wip

2023-09-07 13:50:57 +02:00 · 2023-09-07 13:50:57 +02:00 · 2023-09-07 13:50:56 +02:00 · 2023-09-07 13:50:55 +02:00 · 2023-09-06 09:29:02 +02:00 · 2023-09-06 09:26:50 +02:00
12 changed files with 207 additions and 11 deletions
--- a/bundles/macbook/files/freshclam.conf
+++ b/bundles/macbook/files/freshclam.conf
@ -0,0 +1 @@
 DatabaseMirror database.clamav.net
--- a/bundles/macbook/items.py
+++ b/bundles/macbook/items.py
@ -1,3 +1,12 @@
 # brew install
 actions['brew_install'] = {
    'command': '/opt/homebrew/bin/brew install ' + ' '.join(node.metadata.get('brew')),
    'unless': f"""PKGS=$(/opt/homebrew/bin/brew leaves); for p in {' '.join(node.metadata.get('brew'))}; do grep -q "$p" <<< $PKGS || exit 9; done"""
 }
 # bw init
 directories['/Users/mwiegand/.config/bundlewrap/lock'] = {}
 # home
@ -21,6 +30,16 @@ files['/Users/mwiegand/.local/share/direnv/pyenv'] = {}
 files['/Users/mwiegand/.local/share/direnv/venv'] = {}
 files['/Users/mwiegand/.local/share/direnv/bundlewrap'] = {}
 # clamav
 files['/opt/homebrew/etc/clamav/freshclam.conf'] = {
    'group': 'admin',
 }
 # run me baby one more time:
 # freshclam && clamscan --infected --recursive --exclude-dir ~/Library/Mail ~
 ##################
 for element in [*files.values(), *directories.values()]:
--- a/bundles/macbook/metadata.py
+++ b/bundles/macbook/metadata.py
@ -1 +1,5 @@
-defaults = {}
+defaults = {
    'brew': {
        'clamav',
    },
 }
--- a/bundles/nginx/files/fastcgi
+++ b/bundles/nginx/files/fastcgi
@ -1,4 +1,3 @@
 fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
@ -24,6 +23,3 @@ fastcgi_param  SERVER_NAME        $server_name;
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
 # This is the only thing that's different to the debian default.
 fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
--- a/bundles/roundcube/files/config.inc.php
+++ b/bundles/roundcube/files/config.inc.php
@ -31,7 +31,7 @@ $config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['
 // For example %n = mail.domain.tld, %t = domain.tld
 // WARNING: After hostname change update of mail_host column in users table is
 //          required to match old user data records with the new host.
-$config['default_host'] = 'localhost';
+$config['imap_host'] = 'localhost';
 // ----------------------------------
 // SMTP
@ -46,7 +46,7 @@ $config['default_host'] = 'localhost';
 // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-$config['smtp_server'] = 'tls://localhost';
+$config['smtp_host'] = 'tls://localhost';
 // SMTP username (if required) if you use %u as the username Roundcube
 // will use the current username for login
--- a/bundles/roundcube/items.py
+++ b/bundles/roundcube/items.py
@ -43,7 +43,7 @@ actions['extract_roundcube'] = {
    ],
    'triggers': [
        'action:chown_roundcube',
-        'action:composer_install',
+        'action:composer_lock_reset',
    ],
 }
 actions['chown_roundcube'] = {
@ -75,7 +75,16 @@ files['/opt/roundcube/plugins/password/config.inc.php'] = {
        'action:chown_roundcube',
    ],
 }
-
+actions['composer_lock_reset'] = {
    'command': 'rm /opt/roundcube/composer.lock',
    'triggered': True,
    'needs': [
        'action:chown_roundcube',
    ],
    'triggers': [
        'action:composer_install',
    ],
 }
 actions['composer_install'] = {
    'command': "cp /opt/roundcube/composer.json-dist /opt/roundcube/composer.json && su www-data -s /bin/bash -c '/usr/bin/composer -d /opt/roundcube install'",
    'triggered': True,
--- a/bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm
+++ b/bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm
@ -0,0 +1,8 @@
 #!/bin/bash
 gpio=$(gpiofind SCL1)
 while gpiomon --num-events=1 --falling-edge $gpio 2&> /dev/null
 do
  systemctl stop rufbereitschafts-klingel
 done
--- a/bundles/rufbereitschaftsalarm/items.py
+++ b/bundles/rufbereitschaftsalarm/items.py
@ -0,0 +1,16 @@
 files = {
    '/opt/rufbereitschaftsalarm': {
        'mode': '550',
    },
 }
 svc_systemd = {
    'rufbereitschaftsalarm.service': {
        'enabled': False,
        'running': False,
        'needs': [
            'pkg_apt:gpiod',
            'file:/opt/rufbereitschaftsalarm',
        ],
    }
 }
--- a/bundles/rufbereitschaftsalarm/metadata.py
+++ b/bundles/rufbereitschaftsalarm/metadata.py
@ -0,0 +1,42 @@
 defaults = {
    'apt': {
        'packages': {
            'gpiod': {},
        },
    },
    'flask': {
    },
    'systemd': {
        'units': {
            'rufbereitschaftsalarm-sound.service': {
                'Unit': {
                    'Description': 'rufbereitschaftsalarm sound effect',
                    'After': 'network.target',
                },
                'Service': {
                    'ExecStart': '/opt/rufbereitschaftsalarm-sound',
                },
                'Install': {
                    'WantedBy': {
                        'multi-user.target'
                    },
                },
            },
            'rufbereitschaftsalarm-stop.service': {
                'Unit': {
                    'Description': 'rufbereitschaftsalarm stop button',
                    'After': 'network.target',
                },
                'Service': {
                    'ExecStart': '/opt/rufbereitschaftsalarm-stop',
                },
                'Install': {
                    'WantedBy': {
                        'multi-user.target'
                    },
                },
            },
        },
    },
 }
--- a/data/nginx/run_program.conf
+++ b/data/nginx/run_program.conf
@ -0,0 +1,29 @@
 # https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ${server_name};
    ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
    ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
    location / {
        # Disable gzip (it makes scripts feel slower since they have to complete
        # before getting gzipped)
        gzip off;
        # Set the root to /usr/lib (inside this location this means that we are
        # giving access to the files under /usr/lib/cgi-bin)
        root	/usr/lib;
        # Fastcgi socket
        fastcgi_pass  unix:/run/fcgiwrap.socket;
        # Fastcgi parameters, include the standard ones
        include /etc/nginx/params/fastcgi;
        # Adjust non standard parameters (SCRIPT_FILENAME)
        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/hello.cgi;
    }
 }
--- a/nodes/home.rufbereitschaft.py
+++ b/nodes/home.rufbereitschaft.py
@ -0,0 +1,72 @@
 {
    'hostname': '10.0.0.190',
    'groups': [
        'autologin',
        'debian-12',
        'hardware',
        'home',
        'monitored',
        'webserver',
    ],
    'bundles': [
        'wireguard',
    ],
    'metadata': {
        'id': '4eb7ba69-37fa-4594-8d54-3ebfc4e7e5d6',
        'network': {
            'internal': {
                'interface': 'eth0',
                'ipv4': '10.0.0.190/24',
                'gateway4': '10.0.0.1',
            },
        },
        'apt': {
            'packages': {
                'alsa-utils': {},
                'espeak': {},
                'libnginx-mod-http-lua': {},
            },
        },
        'nginx': {
            'vhosts': {
                'rufbereitschaftsalarm.ckn.li': {
                    'content': 'nginx/run_program.conf',
                    'context': {
                        'script': 'hello',
                    },
                },
            },
        },
        'systemd': {
            'units': {
                "wireguard.network": {
                    "Route#smedia": {
                        "Destination": "10.200.128.1",
                        "Gateway": "10.200.128.11"
                    },
                },
                "wireguard.netdev": {
                    "NetDev": {
                        "Description": "WireGuard server",
                        "Kind": "wireguard",
                        "Name": "wg0"
                    },
                    "WireGuard": {
                        "ListenPort": 51820,
                        "PrivateKey": "encrypt$gAAAAABk6FEX92wQzlBIqxP6w5FQydlrDqOZeo1AZS9zaBE3QzujtBnB_cf6KlECzmoljr71dmRiFN5yvA8bzRIpcecvnufIji1XNg-i1UW1fq393XppRq0p9EtNBVzoXoyzZFEcjQRo"
                    },
                    "WireGuardPeer#rufbereitsschaftsalarm": {
                        "AllowedIPs": "0.0.0.0/0",
                        "Endpoint": "185.122.180.82:51820",
                        "PersistentKeepalive": 30,
                        "PresharedKey": "!decrypt:encrypt$gAAAAABk6FD0_39AzxKTTse3ukqs7VOcZ5mPsBsN09Y4FgITOEnbBVWZ-zDsaZi-woNbp4k10nrJtIrqz8a-FIFdNbQaTgulhRDKF6TFH4BhYlEB7d8NH5CU3kTTtqtjSWW9GPqAgb3z",
                        "PublicKey": "gPKjFV8mAx5GZdfPmjThNolpSaXs285e7YznhaBlOwY="
                    }
                },
            },
        },
        'wireguard': {
            'my_ip': '10.200.128.11/24',
        },
    },
 }
--- a/nodes/netcup.mails.py
+++ b/nodes/netcup.mails.py
@ -194,8 +194,8 @@
        },
        'roundcube': {
            'product_name': 'Sublimity Mail',
-            'version': '1.5.0',
+            'version': '1.6.2',
-            'installer': True,
+            'installer': False,
        },
        'vm': {
            'cores': 4,
Author	SHA1	Message	Date
cronekorkn	bbe3d9c7f5	wip	2023-09-07 13:50:57 +02:00
cronekorkn	dd09843873	wip	2023-09-07 13:50:57 +02:00
cronekorkn	9b9b571c35	wip	2023-09-07 13:50:56 +02:00
cronekorkn	d61f5fc4be	wip	2023-09-07 13:50:55 +02:00
cronekorkn	5373954567	roundcube disable installer	2023-09-06 09:29:02 +02:00
cronekorkn	a5ec5eca7a	rc 1.6 options rename	2023-09-06 09:26:50 +02:00
cronekorkn	b459821a8d	roundcube update + composer_lock_reset	2023-09-06 09:25:17 +02:00
cronekorkn	4415bc32f5	macbook clamav	2023-09-06 09:18:21 +02:00