From 0d865c93d4697743513f9c9abf69f3a219891557 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 5 Feb 2022 11:41:41 +0100 Subject: [PATCH] bundles/cron: use MAILTO=, rework metadata syntax --- bundles/apt/files/check_unattended_upgrades | 2 -- bundles/apt/metadata.py | 14 +++++++------ bundles/backup-client/metadata.py | 12 ++++++----- bundles/c3voc-addons/items.py | 2 +- bundles/c3voc-addons/metadata.py | 12 ++++++----- bundles/check-mail-received/metadata.py | 6 ++++-- bundles/cron/files/cron_template | 1 + bundles/cron/files/crontab | 1 + bundles/cron/items.py | 2 +- bundles/letsencrypt/metadata.py | 22 +++++++++++++++++---- bundles/netbox/metadata.py | 10 ++++++---- bundles/pppd/metadata.py | 4 +++- bundles/rspamd/metadata.py | 4 +++- bundles/scansnap/metadata.py | 6 ++++-- bundles/smartd/metadata.py | 6 ++++-- bundles/unbound/metadata.py | 14 +++++++------ bundles/zfs/metadata.py | 16 +++++++++------ nodes/home/nas.py | 20 ++++++++++--------- nodes/home/router.py | 12 ++++++----- nodes/htz-cloud/luther.py | 4 +++- nodes/htz-cloud/pleroma.py | 4 +++- nodes/rx300.py | 4 +++- 22 files changed, 113 insertions(+), 65 deletions(-) diff --git a/bundles/apt/files/check_unattended_upgrades b/bundles/apt/files/check_unattended_upgrades index 479e828..1cafab5 100644 --- a/bundles/apt/files/check_unattended_upgrades +++ b/bundles/apt/files/check_unattended_upgrades @@ -21,8 +21,6 @@ case "$exitcode" in echo "Upgrades skipped due to active SSH login" exit 1 ;; - reboot) - ;; 0) if [[ -f /var/run/reboot-required ]] then diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py index 0a7dff5..141d89a 100644 --- a/bundles/apt/metadata.py +++ b/bundles/apt/metadata.py @@ -18,7 +18,7 @@ defaults = { @metadata_reactor.provides( - 'cron/upgrade-and-reboot' + 'cron/jobs/upgrade-and-reboot' ) def patchday(metadata): day = metadata.get('apt/unattended-upgrades/day') @@ -26,10 +26,12 @@ def patchday(metadata): return { 'cron': { - 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( - minute=node.magic_number % 30, - hour=hour, - day=day, - ), + 'jobs': { + 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( + minute=node.magic_number % 30, + hour=hour, + day=day, + ), + }, }, } diff --git a/bundles/backup-client/metadata.py b/bundles/backup-client/metadata.py index 3192399..22dd3d6 100644 --- a/bundles/backup-client/metadata.py +++ b/bundles/backup-client/metadata.py @@ -10,7 +10,7 @@ defaults = { @metadata_reactor.provides( - 'cron/backup', + 'cron/jobs/backup', 'icinga2_api/backup-client/services', ) def cron(metadata): @@ -19,11 +19,13 @@ def cron(metadata): return { 'cron': { + 'jobs': { # spread backups between 00:00 and 04:59 UTC - 'backup': '{} {} * * * root /usr/local/bin/generate-backup-with-retries'.format( - (node.magic_number % 60), - (node.magic_number % 4), - ), + 'backup': '{} {} * * * root /usr/local/bin/generate-backup-with-retries'.format( + (node.magic_number % 60), + (node.magic_number % 4), + ), + }, }, 'icinga2_api': { 'backup-client': { diff --git a/bundles/c3voc-addons/items.py b/bundles/c3voc-addons/items.py index 4630b61..0fba02f 100644 --- a/bundles/c3voc-addons/items.py +++ b/bundles/c3voc-addons/items.py @@ -91,7 +91,7 @@ files = { }, } -for crontab, content in node.metadata.get('cron', {}).items(): +for crontab, content in node.metadata.get('cron/jobs', {}).items(): files['/etc/cron.d/{}'.format(crontab)] = { 'source': 'cron_template', 'content_type': 'mako', diff --git a/bundles/c3voc-addons/metadata.py b/bundles/c3voc-addons/metadata.py index 1665a0c..67ed0f2 100644 --- a/bundles/c3voc-addons/metadata.py +++ b/bundles/c3voc-addons/metadata.py @@ -33,11 +33,13 @@ def patchday(metadata): return { 'cron': { - 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( - minute=node.magic_number % 30, - hour=hour, - day=day, - ), + 'jobs': { + 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( + minute=node.magic_number % 30, + hour=hour, + day=day, + ), + }, }, } diff --git a/bundles/check-mail-received/metadata.py b/bundles/check-mail-received/metadata.py index 9441322..f379d3b 100644 --- a/bundles/check-mail-received/metadata.py +++ b/bundles/check-mail-received/metadata.py @@ -1,5 +1,5 @@ @metadata_reactor.provides( - 'cron/check-mail-received', + 'cron/jobs/check-mail-received', 'icinga2_api/check-mail-received/services', ) def process_metadata(metadata): @@ -30,7 +30,9 @@ def process_metadata(metadata): return { 'cron': { - 'check-mail-received': '\n'.join(sorted(cron)), + 'jobs': { + 'check-mail-received': '\n'.join(sorted(cron)), + }, }, 'icinga2_api': { 'check-mail-received': { diff --git a/bundles/cron/files/cron_template b/bundles/cron/files/cron_template index 86e749a..65abf39 100644 --- a/bundles/cron/files/cron_template +++ b/bundles/cron/files/cron_template @@ -3,5 +3,6 @@ SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)} ${cron} diff --git a/bundles/cron/files/crontab b/bundles/cron/files/crontab index 041f0de..f0cc2ae 100644 --- a/bundles/cron/files/crontab +++ b/bundles/cron/files/crontab @@ -3,6 +3,7 @@ SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)} ${min} * * * * root cd / && run-parts --report /etc/cron.hourly ${min} 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) diff --git a/bundles/cron/items.py b/bundles/cron/items.py index 7ce8ec5..81409b8 100644 --- a/bundles/cron/items.py +++ b/bundles/cron/items.py @@ -31,7 +31,7 @@ svc_systemd = { }, } -for crontab, content in node.metadata.get('cron', {}).items(): +for crontab, content in node.metadata.get('cron/jobs', {}).items(): files['/etc/cron.d/{}'.format(crontab)] = { 'source': 'cron_template', 'content_type': 'mako', diff --git a/bundles/letsencrypt/metadata.py b/bundles/letsencrypt/metadata.py index a36b58c..789c544 100644 --- a/bundles/letsencrypt/metadata.py +++ b/bundles/letsencrypt/metadata.py @@ -13,10 +13,6 @@ defaults = { }, }, }, - 'cron': { - 'letsencrypt_renew': '{} 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)), - 'letsencrypt_cleanup': '{} 4 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)), - }, 'pacman': { 'packages': { 'dehydrated': { @@ -27,3 +23,21 @@ defaults = { }, }, } + + +@metadata_reactor.provides( + 'cron/jobs/letsencrypt', +) +def cron(metadata): + if node.metadata.get('letsencrypt/domains'): + return { + 'cron': { + 'jobs': { + 'letsencrypt': '\n'.join([ + '{} 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)), + '{} 4 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)), + ]), + }, + }, + } + return {} diff --git a/bundles/netbox/metadata.py b/bundles/netbox/metadata.py index 72a9fa3..ca31369 100644 --- a/bundles/netbox/metadata.py +++ b/bundles/netbox/metadata.py @@ -22,10 +22,12 @@ defaults = { }, }, 'cron': { - 'netbox': '{m} {h} * * * netbox /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format( - m=node.magic_number%60, - h=node.magic_number%4, - ), + 'jobs': { + 'netbox': '{m} {h} * * * netbox /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format( + m=node.magic_number%60, + h=node.magic_number%4, + ), + }, }, 'postgresql': { 'databases': { diff --git a/bundles/pppd/metadata.py b/bundles/pppd/metadata.py index 0f6725c..fffeb10 100644 --- a/bundles/pppd/metadata.py +++ b/bundles/pppd/metadata.py @@ -9,7 +9,9 @@ defaults = { }, }, 'cron': { - 'restart-pppoe-if-no-public-ip': '*/5 * * * * root /usr/local/bin/restart-pppoe-if-no-public-ip', + 'jobs': { + 'restart-pppoe-if-no-public-ip': '*/5 * * * * root /usr/local/bin/restart-pppoe-if-no-public-ip', + }, }, 'icinga2_api': { 'pppd': { diff --git a/bundles/rspamd/metadata.py b/bundles/rspamd/metadata.py index 583cf80..0490019 100644 --- a/bundles/rspamd/metadata.py +++ b/bundles/rspamd/metadata.py @@ -45,7 +45,9 @@ defaults = { }, }, 'cron': { - 'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1', + 'jobs': { + 'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1', + }, }, 'postfix': { 'aliases': { diff --git a/bundles/scansnap/metadata.py b/bundles/scansnap/metadata.py index 8b0f3cc..b1d5535 100644 --- a/bundles/scansnap/metadata.py +++ b/bundles/scansnap/metadata.py @@ -14,7 +14,9 @@ defaults = { }, }, 'cron': { - # Automatically remove files which are older than 14 days - 'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete', + 'jobs': { + # Automatically remove files which are older than 14 days + 'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete', + }, }, } diff --git a/bundles/smartd/metadata.py b/bundles/smartd/metadata.py index 72bbee7..00b32aa 100644 --- a/bundles/smartd/metadata.py +++ b/bundles/smartd/metadata.py @@ -83,7 +83,7 @@ def telegraf(metadata): @metadata_reactor.provides( - 'cron/smartd', + 'cron/jobs/smartd', ) def monthly_long_test(metadata): lines = set() @@ -96,6 +96,8 @@ def monthly_long_test(metadata): return { 'cron': { - 'smartd': '\n'.join(sorted(lines)), + 'jobs': { + 'smartd': '\n'.join(sorted(lines)), + }, }, } diff --git a/bundles/unbound/metadata.py b/bundles/unbound/metadata.py index 4a27851..f8724c4 100644 --- a/bundles/unbound/metadata.py +++ b/bundles/unbound/metadata.py @@ -8,12 +8,14 @@ defaults = { }, }, 'cron': { - 'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format( - node.magic_number%60, - node.magic_number%24, - node.magic_number%7, - ), - 'unbound-auto-restart': '* * * * * root /usr/local/sbin/unbound-auto-restart', + 'jobs': { + 'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format( + node.magic_number%60, + node.magic_number%24, + node.magic_number%7, + ), + 'unbound-auto-restart': '* * * * * root /usr/local/sbin/unbound-auto-restart', + }, }, 'nameservers': { '127.0.0.1', diff --git a/bundles/zfs/metadata.py b/bundles/zfs/metadata.py index 636aabe..498ed83 100644 --- a/bundles/zfs/metadata.py +++ b/bundles/zfs/metadata.py @@ -35,10 +35,12 @@ defaults = { }, }, 'cron': { - 'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily', - 'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly', - 'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly', - 'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly', + 'jobs': { + 'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily', + 'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly', + 'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly', + 'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly', + }, }, 'icinga2_api': { 'zfs': { @@ -103,13 +105,15 @@ if node.has_bundle('telegraf'): @metadata_reactor.provides( - 'cron/zfs-scrub', + 'cron/jobs/zfs-scrub', ) def zfs_scrub_cronjob(metadata): when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60))) return { 'cron': { - 'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when), + 'jobs': { + 'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when), + }, }, } diff --git a/nodes/home/nas.py b/nodes/home/nas.py index 17bd6c9..528070c 100644 --- a/nodes/home/nas.py +++ b/nodes/home/nas.py @@ -59,15 +59,17 @@ nodes['home.nas'] = { # 'zfs-base': 'storage/backups', #}, 'cron': { - # Ensure every user is able to read and write to the NAS dataset. - 'nas_permissions': '0 3 * * * root ' - 'chown -R :nas /storage/nas/ && ' - 'find /storage/nas/ -type d -exec chmod 0775 {} \; && ' - 'find /storage/nas/ -type f -exec chmod 0664 {} \;', - 'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into( - '0 2 * * * kunsi ' - 'cd /storage/nas/Musik/Compilations && ' - 'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'), + 'jobs': { + # Ensure every user is able to read and write to the NAS dataset. + 'nas_permissions': '0 3 * * * root ' + 'chown -R :nas /storage/nas/ && ' + 'find /storage/nas/ -type d -exec chmod 0775 {} \; && ' + 'find /storage/nas/ -type f -exec chmod 0664 {} \;', + 'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into( + '0 2 * * * kunsi ' + 'cd /storage/nas/Musik/Compilations && ' + 'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'), + }, }, 'groups': { 'nas': {}, diff --git a/nodes/home/router.py b/nodes/home/router.py index 4994a1c..250c0ca 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -47,11 +47,13 @@ nodes['home.router'] = { }, }, 'cron': { - # Our internet provider resets the connection if you're - # connected longer than 24 hours. We install this cronjob - # to make sure we don't get disconnected randomly during the - # day. - 'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', + 'jobs': { + # Our internet provider resets the connection if you're + # connected longer than 24 hours. We install this cronjob + # to make sure we don't get disconnected randomly during the + # day. + 'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', + }, }, 'dhcpd': { 'subnets': { diff --git a/nodes/htz-cloud/luther.py b/nodes/htz-cloud/luther.py index c424ade..4da6360 100644 --- a/nodes/htz-cloud/luther.py +++ b/nodes/htz-cloud/luther.py @@ -37,7 +37,9 @@ nodes['htz-cloud.luther'] = { }, }, 'cron': { - 'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * * www-data /usr/bin/curl -s {}'), + 'jobs': { + 'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * * www-data /usr/bin/curl -s {}'), + }, }, 'icinga_options': { 'pretty_name': 'Lutherkirchengemeinde Pirmasens', diff --git a/nodes/htz-cloud/pleroma.py b/nodes/htz-cloud/pleroma.py index dea0500..3d620f0 100644 --- a/nodes/htz-cloud/pleroma.py +++ b/nodes/htz-cloud/pleroma.py @@ -34,7 +34,9 @@ nodes['htz-cloud.pleroma'] = { 'pretty_name': 'cybert-media.net', }, 'cron': { - 'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null', + 'jobs': { + 'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null', + }, }, 'nginx': { 'vhosts': { diff --git a/nodes/rx300.py b/nodes/rx300.py index 16d7629..91db89f 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -95,7 +95,9 @@ nodes['rx300'] = { }, }, 'cron': { - 'cleanup-paste.franzi.business': '0 0 * * * kunsi /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;', + 'jobs': { + 'cleanup-paste.franzi.business': '0 0 * * * kunsi /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;', + }, }, 'check-mail-received': { 't-online': {