Restructure directory layout

To make this better than the unorganized mess it used to be.

sysadmin/backup_summary.py

@@ -0,0 +1,76 @@
+#!/usr/bin/python3
+
+from email.message import EmailMessage
+from email.utils import formatdate
+import smtplib
+import sarge
+import json
+from datetime import datetime, timedelta
+
+TEMPLATE="""
+Hello,
+
+as of today, {num_backups} backups have been made this week:
+
+{content}
+
+Only successful backups are listed.
+
+--
+Automated notification system
+
+"""
+
+
+def find_range(array):
+    sorted_array = sorted(array["archives"],
+            key=lambda x: datetime.strptime(x["time"],"%Y-%m-%dT%H:%M:%S.%f"),
+            reverse=True)
+    last_time = datetime.strptime(sorted_array[0]["time"],
+            "%Y-%m-%dT%H:%M:%S.%f")
+    for idx, record in reversed(list(enumerate(sorted_array))):
+        if record == sorted_array[0]:
+            break
+        first_time = datetime.strptime(record["time"], "%Y-%m-%dT%H:%M:%S.%f")
+        monday1 = (first_time - timedelta(days=first_time.weekday()))
+        monday2 = (last_time - timedelta(days=last_time.weekday()))
+        weeks = (monday2 - monday1).days / 7
+        if weeks <= 1:
+            break
+
+    return [item["archive"] for item in sorted_array[0: idx + 1]]
+
+
+def create_message(data):
+
+    content = "\n".join("* {}".format(item) for item in data)
+    complete_message = TEMPLATE.format(num_backups=len(data),
+            content=content)
+
+    msg = EmailMessage()
+    msg.set_content(complete_message)
+    msg["Subject"] = "Weekly backup report"
+    msg["From"] = "Notification system <replaceme>"
+    msg["To"] = "Mr.X <replaceme>"
+    msg["Date"] = formatdate(localtime=True)
+    msg.set_param("charset", "UTF-8")
+    msg.replace_header("Content-Transfer-Encoding", "8bit")
+
+    return msg
+
+
+def main():
+
+    borgmatic_data = sarge.get_stdout(
+            "borgmatic list --last 10 --json --successful")
+    borgmatic_data = json.loads(borgmatic_data)
+    contents = find_range(borgmatic_data[0])
+
+    msg = create_message(contents)
+
+    s = smtplib.SMTP('localhost')
+    s.send_message(msg)
+    s.quit()
+
+if __name__ == "__main__":
+    main()

sysadmin/borg_check_last.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# SPDX-License_identifier: BSD-3-Clause
+# Script to check the last known date of the backup and warn if too old
+# Requires jq and yq
+
+set -e
+set -o nounset
+set -o pipefail
+
+mailto="root"
+fromname="yournamehere"
+mailfrom="yournamehere <yourmail>"
+
+max_days=7
+
+last_bak=$(borgmatic list --last 1 --format "{end} {NEWLINE}" --successful --json | \
+           jq '.[].archives | sort_by(.end)[].end | gsub("\\.000000$"; "Z") | fromdate')
+
+repository_name=$(yq -r '.location.repositories[0]' /etc/borgmatic/config.yaml)
+
+current=$(date +%s)
+difference="$(( current - last_bak ))"
+diff_days="$(( difference / (3600 * 24) ))"
+host_name=$(hostname)
+
+if (( diff_days > max_days ));
+then
+sendmail "$mailto" <<EOF
+From: $mailfrom
+To: $fromname <$mailto>
+Subject:[borgbackup] Warning: backup older than $diff_days days.
+
+Hello,
+
+This is an automated message sent from $host_name.
+
+The backup in $repository_name has not been updated in more than $max_days
+days. It is advisable to check for errors or disabled services.
+
+--
+Automated report system
+
+EOF
+fi

sysadmin/certbot_cleanup.py

@@ -0,0 +1,40 @@
+#!/usr/bin/python3
+
+# SPDX-FileCopyrightText: 2021 Luca Beltrame <lbeltrame@kde.org>
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+import os
+import time
+
+import requests
+
+IWANTMYNAME_ENDPOINT = "https://iwantmyname.com/basicauth/ddns"
+
+
+def main():
+
+    with open("/etc/letsencrypt/credentials") as handle:
+        user, password = handle.read().strip().split()
+
+    domain = os.environ["CERTBOT_DOMAIN"]
+    validation_token = os.environ["CERTBOT_VALIDATION"]
+
+    print("DEBUG", domain, validation_token)
+
+    if "*." in domain:
+        domain = domain.replace("*.", "")
+
+    subdomain = f"_acme-challenge.{domain}"
+
+    params = {
+        "hostname": subdomain,
+        "type": "txt",
+        "value": "delete"
+    }
+
+    req = requests.get(IWANTMYNAME_ENDPOINT, params=params,
+                       auth=(user, password))
+
+if __name__ == "__main__":
+    main()

sysadmin/certbot_dns_iwantmyname.py

@@ -0,0 +1,43 @@
+#!/usr/bin/python3
+
+# SPDX-FileCopyrightText: 2021 Luca Beltrame <lbeltrame@kde.org>
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+import os
+import time
+
+import requests
+
+IWANTMYNAME_ENDPOINT = "https://iwantmyname.com/basicauth/ddns"
+
+
+def main():
+
+    with open("/etc/letsencrypt/credentials") as handle:
+        user, password = handle.read().strip().split()
+
+    domain = os.environ["CERTBOT_DOMAIN"]
+    validation_token = os.environ["CERTBOT_VALIDATION"]
+
+    print("DEBUG", domain, validation_token)
+
+    if "*." in domain:
+        domain = domain.replace("*.", "")
+
+    subdomain = f"_acme-challenge.{domain}"
+
+    params = {
+        "hostname": subdomain,
+        "type": "txt",
+        "value": validation_token
+    }
+
+    req = requests.get(IWANTMYNAME_ENDPOINT, params=params,
+                       auth=(user, password))
+
+    time.sleep(60)
+
+
+if __name__ == "__main__":
+    main()

sysadmin/copy_l4d

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -o nounset
+set -o pipefail
+set -o errexit
+
+watch_dir="/home/mod_exchange/"
+dest_dir="/home/mpluser/l4d2/game/left4dead2/addons/"
+
+function test_command {
+    "$@"
+    local status=$?
+    return $status
+}
+
+while true
+do
+        inotifywait --syslog -e close_write $watch_dir
+        for item in $watch_dir/*.zip
+        do
+                unzip -o ${item} -d ${watch_dir}
+        done
+        rm  $watch_dir/*.zip
+        rsync $watch_dir/* /home/mpluser/l4d2/game/left4dead2/addons/ --remove-source-files
+
+        if test_command systemctl is-active l4d
+        then
+                sudo systemctl restart l4d
+        fi
+
+done

sysadmin/mailcow_prepare.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+set -o errexit
+
+export MAILCOW_BACKUP_LOCATION="/var/backups"
+
+/home/mailcow/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup crypt redis rspamd postfix mysql --delete-days 7

sysadmin/reload_services.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+systemctl reload nginx
+cp /etc/letsencrypt/live/heavensinferno.net/fullchain.pem /home/mailcow/mailcow-dockerized/data/assets/ssl/cert.pem
+cp /etc/letsencrypt/live/heavensinferno.net/privkey.pem /home/mailcow/mailcow-dockerized/data/assets/ssl/key.pem
+postfix_c=$(docker ps -qaf name=postfix-mailcow)
+dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
+nginx_c=$(docker ps -qaf name=nginx-mailcow)
+docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
+
+if [ $(systemctl is-active mumble-server) ];
+then
+	systemctl restart mumble-server
+fi

sysadmin/unit_mail.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+MAILTO="root"
+MAILFROM="root@internal.heavensinferno.net"
+UNIT=$1
+
+EXTRA=""
+for e in "${@:2}"; do
+  EXTRA+="$e"$'\n'
+done
+
+UNITSTATUS=$(systemctl status $UNIT)
+
+sendmail $MAILTO <<EOF
+From:$MAILFROM
+To: $MAILTO
+Subject:[systemd timer] Status mail for unit: $UNIT
+Content-Transfer-Encoding: 8bit
+Content-Type: text/plain; charset=UTF-8
+X-Priority: 1 (High)
+X-MSMail-Priority: High
+Importance: High
+
+Status report for unit: $UNIT
+$EXTRA
+
+$UNITSTATUS
+EOF
+
+echo -e "Status mail sent to: $MAILTO for unit: $UNIT"
+

sysadmin/update_element_im.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2020 Luca Beltrame <lbeltrame@kde.org>
+# SPDX-License-Identifier: BSD-3-clause
+
+set -e
+set -o errexit
+set -o pipefail
+set -o nounset
+
+function version_gt() {
+    test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1";
+}
+
+function cleanup() {
+    local tmpdir=$1
+    if [ -n "$(ls -A ${tmpdir})" ]; then
+        rm -r "${tmpdir:?}"/*
+    fi
+    rmdir "${tmpdir}"
+
+}
+
+function update() {
+    local tarball_url=$1
+    local gpg_url=$2
+    local tempdir=$3
+    local destination=$4
+
+    tarball_file=$(basename "${tarball_url}")
+    gpg_file=$(basename "${gpg_url}")
+
+    pushd "${tempdir}"
+    echo "Downloading..."
+    /usr/bin/curl -L -O "${tarball_url}"
+    /usr/bin/curl -L -O "${gpg_url}"
+
+    # GPG key of project
+    echo "Verifying the archive integrity..."
+    /usr/bin/curl -s -O "https://github.com/RiotRobot.gpg"
+    /usr/bin/gpg -o RiotRobot.ring --dearmor RiotRobot.gpg
+    /usr/bin/gpg --no-default-keyring --keyring ./RiotRobot.ring --verify "${gpg_file}"
+
+    echo "Extracting archive..."
+    tar xfv "${tarball_file}"
+    folder_name=$(basename "${tarball_file}" .tar.gz)
+    # Update Element, but don't destroy the existing configuration
+    echo "Copying new files..."
+    /usr/bin/rsync -rXH "${folder_name}/" "${destination}/" \
+        --delete \
+        --exclude config.json \
+        --chown "${WEB_USER}":"${WEB_USER}"
+    chown -R "${WEB_USER}":"${WEB_USER}" "${destination}"
+    echo "Update complete."
+    popd
+}
+
+tmpdir=$(mktemp -d)
+
+trap 'cleanup ${tmpdir}' EXIT
+
+HOMESERVER_URL="https://chat.dennogumi.org"
+DESTINATION_PATH="/srv/www/htdocs/chat.dennogumi.org"
+WEB_USER="nginx"
+github_data=$(/usr/bin/curl -s https://api.github.com/repos/vector-im/element-web/releases/latest)
+
+current_version=$(/usr/bin/curl -s "${HOMESERVER_URL}/version")
+remote_version=$(echo "${github_data}" | /usr/bin/jq -r '.name')
+
+echo "Checking for version updates..."
+
+if version_gt "${remote_version}" "v${current_version}"
+then
+    echo "New version found: ${remote_version}"
+    changelog=$(echo "${github_data}" | /usr/bin/jq -r '.body')
+    echo "Changes in this version:"
+    echo "${changelog}"
+    asset_name=$(echo "${github_data}" | /usr/bin/jq -r '.assets[] |
+            select(.browser_download_url|endswith("tar.gz")) |
+            select(.name|startswith("element")).browser_download_url')
+    gpg_key_name=$(
+        echo "${github_data}" | /usr/bin/jq -r '.assets[] |
+            select(.browser_download_url|endswith("asc")) |
+            select(.name|startswith("element")).browser_download_url')
+    echo "Updating Element.im from ${current_version} to ${remote_version}..."
+    update "${asset_name}" "${gpg_key_name}" "${tmpdir}" "${DESTINATION_PATH}"
+else
+    echo "No new update: nothing to do."
+fi
+
+exit 0