paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

misc updates on states

Browse Source
This commit is contained in:
Paul 2021-12-29 15:45:48 +01:00
parent 8a0dda416e
commit 8663641632
25 changed files with 233 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
states/_modules/syncthing.py
View File

@ -30,7 +30,7 @@ def get_apikey(configfile="/root/.config/syncthing/config.xml"):
def get_config(url, verify, apikey):
fullurl = f"{url}/rest/system/config"
fullurl = f"{url}/rest/config"
req = Request(method="GET",
url=fullurl)
req.add_header("X-API-Key", apikey)
@ -44,7 +44,7 @@ def get_config(url, verify, apikey):
def set_config(url, verify, apikey, config):
fullurl = f"{url}/rest/system/config"
fullurl = f"{url}/rest/config"
req = Request(method="POST",
url=fullurl,
data=json.dumps(config).encode())
@ -64,7 +64,7 @@ def set_config(url, verify, apikey, config):
def insync(url, verify, apikey):
fullurl = f"{url}/rest/system/config/insync"
fullurl = f"{url}/rest/config/restart-required"
req = Request(method="GET",
url=fullurl)
req.add_header("X-API-Key", apikey)

6
states/arduino/install.sls
View File

@ -36,3 +36,9 @@ arduino-shortcut:
- onchanges:
- arduino-archive-extract
- arduino-symlink
arduino-cleanup:
software.cleanup:
- name: arduino
- path: {{ arduino.release_dir }}
- version: "{{ arduino.version }}"

2
states/dkron/install.sls
View File

@ -35,4 +35,4 @@ dkron-cleanup:
software.cleanup:
- name: dkron
- path: {{ dkron.release_dir }}
- version: {{ dkron.version }}
- version: "{{ dkron.version }}"

2
states/golang/install.sls
View File

@ -21,4 +21,4 @@ golang-cleanup:
software.cleanup:
- name: go
- path: {{ golang.release_dir }}
- version: {{ golang.version }}
- version: "{{ golang.version }}"

12
states/influxdb/install.sls
View File

@ -34,12 +34,6 @@ influxdb-archive-extract:
- watch_in:
- service: influxdb-service
influxdb-cleanup:
software.cleanup:
- name: influxdb
- path: {{ influxdb.release_dir }}
- version: {{ influxdb.version }}
influxdb-bin-symlink:
file.symlink:
- name: {{ influxdb.install_dir }}/influxdb
@ -59,3 +53,9 @@ influxdb-{{ bin }}-symlink:
- name: /usr/local/sbin/{{ bin }}
- target: {{ influxdb.install_dir }}/influxdb/{{ bin }}
{%- endfor %}
influxdb-cleanup:
software.cleanup:
- name: influxdb
- path: {{ influxdb.release_dir }}
- version: "{{ influxdb.version }}"

2
states/ipbl/install.sls
View File

@ -23,4 +23,4 @@ ipbl-cleanup:
software.cleanup:
- name: ipbl
- path: {{ ipbl.release_dir }}
- version: {{ ipbl.version }}
- version: "{{ ipbl.version }}"

2
states/lego/install.sls
View File

@ -20,4 +20,4 @@ lego-cleanup:
software.cleanup:
- name: lego
- path: {{ lego.release_dir }}
- version: {{ lego.version }}
- version: "{{ lego.version }}"

12
states/nextcloud/install.sls
View File

@ -18,14 +18,14 @@ nextcloud-install-link:
- target: {{ nextcloud.release_dir }}/nextcloud-{{ nextcloud.version }}
- force: true
nextcloud-cleanup:
software.cleanup:
- name: nextcloud
- path: {{ nextcloud.release_dir }}
- version: {{ nextcloud.version }}
nextcloud-datadirectory:
file.directory:
- name: {{ nextcloud.config.datadirectory }}
- user: {{ nextcloud.user }}
- group: {{ nextcloud.group }}
nextcloud-cleanup:
software.cleanup:
- name: nextcloud
- path: {{ nextcloud.release_dir }}
- version: "{{ nextcloud.version }}"

45
states/nginx/templates/types/rd.j2 Normal file
View File

@ -0,0 +1,45 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
server {
include http;
server_name {{ vhost_name }};
return 301 https://$server_name$request_uri;
}
server {
include https;
{%- if internal_access %}
include access;
{%- endif %}
server_name {{ vhost_name }};
{%- if not proxy %}
root "{{ root_dir }}";
ssl_certificate /etc/acme/certs/services-rd.cert;
ssl_certificate_key /etc/acme/keys/services-rd.key;
{%- endif %}
location / {
{%- if proxy %}
proxy_pass {{ proxy_pass }};
{%- if not cache %}
proxy_no_cache 1;
proxy_cache_bypass 1;
{%- endif %}
{%- endif %}
{%- if autoindex %}
autoindex on;
autoindex_localtime on;
{%- else %}
index index.html index.rss;
{% endif %}
}
{%- for dir in dirs %}
location {{ dir.name }} {
alias {{ dir.alias }};
}
{%- endfor %}
location /robots.txt {
return 200 "User-agent: *\r\nDisallow: /";
}
}

27
states/openvpn_server/config.sls Normal file
View File

@ -0,0 +1,27 @@
---
{%- from "openvpn_server/map.jinja" import openvpn_server with context %}
{%- for key, instance in openvpn_server.config.items() %}
openvpn-server-{{ key }}-config:
file.managed:
- name: /etc/openvpn/{{ key }}.conf
- source: salt://openvpn_server/templates/{{ key }}.conf.j2
- user: root
- group: root
- mode: 0600
- template: jinja
- context:
ca: |
{{ instance.ca|indent(8) }}
cert: |
{{ instance.cert|indent(8) }}
key: |
{{ instance.key|indent(8) }}
dh: |
{{ instance.dh|indent(8) }}
routes: {{ instance.routes }}
config: {{ instance.config }}
tunnel: {{ instance.tunnel }}
dns: {{ instance.dns }}
- watch_in:
- service: openvpn-server-{{ key }}-service
{%- endfor %}

18
states/openvpn_server/defaults.yaml Normal file
View File

@ -0,0 +1,18 @@
---
openvpn_server:
enabled: true
config:
vpn:
name: vpn
ca: ""
cert: ""
key: ""
dh: ""
tunnel:
ip: '10.99.99.0'
netmask: '255.255.255.0'
config: {}
ccd: None
dns:
- '1.1.1.1'
- '1.0.0.1'

5
states/openvpn_server/init.sls Normal file
View File

@ -0,0 +1,5 @@
---
include:
- .install
- .config
- .service

9
states/openvpn_server/install.sls Normal file
View File

@ -0,0 +1,9 @@
---
openvpn-server-install:
pkg.installed:
- name: openvpn
openvpn-server-ccd-dir:
file.directory:
- name: /etc/openvpn/ccd/
- mode: 0600

8
states/openvpn_server/map.jinja Normal file
View File

@ -0,0 +1,8 @@
{%- import_yaml "openvpn_server/defaults.yaml" as defaults %}
{%- set openvpn_server = salt['pillar.get'](
'openvpn_server',
default=defaults.openvpn_server,
merge=True
)
-%}

8
states/openvpn_server/service.sls Normal file
View File

@ -0,0 +1,8 @@
---
{%- from "openvpn_server/map.jinja" import openvpn_server with context %}
{%- for key, instance in openvpn_server.config.items() %}
openvpn-server-{{ key }}-service:
service.running:
- name: openvpn@{{ key }}
- enable: True
{%- endfor %}

62
states/openvpn_server/templates/vpn.conf.j2 Normal file
View File

@ -0,0 +1,62 @@
<ca>
{{ ca }}
</ca>
<cert>
{{ cert }}
</cert>
<key>
{{ key }}
</key>
<dh>
{{ dh }}
</dh>
proto udp6
port 1194
dev tun
client-config-dir /etc/openvpn/ccd
client-to-client
topology subnet
user root
group root
duplicate-cn
username-as-common-name
keepalive 5 30
compress lzo
fast-io
persist-key
persist-tun
server {{ tunnel.ip }} {{ tunnel.netmask }}
{%- for route in routes %}
{%- if not route.push %}
route {{ route.ip }} {{ route.netmask }} {{ route.hop }}
{%- endif %}
{% endfor -%}
{% for route in routes -%}
push "route {{ route.ip }} {{ route.netmask }} {{ route.hop }}"
{% endfor -%}
push "dhcp-option DNS {{ dns|join(" ") }}"
# IPv6
#server-ipv6 2a01:e0a:97:8311::/64
#tun-ipv6
#push tun-ipv6
#ifconfig-ipv6 2a01:e0a:97:8311::1 2a01:e0a:97:8311::2
#ifconfig-ipv6-pool 2a01:e0a:97:8311::101/64
#push "route-ipv6 2a01:e0a:97:8311::/64"
#push "route-ipv6 ::/0"
#push "redirect-gateway-ipv6 def1"
{% if config.auth == "pam" %}
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login
{% endif %}
status {{ config.status|default("/var/log/openvpn/vpn.status") }}

2
states/qrz/install.sls
View File

@ -23,4 +23,4 @@ qrz-cleanup:
software.cleanup:
- name: qrz
- path: {{ qrz.release_dir }}
- version: {{ qrz.version }}
- version: "{{ qrz.version }}"

2
states/rclone/install.sls
View File

@ -20,4 +20,4 @@ rclone-cleanup:
software.cleanup:
- name: rclone
- path: {{ rclone.release_dir }}
- version: v{{ rclone.version }}
- version: "v{{ rclone.version }}"

1
states/repos/init.sls
View File

@ -26,7 +26,6 @@ repo-{{ repo['name'] }}:
{%- endif %}
{%- endif %}
{%- endif %}
- refresh: true
{%- else %}
repo-{{ repo['name'] }}:

1
states/salt_minion/salt-minion.service.j2
View File

@ -10,6 +10,7 @@ KillMode=process
NotifyAccess=all
LimitNOFILE=8192
ExecStart=/usr/local/bin/salt-minion
TimeoutStopSec=10s
[Install]
WantedBy=multi-user.target

2
states/telegraf/install.sls
View File

@ -34,4 +34,4 @@ telegraf-cleanup:
software.cleanup:
- name: telegraf
- path: {{ telegraf.release_dir }}
- version: {{ telegraf.version }}
- version: "{{ telegraf.version }}"

2
states/telegram/install.sls
View File

@ -52,4 +52,4 @@ telegram-cleanup:
software.cleanup:
- name: telegram
- path: {{ telegram.release_dir }}
- version: {{ telegram.version }}
- version: "{{ telegram.version }}"

14
states/tests/init.sls Normal file
View File

@ -0,0 +1,14 @@
#!py
import os
import requests
def update_status(url="https://www.paulbsd.com", data={}):
req = requests.request(url=url, method="POST", json=data)
return req.text
def run():
a = update_status(data={"test":"test"})
with open("/tmp/test.txt", "w+") as f:
f.write("abcd")
return {}

2
states/transmission/defaults.yaml
View File

@ -11,7 +11,7 @@ transmission:
bind-address-ipv4: "0.0.0.0"
bind-address-ipv6: "::"
blocklist-enabled: true
blocklist-url: "http://john.bitsurge.net/public/biglist.p2p.gz"
blocklist-url: "https://git.paulbsd.com/paulbsd/transmission-blocklist/releases/2021.12.29/blocklist.gz"
cache-size-mb: 4
dht-enabled: true
download-dir: "/mnt/PAULBSDPOOL/downloads"

7
states/vim/vimrc.j2
View File

@ -45,4 +45,9 @@ nnoremap <silent> <C-b> :NERDTreeToggle<CR>
" Support for end-of-lines
" au BufWritePre * :set binary | set noeol
" au BufWritePost * :set nobinary | set eol
" au BufWritePost * :set nobinary | set eol
vnoremap <C-a> g<C-a>
vnoremap <C-x> g<C-x>
vnoremap g<C-a> <C-a>
vnoremap g<C-x> <C-x>