kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

update bw to 4.3, add .provides() to metadata reactors
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-01-07 18:44:38 +01:00
parent 7f0fb7a6e2
commit 2d42e5f7dd
Signed by: kunsi
GPG key ID: 12E3D2136B818350
29 changed files with 158 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Jenkinsfile vendored
View file

@ -34,6 +34,18 @@ pipeline {
"""
}
}
stage('reactor.provides') {
when {
branch 'main'
}
steps {
sh """
. venv/bin/activate
export BW_VAULT_DUMMY_MODE=1
bw test -p
"""
}
}
stage('determinism') {
steps {
sh """

4
bundles/apt/metadata.py
View file

@ -11,7 +11,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'cron/upgrade-and-reboot'
)
def patchday(metadata):
day = metadata.get('apt/unattended_upgrades/day', 5)

5
bundles/backup-client/metadata.py
View file

@ -9,7 +9,10 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'cron/backup',
'icinga2_api/backup-client/services',
)
def cron(metadata):
if metadata.get('backups/exclude_from_backups', False):
return {}

9
bundles/backup-server/metadata.py
View file

@ -7,7 +7,9 @@ defaults = {
},
}
@metadata_reactor
@metadata_reactor.provides(
'backup-server/clients',
)
def get_my_clients(metadata):
my_clients = {}
@ -26,7 +28,10 @@ def get_my_clients(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'zfs/datasets',
'zfs/snapshots/retain_per_dataset',
)
def zfs(metadata):
zfs_datasets = {}
zfs_retains = {}

12
bundles/dhcpd/metadata.py
View file

@ -7,7 +7,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'dhcpd/fixed_allocations',
)
def get_static_allocations(metadata):
allocations = {}
for rnode in repo.nodes:
@ -28,7 +30,9 @@ def get_static_allocations(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'dhcpd/listen_interfaces',
)
def get_listen_interfaces(metadata):
listen_interfaces = []
for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
@ -41,7 +45,9 @@ def get_listen_interfaces(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'iptables/bundle_rules/dhcpd',
)
def iptables(metadata):
iptables = set()
for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():

5
bundles/dovecot/metadata.py
View file

@ -44,7 +44,10 @@ if node.has_bundle('postfixadmin'):
}
@metadata_reactor
@metadata_reactor.provides(
'dovecot/admin_email',
'dovecot/database/dbpass',
)
def import_database_settings_from_postfixadmin(metadata):
if not node.has_bundle('postfixadmin'):
raise DoNotRunAgain

8
bundles/gitea/metadata.py
View file

@ -45,7 +45,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
@ -67,7 +69,9 @@ def nginx(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/gitea/services',
)
def icinga_check_for_new_release(metadata):
return {
'icinga2_api': {

4
bundles/icinga2/metadata.py
View file

@ -72,7 +72,9 @@ defaults = {
},
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2/icinga_users',
)
def add_users_from_json(metadata):
with open(join(repo.path, 'users.json'), 'r') as f:
json = loads(f.read())

4
bundles/mautrix-telegram/metadata.py
View file

@ -43,7 +43,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/mautrix-telegram/services',
)
def icinga_check_for_new_release(metadata):
return {
'icinga2_api': {

4
bundles/mautrix-whatsapp/metadata.py
View file

@ -47,7 +47,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/mautrix-whatsapp/services',
)
def icinga_check_for_new_release(metadata):
return {
'icinga2_api': {

4
bundles/miniflux/metadata.py
View file

@ -35,7 +35,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain

4
bundles/netdata/metadata.py
View file

@ -16,7 +16,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'iptables/bundle_rules/netdata',
)
def iptables(metadata):
interfaces = metadata.get('netdata/restrict-to-interfaces', set())
iptables = []

21
bundles/nginx/metadata.py
View file

@ -35,7 +35,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'nginx/worker_processes',
)
def worker_processes(metadata):
return {
'nginx': {
@ -44,7 +46,10 @@ def worker_processes(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',
)
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'):
raise DoNotRunAgain
@ -65,7 +70,9 @@ def letsencrypt(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'nginx/vhosts',
)
def index_files(metadata):
vhosts = {}
@ -89,7 +96,9 @@ def index_files(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/nginx/services',
)
def monitoring(metadata):
services = {}
@ -133,7 +142,9 @@ def monitoring(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'iptables/bundle_rules/nginx',
)
def iptables(metadata):
interfaces = metadata.get('nginx/restrict-to-interfaces', set())
iptables = []

4
bundles/octoprint/metadata.py
View file

@ -20,7 +20,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/octoprint/services',
)
def icinga(metadata):
if 'api_key' not in metadata.get('octoprint', {}):
return {}

4
bundles/php/metadata.py
View file

@ -11,7 +11,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'apt/packages',
)
def php_packages_with_features(metadata):
version = metadata.get('php/version')

9
bundles/postfix/metadata.py
View file

@ -46,7 +46,9 @@ else:
# FIXME find a working, non-shitty check for that
#@metadata_reactor
#@metadata_reactor.provides(
# 'icinga2_api/postfix/services',
#)
def fill_icinga_spam_blocklist_check_with_hostname(metadata):
checks = {}
@ -67,7 +69,10 @@ def fill_icinga_spam_blocklist_check_with_hostname(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',
)
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'):
raise DoNotRunAgain

20
bundles/powerdns/metadata.py
View file

@ -38,7 +38,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/powerdns/services',
)
def monitoring_for_primary_nameserver(metadata):
if metadata.get('powerdns/is_secondary', False):
return {}
@ -56,7 +58,9 @@ def monitoring_for_primary_nameserver(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'powerdns/my_secondary_servers',
)
def get_ips_of_secondary_nameservers(metadata):
if metadata.get('powerdns/is_secondary', False):
return {}
@ -73,7 +77,9 @@ def get_ips_of_secondary_nameservers(metadata):
},
}
@metadata_reactor
@metadata_reactor.provides(
'powerdns/my_primary_servers',
)
def get_ips_of_primary_nameservers(metadata):
if not metadata.get('powerdns/is_secondary', False):
return {}
@ -91,7 +97,9 @@ def get_ips_of_primary_nameservers(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'powerdns/bind-zones/kunbox.net/records',
)
def generate_dns_entries_for_nodes(metadata):
results = set()
@ -133,7 +141,9 @@ def generate_dns_entries_for_nodes(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'hosts/entries',
)
def hosts_entries_for_all_dns_servers(metadata):
entries = {}

4
bundles/pppd/metadata.py
View file

@ -26,7 +26,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/pppd/services',
)
def icinga_dyndns(metadata):
if 'dyndns' not in metadata.get('pppd'):
return {}

4
bundles/riot-web/metadata.py
View file

@ -1,4 +1,6 @@
@metadata_reactor
@metadata_reactor.provides(
'nginx/vhosts',
)
def nginx_config(metadata):
return {
'nginx': {

4
bundles/rspamd/metadata.py
View file

@ -57,7 +57,9 @@ defaults = {
# Nodes managed by us should always be able to send mail to all other
# servers.
@metadata_reactor
@metadata_reactor.provides(
'rspamd/ignore_spam_check_for_ips',
)
def populate_permitted_ips_list_with_ips_from_repo(metadata):
ips = set()

8
bundles/smartd/metadata.py
View file

@ -16,7 +16,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'smartd/disks',
)
def zfs_disks_to_metadata(metadata):
disks = set()
@ -35,7 +37,9 @@ def zfs_disks_to_metadata(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/smartd/services',
)
def icinga(metadata):
services = {}

8
bundles/sshmon/metadata.py
View file

@ -37,7 +37,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api',
)
def autogenerate_sshmon_command(metadata):
result = {
'icinga2_api': {},
@ -59,7 +61,9 @@ def autogenerate_sshmon_command(metadata):
return result
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/basic/services',
)
def default_checks(metadata):
disk_space_warning = metadata.get('sshmon/disk_space/warning', 15)
disk_space_critical = metadata.get('sshmon/disk_space/critical', 5)

4
bundles/systemd-networkd/metadata.py
View file

@ -1,4 +1,6 @@
@metadata_reactor
@metadata_reactor.provides(
'interfaces',
)
def add_vlan_infos_to_interface(metadata):
interfaces = {}

9
bundles/unbound/metadata.py
View file

@ -22,7 +22,10 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'unbound/threads',
'unbound/cache_slabs',
)
def cpu_cores_to_config_values(metadata):
num_cpus = metadata.get('vm/cpu', 1)
@ -34,7 +37,9 @@ def cpu_cores_to_config_values(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'iptables/bundle_rules/unbound',
)
def iptables(metadata):
interfaces = metadata.get('unbound/restrict-to-interfaces', set())
iptables = []

4
bundles/users/metadata.py
View file

@ -18,7 +18,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'users',
)
def add_users_from_json(metadata):
with open(join(repo.path, 'users.json'), 'r') as f:
json = loads(f.read())

9
bundles/vnstat/metadata.py
View file

@ -20,7 +20,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'vnstat/interface',
)
def get_default_interface(metadata):
interfaces = sorted(metadata.get('interfaces', {}).keys())
@ -34,7 +36,10 @@ def get_default_interface(metadata):
return {}
@metadata_reactor
@metadata_reactor.provides(
'cron',
'nginx/vhosts/vnstat',
)
def nginx_dashboard(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain

12
bundles/wireguard/metadata.py
View file

@ -26,7 +26,9 @@ defaults = {
}
@metadata_reactor
@metadata_reactor.provides(
'wireguard/network',
)
def get_wireguard_network_from_server(metadata):
# FIXME This will break if more than one node sets 'wireguard/network'
for rnode in repo.nodes:
@ -46,7 +48,9 @@ def get_wireguard_network_from_server(metadata):
return {}
@metadata_reactor
@metadata_reactor.provides(
'wireguard/peers',
)
def get_my_wireguard_peers(metadata):
peers = {}
@ -76,7 +80,9 @@ def get_my_wireguard_peers(metadata):
}
@metadata_reactor
@metadata_reactor.provides(
'icinga2_api/wireguard/services',
)
def icinga2(metadata):
services = {}

4
bundles/zfs/metadata.py
View file

@ -87,7 +87,9 @@ if node.has_bundle('sshmon'):
})
@metadata_reactor
@metadata_reactor.provides(
'cron/zfs-scrub',
)
def zfs_scrub_cronjob(metadata):
when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
return {

2
requirements.txt
View file

@ -1,2 +1,2 @@
bundlewrap>=4.2.0
bundlewrap>=4.3.0
PyNaCl