Remove host "rpi-01.dyn.crypto-libertarian.com" and unnecessary code

2020-07-01 06:01:48 +05:00 · 2020-07-01 06:01:48 +05:00 · 49384338d2
commit 49384338d2
parent 07d887c09c
29 changed files with 0 additions and 527 deletions
--- a/apps/dyndns/.ruby-gemset
+++ b/apps/dyndns/.ruby-gemset
@ -1 +0,0 @@
 crypto_libertarian-dyndns
--- a/apps/dyndns/.ruby-version
+++ b/apps/dyndns/.ruby-version
@ -1 +0,0 @@
 ruby-2.7.0
--- a/apps/dyndns/Gemfile
+++ b/apps/dyndns/Gemfile
@ -1,6 +0,0 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
 gem 'redis', '~> 4.1'
 gem 'rubydns', '~> 2.0'
--- a/apps/dyndns/Gemfile.lock
+++ b/apps/dyndns/Gemfile.lock
@ -1,27 +0,0 @@
 GEM
  remote: https://rubygems.org/
  specs:
    async (1.24.2)
      console (~> 1.0)
      nio4r (~> 2.3)
      timers (~> 4.1)
    async-dns (1.2.5)
      async-io (~> 1.15)
    async-io (1.27.3)
      async (~> 1.14)
    console (1.8.1)
    nio4r (2.5.2)
    redis (4.1.3)
    rubydns (2.0.2)
      async-dns (~> 1.0)
    timers (4.3.0)
 PLATFORMS
  ruby
 DEPENDENCIES
  redis (~> 4.1)
  rubydns (~> 2.0)
 BUNDLED WITH
   2.1.2
--- a/apps/dyndns/exe/crypto_libertarian-dyndns
+++ b/apps/dyndns/exe/crypto_libertarian-dyndns
@ -1,57 +0,0 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 Warning[:deprecated] = false
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
 require 'bundler/setup' # Set up gems listed in the Gemfile.
 require 'redis'
 require 'rubydns'
 IN = Resolv::DNS::Resource::IN
 INTERFACES = [
  [:udp, '0.0.0.0', 53],
  [:tcp, '0.0.0.0', 53],
 ].freeze
 DYN_DOMAIN_ROOT = 'dyn.crypto-libertarian.com'
 DYN_DOMAIN_RE = /\A([^.]+)\.dyn\.crypto-libertarian\.com\z/.freeze
 RubyDNS.run_server INTERFACES do
  match DYN_DOMAIN_RE, IN::A do |tx, m|
    redis = Redis.new url: ENV['REDIS_URL']
    domain = "#{m[1]}.#{DYN_DOMAIN_ROOT}"
    ip = redis.hget('ipv4s', domain).to_s.strip.freeze
    ip = nil if ip.empty?
    if ip.nil?
      tx.fail! :NXDomain
    else
      tx.respond! ip
    end
  end
  match DYN_DOMAIN_RE, IN::AAAA do |tx, m|
    redis = Redis.new url: ENV['REDIS_URL']
    domain = "#{m[1]}.#{DYN_DOMAIN_ROOT}"
    ip = redis.hget('ipv6s', domain).to_s.strip.freeze
    ip = nil if ip.empty?
    if ip.nil?
      tx.fail! :NXDomain
    else
      tx.respond! ip
    end
  end
  otherwise do |tx|
    tx.fail! :NXDomain
  end
 end
--- a/apps/report_ip/.gitignore
+++ b/apps/report_ip/.gitignore
@ -1,5 +0,0 @@
 /tmp/sockets/*
 !/tmp/sockets/.keep
 /tmp/pids/*
 !/tmp/pids/.keep
--- a/apps/report_ip/.ruby-gemset
+++ b/apps/report_ip/.ruby-gemset
@ -1 +0,0 @@
 crypto_libertarian-report_ip
--- a/apps/report_ip/.ruby-version
+++ b/apps/report_ip/.ruby-version
@ -1 +0,0 @@
 ruby-2.7.0
--- a/apps/report_ip/Gemfile
+++ b/apps/report_ip/Gemfile
@ -1,9 +0,0 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
 gem 'puma', '~> 4.3'
 gem 'rack', '~> 2.2'
 gem 'redis', '~> 4.1'
 gem 'sinatra', '~> 2.0'
 gem 'sinatra-contrib', '~> 2.0'
--- a/apps/report_ip/Gemfile.lock
+++ b/apps/report_ip/Gemfile.lock
@ -1,41 +0,0 @@
 GEM
  remote: https://rubygems.org/
  specs:
    backports (3.16.0)
    multi_json (1.14.1)
    mustermann (1.1.1)
      ruby2_keywords (~> 0.0.1)
    nio4r (2.5.2)
    puma (4.3.1)
      nio4r (~> 2.0)
    rack (2.2.1)
    rack-protection (2.0.8.1)
      rack
    redis (4.1.3)
    ruby2_keywords (0.0.2)
    sinatra (2.0.8.1)
      mustermann (~> 1.0)
      rack (~> 2.0)
      rack-protection (= 2.0.8.1)
      tilt (~> 2.0)
    sinatra-contrib (2.0.8.1)
      backports (>= 2.8.2)
      multi_json
      mustermann (~> 1.0)
      rack-protection (= 2.0.8.1)
      sinatra (= 2.0.8.1)
      tilt (~> 2.0)
    tilt (2.0.10)
 PLATFORMS
  ruby
 DEPENDENCIES
  puma (~> 4.3)
  rack (~> 2.2)
  redis (~> 4.1)
  sinatra (~> 2.0)
  sinatra-contrib (~> 2.0)
 BUNDLED WITH
   2.1.2
--- a/apps/report_ip/config.ru
+++ b/apps/report_ip/config.ru
@ -1,7 +0,0 @@
 # frozen_string_literal: true
 # This file is used by Rack-based servers to start the application.
 require_relative 'config/environment'
 run CryptoLibertarian::ReportIP::Application
--- a/apps/report_ip/config/application.rb
+++ b/apps/report_ip/config/application.rb
@ -1,57 +0,0 @@
 # frozen_string_literal: true
 require_relative 'boot'
 # Require the gems listed in Gemfile.
 Bundler.require
 module CryptoLibertarian
  module ReportIP
    IPV4_RE = /\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/.freeze
    IPV6_RE = /\A(((?=.*(::))(?!.*\3.+\3))\3?|[\dA-F]{1,4}:)([\dA-F]{1,4}(\3|:\b)|\2){5}(([\dA-F]{1,4}(\3|:\b|$)|\2){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})\z/i.freeze
    class Application < Sinatra::Application
      get '/' do
        redis = Redis.new url: ENV['REDIS_URL']
        json(
          redis.hgetall('secrets').keys.map do |domain|
            [
              domain,
              {
                ipv4: redis.hget('ipv4s', domain),
                ipv6: redis.hget('ipv6s', domain),
              },
            ]
          end.to_h,
        )
      end
      post '/:domain/:secret' do
        redis = Redis.new url: ENV['REDIS_URL']
        domain = params[:domain].to_s.strip
        got_secret = params[:secret].to_s.strip
        expected_secret = redis.hget('secrets', domain).to_s.strip
        if got_secret != expected_secret || expected_secret.empty?
          halt 401, 'Unauthorized'
        end
        ip = request.ip.to_s.strip
        ip = nil if ip.empty?
        if IPV4_RE.match? ip
          redis.hset 'ipv4s', domain, ip
          json ipv4: ip
        elsif IPV6_RE.match? ip
          redis.hset 'ipv6s', domain, ip
          json ipv6: ip
        else
          halt 500, 'Invalid IP address'
        end
      end
    end
  end
 end
--- a/apps/report_ip/config/boot.rb
+++ b/apps/report_ip/config/boot.rb
@ -1,7 +0,0 @@
 # frozen_string_literal: true
 Warning[:deprecated] = false
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
 require 'bundler/setup' # Set up gems listed in the Gemfile.
--- a/apps/report_ip/config/environment.rb
+++ b/apps/report_ip/config/environment.rb
@ -1,4 +0,0 @@
 # frozen_string_literal: true
 # Load the Sinatra application.
 require_relative 'application'
--- a/apps/report_ip/config/puma/production.rb
+++ b/apps/report_ip/config/puma/production.rb
@ -1,36 +0,0 @@
 # frozen_string_literal: true
 root_dir = File.expand_path '../..', __dir__
 # Specifies the number of `workers` to boot in clustered mode.
 # Workers are forked webserver processes. If using threads and workers together
 # the concurrency of the application would be max `threads` * `workers`.
 # Workers do not work on JRuby or Windows (both of which do not support
 # processes).
 #
 workers 1
 # Puma can serve each request in a thread from an internal thread pool.
 # The `threads` method setting takes two numbers: a minimum and maximum.
 # Any libraries that use thread pools should be configured to match
 # the maximum value specified for Puma. Default is set to 5 threads for minimum
 # and maximum; this matches the default thread size of Active Record.
 #
 threads 5, 5
 # Use the `preload_app!` method when specifying a `workers` number.
 # This directive tells Puma to first boot the application and load code
 # before forking the application. This takes advantage of Copy On Write
 # process behavior so workers use less memory.
 #
 # preload_app!
 # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only
 # accepted protocols.
 #
 bind "unix://#{File.join(root_dir, 'tmp', 'sockets', 'puma.sock')}"
 # Use "path" as the file to store the server info state. This is
 # used by "pumactl" to query and control the server.
 #
 state_path File.join(root_dir, 'tmp', 'pids', 'puma.state')
--- a/apps/report_ip/public/.keep
+++ b/apps/report_ip/public/.keep
--- a/apps/report_ip/tmp/pids/.keep
+++ b/apps/report_ip/tmp/pids/.keep
--- a/apps/report_ip/tmp/sockets/.keep
+++ b/apps/report_ip/tmp/sockets/.keep
--- a/files/dyndns.service
+++ b/files/dyndns.service
@ -1,19 +0,0 @@
 [Unit]
 After=network.target
 Description=DynDns app
 [Service]
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecStart=/usr/local/rvm/bin/rvm ruby-2.7.0@crypto_libertarian-dyndns do /opt/dyndns/exe/crypto_libertarian-dyndns
 Group=dyndns
 Restart=always
 RestartSec=1
 StandardOutput=syslog
 StandardError=syslog
 SyslogIdentifier=dyndns
 Type=simple
 User=dyndns
 WorkingDirectory=/opt/dyndns
 [Install]
 WantedBy=multi-user.target
--- a/files/report_ip.service
+++ b/files/report_ip.service
@ -1,18 +0,0 @@
 [Unit]
 After=network.target
 Description=Report IP web app
 [Service]
 ExecStart=/usr/local/rvm/bin/rvm ruby-2.7.0@crypto_libertarian-report_ip do puma --environment production
 Group=report_ip
 Restart=always
 RestartSec=1
 StandardOutput=syslog
 StandardError=syslog
 SyslogIdentifier=report_ip
 Type=simple
 User=report_ip
 WorkingDirectory=/opt/report_ip
 [Install]
 WantedBy=multi-user.target
--- a/files/wiki.jpg
+++ b/files/wiki.jpg
--- a/inventories/production/host_vars/misc.crypto-libertarian.com.yml
+++ b/inventories/production/host_vars/misc.crypto-libertarian.com.yml
@ -11,15 +11,10 @@ ansible_become_pass: !vault |
 common__certbot__cert_name: 'misc.crypto-libertarian.com'
 common__certbot__cert_domains:
  - 'misc.crypto-libertarian.com'
  - 'report-ip.crypto-libertarian.com'
  - 'pub.crypto-libertarian.com'
 common__nginx__state: install
 common__nginx__upstreams:
  - name: report_ip
    servers: ['unix:/opt/report_ip/tmp/sockets/puma.sock']
 common__nginx__sites:
  - type:     listing
    domain:   'pub.crypto-libertarian.com'
@ -27,20 +22,3 @@ common__nginx__sites:
    key:      '/etc/letsencrypt/live/misc.crypto-libertarian.com/privkey.pem'
    ssl_conf: '/etc/letsencrypt/options-ssl-nginx.conf'
    root:     '/var/www/pub'
  - type:     origin
    domain:   'report-ip.crypto-libertarian.com'
    cert:     '/etc/letsencrypt/live/misc.crypto-libertarian.com/fullchain.pem'
    key:      '/etc/letsencrypt/live/misc.crypto-libertarian.com/privkey.pem'
    ssl_conf: '/etc/letsencrypt/options-ssl-nginx.conf'
    root:     '/opt/report_ip/public'
    upstream: report_ip
    external: true
 rvm1_rvm_version: stable
 rvm1_rvm_check_for_updates: true
 rvm1_install_path: '/usr/local/rvm'
 rvm1_install_flags: '--auto-dotfiles'
 rvm1_user: root
 rvm1_rubies: ['ruby-2.7.0']
 rvm1_bundler_install: false
--- a/inventories/production/host_vars/rpi-01.dyn.crypto-libertarian.com.yml
+++ b/inventories/production/host_vars/rpi-01.dyn.crypto-libertarian.com.yml
@ -1,18 +0,0 @@
 ---
 ansible_become_pass: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  61643336663961373437313064316566373530343564306436313361323461363862313966326164
  3737343662656563653961646364623833346466316235300a343734613461333234333234383061
  62626432326363626466356261623266616134636533313339353438656363303237366363393234
  3730363263393430390a666263313737656435616239353661623638396133653733323930656465
  63306630616565346131306433353861306534393439633235396162653134393364343434323234
  3737343066343365353939366261313766313938613037656363
 report_ip_secret: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  63316330323438396134336333393233326430373766323934343235376632303830616433366234
  3961633964336435393665373765366662353135386563640a373161393734643535623431303135
  66313164373965633464386637353837343162373335306236386662633631386338363963303831
  6230663765373531360a313339306636396133636132633862353666663932613365393161353734
  39616239633535336435653139396264363062663365393633663331343832646634616239336163
  6539623130613937613537353638313736353039373130336239
--- a/inventories/production/hosts
+++ b/inventories/production/hosts
@ -1,6 +1,2 @@
 git.crypto-libertarian.com
 misc.crypto-libertarian.com
 rpi-01.dyn.crypto-libertarian.com
 [raspberrypi]
 rpi-01.dyn.crypto-libertarian.com
--- a/playbooks/deploy/misc.yml
+++ b/playbooks/deploy/misc.yml
@ -7,12 +7,7 @@
      cache_valid_time: 86400
  roles:
    - kotovalexarian.common
    - rvm.ruby
  tasks:
    - name: Install system packages
      apt:
        name: redis-server
    - name: Create directory for publications
      file:
        state: directory
@ -20,156 +15,3 @@
        owner: root
        group: root
        mode: 'u=rwx,g=rx,o=rx'
    - name: Create system group
      group:
        name: '{{ item }}'
        system: true
      with_items:
        - report_ip
        - dyndns
    - name: Create system user
      user:
        name: '{{ item }}'
        group: '{{ item }}'
        system: true
        create_home: false
      with_items:
        - report_ip
        - dyndns
    - name: Check RVM gemset
      shell: >
        /bin/bash --login -c
        'rvm use ruby-2.7.0@crypto_libertarian-report_ip'
      ignore_errors: true
      register: check_rvm_gemset_result_for_report_ip
      changed_when: false
    - name: Check RVM gemset
      shell: >
        /bin/bash --login -c
        'rvm use ruby-2.7.0@crypto_libertarian-dyndns'
      ignore_errors: true
      register: check_rvm_gemset_result_for_dyndns
      changed_when: false
    - name: Create RVM gemset
      shell: >
        /bin/bash --login -c
        'rvm use ruby-2.7.0@crypto_libertarian-report_ip --create'
      when: check_rvm_gemset_result_for_report_ip.rc != 0
    - name: Create RVM gemset
      shell: >
        /bin/bash --login -c
        'rvm use ruby-2.7.0@crypto_libertarian-dyndns --create'
      when: check_rvm_gemset_result_for_dyndns.rc != 0
    - name: Check Bundler
      shell: >
        /bin/bash --login -c
        "rvm ruby-2.7.0@crypto_libertarian-report_ip do
        gem info bundler --installed --version '~> 2.0'"
      ignore_errors: true
      register: check_bundler_result_for_report_ip
      changed_when: false
    - name: Check Bundler
      shell: >
        /bin/bash --login -c
        "rvm ruby-2.7.0@crypto_libertarian-dyndns do
        gem info bundler --installed --version '~> 2.0'"
      ignore_errors: true
      register: check_bundler_result_for_dyndns
      changed_when: false
    - name: Install Bundler
      shell: >
        /bin/bash --login -c
        "rvm ruby-2.7.0@crypto_libertarian-report_ip do
        gem install bundler -v '~> 2.0'"
      when: check_bundler_result_for_report_ip.rc != 0
    - name: Install Bundler
      shell: >
        /bin/bash --login -c
        "rvm ruby-2.7.0@crypto_libertarian-dyndns do
        gem install bundler -v '~> 2.0'"
      when: check_bundler_result_for_dyndns.rc != 0
    - name: Copy application
      copy:
        src: '../../apps/{{ item }}/'
        dest: '/opt/{{ item }}/'
        owner: '{{ item }}'
        group: '{{ item }}'
      with_items:
        - report_ip
        - dyndns
    - name: Copy executable
      copy:
        src: ../../apps/dyndns/exe/crypto_libertarian-dyndns
        dest: /opt/dyndns/exe/crypto_libertarian-dyndns
        owner: dyndns
        group: dyndns
        mode: 'u=rwx,g=rx,o=rx'
    - name: Install gems
      shell: >
        /bin/bash --login -c
        "rvm ruby-2.7.0@crypto_libertarian-{{ item }} do
        bundle install --gemfile /opt/{{ item }}/Gemfile"
      changed_when: false
      with_items:
        - report_ip
        - dyndns
    - name: Install systemd service "report_ip"
      copy:
        src: ../../files/report_ip.service
        dest: /etc/systemd/system/report_ip.service
        owner: root
        group: root
        mode: 'u=rw,g=r,o=r'
      register: install_systemd_service_result_for_report_ip
    - name: Install systemd service "dyndns"
      copy:
        src: ../../files/dyndns.service
        dest: /etc/systemd/system/dyndns.service
        owner: root
        group: root
        mode: 'u=rw,g=r,o=r'
      register: install_systemd_service_result_for_dyndns
    - name: Disable and stop systemd service "systemd-resolved"
      systemd:
        name: systemd-resolved.service
        enabled: false
        state: stopped
    - name: Update systemd service "report_ip"
      systemd:
        daemon_reload: true
        name: report_ip.service
        enabled: true
      when: install_systemd_service_result_for_report_ip.changed
    - name: Update systemd service "dyndns"
      systemd:
        daemon_reload: true
        name: dyndns.service
        enabled: true
      when: install_systemd_service_result_for_dyndns.changed
    - name: Restart systemd service
      systemd:
        name: '{{ item }}.service'
        state: restarted
      changed_when: false
      with_items:
        - report_ip
        - dyndns
--- a/playbooks/deploy/raspberrypi.yml
+++ b/playbooks/deploy/raspberrypi.yml
@ -1,21 +0,0 @@
 ---
 - hosts: raspberrypi
  module_defaults:
    apt:
      force_apt_get: true
      update_cache: true
      cache_valid_time: 86400
  roles:
    - kotovalexarian.common
  tasks:
    - name: Install system packages
      apt:
        name: miniupnpc
    - name: Install cron jobs
      template:
        src: ../../templates/crypto_libertarian.cron
        dest: /etc/cron.d/crypto_libertarian
        owner: root
        group: root
        mode: 'u=rw,g=r,o='
--- a/playbooks/deploy/site.yml
+++ b/playbooks/deploy/site.yml
@ -1,6 +1,3 @@
 ---
 - import_playbook: git.yml
 - import_playbook: misc.yml
 - import_playbook: raspberrypi.yml
  tags: rpi
--- a/requirements.yml
+++ b/requirements.yml
@ -1,5 +1,3 @@
 ---
 - src: kotovalexarian.common
  version: v0.0.34
 - src: rvm.ruby
  version: v2.1.2
--- a/templates/crypto_libertarian.cron
+++ b/templates/crypto_libertarian.cron
@ -1,2 +0,0 @@
 * * * * * root /usr/bin/curl -X POST -d '' "https://report-ip.crypto-libertarian.com/$(hostname)/{{ report_ip_secret }}"
 * * * * * root /usr/bin/upnpc -r {{ ansible_port }} tcp
		`@ -1,2 +0,0 @@`
			`* * * * * root /usr/bin/curl -X POST -d '' "https://report-ip.crypto-libertarian.com/$(hostname)/{{ report_ip_secret }}"`
			`* * * * * root /usr/bin/upnpc -r {{ ansible_port }} tcp`