Compare commits
4 commits
Author | SHA1 | Date | |
---|---|---|---|
944c116839 | |||
1ac8a53a9a | |||
e2f36c483b | |||
666329eca6 |
|
@ -1,132 +0,0 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import re
|
||||
from hashlib import md5
|
||||
from sys import argv, exit
|
||||
|
||||
# Supress SSL certificate warnings for ssl_verify=False
|
||||
import urllib3
|
||||
from lxml import html
|
||||
from requests import Session
|
||||
|
||||
USERNAME_FIELD = "g2"
|
||||
PASSWORD_FIELD = "g3"
|
||||
CRSF_FIELD = "password"
|
||||
|
||||
STATUS_OK = 0
|
||||
STATUS_WARNING = 1
|
||||
STATUS_CRITICAL = 2
|
||||
STATUS_UNKNOWN = 3
|
||||
|
||||
|
||||
class OMMCrawler:
|
||||
def __init__(self, hostname, username, password):
|
||||
self.session = Session()
|
||||
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
|
||||
self.session.verify = False
|
||||
|
||||
self.url = f"https://{hostname}"
|
||||
self.login_data = {
|
||||
USERNAME_FIELD: username,
|
||||
PASSWORD_FIELD: password,
|
||||
CRSF_FIELD: md5(password.encode()).hexdigest(),
|
||||
}
|
||||
self.logged_in = False
|
||||
|
||||
def login(self):
|
||||
# if we have multiple dect masters, find out which one is the current master
|
||||
current_master_url = self.session.get(self.url, verify=False).url
|
||||
self.hostname = re.search(r"^(.*[\\\/])", current_master_url).group(0)[:-1]
|
||||
|
||||
response = self.session.post(f"{self.url}/login_set.html", data=self.login_data)
|
||||
response.raise_for_status()
|
||||
|
||||
# set cookie
|
||||
pass_value = re.search(r"(?<=pass=)\d+(?=;)", response.text).group(0)
|
||||
self.session.cookies.set("pass", pass_value)
|
||||
self.logged_in = True
|
||||
|
||||
def get_station_status(self):
|
||||
if not self.logged_in:
|
||||
self.login()
|
||||
|
||||
data = {}
|
||||
response = self.session.get(f"{self.url}/fp_pnp_status.html")
|
||||
response.raise_for_status()
|
||||
tree = html.fromstring(response.text)
|
||||
xpath_results = tree.xpath('//tr[@class="l0" or @class="l1"]')
|
||||
|
||||
for result in xpath_results:
|
||||
bubble_is_in_inactive_cluster = False
|
||||
bubble_is_connected = False
|
||||
bubble_is_active = False
|
||||
|
||||
bubble_name = result.xpath("td[4]/text()")[0]
|
||||
try:
|
||||
bubble_is_connected = result.xpath("td[11]/img/@alt")[0] == "yes"
|
||||
|
||||
if bubble_is_connected:
|
||||
try:
|
||||
bubble_is_active = result.xpath("td[12]/img/@alt")[0] == "yes"
|
||||
except IndexError:
|
||||
# If an IndexError occurs, there is no image in the
|
||||
# 12th td. This means this bubble is in the not inside
|
||||
# an active DECT cluster, but is a backup bubble.
|
||||
# This is probably fine.
|
||||
bubble_is_active = False
|
||||
bubble_is_in_inactive_cluster = True
|
||||
else:
|
||||
bubble_is_active = False
|
||||
except:
|
||||
# There is no Image in the 11th td. This usually means there
|
||||
# is a warning message in the 10th td. We do not care about
|
||||
# that, currently.
|
||||
pass
|
||||
|
||||
data[bubble_name] = {
|
||||
"is_connected": bubble_is_connected,
|
||||
"is_active": bubble_is_active,
|
||||
"is_in_inactive_cluster": bubble_is_in_inactive_cluster,
|
||||
}
|
||||
return data
|
||||
|
||||
def handle_station_data(self):
|
||||
try:
|
||||
data = self.get_station_status()
|
||||
except Exception as e:
|
||||
print(f"Something went wrong. You should take a look at {self.url}")
|
||||
print(repr(e))
|
||||
exit(STATUS_UNKNOWN)
|
||||
|
||||
critical = False
|
||||
for name, status in data.items():
|
||||
if not status["is_active"] and not status["is_connected"]:
|
||||
print(
|
||||
f"Base station {name} is not active or connected! Check manually!"
|
||||
)
|
||||
critical = True
|
||||
elif not status["is_active"] and not status["is_in_inactive_cluster"]:
|
||||
# Bubble is part of an active DECT cluster, but not active.
|
||||
# This shouldn't happen.
|
||||
print(
|
||||
f"Base station {name} is not active but connected! Check manually!"
|
||||
)
|
||||
critical = True
|
||||
elif not status["is_connected"]:
|
||||
# This should never happen. Seeing this state means OMM
|
||||
# itself is broken.
|
||||
print(
|
||||
f"Base station {name} is not connected but active! Check manually!"
|
||||
)
|
||||
critical = True
|
||||
|
||||
if critical:
|
||||
exit(STATUS_CRITICAL)
|
||||
else:
|
||||
print(f"OK - {len(data)} base stations connected")
|
||||
exit(STATUS_OK)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
omm = OMMCrawler(argv[1], argv[2], argv[3])
|
||||
omm.handle_station_data()
|
|
@ -1,7 +1,7 @@
|
|||
directories['/opt/jugendhackt_tools/src'] = {}
|
||||
|
||||
git_deploy['/opt/jugendhackt_tools/src'] = {
|
||||
'repo': 'https://github.com/kunsi/jugendhackt_schedule.git',
|
||||
'repo': 'https://github.com/Kunsi/jugendhackt_schedule.git',
|
||||
'rev': 'main',
|
||||
'triggers': {
|
||||
'action:jugendhackt_tools_install',
|
||||
|
@ -16,6 +16,7 @@ actions['jugendhackt_tools_create_virtualenv'] = {
|
|||
'needs': {
|
||||
# actually /opt/jugendhackt_tools, but we don't create that
|
||||
'directory:/opt/jugendhackt_tools/src',
|
||||
'pkg_apt:python3-virtualenv',
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -27,6 +28,7 @@ actions['jugendhackt_tools_install'] = {
|
|||
]),
|
||||
'needs': {
|
||||
'action:jugendhackt_tools_create_virtualenv',
|
||||
'pkg_apt:python3-pip',
|
||||
},
|
||||
'triggered': True,
|
||||
}
|
||||
|
|
|
@ -57,7 +57,7 @@ smtpd_tls_auth_only = yes
|
|||
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
||||
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
||||
smtpd_tls_mandatory_ciphers = medium
|
||||
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem
|
||||
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem;
|
||||
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
tls_preempt_cipherlist = no
|
||||
</%text>
|
||||
|
|
|
@ -11,8 +11,9 @@ fi
|
|||
if systemctl is-active wide-dhcpv6-client;
|
||||
then
|
||||
systemctl stop wide-dhcpv6-client
|
||||
sleep 1
|
||||
sleep 60
|
||||
systemctl start wide-dhcpv6-client
|
||||
else
|
||||
sleep 60
|
||||
systemctl start wide-dhcpv6-client
|
||||
fi
|
||||
|
|
|
@ -8,13 +8,3 @@ location /.well-known/matrix/server {
|
|||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/webfinger {
|
||||
return 302 'https://chaos.social/.well-known/webfinger?resource=acct:sophie@chaos.social';
|
||||
}
|
||||
|
||||
location /social {
|
||||
return 200 '<!doctype html><html><body><a rel="me" href="https://chaos.social/@sophie">Mastodon</a></body></html>';
|
||||
default_type text/html;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
|
|
@ -40,7 +40,7 @@ imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
|
|||
|
||||
[metadata.element-web]
|
||||
url = "chat.franzi.business"
|
||||
version = "v1.11.67"
|
||||
version = "v1.11.66"
|
||||
[metadata.element-web.config]
|
||||
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
|
||||
default_server_config.'m.homeserver'.server_name = "franzi.business"
|
||||
|
@ -49,8 +49,8 @@ defaultCountryCode = "DE"
|
|||
jitsi.preferredDomain = "meet.ffmuc.net"
|
||||
|
||||
[metadata.forgejo]
|
||||
version = "7.0.3"
|
||||
sha1 = "81b8adc6686bbaebdca6c17059fe6b4f67250e67"
|
||||
version = "7.0.2"
|
||||
sha1 = "8d8f463b875a114012d688b413b11501aaba2eee"
|
||||
domain = "git.franzi.business"
|
||||
enable_git_hooks = true
|
||||
install_ssh_key = true
|
||||
|
@ -125,7 +125,7 @@ domain = "rss.franzi.business"
|
|||
|
||||
[metadata.netbox]
|
||||
domain = "netbox.franzi.business"
|
||||
version = "v4.0.3"
|
||||
version = "v4.0.1"
|
||||
admins.kunsi = "hostmaster@kunbox.net"
|
||||
|
||||
[metadata.nextcloud]
|
||||
|
|
34
nodes/entropia-jira.toml
Normal file
34
nodes/entropia-jira.toml
Normal file
|
@ -0,0 +1,34 @@
|
|||
hostname = "45.140.180.45"
|
||||
dummy = true
|
||||
|
||||
[metadata.icinga_options]
|
||||
period = "daytime"
|
||||
show_on_statuspage = false
|
||||
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST ticket-redirect CERTIFICATE"]
|
||||
check_command = "check_https_cert_at_url"
|
||||
"vars.domain" = "ticket.gulas.ch"
|
||||
"vars.notification.mail" = true
|
||||
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
|
||||
check_command = "check_https_cert_at_url"
|
||||
"vars.domain" = "jira.gulas.ch"
|
||||
"vars.notification.mail" = true
|
||||
|
||||
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CONTENT"]
|
||||
check_command = "check_http_wget"
|
||||
"vars.http_wget_contains" = "login.jsp"
|
||||
"vars.http_wget_url" = "https://jira.gulas.ch/secure/Dashboard.jspa"
|
||||
"vars.notification.sms" = true
|
||||
|
||||
[metadata.icinga2_api.custom.services]
|
||||
# these checks do not get deployed onto the actual host by us, we only
|
||||
# execute those checks
|
||||
'DISK SPACE'.'vars.sshmon_command' = 'DISK_SPACE'
|
||||
'JIRA HEAP'.'vars.sshmon_command' = 'JIRA_HEAP'
|
||||
'JIRA THREADS'.'vars.sshmon_command' = 'JIRA_THREADS'
|
||||
'LOAD'.'vars.sshmon_command' = 'LOAD'
|
||||
'OOM KILLER'.'vars.sshmon_command' = 'OOM_KILLER'
|
||||
'RAM'.'vars.sshmon_command' = 'RAM'
|
||||
'USER PROCESS SECURITY jira'.'vars.sshmon_command' = 'USER_PROCESS_SECURITY_jira'
|
||||
'ZPOOL SPACE tank'.'vars.sshmon_command' = 'check_zpool_space_tank'
|
|
@ -42,7 +42,7 @@ nodes['home.paperless'] = {
|
|||
},
|
||||
'paperless': {
|
||||
'domain': 'paperless.home.kunbox.net',
|
||||
'version': 'v2.8.6',
|
||||
'version': 'v2.8.3',
|
||||
'timezone': 'Europe/Berlin',
|
||||
},
|
||||
'postgresql': {
|
||||
|
|
|
@ -32,7 +32,7 @@ routes.'172.19.128.0/20'.via = "172.19.137.1"
|
|||
|
||||
[metadata.element-web]
|
||||
url = "element.afra.berlin"
|
||||
version = "v1.11.67"
|
||||
version = "v1.11.66"
|
||||
|
||||
[metadata.element-web.config]
|
||||
default_server_config.'m.homeserver'.base_url = "https://matrix.afra.berlin"
|
||||
|
|
79
nodes/htz-cloud/jugendhackt.py
Normal file
79
nodes/htz-cloud/jugendhackt.py
Normal file
|
@ -0,0 +1,79 @@
|
|||
# jugend hackt toolz
|
||||
|
||||
nodes['htz-cloud.jugendhackt'] = {
|
||||
'bundles': {
|
||||
'jugendhackt_tools',
|
||||
'postgresql',
|
||||
'zfs',
|
||||
},
|
||||
'groups': {
|
||||
'debian-bookworm',
|
||||
'webserver',
|
||||
},
|
||||
'metadata': {
|
||||
'interfaces': {
|
||||
'eth0': {
|
||||
'ips': {
|
||||
'65.21.106.160',
|
||||
'2a01:4f9:c012:cfd9::/64',
|
||||
},
|
||||
'gateway4': '172.31.1.1',
|
||||
'gateway6': 'fe80::1',
|
||||
},
|
||||
},
|
||||
'jugendhackt_tools': {
|
||||
'allowed_hosts': ['jh.sophies-kitchen.eu'],
|
||||
'timezone': 'Europe/Berlin',
|
||||
},
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
'jugendhackt_tools': {
|
||||
'domain': 'jh.sophies-kitchen.eu',
|
||||
'locations': {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22090/',
|
||||
},
|
||||
'/static/': {
|
||||
'alias': '/opt/jugendhackt_tools/src/static/',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
'postgresql': {
|
||||
'version': '16',
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
# XXX find out if this is really needed
|
||||
'net.ipv4.ip_forward': '1',
|
||||
'net.ipv6.conf.all.forwarding': '1',
|
||||
},
|
||||
},
|
||||
'vm': {
|
||||
'cpu': 2,
|
||||
'ram': 4,
|
||||
},
|
||||
'users': {
|
||||
'sophie': {
|
||||
'enable_linger': True,
|
||||
'ssh_pubkey': [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
|
||||
],
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
'pools': {
|
||||
'tank': {
|
||||
'when_creating': {
|
||||
'config': [{
|
||||
'devices': {
|
||||
'/dev/sdb',
|
||||
},
|
||||
}]
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
|
@ -62,7 +62,7 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
'element-web': {
|
||||
'url': 'chat.sophies-kitchen.eu',
|
||||
'version': 'v1.11.67',
|
||||
'version': 'v1.11.66',
|
||||
'config': {
|
||||
'default_server_config': {
|
||||
'm.homeserver': {
|
||||
|
|
|
@ -25,7 +25,7 @@ nodes['voc.infobeamer-cms'] = {
|
|||
},
|
||||
'infobeamer-cms': {
|
||||
'domain': 'infobeamer.c3voc.de',
|
||||
'event_start_date': '2024-05-29',
|
||||
'event_start_date': '2023-12-26',
|
||||
'event_duration_days': 5,
|
||||
'config': {
|
||||
'ADMIN_USERS': [
|
||||
|
@ -45,7 +45,7 @@ nodes['voc.infobeamer-cms'] = {
|
|||
'MQTT_TOPIC': '/voc/alert',
|
||||
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
|
||||
'SETUP_IDS': [
|
||||
250294,
|
||||
245793,
|
||||
],
|
||||
# 'EXTRA_ASSETS': [{
|
||||
# 'type': "image",
|
||||
|
|
Loading…
Reference in a new issue