wip

2024-11-24 16:25:55 +01:00 · 2024-11-23 17:57:50 +01:00
14 changed files with 210 additions and 41 deletions
--- a/README.md
+++ b/README.md
@ -37,12 +37,3 @@ fi
 telegraf: execd for daemons

 TEST
-
-# git signing
-
-git config --global gpg.format ssh
-git config --global commit.gpgsign true
-
-git config user.name CroneKorkN
-git config user.email i@ckn.li
-git config user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I"
--- a/bin/upgrade_and_restart_all
+++ b/bin/upgrade_and_restart_all
@ -23,7 +23,7 @@ for node in nodes:
    print(node.run('DEBIAN_FRONTEND=noninteractive apt update').stdout.decode())
    print(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable').stdout.decode())
    if int(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable 2> /dev/null | grep upgradable | wc -l').stdout.decode()):
-        print(node.run('DEBIAN_FRONTEND=noninteractive apt -qy full-upgrade').stdout.decode())
+        print(node.run('DEBIAN_FRONTEND=noninteractive apt -y dist-upgrade').stdout.decode())

 # REBOOT IN ORDER

--- a/bundles/backup/files/backup_all
+++ b/bundles/backup/files/backup_all
@ -1,31 +1,13 @@
 #!/bin/bash

-set -u
+set -exu

 # FIXME: inelegant
 % if wol_command:
 ${wol_command}
 % endif

-exit=0
-failed_paths=""
-
 for path in $(jq -r '.paths | .[]' < /etc/backup/config.json)
 do
-  echo backing up $path
  /opt/backup/backup_path "$path"
-  # set exit to 1 if any backup fails
-  if [ $? -ne 0 ]
-  then
-    echo ERROR: backing up $path failed >&2
-    exit=5
-    failed_paths="$failed_paths $path"
-  fi
 done
-
-if [ $exit -ne 0 ]
-then
-  echo "ERROR: failed to backup paths: $failed_paths" >&2
-fi
-
-exit $exit
--- a/bundles/backup/files/backup_path_via_zfs
+++ b/bundles/backup/files/backup_path_via_zfs
@ -1,6 +1,6 @@
 #!/bin/bash

-set -eu
+set -exu

 path=$1
 uuid=$(jq -r .client_uuid < /etc/backup/config.json)
--- a/bundles/macbook/files/bundlewrap
+++ b/bundles/macbook/files/bundlewrap
@ -2,5 +2,5 @@

 cd "$OLDPWD"

-export BW_ITEM_WORKERS=$(expr "$(sysctl -n hw.logicalcpu)" '*' 12 '/' 10)
+export BW_ITEM_WORKERS=$(expr "$(nproc)" '*' 12 '/' 10)
 export BW_NODE_WORKERS=$(expr 320 '/' "$BW_ITEM_WORKERS")
--- a/bundles/macbook/files/gnu
+++ b/bundles/macbook/files/gnu
@ -2,5 +2,7 @@

 cd "$OLDPWD"

-PATH_add "/opt/homebrew/opt/gnu-sed/libexec/gnubin"
-PATH_add "/opt/homebrew/opt/grep/libexec/gnubin"
+GNU_PATH="$HOME/.local/gnu_bin"
+mkdir -p "$GNU_PATH"
+test -f "$GNU_PATH/sed" || ln -s "$(which gsed)" "$GNU_PATH/sed"
+PATH_add "$GNU_PATH"
--- a/bundles/n8n/items.py
+++ b/bundles/n8n/items.py
@ -0,0 +1,33 @@
+assert node.has_bundle('nodejs')
+assert node.has_bundle('postgresql')
+assert node.has_bundle('zfs')
+
+# To update:
+#
+# - systemctl stop n8n postgresql
+# - tempsnap pre-n8n-update            (for psql, emergency rollback)
+# - apply
+
+version = node.metadata.get("n8n/version")
+actions['install_n8n'] = {
+    'command': f'cd /opt/n8n && sudo -u n8n npm install n8n@{version}',
+    'unless': f'test -e /opt/n8n/node_modules && '
+              f'test $(jq -r ".version" < /opt/n8n/node_modules/n8n/package.json) = "{version}"',
+    'needs': {
+        'directory:/opt/n8n',
+        'pkg_apt:nodejs',
+        'user:n8n',
+    },
+    'triggers': {
+        'svc_systemd:n8n.service:restart',
+    },
+}
+
+svc_systemd['n8n.service'] = {
+    'enabled': True,
+    'running': True,
+    'needs': {
+        'pkg_apt:nodejs',
+        'action:install_n8n',
+    },
+}
--- a/bundles/n8n/metadata.py
+++ b/bundles/n8n/metadata.py
@ -0,0 +1,89 @@
+database_password = repo.vault.password_for(f'{node.name} postgresql n8n')
+
+defaults = {
+    'backups': {
+        'paths': {
+            '/opt/n8n',
+        },
+    },
+    'npm': {
+        'n8n': {},
+    },
+    'n8n': {
+        'DB_TYPE': 'postgresdb',
+        'DB_POSTGRESDB_DATABASE': 'n8n',
+        'DB_POSTGRESDB_HOST': 'localhost',
+        'DB_POSTGRESDB_PORT': 5432,
+        'DB_POSTGRESDB_USER': 'n8n',
+        'DB_POSTGRESDB_PASSWORD': database_password,
+    },
+    'postgresql': {
+        'databases': {
+            'n8n': {
+                'when_creating': {
+                    'encoding': 'UTF8',
+                    'collation': 'C.UTF-8',
+                    'ctype': 'C.UTF-8',
+                },
+                'owner': 'n8n',
+            },
+        },
+        'roles': {
+            'n8n': {
+                'password': database_password,
+            },
+        },
+    },
+    'systemd': {
+        'units': {
+            'n8n.service': {
+                'Unit': {
+                    'Description': 'n8n',
+                    'Requires': 'network.target postgresql.service',
+                    'After': 'postgresql.service',
+                },
+                'Service': {
+                    'Restart': 'always',
+                    'RestartSec': '5',
+                    'WorkingDirectory': '/opt/n8n',
+                    'ExecStart': '/usr/bin/npx n8n start',
+                    'User': 'n8n',
+                    'Group': 'n8n',
+                    'Environment': {
+                        'NODE_ENV=production',
+                    },
+                },
+            },
+        },
+    },
+    'users': {
+        'n8n': {
+            'home': '/opt/n8n',
+        },
+    },
+    'zfs': {
+        'datasets': {
+            'tank/n8n': {
+                'mountpoint': '/opt/n8n',
+                'needed_by': {'directory:/opt/n8n'},
+            },
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'systemd/services/n8n.service',
+)
+def systemd(metadata):
+    return {
+        'systemd': {
+            'units': {
+                'n8n.service': {
+                    'Service': {
+                        'Environment': metadata.get('n8n'),
+                    },
+                },
+            },
+        },
+    }
--- a/bundles/nodejs/metadata.py
+++ b/bundles/nodejs/metadata.py
@ -8,9 +8,7 @@ defaults = {
            },
        },
    },
-    'npm': {
-        'yarn': {},
-    },
+    'npm': {},
 }


@ -28,7 +26,9 @@ def sources(metadata):
                        'deb',
                        'deb-src',
                    },
-                    'url': 'https://deb.nodesource.com/node_{version}.x',
+                    'urls': {
+                        f'https://deb.nodesource.com/node_{version}.x',
+                    },
                    'suites': {
                        '{codename}',
                    },
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -32,7 +32,7 @@
        'systemd-swap',
        'twitch-clip-download',
        'raspberrymatic-cert',
-        #'tasmota-charge',
+        'tasmota-charge',
        'wol-waker',
        'zfs',
    ],
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -221,7 +221,12 @@
                },
                'mseibert.freescout': {
                    'allowed_ips': [
-                        '10.0.227.0/24',
+                        '10.0.227.2/32',
+                    ],
+                },
+                'mseibert.n8n': {
+                    'allowed_ips': [
+                        '10.0.227.3/32',
                    ],
                },
            },
--- a/nodes/mseibert.freescout.py
+++ b/nodes/mseibert.freescout.py
@ -46,7 +46,6 @@
                        '10.0.2.0/24',
                        '10.0.9.0/24',
                        '10.0.10.0/24',
-                        '10.0.10.0/24',
                    ],
                },
            },
--- a/nodes/mseibert.n8n.py
+++ b/nodes/mseibert.n8n.py
@ -0,0 +1,68 @@
+# https://teamvault.apps.seibert-media.net/secrets/mkqMRv/
+# https://console.hetzner.cloud/projects/889138/servers/56564150
+
+{
+    #'dummy': True,
+    'hostname': '159.69.178.45',
+    'groups': [
+        'backup',
+        'debian-12',
+        'monitored',
+        'webserver',
+    ],
+    'bundles': [
+        'n8n',
+        'nodejs',
+        'wireguard',
+        'zfs',
+        'postgresql',
+    ],
+    'metadata': {
+        'id': '4852308e-9d36-4a0e-b533-a291e1495db3',
+        'network': {
+            'internal': {
+                'interface': 'enp7s0',
+                'ipv4': '10.0.227.3/24',
+            },
+            'external': {
+                'interface': 'eth0',
+                'ipv4': '159.69.178.45/32',
+                'gateway4': '172.31.1.1',
+                'ipv6': '2a01:4f8:c012:491b::1/64',
+                'gateway6': 'fe80::1',
+            },
+        },
+        'n8n': {
+            'version': '1.68.0',
+        },
+        'nodejs': {
+            'version': '20',
+        },
+        'vm': {
+            'cores': 2,
+            'ram': 4096,
+        },
+        'wireguard': {
+            'my_ip': '172.30.0.239/32',
+            's2s': {
+                'htz.mails': {
+                    'allowed_ips': [
+                        '10.0.0.0/24',
+                        '10.0.2.0/24',
+                        '10.0.9.0/24',
+                        '10.0.10.0/24',
+                    ],
+                },
+            },
+        },
+        'zfs': {
+            'pools': {
+                'tank': {
+                    'devices': [
+                        '/var/lib/tank.img',
+                    ],
+                },
+            },
+        },
+    },
+}
--- a/nodes/wb.offsite-backups.py
+++ b/nodes/wb.offsite-backups.py
@ -1,7 +1,7 @@
 {
    'hostname': '192.168.179.20',
    'groups': [
-        'debian-12',
+        'debian-11',
        'monitored',
        'raspberry-pi',
    ],
Author	SHA1	Message	Date
cronekorkn	4cd4a5252e	wip	2024-11-24 16:25:55 +01:00
cronekorkn	f871bbfac1	wip	2024-11-23 17:57:50 +01:00