bundlewrap/bundles/vmhost/items.py

27 lines
764 B
Python
Raw Normal View History

files = {
'/usr/local/share/icinga/plugins/check_vm_status': {
'mode': '0755',
},
}
if node.has_bundle('nftables'):
# libvirt on debian depends on either iptables or firewalld. Since
# we're managing firewall rules using bundlewrap, we don't want either
# of thos to interfere. So we install firewalld, then ensure it is
# never running. After that, we ensure the bundlewrap managed rules
# are active.
svc_systemd['firewalld'] = {
'running': False,
'enabled': False,
'masked': True,
'needs': {
'pkg_apt:firewalld',
},
'needed_by': {
'svc_systemd:nftables',
},
'triggers': {
'svc_systemd:nftables:reload',
},
}