From 1910398b608a5be966a92c86d2c61d9123831194 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Mon, 15 May 2023 13:40:50 +0200 Subject: [PATCH 1/5] wip --- .../files/rufbereitschaftsalarm | 8 ++++ bundles/rufbereitschaftsalarm/items.py | 16 +++++++ bundles/rufbereitschaftsalarm/metadata.py | 42 +++++++++++++++++++ nodes/home.rufbereitschaft.py | 20 +++++++++ 4 files changed, 86 insertions(+) create mode 100644 bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm create mode 100644 bundles/rufbereitschaftsalarm/items.py create mode 100644 bundles/rufbereitschaftsalarm/metadata.py create mode 100644 nodes/home.rufbereitschaft.py diff --git a/bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm b/bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm new file mode 100644 index 0000000..50d1738 --- /dev/null +++ b/bundles/rufbereitschaftsalarm/files/rufbereitschaftsalarm @@ -0,0 +1,8 @@ +#!/bin/bash + +gpio=$(gpiofind SCL1) + +while gpiomon --num-events=1 --falling-edge $gpio 2&> /dev/null +do + systemctl stop rufbereitschafts-klingel +done diff --git a/bundles/rufbereitschaftsalarm/items.py b/bundles/rufbereitschaftsalarm/items.py new file mode 100644 index 0000000..206105b --- /dev/null +++ b/bundles/rufbereitschaftsalarm/items.py @@ -0,0 +1,16 @@ +files = { + '/opt/rufbereitschaftsalarm': { + 'mode': '550', + }, +} + +svc_systemd = { + 'rufbereitschaftsalarm.service': { + 'enabled': False, + 'running': False, + 'needs': [ + 'pkg_apt:gpiod', + 'file:/opt/rufbereitschaftsalarm', + ], + } +} diff --git a/bundles/rufbereitschaftsalarm/metadata.py b/bundles/rufbereitschaftsalarm/metadata.py new file mode 100644 index 0000000..b7ce193 --- /dev/null +++ b/bundles/rufbereitschaftsalarm/metadata.py @@ -0,0 +1,42 @@ +defaults = { + 'apt': { + 'packages': { + 'gpiod': {}, + }, + }, + 'flask': { + + }, + 'systemd': { + 'units': { + 'rufbereitschaftsalarm-sound.service': { + 'Unit': { + 'Description': 'rufbereitschaftsalarm sound effect', + 'After': 'network.target', + }, + 'Service': { + 'ExecStart': '/opt/rufbereitschaftsalarm-sound', + }, + 'Install': { + 'WantedBy': { + 'multi-user.target' + }, + }, + }, + 'rufbereitschaftsalarm-stop.service': { + 'Unit': { + 'Description': 'rufbereitschaftsalarm stop button', + 'After': 'network.target', + }, + 'Service': { + 'ExecStart': '/opt/rufbereitschaftsalarm-stop', + }, + 'Install': { + 'WantedBy': { + 'multi-user.target' + }, + }, + }, + }, + }, +} diff --git a/nodes/home.rufbereitschaft.py b/nodes/home.rufbereitschaft.py new file mode 100644 index 0000000..4be96b9 --- /dev/null +++ b/nodes/home.rufbereitschaft.py @@ -0,0 +1,20 @@ +{ + 'hostname': '10.0.0.106', + 'groups': [ + 'autologin', + 'debian-11', + 'hardware', + 'home', + 'monitored', + ], + 'metadata': { + 'id': '4eb7ba69-37fa-4594-8d54-3ebfc4e7e5d6', + 'network': { + 'internal': { + 'interface': 'eth0', + 'ipv4': '10.0.0.106/24', + 'gateway4': '10.0.0.1', + }, + }, + }, +} -- 2.39.5 From ed0295c4f7cc47f941fa26ee1f061cbb82ff363b Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Thu, 24 Aug 2023 11:47:10 +0200 Subject: [PATCH 2/5] wip --- nodes/home.rufbereitschaft.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nodes/home.rufbereitschaft.py b/nodes/home.rufbereitschaft.py index 4be96b9..582ce93 100644 --- a/nodes/home.rufbereitschaft.py +++ b/nodes/home.rufbereitschaft.py @@ -1,8 +1,8 @@ { - 'hostname': '10.0.0.106', + 'hostname': '10.0.0.190', 'groups': [ 'autologin', - 'debian-11', + 'debian-12', 'hardware', 'home', 'monitored', @@ -12,7 +12,7 @@ 'network': { 'internal': { 'interface': 'eth0', - 'ipv4': '10.0.0.106/24', + 'ipv4': '10.0.0.190/24', 'gateway4': '10.0.0.1', }, }, -- 2.39.5 From e9c64ec089ea92947dfde4180cedb0e8001ffa02 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Fri, 25 Aug 2023 08:58:47 +0200 Subject: [PATCH 3/5] wip --- nodes/home.rufbereitschaft.py | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/nodes/home.rufbereitschaft.py b/nodes/home.rufbereitschaft.py index 582ce93..aae1da3 100644 --- a/nodes/home.rufbereitschaft.py +++ b/nodes/home.rufbereitschaft.py @@ -7,6 +7,9 @@ 'home', 'monitored', ], + 'bundles': [ + 'wireguard', + ], 'metadata': { 'id': '4eb7ba69-37fa-4594-8d54-3ebfc4e7e5d6', 'network': { @@ -16,5 +19,36 @@ 'gateway4': '10.0.0.1', }, }, + 'wireguard': { + 'my_ip': '10.200.128.11/24', + }, + 'systemd': { + 'units': { + "wireguard.network": { + "Route#smedia": { + "Destination": "10.200.128.1", + "Gateway": "10.200.128.11" + }, + }, + "wireguard.netdev": { + "NetDev": { + "Description": "WireGuard server", + "Kind": "wireguard", + "Name": "wg0" + }, + "WireGuard": { + "ListenPort": 51820, + "PrivateKey": "encrypt$gAAAAABk6FEX92wQzlBIqxP6w5FQydlrDqOZeo1AZS9zaBE3QzujtBnB_cf6KlECzmoljr71dmRiFN5yvA8bzRIpcecvnufIji1XNg-i1UW1fq393XppRq0p9EtNBVzoXoyzZFEcjQRo" + }, + "WireGuardPeer#rufbereitsschaftsalarm": { + "AllowedIPs": "0.0.0.0/0", + "Endpoint": "185.122.180.82:51820", + "PersistentKeepalive": 30, + "PresharedKey": "!decrypt:encrypt$gAAAAABk6FD0_39AzxKTTse3ukqs7VOcZ5mPsBsN09Y4FgITOEnbBVWZ-zDsaZi-woNbp4k10nrJtIrqz8a-FIFdNbQaTgulhRDKF6TFH4BhYlEB7d8NH5CU3kTTtqtjSWW9GPqAgb3z", + "PublicKey": "gPKjFV8mAx5GZdfPmjThNolpSaXs285e7YznhaBlOwY=" + } + }, + }, + }, }, } -- 2.39.5 From d95a8e6d597b19f4459f23363629910b3e4f8fbc Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Fri, 25 Aug 2023 21:24:13 +0200 Subject: [PATCH 4/5] wip --- bundles/nginx/files/fastcgi | 4 ---- data/nginx/run_program.conf | 29 +++++++++++++++++++++++++++++ nodes/home.rufbereitschaft.py | 22 ++++++++++++++++++++-- 3 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 data/nginx/run_program.conf diff --git a/bundles/nginx/files/fastcgi b/bundles/nginx/files/fastcgi index d115cf1..8acfabc 100644 --- a/bundles/nginx/files/fastcgi +++ b/bundles/nginx/files/fastcgi @@ -1,4 +1,3 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; @@ -24,6 +23,3 @@ fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; - -# This is the only thing that's different to the debian default. -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; diff --git a/data/nginx/run_program.conf b/data/nginx/run_program.conf new file mode 100644 index 0000000..a5d3222 --- /dev/null +++ b/data/nginx/run_program.conf @@ -0,0 +1,29 @@ +# https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${server_name}; + + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + + location / { + # Disable gzip (it makes scripts feel slower since they have to complete + # before getting gzipped) + gzip off; + + # Set the root to /usr/lib (inside this location this means that we are + # giving access to the files under /usr/lib/cgi-bin) + root /usr/lib; + + # Fastcgi socket + fastcgi_pass unix:/run/fcgiwrap.socket; + + # Fastcgi parameters, include the standard ones + include /etc/nginx/params/fastcgi; + + # Adjust non standard parameters (SCRIPT_FILENAME) + fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/hello.cgi; + } +} diff --git a/nodes/home.rufbereitschaft.py b/nodes/home.rufbereitschaft.py index aae1da3..cdb40fe 100644 --- a/nodes/home.rufbereitschaft.py +++ b/nodes/home.rufbereitschaft.py @@ -6,6 +6,7 @@ 'hardware', 'home', 'monitored', + 'webserver', ], 'bundles': [ 'wireguard', @@ -19,8 +20,22 @@ 'gateway4': '10.0.0.1', }, }, - 'wireguard': { - 'my_ip': '10.200.128.11/24', + 'apt': { + 'packages': { + 'alsa-utils': {}, + 'espeak': {}, + 'libnginx-mod-http-lua': {}, + }, + }, + 'nginx': { + 'vhosts': { + 'rufbereitschaftsalarm.ckn.li': { + 'content': 'nginx/run_program.conf', + 'context': { + 'script': 'hello', + }, + }, + }, }, 'systemd': { 'units': { @@ -50,5 +65,8 @@ }, }, }, + 'wireguard': { + 'my_ip': '10.200.128.11/24', + }, }, } -- 2.39.5 From c0277fa8b90264dd8a908b959e27f1aa4e68ed3c Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Mon, 25 Sep 2023 17:04:47 +0200 Subject: [PATCH 5/5] bundles/grafana/items.py: fix permissions --- bundles/grafana/items.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bundles/grafana/items.py b/bundles/grafana/items.py index e0c8549..a2645c6 100644 --- a/bundles/grafana/items.py +++ b/bundles/grafana/items.py @@ -160,6 +160,8 @@ for dashboard_id, monitored_node in enumerate(monitored_nodes, start=1): files[f'/var/lib/grafana/dashboards/{monitored_node.name}.json'] = { 'content': json.dumps(dashboard, indent=4), + 'owner': 'grafana', + 'group': 'grafana', 'triggers': [ 'svc_systemd:grafana-server:restart', ] -- 2.39.5