cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
cronekorkn 2022-12-05 09:40:24 +01:00
parent 801a8bcf5f
commit e0e66094af
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
6 changed files with 83 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bundles/letsencrypt/README.md
View file

@ -1,6 +1,6 @@
https://github.com/dehydrated-io/dehydrated/wiki/example-dns-01-nsupdate-script https://github.com/dehydrated-io/dehydrated/wiki/example-dns-01-nsupdate-script
``` ```sh
printf "server 127.0.0.1 printf "server 127.0.0.1
zone acme.resolver.name. zone acme.resolver.name.
update add _acme-challenge.ckn.li.acme.resolver.name. 600 IN TXT "hello" update add _acme-challenge.ckn.li.acme.resolver.name. 600 IN TXT "hello"

6
bundles/nginx/files/nginx.conf
View file

@ -2,6 +2,8 @@ pid /var/run/nginx.pid;
user www-data; user www-data;
worker_processes 10; worker_processes 10;
include /etc/nginx/modules-enabled/*;
events { events {
worker_connections 768; worker_connections 768;
} }
@ -22,5 +24,7 @@ http {
} }
% endif % endif
include /etc/nginx/sites/*; include /etc/nginx/sites-http/*;
} }
include /etc/nginx/sites/*;

19
bundles/nginx/items.py
View file

@ -9,6 +9,12 @@ directories = {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
}, },
'/etc/nginx/sites-http': {
'purge': True,
'triggers': {
'svc_systemd:nginx:restart',
},
},
'/etc/nginx/ssl': { '/etc/nginx/ssl': {
'purge': True, 'purge': True,
'triggers': { 'triggers': {
@ -32,12 +38,12 @@ files = {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
}, },
'/etc/nginx/sites/80.conf': { '/etc/nginx/sites-http/80.conf': {
'triggers': { 'triggers': {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
}, },
'/etc/nginx/sites/stub_status.conf': { '/etc/nginx/sites-http/stub_status.conf': {
'triggers': { 'triggers': {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
@ -74,7 +80,12 @@ svc_systemd = {
for name, config in node.metadata.get('nginx/vhosts').items(): for name, config in node.metadata.get('nginx/vhosts').items():
files[f'/etc/nginx/sites/{name}'] = { if config.get('http', True):
sites = 'sites-http'
else:
sites = 'sites'
files[f'/etc/nginx/{sites}/{name}'] = {
'content': Template(filename=join(repo.path, 'data', config['content'])).render( 'content': Template(filename=join(repo.path, 'data', config['content'])).render(
server_name=name, server_name=name,
**config.get('context', {}), **config.get('context', {}),
@ -90,6 +101,6 @@ for name, config in node.metadata.get('nginx/vhosts').items():
} }
if name in node.metadata.get('letsencrypt/domains'): if name in node.metadata.get('letsencrypt/domains'):
files[f'/etc/nginx/sites/{name}']['needs'].append( files[f'/etc/nginx/{sites}/{name}']['needs'].append(
f'action:letsencrypt_ensure-some-certificate_{name}', f'action:letsencrypt_ensure-some-certificate_{name}',
) )

2
bundles/nginx/metadata.py
View file

@ -6,6 +6,8 @@ defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
'nginx': {}, 'nginx': {},
'libnginx-mod-stream': {},
'libnginx-mod-rtmp': {},
}, },
}, },
'nftables': { 'nftables': {

37
data/nginx/rtmp.conf Normal file
View file

@ -0,0 +1,37 @@
stream {
upstream backend {
server 127.0.0.1:${rtmp_port};
}
server {
listen ${rtmps_port} ssl;
listen [::]:${rtmps_port} ssl;
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
proxy_pass backend;
}
}
rtmp {
server {
listen 127.0.0.1:${rtmp_port};
chunk_size 4096;
application ${streaming_key} {
live on;
record off;
allow publish 127.0.0.1; # for streaming through nginx
allow play 127.0.0.1; # for the pull from /live
}
application live {
live on;
record off;
deny publish all; # no need to publish on /live
allow play all; # playing allowed
pull rtmp://127.0.0.1:${rtmp_port}/${streaming_key};
}
}
}

17
nodes/netcup.mails.py
View file

@ -107,6 +107,7 @@
'ckn.li': {}, 'ckn.li': {},
'sublimity.de': {}, 'sublimity.de': {},
'freibrief.net': {}, 'freibrief.net': {},
'rtmp.sublimity.de': {},
}, },
}, },
'mailserver': { 'mailserver': {
@ -126,8 +127,24 @@
'rspamd': { 'rspamd': {
'hostname': 'rspamd.sublimity.de', 'hostname': 'rspamd.sublimity.de',
}, },
'nftables': {
'input': {
'tcp dport 1937 accept',
},
},
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
'rtmp.sublimity.de': {
'http': False,
'content': 'nginx/rtmp.conf',
'context': {
'rtmp_port': 1936,
'rtmps_port': 1937,
'streaming_key': 'testtest',
#'streaming_key': '!decrypt:encrypt$gAAAAABjjSrmEUVBLIWnPDxKmd3VFmof3SGI-icr2tJZUeuZkXGYJ9IG5C_3R0oDT8CUoqVv74mxGyJQ9wj9EzQm8DNLuSaxqlMZbn4qvKMDYRlK2B0D0is=',
},
'internal_dns': False,
},
'cloud.sublimity.de': { 'cloud.sublimity.de': {
'content': 'nginx/proxy_pass.conf', 'content': 'nginx/proxy_pass.conf',
'context': { 'context': {