cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

htz.mails -> netcup.mails

Browse source
This commit is contained in:
mwiegand 2021-11-14 14:10:33 +01:00
parent 357c591b69
commit b70c8e8217
15 changed files with 69 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/wireguard_client_config
View file

@ -7,7 +7,7 @@ from ipaddress import ip_network, ip_interface
repo = Repository(dirname(dirname(realpath(__file__)))) repo = Repository(dirname(dirname(realpath(__file__))))
server_node = repo.get_node('htz.mails') server_node = repo.get_node('netcup.mails')
data = server_node.metadata.get(f'wireguard/clients/{argv[1]}') data = server_node.metadata.get(f'wireguard/clients/{argv[1]}')
vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network

12
bundles/backup-server/metadata.py
View file

@ -35,16 +35,18 @@ def zfs(metadata):
datasets[base_dataset] = { datasets[base_dataset] = {
'mountpoint': None, 'mountpoint': None,
'readonly': 'on', 'readonly': 'on',
'backup': False, 'compression': 'lz4',
'com.sun:auto-snapshot': 'false', 'com.sun:auto-snapshot': 'false',
'backup': False,
} }
# for rsync backups # for rsync backups
datasets[f'{base_dataset}/fs'] = { datasets[f'{base_dataset}/fs'] = {
'mountpoint': f"/mnt/backups/{id}", 'mountpoint': f"/mnt/backups/{id}",
'readonly': 'off', 'readonly': 'off',
'backup': False, 'compression': 'lz4',
'com.sun:auto-snapshot': 'true', 'com.sun:auto-snapshot': 'true',
'backup': False,
} }
# for zfs send/recv # for zfs send/recv
@ -55,8 +57,9 @@ def zfs(metadata):
datasets[f'{base_dataset}/{pool}'] = { datasets[f'{base_dataset}/{pool}'] = {
'mountpoint': None, 'mountpoint': None,
'readonly': 'on', 'readonly': 'on',
'backup': False, 'compression': 'lz4',
'com.sun:auto-snapshot': 'false', 'com.sun:auto-snapshot': 'false',
'backup': False,
} }
# actual datasets # actual datasets
@ -66,8 +69,9 @@ def zfs(metadata):
datasets[f'{base_dataset}/{dataset}'] = { datasets[f'{base_dataset}/{dataset}'] = {
'mountpoint': None, 'mountpoint': None,
'readonly': 'on', 'readonly': 'on',
'backup': False, 'compression': 'lz4',
'com.sun:auto-snapshot': 'false', 'com.sun:auto-snapshot': 'false',
'backup': False,
} }
continue continue

3
bundles/bind/items.py
View file

@ -10,6 +10,9 @@ directories[f'/var/lib/bind'] = {
'owner': 'bind', 'owner': 'bind',
'group': 'bind', 'group': 'bind',
'purge': True, 'purge': True,
'needs': [
'pkg_apt:bind9',
],
'needed_by': [ 'needed_by': [
'svc_systemd:bind9', 'svc_systemd:bind9',
], ],

4
bundles/letsencrypt/files/hook.sh
View file

@ -4,7 +4,7 @@ set -o pipefail
deploy_challenge() { deploy_challenge() {
echo " echo "
server 10.0.10.2 server 10.0.11.3
zone ${zone}. zone ${zone}.
update add $1.${zone}. 60 IN TXT \"$3\" update add $1.${zone}. 60 IN TXT \"$3\"
send send
@ -15,7 +15,7 @@ deploy_challenge() {
clean_challenge() { clean_challenge() {
echo " echo "
server 10.0.10.2 server 10.0.11.3
zone ${zone}. zone ${zone}.
update delete $1.${zone}. TXT update delete $1.${zone}. TXT
send send

2
bundles/postfix/items.py
View file

@ -83,6 +83,7 @@ if node.has_bundle('telegraf'):
'command': 'setfacl -Rm g:telegraf:rX /var/spool/postfix', 'command': 'setfacl -Rm g:telegraf:rX /var/spool/postfix',
'unless': 'getfacl -a /var/spool/postfix | grep -q "^group:telegraf:r-x$"', 'unless': 'getfacl -a /var/spool/postfix | grep -q "^group:telegraf:r-x$"',
'needs': [ 'needs': [
'pkg_apt:acl',
'svc_systemd:postfix', 'svc_systemd:postfix',
], ],
} }
@ -90,6 +91,7 @@ if node.has_bundle('telegraf'):
'command': 'setfacl -dm g:telegraf:rX /var/spool/postfix', 'command': 'setfacl -dm g:telegraf:rX /var/spool/postfix',
'unless': 'getfacl -d /var/spool/postfix | grep -q "^group:telegraf:r-x$"', 'unless': 'getfacl -d /var/spool/postfix | grep -q "^group:telegraf:r-x$"',
'needs': [ 'needs': [
'pkg_apt:acl',
'svc_systemd:postfix', 'svc_systemd:postfix',
], ],
} }

1
bundles/postfix/metadata.py
View file

@ -3,6 +3,7 @@ defaults = {
'packages': { 'packages': {
'postfix': {}, 'postfix': {},
'postfix-pgsql': {}, 'postfix-pgsql': {},
'acl': {}, #setfacl
} }
}, },
'backup': { 'backup': {

1
bundles/postgresql/items.py
View file

@ -5,6 +5,7 @@ directories = {
'owner': 'postgres', 'owner': 'postgres',
'group': 'postgres', 'group': 'postgres',
'needs': [ 'needs': [
'pkg_apt:postgresql',
'zfs_dataset:tank/postgresql', 'zfs_dataset:tank/postgresql',
], ],
'needed_by': [ 'needed_by': [

51
bundles/roundcube/items.py
View file

@ -22,10 +22,9 @@ directories = {
} }
downloads[f'/tmp/roundcube-{version}.tar.gz'] = { files[f'/tmp/roundcube-{version}.tar.gz'] = {
'url': f'https://github.com/roundcube/roundcubemail/releases/download/{version}/roundcubemail-{version}-complete.tar.gz', 'content_type': 'download',
'gpg_signature_url': '{url}.asc', 'source': f'https://github.com/roundcube/roundcubemail/releases/download/{version}/roundcubemail-{version}-complete.tar.gz',
'gpg_pubkey_url': 'https://roundcube.net/download/pubkey.asc',
'triggered': True, 'triggered': True,
} }
actions['delete_roundcube'] = { actions['delete_roundcube'] = {
@ -37,7 +36,7 @@ actions['extract_roundcube'] = {
'unless': f'grep -q "Version {version}" /opt/roundcube/index.php', 'unless': f'grep -q "Version {version}" /opt/roundcube/index.php',
'preceded_by': [ 'preceded_by': [
'action:delete_roundcube', 'action:delete_roundcube',
f'download:/tmp/roundcube-{version}.tar.gz', f'file:/tmp/roundcube-{version}.tar.gz',
], ],
'needs': [ 'needs': [
'directory:/opt/roundcube', 'directory:/opt/roundcube',
@ -53,30 +52,28 @@ actions['chown_roundcube'] = {
} }
files = { files['/opt/roundcube/config/config.inc.php'] = {
'/opt/roundcube/config/config.inc.php': { 'content_type': 'mako',
'content_type': 'mako', 'context': {
'context': { 'installer': node.metadata.get('roundcube/installer'),
'installer': node.metadata.get('roundcube/installer'), 'product_name': node.metadata.get('roundcube/product_name'),
'product_name': node.metadata.get('roundcube/product_name'), 'des_key': node.metadata.get('roundcube/des_key'),
'des_key': node.metadata.get('roundcube/des_key'), 'database': node.metadata.get('roundcube/database'),
'database': node.metadata.get('roundcube/database'), 'plugins': node.metadata.get('roundcube/plugins'),
'plugins': node.metadata.get('roundcube/plugins'),
},
'needs': [
'action:chown_roundcube',
],
}, },
'/opt/roundcube/plugins/password/config.inc.php': { 'needs': [
'source': 'password.config.inc.php', 'action:chown_roundcube',
'content_type': 'mako', ],
'context': { }
'mailserver_db_password': node.metadata.get('mailserver/database/password'), files['/opt/roundcube/plugins/password/config.inc.php'] = {
}, 'source': 'password.config.inc.php',
'needs': [ 'content_type': 'mako',
'action:chown_roundcube', 'context': {
], 'mailserver_db_password': node.metadata.get('mailserver/database/password'),
}, },
'needs': [
'action:chown_roundcube',
],
} }
actions['composer_install'] = { actions['composer_install'] = {

12
bundles/zfs/items.py
View file

@ -2,12 +2,12 @@ from json import dumps
from bundlewrap.metadata import MetadataJSONEncoder from bundlewrap.metadata import MetadataJSONEncoder
files = { files = {
'/etc/cron.d/zfsutils-linux': {'delete': True}, '/etc/cron.d/zfsutils-linux': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/cron.d/zfs-auto-snapshot': {'delete': True}, '/etc/cron.d/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/cron.hourly/zfs-auto-snapshot': {'delete': True}, '/etc/cron.hourly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/cron.daily/zfs-auto-snapshot': {'delete': True}, '/etc/cron.daily/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/cron.weekly/zfs-auto-snapshot': {'delete': True}, '/etc/cron.weekly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/cron.monthly/zfs-auto-snapshot': {'delete': True}, '/etc/cron.monthly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/modprobe.d/zfs.conf': { '/etc/modprobe.d/zfs.conf': {
'content': '\n'.join( 'content': '\n'.join(
f'option zfs {k}={v}' f'option zfs {k}={v}'

4
groups/all.py
View file

@ -7,7 +7,7 @@
'metadata': { 'metadata': {
'dns': {}, 'dns': {},
'nameservers': { 'nameservers': {
'10.0.10.2', '10.0.11.3',
}, },
'users': { 'users': {
'root': { 'root': {
@ -18,7 +18,7 @@
}, },
}, },
'letsencrypt': { 'letsencrypt': {
'acme_node': 'htz.mails', 'acme_node': 'netcup.mails',
}, },
} }
} }

2
groups/os/linux.py
View file

@ -22,7 +22,7 @@
}, },
}, },
'hosts': { 'hosts': {
'10.0.10.2': [ '10.0.11.3': [
'resolver.name', 'resolver.name',
'first.resolver.name', 'first.resolver.name',
'second.resolver.name', 'second.resolver.name',

2
nodes/home.server.py
View file

@ -74,7 +74,7 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.2/32', 'my_ip': '172.30.0.2/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.10.0/24', '10.0.10.0/24',
'10.0.11.0/24', '10.0.11.0/24',

27
nodes/htz.mails.py → nodes/netcup.mails.py
View file

@ -1,8 +1,7 @@
{ {
'hostname': '162.55.188.157', 'hostname': '202.61.255.108',
'groups': [ 'groups': [
'backup', 'backup',
'hetzner-cloud',
'debian-11', 'debian-11',
'mailserver', 'mailserver',
'monitored', 'monitored',
@ -19,14 +18,14 @@
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': { 'network': {
'internal': { 'internal': {
'interface': 'ens10', 'interface': 'eth1',
'ipv4': '10.0.10.2/32', 'ipv4': '10.0.11.3/24',
}, },
'external': { 'external': {
'interface': 'eth0', 'interface': 'eth0',
'ipv4': '162.55.188.157/32', 'ipv4': '202.61.255.108/22',
'ipv6': '2a01:4f8:1c1c:4121::2/64', 'gateway4': '202.61.252.1',
'gateway4': '172.31.1.1', 'ipv6': '2a03:4000:55:a89::2/64',
'gateway6': 'fe80::1', 'gateway6': 'fe80::1',
} }
}, },
@ -49,15 +48,15 @@
}, },
'dns': { 'dns': {
'ckn.li': { 'ckn.li': {
'A': ['162.55.188.157'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:1c1c:4121::2'], 'AAAA': ['2a01:4f8:1c1c:4121::2'],
}, },
'sublimity.de': { 'sublimity.de': {
'A': ['162.55.188.157'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:1c1c:4121::2'], 'AAAA': ['2a01:4f8:1c1c:4121::2'],
}, },
'freibrief.net': { 'freibrief.net': {
'A': ['162.55.188.157'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:1c1c:4121::2'], 'AAAA': ['2a01:4f8:1c1c:4121::2'],
}, },
}, },
@ -127,12 +126,12 @@
}, },
'roundcube': { 'roundcube': {
'product_name': 'Sublimity Mail', 'product_name': 'Sublimity Mail',
'version': '1.5-rc', 'version': '1.5.0',
'installer': True, 'installer': True,
}, },
'vm': { 'vm': {
'cores': 2, 'cores': 4,
'ram': 8096, 'ram': 16384,
}, },
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.1/24', 'my_ip': '172.30.0.1/24',
@ -171,7 +170,7 @@
'pools': { 'pools': {
'tank': { 'tank': {
'devices': [ 'devices': [
'/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0-part2', '/dev/sda4',
], ],
}, },
}, },

6
nodes/netcup.secondary.py
View file

@ -24,17 +24,17 @@
}, },
}, },
'bind': { 'bind': {
'master_node': 'htz.mails', 'master_node': 'netcup.mails',
'hostname': 'second.resolver.name', 'hostname': 'second.resolver.name',
}, },
# 'postfix': { # 'postfix': {
# 'master_node': 'htz.mails', # 'master_node': 'netcup.mails',
# 'hostname': 'mail2.sublimity.de', # 'hostname': 'mail2.sublimity.de',
# }, # },
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.3/32', 'my_ip': '172.30.0.3/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',

2
nodes/wb.offsite-backups.py
View file

@ -38,7 +38,7 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.4/32', 'my_ip': '172.30.0.4/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',