merge brach matix, www, and common to merge_try

2024-10-07 06:18:25 +02:00 · 2024-10-07 06:18:25 +02:00 · 922f395881
parent f734cb439b f972b2625f
commit 922f395881
8 changed files with 239 additions and 1 deletions
--- a/common/deploy.py
+++ b/common/deploy.py
@ -0,0 +1,93 @@
+from pyinfra import host
+from pyinfra.operations import apt, server, files
+from pyinfra.facts.server import LinuxName
+
+files_path = "files/common/"
+template_path = files_path +"template/"
+
+## check on which Distribution the script is executed
+if host.get_fact(LinuxName) == "Debian":
+
+	## update apt repositories
+	apt.update(
+		name="update apt repositories",
+		#			_doas=True,
+		#			_doas_user="pyinfra",
+		#			_sudo=True,
+		#			_sudo_user="pyinfra",
+	)
+
+	## install python3
+	apt.packages(
+		name="install python3",
+		packages=["python3"],
+	)
+
+	## install borgbackup
+	apt.packages(
+		name="install borgbackup",
+		packages=["borgbackup"],
+	)
+
+
+#elif host.get_fact(LinuxName) == "":
+else:
+	print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
+	exit("exit from matrix-synapse/deploy.py")
+
+## create /etc/myname
+myname_path = template_path +"myname"
+files.put(
+	name="create " +myname_path,
+	src=myname_path,
+	dest="/etc/myname",
+)
+
+## disable and stop sndiod
+service_name = "sndiod"
+server.service(
+	name="disable and stop sndiod",
+	service=service_name,
+	enabled=False,
+	running=False,
+)
+
+## create /root/.ssh/config
+dotssh_conf_path = files_path +"dotssh_config"
+files.put(
+	name="create /root/.ssh/config",
+	src=dotssh_conf_path,
+	dest="/root/.ssh/config",
+)
+
+# ?   when: provision is not defined or inventory_hostname == provision
+
+## create /etc/hosts
+hosts_path = template_path +"hosts"
+files.put(
+	name="create /etc/hosts",
+	src=hosts_path,
+	dest="/etc/hosts",
+)
+
+# ?   when: destroy is not defined or inventory_hostname != destroy
+
+# ? - block:
+
+## copy /etc/mail/aliases
+aliases_path = files_path +"aliases"
+files.put(
+	name="copy /etc/mail/aliases",
+	src=aliases_path,
+	dest="/etc/mail/aliases",
+)
+
+## create /etc/mail/smtpd.conf
+smtpd_conf_path = template_path +"smtpd.conf"
+files.put(
+	name="create /etc/mail/smtpd.conf",
+	src=smtpd_conf_path,
+	dest="/etc/mail/smtpd.conf",
+)
+
+# ?   when: provision is not defined or inventory_hostname == provision
--- a/deploy.py
+++ b/deploy.py
@ -1,6 +1,7 @@
 from pyinfra import host, local
 from pyinfra.facts import server
 from pyinfra.operations import files
+
 from pyinfra.operations import server as o_server

 if host.name == "@local":
@ -40,6 +41,9 @@ if host.name != "@local":
 #        _sudo=True,
    )

+if host.name == "common":
+    local.include("common/deploy.py")
+
 if host.name == "ararat.0x90.space":
    local.include("ararat/deploy.py")

@ -51,3 +55,4 @@ if host.name == "chat.heizhaus.org":

 if host.name == "www":
    local.include("www/deploy.py")
+
--- a/files/common/aliases
+++ b/files/common/aliases
@ -0,0 +1,99 @@
+#
+#	$OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $
+#
+#  Aliases in this file will NOT be expanded in the header from
+#  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
+#
+#	>>>>>>>>>>	The program "newaliases" must be run after
+#	>> NOTE >>	this file is updated for any changes to
+#	>>>>>>>>>>	show through to smtpd.
+#
+
+# Basic system aliases -- these MUST be present
+MAILER-DAEMON: postmaster
+postmaster: root
+
+# General redirections for important pseudo accounts
+daemon:	root
+ftp-bugs: root
+operator: root
+www:	root
+
+# Redirections for pseudo accounts that should not receive mail
+_bgpd: /dev/null
+_dhcp: /dev/null
+_dpb: /dev/null
+_dvmrpd: /dev/null
+_eigrpd: /dev/null
+_file: /dev/null
+_fingerd: /dev/null
+_ftp: /dev/null
+_hostapd: /dev/null
+_identd: /dev/null
+_iked: /dev/null
+_isakmpd: /dev/null
+_iscsid: /dev/null
+_ldapd: /dev/null
+_ldpd: /dev/null
+_mopd: /dev/null
+_nsd: /dev/null
+_ntp: /dev/null
+_ospfd: /dev/null
+_ospf6d: /dev/null
+_pbuild: /dev/null
+_pfetch: /dev/null
+_pflogd: /dev/null
+_ping: /dev/null
+_pkgfetch: /dev/null
+_pkguntar: /dev/null
+_portmap: /dev/null
+_ppp: /dev/null
+_rad: /dev/null
+_radiusd: /dev/null
+_rbootd: /dev/null
+_relayd: /dev/null
+_ripd: /dev/null
+_rstatd: /dev/null
+_rusersd: /dev/null
+_rwalld: /dev/null
+_smtpd: /dev/null
+_smtpq: /dev/null
+_sndio: /dev/null
+_snmpd: /dev/null
+_spamd: /dev/null
+_switchd: /dev/null
+_syslogd: /dev/null
+_tcpdump: /dev/null
+_traceroute: /dev/null
+_tftpd: /dev/null
+_unbound: /dev/null
+_unwind: /dev/null
+_vmd: /dev/null
+_x11:   /dev/null
+_ypldap: /dev/null
+bin:	/dev/null
+build:	/dev/null
+nobody:	/dev/null
+_tftp_proxy: /dev/null
+_ftp_proxy: /dev/null
+_sndiop: /dev/null
+_syspatch: /dev/null
+_slaacd: /dev/null
+sshd:   /dev/null
+
+# Well-known aliases -- these should be filled in!
+root: servers@schleuder.0x90.space
+# manager:
+# dumper:
+
+# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
+abuse:		root
+noc:		root
+security:	root
+
+# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
+hostmaster:	root
+# usenet:	root
+# news:		usenet
+webmaster:	root
+# ftp:		root
--- a/files/common/dotssh_config
+++ b/files/common/dotssh_config
@ -0,0 +1,9 @@
+Host cyberbackup
+    Hostname 192.168.223.3
+    Port 42022
+    User tech
+
+Host nephilim
+    Hostname 192.168.223.5
+    Port 22
+    User nathan
--- a/files/common/template/hosts
+++ b/files/common/template/hosts
@ -0,0 +1,16 @@
+127.0.0.1	localhost
+::1		localhost
+192.168.45.3	cyberbackup
+{% for hypervisor in groups['openbsd_hypervisor'] %}
+192.168.{{ hostvars[hypervisor]['network_nr'] }}.1	{{ hypervisor }}.0x90.space {{ hypervisor }}
+{{ hostvars[hypervisor]['ip6_prefix'] }}::1	{{ hypervisor }}.0x90.space {{ hypervisor }}
+{% endfor %}
+{% for vm in groups['openbsd_vm'] %}
+{% if destroy is not defined or vm != destroy %}
+192.168.{{ hostvars[hostvars[vm]['hypervisor']]['network_nr'] }}.{{ hostvars[vm]['host_nr'] }}	{{ vm }}.0x90.space {{ vm }}
+{{ hostvars[hostvars[vm]['hypervisor']]['ip6_prefix'] }}:fce1:baff:fed0:{{ hostvars[vm]['host_nr'] }}	{{ vm }}.0x90.space {{ vm }}
+{% endif %}
+{% endfor %}
+{% for machine in groups['vpn_hosts'] %}
+192.168.{{ hostvars[hostvars[machine]['jumphost']]['vpn_network_nr'] }}.{{ hostvars[machine]['host_nr'] }}	{{ machine }}
+{% endfor %}
--- a/files/common/template/myname
+++ b/files/common/template/myname
@ -0,0 +1 @@
+{{ inventory_hostname }}.0x90.space
--- a/files/common/template/smtpd.conf
+++ b/files/common/template/smtpd.conf
@ -0,0 +1,15 @@
+#	$OpenBSD: smtpd.conf,v 1.12 2019/07/24 15:31:53 kmos Exp $
+
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information.
+
+table aliases file:/etc/mail/aliases
+
+listen on all
+
+action "local_mail" mbox alias <aliases>
+action "outbound" relay host "relay.0x90.space"
+
+match from any for domain "{{ inventory_hostname }}.0x90.space" action "local_mail"
+match from local for local action "local_mail"
+match from local for any action "outbound"
--- a/inventory.py
+++ b/inventory.py
@ -2,7 +2,7 @@ targets = [
    "@local",
    ("ararat.0x90.space", dict(ssh_port=42022)),
    ("baixun.0x90.space", dict(ssh_port=42023)),
-#    ("matrix.0x90.space", dict(ssh_port=42024)),
+    ("common", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
    ("chat.heizhaus.org", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
    ("www", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
 ]