cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

Compare commits

base: cronekorkn:81647880a16fdbfeb359e9a87b3d513a7381570a
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver
...
compare: cronekorkn:9fb67cd7e00a10dc8b8395ccef50401142419a92
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver

6 commits
81647880a1 ... 9fb67cd7e0

Author SHA1 Message Date
cronekorkn
9fb67cd7e0
bundles/grafana/items.py: fix permissions 2023-09-29 10:20:09 +02:00
cronekorkn
75f3b1594b
wip 2023-09-29 10:20:09 +02:00
cronekorkn
ba991bfcb8
wip 2023-09-29 10:20:09 +02:00
cronekorkn
e93a1fbee4
wip 2023-09-29 10:20:09 +02:00
cronekorkn
2e459a6158
wip 2023-09-29 10:20:09 +02:00
cronekorkn
a6f1695e4e
gitea -> forgejo 2023-09-29 10:19:53 +02:00
10 changed files with 188 additions and 17 deletions
Show stats Expand all files Collapse all files

9
bundles/gitea/items.py
View file

@ -2,10 +2,15 @@ from os.path import join
from bundlewrap.utils.dicts import merge_dict
version = version=node.metadata.get('gitea/version')
version = node.metadata.get('gitea/version')
assert not version.startswith('v')
arch = node.metadata.get('system/architecture')
print(f'https://codeberg.org/forgejo/forgejo/releases/download/v{version}/forgejo-{version}-linux-{arch}')
downloads['/usr/local/bin/gitea'] = {
'url': f'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64',
# https://forgejo.org/releases/
'url': f'https://codeberg.org/forgejo/forgejo/releases/download/v{version}/forgejo-{version}-linux-{arch}',
'sha256_url': '{url}.sha256',
'triggers': {
'svc_systemd:gitea:restart',

21
bundles/gitea/metadata.py
View file

@ -11,7 +11,17 @@ defaults = {
},
},
'gitea': {
'conf': {},
'conf': {
'database': {
'DB_TYPE': 'postgres',
'HOST': 'localhost:5432',
'NAME': 'gitea',
'USER': 'gitea',
'PASSWD': database_password,
'SSL_MODE': 'disable',
'LOG_SQL': 'false',
},
},
},
'postgresql': {
'roles': {
@ -83,15 +93,6 @@ def conf(metadata):
'INTERNAL_TOKEN': repo.vault.password_for(f'{node.name} gitea internal_token'),
'SECRET_KEY': repo.vault.password_for(f'{node.name} gitea security_secret_key'),
},
'database': {
'DB_TYPE': 'postgres',
'HOST': 'localhost:5432',
'NAME': 'gitea',
'USER': 'gitea',
'PASSWD': database_password,
'SSL_MODE': 'disable',
'LOG_SQL': 'false',
},
'service': {
'NO_REPLY_ADDRESS': f'noreply.{domain}',
},

2
bundles/grafana/items.py
View file

@ -160,6 +160,8 @@ for dashboard_id, monitored_node in enumerate(monitored_nodes, start=1):
files[f'/var/lib/grafana/dashboards/{monitored_node.name}.json'] = {
'content': json.dumps(dashboard, indent=4),
'owner': 'grafana',
'group': 'grafana',
'triggers': [
'svc_systemd:grafana-server:restart',
]

4
bundles/nginx/files/fastcgi
View file

@ -1,4 +1,3 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
@ -24,6 +23,3 @@ fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# This is the only thing that's different to the debian default.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

8
bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm Normal file
View file

@ -0,0 +1,8 @@
#!/bin/bash
gpio=$(gpiofind SCL1)
while gpiomon --num-events=1 --falling-edge $gpio 2&> /dev/null
do
systemctl stop rufbereitschafts-klingel
done

16
bundles/rufbereitschaftsalarm/items.py Normal file
View file

@ -0,0 +1,16 @@
files = {
'/opt/rufbereitschaftsalarm': {
'mode': '550',
},
}
svc_systemd = {
'rufbereitschaftsalarm.service': {
'enabled': False,
'running': False,
'needs': [
'pkg_apt:gpiod',
'file:/opt/rufbereitschaftsalarm',
],
}
}

42
bundles/rufbereitschaftsalarm/metadata.py Normal file
View file

@ -0,0 +1,42 @@
defaults = {
'apt': {
'packages': {
'gpiod': {},
},
},
'flask': {
},
'systemd': {
'units': {
'rufbereitschaftsalarm-sound.service': {
'Unit': {
'Description': 'rufbereitschaftsalarm sound effect',
'After': 'network.target',
},
'Service': {
'ExecStart': '/opt/rufbereitschaftsalarm-sound',
},
'Install': {
'WantedBy': {
'multi-user.target'
},
},
},
'rufbereitschaftsalarm-stop.service': {
'Unit': {
'Description': 'rufbereitschaftsalarm stop button',
'After': 'network.target',
},
'Service': {
'ExecStart': '/opt/rufbereitschaftsalarm-stop',
},
'Install': {
'WantedBy': {
'multi-user.target'
},
},
},
},
},
}

29
data/nginx/run_program.conf Normal file
View file

@ -0,0 +1,29 @@
# https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${server_name};
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
location / {
# Disable gzip (it makes scripts feel slower since they have to complete
# before getting gzipped)
gzip off;
# Set the root to /usr/lib (inside this location this means that we are
# giving access to the files under /usr/lib/cgi-bin)
root /usr/lib;
# Fastcgi socket
fastcgi_pass unix:/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/params/fastcgi;
# Adjust non standard parameters (SCRIPT_FILENAME)
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/hello.cgi;
}
}

72
nodes/home.rufbereitschaft.py Normal file
View file

@ -0,0 +1,72 @@
{
'hostname': '10.0.0.190',
'groups': [
'autologin',
'debian-12',
'hardware',
'home',
'monitored',
'webserver',
],
'bundles': [
'wireguard',
],
'metadata': {
'id': '4eb7ba69-37fa-4594-8d54-3ebfc4e7e5d6',
'network': {
'internal': {
'interface': 'eth0',
'ipv4': '10.0.0.190/24',
'gateway4': '10.0.0.1',
},
},
'apt': {
'packages': {
'alsa-utils': {},
'espeak': {},
'libnginx-mod-http-lua': {},
},
},
'nginx': {
'vhosts': {
'rufbereitschaftsalarm.ckn.li': {
'content': 'nginx/run_program.conf',
'context': {
'script': 'hello',
},
},
},
},
'systemd': {
'units': {
"wireguard.network": {
"Route#smedia": {
"Destination": "10.200.128.1",
"Gateway": "10.200.128.11"
},
},
"wireguard.netdev": {
"NetDev": {
"Description": "WireGuard server",
"Kind": "wireguard",
"Name": "wg0"
},
"WireGuard": {
"ListenPort": 51820,
"PrivateKey": "encrypt$gAAAAABk6FEX92wQzlBIqxP6w5FQydlrDqOZeo1AZS9zaBE3QzujtBnB_cf6KlECzmoljr71dmRiFN5yvA8bzRIpcecvnufIji1XNg-i1UW1fq393XppRq0p9EtNBVzoXoyzZFEcjQRo"
},
"WireGuardPeer#rufbereitsschaftsalarm": {
"AllowedIPs": "0.0.0.0/0",
"Endpoint": "185.122.180.82:51820",
"PersistentKeepalive": 30,
"PresharedKey": "!decrypt:encrypt$gAAAAABk6FD0_39AzxKTTse3ukqs7VOcZ5mPsBsN09Y4FgITOEnbBVWZ-zDsaZi-woNbp4k10nrJtIrqz8a-FIFdNbQaTgulhRDKF6TFH4BhYlEB7d8NH5CU3kTTtqtjSWW9GPqAgb3z",
"PublicKey": "gPKjFV8mAx5GZdfPmjThNolpSaXs285e7YznhaBlOwY="
}
},
},
},
'wireguard': {
'my_ip': '10.200.128.11/24',
},
},
}

2
nodes/home.server.py
View file

@ -66,7 +66,7 @@
'download_server': 'netcup.mails',
},
'gitea': {
'version': '1.19.1',
'version': '1.20.4-1',
'domain': 'git.sublimity.de',
'conf': {
'mailer': {