make some bundles arch-compatible, more default packages for arch

2021-05-23 12:24:00 +02:00 · 2021-05-23 12:24:00 +02:00 · 5a182fadef
commit 5a182fadef
parent c136c33a58
12 changed files with 170 additions and 35 deletions
--- a/bundles/apt/items.py
+++ b/bundles/apt/items.py
@ -115,7 +115,16 @@ pkg_apt = {
    'nmap': {},
    'python3': {},
    'python3-dev': {},
-    'python3-pip': {},
+    'python3-setuptools': {
+        'needed_by': {
+            'pkg_pip:',
+        },
+    },
+    'python3-pip': {
+        'needed_by': {
+            'pkg_pip:',
+        },
+    },
    'python3-virtualenv': {},
    'rsync': {},
    'tar': {},
--- a/bundles/iptables/metadata.py
+++ b/bundles/iptables/metadata.py
@ -1,5 +1,13 @@
 from bundlewrap.exceptions import BundleError

+defaults = {
+    'pacman': {
+        'packages': {
+            'iptables': {},
+        },
+    },
+}
+
@metadata_reactor.provides(
    'iptables/bundle_rules/iptables',
 )
--- a/bundles/pacman/items.py
+++ b/bundles/pacman/items.py
@ -6,18 +6,78 @@ if not node.os == 'arch':
 # This is more targeted to GUI systems. This is intentional.

 pkg_pacman = {
-    'fish': {},
-    'fwupd': {},
+    'at': {},
+    'autoconf': {},
+    'automake': {},
+    'binutils': {},
+    'bison': {},
+    'bzip2': {},
+    'curl': {},
    'dialog': {},
+    'diffutils': {},
+    'fakeroot': {},
+    'file': {},
+    'findutils': {},
+    'flex': {},
+    'fwupd': {},
+    'gawk': {},
+    'gcc': {},
+    'gettext': {},
+    'git': {},
+    'gnu-netcat': {},
+    'grep': {},
+    'groff': {},
+    'gzip': {},
+    'ldns': {},
+    'less': {},
+    'libtool': {},
    'linux': {},
+    'logrotate': {},
+    'lsof': {},
+    'm4': {},
+    'mailutils': {},
+    'make': {},
+    'moreutils': {},
+    'mtr': {},
+    'ncdu': {},
+    'nmap': {},
+    'patch': {},
+    'pkgconf': {},
+    'python': {},
+    'python-setuptools': {
+        'needed_by': {
+            'pkg_pip:',
+        },
+    },
+    'python-pip': {
+        'needed_by': {
+            'pkg_pip:',
+        },
+    },
+    'python-virtualenv': {},
+    'rsync': {},
+    'sed': {},
+    'tar': {},
+    'texinfo': {},
+    'tmux': {},
+    'tree': {},
+    'unzip': {},
+    'vim': {},
+    'wget': {},
+    'which': {},
+    'whois': {},
+    'zip': {},
+}
+
+if node.metadata.get('pacman/install_gui', False):
+    pkg_pacman = {
+        'fish': {},
        'netctl': {},
        'rfkill': {},
-    'tmux': {},
-    'vim': {},
        'wpa_supplicant': {},
        'wpa_actiond': {},
        'lm_sensors': {},
-}
+    }

 for pkg, config in node.metadata.get('pacman/packages', {}).items():
    pkg_pacman[pkg] = config
--- a/bundles/postfix/items.py
+++ b/bundles/postfix/items.py
@ -21,6 +21,12 @@ for identifier in node.metadata.get('postfix/mynetworks', set()):
            netmask = '128'
        mynetworks.add(f'[{ip6}]/{netmask}')

+my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix'
+
+pkg_pip = {
+    'dnsq': {},
+}
+
 files = {
    '/etc/mailname': {
        'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
@ -70,7 +76,7 @@ actions = {
        'command': 'newaliases',
        'triggered': True,
        'needs': {
-            'pkg_apt:postfix',
+            my_package,
        },
    },
 }
@ -80,7 +86,7 @@ svc_systemd = {
        'needs': {
            'file:/etc/postfix/master.cf',
            'file:/etc/postfix/main.cf',
-            'pkg_apt:',
+            my_package,
        },
    },
 }
--- a/bundles/postfix/metadata.py
+++ b/bundles/postfix/metadata.py
@ -4,7 +4,10 @@ defaults = {
    'apt': {
        'packages': {
            'postfix': {},
-            'python3-dnsq': {},
+            'python3-dnsq': {
+                # handled by pkg_pip
+                'installed': False,
+            },
        },
    },
    'icinga2_api': {
@ -19,6 +22,11 @@ defaults = {
            },
        },
    },
+    'pacman': {
+        'packages': {
+            'postfix': {},
+        },
+    },
 }

 if node.has_bundle('postfixadmin'):
--- a/bundles/sshmon/items.py
+++ b/bundles/sshmon/items.py
@ -21,13 +21,6 @@ users = {
    },
 }

-pkg_apt = {
-    'gawk': {},  # needed by check_ram
-    'libwww-perl': {},  # needed by check_nginx_status
-    'sysstat': {},  # needed by check_cpu_stats
-    'monitoring-plugins': {},
-}
-
 with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp:
    pubkey = fp.read().strip()

--- a/bundles/sshmon/metadata.py
+++ b/bundles/sshmon/metadata.py
@ -3,7 +3,11 @@ from re import sub
 defaults = {
    'apt': {
        'packages': {
+            'gawk': {},  # needed by check_ram
+            'libwww-perl': {},  # needed by check_nginx_status
+            'monitoring-plugins': {},
            'python3-requests': {},
+            'sysstat': {},  # needed by check_cpu_stats
        },
    },
    'icinga2_api': {
@ -23,6 +27,15 @@ defaults = {
            'sshmon',
        },
    },
+    'pacman': {
+        'packages': {
+            'gawk': {},
+            'perl-libwww': {},
+            'monitoring-plugins': {},
+            'python-requests': {},
+            'sysstat': {},
+        },
+    },
 }


--- a/bundles/sudo/items.py
+++ b/bundles/sudo/items.py
@ -19,3 +19,9 @@ files = {
        'content_type': 'mako',
    },
 }
+
+for filename, content in node.metadata.get('sudo/extra_configs', {}).items():
+    files[f'/etc/sudoers.d/{filename}'] = {
+        'content': '\n'.join(sorted(content)) + '\n',
+        'mode': '0440',
+    }
--- a/bundles/systemd-networkd/items.py
+++ b/bundles/systemd-networkd/items.py
@ -11,11 +11,24 @@ files = {
 if node.metadata.get('systemd-networkd/enable-resolved', False):
    symlinks['/etc/resolv.conf'] = {
        'target': '/run/systemd/resolve/stub-resolv.conf',
+        'needed_by': {
+            'pkg_apt:',
+            'pkg_pacman:',
+        },
+    }
+    svc_systemd['systemd-resolved'] = {
+        'needed_by': {
+            'pkg_apt:',
+            'pkg_pacman:',
+        },
    }
-    svc_systemd['systemd-resolved'] = {}
 else:
    files['/etc/resolv.conf'] = {
        'content_type': 'mako',
+        'needed_by': {
+            'pkg_apt:',
+            'pkg_pacman:',
+        },
    }


--- a/bundles/vmhost/metadata.py
+++ b/bundles/vmhost/metadata.py
@ -3,7 +3,9 @@ defaults = {
        'packages': {
            'libvirt-clients': {},
            'libvirt-daemon-system': {},
+            'netcat-openbsd': {}, # for virt-manager
            'qemu-utils': {},
+            'qemu-kvm': {},
            'qemu-system-x86': {},
        },
    },
@ -21,3 +23,6 @@ defaults = {
        },
    },
 }
+
+if node.has_bundle('zfs'):
+    defaults['apt']['packages']['libvirt-daemon-driver-storage-zfs'] = {}
--- a/groups/os.py
+++ b/groups/os.py
@ -13,16 +13,14 @@ groups['raspberry'] = {

 groups['linux'] = {
    'subgroups': {
+        'arch',
        'debian',
        'raspberry',
    },
    'bundles': {
-        'apt',
-        'backup-client',
        'basic',
        'cron',
        'iptables',
-        'molly-guard',
        'openssh',
        'postfix',
        'sshmon',
@ -61,13 +59,31 @@ groups['linux'] = {
    'pip_command': 'pip3',
 }

+groups['arch'] = {
+    'bundles': {
+        'pacman',
+    },
+    'metadata': {
+        'icinga_options': {
+            'exclude_from_monitoring': True,
+        },
+    },
+    'os': 'arch',
+}
+
 groups['debian'] = {
    'subgroups': {
        'debian-buster',
        'debian-bullseye',
        'debian-sid',
    },
-    'os': 'debian'
+    'bundles': {
+        'apt',
+        'backup-client',
+        'molly-guard',
+    },
+    'os': 'debian',
+    'pip_command': 'pip3',
 }

 groups['debian-buster'] = {
--- a/nodes/kunsi-t470.py
+++ b/nodes/kunsi-t470.py
@ -3,18 +3,12 @@
 nodes['kunsi-t470'] = {
    'hostname': 'localhost',
    'bundles': {
-        'basic',
        'lldp',
        'nfs-client',
-        'pacman',
-        'openssh',
-        'sudo',
-        'systemd',
-        'systemd-networkd',
-        'telegraf',
-        'users',
    },
-    'groups': set(),
+    'groups': {
+        'arch',
+    },
    'metadata': {
        'timezone': 'Europe/Berlin',
        'icinga_options': {
@ -37,6 +31,12 @@ nodes['kunsi-t470'] = {
            },
            # there is also wlp4s0, but that's managed by netctl
        },
+        'iptables': {
+            'port_rules': {
+                # For the occasional file-share using `python -m http.server`
+                '8000': {'*'},
+            },
+        },
        'locale': {
            'default': 'en_DK.UTF-8',
        },
@ -53,9 +53,7 @@ nodes['kunsi-t470'] = {
            },
        },
        'pacman': {
-            'packages': {
-                'fish': {},
-            },
+            'install_gui': True,
        },
        'systemd-networkd': {
            'enable-resolved': True,