bundles/letsencrypt/files/hook.sh

@@ -31,12 +31,6 @@ deploy_cert() {
   % for domain, conf in sorted(domains.items()):
 <%   if not conf: continue %>\
     ${domain})
-      % if conf.get('scp', None):
-      scp "$KEYFILE" "${conf['scp']}/${conf.get('privkey_name', 'privkey.pem')}"
-      scp "$CERTFILE" "${conf['scp']}/${conf.get('cert_name', 'cert.pem')}"
-      scp "$FULLCHAINFILE" "${conf['scp']}/${conf.get('fullchain_name', 'fullchain.pem')}"
-      scp "$CHAINFILE" "${conf['scp']}/${conf.get('chain_name', 'chain.pem')}"
-      % endif
       % if conf.get('location', None):
       cat "$KEYFILE" > "${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}"
       cat "$CERTFILE" > "${conf['location']}/${conf.get('cert_name', 'cert.pem')}"

bundles/letsencrypt/items.py

@@ -42,7 +42,7 @@ files = {
 }
 
 actions['letsencrypt_update_certificates'] = {
-    'command': 'systemctl start letsencrypt.service',
+    'command': 'dehydrated --cron --accept-terms --challenge dns-01',
     'triggered': True,
     'skip': delegated,
     'needs': {

bundles/ssh/items.py

@@ -66,7 +66,13 @@ files = {
         ],
     },
     '/etc/ssh/ssh_known_hosts': {
-        'content': '\n'.join(sorted(node.metadata.get('ssh/known_hosts'))) + '\n',
+        'content': '\n'.join(sorted(
+            line
+                for other_node in repo.nodes
+                if other_node != node
+                and other_node.has_bundle('ssh')
+                for line in other_node.metadata.get('ssh/is_known_as')
+        )) + '\n',
     },
 }
 

bundles/ssh/metadata.py

@@ -5,7 +5,6 @@ defaults = {
     'ssh': {
         'multiplex_incoming': True,
         'is_known_as': set(), # known_hosts for other nodes
-        'known_hosts': set(), # known_hosts for this node
     },
 }
 
@@ -87,20 +86,3 @@ def is_known_as(metadata):
             ),
         },
     }
-
-
-@metadata_reactor.provides(
-    'ssh/known_hosts',
-)
-def known_hosts(metadata):
-    return {
-        'ssh': {
-            'known_hosts': set(
-                line
-                    for other_node in repo.nodes
-                    if other_node != node
-                    and other_node.has_bundle('ssh')
-                    for line in other_node.metadata.get('ssh/is_known_as')
-            )
-        }
-    }

nodes/home.homeassistant.py

@@ -11,36 +11,5 @@
                 'gateway4': '10.0.0.1',
             },
         },
-        'dns': {
-            'homeassistant.ckn.li': {
-                'A': {
-                    '10.0.0.16',
-                },
-            },
-        },
     },
 }
-
-# LETSENCRYPT
-# - cant use the letsencrypt addon, because it doesnt suppeort supplying a different zone (which would be acme.sublimity.de)
-
-# Advanced SSH & Web Terminal:
-#
-# username: root
-# password: ""
-# authorized_keys:
-#   - >-
-#     ssh-ed25519
-#     AAAAC3NzaC1lZDI1NTE5AAAAIJT9Spe+BYue7iiutl3rSf6PlU6dthHizyK+ZWnLodrA
-#     root@home.server
-# sftp: true
-# compatibility_mode: false
-# allow_agent_forwarding: false
-# allow_remote_port_forwarding: false
-# allow_tcp_forwarding: false
-
-# add to /homeassistant/configuration.yaml:
-# http:
-#   http_port: 443
-#   ssl_certificate: /ssl/fullchain.pem
-#   ssl_key: /ssl/privkey.pem

nodes/home.server.py

@@ -100,13 +100,6 @@
             'readonly_token': '!decrypt:encrypt$gAAAAABg3z1-0hnUdzsfivocxhJm58YnPLn96OUvnHiPaehdRhKd6TZBgEPc5YyR07t2-GEUfOvEwoie-O6QsVhWYxrwxNTBXux_iUSx7W6e-fLQA_3MgWf5G97q_3kx_wCgQ6V0iKRyxH988TpNSMACfS4WhCXdSes1CaMpic4VV3S3ox_gCrSHxO7yVXQkJDnOW0MixY5T',
             'writeonly_token': '!decrypt:encrypt$gAAAAABg3z6fGrOy2tNdo03RoYAXmpJoJYkfhBfpblPh_wxYfqmdjtABaD7XyV9mSh9xl8oWQlTAtCk9KndVCDQy7BJ-ju7S3HCKJ0k244Y5YKxUnQtqt9fc9nnm8XD-NOJqLKyfy0QhL_I8dFT02pygoJeCUR5NkZcTKf6julb-iGXI6vWcQgolJTYrW643pHObd-Z-vIEl',
         },
-        'letsencrypt': {
-            'domains': {
-                'homeassistant.ckn.li': {
-                    'scp': 'root@10.0.0.16:/ssl',
-                },
-            },
-        },
         'mosquitto': {
             'hostname': 'mqtt.sublimity.de',
             'users': {
@@ -141,13 +134,6 @@
                 'windows-backup': {},
             },
         },
-        'ssh': {
-            'known_hosts': libs.ssh.known_hosts_entry_for(
-                node_id='3d67964d-1270-4d3c-b93f-9c44219b3d59',
-                hostnames=('homeassistant.ckn.li', '10.0.0.16'),
-                pubkey='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9SOqQ7tcJAOWOZkbQwFLOEfqpILuiDmeMHAEiY9G/I',
-            ),
-        },
         'steam_chat_logger': {
             'STEAM_USERNAME': 'snake_452',
             'STEAM_ID': 'STEAM_0:0:12376499',