use more variables instead of hard-coding (fixes #3)

2019-11-12 21:06:04 +01:00 · 2019-11-12 21:06:04 +01:00 · 04686de59c
commit 04686de59c
parent d48064a7e3
15 changed files with 101 additions and 70 deletions
--- a/templates/borgbackup.sh
+++ b/templates/borgbackup.sh
@ -4,10 +4,9 @@
 #   pass -v --stats to show more information
 #   pass --list --filter AME to show all fiels Added Modified or with Error

-#export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa'
-export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519'
-export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx'
-export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg'
+export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}'
+export BORG_PASSPHRASE='{{ borgbackup_passphrase }}'
+export BORG_REPO='{{ borgbackup_repo }}'

 # some helpers and error handling:
 info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
@ -33,7 +32,7 @@ borg create                                 \
    --exclude '/var/lib/lxcfs'              \
    --exclude '/var/log/*'                  \
                                            \
-    $BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \
+    $BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \
    /etc                                    \
    /var                                    \
    /root                                   \
@ -44,7 +43,7 @@ backup_exit=$?

 # Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
 borg prune                          \
-    --prefix '{{ borgbackup_host }}-' \
+    --prefix '{{ borgbackup_hostname }}-' \
    --keep-daily    7               \
    --keep-weekly   3               \
    --keep-monthly  2
--- a/templates/caddy.service
+++ b/templates/caddy.service
@ -0,0 +1,44 @@
+[Unit]
+Description=Caddy HTTP/2 web server
+Documentation=https://caddyserver.com/docs
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Restart=on-abnormal
+
+User=www-data
+Group=www-data
+Environment=CADDYPATH=/etc/ssl/caddy
+
+PIDFile=/run/caddy.pid
+ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ExecReload=/bin/kill -USR1 $MAINPID
+
+KillMode=mixed
+KillSignal=SIGQUIT
+TimeoutStopSec=5s
+
+LimitNOFILE=8192
+LimitNPROC=64
+
+StartLimitInterval=600
+;StartLimitBurst=5
+RestartSec=60
+PermissionsStartOnly=true
+
+PrivateTmp=true
+;PrivateDevices=true
+;ProtectHome=true
+;ProtectSystem=full
+ReadWriteDirectories=/etc/ssl/caddy
+
+; The following additional security directives only work with systemd v229 or later.
+; They further restrict privileges that can be gained by caddy.
+; Note that you may have to add capabilities required by any plugins in use.
+;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+;AmbientCapabilities=CAP_NET_BIND_SERVICE
+;NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
--- a/templates/ddns-hosts.sh
+++ b/templates/ddns-hosts.sh
@ -0,0 +1,54 @@
+#!/bin/sh
+passwd='{{ ddns_passphrase }}'
+hostname=$(hostname | tr '[:upper:]' '[:lower:]')
+
+platform='unknown'
+unamestr=$(uname)
+if [ "$unamestr" = 'Linux' ]; then
+  platform='linux'
+elif [ "$unamestr" = 'FreeBSD' ]; then
+  platform='freebsd'
+fi
+
+ip6addr=''
+ip4addr=''
+if [ $platform = 'linux' ]; then
+  ip6addr=$(ip -6 addr show scope global | grep inet6 | tail -1 | egrep -o '([0-9abcdef]{4}[0-9:abcdef]*)')
+  # filter local IPv4 address ranges (172.16.0.0/12, 10.0.0.0/8, 192.168.0.0/16)
+  ip4addr=$(ip -4 addr show scope global | grep inet | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -Ev '172.(1[6-9]|2[0-9]|3[0-1])' | grep -Ev '10.' | grep -Ev '192.168.' | head -n 1)
+elif [ $platform = 'freebsd' ]; then
+  ip6addr=$(ifconfig em0 | grep inet6 | tail -1 | egrep -o '([0-9abcdef]{4}[0-9:abcdef]*)')
+  ip4addr=$(ifconfig em0 inet | grep inet | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -n 1)
+fi
+
+echo "Current IP addresses of $hostname are: $ip4addr, $ip6addr"
+
+
+if [ $ip4addr ]; then
+  echo "Updating IPv4 DNS entry..."
+else
+  echo "No public IPv4 address, updating DNS entry anyway..."
+fi
+
+# API always returns 200, so check for response payload to begin with {"Success":true,
+url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
+statuscode=$(curl -s $url)
+case "$statuscode" in
+  {\"Success\":true*) echo "IPv4 Success" ;;
+  *) (>&2 echo "IPv4 DynDNS update failed: API response:\n$statuscode") ;;
+esac
+
+
+if [ $ip6addr ]; then
+  echo "Updating IPv6 DNS entry..."
+
+  # API always returns 200, so check for response payload to begin with {"Success":true,
+  url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
+  statuscode=$(curl -s $url)
+  case "$statuscode" in
+    {\"Success\":true*) echo "IPv6 Success" ;;
+    *) (>&2 echo "IPv6 DynDNS update failed: API response:\n$statuscode") ;;
+  esac
+else
+  echo "No public IPv6 Address, skipping DNS update."
+fi
--- a/templates/telegraf.conf
+++ b/templates/telegraf.conf
@ -1,9 +1,9 @@
 [agent]
-  interval = "300s"
+  interval = "{{ telegraf_interval }}"
  hostname = ""

 [[outputs.influxdb]]
-  urls = ["https://influx.jtbx.de:65086"]
+  urls = ["{{ telegraf_server_url }}"]
  database = "servers"
  skip_database_creation = true

@ -12,8 +12,8 @@

  ## Write timeout (for the InfluxDB client), formatted as a string.
  timeout = "5s"
-  username = "servers"
-  password = "Servers-w.influx@home"
+  username = "{{ telegraf_server_user }}"
+  password = "{{ telegraf_server_passwd }}"


 # Read metrics about cpu usage
@ -65,8 +65,8 @@
 {% endif %}


-{% if telegraf_snmp_fra80|default(false)|bool %}
-{% include telegraf_snmp_fra80_file %}
+{% if telegraf_snmp|default(false)|bool %}
+{% include telegraf_snmp_file %}
 {% endif %}