cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
No description
1200 commits 63 branches 0 tags 5.5 MiB
Python 90.6%
Shell 8.1%
PHP 0.9%
Mako 0.3%
Find a file
CroneKorkN 90f14b69e4
left4me: pull node-agnostic metadata into the bundle 
Nodes should only carry node-specific metadata. Previously each node
running left4me had to declare git_url, git_branch, secret_key, plus
nginx vhost / letsencrypt / monitoring / nftables-input blocks for
every game port. All of those are derivable from one truly node-
specific value: the domain.

Move into the bundle:
  - git_url + git_branch as defaults (override per-node only if needed).
  - secret_key as a per-node vault-derived value
    (random_bytes_as_base64_for f'{node.name} left4me secret_key',
    same convention as postgresql/mosquitto/etc.).
  - backup/paths defaults (set-merged with backup group / node paths).

Add a `derived_from_domain` reactor that reads left4me/domain and
emits:
  - nginx/vhosts/<domain> proxying 127.0.0.1:8000
  - letsencrypt/domains/<domain>
  - monitoring/services/left4me-web (curl /health)
  - nftables/input rules for the configured port range
    (defaults 27015-27115, derived from left4me/port_range_*).

Net effect: a node opting into left4me declares only
  metadata.left4me.domain = 'whatever.tld'
plus the universal node-level stuff (id, vm/cores, network, …).
2026-05-10 18:23:34 +02:00
bin docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
bundles left4me: pull node-agnostic metadata into the bundle 2026-05-10 18:23:34 +02:00
data docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
doc play around with systemd hardening 2022-03-27 13:29:58 +02:00
docs spec: banner stale sections so partial readers see the pivot 2026-05-10 16:14:12 +02:00
groups groups: add applications/left4me 2026-05-10 18:08:36 +02:00
hooks docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
items docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
libs docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
nodes left4me wireguard 2026-05-10 16:57:52 +02:00
.editorconfig editorconfig 2022-08-09 16:49:48 +02:00
.envrc PATH_add bin 2023-08-09 07:16:06 +02:00
.gitignore add ovh.left4me and update nextcloud 2026-05-10 11:23:49 +02:00
AGENTS.md docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
CLAUDE.md docs: scaffold agent-friendly entry points (Phase 1) 2026-05-10 15:44:45 +02:00
groups.py print message on parsing group error 2025-06-22 09:36:56 +02:00
hass_get_temp.py bootshorn stuff 2025-08-24 15:23:17 +02:00
nodes.py demagify remove faults 2023-02-23 18:27:27 +01:00
README.md README: drop stale 'install bw fork' instruction 2026-05-10 15:19:44 +02:00
requirements.txt switch bundlewrap install to editable from CroneKorkN/bundlewrap@main 2026-05-10 15:14:31 +02:00

README.md

TODO

  • dont spamfilter forwarded mails
  • gollum wiki
  • blog?
  • fix dkim not working sometimes
  • LDAP
  • oauth2/OpenID
  • icinga

Raspberry pi as soundcard

monitor timers

Timer=backup

Triggers=$(systemctl show ${Timer}.timer --property=Triggers --value)
echo $Triggers
if systemctl is-failed "$Triggers"
then
  InvocationID=$(systemctl show "$Triggers" --property=InvocationID --value)
  echo $InvocationID
  ExitCode=$(systemctl show "$Triggers" -p ExecStartEx --value | sed 's/^{//' | sed 's/}$//' | tr ';' '\n' | xargs -n 1 | grep '^status=' | cut -d '=' -f 2)
  echo $ExitCode
  journalctl INVOCATION_ID="$InvocationID" --output cat
fi

telegraf: execd for daemons

TEST

git signing

git config --global gpg.format ssh git config --global commit.gpgsign true

git config user.name CroneKorkN git config user.email i@ckn.li git config user.signingkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMVroYmswD4tLk6iH+2tvQiyaMe42yfONDsPDIdFv6I"