from bundlewrap.metadata import atomic defaults = { 'apt': { 'packages': { 'db-util': {}, 'ldap-utils': {}, 'slapd': {}, 'slapd-contrib': {}, }, }, 'backups': { 'paths': { # Create backups both from ZFS and from dumps. Because # they're cheap. '/var/lib/ldap', '/var/tmp/ldapdumps', }, }, 'cron': { }, 'icinga2_api': { 'openldap': { 'services': { 'OPENLDAP PROCESS': { 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1', }, }, }, }, 'monit': { 'services': { 'openldap': { 'bin': '/usr/sbin/slapd', 'systemd_unit': 'slapd', 'ports': { '389': {}, '636': {}, }, }, }, }, 'openldap': { 'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'), }, } @metadata_reactor.provides( 'icinga2_api/openldap/services/OPENLDAP CERTIFICATE', ) def cert_check(metadata): return { 'icinga2_api': { 'openldap': { 'services': { 'OPENLDAP CERTIFICATE': { 'check_command': 'check_certificate_at', 'vars.domain': metadata.get('openldap/my_hostname'), 'vars.port': '636', }, }, }, }, } @metadata_reactor.provides( 'firewall/port_rules/389', 'firewall/port_rules/636', ) def sperrfix(metadata): sources = metadata.get('openldap/restrict-to', set()) return { 'firewall': { 'port_rules': { '389': atomic(sources), '636': atomic(sources), }, }, }