bundles/molly-guard: introduce, add to systems
All checks were successful
bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2021-02-26 17:58:20 +01:00
parent 51ca74549e
commit 3adfb9779a
Signed by: kunsi
GPG key ID: 12E3D2136B818350
7 changed files with 68 additions and 1 deletions

View file

@ -94,7 +94,6 @@ pkg_apt = {
'lsof': {}, 'lsof': {},
'mailutils': {}, 'mailutils': {},
'manpages': {}, 'manpages': {},
'molly-guard': {},
'moreutils': {}, 'moreutils': {},
'mount': {}, 'mount': {},
'mtr': {}, 'mtr': {},

View file

@ -0,0 +1,9 @@
#!/bin/bash
# Checks wether upgrade-and-reboot is currently running.
if [[ -f "/var/lib/bundlewrap/soft-${node.name}/UNATTENDED" ]]
then
echo "Sorry, can't $MOLLYGUARD_CMD now, upgrade-and-reboot is running"
exit 1
fi

View file

@ -0,0 +1,29 @@
#!/bin/sh
# This script will ask for the bundlewrap node name. This replaces the
# original script, which will ask for the hostname, which sometimes
# is not enough to properly identify the system.
NODE_NAME="${node.name}"
# If this is not a terminal, do nothing
test -t 0 || exit 0
sigh()
{
echo "Sorry, input does not match. Won't $MOLLYGUARD_CMD $NODE_NAME ..." >&2
exit 1
}
trap 'echo;sigh' 1 2 3 9 10 12 15
echo -n "Please enter the bundlewrap node name of this System to $MOLLYGUARD_CMD: "
read NODE_NAME_USER || :
NODE_NAME_USER="$(echo "$NODE_NAME_USER" | tr '[:upper:]' '[:lower:]')"
[ "$NODE_NAME_USER" = "$NODE_NAME" ] || sigh
trap - 1 2 3 9 10 12 15
exit 0

View file

@ -0,0 +1 @@
# currently unused

View file

@ -0,0 +1,21 @@
directories = {
'/etc/molly-guard/messages.d': {
'purge': True,
},
'/etc/molly-guard/run.d': {
'purge': True,
},
}
files = {
'/etc/molly-guard/rc': {},
'/etc/molly-guard/run.d/10-check-unattended-upgrades': {
'content_type': 'mako',
'mode': '0755',
},
'/etc/molly-guard/run.d/30-query-hostname': {
'content_type': 'mako',
'mode': '0755',
},
}

View file

@ -0,0 +1,7 @@
defaults = {
'apt': {
'packages': {
'molly-guard': {},
},
},
}

View file

@ -21,6 +21,7 @@ groups['linux'] = {
'backup-client', 'backup-client',
'basic', 'basic',
'cron', 'cron',
'molly-guard',
'openssh', 'openssh',
'postfix', 'postfix',
'sshmon', 'sshmon',