mahmad/random-stuff
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Moved vps files to separate repo

Browse source
This commit is contained in:
Muaz Ahmad 2023-09-06 14:18:14 +05:00
parent e13a114f81
commit 94b623494e
6 changed files with 0 additions and 337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
bash_scripts/cloud-init-populate.sh
View file

@ -1,19 +0,0 @@
#!/usr/bin/bash
BASE_DIR=$(realpath "$(pwd)/$(dirname "$0")/..")
PUB_KEYS=($(ls ~/.ssh/*.pub | xargs -d '\n' -n 1 basename))
set -a
WRAPPER_SCRIPT=$(base64 $BASE_DIR/bash_scripts/ddns-acme-porkbun.sh -w 0)
DDNS_SCRIPT=$(base64 $BASE_DIR/python_scripts/ddns-porkbun.py -w 0)
WG_CONF_BASE=$(base64 $BASE_DIR/basic_configs/wg_base.conf -w 0)
NGINX_CONF=$(base64 $BASE_DIR/basic_configs/nginx-vps/nginx.conf -w 0)
read -p "VPS Username: " TARGET_USERNAME
select key_file in $PUB_KEYS
do
SSH_PUB_KEY=$(cat ~/.ssh/$key_file)
break
done
set +a
envsubst < $BASE_DIR/basic_configs/debian-hetzner-init.yaml | xclip -sel c
read -p 'Input when done'
echo -n ''| xclip -sel c

50
bash_scripts/ddns-acme-porkbun.sh
View file

@ -1,50 +0,0 @@
#!/usr/bin/bash
if [ ! -f "/etc/ddns-acme-porkbun.env" ]; then
echo "Porkbun API key .env missing"
exit 1
fi
DOMAINS=("272254864.xyz" "*.272254864.xyz")
set -a; source /etc/ddns-acme-porkbun.env; set +a
if [ -z "$EMAIL" ] || [ -z "$DOMAINS" ] || [ -z "$PORKBUN_SECRET_API_KEY" ] || [ -z "$PORKBUN_API_KEY" ]; then
echo "Bad .env file"
exit 1
fi
ddns_update() {
while true;
do
ddns-porkbun
case "#?" in
"1")
echo "Fatal error"
exit 1
;;
"2")
echo "Retry in 5 min"
sleep 300
echo "Retrying"
;;
"0")
echo "DNS updated"
break
;;
esac
done
}
ddns_update
if [ "#?" -eq "1" ]; then
echo "DDNS script failed, check credentials/domain"
fi
if [ "$1" = "renew" ]; then
LEGO_ARG="renew"
else
LEGO_ARG="run"
fi
cd /etc/nginx
lego --email "$EMAIL" --dns porkbun "${DOMAINS[@]/#/-d }" $LEGO_ARG

65
basic_configs/debian-hetzner-init.yaml
View file

@ -1,65 +0,0 @@
#cloud-config
# vim: syntax=yaml
users:
- default
- name: ${TARGET_USERNAME}
sudo: ALL=ALL
lock_passwd: true
ssh_authorized_keys:
- ${SSH_PUB_KEY}
disable_root: true
packages:
- ufw
- nginx
- lego
- wireguard
- python-requests
package_update: true
package_upgrade: true
write-files:
- encoding: b64
content: ${WRAPPER_SCRIPT}
owner: root:root
path: /usr/local/bin/ddns-acme-porkbun
permissions: '0744'
- encoding: b64
content: ${DDNS_SCRIPT}
owner: root:root
path: /usr/local/bin/ddns-porkbun
permissions: '0744'
- content: |
[Unit]
Description=Renew acme certs and DDNS update
[Service]
Type=oneshot
ExecStart=/usr/local/bin/ddns-acme-porkbun renew
owner: root:root
path: /etc/systemd/system/ddns-acme-porkbun.service
permissions: '0644'
- content: |
[Unit]
Description=Renew certs and dns records periodically
[Timer]
OnCalendar=*-01,03,05,07,09,11-01 02:00:00
RandomizedDelaySec=12h
Persistent=true
[Install]
WantedBy=timers.target
owner: root:root
path: /usr/local/bin/ddns-acme-porkbun.timer
permissions: '0644'
- encoding: b64
content: ${WG_CONF_BASE}
owner: root:root
path: /etc/wireguard/wg0.conf
permissions: '0600'
- encoding: b64
content: ${NGINX_CONF}
owner: root:root
path: /etc/nginx/nginx.conf
permissions: '0644'

101
basic_configs/nginx-vps/nginx.conf
View file

@ -1,101 +0,0 @@
set $domain 272254864.xyz;
set $ssl_cert /etc/nginx/.lego/certificates/$domain.crt;
set $ssl_key /etc/nginx/.lego/certificates/$domain.key;
worker_processes auto;
events {
multi_accept on;
worker_connections 256;
}
server {
listen 80;
return 301 https://$host$request_uri;
}
upstream dufs {
server 10.44.82.16:10001;
}
upstream cgit {
server 10.44.82.16:10002;
}
upstream navi {
server 10.44.82.16:10003;
}
upstream ai {
server 10.44.82.16:10004;
}
upstream dns {
server 10.44.82.16:10005;
}
upstream invid {
server 10.44.82.16:10006;
}
upstream searx {
server 10.44.82.16:10007;
}
server {
listen 10.44.82.1:443 ssl;
server_name files.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_pass dufs;
}
server {
listen 443 ssl;
server_name git.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_pass cgit;
}
server {
listen 10.44.82.1:443 ssl;
server_name music.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_pass navi;
}
server {
listen 10.44.82.1:443 ssl;
server_name ai.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_pass ai;
}
server {
listen 10.44.82.1:443 ssl;
server_name dns.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_ssl on;
proxy_pass dns;
}
server {
listen 10.44.82.1:443 ssl;
server_name yt.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_pass invid;
}
server {
listen 10.44.82.1:443 ssl;
server_name search.$domain;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
proxy_pass searx;
}

8
basic_configs/wg_base.conf
View file

@ -1,8 +0,0 @@
[Interface]
PrivateKey = ${WG_PRIV_KEY}
Address = 10.44.82.1/24
ListenPort = 2107
[Peer]
PublicKey = ${WG_PEER_PUB_KEY}
AllowedIPs = 10.44.82.4/32

94
python_scripts/ddns-porkbun.py
View file

@ -1,94 +0,0 @@
#!/usr/bin/python
import os, json, sys, ipaddress, time, re
import requests
API_SLEEP = 3
class PorkbunClient():
def __init__(self):
self.secret_key = os.environ["PORKBUN_SECRET_API_KEY"]
self.api_key = os.environ["PORKBUN_API_KEY"]
self.client = requests.Session()
self.porkbun_url_base = "https://porkbun.com/api/json/v3"
self.domain = "272254864.xyz"
self.ttl = "5184000"
self.get_ips()
self.update_records()
def make_base_auth_body(self):
return {
"secretapikey": self.secret_key,
"apikey": self.api_key
}
def get_ips(self):
ip_naive = self.get_ip()
if ipaddress.ip_address(ip_naive).version == 4:
self.ipv4 = ip_naive
else:
self.ipv6 = ip_naive
time.sleep(API_SLEEP)
self.ipv4 = self.get_ip(True)
def get_ip(self, force_v4 = False):
try:
json_body = self.make_base_auth_body()
if force_v4:
url = "https://api-ipv4.porkbun.com/api/json/v3/ping"
else:
url = self.porkbun_url_base + "/ping"
resp = self.client.post(url, json = json_body)
if resp.status == 200:
return json.loads(resp.text)['yourIp']
else:
print('API error')
sys.exit(1)
except:
print('Network error')
sys.exit(2)
def update_dns_record(self, content, record_type="A"):
try:
record = self.get_existing_record(record_type)
time.sleep(API_SLEEP)
json_body = self.make_base_auth_body()
if record == None:
url = self.porkbun_url_base + "/dns/create/" + self.domain
json_body.update({
"type": record_type,
"content": content,
"ttl": self.ttl
})
else:
url = self.porkbun_url_base + "/dns/editByNameType/" + self.domain + "/" + record_type
json_body.update({
"content": content,
"ttl": self.ttl
})
resp = self.client.post(url, json = json_body)
if resp.status != 200:
print('API error')
sys.exit(1)
except:
print("Network error")
sys.exit(2)
def update_records(self):
if hasattr(self, "ipv4"):
self.update_dns_record(self.ipv4)
if hasattr(self, "ipv6"):
self.update_dns_record(self.ipv6, "AAAA")
def main():
porkbun_client = PorkbunClient()
if __name__ == "__main__":
main()