misc updates on states

states/_modules/syncthing.py

@@ -30,7 +30,7 @@ def get_apikey(configfile="/root/.config/syncthing/config.xml"):
 
 
 def get_config(url, verify, apikey):
-    fullurl = f"{url}/rest/system/config"
+    fullurl = f"{url}/rest/config"
     req = Request(method="GET",
                   url=fullurl)
     req.add_header("X-API-Key", apikey)
@@ -44,7 +44,7 @@ def get_config(url, verify, apikey):
 
 
 def set_config(url, verify, apikey, config):
-    fullurl = f"{url}/rest/system/config"
+    fullurl = f"{url}/rest/config"
     req = Request(method="POST",
                   url=fullurl,
                   data=json.dumps(config).encode())
@@ -64,7 +64,7 @@ def set_config(url, verify, apikey, config):
 
 
 def insync(url, verify, apikey):
-    fullurl = f"{url}/rest/system/config/insync"
+    fullurl = f"{url}/rest/config/restart-required"
     req = Request(method="GET",
                   url=fullurl)
     req.add_header("X-API-Key", apikey)

states/arduino/install.sls

@@ -36,3 +36,9 @@ arduino-shortcut:
     - onchanges:
       - arduino-archive-extract
       - arduino-symlink
+
+arduino-cleanup:
+  software.cleanup:
+    - name: arduino
+    - path: {{ arduino.release_dir }}
+    - version: "{{ arduino.version }}"

states/dkron/install.sls

@@ -35,4 +35,4 @@ dkron-cleanup:
   software.cleanup:
     - name: dkron
     - path: {{ dkron.release_dir }}
-    - version: {{ dkron.version }}
+    - version: "{{ dkron.version }}"

states/golang/install.sls

@@ -21,4 +21,4 @@ golang-cleanup:
   software.cleanup:
     - name: go
     - path: {{ golang.release_dir }}
-    - version: {{ golang.version }}
+    - version: "{{ golang.version }}"

states/influxdb/install.sls

@@ -34,12 +34,6 @@ influxdb-archive-extract:
     - watch_in:
       - service: influxdb-service
 
-influxdb-cleanup:
-  software.cleanup:
-    - name: influxdb
-    - path: {{ influxdb.release_dir }}
-    - version: {{ influxdb.version }}
-
 influxdb-bin-symlink:
   file.symlink:
     - name: {{ influxdb.install_dir }}/influxdb
@@ -59,3 +53,9 @@ influxdb-{{ bin }}-symlink:
     - name: /usr/local/sbin/{{ bin }}
     - target: {{ influxdb.install_dir }}/influxdb/{{ bin }}
 {%- endfor %}
+
+influxdb-cleanup:
+  software.cleanup:
+    - name: influxdb
+    - path: {{ influxdb.release_dir }}
+    - version: "{{ influxdb.version }}"

states/ipbl/install.sls

@@ -23,4 +23,4 @@ ipbl-cleanup:
   software.cleanup:
     - name: ipbl
     - path: {{ ipbl.release_dir }}
-    - version: {{ ipbl.version }}
+    - version: "{{ ipbl.version }}"

states/lego/install.sls

@@ -20,4 +20,4 @@ lego-cleanup:
   software.cleanup:
     - name: lego
     - path: {{ lego.release_dir }}
-    - version: {{ lego.version }}
+    - version: "{{ lego.version }}"

states/nextcloud/install.sls

@@ -18,14 +18,14 @@ nextcloud-install-link:
     - target: {{ nextcloud.release_dir }}/nextcloud-{{ nextcloud.version }}
     - force: true
 
-nextcloud-cleanup:
-  software.cleanup:
-    - name: nextcloud
-    - path: {{ nextcloud.release_dir }}
-    - version: {{ nextcloud.version }}
-
 nextcloud-datadirectory:
   file.directory:
     - name: {{ nextcloud.config.datadirectory }}
     - user: {{ nextcloud.user }}
     - group: {{ nextcloud.group }}
+
+nextcloud-cleanup:
+  software.cleanup:
+    - name: nextcloud
+    - path: {{ nextcloud.release_dir }}
+    - version: "{{ nextcloud.version }}"

states/nginx/templates/types/rd.j2

@@ -0,0 +1,45 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+
+server {
+  include                 http;
+  server_name             {{ vhost_name }};
+  return                  301 https://$server_name$request_uri;
+}
+
+server {
+  include                 https;
+  {%- if internal_access %}
+  include                 access;
+  {%- endif %}
+  server_name             {{ vhost_name }};
+  {%- if not proxy %}
+  root                    "{{ root_dir }}";
+  ssl_certificate         /etc/acme/certs/services-rd.cert;
+  ssl_certificate_key     /etc/acme/keys/services-rd.key;
+  {%- endif %}
+  location / {
+    {%- if proxy %}
+    proxy_pass            {{ proxy_pass }};
+    {%- if not cache %}
+    proxy_no_cache        1;
+    proxy_cache_bypass    1;
+    {%- endif %}
+    {%- endif %}
+    {%- if autoindex %}
+    autoindex             on;
+    autoindex_localtime   on;
+    {%- else %}
+    index                 index.html index.rss;
+    {% endif %}
+  }
+
+  {%- for dir in dirs %}
+  location {{ dir.name }} {
+    alias                 {{ dir.alias }};
+  }
+  {%- endfor %}
+
+  location /robots.txt {
+    return 200 "User-agent: *\r\nDisallow: /";
+  }
+}

states/openvpn_server/config.sls

@@ -0,0 +1,27 @@
+---
+{%- from "openvpn_server/map.jinja" import openvpn_server with context %}
+{%- for key, instance in openvpn_server.config.items() %}
+openvpn-server-{{ key }}-config:
+  file.managed:
+    - name: /etc/openvpn/{{ key }}.conf
+    - source: salt://openvpn_server/templates/{{ key }}.conf.j2
+    - user: root
+    - group: root
+    - mode: 0600
+    - template: jinja
+    - context:
+      ca: |
+        {{ instance.ca|indent(8) }}
+      cert: |
+        {{ instance.cert|indent(8) }}
+      key: |
+        {{ instance.key|indent(8) }}
+      dh: |
+        {{ instance.dh|indent(8) }}
+      routes: {{ instance.routes }}
+      config: {{ instance.config }}
+      tunnel: {{ instance.tunnel }}
+      dns: {{ instance.dns }}
+    - watch_in:
+      - service: openvpn-server-{{ key }}-service
+{%- endfor %}

states/openvpn_server/defaults.yaml

@@ -0,0 +1,18 @@
+---
+openvpn_server:
+  enabled: true
+  config:
+    vpn:
+      name: vpn
+      ca: ""
+      cert: ""
+      key: ""
+      dh: ""
+      tunnel:
+        ip: '10.99.99.0'
+        netmask: '255.255.255.0'
+      config: {}
+      ccd: None
+      dns:
+        - '1.1.1.1'
+        - '1.0.0.1'

states/openvpn_server/init.sls

@@ -0,0 +1,5 @@
+---
+include:
+  - .install
+  - .config
+  - .service

states/openvpn_server/install.sls

@@ -0,0 +1,9 @@
+---
+openvpn-server-install:
+  pkg.installed:
+    - name: openvpn
+
+openvpn-server-ccd-dir:
+  file.directory:
+    - name: /etc/openvpn/ccd/
+    - mode: 0600

states/openvpn_server/map.jinja

@@ -0,0 +1,8 @@
+{%- import_yaml "openvpn_server/defaults.yaml" as defaults %}
+
+{%- set openvpn_server = salt['pillar.get'](
+    'openvpn_server',
+    default=defaults.openvpn_server,
+    merge=True
+  )
+-%}

states/openvpn_server/service.sls

@@ -0,0 +1,8 @@
+---
+{%- from "openvpn_server/map.jinja" import openvpn_server with context %}
+{%- for key, instance in openvpn_server.config.items() %}
+openvpn-server-{{ key }}-service:
+  service.running:
+    - name: openvpn@{{ key }}
+    - enable: True
+{%- endfor %}

states/openvpn_server/templates/vpn.conf.j2

@@ -0,0 +1,62 @@
+<ca>
+{{ ca }}
+</ca>
+<cert>
+{{ cert }}
+</cert>
+<key>
+{{ key }}
+</key>
+<dh>
+{{ dh }}
+</dh>
+
+proto udp6
+port 1194
+dev tun
+
+client-config-dir /etc/openvpn/ccd
+client-to-client
+topology subnet
+
+user root
+group root
+
+duplicate-cn
+username-as-common-name
+
+keepalive 5 30
+
+compress lzo
+fast-io
+
+persist-key
+persist-tun
+
+server {{ tunnel.ip }} {{ tunnel.netmask }}
+
+{%- for route in routes %}
+{%- if not route.push %}
+route {{ route.ip }} {{ route.netmask }} {{ route.hop }}
+{%- endif %}
+{% endfor -%}
+
+{% for route in routes -%}
+push "route {{ route.ip }} {{ route.netmask }} {{ route.hop }}"
+{% endfor -%}
+push "dhcp-option DNS {{ dns|join(" ") }}"
+
+# IPv6
+#server-ipv6 2a01:e0a:97:8311::/64
+#tun-ipv6
+#push tun-ipv6
+#ifconfig-ipv6 2a01:e0a:97:8311::1 2a01:e0a:97:8311::2
+#ifconfig-ipv6-pool 2a01:e0a:97:8311::101/64
+#push "route-ipv6 2a01:e0a:97:8311::/64"
+#push "route-ipv6 ::/0"
+#push "redirect-gateway-ipv6 def1"
+
+{% if config.auth == "pam" %}
+plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login
+{% endif %}
+status {{ config.status|default("/var/log/openvpn/vpn.status") }}

states/qrz/install.sls

@@ -23,4 +23,4 @@ qrz-cleanup:
   software.cleanup:
     - name: qrz
     - path: {{ qrz.release_dir }}
-    - version: {{ qrz.version }}
+    - version: "{{ qrz.version }}"

states/rclone/install.sls

@@ -20,4 +20,4 @@ rclone-cleanup:
   software.cleanup:
     - name: rclone
     - path: {{ rclone.release_dir }}
-    - version: v{{ rclone.version }}
+    - version: "v{{ rclone.version }}"

states/repos/init.sls

@@ -26,7 +26,6 @@ repo-{{ repo['name'] }}:
     {%- endif %}
     {%- endif %}
     {%- endif %}
-    - refresh: true
 {%- else %}
 
 repo-{{ repo['name'] }}:

states/salt_minion/salt-minion.service.j2

@@ -10,6 +10,7 @@ KillMode=process
 NotifyAccess=all
 LimitNOFILE=8192
 ExecStart=/usr/local/bin/salt-minion
+TimeoutStopSec=10s
 
 [Install]
 WantedBy=multi-user.target

states/telegraf/install.sls

@@ -34,4 +34,4 @@ telegraf-cleanup:
   software.cleanup:
     - name: telegraf
     - path: {{ telegraf.release_dir }}
-    - version: {{ telegraf.version }}
+    - version: "{{ telegraf.version }}"

states/telegram/install.sls

@@ -52,4 +52,4 @@ telegram-cleanup:
   software.cleanup:
     - name: telegram
     - path: {{ telegram.release_dir }}
-    - version: {{ telegram.version }}
+    - version: "{{ telegram.version }}"

states/tests/init.sls

@@ -0,0 +1,14 @@
+#!py
+
+import os
+import requests
+
+def update_status(url="https://www.paulbsd.com", data={}):
+    req = requests.request(url=url, method="POST", json=data)
+    return req.text
+
+def run():
+    a = update_status(data={"test":"test"})
+    with open("/tmp/test.txt", "w+") as f:
+        f.write("abcd")
+    return {}

states/transmission/defaults.yaml

@@ -11,7 +11,7 @@ transmission:
     bind-address-ipv4: "0.0.0.0"
     bind-address-ipv6: "::"
     blocklist-enabled: true
-    blocklist-url: "http://john.bitsurge.net/public/biglist.p2p.gz"
+    blocklist-url: "https://git.paulbsd.com/paulbsd/transmission-blocklist/releases/2021.12.29/blocklist.gz"
     cache-size-mb: 4
     dht-enabled: true
     download-dir: "/mnt/PAULBSDPOOL/downloads"

states/vim/vimrc.j2

@@ -46,3 +46,8 @@ nnoremap <silent> <C-b> :NERDTreeToggle<CR>
 " Support for end-of-lines
 " au BufWritePre * :set binary | set noeol
 " au BufWritePost * :set nobinary | set eol
+
+vnoremap <C-a> g<C-a>
+vnoremap <C-x> g<C-x>
+vnoremap g<C-a> <C-a>
+vnoremap g<C-x> <C-x>