kunsi/bundlewrap
1
0
Fork 0
Code Issues 2 Pull requests 1 Releases Activity

Compare commits

base: kunsi:main
Branches Tags
kunsi:main
kunsi:jhtoolz
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer
..
compare: kunsi:jhtoolz
Branches Tags
kunsi:main
kunsi:jhtoolz
kunsi:feature/kunsi-ipv6-only-vlan
kunsi:sophie-dimension-cleanup
kunsi:kunsi-woodpecker
kunsi:kunsi-junos
kunsi:loudness-monitoring-gstreamer

4 commits
main ... jhtoolz

Author SHA1 Message Date
Sophie Schiller 944c116839 jh toolz from original source 2024-05-18 13:27:38 +02:00
Sophie Schiller 1ac8a53a9a revive jhtoolz 2024-05-18 13:07:42 +02:00
Sophie Schiller e2f36c483b jhtoolz static 2024-05-18 11:13:27 +02:00
Sophie Schiller 666329eca6 htz-cloud.jugendhackt: add new node 2024-05-18 11:13:27 +02:00
12 changed files with 128 additions and 154 deletions
Show stats Expand all files Collapse all files

132
bundles/icinga2/files/check_omm.py
View file

@ -1,132 +0,0 @@
#!/usr/bin/env python3
import re
from hashlib import md5
from sys import argv, exit
# Supress SSL certificate warnings for ssl_verify=False
import urllib3
from lxml import html
from requests import Session
USERNAME_FIELD = "g2"
PASSWORD_FIELD = "g3"
CRSF_FIELD = "password"
STATUS_OK = 0
STATUS_WARNING = 1
STATUS_CRITICAL = 2
STATUS_UNKNOWN = 3
class OMMCrawler:
def __init__(self, hostname, username, password):
self.session = Session()
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
self.session.verify = False
self.url = f"https://{hostname}"
self.login_data = {
USERNAME_FIELD: username,
PASSWORD_FIELD: password,
CRSF_FIELD: md5(password.encode()).hexdigest(),
}
self.logged_in = False
def login(self):
# if we have multiple dect masters, find out which one is the current master
current_master_url = self.session.get(self.url, verify=False).url
self.hostname = re.search(r"^(.*[\\\/])", current_master_url).group(0)[:-1]
response = self.session.post(f"{self.url}/login_set.html", data=self.login_data)
response.raise_for_status()
# set cookie
pass_value = re.search(r"(?<=pass=)\d+(?=;)", response.text).group(0)
self.session.cookies.set("pass", pass_value)
self.logged_in = True
def get_station_status(self):
if not self.logged_in:
self.login()
data = {}
response = self.session.get(f"{self.url}/fp_pnp_status.html")
response.raise_for_status()
tree = html.fromstring(response.text)
xpath_results = tree.xpath('//tr[@class="l0" or @class="l1"]')
for result in xpath_results:
bubble_is_in_inactive_cluster = False
bubble_is_connected = False
bubble_is_active = False
bubble_name = result.xpath("td[4]/text()")[0]
try:
bubble_is_connected = result.xpath("td[11]/img/@alt")[0] == "yes"
if bubble_is_connected:
try:
bubble_is_active = result.xpath("td[12]/img/@alt")[0] == "yes"
except IndexError:
# If an IndexError occurs, there is no image in the
# 12th td. This means this bubble is in the not inside
# an active DECT cluster, but is a backup bubble.
# This is probably fine.
bubble_is_active = False
bubble_is_in_inactive_cluster = True
else:
bubble_is_active = False
except:
# There is no Image in the 11th td. This usually means there
# is a warning message in the 10th td. We do not care about
# that, currently.
pass
data[bubble_name] = {
"is_connected": bubble_is_connected,
"is_active": bubble_is_active,
"is_in_inactive_cluster": bubble_is_in_inactive_cluster,
}
return data
def handle_station_data(self):
try:
data = self.get_station_status()
except Exception as e:
print(f"Something went wrong. You should take a look at {self.url}")
print(repr(e))
exit(STATUS_UNKNOWN)
critical = False
for name, status in data.items():
if not status["is_active"] and not status["is_connected"]:
print(
f"Base station {name} is not active or connected! Check manually!"
)
critical = True
elif not status["is_active"] and not status["is_in_inactive_cluster"]:
# Bubble is part of an active DECT cluster, but not active.
# This shouldn't happen.
print(
f"Base station {name} is not active but connected! Check manually!"
)
critical = True
elif not status["is_connected"]:
# This should never happen. Seeing this state means OMM
# itself is broken.
print(
f"Base station {name} is not connected but active! Check manually!"
)
critical = True
if critical:
exit(STATUS_CRITICAL)
else:
print(f"OK - {len(data)} base stations connected")
exit(STATUS_OK)
if __name__ == "__main__":
omm = OMMCrawler(argv[1], argv[2], argv[3])
omm.handle_station_data()

4
bundles/jugendhackt_tools/items.py
View file

@ -1,7 +1,7 @@
directories['/opt/jugendhackt_tools/src'] = {}
git_deploy['/opt/jugendhackt_tools/src'] = {
'repo': 'https://github.com/kunsi/jugendhackt_schedule.git',
'repo': 'https://github.com/Kunsi/jugendhackt_schedule.git',
'rev': 'main',
'triggers': {
'action:jugendhackt_tools_install',
@ -16,6 +16,7 @@ actions['jugendhackt_tools_create_virtualenv'] = {
'needs': {
# actually /opt/jugendhackt_tools, but we don't create that
'directory:/opt/jugendhackt_tools/src',
'pkg_apt:python3-virtualenv',
},
}
@ -27,6 +28,7 @@ actions['jugendhackt_tools_install'] = {
]),
'needs': {
'action:jugendhackt_tools_create_virtualenv',
'pkg_apt:python3-pip',
},
'triggered': True,
}

2
bundles/postfix/files/main.cf
View file

@ -57,7 +57,7 @@ smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem;
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
tls_preempt_cipherlist = no
</%text>

3
bundles/wide-dhcp6c/files/ip-up
View file

@ -11,8 +11,9 @@ fi
if systemctl is-active wide-dhcpv6-client;
then
systemctl stop wide-dhcpv6-client
sleep 1
sleep 60
systemctl start wide-dhcpv6-client
else
sleep 60
systemctl start wide-dhcpv6-client
fi

10
data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu
View file

@ -8,13 +8,3 @@ location /.well-known/matrix/server {
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/webfinger {
return 302 'https://chaos.social/.well-known/webfinger?resource=acct:sophie@chaos.social';
}
location /social {
return 200 '<!doctype html><html><body><a rel="me" href="https://chaos.social/@sophie">Mastodon</a></body></html>';
default_type text/html;
add_header Access-Control-Allow-Origin *;
}

8
nodes/carlene.toml
View file

@ -40,7 +40,7 @@ imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
[metadata.element-web]
url = "chat.franzi.business"
version = "v1.11.67"
version = "v1.11.66"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
default_server_config.'m.homeserver'.server_name = "franzi.business"
@ -49,8 +49,8 @@ defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.forgejo]
version = "7.0.3"
sha1 = "81b8adc6686bbaebdca6c17059fe6b4f67250e67"
version = "7.0.2"
sha1 = "8d8f463b875a114012d688b413b11501aaba2eee"
domain = "git.franzi.business"
enable_git_hooks = true
install_ssh_key = true
@ -125,7 +125,7 @@ domain = "rss.franzi.business"
[metadata.netbox]
domain = "netbox.franzi.business"
version = "v4.0.3"
version = "v4.0.1"
admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud]

34
nodes/entropia-jira.toml Normal file
View file

@ -0,0 +1,34 @@
hostname = "45.140.180.45"
dummy = true
[metadata.icinga_options]
period = "daytime"
show_on_statuspage = false
[metadata.icinga2_api.nginx.services."NGINX VHOST ticket-redirect CERTIFICATE"]
check_command = "check_https_cert_at_url"
"vars.domain" = "ticket.gulas.ch"
"vars.notification.mail" = true
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CERTIFICATE"]
check_command = "check_https_cert_at_url"
"vars.domain" = "jira.gulas.ch"
"vars.notification.mail" = true
[metadata.icinga2_api.nginx.services."NGINX VHOST jira CONTENT"]
check_command = "check_http_wget"
"vars.http_wget_contains" = "login.jsp"
"vars.http_wget_url" = "https://jira.gulas.ch/secure/Dashboard.jspa"
"vars.notification.sms" = true
[metadata.icinga2_api.custom.services]
# these checks do not get deployed onto the actual host by us, we only
# execute those checks
'DISK SPACE'.'vars.sshmon_command' = 'DISK_SPACE'
'JIRA HEAP'.'vars.sshmon_command' = 'JIRA_HEAP'
'JIRA THREADS'.'vars.sshmon_command' = 'JIRA_THREADS'
'LOAD'.'vars.sshmon_command' = 'LOAD'
'OOM KILLER'.'vars.sshmon_command' = 'OOM_KILLER'
'RAM'.'vars.sshmon_command' = 'RAM'
'USER PROCESS SECURITY jira'.'vars.sshmon_command' = 'USER_PROCESS_SECURITY_jira'
'ZPOOL SPACE tank'.'vars.sshmon_command' = 'check_zpool_space_tank'

2
nodes/home/paperless.py
View file

@ -42,7 +42,7 @@ nodes['home.paperless'] = {
},
'paperless': {
'domain': 'paperless.home.kunbox.net',
'version': 'v2.8.6',
'version': 'v2.8.3',
'timezone': 'Europe/Berlin',
},
'postgresql': {

2
nodes/htz-cloud.afra.toml
View file

@ -32,7 +32,7 @@ routes.'172.19.128.0/20'.via = "172.19.137.1"
[metadata.element-web]
url = "element.afra.berlin"
version = "v1.11.67"
version = "v1.11.66"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.afra.berlin"

79
nodes/htz-cloud/jugendhackt.py Normal file
View file

@ -0,0 +1,79 @@
# jugend hackt toolz
nodes['htz-cloud.jugendhackt'] = {
'bundles': {
'jugendhackt_tools',
'postgresql',
'zfs',
},
'groups': {
'debian-bookworm',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'65.21.106.160',
'2a01:4f9:c012:cfd9::/64',
},
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
},
'jugendhackt_tools': {
'allowed_hosts': ['jh.sophies-kitchen.eu'],
'timezone': 'Europe/Berlin',
},
'nginx': {
'vhosts': {
'jugendhackt_tools': {
'domain': 'jh.sophies-kitchen.eu',
'locations': {
'/': {
'target': 'http://127.0.0.1:22090/',
},
'/static/': {
'alias': '/opt/jugendhackt_tools/src/static/',
},
},
},
},
},
'postgresql': {
'version': '16',
},
'sysctl': {
'options': {
# XXX find out if this is really needed
'net.ipv4.ip_forward': '1',
'net.ipv6.conf.all.forwarding': '1',
},
},
'vm': {
'cpu': 2,
'ram': 4,
},
'users': {
'sophie': {
'enable_linger': True,
'ssh_pubkey': [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
],
},
},
'zfs': {
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/sdb',
},
}]
},
},
},
},
},
}

2
nodes/htz-cloud/miniserver.py
View file

@ -62,7 +62,7 @@ nodes['htz-cloud.miniserver'] = {
},
'element-web': {
'url': 'chat.sophies-kitchen.eu',
'version': 'v1.11.67',
'version': 'v1.11.66',
'config': {
'default_server_config': {
'm.homeserver': {

4
nodes/voc/infobeamer-cms.py
View file

@ -25,7 +25,7 @@ nodes['voc.infobeamer-cms'] = {
},
'infobeamer-cms': {
'domain': 'infobeamer.c3voc.de',
'event_start_date': '2024-05-29',
'event_start_date': '2023-12-26',
'event_duration_days': 5,
'config': {
'ADMIN_USERS': [
@ -45,7 +45,7 @@ nodes['voc.infobeamer-cms'] = {
'MQTT_TOPIC': '/voc/alert',
'MQTT_USERNAME': vault.decrypt('encrypt$gAAAAABhxakKHC_kHmHP2mFHorb4niuNTH4F24w1D6m5JUxl117N7znlZA6fpMmY3_NcmBr2Ihw4hL3FjZr9Fm_1oUZ1ZQdADA=='),
'SETUP_IDS': [
250294,
245793,
],
# 'EXTRA_ASSETS': [{
# 'type': "image",