cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: cronekorkn:1ce95b02ff4a9e76c70083900310b26a7c066dd2
Branches Tags
cronekorkn:master
cronekorkn:routeros
cronekorkn:mailman
cronekorkn:proxmox_mergable
cronekorkn:proxmox
cronekorkn:mseibert_yourls
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver
...
compare: cronekorkn:3d334dfcafc7214ad1807a386565a9dc6da85129
Branches Tags
cronekorkn:master
cronekorkn:routeros
cronekorkn:mailman
cronekorkn:proxmox_mergable
cronekorkn:proxmox
cronekorkn:mseibert_yourls
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver

2 commits
1ce95b02ff ... 3d334dfcaf

Author SHA1 Message Date
mwiegand
3d334dfcaf wip 2021-06-19 21:54:30 +02:00
mwiegand
0d53b03494 wip 2021-06-19 20:35:49 +02:00
12 changed files with 103 additions and 7 deletions
Show stats Expand all files Collapse all files

10
bundles/archive/README.md Normal file
View file

@ -0,0 +1,10 @@
```
defaults = {
'archive': {
'exclude': [
'\.cache/',
'\.log$',
],
},
}
```

6
bundles/archive/files/archive
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
if [[ '$1' == 'perform' ]] if [[ "$1" == 'perform' ]]
then then
echo 'NON-DRY RUN' echo 'NON-DRY RUN'
DRY='' DRY=''
@ -22,6 +22,6 @@ gsutil ${'\\'}
-e ${'\\'} -e ${'\\'}
-x '${'|'.join(conf['exclude'])}' ${'\\'} -x '${'|'.join(conf['exclude'])}' ${'\\'}
'${dir}' ${'\\'} '${dir}' ${'\\'}
'gs://${bucket}/${node.name}${dir}' 'gs://${bucket}/${node.name}${dir}' ${'\\'}
2>&1 | tee | logger -t gsutil
% endfor % endfor

2
bundles/archive/items.py
View file

@ -7,7 +7,7 @@ files['/opt/archive'] = {
'dirs': node.metadata.get('archive'), 'dirs': node.metadata.get('archive'),
'bucket': node.metadata.get('gcloud/bucket'), 'bucket': node.metadata.get('gcloud/bucket'),
'processes': 4, 'processes': 4,
'threads': 16, 'threads': 4,
}, },
'needs': [ 'needs': [
'bundle:gcloud', 'bundle:gcloud',

18
bundles/archive/metadata.py
View file

@ -1,4 +1,20 @@
defaults = { defaults = {
'backup': [],
'archive': {}, 'archive': {},
} }
@metadata_reactor.provides(
'gocryptfs',
)
def gocryptfs(metadata):
gocryptfs = {}
for path in metadata.get('archive'):
gocryptfs[path] = {
'mountpoint': f'/mnt/gocryptfs{path}',
'reverse': True,
}
return {
'gocryptfs': gocryptfs,
}

4
bundles/gcloud/README.md
View file

@ -4,4 +4,8 @@ gcloud projects add-iam-policy-binding sublimity-182017 --member 'serviceAccount
gsutil -o "GSUtil:parallel_process_count=3" -o GSUtil:parallel_thread_count=4 -m rsync -r -d -e /var/vmail gs://sublimity-backup/mailserver gsutil -o "GSUtil:parallel_process_count=3" -o GSUtil:parallel_thread_count=4 -m rsync -r -d -e /var/vmail gs://sublimity-backup/mailserver
gsutil config gsutil config
gsutil versioning set on gs://sublimity-backup gsutil versioning set on gs://sublimity-backup
gcsfuse --key-file /root/.config/gcloud/service_account.json sublimity-backup gcsfuse
``` ```

40
bundles/gocryptfs/items.py Normal file
View file

@ -0,0 +1,40 @@
from hashlib import sha3_256
from base64 import b64decode, b64encode
from binascii import hexlify
from uuid import UUID
from json import dumps
id = node.metadata.get('id')
directories['/etc/gocryptfs'] = {
'purge': True,
}
files['/etc/gocryptfs/masterkey'] = {
'content': hexlify(b64decode(
str(repo.vault.random_bytes_as_base64_for(id, length=32))
)),
'mode': '500',
}
files['/etc/gocryptfs/gocryptfs.conf'] = {
'content': dumps({
'Version': 2,
'Creator': 'gocryptfs 1.6.1',
'ScryptObject': {
'Salt': b64encode(
sha3_256(UUID(id).bytes).digest()
).decode(),
'N': 65536,
'R': 8,
'P': 1,
'KeyLen': 32,
},
'FeatureFlags': [
'GCMIV128',
'HKDF',
'PlaintextNames',
'AESSIV',
]
}, indent=4, sort_keys=True)
}

18
bundles/gocryptfs/metadata.py Normal file
View file

@ -0,0 +1,18 @@
defaults = {
'gocryptfs': {},
}
@metadata_reactor.provides(
'gocryptfs',
)
def gocryptfs(metadata):
gocryptfs = {}
for path, options in metadata.get('gocryptfs'):
gocryptfs[path] = {
}
return {
'gocryptfs': gocryptfs,
}

1
groups/applications/archive.py
View file

@ -4,5 +4,6 @@
], ],
'bundles': [ 'bundles': [
'archive', 'archive',
'gocryptfs',
], ],
} }

4
nodes/home.backups.py
View file

@ -2,5 +2,7 @@
'groups': [ 'groups': [
'debian-10', 'debian-10',
], ],
'metadata': {}, 'metadata': {
'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5',
},
} }

1
nodes/home.server.py
View file

@ -11,6 +11,7 @@
'wireguard', 'wireguard',
], ],
'metadata': { 'metadata': {
'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
'network': { 'network': {
'interface': 'enp1s0f0', 'interface': 'enp1s0f0',
'ipv4': '10.0.0.2/24', 'ipv4': '10.0.0.2/24',

4
nodes/htz.games.py
View file

@ -6,5 +6,7 @@
'steam', 'steam',
'l4d2', 'l4d2',
], ],
'metadata': {}, 'metadata': {
'id': '353bb086-f3ce-4f36-8533-e91786c91ed9',
},
} }

2
nodes/htz.mails.py
View file

@ -1,6 +1,7 @@
{ {
'hostname': '162.55.188.157', 'hostname': '162.55.188.157',
'groups': [ 'groups': [
'archive',
'hetzner-cloud', 'hetzner-cloud',
'debian-10', 'debian-10',
'mailserver', 'mailserver',
@ -27,6 +28,7 @@
'ckn.li': [], 'ckn.li': [],
}, },
}, },
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': { 'network': {
'interface': 'eth0', 'interface': 'eth0',
'ipv4': '162.55.188.157/32', 'ipv4': '162.55.188.157/32',