wip

bundles/gocryptfs-inspect/items.py

@@ -1,6 +0,0 @@
-directories['/opt/gocryptfs-inspect'] = {}
-
-git_deploy['/opt/gocryptfs-inspect'] = {
-    'repo': 'https://github.com/slackner/gocryptfs-inspect.git',
-    'rev': 'ecd296c8f014bf18f5889e3cb9cb64807ff6b9c4',
-}

bundles/gocryptfs-inspect/metadata.py

@@ -1,7 +0,0 @@
-defaults = {
-    'apt': {
-        'packages': {
-            'python3-pycryptodome': {},
-        },
-    },
-}

bundles/gocryptfs/items.py

@@ -1,43 +0,0 @@
-from json import dumps
-
-directories['/etc/gocryptfs'] = {
-    'purge': True,
-}
-
-files['/etc/gocryptfs/masterkey'] = {
-    'content': node.metadata.get('gocryptfs/masterkey'),
-    'mode': '500',
-}
-
-files['/etc/gocryptfs/gocryptfs.conf'] = {
-    'content': dumps({
-    	'Version': 2,
-    	'Creator': 'gocryptfs 1.6.1',
-    	'ScryptObject': {
-    		'Salt': node.metadata.get('gocryptfs/salt'),
-    		'N': 65536,
-    		'R': 8,
-    		'P': 1,
-    		'KeyLen': 32,
-    	},
-    	'FeatureFlags': [
-    		'GCMIV128',
-    		'HKDF',
-    		'PlaintextNames',
-    		'AESSIV',
-    	]
-    }, indent=4, sort_keys=True)
-}
-
-for path, options in node.metadata.get('gocryptfs/paths').items():
-    directories[options['mountpoint']] = {
-        'owner': None,
-        'group': None,
-        'mode': None,
-        'preceded_by': [
-            f'svc_systemd:gocryptfs-{options["id"]}:stop',
-        ],
-        'needed_by': [
-            f'svc_systemd:gocryptfs-{options["id"]}',
-        ],
-    }

bundles/gocryptfs/metadata.py

@@ -1,103 +0,0 @@
-from hashlib import sha3_256
-from base64 import b64decode, b64encode
-from binascii import hexlify
-from uuid import UUID
-
-defaults = {
-    'apt': {
-        'packages': {
-            'gocryptfs': {},
-            'fuse': {},
-            'socat': {},
-        },
-    },
-    'gocryptfs': {
-        'paths': {},
-    },
-}
-
-
-@metadata_reactor.provides(
-    'gocryptfs',
-)
-def config(metadata):
-    return {
-        'gocryptfs': {
-            'masterkey': hexlify(b64decode(
-                str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32))
-            )).decode(),
-            'salt': b64encode(
-                sha3_256(UUID(metadata.get('id')).bytes).digest()
-            ).decode(),
-        },
-    }
-
-
-@metadata_reactor.provides(
-    'gocryptfs',
-)
-def paths(metadata):
-    paths = {}
-    
-    for path, options in metadata.get('gocryptfs/paths').items():
-        paths[path] = {
-            'id': hexlify(sha3_256(path.encode()).digest()[:8]).decode(),
-        }
-    
-    return {
-        'gocryptfs': {
-            'paths': paths,
-        },
-    }
-
-
-
-@metadata_reactor.provides(
-    'systemd/services',
-)
-def systemd(metadata):
-    services = {}
-    
-    for path, options in metadata.get('gocryptfs/paths').items():
-        services[f'gocryptfs-{options["id"]}'] = {
-            'content': {
-                'Unit': {
-                    'Description': f'gocryptfs@{path} ({options["id"]})',
-                    'After': {
-                      'filesystem.target',
-                      'zfs.target',
-                    },
-                },
-                'Service': {
-                    'RuntimeDirectory': 'gocryptfs',
-                    'Environment': {
-                        'MASTERKEY': metadata.get('gocryptfs/masterkey'),
-                        'SOCKET': f'/var/run/gocryptfs/{options["id"]}',
-                        'PLAIN': path,
-                        'CIPHER': options["mountpoint"]
-                    },
-                    'ExecStart': [
-                        '/usr/bin/gocryptfs -fg -plaintextnames -reverse -masterkey $MASTERKEY -ctlsock $SOCKET $PLAIN $CIPHER',
-                    ],
-                    'ExecStopPost': [
-                        '/usr/bin/umount $CIPHER'
-                    ],
-                },
-            },
-            'needs': [
-                'pkg_apt:gocryptfs',
-                'pkg_apt:fuse',
-                'pkg_apt:socat',
-                'file:/etc/gocryptfs/masterkey',
-                'file:/etc/gocryptfs/gocryptfs.conf',
-            ],
-            'triggers': [
-                f'svc_systemd:gocryptfs-{options["id"]}:restart',
-            ],
-        }
-
-    return {
-        'systemd': {
-            'services': services,
-        },
-    }

bundles/systemd/metadata.py

@@ -7,16 +7,19 @@ defaults = {
 
 
 # create a svc_sytemd item for each .service and .timer unit
-@metadata_reactor#.provides(
+@metadata_reactor.provides(
-#    'systemd/services',
+    'systemd/services',
-#)
+)
 def unit_services(metadata):
     services = {}
     
+    
     for name, config in metadata.get('systemd/units').items():
         if name.split('.')[-1] not in ['timer', 'service']:
             continue
         
+        print(name)
+        
         services[name] = config['item']
         services[name].setdefault('needs', []).append(f"file:{config['path']}")
 
@@ -32,10 +35,12 @@ def unit_services(metadata):
     'systemd/units',
 )
 def unit_defaults(metadata):
+    
     units = {}
     
     for name in metadata.get('systemd/units').keys():
         extension = name.split('.')[-1]
+        print('----------------', name)
 
         if extension in ['netdev', 'network']:
             units[name] = {