recovered from crash

alexa/server.py

@@ -1,10 +1,67 @@
+# -*- coding: utf-8 -*-
+from __future__ import print_function, absolute_import, division
+
 from flask import Flask
+from flask_ask import Ask, statement, question, session
+import json
+import time
+from random import choice
 
 app = Flask(__name__)
+ask = Ask(app, "/ameise")
+
+# the Links:
+# Config: https://developer.amazon.com/edw/home.html#/skills
+# Docs: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/supported-phrases-to-begin-a-conversation
+
+WELCOME = [
+    'Hast du einen Wunsch?',
+    'Kann ich dir helfen?',
+    'Was soll ich tun?',
+    'Ja?',
+    'Steht was an?',
+    'Was gibt es?',
+    'Hast du eine Frage?',
+    'Gib mir einen Befehl',
+]
+
+REPROMPTS = [
+    'Was hast du gesagt?',
+    'Ich habe dich nicht verstanden!',
+    'Sprich deutlich, dann verstehe ich dich auch!',
+    'Nuscheln ist nicht erlaubt!',
+    'Was meinst du?',
+    ]
 
 @app.route('/')
 def homepage():
     return "Hi there, how ya doin?"
 
+@ask.launch
+def start_skill():
+    print('Welcome ...')
+    return question(choice(WELCOME)).reprompt(choice(REPROMPTS))
+
+@ask.intent("ChefIntent")
+def declare_chef():
+    names = ['Lilith', 'Elise', 'Lars', 'Annelie', 'Mama', 'Papa',
+            'Christine', 'Dirk', 'Lillutschka', 'Larsi', 'Liselchen', 'Annelutschka',
+            'Annelie Rothe', 'Lilith Rothe', 'Christine Rothe', 'Lars Rothe', 'Elise Rothe',
+            'die kleine Annelie', 'der schnelle Lars', 'die schlaue Elise', 'die intelligente Lilith']
+    chefs = ['Chef', 'Oberchef', 'Boss', 'Bestimmer', 'Meister',
+            'Leiter', 'Direktor', u'Anführer', 'Oberboss', u'König']
+    s = ('%s ist heute der %s, aber morgen ist %s dran!' %
+            (choice(names), choice(chefs), choice(names)))
+    return statement(s.encode('utf-8'))
+
+@ask.intent("LeaveIntent")
+def no_intent():
+    choices = [
+    'Ok, das ist aber schade, Auf Wiedersehen.',
+    'Gut, bis zum nächsten Mal.',
+    'Ok, selten so viel Spass gehabt.',
+    ]
+    return statement(choice(choices))
+
 if __name__ == '__main__':
     app.run(debug=True, host='0.0.0.0', port=80)

install.txt

@@ -0,0 +1,20 @@
+raspi-config
+============
+
+* german-locale + german-keymap
+* activate sshd and i2c
+* apt install vim curl htop mc
+
+manual stuff
+============
+
+* configure wlan
+* configure disks
+  * mkdir /mnt/ssdext
+    * fstab: /dev/sda1 /mnt/ssdext ext4 rw,defaults 0 0
+  * mkdir /mnt/hddex
+    * test: mount -t cifs -o username='ftpuser',password='#*ftpuser.00',uid=1000,gid=1000,sec=ntlm //192.168.178.1/FRITZ.NAS/TOSHIBA-MK5065GSXF-01 /mnt/hddext
+    * fstab:
+        * printf "username=ftpuser\npassword=#*ftpuser.00\n" > /home/pi/.smbcredentials
+        * //192.168.178.1/FRITZ.NAS/TOSHIBA-MK5065GSXF-01 /mnt/hddext  cifs credentials=/home/pi/.smbcredentials,uid=1000,gid=1000,sec=ntlm 0 0
+

jupyter/Dockerfile

@@ -53,9 +53,6 @@ RUN pip3 install readline jupyter
 # sudo vi /opt/fast/jupyter/config_root/jupyter_notebook_config.py
 
 
-
-passwd()
-
 VOLUME /root/notebooks
 
 # Add Tini. Tini operates as a process subreaper for jupyter. This prevents kernel crashes.
@@ -77,4 +74,4 @@ ENTRYPOINT ["/usr/bin/tini", "--"]
 
 EXPOSE 8888
 
-CMD ["jupyter", "notebook"]
+CMD ["jupyter", "notebook", "--allow-root"]

ngp_le/Dockerfile

@@ -14,31 +14,26 @@ RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VER
 
 
 WORKDIR /app
-
-# Install simp_le program
-RUN python -m ensurepip --upgrade
+#RUN apk add py-pip
+#RUN pip install --upgrade pip setuptools
+ADD https://bootstrap.pypa.io/get-pip.py /tmp/get-pip.py
+RUN python /tmp/get-pip.py
 RUN pip install requests
 
-# Get Let's Encrypt simp_le client source
-RUN mkdir -p /src
-RUN git -C /src clone https://github.com/zenhack/simp_le.git
+# Install simp_le program
+RUN mkdir -p /src && git -C /src clone --depth=1 --branch "0.2.0" https://github.com/zenhack/simp_le.git
 
 # Install simp_le in /usr/bin
-RUN cd /src/simp_le && \
-    python ./setup.py install
+RUN cd /src/simp_le && python ./setup.py install
 
 # Make house cleaning
-RUN cd / && \
-    rm -rf /src && \
+RUN rm -rf /src && \
     apk del git gcc py-pip musl-dev libffi-dev python-dev openssl-dev && \
     rm -rf /var/cache/apk/*
 
-# used in entrypoint.sh
-ENV debug=false
-
 ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh" ]
-CMD ["/bin/bash", "/app/start.sh"]
-
+CMD ["/bin/bash", "/app/start.sh" ]
 
 COPY /app/ /app/
-RUN chmod u+x /app/letsencrypt_service && chmod u+x /app/update_certs
+# [dr] made executable
+RUN chmod +rx /app/*.sh && chmod +rx /app/letsencrypt_service && chmod +rx /app/update_certs

ngp_le/app/entrypoint.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 set -u
+DEBUG=false
 
 export CONTAINER_ID=$(cat /proc/self/cgroup | sed -nE 's/^.+docker[\/-]([a-f0-9]{64}).*/\1/p' | head -n 1)
 
@@ -33,16 +34,21 @@ function get_nginx_proxy_cid {
             break
         fi
     done
+    # Check if any container has been labelled as the nginx proxy container.
+    local labeled_cid=$(docker_api "/containers/json" | jq -r '.[] | select( .Labels["com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"] == "true")|.Id')
+    if [[ ! -z "${labeled_cid:-}" ]]; then
+        export NGINX_PROXY_CONTAINER=$labeled_cid
+    fi
     if [[ -z "${NGINX_PROXY_CONTAINER:-}" ]]; then
         echo "Error: can't get nginx-proxy container id !" >&2
-        echo "Check that you use the --volumes-from option to mount volumes from the nginx-proxy." >&2
+        echo "Check that you use the --volumes-from option to mount volumes from the nginx-proxy or label the nginx proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true'." >&2
         exit 1
     fi
 }
 
 function check_writable_directory {
     local dir="$1"
-    docker_api "/containers/$HOSTNAME/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"
+    docker_api "/containers/$CONTAINER_ID/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"
     if [[ $? -ne 0 ]]; then
         echo "Warning: '$dir' does not appear to be a mounted volume."
     fi
@@ -70,7 +76,7 @@ function check_dh_group {
 
 source /app/functions.sh
 
-# [[ $DEBUG == true ]] && set -x
+[[ $DEBUG == true ]] && set -x
 
 if [[ "$*" == "/bin/bash /app/start.sh" ]]; then
     check_docker_socket

ngp_le/app/functions.sh

@@ -43,7 +43,7 @@ function docker_api {
     fi
     if [[ $DOCKER_HOST == unix://* ]]; then
         curl_opts+=(--unix-socket ${DOCKER_HOST#unix://})
-        scheme='http:'
+        scheme='http://localhost'
     else
         scheme="http://${DOCKER_HOST#*://}"
     fi
@@ -70,9 +70,14 @@ function docker_kill {
 ## Nginx
 reload_nginx() {
     if [[ -n "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then
-        # Using docker-gen separate container
-        echo "Reloading nginx proxy (using separate container ${NGINX_DOCKER_GEN_CONTAINER})..."
+        # Using docker-gen and nginx in separate container
+        echo "Reloading nginx docker-gen (using separate container ${NGINX_DOCKER_GEN_CONTAINER})..."
         docker_kill "$NGINX_DOCKER_GEN_CONTAINER" SIGHUP
+        if [[ -n "${NGINX_PROXY_CONTAINER:-}" ]]; then
+            # Reloading nginx in case only certificates had been renewed
+            echo "Reloading nginx (using separate container ${NGINX_PROXY_CONTAINER})..."
+            docker_kill "$NGINX_PROXY_CONTAINER" SIGHUP
+        fi
     else
         if [[ -n "${NGINX_PROXY_CONTAINER:-}" ]]; then
             echo "Reloading nginx proxy..."

ngp_le/app/letsencrypt_service

@@ -4,6 +4,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 seconds_to_wait=3600
 ACME_CA_URI="${ACME_CA_URI:-https://acme-v01.api.letsencrypt.org/directory}"
+ACME_TOS_HASH="${ACME_TOS_HASH:-6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221}"
+DEFAULT_KEY_SIZE=4096
 
 source /app/functions.sh
 
@@ -31,6 +33,10 @@ create_links() {
         create_link "/etc/nginx/certs/$domain".dhparam.pem ./dhparam.pem
         return_code=$(( $return_code & $? ))
     fi
+    if [[ -f "/etc/nginx/certs/$base_domain"/chain.pem ]]; then
+        create_link "/etc/nginx/certs/$domain".chain.pem "./$base_domain"/chain.pem
+        return_code=$(( $return_code & $? ))
+    fi
     return $return_code
 }
 
@@ -49,6 +55,12 @@ update_certs() {
         hosts_array=$host_varname[@]
         email_varname="LETSENCRYPT_${cid}_EMAIL"
 
+        keysize_varname="LETSENCRYPT_${cid}_KEYSIZE"
+        cert_keysize="${!keysize_varname}"
+        if [[ "$cert_keysize" == "<no value>" ]]; then
+            cert_keysize=$DEFAULT_KEY_SIZE
+        fi
+
         test_certificate_varname="LETSENCRYPT_${cid}_TEST"
         create_test_certificate=false
         if [[ $(lc "${!test_certificate_varname:-}") == true ]]; then
@@ -98,9 +110,10 @@ update_certs() {
 
         echo "Creating/renewal $base_domain certificates... (${hosts_array_expanded[*]})"
         /usr/bin/simp_le \
-            -f account_key.json -f key.pem -f fullchain.pem -f cert.pem \
-            --tos_sha256 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221 \
+            -f account_key.json -f key.pem -f chain.pem -f fullchain.pem -f cert.pem \
+            --tos_sha256 $ACME_TOS_HASH \
             $params_d_str \
+            --cert_key_size=$cert_keysize \
             --email "${!email_varname}" \
             --server=$acme_ca_uri \
             --default_root /usr/share/nginx/html/
@@ -112,10 +125,17 @@ update_certs() {
             rm -rf /etc/nginx/certs/$altnames
         done
 
-        for domain in "${!hosts_array}"; do
-            create_links $base_domain $domain && reload_nginx='true'
-            [[ $simp_le_return -eq 0 ]] && reload_nginx='true'
-        done
+        if [[ -z $base_domain ]]; then
+            echo "inavalid stuff from container: ${cid}"
+        fi
+        if [[ ! -z $base_domain ]]; then
+
+            for domain in "${!hosts_array}"; do
+                create_links $base_domain $domain && reload_nginx='true'
+                [[ $simp_le_return -eq 0 ]] && reload_nginx='true'
+            done
+        fi
+
     done
 
     [[ "$reload_nginx" == 'true' ]] && reload_nginx

ngp_le/app/letsencrypt_service_data.tmpl

@@ -1,11 +1,16 @@
-LETSENCRYPT_CONTAINERS=({{ range $host, $containers := groupBy $ "Env.LETSENCRYPT_HOST" }}{{ range $container := $containers }} '{{ printf "%.12s" $container.ID }}' {{ end }}{{ end }})
+LETSENCRYPT_CONTAINERS=({{ range $hosts, $containers := groupBy $ "Env.LETSENCRYPT_HOST" }}{{ if trim $hosts }}{{ range $container := $containers }} '{{ printf "%.12s" $container.ID }}' {{ end }}{{ end }}{{ end }})
 
 {{ range $hosts, $containers := groupBy $ "Env.LETSENCRYPT_HOST" }}
 
+{{ if trim $hosts }}
+
 {{ range $container := $containers }}{{ $cid := printf "%.12s" $container.ID }}
 LETSENCRYPT_{{ $cid }}_HOST=( {{ range $host := split $hosts "," }}'{{ $host }}' {{ end }})
 LETSENCRYPT_{{ $cid }}_EMAIL="{{ $container.Env.LETSENCRYPT_EMAIL }}"
+LETSENCRYPT_{{ $cid }}_KEYSIZE="{{ $container.Env.LETSENCRYPT_KEYSIZE }}"
 LETSENCRYPT_{{ $cid }}_TEST="{{ $container.Env.LETSENCRYPT_TEST }}"
 {{ end }}
 
 {{ end }}
+
+{{ end }}

ngp_le/app/nginx_location.conf

@@ -1,4 +1,4 @@
-location /.well-known/acme-challenge/ {
+location ^~ /.well-known/acme-challenge/ {
     allow all;
     root /usr/share/nginx/html;
     try_files $uri =404;

services.yml

@@ -7,9 +7,9 @@ jupyter: # pw: letscode.00
     build: jupyter
     ports: 17888:80
     volumes:
-      - /opt/fast/jupyter/notebooks:/root/notebooks
-      - /opt/fast/jupyter/config:/root/.local
-      - /opt/fast/jupyter/config_root:/root/.jupyter
+      - /mnt/ssdext/data/jupyter/notebooks:/root/notebooks
+      - /mnt/ssdext/data/jupyter/config:/root/.local
+      - /mnt/ssdext/data/jupyter/config_root:/root/.jupyter
 
 domoticz:
   host: himbeere
@@ -19,7 +19,7 @@ domoticz:
     image: domoticz
     volumes:
       - /etc/localtime:/etc/localtime
-      - /opt/fast/domoticz/domoticz.db:/root/domoticz/domoticz.db
+      - /mnt/ssdext/data/domoticz/domoticz.db:/root/domoticz/domoticz.db
     #ports: 8080:8080
     devices: /dev/ttyUSB0
 
@@ -43,7 +43,7 @@ svn:
   docker:
     build: svn
     volumes:
-      - /opt/fast/svn:/var/svn
+      - /mnt/ssdext/data/svn:/var/svn
     ports: 3690:3690
     stop_signal: SIGKILL
 
@@ -55,12 +55,13 @@ ngp:
       ports: 192.168.178.43:1080:80, 192.168.178.43:1443:443
       volumes:
         - /usr/share/nginx/html
-        - /opt/fast/nginx/htpasswd:/etc/nginx/htpasswd \
+        - /mnt/ssdext/data/nginx/htpasswd:/etc/nginx/htpasswd \
         - /var/run/docker.sock:/tmp/docker.sock:ro
-        - /opt/fast/nginx/certs:/etc/nginx/certs:ro
+        - /mnt/ssdext/data/nginx/certs:/etc/nginx/certs:ro
         # see https://github.com/jwilder/nginx-proxy#per-virtual_host
-        - /opt/fast/nginx/vhost.d:/etc/nginx/vhost.d:ro
-
+        - /mnt/ssdext/data/nginx/vhost.d:/etc/nginx/vhost.d:ro
+      labels:
+        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
       commands:
         nginx_conf:
           method: exec
@@ -71,9 +72,9 @@ ngp:
       build: ngp_le
       volumes_from: nginx-proxy
       volumes:
-        - /opt/fast/nginx/certs:/etc/nginx/certs:rw
+        - /mnt/ssdext/data/nginx/certs:/etc/nginx/certs:rw
         - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /opt/fast/nginx/vhost.d:/etc/nginx/vhost.d:rw
+        - /mnt/ssdext/data/nginx/vhost.d:/etc/nginx/vhost.d:rw
 
 #~ nexus:
   #~ host: himbeere
@@ -81,7 +82,7 @@ ngp:
     #~ build: nexus
     #~ volumes:
       #~ - /etc/localtime:/etc/localtime
-      #~ - /opt/fast/nexus:/opt/sonatype-work
+      #~ - /mnt/ssdext/data/nexus:/opt/sonatype-work
     #~ ports: 1381:8081
 
 #~ pypy:
@@ -97,7 +98,7 @@ rsync:
     build: rsync
     volumes:
       - /etc/localtime:/etc/localtime
-      - /mnt/ssdext/docker_fast_volumes:/opt/from
+      - /mnt/ssdext/data:/opt/from
       - /mnt/hddext/backup:/opt/to
 
 gogs:
@@ -105,7 +106,7 @@ gogs:
   fqdn: git.cere.duckdns.org
   docker:
     image: gogs/gogs-rpi
-    volumes: /opt/fast/gogs:/data
+    volumes: /mnt/ssdext/data/gogs:/data
     ports: 3022:22
     env:
       VIRTUAL_PORT: 3000
@@ -116,8 +117,8 @@ graphite:
     build: graphite
     #~ image: abarbanell/docker-grafana-graphite
     volumes:
-      - /opt/fast/graphite/whisper:/opt/graphite/storage/whisper
-      - /opt/fast/graphite/logs:/var/log/supervisor
+      - /mnt/ssdext/data/graphite/whisper:/opt/graphite/storage/whisper
+      - /mnt/ssdext/data/graphite/logs:/var/log/supervisor
     ports:
       - 13080:8000
       - 8125:8125/udp