kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

update to bw4

Browse source
This commit is contained in:
Franzi 2020-08-18 15:27:55 +02:00
parent d7862918a6
commit 5e2fea8497
Signed by: kunsi
GPG key ID: 12E3D2136B818350
22 changed files with 223 additions and 501 deletions
Download patch file Download diff file Expand all files Collapse all files

75
bundles/bind/metadata.py
View file

@ -1,52 +1,33 @@
from bundlewrap.metadata import atomic
@metadata_processor
def backups(metadata):
if metadata.get('bind', {}).get('zones_primary_dynamic', {}):
metadata.setdefault('backups', {}).setdefault('paths', set()).add(
'/var/lib/bind/primary.dynamic',
)
return metadata, RUN_ME_AGAIN
@metadata_processor
def monitoring(metadata):
icinga2_api = metadata.setdefault('icinga2_api', {})
node_metadata = icinga2_api.setdefault('bind', {})
services = node_metadata.setdefault('services', {})
services.setdefault('BIND PROCESS', {}).update({
'check_command': 'nrpe',
'vars.nrpe_command': 'check_bind_procs',
})
for interface in metadata.get('bind', {}).get('listen', []):
services.setdefault('BIND PORT {}'.format(interface), {}).update({
'check_command': 'tcp',
'vars.tcp_address': metadata['interfaces'][interface]['ip_addresses'][0],
'vars.tcp_port': 53,
})
nrpe_checks = metadata.setdefault('nrpe', {}).setdefault('custom_nrpe_checks', {})
nrpe_checks['check_bind_procs'] = '/usr/lib/nagios/plugins/check_procs -C named -c 1:1'
return metadata, DONE
@metadata_processor
def sperrfix(metadata):
per_bundle = metadata.get('bind', {}).get('sperrfix', {})
if per_bundle.get('ignore'):
return metadata, DONE
sources = per_bundle.get('sources', {'*'})
return {
'sperrfix': {
'bundle_rules': {
'53': atomic({'sources': sources}),
'53/udp': atomic({'sources': sources}),
defaults = {
'icinga2_api': {
'bind': {
'services': {
'BIND PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C named -c 1:1',
},
},
},
}, OVERWRITE, RUN_ME_AGAIN
},
}
@metadata_reactor
def port_checks(metadata):
services = {}
for interface in metadata.get('bind/listen', set()):
services[f'BIND PORT {interface}'] = {
'check_command': 'tcp',
'vars.tcp_address': metadata.get(f'interfaces/{interface}/ip_addresses')[0],
'vars.tcp_port': 53,
}
return {
'icinga2_api': {
'bind': {
'services': services,
},
},
}

42
bundles/jenkins-ci/metadata.py
View file

@ -1,27 +1,25 @@
@metadata_processor
def jenkins_apt_repos(metadata):
return {
'apt': {
'repos': {
'jenkins': {
'key': '150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6',
'items': [
'deb https://pkg.jenkins.io/debian-stable binary/',
],
},
defaults = {
'apt': {
'repos': {
'jenkins': {
'key': '150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6',
'items': [
'deb https://pkg.jenkins.io/debian-stable binary/',
],
},
'unattended-upgrades': {
'origins': {
'o=jenkins.io,a=binary',
},
},
'unattended-upgrades': {
'origins': {
'o=jenkins.io,a=binary',
},
'packages': {
'openjdk-11-jre': {},
'jenkins': {
'needs': {
'pkg_apt:openjdk-11-jre',
},
},
'packages': {
'openjdk-11-jre': {},
'jenkins': {
'needs': {
'pkg_apt:openjdk-11-jre',
},
},
},
}, DEFAULTS, DONE
},
}

14
bundles/letsencrypt/metadata.py
View file

@ -1,8 +1,6 @@
@metadata_processor
def crontab(metadata):
return {
'cron': {
'letsencrypt_renew': '20 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null',
'letsencrypt_cleanup': '42 23 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null',
},
}, DEFAULTS, DONE
defaults = {
'cron': {
'letsencrypt_renew': '20 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null',
'letsencrypt_cleanup': '42 23 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null',
},
}

75
bundles/matrix-synapse/metadata.py
View file

@ -1,47 +1,40 @@
@metadata_processor
def nodejs_apt_repos(metadata):
return {
'apt': {
'repos': {
'matrix': {
'key': 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058',
'items': [
'deb https://packages.matrix.org/debian buster main',
],
},
},
'unattended-upgrades': {
'origins': {
'o=matrix.org,n=buster,c=main',
},
},
'packages': {
'matrix-synapse-py3': {},
defaults = {
'apt': {
'repos': {
'matrix': {
'key': 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058',
'items': [
'deb https://packages.matrix.org/debian buster main',
],
},
},
}, DEFAULTS, DONE
@metadata_processor
def synapse_defaults(metadata):
return {
'matrix-synapse': {
'registration_shared_secret': repo.vault.human_password_for('{} matrix-synapse registration_shared_secret'.format(node.name)),
'database': {
'user': 'synapse_user',
'unattended-upgrades': {
'origins': {
'o=matrix.org,n=buster,c=main',
},
},
'packages': {
'matrix-synapse-py3': {},
},
},
'matrix-synapse': {
'registration_shared_secret': repo.vault.human_password_for('{} matrix-synapse registration_shared_secret'.format(node.name)),
'database': {
'user': 'synapse_user',
'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
'database': 'synapse',
},
},
'postgresql': {
'users': {
'synapse_user': {
'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
'database': 'synapse',
},
},
'postgresql': {
'users': {
'synapse_user': {
'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
},
'databases': {
'synapse': {
'owner': 'synapse_user',
},
'databases': {
'synapse': {
'owner': 'synapse_user',
},
},
}
}, DEFAULTS, DONE
},
}
}

3
bundles/mx-puppet-discord/items.py
View file

@ -31,9 +31,6 @@ git_deploy = {
'/opt/mx-puppet-discord': {
'repo': 'https://github.com/matrix-discord/mx-puppet-discord.git',
'rev': 'master',
'needs': {
'directory:/opt/mx-puppet-discord',
},
'triggers': {
'action:mx-puppet-discord_chown',
'action:mx-puppet-discord_npm_install',

65
bundles/mx-puppet-discord/metadata.py
View file

@ -1,46 +1,33 @@
@metadata_processor
def mx_puppet_discord_user(metadata):
return {
defaults = {
'users': {
'mx-puppet-discord': {
'home': '/opt/mx-puppet-discord',
'deploy_configs': False,
'home-mode': '0755',
},
},
'matrix-synapse': {
'appservice_configs': {
'/opt/mx-puppet-discord/registration.yaml',
},
},
'mx-puppet-discord': {
'database': {
'user': 'mx-puppet-discord',
'password': repo.vault.password_for('{} postgresql mx-puppet-discord'.format(node.name)),
'database': 'mx-puppet-discord',
},
},
'postgres': {
'users': {
'mx-puppet-discord': {
'home': '/opt/mx-puppet-discord',
'deploy_configs': False,
'home-mode': '0755',
},
},
}, DEFAULTS, DONE
@metadata_processor
def add_mx_puppet_discord_to_synapse(metadata):
return {
'matrix-synapse': {
'appservice_configs': {
'/opt/mx-puppet-discord/registration.yaml',
},
},
}, DEFAULTS, DONE
@metadata_processor
def postgres(metadata):
return {
'mx-puppet-discord': {
'database': {
'user': 'mx-puppet-discord',
'password': repo.vault.password_for('{} postgresql mx-puppet-discord'.format(node.name)),
'database': 'mx-puppet-discord',
},
},
'postgres': {
'users': {
'mx-puppet-discord': {
'password': repo.vault.password_for('{} postgresql mx-puppet-discord'.format(node.name)),
},
},
'databases': {
'mx-puppet-discord': {
'owner': 'mx-puppet-discord',
},
'databases': {
'mx-puppet-discord': {
'owner': 'mx-puppet-discord',
},
},
}, DEFAULTS, DONE
},
}

52
bundles/nginx/metadata.py
View file

@ -1,39 +1,37 @@
@metadata_processor
def defaults(metadata):
return {
'apt': {
'repos': {
'nginx': {
'key': '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
'items': [
'deb http://nginx.org/packages/debian buster nginx',
],
},
},
'unattended-upgrades': {
'origins': {
'o=nginx,a=stable,n=buster,l=nginx,c=nginx',
},
},
'packages': {
'nginx': {},
defaults = {
'apt': {
'repos': {
'nginx': {
'key': '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
'items': [
'deb http://nginx.org/packages/debian buster nginx',
],
},
},
'nginx': {
'worker_processes': 4,
'worker_connections': 1000,
'unattended-upgrades': {
'origins': {
'o=nginx,a=stable,n=buster,l=nginx,c=nginx',
},
},
}, DEFAULTS, DONE
'packages': {
'nginx': {},
},
},
'nginx': {
'worker_processes': 4,
'worker_connections': 1000,
},
}
@metadata_processor
@metadata_reactor
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'):
return metadata, DONE
raise DoNotRunAgain
domains = {}
for domain in metadata.get('nginx', {}).get('vhosts', {}).keys():
for domain in metadata.get('nginx/vhosts', {}).keys():
domains[domain] = set()
return {
@ -43,4 +41,4 @@ def letsencrypt(metadata):
'nginx',
},
},
}, DEFAULTS, RUN_ME_AGAIN
}

54
bundles/nodejs/metadata.py
View file

@ -1,31 +1,29 @@
@metadata_processor
def nodejs_apt_repos(metadata):
return {
'apt': {
'repos': {
'yarn': {
'key': '72ECF46A56B4AD39C907BBB71646B01B86E50310',
'items': [
'deb https://dl.yarnpkg.com/debian/ stable main',
],
},
'node': {
'key': '9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280',
'items': [
'deb https://deb.nodesource.com/node_10.x buster main',
'deb-src https://deb.nodesource.com/node_10.x buster main',
],
},
defaults = {
'apt': {
'repos': {
'yarn': {
'key': '72ECF46A56B4AD39C907BBB71646B01B86E50310',
'items': [
'deb https://dl.yarnpkg.com/debian/ stable main',
],
},
'unattended-upgrades': {
'origins': {
'o=Node Source,n=buster,l=Node Source,c=main',
'o=yarn,a=stable,n=stable,l=yarn-stable,c=main',
},
},
'packages': {
'nodejs': {},
'yarn': {},
'node': {
'key': '9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280',
'items': [
'deb https://deb.nodesource.com/node_10.x buster main',
'deb-src https://deb.nodesource.com/node_10.x buster main',
],
},
},
}, DEFAULTS, DONE
'unattended-upgrades': {
'origins': {
'o=Node Source,n=buster,l=Node Source,c=main',
'o=yarn,a=stable,n=stable,l=yarn-stable,c=main',
},
},
'packages': {
'nodejs': {},
'yarn': {},
},
},
}

3
bundles/riot-web/items.py
View file

@ -10,9 +10,6 @@ directories = {
git_deploy = {
riot_web_root: {
'needs': {
'directory:' + riot_web_root,
},
'rev': 'master',
'repo': 'https://github.com/vector-im/riot-web.git',
'triggers': {

8
bundles/riot-web/metadata.py
View file

@ -1,12 +1,12 @@
@metadata_processor
@metadata_reactor
def nginx_config(metadata):
return {
'nginx': {
'vhosts': {
metadata['riot-web']['url']: {
'webroot': '/var/www/chat.franzi.business/webapp/',
metadata.get('riot-web/url', None): {
'webroot': '/var/www/{}/webapp/'.format(metadata.get('riot-web/url', None)),
'extras': True,
},
},
},
}, DEFAULTS, DONE
}

32
bundles/seafile/metadata.py
View file

@ -1,19 +1,17 @@
@metadata_processor
def defaults(metadata):
return {
'apt': {
'packages': {
'mariadb-server': {},
'python3': {},
'python3-setuptools': {},
'python3-pip': {},
},
defaults = {
'apt': {
'packages': {
'mariadb-server': {},
'python3': {},
'python3-setuptools': {},
'python3-pip': {},
},
'users': {
'seafile': {
'home': '/opt/seafile',
'deploy_configs': False,
'home-mode': '0755',
},
},
'users': {
'seafile': {
'home': '/opt/seafile',
'deploy_configs': False,
'home-mode': '0755',
},
}, DEFAULTS, DONE
},
}

2
bundles/sudo/files/sudoers
View file

@ -6,6 +6,6 @@ Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bi
root ALL=(ALL) ALL
% for user in node.metadata['sudo']:
% for user in sorted(node.metadata['sudo']):
${user} ALL=(ALL) NOPASSWD:ALL
% endfor

12
bundles/sudo/metadata.py
View file

@ -1,11 +1,11 @@
@metadata_processor
@metadata_reactor
def sudo_users(metadata):
sudoers = []
sudoers = set()
for username, config in metadata.get('users', {}).items():
if 'sudo' in config and config['sudo']:
sudoers.append(username)
sudoers.add(username)
metadata['sudo'] = sudoers
return metadata, RUN_ME_AGAIN
return {
'sudo': sudoers,
}

18
bundles/users/metadata.py
View file

@ -1,11 +1,9 @@
@metadata_processor
def apt(metadata):
return {
'apt': {
'packages': {
'fish': {},
'tmux': {},
'vim': {},
},
defaults = {
'apt': {
'packages': {
'fish': {},
'tmux': {},
'vim': {},
},
}, DEFAULTS, DONE
},
}

18
bundles/vmhost/metadata.py
View file

@ -1,11 +1,9 @@
@metadata_processor
def apt(metadata):
return {
'apt': {
'packages': {
'qemu-kvm': {},
'libvirt-clients': {},
'libvirt-daemon-system': {},
},
defaults = {
'apt': {
'packages': {
'qemu-kvm': {},
'libvirt-clients': {},
'libvirt-daemon-system': {},
},
}, DEFAULTS, DONE
},
}

22
bundles/voc-loudness-monitor/metadata.py
View file

@ -1,14 +1,12 @@
@metadata_processor
def add_voc_user(metadata):
return {
'apt': {
'packages': {
'ffmpeg': {},
},
defaults = {
'apt': {
'packages': {
'ffmpeg': {},
},
'users': {
'voc': {
'home': '/opt/voc-loudness-monitor',
},
},
'users': {
'voc': {
'home': '/opt/voc-loudness-monitor',
},
}, DEFAULTS, DONE
},
}