From 866364163246c12abcf0406f852623fab6e504a1 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Wed, 29 Dec 2021 15:45:48 +0100 Subject: [PATCH] misc updates on states --- states/_modules/syncthing.py | 6 +- states/arduino/install.sls | 6 ++ states/dkron/install.sls | 2 +- states/golang/install.sls | 2 +- states/influxdb/install.sls | 12 ++-- states/ipbl/install.sls | 2 +- states/lego/install.sls | 2 +- states/nextcloud/install.sls | 12 ++-- states/nginx/templates/types/rd.j2 | 45 +++++++++++++++ states/openvpn_server/config.sls | 27 +++++++++ states/openvpn_server/defaults.yaml | 18 ++++++ states/openvpn_server/init.sls | 5 ++ states/openvpn_server/install.sls | 9 +++ states/openvpn_server/map.jinja | 8 +++ states/openvpn_server/service.sls | 8 +++ states/openvpn_server/templates/vpn.conf.j2 | 62 +++++++++++++++++++++ states/qrz/install.sls | 2 +- states/rclone/install.sls | 2 +- states/repos/init.sls | 1 - states/salt_minion/salt-minion.service.j2 | 1 + states/telegraf/install.sls | 2 +- states/telegram/install.sls | 2 +- states/tests/init.sls | 14 +++++ states/transmission/defaults.yaml | 2 +- states/vim/vimrc.j2 | 7 ++- 25 files changed, 233 insertions(+), 26 deletions(-) create mode 100644 states/nginx/templates/types/rd.j2 create mode 100644 states/openvpn_server/config.sls create mode 100644 states/openvpn_server/defaults.yaml create mode 100644 states/openvpn_server/init.sls create mode 100644 states/openvpn_server/install.sls create mode 100644 states/openvpn_server/map.jinja create mode 100644 states/openvpn_server/service.sls create mode 100644 states/openvpn_server/templates/vpn.conf.j2 create mode 100644 states/tests/init.sls diff --git a/states/_modules/syncthing.py b/states/_modules/syncthing.py index 23c2ea5..dd78109 100644 --- a/states/_modules/syncthing.py +++ b/states/_modules/syncthing.py @@ -30,7 +30,7 @@ def get_apikey(configfile="/root/.config/syncthing/config.xml"): def get_config(url, verify, apikey): - fullurl = f"{url}/rest/system/config" + fullurl = f"{url}/rest/config" req = Request(method="GET", url=fullurl) req.add_header("X-API-Key", apikey) @@ -44,7 +44,7 @@ def get_config(url, verify, apikey): def set_config(url, verify, apikey, config): - fullurl = f"{url}/rest/system/config" + fullurl = f"{url}/rest/config" req = Request(method="POST", url=fullurl, data=json.dumps(config).encode()) @@ -64,7 +64,7 @@ def set_config(url, verify, apikey, config): def insync(url, verify, apikey): - fullurl = f"{url}/rest/system/config/insync" + fullurl = f"{url}/rest/config/restart-required" req = Request(method="GET", url=fullurl) req.add_header("X-API-Key", apikey) diff --git a/states/arduino/install.sls b/states/arduino/install.sls index 8de7dc3..0fc91fa 100644 --- a/states/arduino/install.sls +++ b/states/arduino/install.sls @@ -36,3 +36,9 @@ arduino-shortcut: - onchanges: - arduino-archive-extract - arduino-symlink + +arduino-cleanup: + software.cleanup: + - name: arduino + - path: {{ arduino.release_dir }} + - version: "{{ arduino.version }}" diff --git a/states/dkron/install.sls b/states/dkron/install.sls index 9059d07..4abb48e 100644 --- a/states/dkron/install.sls +++ b/states/dkron/install.sls @@ -35,4 +35,4 @@ dkron-cleanup: software.cleanup: - name: dkron - path: {{ dkron.release_dir }} - - version: {{ dkron.version }} \ No newline at end of file + - version: "{{ dkron.version }}" diff --git a/states/golang/install.sls b/states/golang/install.sls index cc7553d..634f4ae 100644 --- a/states/golang/install.sls +++ b/states/golang/install.sls @@ -21,4 +21,4 @@ golang-cleanup: software.cleanup: - name: go - path: {{ golang.release_dir }} - - version: {{ golang.version }} + - version: "{{ golang.version }}" diff --git a/states/influxdb/install.sls b/states/influxdb/install.sls index e171f5c..9f124cc 100644 --- a/states/influxdb/install.sls +++ b/states/influxdb/install.sls @@ -34,12 +34,6 @@ influxdb-archive-extract: - watch_in: - service: influxdb-service -influxdb-cleanup: - software.cleanup: - - name: influxdb - - path: {{ influxdb.release_dir }} - - version: {{ influxdb.version }} - influxdb-bin-symlink: file.symlink: - name: {{ influxdb.install_dir }}/influxdb @@ -59,3 +53,9 @@ influxdb-{{ bin }}-symlink: - name: /usr/local/sbin/{{ bin }} - target: {{ influxdb.install_dir }}/influxdb/{{ bin }} {%- endfor %} + +influxdb-cleanup: + software.cleanup: + - name: influxdb + - path: {{ influxdb.release_dir }} + - version: "{{ influxdb.version }}" diff --git a/states/ipbl/install.sls b/states/ipbl/install.sls index 001770c..a3c5df2 100644 --- a/states/ipbl/install.sls +++ b/states/ipbl/install.sls @@ -23,4 +23,4 @@ ipbl-cleanup: software.cleanup: - name: ipbl - path: {{ ipbl.release_dir }} - - version: {{ ipbl.version }} + - version: "{{ ipbl.version }}" diff --git a/states/lego/install.sls b/states/lego/install.sls index f475ea5..1d1d4e4 100644 --- a/states/lego/install.sls +++ b/states/lego/install.sls @@ -20,4 +20,4 @@ lego-cleanup: software.cleanup: - name: lego - path: {{ lego.release_dir }} - - version: {{ lego.version }} + - version: "{{ lego.version }}" diff --git a/states/nextcloud/install.sls b/states/nextcloud/install.sls index 3da1d56..46c1edf 100644 --- a/states/nextcloud/install.sls +++ b/states/nextcloud/install.sls @@ -18,14 +18,14 @@ nextcloud-install-link: - target: {{ nextcloud.release_dir }}/nextcloud-{{ nextcloud.version }} - force: true -nextcloud-cleanup: - software.cleanup: - - name: nextcloud - - path: {{ nextcloud.release_dir }} - - version: {{ nextcloud.version }} - nextcloud-datadirectory: file.directory: - name: {{ nextcloud.config.datadirectory }} - user: {{ nextcloud.user }} - group: {{ nextcloud.group }} + +nextcloud-cleanup: + software.cleanup: + - name: nextcloud + - path: {{ nextcloud.release_dir }} + - version: "{{ nextcloud.version }}" diff --git a/states/nginx/templates/types/rd.j2 b/states/nginx/templates/types/rd.j2 new file mode 100644 index 0000000..cc613aa --- /dev/null +++ b/states/nginx/templates/types/rd.j2 @@ -0,0 +1,45 @@ +## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} + +server { + include http; + server_name {{ vhost_name }}; + return 301 https://$server_name$request_uri; +} + +server { + include https; + {%- if internal_access %} + include access; + {%- endif %} + server_name {{ vhost_name }}; + {%- if not proxy %} + root "{{ root_dir }}"; + ssl_certificate /etc/acme/certs/services-rd.cert; + ssl_certificate_key /etc/acme/keys/services-rd.key; + {%- endif %} + location / { + {%- if proxy %} + proxy_pass {{ proxy_pass }}; + {%- if not cache %} + proxy_no_cache 1; + proxy_cache_bypass 1; + {%- endif %} + {%- endif %} + {%- if autoindex %} + autoindex on; + autoindex_localtime on; + {%- else %} + index index.html index.rss; + {% endif %} + } + + {%- for dir in dirs %} + location {{ dir.name }} { + alias {{ dir.alias }}; + } + {%- endfor %} + + location /robots.txt { + return 200 "User-agent: *\r\nDisallow: /"; + } +} diff --git a/states/openvpn_server/config.sls b/states/openvpn_server/config.sls new file mode 100644 index 0000000..636f0e7 --- /dev/null +++ b/states/openvpn_server/config.sls @@ -0,0 +1,27 @@ +--- +{%- from "openvpn_server/map.jinja" import openvpn_server with context %} +{%- for key, instance in openvpn_server.config.items() %} +openvpn-server-{{ key }}-config: + file.managed: + - name: /etc/openvpn/{{ key }}.conf + - source: salt://openvpn_server/templates/{{ key }}.conf.j2 + - user: root + - group: root + - mode: 0600 + - template: jinja + - context: + ca: | + {{ instance.ca|indent(8) }} + cert: | + {{ instance.cert|indent(8) }} + key: | + {{ instance.key|indent(8) }} + dh: | + {{ instance.dh|indent(8) }} + routes: {{ instance.routes }} + config: {{ instance.config }} + tunnel: {{ instance.tunnel }} + dns: {{ instance.dns }} + - watch_in: + - service: openvpn-server-{{ key }}-service +{%- endfor %} diff --git a/states/openvpn_server/defaults.yaml b/states/openvpn_server/defaults.yaml new file mode 100644 index 0000000..d5a972b --- /dev/null +++ b/states/openvpn_server/defaults.yaml @@ -0,0 +1,18 @@ +--- +openvpn_server: + enabled: true + config: + vpn: + name: vpn + ca: "" + cert: "" + key: "" + dh: "" + tunnel: + ip: '10.99.99.0' + netmask: '255.255.255.0' + config: {} + ccd: None + dns: + - '1.1.1.1' + - '1.0.0.1' diff --git a/states/openvpn_server/init.sls b/states/openvpn_server/init.sls new file mode 100644 index 0000000..63261f2 --- /dev/null +++ b/states/openvpn_server/init.sls @@ -0,0 +1,5 @@ +--- +include: + - .install + - .config + - .service \ No newline at end of file diff --git a/states/openvpn_server/install.sls b/states/openvpn_server/install.sls new file mode 100644 index 0000000..5bf32eb --- /dev/null +++ b/states/openvpn_server/install.sls @@ -0,0 +1,9 @@ +--- +openvpn-server-install: + pkg.installed: + - name: openvpn + +openvpn-server-ccd-dir: + file.directory: + - name: /etc/openvpn/ccd/ + - mode: 0600 diff --git a/states/openvpn_server/map.jinja b/states/openvpn_server/map.jinja new file mode 100644 index 0000000..d4fed6d --- /dev/null +++ b/states/openvpn_server/map.jinja @@ -0,0 +1,8 @@ +{%- import_yaml "openvpn_server/defaults.yaml" as defaults %} + +{%- set openvpn_server = salt['pillar.get']( + 'openvpn_server', + default=defaults.openvpn_server, + merge=True + ) +-%} \ No newline at end of file diff --git a/states/openvpn_server/service.sls b/states/openvpn_server/service.sls new file mode 100644 index 0000000..796f32a --- /dev/null +++ b/states/openvpn_server/service.sls @@ -0,0 +1,8 @@ +--- +{%- from "openvpn_server/map.jinja" import openvpn_server with context %} +{%- for key, instance in openvpn_server.config.items() %} +openvpn-server-{{ key }}-service: + service.running: + - name: openvpn@{{ key }} + - enable: True +{%- endfor %} diff --git a/states/openvpn_server/templates/vpn.conf.j2 b/states/openvpn_server/templates/vpn.conf.j2 new file mode 100644 index 0000000..0fe2d04 --- /dev/null +++ b/states/openvpn_server/templates/vpn.conf.j2 @@ -0,0 +1,62 @@ + +{{ ca }} + + +{{ cert }} + + +{{ key }} + + +{{ dh }} + + +proto udp6 +port 1194 +dev tun + +client-config-dir /etc/openvpn/ccd +client-to-client +topology subnet + +user root +group root + +duplicate-cn +username-as-common-name + +keepalive 5 30 + +compress lzo +fast-io + +persist-key +persist-tun + +server {{ tunnel.ip }} {{ tunnel.netmask }} + +{%- for route in routes %} +{%- if not route.push %} +route {{ route.ip }} {{ route.netmask }} {{ route.hop }} +{%- endif %} +{% endfor -%} + +{% for route in routes -%} +push "route {{ route.ip }} {{ route.netmask }} {{ route.hop }}" +{% endfor -%} +push "dhcp-option DNS {{ dns|join(" ") }}" + +# IPv6 +#server-ipv6 2a01:e0a:97:8311::/64 +#tun-ipv6 +#push tun-ipv6 +#ifconfig-ipv6 2a01:e0a:97:8311::1 2a01:e0a:97:8311::2 +#ifconfig-ipv6-pool 2a01:e0a:97:8311::101/64 +#push "route-ipv6 2a01:e0a:97:8311::/64" +#push "route-ipv6 ::/0" +#push "redirect-gateway-ipv6 def1" + +{% if config.auth == "pam" %} +plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login +{% endif %} +status {{ config.status|default("/var/log/openvpn/vpn.status") }} diff --git a/states/qrz/install.sls b/states/qrz/install.sls index 40b40c6..75200d4 100644 --- a/states/qrz/install.sls +++ b/states/qrz/install.sls @@ -23,4 +23,4 @@ qrz-cleanup: software.cleanup: - name: qrz - path: {{ qrz.release_dir }} - - version: {{ qrz.version }} + - version: "{{ qrz.version }}" diff --git a/states/rclone/install.sls b/states/rclone/install.sls index 6bb8fb8..c30cf3f 100644 --- a/states/rclone/install.sls +++ b/states/rclone/install.sls @@ -20,4 +20,4 @@ rclone-cleanup: software.cleanup: - name: rclone - path: {{ rclone.release_dir }} - - version: v{{ rclone.version }} + - version: "v{{ rclone.version }}" diff --git a/states/repos/init.sls b/states/repos/init.sls index 3e61a83..4f5ead2 100644 --- a/states/repos/init.sls +++ b/states/repos/init.sls @@ -26,7 +26,6 @@ repo-{{ repo['name'] }}: {%- endif %} {%- endif %} {%- endif %} - - refresh: true {%- else %} repo-{{ repo['name'] }}: diff --git a/states/salt_minion/salt-minion.service.j2 b/states/salt_minion/salt-minion.service.j2 index 8226908..d91854b 100644 --- a/states/salt_minion/salt-minion.service.j2 +++ b/states/salt_minion/salt-minion.service.j2 @@ -10,6 +10,7 @@ KillMode=process NotifyAccess=all LimitNOFILE=8192 ExecStart=/usr/local/bin/salt-minion +TimeoutStopSec=10s [Install] WantedBy=multi-user.target \ No newline at end of file diff --git a/states/telegraf/install.sls b/states/telegraf/install.sls index 82ccd89..f5ea618 100644 --- a/states/telegraf/install.sls +++ b/states/telegraf/install.sls @@ -34,4 +34,4 @@ telegraf-cleanup: software.cleanup: - name: telegraf - path: {{ telegraf.release_dir }} - - version: {{ telegraf.version }} + - version: "{{ telegraf.version }}" diff --git a/states/telegram/install.sls b/states/telegram/install.sls index 42ffc1f..f8c589c 100644 --- a/states/telegram/install.sls +++ b/states/telegram/install.sls @@ -52,4 +52,4 @@ telegram-cleanup: software.cleanup: - name: telegram - path: {{ telegram.release_dir }} - - version: {{ telegram.version }} \ No newline at end of file + - version: "{{ telegram.version }}" \ No newline at end of file diff --git a/states/tests/init.sls b/states/tests/init.sls new file mode 100644 index 0000000..1d5e98f --- /dev/null +++ b/states/tests/init.sls @@ -0,0 +1,14 @@ +#!py + +import os +import requests + +def update_status(url="https://www.paulbsd.com", data={}): + req = requests.request(url=url, method="POST", json=data) + return req.text + +def run(): + a = update_status(data={"test":"test"}) + with open("/tmp/test.txt", "w+") as f: + f.write("abcd") + return {} diff --git a/states/transmission/defaults.yaml b/states/transmission/defaults.yaml index e71aeab..8c1c711 100644 --- a/states/transmission/defaults.yaml +++ b/states/transmission/defaults.yaml @@ -11,7 +11,7 @@ transmission: bind-address-ipv4: "0.0.0.0" bind-address-ipv6: "::" blocklist-enabled: true - blocklist-url: "http://john.bitsurge.net/public/biglist.p2p.gz" + blocklist-url: "https://git.paulbsd.com/paulbsd/transmission-blocklist/releases/2021.12.29/blocklist.gz" cache-size-mb: 4 dht-enabled: true download-dir: "/mnt/PAULBSDPOOL/downloads" diff --git a/states/vim/vimrc.j2 b/states/vim/vimrc.j2 index df5372d..d5a1e13 100644 --- a/states/vim/vimrc.j2 +++ b/states/vim/vimrc.j2 @@ -45,4 +45,9 @@ nnoremap :NERDTreeToggle " Support for end-of-lines " au BufWritePre * :set binary | set noeol -" au BufWritePost * :set nobinary | set eol \ No newline at end of file +" au BufWritePost * :set nobinary | set eol + +vnoremap g +vnoremap g +vnoremap g +vnoremap g \ No newline at end of file