feat: deployed frontend, postgres, rev-proxy, tailscale config, initialisation scripts

2026-01-31 14:28:52 +01:00 · 2026-01-31 14:28:52 +01:00 · a24fd5bd93
commit a24fd5bd93
parent f48059e37e
20 changed files with 413 additions and 262 deletions
--- a/scripts/deploy-frontend.sh
+++ b/scripts/deploy-frontend.sh
@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd /home/luka/HexName-Frontend
+git pull
+
+deno task build
+sudo rm -rf /var/www/hexname/build
+sudo cp -r build/ /var/www/hexname/
+
--- a/scripts/pdns-init-config-dns.sh
+++ b/scripts/pdns-init-config-dns.sh
@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+API_URL="http://127.0.0.1:8081/api/v1/servers/localhost/zones/hexname.com."
+API_KEY="${API_KEY:?API_KEY not set}"
+
+declare -A RRSETS
+
+add_record() {
+  local type="$1"
+  local ttl="$2"
+  local name="$3"
+  local content="$4"
+
+  local key="${name}|${type}|${ttl}"
+  RRSETS["$key"]+="${content}"$'\n'
+}
+
+flush_rrsets() {
+  local rrsets_json="[]"
+
+  for key in "${!RRSETS[@]}"; do
+    IFS='|' read -r name type ttl <<<"$key"
+
+    local records_json
+    records_json=$(printf '%s' "${RRSETS[$key]}" \
+      | sed '/^$/d' \
+      | jq -R '{content: ., disabled: false}' \
+      | jq -s '.')
+
+    rrsets_json=$(jq \
+      --arg name "$name" \
+      --arg type "$type" \
+      --argjson ttl "$ttl" \
+      --argjson records "$records_json" \
+      '. + [{
+        name: $name,
+        type: $type,
+        ttl: $ttl,
+        changetype: "REPLACE",
+        records: $records
+      }]' <<<"$rrsets_json")
+  done
+
+  jq -n --argjson rrsets "$rrsets_json" '{ rrsets: $rrsets }' \
+    | curl -sS -X PATCH \
+      -H "X-API-Key: $API_KEY" \
+      -H "Content-Type: application/json" \
+      --data-binary @- \
+      "$API_URL"
+}
+
+add_record "NS" 604800 "hexname.com." "ns1.hexname.com."
+add_record "NS" 604800 "hexname.com." "ns2.hexname.com."
+add_record "A" 604800 "hexname.com." "188.245.239.209"
+add_record "A" 604800 "ns1.hexname.com." "188.245.239.209"
+add_record "A" 604800 "ns2.hexname.com." "91.99.69.65"
+
+# Mailserver records
+add_record "A" 3600 "mx.hexname.com." "188.245.239.209"
+add_record "A" 3600 "email.hexname.com." "188.245.239.209"
+add_record "A" 3600 "mta-sts.hexname.com." "188.245.239.209"
+add_record "CNAME" 3600 "mail.hexname.com." "mx.hexname.com."
+add_record "MX" 3600 "hexname.com." "10 mx.hexname.com."
+
+add_record "TXT" 3600 "_mta-sts.hexname.com." "\"v=STSv1; id=20260127182600Z;\""
+
+add_record "TXT" 3600 "202601e._domainkey.hexname.com." "\"v=DKIM1; k=ed25519; h=sha256; p=C30gZd1CbkUpIGInw/wZgZQD0pmUEnwTp+svCLm1oCk=\""
+add_record "TXT" 3600 "202601r._domainkey.hexname.com." "\"v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyQRHisJtMpgRCAKAE5mfq63n1hvguiNheRrGWcLjEziA9r3M8oaxM71gDNeDEZj19yXlYBWlZZiPsdkMNsumFaElTt3E810JjZxvWslvRgCQ9qMK6lE4ytJZHXJD1a+g82/j4Pfu3C0iz0GfMvngXf03pDl5jWeScwfSFgvKx/0tRdzCAzwkSZfZaSKCh5bcvVwoxzXqHjz3zxwxDJGlUPoERymd18/7NkdRRfJZoqAo/aHdsh5JsYa8APtNIHjSjp2vUBPQnNrtx9+lI0qRnwdyrim8v8CRKin+QUW0sstWGuyqZxgxOGXO2Ek2fqTrpzVu2fu6pzGqJdbTVf5BQIDAQAB\""
+
+add_record "TXT" 3600 "mx.hexname.com." "\"v=spf1 a ra=spf-reports -all\""
+add_record "TXT" 3600 "hexname.com." "\"v=spf1 mx ra=spf-reports -all\""
+add_record "TXT" 3600 "_dmarc.hexname.com." "\"v=DMARC1; p=reject; rua=mailto:dmarc-reports@hexname.com; ruf=mailto:dmarc-reports@hexname.com\""
+add_record "TXT" 3600 "_smtp._tls.hexname.com." "\"v=TLSRPTv1; rua=mailto:tls-reports@hexname.com\""
+add_record "SRV" 3600 "_imaps._tcp.hexname.com." "0 1 993 mx.hexname.com."
+add_record "SRV" 3600 "_imap._tcp.hexname.com." "0 1 143 mx.hexname.com."
+add_record "SRV" 3600 "_submissions._tcp.hexname.com." "0 1 465 mx.hexname.com."
+add_record "SRV" 3600 "_submission._tcp.hexname.com." "0 1 587 mx.hexname.com."
+add_record "TLSA" 3600 "_25._tcp.mx.hexname.com." "3 1 1 88151fff33b6c5b820d83b3030d55376f57085a154652a27089d9d9a71fe6a7e"
+
+# Create the zone
+curl -d '{
+    "name": "hexname.com.",
+    "kind": "Native",
+    "masters": [],
+    "nameservers": [
+      "ns1.hexname.com.",
+      "ns2.hexname.com."
+    ]
+  }' -X POST -H "X-API-Key: $API_KEY" http://127.0.0.1:8081/api/v1/servers/localhost/zones
+
+flush_rrsets
+
+# Secure/update DDNSEC
+sudo podman exec -it hexname-powerdns pdnsutil zone secure hexname.com
+
--- a/scripts/virtualisation/restart-netbird-relay.nix
+++ b/scripts/virtualisation/restart-netbird-relay.nix
@ -1,18 +0,0 @@
-{ pkgs, ... }:
-
-{
-  systemd.timers.restart-netbird-relay = {
-    timerConfig = {
-      Unit = "update-containers.service";
-      OnCalendar = "Tue 02:40"; # 10 mins after podman pull
-    };
-    wantedBy = [ "timers.target" ];
-  };
-  systemd.services.restart-netbird-relay = {
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${pkgs.systemd}/bin/systemctl try-restart podman-netbird-relay.service";
-    };
-  };
-}
-
--- a/scripts/virtualisation/restart-pihole.nix
+++ b/scripts/virtualisation/restart-pihole.nix
@ -1,18 +0,0 @@
-{ pkgs, ... }:
-
-{
-  systemd.timers.restart-pihole = {
-    timerConfig = {
-      Unit = "update-containers.service";
-      OnCalendar = "Tue 02:40"; # 10 mins after podman pull
-    };
-    wantedBy = [ "timers.target" ];
-  };
-  systemd.services.restart-pihole = {
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${pkgs.systemd}/bin/systemctl try-restart podman-pihole.service";
-    };
-  };
-}
-
--- a/scripts/virtualisation/update-containers.nix
+++ b/scripts/virtualisation/update-containers.nix
@ -1,24 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
-  systemd.timers.update-containers = {
-    timerConfig = {
-      Unit = "update-containers.service";
-      OnCalendar = "Mon 02:30";
-    };
-    wantedBy = [ "timers.target" ];
-  };
-  systemd.services.update-containers = {
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = lib.getExe (pkgs.writeShellScriptBin "update-containers" ''
-        images=$(${pkgs.podman}/bin/podman ps -a --format="{{.Image}}" | sort -u)
-
-        for image in $images; do
-          ${pkgs.podman}/bin/podman pull "$image"
-        done
-      '');
-    };
-  };
-}
-
--- a/scripts/zfs-healthcheck/service.nix
+++ b/scripts/zfs-healthcheck/service.nix
@ -1,38 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  scriptPath = "${config.vars.homeDir}/nixos/scripts";
-  after = [ "network.target" "NetworkManager.service" "uptime-kuma.service" ];
-  environment = {
-    VAR_IP = config.vars.privateIp;
-  };
-in
-{
-  systemd.services = {
-    "zfs-uptime-kuma" = {
-      inherit environment after;
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "oneshot";
-        User = "root";
-      };
-      path = with pkgs; [ bash curl zfs jq ];
-      script = ''
-        bash ${scriptPath}/zfs-healthcheck/uptime-kuma.sh
-      '';
-    };
-  };
-
-  systemd.timers = {
-   "zfs-uptime-kuma" = {
-      wantedBy = [ "timers.target" ];
-      partOf = [ "zfs-uptime-kuma.service" ];
-      timerConfig = {
-        Persistent = true; # Execute immediately if missed
-        OnUnitActiveSec = "7m"; # Run every x minutes
-        Unit = "zfs-uptime-kuma.service";
-      };
-    };
-  };
-}
-
--- a/scripts/zfs-healthcheck/uptime-kuma.sh
+++ b/scripts/zfs-healthcheck/uptime-kuma.sh
@ -1,29 +0,0 @@
-#! /bin/sh
-set -euo pipefail
-set -x
-
-push_token=$(< /etc/env/zfs/push-token);
-
-start_time=$(date -u +%s%3N)
-health=$(zpool list -H -o health)
-
-status="up"
-
-echo "$health" | while IFS= read -r line; do
-  if [ "$line" != "ONLINE" ]; then
-    status="down"
-    break
-  fi
-done
-
-end_time=$(date -u +%s%3N)
-duration=$(("$end_time" - "$start_time"))
-
-msg=$(printf '%s' "$health" | tr '\n' ',' | tr -d "'" | jq -sRr @uri)
-url="http://$VAR_IP:4000/api/push/$push_token?ping=$duration&status=$status&msg='$msg'"
-
-output=$(curl --fail --no-progress-meter --retry 1 $url 2>&1)
-if [ $? -ne 0 ]; then
-    echo "Ping failed: $output" >&2
-fi
-