],
|
],
|
||||||
'bundles': [
|
'bundles': [
|
||||||
'wireguard',
|
'wireguard',
|
||||||
],
|
],
|
||||||
'metadata': {
|
'metadata': {
|
||||||
'id': '14d2abc-3855-4bb7-99e2-d4e3eb0344dd',
|
'id': '14d2abc-3855-4bb7-99e2-d4e3eb0344dd',
|
||||||
|
'vm': {
|
||||||
|
'cores': 4, # 4 physical, 8 with HT
|
||||||
|
'threads': 8,
|
||||||
|
},
|
||||||
'network': {
|
'network': {
|
||||||
'external': {
|
'external': {
|
||||||
'interface': 'enp3s0f0',
|
'interface': 'enp3s0f0',
|
||||||
|
|
@ -34,5 +41,8 @@
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'left4me': {
|
||||||
|
'domain': 'left4.me',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue