Init bundles for debian systems

2025-08-27 20:54:08 +02:00
parent e811f4961b
commit 266e7330be
9 changed files with 125 additions and 9 deletions
--- a/bundles/debian-clerie-monitoring/files/prometheus-node-exporter
+++ b/bundles/debian-clerie-monitoring/files/prometheus-node-exporter
@@ -0,0 +1 @@
+ARGS="--web.listen-address=\"[fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}]:9100\""
--- a/bundles/debian-clerie-monitoring/files/prometheus-node-exporter-override.conf
+++ b/bundles/debian-clerie-monitoring/files/prometheus-node-exporter-override.conf
@@ -0,0 +1,3 @@
+[Unit]
+Requires=wg-quick@wg-monitoring.service
+After=wg-quick@wg-monitoring.service
--- a/bundles/debian-clerie-monitoring/files/wg-monitoring.conf
+++ b/bundles/debian-clerie-monitoring/files/wg-monitoring.conf
@@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = {{ node.metadata.get("clerie-monitoring/private-key") }}
+Address = fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}/64
+
+[Peer]
+Endpoint = [2001:638:904:ffca::7]:54523
+PublicKey = eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=
+AllowedIPS = fd00:327:327:327::/64
+PersistentKeepalive = 25
--- a/bundles/debian-clerie-monitoring/items.py
+++ b/bundles/debian-clerie-monitoring/items.py
@@ -0,0 +1,46 @@
+files = {
+    f"/etc/wireguard/wg-monitoring.conf": {
+        "source": "wg-monitoring.conf",
+        "content_type": "jinja2",
+        "triggers": [
+            "svc_systemd:wg-quick@wg-monitoring:restart",
+        ],
+        "needs": [
+            "pkg_apt:wireguard",
+        ],
+    },
+    f"/etc/default/prometheus-node-exporter": {
+        "source": "prometheus-node-exporter",
+        "content_type": "jinja2",
+        "triggers": [
+            "svc_systemd:prometheus-node-exporter:restart",
+        ],
+        "needs": [
+            "pkg_apt:prometheus-node-exporter",
+        ],
+    },
+    f"/etc/systemd/system/prometheus-node-exporter.d/override.conf": {
+        "source": "prometheus-node-exporter-override.conf",
+        "triggers": [
+            "action:systemd-daemon-reload",
+        ],
+    },
+}
+
+pkg_apt = {
+    "wireguard": {},
+    "prometheus-node-exporter": {},
+}
+
+svc_systemd = {
+    "wg-quick@wg-monitoring": {
+        "needs": [
+            "file:/etc/wireguard/wg-monitoring.conf",
+        ],
+    },
+    "prometheus-node-exporter": {
+        "needs": [
+            "file:/etc/systemd/system/prometheus-node-exporter.d/override.conf",
+        ],
+    },
+}
--- a/bundles/debian-user-clerie/files/sudoers-clerie
+++ b/bundles/debian-user-clerie/files/sudoers-clerie
@@ -0,0 +1 @@
+clerie ALL=(ALL) NOPASSWD:ALL
--- a/bundles/debian-user-clerie/items.py
+++ b/bundles/debian-user-clerie/items.py
@@ -0,0 +1,34 @@
+users = {
+    "clerie": {
+        "groups": [ "sudo" ],
+        "shell": "/bin/bash",
+    },
+}
+
+directories = {
+    "/home/clerie/.ssh": {
+        "mode": "0700",
+        "owner": "clerie",
+        "group": "clerie",
+        "needs": [
+            "user:clerie",
+        ],
+    },
+}
+
+files = {
+    f'/home/clerie/.ssh/authorized_keys': {
+        "content_type": "download",
+        "source": "https://git.clerie.de/clerie/nixfiles/raw/commit/dd76691f7da3f860b25f770b65e602f90e1a1de8/users/clerie/ssh.pub",
+        "content_hash": "f37b63f98c5d4bd5292a81ce01dd7f6bc5e356fc",
+        "mode": "0700",
+        "owner": "clerie",
+        "group": "clerie",
+        "needs": [
+            "directory:/home/clerie/.ssh",
+        ],
+    },
+    f'/etc/sudoers.d/sudoers-clerie': {
+        "source": "sudoers-clerie",
+    },
+}
--- a/bundles/systemd/items.py
+++ b/bundles/systemd/items.py
@@ -0,0 +1,7 @@
+actions['systemd-daemon-reload'] = {
+    'command': 'systemctl daemon-reload',
+    'triggered': True,
+    'needed_by': {
+        'svc_systemd:',
+    },
+}
				`@@ -0,0 +1 @@`
				`ARGS="--web.listen-address=\"[fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}]:9100\""`