From 0b09537ba4643c99c3d28d41ddc22738eb838755 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 6 Jan 2025 20:12:06 +0100 Subject: [PATCH] dismantle all arch infrastructure --- bundles/arch-with-gui/files/50-network.conf | 5 - bundles/arch-with-gui/files/autologin.conf | 3 - bundles/arch-with-gui/items.py | 110 -------- bundles/arch-with-gui/metadata.py | 124 --------- bundles/basic/items.py | 1 - bundles/bird/items.py | 9 +- bundles/bird/metadata.py | 9 - bundles/cron/items.py | 11 +- bundles/cron/metadata.py | 5 - bundles/icinga2/items.py | 16 -- bundles/ipmitool/metadata.py | 5 - bundles/letsencrypt/metadata.py | 9 - bundles/lldp/metadata.py | 11 - bundles/lm-sensors/metadata.py | 5 - bundles/nfs-client/items.py | 9 +- bundles/nfs-client/metadata.py | 5 - bundles/nftables/items.py | 7 +- bundles/nftables/metadata.py | 17 -- bundles/nginx/files/arch-override.conf | 9 - bundles/nginx/files/nginx.conf | 2 +- bundles/nginx/items.py | 22 +- bundles/nginx/metadata.py | 5 - bundles/openssh/items.py | 13 +- bundles/openssh/metadata.py | 5 - .../pacman/files/check_unattended_upgrades | 38 --- bundles/pacman/files/do-unattended-upgrades | 18 -- bundles/pacman/files/faillock.conf | 2 - bundles/pacman/files/pacman.conf | 40 --- bundles/pacman/files/upgrade-and-reboot | 49 ---- bundles/pacman/files/upgrade-and-reboot.conf | 3 - bundles/pacman/items.py | 109 -------- bundles/pacman/metadata.py | 55 ---- bundles/postfix/files/arch-override.conf | 6 - bundles/postfix/items.py | 19 +- bundles/postfix/metadata.py | 8 +- bundles/sshmon/items.py | 9 - bundles/sshmon/metadata.py | 8 - bundles/sudo/metadata.py | 5 - bundles/systemd-boot/files/entry | 13 - bundles/systemd-boot/files/loader.conf | 5 - bundles/systemd-boot/files/pacman_hook | 9 - bundles/systemd-boot/items.py | 32 --- bundles/telegraf/metadata.py | 10 - bundles/users/metadata.py | 5 - bundles/vmhost/items.py | 9 - bundles/vmhost/metadata.py | 9 - .../files/crs-runner.service | 16 -- bundles/voc-tracker-worker/files/environment | 6 - bundles/voc-tracker-worker/items.py | 56 ---- bundles/voc-tracker-worker/metadata.py | 52 ---- bundles/wireguard/metadata.py | 2 +- .../files/zfs-import-scan-override.service | 4 - bundles/zfs/items.py | 3 - bundles/zfs/metadata.py | 18 -- groups/os.py | 8 - hooks/test_zfs_consistency.py | 2 +- nodes/fkusei-locutus.py | 190 ------------- nodes/htz-cloud.aurto.toml | 59 ---- nodes/kunsi-p14s.py | 251 ------------------ 59 files changed, 21 insertions(+), 1524 deletions(-) delete mode 100644 bundles/arch-with-gui/files/50-network.conf delete mode 100644 bundles/arch-with-gui/files/autologin.conf delete mode 100644 bundles/arch-with-gui/items.py delete mode 100644 bundles/arch-with-gui/metadata.py delete mode 100644 bundles/nginx/files/arch-override.conf delete mode 100644 bundles/pacman/files/check_unattended_upgrades delete mode 100644 bundles/pacman/files/do-unattended-upgrades delete mode 100644 bundles/pacman/files/faillock.conf delete mode 100644 bundles/pacman/files/pacman.conf delete mode 100644 bundles/pacman/files/upgrade-and-reboot delete mode 100644 bundles/pacman/files/upgrade-and-reboot.conf delete mode 100644 bundles/pacman/items.py delete mode 100644 bundles/pacman/metadata.py delete mode 100644 bundles/postfix/files/arch-override.conf delete mode 100755 bundles/systemd-boot/files/entry delete mode 100755 bundles/systemd-boot/files/loader.conf delete mode 100644 bundles/systemd-boot/files/pacman_hook delete mode 100644 bundles/systemd-boot/items.py delete mode 100644 bundles/voc-tracker-worker/files/crs-runner.service delete mode 100644 bundles/voc-tracker-worker/files/environment delete mode 100644 bundles/voc-tracker-worker/items.py delete mode 100644 bundles/voc-tracker-worker/metadata.py delete mode 100644 nodes/fkusei-locutus.py delete mode 100644 nodes/htz-cloud.aurto.toml delete mode 100644 nodes/kunsi-p14s.py diff --git a/bundles/arch-with-gui/files/50-network.conf b/bundles/arch-with-gui/files/50-network.conf deleted file mode 100644 index 39c38f2..0000000 --- a/bundles/arch-with-gui/files/50-network.conf +++ /dev/null @@ -1,5 +0,0 @@ -context.exec = [ - { path = "pactl" args = "load-module module-native-protocol-tcp" } - { path = "pactl" args = "load-module module-zeroconf-discover" } - { path = "pactl" args = "load-module module-zeroconf-publish" } -] diff --git a/bundles/arch-with-gui/files/autologin.conf b/bundles/arch-with-gui/files/autologin.conf deleted file mode 100644 index 9398062..0000000 --- a/bundles/arch-with-gui/files/autologin.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Autologin] -User=${user} -Session=i3.desktop diff --git a/bundles/arch-with-gui/items.py b/bundles/arch-with-gui/items.py deleted file mode 100644 index 5a35931..0000000 --- a/bundles/arch-with-gui/items.py +++ /dev/null @@ -1,110 +0,0 @@ -from os import listdir -from os.path import join - -actions = { - 'fc-cache_flush': { - 'command': 'fc-cache -f', - 'triggered': True, - 'needs': { - 'pkg_pacman:fontconfig', - }, - }, - 'i3pystatus_create_virtualenv': { - 'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/i3pystatus/venv/', - 'unless': 'test -d /opt/i3pystatus/venv/', - 'needs': { - 'directory:/opt/i3pystatus/src', - 'pkg_pacman:python-virtualenv', - }, - }, - 'i3pystatus_install': { - 'command': ' && '.join([ - 'cd /opt/i3pystatus/src', - '/opt/i3pystatus/venv/bin/pip install --upgrade pip colour netifaces basiciw pytz', - '/opt/i3pystatus/venv/bin/pip install --upgrade -e .', - ]), - 'needs': { - 'action:i3pystatus_create_virtualenv', - }, - 'triggered': True, - }, -} - -directories = { - '/etc/sddm.conf.d': { - 'purge': True, - }, - '/opt/i3pystatus/src': {}, - '/usr/share/fonts/bundlewrap': { - 'purge': True, - 'triggers': { - 'action:fc-cache_flush', - }, - }, -} - -svc_systemd = { - 'avahi-daemon': { - 'needs': { - 'pkg_pacman:avahi', - }, - }, - 'sddm': { - 'needs': { - 'pkg_pacman:sddm', - }, - }, -} - -git_deploy = { - '/opt/i3pystatus/src': { - 'repo': 'https://github.com/enkore/i3pystatus.git', - 'rev': 'current', - 'triggers': { - 'action:i3pystatus_install', - }, - }, -} - -files['/etc/pipewire/pipewire-pulse.conf.d/50-network.conf'] = {} - -for filename in listdir(join(repo.path, 'data', 'arch-with-gui', 'files', 'fonts')): - if filename.startswith('.'): - continue - - if filename.endswith('.vault'): - # XXX remove this once we have a new bundlewrap release - # https://github.com/bundlewrap/bundlewrap/commit/2429b153dd1ca6781cf3812e2dec9c2b646a546b - from os import environ - if environ.get('BW_VAULT_DUMMY_MODE', '0') == '1': - continue - - font_name = filename[:-6] - attrs = { - 'content': repo.vault.decrypt_file_as_base64(join('arch-with-gui', 'files', 'fonts', filename)), - 'content_type': 'base64', - } - else: - font_name = filename - attrs = { - 'source': join('fonts', filename), - 'content_type': 'binary', - } - - files[f'/usr/share/fonts/bundlewrap/{font_name}'] = { - 'triggers': { - 'action:fc-cache_flush', - }, - **attrs, - } - -if node.metadata.get('arch-with-gui/autologin_as', None): - files['/etc/sddm.conf.d/autologin.conf'] = { - 'context': { - 'user': node.metadata.get('arch-with-gui/autologin_as'), - }, - 'content_type': 'mako', - 'before': { - 'svc_systemd:sddm', - }, - } diff --git a/bundles/arch-with-gui/metadata.py b/bundles/arch-with-gui/metadata.py deleted file mode 100644 index f1fa8d0..0000000 --- a/bundles/arch-with-gui/metadata.py +++ /dev/null @@ -1,124 +0,0 @@ -assert node.os == 'arch' - -defaults = { - 'backups': { - 'paths': { - '/etc/netctl', - }, - }, - 'icinga_options': { - 'exclude_from_monitoring': True, - }, - 'nftables': { - 'input': { - '50-avahi': { - 'udp dport 5353 accept', - 'udp sport 5353 accept', - }, - }, - }, - 'pacman': { - 'packages': { - # fonts - 'fontconfig': {}, - 'ttf-dejavu': { - 'needed_by': { - 'pkg_pacman:sddm', - }, - }, - - # login management - 'sddm': {}, - - # networking - 'avahi': {}, - 'netctl': {}, - 'util-linux': {}, # provides rfkill - 'wpa_supplicant': {}, - 'wpa_actiond': {}, - - # shell and other gui stuff - 'dunst': {}, - 'fish': {}, - 'kitty': {}, - 'libnotify': {}, # provides notify-send - 'light': {}, - 'redshift': {}, - 'rofi': {}, - - # sound - 'calf': {}, - 'easyeffects': {}, - 'lsp-plugins': {}, - 'pavucontrol': {}, - 'pipewire': {}, - 'pipewire-jack': {}, - 'pipewire-pulse': {}, - 'pipewire-zeroconf': {}, - 'qpwgraph': {}, - - # window management - 'i3-wm': {}, - 'i3lock': {}, - 'xss-lock': {}, - - # i3pystatus dependencies - 'iw': {}, - 'wireless_tools': {}, - - # Xorg - 'xf86-input-libinput': {}, - 'xf86-input-wacom': {}, - 'xorg-server': {}, - 'xorg-setxkbmap': {}, - 'xorg-xev': {}, - 'xorg-xinput': {}, - 'xorg-xset': {}, - - # all them apps - 'browserpass': {}, - 'browserpass-firefox': {}, - 'ffmpeg': {}, - 'firefox': {}, - 'gimp': {}, - 'imagemagick': {}, - 'inkscape': {}, - 'kdenlive': {}, - 'maim': {}, - 'mosh': {}, - 'mosquitto': {}, - 'mpv': {}, - 'pass': {}, - 'pass-otp': {}, - 'pdftk': {}, - 'pwgen': {}, - 'qpdfview': {}, - 'samba': {}, - 'shotcut': {}, - 'sipcalc': {}, - 'the_silver_searcher': {}, - 'tlp': {}, - 'virt-manager': {}, - 'xclip': {}, - 'xdotool': {}, # needed for maim window selection - }, - }, -} - -@metadata_reactor.provides( - 'backups/paths', -) -def backup_every_user_home(metadata): - paths = set() - - for user, config in metadata.get('users', {}).items(): - if config.get('delete', False): - continue - - paths.add(config.get('home', f'/home/{user}')) - - return { - 'backups': { - 'paths': paths, - }, - } diff --git a/bundles/basic/items.py b/bundles/basic/items.py index e0f9242..c2cdd49 100644 --- a/bundles/basic/items.py +++ b/bundles/basic/items.py @@ -24,7 +24,6 @@ files = { 'before': { 'action:', 'pkg_apt:', - 'pkg_pacman:', }, }, } diff --git a/bundles/bird/items.py b/bundles/bird/items.py index 38a1549..4c4b51c 100644 --- a/bundles/bird/items.py +++ b/bundles/bird/items.py @@ -1,10 +1,5 @@ -if node.os == 'arch': - filename = '/etc/bird.conf' -else: - filename = '/etc/bird/bird.conf' - files = { - filename: { + '/etc/bird/bird.conf': { 'content_type': 'mako', 'triggers': { 'svc_systemd:bird:reload', @@ -15,7 +10,7 @@ files = { svc_systemd = { 'bird': { 'needs': { - f'file:{filename}', + f'file:/etc/bird/bird.conf', }, }, } diff --git a/bundles/bird/metadata.py b/bundles/bird/metadata.py index bc6be9a..f6096a7 100644 --- a/bundles/bird/metadata.py +++ b/bundles/bird/metadata.py @@ -13,15 +13,6 @@ defaults = { }, }, }, - 'pacman': { - 'packages': { - 'bird': { - 'needed_by': { - 'svc_systemd:bird', - }, - }, - }, - }, 'sysctl': { 'options': { 'net.ipv4.conf.all.forwarding': '1', diff --git a/bundles/cron/items.py b/bundles/cron/items.py index 72e8711..577bb59 100644 --- a/bundles/cron/items.py +++ b/bundles/cron/items.py @@ -1,10 +1,3 @@ -if node.os == 'arch': - service_name = 'cronie' - package_name = 'pkg_pacman:cronie' -else: - service_name = 'cron' - package_name = 'pkg_apt:cron' - files = { '/etc/crontab': { 'content_type': 'mako', @@ -24,9 +17,9 @@ directories = { } svc_systemd = { - service_name: { + 'cron': { 'needs': { - package_name, + 'pkg_apt:cron', }, }, } diff --git a/bundles/cron/metadata.py b/bundles/cron/metadata.py index 66d612a..67b2b22 100644 --- a/bundles/cron/metadata.py +++ b/bundles/cron/metadata.py @@ -4,9 +4,4 @@ defaults = { 'cron': {}, }, }, - 'pacman': { - 'packages': { - 'cronie': {}, - }, - }, } diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py index 804d920..6f8de54 100644 --- a/bundles/icinga2/items.py +++ b/bundles/icinga2/items.py @@ -401,22 +401,6 @@ for rnode in sorted(repo.nodes): DAYS_TO_STRING[day%7]: f'{hour}:{minute}-{hour}:{minute+15}', }, }) - elif ( - rnode.has_bundle('pacman') - and rnode.metadata.get('pacman/unattended-upgrades/is_enabled', False) - ): - day = rnode.metadata.get('pacman/unattended-upgrades/day') - hour = rnode.metadata.get('pacman/unattended-upgrades/hour') - minute = rnode.magic_number%30 - - downtimes.append({ - 'name': 'unattended-upgrades', - 'host': rnode.name, - 'comment': f'Downtime for upgrade-and-reboot of node {rnode.name}', - 'times': { - DAYS_TO_STRING[day%7]: f'{hour}:{minute}-{hour}:{minute+15}', - }, - }) files['/etc/icinga2/conf.d/groups.conf'] = { 'source': 'icinga2/groups.conf', diff --git a/bundles/ipmitool/metadata.py b/bundles/ipmitool/metadata.py index a340a7a..e908366 100644 --- a/bundles/ipmitool/metadata.py +++ b/bundles/ipmitool/metadata.py @@ -19,9 +19,4 @@ defaults = { '/usr/bin/ipmitool *', }, }, - 'pacman': { - 'packages': { - 'ipmitool': {}, - }, - }, } diff --git a/bundles/letsencrypt/metadata.py b/bundles/letsencrypt/metadata.py index 09620c4..ffeb084 100644 --- a/bundles/letsencrypt/metadata.py +++ b/bundles/letsencrypt/metadata.py @@ -13,15 +13,6 @@ defaults = { }, }, }, - 'pacman': { - 'packages': { - 'dehydrated': { - 'needed_by': { - 'action:letsencrypt_update_certificates', - }, - }, - }, - }, } diff --git a/bundles/lldp/metadata.py b/bundles/lldp/metadata.py index 7a499dd..2f1875c 100644 --- a/bundles/lldp/metadata.py +++ b/bundles/lldp/metadata.py @@ -10,15 +10,4 @@ defaults = { }, }, }, - 'pacman': { - 'packages': { - 'lldpd': { - 'needed_by': { - 'directory:/etc/lldpd.d', - 'file:/etc/lldpd.conf', - 'svc_systemd:lldpd', - }, - }, - }, - }, } diff --git a/bundles/lm-sensors/metadata.py b/bundles/lm-sensors/metadata.py index ffd3900..01a6d1a 100644 --- a/bundles/lm-sensors/metadata.py +++ b/bundles/lm-sensors/metadata.py @@ -4,11 +4,6 @@ defaults = { 'lm-sensors': {}, }, }, - 'pacman': { - 'packages': { - 'lm_sensors': {}, - }, - }, 'telegraf': { 'input_plugins': { 'builtin': { diff --git a/bundles/nfs-client/items.py b/bundles/nfs-client/items.py index 918d02c..97cebc4 100644 --- a/bundles/nfs-client/items.py +++ b/bundles/nfs-client/items.py @@ -1,8 +1,3 @@ -if node.has_bundle('pacman'): - package = 'pkg_pacman:nfs-utils' -else: - package = 'pkg_apt:nfs-common' - for mount, data in node.metadata.get('nfs-client/mounts',{}).items(): data['mount'] = mount data['mount_options'] = set(data.get('mount_options', set())) @@ -42,7 +37,7 @@ for mount, data in node.metadata.get('nfs-client/mounts',{}).items(): 'file:/etc/systemd/system/{}.automount'.format(unitname), 'directory:{}'.format(data['mountpoint']), 'svc_systemd:systemd-networkd', - package, + 'pkg_apt:nfs-common', }, } else: @@ -58,7 +53,7 @@ for mount, data in node.metadata.get('nfs-client/mounts',{}).items(): 'file:/etc/systemd/system/{}.mount'.format(unitname), 'directory:{}'.format(data['mountpoint']), 'svc_systemd:systemd-networkd', - package, + 'pkg_apt:nfs-common', }, } diff --git a/bundles/nfs-client/metadata.py b/bundles/nfs-client/metadata.py index c59ee60..93bf66e 100644 --- a/bundles/nfs-client/metadata.py +++ b/bundles/nfs-client/metadata.py @@ -4,11 +4,6 @@ defaults = { 'nfs-common': {}, }, }, - 'pacman': { - 'packages': { - 'nfs-utils': {}, - }, - }, } if node.has_bundle('telegraf'): diff --git a/bundles/nftables/items.py b/bundles/nftables/items.py index 9bbe11f..fc943d4 100644 --- a/bundles/nftables/items.py +++ b/bundles/nftables/items.py @@ -1,8 +1,3 @@ -if node.has_bundle('pacman'): - package = 'pkg_pacman:nftables' -else: - package = 'pkg_apt:nftables' - directories = { # used by other bundles '/etc/nftables-rules.d': { @@ -42,7 +37,7 @@ svc_systemd = { 'nftables': { 'needs': { 'file:/etc/nftables.conf', - package, + 'pkg_apt:nftables', }, }, } diff --git a/bundles/nftables/metadata.py b/bundles/nftables/metadata.py index 15f34d4..4fac791 100644 --- a/bundles/nftables/metadata.py +++ b/bundles/nftables/metadata.py @@ -10,23 +10,6 @@ defaults = { 'blocked_v4': repo.libs.firewall.global_ip4_blocklist, 'blocked_v6': repo.libs.firewall.global_ip6_blocklist, }, - 'pacman': { - 'packages': { - 'nftables': {}, -# https://github.com/bundlewrap/bundlewrap/issues/688 -# 'iptables': { -# 'installed': False, -# 'needed_by': { -# 'pkg_pacman:iptables-nft', -# }, -# }, - 'iptables-nft': { - 'needed_by': { - 'pkg_pacman:nftables', - }, - }, - }, - }, } if not node.has_bundle('vmhost') and not node.has_bundle('docker-engine'): diff --git a/bundles/nginx/files/arch-override.conf b/bundles/nginx/files/arch-override.conf deleted file mode 100644 index 5496fe6..0000000 --- a/bundles/nginx/files/arch-override.conf +++ /dev/null @@ -1,9 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf - -ExecReload= -ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)" - -ExecStop= -ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)" diff --git a/bundles/nginx/files/nginx.conf b/bundles/nginx/files/nginx.conf index 2c20144..7f7bd77 100644 --- a/bundles/nginx/files/nginx.conf +++ b/bundles/nginx/files/nginx.conf @@ -1,4 +1,4 @@ -user ${username}; +user www-data; worker_processes ${worker_processes}; pid /var/run/nginx.pid; diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py index 53edc86..2928686 100644 --- a/bundles/nginx/items.py +++ b/bundles/nginx/items.py @@ -1,12 +1,5 @@ from datetime import datetime, timedelta -if node.has_bundle('pacman'): - package = 'pkg_pacman:nginx' - username = 'http' -else: - package = 'pkg_apt:nginx' - username = 'www-data' - directories = { '/etc/nginx/sites': { 'purge': True, @@ -24,9 +17,9 @@ directories = { }, }, '/var/log/nginx-timing': { - 'owner': username, + 'owner': 'www-data', 'needs': { - package, + 'pkg_apt:nginx', }, }, '/var/www': {}, @@ -40,7 +33,6 @@ files = { '/etc/nginx/nginx.conf': { 'content_type': 'mako', 'context': { - 'username': username, **node.metadata['nginx'], }, 'triggers': { @@ -69,21 +61,13 @@ files = { '/var/www/error.html': {}, '/var/www/not_found.html': {}, } -if node.has_bundle('pacman'): - files['/etc/systemd/system/nginx.service.d/bundlewrap.conf'] = { - 'source': 'arch-override.conf', - 'triggers': { - 'action:systemd-reload', - 'svc_systemd:nginx:restart', - }, - } svc_systemd = { 'nginx': { 'needs': { 'action:generate-dhparam', 'directory:/var/log/nginx-timing', - package, + 'pkg_apt:nginx', }, }, } diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 2715065..28395ff 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -33,11 +33,6 @@ defaults = { 'nginx': { 'worker_connections': 768, }, - 'pacman': { - 'packages': { - 'nginx': {}, - }, - }, } if node.has_bundle('telegraf'): diff --git a/bundles/openssh/items.py b/bundles/openssh/items.py index a93b873..0b9fa04 100644 --- a/bundles/openssh/items.py +++ b/bundles/openssh/items.py @@ -27,29 +27,22 @@ files = { }, } -if node.has_bundle('pacman'): - package = 'pkg_pacman:openssh' - service = 'sshd' -else: - package = 'pkg_apt:openssh-server' - service = 'ssh' - actions = { 'sshd_check_config': { 'command': 'sshd -T -C user=root -C host=localhost -C addr=localhost', 'triggered': True, 'triggers': { - 'svc_systemd:{}:restart'.format(service), + 'svc_systemd:ssh:restart', }, }, } svc_systemd = { - service: { + 'ssh': { 'needs': { 'file:/etc/systemd/system/ssh.service.d/bundlewrap.conf', 'file:/etc/ssh/sshd_config', - package, + 'pkg_apt:openssh-server', }, }, } diff --git a/bundles/openssh/metadata.py b/bundles/openssh/metadata.py index 630b851..4db6d78 100644 --- a/bundles/openssh/metadata.py +++ b/bundles/openssh/metadata.py @@ -8,11 +8,6 @@ defaults = { 'openssh-sftp-server': {}, }, }, - 'pacman': { - 'packages': { - 'openssh': {}, - }, - }, } @metadata_reactor.provides( diff --git a/bundles/pacman/files/check_unattended_upgrades b/bundles/pacman/files/check_unattended_upgrades deleted file mode 100644 index 1cafab5..0000000 --- a/bundles/pacman/files/check_unattended_upgrades +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -statusfile="/var/tmp/unattended_upgrades.status" -if ! [[ -f "$statusfile" ]] -then - echo "Status file not found" - exit 3 -fi - -mtime=$(stat -c %Y $statusfile) -now=$(date +%s) -if (( $now - $mtime > 60*60*24*8 )) -then - echo "Status file is older than 8 days!" - exit 3 -fi - -exitcode=$(cat $statusfile) -case "$exitcode" in - abort_ssh) - echo "Upgrades skipped due to active SSH login" - exit 1 - ;; - 0) - if [[ -f /var/run/reboot-required ]] - then - echo "OK, but updates require a reboot" - exit 1 - else - echo "OK" - exit 0 - fi - ;; - *) - echo "Last exitcode was $exitcode" - exit 2 - ;; -esac diff --git a/bundles/pacman/files/do-unattended-upgrades b/bundles/pacman/files/do-unattended-upgrades deleted file mode 100644 index a04b5fc..0000000 --- a/bundles/pacman/files/do-unattended-upgrades +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -xeuo pipefail - -pacman -Syu --noconfirm --noprogressbar - -% for affected, restarts in sorted(restart_triggers.items()): -up_since=$(systemctl show "${affected}" | sed -n 's/^ActiveEnterTimestamp=//p' || echo 0) -up_since_ts=$(date -d "$up_since" +%s || echo 0) -now=$(date +%s) - -if [ $((now - up_since_ts)) -lt 3600 ] -then -% for restart in sorted(restarts): - systemctl restart "${restart}" || true -% endfor -fi -% endfor diff --git a/bundles/pacman/files/faillock.conf b/bundles/pacman/files/faillock.conf deleted file mode 100644 index 19c0ff3..0000000 --- a/bundles/pacman/files/faillock.conf +++ /dev/null @@ -1,2 +0,0 @@ -# just disable faillock. -deny = 0 diff --git a/bundles/pacman/files/pacman.conf b/bundles/pacman/files/pacman.conf deleted file mode 100644 index 7fb4e48..0000000 --- a/bundles/pacman/files/pacman.conf +++ /dev/null @@ -1,40 +0,0 @@ -[options] -Architecture = auto -CheckSpace -Color -HoldPkg = ${' '.join(sorted(node.metadata.get('pacman/ask_before_removal')))} -ILoveCandy -IgnorePkg = ${' '.join(sorted(node.metadata.get('pacman/ignore_packages', set())))} -LocalFileSigLevel = Optional -NoExtract=${' '.join(sorted(node.metadata.get('pacman/no_extract', set())))} -ParallelDownloads = ${node.metadata.get('pacman/parallel_downloads')} -SigLevel = Required DatabaseOptional -VerbosePkgLists - -% for line in sorted(node.metadata.get('pacman/additional_config', set())): -${line} -% endfor - -[core] -Server = ${node.metadata.get('pacman/repository')} -Include = /etc/pacman.d/mirrorlist - -[extra] -Server = ${node.metadata.get('pacman/repository')} -Include = /etc/pacman.d/mirrorlist - -[community] -Server = ${node.metadata.get('pacman/repository')} -Include = /etc/pacman.d/mirrorlist -% if node.metadata.get('pacman/enable_multilib', False): - -[multilib] -Server = ${node.metadata.get('pacman/repository')} -Include = /etc/pacman.d/mirrorlist -% endif -% if node.metadata.get('pacman/enable_aurto'): - -[aurto] -Server = https://aurto.kunbox.net/ -SigLevel = Optional TrustAll -% endif diff --git a/bundles/pacman/files/upgrade-and-reboot b/bundles/pacman/files/upgrade-and-reboot deleted file mode 100644 index 41973aa..0000000 --- a/bundles/pacman/files/upgrade-and-reboot +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -# With systemd, we can force logging to the journal. This is better than -# spamming the world with cron mails. You can then view these logs using -# "journalctl -rat upgrade-and-reboot". -if which logger >/dev/null 2>&1 -then - # Dump stdout and stderr to logger, which will then put everything - # into the journal. - exec 1> >(logger -t upgrade-and-reboot -p user.info) - exec 2> >(logger -t upgrade-and-reboot -p user.error) -fi - -. /etc/upgrade-and-reboot.conf - -echo "Starting upgrade-and-reboot for node $nodename ..." - -statusfile="/var/tmp/unattended_upgrades.status" -# Workaround, because /var/tmp is usually 1777 -[[ "$UID" == 0 ]] && chown root:root "$statusfile" - -logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd" && $1 != "sshmon" && $1 != "nobody"') -if [[ -n "$logins" ]] -then - echo "Will abort now, there are active SSH logins: $logins" - echo "abort_ssh" > "$statusfile" - exit 1 -fi - -softlockdir=/var/lib/bundlewrap/soft-$nodename -mkdir -p "$softlockdir" -printf '{"comment": "UPDATE", "date": %s, "expiry": %s, "id": "UNATTENDED", "items": ["*"], "user": "root@localhost"}\n' \ - $(date +%s) \ - $(date -d 'now + 30 mins' +%s) \ - >"$softlockdir"/UNATTENDED -trap 'rm -f "$softlockdir"/UNATTENDED' EXIT - -do-unattended-upgrades -ret=$? - -echo "$ret" > "$statusfile" -if (( $ret != 0 )) -then - exit 1 -fi - -systemctl reboot - -echo "upgrade-and-reboot for node $nodename is DONE" diff --git a/bundles/pacman/files/upgrade-and-reboot.conf b/bundles/pacman/files/upgrade-and-reboot.conf deleted file mode 100644 index ca71dce..0000000 --- a/bundles/pacman/files/upgrade-and-reboot.conf +++ /dev/null @@ -1,3 +0,0 @@ -nodename="${node.name}" -reboot_mail_to="${node.metadata.get('apt/unattended-upgrades/reboot_mail_to', '')}" -auto_reboot_enabled="${node.metadata.get('apt/unattended-upgrades/reboot_enabled', True)}" diff --git a/bundles/pacman/items.py b/bundles/pacman/items.py deleted file mode 100644 index fe4f605..0000000 --- a/bundles/pacman/items.py +++ /dev/null @@ -1,109 +0,0 @@ -from bundlewrap.exceptions import BundleError - -if not node.os == 'arch': - raise BundleError(f'{node.name}: bundle:pacman requires arch linux') - -files = { - '/etc/pacman.conf': { - 'content_type': 'mako', - }, - '/etc/upgrade-and-reboot.conf': { - 'content_type': 'mako', - }, - '/etc/security/faillock.conf': {}, - '/usr/local/sbin/upgrade-and-reboot': { - 'mode': '0700', - }, - '/usr/local/sbin/do-unattended-upgrades': { - 'content_type': 'mako', - 'mode': '0700', - 'context': { - 'restart_triggers': node.metadata.get('pacman/restart_triggers', {}), - } - }, - '/usr/local/share/icinga/plugins/check_unattended_upgrades': { - 'mode': '0755', - }, -} - -svc_systemd['paccache.timer'] = { - 'needs': { - 'pkg_pacman:pacman-contrib', - }, -} - -pkg_pacman = { - 'acpi_call-lts': {}, - 'at': {}, - 'autoconf': {}, - 'automake': {}, - 'bind': {}, - 'binutils': {}, - 'bison': {}, - 'bzip2': {}, - 'curl': {}, - 'dialog': {}, - 'diffutils': {}, - 'fakeroot': {}, - 'file': {}, - 'findutils': {}, - 'flex': {}, - 'fwupd': {}, - 'gawk': {}, - 'gcc': {}, - 'gettext': {}, - 'git': {}, - 'gnu-netcat': {}, - 'grep': {}, - 'groff': {}, - 'gzip': {}, - 'htop': {}, - 'jq': {}, - 'ldns': {}, - 'less': {}, - 'libtool': {}, - 'linux-lts': {}, - 'logrotate': {}, - 'lsof': {}, - 'm4': {}, - 'mailutils': {}, - 'make': {}, - 'man-db': {}, - 'man-pages': {}, - 'moreutils': {}, - 'mtr': {}, - 'ncdu': {}, - 'nmap': {}, - 'pacman-contrib': {}, - 'patch': {}, - 'pkgconf': {}, - 'python': {}, - 'python-setuptools': { - 'needed_by': { - 'pkg_pip:', - }, - }, - 'python-pip': { - 'needed_by': { - 'pkg_pip:', - }, - }, - 'python-virtualenv': {}, - 'rsync': {}, - 'run-parts': {}, - 'sed': {}, - 'tar': {}, - 'texinfo': {}, - 'tmux': {}, - 'tree': {}, - 'unzip': {}, - 'vim': {}, - 'wget': {}, - 'which': {}, - 'whois': {}, - 'zip': {}, -} - - -for pkg, config in node.metadata.get('pacman/packages', {}).items(): - pkg_pacman[pkg] = config diff --git a/bundles/pacman/metadata.py b/bundles/pacman/metadata.py deleted file mode 100644 index 1c60981..0000000 --- a/bundles/pacman/metadata.py +++ /dev/null @@ -1,55 +0,0 @@ -defaults = { - 'pacman': { - 'ask_before_removal': { - 'glibc', - 'pacman', - }, - 'enable_aurto': True, - 'no_extract': { - 'etc/cron.d/0hourly', - # don't install systemd-homed pam module. It produces a lot of spam in - # journal about systemd-homed not being active, so just get rid of it. - # Requires reinstall of systemd package, though - 'usr/lib/security/pam_systemd_home.so', - }, - 'parallel_downloads': 4, - 'repository': 'http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch', - 'unattended-upgrades': { - 'day': 5, - 'hour': 21, - }, - }, -} - - -@metadata_reactor.provides( - 'cron/jobs/upgrade-and-reboot', - 'icinga2_api/pacman/services', -) -def patchday(metadata): - if not metadata.get('pacman/unattended-upgrades/is_enabled', False): - return {} - - day = metadata.get('pacman/unattended-upgrades/day') - hour = metadata.get('pacman/unattended-upgrades/hour') - - return { - 'cron': { - 'jobs': { - 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( - minute=node.magic_number % 30, - hour=hour, - day=day, - ), - }, - }, - 'icinga2_api': { - 'pacman': { - 'services': { - 'UNATTENDED UPGRADES': { - 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_unattended_upgrades', - }, - }, - }, - }, - } diff --git a/bundles/postfix/files/arch-override.conf b/bundles/postfix/files/arch-override.conf deleted file mode 100644 index 3b3e46d..0000000 --- a/bundles/postfix/files/arch-override.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Service] -# arch postfix is not set up for chrooting by default -ExecStartPre=-/usr/sbin/mkdir -p /var/spool/postfix/etc -% for file in ['/etc/localtime', '/etc/nsswitch.conf', '/etc/resolv.conf', '/etc/services']: -ExecStartPre=-/usr/sbin/cp -p ${file} /var/spool/postfix${file} -% endfor diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index 5518c90..aeceed1 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -21,13 +21,12 @@ for identifier in node.metadata.get('postfix/mynetworks', set()): netmask = '128' mynetworks.add(f'[{ip6}]/{netmask}') -my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix' files = { '/etc/mailname': { 'content': node.metadata.get('postfix/myhostname'), 'before': { - my_package, + 'pkg_apt:postfix', }, 'triggers': { 'svc_systemd:postfix:restart', @@ -82,7 +81,7 @@ actions = { 'command': 'newaliases', 'triggered': True, 'needs': { - my_package, + 'pkg_apt:postfix', }, 'before': { 'svc_systemd:postfix', @@ -92,7 +91,7 @@ actions = { 'command': 'postmap hash:/etc/postfix/blocked_recipients', 'triggered': True, 'needs': { - my_package, + 'pkg_apt:postfix', }, 'before': { 'svc_systemd:postfix', @@ -105,17 +104,7 @@ svc_systemd = { 'needs': { 'file:/etc/postfix/master.cf', 'file:/etc/postfix/main.cf', - my_package, + 'pkg_apt:postfix', }, }, } - -if node.os == 'arch': - files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = { - 'source': 'arch-override.conf', - 'content_type': 'mako', - 'triggers': { - 'action:systemd-reload', - 'svc_systemd:postfix:restart', - }, - } diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 3c3be24..1ccf633 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -14,7 +14,7 @@ defaults = { 'postfix': { 'services': { 'POSTFIX PROCESS': { - 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit postfix' + ('' if node.os == 'arch' else '@-'), + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit postfix@-', }, 'POSTFIX QUEUE': { 'command_on_monitored_host': 'sudo /usr/local/share/icinga/plugins/check_postfix_queue -w 20 -c 40 -d 50', @@ -22,12 +22,6 @@ defaults = { }, }, }, - 'pacman': { - 'packages': { - 'postfix': {}, - 's-nail': {}, - }, - }, } if node.has_bundle('postfixadmin'): diff --git a/bundles/sshmon/items.py b/bundles/sshmon/items.py index 3250f39..be9a9a4 100644 --- a/bundles/sshmon/items.py +++ b/bundles/sshmon/items.py @@ -64,12 +64,3 @@ for check in { files["/usr/local/share/icinga/plugins/check_{}".format(check)] = { 'mode': "0755", } - - -if node.has_bundle('pacman'): - symlinks['/usr/lib/nagios/plugins'] = { - 'target': '/usr/lib/monitoring-plugins', - 'needs': { - 'pkg_pacman:monitoring-plugins', - }, - } diff --git a/bundles/sshmon/metadata.py b/bundles/sshmon/metadata.py index 2142623..3026479 100644 --- a/bundles/sshmon/metadata.py +++ b/bundles/sshmon/metadata.py @@ -36,14 +36,6 @@ defaults = { 'sshmon', }, }, - 'pacman': { - 'packages': { - 'gawk': {}, - 'perl-libwww': {}, - 'monitoring-plugins': {}, - 'python-requests': {}, - }, - }, } diff --git a/bundles/sudo/metadata.py b/bundles/sudo/metadata.py index 82b007d..e76edaf 100644 --- a/bundles/sudo/metadata.py +++ b/bundles/sudo/metadata.py @@ -4,9 +4,4 @@ defaults = { 'sudo': {}, }, }, - 'pacman': { - 'packages': { - 'sudo': {}, - }, - }, } diff --git a/bundles/systemd-boot/files/entry b/bundles/systemd-boot/files/entry deleted file mode 100755 index 00d3d8f..0000000 --- a/bundles/systemd-boot/files/entry +++ /dev/null @@ -1,13 +0,0 @@ -title ${config['title']} - -% if 'linux' in config: -linux ${config['linux']} -% for line in config['initrd']: -initrd ${line} -% endfor -% if config.get('options', set()): -options ${' '.join(sorted(config['options']))} -% endif -% else: -efi ${config['efi']} -% endif diff --git a/bundles/systemd-boot/files/loader.conf b/bundles/systemd-boot/files/loader.conf deleted file mode 100755 index b30de61..0000000 --- a/bundles/systemd-boot/files/loader.conf +++ /dev/null @@ -1,5 +0,0 @@ -auto-entries no -auto-firmware yes -console-mode keep -default ${config['default']} -timeout ${config.get('timeout', 5)} diff --git a/bundles/systemd-boot/files/pacman_hook b/bundles/systemd-boot/files/pacman_hook deleted file mode 100644 index d65c027..0000000 --- a/bundles/systemd-boot/files/pacman_hook +++ /dev/null @@ -1,9 +0,0 @@ -[Trigger] -Type = Package -Operation = Upgrade -Target = systemd - -[Action] -Description = Gracefully upgrading systemd-boot... -When = PostTransaction -Exec = /usr/bin/systemctl restart systemd-boot-update.service diff --git a/bundles/systemd-boot/items.py b/bundles/systemd-boot/items.py deleted file mode 100644 index 0f26d00..0000000 --- a/bundles/systemd-boot/items.py +++ /dev/null @@ -1,32 +0,0 @@ -assert node.os == 'arch' -assert node.metadata.get('systemd-boot/default') in node.metadata.get('systemd-boot/entries') - -files = { - '/etc/pacman.d/hooks/99-systemd-boot-update': { - 'source': 'pacman_hook', - }, - '/boot/loader/loader.conf': { - 'content_type': 'mako', - 'context': { - 'config': node.metadata.get('systemd-boot'), - }, - 'mode': None, - }, -} - -directories = { - '/boot/loader/entries': { - 'purge': True, - }, -} - -for entry, config in node.metadata.get('systemd-boot/entries').items(): - files[f'/boot/loader/entries/{entry}.conf'] = { - 'source': 'entry', - 'content_type': 'mako', - 'context': { - 'entry': entry, - 'config': config, - }, - 'mode': None, - } diff --git a/bundles/telegraf/metadata.py b/bundles/telegraf/metadata.py index 097750e..4af8190 100644 --- a/bundles/telegraf/metadata.py +++ b/bundles/telegraf/metadata.py @@ -25,14 +25,4 @@ defaults = { }, }, }, - 'pacman': { - 'packages': { - 'telegraf-bin': { - 'needed_by': { - 'svc_systemd:telegraf', - 'user:telegraf', - }, - }, - }, - }, } diff --git a/bundles/users/metadata.py b/bundles/users/metadata.py index 48a8b72..e6f3498 100644 --- a/bundles/users/metadata.py +++ b/bundles/users/metadata.py @@ -7,11 +7,6 @@ defaults = { 'kitty-terminfo': {}, }, }, - 'pacman': { - 'packages': { - 'kitty-terminfo': {}, - }, - }, 'users': { 'root': { 'home': '/root', diff --git a/bundles/vmhost/items.py b/bundles/vmhost/items.py index e432a40..402e8ec 100644 --- a/bundles/vmhost/items.py +++ b/bundles/vmhost/items.py @@ -24,12 +24,3 @@ if node.has_bundle('nftables') and node.has_bundle('apt'): 'svc_systemd:nftables:reload', }, } - -if node.has_bundle('pacman'): - svc_systemd['libvirtd'] = { - 'running': None, # triggered via .socket - } - svc_systemd['virtlogd'] = { - 'running': None, # triggered via .socket - 'enabled': None, # triggered via .socket - } diff --git a/bundles/vmhost/metadata.py b/bundles/vmhost/metadata.py index 3aaa10e..79f9d8a 100644 --- a/bundles/vmhost/metadata.py +++ b/bundles/vmhost/metadata.py @@ -21,12 +21,6 @@ defaults = { }, }, }, - 'pacman': { - 'packages': { - 'edk2-ovmf': {}, - 'libvirt': {}, - }, - }, } if node.os == 'debian' and node.os_version[0] < 11: @@ -42,9 +36,6 @@ if node.has_bundle('nftables'): }, } -if node.has_bundle('arch-with-gui'): - defaults['pacman']['packages']['virt-manager'] = {} - @metadata_reactor.provides( 'users', diff --git a/bundles/voc-tracker-worker/files/crs-runner.service b/bundles/voc-tracker-worker/files/crs-runner.service deleted file mode 100644 index 1c85a33..0000000 --- a/bundles/voc-tracker-worker/files/crs-runner.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=CRS runner for ${script} -After=network.target - -[Service] -User=voc -Group=voc -EnvironmentFile=/etc/default/crs-worker -ExecStart=/opt/crs-scripts/bin/crs_run ${script} -WorkingDirectory=/opt/crs-scripts -Restart=on-failure -RestartSec=10 -SyslogIdentifier=crs-${worker} - -[Install] -WantedBy=crs-worker.target diff --git a/bundles/voc-tracker-worker/files/environment b/bundles/voc-tracker-worker/files/environment deleted file mode 100644 index 98f40ea..0000000 --- a/bundles/voc-tracker-worker/files/environment +++ /dev/null @@ -1,6 +0,0 @@ -CRS_TRACKER=${url} -CRS_TOKEN=${token} -CRS_SECRET=${secret} -% if use_vaapi: -CRS_USE_VAAPI=yes -% endif diff --git a/bundles/voc-tracker-worker/items.py b/bundles/voc-tracker-worker/items.py deleted file mode 100644 index 6f28a8b..0000000 --- a/bundles/voc-tracker-worker/items.py +++ /dev/null @@ -1,56 +0,0 @@ -paths = { # subpaths of /video - 'capture', - 'encoded', - 'fuse', - 'intros', - 'repair', - 'tmp', -} - -directories = { - '/opt/crs-scripts': {}, -} - -for path in paths: - directories[f'/video/{path}'] = { - 'owner': 'voc', - 'group': 'voc', - } - -git_deploy = { - '/opt/crs-scripts': { - 'repo': 'https://github.com/crs-tools/crs-scripts.git', - 'rev': 'master', - }, -} - -files = { - '/etc/default/crs-worker': { - 'content_type': 'mako', - 'source': 'environment', - 'context': node.metadata.get('voc-tracker-worker'), - }, -} - -for worker, script in { - 'recording-scheduler': 'script-A-recording-scheduler.pl', - 'mount4cut': 'script-B-mount4cut.pl', - 'cut-postprocessor': 'script-C-cut-postprocessor.pl', - 'encoding': 'script-D-encoding.pl', - 'postencoding': 'script-E-postencoding-auphonic.pl', - 'postprocessing': 'script-F-postprocessing-upload.pl', -}.items(): - files[f'/etc/systemd/system/crs-{worker}.service'] = { - 'content_type': 'mako', - 'source': 'crs-runner.service', - 'context': { - 'worker': worker, - 'script': script, - }, - 'needs': { - 'file:/etc/default/crs-worker', - }, - 'triggers': { - 'action:systemd-reload', - }, - } diff --git a/bundles/voc-tracker-worker/metadata.py b/bundles/voc-tracker-worker/metadata.py deleted file mode 100644 index 3a741a8..0000000 --- a/bundles/voc-tracker-worker/metadata.py +++ /dev/null @@ -1,52 +0,0 @@ -defaults = { - 'apt': { - 'packages': { - 'ffmpeg': {}, - 'fuse': {}, - 'fuse-ts': {}, - 'libboolean-perl': {}, - 'libconfig-inifiles-perl': {}, - 'libdatetime-perl': {}, - 'libfile-which-perl': {}, - 'libipc-run3-perl': {}, - 'libjson-perl': {}, - 'libmath-round-perl': {}, - 'libproc-processtable-perl': {}, - 'libwww-curl-perl': {}, - 'libxml-rpc-fast-perl': {}, - 'libxml-simple-perl': {}, - }, - }, - 'voc-tracker-worker': { - 'use_vaapi': False, - }, - 'users': { - 'voc': { - 'home': '/opt/voc', - }, - }, - 'pacman': { - 'packages': { - 'ffmpeg': {}, - 'fuse2': {}, - 'fuse3': {}, - # fuse-ts missing - 'perl-boolean': {}, # from aurto - 'perl-config-inifiles': {}, - 'perl-datetime': {}, - 'perl-file-which': {}, - 'perl-ipc-run3': {}, - 'perl-json': {}, - 'perl-math-round': {}, - 'perl-proc-processtable': {}, - 'perl-www-curl': {}, # from aurto - 'perl-xml-simple': {}, - }, - }, -} - -# Install manually from CPAN: -# IO::Socket::SSL -# LWP::Protocol::https -# Types::Serialiser::Error -# XML::RPC::Fast diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index c08d5ca..267be6a 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -283,7 +283,7 @@ def interface_ips(metadata): 'nftables/postrouting/10-wireguard', ) def snat(metadata): - if not node.has_bundle('nftables') or node.os == 'arch': + if not node.has_bundle('nftables'): raise DoNotRunAgain snat_ip = metadata.get('wireguard/snat_ip', None) diff --git a/bundles/zfs/files/zfs-import-scan-override.service b/bundles/zfs/files/zfs-import-scan-override.service index 3853425..9004ee2 100644 --- a/bundles/zfs/files/zfs-import-scan-override.service +++ b/bundles/zfs/files/zfs-import-scan-override.service @@ -3,8 +3,4 @@ ConditionPathExists= [Service] ExecStart= -% if node.os == 'arch': -ExecStart=/usr/bin/zpool import -aN -o cachefile=none -% else: ExecStart=/usr/sbin/zpool import -aN -o cachefile=none -% endif diff --git a/bundles/zfs/items.py b/bundles/zfs/items.py index 8b13f4b..c63250e 100644 --- a/bundles/zfs/items.py +++ b/bundles/zfs/items.py @@ -2,9 +2,6 @@ from json import dumps from bundlewrap.metadata import MetadataJSONEncoder -if node.has_bundle('pacman'): - assert node.metadata.get('pacman/enable_aurto'), f'{node.name}: bundle:zfs needs aurto for zfs-linux-lts package' - files = { '/etc/modprobe.d/zfs.conf': { 'source': 'zfs-modprobe.conf', diff --git a/bundles/zfs/metadata.py b/bundles/zfs/metadata.py index 4191834..3b63e0b 100644 --- a/bundles/zfs/metadata.py +++ b/bundles/zfs/metadata.py @@ -43,24 +43,6 @@ defaults = { }, }, }, - 'pacman': { - 'no_extract': { - 'etc/sudoers.d/zfs', - }, - 'packages': { - 'zfs-linux-lts': { - 'needed_by': { - 'zfs_dataset:', - 'zfs_pool:', - }, - }, - 'zfs-utils': { - 'needed_by': { - 'svc_systemd:zfs-zed', - }, - }, - }, - }, 'systemd-timers': { 'timers': { 'zfs-auto-snapshot-daily': { diff --git a/groups/os.py b/groups/os.py index a6fca0f..d6f1d6b 100644 --- a/groups/os.py +++ b/groups/os.py @@ -13,7 +13,6 @@ groups['raspberry'] = { groups['linux'] = { 'subgroups': { - 'arch', 'debian', 'raspberry', }, @@ -48,13 +47,6 @@ groups['linux'] = { 'pip_command': 'pip3', } -groups['arch'] = { - 'bundles': { - 'pacman', - }, - 'os': 'arch', -} - groups['debian'] = { 'subgroup_patterns': { '^debian-[a-z]+$', diff --git a/hooks/test_zfs_consistency.py b/hooks/test_zfs_consistency.py index 132afe3..d7231e5 100644 --- a/hooks/test_zfs_consistency.py +++ b/hooks/test_zfs_consistency.py @@ -25,7 +25,7 @@ def test_node(repo, node, **kwargs): pool_name = name.split('/', 1)[0] - if pool_name not in zfs_pools and node.os != 'arch': + if pool_name not in zfs_pools: raise BundleError('{n} zfs_dataset:{ds} wants zfs_pool:{pool}, which wasn\'t found'.format( n=node.name, ds=name, diff --git a/nodes/fkusei-locutus.py b/nodes/fkusei-locutus.py deleted file mode 100644 index 23118bd..0000000 --- a/nodes/fkusei-locutus.py +++ /dev/null @@ -1,190 +0,0 @@ -nodes['fkusei-locutus'] = { - 'dummy': True, - 'hostname': '10.5.99.29', - 'bundles': { - 'arch-with-gui', - 'bird', - 'lldp', - 'lm-sensors', - 'nfs-client', - 'systemd-boot', - 'telegraf-battery-usage', - 'wireguard', - 'voc-tracker-worker', - 'zfs', - }, - 'groups': { - 'arch', - }, - 'metadata': { - 'arch-with-gui': { - 'autologin_as': 'fkunsmann', - }, - 'bird': { - 'bgp_neighbors': { - 'smedia': { - 'local_as': 4200128002, - 'local_ip': '10.200.128.2', - 'neighbor_as': 64900, - 'neighbor_ip': '10.200.128.1', - }, - }, - }, - 'firewall': { - 'port_rules': { - # obs websocket thingie - just allow all RFC1918 ips here - #'4444': { - # '10.0.0.0/8', - # '172.16.0.0/12', - # '192.168.0.0/16', - #}, - # For the occasional file-share using `python -m http.server` - '8000/tcp': {'*'}, - }, - }, - 'interfaces': { - 'eth*': { - 'dhcp': True, - }, - # there is also wlan0, but that's managed by netctl - }, - 'location': 'home', # not actually true, but needed for static dhcp lease - 'nfs-client': { - 'mounts': { - 'nas-storage': { - 'mountpoint': '/mnt/nas', - 'serverpath': '172.19.138.20:/storage/nas', - 'mount_options': { - 'retry=0', - 'ro', - }, - }, - }, - }, - 'openssh': { - 'restrict-to': { - 'rfc1918', - }, - }, - 'pacman': { - 'packages': { - 'amd-ucode': {}, - 'xf86-video-amdgpu': {}, - - # all that other random stuff one needs - 'apachedirectorystudio': {}, - 'direnv': {}, - 'freerdp': {}, - 'sdl_ttf': {}, # for compiling testcard - 'thermald': {}, - }, - }, - 'sysctl': { - 'options': { - # accept RA even though forwarding is enabled - 'net.ipv4.conf.all.accept_ra': '2', - 'net.ipv4.conf.wlan0.accept_ra': '2', - }, - }, - 'systemd-boot': { - 'default': 'arch', - 'entries': { - 'arch': { - 'title': 'Arch Linux', - 'linux': '/vmlinuz-linux', - 'initrd': [ - '/amd-ucode.img', - '/initramfs-linux.img', - ], - 'options': { - 'net.ifnames=0', - 'rw', - 'zfs=zroot/system/root', - }, - }, - 'arch-fallback': { - 'title': 'Arch Linux (no ucode, fallback initramfs)', - 'linux': '/vmlinuz-linux', - 'initrd': [ - '/initramfs-linux-fallback.img', - ], - 'options': { - 'net.ifnames=0', - 'rw', - 'zfs=zroot/system/root', - }, - }, - }, - }, - 'timezone': 'Europe/Berlin', - 'users': { - 'fkunsmann': { - 'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='), - 'shell': '/usr/bin/fish', - }, - }, - 'voc-tracker-worker': { - 'url': 'https://tracker.c3voc.de/rpc', - 'token': vault.decrypt('encrypt$gAAAAABiYqaFl4CqOc8DTQIn49Qq0KgAJSzA19GKPNMbyHIjYg0JkvY0sK43ps8CbJWMRR6hJHVK-nP4vrWLwyoWWqt8N8aASMur4odC2s8pEHQKM0TXg4cRwobQz_lyJgrYa2VYdhcD'), - 'secret': vault.decrypt('encrypt$gAAAAABiYqaYbY-3IbnRk-S25pqxrOGN7ovgPo3kBYz8ZqKDedPRzskKZefpLHxBbCOZKjg1XNT4cKbIs5cPCLdj7HdY4beAhnXl4EHZZdxU1zVC7sJCmz9XOS_Ac0UOgOlUFMiet14U'), - }, - 'wireguard': { - 'privatekey': vault.decrypt('smedia$NotViaThisRepository'), - 'peers': { - 'smedia': { - 'endpoint': 'wireguard.htz-cloud.kunbox.net:1194', - 'their_ip': '10.200.128.1', - 'my_ip': '10.200.128.2/20', - 'my_port': 51820, - 'endpoint': '185.122.180.82:51820', - 'psk': vault.decrypt('smedia$NotViaThisRepository'), - 'pubkey': vault.decrypt('smedia$NotViaThisRepository'), - }, - }, - }, - 'zfs': { - 'pools': { - 'zroot': { - 'when_creating': { - 'config': [], - }, - }, - }, - 'datasets': { - # this is not a complete list, but we can't create that - # structure using bundlewrap anyway, so there's no point - # in adding it here. - 'zroot': { - 'compression': 'lz4', - 'relatime': 'on', - 'xattr': 'sa', - 'primarycache': 'metadata' - # encryption is enabled, too. - }, - 'zroot/system/journal': { - 'mountpoint': '/var/log/journal', - 'acltype': 'posix', - }, - 'zroot/system/root': { - 'canmount': 'noauto', - 'mountpoint': '/', - }, - 'zroot/user/fkunsmann': { - 'mountpoint': '/home/fkunsmann', - }, - }, - 'snapshots': { - 'retain_per_dataset': { - 'zroot/user/fkunsmann': { - # juuuuuuuust to be sure - 'hourly': 100, - }, - }, - 'snapshot_never': { - 'zroot/system/journal', - }, - }, - }, - }, - 'os': 'arch', -} diff --git a/nodes/htz-cloud.aurto.toml b/nodes/htz-cloud.aurto.toml deleted file mode 100644 index 16fbf9a..0000000 --- a/nodes/htz-cloud.aurto.toml +++ /dev/null @@ -1,59 +0,0 @@ -hostname = "2a01:4f9:c010:95fa::2" -bundles = ["backup-client"] -groups = [ - "arch", - "webserver", -] - -[metadata] -description = [ - "When adding packages to aurto, please also add those packages to ~/PACKAGES", - "Wenn Pakete zu aurto hinzugefĆ¼gt werden, trage sie bitte auch in ~/PACKAGES ein", -] - -[metadata.icinga_options] -period = "daytime" - -[metadata.backups] -paths = [ - "/var/cache/pacman/aurto", -] - -[metadata.interfaces.enp1s0] -ips = ["2a01:4f9:c010:95fa::2/64"] -gateway6 = "fe80::1" - -[metadata.interfaces.enp7s0] -ips = ["172.19.137.4/32"] -gateway4 = "172.19.137.1" - -[metadata.nginx.vhosts.aurto] -domain = "aurto.kunbox.net" -webroot = "/var/cache/pacman/aurto" -extras = true - -[metadata.pacman] -enable_aurto = false -additional_config = [ - "Include = /etc/pacman.d/aurto", -] - -[metadata.pacman.unattended-upgrades] -is_enabled = true - -[metadata.sudo.extra_configs] -50_aurto_passwordless = [ - "%wheel ALL=(ALL) NOPASSWD: /usr/bin/arch-nspawn", - "%wheel ALL=(ALL) NOPASSWD: /usr/bin/pacsync aurto", - "%wheel ALL=(ALL) NOPASSWD:SETENV: /usr/bin/makechrootpkg", -] - -[metadata.users.aurto] -groups = ["wheel"] -ssh_pubkey = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYst1HK+gJYhNxzqJGnz4iB73pa89Xz2yH+8wufOcsA", # kunsi work - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw==", # kunsi privat -] - -[metadata.users.kunsi] -groups = ["wheel"] diff --git a/nodes/kunsi-p14s.py b/nodes/kunsi-p14s.py deleted file mode 100644 index 385cf3f..0000000 --- a/nodes/kunsi-p14s.py +++ /dev/null @@ -1,251 +0,0 @@ -nodes['kunsi-p14s'] = { - 'hostname': 'localhost', - 'bundles': { - 'arch-with-gui', - 'backup-client', - 'lldp', - 'lm-sensors', - 'nfs-client', - 'systemd-boot', - 'telegraf-battery-usage', - 'vmhost', - 'wireguard', - 'zfs', - }, - 'groups': { - 'arch', - }, - 'metadata': { - 'arch-with-gui': { - 'autologin_as': 'kunsi', - }, - 'backup-client': { - 'exclude_from_monitoring': False, - # only alert people if we're missing more than a week of backups - 'one_backup_every_hours': 7 * 24, - }, - 'firewall': { - 'port_rules': { - # obs websocket thingie - just allow all RFC1918 ips here - #'4444': { - # '10.0.0.0/8', - # '172.16.0.0/12', - # '192.168.0.0/16', - #}, - # For the occasional file-share using `python -m http.server` - '8000/tcp': {'*'}, - }, - }, - 'interfaces': { - 'br0': { - 'ips': {'10.73.100.112/16'}, - 'gateway4': '10.73.0.254', - 'dhcp': True, - }, - # there is also wlp3s0, but that's managed by netctl - }, - 'nfs-client': { - 'mounts': { - 'nas-scansnap': { - 'mountpoint': '/mnt/scansnap', - 'serverpath': '172.19.138.20:/srv/scansnap', - 'mount_options': { - 'retry=0', - 'rw', - }, - }, - 'nas-storage': { - 'mountpoint': '/mnt/nas', - 'serverpath': '172.19.138.20:/storage/nas', - 'mount_options': { - 'retry=0', - 'ro', - }, - }, - }, - }, - 'nftables': { - 'forward': { - '50-routing': [ - 'ct state { related, established } accept', - 'oifname wlan0 accept', - ], - }, - 'postrouting': { - '50-routing': [ - 'oifname wlan0 masquerade', - ], - }, - }, - 'openssh': { - 'restrict-to': { - 'rfc1918', - }, - }, - 'pacman': { - 'no_extract': { - 'etc/sudoers.d/ctdb', # samba junk - }, - 'packages': { - # for hardware support - 'amd-ucode': {}, - 'mesa': {}, - - # various video drivers - 'libva-mesa-driver': {}, - 'mesa-vdpau': {}, - 'xf86-video-amdgpu': {}, - - # all that other random stuff one needs - #'abcde': {}, - 'claws-mail': {}, - 'claws-mail-themes': {}, - 'ferdium-bin': {}, - 'gumbo-parser': {}, # for claws litehtml - 'inkstitch': {}, # for RZL embroidery machine - 'obs-studio': {}, - #'perl-musicbrainz-discid': {}, # for abcde - #'perl-webservice-musicbrainz': {}, # for abcde - 'sdl_ttf': {}, # for compiling testcard - 'x32edit': {}, - }, - }, - 'systemd-boot': { - 'default': 'arch', - 'entries': { - 'arch': { - 'title': 'Arch Linux', - 'linux': '/vmlinuz-linux-lts', - 'initrd': [ - '/amd-ucode.img', - '/initramfs-linux-lts.img', - ], - 'options': { - 'net.ifnames=0', - 'rw', - 'zfs=zroot/system/root', - }, - }, - 'arch-fallback': { - 'title': 'Arch Linux (no ucode, fallback initramfs)', - 'linux': '/vmlinuz-linux-lts', - 'initrd': [ - '/initramfs-linux-lts-fallback.img', - ], - 'options': { - 'net.ifnames=0', - 'rw', - 'zfs=zroot/system/root', - }, - }, - }, - }, - 'sysctl': { - 'options': { - 'net.ipv4.conf.all.forwarding': '1', - }, - }, - 'systemd-networkd': { - 'bridges': { - 'br0': { - 'match': { - 'en*', - 'eth*', - }, - }, - }, - }, - 'timezone': 'Europe/Berlin', - 'users': { - 'kunsi': { - 'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='), - 'shell': '/usr/bin/fish', - }, - }, - 'wireguard': { - 'peers': { - 'htz-cloud.wireguard': { - 'auto_connection': False, - 'endpoint': 'wireguard.htz-cloud.kunbox.net:1194', - 'my_ip': '172.19.136.65', - 'my_port': 51819, - 'their_ip': '172.19.136.64', - 'routes': { - '10.73.0.0/16', - '172.19.128.0/20', - }, - }, - }, - }, - 'zfs': { - 'pools': { - 'zroot': { - 'when_creating': { - 'config': [{ - 'devices': [ - '/dev/disk/by-id/nvme-UMIS_RPETJ1T24MGE2QDQ_SS0L25218X3RC1BG1182-part2', - ], - }], - 'ashift': 12, - }, - }, - }, - 'datasets': { - # this is not a complete list, but we can't create that - # structure using bundlewrap anyway, so there's no point - # in adding it here. - 'zroot': { - 'compression': 'lz4', - 'relatime': 'on', - 'xattr': 'sa', - 'primarycache': 'metadata' - # encryption is enabled, too. - }, - 'zroot/movies': { - 'mountpoint': '/media/movies', - }, - 'zroot/nextcloud': { - 'mountpoint': '/home/kunsi/nextcloud', - }, - 'zroot/system/journal': { - 'mountpoint': '/var/log/journal', - 'acltype': 'posix', - }, - 'zroot/system/libvirt': { - 'mountpoint': '/var/lib/libvirt', - 'needed_by': { - 'bundle:vmhost', - }, - }, - 'zroot/system/video': { - 'mountpoint': '/video', - 'needed_by': { - 'bundle:voc-tracker-worker', - }, - }, - 'zroot/system/root': { - 'canmount': 'noauto', - 'mountpoint': 'legacy', - }, - 'zroot/user/kunsi': { - 'mountpoint': '/home/kunsi', - }, - }, - 'snapshots': { - 'retain_per_dataset': { - 'zroot/user/kunsi': { - # juuuuuuuust to be sure - 'hourly': 100, - }, - }, - 'snapshot_never': { - 'zroot/movies', - 'zroot/nextcloud', - 'zroot/system/journal', - 'zroot/system/video', - }, - }, - }, - }, - 'os': 'arch', -}