diff --git a/bundles/apt/README.md b/bundles/apt/README.md index 012d490..88d9c21 100644 --- a/bundles/apt/README.md +++ b/bundles/apt/README.md @@ -13,6 +13,9 @@ 'deb', 'deb-src', }, + 'options': { # optional + 'aarch': 'amd64', + }, 'urls': { 'https://deb.debian.org/debian', }, diff --git a/bundles/gitea/files/app.ini b/bundles/gitea/files/app.ini index 71539cc..56acb8d 100644 --- a/bundles/gitea/files/app.ini +++ b/bundles/gitea/files/app.ini @@ -40,7 +40,7 @@ ENABLE_OPENID_SIGNUP = false [service] REGISTER_EMAIL_CONFIRM = true ENABLE_NOTIFY_MAIL = true -DISABLE_REGISTRATION = false +DISABLE_REGISTRATION = true ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = false diff --git a/bundles/grafana/metadata.py b/bundles/grafana/metadata.py index 12f95ce..dc7fd9d 100644 --- a/bundles/grafana/metadata.py +++ b/bundles/grafana/metadata.py @@ -63,6 +63,9 @@ defaults = { }, }, }, + 'nginx': { + 'has_websockets': True, + }, } @@ -138,6 +141,7 @@ def dns(metadata): def nginx(metadata): return { 'nginx': { + 'has_websockets': True, 'vhosts': { metadata.get('grafana/hostname'): { 'content': 'grafana/vhost.conf', diff --git a/bundles/kea-dhcpd/items.py b/bundles/kea-dhcpd/items.py index ba5846d..5d1fd00 100644 --- a/bundles/kea-dhcpd/items.py +++ b/bundles/kea-dhcpd/items.py @@ -15,7 +15,7 @@ svc_systemd = { 'needs': [ 'pkg_apt:kea-dhcp4-server', 'file:/etc/kea/kea-dhcp4.conf', - 'svc_systemd:systemd-networkd:restart', + 'svc_systemd:systemd-networkd.service:restart', ], }, } diff --git a/bundles/nginx/files/nginx.conf b/bundles/nginx/files/nginx.conf index f4beed0..20fef48 100644 --- a/bundles/nginx/files/nginx.conf +++ b/bundles/nginx/files/nginx.conf @@ -31,5 +31,13 @@ http { } % endif + + % if has_websockets: + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + % endif + include /etc/nginx/sites/*; } diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py index b8f5849..f94feb5 100644 --- a/bundles/nginx/items.py +++ b/bundles/nginx/items.py @@ -33,6 +33,7 @@ files = { 'context': { 'modules': node.metadata.get('nginx/modules'), 'worker_processes': node.metadata.get('vm/cores'), + 'has_websockets': node.metadata.get('nginx/has_websockets'), }, 'triggers': { 'svc_systemd:nginx:restart', diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index a5ab350..37f3f8a 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -18,6 +18,7 @@ defaults = { 'nginx': { 'vhosts': {}, 'modules': set(), + 'has_websockets': False, }, 'systemd': { 'units': { diff --git a/bundles/proxmox-ve/items.py b/bundles/proxmox-ve/items.py new file mode 100644 index 0000000..d00540f --- /dev/null +++ b/bundles/proxmox-ve/items.py @@ -0,0 +1,21 @@ +files = { + '/etc/apt/apt.conf.d/10pveapthook': { + 'content_type': 'any', + 'mode': '0644', + }, + '/etc/apt/apt.conf.d/76pveconf': { + 'content_type': 'any', + 'mode': '0444', + }, + '/etc/apt/apt.conf.d/76pveproxy': { + 'content_type': 'any', + 'mode': '0444', + }, + '/etc/network/interfaces': { + 'content_type': 'any', + }, +} + +symlinks['/etc/ssh/ssh_host_rsa_key.pub'] = { + 'target': '/etc/ssh/ssh_host_managed_key.pub', +} diff --git a/bundles/proxmox-ve/metadata.py b/bundles/proxmox-ve/metadata.py new file mode 100644 index 0000000..52cc30a --- /dev/null +++ b/bundles/proxmox-ve/metadata.py @@ -0,0 +1,98 @@ +defaults = { + 'apt': { + 'packages': { + 'linux-image-amd64': { + 'installed': False, + }, + 'proxmox-default-kernel': {}, + # after reboot + 'proxmox-ve': {}, + 'postfix': {}, + 'open-iscsi': {}, + 'chrony': {}, + 'os-prober': { + 'installed': False, + }, + }, + 'sources': { + 'proxmox-ve': { + 'options': { + 'aarch': 'amd64', + }, + 'urls': { + 'http://download.proxmox.com/debian/pve', + }, + 'suites': { + '{codename}', + }, + 'components': { + 'pve-no-subscription', + }, + 'key': 'proxmox-ve-{codename}', + }, + }, + }, + # 'nftables': { + # 'input': { + # 'tcp dport 8006 accept', + # }, + # }, + 'zfs': { + 'datasets': { + 'tank/proxmox-ve': { + 'mountpoint': '/var/lib/proxmox-ve', + }, + } + } +} + + +# @metadata_reactor.provides( +# 'systemd', +# ) +# def bridge(metadata): +# return { +# 'systemd': { +# 'units': { +# # f'internal.network': { +# # 'Network': { +# # 'Bridge': 'br0', +# # }, +# # }, +# 'br0.netdev': { +# 'NetDev': { +# 'Name': 'br0', +# 'Kind': 'bridge' +# }, +# }, +# 'br0.network': { +# 'Match': { +# 'Name': 'br0', +# }, +# 'Network': { +# 'Unmanaged': 'yes' +# }, +# }, +# }, +# }, +# } + + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx(metadata): + return { + 'nginx': { + 'has_websockets': True, + 'vhosts': { + metadata.get('proxmox-ve/domain'): { + 'content': 'nginx/proxy_pass.conf', + 'context': { + 'target': 'https://localhost:8006', + 'websockets': True, + } + }, + }, + }, + } diff --git a/bundles/systemd-networkd/items.py b/bundles/systemd-networkd/items.py index 07be82b..f8b80c8 100644 --- a/bundles/systemd-networkd/items.py +++ b/bundles/systemd-networkd/items.py @@ -1,9 +1,6 @@ assert node.has_bundle('systemd') files = { - '/etc/network/interfaces': { - 'delete': True, - }, '/etc/resolv.conf': { 'content_type': 'mako', }, @@ -19,5 +16,11 @@ directories = { } svc_systemd = { - 'systemd-networkd': {}, + 'systemd-networkd.service': {}, } + + +if not node.has_bundle('proxmox-ve'): + files['/etc/network/interfaces'] = { + 'delete': True, + } diff --git a/bundles/systemd/items.py b/bundles/systemd/items.py index 7927115..7816130 100644 --- a/bundles/systemd/items.py +++ b/bundles/systemd/items.py @@ -24,10 +24,10 @@ for name, unit in node.metadata.get('systemd/units').items(): path = f'/etc/systemd/network/{name}' dependencies = { 'needed_by': [ - 'svc_systemd:systemd-networkd', + 'svc_systemd:systemd-networkd.service', ], 'triggers': [ - 'svc_systemd:systemd-networkd:restart', + 'svc_systemd:systemd-networkd.service:restart', ], } elif extension in ['timer', 'service', 'mount', 'swap', 'target']: diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index b4d1c13..f06e259 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -12,7 +12,7 @@ defaults = { 'wireguard': { 'backports': node.os_version < (11,), 'triggers': [ - 'svc_systemd:systemd-networkd:restart', + 'svc_systemd:systemd-networkd.service:restart', ], }, }, diff --git a/data/apt/keys/proxmox-ve-bookworm.gpg b/data/apt/keys/proxmox-ve-bookworm.gpg new file mode 100644 index 0000000..8e6e95e Binary files /dev/null and b/data/apt/keys/proxmox-ve-bookworm.gpg differ diff --git a/data/grafana/vhost.conf b/data/grafana/vhost.conf index c8c395e..81ba4d6 100644 --- a/data/grafana/vhost.conf +++ b/data/grafana/vhost.conf @@ -1,13 +1,8 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ${server_name}; - + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; diff --git a/data/nginx/proxy_pass.conf b/data/nginx/proxy_pass.conf index 7d3069f..d682396 100644 --- a/data/nginx/proxy_pass.conf +++ b/data/nginx/proxy_pass.conf @@ -8,6 +8,10 @@ server { location / { proxy_set_header X-Real-IP $remote_addr; +% if websockets: + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; +% endif proxy_pass ${target}; } } diff --git a/groups.py b/groups.py index 6674fe8..05999a8 100644 --- a/groups.py +++ b/groups.py @@ -6,4 +6,8 @@ for root, dirs, files in walk(join(repo_path, "groups")): if filename.endswith(".py"): group = join(root, filename) with open(group, 'r', encoding='utf-8') as f: - groups[splitext(basename(filename))[0]] = eval(f.read()) + try: + groups[splitext(basename(filename))[0]] = eval(f.read()) + except: + print(f"Error parsing {group}:") + raise diff --git a/groups/os/debian-11.py b/groups/os/debian-11.py index 81c8de7..bde0f45 100644 --- a/groups/os/debian-11.py +++ b/groups/os/debian-11.py @@ -2,6 +2,9 @@ 'supergroups': [ 'debian', ], + 'bundles': [ + 'systemd-networkd', + ], 'metadata': { 'php': { 'version': '7.4', diff --git a/groups/os/debian-12-common.py b/groups/os/debian-12-common.py new file mode 100644 index 0000000..4c3e8ba --- /dev/null +++ b/groups/os/debian-12-common.py @@ -0,0 +1,26 @@ +{ + 'metadata': { + 'apt': { + 'sources': { + 'debian': { + 'components': { + 'non-free-firmware', + }, + }, + 'debian-security': { + 'components': { + 'non-free-firmware', + }, + }, + }, + }, + 'php': { + 'version': '8.2', + }, + 'postgresql': { + 'version': '15', + }, + 'os_codename': 'bookworm', + }, + 'os_version': (12,), +} diff --git a/groups/os/debian-12-pve.py b/groups/os/debian-12-pve.py new file mode 100644 index 0000000..ea29665 --- /dev/null +++ b/groups/os/debian-12-pve.py @@ -0,0 +1,9 @@ +{ + 'supergroups': [ + 'debian', + 'debian-12-common', + ], + 'bundles': [ + 'ifupdown', + ], +} diff --git a/groups/os/debian-12.py b/groups/os/debian-12.py index e749175..6318024 100644 --- a/groups/os/debian-12.py +++ b/groups/os/debian-12.py @@ -1,6 +1,10 @@ { 'supergroups': [ 'debian', + 'debian-12-common', + ], + 'bundles': [ + 'systemd-networkd', ], 'metadata': { 'apt': { diff --git a/groups/os/linux.py b/groups/os/linux.py index 3b38dd0..21f82a3 100644 --- a/groups/os/linux.py +++ b/groups/os/linux.py @@ -14,7 +14,6 @@ 'system', 'systemd', 'systemd-journald', - 'systemd-networkd', 'systemd-mount', 'systemd-timers', 'users', diff --git a/nodes/home.router.py b/nodes/home.router.py index d5ace54..b4ec4fc 100644 --- a/nodes/home.router.py +++ b/nodes/home.router.py @@ -18,7 +18,7 @@ 'interface': 'enx00e04c220682', 'ipv4': '10.0.99.126/24', 'gateway4': '10.0.99.1', - 'vlans': {'iot', 'internet', 'guest', 'rolf', 'internal'}, + 'vlans': {'iot', 'internet', 'guest', 'rolf', 'internal', 'proxmox'}, }, 'internal': { 'type': 'vlan', @@ -37,6 +37,12 @@ 'id': 3, 'ipv4': '10.0.3.1/24', }, + 'proxmox': { + 'type': 'vlan', + 'id': 4, + 'ipv4': '10.0.4.1/24', + 'dhcp_server': True, + }, 'guest': { 'type': 'vlan', 'id': 9, diff --git a/nodes/home.server.py b/nodes/home.server.py index b8e6c80..cef6c5b 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -35,6 +35,7 @@ #'tasmota-charge', 'wol-waker', 'zfs', + 'proxmox-ve', ], 'metadata': { 'id': 'af96709e-b13f-4965-a588-ef2cd476437a', @@ -47,7 +48,7 @@ }, 'apt': { 'packages': { - 'firmware-realtek': {}, + # 'firmware-realtek': {}, proxmox-ve incompatibility }, }, 'build-server': { @@ -124,6 +125,9 @@ 'unsortable': 'SofortUpload/Unsortable', }, }, + 'proxmox-ve': { + 'domain': 'pve.ckn.li', + }, 'raspberrymatic-cert': { 'domain': 'homematic.ckn.li', 'node': 'home.homematic',