From 2eb23a58271068e602a1fc84eeb1e28775dd212c Mon Sep 17 00:00:00 2001 From: mwiegand Date: Tue, 13 Jul 2021 19:30:45 +0200 Subject: [PATCH] wip --- bundles/apt/items.py | 4 +- bundles/apt/metadata.py | 2 +- bundles/archive/items.py | 4 +- bundles/archive/metadata.py | 4 +- bundles/backup-server/metadata.py | 2 +- bundles/backup/metadata.py | 2 +- bundles/bind/items.py | 76 ++++++++++++++-------------- bundles/bind/metadata.py | 4 +- bundles/dovecot/items.py | 4 +- bundles/gcloud/items.py | 12 ++--- bundles/gcloud/metadata.py | 4 +- bundles/gitea/items.py | 4 +- bundles/gocryptfs/items.py | 8 +-- bundles/gocryptfs/metadata.py | 8 +-- bundles/grafana/items.py | 26 +++++----- bundles/hetzner-cloud/metadata.py | 8 --- bundles/hosts/metadata.py | 28 +++++----- bundles/influxdb2/items.py | 28 +++++----- bundles/influxdb2/metadata.py | 4 +- bundles/mailserver/metadata.py | 4 +- bundles/network/metadata.py | 5 +- bundles/nextcloud/items.py | 36 ++++++------- bundles/nextcloud/metadata.py | 8 +-- bundles/nginx/items.py | 4 +- bundles/nginx/metadata.py | 74 +-------------------------- bundles/opendkim/items.py | 29 ++--------- bundles/opendkim/metadata.py | 9 +--- bundles/postfix/items.py | 32 ++++++------ bundles/postfix/metadata.py | 4 +- bundles/postgresql/items.py | 20 ++++---- bundles/postgresql/metadata.py | 6 +-- bundles/roundcube/items.py | 28 +++++----- bundles/roundcube/metadata.py | 2 +- bundles/ssh/items.py | 10 ++-- bundles/sudo/metadata.py | 2 +- bundles/systemd-timers/items.py | 27 ---------- bundles/systemd/items.py | 12 ++--- bundles/telegraf/items.py | 8 +-- bundles/telegraf/metadata.py | 4 +- bundles/users/items.py | 12 ++--- bundles/wireguard/items.py | 2 - bundles/wireguard/metadata.py | 8 +-- bundles/zfs/items.py | 8 +-- bundles/zfs/metadata.py | 4 +- bundles/zsh/items.py | 8 +-- groups/all.py | 12 ++--- groups/applications/archive.py | 8 +-- groups/applications/backup-server.py | 4 +- groups/applications/backup.py | 4 +- groups/applications/dnsserver.py | 4 +- groups/applications/gcloud.py | 4 +- groups/applications/mailserver.py | 4 +- groups/applications/monitored.py | 4 +- groups/applications/nextcloud.py | 4 +- groups/applications/webserver.py | 4 +- groups/hardware/hetzner-cloud.py | 5 -- groups/os/debian-10.py | 8 +-- groups/os/debian-11.py | 8 +-- groups/os/debian.py | 12 ++--- groups/os/linux.py | 12 ++--- nodes/home.backups.py | 12 ++--- nodes/home.server.py | 16 +++--- nodes/htz.games.py | 8 +-- nodes/htz.mails.py | 37 +++++++------- nodes/netcup.secondary.py | 12 ++--- 65 files changed, 317 insertions(+), 463 deletions(-) delete mode 100644 bundles/hetzner-cloud/metadata.py delete mode 100644 bundles/systemd-timers/items.py delete mode 100644 groups/hardware/hetzner-cloud.py diff --git a/bundles/apt/items.py b/bundles/apt/items.py index 77d30f6..6f6b962 100644 --- a/bundles/apt/items.py +++ b/bundles/apt/items.py @@ -91,9 +91,9 @@ for package, options in node.metadata.get('apt/packages', {}).items(): f"Pin: release a={node.metadata.get('os_release')}-backports", f"Pin-Priority: 900", ]), - 'needed_by': [ + 'needed_by': { f'pkg_apt:{package}', - ], + }, 'triggers': { 'action:apt_update', }, diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py index f62c8ac..da4fb50 100644 --- a/bundles/apt/metadata.py +++ b/bundles/apt/metadata.py @@ -1,6 +1,6 @@ defaults = { 'apt': { 'packages': {}, - 'sources': [], + 'sources': set(), }, } diff --git a/bundles/archive/items.py b/bundles/archive/items.py index dedf580..381953d 100644 --- a/bundles/archive/items.py +++ b/bundles/archive/items.py @@ -29,9 +29,9 @@ files['/opt/archive/archive'] = { 'processes': 4, 'threads': 4, }, - 'needs': [ + 'needs': { 'bundle:gcloud', - ], + }, } files['/opt/archive/get_file'] = { diff --git a/bundles/archive/metadata.py b/bundles/archive/metadata.py index 39b9282..cbd4e11 100644 --- a/bundles/archive/metadata.py +++ b/bundles/archive/metadata.py @@ -19,10 +19,10 @@ def paths(metadata): 'paths': { path: { 'encrypted_path': f'/mnt/archive.enc{path}', - 'exclude': [ + 'exclude': { '^\..*', '/\..*', - ], + }, } for path in metadata.get('archive/paths') }, } diff --git a/bundles/backup-server/metadata.py b/bundles/backup-server/metadata.py index 2128622..f951e57 100644 --- a/bundles/backup-server/metadata.py +++ b/bundles/backup-server/metadata.py @@ -8,7 +8,7 @@ defaults = { }, 'users': { 'backup-receiver': { - 'authorized_keys': [], + 'authorized_keys': set(), }, }, 'sudoers': { diff --git a/bundles/backup/metadata.py b/bundles/backup/metadata.py index 843f8da..3a8af00 100644 --- a/bundles/backup/metadata.py +++ b/bundles/backup/metadata.py @@ -7,7 +7,7 @@ defaults = { }, 'backup': { 'server': None, - 'paths': [], + 'paths': set(), }, 'systemd-timers': { f'backup': { diff --git a/bundles/bind/items.py b/bundles/bind/items.py index a166f2b..bdd9ecd 100644 --- a/bundles/bind/items.py +++ b/bundles/bind/items.py @@ -15,36 +15,36 @@ else: directories[f'/var/lib/bind'] = { 'purge': True, - 'needed_by': [ + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } files['/etc/default/bind9'] = { 'source': 'defaults', - 'needed_by': [ + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } files['/etc/bind/named.conf'] = { 'owner': 'root', 'group': 'bind', - 'needs': [ + 'needs': { 'pkg_apt:bind9', - ], - 'needed_by': [ + }, + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } files['/etc/bind/named.conf.options'] = { 'content_type': 'mako', @@ -54,15 +54,15 @@ files['/etc/bind/named.conf.options'] = { }, 'owner': 'root', 'group': 'bind', - 'needs': [ + 'needs': { 'pkg_apt:bind9', - ], - 'needed_by': [ + }, + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } views = [ @@ -96,15 +96,15 @@ files['/etc/bind/named.conf.local'] = { }, 'owner': 'root', 'group': 'bind', - 'needs': [ + 'needs': { 'pkg_apt:bind9', - ], - 'needed_by': [ + }, + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } def record_matches_view(record, records, view): @@ -128,12 +128,12 @@ def record_matches_view(record, records, view): for view in views: directories[f"/var/lib/bind/{view['name']}"] = { 'purge': True, - 'needed_by': [ + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } for zone, records in zones.items(): @@ -157,15 +157,15 @@ for view in views: )), 'hostname': node.metadata.get('bind/hostname'), }, - 'needs': [ + 'needs': { f"directory:/var/lib/bind/{view['name']}", - ], - 'needed_by': [ + }, + 'needed_by': { 'svc_systemd:bind9', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:bind9:restart', - ], + }, } svc_systemd['bind9'] = {} @@ -173,7 +173,7 @@ svc_systemd['bind9'] = {} actions['named-checkconf'] = { 'command': 'named-checkconf -z', 'unless': 'named-checkconf -z', - 'needs': [ + 'needs': { 'svc_systemd:bind9', - ] + }, } diff --git a/bundles/bind/metadata.py b/bundles/bind/metadata.py index f43a285..90c3ec4 100644 --- a/bundles/bind/metadata.py +++ b/bundles/bind/metadata.py @@ -123,10 +123,10 @@ def slaves(metadata): return { 'bind': { - 'slaves': [ + 'slaves': { other_node.name for other_node in repo.nodes if other_node.has_bundle('bind') and other_node.metadata.get('bind/master_node', None) == node.name - ], + }, }, } diff --git a/bundles/dovecot/items.py b/bundles/dovecot/items.py index e976e87..d43c4ec 100644 --- a/bundles/dovecot/items.py +++ b/bundles/dovecot/items.py @@ -10,10 +10,10 @@ directories = { }, '/etc/dovecot/conf.d': { 'purge': True, - 'needs': [ + 'needs': { 'pkg_apt:dovecot-sieve', 'pkg_apt:dovecot-managesieved', - ] + }, }, '/etc/dovecot/ssl': {}, '/var/vmail': { diff --git a/bundles/gcloud/items.py b/bundles/gcloud/items.py index b619fc8..8d6b5e2 100644 --- a/bundles/gcloud/items.py +++ b/bundles/gcloud/items.py @@ -21,23 +21,23 @@ files['/etc/gcloud/service_account.json'] = { join(repo.path, 'data', 'gcloud', 'service_accounts', f'{service_account}@{project}.json.enc') ), 'mode': '500', - 'needs': [ + 'needs': { 'pkg_apt:google-cloud-sdk', - ], + }, } actions['gcloud_activate_service_account'] = { 'command': 'gcloud auth activate-service-account --key-file /etc/gcloud/service_account.json', 'unless': f"gcloud auth list | grep -q '^\*[[:space:]]*{service_account}@{project}.iam.gserviceaccount.com'", - 'needs': [ + 'needs': { f'file:/etc/gcloud/service_account.json' - ], + }, } actions['gcloud_select_project'] = { 'command': f"gcloud config set project '{project}'", 'unless': f"gcloud config get-value project | grep -q '^{project}$'", - 'needs': [ + 'needs': { f'action:gcloud_activate_service_account' - ], + }, } diff --git a/bundles/gcloud/metadata.py b/bundles/gcloud/metadata.py index 4d2b21f..2112a61 100644 --- a/bundles/gcloud/metadata.py +++ b/bundles/gcloud/metadata.py @@ -7,8 +7,8 @@ defaults = { 'google-cloud-sdk': {}, 'python3-crcmod': {}, }, - 'sources': [ + 'sources': { 'deb https://packages.cloud.google.com/apt cloud-sdk main', - ], + }, }, } diff --git a/bundles/gitea/items.py b/bundles/gitea/items.py index b2e5fec..aab3325 100644 --- a/bundles/gitea/items.py +++ b/bundles/gitea/items.py @@ -45,9 +45,9 @@ files['/etc/gitea/app.ini'] = { } svc_systemd['gitea'] = { - 'needs': [ + 'needs': { 'action:chmod_gitea', 'download:/usr/local/bin/gitea', 'file:/etc/gitea/app.ini', - ], + }, } diff --git a/bundles/gocryptfs/items.py b/bundles/gocryptfs/items.py index 43967b9..e60e66d 100644 --- a/bundles/gocryptfs/items.py +++ b/bundles/gocryptfs/items.py @@ -34,10 +34,10 @@ for path, options in node.metadata.get('gocryptfs/paths').items(): 'owner': None, 'group': None, 'mode': None, - 'preceded_by': [ + 'preceded_by': { f'svc_systemd:gocryptfs-{options["id"]}:stop', - ], - 'needed_by': [ + }, + 'needed_by': { f'svc_systemd:gocryptfs-{options["id"]}', - ], + }, } diff --git a/bundles/gocryptfs/metadata.py b/bundles/gocryptfs/metadata.py index aa51819..c1f3982 100644 --- a/bundles/gocryptfs/metadata.py +++ b/bundles/gocryptfs/metadata.py @@ -76,12 +76,12 @@ def systemd(metadata): 'PLAIN': path, 'CIPHER': options["mountpoint"] }, - 'ExecStart': [ + 'ExecStart': { '/usr/bin/gocryptfs -fg -plaintextnames -reverse -masterkey $MASTERKEY -ctlsock $SOCKET $PLAIN $CIPHER', - ], - 'ExecStopPost': [ + }, + 'ExecStopPost': { '/usr/bin/umount $CIPHER' - ], + }, }, }, 'needs': [ diff --git a/bundles/grafana/items.py b/bundles/grafana/items.py index 3f41725..34d53f2 100644 --- a/bundles/grafana/items.py +++ b/bundles/grafana/items.py @@ -9,9 +9,9 @@ import yaml import json svc_systemd['grafana-server'] = { - 'needs': [ + 'needs': { 'pkg_apt:grafana', - ], + }, } admin_password = node.metadata.get('grafana/config/security/admin_password') @@ -25,10 +25,8 @@ actions['reset_grafana_admin_password'] = { } directories = { - '/etc/grafana': { - }, - '/etc/grafana/provisioning': { - }, + '/etc/grafana': {}, + '/etc/grafana/provisioning': {}, '/etc/grafana/provisioning/datasources': { 'purge': True, }, @@ -42,18 +40,18 @@ directories = { files = { '/etc/grafana/grafana.ini': { 'content': repo.libs.ini.dumps(node.metadata.get('grafana/config')), - 'triggers': [ + 'triggers': { 'svc_systemd:grafana-server:restart', - ], + }, }, '/etc/grafana/provisioning/datasources/managed.yaml': { 'content': yaml.dump({ 'apiVersion': 1, 'datasources': list(node.metadata.get('grafana/datasources').values()), }), - 'triggers': [ + 'triggers': { 'svc_systemd:grafana-server:restart', - ], + }, }, '/etc/grafana/provisioning/dashboards/managed.yaml': { 'content': yaml.dump({ @@ -67,9 +65,9 @@ files = { }, }], }), - 'triggers': [ + 'triggers': { 'svc_systemd:grafana-server:restart', - ], + }, }, } @@ -143,8 +141,8 @@ for dashboard_id, monitored_node in enumerate(monitored_nodes, start=1): files[f'/var/lib/grafana/dashboards/{monitored_node.name}.json'] = { 'content': json.dumps(dashboard, indent=4), - 'triggers': [ + 'triggers': { 'svc_systemd:grafana-server:restart', - ] + }, } diff --git a/bundles/hetzner-cloud/metadata.py b/bundles/hetzner-cloud/metadata.py deleted file mode 100644 index e73592c..0000000 --- a/bundles/hetzner-cloud/metadata.py +++ /dev/null @@ -1,8 +0,0 @@ -# defaults = { -# 'network': { -# 'external': { -# 'gateway4': '172.31.1.1', -# 'gateway6': 'fe80::1', -# }, -# }, -# } diff --git a/bundles/hosts/metadata.py b/bundles/hosts/metadata.py index 0e99b4c..ae3b21e 100644 --- a/bundles/hosts/metadata.py +++ b/bundles/hosts/metadata.py @@ -1,28 +1,28 @@ defaults = { 'hosts': { - '127.0.0.1': [ + '127.0.0.1': { 'localhost', node.name, - ], - '::1': [ + }, + '::1': { 'localhost', 'ip6-localhost', 'ip6-loopback', - ], - 'fe00::0': [ + }, + 'fe00::0': { 'ip6-localnet' - ], - 'ff00::0': [ + }, + 'ff00::0': { 'ip6-mcastprefix' - ], - 'ff02::1': [ + }, + 'ff02::1': { 'ip6-allnodes' - ], - 'ff02::2': [ + }, + 'ff02::2': { 'ip6-allrouters' - ], - 'ff02::3': [ + }, + 'ff02::3': { 'ip6-allhosts' - ], + }, }, } diff --git a/bundles/influxdb2/items.py b/bundles/influxdb2/items.py index 525a67c..1b81767 100644 --- a/bundles/influxdb2/items.py +++ b/bundles/influxdb2/items.py @@ -4,9 +4,9 @@ from shlex import quote directories['/var/lib/influxdb'] = { 'owner': 'influxdb', 'group': 'influxdb', - 'needs': [ + 'needs': { 'zfs_dataset:tank/influxdb', - ], + }, } directories['/etc/influxdb'] = { @@ -14,26 +14,26 @@ directories['/etc/influxdb'] = { } files['/etc/influxdb/config.toml'] = { 'content': dumps(node.metadata.get('influxdb/config')), - 'triggers': [ + 'triggers': { 'svc_systemd:influxdb:restart', - ] + }, } svc_systemd['influxdb'] = { - 'needs': [ + 'needs': { 'directory:/var/lib/influxdb', 'file:/etc/influxdb/config.toml', 'pkg_apt:influxdb2', - ] + }, } actions['wait_for_influxdb_start'] = { 'command': 'sleep 15', 'triggered': True, - 'triggered_by': [ + 'triggered_by': { 'svc_systemd:influxdb', 'svc_systemd:influxdb:restart', - ] + }, } actions['setup_influxdb'] = { @@ -45,9 +45,9 @@ actions['setup_influxdb'] = { token=str(node.metadata.get('influxdb/admin_token')), ), 'unless': 'influx bucket list', - 'needs': [ + 'needs': { 'action:wait_for_influxdb_start', - ], + }, } files['/root/.influxdbv2/configs'] = { @@ -59,9 +59,9 @@ files['/root/.influxdbv2/configs'] = { 'active': True, }, }), - 'needs': [ + 'needs': { 'action:setup_influxdb', - ], + }, } for description, permissions in { @@ -71,7 +71,7 @@ for description, permissions in { actions[f'influxdb_{description}_token'] = { 'command': f'influx auth create --description {description} {permissions}', 'unless': f'''influx auth list --json | jq -r '.[] | select (.description == "{description}") | .token' | wc -l | grep -q ^1$''', - 'needs': [ + 'needs': { 'file:/root/.influxdbv2/configs', - ], + }, } diff --git a/bundles/influxdb2/metadata.py b/bundles/influxdb2/metadata.py index 0cb5808..467f8d1 100644 --- a/bundles/influxdb2/metadata.py +++ b/bundles/influxdb2/metadata.py @@ -5,9 +5,9 @@ defaults = { 'packages': { 'influxdb2': {}, }, - 'sources': [ + 'sources': { 'deb https://repos.influxdata.com/debian {release} stable', - ], + }, }, 'influxdb': { 'port': '8200', diff --git a/bundles/mailserver/metadata.py b/bundles/mailserver/metadata.py index c853a53..8f1ef24 100644 --- a/bundles/mailserver/metadata.py +++ b/bundles/mailserver/metadata.py @@ -45,8 +45,8 @@ def dns(metadata): for domain in metadata.get('mailserver/domains'): dns[domain] = { - 'MX': [f"5 {metadata.get('mailserver/hostname')}."], - 'TXT': ['v=spf1 a mx -all'], + 'MX': {f"5 {metadata.get('mailserver/hostname')}."}, + 'TXT': {'v=spf1 a mx -all'}, } return { diff --git a/bundles/network/metadata.py b/bundles/network/metadata.py index 8df11c7..0713172 100644 --- a/bundles/network/metadata.py +++ b/bundles/network/metadata.py @@ -1,15 +1,14 @@ from ipaddress import ip_interface defaults = { - 'network': { - } + 'network': {}, } @metadata_reactor.provides( 'systemd/units', ) -def units(metadata): +def network_units(metadata): units = {} for type, network in metadata.get('network').items(): diff --git a/bundles/nextcloud/items.py b/bundles/nextcloud/items.py index f0c65df..ec061db 100644 --- a/bundles/nextcloud/items.py +++ b/bundles/nextcloud/items.py @@ -39,13 +39,13 @@ actions['delete_nextcloud'] = { actions['extract_nextcloud'] = { 'command': f'tar xfvj /tmp/nextcloud-{version}.tar.bz2 --strip 1 -C /opt/nextcloud nextcloud', 'unless': f"""php -r 'include "/opt/nextcloud/version.php"; echo "$OC_VersionString";' | grep -q '^{version}$'""", - 'preceded_by': [ + 'preceded_by': { 'action:delete_nextcloud', f'download:/tmp/nextcloud-{version}.tar.bz2', - ], - 'needs': [ + }, + 'needs': { 'directory:/opt/nextcloud', - ], + }, } symlinks = { @@ -53,17 +53,17 @@ symlinks = { 'target': '/etc/nextcloud', 'owner': 'www-data', 'group': 'www-data', - 'needs': [ + 'needs': { 'action:extract_nextcloud', - ], + }, }, '/opt/nextcloud/userapps': { 'target': '/var/lib/nextcloud/.userapps', 'owner': 'www-data', 'group': 'www-data', - 'needs': [ + 'needs': { 'action:extract_nextcloud', - ], + }, }, } @@ -76,9 +76,9 @@ files = { 'context': { 'db_password': node.metadata.get('postgresql/roles/nextcloud/password'), }, - 'needs': [ + 'needs': { 'directory:/etc/nextcloud', - ], + }, }, } @@ -98,7 +98,7 @@ actions['install_nextcloud'] = { data_dir='/var/lib/nextcloud', ), 'unless': repo.libs.nextcloud.occ('status') + ' | grep -q "installed: true"', - 'needs': [ + 'needs': { 'directory:/etc/nextcloud', 'directory:/opt/nextcloud', 'directory:/var/lib/nextcloud', @@ -109,7 +109,7 @@ actions['install_nextcloud'] = { 'action:extract_nextcloud', 'file:/etc/nextcloud/managed.config.php', 'postgres_db:nextcloud', - ], + }, } # UPGRADE @@ -117,18 +117,18 @@ actions['install_nextcloud'] = { actions['upgrade_nextcloud'] = { 'command': repo.libs.nextcloud.occ('upgrade'), 'unless': "! " + repo.libs.nextcloud.occ('status') + ' | grep -q "Nextcloud or one of the apps require upgrade"', - 'needs': [ + 'needs': { 'action:install_nextcloud', - ], + }, } actions['nextcloud_add_missing_inidces'] = { 'command': repo.libs.nextcloud.occ('db:add-missing-indices'), - 'needs': [ + 'needs': { 'action:upgrade_nextcloud', - ], + }, 'triggered': True, - 'triggered_by': [ + 'triggered_by': { f'action:extract_nextcloud', - ], + }, } diff --git a/bundles/nextcloud/metadata.py b/bundles/nextcloud/metadata.py index c9b2440..07d4afa 100644 --- a/bundles/nextcloud/metadata.py +++ b/bundles/nextcloud/metadata.py @@ -19,7 +19,7 @@ defaults = { 'archive': { 'paths': { '/var/lib/nextcloud': { - 'exclude': [ + 'exclude': { '^appdata_', '^updater-', '^nextcloud\.log', @@ -27,7 +27,7 @@ defaults = { '^[^/]+/cache', '^[^/]+/files_versions', '^[^/]+/files_trashbin', - ], + }, }, }, }, @@ -56,9 +56,9 @@ defaults = { 'datasets': { 'tank/nextcloud': { 'mountpoint': '/var/lib/nextcloud', - 'needed_by': [ + 'needed_by': { 'bundle:nextcloud', - ], + }, }, }, }, diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py index 509376f..172d921 100644 --- a/bundles/nginx/items.py +++ b/bundles/nginx/items.py @@ -73,7 +73,7 @@ for name, config in node.metadata.get('nginx/vhosts').items(): server_name=name, **config.get('context', {}), ), - 'needs': [], + 'needs': set(), 'needed_by': { 'svc_systemd:nginx', 'svc_systemd:nginx:restart', @@ -84,6 +84,6 @@ for name, config in node.metadata.get('nginx/vhosts').items(): } if name in node.metadata.get('letsencrypt/domains'): - files[f'/etc/nginx/sites/{name}']['needs'].append( + files[f'/etc/nginx/sites/{name}']['needs'].add( f'action:letsencrypt_ensure-some-certificate_{name}', ) diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 2444ec9..89d74db 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -7,82 +7,10 @@ defaults = { }, }, 'nginx': { - 'default_vhosts': { - '80': { - 'listen': [ - '80', - '[::]:80', - ], - 'location /.well-known/acme-challenge/': { - 'alias': '/var/lib/dehydrated/acme-challenges/', - }, - 'location /': { - 'return': '301 https://$host$request_uri', - }, - }, - 'stub_status': { - 'listen': '127.0.0.1:22999 default_server', - 'server_name': '_', - 'stub_status': '', - }, - }, - 'vhosts': { - # '80': { - # 'content': 'nginx/80.conf', - # }, - # 'stub_status': { - # 'content': 'nginx/stub_status.conf', - # }, - }, - 'includes': {}, + 'vhosts': {}, }, } -@metadata_reactor.provides( - 'nginx/includes', -) -def includes(metadata): - return { - 'nginx': { - 'includes': { - 'php': { - 'location ~ \.php$': { - 'include': 'fastcgi.conf', - 'fastcgi_split_path_info': '^(.+\.php)(/.+)$', - 'fastcgi_pass': f"unix:/run/php/php{metadata.get('php/version')}-fpm.sock", - }, - }, - }, - }, - } - - -@metadata_reactor.provides( - 'nginx/vhosts', -) -def vhosts(metadata): - vhosts = {} - - for name, config in metadata.get('nginx/vhosts').items(): - vhosts[name] = { - 'server_name': name, - 'listen': [ - '443 ssl http2', - '[::]:443 ssl http2', - ], - 'ssl_certificate': f'/var/lib/dehydrated/certs/{name}/fullchain.pem', - 'ssl_certificate_key': f'/var/lib/dehydrated/certs/{name}/privkey.pem', - 'location /.well-known/acme-challenge/': { - 'alias': '/var/lib/dehydrated/acme-challenges/', - }, - } - - return { - 'nginx': { - 'vhosts': vhosts, - } - } - @metadata_reactor.provides( 'dns', diff --git a/bundles/opendkim/items.py b/bundles/opendkim/items.py index 668e97d..123206e 100644 --- a/bundles/opendkim/items.py +++ b/bundles/opendkim/items.py @@ -2,9 +2,9 @@ file_attributes = { 'owner': 'opendkim', 'group': 'opendkim', 'mode': '700', - 'triggers': [ + 'triggers': { 'svc_systemd:opendkim:restart', - ], + }, } users['opendkim'] = {} @@ -53,33 +53,12 @@ for domain in node.metadata.get('mailserver/domains'): **file_attributes, 'content': node.metadata.get(f'opendkim/keys/{domain}/private'), } - # files[f'/etc/opendkim/keys/{domain}/mail.txt'] = { - # **file_attributes, - # 'content_type': 'any', - # } - # actions[f'generate_{domain}_dkim_key'] = { - # 'command': ( - # f'sudo --user opendkim' - # f' opendkim-genkey' - # f' --selector=mail' - # f' --directory=/etc/opendkim/keys/{domain}' - # f' --domain={domain}' - # ), - # 'unless': f'test -f /etc/opendkim/keys/{domain}/mail.private', - # 'needs': [ - # 'svc_systemd:opendkim', - # f'directory:/etc/opendkim/keys/{domain}', - # ], - # 'triggers': [ - # 'svc_systemd:opendkim:restart', - # ], - # } svc_systemd['opendkim'] = { - 'needs': [ + 'needs': { 'pkg_apt:opendkim', 'file:/etc/opendkim.conf', 'file:/etc/opendkim/key_table', 'file:/etc/opendkim/signing_table', - ], + }, } diff --git a/bundles/opendkim/metadata.py b/bundles/opendkim/metadata.py index 2f4bb9e..f69a58a 100644 --- a/bundles/opendkim/metadata.py +++ b/bundles/opendkim/metadata.py @@ -15,13 +15,6 @@ defaults = { 'opendkim': { 'keys': {}, }, - 'dns': { - 'mail._domainkey.mail2.sublimity.de': { - 'TXT': [ - - ] - } - } } @@ -85,7 +78,7 @@ def dns(metadata): for domain, keys in metadata.get('opendkim/keys').items(): raw_key = sub('^ssh-rsa ', '', keys['public']) dns[f'mail._domainkey.{domain}'] = { - 'TXT': [f'v=DKIM1; k=rsa; p={raw_key}'], + 'TXT': {f'v=DKIM1; k=rsa; p={raw_key}'}, } return { diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py index cede88a..0f8b716 100644 --- a/bundles/postfix/items.py +++ b/bundles/postfix/items.py @@ -1,15 +1,15 @@ assert node.has_bundle('mailserver') file_options = { - 'needs': [ + 'needs': { 'pkg_apt:postfix', - ], - 'needed_by': [ + }, + 'needed_by': { 'svc_systemd:postfix', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:postfix:restart', - ], + }, } files = { @@ -41,39 +41,39 @@ files = { } svc_systemd['postfix'] = { - 'needs': [ + 'needs': { 'postgres_db:mailserver', - ], + }, } actions['test_postfix_config'] = { 'command': 'false', 'unless': "postconf check | grep -v 'symlink leaves directory' | wc -l | grep -q '^0$'", - 'needs': [ + 'needs': { 'svc_systemd:postfix', - ], + }, } actions['test_virtual_mailbox_domains'] = { 'command': 'false', 'unless': "postmap -q example.com pgsql:/etc/postfix/virtual_mailbox_domains.cf | grep -q '^example.com$'", - 'needs': [ + 'needs': { 'svc_systemd:postfix', 'action:mailserver_update_test_pw', - ], + }, } actions['test_virtual_mailbox_maps'] = { 'command': 'false', 'unless': "postmap -q bw_test_user@example.com pgsql:/etc/postfix/virtual_mailbox_maps.cf | grep -q '^bw_test_user@example.com$'", - 'needs': [ + 'needs': { 'svc_systemd:postfix', 'action:mailserver_update_test_pw', - ], + }, } actions['test_virtual_alias_maps'] = { 'command': 'false', 'unless': "postmap -q bw_test_alias@example.com pgsql:/etc/postfix/virtual_alias_maps.cf | grep -q '^somewhere@example.com$'", - 'needs': [ + 'needs': { 'svc_systemd:postfix', 'action:mailserver_update_test_pw', - ], + }, } diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 5f3e8df..91cf74a 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -6,9 +6,9 @@ defaults = { } }, 'backup': { - 'paths': [ + 'paths': { '/var/vmail', - ], + }, }, 'letsencrypt': { 'reload_after': { diff --git a/bundles/postgresql/items.py b/bundles/postgresql/items.py index 2468320..6718980 100644 --- a/bundles/postgresql/items.py +++ b/bundles/postgresql/items.py @@ -4,32 +4,32 @@ directories = { '/var/lib/postgresql': { 'owner': 'postgres', 'group': 'postgres', - 'needs': [ + 'needs': { 'zfs_dataset:tank/postgresql', - ], - 'needed_by': [ + }, + 'needed_by': { 'svc_systemd:postgresql', - ], + }, } } svc_systemd['postgresql'] = { - 'needs': [ + 'needs': { 'pkg_apt:postgresql', - ], + }, } for user, config in node.metadata.get('postgresql/roles').items(): postgres_roles[user] = merge_dict(config, { - 'needs': [ + 'needs': { 'svc_systemd:postgresql', - ], + }, }) for database, config in node.metadata.get('postgresql/databases').items(): postgres_dbs[database] = merge_dict(config, { - 'needs': [ + 'needs': { 'svc_systemd:postgresql', - ], + }, }) diff --git a/bundles/postgresql/metadata.py b/bundles/postgresql/metadata.py index 4cb476d..764c9b8 100644 --- a/bundles/postgresql/metadata.py +++ b/bundles/postgresql/metadata.py @@ -7,9 +7,9 @@ defaults = { }, }, 'backup': { - 'paths': [ + 'paths': { '/var/lib/postgresql', - ], + }, }, 'postgresql': { 'roles': { @@ -20,7 +20,7 @@ defaults = { }, 'databases': {}, }, - 'grafana_rows': [], + 'grafana_rows': {}, } if node.has_bundle('zfs'): diff --git a/bundles/roundcube/items.py b/bundles/roundcube/items.py index 5a5e6f3..fff5115 100644 --- a/bundles/roundcube/items.py +++ b/bundles/roundcube/items.py @@ -9,15 +9,15 @@ directories = { }, '/opt/roundcube/logs': { 'owner': 'www-data', - 'needs': [ + 'needs': { 'action:extract_roundcube', - ], + }, }, '/opt/roundcube/temp': { 'owner': 'www-data', - 'needs': [ + 'needs': { 'action:extract_roundcube', - ], + }, } } @@ -39,13 +39,13 @@ actions['extract_roundcube'] = { 'action:delete_roundcube', f'download:/tmp/roundcube-{version}.tar.gz', ], - 'needs': [ + 'needs': { 'directory:/opt/roundcube', - ], - 'triggers': [ + }, + 'triggers': { 'action:chown_roundcube', 'action:composer_install', - ], + }, } actions['chown_roundcube'] = { 'command': 'chown -R www-data /opt/roundcube', @@ -63,9 +63,9 @@ files = { 'database': node.metadata.get('roundcube/database'), 'plugins': node.metadata.get('roundcube/plugins'), }, - 'needs': [ + 'needs': { 'action:chown_roundcube', - ], + }, }, '/opt/roundcube/plugins/password/config.inc.php': { 'source': 'password.config.inc.php', @@ -73,16 +73,16 @@ files = { 'context': { 'mailserver_db_password': node.metadata.get('mailserver/database/password'), }, - 'needs': [ + 'needs': { 'action:chown_roundcube', - ], + }, }, } actions['composer_install'] = { 'command': "cp /opt/roundcube/composer.json-dist /opt/roundcube/composer.json && su www-data -s /bin/bash -c '/usr/bin/composer -d /opt/roundcube install'", 'triggered': True, - 'needs': [ + 'needs': { 'action:chown_roundcube', - ], + }, } diff --git a/bundles/roundcube/metadata.py b/bundles/roundcube/metadata.py index f6b8579..c5ab00a 100644 --- a/bundles/roundcube/metadata.py +++ b/bundles/roundcube/metadata.py @@ -52,7 +52,7 @@ defaults = { }, }, 'sudoers': { - 'www-data': ['/usr/bin/doveadm pw -s ARGON2ID'], + 'www-data': {'/usr/bin/doveadm pw -s ARGON2ID'}, }, } diff --git a/bundles/ssh/items.py b/bundles/ssh/items.py index 4771d5a..5ed5ba6 100644 --- a/bundles/ssh/items.py +++ b/bundles/ssh/items.py @@ -1,11 +1,11 @@ files['/etc/ssh/sshd_config'] = { - 'triggers': [ - 'svc_systemd:ssh:restart' - ], + 'triggers': { + 'svc_systemd:ssh:restart', + }, } svc_systemd['ssh'] = { - 'needs': [ + 'needs': { 'tag:ssh_users', - ], + }, } diff --git a/bundles/sudo/metadata.py b/bundles/sudo/metadata.py index 61dfabf..f631ca5 100644 --- a/bundles/sudo/metadata.py +++ b/bundles/sudo/metadata.py @@ -5,6 +5,6 @@ defaults = { }, }, 'sudoers': { - 'root': ['ALL'], + 'root': {'ALL'}, }, } diff --git a/bundles/systemd-timers/items.py b/bundles/systemd-timers/items.py deleted file mode 100644 index 8ea5f8c..0000000 --- a/bundles/systemd-timers/items.py +++ /dev/null @@ -1,27 +0,0 @@ -# # svc_systemd['cron'] = { -# # 'enabled': False, -# # } -# -# for name, config in node.metadata.get('systemd-timers').items(): -# files[f'/etc/systemd/system/{name}.timer'] = { -# 'content': repo.libs.systemd.generate_unitfile({ -# 'Unit':{ -# 'Description': f'{name} timer', -# }, -# 'Timer': { -# 'OnCalendar': config['when'], -# 'Persistent': config.get('persistent', False), -# 'Unit': f'{name}.service', -# }, -# 'Install': { -# 'WantedBy': 'multi-user.target', -# } -# }), -# 'triggers': [ -# 'action:systemd-reload', -# f'svc_systemd:{name}:restart', -# ], -# } -# -# svc_systemd[f'{name}.timer'] = {} -# # diff --git a/bundles/systemd/items.py b/bundles/systemd/items.py index 4a95e5e..a337836 100644 --- a/bundles/systemd/items.py +++ b/bundles/systemd/items.py @@ -14,16 +14,16 @@ for name, unit in node.metadata.get('systemd/units').items(): if extension in ['netdev', 'network']: path = f'/etc/systemd/network/{name}' dependencies = { - 'triggers': [ + 'triggers': { 'svc_systemd:systemd-networkd:restart', - ], + }, } elif extension in ['timer', 'service']: path = f'/etc/systemd/system/{name}' dependencies = { - 'triggers': [ + 'triggers': { "action:systemd-reload", - ], + }, } files[path] = { @@ -33,7 +33,7 @@ for name, unit in node.metadata.get('systemd/units').items(): for name, config in node.metadata.get('systemd/services').items(): svc_systemd[name] = merge_dict(config, { - 'needs': [ + 'needs': { 'action:systemd-reload', - ], + }, }) diff --git a/bundles/telegraf/items.py b/bundles/telegraf/items.py index 2b6bf84..1a58ab4 100644 --- a/bundles/telegraf/items.py +++ b/bundles/telegraf/items.py @@ -2,14 +2,14 @@ from tomlkit import dumps files['/etc/telegraf/telegraf.conf'] = { 'content': dumps(node.metadata.get('telegraf/config'), sort_keys=True), - 'triggers': [ + 'triggers': { 'svc_systemd:telegraf:restart', - ], + }, } svc_systemd['telegraf'] = { - 'needs': [ + 'needs': { 'file:/etc/telegraf/telegraf.conf', 'pkg_apt:telegraf', - ], + }, } diff --git a/bundles/telegraf/metadata.py b/bundles/telegraf/metadata.py index 41e6743..228d788 100644 --- a/bundles/telegraf/metadata.py +++ b/bundles/telegraf/metadata.py @@ -3,11 +3,11 @@ defaults = { 'packages': { 'telegraf': {}, }, - 'sources': [ + 'sources': { # FIXME # 'deb https://repos.influxdata.com/debian {release} stable', 'deb https://repos.influxdata.com/debian buster stable', - ], + }, }, 'telegraf': { 'config': { diff --git a/bundles/users/items.py b/bundles/users/items.py index 730c8db..eb34b37 100644 --- a/bundles/users/items.py +++ b/bundles/users/items.py @@ -11,25 +11,25 @@ for name, config in node.metadata.get('users').items(): 'content': config['privkey'] + '\n', 'owner': name, 'mode': '0600', - 'tags': [ + 'tags': { 'ssh_users', - ], + }, } files[f"{config['home']}/.ssh/id_{config['keytype']}.pub"] = { 'content': config['pubkey'] + '\n', 'owner': name, 'mode': '0600', - 'tags': [ + 'tags': { 'ssh_users', - ], + }, } files[config['home'] + '/.ssh/authorized_keys'] = { 'content': '\n'.join(sorted(config['authorized_keys'])) + '\n', 'owner': name, 'mode': '0600', - 'tags': [ + 'tags': { 'ssh_users', - ], + }, } users[name] = config diff --git a/bundles/wireguard/items.py b/bundles/wireguard/items.py index 609bddc..7de1d37 100644 --- a/bundles/wireguard/items.py +++ b/bundles/wireguard/items.py @@ -1,3 +1 @@ -from ipaddress import ip_network - repo.libs.tools.require_bundle(node, 'systemd-networkd') diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index b2d782d..8b90c72 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -10,12 +10,12 @@ defaults = { 'linux-headers-amd64': {}, 'wireguard': { 'backports': node.os_version < (11,), - 'needs': [ + 'needs': { 'pkg_apt:linux-headers-amd64', - ], - 'triggers': [ + }, + 'triggers': { 'svc_systemd:systemd-networkd:restart', - ], + }, }, }, }, diff --git a/bundles/zfs/items.py b/bundles/zfs/items.py index 1d3fe18..7be9fa6 100644 --- a/bundles/zfs/items.py +++ b/bundles/zfs/items.py @@ -30,7 +30,7 @@ actions = { svc_systemd = { 'zfs-zed': { 'needs': { - 'pkg_apt:zfs-zed' + 'pkg_apt:zfs-zed', }, }, } @@ -45,7 +45,7 @@ for name, config in node.metadata.get('zfs/pools', {}).items(): actions[f'pool_{name}_enable_trim'] = { 'command': f'zpool set autotrim=on {name}', 'unless': f'zpool get autotrim -H -o value {name} | grep -q on', - 'needs': [ - f'zfs_pool:{name}' - ] + 'needs': { + f'zfs_pool:{name}', + }, } diff --git a/bundles/zfs/metadata.py b/bundles/zfs/metadata.py index 43543e0..3e89c80 100644 --- a/bundles/zfs/metadata.py +++ b/bundles/zfs/metadata.py @@ -103,10 +103,10 @@ def dataset_defaults(metadata): def backup(metadata): return { 'backup': { - 'paths': [ + 'paths': { options['mountpoint'] for options in metadata.get('zfs/datasets').values() if options.get('backup', True) - ], + }, }, } diff --git a/bundles/zsh/items.py b/bundles/zsh/items.py index d39336e..438ca7d 100644 --- a/bundles/zsh/items.py +++ b/bundles/zsh/items.py @@ -13,9 +13,9 @@ for name, user_config in node.metadata.get('users').items(): }, join(user_config['home'], '.zsh/oh-my-zsh/custom/plugins/zsh-autosuggestions'): { 'owner': name, - 'needs': [ + 'needs': { f"git_deploy:{join(user_config['home'], '.zsh/oh-my-zsh')}", - ] + }, }, } @@ -38,9 +38,9 @@ for name, user_config in node.metadata.get('users').items(): }, join(user_config['home'], '.zsh/oh-my-zsh/themes/bw.zsh-theme'): { 'owner': name, - 'needs': [ + 'needs': { f"git_deploy:{join(user_config['home'], '.zsh/oh-my-zsh')}", - ] + }, }, } diff --git a/groups/all.py b/groups/all.py index 14ad117..23679d4 100644 --- a/groups/all.py +++ b/groups/all.py @@ -1,20 +1,20 @@ { - 'bundles': [ + 'bundles': { 'sudo', 'users', 'zsh', - ], + }, 'metadata': { 'dns': {}, - 'nameservers': [ + 'nameservers': { '10.0.10.2', - ], + }, 'users': { 'root': { 'shell': '/usr/bin/zsh', - 'authorized_keys': [ + 'authorized_keys': { 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEU1l2ijW3ZqzFGZcdWg2ESgTGehdNfBTfafxsjWvWdS mwiegand@macbook', - ], + }, }, }, } diff --git a/groups/applications/archive.py b/groups/applications/archive.py index 237d004..fed64d8 100644 --- a/groups/applications/archive.py +++ b/groups/applications/archive.py @@ -1,10 +1,10 @@ { - 'supergroups': [ + 'supergroups': { 'gcloud', - ], - 'bundles': [ + }, + 'bundles': { 'archive', 'gocryptfs', 'gocryptfs-inspect', - ], + }, } diff --git a/groups/applications/backup-server.py b/groups/applications/backup-server.py index 1dd9a2f..e284d9d 100644 --- a/groups/applications/backup-server.py +++ b/groups/applications/backup-server.py @@ -1,6 +1,6 @@ { - 'bundles': [ + 'bundles': { 'backup-server', 'zfs', - ], + }, } diff --git a/groups/applications/backup.py b/groups/applications/backup.py index 369925e..6b5134f 100644 --- a/groups/applications/backup.py +++ b/groups/applications/backup.py @@ -1,7 +1,7 @@ { - 'bundles': [ + 'bundles': { 'backup', - ], + }, 'metadata': { 'backup': { 'server': 'home.backups', diff --git a/groups/applications/dnsserver.py b/groups/applications/dnsserver.py index 68c889c..3e4edf8 100644 --- a/groups/applications/dnsserver.py +++ b/groups/applications/dnsserver.py @@ -1,5 +1,5 @@ { - 'bundles': [ + 'bundles': { 'bind', - ], + }, } diff --git a/groups/applications/gcloud.py b/groups/applications/gcloud.py index 33f29af..263b5b8 100644 --- a/groups/applications/gcloud.py +++ b/groups/applications/gcloud.py @@ -1,7 +1,7 @@ { - 'bundles': [ + 'bundles': { 'gcloud', - ], + }, 'metadata': { 'gcloud': { 'service_account': 'backup', diff --git a/groups/applications/mailserver.py b/groups/applications/mailserver.py index 8025893..e21442b 100644 --- a/groups/applications/mailserver.py +++ b/groups/applications/mailserver.py @@ -1,5 +1,5 @@ { - 'bundles': [ + 'bundles': { 'opendkim', 'dovecot', 'letsencrypt', @@ -11,5 +11,5 @@ 'redis', 'roundcube', 'rspamd', - ], + }, } diff --git a/groups/applications/monitored.py b/groups/applications/monitored.py index ccf4ee8..9e548b0 100644 --- a/groups/applications/monitored.py +++ b/groups/applications/monitored.py @@ -1,7 +1,7 @@ { - 'bundles': [ + 'bundles': { 'telegraf', - ], + }, 'metadata': { 'telegraf': { 'influxdb_node': 'home.server', diff --git a/groups/applications/nextcloud.py b/groups/applications/nextcloud.py index 626a331..305cd80 100644 --- a/groups/applications/nextcloud.py +++ b/groups/applications/nextcloud.py @@ -1,6 +1,6 @@ { - 'bundles': [ + 'bundles': { 'nextcloud', 'php', - ], + }, } diff --git a/groups/applications/webserver.py b/groups/applications/webserver.py index 70fb0e8..a26c38c 100644 --- a/groups/applications/webserver.py +++ b/groups/applications/webserver.py @@ -1,6 +1,6 @@ { - 'bundles': [ + 'bundles': { 'nginx', 'letsencrypt', - ], + }, } diff --git a/groups/hardware/hetzner-cloud.py b/groups/hardware/hetzner-cloud.py deleted file mode 100644 index eb1d2a4..0000000 --- a/groups/hardware/hetzner-cloud.py +++ /dev/null @@ -1,5 +0,0 @@ -{ - 'bundles': [ - 'hetzner-cloud', - ], -} diff --git a/groups/os/debian-10.py b/groups/os/debian-10.py index 6f72004..4f415f0 100644 --- a/groups/os/debian-10.py +++ b/groups/os/debian-10.py @@ -1,12 +1,12 @@ { - 'supergroups': [ + 'supergroups': { 'debian', - ], + }, 'metadata': { 'apt': { - 'sources': [ + 'sources': { 'deb http://security.debian.org/debian-security {release}/updates main contrib non-free', - ], + }, }, 'php': { 'version': '7.3', diff --git a/groups/os/debian-11.py b/groups/os/debian-11.py index 731b69c..d358bc3 100644 --- a/groups/os/debian-11.py +++ b/groups/os/debian-11.py @@ -1,12 +1,12 @@ { - 'supergroups': [ + 'supergroups': { 'debian', - ], + }, 'metadata': { 'apt': { - 'sources': [ + 'sources': { 'deb http://security.debian.org/ {release}-security main contrib non-free', - ], + }, }, 'php': { 'version': '7.4', diff --git a/groups/os/debian.py b/groups/os/debian.py index 7f80d9f..85259c1 100644 --- a/groups/os/debian.py +++ b/groups/os/debian.py @@ -1,17 +1,17 @@ { - 'supergroups': [ + 'supergroups': { 'linux', - ], - 'bundles': [ + }, + 'bundles': { 'apt', - ], + }, 'metadata': { 'apt': { - 'sources': [ + 'sources': { 'deb http://deb.debian.org/debian {release} main non-free contrib', 'deb http://deb.debian.org/debian {release}-updates main contrib non-free', 'deb http://deb.debian.org/debian {release}-backports main contrib non-free', - ], + }, 'packages': { 'mtr-tiny': {}, }, diff --git a/groups/os/linux.py b/groups/os/linux.py index 71e8dc2..27f5fab 100644 --- a/groups/os/linux.py +++ b/groups/os/linux.py @@ -1,8 +1,8 @@ { - 'supergroups': [ + 'supergroups': { 'all', - ], - 'bundles': [ + }, + 'bundles': { 'hostname', 'hosts', 'network', @@ -10,14 +10,14 @@ 'systemd', 'systemd-networkd', 'systemd-timers', - ], + }, 'metadata': { 'hosts': { - '10.0.10.2': [ + '10.0.10.2': { 'resolver.name', 'first.resolver.name', 'second.resolver.name', - ], + }, }, }, } diff --git a/nodes/home.backups.py b/nodes/home.backups.py index 3aeaadc..ded6000 100644 --- a/nodes/home.backups.py +++ b/nodes/home.backups.py @@ -1,13 +1,13 @@ { 'hostname': '10.0.0.5', - 'groups': [ + 'groups': { 'debian-10', 'backup-server', 'monitored', - ], - 'bundles': [ + }, + 'bundles': { 'zfs', - ], + }, 'metadata': { 'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5', 'network': { @@ -23,11 +23,11 @@ 'zfs': { 'pools': { 'tank': { - 'raidz': [ + 'raidz': { '/dev/disk/by-id/ata-HGST_HDN726040ALE614_K3GV6TPL', '/dev/disk/by-id/ata-HGST_HDN726040ALE614_K4KAJXEB', '/dev/disk/by-id/ata-TOSHIBA_HDWQ140_19VZK0EMFAYG', - ], + }, }, }, }, diff --git a/nodes/home.server.py b/nodes/home.server.py index 59ff42a..c73906a 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -1,13 +1,13 @@ { 'hostname': '10.0.0.2', - 'groups': [ + 'groups': { 'backup', 'debian-10', 'nextcloud', 'monitored', 'webserver', - ], - 'bundles': [ + }, + 'bundles': { 'gitea', 'grafana', 'influxdb2', @@ -16,7 +16,7 @@ 'redis', 'wireguard', 'zfs', - ], + }, 'metadata': { 'id': 'af96709e-b13f-4965-a588-ef2cd476437a', 'network': { @@ -61,20 +61,20 @@ 'my_ip': '172.30.0.2/24', 'peers': { 'htz.mails': { - 'route': [ + 'route': { '10.0.10.0/24', '10.0.11.0/24', - ], + }, }, }, }, 'zfs': { 'pools': { 'tank': { - 'mirrors': [ + 'mirrors': [[ '/dev/disk/by-partlabel/zfs-data-1', '/dev/disk/by-partlabel/zfs-data-2', - ], + ]], }, }, }, diff --git a/nodes/htz.games.py b/nodes/htz.games.py index ad7c720..865b118 100644 --- a/nodes/htz.games.py +++ b/nodes/htz.games.py @@ -1,13 +1,13 @@ { 'dummy': True, - 'groups': [ + 'groups': { 'backup', 'debian-10', - ], - 'bundles': [ + }, + 'bundles': { 'steam', 'l4d2', - ], + }, 'metadata': { 'id': '353bb086-f3ce-4f36-8533-e91786c91ed9', }, diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index db4dd6e..4be11bc 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -1,18 +1,17 @@ { 'hostname': '162.55.188.157', - 'groups': [ + 'groups': { 'backup', - 'hetzner-cloud', 'debian-11', 'mailserver', 'monitored', 'webserver', 'dnsserver', - ], - 'bundles': [ + }, + 'bundles': { 'wireguard', 'zfs', - ], + }, 'metadata': { 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'network': { @@ -46,12 +45,12 @@ }, 'dns': { 'ckn.li': { - 'A': ['162.55.188.157'], - 'AAAA': ['2a01:4f8:1c1c:4121::2'], + 'A': {'162.55.188.157'}, + 'AAAA': {'2a01:4f8:1c1c:4121::2'}, }, 'freibrief.net': { - 'A': ['162.55.188.157'], - 'AAAA': ['2a01:4f8:1c1c:4121::2'], + 'A': {'162.55.188.157'}, + 'AAAA': {'2a01:4f8:1c1c:4121::2'}, }, }, 'letsencrypt': { @@ -64,7 +63,7 @@ 'mailserver': { 'hostname': 'mail.sublimity.de', 'admin_email': 'postmaster@sublimity.de', - 'domains': [ + 'domains': { 'ckn.li', 'sublimity.de', 'freibrief.net', @@ -74,7 +73,7 @@ 'wettengl.net', 'wingl.de', 'woodpipe.de', - ], + }, }, 'nginx': { 'vhosts': { @@ -122,12 +121,12 @@ }, 'users': { 'root': { - 'authorized_users': [ + 'authorized_users': { 'root@home.server', - ], - 'authorized_keys': [ + }, + 'authorized_keys': { 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHMKTJLw6Cb+MLt+9JFOkuo2QBpuA8EoTKOFpb3IFQHEq19YLMzOhcErWmzaRfiCnILhnwTQz0njS+n9Qu4aghk= root@mail.sublimity.de' - ], + }, }, }, 'vm': { @@ -138,16 +137,16 @@ 'my_ip': '172.30.0.1/24', 'peers': { 'home.server': { - 'route': [ + 'route': { '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', - ], + }, }, 'netcup.secondary': { - 'route': [ + 'route': { '10.0.11.0/24', - ], + }, }, }, }, diff --git a/nodes/netcup.secondary.py b/nodes/netcup.secondary.py index 02d5f0b..f1eec17 100644 --- a/nodes/netcup.secondary.py +++ b/nodes/netcup.secondary.py @@ -1,12 +1,12 @@ { 'hostname': '46.38.240.85', - 'groups': [ + 'groups': { 'debian-10', 'dnsserver', - ], - 'bundles': [ + }, + 'bundles': { 'wireguard', - ], + }, 'metadata': { 'id': '890848b2-a900-4f74-ad5b-b811fbb4f0bc', 'network': { @@ -34,12 +34,12 @@ 'my_ip': '172.30.0.3/24', 'peers': { 'htz.mails': { - 'route': [ + 'route': { '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', '10.0.10.0/24', - ], + }, }, }, },