Compare commits
32 Commits
59729324bf
...
454214be61
Author | SHA1 | Date | |
---|---|---|---|
454214be61 | |||
41bd1af1a4 | |||
ae40b1c9c0 | |||
303b06ae8c | |||
a0a21a17db | |||
eed4945a9f | |||
1b0965943f | |||
8e1436d4af | |||
b6b7ff1e33 | |||
95248fd374 | |||
1f8d8b642c | |||
9043634123 | |||
9a0c210b87 | |||
5da0bfe798 | |||
16c8cd3dd5 | |||
1eb10e4687 | |||
b446afcc49 | |||
82e8ce4eb2 | |||
586c7e3bc7 | |||
b061265885 | |||
1302e06486 | |||
8fbfd38ec3 | |||
12c47a346b | |||
c9a157833b | |||
1aacd3f340 | |||
ab47eb5485 | |||
e2560f0dd6 | |||
77c50cf53f | |||
03a4aec0f3 | |||
dee3e035c2 | |||
650854fa27 | |||
07d325d777 |
206
pillar/cluster/denc/web-proxy.sls
Normal file
206
pillar/cluster/denc/web-proxy.sls
Normal file
@ -0,0 +1,206 @@
|
||||
{%- from 'map.jinja' import nginx_crtkeypair -%}
|
||||
{%- set trustcrt = '/usr/share/pki/trust/anchors/syscid-ca.crt' -%}
|
||||
{%- set stapler = 'http://gaia.syscid.com:8900/' -%}
|
||||
{%- set resolver = '192.168.0.115' -%}
|
||||
{%- set mailer = '192.168.0.120' -%}
|
||||
{%- set ha4 = '81.16.19.62' -%}
|
||||
{%- set ha6 = '2a03:4000:20:21f::' -%}
|
||||
|
||||
keepalived:
|
||||
config:
|
||||
global_defs:
|
||||
notification_email:
|
||||
- system@lysergic.dev
|
||||
notification_email_from: failover@{{ grains['host'] }}.lysergic.dev
|
||||
smtp_server: {{ mailer }}
|
||||
smtp_connect_timeout: 30
|
||||
router_id: SSO_FO
|
||||
vrrp_script:
|
||||
check_nginx_port:
|
||||
script: '"/usr/bin/curl -kfsSm2 https://[::1]:443"'
|
||||
weight: 5
|
||||
interval: 3
|
||||
timeout: 3
|
||||
check_nginx_process:
|
||||
{#- this is not a good check but better than nothing #}
|
||||
script: '"/usr/bin/pgrep nginx"'
|
||||
weight: 4
|
||||
interval: 2
|
||||
timeout: 10
|
||||
check_useless_process:
|
||||
{#- this is only used for debugging #}
|
||||
script: '"/usr/bin/pgrep useless.sh"'
|
||||
weight: 4
|
||||
interval: 2
|
||||
timeout: 3
|
||||
vrrp_instance:
|
||||
DENCWC:
|
||||
state: MASTER
|
||||
interface: eth1
|
||||
priority: 100
|
||||
virtual_router_id: 100
|
||||
advert_int: 5
|
||||
smtp_alert: true
|
||||
notify_master: '"/usr/local/bin/failover --all"'
|
||||
promote_secondaries: true
|
||||
mcast_src_ip: 192.168.0.50
|
||||
authentication:
|
||||
auth_type: PASS
|
||||
auth_pass: ${'secret_keepalived:vrrp_instance:DENCWC'}
|
||||
virtual_ipaddress:
|
||||
- {{ ha4 }}/32 dev eth0 label failover
|
||||
virtual_ipaddress_excluded:
|
||||
- {{ ha6 }}/64 dev eth0
|
||||
{%- for i in [1, 2, 3] %}
|
||||
- {{ ha6 }}{{ i }}/64 dev eth0
|
||||
{%- endfor %}
|
||||
track_script:
|
||||
{#- - check_nginx_port # to-do: this is currently bugged, check script locks up #}
|
||||
- check_nginx_process
|
||||
track_interface:
|
||||
- eth0
|
||||
|
||||
nginx:
|
||||
snippets:
|
||||
listen_ha:
|
||||
- listen:
|
||||
- {{ ha4 }}:443 ssl http2
|
||||
- '[{{ ha6 }}]:443 ssl http2'
|
||||
proxy:
|
||||
- proxy_set_header:
|
||||
- Host $host
|
||||
- X-Real-IP $remote_addr
|
||||
- X-Forwarded-For $proxy_add_x_forwarded_for
|
||||
- X-Forwarded-Host $host
|
||||
- X-Forwarded-Server $host
|
||||
- X-Forwarded-Port $server_port
|
||||
- X-Forwarded-Proto $scheme
|
||||
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
|
||||
tls:
|
||||
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}
|
||||
{{ nginx_crtkeypair('libertacasa', 'liberta.casa') | indent }}
|
||||
- include: snippets/tls
|
||||
{{ nginx_crtkeypair('libertacasanet', 'libertacasa.net') | indent }}
|
||||
- include: snippets/tls
|
||||
{{ nginx_crtkeypair('libsso', 'libsso.net') | indent }}
|
||||
- include: snippets/tls
|
||||
{{ nginx_crtkeypair('lysergic', 'lysergic.dev') | indent }}
|
||||
- include: snippets/tls
|
||||
tls_syscidsso:
|
||||
- ssl_trusted_certificate: {{ trustcrt }}
|
||||
- ssl_client_certificate: {{ trustcrt }}
|
||||
- ssl_certificate: /etc/ssl/syscid/sso.syscid.com.crt
|
||||
- ssl_certificate_key: /etc/ssl/syscid/sso.syscid.com.key
|
||||
- ssl_ocsp: 'on'
|
||||
- ssl_ocsp_responder: {{ stapler }}
|
||||
- ssl_stapling: 'on'
|
||||
- ssl_stapling_responder: {{ stapler }}
|
||||
- ssl_stapling_verify: 'on'
|
||||
- ssl_verify_client: 'on'
|
||||
- resolver: {{ resolver }} ipv6=off
|
||||
- include: snippets.d/tls
|
||||
|
||||
servers:
|
||||
managed:
|
||||
jboss-cluster.conf:
|
||||
available_dir: /etc/nginx/conf.d
|
||||
config:
|
||||
- proxy_cache_path: /var/cache/nginx/sso_public keys_zone=cache_sso_public:10m
|
||||
- proxy_cache_path: /var/cache/nginx/sso_private keys_zone=cache_sso_private:10m
|
||||
- upstream jboss:
|
||||
- ip: hash
|
||||
- server:
|
||||
- theia.backend.syscid.com:8443
|
||||
- orpheus.backend.syscid.com:8443
|
||||
- selene.backend.syscid.com:8443
|
||||
|
||||
bookstack.conf:
|
||||
config:
|
||||
- server:
|
||||
- include:
|
||||
- snippets/listen
|
||||
- snippets/tls_libertacasa
|
||||
- server_name: libertacasa.info libcasa.info
|
||||
- location /:
|
||||
- proxy_pass: https://bookstack.themis.backend.syscid.com
|
||||
- proxy_http_version: 1.1
|
||||
- client_max_body_size: 20M
|
||||
|
||||
http.conf:
|
||||
config:
|
||||
- server:
|
||||
- listen:
|
||||
- {{ ha4 }}:80 default_server
|
||||
- '[{{ ha6 }}]:80 default_server'
|
||||
- include: snippets/robots
|
||||
- location /:
|
||||
- return: 301 https://$host$request_uri
|
||||
|
||||
privatebin.conf:
|
||||
config:
|
||||
- server:
|
||||
- include:
|
||||
- snippets/listen
|
||||
- snippets/tls_lysergic
|
||||
- server_name: pasta.lysergic.dev
|
||||
- location /:
|
||||
- proxy_pass: https://privatebin.themis.backend.syscid.com
|
||||
- proxy_http_version: 1.1
|
||||
- client_max_body_size: 50M
|
||||
|
||||
sso_private.conf:
|
||||
config:
|
||||
- server:
|
||||
- include:
|
||||
- snippets/listen
|
||||
- snippets/tls_syscidsso
|
||||
- server_name: sso.syscid.com
|
||||
- root: /srv/www/sso.syscid.com
|
||||
- location = /: []
|
||||
- location /index.html: []
|
||||
- location /:
|
||||
- proxy_pass: https://jboss
|
||||
- proxy_cache: cache_sso_private
|
||||
- include: snippets/proxy
|
||||
- proxy_buffer_size: 256k
|
||||
- proxy_buffers: 4 512k
|
||||
- proxy_busy_buffers_size: 512k
|
||||
- error_log: /var/log/nginx/sso_private.error.log
|
||||
- access_log: /var/log/nginx/sso_private.access.log combined
|
||||
|
||||
sso_public.conf:
|
||||
config:
|
||||
- server:
|
||||
- include:
|
||||
- snippets/listen
|
||||
- snippets/tls_libsso
|
||||
- server_name: sso.casa www.sso.casa
|
||||
- location /:
|
||||
- root: /srv/www/sso.casa
|
||||
- server:
|
||||
- include:
|
||||
- snippets/listen
|
||||
- snippets/tls_libsso
|
||||
- server_name: libsso.net www.libsso.net
|
||||
- location /:
|
||||
- root: /srv/www/libsso.net
|
||||
- location /auth: {#- compat, consider removing #}
|
||||
- rewrite: '^/auth(.*)$ https://libsso.net$1 break'
|
||||
{%- for path in ['realms', 'resources', 'js'] %}
|
||||
- location /{{ path }}:
|
||||
- proxy_pass: https://jboss/{{ path }}
|
||||
- proxy_cache: cache_sso_public
|
||||
{#- - proxy_ssl_verify: on #to-do: enable this #}
|
||||
- include: snippets/proxy
|
||||
{%- endfor %}
|
||||
{%- for path in ['admin', 'welcome', 'metrics', 'health' ] %}
|
||||
- location /{{ path }}:
|
||||
- return: https://liberta.casa/
|
||||
{%- endfor %}
|
||||
- proxy_buffer_size: 256k
|
||||
- proxy_buffers: 4 512k
|
||||
- proxy_busy_buffers_size: 512k
|
||||
- error_log: /var/log/nginx/libsso_public.error.log
|
||||
- access_log: /var/log/nginx/libsso_public.access.log combined
|
242
pillar/id/dericom02_rigel_lysergic_dev.sls
Normal file
242
pillar/id/dericom02_rigel_lysergic_dev.sls
Normal file
@ -0,0 +1,242 @@
|
||||
{%- set mediapath = '/srv/matterbridge/' -%}
|
||||
|
||||
{%- macro discord_common() -%}
|
||||
AutoWebhooks: 'true'
|
||||
EditSuffix: '(edited)'
|
||||
RemoteNickFormat: '[{PROTOCOL}]:{NICK} '
|
||||
{%- endmacro -%}
|
||||
|
||||
profile:
|
||||
matterbridge:
|
||||
instances:
|
||||
libertacasa-general:
|
||||
general:
|
||||
MediaDownloadSize: 1000000000
|
||||
MediaDownloadPath: {{ mediapath }}libertacasa-general
|
||||
MediaServerDownload: https://load.casa
|
||||
accounts:
|
||||
irc.libertacasa:
|
||||
Server: irc.liberta.casa:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Nick: viaduct
|
||||
NickServNick: viaduct
|
||||
NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'}
|
||||
ColorNicks: 'true'
|
||||
Charset: utf8
|
||||
MessageSplit: 'true'
|
||||
MessageQueue: 60
|
||||
UseRelayMsg: 'true'
|
||||
RemoteNickFormat: '{NICK}/{LABEL}'
|
||||
xmpp.libertacasa:
|
||||
Server: xmpp.liberta.casa:5222
|
||||
Jid: viaduct@liberta.casa
|
||||
Password: ${'secret_matterbridge:general:accounts:xmpp.libertacasa:Password'}
|
||||
Muc: muc.liberta.casa
|
||||
Nick: viaduct
|
||||
RemoteNickFormat: '[{PROTOCOL}] <{NICK}>'
|
||||
Label: x
|
||||
Debug: 'false'
|
||||
telegram.libertacasa:
|
||||
Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
|
||||
RemoteNickFormat: '<{NICK}> '
|
||||
MessageFormat: HTMLNick
|
||||
Label: tg
|
||||
DisableWebPagePreview: 'true'
|
||||
sshchat.Psyched:
|
||||
Server: 192.168.0.110:2220
|
||||
Nick: LC
|
||||
RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
|
||||
Label: p
|
||||
discord.23:
|
||||
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
||||
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
||||
{{ discord_common() }}
|
||||
{#-
|
||||
discord.aithunder:
|
||||
Token: ${'secret_matterbridge:general:accounts:discord.aithunder:Token'}
|
||||
Server: ${'secret_matterbridge:general:accounts:discord.aithunder:Server'}
|
||||
{{ discord_common() }}
|
||||
#}
|
||||
gateways:
|
||||
libcasa:
|
||||
irc.libertacasa: '#libcasa'
|
||||
sshchat.Psyched: sshchat
|
||||
xmpp.libertacasa: libcasa
|
||||
dev:
|
||||
irc.libertacasa: '#dev'
|
||||
xmpp.libertacasa: dev
|
||||
lucy:
|
||||
irc.libertacasa: '#lucy'
|
||||
xmpp.libertacasa: lucy
|
||||
info:
|
||||
irc.libertacasa: '#libcasa.info'
|
||||
xmpp.libertacasa: libcasa.info
|
||||
#telegram.libertacasa: '-1001518274267'
|
||||
chat:
|
||||
irc.libertacasa: '#chai'
|
||||
discord.23: chat
|
||||
xmpp.libertacasa: chat
|
||||
dota:
|
||||
irc.libertacasa: '#dotes'
|
||||
discord.23: dotes
|
||||
xmpp.libertacasa: dota
|
||||
aithunder:
|
||||
irc.libertacasa: '#aithunder'
|
||||
# discord.aithunder: main-chat
|
||||
xmpp.libertacasa: aithunder
|
||||
|
||||
libertacasa-irc:
|
||||
general:
|
||||
RemoteNickFormat: '{NOPINGNICK}/{LABEL}: '
|
||||
IgnoreFailureOnStart: 'true'
|
||||
MessageSplit: 'true'
|
||||
MediaDownloadSize: 1000000000
|
||||
MediaDownloadPath: {{ mediapath }}libertacasa-irc
|
||||
MediaServerDownload: https://irc.load.casa
|
||||
accounts:
|
||||
irc.libertacasa:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.libertacasa:NickServPassword'}
|
||||
Server: irc.liberta.casa:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: libcasa
|
||||
Charset: utf8
|
||||
IgnoreNicks: HistServ
|
||||
UseRelayMsg: 'true'
|
||||
RemoteNickFormat: '{NICK}/{LABEL}'
|
||||
irc.chillnet:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.chillnet:NickServPassword'}
|
||||
Server: irc.chillnet.org:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: chillnet
|
||||
Charset: utf8
|
||||
IgnoreNicks: HistServ
|
||||
UseRelayMsg: 'true'
|
||||
RemoteNickFormat: '{NICK}/{LABEL}'
|
||||
irc.ergo:
|
||||
Nick: LCIRCrelay
|
||||
NickServNick: LCIRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.ergo:NickServPassword'}
|
||||
Server: irc.ergo.chat:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: ergochat
|
||||
Charset: utf8
|
||||
IgnoreNicks: HistServ
|
||||
UseRelayMsg: 'true'
|
||||
RemoteNickFormat: '{NICK}/{LABEL}'
|
||||
irc.2600:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.2600:NickServPassword'}
|
||||
Server: irc.2600.net:6697
|
||||
UseTLS: 'true'
|
||||
SkipTLSVerify: 'true'
|
||||
Label: 2600net
|
||||
Charset: utf8
|
||||
irc.dosers:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.dosers:NickServPassword'}
|
||||
Server: irc.dosers.net:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: dosers
|
||||
Charset: utf8
|
||||
irc.rizon:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.rizon:NickServPassword'}
|
||||
Server: irc.rizon.net:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: rizon
|
||||
Charset: utf8
|
||||
irc.nerds:
|
||||
Nick: LCRelay
|
||||
NickServNick: LCRelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.nerds:NickServPassword'}
|
||||
Server: irc6.irc-nerds.net:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: nerds
|
||||
Charset: utf8
|
||||
irc.oftc:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
Server: irc.oftc.net:6697
|
||||
UseTLS: 'true'
|
||||
Label: oftc
|
||||
Charset: utf8
|
||||
irc.libera:
|
||||
Nick: IRCrelay
|
||||
NickServNick: IRCrelay
|
||||
NickServPassword: ${'secret_matterbridge:irc:accounts:irc.libera:NickServPassword'}
|
||||
Server: irc.eu.libera.chat:6697
|
||||
UseTLS: 'true'
|
||||
UseSASL: 'true'
|
||||
Label: libera
|
||||
Charset: utf8
|
||||
irc.stardust:
|
||||
Nick: IRCrelay
|
||||
Server: irc.stardust.cx:6697
|
||||
UseTLS: 'true'
|
||||
Charset: utf8
|
||||
Label: stardust
|
||||
# ugly but requested
|
||||
RemoteNickFormat: '[{LABEL}] <{NICK}> '
|
||||
gateways:
|
||||
main:
|
||||
irc.libertacasa: '#libcasa'
|
||||
irc.2600: '#libcasa'
|
||||
irc.nerds: '#praxis'
|
||||
irc.libera: '#libcasa'
|
||||
irc.oftc: '#libcasa'
|
||||
irc.dosers: '#libcasa'
|
||||
irc.rizon: '#praxis'
|
||||
lucy:
|
||||
irc.libertacasa: '#lucy'
|
||||
irc.dosers: '#lucy'
|
||||
libcasainfo:
|
||||
irc.libertacasa: '#libcasa.info'
|
||||
irc.ergo: '#libcasa.info'
|
||||
irc.libera: '#libcasa.info'
|
||||
irc.oftc: '#libcasa.info'
|
||||
ircv5:
|
||||
irc.libertacasa: '#ircv5'
|
||||
irc.libera: '#ircv5'
|
||||
irc.oftc: '#ircv5'
|
||||
nerds:
|
||||
irc.libertacasa: '#nerds'
|
||||
irc.nerds: '#nerds'
|
||||
chillops:
|
||||
irc.libertacasa: '#chillops'
|
||||
irc.chillnet: '#chillops'
|
||||
irc.stardust: '#chillnet-test'
|
||||
music:
|
||||
irc.libertacasa: '#music'
|
||||
irc.chillnet: '#music'
|
||||
irc.stardust: '#music'
|
||||
|
||||
lighttpd:
|
||||
vhosts:
|
||||
matterbridge-general:
|
||||
host: 'libertacasa-general\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
||||
root: {{ mediapath }}libertacasa-general
|
||||
matterbridge-irc:
|
||||
host: 'libertacasa-irc\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
||||
root: {{ mediapath }}libertacasa-irc
|
||||
|
||||
firewalld:
|
||||
zones:
|
||||
web:
|
||||
services:
|
||||
- http
|
||||
sources:
|
||||
- '2a01:4f8:11e:2200::dead/128'
|
2
pillar/id/hubris_lysergic_dev.sls
Normal file
2
pillar/id/hubris_lysergic_dev.sls
Normal file
@ -0,0 +1,2 @@
|
||||
include:
|
||||
- cluster.denc.web-proxy
|
2
pillar/id/nemesis_lysergic_dev.sls
Normal file
2
pillar/id/nemesis_lysergic_dev.sls
Normal file
@ -0,0 +1,2 @@
|
||||
include:
|
||||
- cluster.denc.web-proxy
|
1
pillar/role/matterbridge.sls
Normal file
1
pillar/role/matterbridge.sls
Normal file
@ -0,0 +1 @@
|
||||
# empty
|
@ -41,8 +41,29 @@ ca-certificates-syscid:
|
||||
- require:
|
||||
- pkgrepo: libertacasa_rpm_repository
|
||||
|
||||
common_packages:
|
||||
common_packages_install:
|
||||
pkg.installed:
|
||||
- names:
|
||||
- fish
|
||||
- system-group-wheel
|
||||
{%- if grains['virtual'] == 'kvm' %}
|
||||
- qemu-guest-agent
|
||||
|
||||
qemu-guest-agent:
|
||||
service.running:
|
||||
- enable: True
|
||||
- require:
|
||||
- pkg: qemu-guest-agent
|
||||
{%- endif %}
|
||||
|
||||
common_packages_remove:
|
||||
pkg.removed:
|
||||
- pkgs:
|
||||
{#- we only use AutoYaST for the OS deployment #}
|
||||
- autoyast2
|
||||
- autoyast2-installation
|
||||
- libX11-data
|
||||
- yast2-add-on
|
||||
- yast2-services-manager
|
||||
- yast2-slp
|
||||
- yast2-trans-stats
|
||||
|
7
salt/profile/keepalived_script_user/init.sls
Normal file
7
salt/profile/keepalived_script_user/init.sls
Normal file
@ -0,0 +1,7 @@
|
||||
keepalived_script_user:
|
||||
user.present:
|
||||
- name: keepalived_script
|
||||
- createhome: False
|
||||
- home: /var/lib/keepalived
|
||||
- shell: /usr/sbin/nologin
|
||||
- system: True
|
@ -25,6 +25,8 @@ lighttpd_files:
|
||||
- group: lighttpd
|
||||
- mode: '0640'
|
||||
- template: jinja
|
||||
- watch_in:
|
||||
- service: lighttpd_service
|
||||
- names:
|
||||
- /etc/lighttpd/lighttpd.conf:
|
||||
- source: salt:///{{ slspath }}/files/etc/lighttpd/lighttpd.conf.j2
|
||||
@ -40,3 +42,6 @@ lighttpd_service:
|
||||
service.running:
|
||||
- name: lighttpd.service
|
||||
- enable: True
|
||||
- reload: True
|
||||
- require:
|
||||
- pkg: lighttpd_packages
|
||||
|
@ -1,35 +1,33 @@
|
||||
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||
{%- set myfqdn = salt['grains.get']('fqdn') -%}
|
||||
{%- set mypillar = 'profile:matterbridge:instances:' ~ instance ~ ':' -%}
|
||||
{%- set myaccounts = mypillar ~ 'accounts' -%}
|
||||
{%- set mygateways = mypillar ~ 'gateways' -%}
|
||||
{%- set generalopts = ['RemoteNickFormat', 'IgnoreFailureOnStart', 'MessageSplit', 'MediaDownloadSize', 'MediaDownloadPath', 'MediaServerDownload', 'LogFile'] -%}
|
||||
{%- set accountopts = ['Nick', 'NickServNick', 'NickServPassword', 'Server', 'UseTLS', 'UseSASL', 'Label', 'Charset', 'IgnoreNicks', 'RunCommands', 'UseRelayMsg', 'RemoteNickFormat'] -%}
|
||||
{{ header }}
|
||||
|
||||
{%- if general | length %}
|
||||
[general]
|
||||
{% for option in generalopts %}
|
||||
{%- if salt['pillar.get'](mypillar ~ option, None) != None %}
|
||||
{{ option }}="{{ salt['pillar.get'](mypillar ~ option) }}"
|
||||
{%- endif -%}
|
||||
{%- endfor -%}
|
||||
{%- for option, value in general.items() %}
|
||||
{%- if value is string %}
|
||||
{%- set value = '"' ~ value ~ '"' %}
|
||||
{%- endif %}
|
||||
{{ option }}={{ value }}
|
||||
{%- endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% for account, config in salt['pillar.get'](myaccounts).items() %}
|
||||
[{{ config['protocol'] }}.{{ account }}]
|
||||
{%- for option in accountopts %}
|
||||
{%- if salt['pillar.get'](myaccounts ~ ':' ~ account ~ ':' ~ option, None) != None %}
|
||||
{{ option }}="{{ config[option] }}"
|
||||
{%- endif -%}
|
||||
{%- for account, config in accounts.items() %}
|
||||
[{{ account }}]
|
||||
{%- for option, value in config.items() %}
|
||||
{%- if value is string or value is number %}
|
||||
{%- set value = '"' ~ value ~ '"' %}
|
||||
{%- endif %}
|
||||
{{ option }}={{ value }}
|
||||
{%- endfor %}
|
||||
{% endfor %}
|
||||
{% endfor -%}
|
||||
|
||||
{% for gateway, config in salt['pillar.get'](mygateways).items() %}
|
||||
{%- for gateway, config in gateways.items() %}
|
||||
[[gateway]]
|
||||
name="{{ gateway }}"
|
||||
enable=true
|
||||
{% for account, channel in config.items() %}
|
||||
{%- for account, channel in config.items() %}
|
||||
[[gateway.inout]]
|
||||
account="{{ account }}"
|
||||
channel="{{ channel }}"
|
||||
{%- endfor %}
|
||||
{% endfor %}
|
||||
{%- endfor -%}
|
||||
|
@ -1,5 +1,5 @@
|
||||
{%- set mypillar = 'profile:matterbridge' -%}
|
||||
{%- set instances = salt['pillar.get'](mypillar ~ ':instances') or [] -%}
|
||||
{%- set mypillar = salt['pillar.get']('profile:matterbridge') -%}
|
||||
{%- set instances = mypillar['instances'] | default([]) -%}
|
||||
|
||||
matterbridge_packages:
|
||||
pkg.installed:
|
||||
@ -31,11 +31,31 @@ matterbridge_files:
|
||||
- /etc/matterbridge/{{ instance }}.toml:
|
||||
- context:
|
||||
instance: {{ instance }}
|
||||
general: {{ instances[instance]['general'] | default({}) }}
|
||||
accounts: {{ instances[instance]['accounts'] }}
|
||||
gateways: {{ instances[instance]['gateways'] }}
|
||||
- watch_in:
|
||||
- service: matterbridge_{{ instance }}_service
|
||||
{%- endfor %}
|
||||
|
||||
{%- for instance in instances %}
|
||||
{%- if 'general' in instances[instance] and 'MediaDownloadPath' in instances[instance]['general'] %}
|
||||
matterbridge_{{ instance }}_mediadir:
|
||||
file.directory:
|
||||
- name: {{ instances[instance]['general']['MediaDownloadPath'] }}
|
||||
- user: matterbridge
|
||||
{#- to-do: implement some shared group #}
|
||||
- group: lighttpd
|
||||
- mode: 750
|
||||
- makedirs: True
|
||||
{%- endif %}
|
||||
|
||||
matterbridge_{{ instance }}_service:
|
||||
service.running:
|
||||
- name: matterbridge@{{ instance }}.service
|
||||
- enable: True
|
||||
- watch:
|
||||
- file: /etc/matterbridge/{{ instance }}.toml
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
|
13
salt/profile/netcup_failover/README.md
Normal file
13
salt/profile/netcup_failover/README.md
Normal file
@ -0,0 +1,13 @@
|
||||
This profile installs a script switching failover IP addresses between Netcup hosted VM's.
|
||||
|
||||
Required pillar:
|
||||
|
||||
```
|
||||
profile:
|
||||
netcup_failover:
|
||||
scp_user: 12345
|
||||
scp_pass: xxxx
|
||||
scp_server: v9876
|
||||
ip4_address: xx.xx.xx.xx/32
|
||||
ip6_address: 'foo:bar::/64'
|
||||
```
|
109
salt/profile/netcup_failover/files/failover.sh.j2
Executable file
109
salt/profile/netcup_failover/files/failover.sh.j2
Executable file
@ -0,0 +1,109 @@
|
||||
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||
{%- set mypillar = salt['pillar.get']('profile:netcup_failover') -%}
|
||||
#!/bin/sh
|
||||
# Floating IP switching script utilizing the Netcup API
|
||||
|
||||
{{ header }}
|
||||
|
||||
SCP_USER='{{ mypillar['scp_user'] }}'
|
||||
SCP_PASS='{{ mypillar['scp_pass'] }}'
|
||||
SCP_SERVER='{{ mypillar['scp_server'] }}'
|
||||
MAC='{{ mypillar['mac_address'] }}'
|
||||
IP_v4='{{ mypillar['ip4_address'] }}'
|
||||
IP_v6='{{ mypillar['ip6_address'] }}'
|
||||
|
||||
URL="https://www.servercontrolpanel.de/WSEndUser?xsd=1" ### ?xsd=1 ?wsdl
|
||||
|
||||
usage () {
|
||||
echo "$0 [--ipv4 | --ipv6 | --all] [--debug]"
|
||||
exit 2
|
||||
}
|
||||
|
||||
init () {
|
||||
construct "$1"
|
||||
run
|
||||
parse
|
||||
}
|
||||
|
||||
construct () {
|
||||
if [ "$1" = "ip4" ];
|
||||
then
|
||||
local IP="$IP_v4"
|
||||
fi
|
||||
if [ "$1" = "ip6" ];
|
||||
then
|
||||
local IP="$IP_v6"
|
||||
fi
|
||||
local CIDR="${IP#*/}"
|
||||
local IP="`echo $IP | sed "s?/$CIDR??"`"
|
||||
if [ "$DEBUG" = "true" ];
|
||||
then
|
||||
echo "[DEBUG] Initiating: $1"
|
||||
echo "[DEBUG] IP Address: $IP"
|
||||
echo "[DEBUG] CIDR Mask: $CIDR"
|
||||
fi
|
||||
XML_BODY="<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:ns1='http://enduser.service.web.vcp.netcup.de/'><SOAP-ENV:Body><ns1:changeIPRouting><loginName>$SCP_USER</loginName><password>$SCP_PASS</password><routedIP>$IP</routedIP><routedMask>$CIDR</routedMask><destinationVserverName>$SCP_SERVER</destinationVserverName><destinationInterfaceMAC>$MAC</destinationInterfaceMAC></ns1:changeIPRouting></SOAP-ENV:Body></SOAP-ENV:Envelope>"
|
||||
if [ "$DEBUG" = "true" ];
|
||||
then
|
||||
echo "[DEBUG] Payload: $XML_BODY"
|
||||
fi
|
||||
}
|
||||
|
||||
request () {
|
||||
curl -s -H 'Content-Type: text/xml' -H 'SOAPAction:' -d "$XML_BODY" -X POST "$URL"
|
||||
}
|
||||
|
||||
run () {
|
||||
RESPONSE=`request`
|
||||
if [ "$DEBUG" = "true" ];
|
||||
then
|
||||
echo "[DEBUG] Response: $RESPONSE"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
parse () {
|
||||
local IFS='&'
|
||||
local check_invalid="validation error&IP already assigned&true"
|
||||
for check in $check_invalid;
|
||||
do
|
||||
if [ "$DEBUG" = "true" ];
|
||||
then
|
||||
echo "[DEBUG] Parsing: $check"
|
||||
fi
|
||||
if [ "${RESPONSE#*$check}" = "$RESPONSE" ];
|
||||
then
|
||||
result="Not found"
|
||||
fi
|
||||
if [ "${RESPONSE#*$check}" != "$RESPONSE" ];
|
||||
then
|
||||
result="Found"
|
||||
fi
|
||||
echo "Check for \"$check\": $result"
|
||||
done
|
||||
}
|
||||
|
||||
MODE="$1"
|
||||
|
||||
if [ "$2" = "--debug" ];
|
||||
then
|
||||
DEBUG="true"
|
||||
echo "[DEBUG] Script invoked at `date`"
|
||||
fi
|
||||
|
||||
case "$MODE" in
|
||||
"--ipv4" )
|
||||
init ip4
|
||||
;;
|
||||
"--ipv6" )
|
||||
init ip6
|
||||
;;
|
||||
"--all" )
|
||||
init ip6
|
||||
init ip4
|
||||
;;
|
||||
* )
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
|
10
salt/profile/netcup_failover/init.sls
Normal file
10
salt/profile/netcup_failover/init.sls
Normal file
@ -0,0 +1,10 @@
|
||||
include:
|
||||
- profile.keepalived_script_user
|
||||
|
||||
/usr/local/bin/failover:
|
||||
file.managed:
|
||||
- user: keepalived_script
|
||||
- group: wheel
|
||||
- mode: 750
|
||||
- template: jinja
|
||||
- source: salt://{{ slspath }}/files/failover.sh.j2
|
3
salt/role/ha-netcup.sls
Normal file
3
salt/role/ha-netcup.sls
Normal file
@ -0,0 +1,3 @@
|
||||
include:
|
||||
- profile.netcup_failover
|
||||
- role.ha-node
|
Loading…
x
Reference in New Issue
Block a user