Compare commits
7 Commits
66dad7b8a9
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| b8cf7dc166 | |||
| 2da91aa878 | |||
| 3c353d3608 | |||
| 266e7330be | |||
| e811f4961b | |||
| 40d207cd68 | |||
| 9f32fada4c |
@@ -0,0 +1 @@
|
||||
ARGS="--web.listen-address=\"[fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}]:9100\""
|
||||
@@ -0,0 +1,3 @@
|
||||
[Unit]
|
||||
Requires=wg-quick@wg-monitoring.service
|
||||
After=wg-quick@wg-monitoring.service
|
||||
@@ -0,0 +1,9 @@
|
||||
[Interface]
|
||||
PrivateKey = {{ node.metadata.get("clerie-monitoring/private-key") }}
|
||||
Address = fd00:327:327:327::{{ node.metadata.get("clerie-monitoring/id") }}/64
|
||||
|
||||
[Peer]
|
||||
Endpoint = [2001:638:904:ffca::7]:54523
|
||||
PublicKey = eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=
|
||||
AllowedIPS = fd00:327:327:327::/64
|
||||
PersistentKeepalive = 25
|
||||
46
bundles/debian-clerie-monitoring/items.py
Normal file
46
bundles/debian-clerie-monitoring/items.py
Normal file
@@ -0,0 +1,46 @@
|
||||
files = {
|
||||
f"/etc/wireguard/wg-monitoring.conf": {
|
||||
"source": "wg-monitoring.conf",
|
||||
"content_type": "jinja2",
|
||||
"triggers": [
|
||||
"svc_systemd:wg-quick@wg-monitoring:restart",
|
||||
],
|
||||
"needs": [
|
||||
"pkg_apt:wireguard",
|
||||
],
|
||||
},
|
||||
f"/etc/default/prometheus-node-exporter": {
|
||||
"source": "prometheus-node-exporter",
|
||||
"content_type": "jinja2",
|
||||
"triggers": [
|
||||
"svc_systemd:prometheus-node-exporter:restart",
|
||||
],
|
||||
"needs": [
|
||||
"pkg_apt:prometheus-node-exporter",
|
||||
],
|
||||
},
|
||||
f"/etc/systemd/system/prometheus-node-exporter.d/override.conf": {
|
||||
"source": "prometheus-node-exporter-override.conf",
|
||||
"triggers": [
|
||||
"action:systemd-daemon-reload",
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
pkg_apt = {
|
||||
"wireguard": {},
|
||||
"prometheus-node-exporter": {},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
"wg-quick@wg-monitoring": {
|
||||
"needs": [
|
||||
"file:/etc/wireguard/wg-monitoring.conf",
|
||||
],
|
||||
},
|
||||
"prometheus-node-exporter": {
|
||||
"needs": [
|
||||
"file:/etc/systemd/system/prometheus-node-exporter.d/override.conf",
|
||||
],
|
||||
},
|
||||
}
|
||||
1
bundles/debian-user-clerie/files/sudoers-clerie
Normal file
1
bundles/debian-user-clerie/files/sudoers-clerie
Normal file
@@ -0,0 +1 @@
|
||||
clerie ALL=(ALL) NOPASSWD:ALL
|
||||
34
bundles/debian-user-clerie/items.py
Normal file
34
bundles/debian-user-clerie/items.py
Normal file
@@ -0,0 +1,34 @@
|
||||
users = {
|
||||
"clerie": {
|
||||
"groups": [ "sudo" ],
|
||||
"shell": "/bin/bash",
|
||||
},
|
||||
}
|
||||
|
||||
directories = {
|
||||
"/home/clerie/.ssh": {
|
||||
"mode": "0700",
|
||||
"owner": "clerie",
|
||||
"group": "clerie",
|
||||
"needs": [
|
||||
"user:clerie",
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
files = {
|
||||
f'/home/clerie/.ssh/authorized_keys': {
|
||||
"content_type": "download",
|
||||
"source": "https://git.clerie.de/clerie/nixfiles/raw/commit/dd76691f7da3f860b25f770b65e602f90e1a1de8/users/clerie/ssh.pub",
|
||||
"content_hash": "f37b63f98c5d4bd5292a81ce01dd7f6bc5e356fc",
|
||||
"mode": "0700",
|
||||
"owner": "clerie",
|
||||
"group": "clerie",
|
||||
"needs": [
|
||||
"directory:/home/clerie/.ssh",
|
||||
],
|
||||
},
|
||||
f'/etc/sudoers.d/sudoers-clerie': {
|
||||
"source": "sudoers-clerie",
|
||||
},
|
||||
}
|
||||
7
bundles/systemd/items.py
Normal file
7
bundles/systemd/items.py
Normal file
@@ -0,0 +1,7 @@
|
||||
actions['systemd-daemon-reload'] = {
|
||||
'command': 'systemctl daemon-reload',
|
||||
'triggered': True,
|
||||
'needed_by': {
|
||||
'svc_systemd:',
|
||||
},
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
JOB_NAME="$1"
|
||||
TARGET_NAME="$2"
|
||||
|
||||
echo "clerie_backup_last_successful_run_time{backup_job=\"${JOB_NAME}\", backup_target=\"${TARGET_NAME}\"} $(date +%s)" > "/home/{{ node.username }}/.local/state/prometheus-node-exporter/textfiles/clerie-backup-${JOB_NAME}-${TARGET_NAME}.prom"
|
||||
@@ -38,6 +38,11 @@ files = uberspaceify.files({
|
||||
"action:install_restic",
|
||||
],
|
||||
},
|
||||
f'/home/{node.username}/bin/clerie-backup-update-monitoring': {
|
||||
"source": "clerie-backup-update-monitoring.sh",
|
||||
"content_type": "jinja2",
|
||||
"mode": "0700",
|
||||
},
|
||||
**repo_config_files,
|
||||
})
|
||||
|
||||
|
||||
@@ -49,6 +49,7 @@ actions["prometheus-node-exporter-install"] = {
|
||||
svc_uberspace_supervisord["prometheus-node-exporter"] = {
|
||||
"needs": [
|
||||
f"file:/home/{node.username}/etc/services.d/prometheus-node-exporter.ini",
|
||||
"action:prometheus-node-exporter-exists",
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
@@ -7,5 +7,7 @@ echo "# Use crontab-dir-update to regenerate"
|
||||
echo
|
||||
echo "PATH=$HOME/.local/bin:$HOME/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
|
||||
echo
|
||||
echo "MAILTO=\"\""
|
||||
echo
|
||||
|
||||
find $HOME/.config/cron.d -mindepth 1 -maxdepth 1 -type f | sort | xargs cat
|
||||
|
||||
6
bundles/uberspace-wordpress/files/wordpress.ini
Normal file
6
bundles/uberspace-wordpress/files/wordpress.ini
Normal file
@@ -0,0 +1,6 @@
|
||||
max_execution_time = 180
|
||||
memory_limit = 128M
|
||||
post_max_size = 64M
|
||||
upload_max_filesize = 64M
|
||||
max_input_time = 60
|
||||
max_input_vars = 3000
|
||||
16
bundles/uberspace-wordpress/items.py
Normal file
16
bundles/uberspace-wordpress/items.py
Normal file
@@ -0,0 +1,16 @@
|
||||
|
||||
uberspaceify = repo.libs.uberspace.Uberspaceify(node)
|
||||
|
||||
files = uberspaceify.files({
|
||||
f'/home/{node.username}/etc/php.d/wordpress.ini': {
|
||||
"source": "wordpress.ini",
|
||||
"triggers": [
|
||||
"action:uberspace-php-restart",
|
||||
],
|
||||
},
|
||||
})
|
||||
|
||||
actions["uberspace-php-restart"] = {
|
||||
"command": "uberspace tools restart php",
|
||||
"triggered": True,
|
||||
}
|
||||
58
nodes.py
58
nodes.py
@@ -1,6 +1,16 @@
|
||||
bws = libs.bwsops.BwSops("secrets.json")
|
||||
from bundlewrap.utils import error_context
|
||||
import os
|
||||
from pathlib import Path
|
||||
|
||||
uberspaceify = libs.uberspace.Uberspaceify()
|
||||
|
||||
# Lookup other nodes from different path
|
||||
bwfiles_base_path = Path(os.environ.get("BWFILES_BASE_PATH", ".")).absolute()
|
||||
bwfiles_nodes_dir_path = bwfiles_base_path / "nodes"
|
||||
bwfiles_secrets_file_path = bwfiles_base_path / "secrets.json"
|
||||
|
||||
bws = libs.bwsops.BwSops(bwfiles_secrets_file_path)
|
||||
|
||||
def generate_default_repos(node_name, username):
|
||||
return {
|
||||
"main-cyan": {
|
||||
@@ -31,45 +41,7 @@ def generate_default_repos(node_name, username):
|
||||
},
|
||||
}
|
||||
|
||||
nodes = uberspaceify.nodes({
|
||||
"clerie.uber.space": {
|
||||
"bundles": (
|
||||
"uberspace-redirect-clerie",
|
||||
"uberspace-clerie-backup",
|
||||
"uberspace-clerie-monitoring",
|
||||
"uberspace-crontab-dir",
|
||||
"uberspace-supervisord",
|
||||
),
|
||||
"metadata": {
|
||||
"clerie-backup": {
|
||||
"repos": generate_default_repos("clerie.uber.space", "clerie"),
|
||||
},
|
||||
"cron": {
|
||||
"jobs": {
|
||||
"backup_main-cyan": "42 */2 * * * clerie-backup main-cyan backup",
|
||||
"backup_main-cyan_mysql": "52 */2 * * * clerie-backup main-cyan restic backup --stdin-filename mysql-databases.sql --stdin-from-command -- mysqldump --all-databases",
|
||||
"backup_main-magenta": "13 */2 * * * clerie-backup main-magenta backup",
|
||||
"backup_main-magenta_mysql": "23 */2 * * * clerie-backup main-magenta restic backup --stdin-filename mysql-databases.sql --stdin-from-command -- mysqldump --all-databases",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"cleriewi.uber.space": {
|
||||
"bundles": (
|
||||
"uberspace-redirect-clerie",
|
||||
"uberspace-clerie-backup",
|
||||
"uberspace-crontab-dir",
|
||||
),
|
||||
"metadata": {
|
||||
"clerie-backup": {
|
||||
"repos": generate_default_repos("cleriewi.uber.space", "cleriewi"),
|
||||
},
|
||||
"cron": {
|
||||
"jobs": {
|
||||
"backup_main-cyan": "42 */2 * * * clerie-backup main-cyan backup",
|
||||
"backup_main-magenta": "13 */2 * * * clerie-backup main-magenta backup",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
for node_file in sorted(node_file.absolute() for node_file in bwfiles_nodes_dir_path.iterdir() if node_file.is_file() and node_file.suffix == ".py"):
|
||||
with error_context(filename=str(node_file)):
|
||||
with node_file.open() as f:
|
||||
exec(f.read())
|
||||
|
||||
24
nodes/clerie.uber.space.py
Normal file
24
nodes/clerie.uber.space.py
Normal file
@@ -0,0 +1,24 @@
|
||||
nodes.update(uberspaceify.nodes({
|
||||
"clerie.uber.space": {
|
||||
"bundles": (
|
||||
"uberspace-redirect-clerie",
|
||||
"uberspace-clerie-backup",
|
||||
"uberspace-clerie-monitoring",
|
||||
"uberspace-crontab-dir",
|
||||
"uberspace-supervisord",
|
||||
),
|
||||
"metadata": {
|
||||
"clerie-backup": {
|
||||
"repos": generate_default_repos("clerie.uber.space", "clerie"),
|
||||
},
|
||||
"cron": {
|
||||
"jobs": {
|
||||
"backup_main-cyan": "42 */2 * * * clerie-backup main-cyan backup && clerie-backup-update-monitoring main cyan",
|
||||
"backup_main-cyan_mysql": "52 */2 * * * clerie-backup main-cyan restic backup --stdin-filename mysql-databases.sql --stdin-from-command -- mysqldump --all-databases && clerie-backup-update-monitoring main_mysql cyan",
|
||||
"backup_main-magenta": "13 */2 * * * clerie-backup main-magenta backup && clerie-backup-update-monitoring main magenta",
|
||||
"backup_main-magenta_mysql": "23 */2 * * * clerie-backup main-magenta restic backup --stdin-filename mysql-databases.sql --stdin-from-command -- mysqldump --all-databases && clerie-backup-update-monitoring main_mysql magenta",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}))
|
||||
22
nodes/cleriewi.uber.space.py
Normal file
22
nodes/cleriewi.uber.space.py
Normal file
@@ -0,0 +1,22 @@
|
||||
nodes.update(uberspaceify.nodes({
|
||||
"cleriewi.uber.space": {
|
||||
"bundles": (
|
||||
"uberspace-redirect-clerie",
|
||||
"uberspace-clerie-backup",
|
||||
"uberspace-clerie-monitoring",
|
||||
"uberspace-crontab-dir",
|
||||
"uberspace-supervisord",
|
||||
),
|
||||
"metadata": {
|
||||
"clerie-backup": {
|
||||
"repos": generate_default_repos("cleriewi.uber.space", "cleriewi"),
|
||||
},
|
||||
"cron": {
|
||||
"jobs": {
|
||||
"backup_main-cyan": "42 */2 * * * clerie-backup main-cyan backup && clerie-backup-update-monitoring main cyan",
|
||||
"backup_main-magenta": "13 */2 * * * clerie-backup main-magenta backup && clerie-backup-update-monitoring main magenta",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}))
|
||||
16
nodes/mercury.net.clerie.de.py
Normal file
16
nodes/mercury.net.clerie.de.py
Normal file
@@ -0,0 +1,16 @@
|
||||
nodes.update({
|
||||
"mercury.net.clerie.de": {
|
||||
"username": "root",
|
||||
"bundles": (
|
||||
"systemd",
|
||||
"debian-user-clerie",
|
||||
"debian-clerie-monitoring",
|
||||
),
|
||||
"metadata": {
|
||||
"clerie-monitoring": {
|
||||
"id": 401,
|
||||
"private-key": bws.get(["mercury.net.clerie.de", "wg-monitoring"]),
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
16
secrets.json
16
secrets.json
@@ -9,14 +9,12 @@
|
||||
"clerie-backup-target-cyan": "ENC[AES256_GCM,data:Fi9balI8FtDskI2d3t6Mag66ltAuszbTLIL2UV/5mHpb5t5b6VlJFPHa8Xi2ah7a0cI6Ko212pxFp5kunS01Hg==,iv:sqBFq8kE0FhfQqCHjZYyeJt1ej1UrQBz3gpc6cSq8F8=,tag:Ny7+x1teHPrmgWNYoqU51Q==,type:str]",
|
||||
"clerie-backup-target-magenta": "ENC[AES256_GCM,data:M8kfwUDV8Sd0Um4ZdE3aOiUOwJmtKgARqob+X9E3BLIGCqnJsmgKiEc5jmnkziGkepeT+IynkXJ76zLoz7WKaw==,iv:ruiXAEw3n+o1cYlSlWkUR4XUAjXegb4dUMaTgDbDaXw=,tag:drYDl0VBWW8OMBBoAmQS7Q==,type:str]"
|
||||
},
|
||||
"mercury.net.clerie.de": {
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:zwWOTYbS4khpzyGvK1AdlhxTZrmu7SiwWudbPzKXuuYARz22tGh874mWuhU=,iv:C0vyHvZXxujtrg/SrEL/Q/+tGW12B/R+9/7Wa3uOaPY=,tag:cXz8EbbWMe58XOBQn0AUqQ==,type:str]"
|
||||
},
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": null,
|
||||
"lastmodified": "2025-02-16T18:41:27Z",
|
||||
"mac": "ENC[AES256_GCM,data:QyU1INnlZVP5RNPczuZEAeCah+c3rjWHhiGGjDn87tUSp+OwEkL44Hosr9vThk6FNdKWbtqcUh1wBW/UCgy5/jmh2BHv3pTIOzkXWAD1fy/Kb/jNYo0IH1+7cte98+NcDPw7do4k1fYM/H5VD3SPpGp5bWxEcrkrZuiupThuduI=,iv:QXqL4hbymO7uOBfghYZwSFgTWUnBeA52sHl201ChRME=,tag:c8Za2rcaO5WRnu4HIJtWWQ==,type:str]",
|
||||
"lastmodified": "2025-08-27T17:24:34Z",
|
||||
"mac": "ENC[AES256_GCM,data:OaRVF+Z+epsWo8nMSymrsHavz+vETIj7zjBqI9rmRPpATbZYnkKHPYB8I9IwXkYTnWxLl81nJCkBpsWULV5DAV2kIU89a1CC2BPzBDT/20zKfD2LORSuD/2yN44ZIYqK0TZjm8dJAqwpdBQYqkdu7pvAxEiq5FuTRE3BT2JQMmA=,iv:/7clc4EIbCNI/YHVV6oqrg3sTlWRyUHDz+HVjzzrB/M=,tag:U7tP30c+l82jhMG2eYy5FQ==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-02-15T16:00:02Z",
|
||||
@@ -25,6 +23,6 @@
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.2"
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user