diff --git a/apps/dyndns/.ruby-gemset b/apps/dyndns/.ruby-gemset deleted file mode 100644 index 89ee9a0..0000000 --- a/apps/dyndns/.ruby-gemset +++ /dev/null @@ -1 +0,0 @@ -crypto_libertarian-dyndns diff --git a/apps/dyndns/.ruby-version b/apps/dyndns/.ruby-version deleted file mode 100644 index ccfb6ef..0000000 --- a/apps/dyndns/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -ruby-2.7.0 diff --git a/apps/dyndns/Gemfile b/apps/dyndns/Gemfile deleted file mode 100644 index b4c3d49..0000000 --- a/apps/dyndns/Gemfile +++ /dev/null @@ -1,6 +0,0 @@ -# frozen_string_literal: true - -source 'https://rubygems.org' - -gem 'redis', '~> 4.1' -gem 'rubydns', '~> 2.0' diff --git a/apps/dyndns/Gemfile.lock b/apps/dyndns/Gemfile.lock deleted file mode 100644 index f96124a..0000000 --- a/apps/dyndns/Gemfile.lock +++ /dev/null @@ -1,27 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - async (1.24.2) - console (~> 1.0) - nio4r (~> 2.3) - timers (~> 4.1) - async-dns (1.2.5) - async-io (~> 1.15) - async-io (1.27.3) - async (~> 1.14) - console (1.8.1) - nio4r (2.5.2) - redis (4.1.3) - rubydns (2.0.2) - async-dns (~> 1.0) - timers (4.3.0) - -PLATFORMS - ruby - -DEPENDENCIES - redis (~> 4.1) - rubydns (~> 2.0) - -BUNDLED WITH - 2.1.2 diff --git a/apps/dyndns/exe/crypto_libertarian-dyndns b/apps/dyndns/exe/crypto_libertarian-dyndns deleted file mode 100755 index 6849bbc..0000000 --- a/apps/dyndns/exe/crypto_libertarian-dyndns +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true - -Warning[:deprecated] = false - -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) - -require 'bundler/setup' # Set up gems listed in the Gemfile. - -require 'redis' -require 'rubydns' - -IN = Resolv::DNS::Resource::IN - -INTERFACES = [ - [:udp, '0.0.0.0', 53], - [:tcp, '0.0.0.0', 53], -].freeze - -DYN_DOMAIN_ROOT = 'dyn.crypto-libertarian.com' -DYN_DOMAIN_RE = /\A([^.]+)\.dyn\.crypto-libertarian\.com\z/.freeze - -RubyDNS.run_server INTERFACES do - match DYN_DOMAIN_RE, IN::A do |tx, m| - redis = Redis.new url: ENV['REDIS_URL'] - - domain = "#{m[1]}.#{DYN_DOMAIN_ROOT}" - - ip = redis.hget('ipv4s', domain).to_s.strip.freeze - ip = nil if ip.empty? - - if ip.nil? - tx.fail! :NXDomain - else - tx.respond! ip - end - end - - match DYN_DOMAIN_RE, IN::AAAA do |tx, m| - redis = Redis.new url: ENV['REDIS_URL'] - - domain = "#{m[1]}.#{DYN_DOMAIN_ROOT}" - - ip = redis.hget('ipv6s', domain).to_s.strip.freeze - ip = nil if ip.empty? - - if ip.nil? - tx.fail! :NXDomain - else - tx.respond! ip - end - end - - otherwise do |tx| - tx.fail! :NXDomain - end -end diff --git a/apps/report_ip/.gitignore b/apps/report_ip/.gitignore deleted file mode 100644 index 7fdc976..0000000 --- a/apps/report_ip/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -/tmp/sockets/* -!/tmp/sockets/.keep - -/tmp/pids/* -!/tmp/pids/.keep diff --git a/apps/report_ip/.ruby-gemset b/apps/report_ip/.ruby-gemset deleted file mode 100644 index e761ec5..0000000 --- a/apps/report_ip/.ruby-gemset +++ /dev/null @@ -1 +0,0 @@ -crypto_libertarian-report_ip diff --git a/apps/report_ip/.ruby-version b/apps/report_ip/.ruby-version deleted file mode 100644 index ccfb6ef..0000000 --- a/apps/report_ip/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -ruby-2.7.0 diff --git a/apps/report_ip/Gemfile b/apps/report_ip/Gemfile deleted file mode 100644 index fe6c0cd..0000000 --- a/apps/report_ip/Gemfile +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -source 'https://rubygems.org' - -gem 'puma', '~> 4.3' -gem 'rack', '~> 2.2' -gem 'redis', '~> 4.1' -gem 'sinatra', '~> 2.0' -gem 'sinatra-contrib', '~> 2.0' diff --git a/apps/report_ip/Gemfile.lock b/apps/report_ip/Gemfile.lock deleted file mode 100644 index 119cf70..0000000 --- a/apps/report_ip/Gemfile.lock +++ /dev/null @@ -1,41 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - backports (3.16.0) - multi_json (1.14.1) - mustermann (1.1.1) - ruby2_keywords (~> 0.0.1) - nio4r (2.5.2) - puma (4.3.1) - nio4r (~> 2.0) - rack (2.2.1) - rack-protection (2.0.8.1) - rack - redis (4.1.3) - ruby2_keywords (0.0.2) - sinatra (2.0.8.1) - mustermann (~> 1.0) - rack (~> 2.0) - rack-protection (= 2.0.8.1) - tilt (~> 2.0) - sinatra-contrib (2.0.8.1) - backports (>= 2.8.2) - multi_json - mustermann (~> 1.0) - rack-protection (= 2.0.8.1) - sinatra (= 2.0.8.1) - tilt (~> 2.0) - tilt (2.0.10) - -PLATFORMS - ruby - -DEPENDENCIES - puma (~> 4.3) - rack (~> 2.2) - redis (~> 4.1) - sinatra (~> 2.0) - sinatra-contrib (~> 2.0) - -BUNDLED WITH - 2.1.2 diff --git a/apps/report_ip/config.ru b/apps/report_ip/config.ru deleted file mode 100644 index 3228f1c..0000000 --- a/apps/report_ip/config.ru +++ /dev/null @@ -1,7 +0,0 @@ -# frozen_string_literal: true - -# This file is used by Rack-based servers to start the application. - -require_relative 'config/environment' - -run CryptoLibertarian::ReportIP::Application diff --git a/apps/report_ip/config/application.rb b/apps/report_ip/config/application.rb deleted file mode 100644 index 99cd639..0000000 --- a/apps/report_ip/config/application.rb +++ /dev/null @@ -1,57 +0,0 @@ -# frozen_string_literal: true - -require_relative 'boot' - -# Require the gems listed in Gemfile. -Bundler.require - -module CryptoLibertarian - module ReportIP - IPV4_RE = /\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/.freeze - IPV6_RE = /\A(((?=.*(::))(?!.*\3.+\3))\3?|[\dA-F]{1,4}:)([\dA-F]{1,4}(\3|:\b)|\2){5}(([\dA-F]{1,4}(\3|:\b|$)|\2){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})\z/i.freeze - - class Application < Sinatra::Application - get '/' do - redis = Redis.new url: ENV['REDIS_URL'] - - json( - redis.hgetall('secrets').keys.map do |domain| - [ - domain, - { - ipv4: redis.hget('ipv4s', domain), - ipv6: redis.hget('ipv6s', domain), - }, - ] - end.to_h, - ) - end - - post '/:domain/:secret' do - redis = Redis.new url: ENV['REDIS_URL'] - - domain = params[:domain].to_s.strip - got_secret = params[:secret].to_s.strip - - expected_secret = redis.hget('secrets', domain).to_s.strip - - if got_secret != expected_secret || expected_secret.empty? - halt 401, 'Unauthorized' - end - - ip = request.ip.to_s.strip - ip = nil if ip.empty? - - if IPV4_RE.match? ip - redis.hset 'ipv4s', domain, ip - json ipv4: ip - elsif IPV6_RE.match? ip - redis.hset 'ipv6s', domain, ip - json ipv6: ip - else - halt 500, 'Invalid IP address' - end - end - end - end -end diff --git a/apps/report_ip/config/boot.rb b/apps/report_ip/config/boot.rb deleted file mode 100644 index 7a2e071..0000000 --- a/apps/report_ip/config/boot.rb +++ /dev/null @@ -1,7 +0,0 @@ -# frozen_string_literal: true - -Warning[:deprecated] = false - -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) - -require 'bundler/setup' # Set up gems listed in the Gemfile. diff --git a/apps/report_ip/config/environment.rb b/apps/report_ip/config/environment.rb deleted file mode 100644 index 9dcbc35..0000000 --- a/apps/report_ip/config/environment.rb +++ /dev/null @@ -1,4 +0,0 @@ -# frozen_string_literal: true - -# Load the Sinatra application. -require_relative 'application' diff --git a/apps/report_ip/config/puma/production.rb b/apps/report_ip/config/puma/production.rb deleted file mode 100644 index ff8f28f..0000000 --- a/apps/report_ip/config/puma/production.rb +++ /dev/null @@ -1,36 +0,0 @@ -# frozen_string_literal: true - -root_dir = File.expand_path '../..', __dir__ - -# Specifies the number of `workers` to boot in clustered mode. -# Workers are forked webserver processes. If using threads and workers together -# the concurrency of the application would be max `threads` * `workers`. -# Workers do not work on JRuby or Windows (both of which do not support -# processes). -# -workers 1 - -# Puma can serve each request in a thread from an internal thread pool. -# The `threads` method setting takes two numbers: a minimum and maximum. -# Any libraries that use thread pools should be configured to match -# the maximum value specified for Puma. Default is set to 5 threads for minimum -# and maximum; this matches the default thread size of Active Record. -# -threads 5, 5 - -# Use the `preload_app!` method when specifying a `workers` number. -# This directive tells Puma to first boot the application and load code -# before forking the application. This takes advantage of Copy On Write -# process behavior so workers use less memory. -# -# preload_app! - -# Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only -# accepted protocols. -# -bind "unix://#{File.join(root_dir, 'tmp', 'sockets', 'puma.sock')}" - -# Use "path" as the file to store the server info state. This is -# used by "pumactl" to query and control the server. -# -state_path File.join(root_dir, 'tmp', 'pids', 'puma.state') diff --git a/apps/report_ip/public/.keep b/apps/report_ip/public/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/apps/report_ip/tmp/pids/.keep b/apps/report_ip/tmp/pids/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/apps/report_ip/tmp/sockets/.keep b/apps/report_ip/tmp/sockets/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/files/dyndns.service b/files/dyndns.service deleted file mode 100644 index 2ba70a6..0000000 --- a/files/dyndns.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -After=network.target -Description=DynDns app - -[Service] -AmbientCapabilities=CAP_NET_BIND_SERVICE -ExecStart=/usr/local/rvm/bin/rvm ruby-2.7.0@crypto_libertarian-dyndns do /opt/dyndns/exe/crypto_libertarian-dyndns -Group=dyndns -Restart=always -RestartSec=1 -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=dyndns -Type=simple -User=dyndns -WorkingDirectory=/opt/dyndns - -[Install] -WantedBy=multi-user.target diff --git a/files/report_ip.service b/files/report_ip.service deleted file mode 100644 index 42392c8..0000000 --- a/files/report_ip.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -After=network.target -Description=Report IP web app - -[Service] -ExecStart=/usr/local/rvm/bin/rvm ruby-2.7.0@crypto_libertarian-report_ip do puma --environment production -Group=report_ip -Restart=always -RestartSec=1 -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=report_ip -Type=simple -User=report_ip -WorkingDirectory=/opt/report_ip - -[Install] -WantedBy=multi-user.target diff --git a/files/wiki.jpg b/files/wiki.jpg deleted file mode 100644 index 2b96681..0000000 Binary files a/files/wiki.jpg and /dev/null differ diff --git a/inventories/production/host_vars/misc.crypto-libertarian.com.yml b/inventories/production/host_vars/misc.crypto-libertarian.com.yml index f3c1d9f..87ee9a0 100644 --- a/inventories/production/host_vars/misc.crypto-libertarian.com.yml +++ b/inventories/production/host_vars/misc.crypto-libertarian.com.yml @@ -11,15 +11,10 @@ ansible_become_pass: !vault | common__certbot__cert_name: 'misc.crypto-libertarian.com' common__certbot__cert_domains: - 'misc.crypto-libertarian.com' - - 'report-ip.crypto-libertarian.com' - 'pub.crypto-libertarian.com' common__nginx__state: install -common__nginx__upstreams: - - name: report_ip - servers: ['unix:/opt/report_ip/tmp/sockets/puma.sock'] - common__nginx__sites: - type: listing domain: 'pub.crypto-libertarian.com' @@ -27,20 +22,3 @@ common__nginx__sites: key: '/etc/letsencrypt/live/misc.crypto-libertarian.com/privkey.pem' ssl_conf: '/etc/letsencrypt/options-ssl-nginx.conf' root: '/var/www/pub' - - - type: origin - domain: 'report-ip.crypto-libertarian.com' - cert: '/etc/letsencrypt/live/misc.crypto-libertarian.com/fullchain.pem' - key: '/etc/letsencrypt/live/misc.crypto-libertarian.com/privkey.pem' - ssl_conf: '/etc/letsencrypt/options-ssl-nginx.conf' - root: '/opt/report_ip/public' - upstream: report_ip - external: true - -rvm1_rvm_version: stable -rvm1_rvm_check_for_updates: true -rvm1_install_path: '/usr/local/rvm' -rvm1_install_flags: '--auto-dotfiles' -rvm1_user: root -rvm1_rubies: ['ruby-2.7.0'] -rvm1_bundler_install: false diff --git a/inventories/production/host_vars/rpi-01.dyn.crypto-libertarian.com.yml b/inventories/production/host_vars/rpi-01.dyn.crypto-libertarian.com.yml deleted file mode 100644 index 617c50e..0000000 --- a/inventories/production/host_vars/rpi-01.dyn.crypto-libertarian.com.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -ansible_become_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61643336663961373437313064316566373530343564306436313361323461363862313966326164 - 3737343662656563653961646364623833346466316235300a343734613461333234333234383061 - 62626432326363626466356261623266616134636533313339353438656363303237366363393234 - 3730363263393430390a666263313737656435616239353661623638396133653733323930656465 - 63306630616565346131306433353861306534393439633235396162653134393364343434323234 - 3737343066343365353939366261313766313938613037656363 - -report_ip_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63316330323438396134336333393233326430373766323934343235376632303830616433366234 - 3961633964336435393665373765366662353135386563640a373161393734643535623431303135 - 66313164373965633464386637353837343162373335306236386662633631386338363963303831 - 6230663765373531360a313339306636396133636132633862353666663932613365393161353734 - 39616239633535336435653139396264363062663365393633663331343832646634616239336163 - 6539623130613937613537353638313736353039373130336239 diff --git a/inventories/production/hosts b/inventories/production/hosts index 0957142..fa1ba9d 100644 --- a/inventories/production/hosts +++ b/inventories/production/hosts @@ -1,6 +1,2 @@ git.crypto-libertarian.com misc.crypto-libertarian.com -rpi-01.dyn.crypto-libertarian.com - -[raspberrypi] -rpi-01.dyn.crypto-libertarian.com diff --git a/playbooks/deploy/misc.yml b/playbooks/deploy/misc.yml index 0e0c2ba..c4b2cf4 100644 --- a/playbooks/deploy/misc.yml +++ b/playbooks/deploy/misc.yml @@ -7,12 +7,7 @@ cache_valid_time: 86400 roles: - kotovalexarian.common - - rvm.ruby tasks: - - name: Install system packages - apt: - name: redis-server - - name: Create directory for publications file: state: directory @@ -20,156 +15,3 @@ owner: root group: root mode: 'u=rwx,g=rx,o=rx' - - - name: Create system group - group: - name: '{{ item }}' - system: true - with_items: - - report_ip - - dyndns - - - name: Create system user - user: - name: '{{ item }}' - group: '{{ item }}' - system: true - create_home: false - with_items: - - report_ip - - dyndns - - - name: Check RVM gemset - shell: > - /bin/bash --login -c - 'rvm use ruby-2.7.0@crypto_libertarian-report_ip' - ignore_errors: true - register: check_rvm_gemset_result_for_report_ip - changed_when: false - - - name: Check RVM gemset - shell: > - /bin/bash --login -c - 'rvm use ruby-2.7.0@crypto_libertarian-dyndns' - ignore_errors: true - register: check_rvm_gemset_result_for_dyndns - changed_when: false - - - name: Create RVM gemset - shell: > - /bin/bash --login -c - 'rvm use ruby-2.7.0@crypto_libertarian-report_ip --create' - when: check_rvm_gemset_result_for_report_ip.rc != 0 - - - name: Create RVM gemset - shell: > - /bin/bash --login -c - 'rvm use ruby-2.7.0@crypto_libertarian-dyndns --create' - when: check_rvm_gemset_result_for_dyndns.rc != 0 - - - name: Check Bundler - shell: > - /bin/bash --login -c - "rvm ruby-2.7.0@crypto_libertarian-report_ip do - gem info bundler --installed --version '~> 2.0'" - ignore_errors: true - register: check_bundler_result_for_report_ip - changed_when: false - - - name: Check Bundler - shell: > - /bin/bash --login -c - "rvm ruby-2.7.0@crypto_libertarian-dyndns do - gem info bundler --installed --version '~> 2.0'" - ignore_errors: true - register: check_bundler_result_for_dyndns - changed_when: false - - - name: Install Bundler - shell: > - /bin/bash --login -c - "rvm ruby-2.7.0@crypto_libertarian-report_ip do - gem install bundler -v '~> 2.0'" - when: check_bundler_result_for_report_ip.rc != 0 - - - name: Install Bundler - shell: > - /bin/bash --login -c - "rvm ruby-2.7.0@crypto_libertarian-dyndns do - gem install bundler -v '~> 2.0'" - when: check_bundler_result_for_dyndns.rc != 0 - - - name: Copy application - copy: - src: '../../apps/{{ item }}/' - dest: '/opt/{{ item }}/' - owner: '{{ item }}' - group: '{{ item }}' - with_items: - - report_ip - - dyndns - - - name: Copy executable - copy: - src: ../../apps/dyndns/exe/crypto_libertarian-dyndns - dest: /opt/dyndns/exe/crypto_libertarian-dyndns - owner: dyndns - group: dyndns - mode: 'u=rwx,g=rx,o=rx' - - - name: Install gems - shell: > - /bin/bash --login -c - "rvm ruby-2.7.0@crypto_libertarian-{{ item }} do - bundle install --gemfile /opt/{{ item }}/Gemfile" - changed_when: false - with_items: - - report_ip - - dyndns - - - name: Install systemd service "report_ip" - copy: - src: ../../files/report_ip.service - dest: /etc/systemd/system/report_ip.service - owner: root - group: root - mode: 'u=rw,g=r,o=r' - register: install_systemd_service_result_for_report_ip - - - name: Install systemd service "dyndns" - copy: - src: ../../files/dyndns.service - dest: /etc/systemd/system/dyndns.service - owner: root - group: root - mode: 'u=rw,g=r,o=r' - register: install_systemd_service_result_for_dyndns - - - name: Disable and stop systemd service "systemd-resolved" - systemd: - name: systemd-resolved.service - enabled: false - state: stopped - - - name: Update systemd service "report_ip" - systemd: - daemon_reload: true - name: report_ip.service - enabled: true - when: install_systemd_service_result_for_report_ip.changed - - - name: Update systemd service "dyndns" - systemd: - daemon_reload: true - name: dyndns.service - enabled: true - when: install_systemd_service_result_for_dyndns.changed - - - name: Restart systemd service - systemd: - name: '{{ item }}.service' - state: restarted - changed_when: false - with_items: - - report_ip - - dyndns diff --git a/playbooks/deploy/raspberrypi.yml b/playbooks/deploy/raspberrypi.yml deleted file mode 100644 index 530d2b7..0000000 --- a/playbooks/deploy/raspberrypi.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: raspberrypi - module_defaults: - apt: - force_apt_get: true - update_cache: true - cache_valid_time: 86400 - roles: - - kotovalexarian.common - tasks: - - name: Install system packages - apt: - name: miniupnpc - - - name: Install cron jobs - template: - src: ../../templates/crypto_libertarian.cron - dest: /etc/cron.d/crypto_libertarian - owner: root - group: root - mode: 'u=rw,g=r,o=' diff --git a/playbooks/deploy/site.yml b/playbooks/deploy/site.yml index 56e4f12..7cdd95d 100644 --- a/playbooks/deploy/site.yml +++ b/playbooks/deploy/site.yml @@ -1,6 +1,3 @@ --- - import_playbook: git.yml - import_playbook: misc.yml - -- import_playbook: raspberrypi.yml - tags: rpi diff --git a/requirements.yml b/requirements.yml index 790967f..8dbdf1a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,5 +1,3 @@ --- - src: kotovalexarian.common version: v0.0.34 -- src: rvm.ruby - version: v2.1.2 diff --git a/templates/crypto_libertarian.cron b/templates/crypto_libertarian.cron deleted file mode 100644 index 6e7df5c..0000000 --- a/templates/crypto_libertarian.cron +++ /dev/null @@ -1,2 +0,0 @@ -* * * * * root /usr/bin/curl -X POST -d '' "https://report-ip.crypto-libertarian.com/$(hostname)/{{ report_ip_secret }}" -* * * * * root /usr/bin/upnpc -r {{ ansible_port }} tcp