kotovalexarian/fedihub-ansible
Archived
1
0
Fork 0
Code Activity

Remove host "rpi-01.dyn.crypto-libertarian.com" and unnecessary code

Browse source
This commit is contained in:
Alex Kotov 2020-07-01 06:01:48 +05:00
parent 07d887c09c
commit 49384338d2
Signed by: kotovalexarian
GPG key ID: 553C0EBBEB5D5F08
29 changed files with 0 additions and 527 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apps/dyndns/.ruby-gemset
View file

@ -1 +0,0 @@
crypto_libertarian-dyndns

1
apps/dyndns/.ruby-version
View file

@ -1 +0,0 @@
ruby-2.7.0

6
apps/dyndns/Gemfile
View file

@ -1,6 +0,0 @@
# frozen_string_literal: true
source 'https://rubygems.org'
gem 'redis', '~> 4.1'
gem 'rubydns', '~> 2.0'

27
apps/dyndns/Gemfile.lock
View file

@ -1,27 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
async (1.24.2)
console (~> 1.0)
nio4r (~> 2.3)
timers (~> 4.1)
async-dns (1.2.5)
async-io (~> 1.15)
async-io (1.27.3)
async (~> 1.14)
console (1.8.1)
nio4r (2.5.2)
redis (4.1.3)
rubydns (2.0.2)
async-dns (~> 1.0)
timers (4.3.0)
PLATFORMS
ruby
DEPENDENCIES
redis (~> 4.1)
rubydns (~> 2.0)
BUNDLED WITH
2.1.2

57
apps/dyndns/exe/crypto_libertarian-dyndns
View file

@ -1,57 +0,0 @@
#!/usr/bin/env ruby
# frozen_string_literal: true
Warning[:deprecated] = false
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
require 'bundler/setup' # Set up gems listed in the Gemfile.
require 'redis'
require 'rubydns'
IN = Resolv::DNS::Resource::IN
INTERFACES = [
[:udp, '0.0.0.0', 53],
[:tcp, '0.0.0.0', 53],
].freeze
DYN_DOMAIN_ROOT = 'dyn.crypto-libertarian.com'
DYN_DOMAIN_RE = /\A([^.]+)\.dyn\.crypto-libertarian\.com\z/.freeze
RubyDNS.run_server INTERFACES do
match DYN_DOMAIN_RE, IN::A do |tx, m|
redis = Redis.new url: ENV['REDIS_URL']
domain = "#{m[1]}.#{DYN_DOMAIN_ROOT}"
ip = redis.hget('ipv4s', domain).to_s.strip.freeze
ip = nil if ip.empty?
if ip.nil?
tx.fail! :NXDomain
else
tx.respond! ip
end
end
match DYN_DOMAIN_RE, IN::AAAA do |tx, m|
redis = Redis.new url: ENV['REDIS_URL']
domain = "#{m[1]}.#{DYN_DOMAIN_ROOT}"
ip = redis.hget('ipv6s', domain).to_s.strip.freeze
ip = nil if ip.empty?
if ip.nil?
tx.fail! :NXDomain
else
tx.respond! ip
end
end
otherwise do |tx|
tx.fail! :NXDomain
end
end

5
apps/report_ip/.gitignore vendored
View file

@ -1,5 +0,0 @@
/tmp/sockets/*
!/tmp/sockets/.keep
/tmp/pids/*
!/tmp/pids/.keep

1
apps/report_ip/.ruby-gemset
View file

@ -1 +0,0 @@
crypto_libertarian-report_ip

1
apps/report_ip/.ruby-version
View file

@ -1 +0,0 @@
ruby-2.7.0

9
apps/report_ip/Gemfile
View file

@ -1,9 +0,0 @@
# frozen_string_literal: true
source 'https://rubygems.org'
gem 'puma', '~> 4.3'
gem 'rack', '~> 2.2'
gem 'redis', '~> 4.1'
gem 'sinatra', '~> 2.0'
gem 'sinatra-contrib', '~> 2.0'

41
apps/report_ip/Gemfile.lock
View file

@ -1,41 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
backports (3.16.0)
multi_json (1.14.1)
mustermann (1.1.1)
ruby2_keywords (~> 0.0.1)
nio4r (2.5.2)
puma (4.3.1)
nio4r (~> 2.0)
rack (2.2.1)
rack-protection (2.0.8.1)
rack
redis (4.1.3)
ruby2_keywords (0.0.2)
sinatra (2.0.8.1)
mustermann (~> 1.0)
rack (~> 2.0)
rack-protection (= 2.0.8.1)
tilt (~> 2.0)
sinatra-contrib (2.0.8.1)
backports (>= 2.8.2)
multi_json
mustermann (~> 1.0)
rack-protection (= 2.0.8.1)
sinatra (= 2.0.8.1)
tilt (~> 2.0)
tilt (2.0.10)
PLATFORMS
ruby
DEPENDENCIES
puma (~> 4.3)
rack (~> 2.2)
redis (~> 4.1)
sinatra (~> 2.0)
sinatra-contrib (~> 2.0)
BUNDLED WITH
2.1.2

7
apps/report_ip/config.ru
View file

@ -1,7 +0,0 @@
# frozen_string_literal: true
# This file is used by Rack-based servers to start the application.
require_relative 'config/environment'
run CryptoLibertarian::ReportIP::Application

57
apps/report_ip/config/application.rb
View file

@ -1,57 +0,0 @@
# frozen_string_literal: true
require_relative 'boot'
# Require the gems listed in Gemfile.
Bundler.require
module CryptoLibertarian
module ReportIP
IPV4_RE = /\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/.freeze
IPV6_RE = /\A(((?=.*(::))(?!.*\3.+\3))\3?|[\dA-F]{1,4}:)([\dA-F]{1,4}(\3|:\b)|\2){5}(([\dA-F]{1,4}(\3|:\b|$)|\2){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})\z/i.freeze
class Application < Sinatra::Application
get '/' do
redis = Redis.new url: ENV['REDIS_URL']
json(
redis.hgetall('secrets').keys.map do |domain|
[
domain,
{
ipv4: redis.hget('ipv4s', domain),
ipv6: redis.hget('ipv6s', domain),
},
]
end.to_h,
)
end
post '/:domain/:secret' do
redis = Redis.new url: ENV['REDIS_URL']
domain = params[:domain].to_s.strip
got_secret = params[:secret].to_s.strip
expected_secret = redis.hget('secrets', domain).to_s.strip
if got_secret != expected_secret || expected_secret.empty?
halt 401, 'Unauthorized'
end
ip = request.ip.to_s.strip
ip = nil if ip.empty?
if IPV4_RE.match? ip
redis.hset 'ipv4s', domain, ip
json ipv4: ip
elsif IPV6_RE.match? ip
redis.hset 'ipv6s', domain, ip
json ipv6: ip
else
halt 500, 'Invalid IP address'
end
end
end
end
end

7
apps/report_ip/config/boot.rb
View file

@ -1,7 +0,0 @@
# frozen_string_literal: true
Warning[:deprecated] = false
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
require 'bundler/setup' # Set up gems listed in the Gemfile.

4
apps/report_ip/config/environment.rb
View file

@ -1,4 +0,0 @@
# frozen_string_literal: true
# Load the Sinatra application.
require_relative 'application'

36
apps/report_ip/config/puma/production.rb
View file

@ -1,36 +0,0 @@
# frozen_string_literal: true
root_dir = File.expand_path '../..', __dir__
# Specifies the number of `workers` to boot in clustered mode.
# Workers are forked webserver processes. If using threads and workers together
# the concurrency of the application would be max `threads` * `workers`.
# Workers do not work on JRuby or Windows (both of which do not support
# processes).
#
workers 1
# Puma can serve each request in a thread from an internal thread pool.
# The `threads` method setting takes two numbers: a minimum and maximum.
# Any libraries that use thread pools should be configured to match
# the maximum value specified for Puma. Default is set to 5 threads for minimum
# and maximum; this matches the default thread size of Active Record.
#
threads 5, 5
# Use the `preload_app!` method when specifying a `workers` number.
# This directive tells Puma to first boot the application and load code
# before forking the application. This takes advantage of Copy On Write
# process behavior so workers use less memory.
#
# preload_app!
# Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only
# accepted protocols.
#
bind "unix://#{File.join(root_dir, 'tmp', 'sockets', 'puma.sock')}"
# Use "path" as the file to store the server info state. This is
# used by "pumactl" to query and control the server.
#
state_path File.join(root_dir, 'tmp', 'pids', 'puma.state')

0
apps/report_ip/public/.keep
View file

0
apps/report_ip/tmp/pids/.keep
View file

0
apps/report_ip/tmp/sockets/.keep
View file

19
files/dyndns.service
View file

@ -1,19 +0,0 @@
[Unit]
After=network.target
Description=DynDns app
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/local/rvm/bin/rvm ruby-2.7.0@crypto_libertarian-dyndns do /opt/dyndns/exe/crypto_libertarian-dyndns
Group=dyndns
Restart=always
RestartSec=1
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=dyndns
Type=simple
User=dyndns
WorkingDirectory=/opt/dyndns
[Install]
WantedBy=multi-user.target

18
files/report_ip.service
View file

@ -1,18 +0,0 @@
[Unit]
After=network.target
Description=Report IP web app
[Service]
ExecStart=/usr/local/rvm/bin/rvm ruby-2.7.0@crypto_libertarian-report_ip do puma --environment production
Group=report_ip
Restart=always
RestartSec=1
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=report_ip
Type=simple
User=report_ip
WorkingDirectory=/opt/report_ip
[Install]
WantedBy=multi-user.target

BIN
files/wiki.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 20 KiB

22
inventories/production/host_vars/misc.crypto-libertarian.com.yml
View file

@ -11,15 +11,10 @@ ansible_become_pass: !vault |
common__certbot__cert_name: 'misc.crypto-libertarian.com'
common__certbot__cert_domains:
- 'misc.crypto-libertarian.com'
- 'report-ip.crypto-libertarian.com'
- 'pub.crypto-libertarian.com'
common__nginx__state: install
common__nginx__upstreams:
- name: report_ip
servers: ['unix:/opt/report_ip/tmp/sockets/puma.sock']
common__nginx__sites:
- type: listing
domain: 'pub.crypto-libertarian.com'
@ -27,20 +22,3 @@ common__nginx__sites:
key: '/etc/letsencrypt/live/misc.crypto-libertarian.com/privkey.pem'
ssl_conf: '/etc/letsencrypt/options-ssl-nginx.conf'
root: '/var/www/pub'
- type: origin
domain: 'report-ip.crypto-libertarian.com'
cert: '/etc/letsencrypt/live/misc.crypto-libertarian.com/fullchain.pem'
key: '/etc/letsencrypt/live/misc.crypto-libertarian.com/privkey.pem'
ssl_conf: '/etc/letsencrypt/options-ssl-nginx.conf'
root: '/opt/report_ip/public'
upstream: report_ip
external: true
rvm1_rvm_version: stable
rvm1_rvm_check_for_updates: true
rvm1_install_path: '/usr/local/rvm'
rvm1_install_flags: '--auto-dotfiles'
rvm1_user: root
rvm1_rubies: ['ruby-2.7.0']
rvm1_bundler_install: false

18
inventories/production/host_vars/rpi-01.dyn.crypto-libertarian.com.yml
View file

@ -1,18 +0,0 @@
---
ansible_become_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61643336663961373437313064316566373530343564306436313361323461363862313966326164
3737343662656563653961646364623833346466316235300a343734613461333234333234383061
62626432326363626466356261623266616134636533313339353438656363303237366363393234
3730363263393430390a666263313737656435616239353661623638396133653733323930656465
63306630616565346131306433353861306534393439633235396162653134393364343434323234
3737343066343365353939366261313766313938613037656363
report_ip_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
63316330323438396134336333393233326430373766323934343235376632303830616433366234
3961633964336435393665373765366662353135386563640a373161393734643535623431303135
66313164373965633464386637353837343162373335306236386662633631386338363963303831
6230663765373531360a313339306636396133636132633862353666663932613365393161353734
39616239633535336435653139396264363062663365393633663331343832646634616239336163
6539623130613937613537353638313736353039373130336239

4
inventories/production/hosts
View file

@ -1,6 +1,2 @@
git.crypto-libertarian.com
misc.crypto-libertarian.com
rpi-01.dyn.crypto-libertarian.com
[raspberrypi]
rpi-01.dyn.crypto-libertarian.com

158
playbooks/deploy/misc.yml
View file

@ -7,12 +7,7 @@
cache_valid_time: 86400
roles:
- kotovalexarian.common
- rvm.ruby
tasks:
- name: Install system packages
apt:
name: redis-server
- name: Create directory for publications
file:
state: directory
@ -20,156 +15,3 @@
owner: root
group: root
mode: 'u=rwx,g=rx,o=rx'
- name: Create system group
group:
name: '{{ item }}'
system: true
with_items:
- report_ip
- dyndns
- name: Create system user
user:
name: '{{ item }}'
group: '{{ item }}'
system: true
create_home: false
with_items:
- report_ip
- dyndns
- name: Check RVM gemset
shell: >
/bin/bash --login -c
'rvm use ruby-2.7.0@crypto_libertarian-report_ip'
ignore_errors: true
register: check_rvm_gemset_result_for_report_ip
changed_when: false
- name: Check RVM gemset
shell: >
/bin/bash --login -c
'rvm use ruby-2.7.0@crypto_libertarian-dyndns'
ignore_errors: true
register: check_rvm_gemset_result_for_dyndns
changed_when: false
- name: Create RVM gemset
shell: >
/bin/bash --login -c
'rvm use ruby-2.7.0@crypto_libertarian-report_ip --create'
when: check_rvm_gemset_result_for_report_ip.rc != 0
- name: Create RVM gemset
shell: >
/bin/bash --login -c
'rvm use ruby-2.7.0@crypto_libertarian-dyndns --create'
when: check_rvm_gemset_result_for_dyndns.rc != 0
- name: Check Bundler
shell: >
/bin/bash --login -c
"rvm ruby-2.7.0@crypto_libertarian-report_ip do
gem info bundler --installed --version '~> 2.0'"
ignore_errors: true
register: check_bundler_result_for_report_ip
changed_when: false
- name: Check Bundler
shell: >
/bin/bash --login -c
"rvm ruby-2.7.0@crypto_libertarian-dyndns do
gem info bundler --installed --version '~> 2.0'"
ignore_errors: true
register: check_bundler_result_for_dyndns
changed_when: false
- name: Install Bundler
shell: >
/bin/bash --login -c
"rvm ruby-2.7.0@crypto_libertarian-report_ip do
gem install bundler -v '~> 2.0'"
when: check_bundler_result_for_report_ip.rc != 0
- name: Install Bundler
shell: >
/bin/bash --login -c
"rvm ruby-2.7.0@crypto_libertarian-dyndns do
gem install bundler -v '~> 2.0'"
when: check_bundler_result_for_dyndns.rc != 0
- name: Copy application
copy:
src: '../../apps/{{ item }}/'
dest: '/opt/{{ item }}/'
owner: '{{ item }}'
group: '{{ item }}'
with_items:
- report_ip
- dyndns
- name: Copy executable
copy:
src: ../../apps/dyndns/exe/crypto_libertarian-dyndns
dest: /opt/dyndns/exe/crypto_libertarian-dyndns
owner: dyndns
group: dyndns
mode: 'u=rwx,g=rx,o=rx'
- name: Install gems
shell: >
/bin/bash --login -c
"rvm ruby-2.7.0@crypto_libertarian-{{ item }} do
bundle install --gemfile /opt/{{ item }}/Gemfile"
changed_when: false
with_items:
- report_ip
- dyndns
- name: Install systemd service "report_ip"
copy:
src: ../../files/report_ip.service
dest: /etc/systemd/system/report_ip.service
owner: root
group: root
mode: 'u=rw,g=r,o=r'
register: install_systemd_service_result_for_report_ip
- name: Install systemd service "dyndns"
copy:
src: ../../files/dyndns.service
dest: /etc/systemd/system/dyndns.service
owner: root
group: root
mode: 'u=rw,g=r,o=r'
register: install_systemd_service_result_for_dyndns
- name: Disable and stop systemd service "systemd-resolved"
systemd:
name: systemd-resolved.service
enabled: false
state: stopped
- name: Update systemd service "report_ip"
systemd:
daemon_reload: true
name: report_ip.service
enabled: true
when: install_systemd_service_result_for_report_ip.changed
- name: Update systemd service "dyndns"
systemd:
daemon_reload: true
name: dyndns.service
enabled: true
when: install_systemd_service_result_for_dyndns.changed
- name: Restart systemd service
systemd:
name: '{{ item }}.service'
state: restarted
changed_when: false
with_items:
- report_ip
- dyndns

21
playbooks/deploy/raspberrypi.yml
View file

@ -1,21 +0,0 @@
---
- hosts: raspberrypi
module_defaults:
apt:
force_apt_get: true
update_cache: true
cache_valid_time: 86400
roles:
- kotovalexarian.common
tasks:
- name: Install system packages
apt:
name: miniupnpc
- name: Install cron jobs
template:
src: ../../templates/crypto_libertarian.cron
dest: /etc/cron.d/crypto_libertarian
owner: root
group: root
mode: 'u=rw,g=r,o='

3
playbooks/deploy/site.yml
View file

@ -1,6 +1,3 @@
---
- import_playbook: git.yml
- import_playbook: misc.yml
- import_playbook: raspberrypi.yml
tags: rpi

2
requirements.yml
View file

@ -1,5 +1,3 @@
---
- src: kotovalexarian.common
version: v0.0.34
- src: rvm.ruby
version: v2.1.2

2
templates/crypto_libertarian.cron
View file

@ -1,2 +0,0 @@
* * * * * root /usr/bin/curl -X POST -d '' "https://report-ip.crypto-libertarian.com/$(hostname)/{{ report_ip_secret }}"
* * * * * root /usr/bin/upnpc -r {{ ansible_port }} tcp