cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

Compare commits

base: cronekorkn:ea447ba24c6a5613b82b4b8a541e1b58dcab8288
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver
..
compare: cronekorkn:6751cd0b445c1c3e76155976822560c8a1b69452
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver

No commits in common. "ea447ba24c6a5613b82b4b8a541e1b58dcab8288" and "6751cd0b445c1c3e76155976822560c8a1b69452" have entirely different histories.
ea447ba24c ... 6751cd0b44

17 changed files with 137 additions and 101 deletions
Show stats Expand all files Collapse all files

1
bundles/letsencrypt/items.py
View file

@ -56,7 +56,6 @@ for domain in node.metadata.get('letsencrypt/domains').keys():
'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true', 'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true',
'needs': { 'needs': {
'file:/etc/dehydrated/letsencrypt-ensure-some-certificate', 'file:/etc/dehydrated/letsencrypt-ensure-some-certificate',
'pkg_apt:dehydrated',
}, },
'needed_by': { 'needed_by': {
'svc_systemd:nginx', 'svc_systemd:nginx',

2
bundles/mariadb/items.py
View file

@ -13,7 +13,6 @@ directories = {
], ],
'needed_by': [ 'needed_by': [
'pkg_apt:mariadb-server', 'pkg_apt:mariadb-server',
'pkg_apt:mariadb-client',
], ],
}, },
} }
@ -31,7 +30,6 @@ svc_systemd = {
'mariadb.service': { 'mariadb.service': {
'needs': [ 'needs': [
'pkg_apt:mariadb-server', 'pkg_apt:mariadb-server',
'pkg_apt:mariadb-client',
], ],
}, },
} }

11
bundles/mariadb/metadata.py
View file

@ -1,16 +1,7 @@
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
'mariadb-server': { 'mariadb-server': {},
'needs': {
'zfs_dataset:tank/mariadb',
},
},
'mariadb-client': {
'needs': {
'zfs_dataset:tank/mariadb',
},
},
}, },
}, },
'mariadb': { 'mariadb': {

6
bundles/postgresql/metadata.py
View file

@ -6,11 +6,7 @@ root_password = repo.vault.password_for(f'{node.name} postgresql root')
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
'postgresql': { 'postgresql': {},
'needs': {
'zfs_dataset:tank/postgresql',
},
},
}, },
}, },
'backup': { 'backup': {

64
bundles/roundcube/files/config.inc.php
View file

@ -6,16 +6,80 @@ $config['enable_installer'] = true;
/* Local configuration for Roundcube Webmail */ /* Local configuration for Roundcube Webmail */
$config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}'; $config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}';
$config['imap_host'] = 'localhost'; $config['imap_host'] = 'localhost';
$config['smtp_host'] = 'tls://localhost'; $config['smtp_host'] = 'tls://localhost';
$config['smtp_user'] = '%u'; $config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p'; $config['smtp_pass'] = '%p';
$config['support_url'] = ''; $config['support_url'] = '';
$config['des_key'] = '${des_key}'; $config['des_key'] = '${des_key}';
$config['product_name'] = '${product_name}'; $config['product_name'] = '${product_name}';
$config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)}); $config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)});
$config['language'] = 'de_DE'; $config['language'] = 'de_DE';
$config['smtp_conn_options'] = array( $config['smtp_conn_options'] = array(
'ssl' => array( 'ssl' => array(
'verify_peer' => false, 'verify_peer' => false,

2
bundles/roundcube/files/password.config.inc.php
View file

@ -1,5 +1,7 @@
<?php <?php
$config['password_driver'] = 'sql'; $config['password_driver'] = 'sql';
$config['password_strength_driver'] = null; $config['password_strength_driver'] = null;
$config['password_confirm_current'] = true; $config['password_confirm_current'] = true;

16
bundles/roundcube/items.py
View file

@ -1,8 +1,7 @@
assert node.has_bundle('php') assert node.has_bundle('php')
assert node.has_bundle('mailserver') assert node.has_bundle('mailserver')
roundcube_version = node.metadata.get('roundcube/version') version = node.metadata.get('roundcube/version')
php_version = node.metadata.get('php/version')
directories = { directories = {
'/opt/roundcube': { '/opt/roundcube': {
@ -23,9 +22,9 @@ directories = {
} }
files[f'/tmp/roundcube-{roundcube_version}.tar.gz'] = { files[f'/tmp/roundcube-{version}.tar.gz'] = {
'content_type': 'download', 'content_type': 'download',
'source': f'https://github.com/roundcube/roundcubemail/releases/download/{roundcube_version}/roundcubemail-{roundcube_version}-complete.tar.gz', 'source': f'https://github.com/roundcube/roundcubemail/releases/download/{version}/roundcubemail-{version}-complete.tar.gz',
'triggered': True, 'triggered': True,
} }
actions['delete_roundcube'] = { actions['delete_roundcube'] = {
@ -33,11 +32,11 @@ actions['delete_roundcube'] = {
'triggered': True, 'triggered': True,
} }
actions['extract_roundcube'] = { actions['extract_roundcube'] = {
'command': f'tar xfvz /tmp/roundcube-{roundcube_version}.tar.gz --strip 1 -C /opt/roundcube', 'command': f'tar xfvz /tmp/roundcube-{version}.tar.gz --strip 1 -C /opt/roundcube',
'unless': f'grep -q "Version {roundcube_version}" /opt/roundcube/index.php', 'unless': f'grep -q "Version {version}" /opt/roundcube/index.php',
'preceded_by': [ 'preceded_by': [
'action:delete_roundcube', 'action:delete_roundcube',
f'file:/tmp/roundcube-{roundcube_version}.tar.gz', f'file:/tmp/roundcube-{version}.tar.gz',
], ],
'needs': [ 'needs': [
'directory:/opt/roundcube', 'directory:/opt/roundcube',
@ -65,9 +64,6 @@ files['/opt/roundcube/config/config.inc.php'] = {
'needs': [ 'needs': [
'action:chown_roundcube', 'action:chown_roundcube',
], ],
'triggers': [
f'svc_systemd:php{php_version}-fpm.service:restart',
],
} }
files['/opt/roundcube/plugins/password/config.inc.php'] = { files['/opt/roundcube/plugins/password/config.inc.php'] = {
'source': 'password.config.inc.php', 'source': 'password.config.inc.php',

20
bundles/telegraf/items.py
View file

@ -15,16 +15,16 @@ files = {
'svc_systemd:telegraf:restart', 'svc_systemd:telegraf:restart',
], ],
}, },
# '/usr/local/share/telegraf/procio': { '/usr/local/share/telegraf/procio': {
# 'content_type': 'download', 'content_type': 'download',
# 'source': f"https://dl.sublimity.de/telegraf-procio/telegraf-procio-{node.metadata.get('system/architecture')}-latest", 'source': f"https://dl.sublimity.de/telegraf-procio/telegraf-procio-{node.metadata.get('system/architecture')}-latest",
# 'mode': '0755', 'mode': '0755',
# }, },
# '/usr/local/share/telegraf/pressure_stall': { '/usr/local/share/telegraf/pressure_stall': {
# 'content_type': 'download', 'content_type': 'download',
# 'source': f"https://dl.sublimity.de/telegraf-pressure-stall/telegraf-pressure-stall-{node.metadata.get('system/architecture')}-latest", 'source': f"https://dl.sublimity.de/telegraf-pressure-stall/telegraf-pressure-stall-{node.metadata.get('system/architecture')}-latest",
# 'mode': '0755', 'mode': '0755',
# }, },
} }
svc_systemd['telegraf'] = { svc_systemd['telegraf'] = {

28
bundles/telegraf/metadata.py
View file

@ -73,20 +73,20 @@ defaults = {
'system': {h({})}, 'system': {h({})},
'net': {h({})}, 'net': {h({})},
'exec': { 'exec': {
# h({ h({
# 'commands': [ 'commands': [
# f'sudo /usr/local/share/telegraf/procio', f'sudo /usr/local/share/telegraf/procio',
# ], ],
# 'data_format': 'influx', 'data_format': 'influx',
# 'interval': '20s', 'interval': '20s',
# }), }),
# h({ h({
# 'commands': [ 'commands': [
# f'/usr/local/share/telegraf/pressure_stall', f'/usr/local/share/telegraf/pressure_stall',
# ], ],
# 'data_format': 'influx', 'data_format': 'influx',
# 'interval': '10s', 'interval': '10s',
# }), }),
}, },
}, },
}, },

6
groups/os/linux.py
View file

@ -23,16 +23,16 @@
'metadata': { 'metadata': {
'dns': {}, 'dns': {},
'hosts': { 'hosts': {
'10.0.10.2': [ '10.0.11.3': [
'resolver.name', 'resolver.name',
'secondary.resolver.name', 'secondary.resolver.name',
], ],
}, },
'letsencrypt': { 'letsencrypt': {
'acme_node': 'htz.mails', 'acme_node': 'netcup.mails',
}, },
'nameservers': { 'nameservers': {
'10.0.10.2', '10.0.11.3',
}, },
'systemd-timers': { 'systemd-timers': {
'trim': { 'trim': {

6
nodes/home.homeassistant.py
View file

@ -68,20 +68,20 @@
}, },
}, },
'hosts': { 'hosts': {
'10.0.10.2': [ '10.0.11.3': [
'resolver.name', 'resolver.name',
'secondary.resolver.name', 'secondary.resolver.name',
], ],
}, },
'letsencrypt': { 'letsencrypt': {
'acme_node': 'htz.mails', 'acme_node': 'netcup.mails',
}, },
'homeassistant': { 'homeassistant': {
'domain': 'homeassistant.ckn.li', 'domain': 'homeassistant.ckn.li',
'os_agent_version': '1.6.0', 'os_agent_version': '1.6.0',
}, },
'nameservers': { 'nameservers': {
'10.0.10.2', '10.0.11.3',
}, },
'users': { 'users': {
'ckn': { 'ckn': {

6
nodes/home.server.py
View file

@ -63,7 +63,7 @@
'target': 'aarch64-unknown-linux-gnu', 'target': 'aarch64-unknown-linux-gnu',
}, },
}, },
'download_server': 'htz.mails', 'download_server': 'netcup.mails',
}, },
'gitea': { 'gitea': {
'version': '7.0.1', 'version': '7.0.1',
@ -169,10 +169,10 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.2/32', 'my_ip': '172.30.0.2/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.10.0/24', '10.0.10.0/24',
'10.0.10.0/24', '10.0.11.0/24',
'192.168.179.0/24', '192.168.179.0/24',
'10.0.227.0/24', # mseibert.freescout '10.0.227.0/24', # mseibert.freescout
], ],

2
nodes/htz.games.py
View file

@ -37,7 +37,7 @@
'network': { 'network': {
'internal': { 'internal': {
'interface': 'ens10', 'interface': 'ens10',
'ipv4': '10.0.10.2/32', 'ipv4': '10.0.10.3/32',
}, },
'external': { 'external': {
'interface': 'eth0', 'interface': 'eth0',

6
nodes/mseibert.freescout.py
View file

@ -1,5 +1,5 @@
{ {
'dummy': True, #'dummy': True,
'hostname': '159.69.117.89', 'hostname': '159.69.117.89',
'groups': [ 'groups': [
'backup', 'backup',
@ -37,13 +37,13 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.238/32', 'my_ip': '172.30.0.238/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.10.0/24', '10.0.10.0/24',
'10.0.10.0/24', '10.0.11.0/24',
], ],
}, },
}, },

50
nodes/htz.mails.py → nodes/netcup.mails.py
View file

@ -1,14 +1,13 @@
{ {
'hostname': '49.12.184.229', 'hostname': '202.61.255.108',
'groups': [ 'groups': [
#'backup', 'backup',
'debian-12', 'debian-12',
'hetzner-cloud',
'mailserver', 'mailserver',
#'monitored', 'monitored',
'webserver', 'webserver',
'dnsserver', 'dnsserver',
#'wordpress', 'wordpress',
#'left4dead2', #'left4dead2',
], ],
'bundles': [ 'bundles': [
@ -16,32 +15,23 @@
'build-ci', 'build-ci',
'download-server', 'download-server',
'islamicstate.eu', 'islamicstate.eu',
#'nginx-rtmps', 'nginx-rtmps',
#'steam', #'steam',
'wireguard', 'wireguard',
'zfs', 'zfs',
], ],
'metadata': { 'metadata': {
'users': {
'root': {
#'password': 'November99!!..',
},
},
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': { 'network': {
'internal': { 'internal': {
'interface': 'enp7s0', 'interface': 'eth1',
'ipv4': '10.0.10.2/24', 'ipv4': '10.0.11.3/24',
}, },
'external': { 'external': {
'interface': 'eth0', 'interface': 'eth0',
'ipv4': '49.12.184.229/32', 'ipv4': '202.61.255.108/22',
'gateway4': '172.31.1.1', 'gateway4': '202.61.252.1',
'ipv6': '2a01:4f8:c013:51f2::1', 'ipv6': '2a03:4000:55:a89::1/64',
'gateway6': 'fe80::1', 'gateway6': 'fe80::1',
} }
}, },
@ -68,20 +58,20 @@
}, },
'dns': { 'dns': {
'ckn.li': { 'ckn.li': {
'A': ['49.12.184.229'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:c013:51f2::1'], 'AAAA': ['2a01:4f8:1c1c:4121::1'],
}, },
'sublimity.de': { 'sublimity.de': {
'A': ['49.12.184.229'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:c013:51f2::1'], 'AAAA': ['2a01:4f8:1c1c:4121::1'],
}, },
'freibrief.net': { 'freibrief.net': {
'A': ['49.12.184.229'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:c013:51f2::1'], 'AAAA': ['2a01:4f8:1c1c:4121::1'],
}, },
'left4.me': { 'left4.me': {
'A': ['49.12.184.229'], 'A': ['202.61.255.108'],
'AAAA': ['2a01:4f8:c013:51f2::1'], 'AAAA': ['2a01:4f8:1c1c:4121::1'],
}, },
'elimu-kwanza.de': { 'elimu-kwanza.de': {
'TXT': ['google-site-verification=JwgcfXQ6nIXKxjMqUGHVBDISgMCQXgzMryPBsP2ZXnE'], 'TXT': ['google-site-verification=JwgcfXQ6nIXKxjMqUGHVBDISgMCQXgzMryPBsP2ZXnE'],
@ -219,7 +209,7 @@
}, },
'ovh.secondary': { 'ovh.secondary': {
'allowed_ips': [ 'allowed_ips': [
'10.0.10.0/24', '10.0.11.0/24',
], ],
}, },
'wb.offsite-backups': { 'wb.offsite-backups': {
@ -249,7 +239,7 @@
'pools': { 'pools': {
'tank': { 'tank': {
'devices': [ 'devices': [
'/dev/disk/by-id/scsi-0HC_Volume_101332312', '/dev/sda4',
], ],
}, },
}, },

8
nodes/ovh.secondary.py
View file

@ -20,22 +20,22 @@
}, },
}, },
'bind': { 'bind': {
'master_node': 'htz.mails', 'master_node': 'netcup.mails',
'hostname': 'secondary.resolver.name', 'hostname': 'secondary.resolver.name',
}, },
# 'postfix': { # 'postfix': {
# 'master_node': 'htz.mails', # 'master_node': 'netcup.mails',
# 'hostname': 'mail2.sublimity.de', # 'hostname': 'mail2.sublimity.de',
# }, # },
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.3/32', 'my_ip': '172.30.0.3/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.10.0/24', '10.0.11.0/24',
], ],
}, },
}, },

4
nodes/wb.offsite-backups.py
View file

@ -43,13 +43,13 @@
'wireguard': { 'wireguard': {
'my_ip': '172.30.0.4/32', 'my_ip': '172.30.0.4/32',
's2s': { 's2s': {
'htz.mails': { 'netcup.mails': {
'allowed_ips': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
'10.0.10.0/24', '10.0.10.0/24',
'10.0.10.0/24', '10.0.11.0/24',
], ],
}, },
}, },