From 1bd1d4d0a6785601f0f7a2722368055b7a71ae6f Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 10:35:05 +0100 Subject: [PATCH 1/9] wip --- bundles/mariadb/README.md | 1 + bundles/mariadb/files/override.conf | 11 ++++++++ bundles/mariadb/items.py | 40 +++++++++++++++++++++++++++++ bundles/mariadb/metadata.py | 36 ++++++++++++++++++++++++++ bundles/wordpress/items.py | 8 ++++++ bundles/wordpress/metadata.py | 31 ++++++++++++++++++++++ groups/applications/wordpress.py | 8 ++++++ nodes/home.backups.py | 1 + nodes/home.server.py | 2 +- nodes/netcup.mails.py | 6 +++++ 10 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 bundles/mariadb/README.md create mode 100644 bundles/mariadb/files/override.conf create mode 100644 bundles/mariadb/items.py create mode 100644 bundles/mariadb/metadata.py create mode 100644 bundles/wordpress/items.py create mode 100644 bundles/wordpress/metadata.py create mode 100644 groups/applications/wordpress.py diff --git a/bundles/mariadb/README.md b/bundles/mariadb/README.md new file mode 100644 index 0000000..854ce9e --- /dev/null +++ b/bundles/mariadb/README.md @@ -0,0 +1 @@ +https://mariadb.com/kb/en/systemd/#configuring-mariadb-to-write-the-error-log-to-syslog diff --git a/bundles/mariadb/files/override.conf b/bundles/mariadb/files/override.conf new file mode 100644 index 0000000..ae2fccd --- /dev/null +++ b/bundles/mariadb/files/override.conf @@ -0,0 +1,11 @@ +% for section, options in sorted(conf.items()): +[${section}] +% for key, value in sorted(options.items()): +% if value is None: +${key} +% else: +${key} = ${value} +% endif +% endfor + +% endfor diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py new file mode 100644 index 0000000..7eeb8f5 --- /dev/null +++ b/bundles/mariadb/items.py @@ -0,0 +1,40 @@ +from shlex import quote + +directories = { + '/var/lib/mysql': { + 'owner': 'mysql', + 'group': 'mysql', + 'needs': [ + 'zfs_dataset:tank/mariadb', + ], + 'needed_by': [ + 'pkg_apt:mariadb-server', + ], + }, +} + +files = { + '/etc/mysql/conf.d/override.conf': { + 'context': { + 'conf': node.metadata.get('mariadb/conf'), + }, + 'content_type': 'mako', + }, +} + +svc_systemd = { + 'mariadb.service': { + 'needs': [ + 'pkg_apt:mariadb-server', + ], + }, +} + +for db, conf in node.metadata.get('mariadb/databases', {}).items(): + actions[f'mariadb_create_database_{db}'] = { + 'command': 'mariadb -Bsr --execute ' + quote(f"CREATE DATABASE {db}"), + 'unless': '! mariadb -Bsr --execute ' + quote(f"SHOW DATABASES LIKE '{db}'") + ' | grep -q ^db$', + 'needs': [ + 'svc_systemd:mariadb.service', + ], + } diff --git a/bundles/mariadb/metadata.py b/bundles/mariadb/metadata.py new file mode 100644 index 0000000..869e3e6 --- /dev/null +++ b/bundles/mariadb/metadata.py @@ -0,0 +1,36 @@ +defaults = { + 'apt': { + 'packages': { + 'mariadb-server': {}, + }, + }, + 'mariadb': { + 'databases': {}, + 'conf': { + # https://www.reddit.com/r/zfs/comments/u1xklc/mariadbmysql_database_settings_for_zfs + 'mysqld': { + 'skip-innodb_doublewrite': None, + 'innodb_flush_method': 'fsync', + 'innodb_doublewrite': '0', + 'innodb_use_atomic_writes': '0', + 'innodb_use_native_aio': '0', + 'innodb_read_io_threads': '10', + 'innodb_write_io_threads': '10', + 'innodb_buffer_pool_size': '26G', + 'innodb_flush_log_at_trx_commit': '1', + 'innodb_log_file_size': '1G', + 'innodb_flush_neighbors': '0', + 'innodb_fast_shutdown': '2', + }, + }, + }, + 'zfs': { + 'datasets': { + 'tank/mariadb': { + 'mountpoint': '/var/lib/mysql', + 'recordsize': '16384', + 'atime': 'off', + }, + }, + }, +} diff --git a/bundles/wordpress/items.py b/bundles/wordpress/items.py new file mode 100644 index 0000000..e82bae3 --- /dev/null +++ b/bundles/wordpress/items.py @@ -0,0 +1,8 @@ +for domain, conf in node.metadata.get('wordpress').items(): + directories = { + f'/opt/wordpress/{domain}': { + 'owner': 'www-data', + 'group': 'www-data', + 'mode': '0755', + }, + } diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py new file mode 100644 index 0000000..3443120 --- /dev/null +++ b/bundles/wordpress/metadata.py @@ -0,0 +1,31 @@ +defaults = {} + + +@metadata_reactor.provides( + 'wordpress', +) +def wordpress(metadata): + return { + 'wordpress': { + site: { + 'db_password': repo.vault.password_for(f"wordpress {site} db"), + } + for site in metadata.get('wordpress', {}) + }, + } + + +@metadata_reactor.provides( + 'mariadb', +) +def mariadb(metadata): + return { + 'mariadb': { + 'databases': { + site: { + 'password': metadata.get(f'wordpress/{site}/db_password') + } + for site in metadata.get('wordpress', {}) + }, + }, + } diff --git a/groups/applications/wordpress.py b/groups/applications/wordpress.py new file mode 100644 index 0000000..f802d76 --- /dev/null +++ b/groups/applications/wordpress.py @@ -0,0 +1,8 @@ +{ + 'bundles': [ + 'letsencrypt', + 'mariadb', + 'nginx', + 'wordpress', + ], +} diff --git a/nodes/home.backups.py b/nodes/home.backups.py index aa0c79c..8d70e94 100644 --- a/nodes/home.backups.py +++ b/nodes/home.backups.py @@ -1,4 +1,5 @@ { + 'dummy': True, 'hostname': '10.0.0.5', 'groups': [ 'autologin', diff --git a/nodes/home.server.py b/nodes/home.server.py index 5dbf73d..70b9838 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -111,7 +111,7 @@ }, 'nextcloud': { 'hostname': 'cloud.sublimity.de', - 'version': '27.1.4', + 'version': '28.0.1', 'config': { 'instanceid': 'oci6dw1woodz', 'secret': '!decrypt:encrypt$gAAAAABj96CFynVtEgsje7173zjQAcY7xQG3uyf5cxE-sJAvhyPh_KUykTKdwnExc8NTDJ8RIGUmVfgC6or5crnYaggARPIEg5-Cb0xVdEPPZ3oZ01ImLmynLu3qXT9O8kVM-H21--OKeztMRn7bySsbXdWEGtETFQ==', diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index cf60377..31dd171 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -7,6 +7,7 @@ 'monitored', 'webserver', 'dnsserver', + 'wordpress', #'left4dead2', ], 'bundles': [ @@ -21,6 +22,11 @@ 'zfs', ], 'metadata': { + 'wordpress': { + 'elimukwanza': { + 'domain': 'elimu-kwanza.de', + }, + }, 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'network': { 'internal': { -- 2.39.5 From d6b109da01ea11116719007242ed238776e8dc18 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 10:50:49 +0100 Subject: [PATCH 2/9] wip --- bundles/mariadb/items.py | 22 ++++++++++++++++++++-- bundles/wordpress/metadata.py | 2 +- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 7eeb8f5..e7868af 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -1,5 +1,8 @@ from shlex import quote +def mariadb(sql): + return f"mariadb -Bsr --execute {quote(sql)}" + directories = { '/var/lib/mysql': { 'owner': 'mysql', @@ -32,9 +35,24 @@ svc_systemd = { for db, conf in node.metadata.get('mariadb/databases', {}).items(): actions[f'mariadb_create_database_{db}'] = { - 'command': 'mariadb -Bsr --execute ' + quote(f"CREATE DATABASE {db}"), - 'unless': '! mariadb -Bsr --execute ' + quote(f"SHOW DATABASES LIKE '{db}'") + ' | grep -q ^db$', + 'command': mariadb(f"CREATE DATABASE {db}"), + 'unless': mariadb(f"SHOW DATABASES LIKE '{db}'") + f' | grep -q ^{db}$', 'needs': [ 'svc_systemd:mariadb.service', ], } + actions[f'mariadb_user_{db}_create'] = { + 'command': mariadb(f"CREATE USER {db}"), + 'unless': mariadb(f"SELECT User FROM mysql.user WHERE User = '{db}'") + f' | grep -q ^{db}$', + 'needs': [ + f'action:mariadb_create_database_{db}', + ], + } + pw = conf['password'] + actions[f'mariadb_user_{db}_password'] = { + 'command': mariadb(f"SET PASSWORD FOR {db} = PASSWORD('{conf['password']}')"), + 'unless': f'echo {quote(pw)} | mariadb -u {db} -e quit -p', + 'needs': [ + f'action:mariadb_user_{db}_create', + ], + } diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py index 3443120..6e1219d 100644 --- a/bundles/wordpress/metadata.py +++ b/bundles/wordpress/metadata.py @@ -8,7 +8,7 @@ def wordpress(metadata): return { 'wordpress': { site: { - 'db_password': repo.vault.password_for(f"wordpress {site} db"), + 'db_password': repo.vault.password_for(f"wordpress {site} db").value, } for site in metadata.get('wordpress', {}) }, -- 2.39.5 From 695bfb5dde34ddd72e1a364bb2dcd828c4781639 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 11:06:53 +0100 Subject: [PATCH 3/9] wip --- bundles/mariadb/items.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index e7868af..a898ccf 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -1,7 +1,8 @@ from shlex import quote -def mariadb(sql): - return f"mariadb -Bsr --execute {quote(sql)}" +def mariadb(sql, **kwargs): + kwargs_string = ''.join(f" --{k} {v}" for k, v in kwargs.items()) + return f"mariadb{kwargs_string} -Bsr --execute {quote(sql)}" directories = { '/var/lib/mysql': { @@ -56,3 +57,11 @@ for db, conf in node.metadata.get('mariadb/databases', {}).items(): f'action:mariadb_user_{db}_create', ], } + print(mariadb(f"SHOW GRANTS FOR {db}") + f"grep -q '^GRANT ALL PRIVILEGES'") + actions[f'mariadb_grant_privileges_to_{db}'] = { + 'command': mariadb(f"GRANT ALL PRIVILEGES ON *.* TO '{db}'", database=db), + 'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT USAGE ON *.* TO `{db}`'", + 'needs': [ + f'action:mariadb_user_{db}_create', + ], + } -- 2.39.5 From 3e3355d7503573a5d66aa1aaee14392479921b73 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 11:12:46 +0100 Subject: [PATCH 4/9] wip --- bundles/mariadb/items.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index a898ccf..2aa5813 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -57,10 +57,10 @@ for db, conf in node.metadata.get('mariadb/databases', {}).items(): f'action:mariadb_user_{db}_create', ], } - print(mariadb(f"SHOW GRANTS FOR {db}") + f"grep -q '^GRANT ALL PRIVILEGES'") + print(mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.`{db}` TO `{db}`@`%`$'") actions[f'mariadb_grant_privileges_to_{db}'] = { - 'command': mariadb(f"GRANT ALL PRIVILEGES ON *.* TO '{db}'", database=db), - 'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT USAGE ON *.* TO `{db}`'", + 'command': mariadb(f"GRANT ALL PRIVILEGES ON {db} TO '{db}'", database=db), + 'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.`{db}` TO `{db}`@`%`$'", 'needs': [ f'action:mariadb_user_{db}_create', ], -- 2.39.5 From 379aaa7d106f091c69af621ee84bfab1659854b6 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 11:27:35 +0100 Subject: [PATCH 5/9] wip --- bundles/mariadb/items.py | 1 - bundles/wordpress/items.py | 4 ++-- bundles/wordpress/metadata.py | 19 ++++++++++++++++++ data/wordpress/vhost.conf | 37 +++++++++++++++++++++++++++++++++++ nodes/netcup.mails.py | 12 ------------ 5 files changed, 58 insertions(+), 15 deletions(-) create mode 100644 data/wordpress/vhost.conf diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 2aa5813..71a3cf5 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -57,7 +57,6 @@ for db, conf in node.metadata.get('mariadb/databases', {}).items(): f'action:mariadb_user_{db}_create', ], } - print(mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.`{db}` TO `{db}`@`%`$'") actions[f'mariadb_grant_privileges_to_{db}'] = { 'command': mariadb(f"GRANT ALL PRIVILEGES ON {db} TO '{db}'", database=db), 'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.`{db}` TO `{db}`@`%`$'", diff --git a/bundles/wordpress/items.py b/bundles/wordpress/items.py index e82bae3..b674aa2 100644 --- a/bundles/wordpress/items.py +++ b/bundles/wordpress/items.py @@ -1,6 +1,6 @@ -for domain, conf in node.metadata.get('wordpress').items(): +for site, conf in node.metadata.get('wordpress').items(): directories = { - f'/opt/wordpress/{domain}': { + f'/opt/wordpress/{site}': { 'owner': 'www-data', 'group': 'www-data', 'mode': '0755', diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py index 6e1219d..7adbbb0 100644 --- a/bundles/wordpress/metadata.py +++ b/bundles/wordpress/metadata.py @@ -29,3 +29,22 @@ def mariadb(metadata): }, }, } + + +@metadata_reactor.provides( + 'nginx/vhosts' +) +def vhost(metadata): + return { + 'nginx': { + 'vhosts': { + conf['domain']: { + 'content': 'wordpress/vhost.conf', + 'context': { + 'root': f'/opt/{site}', + }, + } + for site, conf in metadata.get('wordpress').items() + }, + }, + } diff --git a/data/wordpress/vhost.conf b/data/wordpress/vhost.conf new file mode 100644 index 0000000..146556f --- /dev/null +++ b/data/wordpress/vhost.conf @@ -0,0 +1,37 @@ +# Upstream to abstract backend connection(s) for php +server { + server_name ${server_name}; + root ${root}; + index index.php; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + # This is cool because no php is touched for static content. + # include the "?$args" part so non-default permalinks doesn't break when using query string + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include params/fastcgi; + fastcgi_intercept_errors on; + fastcgi_pass php-handler; + # The following parameter can be also included in fastcgi_params file + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } +} diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index 31dd171..af45e7c 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -79,10 +79,6 @@ 'A': ['202.61.255.108'], 'AAAA': ['2a01:4f8:1c1c:4121::1'], }, - 'elimu-kwanza.de': { - 'A': ['202.61.255.108'], - 'AAAA': ['2a01:4f8:1c1c:4121::1'], - }, }, 'download-server': { 'hostname': 'dl.sublimity.de', @@ -178,14 +174,6 @@ }, 'internal_dns': False, }, - 'elimu-kwanza.de': { - 'content': 'nginx/message.conf', - 'context': { - 'title': 'Im Aufbau/under construction', - 'message': 'info@elimu-kwanza.de', - }, - 'internal_dns': False, - }, 'cronekorkn.de': { 'content': 'nginx/redirect.conf', 'context': { -- 2.39.5 From a4d3041b4539d12564aacfa3c78a77c62737de7a Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 11:49:21 +0100 Subject: [PATCH 6/9] wip --- bundles/mariadb/items.py | 27 +++++++++++++++++++++++++-- bundles/wordpress/items.py | 2 +- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 71a3cf5..1eb5c06 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -34,17 +34,40 @@ svc_systemd = { }, } +actions = { + 'mariadb_sec_remove_anonymous_users': { + 'command': mariadb("DELETE FROM mysql.global_priv WHERE User=''"), + 'unless': mariadb("SELECT count(0) FROM mysql.global_priv WHERE User = ''") + " | grep -q '^0$'", + 'needs': [ + 'svc_systemd:mariadb.service', + ], + 'triggers': [ + 'svc_systemd:mariadb.service:restart', + ], + }, + 'mariadb_sec_remove_remote_root': { + 'command': mariadb("DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"), + 'unless': mariadb("SELECT count(0) FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')") + " | grep -q '^0$'", + 'needs': [ + 'svc_systemd:mariadb.service', + ], + 'triggers': [ + 'svc_systemd:mariadb.service:restart', + ], + }, +} + for db, conf in node.metadata.get('mariadb/databases', {}).items(): actions[f'mariadb_create_database_{db}'] = { 'command': mariadb(f"CREATE DATABASE {db}"), - 'unless': mariadb(f"SHOW DATABASES LIKE '{db}'") + f' | grep -q ^{db}$', + 'unless': mariadb(f"SHOW DATABASES LIKE '{db}'") + f" | grep -q '^{db}$'", 'needs': [ 'svc_systemd:mariadb.service', ], } actions[f'mariadb_user_{db}_create'] = { 'command': mariadb(f"CREATE USER {db}"), - 'unless': mariadb(f"SELECT User FROM mysql.user WHERE User = '{db}'") + f' | grep -q ^{db}$', + 'unless': mariadb(f"SELECT User FROM mysql.user WHERE User = '{db}'") + f" | grep -q '^{db}$'", 'needs': [ f'action:mariadb_create_database_{db}', ], diff --git a/bundles/wordpress/items.py b/bundles/wordpress/items.py index b674aa2..34d49ee 100644 --- a/bundles/wordpress/items.py +++ b/bundles/wordpress/items.py @@ -1,6 +1,6 @@ for site, conf in node.metadata.get('wordpress').items(): directories = { - f'/opt/wordpress/{site}': { + f'/opt/{site}': { 'owner': 'www-data', 'group': 'www-data', 'mode': '0755', -- 2.39.5 From 88d21ca1e5f88263406dd09ace34534eb0634763 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 12:48:19 +0100 Subject: [PATCH 7/9] wip --- bundles/mariadb/items.py | 4 ++-- bundles/wordpress/metadata.py | 20 ++++++++++++++++++-- data/wordpress/vhost.conf | 6 ++++++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py index 1eb5c06..031a386 100644 --- a/bundles/mariadb/items.py +++ b/bundles/mariadb/items.py @@ -81,8 +81,8 @@ for db, conf in node.metadata.get('mariadb/databases', {}).items(): ], } actions[f'mariadb_grant_privileges_to_{db}'] = { - 'command': mariadb(f"GRANT ALL PRIVILEGES ON {db} TO '{db}'", database=db), - 'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.`{db}` TO `{db}`@`%`$'", + 'command': mariadb(f"GRANT ALL PRIVILEGES ON {db}.* TO '{db}'", database=db), + 'unless': mariadb(f"SHOW GRANTS FOR {db}") + f" | grep -q '^GRANT ALL PRIVILEGES ON `{db}`.* TO `{db}`@`%`'", 'needs': [ f'action:mariadb_user_{db}_create', ], diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py index 7adbbb0..a1c844c 100644 --- a/bundles/wordpress/metadata.py +++ b/bundles/wordpress/metadata.py @@ -10,7 +10,7 @@ def wordpress(metadata): site: { 'db_password': repo.vault.password_for(f"wordpress {site} db").value, } - for site in metadata.get('wordpress', {}) + for site in metadata.get('wordpress') }, } @@ -25,7 +25,7 @@ def mariadb(metadata): site: { 'password': metadata.get(f'wordpress/{site}/db_password') } - for site in metadata.get('wordpress', {}) + for site in metadata.get('wordpress') }, }, } @@ -48,3 +48,19 @@ def vhost(metadata): }, }, } + + +@metadata_reactor.provides( + 'zfs/datasets', +) +def zfs(metadata): + return { + 'zfs': { + 'datasets': { + f'tank/{site}': { + 'mountpoint': f'/opt/{site}', + } + for site in metadata.get('wordpress') + }, + }, + } diff --git a/data/wordpress/vhost.conf b/data/wordpress/vhost.conf index 146556f..61b678e 100644 --- a/data/wordpress/vhost.conf +++ b/data/wordpress/vhost.conf @@ -1,9 +1,15 @@ # Upstream to abstract backend connection(s) for php server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${server_name}; root ${root}; index index.php; + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + location = /favicon.ico { log_not_found off; access_log off; -- 2.39.5 From 6f972fddd2ee038fcf3c1c9e3bfb7afe80208b0c Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sun, 4 Feb 2024 14:31:42 +0100 Subject: [PATCH 8/9] wip --- bundles/wordpress/README.md | 1 + .../wordpress/files/check_wordpress_insecure | 25 +++++++++++++++++++ bundles/wordpress/files/print-version.php | 5 ++++ bundles/wordpress/files/wp-config.php | 0 bundles/wordpress/items.py | 16 +++++++----- bundles/wordpress/metadata.py | 19 +++++++++++++- 6 files changed, 59 insertions(+), 7 deletions(-) create mode 100644 bundles/wordpress/README.md create mode 100644 bundles/wordpress/files/check_wordpress_insecure create mode 100644 bundles/wordpress/files/print-version.php create mode 100644 bundles/wordpress/files/wp-config.php diff --git a/bundles/wordpress/README.md b/bundles/wordpress/README.md new file mode 100644 index 0000000..d623775 --- /dev/null +++ b/bundles/wordpress/README.md @@ -0,0 +1 @@ +https://developer.wordpress.org/advanced-administration/upgrade/upgrading/ diff --git a/bundles/wordpress/files/check_wordpress_insecure b/bundles/wordpress/files/check_wordpress_insecure new file mode 100644 index 0000000..e7294e8 --- /dev/null +++ b/bundles/wordpress/files/check_wordpress_insecure @@ -0,0 +1,25 @@ +#!/bin/bash + +SITE=$1 +VERSION=$(php -r "require('/opt/$SITE/wp-includes/version.php'); echo \$wp_version;") +STATUS=$(curl -ssL http://api.wordpress.org/core/stable-check/1.0/ | jq -r '.["'$VERSION'"]') + +echo "WordPress $VERSION is '$STATUS'" + +if [[ "$STATUS" == latest ]] +then + exit 0 +elif [[ "$STATUS" == outdated ]] +then + exit 1 +elif [[ "$STATUS" == insecure ]] +then + if test -f /etc/nginx/sites/$SITE + then + rm /etc/nginx/sites/$SITE + systemctl restart nginx + fi + exit 2 +else + exit 2 +fi diff --git a/bundles/wordpress/files/print-version.php b/bundles/wordpress/files/print-version.php new file mode 100644 index 0000000..3bf8de5 --- /dev/null +++ b/bundles/wordpress/files/print-version.php @@ -0,0 +1,5 @@ + Date: Sun, 4 Feb 2024 14:33:31 +0100 Subject: [PATCH 9/9] wip --- bundles/wordpress/metadata.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bundles/wordpress/metadata.py b/bundles/wordpress/metadata.py index 57337e2..33a4e11 100644 --- a/bundles/wordpress/metadata.py +++ b/bundles/wordpress/metadata.py @@ -65,6 +65,7 @@ def zfs(metadata): }, } + @metadata_reactor.provides( 'monitoring/services', ) @@ -74,7 +75,7 @@ def check_insecure(metadata): 'services': { f'wordpress {site} insecure': { 'vars.command': f'/usr/lib/nagios/plugins/check_wordpress_insecure {site}', - 'check_interval': '1h', + 'check_interval': '30m', 'vars.sudo': True, } for site in metadata.get('wordpress') -- 2.39.5