Add ha-netcup role

Role managing the Netcup IP failover script plus keepalived. Requires ha-node role introduced via a8bbe056f1. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Add keepalived_script_user profile
2023-02-08 22:56:40 +01:00 · 2023-02-08 22:56:40 +01:00 · 2023-02-08 22:56:40 +01:00 · 2023-02-08 22:56:40 +01:00 · 2023-02-08 22:56:39 +01:00 · 2023-02-08 22:56:39 +01:00
6 changed files with 24 additions and 311 deletions
--- a/pillar/id/dericom02_rigel_lysergic_dev.sls
+++ b/pillar/id/dericom02_rigel_lysergic_dev.sls
@ -1,242 +0,0 @@
-{%- set mediapath = '/srv/matterbridge/' -%}
-
-{%- macro discord_common() -%}
-            AutoWebhooks: 'true'
-            EditSuffix: '(edited)'
-            RemoteNickFormat: '[{PROTOCOL}]:{NICK} '
-{%- endmacro -%}
-
-profile:
-  matterbridge:
-    instances:
-      libertacasa-general:
-        general:
-          MediaDownloadSize: 1000000000
-          MediaDownloadPath: {{ mediapath }}libertacasa-general
-          MediaServerDownload: https://load.casa
-        accounts:
-          irc.libertacasa:
-            Server: irc.liberta.casa:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Nick: viaduct
-            NickServNick: viaduct
-            NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'}
-            ColorNicks: 'true'
-            Charset: utf8 
-            MessageSplit: 'true'
-            MessageQueue: 60
-            UseRelayMsg: 'true'
-            RemoteNickFormat: '{NICK}/{LABEL}'
-          xmpp.libertacasa:
-            Server: xmpp.liberta.casa:5222
-            Jid: viaduct@liberta.casa
-            Password: ${'secret_matterbridge:general:accounts:xmpp.libertacasa:Password'}
-            Muc: muc.liberta.casa
-            Nick: viaduct
-            RemoteNickFormat: '[{PROTOCOL}] <{NICK}>'
-            Label: x
-            Debug: 'false'
-          telegram.libertacasa:
-            Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
-            RemoteNickFormat: '&lt;{NICK}&gt; '
-            MessageFormat: HTMLNick
-            Label: tg
-            DisableWebPagePreview: 'true'
-          sshchat.Psyched:
-            Server: 192.168.0.110:2220
-            Nick: LC
-            RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
-            Label: p
-          discord.23:
-            Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
-            Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
-            {{ discord_common() }}
-          {#-
-          discord.aithunder:
-            Token: ${'secret_matterbridge:general:accounts:discord.aithunder:Token'}
-            Server: ${'secret_matterbridge:general:accounts:discord.aithunder:Server'}
-            {{ discord_common() }}
-          #}
-        gateways:
-          libcasa:
-            irc.libertacasa: '#libcasa'
-            sshchat.Psyched: sshchat
-            xmpp.libertacasa: libcasa
-          dev:
-            irc.libertacasa: '#dev'
-            xmpp.libertacasa: dev
-          lucy:
-            irc.libertacasa: '#lucy'
-            xmpp.libertacasa: lucy
-          info:
-            irc.libertacasa: '#libcasa.info'
-            xmpp.libertacasa: libcasa.info
-            #telegram.libertacasa: '-1001518274267'
-          chat:
-            irc.libertacasa: '#chai'
-            discord.23: chat
-            xmpp.libertacasa: chat
-          dota:
-            irc.libertacasa: '#dotes'
-            discord.23: dotes
-            xmpp.libertacasa: dota
-          aithunder:
-            irc.libertacasa: '#aithunder'
-          #  discord.aithunder: main-chat
-            xmpp.libertacasa: aithunder
-
-      libertacasa-irc:
-        general:
-          RemoteNickFormat: '{NOPINGNICK}/{LABEL}: '
-          IgnoreFailureOnStart: 'true'
-          MessageSplit: 'true'
-          MediaDownloadSize: 1000000000
-          MediaDownloadPath: {{ mediapath }}libertacasa-irc
-          MediaServerDownload: https://irc.load.casa
-        accounts:
-          irc.libertacasa:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.libertacasa:NickServPassword'}
-            Server: irc.liberta.casa:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: libcasa
-            Charset: utf8
-            IgnoreNicks: HistServ
-            UseRelayMsg: 'true'
-            RemoteNickFormat: '{NICK}/{LABEL}'
-          irc.chillnet:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.chillnet:NickServPassword'}
-            Server: irc.chillnet.org:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: chillnet
-            Charset: utf8
-            IgnoreNicks: HistServ
-            UseRelayMsg: 'true'
-            RemoteNickFormat: '{NICK}/{LABEL}'
-          irc.ergo:
-            Nick: LCIRCrelay
-            NickServNick: LCIRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.ergo:NickServPassword'}
-            Server: irc.ergo.chat:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: ergochat
-            Charset: utf8
-            IgnoreNicks: HistServ
-            UseRelayMsg: 'true'
-            RemoteNickFormat: '{NICK}/{LABEL}'
-          irc.2600:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.2600:NickServPassword'}
-            Server: irc.2600.net:6697
-            UseTLS: 'true'
-            SkipTLSVerify: 'true'
-            Label: 2600net
-            Charset: utf8
-          irc.dosers:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.dosers:NickServPassword'}
-            Server: irc.dosers.net:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: dosers
-            Charset: utf8
-          irc.rizon:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.rizon:NickServPassword'}
-            Server: irc.rizon.net:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: rizon
-            Charset: utf8
-          irc.nerds:
-            Nick: LCRelay
-            NickServNick: LCRelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.nerds:NickServPassword'}
-            Server: irc6.irc-nerds.net:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: nerds
-            Charset: utf8
-          irc.oftc:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            Server: irc.oftc.net:6697
-            UseTLS: 'true'
-            Label: oftc
-            Charset: utf8
-          irc.libera:
-            Nick: IRCrelay
-            NickServNick: IRCrelay
-            NickServPassword: ${'secret_matterbridge:irc:accounts:irc.libera:NickServPassword'}
-            Server: irc.eu.libera.chat:6697
-            UseTLS: 'true'
-            UseSASL: 'true'
-            Label: libera
-            Charset: utf8
-          irc.stardust:
-            Nick: IRCrelay
-            Server: irc.stardust.cx:6697
-            UseTLS: 'true'
-            Charset: utf8
-            Label: stardust
-            # ugly but requested
-            RemoteNickFormat: '[{LABEL}] <{NICK}> '
-        gateways:
-          main:
-            irc.libertacasa: '#libcasa'
-            irc.2600: '#libcasa'
-            irc.nerds: '#praxis'
-            irc.libera: '#libcasa'
-            irc.oftc: '#libcasa'
-            irc.dosers: '#libcasa'
-            irc.rizon: '#praxis'
-          lucy:
-            irc.libertacasa: '#lucy'
-            irc.dosers: '#lucy'
-          libcasainfo:
-            irc.libertacasa: '#libcasa.info'
-            irc.ergo: '#libcasa.info'
-            irc.libera: '#libcasa.info'
-            irc.oftc: '#libcasa.info'
-          ircv5:
-            irc.libertacasa: '#ircv5'
-            irc.libera: '#ircv5'
-            irc.oftc: '#ircv5'
-          nerds:
-            irc.libertacasa: '#nerds'
-            irc.nerds: '#nerds'
-          chillops:
-            irc.libertacasa: '#chillops'
-            irc.chillnet: '#chillops'
-            irc.stardust: '#chillnet-test'
-          music:
-            irc.libertacasa: '#music'
-            irc.chillnet: '#music'
-            irc.stardust: '#music'
-
-  lighttpd:
-    vhosts:
-      matterbridge-general:
-        host: 'libertacasa-general\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
-        root: {{ mediapath }}libertacasa-general
-      matterbridge-irc:
-        host: 'libertacasa-irc\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
-        root: {{ mediapath }}libertacasa-irc
-
-firewalld:
-  zones:
-    web:
-      services:
-        - http
-      sources:
-        - '2a01:4f8:11e:2200::dead/128'
--- a/pillar/role/matterbridge.sls
+++ b/pillar/role/matterbridge.sls
@ -1 +0,0 @@
-# empty
--- a/salt/common/suse.sls
+++ b/salt/common/suse.sls
@ -41,29 +41,8 @@ ca-certificates-syscid:
    - require:
      - pkgrepo: libertacasa_rpm_repository

-common_packages_install:
+common_packages:
  pkg.installed:
    - names:
      - fish
      - system-group-wheel
-{%- if grains['virtual'] == 'kvm' %}
-      - qemu-guest-agent
-
-qemu-guest-agent:
-  service.running:
-    - enable: True
-    - require:
-      - pkg: qemu-guest-agent
-{%- endif %}
-
-common_packages_remove:
-  pkg.removed:
-    - pkgs:
-      {#- we only use AutoYaST for the OS deployment #}
-      - autoyast2
-      - autoyast2-installation
-      - libX11-data
-      - yast2-add-on
-      - yast2-services-manager
-      - yast2-slp
-      - yast2-trans-stats
--- a/salt/profile/lighttpd/init.sls
+++ b/salt/profile/lighttpd/init.sls
@ -25,8 +25,6 @@ lighttpd_files:
    - group: lighttpd
    - mode: '0640'
    - template: jinja
-    - watch_in:
-      - service: lighttpd_service
    - names:
      - /etc/lighttpd/lighttpd.conf:
        - source: salt:///{{ slspath }}/files/etc/lighttpd/lighttpd.conf.j2
@ -42,6 +40,3 @@ lighttpd_service:
  service.running:
    - name: lighttpd.service
    - enable: True
-    - reload: True
-    - require:
-      - pkg: lighttpd_packages
--- a/salt/profile/matterbridge/files/etc/matterbridge/matterbridge.toml.j2
+++ b/salt/profile/matterbridge/files/etc/matterbridge/matterbridge.toml.j2
@ -1,33 +1,35 @@
 {%- set header = salt['pillar.get']('managed_header_pound') -%}
+{%- set myfqdn = salt['grains.get']('fqdn') -%}
+{%- set mypillar = 'profile:matterbridge:instances:' ~ instance ~ ':' -%}
+{%- set myaccounts = mypillar ~ 'accounts' -%}
+{%- set mygateways = mypillar ~ 'gateways' -%}
+{%- set generalopts = ['RemoteNickFormat', 'IgnoreFailureOnStart', 'MessageSplit', 'MediaDownloadSize', 'MediaDownloadPath', 'MediaServerDownload', 'LogFile'] -%}
+{%- set accountopts = ['Nick', 'NickServNick', 'NickServPassword', 'Server', 'UseTLS', 'UseSASL', 'Label', 'Charset', 'IgnoreNicks', 'RunCommands', 'UseRelayMsg', 'RemoteNickFormat'] -%}
 {{ header }}

-{%- if general | length %}
 [general]
-{%- for option, value in general.items() %}
-{%- if value is string %}
-{%- set value = '"' ~ value ~ '"' %}
-{%- endif %}
-{{ option }}={{ value }}
-{%- endfor %}
-{% endif %}
+{% for option in generalopts %}
+{%- if salt['pillar.get'](mypillar ~ option, None) != None %}
+{{ option }}="{{ salt['pillar.get'](mypillar ~ option) }}"
+{%- endif -%}
+{%- endfor -%}

-{%- for account, config in accounts.items() %}
-[{{ account }}]
-{%- for option, value in config.items() %}
-{%- if value is string or value is number %}
-{%- set value = '"' ~ value ~ '"' %}
-{%- endif %}
-{{ option }}={{ value }}
-{%- endfor %}
+{% for account, config in salt['pillar.get'](myaccounts).items() %}
+[{{ config['protocol'] }}.{{ account }}]
+{%- for option in accountopts %}
+{%- if salt['pillar.get'](myaccounts ~ ':' ~ account ~ ':' ~ option, None) != None %}
+{{ option }}="{{ config[option] }}"
+{%- endif -%}
 {% endfor %}
+{% endfor -%}

-{%- for gateway, config in gateways.items() %}
+{% for gateway, config in salt['pillar.get'](mygateways).items() %}
 [[gateway]]
 name="{{ gateway }}"
 enable=true
-{%- for account, channel in config.items() %}
+{% for account, channel in config.items() %}
  [[gateway.inout]]
  account="{{ account }}"
  channel="{{ channel }}"
-{%- endfor %}
 {% endfor %}
+{%- endfor -%}
--- a/salt/profile/matterbridge/init.sls
+++ b/salt/profile/matterbridge/init.sls
@ -1,5 +1,5 @@
-{%- set mypillar = salt['pillar.get']('profile:matterbridge') -%}
-{%- set instances = mypillar['instances'] | default([]) -%}
+{%- set mypillar = 'profile:matterbridge' -%}
+{%- set instances = salt['pillar.get'](mypillar ~ ':instances') or [] -%}

 matterbridge_packages:
  pkg.installed:
@ -31,31 +31,11 @@ matterbridge_files:
      - /etc/matterbridge/{{ instance }}.toml:
        - context:
            instance: {{ instance }}
-            general: {{ instances[instance]['general'] | default({}) }}
-            accounts: {{ instances[instance]['accounts'] }}
-            gateways: {{ instances[instance]['gateways'] }}
-        - watch_in:
-          - service: matterbridge_{{ instance }}_service
-{%- endfor %}
-
-{%- for instance in instances %}
-{%- if 'general' in instances[instance] and 'MediaDownloadPath' in instances[instance]['general'] %}
-matterbridge_{{ instance }}_mediadir:
-  file.directory:
-    - name: {{ instances[instance]['general']['MediaDownloadPath'] }}
-    - user: matterbridge
-    {#- to-do: implement some shared group #}
-    - group: lighttpd
-    - mode: 750
-    - makedirs: True
-{%- endif %}

 matterbridge_{{ instance }}_service:
  service.running:
    - name: matterbridge@{{ instance }}.service
    - enable: True
-    - watch:
-      - file: /etc/matterbridge/{{ instance }}.toml
 {%- endfor %}
 {%- endif %}
Author	SHA1	Message	Date
Georg Pfuetzenreuter	59729324bf	Add ha-netcup role All checks were successful ci/lysergic/push/pipeline Pipeline was successful Details Role managing the Netcup IP failover script plus keepalived. Requires ha-node role introduced via a8bbe056f1. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-08 22:56:40 +01:00
Georg Pfuetzenreuter	c3d8548818	Add keepalived_script_user profile Short profile source from other profiles requiring the keepalived_script user to be present. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-08 22:56:40 +01:00
Georg Pfuetzenreuter	fe91de41ff	Add netcup_failover profile Profile managing a Netcup IP address failover script for use with keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-08 22:56:40 +01:00
Georg Pfuetzenreuter	d4e6fce02b	nemesis/hubris: import keepalived configuration Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-08 22:56:40 +01:00
Georg Pfuetzenreuter	6c9721bea3	nemesis/hubris: include denc.web-proxy Add shared nginx configuration to nemesis/hubris HA pair nodes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-08 22:56:39 +01:00
Georg Pfuetzenreuter	993f0cfecb	nemesis/hubris: import nginx configuration Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-08 22:56:39 +01:00