from bundlewrap.exceptions import BundleError supported_os = { 'debian': { 10: 'buster', 11: 'bullseye', 12: 'bookworm', 99: 'unstable', }, } try: supported_os[node.os][node.os_version[0]] except (KeyError, IndexError): raise BundleError(f'{node.name}: OS {node.os} {node.os_version} is not supported by bundle:apt') CONFLICTING_BUNDLES = { 'apt', 'nginx', 'telegraf', 'users', } if any(node.has_bundle(i) for i in CONFLICTING_BUNDLES): raise BundleError(f'{node.name}: bundle:c3voc-addons conflicts with bundles: {", ".join(sorted(CONFLICTING_BUNDLES))}') pkg_apt = { 'apt-transport-https': {}, 'build-essential': {}, 'curl': {}, 'git': {}, 'grep': {}, 'gzip': {}, 'htop': {}, 'jq': {}, 'less': {}, 'mtr': {}, 'ncdu': {}, 'netcat': {}, 'python3': {}, 'python3-dev': {}, 'python3-setuptools': { 'needed_by': { 'pkg_pip:', }, }, 'python3-pip': { 'needed_by': { 'pkg_pip:', }, }, 'python3-virtualenv': {}, 'rsync': {}, 'tar': {}, 'tmux': {}, 'tree': {}, 'wget': {}, } if node.metadata.get('apt/packages', {}): for package, options in node.metadata['apt']['packages'].items(): pkg_apt[package] = options actions = { 'systemd-reload': { 'command': 'systemctl daemon-reload', 'cascade_skip': False, 'triggered': True, 'needed_by': { 'svc_systemd:', }, }, 'apt_update': { 'command': 'apt-get update', 'needed_by': { 'pkg_apt:', }, 'triggered': True, 'cascade_skip': False, }, 'apt_execute_update_commands': { 'command': ' && '.join(sorted(node.metadata.get('apt/additional_update_commands', {'true'}))), 'triggered': True, }, } directories = { '/etc/nginx/sites-enabled': { 'purge': True, 'triggers': { 'svc_systemd:nginx:restart', }, }, } files = { '/etc/kernel/postinst.d/unattended-upgrades': { 'source': 'kernel-postinst.d', }, '/etc/upgrade-and-reboot.conf': { 'content_type': 'mako', }, '/usr/local/share/icinga/plugins/check_unattended_upgrades': { 'mode': '0755', }, '/usr/local/sbin/upgrade-and-reboot': { 'mode': '0700', }, '/usr/local/sbin/do-unattended-upgrades': { 'content_type': 'mako', 'mode': '0700', 'context': { 'additional_update_commands': node.metadata.get('apt/additional_update_commands', set()), 'clean_old_kernels': node.metadata.get('apt/clean_old_kernels', True), 'restart_triggers': node.metadata.get('apt/restart_triggers', {}), } }, } for name, data in node.metadata.get('apt/repos', {}).items(): files['/etc/apt/sources.list.d/{}.list'.format(name)] = { 'content_type': 'mako', 'content': ("\n".join(sorted(data['items']))).format( os=node.os, os_release=supported_os[node.os][node.os_version[0]], ), 'triggers': { 'action:apt_update', }, } if data.get('install_gpg_key', True): files['/etc/apt/sources.list.d/{}.list'.format(name)]['needs'] = { 'file:/etc/apt/trusted.gpg.d/{}.list.asc'.format(name), } files['/etc/apt/trusted.gpg.d/{}.list.asc'.format(name)] = { 'source': 'gpg-keys/{}.asc'.format(name), 'triggers': { 'action:apt_update', }, } for crontab, content in node.metadata.get('cron/jobs', {}).items(): files['/etc/cron.d/{}'.format(crontab)] = { 'source': 'cron_template', 'content_type': 'mako', 'context': { 'cron': content, } } for vhost, config in node.metadata.get('nginx/vhosts', {}).items(): if not 'domain' in config: config['domain'] = vhost files['/etc/nginx/sites-available/{}'.format(vhost)] = { 'source': 'site_template', 'content_type': 'mako', 'context': { 'vhost': vhost, **config, }, 'triggers': { 'svc_systemd:nginx:restart', }, } symlinks['/etc/nginx/sites-enabled/{}'.format(vhost)] = { 'target': '/etc/nginx/sites-available/{}'.format(vhost), 'triggers': { 'svc_systemd:nginx:restart', }, } if not 'webroot' in config: directories['/var/www/{}'.format(vhost)] = config.get('webroot_config', {}) svc_systemd = { 'nginx': {}, 'apt-daily.timer': { 'running': False, 'enabled': False, }, 'apt-daily-upgrade.timer': { 'running': False, 'enabled': False, }, }