Compare commits
8 commits
54899d59ad
...
546bc5a445
| Author | SHA1 | Date | |
|---|---|---|---|
546bc5a445
|
|||
|
82965c4d89
|
|||
|
edcc6094e5
|
|||
|
cc670b8a90
|
|||
|
e18306058a
|
|||
|
e982f1e076
|
|||
|
a2639bc370
|
|||
|
fd1d0ac976
|
19 changed files with 318 additions and 24 deletions
|
|
@ -6,7 +6,7 @@ ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')
|
|||
ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')}/privkey.pem
|
||||
ssl_dh = </etc/dovecot/dhparam.pem
|
||||
ssl_client_ca_dir = /etc/ssl/certs
|
||||
mail_location = maildir:~
|
||||
mail_location = maildir:${node.metadata.get('mailserver/maildir')}/%u:INDEX=${node.metadata.get('mailserver/maildir')}/index/%u
|
||||
mail_plugins = fts fts_xapian
|
||||
|
||||
namespace inbox {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,10 @@ directories = {
|
|||
'owner': 'vmail',
|
||||
'group': 'vmail',
|
||||
},
|
||||
'/var/vmail/index': {
|
||||
'owner': 'vmail',
|
||||
'group': 'vmail',
|
||||
},
|
||||
'/var/vmail/sieve': {
|
||||
'owner': 'vmail',
|
||||
'group': 'vmail',
|
||||
|
|
|
|||
59
bundles/freescout/items.py
Normal file
59
bundles/freescout/items.py
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
# https://github.com/freescout-helpdesk/freescout/wiki/Installation-Guide
|
||||
run_as = repo.libs.tools.run_as
|
||||
php_version = node.metadata.get('php/version')
|
||||
|
||||
|
||||
directories = {
|
||||
'/opt/freescout': {
|
||||
'owner': 'www-data',
|
||||
'group': 'www-data',
|
||||
# chown -R www-data:www-data /opt/freescout
|
||||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'clone_freescout': {
|
||||
'command': run_as('www-data', 'git clone https://github.com/freescout-helpdesk/freescout.git /opt/freescout'),
|
||||
'unless': 'test -e /opt/freescout/.git',
|
||||
'needs': [
|
||||
'pkg_apt:git',
|
||||
'directory:/opt/freescout',
|
||||
],
|
||||
},
|
||||
'pull_freescout': {
|
||||
'command': run_as('www-data', 'git -C /opt/freescout pull'),
|
||||
'unless': run_as('www-data', 'git -C /opt/freescout fetch origin && git -C /opt/freescout status -uno | grep -q "Your branch is up to date"'),
|
||||
'needs': [
|
||||
'action:clone_freescout',
|
||||
],
|
||||
'triggers': [
|
||||
'action:freescout_artisan_update',
|
||||
f'svc_systemd:php{php_version}-fpm.service:restart',
|
||||
],
|
||||
},
|
||||
'freescout_artisan_update': {
|
||||
'command': run_as('www-data', 'php /opt/freescout/artisan freescout:after-app-update'),
|
||||
'triggered': True,
|
||||
'needs': [
|
||||
f'svc_systemd:php{php_version}-fpm.service:restart',
|
||||
'action:pull_freescout',
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
files = {
|
||||
'/opt/freescout/.env': {
|
||||
# https://github.com/freescout-helpdesk/freescout/blob/dist/.env.example
|
||||
# Every time you are making changes in .env file, in order changes to take an effect you need to run:
|
||||
# ´sudo su - www-data -c 'php /opt/freescout/artisan freescout:clear-cache' -s /bin/bash´
|
||||
'owner': 'www-data',
|
||||
'content': '\n'.join(
|
||||
f'{k}={v}' for k, v in
|
||||
sorted(node.metadata.get('freescout/env').items())
|
||||
) + '\n',
|
||||
'needs': [
|
||||
'directory:/opt/freescout',
|
||||
'action:clone_freescout',
|
||||
],
|
||||
},
|
||||
}
|
||||
85
bundles/freescout/metadata.py
Normal file
85
bundles/freescout/metadata.py
Normal file
|
|
@ -0,0 +1,85 @@
|
|||
database_password = repo.vault.password_for(f'{node.name} postgresql freescout').value
|
||||
|
||||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
'git': {},
|
||||
'php': {},
|
||||
'php-pgsql': {},
|
||||
'php-fpm': {},
|
||||
'php-mbstring': {},
|
||||
'php-xml': {},
|
||||
'php-imap': {},
|
||||
'php-zip': {},
|
||||
'php-gd': {},
|
||||
'php-curl': {},
|
||||
'php-intl': {},
|
||||
},
|
||||
},
|
||||
'freescout': {
|
||||
'env': {
|
||||
'APP_TIMEZONE': 'Europe/Berlin',
|
||||
'DB_CONNECTION': 'pgsql',
|
||||
'DB_HOST': '127.0.0.1',
|
||||
'DB_PORT': '5432',
|
||||
'DB_DATABASE': 'freescout',
|
||||
'DB_USERNAME': 'freescout',
|
||||
'DB_PASSWORD': database_password,
|
||||
'APP_KEY': 'base64:' + repo.vault.random_bytes_as_base64_for(f'{node.name} freescout APP_KEY', length=32).value
|
||||
},
|
||||
},
|
||||
'php': {
|
||||
'php.ini': {
|
||||
'cgi': {
|
||||
'fix_pathinfo': '0',
|
||||
},
|
||||
},
|
||||
},
|
||||
'postgresql': {
|
||||
'roles': {
|
||||
'freescout': {
|
||||
'password': database_password,
|
||||
},
|
||||
},
|
||||
'databases': {
|
||||
'freescout': {
|
||||
'owner': 'freescout',
|
||||
},
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
'datasets': {
|
||||
'tank/freescout': {
|
||||
'mountpoint': '/opt/freescout',
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'freescout/env/APP_URL',
|
||||
)
|
||||
def freescout(metadata):
|
||||
return {
|
||||
'freescout': {
|
||||
'env': {
|
||||
'APP_URL': 'https://' + metadata.get('freescout/domain') + '/',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts',
|
||||
)
|
||||
def nginx(metadata):
|
||||
return {
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
metadata.get('freescout/domain'): {
|
||||
'content': 'freescout/vhost.conf',
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -118,7 +118,7 @@ def nginx(metadata):
|
|||
'content': 'nginx/proxy_pass.conf',
|
||||
'context': {
|
||||
'target': 'http://127.0.0.1:3500',
|
||||
}
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -269,7 +269,7 @@ svc_systemd = {
|
|||
'icinga2.service': {
|
||||
'needs': [
|
||||
'pkg_apt:icinga2-ido-pgsql',
|
||||
'svc_systemd:postgresql',
|
||||
'svc_systemd:postgresql.service',
|
||||
],
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,12 @@ defaults = {
|
|||
'mountpoint': '/var/vmail',
|
||||
'compression': 'on',
|
||||
},
|
||||
'tank/vmail/index': {
|
||||
'mountpoint': '/var/vmail/index',
|
||||
'compression': 'on',
|
||||
'com.sun:auto-snapshot': 'false',
|
||||
'backup': False,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,3 @@
|
|||
from os.path import join
|
||||
import json
|
||||
|
||||
from bundlewrap.utils.dicts import merge_dict
|
||||
|
||||
|
||||
version = node.metadata.get('php/version')
|
||||
|
||||
files = {
|
||||
|
|
@ -21,7 +15,7 @@ files = {
|
|||
f'pkg_apt:php{version}-fpm',
|
||||
},
|
||||
'triggers': {
|
||||
f'svc_systemd:php{version}-fpm:restart',
|
||||
f'svc_systemd:php{version}-fpm.service:restart',
|
||||
},
|
||||
},
|
||||
f'/etc/php/{version}/fpm/pool.d/www.conf': {
|
||||
|
|
@ -33,13 +27,13 @@ files = {
|
|||
f'pkg_apt:php{version}-fpm',
|
||||
},
|
||||
'triggers': {
|
||||
f'svc_systemd:php{version}-fpm:restart',
|
||||
f'svc_systemd:php{version}-fpm.service:restart',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
f'php{version}-fpm': {
|
||||
f'php{version}-fpm.service': {
|
||||
'needs': {
|
||||
'pkg_apt:',
|
||||
f'file:/etc/php/{version}/fpm/php.ini',
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ def php_ini(metadata):
|
|||
'opcache.revalidate_freq': '60',
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
return {
|
||||
'php': {
|
||||
'php.ini': {
|
||||
|
|
@ -145,7 +145,7 @@ def www_conf(metadata):
|
|||
'pm': 'dynamic',
|
||||
'pm.max_children': int(threads*2),
|
||||
'pm.start_servers': int(threads),
|
||||
'pm.min_spare_servers': int(threads/2),
|
||||
'pm.min_spare_servers': max([1, int(threads/2)]),
|
||||
'pm.max_spare_servers': int(threads),
|
||||
'pm.max_requests': int(threads*32),
|
||||
},
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ directories = {
|
|||
'zfs_dataset:tank/postgresql',
|
||||
],
|
||||
'needed_by': [
|
||||
'svc_systemd:postgresql',
|
||||
'svc_systemd:postgresql.service',
|
||||
],
|
||||
}
|
||||
}
|
||||
|
|
@ -25,16 +25,19 @@ files = {
|
|||
) + '\n',
|
||||
'owner': 'postgres',
|
||||
'group': 'postgres',
|
||||
'needs': [
|
||||
'pkg_apt:postgresql',
|
||||
],
|
||||
'needed_by': [
|
||||
'svc_systemd:postgresql',
|
||||
'svc_systemd:postgresql.service',
|
||||
],
|
||||
'triggers': [
|
||||
'svc_systemd:postgresql:restart',
|
||||
'svc_systemd:postgresql.service:restart',
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd['postgresql'] = {
|
||||
svc_systemd['postgresql.service'] = {
|
||||
'needs': [
|
||||
'pkg_apt:postgresql',
|
||||
],
|
||||
|
|
@ -43,13 +46,13 @@ svc_systemd['postgresql'] = {
|
|||
for user, config in node.metadata.get('postgresql/roles').items():
|
||||
postgres_roles[user] = merge_dict(config, {
|
||||
'needs': [
|
||||
'svc_systemd:postgresql',
|
||||
'svc_systemd:postgresql.service',
|
||||
],
|
||||
})
|
||||
|
||||
for database, config in node.metadata.get('postgresql/databases').items():
|
||||
postgres_dbs[database] = merge_dict(config, {
|
||||
'needs': [
|
||||
'svc_systemd:postgresql',
|
||||
'svc_systemd:postgresql.service',
|
||||
],
|
||||
})
|
||||
|
|
|
|||
|
|
@ -1,4 +1,12 @@
|
|||
defaults = {}
|
||||
defaults = {
|
||||
'php': {
|
||||
'php.ini': {
|
||||
'cgi': {
|
||||
'fix_pathinfo': '0',
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
|
|
|
|||
53
data/freescout/vhost.conf
Normal file
53
data/freescout/vhost.conf
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${server_name};
|
||||
|
||||
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
|
||||
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
|
||||
|
||||
root /opt/freescout/public;
|
||||
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include params/fastcgi;
|
||||
}
|
||||
# Uncomment this location if you want to improve attachments downloading speed.
|
||||
# Also make sure to set APP_DOWNLOAD_ATTACHMENTS_VIA=nginx in the .env file.
|
||||
#location ^~ /storage/app/attachment/ {
|
||||
# internal;
|
||||
# alias /var/www/html/storage/app/attachment/;
|
||||
#}
|
||||
location ~* ^/storage/attachment/ {
|
||||
expires 1M;
|
||||
access_log off;
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
location ~* ^/(?:css|js)/.*\.(?:css|js)$ {
|
||||
expires 2d;
|
||||
access_log off;
|
||||
add_header Cache-Control "public, must-revalidate";
|
||||
}
|
||||
# The list should be in sync with /storage/app/public/uploads/.htaccess and /config/app.php
|
||||
location ~* ^/storage/.*\.((?!(jpg|jpeg|jfif|pjpeg|pjp|apng|bmp|gif|ico|cur|png|tif|tiff|webp|pdf|txt|diff|patch|json|mp3|wav|ogg|wma)).)*$ {
|
||||
add_header Content-disposition "attachment; filename=$2";
|
||||
default_type application/octet-stream;
|
||||
}
|
||||
location ~* ^/(?:css|fonts|img|installer|js|modules|[^\\\]+\..*)$ {
|
||||
expires 1M;
|
||||
access_log off;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
10
groups/applications/freescout.py
Normal file
10
groups/applications/freescout.py
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
'supergroups': [
|
||||
'webserver',
|
||||
],
|
||||
'bundles': [
|
||||
'freescout',
|
||||
'php',
|
||||
'postgresql',
|
||||
],
|
||||
}
|
||||
|
|
@ -49,7 +49,7 @@ def generate_ed25519_key_pair(secret):
|
|||
return (deterministic_privatekey, public_key)
|
||||
|
||||
|
||||
#https://www.fragmentationneeded.net/2017/10/ssh-hashknownhosts-file-format.html
|
||||
# https://www.fragmentationneeded.net/2017/10/ssh-hashknownhosts-file-format.html
|
||||
# test this:
|
||||
# - `ssh-keyscan -H 10.0.0.5`
|
||||
# - take the salt from the ssh-ed25519 entry (first field after '|1|')
|
||||
|
|
|
|||
|
|
@ -86,3 +86,9 @@ def require_bundle(node, bundle, hint=''):
|
|||
# way of defining bundle requirements in other bundles.
|
||||
if not node.has_bundle(bundle):
|
||||
raise BundleError(f'{node.name} requires bundle {bundle}, but wasn\'t found! {hint}')
|
||||
|
||||
|
||||
from shlex import quote
|
||||
|
||||
def run_as(user, command):
|
||||
return f'sudo su - {user} -s /bin/bash -c {quote(command)}'
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
{
|
||||
'dummy': True,
|
||||
'hostname': '10.0.0.5',
|
||||
'groups': [
|
||||
'autologin',
|
||||
|
|
|
|||
|
|
@ -174,6 +174,7 @@
|
|||
'10.0.10.0/24',
|
||||
'10.0.11.0/24',
|
||||
'192.168.179.0/24',
|
||||
'10.0.238.0/24', # mseibert.freescout
|
||||
],
|
||||
},
|
||||
},
|
||||
|
|
|
|||
60
nodes/mseibert.freescout.py
Normal file
60
nodes/mseibert.freescout.py
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
{
|
||||
'hostname': '88.198.202.28',
|
||||
'groups': [
|
||||
'backup',
|
||||
'debian-12',
|
||||
'monitored',
|
||||
'webserver',
|
||||
'freescout',
|
||||
],
|
||||
'bundles': [
|
||||
'wireguard',
|
||||
'zfs',
|
||||
],
|
||||
'metadata': {
|
||||
'id': '5333e3dd-0718-493a-a93c-529612a45079',
|
||||
'network': {
|
||||
'internal': {
|
||||
'interface': 'ens10',
|
||||
'ipv4': '10.0.238.2/32',
|
||||
},
|
||||
'external': {
|
||||
'interface': 'eth0',
|
||||
'ipv4': '88.198.202.28/32',
|
||||
'gateway4': '172.31.1.1',
|
||||
'ipv6': '2a01:4f8:c012:8e8f::1/64',
|
||||
'gateway6': 'fe80::1',
|
||||
},
|
||||
},
|
||||
'freescout': {
|
||||
'domain': 'freescout.foerderkreis-oranienschule.de',
|
||||
},
|
||||
'vm': {
|
||||
'cores': 1,
|
||||
'ram': 2048,
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.30.0.238/32',
|
||||
's2s': {
|
||||
'netcup.mails': {
|
||||
'allowed_ips': [
|
||||
'10.0.0.0/24',
|
||||
'10.0.2.0/24',
|
||||
'10.0.9.0/24',
|
||||
'10.0.10.0/24',
|
||||
'10.0.11.0/24',
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
'pools': {
|
||||
'tank': {
|
||||
'devices': [
|
||||
'/dev/disk/by-id/scsi-0HC_Volume_100356294',
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -60,6 +60,7 @@
|
|||
'left4.me',
|
||||
'elimu-kwanza.de',
|
||||
'cronekorkn.de',
|
||||
'freescout.foerderkreis-oranienschule.de',
|
||||
},
|
||||
},
|
||||
'dns': {
|
||||
|
|
@ -188,7 +189,7 @@
|
|||
},
|
||||
'roundcube': {
|
||||
'product_name': 'Sublimity Mail',
|
||||
'version': '1.6.2',
|
||||
'version': '1.6.6',
|
||||
'installer': False,
|
||||
},
|
||||
'vm': {
|
||||
|
|
@ -215,6 +216,11 @@
|
|||
'192.168.179.0/24',
|
||||
],
|
||||
},
|
||||
'mseibert.freescout': {
|
||||
'allowed_ips': [
|
||||
'10.0.238.0/24',
|
||||
],
|
||||
},
|
||||
},
|
||||
'clients': {
|
||||
'macbook': {
|
||||
|
|
|
|||
Loading…
Reference in a new issue