From 94b623494e10dd3301f146cec242873cd413184c Mon Sep 17 00:00:00 2001 From: Muaz Ahmad Date: Wed, 6 Sep 2023 14:18:14 +0500 Subject: [PATCH] Moved vps files to separate repo --- bash_scripts/cloud-init-populate.sh | 19 ----- bash_scripts/ddns-acme-porkbun.sh | 50 ------------ basic_configs/debian-hetzner-init.yaml | 65 ---------------- basic_configs/nginx-vps/nginx.conf | 101 ------------------------- basic_configs/wg_base.conf | 8 -- python_scripts/ddns-porkbun.py | 94 ----------------------- 6 files changed, 337 deletions(-) delete mode 100755 bash_scripts/cloud-init-populate.sh delete mode 100644 bash_scripts/ddns-acme-porkbun.sh delete mode 100644 basic_configs/debian-hetzner-init.yaml delete mode 100644 basic_configs/nginx-vps/nginx.conf delete mode 100644 basic_configs/wg_base.conf delete mode 100644 python_scripts/ddns-porkbun.py diff --git a/bash_scripts/cloud-init-populate.sh b/bash_scripts/cloud-init-populate.sh deleted file mode 100755 index 393a9f1..0000000 --- a/bash_scripts/cloud-init-populate.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/bash - -BASE_DIR=$(realpath "$(pwd)/$(dirname "$0")/..") -PUB_KEYS=($(ls ~/.ssh/*.pub | xargs -d '\n' -n 1 basename)) -set -a -WRAPPER_SCRIPT=$(base64 $BASE_DIR/bash_scripts/ddns-acme-porkbun.sh -w 0) -DDNS_SCRIPT=$(base64 $BASE_DIR/python_scripts/ddns-porkbun.py -w 0) -WG_CONF_BASE=$(base64 $BASE_DIR/basic_configs/wg_base.conf -w 0) -NGINX_CONF=$(base64 $BASE_DIR/basic_configs/nginx-vps/nginx.conf -w 0) -read -p "VPS Username: " TARGET_USERNAME -select key_file in $PUB_KEYS -do - SSH_PUB_KEY=$(cat ~/.ssh/$key_file) - break -done -set +a -envsubst < $BASE_DIR/basic_configs/debian-hetzner-init.yaml | xclip -sel c -read -p 'Input when done' -echo -n ''| xclip -sel c diff --git a/bash_scripts/ddns-acme-porkbun.sh b/bash_scripts/ddns-acme-porkbun.sh deleted file mode 100644 index 8735a0d..0000000 --- a/bash_scripts/ddns-acme-porkbun.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/bash - -if [ ! -f "/etc/ddns-acme-porkbun.env" ]; then - echo "Porkbun API key .env missing" - exit 1 -fi -DOMAINS=("272254864.xyz" "*.272254864.xyz") -set -a; source /etc/ddns-acme-porkbun.env; set +a - -if [ -z "$EMAIL" ] || [ -z "$DOMAINS" ] || [ -z "$PORKBUN_SECRET_API_KEY" ] || [ -z "$PORKBUN_API_KEY" ]; then - echo "Bad .env file" - exit 1 -fi - -ddns_update() { - while true; - do - ddns-porkbun - case "#?" in - "1") - echo "Fatal error" - exit 1 - ;; - "2") - echo "Retry in 5 min" - sleep 300 - echo "Retrying" - ;; - "0") - echo "DNS updated" - break - ;; - esac - done -} - -ddns_update -if [ "#?" -eq "1" ]; then - echo "DDNS script failed, check credentials/domain" -fi - -if [ "$1" = "renew" ]; then - LEGO_ARG="renew" -else - LEGO_ARG="run" -fi - - -cd /etc/nginx -lego --email "$EMAIL" --dns porkbun "${DOMAINS[@]/#/-d }" $LEGO_ARG diff --git a/basic_configs/debian-hetzner-init.yaml b/basic_configs/debian-hetzner-init.yaml deleted file mode 100644 index fea39b7..0000000 --- a/basic_configs/debian-hetzner-init.yaml +++ /dev/null @@ -1,65 +0,0 @@ -#cloud-config -# vim: syntax=yaml - -users: - - default - - name: ${TARGET_USERNAME} - sudo: ALL=ALL - lock_passwd: true - ssh_authorized_keys: - - ${SSH_PUB_KEY} -disable_root: true - -packages: - - ufw - - nginx - - lego - - wireguard - - python-requests - -package_update: true -package_upgrade: true - -write-files: - - encoding: b64 - content: ${WRAPPER_SCRIPT} - owner: root:root - path: /usr/local/bin/ddns-acme-porkbun - permissions: '0744' - - encoding: b64 - content: ${DDNS_SCRIPT} - owner: root:root - path: /usr/local/bin/ddns-porkbun - permissions: '0744' - - content: | - [Unit] - Description=Renew acme certs and DDNS update - [Service] - Type=oneshot - ExecStart=/usr/local/bin/ddns-acme-porkbun renew - owner: root:root - path: /etc/systemd/system/ddns-acme-porkbun.service - permissions: '0644' - - content: | - [Unit] - Description=Renew certs and dns records periodically - [Timer] - OnCalendar=*-01,03,05,07,09,11-01 02:00:00 - RandomizedDelaySec=12h - Persistent=true - [Install] - WantedBy=timers.target - owner: root:root - path: /usr/local/bin/ddns-acme-porkbun.timer - permissions: '0644' - - encoding: b64 - content: ${WG_CONF_BASE} - owner: root:root - path: /etc/wireguard/wg0.conf - permissions: '0600' - - encoding: b64 - content: ${NGINX_CONF} - owner: root:root - path: /etc/nginx/nginx.conf - permissions: '0644' - diff --git a/basic_configs/nginx-vps/nginx.conf b/basic_configs/nginx-vps/nginx.conf deleted file mode 100644 index 2ce2a82..0000000 --- a/basic_configs/nginx-vps/nginx.conf +++ /dev/null @@ -1,101 +0,0 @@ -set $domain 272254864.xyz; -set $ssl_cert /etc/nginx/.lego/certificates/$domain.crt; -set $ssl_key /etc/nginx/.lego/certificates/$domain.key; - -worker_processes auto; - -events { - multi_accept on; - worker_connections 256; -} - -server { - listen 80; - return 301 https://$host$request_uri; -} - -upstream dufs { - server 10.44.82.16:10001; -} -upstream cgit { - server 10.44.82.16:10002; -} -upstream navi { - server 10.44.82.16:10003; -} -upstream ai { - server 10.44.82.16:10004; -} -upstream dns { - server 10.44.82.16:10005; -} -upstream invid { - server 10.44.82.16:10006; -} -upstream searx { - server 10.44.82.16:10007; -} - -server { - listen 10.44.82.1:443 ssl; - server_name files.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_pass dufs; -} - -server { - listen 443 ssl; - server_name git.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_pass cgit; -} - -server { - listen 10.44.82.1:443 ssl; - server_name music.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_pass navi; -} - -server { - listen 10.44.82.1:443 ssl; - server_name ai.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_pass ai; -} - -server { - listen 10.44.82.1:443 ssl; - server_name dns.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_ssl on; - proxy_pass dns; -} - -server { - listen 10.44.82.1:443 ssl; - server_name yt.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_pass invid; -} - -server { - listen 10.44.82.1:443 ssl; - server_name search.$domain; - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_key; - - proxy_pass searx; -} diff --git a/basic_configs/wg_base.conf b/basic_configs/wg_base.conf deleted file mode 100644 index c7fa34b..0000000 --- a/basic_configs/wg_base.conf +++ /dev/null @@ -1,8 +0,0 @@ -[Interface] -PrivateKey = ${WG_PRIV_KEY} -Address = 10.44.82.1/24 -ListenPort = 2107 - -[Peer] -PublicKey = ${WG_PEER_PUB_KEY} -AllowedIPs = 10.44.82.4/32 diff --git a/python_scripts/ddns-porkbun.py b/python_scripts/ddns-porkbun.py deleted file mode 100644 index 20bc74d..0000000 --- a/python_scripts/ddns-porkbun.py +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/python - -import os, json, sys, ipaddress, time, re -import requests - -API_SLEEP = 3 - -class PorkbunClient(): - def __init__(self): - self.secret_key = os.environ["PORKBUN_SECRET_API_KEY"] - self.api_key = os.environ["PORKBUN_API_KEY"] - self.client = requests.Session() - self.porkbun_url_base = "https://porkbun.com/api/json/v3" - self.domain = "272254864.xyz" - self.ttl = "5184000" - - self.get_ips() - self.update_records() - - def make_base_auth_body(self): - return { - "secretapikey": self.secret_key, - "apikey": self.api_key - } - - def get_ips(self): - ip_naive = self.get_ip() - if ipaddress.ip_address(ip_naive).version == 4: - self.ipv4 = ip_naive - else: - self.ipv6 = ip_naive - time.sleep(API_SLEEP) - self.ipv4 = self.get_ip(True) - - - def get_ip(self, force_v4 = False): - try: - json_body = self.make_base_auth_body() - if force_v4: - url = "https://api-ipv4.porkbun.com/api/json/v3/ping" - else: - url = self.porkbun_url_base + "/ping" - resp = self.client.post(url, json = json_body) - if resp.status == 200: - return json.loads(resp.text)['yourIp'] - else: - print('API error') - sys.exit(1) - except: - print('Network error') - sys.exit(2) - - def update_dns_record(self, content, record_type="A"): - try: - record = self.get_existing_record(record_type) - time.sleep(API_SLEEP) - json_body = self.make_base_auth_body() - if record == None: - url = self.porkbun_url_base + "/dns/create/" + self.domain - json_body.update({ - "type": record_type, - "content": content, - "ttl": self.ttl - }) - else: - url = self.porkbun_url_base + "/dns/editByNameType/" + self.domain + "/" + record_type - json_body.update({ - "content": content, - "ttl": self.ttl - }) - resp = self.client.post(url, json = json_body) - if resp.status != 200: - print('API error') - sys.exit(1) - - except: - print("Network error") - sys.exit(2) - - - def update_records(self): - if hasattr(self, "ipv4"): - self.update_dns_record(self.ipv4) - if hasattr(self, "ipv6"): - self.update_dns_record(self.ipv6, "AAAA") - - - -def main(): - porkbun_client = PorkbunClient() - -if __name__ == "__main__": - main() -