Init bundles for debian systems
This commit is contained in:
@@ -0,0 +1 @@
|
||||
ARGS="--web.listen-address=\"[fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}]:9100\""
|
||||
@@ -0,0 +1,3 @@
|
||||
[Unit]
|
||||
Requires=wg-quick@wg-monitoring.service
|
||||
After=wg-quick@wg-monitoring.service
|
||||
@@ -0,0 +1,9 @@
|
||||
[Interface]
|
||||
PrivateKey = {{ node.metadata.get("clerie-monitoring/private-key") }}
|
||||
Address = fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}/64
|
||||
|
||||
[Peer]
|
||||
Endpoint = [2001:638:904:ffca::7]:54523
|
||||
PublicKey = eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=
|
||||
AllowedIPS = fd00:327:327:327::/64
|
||||
PersistentKeepalive = 25
|
||||
46
bundles/debian-clerie-monitoring/items.py
Normal file
46
bundles/debian-clerie-monitoring/items.py
Normal file
@@ -0,0 +1,46 @@
|
||||
files = {
|
||||
f"/etc/wireguard/wg-monitoring.conf": {
|
||||
"source": "wg-monitoring.conf",
|
||||
"content_type": "jinja2",
|
||||
"triggers": [
|
||||
"svc_systemd:wg-quick@wg-monitoring:restart",
|
||||
],
|
||||
"needs": [
|
||||
"pkg_apt:wireguard",
|
||||
],
|
||||
},
|
||||
f"/etc/default/prometheus-node-exporter": {
|
||||
"source": "prometheus-node-exporter",
|
||||
"content_type": "jinja2",
|
||||
"triggers": [
|
||||
"svc_systemd:prometheus-node-exporter:restart",
|
||||
],
|
||||
"needs": [
|
||||
"pkg_apt:prometheus-node-exporter",
|
||||
],
|
||||
},
|
||||
f"/etc/systemd/system/prometheus-node-exporter.d/override.conf": {
|
||||
"source": "prometheus-node-exporter-override.conf",
|
||||
"triggers": [
|
||||
"action:systemd-daemon-reload",
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
pkg_apt = {
|
||||
"wireguard": {},
|
||||
"prometheus-node-exporter": {},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
"wg-quick@wg-monitoring": {
|
||||
"needs": [
|
||||
"file:/etc/wireguard/wg-monitoring.conf",
|
||||
],
|
||||
},
|
||||
"prometheus-node-exporter": {
|
||||
"needs": [
|
||||
"file:/etc/systemd/system/prometheus-node-exporter.d/override.conf",
|
||||
],
|
||||
},
|
||||
}
|
||||
1
bundles/debian-user-clerie/files/sudoers-clerie
Normal file
1
bundles/debian-user-clerie/files/sudoers-clerie
Normal file
@@ -0,0 +1 @@
|
||||
clerie ALL=(ALL) NOPASSWD:ALL
|
||||
34
bundles/debian-user-clerie/items.py
Normal file
34
bundles/debian-user-clerie/items.py
Normal file
@@ -0,0 +1,34 @@
|
||||
users = {
|
||||
"clerie": {
|
||||
"groups": [ "sudo" ],
|
||||
"shell": "/bin/bash",
|
||||
},
|
||||
}
|
||||
|
||||
directories = {
|
||||
"/home/clerie/.ssh": {
|
||||
"mode": "0700",
|
||||
"owner": "clerie",
|
||||
"group": "clerie",
|
||||
"needs": [
|
||||
"user:clerie",
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
files = {
|
||||
f'/home/clerie/.ssh/authorized_keys': {
|
||||
"content_type": "download",
|
||||
"source": "https://git.clerie.de/clerie/nixfiles/raw/commit/dd76691f7da3f860b25f770b65e602f90e1a1de8/users/clerie/ssh.pub",
|
||||
"content_hash": "f37b63f98c5d4bd5292a81ce01dd7f6bc5e356fc",
|
||||
"mode": "0700",
|
||||
"owner": "clerie",
|
||||
"group": "clerie",
|
||||
"needs": [
|
||||
"directory:/home/clerie/.ssh",
|
||||
],
|
||||
},
|
||||
f'/etc/sudoers.d/sudoers-clerie': {
|
||||
"source": "sudoers-clerie",
|
||||
},
|
||||
}
|
||||
7
bundles/systemd/items.py
Normal file
7
bundles/systemd/items.py
Normal file
@@ -0,0 +1,7 @@
|
||||
actions['systemd-daemon-reload'] = {
|
||||
'command': 'systemctl daemon-reload',
|
||||
'triggered': True,
|
||||
'needed_by': {
|
||||
'svc_systemd:',
|
||||
},
|
||||
}
|
||||
17
nodes.py
17
nodes.py
@@ -75,3 +75,20 @@ nodes = uberspaceify.nodes({
|
||||
},
|
||||
},
|
||||
})
|
||||
|
||||
nodes.update({
|
||||
"mercury.net.clerie.de": {
|
||||
"username": "root",
|
||||
"bundles": (
|
||||
"systemd",
|
||||
"debian-user-clerie",
|
||||
"debian-clerie-monitoring",
|
||||
),
|
||||
"metadata": {
|
||||
"clerie-monitoring": {
|
||||
"id": 401,
|
||||
"private-key": bws.get(["mercury.net.clerie.de", "wg-monitoring"]),
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
|
||||
16
secrets.json
16
secrets.json
@@ -9,14 +9,12 @@
|
||||
"clerie-backup-target-cyan": "ENC[AES256_GCM,data:Fi9balI8FtDskI2d3t6Mag66ltAuszbTLIL2UV/5mHpb5t5b6VlJFPHa8Xi2ah7a0cI6Ko212pxFp5kunS01Hg==,iv:sqBFq8kE0FhfQqCHjZYyeJt1ej1UrQBz3gpc6cSq8F8=,tag:Ny7+x1teHPrmgWNYoqU51Q==,type:str]",
|
||||
"clerie-backup-target-magenta": "ENC[AES256_GCM,data:M8kfwUDV8Sd0Um4ZdE3aOiUOwJmtKgARqob+X9E3BLIGCqnJsmgKiEc5jmnkziGkepeT+IynkXJ76zLoz7WKaw==,iv:ruiXAEw3n+o1cYlSlWkUR4XUAjXegb4dUMaTgDbDaXw=,tag:drYDl0VBWW8OMBBoAmQS7Q==,type:str]"
|
||||
},
|
||||
"mercury.net.clerie.de": {
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:zwWOTYbS4khpzyGvK1AdlhxTZrmu7SiwWudbPzKXuuYARz22tGh874mWuhU=,iv:C0vyHvZXxujtrg/SrEL/Q/+tGW12B/R+9/7Wa3uOaPY=,tag:cXz8EbbWMe58XOBQn0AUqQ==,type:str]"
|
||||
},
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": null,
|
||||
"lastmodified": "2025-02-16T18:41:27Z",
|
||||
"mac": "ENC[AES256_GCM,data:QyU1INnlZVP5RNPczuZEAeCah+c3rjWHhiGGjDn87tUSp+OwEkL44Hosr9vThk6FNdKWbtqcUh1wBW/UCgy5/jmh2BHv3pTIOzkXWAD1fy/Kb/jNYo0IH1+7cte98+NcDPw7do4k1fYM/H5VD3SPpGp5bWxEcrkrZuiupThuduI=,iv:QXqL4hbymO7uOBfghYZwSFgTWUnBeA52sHl201ChRME=,tag:c8Za2rcaO5WRnu4HIJtWWQ==,type:str]",
|
||||
"lastmodified": "2025-08-27T17:24:34Z",
|
||||
"mac": "ENC[AES256_GCM,data:OaRVF+Z+epsWo8nMSymrsHavz+vETIj7zjBqI9rmRPpATbZYnkKHPYB8I9IwXkYTnWxLl81nJCkBpsWULV5DAV2kIU89a1CC2BPzBDT/20zKfD2LORSuD/2yN44ZIYqK0TZjm8dJAqwpdBQYqkdu7pvAxEiq5FuTRE3BT2JQMmA=,iv:/7clc4EIbCNI/YHVV6oqrg3sTlWRyUHDz+HVjzzrB/M=,tag:U7tP30c+l82jhMG2eYy5FQ==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-02-15T16:00:02Z",
|
||||
@@ -25,6 +23,6 @@
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.2"
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user