cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-20 01:49:25 +02:00
parent a19ce59c51
commit 0a9f3493b9
9 changed files with 86 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bundles/archive/files/get_file Normal file
View file

@ -0,0 +1,10 @@
#!/bin/bash
FILENAME=$1
TMPFILE=$(mktemp /tmp/archive_file.XXXXXXXXXX)
BUCKET=$(cat /etc/gcloud/gcloud.json | jq -r .bucket)
NODE=$(cat /etc/archive/archive.json | jq -r .node_name)
MASTERKEY=$(cat /etc/gocryptfs/masterkey)
gsutil cat "gs://$BUCKET/$NODE$FILENAME" > "$TMPFILE"
/opt/gocryptfs-inspect/gocryptfs.py --aessiv --config=/etc/gocryptfs/gocryptfs.conf --masterkey="$MASTERKEY" "$TMPFILE"

15
bundles/archive/files/validate_file Normal file
View file

@ -0,0 +1,15 @@
#!/bin/bash
FILENAME=$1
ARCHIVE=$(/opt/archive/get_file "$FILENAME" | sha256sum)
ORIGINAL=$(cat "$FILENAME" | sha256sum)
if [[ "$ARCHIVE" == "$ORIGINAL" ]]
then
echo "OK"
exit 0
else
echo "ERROR"
exit 1
fi

26
bundles/archive/items.py
View file

@ -1,8 +1,25 @@
assert node.has_bundle('gcloud') assert node.has_bundle('gcloud')
assert node.has_bundle('gocryptfs') assert node.has_bundle('gocryptfs')
assert node.has_bundle('gocryptfs-inspect')
assert node.has_bundle('systemd') assert node.has_bundle('systemd')
files['/opt/archive'] = { from json import dumps
directories['/opt/archive'] = {}
directories['/etc/archive'] = {}
files['/etc/archive/archive.json'] = {
'content': dumps(
{
'node_name': node.name,
**node.metadata.get('archive'),
},
indent=4,
sort_keys=True
),
}
files['/opt/archive/archive'] = {
'content_type': 'mako', 'content_type': 'mako',
'mode': '700', 'mode': '700',
'context': { 'context': {
@ -16,3 +33,10 @@ files['/opt/archive'] = {
], ],
} }
files['/opt/archive/get_file'] = {
'mode': '700',
}
files['/opt/archive/validate_file'] = {
'mode': '700',
}

5
bundles/archive/metadata.py
View file

@ -1,4 +1,9 @@
defaults = { defaults = {
'apt': {
'packages': {
'jq': {},
},
},
'archive': { 'archive': {
'paths': {}, 'paths': {},
}, },

1
bundles/gcloud/README.md
View file

@ -1,6 +1,7 @@
``` ```
gcloud projects add-iam-policy-binding sublimity-182017 --member 'serviceAccount:backup@sublimity-182017.iam.gserviceaccount.com' --role 'roles/storage.objectViewer' gcloud projects add-iam-policy-binding sublimity-182017 --member 'serviceAccount:backup@sublimity-182017.iam.gserviceaccount.com' --role 'roles/storage.objectViewer'
gcloud projects add-iam-policy-binding sublimity-182017 --member 'serviceAccount:backup@sublimity-182017.iam.gserviceaccount.com' --role 'roles/storage.objectCreator' gcloud projects add-iam-policy-binding sublimity-182017 --member 'serviceAccount:backup@sublimity-182017.iam.gserviceaccount.com' --role 'roles/storage.objectCreator'
gcloud projects add-iam-policy-binding sublimity-182017 --member 'serviceAccount:backup@sublimity-182017.iam.gserviceaccount.com' --role 'roles/storage.objectAdmin'
gsutil -o "GSUtil:parallel_process_count=3" -o GSUtil:parallel_thread_count=4 -m rsync -r -d -e /var/vmail gs://sublimity-backup/mailserver gsutil -o "GSUtil:parallel_process_count=3" -o GSUtil:parallel_thread_count=4 -m rsync -r -d -e /var/vmail gs://sublimity-backup/mailserver
gsutil config gsutil config
gsutil versioning set on gs://sublimity-backup gsutil versioning set on gs://sublimity-backup

19
bundles/gcloud/items.py
View file

@ -1,9 +1,22 @@
from os.path import join from os.path import join
from json import dumps
service_account = node.metadata.get('gcloud/service_account') service_account = node.metadata.get('gcloud/service_account')
project = node.metadata.get('gcloud/project') project = node.metadata.get('gcloud/project')
files[f'/root/.config/gcloud/service_account.json'] = { directories[f'/etc/gcloud'] = {
'purge': True,
}
files['/etc/gcloud/gcloud.json'] = {
'content': dumps(
node.metadata.get('gcloud'),
indent=4,
sort_keys=True
),
}
files['/etc/gcloud/service_account.json'] = {
'content': repo.vault.decrypt_file( 'content': repo.vault.decrypt_file(
join(repo.path, 'data', 'gcloud', 'service_accounts', f'{service_account}@{project}.json.enc') join(repo.path, 'data', 'gcloud', 'service_accounts', f'{service_account}@{project}.json.enc')
), ),
@ -14,10 +27,10 @@ files[f'/root/.config/gcloud/service_account.json'] = {
} }
actions['gcloud_activate_service_account'] = { actions['gcloud_activate_service_account'] = {
'command': 'gcloud auth activate-service-account --key-file /root/.config/gcloud/service_account.json', 'command': 'gcloud auth activate-service-account --key-file /etc/gcloud/service_account.json',
'unless': f"gcloud auth list | grep -q '^\*[[:space:]]*{service_account}@{project}.iam.gserviceaccount.com'", 'unless': f"gcloud auth list | grep -q '^\*[[:space:]]*{service_account}@{project}.iam.gserviceaccount.com'",
'needs': [ 'needs': [
f'file:/root/.config/gcloud/service_account.json' f'file:/etc/gcloud/service_account.json'
], ],
} }

6
bundles/gocryptfs-inspect/items.py Normal file
View file

@ -0,0 +1,6 @@
directories['/opt/gocryptfs-inspect'] = {}
git_deploy['/opt/gocryptfs-inspect'] = {
'repo': 'https://github.com/slackner/gocryptfs-inspect.git',
'rev': 'ecd296c8f014bf18f5889e3cb9cb64807ff6b9c4',
}

7
bundles/gocryptfs-inspect/metadata.py Normal file
View file

@ -0,0 +1,7 @@
defaults = {
'apt': {
'packages': {
'python3-pycryptodome': {},
},
},
}

1
groups/applications/archive.py
View file

@ -5,5 +5,6 @@
'bundles': [ 'bundles': [
'archive', 'archive',
'gocryptfs', 'gocryptfs',
'gocryptfs-inspect',
], ],
} }