nodes/htz.ex42-1048908: add pkg_apt:mosh

bundles/letsencrypt: also check for chain.pem, nginx needs this
bundles/systemd-networkd: manage apt packages via bundle:apt
2021-02-20 18:06:20 +01:00 · 2021-02-20 17:38:11 +01:00 · 2021-02-20 17:35:45 +01:00 · 2021-02-20 17:30:38 +01:00 · 2021-02-20 16:51:34 +01:00 · 2021-02-20 16:50:38 +01:00
8 changed files with 23 additions and 20 deletions
--- a/bundles/letsencrypt/files/domains.txt
+++ b/bundles/letsencrypt/files/domains.txt
@ -1,5 +1,3 @@
 ${node.metadata['hostname']}
 % for domain, aliases in sorted(node.metadata.get('letsencrypt/domains', {}).items()):
 ${domain} ${' '.join(sorted(aliases))}
 % endfor
--- a/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
+++ b/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
@ -6,7 +6,7 @@ just_check=$2
 cert_path="/var/lib/dehydrated/certs/$domain"
 already_exists=false
-if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" ]
+if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" -a -f "$cert_path/chain.pem" ]
 then
    already_exists=true
 fi
@ -23,6 +23,7 @@ fi
 if [ "$already_exists" != true ]
 then
    rm -r "$cert_path"
    mkdir -p "$cert_path"
    openssl req -x509 -newkey rsa:4096 -nodes -days 3650 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem"
    chmod 0600 "$cert_path/privkey.pem"
--- a/bundles/postfix/metadata.py
+++ b/bundles/postfix/metadata.py
@ -49,7 +49,7 @@ else:
    'letsencrypt/reload_after',
 )
 def letsencrypt(metadata):
-    if not node.has_bundle('letsencrypt'):
+    if not node.has_bundle('letsencrypt') or not node.has_bundle('postfixadmin'):
        raise DoNotRunAgain
    result = {
@ -58,11 +58,8 @@ def letsencrypt(metadata):
        },
    }
    myhostname = metadata.get('postfix/myhostname', None)
    if myhostname and myhostname != metadata.get('hostname'):
    result['domains'] = {
-            myhostname: set(),
+        metadata.get('postfix/myhostname', metadata.get('hostname')): set(),
    }
    return {
--- a/bundles/postgresql/items.py
+++ b/bundles/postgresql/items.py
@ -25,10 +25,10 @@ directories = {
    },
    # This is needed so the above purge does not remove the version
    # currently installed.
-    '/etc/postgresql/{}'.format(postgresql_version): {
+    '/etc/postgresql/{}/main'.format(postgresql_version): {
-        'owner': None,
+        'owner': 'postgres',
-        'group': None,
+        'group': 'postgres',
-        'mode': None,
+        'mode': '0755',
    },
 }
--- a/bundles/systemd-networkd/items.py
+++ b/bundles/systemd-networkd/items.py
@ -1,11 +1,5 @@
 assert node.has_bundle('systemd')
 pkg_apt = {
    'resolvconf': {
        'installed': False,
    },
 }
 files = {
    '/etc/network/interfaces': {
        'delete': True,
--- a/bundles/systemd-networkd/metadata.py
+++ b/bundles/systemd-networkd/metadata.py
@ -1,3 +1,14 @@
 defaults = {
    'apt': {
        'packages': {
            'resolvconf': {
                'installed': False,
            },
        },
    },
 }
@metadata_reactor.provides(
    'interfaces',
 )
--- a/bundles/zfs/items.py
+++ b/bundles/zfs/items.py
@ -19,6 +19,7 @@ actions = {
            'zfs_dataset:',
            'zfs_pool:',
        },
        'comment': 'If this fails, do a dist-upgrade, reinstall zfs-dkms, reboot',
    },
 }
--- a/nodes/htz/ex42-1048908.py
+++ b/nodes/htz/ex42-1048908.py
@ -49,6 +49,7 @@ nodes['htz.ex42-1048908'] = {
                # No need to create a bundle just to install packages,
                # configs will be managed by users nevertheless.
                'mosh': {},
                'weechat': {},
                'weechat-core': {},
                'weechat-curses': {},
Author	SHA1	Message	Date
Franziska Kunsmann	9b7454b57c	nodes/htz.ex42-1048908: add pkg_apt:mosh All checks were successful bundlewrap/pipeline/head This commit looks good Details	2021-02-20 18:06:20 +01:00
Franziska Kunsmann	5433859a86	bundles/letsencrypt: also check for chain.pem, nginx needs this All checks were successful bundlewrap/pipeline/head This commit looks good Details	2021-02-20 17:38:11 +01:00
Franziska Kunsmann	e2d7d05783	bundles/systemd-networkd: manage apt packages via bundle:apt All checks were successful bundlewrap/pipeline/head This commit looks good Details	2021-02-20 17:35:45 +01:00
Franziska Kunsmann	ad5c8cc0ab	bundles/postfix: only get certificate if actually needed All checks were successful bundlewrap/pipeline/head This commit looks good Details	2021-02-20 17:30:38 +01:00
Franziska Kunsmann	97a1b3ae85	bundles/zfs: add comment to action:modprobe-zfs All checks were successful bundlewrap/pipeline/head This commit looks good Details	2021-02-20 16:51:34 +01:00
Franziska Kunsmann	1c0a3ee8e7	bundles/postgresql: fix postgresql config path	2021-02-20 16:50:38 +01:00