cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

Compare commits

base: cronekorkn:b9b10623ec69ba91ccf162d75dafc13aee98f5ee
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver
..
compare: cronekorkn:e39deddf7c7b7ca1900b72fee0064beb4402da0c
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver

32 commits
b9b10623ec ... e39deddf7c

Author SHA1 Message Date
cronekorkn
e39deddf7c
wip 2024-08-20 18:03:39 +02:00
cronekorkn
12c5b86cc5
wip 2024-08-20 18:03:39 +02:00
cronekorkn
c63e56975c
wip 2024-08-20 18:03:39 +02:00
cronekorkn
f74dbc6539
wip 2024-08-20 18:03:39 +02:00
cronekorkn
1221b68642
wip 2024-08-20 18:03:37 +02:00
cronekorkn
95efe10ef6
roundcube 1.6.7 2024-08-19 12:23:35 +02:00
cronekorkn
e47c709f39
dedup 2024-07-29 10:26:38 +02:00
cronekorkn
24d346962a
omz permissions 2024-07-22 10:35:50 +02:00
cronekorkn
3e2cae42e6
nextcloud update 2024-07-03 11:13:41 +02:00
cronekorkn
6e410bfc25
nextcloud maintenance_window_start 2024-07-03 11:13:09 +02:00
cronekorkn
8ebf4e0ec0
oh my zsh fix permissions 2024-07-03 10:12:27 +02:00
cronekorkn
8e8f77e546
ssh host key: use custom path to not collide with auto generated keys 2024-07-03 10:05:44 +02:00
cronekorkn
c128b8a1ca
comment 2024-06-23 13:17:44 +02:00
cronekorkn
53d2928de2
errors and deprecatons 2024-06-22 02:59:15 +02:00
cronekorkn
4996f98cd1 Merge pull request 'homeassistant-supervised' (#18) from homeassistant-supervised into master 
Reviewed-on: #18
 2024-06-11 18:41:31 +02:00
cronekorkn
5b254b1b28
homeassistant-supervised 2024-06-11 18:40:22 +02:00
cronekorkn
4348e6045e
zfs.headers use system/architecture 2024-06-11 18:03:32 +02:00
cronekorkn
28e9d69571
nginx fix ssl_dhparam path 2024-06-11 18:03:08 +02:00
cronekorkn
32011c5b1f
bundles/macbook/files/venv: install optional requirements 2024-06-11 18:02:03 +02:00
cronekorkn
5c8e28ddb5
homeass more log 2024-06-05 21:34:47 +02:00
cronekorkn
d62e609863
faster better dhparams that actually get used 2024-06-05 21:34:28 +02:00
cronekorkn
ff51b41c38
hass bluez 2024-05-31 16:11:15 +02:00
cronekorkn
76cf14a9ef
hass more timeout 2024-05-31 16:11:07 +02:00
cronekorkn
301889ab8b
homeassistant kinda works 2024-05-31 15:14:49 +02:00
cronekorkn
1a163ce9f0
dep order 2024-05-31 15:14:16 +02:00
cronekorkn
15a78737cb
sort 2024-05-31 15:13:37 +02:00
cronekorkn
d90e0a18e8
update nextcloud 2024-05-28 11:11:22 +02:00
cronekorkn
a55ec37d21
elimu-kwanza.de google-site-verification 2024-05-14 11:18:20 +02:00
cronekorkn
ee23f3ef6e
some default 2024-05-10 10:28:59 +02:00
cronekorkn
de67571f5e
lobercrew killed letsencrypt 2024-05-10 10:28:52 +02:00
cronekorkn
a04163b72f
update forgejo 2024-04-30 14:19:28 +02:00
cronekorkn
fc7f7e2c23
update gitea 2024-04-30 14:12:51 +02:00
25 changed files with 417 additions and 68 deletions
Show stats Expand all files Collapse all files

4
bundles/build-ci/metadata.py
View file

@ -1,6 +1,10 @@
from shlex import quote
defaults = {
'build-ci': {},
}
@metadata_reactor.provides(
'users/build-ci/authorized_users',
'sudoers/build-ci',

21
bundles/homeassistant-supervised/README.md Normal file
View file

@ -0,0 +1,21 @@
https://github.com/home-assistant/supervised-installer?tab=readme-ov-file
https://github.com/home-assistant/os-agent/tree/main?tab=readme-ov-file#using-home-assistant-supervised-on-debian
https://docs.docker.com/engine/install/debian/
https://www.home-assistant.io/installation/linux#install-home-assistant-supervised
https://github.com/home-assistant/supervised-installer
https://github.com/home-assistant/architecture/blob/master/adr/0014-home-assistant-supervised.md
DATA_SHARE=/usr/share/hassio dpkg --force-confdef --force-confold -i homeassistant-supervised.deb
neu debian
ha installieren
gucken ob geht
dann bw drüberbügeln
https://www.home-assistant.io/integrations/http/#ssl_certificate

30
bundles/homeassistant-supervised/items.py Normal file
View file

@ -0,0 +1,30 @@
from shlex import quote
version = node.metadata.get('homeassistant/os_agent_version')
directories = {
'/usr/share/hassio': {},
}
actions = {
'install_os_agent': {
'command': ' && '.join([
f'wget -O /tmp/os-agent.deb https://github.com/home-assistant/os-agent/releases/download/{quote(version)}/os-agent_{quote(version)}_linux_aarch64.deb',
'DEBIAN_FRONTEND=noninteractive dpkg -i /tmp/os-agent.deb',
]),
'unless': f'test "$(apt -qq list os-agent | cut -d" " -f2)" = "{quote(version)}"',
'needs': {
'pkg_apt:',
'zfs_dataset:tank/homeassistant',
},
},
'install_homeassistant_supervised': {
'command': 'wget -O /tmp/homeassistant-supervised.deb https://github.com/home-assistant/supervised-installer/releases/latest/download/homeassistant-supervised.deb && apt install /tmp/homeassistant-supervised.deb',
'unless': 'apt -qq list homeassistant-supervised | grep -q "installed"',
'needs': {
'action:install_os_agent',
},
},
}

65
bundles/homeassistant-supervised/metadata.py Normal file
View file

@ -0,0 +1,65 @@
defaults = {
'apt': {
'packages': {
# homeassistant-supervised
'apparmor': {},
'bluez': {},
'cifs-utils': {},
'curl': {},
'dbus': {},
'jq': {},
'libglib2.0-bin': {},
'lsb-release': {},
'network-manager': {},
'nfs-common': {},
'systemd-journal-remote': {},
'systemd-resolved': {},
'udisks2': {},
'wget': {},
# docker
'docker-ce': {},
'docker-ce-cli': {},
'containerd.io': {},
'docker-buildx-plugin': {},
'docker-compose-plugin': {},
},
'sources': {
# docker: https://docs.docker.com/engine/install/debian/#install-using-the-repository
'docker': {
'urls': {
'https://download.docker.com/linux/debian',
},
'suites': {
'{codename}',
},
'components': {
'stable',
},
},
},
},
'zfs': {
'datasets': {
'tank/homeassistant': {
'mountpoint': '/usr/share/hassio',
'needed_by': {
'directory:/usr/share/hassio',
},
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata):
return {
'nginx': {
'vhosts': {
metadata.get('homeassistant/domain'): {
'content': 'homeassistant/vhost.conf',
},
},
},
}

20
bundles/homeassistant/items.py
View file

@ -1,20 +0,0 @@
users = {
'homeassistant': {
'home': '/var/lib/homeassistant',
},
}
directories = {
'/var/lib/homeassistant': {
'owner': 'homeassistant',
},
'/var/lib/homeassistant/config': {
'owner': 'homeassistant',
},
'/var/lib/homeassistant/venv': {
'owner': 'homeassistant',
},
}
# https://wiki.instar.com/de/Software/Linux/Home_Assistant/

20
bundles/homeassistant/metadata.py
View file

@ -1,20 +0,0 @@
defaults = {
'apt': {
'packages': {
'python3': {},
'python3-dev': {},
'python3-pip': {},
'python3-venv': {},
'libffi-dev': {},
'libssl-dev': {},
'libjpeg-dev': {},
'zlib1g-dev': {},
'autoconf': {},
'build-essential': {},
'libopenjp2-7': {},
'libtiff5': {},
'libturbojpeg0-dev': {},
'tzdata': {},
},
},
}

15
bundles/locale/items.py
View file

@ -20,18 +20,19 @@ files = {
}
actions = {
'systemd-locale': {
'command': f'localectl set-locale LANG="{default_locale}"',
'unless': f'localectl | grep -Fi "system locale" | grep -Fi "{default_locale}"',
'triggers': {
'action:locale-gen',
},
},
'locale-gen': {
'command': 'locale-gen',
'triggered': True,
'needs': {
'pkg_apt:locales',
},
},
'systemd-locale': {
'command': f'localectl set-locale LANG="{default_locale}"',
'unless': f'localectl | grep -Fi "system locale" | grep -Fi "{default_locale}"',
'preceded_by': {
'action:locale-gen',
'action:systemd-locale',
},
},
}

4
bundles/macbook/files/venv
View file

@ -19,5 +19,9 @@ if test "$DELTA" -gt 86400
then
python3 -m pip --require-virtualenv install pip wheel --upgrade
python3 -m pip --require-virtualenv install -r requirements.txt --upgrade
if test -e optional-requirements.txt
then
python3 -m pip --require-virtualenv install -r optional-requirements.txt --upgrade
fi
date +%s > .pip_upgrade_timestamp
fi

1
bundles/nextcloud/metadata.py
View file

@ -142,6 +142,7 @@ def config(metadata):
'versions_retention_obligation': 'auto, 90',
'simpleSignUpLink.shown': False,
'allow_local_remote_servers': True, # FIXME?
'maintenance_window_start': 1, # https://docs.nextcloud.com/server/29/admin_manual/configuration_server/background_jobs_configuration.html#maintenance-window-start
},
},
}

1
bundles/nginx/files/nginx.conf
View file

@ -21,6 +21,7 @@ http {
server_names_hash_bucket_size 128;
tcp_nopush on;
client_max_body_size 32G;
ssl_dhparam "/etc/ssl/certs/dhparam.pem";
% if node.has_bundle('php'):
upstream php-handler {

2
bundles/nginx/items.py
View file

@ -76,7 +76,7 @@ files = {
actions = {
'nginx-generate-dhparam': {
'command': 'openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048',
'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
'unless': 'test -f /etc/ssl/certs/dhparam.pem',
},
}

25
bundles/pyenv/items.py Normal file
View file

@ -0,0 +1,25 @@
from shlex import quote
directories = {
'/opt/pyenv': {},
'/opt/pyenv/install': {},
}
git_deploy = {
'/opt/pyenv/install': {
'repo': 'https://github.com/pyenv/pyenv.git',
'rev': 'master',
'needs': {
'directory:/opt/pyenv/install',
},
},
}
for version in node.metadata.get('pyenv/versions'):
actions[f'pyenv_install_{version}'] = {
'command': f'PYENV_ROOT=/opt/pyenv /opt/pyenv/install/bin/pyenv install {quote(version)}',
'unless': f'PYENV_ROOT=/opt/pyenv /opt/pyenv/install/bin/pyenv versions --bare | grep -Fxq {quote(version)}',
'needs': {
'git_deploy:/opt/pyenv/install',
},
}

23
bundles/pyenv/metadata.py Normal file
View file

@ -0,0 +1,23 @@
defaults = {
'apt': {
'packages': {
'build-essential': {},
'libssl-dev': {},
'zlib1g-dev': {},
'libbz2-dev': {},
'libreadline-dev': {},
'libsqlite3-dev': {},
'curl': {},
'libncurses-dev': {},
'xz-utils': {},
'tk-dev': {},
'libxml2-dev': {},
'libxmlsec1-dev': {},
'libffi-dev': {},
'liblzma-dev': {},
},
},
'pyenv': {
'versions': set(),
},
}

1
bundles/ssh/files/sshd_config
View file

@ -21,3 +21,4 @@ ClientAliveInterval 30
ClientAliveCountMax 5
AcceptEnv LANG
Subsystem sftp /usr/lib/openssh/sftp-server
HostKey /etc/ssh/ssh_host_managed_key

4
bundles/ssh/items.py
View file

@ -51,14 +51,14 @@ files = {
],
'skip': dont_touch_sshd,
},
'/etc/ssh/ssh_host_ed25519_key': {
'/etc/ssh/ssh_host_managed_key': {
'content': node.metadata.get('ssh/host_key/private') + '\n',
'mode': '0600',
'triggers': [
'svc_systemd:ssh:restart'
],
},
'/etc/ssh/ssh_host_ed25519_key.pub': {
'/etc/ssh/ssh_host_managed_key.pub': {
'content': node.metadata.get('ssh/host_key/public') + '\n',
'mode': '0644',
'triggers': [

2
bundles/systemd-journald/items.py
View file

@ -1,7 +1,7 @@
files = {
'/etc/systemd/journald.conf.d/managed.conf': {
'content': repo.libs.systemd.generate_unitfile({
'Jorunal': node.metadata.get('systemd-journald'),
'Journal': node.metadata.get('systemd-journald'),
}),
'triggers': {
'svc_systemd:systemd-journald:restart',

4
bundles/telegraf/metadata.py
View file

@ -7,6 +7,8 @@ defaults = {
# needed by crystal plugins:
'libgc-dev': {},
'libevent-dev': {},
# crystal based (procio, pressure_stall):
'libpcre3': {},
},
'sources': {
'influxdata': {
@ -56,7 +58,7 @@ defaults = {
'procstat': {h({
'interval': '60s',
'pattern': '.',
'fieldpass': [
'fieldinclude': [
'cpu_usage',
'memory_rss',
],

1
bundles/zfs/items.py
View file

@ -6,6 +6,7 @@ files = {
'/etc/cron.weekly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/cron.monthly/zfs-auto-snapshot': {'delete': True, 'needs': {'pkg_apt:zfs-auto-snapshot'}},
'/etc/modprobe.d/zfs.conf': {
'content_type': 'text',
'content': '\n'.join(
f'options zfs {k}={v}'
for k, v in node.metadata.get('zfs/kernel_params').items()

5
bundles/zfs/metadata.py
View file

@ -122,10 +122,7 @@ def backup(metadata):
'apt/packages'
)
def headers(metadata):
if node.in_group('raspberry-pi'):
arch = 'arm64'
else:
arch = 'amd64'
arch = metadata.get('system/architecture')
return {
'apt': {

21
bundles/zsh/items.py
View file

@ -3,12 +3,13 @@ from os.path import join
directories = {
'/etc/zsh/oh-my-zsh': {},
'/etc/zsh/oh-my-zsh/custom/plugins': {
'mode': '0755',
'mode': '0744',
'needs': [
f"git_deploy:/etc/zsh/oh-my-zsh",
]
},
'/etc/zsh/oh-my-zsh/custom/plugins/zsh-autosuggestions': {
'mode': '0744',
'needs': [
f"git_deploy:/etc/zsh/oh-my-zsh",
]
@ -27,14 +28,30 @@ git_deploy = {
}
files = {
'/etc/zsh/zprofile': {},
'/etc/zsh/zprofile': {
'mode': '0744',
},
'/etc/zsh/oh-my-zsh/themes/bw.zsh-theme': {
'mode': '0744',
'needs': [
f"git_deploy:/etc/zsh/oh-my-zsh",
]
},
}
actions = {
'chown_oh_my_zsh': {
'command': 'chmod -R 744 /etc/zsh/oh-my-zsh',
'triggered': True,
'triggered_by': [
"git_deploy:/etc/zsh/oh-my-zsh",
"git_deploy:/etc/zsh/oh-my-zsh/custom/plugins/zsh-autosuggestions",
"file:/etc/zsh/zprofile",
"file:/etc/zsh/oh-my-zsh/themes/bw.zsh-theme",
],
},
}
for name, user_config in node.metadata.get('users').items():
if user_config.get('shell', None) == '/usr/bin/zsh':
files[join(user_config['home'], '.zshrc')] = {

62
data/apt/keys/docker.asc Normal file
View file

@ -0,0 +1,62 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----

22
data/homeassistant/vhost.conf Normal file
View file

@ -0,0 +1,22 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${server_name};
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_read_timeout 3600;
proxy_pass http://127.0.0.1:8123;
}
}

111
nodes/home.homeassistant.py Normal file
View file

@ -0,0 +1,111 @@
{
'hostname': '10.0.0.16',
'groups': [
'webserver',
'backup',
'monitored',
'raspberry-pi',
'autologin',
],
'bundles': [
'apt',
'homeassistant-supervised',
'hostname',
'hosts',
'htop',
'users',
'ssh',
'sudo',
'locale',
'zsh',
'zfs',
'systemd',
'systemd-timers',
'systemd-journald',
],
'metadata': {
'id': '3d67964d-1270-4d3c-b93f-9c44219b3d59',
'network': {
'internal': {
'interface': 'eth0',
'ipv4': '10.0.0.16/24',
'gateway4': '10.0.0.1',
},
},
'apt': {
'sources': {
'debian': {
'urls': {
'https://deb.debian.org/debian',
},
'suites': {
'{codename}',
'{codename}-updates',
},
'components': {
'main',
'contrib',
'non-free',
'non-free-firmware',
},
'key': 'debian-{version}',
},
'debian-security': {
'urls': {
'http://security.debian.org/debian-security',
},
'suites': {
'{codename}-security',
},
'components': {
'main',
'contrib',
'non-free',
'non-free-firmware',
},
'key': 'debian-{version}-security',
},
},
},
'hosts': {
'10.0.11.3': [
'resolver.name',
'secondary.resolver.name',
],
},
'letsencrypt': {
'acme_node': 'netcup.mails',
},
'homeassistant': {
'domain': 'homeassistant.ckn.li',
'os_agent_version': '1.6.0',
},
'nameservers': {
'10.0.11.3',
},
'users': {
'ckn': {
'shell': '/usr/bin/zsh',
'authorized_keys': {
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I ckn',
},
},
},
'sudoers': {
'ckn': {'ALL'},
},
'zfs': {
'pools': {
'tank': {
'devices': [
'/var/lib/zfs/tank.img',
],
},
},
},
'os_codename': 'bookworm',
},
'os': 'debian',
'os_version': (12,),
'pip_command': 'pip3',
}

4
nodes/home.server.py
View file

@ -66,7 +66,7 @@
'download_server': 'netcup.mails',
},
'gitea': {
'version': '1.20.4-1',
'version': '7.0.1',
'domain': 'git.sublimity.de',
'conf': {
'mailer': {
@ -111,7 +111,7 @@
},
'nextcloud': {
'hostname': 'cloud.sublimity.de',
'version': '28.0.1',
'version': '29.0.3',
'config': {
'instanceid': 'oci6dw1woodz',
'secret': '!decrypt:encrypt$gAAAAABj96CFynVtEgsje7173zjQAcY7xQG3uyf5cxE-sJAvhyPh_KUykTKdwnExc8NTDJ8RIGUmVfgC6or5crnYaggARPIEg5-Cb0xVdEPPZ3oZ01ImLmynLu3qXT9O8kVM-H21--OKeztMRn7bySsbXdWEGtETFQ==',

17
nodes/netcup.mails.py
View file

@ -15,18 +15,12 @@
'build-ci',
'download-server',
'islamicstate.eu',
'lonercrew',
'nginx-rtmps',
'steam',
'wireguard',
'zfs',
],
'metadata': {
'wordpress': {
'elimukwanza': {
'domain': 'elimu-kwanza.de',
},
},
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': {
'internal': {
@ -56,7 +50,6 @@
'islamicstate.eu',
'hausamsilberberg.de',
'wiegand.tel',
'lonercrew.io',
'left4.me',
'elimu-kwanza.de',
'cronekorkn.de',
@ -80,10 +73,18 @@
'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:1c1c:4121::1'],
},
'elimu-kwanza.de': {
'TXT': ['google-site-verification=JwgcfXQ6nIXKxjMqUGHVBDISgMCQXgzMryPBsP2ZXnE'],
},
},
'download-server': {
'hostname': 'dl.sublimity.de',
},
'wordpress': {
'elimukwanza': {
'domain': 'elimu-kwanza.de',
},
},
'left4dead2': {
'servers': {
'standard': {
@ -189,7 +190,7 @@
},
'roundcube': {
'product_name': 'Sublimity Mail',
'version': '1.6.6',
'version': '1.6.7',
'installer': False,
},
'vm': {