diff --git a/common/deploy.py b/common/deploy.py new file mode 100644 index 0000000..83e375c --- /dev/null +++ b/common/deploy.py @@ -0,0 +1,93 @@ +from pyinfra import host +from pyinfra.operations import apt, server, files +from pyinfra.facts.server import LinuxName + +files_path = "files/common/" +template_path = files_path +"template/" + +## check on which Distribution the script is executed +if host.get_fact(LinuxName) == "Debian": + + ## update apt repositories + apt.update( + name="update apt repositories", + # _doas=True, + # _doas_user="pyinfra", + # _sudo=True, + # _sudo_user="pyinfra", + ) + + ## install python3 + apt.packages( + name="install python3", + packages=["python3"], + ) + + ## install borgbackup + apt.packages( + name="install borgbackup", + packages=["borgbackup"], + ) + + +#elif host.get_fact(LinuxName) == "": +else: + print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet") + exit("exit from matrix-synapse/deploy.py") + +## create /etc/myname +myname_path = template_path +"myname" +files.put( + name="create " +myname_path, + src=myname_path, + dest="/etc/myname", +) + +## disable and stop sndiod +service_name = "sndiod" +server.service( + name="disable and stop sndiod", + service=service_name, + enabled=False, + running=False, +) + +## create /root/.ssh/config +dotssh_conf_path = files_path +"dotssh_config" +files.put( + name="create /root/.ssh/config", + src=dotssh_conf_path, + dest="/root/.ssh/config", +) + +# ? when: provision is not defined or inventory_hostname == provision + +## create /etc/hosts +hosts_path = template_path +"hosts" +files.put( + name="create /etc/hosts", + src=hosts_path, + dest="/etc/hosts", +) + +# ? when: destroy is not defined or inventory_hostname != destroy + +# ? - block: + +## copy /etc/mail/aliases +aliases_path = files_path +"aliases" +files.put( + name="copy /etc/mail/aliases", + src=aliases_path, + dest="/etc/mail/aliases", +) + +## create /etc/mail/smtpd.conf +smtpd_conf_path = template_path +"smtpd.conf" +files.put( + name="create /etc/mail/smtpd.conf", + src=smtpd_conf_path, + dest="/etc/mail/smtpd.conf", +) + +# ? when: provision is not defined or inventory_hostname == provision diff --git a/deploy.py b/deploy.py index 6861453..77dc556 100644 --- a/deploy.py +++ b/deploy.py @@ -1,6 +1,7 @@ from pyinfra import host, local from pyinfra.facts import server from pyinfra.operations import files + from pyinfra.operations import server as o_server if host.name == "@local": @@ -40,6 +41,9 @@ if host.name != "@local": # _sudo=True, ) +if host.name == "common": + local.include("common/deploy.py") + if host.name == "ararat.0x90.space": local.include("ararat/deploy.py") @@ -51,3 +55,4 @@ if host.name == "chat.heizhaus.org": if host.name == "www": local.include("www/deploy.py") + diff --git a/files/common/aliases b/files/common/aliases new file mode 100644 index 0000000..8c32360 --- /dev/null +++ b/files/common/aliases @@ -0,0 +1,99 @@ +# +# $OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $ +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /usr/libexec/mail.local. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to smtpd. +# + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for important pseudo accounts +daemon: root +ftp-bugs: root +operator: root +www: root + +# Redirections for pseudo accounts that should not receive mail +_bgpd: /dev/null +_dhcp: /dev/null +_dpb: /dev/null +_dvmrpd: /dev/null +_eigrpd: /dev/null +_file: /dev/null +_fingerd: /dev/null +_ftp: /dev/null +_hostapd: /dev/null +_identd: /dev/null +_iked: /dev/null +_isakmpd: /dev/null +_iscsid: /dev/null +_ldapd: /dev/null +_ldpd: /dev/null +_mopd: /dev/null +_nsd: /dev/null +_ntp: /dev/null +_ospfd: /dev/null +_ospf6d: /dev/null +_pbuild: /dev/null +_pfetch: /dev/null +_pflogd: /dev/null +_ping: /dev/null +_pkgfetch: /dev/null +_pkguntar: /dev/null +_portmap: /dev/null +_ppp: /dev/null +_rad: /dev/null +_radiusd: /dev/null +_rbootd: /dev/null +_relayd: /dev/null +_ripd: /dev/null +_rstatd: /dev/null +_rusersd: /dev/null +_rwalld: /dev/null +_smtpd: /dev/null +_smtpq: /dev/null +_sndio: /dev/null +_snmpd: /dev/null +_spamd: /dev/null +_switchd: /dev/null +_syslogd: /dev/null +_tcpdump: /dev/null +_traceroute: /dev/null +_tftpd: /dev/null +_unbound: /dev/null +_unwind: /dev/null +_vmd: /dev/null +_x11: /dev/null +_ypldap: /dev/null +bin: /dev/null +build: /dev/null +nobody: /dev/null +_tftp_proxy: /dev/null +_ftp_proxy: /dev/null +_sndiop: /dev/null +_syspatch: /dev/null +_slaacd: /dev/null +sshd: /dev/null + +# Well-known aliases -- these should be filled in! +root: servers@schleuder.0x90.space +# manager: +# dumper: + +# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES +abuse: root +noc: root +security: root + +# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +hostmaster: root +# usenet: root +# news: usenet +webmaster: root +# ftp: root diff --git a/files/common/dotssh_config b/files/common/dotssh_config new file mode 100644 index 0000000..b1e537f --- /dev/null +++ b/files/common/dotssh_config @@ -0,0 +1,9 @@ +Host cyberbackup + Hostname 192.168.223.3 + Port 42022 + User tech + +Host nephilim + Hostname 192.168.223.5 + Port 22 + User nathan diff --git a/files/common/template/hosts b/files/common/template/hosts new file mode 100644 index 0000000..79088b8 --- /dev/null +++ b/files/common/template/hosts @@ -0,0 +1,16 @@ +127.0.0.1 localhost +::1 localhost +192.168.45.3 cyberbackup +{% for hypervisor in groups['openbsd_hypervisor'] %} +192.168.{{ hostvars[hypervisor]['network_nr'] }}.1 {{ hypervisor }}.0x90.space {{ hypervisor }} +{{ hostvars[hypervisor]['ip6_prefix'] }}::1 {{ hypervisor }}.0x90.space {{ hypervisor }} +{% endfor %} +{% for vm in groups['openbsd_vm'] %} +{% if destroy is not defined or vm != destroy %} +192.168.{{ hostvars[hostvars[vm]['hypervisor']]['network_nr'] }}.{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }} +{{ hostvars[hostvars[vm]['hypervisor']]['ip6_prefix'] }}:fce1:baff:fed0:{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }} +{% endif %} +{% endfor %} +{% for machine in groups['vpn_hosts'] %} +192.168.{{ hostvars[hostvars[machine]['jumphost']]['vpn_network_nr'] }}.{{ hostvars[machine]['host_nr'] }} {{ machine }} +{% endfor %} diff --git a/files/common/template/myname b/files/common/template/myname new file mode 100644 index 0000000..b443116 --- /dev/null +++ b/files/common/template/myname @@ -0,0 +1 @@ +{{ inventory_hostname }}.0x90.space diff --git a/files/common/template/smtpd.conf b/files/common/template/smtpd.conf new file mode 100644 index 0000000..90a2eb8 --- /dev/null +++ b/files/common/template/smtpd.conf @@ -0,0 +1,15 @@ +# $OpenBSD: smtpd.conf,v 1.12 2019/07/24 15:31:53 kmos Exp $ + +# This is the smtpd server system-wide configuration file. +# See smtpd.conf(5) for more information. + +table aliases file:/etc/mail/aliases + +listen on all + +action "local_mail" mbox alias +action "outbound" relay host "relay.0x90.space" + +match from any for domain "{{ inventory_hostname }}.0x90.space" action "local_mail" +match from local for local action "local_mail" +match from local for any action "outbound" diff --git a/inventory.py b/inventory.py index 972abcf..b2171b9 100644 --- a/inventory.py +++ b/inventory.py @@ -2,7 +2,7 @@ targets = [ "@local", ("ararat.0x90.space", dict(ssh_port=42022)), ("baixun.0x90.space", dict(ssh_port=42023)), -# ("matrix.0x90.space", dict(ssh_port=42024)), + ("common", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")), ("chat.heizhaus.org", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")), ("www", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")), ]