repo.libs.tools.require_bundle(node, 'zfs') from os.path import join from bundlewrap.metadata import metadata_to_json dataset = node.metadata.get('backup-server/zfs-base') files = { '/etc/backup-server/config.json': { 'content': metadata_to_json({ 'zfs-base': dataset, }), }, '/usr/local/bin/rotate-single-backup-client': { 'mode': '0755', }, '/usr/local/share/icinga/plugins/check_backup_for_node': { 'mode': '0755', }, } directories['/etc/backup-server/clients'] = { 'purge': True, } sudoers = {} for nodename, config in node.metadata.get('backup-server/clients', {}).items(): sudoers[config['user']] = nodename users[config['user']] = { 'home': f'/srv/backups/{nodename}', } files[f'/etc/backup-server/clients/{nodename}'] = { 'content': metadata_to_json(config['retain']), } files[f'/srv/backups/{nodename}/.ssh/authorized_keys'] = { 'content': repo.libs.ssh.generate_ed25519_public_key( config['user'], node, ), 'owner': config['user'], 'mode': '0400', 'needs': { f'zfs_dataset:{dataset}/{nodename}', }, } directories[f'/srv/backups/{nodename}/backups'] = { 'owner': config['user'], 'mode': '0700', 'needs': { f'zfs_dataset:{dataset}/{nodename}', }, } files['/etc/sudoers.d/backup-server'] = { 'source': 'sudoers', 'content_type': 'mako', 'context': { 'clients': sudoers, }, }