cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
No description
1199 commits 63 branches 0 tags 5.5 MiB
Python 90.6%
Shell 8.1%
PHP 0.9%
Mako 0.3%
Find a file
CroneKorkN 3bffd7b8f5
bind-acme: guard against letsencrypt clients without internal LAN 
The acme_zone reactor's first ACL branch iterates nodes that have
letsencrypt/domains and reads their network/internal/ipv4. Until now
that crashed for any node with letsencrypt but no internal LAN — the
node had to either fake a network/internal/ipv4 or skip TLS.

Add a `metadata.get(..., None)` guard to filter such nodes out of this
branch. The wireguard branch below already covers them (any node with
the wireguard bundle gets its wireguard/my_ip into the ACL), so ACME
DNS-01 reachability still works for cross-Internet nodes that join the
fleet via wireguard.

Surfaced by ovh.left4me: dedicated server with no Hetzner/internal
network, reachable from the bind-acme node only via wireguard.
2026-05-10 18:23:21 +02:00
bin docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
bundles bind-acme: guard against letsencrypt clients without internal LAN 2026-05-10 18:23:21 +02:00
data docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
doc play around with systemd hardening 2022-03-27 13:29:58 +02:00
docs spec: banner stale sections so partial readers see the pivot 2026-05-10 16:14:12 +02:00
groups groups: add applications/left4me 2026-05-10 18:08:36 +02:00
hooks docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
items docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
libs docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
nodes left4me wireguard 2026-05-10 16:57:52 +02:00
.editorconfig editorconfig 2022-08-09 16:49:48 +02:00
.envrc PATH_add bin 2023-08-09 07:16:06 +02:00
.gitignore add ovh.left4me and update nextcloud 2026-05-10 11:23:49 +02:00
AGENTS.md docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
CLAUDE.md docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
groups.py print message on parsing group error 2025-06-22 09:36:56 +02:00
hass_get_temp.py bootshorn stuff 2025-08-24 15:23:17 +02:00
nodes.py demagify remove faults 2023-02-23 18:27:27 +01:00
README.md README: drop stale 'install bw fork' instruction 2026-05-10 15:19:44 +02:00
requirements.txt switch bundlewrap install to editable from CroneKorkN/bundlewrap@main 2026-05-10 15:14:31 +02:00

README.md

TODO

  • dont spamfilter forwarded mails
  • gollum wiki
  • blog?
  • fix dkim not working sometimes
  • LDAP
  • oauth2/OpenID
  • icinga

Raspberry pi as soundcard

monitor timers

Timer=backup

Triggers=$(systemctl show ${Timer}.timer --property=Triggers --value)
echo $Triggers
if systemctl is-failed "$Triggers"
then
  InvocationID=$(systemctl show "$Triggers" --property=InvocationID --value)
  echo $InvocationID
  ExitCode=$(systemctl show "$Triggers" -p ExecStartEx --value | sed 's/^{//' | sed 's/}$//' | tr ';' '\n' | xargs -n 1 | grep '^status=' | cut -d '=' -f 2)
  echo $ExitCode
  journalctl INVOCATION_ID="$InvocationID" --output cat
fi

telegraf: execd for daemons

TEST

git signing

git config --global gpg.format ssh git config --global commit.gpgsign true

git config user.name CroneKorkN git config user.email i@ckn.li git config user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I"