wip

2021-06-19 21:54:30 +02:00 · 2021-06-19 21:54:30 +02:00 · 3d334dfcaf
commit 3d334dfcaf
parent 0d53b03494
9 changed files with 95 additions and 3 deletions
--- a/bundles/archive/README.md
+++ b/bundles/archive/README.md
@ -0,0 +1,10 @@
+```
+defaults = {
+    'archive': {
+        'exclude': [
+          '\.cache/',
+          '\.log$',
+        ],
+    },
+}
+```
--- a/bundles/archive/metadata.py
+++ b/bundles/archive/metadata.py
@ -1,4 +1,20 @@
 defaults = {
-    'backup': [],
    'archive': {},
 }
+
+
+@metadata_reactor.provides(
+    'gocryptfs',
+)
+def gocryptfs(metadata):
+    gocryptfs = {}
+    
+    for path in metadata.get('archive'):
+        gocryptfs[path] = {
+            'mountpoint': f'/mnt/gocryptfs{path}',
+            'reverse': True,
+        } 
+
+    return {
+        'gocryptfs': gocryptfs,
+    }
--- a/bundles/gocryptfs/items.py
+++ b/bundles/gocryptfs/items.py
@ -0,0 +1,40 @@
+from hashlib import sha3_256
+from base64 import b64decode, b64encode
+from binascii import hexlify
+from uuid import UUID
+from json import dumps
+
+id = node.metadata.get('id')
+
+directories['/etc/gocryptfs'] = {
+    'purge': True,
+}
+
+files['/etc/gocryptfs/masterkey'] = {
+    'content': hexlify(b64decode(
+        str(repo.vault.random_bytes_as_base64_for(id, length=32))
+    )),
+    'mode': '500',
+}
+
+files['/etc/gocryptfs/gocryptfs.conf'] = {
+    'content': dumps({
+    	'Version': 2,
+    	'Creator': 'gocryptfs 1.6.1',
+    	'ScryptObject': {
+    		'Salt': b64encode(
+                sha3_256(UUID(id).bytes).digest()
+            ).decode(),
+    		'N': 65536,
+    		'R': 8,
+    		'P': 1,
+    		'KeyLen': 32,
+    	},
+    	'FeatureFlags': [
+    		'GCMIV128',
+    		'HKDF',
+    		'PlaintextNames',
+    		'AESSIV',
+    	]
+    }, indent=4, sort_keys=True)
+}
--- a/bundles/gocryptfs/metadata.py
+++ b/bundles/gocryptfs/metadata.py
@ -0,0 +1,18 @@
+defaults = {
+    'gocryptfs': {},
+}
+
+
+@metadata_reactor.provides(
+    'gocryptfs',
+)
+def gocryptfs(metadata):
+    gocryptfs = {}
+    
+    for path, options in metadata.get('gocryptfs'):
+        gocryptfs[path] = {
+        } 
+
+    return {
+        'gocryptfs': gocryptfs,
+    }
--- a/groups/applications/archive.py
+++ b/groups/applications/archive.py
@ -4,5 +4,6 @@
    ],
    'bundles': [
        'archive',
+        'gocryptfs',
    ],
 }
--- a/nodes/home.backups.py
+++ b/nodes/home.backups.py
@ -2,5 +2,7 @@
    'groups': [
        'debian-10',
    ],
-    'metadata': {},
+    'metadata': {
+        'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5',
+    },
 }
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -11,6 +11,7 @@
        'wireguard',
    ],
    'metadata': {
+        'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
        'network': {
            'interface': 'enp1s0f0',
            'ipv4': '10.0.0.2/24',
--- a/nodes/htz.games.py
+++ b/nodes/htz.games.py
@ -6,5 +6,7 @@
        'steam',
        'l4d2',
    ],
-    'metadata': {},
+    'metadata': {
+        'id': '353bb086-f3ce-4f36-8533-e91786c91ed9',
+    },
 }
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -1,6 +1,7 @@
 {
    'hostname': '162.55.188.157',
    'groups': [
+        'archive',
        'hetzner-cloud',
        'debian-10',
        'mailserver',
@ -27,6 +28,7 @@
                'ckn.li': [],
            },
        },
+        'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
        'network': {
            'interface': 'eth0',
            'ipv4': '162.55.188.157/32',