Compare commits

...

6 commits

Author SHA1 Message Date
9b7454b57c
nodes/htz.ex42-1048908: add pkg_apt:mosh
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 18:06:20 +01:00
5433859a86
bundles/letsencrypt: also check for chain.pem, nginx needs this
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:38:11 +01:00
e2d7d05783
bundles/systemd-networkd: manage apt packages via bundle:apt
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:35:45 +01:00
ad5c8cc0ab
bundles/postfix: only get certificate if actually needed
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:30:38 +01:00
97a1b3ae85
bundles/zfs: add comment to action:modprobe-zfs
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 16:51:34 +01:00
1c0a3ee8e7
bundles/postgresql: fix postgresql config path 2021-02-20 16:50:38 +01:00
8 changed files with 23 additions and 20 deletions

View file

@ -1,5 +1,3 @@
${node.metadata['hostname']}
% for domain, aliases in sorted(node.metadata.get('letsencrypt/domains', {}).items()):
${domain} ${' '.join(sorted(aliases))}
% endfor

View file

@ -6,7 +6,7 @@ just_check=$2
cert_path="/var/lib/dehydrated/certs/$domain"
already_exists=false
if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" ]
if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" -a -f "$cert_path/chain.pem" ]
then
already_exists=true
fi
@ -23,6 +23,7 @@ fi
if [ "$already_exists" != true ]
then
rm -r "$cert_path"
mkdir -p "$cert_path"
openssl req -x509 -newkey rsa:4096 -nodes -days 3650 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem"
chmod 0600 "$cert_path/privkey.pem"

View file

@ -49,7 +49,7 @@ else:
'letsencrypt/reload_after',
)
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'):
if not node.has_bundle('letsencrypt') or not node.has_bundle('postfixadmin'):
raise DoNotRunAgain
result = {
@ -58,11 +58,8 @@ def letsencrypt(metadata):
},
}
myhostname = metadata.get('postfix/myhostname', None)
if myhostname and myhostname != metadata.get('hostname'):
result['domains'] = {
myhostname: set(),
metadata.get('postfix/myhostname', metadata.get('hostname')): set(),
}
return {

View file

@ -25,10 +25,10 @@ directories = {
},
# This is needed so the above purge does not remove the version
# currently installed.
'/etc/postgresql/{}'.format(postgresql_version): {
'owner': None,
'group': None,
'mode': None,
'/etc/postgresql/{}/main'.format(postgresql_version): {
'owner': 'postgres',
'group': 'postgres',
'mode': '0755',
},
}

View file

@ -1,11 +1,5 @@
assert node.has_bundle('systemd')
pkg_apt = {
'resolvconf': {
'installed': False,
},
}
files = {
'/etc/network/interfaces': {
'delete': True,

View file

@ -1,3 +1,14 @@
defaults = {
'apt': {
'packages': {
'resolvconf': {
'installed': False,
},
},
},
}
@metadata_reactor.provides(
'interfaces',
)

View file

@ -19,6 +19,7 @@ actions = {
'zfs_dataset:',
'zfs_pool:',
},
'comment': 'If this fails, do a dist-upgrade, reinstall zfs-dkms, reboot',
},
}

View file

@ -49,6 +49,7 @@ nodes['htz.ex42-1048908'] = {
# No need to create a bundle just to install packages,
# configs will be managed by users nevertheless.
'mosh': {},
'weechat': {},
'weechat-core': {},
'weechat-curses': {},