bundles/cron: use MAILTO=, rework metadata syntax

2022-02-05 11:41:41 +01:00 · 2022-02-05 11:41:41 +01:00 · 0d865c93d4
commit 0d865c93d4
parent 533f8075ca
22 changed files with 113 additions and 65 deletions
--- a/bundles/apt/files/check_unattended_upgrades
+++ b/bundles/apt/files/check_unattended_upgrades
@ -21,8 +21,6 @@ case "$exitcode" in
        echo "Upgrades skipped due to active SSH login"
        exit 1
        ;;
-    reboot)
-        ;;
    0)
        if [[ -f /var/run/reboot-required ]]
        then
--- a/bundles/apt/metadata.py
+++ b/bundles/apt/metadata.py
@ -18,7 +18,7 @@ defaults = {


@metadata_reactor.provides(
-    'cron/upgrade-and-reboot'
+    'cron/jobs/upgrade-and-reboot'
 )
 def patchday(metadata):
    day = metadata.get('apt/unattended-upgrades/day')
@ -26,10 +26,12 @@ def patchday(metadata):

    return {
        'cron': {
+            'jobs': {
                'upgrade-and-reboot': '{minute} {hour} * * {day}    root    /usr/local/sbin/upgrade-and-reboot'.format(
                    minute=node.magic_number % 30,
                    hour=hour,
                    day=day,
                ),
            },
+        },
    }
--- a/bundles/backup-client/metadata.py
+++ b/bundles/backup-client/metadata.py
@ -10,7 +10,7 @@ defaults = {


@metadata_reactor.provides(
-    'cron/backup',
+    'cron/jobs/backup',
    'icinga2_api/backup-client/services',
 )
 def cron(metadata):
@ -19,12 +19,14 @@ def cron(metadata):

    return {
        'cron': {
+            'jobs': {
            # spread backups between 00:00 and 04:59 UTC
                'backup': '{} {} * * *    root    /usr/local/bin/generate-backup-with-retries'.format(
                    (node.magic_number % 60),
                    (node.magic_number % 4),
                ),
            },
+        },
        'icinga2_api': {
            'backup-client': {
                'services': {
--- a/bundles/c3voc-addons/items.py
+++ b/bundles/c3voc-addons/items.py
@ -91,7 +91,7 @@ files = {
    },
 }

-for crontab, content in node.metadata.get('cron', {}).items():
+for crontab, content in node.metadata.get('cron/jobs', {}).items():
    files['/etc/cron.d/{}'.format(crontab)] = {
        'source': 'cron_template',
        'content_type': 'mako',
--- a/bundles/c3voc-addons/metadata.py
+++ b/bundles/c3voc-addons/metadata.py
@ -33,12 +33,14 @@ def patchday(metadata):

    return {
        'cron': {
+            'jobs': {
                'upgrade-and-reboot': '{minute} {hour} * * {day}    root    /usr/local/sbin/upgrade-and-reboot'.format(
                    minute=node.magic_number % 30,
                    hour=hour,
                    day=day,
                ),
            },
+        },
    }


--- a/bundles/check-mail-received/metadata.py
+++ b/bundles/check-mail-received/metadata.py
@ -1,5 +1,5 @@
@metadata_reactor.provides(
-    'cron/check-mail-received',
+    'cron/jobs/check-mail-received',
    'icinga2_api/check-mail-received/services',
 )
 def process_metadata(metadata):
@ -30,8 +30,10 @@ def process_metadata(metadata):

    return {
        'cron': {
+            'jobs': {
                'check-mail-received': '\n'.join(sorted(cron)),
            },
+        },
        'icinga2_api': {
            'check-mail-received': {
                'services': services,
--- a/bundles/cron/files/cron_template
+++ b/bundles/cron/files/cron_template
@ -3,5 +3,6 @@

 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}

 ${cron}
--- a/bundles/cron/files/crontab
+++ b/bundles/cron/files/crontab
@ -3,6 +3,7 @@

 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}

 ${min} *    * * *   root    cd / && run-parts --report /etc/cron.hourly
 ${min} 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
--- a/bundles/cron/items.py
+++ b/bundles/cron/items.py
@ -31,7 +31,7 @@ svc_systemd = {
    },
 }

-for crontab, content in node.metadata.get('cron', {}).items():
+for crontab, content in node.metadata.get('cron/jobs', {}).items():
    files['/etc/cron.d/{}'.format(crontab)] = {
        'source': 'cron_template',
        'content_type': 'mako',
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@ -13,10 +13,6 @@ defaults = {
            },
        },
    },
-    'cron': {
-        'letsencrypt_renew': '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
-        'letsencrypt_cleanup': '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
-    },
    'pacman': {
        'packages': {
            'dehydrated': {
@ -27,3 +23,21 @@ defaults = {
        },
    },
 }
+
+
+@metadata_reactor.provides(
+    'cron/jobs/letsencrypt',
+)
+def cron(metadata):
+    if node.metadata.get('letsencrypt/domains'):
+        return {
+            'cron': {
+                'jobs': {
+                    'letsencrypt': '\n'.join([
+                        '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
+                        '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
+                    ]),
+                },
+            },
+        }
+    return {}
--- a/bundles/netbox/metadata.py
+++ b/bundles/netbox/metadata.py
@ -22,11 +22,13 @@ defaults = {
        },
    },
    'cron': {
+        'jobs': {
            'netbox': '{m} {h} * * *    netbox    /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format(
                m=node.magic_number%60,
                h=node.magic_number%4,
            ),
        },
+    },
    'postgresql': {
        'databases': {
            'netbox': {
--- a/bundles/pppd/metadata.py
+++ b/bundles/pppd/metadata.py
@ -9,8 +9,10 @@ defaults = {
        },
    },
    'cron': {
+        'jobs': {
            'restart-pppoe-if-no-public-ip': '*/5 * * * *    root    /usr/local/bin/restart-pppoe-if-no-public-ip',
        },
+    },
    'icinga2_api': {
        'pppd': {
            'services': {
--- a/bundles/rspamd/metadata.py
+++ b/bundles/rspamd/metadata.py
@ -45,8 +45,10 @@ defaults = {
        },
    },
    'cron': {
+        'jobs': {
            'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * *    clamav    /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
        },
+    },
    'postfix': {
        'aliases': {
            'clamav': {
--- a/bundles/scansnap/metadata.py
+++ b/bundles/scansnap/metadata.py
@ -14,7 +14,9 @@ defaults = {
        },
    },
    'cron': {
+        'jobs': {
            # Automatically remove files which are older than 14 days
            'scansnap_cleanup': '00 00 * * *    root    /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
        },
+    },
 }
--- a/bundles/smartd/metadata.py
+++ b/bundles/smartd/metadata.py
@ -83,7 +83,7 @@ def telegraf(metadata):


@metadata_reactor.provides(
-    'cron/smartd',
+    'cron/jobs/smartd',
 )
 def monthly_long_test(metadata):
    lines = set()
@ -96,6 +96,8 @@ def monthly_long_test(metadata):

    return {
        'cron': {
+            'jobs': {
                'smartd': '\n'.join(sorted(lines)),
            },
+        },
    }
--- a/bundles/unbound/metadata.py
+++ b/bundles/unbound/metadata.py
@ -8,6 +8,7 @@ defaults = {
        },
    },
    'cron': {
+        'jobs': {
            'unbound_refresh_root-hints': '{} {} * * {}    root    wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
                node.magic_number%60,
                node.magic_number%24,
@ -15,6 +16,7 @@ defaults = {
            ),
            'unbound-auto-restart': '* * * * *    root    /usr/local/sbin/unbound-auto-restart',
        },
+    },
    'nameservers': {
        '127.0.0.1',
    },
--- a/bundles/zfs/metadata.py
+++ b/bundles/zfs/metadata.py
@ -35,11 +35,13 @@ defaults = {
        },
    },
    'cron': {
+        'jobs': {
            'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily',
            'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly',
            'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly',
            'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly',
        },
+    },
    'icinga2_api': {
        'zfs': {
            'services': {
@ -103,14 +105,16 @@ if node.has_bundle('telegraf'):


@metadata_reactor.provides(
-    'cron/zfs-scrub',
+    'cron/jobs/zfs-scrub',
 )
 def zfs_scrub_cronjob(metadata):
    when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
    return {
        'cron': {
+            'jobs': {
                'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when),
            },
+        },
    }


--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@ -59,6 +59,7 @@ nodes['home.nas'] = {
        #    'zfs-base': 'storage/backups',
        #},
        'cron': {
+            'jobs': {
                # Ensure every user is able to read and write to the NAS dataset.
                'nas_permissions': '0 3 * * *    root    '
                    'chown -R :nas /storage/nas/ && '
@ -69,6 +70,7 @@ nodes['home.nas'] = {
                    'cd /storage/nas/Musik/Compilations && '
                    'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
            },
+        },
        'groups': {
            'nas': {},
        },
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@ -47,12 +47,14 @@ nodes['home.router'] = {
            },
        },
        'cron': {
+            'jobs': {
                # Our internet provider resets the connection if you're
                # connected longer than 24 hours. We install this cronjob
                # to make sure we don't get disconnected randomly during the
                # day.
                'restart_pppd': '23 2 * * *    root    systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
            },
+        },
        'dhcpd': {
            'subnets': {
                'enp1s0.23': {
--- a/nodes/htz-cloud/luther.py
+++ b/nodes/htz-cloud/luther.py
@ -37,8 +37,10 @@ nodes['htz-cloud.luther'] = {
            },
        },
        'cron': {
+            'jobs': {
                'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * *    www-data    /usr/bin/curl -s {}'),
            },
+        },
        'icinga_options': {
            'pretty_name': 'Lutherkirchengemeinde Pirmasens',
            'vars.notification.sms': False,
--- a/nodes/htz-cloud/pleroma.py
+++ b/nodes/htz-cloud/pleroma.py
@ -34,8 +34,10 @@ nodes['htz-cloud.pleroma'] = {
            'pretty_name': 'cybert-media.net',
        },
        'cron': {
+            'jobs': {
                'auto-authorize-sm-users': '* * * * *    root    echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
            },
+        },
        'nginx': {
            'vhosts': {
                'pleroma': {
--- a/nodes/rx300.py
+++ b/nodes/rx300.py
@ -95,8 +95,10 @@ nodes['rx300'] = {
            },
        },
        'cron': {
+            'jobs': {
                'cleanup-paste.franzi.business': '0 0 * * *    kunsi    /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
            },
+        },
        'check-mail-received': {
            't-online': {
                'email': 'franzi.kunsmann@t-online.de',