dist-upgrade -> full-upgrade

README.md

@@ -37,3 +37,12 @@ fi
 telegraf: execd for daemons
 
 TEST
+
+# git signing
+
+git config --global gpg.format ssh
+git config --global commit.gpgsign true
+
+git config user.name CroneKorkN
+git config user.email i@ckn.li
+git config user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I"

bin/upgrade_and_restart_all

@@ -23,7 +23,7 @@ for node in nodes:
     print(node.run('DEBIAN_FRONTEND=noninteractive apt update').stdout.decode())
     print(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable').stdout.decode())
     if int(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable 2> /dev/null | grep upgradable | wc -l').stdout.decode()):
-        print(node.run('DEBIAN_FRONTEND=noninteractive apt -y dist-upgrade').stdout.decode())
+        print(node.run('DEBIAN_FRONTEND=noninteractive apt -qy full-upgrade').stdout.decode())
 
 # REBOOT IN ORDER
 

bundles/backup/files/backup_all

@@ -1,13 +1,31 @@
 #!/bin/bash
 
-set -exu
+set -u
 
 # FIXME: inelegant
 % if wol_command:
 ${wol_command}
 % endif
 
+exit=0
+failed_paths=""
+
 for path in $(jq -r '.paths | .[]' < /etc/backup/config.json)
 do
+  echo backing up $path
   /opt/backup/backup_path "$path"
+  # set exit to 1 if any backup fails
+  if [ $? -ne 0 ]
+  then
+    echo ERROR: backing up $path failed >&2
+    exit=5
+    failed_paths="$failed_paths $path"
+  fi
 done
+
+if [ $exit -ne 0 ]
+then
+  echo "ERROR: failed to backup paths: $failed_paths" >&2
+fi
+
+exit $exit

bundles/backup/files/backup_path_via_zfs

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -exu
+set -eu
 
 path=$1
 uuid=$(jq -r .client_uuid < /etc/backup/config.json)

bundles/freescout/README.md

@@ -11,3 +11,13 @@ Enter it again:
 freescout=#
 \q
 ```
+
+
+# problems
+
+# check if /opt/freescout/.env is resettet
+# ckeck `psql -h localhost -d freescout -U freescout -W`with pw from .env
+# chown -R www-data:www-data /opt/freescout
+# sudo su - www-data -c 'php /opt/freescout/artisan freescout:clear-cache' -s /bin/bash
+# javascript funny? `sudo su - www-data -c 'php /opt/freescout/artisan storage:link' -s /bin/bash`
+# benutzer bilder weg? aus dem backup holen: `/opt/freescout/.zfs/snapshot/zfs-auto-snap_hourly-2024-11-22-1700/storage/app/public/users` `./customers`

bundles/freescout/items.py

@@ -12,33 +12,33 @@ directories = {
 }
 
 actions = {
-    'clone_freescout': {
+    # 'clone_freescout': {
-        'command': run_as('www-data', 'git clone https://github.com/freescout-helpdesk/freescout.git /opt/freescout'),
+    #     'command': run_as('www-data', 'git clone https://github.com/freescout-helpdesk/freescout.git /opt/freescout'),
-        'unless': 'test -e /opt/freescout/.git',
+    #     'unless': 'test -e /opt/freescout/.git',
-        'needs': [
+    #     'needs': [
-            'pkg_apt:git',
+    #         'pkg_apt:git',
-            'directory:/opt/freescout',
+    #         'directory:/opt/freescout',
-        ],
+    #     ],
-    },
+    # },
-    'pull_freescout': {
+    # 'pull_freescout': {
-        'command': run_as('www-data', 'git -C /opt/freescout fetch origin dist && git -C /opt/freescout reset --hard origin/dist && git -C /opt/freescout clean -f'),
+    #     'command': run_as('www-data', 'git -C /opt/freescout fetch origin dist && git -C /opt/freescout reset --hard origin/dist && git -C /opt/freescout clean -f'),
-        'unless': run_as('www-data', 'git -C /opt/freescout fetch origin && git -C /opt/freescout status -uno | grep -q "Your branch is up to date"'),
+    #     'unless': run_as('www-data', 'git -C /opt/freescout fetch origin && git -C /opt/freescout status -uno | grep -q "Your branch is up to date"'),
-        'needs': [
+    #     'needs': [
-            'action:clone_freescout',
+    #         'action:clone_freescout',
-        ],
+    #     ],
-        'triggers': [
+    #     'triggers': [
-            'action:freescout_artisan_update',
+    #         'action:freescout_artisan_update',
-            f'svc_systemd:php{php_version}-fpm.service:restart',
+    #         f'svc_systemd:php{php_version}-fpm.service:restart',
-        ],
+    #     ],
-    },
+    # },
-    'freescout_artisan_update': {
+    # 'freescout_artisan_update': {
-        'command': run_as('www-data', 'php /opt/freescout/artisan freescout:after-app-update'),
+    #     'command': run_as('www-data', 'php /opt/freescout/artisan freescout:after-app-update'),
-        'triggered': True,
+    #     'triggered': True,
-        'needs': [
+    #     'needs': [
-            f'svc_systemd:php{php_version}-fpm.service:restart',
+    #         f'svc_systemd:php{php_version}-fpm.service:restart',
-            'action:pull_freescout',
+    #         'action:pull_freescout',
-        ],
+    #     ],
-    },
+    # },
 }
 
 # svc_systemd = {

bundles/kea-dhcpd/items.py

@@ -15,6 +15,7 @@ svc_systemd = {
         'needs': [
             'pkg_apt:kea-dhcp4-server',
             'file:/etc/kea/kea-dhcp4.conf',
+            'svc_systemd:systemd-networkd:restart',
         ],
     },
 }

bundles/macbook/files/bundlewrap

@@ -2,5 +2,5 @@
 
 cd "$OLDPWD"
 
-export BW_ITEM_WORKERS=$(expr "$(nproc)" '*' 12 '/' 10)
+export BW_ITEM_WORKERS=$(expr "$(sysctl -n hw.logicalcpu)" '*' 12 '/' 10)
 export BW_NODE_WORKERS=$(expr 320 '/' "$BW_ITEM_WORKERS")

bundles/macbook/files/gnu

@@ -2,7 +2,5 @@
 
 cd "$OLDPWD"
 
-GNU_PATH="$HOME/.local/gnu_bin"
+PATH_add "/opt/homebrew/opt/gnu-sed/libexec/gnubin"
-mkdir -p "$GNU_PATH"
+PATH_add "/opt/homebrew/opt/grep/libexec/gnubin"
-test -f "$GNU_PATH/sed" || ln -s "$(which gsed)" "$GNU_PATH/sed"
-PATH_add "$GNU_PATH"

nodes/home.router.py

@@ -14,16 +14,17 @@
     'metadata': {
         'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
         'network': {
-            'internal': {
+            'external': {
-                'interface': 'eno1',
-                'ipv4': '10.0.0.1/24',
-                'vlans': {'iot', 'internet', 'guest'},
-                'dhcp_server': True,
-            },
-            'temp': {
                 'interface': 'enx00e04c220682',
                 'ipv4': '10.0.99.126/24',
                 'gateway4': '10.0.99.1',
+                'vlans': {'iot', 'internet', 'guest', 'rolf', 'internal'},
+            },
+            'internal': {
+                'type': 'vlan',
+                'id': 1,
+                'ipv4': '10.0.0.1/24',
+                'dhcp_server': True,
             },
             'iot': {
                 'type': 'vlan',
@@ -42,6 +43,12 @@
                 'ipv4': '10.0.9.1/24',
                 'dhcp_server': True,
             },
+            'rolf': { # rolf local test
+                'type': 'vlan',
+                'id': 51,
+                'ipv4': '192.168.179.1/24',
+                'dhcp_server': True,
+            },
         },
         # 'nftables': {
         #     'forward': {
@@ -68,7 +75,7 @@
                     'allowed_ips': [
                         '10.0.10.0/24',
                         '10.0.10.0/24',
-                        '192.168.179.0/24',
+                        #'192.168.179.0/24', # while raspi at home
                         '10.0.227.0/24', # mseibert.freescout
                     ],
                 },

nodes/home.server.py

@@ -32,7 +32,7 @@
         'systemd-swap',
         'twitch-clip-download',
         'raspberrymatic-cert',
-        'tasmota-charge',
+        #'tasmota-charge',
         'wol-waker',
         'zfs',
     ],

nodes/mseibert.freescout.py

@@ -1,5 +1,8 @@
+# https://teamvault.apps.seibert-media.net/secrets/mkqMRv/
+# https://console.hetzner.cloud/projects/889138/servers/46578341
+
 {
-    'dummy': True,
+    #'dummy': True,
     'hostname': '159.69.117.89',
     'groups': [
         'backup',
@@ -31,8 +34,8 @@
             'domain': 'foerderkreis.oranienschule-wiesbaden-wiki.de',
         },
         'vm': {
-            'cores': 1,
+            'cores': 2,
-            'ram': 2048,
+            'ram': 4096,
         },
         'wireguard': {
             'my_ip': '172.30.0.238/32',

nodes/wb.offsite-backups.py

@@ -1,8 +1,7 @@
 {
-    'dummy': True,
     'hostname': '192.168.179.20',
     'groups': [
-        'debian-11',
+        'debian-12',
         'monitored',
         'raspberry-pi',
     ],
@@ -10,7 +9,7 @@
         'backup-freshness-check',
         'dm-crypt',
         'smartctl',
-        'wireguard',
+        #'wireguard',
         'zfs',
     ],
     'metadata': {