72 lines
1.6 KiB
Python
72 lines
1.6 KiB
Python
|
from bundlewrap.metadata import atomic
|
||
|
|
||
|
|
||
|
defaults = {
|
||
|
'apt': {
|
||
|
'packages': {
|
||
|
'db-util': {},
|
||
|
'ldap-utils': {},
|
||
|
'slapd': {},
|
||
|
'slapd-contrib': {},
|
||
|
},
|
||
|
},
|
||
|
'backups': {
|
||
|
'paths': {
|
||
|
# Create backups both from ZFS and from dumps. Because
|
||
|
# they're cheap.
|
||
|
'/var/lib/ldap',
|
||
|
'/var/tmp/ldapdumps',
|
||
|
},
|
||
|
},
|
||
|
'cron': {
|
||
|
},
|
||
|
'icinga2_api': {
|
||
|
'openldap': {
|
||
|
'services': {
|
||
|
'OPENLDAP PROCESS': {
|
||
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1',
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
'openldap': {
|
||
|
'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'),
|
||
|
},
|
||
|
}
|
||
|
|
||
|
|
||
|
@metadata_reactor.provides(
|
||
|
'icinga2_api/openldap/services/OPENLDAP CERTIFICATE',
|
||
|
)
|
||
|
def cert_check(metadata):
|
||
|
return {
|
||
|
'icinga2_api': {
|
||
|
'openldap': {
|
||
|
'services': {
|
||
|
'OPENLDAP CERTIFICATE': {
|
||
|
'check_command': 'check_certificate_at',
|
||
|
'vars.domain': metadata.get('openldap/my_hostname'),
|
||
|
'vars.port': '636',
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
}
|
||
|
|
||
|
|
||
|
@metadata_reactor.provides(
|
||
|
'firewall/port_rules/389',
|
||
|
'firewall/port_rules/636',
|
||
|
)
|
||
|
def sperrfix(metadata):
|
||
|
sources = metadata.get('openldap/restrict-to', set())
|
||
|
|
||
|
return {
|
||
|
'firewall': {
|
||
|
'port_rules': {
|
||
|
'389': atomic(sources),
|
||
|
'636': atomic(sources),
|
||
|
},
|
||
|
},
|
||
|
}
|