From 1c0a3ee8e7883e67c32b040fc02cc0affac7fc79 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 Feb 2021 16:50:38 +0100 Subject: [PATCH 1/6] bundles/postgresql: fix postgresql config path --- bundles/postgresql/items.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bundles/postgresql/items.py b/bundles/postgresql/items.py index f1d2953..f48ad74 100644 --- a/bundles/postgresql/items.py +++ b/bundles/postgresql/items.py @@ -25,10 +25,10 @@ directories = { }, # This is needed so the above purge does not remove the version # currently installed. - '/etc/postgresql/{}'.format(postgresql_version): { - 'owner': None, - 'group': None, - 'mode': None, + '/etc/postgresql/{}/main'.format(postgresql_version): { + 'owner': 'postgres', + 'group': 'postgres', + 'mode': '0755', }, } From 97a1b3ae855b387b7ec63f38ad615b55c71dc581 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 Feb 2021 16:51:34 +0100 Subject: [PATCH 2/6] bundles/zfs: add comment to action:modprobe-zfs --- bundles/zfs/items.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bundles/zfs/items.py b/bundles/zfs/items.py index ad09841..1322250 100644 --- a/bundles/zfs/items.py +++ b/bundles/zfs/items.py @@ -19,6 +19,7 @@ actions = { 'zfs_dataset:', 'zfs_pool:', }, + 'comment': 'If this fails, do a dist-upgrade, reinstall zfs-dkms, reboot', }, } From ad5c8cc0ab63851287fbe5d0f523563577892ca8 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 Feb 2021 17:30:38 +0100 Subject: [PATCH 3/6] bundles/postfix: only get certificate if actually needed --- bundles/letsencrypt/files/domains.txt | 2 -- bundles/postfix/metadata.py | 11 ++++------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/bundles/letsencrypt/files/domains.txt b/bundles/letsencrypt/files/domains.txt index d9d7824..ea7e427 100644 --- a/bundles/letsencrypt/files/domains.txt +++ b/bundles/letsencrypt/files/domains.txt @@ -1,5 +1,3 @@ -${node.metadata['hostname']} - % for domain, aliases in sorted(node.metadata.get('letsencrypt/domains', {}).items()): ${domain} ${' '.join(sorted(aliases))} % endfor diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 4399e3b..9899988 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -49,7 +49,7 @@ else: 'letsencrypt/reload_after', ) def letsencrypt(metadata): - if not node.has_bundle('letsencrypt'): + if not node.has_bundle('letsencrypt') or not node.has_bundle('postfixadmin'): raise DoNotRunAgain result = { @@ -58,12 +58,9 @@ def letsencrypt(metadata): }, } - myhostname = metadata.get('postfix/myhostname', None) - - if myhostname and myhostname != metadata.get('hostname'): - result['domains'] = { - myhostname: set(), - } + result['domains'] = { + metadata.get('postfix/myhostname', metadata.get('hostname')): set(), + } return { 'letsencrypt': result, From e2d7d057838f304b01a95f0c3abf5cdfb9b87ea5 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 Feb 2021 17:35:45 +0100 Subject: [PATCH 4/6] bundles/systemd-networkd: manage apt packages via bundle:apt --- bundles/systemd-networkd/items.py | 6 ------ bundles/systemd-networkd/metadata.py | 11 +++++++++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/bundles/systemd-networkd/items.py b/bundles/systemd-networkd/items.py index 6d068d4..aa2084c 100644 --- a/bundles/systemd-networkd/items.py +++ b/bundles/systemd-networkd/items.py @@ -1,11 +1,5 @@ assert node.has_bundle('systemd') -pkg_apt = { - 'resolvconf': { - 'installed': False, - }, -} - files = { '/etc/network/interfaces': { 'delete': True, diff --git a/bundles/systemd-networkd/metadata.py b/bundles/systemd-networkd/metadata.py index 54579e4..e8dff0e 100644 --- a/bundles/systemd-networkd/metadata.py +++ b/bundles/systemd-networkd/metadata.py @@ -1,3 +1,14 @@ +defaults = { + 'apt': { + 'packages': { + 'resolvconf': { + 'installed': False, + }, + }, + }, +} + + @metadata_reactor.provides( 'interfaces', ) From 5433859a86ff45a495416b3facb95107a73986c8 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 Feb 2021 17:38:11 +0100 Subject: [PATCH 5/6] bundles/letsencrypt: also check for chain.pem, nginx needs this --- bundles/letsencrypt/files/letsencrypt-ensure-some-certificate | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate b/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate index 45f474a..e0248cb 100644 --- a/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate +++ b/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate @@ -6,7 +6,7 @@ just_check=$2 cert_path="/var/lib/dehydrated/certs/$domain" already_exists=false -if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" ] +if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" -a -f "$cert_path/chain.pem" ] then already_exists=true fi @@ -23,6 +23,7 @@ fi if [ "$already_exists" != true ] then + rm -r "$cert_path" mkdir -p "$cert_path" openssl req -x509 -newkey rsa:4096 -nodes -days 3650 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem" chmod 0600 "$cert_path/privkey.pem" From 9b7454b57cf470f52b86c39f417b500d659ab89a Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 Feb 2021 18:06:20 +0100 Subject: [PATCH 6/6] nodes/htz.ex42-1048908: add pkg_apt:mosh --- nodes/htz/ex42-1048908.py | 1 + 1 file changed, 1 insertion(+) diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 247534c..a408cf2 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -49,6 +49,7 @@ nodes['htz.ex42-1048908'] = { # No need to create a bundle just to install packages, # configs will be managed by users nevertheless. + 'mosh': {}, 'weechat': {}, 'weechat-core': {}, 'weechat-curses': {},