diff --git a/bundles/apt/items.py b/bundles/apt/items.py index b86939b..e756a67 100644 --- a/bundles/apt/items.py +++ b/bundles/apt/items.py @@ -115,7 +115,16 @@ pkg_apt = { 'nmap': {}, 'python3': {}, 'python3-dev': {}, - 'python3-pip': {}, + 'python3-setuptools': { + 'needed_by': { + 'pkg_pip:', + }, + }, + 'python3-pip': { + 'needed_by': { + 'pkg_pip:', + }, + }, 'python3-virtualenv': {}, 'rsync': {}, 'tar': {}, diff --git a/bundles/iptables/metadata.py b/bundles/iptables/metadata.py index c7b1c6e..e5615a0 100644 --- a/bundles/iptables/metadata.py +++ b/bundles/iptables/metadata.py @@ -1,5 +1,13 @@ from bundlewrap.exceptions import BundleError +defaults = { + 'pacman': { + 'packages': { + 'iptables': {}, + }, + }, +} + @metadata_reactor.provides( 'iptables/bundle_rules/iptables', ) diff --git a/bundles/pacman/items.py b/bundles/pacman/items.py index 9afd850..51bc617 100644 --- a/bundles/pacman/items.py +++ b/bundles/pacman/items.py @@ -6,18 +6,78 @@ if not node.os == 'arch': # This is more targeted to GUI systems. This is intentional. pkg_pacman = { - 'fish': {}, - 'fwupd': {}, + 'at': {}, + 'autoconf': {}, + 'automake': {}, + 'binutils': {}, + 'bison': {}, + 'bzip2': {}, + 'curl': {}, 'dialog': {}, + 'diffutils': {}, + 'fakeroot': {}, + 'file': {}, + 'findutils': {}, + 'flex': {}, + 'fwupd': {}, + 'gawk': {}, + 'gcc': {}, + 'gettext': {}, + 'git': {}, + 'gnu-netcat': {}, + 'grep': {}, + 'groff': {}, + 'gzip': {}, + 'ldns': {}, + 'less': {}, + 'libtool': {}, 'linux': {}, - 'netctl': {}, - 'rfkill': {}, + 'logrotate': {}, + 'lsof': {}, + 'm4': {}, + 'mailutils': {}, + 'make': {}, + 'moreutils': {}, + 'mtr': {}, + 'ncdu': {}, + 'nmap': {}, + 'patch': {}, + 'pkgconf': {}, + 'python': {}, + 'python-setuptools': { + 'needed_by': { + 'pkg_pip:', + }, + }, + 'python-pip': { + 'needed_by': { + 'pkg_pip:', + }, + }, + 'python-virtualenv': {}, + 'rsync': {}, + 'sed': {}, + 'tar': {}, + 'texinfo': {}, 'tmux': {}, + 'tree': {}, + 'unzip': {}, 'vim': {}, - 'wpa_supplicant': {}, - 'wpa_actiond': {}, - 'lm_sensors': {}, + 'wget': {}, + 'which': {}, + 'whois': {}, + 'zip': {}, } +if node.metadata.get('pacman/install_gui', False): + pkg_pacman = { + 'fish': {}, + 'netctl': {}, + 'rfkill': {}, + 'wpa_supplicant': {}, + 'wpa_actiond': {}, + 'lm_sensors': {}, + } + for pkg, config in node.metadata.get('pacman/packages', {}).items(): pkg_pacman[pkg] = config diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index 0b328e1..38bedd0 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -21,6 +21,12 @@ for identifier in node.metadata.get('postfix/mynetworks', set()): netmask = '128' mynetworks.add(f'[{ip6}]/{netmask}') +my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix' + +pkg_pip = { + 'dnsq': {}, +} + files = { '/etc/mailname': { 'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']), @@ -70,7 +76,7 @@ actions = { 'command': 'newaliases', 'triggered': True, 'needs': { - 'pkg_apt:postfix', + my_package, }, }, } @@ -80,7 +86,7 @@ svc_systemd = { 'needs': { 'file:/etc/postfix/master.cf', 'file:/etc/postfix/main.cf', - 'pkg_apt:', + my_package, }, }, } diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 33177ca..b8294d5 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -4,7 +4,10 @@ defaults = { 'apt': { 'packages': { 'postfix': {}, - 'python3-dnsq': {}, + 'python3-dnsq': { + # handled by pkg_pip + 'installed': False, + }, }, }, 'icinga2_api': { @@ -19,6 +22,11 @@ defaults = { }, }, }, + 'pacman': { + 'packages': { + 'postfix': {}, + }, + }, } if node.has_bundle('postfixadmin'): diff --git a/bundles/sshmon/items.py b/bundles/sshmon/items.py index fd2662d..58ab1ee 100644 --- a/bundles/sshmon/items.py +++ b/bundles/sshmon/items.py @@ -21,13 +21,6 @@ users = { }, } -pkg_apt = { - 'gawk': {}, # needed by check_ram - 'libwww-perl': {}, # needed by check_nginx_status - 'sysstat': {}, # needed by check_cpu_stats - 'monitoring-plugins': {}, -} - with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp: pubkey = fp.read().strip() diff --git a/bundles/sshmon/metadata.py b/bundles/sshmon/metadata.py index 0d8ee53..39f2ee4 100644 --- a/bundles/sshmon/metadata.py +++ b/bundles/sshmon/metadata.py @@ -3,7 +3,11 @@ from re import sub defaults = { 'apt': { 'packages': { + 'gawk': {}, # needed by check_ram + 'libwww-perl': {}, # needed by check_nginx_status + 'monitoring-plugins': {}, 'python3-requests': {}, + 'sysstat': {}, # needed by check_cpu_stats }, }, 'icinga2_api': { @@ -23,6 +27,15 @@ defaults = { 'sshmon', }, }, + 'pacman': { + 'packages': { + 'gawk': {}, + 'perl-libwww': {}, + 'monitoring-plugins': {}, + 'python-requests': {}, + 'sysstat': {}, + }, + }, } diff --git a/bundles/sudo/items.py b/bundles/sudo/items.py index b49ce92..1f1aa70 100644 --- a/bundles/sudo/items.py +++ b/bundles/sudo/items.py @@ -19,3 +19,9 @@ files = { 'content_type': 'mako', }, } + +for filename, content in node.metadata.get('sudo/extra_configs', {}).items(): + files[f'/etc/sudoers.d/{filename}'] = { + 'content': '\n'.join(sorted(content)) + '\n', + 'mode': '0440', + } diff --git a/bundles/systemd-networkd/items.py b/bundles/systemd-networkd/items.py index b9de7f0..8c52336 100644 --- a/bundles/systemd-networkd/items.py +++ b/bundles/systemd-networkd/items.py @@ -11,11 +11,24 @@ files = { if node.metadata.get('systemd-networkd/enable-resolved', False): symlinks['/etc/resolv.conf'] = { 'target': '/run/systemd/resolve/stub-resolv.conf', + 'needed_by': { + 'pkg_apt:', + 'pkg_pacman:', + }, + } + svc_systemd['systemd-resolved'] = { + 'needed_by': { + 'pkg_apt:', + 'pkg_pacman:', + }, } - svc_systemd['systemd-resolved'] = {} else: files['/etc/resolv.conf'] = { 'content_type': 'mako', + 'needed_by': { + 'pkg_apt:', + 'pkg_pacman:', + }, } diff --git a/bundles/vmhost/metadata.py b/bundles/vmhost/metadata.py index 8ac632d..125274e 100644 --- a/bundles/vmhost/metadata.py +++ b/bundles/vmhost/metadata.py @@ -3,7 +3,9 @@ defaults = { 'packages': { 'libvirt-clients': {}, 'libvirt-daemon-system': {}, + 'netcat-openbsd': {}, # for virt-manager 'qemu-utils': {}, + 'qemu-kvm': {}, 'qemu-system-x86': {}, }, }, @@ -21,3 +23,6 @@ defaults = { }, }, } + +if node.has_bundle('zfs'): + defaults['apt']['packages']['libvirt-daemon-driver-storage-zfs'] = {} diff --git a/groups/os.py b/groups/os.py index 294e814..b320906 100644 --- a/groups/os.py +++ b/groups/os.py @@ -13,16 +13,14 @@ groups['raspberry'] = { groups['linux'] = { 'subgroups': { + 'arch', 'debian', 'raspberry', }, 'bundles': { - 'apt', - 'backup-client', 'basic', 'cron', 'iptables', - 'molly-guard', 'openssh', 'postfix', 'sshmon', @@ -61,13 +59,31 @@ groups['linux'] = { 'pip_command': 'pip3', } +groups['arch'] = { + 'bundles': { + 'pacman', + }, + 'metadata': { + 'icinga_options': { + 'exclude_from_monitoring': True, + }, + }, + 'os': 'arch', +} + groups['debian'] = { 'subgroups': { 'debian-buster', 'debian-bullseye', 'debian-sid', }, - 'os': 'debian' + 'bundles': { + 'apt', + 'backup-client', + 'molly-guard', + }, + 'os': 'debian', + 'pip_command': 'pip3', } groups['debian-buster'] = { diff --git a/nodes/kunsi-t470.py b/nodes/kunsi-t470.py index 5e93baa..0b678d2 100644 --- a/nodes/kunsi-t470.py +++ b/nodes/kunsi-t470.py @@ -3,18 +3,12 @@ nodes['kunsi-t470'] = { 'hostname': 'localhost', 'bundles': { - 'basic', 'lldp', 'nfs-client', - 'pacman', - 'openssh', - 'sudo', - 'systemd', - 'systemd-networkd', - 'telegraf', - 'users', }, - 'groups': set(), + 'groups': { + 'arch', + }, 'metadata': { 'timezone': 'Europe/Berlin', 'icinga_options': { @@ -37,6 +31,12 @@ nodes['kunsi-t470'] = { }, # there is also wlp4s0, but that's managed by netctl }, + 'iptables': { + 'port_rules': { + # For the occasional file-share using `python -m http.server` + '8000': {'*'}, + }, + }, 'locale': { 'default': 'en_DK.UTF-8', }, @@ -53,9 +53,7 @@ nodes['kunsi-t470'] = { }, }, 'pacman': { - 'packages': { - 'fish': {}, - }, + 'install_gui': True, }, 'systemd-networkd': { 'enable-resolved': True,