README.md

@@ -37,12 +37,3 @@ fi
 telegraf: execd for daemons
 
 TEST
-
-# git signing
-
-git config --global gpg.format ssh
-git config --global commit.gpgsign true
-
-git config user.name CroneKorkN
-git config user.email i@ckn.li
-git config user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I"

bin/upgrade_and_restart_all

@@ -23,7 +23,7 @@ for node in nodes:
     print(node.run('DEBIAN_FRONTEND=noninteractive apt update').stdout.decode())
     print(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable').stdout.decode())
     if int(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable 2> /dev/null | grep upgradable | wc -l').stdout.decode()):
-        print(node.run('DEBIAN_FRONTEND=noninteractive apt -qy full-upgrade').stdout.decode())
+        print(node.run('DEBIAN_FRONTEND=noninteractive apt -y dist-upgrade').stdout.decode())
 
 # REBOOT IN ORDER
 

bundles/backup/files/backup_all

@@ -1,31 +1,13 @@
 #!/bin/bash
 
-set -u
+set -exu
 
 # FIXME: inelegant
 % if wol_command:
 ${wol_command}
 % endif
 
-exit=0
-failed_paths=""
-
 for path in $(jq -r '.paths | .[]' < /etc/backup/config.json)
 do
-  echo backing up $path
   /opt/backup/backup_path "$path"
-  # set exit to 1 if any backup fails
-  if [ $? -ne 0 ]
-  then
-    echo ERROR: backing up $path failed >&2
-    exit=5
-    failed_paths="$failed_paths $path"
-  fi
 done
-
-if [ $exit -ne 0 ]
-then
-  echo "ERROR: failed to backup paths: $failed_paths" >&2
-fi
-
-exit $exit

bundles/backup/files/backup_path_via_zfs

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -eu
+set -exu
 
 path=$1
 uuid=$(jq -r .client_uuid < /etc/backup/config.json)

bundles/freescout/README.md

@@ -11,13 +11,3 @@ Enter it again:
 freescout=#
 \q
 ```
-
-
-# problems
-
-# check if /opt/freescout/.env is resettet
-# ckeck `psql -h localhost -d freescout -U freescout -W`with pw from .env
-# chown -R www-data:www-data /opt/freescout
-# sudo su - www-data -c 'php /opt/freescout/artisan freescout:clear-cache' -s /bin/bash
-# javascript funny? `sudo su - www-data -c 'php /opt/freescout/artisan storage:link' -s /bin/bash`
-# benutzer bilder weg? aus dem backup holen: `/opt/freescout/.zfs/snapshot/zfs-auto-snap_hourly-2024-11-22-1700/storage/app/public/users` `./customers`

bundles/freescout/items.py

@@ -12,33 +12,33 @@ directories = {
 }
 
 actions = {
-    # 'clone_freescout': {
+    'clone_freescout': {
-    #     'command': run_as('www-data', 'git clone https://github.com/freescout-helpdesk/freescout.git /opt/freescout'),
+        'command': run_as('www-data', 'git clone https://github.com/freescout-helpdesk/freescout.git /opt/freescout'),
-    #     'unless': 'test -e /opt/freescout/.git',
+        'unless': 'test -e /opt/freescout/.git',
-    #     'needs': [
+        'needs': [
-    #         'pkg_apt:git',
+            'pkg_apt:git',
-    #         'directory:/opt/freescout',
+            'directory:/opt/freescout',
-    #     ],
+        ],
-    # },
+    },
-    # 'pull_freescout': {
+    'pull_freescout': {
-    #     'command': run_as('www-data', 'git -C /opt/freescout fetch origin dist && git -C /opt/freescout reset --hard origin/dist && git -C /opt/freescout clean -f'),
+        'command': run_as('www-data', 'git -C /opt/freescout fetch origin dist && git -C /opt/freescout reset --hard origin/dist && git -C /opt/freescout clean -f'),
-    #     'unless': run_as('www-data', 'git -C /opt/freescout fetch origin && git -C /opt/freescout status -uno | grep -q "Your branch is up to date"'),
+        'unless': run_as('www-data', 'git -C /opt/freescout fetch origin && git -C /opt/freescout status -uno | grep -q "Your branch is up to date"'),
-    #     'needs': [
+        'needs': [
-    #         'action:clone_freescout',
+            'action:clone_freescout',
-    #     ],
+        ],
-    #     'triggers': [
+        'triggers': [
-    #         'action:freescout_artisan_update',
+            'action:freescout_artisan_update',
-    #         f'svc_systemd:php{php_version}-fpm.service:restart',
+            f'svc_systemd:php{php_version}-fpm.service:restart',
-    #     ],
+        ],
-    # },
+    },
-    # 'freescout_artisan_update': {
+    'freescout_artisan_update': {
-    #     'command': run_as('www-data', 'php /opt/freescout/artisan freescout:after-app-update'),
+        'command': run_as('www-data', 'php /opt/freescout/artisan freescout:after-app-update'),
-    #     'triggered': True,
+        'triggered': True,
-    #     'needs': [
+        'needs': [
-    #         f'svc_systemd:php{php_version}-fpm.service:restart',
+            f'svc_systemd:php{php_version}-fpm.service:restart',
-    #         'action:pull_freescout',
+            'action:pull_freescout',
-    #     ],
+        ],
-    # },
+    },
 }
 
 # svc_systemd = {

bundles/kea-dhcpd/items.py

@@ -15,7 +15,6 @@ svc_systemd = {
         'needs': [
             'pkg_apt:kea-dhcp4-server',
             'file:/etc/kea/kea-dhcp4.conf',
-            'svc_systemd:systemd-networkd:restart',
         ],
     },
 }

bundles/macbook/files/bundlewrap

@@ -2,5 +2,5 @@
 
 cd "$OLDPWD"
 
-export BW_ITEM_WORKERS=$(expr "$(sysctl -n hw.logicalcpu)" '*' 12 '/' 10)
+export BW_ITEM_WORKERS=$(expr "$(nproc)" '*' 12 '/' 10)
 export BW_NODE_WORKERS=$(expr 320 '/' "$BW_ITEM_WORKERS")

bundles/macbook/files/gnu

@@ -2,5 +2,7 @@
 
 cd "$OLDPWD"
 
-PATH_add "/opt/homebrew/opt/gnu-sed/libexec/gnubin"
+GNU_PATH="$HOME/.local/gnu_bin"
-PATH_add "/opt/homebrew/opt/grep/libexec/gnubin"
+mkdir -p "$GNU_PATH"
+test -f "$GNU_PATH/sed" || ln -s "$(which gsed)" "$GNU_PATH/sed"
+PATH_add "$GNU_PATH"

nodes/home.router.py

@@ -14,17 +14,16 @@
     'metadata': {
         'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
         'network': {
-            'external': {
+            'internal': {
+                'interface': 'eno1',
+                'ipv4': '10.0.0.1/24',
+                'vlans': {'iot', 'internet', 'guest'},
+                'dhcp_server': True,
+            },
+            'temp': {
                 'interface': 'enx00e04c220682',
                 'ipv4': '10.0.99.126/24',
                 'gateway4': '10.0.99.1',
-                'vlans': {'iot', 'internet', 'guest', 'rolf', 'internal'},
-            },
-            'internal': {
-                'type': 'vlan',
-                'id': 1,
-                'ipv4': '10.0.0.1/24',
-                'dhcp_server': True,
             },
             'iot': {
                 'type': 'vlan',
@@ -43,12 +42,6 @@
                 'ipv4': '10.0.9.1/24',
                 'dhcp_server': True,
             },
-            'rolf': { # rolf local test
-                'type': 'vlan',
-                'id': 51,
-                'ipv4': '192.168.179.1/24',
-                'dhcp_server': True,
-            },
         },
         # 'nftables': {
         #     'forward': {
@@ -75,7 +68,7 @@
                     'allowed_ips': [
                         '10.0.10.0/24',
                         '10.0.10.0/24',
-                        #'192.168.179.0/24', # while raspi at home
+                        '192.168.179.0/24',
                         '10.0.227.0/24', # mseibert.freescout
                     ],
                 },

nodes/home.server.py

@@ -32,7 +32,7 @@
         'systemd-swap',
         'twitch-clip-download',
         'raspberrymatic-cert',
-        #'tasmota-charge',
+        'tasmota-charge',
         'wol-waker',
         'zfs',
     ],

nodes/mseibert.freescout.py

@@ -1,8 +1,5 @@
-# https://teamvault.apps.seibert-media.net/secrets/mkqMRv/
-# https://console.hetzner.cloud/projects/889138/servers/46578341
-
 {
-    #'dummy': True,
+    'dummy': True,
     'hostname': '159.69.117.89',
     'groups': [
         'backup',
@@ -34,8 +31,8 @@
             'domain': 'foerderkreis.oranienschule-wiesbaden-wiki.de',
         },
         'vm': {
-            'cores': 2,
+            'cores': 1,
-            'ram': 4096,
+            'ram': 2048,
         },
         'wireguard': {
             'my_ip': '172.30.0.238/32',

nodes/wb.offsite-backups.py

@@ -1,7 +1,8 @@
 {
+    'dummy': True,
     'hostname': '192.168.179.20',
     'groups': [
-        'debian-12',
+        'debian-11',
         'monitored',
         'raspberry-pi',
     ],
@@ -9,7 +10,7 @@
         'backup-freshness-check',
         'dm-crypt',
         'smartctl',
-        #'wireguard',
+        'wireguard',
         'zfs',
     ],
     'metadata': {