bee/beepi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
bee
2026-05-25 22:06:31 +02:00
parent 9729b28681
commit 808ff14aba
11 changed files with 142 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
playbooks/backup/backup.yml
+57
View File
@@ -0,0 +1,57 @@
- name: Backup
hosts: pi
become: true
vars:
gpg_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34383033383462626132353163303532376137613539326662383038663537633465373863396539
6139623961303165353230303637303530343136363165380a323534663665323836636165323237
39653863313962353033336338376462303962323762663139663136663033306161316361303630
6466663761643438360a653166616130633862643236633663303731356337326361636436646439
37303633353961623766313063363734376334383163376337376639306135373064
tasks:
- name: Install rsync
ansible.builtin.apt:
name: rsync
state: present
- name: Create backup directory
ansible.builtin.file:
path: /opt/backup
state: directory
mode: '0700'
- name: Copy daily
ansible.builtin.copy:
src: backupDaily.sh
dest: /opt/backup/backupDaily.sh
mode: '0700'
- name: Copy weekly
ansible.builtin.copy:
src: backupWeekly.sh
dest: /opt/backup/backupWeekly.sh
mode: '0700'
- name: Copy passphrase
ansible.builtin.template:
src: passphrase.txt.j2
dest: /opt/backup/passphrase.txt
mode: '0600'
- name: Schedule daily backup
ansible.builtin.cron:
name: beepi backup daily
user: root
minute: '0'
hour: '3'
job: /opt/backup/backupDaily.sh >> /var/log/beepi-backup.log 2>&1
- name: Schedule weekly backup
ansible.builtin.cron:
name: beepi backup weekly
user: root
minute: '0'
hour: '5'
weekday: '0'
job: /opt/backup/backupWeekly.sh >> /var/log/beepi-backup.log 2>&1
playbooks/backup/backupDaily.sh
+49
View File
@@ -0,0 +1,49 @@
#!/bin/bash
set -euo pipefail
now=$(date +"%Y%m%d%H%M")
declare -a arr=("gitea" "mail" "matrix" "monitoring")
declare -a monitoring=("monitoring_prometheus-data" "monitoring_grafana-storage" "monitoring_loki-data" "monitoring_alloy-data")
declare -a matrix=("matrix_db")
trap cleanup EXIT
for i in "${arr[@]}"
do
cd /opt/beeserver/${i}
podman-compose down -t 60
if [[ "$i" == "monitoring" ]]
then
for j in "${monitoring[@]}"
do
podman volume export ${j} --output ${j}.tar
done
fi
if [[ "$i" == "matrix" ]]
then
for j in "${matrix[@]}"
do
podman volume export ${j} --output ${j}.tar
done
fi
rsync -aH /opt/beeserver/${i} /opt/backup/beeserver
podman-compose up -d
done
tar -czf - /opt/backup/beeserver | gpg --batch --passphrase-file /opt/backup/passphrase.txt -c -o /home/beeshare/raid/serverBackup/beeserver_daily_${now}.tar.gz.gpg
function cleanup()
{
for j in "${monitoring[@]}"
do
rm -rf /opt/beeserver/monitoring/${j}.tar
done
for j in "${matrix[@]}"
do
rm -rf /opt/beeserver/matrix/${j}.tar
done
}
playbooks/backup/backupWeekly.sh
+15
View File
@@ -0,0 +1,15 @@
#!/bin/bash
set -euo pipefail
now=$(date +"%Y%m%d%H%M")
tar -czf - /opt/backup/beeserver | gpg --batch --passphrase-file /opt/backup/passphrase.txt -c -o /home/beeshare/raid/serverBackup/beeserver_weekly_${now}.tar.gz.gpg
if [ -s /home/beeshare/raid/serverBackup/beeserver_weekly_${now}.tar.gz.gpg ]
then
rm -rf /opt/backup/beeserver
fi
find /home/beeshare/raid/serverBackup -maxdepth 1 -name 'beeserver_weekly_*.tar.gz.gpg' -mtime +30 -delete
find /home/beeshare/raid/serverBackup -maxdepth 1 -name 'beeserver_daily_*.tar.gz.gpg' -mtime +7 -delete
playbooks/backup/passphrase.txt.j2
+1
View File
@@ -0,0 +1 @@
{{ gpg_password }}
playbooks/inspircd/Containerfile
-13
View File
@@ -1,13 +0,0 @@
FROM debian:bookworm-slim
RUN apt-get update \
&& apt-get install -y --no-install-recommends inspircd \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -p /var/run/inspircd \
&& chown irc:irc /var/run/inspircd
EXPOSE 6697 7000
USER irc
CMD ["/usr/sbin/inspircd", "--nofork"]
playbooks/inspircd/inspircd.conf.j2
-159
View File
@@ -1,159 +0,0 @@
<module name="ssl_gnutls">
<module name="sslrehashsignal">
<module name="cloaking">
<module name="hidechans">
<module name="services_account">
<module name="spanningtree">
<module name="alias">
<server name="irc.beesecret.buzz"
description="The hive"
network="Beenet">
<admin name="bee"
nick="bee"
email="bee@localhost">
<bind address="*" port="6697" type="clients" sslprofile="Clients">
<bind address="127.0.0.1" port="7000" type="servers">
<link name="services.secretbee.buzz"
ipaddr="127.0.0.1"
port="7000"
sendpass="{{ inspircd_sendpass }}"
recvpass="{{ inspircd_recvpass }}">
<uline server="services.secretbee.buzz" silent="yes">
<sslprofile name="Clients"
provider="gnutls"
certfile="/etc/inspircd/cert.pem"
keyfile="/etc/inspircd/key.pem"
requestclientcert="yes">
<gnutls onrehash="yes">
<power diepass="{{ inspircd_diepass }}" restartpass="{{ inspircd_restartpass }}">
<connect allow="*"
timeout="60"
threshold="10"
pingfreq="120"
hardsendq="262144"
softsendq="8192"
recvq="8192"
localmax="3"
globalmax="3"
modes="+x">
<cloak mode="full"
key="{{ inspircd_cloak_key }}"
prefix="Cloak-"
suffix=".Net"
ignorecase="yes">
<class name="Shutdown"
commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE">
<class name="ServerLink"
commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD">
<class name="BanControl"
commands="KILL GLINE KLINE ZLINE QLINE ELINE">
<class name="OperChat"
commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES">
<class name="HostCloak"
commands="SETHOST SETIDENT CHGNAME CHGHOST CHGIDENT">
<type name="NetAdmin"
classes="OperChat BanControl HostCloak Shutdown ServerLink"
host="netadmin.secretbee.local">
<type name="GlobalOp"
classes="OperChat BanControl HostCloak ServerLink"
host="ircop.secretbee.local">
<type name="Helper"
classes="HostCloak"
host="helper.secretbee.local">
<oper name="root"
password="{{ inspircd_root_oper_password }}"
host="*@*"
type="NetAdmin">
<oper name="bee"
password="{{ inspircd_bee_oper_password }}"
host="*@*"
type="NetAdmin">
<files motd="/etc/inspircd/inspircd.motd">
<channels users="20"
opers="60">
<dns timeout="5">
<pid file="/var/run/inspircd/inspircd.pid">
<options prefixquit="Quit: "
syntaxhints="no"
announcets="yes"
hostintopic="yes"
pingwarning="15"
splitwhois="no"
exemptchanops="">
<security announceinvites="dynamic"
hidemodes="eI"
hideulines="no"
flatlinks="no"
hidewhois=""
hidebans="no"
hidekills=""
hidesplits="no"
maxtargets="20"
customversion=""
operspywhois="no"
restrictbannedusers="yes"
genericoper="no"
userstats="Pu">
<performance quietbursts="yes"
softlimit="1024"
somaxconn="128"
netbuffersize="10240">
<whowas groupsize="10"
maxgroups="100000"
maxkeep="3d">
<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<alias text="OPERSERV"
replace="PRIVMSG OperServ :$2-"
format="*"
requires="OperServ"
channelcommand="no"
usercommand="yes"
stripcolor="no"
operonly="yes"
uline="yes">
<alias text="NICKSERV"
replace="PRIVMSG NickServ :$2-"
format="*"
requires="NickServ"
channelcommand="no"
usercommand="yes"
stripcolor="no"
operonly="no"
uline="yes">
<alias text="NS"
replace="PRIVMSG NickServ :$2-"
format="*"
requires="NickServ"
channelcommand="no"
usercommand="yes"
stripcolor="no"
operonly="no"
uline="yes">
playbooks/inspircd/inspircd.motd
-1
View File
@@ -1 +0,0 @@
Welcome to the hive.
playbooks/inspircd/inspircd.yml
-123
View File
@@ -1,123 +0,0 @@
- name: Inspircd
hosts: pi
become: true
vars:
inspircd_sendpass: !vault |
$ANSIBLE_VAULT;1.1;AES256
38376364613733613839386432376432306531393231383362336465653730656539356362313337
6365613062323137323563643963656161666631653938380a373462323834653733376663646134
61613831323831353761376337616635336339363830326536383632306139363831643636626566
3131623431393438640a356166663965626535383032383232313064363732336164613236393430
34343536363838626333626439336662303965643337393563396366393831626339
inspircd_recvpass: !vault |
$ANSIBLE_VAULT;1.1;AES256
64653933323335313263613063393164393339613432376437613834366133323138323262343738
3332323139366163636365343066653539626664373164310a383033376139346331313734356535
39656164313364333237323230363761623735313938643265656131346436303235396631363631
3035303865353466660a393537303739396534393133353261393130303636396434383139643163
32656532613339623837323939383336653732363266323439633839653832623762
inspircd_root_oper_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343162623465633134623862326134636233633237613864363862316463653733383939636136
6263353934666637376563303761376162316334336534390a616336336663316462303862363662
64386137653566383962616131663866393966613664623036383834633439333162303032656666
3731353664653761620a333833336531393266643531323935393364656662623530376166383630
62623132626362643061646639303833346366396562613238623338326531346439
inspircd_bee_oper_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39396337663133313131383464393236316163653631616565613039393364333636656537393663
6439383936333837313536636536643063356630306130360a343533326133396632313631336136
37346330363231623130353432333134313963653365326633383461613834643634303566303230
3032326237653034350a333934623834656666333234616364663537383166626566653039393661
62336462613030313532333566363164336262376635633131313133386531333962
inspircd_diepass: !vault |
$ANSIBLE_VAULT;1.1;AES256
62623565646331343664343863656466363234323834323666363436313865366666363130623866
6661383938323661313636393533356333653361303065640a363135383130653265336230346234
64616233313132363235646633643436626337313236633766343462383865616662353030383333
3339343635306465630a383738306261383761316631383738633730333030393635303863383633
31663438383735303438616531666531323233663235653832323731663336626162
inspircd_restartpass: !vault |
$ANSIBLE_VAULT;1.1;AES256
63356162323139303537353538303661376338316264306630326637393930343738343432343265
3136306233343930393833373034323966386530613666310a623364646439346538663235363138
65663139623436346535396535376162356163303639373935643335666339353838363161643965
6639383631303163610a663033373733396631643435363734616430393238383764363066396333
32306639333331313437376262636164326135343433663937646232316434386164
inspircd_cloak_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
34393037316433666339356265663363653636313761343633626465633362396265303562303530
6565326437356631376438363062326130316632396662610a663465313736623031326236313662
66623039383632333539303536356463346638623234616239383336313065626336633632363438
3931386263396531360a386338643637386633353565356264303938383334383934316438353931
39393033643231353263313236643061393337653864633566393965656438636432
tasks:
- name: Install podman
ansible.builtin.apt:
name: podman
state: present
- name: Create inspircd config directory
ansible.builtin.file:
path: /etc/inspircd
state: directory
mode: '0755'
- name: Copy config
ansible.builtin.template:
src: inspircd.conf.j2
dest: /etc/inspircd/inspircd.conf
mode: '0644'
notify: Reload inspircd
- name: Copy motd
ansible.builtin.copy:
src: inspircd.motd
dest: /etc/inspircd/inspircd.motd
mode: '0644'
notify: Reload inspircd
- name: Create container build context directory
ansible.builtin.file:
path: /tmp/inspircd-build
state: directory
mode: '0755'
- name: Copy Containerfile to build context
ansible.builtin.copy:
src: Containerfile
dest: /tmp/inspircd-build/Containerfile
mode: '0644'
- name: Build inspircd container image
ansible.builtin.command:
cmd: podman build -t inspircd:local /tmp/inspircd-build
changed_when: true
- name: Stop and remove existing inspircd container
ansible.builtin.command:
cmd: podman rm -f inspircd
failed_when: false
changed_when: false
- name: Run inspircd container
changed_when: true
ansible.builtin.command:
cmd: >-
podman run -d
--name inspircd
--network host
--restart always
-v /etc/inspircd/inspircd.conf:/etc/inspircd/inspircd.conf:ro
-v /etc/inspircd/inspircd.motd:/etc/inspircd/inspircd.motd:ro
-v /etc/inspircd/cert.pem:/etc/inspircd/cert.pem:ro
-v /etc/inspircd/key.pem:/etc/inspircd/key.pem:ro
inspircd:local
handlers:
- name: Reload inspircd
changed_when: true
ansible.builtin.command:
cmd: podman kill --signal USR1 inspircd
failed_when: false
playbooks/monitoring/monitoring.yml
+6 -6
View File
@@ -46,18 +46,18 @@
state: directory
mode: '0755'
- name: Copy compose
ansible.builtin.template:
src: docker-compose.yml.j2
dest: /opt/beeserver/monitoring/docker-compose.yml
mode: '0644'
- name: Compose down
changed_when: true
ansible.builtin.command:
cmd: podman-compose down
chdir: /opt/beeserver/monitoring
- name: Copy compose
ansible.builtin.template:
src: docker-compose.yml.j2
dest: /opt/beeserver/monitoring/docker-compose.yml
mode: '0644'
- name: Copy prometheus config
ansible.builtin.copy:
src: prometheus_config.yml
playbooks/monitoring/prometheus_config.yml
+4 -5
View File
@@ -8,10 +8,9 @@ scrape_configs:
- targets: ['localhost:9090']
- job_name: node
static_configs:
- targets: ['host.containers.internal:9100']
- targets:
- 'host.containers.internal:9100'
- '192.168.178.51:9100'
- job_name: podman
static_configs:
- targets: ['podman-exporter:9882']
- job_name: beepc
static_configs:
- targets: ['192.168.178.51:9100']
- targets: ['podman-exporter:9882']