dist-upgrade -> full-upgrade

debian update
backup all doesnt stop on first error
2025-01-16 10:20:34 +01:00 · 2025-01-16 10:20:18 +01:00 · 2025-01-09 23:41:21 +01:00 · 2025-01-09 22:45:27 +01:00 · 2025-01-01 13:04:42 +01:00 · 2024-12-09 09:07:19 +01:00
14 changed files with 41 additions and 210 deletions
--- a/README.md
+++ b/README.md
@ -37,3 +37,12 @@ fi
 telegraf: execd for daemons
 TEST
 # git signing
 git config --global gpg.format ssh
 git config --global commit.gpgsign true
 git config user.name CroneKorkN
 git config user.email i@ckn.li
 git config user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I"
--- a/bin/upgrade_and_restart_all
+++ b/bin/upgrade_and_restart_all
@ -23,7 +23,7 @@ for node in nodes:
    print(node.run('DEBIAN_FRONTEND=noninteractive apt update').stdout.decode())
    print(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable').stdout.decode())
    if int(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable 2> /dev/null | grep upgradable | wc -l').stdout.decode()):
-        print(node.run('DEBIAN_FRONTEND=noninteractive apt -y dist-upgrade').stdout.decode())
+        print(node.run('DEBIAN_FRONTEND=noninteractive apt -qy full-upgrade').stdout.decode())
 # REBOOT IN ORDER
--- a/bundles/backup/files/backup_all
+++ b/bundles/backup/files/backup_all
@ -1,13 +1,31 @@
 #!/bin/bash
-set -exu
+set -u
 # FIXME: inelegant
 % if wol_command:
 ${wol_command}
 % endif
 exit=0
 failed_paths=""
 for path in $(jq -r '.paths | .[]' < /etc/backup/config.json)
 do
  echo backing up $path
  /opt/backup/backup_path "$path"
  # set exit to 1 if any backup fails
  if [ $? -ne 0 ]
  then
    echo ERROR: backing up $path failed >&2
    exit=5
    failed_paths="$failed_paths $path"
  fi
 done
 if [ $exit -ne 0 ]
 then
  echo "ERROR: failed to backup paths: $failed_paths" >&2
 fi
 exit $exit
--- a/bundles/backup/files/backup_path_via_zfs
+++ b/bundles/backup/files/backup_path_via_zfs
@ -1,6 +1,6 @@
 #!/bin/bash
-set -exu
+set -eu
 path=$1
 uuid=$(jq -r .client_uuid < /etc/backup/config.json)
--- a/bundles/macbook/files/bundlewrap
+++ b/bundles/macbook/files/bundlewrap
@ -2,5 +2,5 @@
 cd "$OLDPWD"
-export BW_ITEM_WORKERS=$(expr "$(nproc)" '*' 12 '/' 10)
+export BW_ITEM_WORKERS=$(expr "$(sysctl -n hw.logicalcpu)" '*' 12 '/' 10)
 export BW_NODE_WORKERS=$(expr 320 '/' "$BW_ITEM_WORKERS")
--- a/bundles/macbook/files/gnu
+++ b/bundles/macbook/files/gnu
@ -2,7 +2,5 @@
 cd "$OLDPWD"
-GNU_PATH="$HOME/.local/gnu_bin"
+PATH_add "/opt/homebrew/opt/gnu-sed/libexec/gnubin"
-mkdir -p "$GNU_PATH"
+PATH_add "/opt/homebrew/opt/grep/libexec/gnubin"
 test -f "$GNU_PATH/sed" || ln -s "$(which gsed)" "$GNU_PATH/sed"
 PATH_add "$GNU_PATH"
--- a/bundles/n8n/items.py
+++ b/bundles/n8n/items.py
@ -1,33 +0,0 @@
 assert node.has_bundle('nodejs')
 assert node.has_bundle('postgresql')
 assert node.has_bundle('zfs')
 # To update:
 #
 # - systemctl stop n8n postgresql
 # - tempsnap pre-n8n-update            (for psql, emergency rollback)
 # - apply
 version = node.metadata.get("n8n/version")
 actions['install_n8n'] = {
    'command': f'cd /opt/n8n && sudo -u n8n npm install n8n@{version}',
    'unless': f'test -e /opt/n8n/node_modules && '
              f'test $(jq -r ".version" < /opt/n8n/node_modules/n8n/package.json) = "{version}"',
    'needs': {
        'directory:/opt/n8n',
        'pkg_apt:nodejs',
        'user:n8n',
    },
    'triggers': {
        'svc_systemd:n8n.service:restart',
    },
 }
 svc_systemd['n8n.service'] = {
    'enabled': True,
    'running': True,
    'needs': {
        'pkg_apt:nodejs',
        'action:install_n8n',
    },
 }
--- a/bundles/n8n/metadata.py
+++ b/bundles/n8n/metadata.py
@ -1,89 +0,0 @@
 database_password = repo.vault.password_for(f'{node.name} postgresql n8n')
 defaults = {
    'backups': {
        'paths': {
            '/opt/n8n',
        },
    },
    'npm': {
        'n8n': {},
    },
    'n8n': {
        'DB_TYPE': 'postgresdb',
        'DB_POSTGRESDB_DATABASE': 'n8n',
        'DB_POSTGRESDB_HOST': 'localhost',
        'DB_POSTGRESDB_PORT': 5432,
        'DB_POSTGRESDB_USER': 'n8n',
        'DB_POSTGRESDB_PASSWORD': database_password,
    },
    'postgresql': {
        'databases': {
            'n8n': {
                'when_creating': {
                    'encoding': 'UTF8',
                    'collation': 'C.UTF-8',
                    'ctype': 'C.UTF-8',
                },
                'owner': 'n8n',
            },
        },
        'roles': {
            'n8n': {
                'password': database_password,
            },
        },
    },
    'systemd': {
        'units': {
            'n8n.service': {
                'Unit': {
                    'Description': 'n8n',
                    'Requires': 'network.target postgresql.service',
                    'After': 'postgresql.service',
                },
                'Service': {
                    'Restart': 'always',
                    'RestartSec': '5',
                    'WorkingDirectory': '/opt/n8n',
                    'ExecStart': '/usr/bin/npx n8n start',
                    'User': 'n8n',
                    'Group': 'n8n',
                    'Environment': {
                        'NODE_ENV=production',
                    },
                },
            },
        },
    },
    'users': {
        'n8n': {
            'home': '/opt/n8n',
        },
    },
    'zfs': {
        'datasets': {
            'tank/n8n': {
                'mountpoint': '/opt/n8n',
                'needed_by': {'directory:/opt/n8n'},
            },
        },
    },
 }
@metadata_reactor.provides(
    'systemd/services/n8n.service',
 )
 def systemd(metadata):
    return {
        'systemd': {
            'units': {
                'n8n.service': {
                    'Service': {
                        'Environment': metadata.get('n8n'),
                    },
                },
            },
        },
    }
--- a/bundles/nodejs/metadata.py
+++ b/bundles/nodejs/metadata.py
@ -8,7 +8,9 @@ defaults = {
            },
        },
    },
-    'npm': {},
+    'npm': {
        'yarn': {},
    },
 }
@ -26,9 +28,7 @@ def sources(metadata):
                        'deb',
                        'deb-src',
                    },
-                    'urls': {
+                    'url': 'https://deb.nodesource.com/node_{version}.x',
                        f'https://deb.nodesource.com/node_{version}.x',
                    },
                    'suites': {
                        '{codename}',
                    },
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -32,7 +32,7 @@
        'systemd-swap',
        'twitch-clip-download',
        'raspberrymatic-cert',
-        'tasmota-charge',
+        #'tasmota-charge',
        'wol-waker',
        'zfs',
    ],
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -221,12 +221,7 @@
                },
                'mseibert.freescout': {
                    'allowed_ips': [
-                        '10.0.227.2/32',
+                        '10.0.227.0/24',
                    ],
                },
                'mseibert.n8n': {
                    'allowed_ips': [
                        '10.0.227.3/32',
                    ],
                },
            },
--- a/nodes/mseibert.freescout.py
+++ b/nodes/mseibert.freescout.py
@ -46,6 +46,7 @@
                        '10.0.2.0/24',
                        '10.0.9.0/24',
                        '10.0.10.0/24',
                        '10.0.10.0/24',
                    ],
                },
            },
--- a/nodes/mseibert.n8n.py
+++ b/nodes/mseibert.n8n.py
@ -1,68 +0,0 @@
 # https://teamvault.apps.seibert-media.net/secrets/mkqMRv/
 # https://console.hetzner.cloud/projects/889138/servers/56564150
 {
    #'dummy': True,
    'hostname': '159.69.178.45',
    'groups': [
        'backup',
        'debian-12',
        'monitored',
        'webserver',
    ],
    'bundles': [
        'n8n',
        'nodejs',
        'wireguard',
        'zfs',
        'postgresql',
    ],
    'metadata': {
        'id': '4852308e-9d36-4a0e-b533-a291e1495db3',
        'network': {
            'internal': {
                'interface': 'enp7s0',
                'ipv4': '10.0.227.3/24',
            },
            'external': {
                'interface': 'eth0',
                'ipv4': '159.69.178.45/32',
                'gateway4': '172.31.1.1',
                'ipv6': '2a01:4f8:c012:491b::1/64',
                'gateway6': 'fe80::1',
            },
        },
        'n8n': {
            'version': '1.68.0',
        },
        'nodejs': {
            'version': '20',
        },
        'vm': {
            'cores': 2,
            'ram': 4096,
        },
        'wireguard': {
            'my_ip': '172.30.0.239/32',
            's2s': {
                'htz.mails': {
                    'allowed_ips': [
                        '10.0.0.0/24',
                        '10.0.2.0/24',
                        '10.0.9.0/24',
                        '10.0.10.0/24',
                    ],
                },
            },
        },
        'zfs': {
            'pools': {
                'tank': {
                    'devices': [
                        '/var/lib/tank.img',
                    ],
                },
            },
        },
    },
 }
--- a/nodes/wb.offsite-backups.py
+++ b/nodes/wb.offsite-backups.py
@ -1,7 +1,7 @@
 {
    'hostname': '192.168.179.20',
    'groups': [
-        'debian-11',
+        'debian-12',
        'monitored',
        'raspberry-pi',
    ],
Author	SHA1	Message	Date
CroneKorkN	dcd2ebc49c	dist-upgrade -> full-upgrade	2025-01-16 10:20:34 +01:00
CroneKorkN	555350eab7	debian update	2025-01-16 10:20:18 +01:00
CroneKorkN	e117acac04	backup all doesnt stop on first error	2025-01-09 23:41:21 +01:00
CroneKorkN	16313b9e40	disable tasnomta charge	2025-01-09 22:45:27 +01:00
CroneKorkN	033a1cf6e5	macbook gnu grep	2025-01-01 13:04:42 +01:00
CroneKorkN	8befec9769	readme git sign	2024-12-09 09:07:19 +01:00
CroneKorkN	d22add5bfd	shortcut	2024-12-09 09:03:14 +01:00
CroneKorkN	69fb93a664	macbook compat	2024-12-09 08:58:14 +01:00