From 6751cd0b445c1c3e76155976822560c8a1b69452 Mon Sep 17 00:00:00 2001
From: cronekorkn <git@ckn.li>
Date: Wed, 18 Sep 2024 11:24:58 +0200
Subject: [PATCH] wip

---
 .../icinga2/files/conf.d/notifications.conf   |   8 +-
 bundles/kea-dhcpd/items.py                    |  20 ++++
 bundles/kea-dhcpd/metadata.py                 |  37 ++++++
 bundles/left4dead2/files/server.cfg           |  18 +--
 bundles/linux/items.py                        |  43 +++++++
 bundles/linux/metadata.py                     |   3 +
 .../files/autodiscover.php                    |  22 ++--
 bundles/roundcube/files/config.inc.php        | 106 +++++++++---------
 .../roundcube/files/password.config.inc.php   |   2 +-
 groups/os/linux.py                            |   1 +
 libs/tools.py                                 |   1 +
 nodes/home.router.py                          |  45 ++++++--
 nodes/home.server.py                          |   2 +-
 nodes/mseibert.freescout.py                   |   2 +-
 14 files changed, 221 insertions(+), 89 deletions(-)
 create mode 100644 bundles/kea-dhcpd/items.py
 create mode 100644 bundles/kea-dhcpd/metadata.py
 create mode 100644 bundles/linux/items.py
 create mode 100644 bundles/linux/metadata.py

diff --git a/bundles/icinga2/files/conf.d/notifications.conf b/bundles/icinga2/files/conf.d/notifications.conf
index ac65875..40c75dd 100644
--- a/bundles/icinga2/files/conf.d/notifications.conf
+++ b/bundles/icinga2/files/conf.d/notifications.conf
@@ -13,9 +13,9 @@ apply Notification "mail-icingaadmin" to Host {
   user_groups = host.vars.notification.mail.groups
   users = host.vars.notification.mail.users
 
-  //interval = 2h
 
-  //vars.notification_logtosyslog = true
+
+
 
   assign where host.vars.notification.mail
 }
@@ -25,9 +25,9 @@ apply Notification "mail-icingaadmin" to Service {
   user_groups = host.vars.notification.mail.groups
   users = host.vars.notification.mail.users
 
-  //interval = 2h
 
-  //vars.notification_logtosyslog = true
+
+
 
   assign where host.vars.notification.mail
 }
diff --git a/bundles/kea-dhcpd/items.py b/bundles/kea-dhcpd/items.py
new file mode 100644
index 0000000..f1ed971
--- /dev/null
+++ b/bundles/kea-dhcpd/items.py
@@ -0,0 +1,20 @@
+from json import dumps
+from bundlewrap.metadata import MetadataJSONEncoder
+
+files = {
+    '/etc/kea/kea-dhcp4.conf': {
+        'content': dumps(node.metadata.get('kea'), indent=4, sort_keys=True, cls=MetadataJSONEncoder),
+        'triggers': [
+            'svc_systemd:kea-dhcp4-server:restart',
+        ],
+    },
+}
+
+svc_systemd = {
+    'kea-dhcp4-server': {
+        'needs': [
+            'pkg_apt:kea-dhcp4-server',
+            'file:/etc/kea/kea-dhcp4.conf',
+        ],
+    },
+}
diff --git a/bundles/kea-dhcpd/metadata.py b/bundles/kea-dhcpd/metadata.py
new file mode 100644
index 0000000..860c04e
--- /dev/null
+++ b/bundles/kea-dhcpd/metadata.py
@@ -0,0 +1,37 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'kea-dhcp4-server': {},
+        },
+    },
+    'kea': {
+        'Dhcp4': {
+            'interfaces-config': {
+                'interfaces': [],
+            },
+            'lease-database': {
+                'type': 'memfile',
+                'lfc-interval': 3600
+            },
+            'subnet4': [],
+            'loggers': [
+                {
+                    'name': 'kea-dhcp4',
+                    'output_options': [
+                        {
+                            'output': 'syslog',
+                        }
+                    ],
+                    'severity': 'INFO',
+                },
+            ],
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+
+)
+def subnets(metadata):
+    pass
diff --git a/bundles/left4dead2/files/server.cfg b/bundles/left4dead2/files/server.cfg
index 9201575..9f60c4b 100644
--- a/bundles/left4dead2/files/server.cfg
+++ b/bundles/left4dead2/files/server.cfg
@@ -1,36 +1,36 @@
 hostname "CroneKorkN : ${name}"
 sv_contact "admin@sublimity.de"
 
-// assign serevr to steam group
+
 sv_steamgroup "${','.join(steamgroups)}"
 
 rcon_password "${rcon_password}"
 
-// no annoying message of the day
+
 motd_enabled 0
 
-// enable cheats
+
 sv_cheats 1
 
-// allow inconsistent files on clients (weapon mods for example)
+
 sv_consistency 0
 
-// connect from internet
+
 sv_lan 0
 
-// join game at any point
+
 sv_allow_lobby_connect_only 0
 
-// allowed modes
+
 sv_gametypes "coop,realism,survival,versus,teamversus,scavenge,teamscavenge"
 
-// network
+
 sv_minrate 30000
 sv_maxrate 60000
 sv_mincmdrate 66
 sv_maxcmdrate 101
 
-// logging
+
 sv_logsdir "logs-${name}"        //Folder in the game directory where server logs will be stored.
 log on            //Creates a logfile (on | off)
 sv_logecho 0            //default 0; Echo log information to the console.
diff --git a/bundles/linux/items.py b/bundles/linux/items.py
new file mode 100644
index 0000000..276f82a
--- /dev/null
+++ b/bundles/linux/items.py
@@ -0,0 +1,43 @@
+from shlex import quote
+
+def generate_sysctl_key_value_pairs_from_json(json_data, parents=[]):
+    if isinstance(json_data, dict):
+        for key, value in json_data.items():
+            yield from generate_sysctl_key_value_pairs_from_json(value, [*parents, key])
+    elif isinstance(json_data, list):
+        raise ValueError(f"List not supported: '{json_data}'")
+    else:
+        # If it's a leaf node, yield the path
+        yield (parents, json_data)
+
+key_value_pairs = generate_sysctl_key_value_pairs_from_json(node.metadata.get('sysctl'))
+
+
+files= {
+    '/etc/sysctl.conf': {
+        'content': '\n'.join(
+            sorted(
+                f"{'.'.join(path)}={value}"
+                    for path, value in key_value_pairs
+            ),
+        ),
+        'triggers': [
+            'action:reload_sysctl.conf',
+        ],
+    },
+}
+
+actions = {
+    'reload_sysctl.conf': {
+        'command': 'sysctl --system',
+        'triggered': True,
+    },
+}
+
+for path, value in key_value_pairs:
+    actions[f'reload_sysctl.conf_{path}'] = {
+        'command': f"sysctl --values {'.'.join(path)}  | grep -q {quote('^'+value+'$')}",
+        'needs': [
+            f'action:reload_sysctl.conf',
+        ],
+    }
diff --git a/bundles/linux/metadata.py b/bundles/linux/metadata.py
new file mode 100644
index 0000000..f6f36f2
--- /dev/null
+++ b/bundles/linux/metadata.py
@@ -0,0 +1,3 @@
+defaults = {
+    'sysctl': {},
+}
diff --git a/bundles/mailserver-autoconfig/files/autodiscover.php b/bundles/mailserver-autoconfig/files/autodiscover.php
index 1134fac..d592b80 100644
--- a/bundles/mailserver-autoconfig/files/autodiscover.php
+++ b/bundles/mailserver-autoconfig/files/autodiscover.php
@@ -1,6 +1,6 @@
 <?php
 
-// https://raw.githubusercontent.com/Radiergummi/autodiscover/master/autodiscover/autodiscover.php
+
 
 /********************************
  * Autodiscover responder
@@ -8,45 +8,45 @@
  * This PHP script is intended to respond to any request to http(s)://mydomain.com/autodiscover/autodiscover.xml.
  * If configured properly, it will send a spec-complient autodiscover XML response, pointing mail clients to the
  * appropriate mail services.
- * If you use MAPI or ActiveSync, stick with the Autodiscover service your mail server provides for you. But if 
+ * If you use MAPI or ActiveSync, stick with the Autodiscover service your mail server provides for you. But if
  * you use POP/IMAP servers, this will provide autoconfiguration to Outlook, Apple Mail and mobile devices.
  *
- * To work properly, you'll need to set the service (sub)domains below in the settings section to the correct 
+ * To work properly, you'll need to set the service (sub)domains below in the settings section to the correct
  * domain names, adjust ports and SSL.
  */
 
-//get raw POST data so we can extract the email address
+
 $request = file_get_contents("php://input");
 
-// optional debug log
+
 # file_put_contents( 'request.log', $request, FILE_APPEND );
 
-// retrieve email address from client request
+
 preg_match( "/\<EMailAddress\>(.*?)\<\/EMailAddress\>/", $request, $email );
 
-// check for invalid mail, to prevent XSS
+
 if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) {
 	throw new Exception('Invalid E-Mail provided');
 }
 
-// get domain from email address
+
 $domain = substr( strrchr( $email[1], "@" ), 1 );
 
 /**************************************
  *   Port and server settings below   *
  **************************************/
 
-// IMAP settings
+
 $imapServer = 'imap.' . $domain; // imap.example.com
 $imapPort   = 993;
 $imapSSL    = true;
 
-// SMTP settings
+
 $smtpServer = 'smtp.' . $domain; // smtp.example.com
 $smtpPort   = 587;
 $smtpSSL    = true;
 
-//set Content-Type
+
 header( 'Content-Type: application/xml' );
 ?>
 <?php echo '<?xml version="1.0" encoding="utf-8" ?>'; ?>
diff --git a/bundles/roundcube/files/config.inc.php b/bundles/roundcube/files/config.inc.php
index aad1a7f..c4ad8c0 100644
--- a/bundles/roundcube/files/config.inc.php
+++ b/bundles/roundcube/files/config.inc.php
@@ -6,80 +6,80 @@ $config['enable_installer'] = true;
 
 /* Local configuration for Roundcube Webmail */
 
-// ----------------------------------
-// SQL DATABASE
-// ----------------------------------
-// Database connection string (DSN) for read+write operations
-// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
-// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
-// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
-// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
+
+
+
+
+
+
+
+
 $config['db_dsnw'] = '${database['provider']}://${database['user']}:${database['password']}@${database['host']}/${database['name']}';
 
-// ----------------------------------
-// IMAP
-// ----------------------------------
-// The mail host chosen to perform the log-in.
-// Leave blank to show a textbox at login, give a list of hosts
-// to display a pulldown menu or set one host as string.
-// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
-// Supported replacement variables:
-// %n - hostname ($_SERVER['SERVER_NAME'])
-// %t - hostname without the first part
-// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
-// %s - domain name after the '@' from e-mail address provided at login screen
-// For example %n = mail.domain.tld, %t = domain.tld
-// WARNING: After hostname change update of mail_host column in users table is
-//          required to match old user data records with the new host.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 $config['imap_host'] = 'localhost';
 
-// ----------------------------------
-// SMTP
-// ----------------------------------
-// SMTP server host (for sending mails).
-// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
-// If left blank, the PHP mail() function is used
-// Supported replacement variables:
-// %h - user's IMAP hostname
-// %n - hostname ($_SERVER['SERVER_NAME'])
-// %t - hostname without the first part
-// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
-// %z - IMAP domain (IMAP hostname without the first part)
-// For example %n = mail.domain.tld, %t = domain.tld
+
+
+
+
+
+
+
+
+
+
+
+
+
 $config['smtp_host'] = 'tls://localhost';
 
-// SMTP username (if required) if you use %u as the username Roundcube
-// will use the current username for login
+
+
 $config['smtp_user'] = '%u';
 
-// SMTP password (if required) if you use %p as the password Roundcube
-// will use the current user's password for login
+
+
 $config['smtp_pass'] = '%p';
 
-// provide an URL where a user can get support for this Roundcube installation
-// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
+
+
 $config['support_url'] = '';
 
-// this key is used to encrypt the users imap password which is stored
-// in the session record (and the client cookie if remember password is enabled).
-// please provide a string of exactly 24 chars.
+
+
+
 $config['des_key'] = '${des_key}';
 
-// Name your service. This is displayed on the login screen and in the window title
+
 $config['product_name'] = '${product_name}';
 
-// ----------------------------------
-// PLUGINS
-// ----------------------------------
-// List of active plugins (in plugins/ directory)
+
+
+
+
 $config['plugins'] = array(${', '.join(f'"{plugin}"' for plugin in plugins)});
 
-// the default locale setting (leave empty for auto-detection)
-// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
+
+
 $config['language'] = 'de_DE';
 
 
-// https://serverfault.com/a/991304
+
 $config['smtp_conn_options'] = array(
    'ssl' => array(
    'verify_peer' => false,
diff --git a/bundles/roundcube/files/password.config.inc.php b/bundles/roundcube/files/password.config.inc.php
index c6b9135..6f6cdf3 100644
--- a/bundles/roundcube/files/password.config.inc.php
+++ b/bundles/roundcube/files/password.config.inc.php
@@ -1,6 +1,6 @@
 <?php
 
-// https://github.com/roundcube/roundcubemail/blob/357cc90001f997fd223fb48fcede6040f527c2f4/plugins/password/config.inc.php.dist
+
 
 $config['password_driver'] = 'sql';
 $config['password_strength_driver'] = null;
diff --git a/groups/os/linux.py b/groups/os/linux.py
index e15c3c8..bd05e40 100644
--- a/groups/os/linux.py
+++ b/groups/os/linux.py
@@ -6,6 +6,7 @@
         'hostname',
         'hosts',
         'htop',
+        'linux',
         'locale',
         'network',
         'ssh',
diff --git a/libs/tools.py b/libs/tools.py
index cbbe27c..1756e7b 100644
--- a/libs/tools.py
+++ b/libs/tools.py
@@ -92,3 +92,4 @@ from shlex import quote
 
 def run_as(user, command):
     return f'sudo su - {user} -s /bin/bash -c {quote(command)}'
+
diff --git a/nodes/home.router.py b/nodes/home.router.py
index 77d0e2e..ff93df8 100644
--- a/nodes/home.router.py
+++ b/nodes/home.router.py
@@ -1,25 +1,52 @@
 {
-    'hostname': '10.0.0.120',
-    'dummy': True,
+    'hostname': '10.0.99.126',
     'groups': [
         'autologin',
-        'debian-11',
+        'debian-12',
         'hardware',
         'home',
         'monitored',
     ],
+    'bundles': [
+        'kea-dhcpd',
+    ],
     'metadata': {
         'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
         'network': {
             'internal': {
                 'interface': 'eno1',
-                'ipv4': '10.0.0.120/24',
-                'gateway4': '10.0.0.1',
+                'ipv4': '10.0.0.1/24',
             },
-            'external': {
-                'interface': 'enx00e04c00135b',
-                'mac': '00:e0:4c:00:13:5b',
-                'dhcp': 'yes',
+            'temp': {
+                'interface': 'enx00e04c220682',
+                'ipv4': '10.0.99.126/24',
+                'gateway4': '10.0.99.1',
+            },
+        },
+        'kea': {
+            'Dhcp4': {
+                'interfaces-config': {
+                    'interfaces': ['eno1'],
+                },
+                'subnet4': [
+                    {
+                        'subnet': '10.0.0.0/24',
+                        'pools': [
+                            { 'pool': '10.0.0.100 - 10.0.0.200' },
+                        ],
+                        'option-data': [
+                            { 'name': 'routers', 'data': '10.0.0.1' },
+                            { 'name': 'domain-name-servers', 'data': '1.1.1.1, 8.8.8.8, 9.9.9.9' },
+                        ],
+                    },
+                ],
+            },
+        },
+        'sysctl': {
+            'net': {
+                'ipv4': {
+                    'ip_forward': 1,
+                },
             },
         },
     },
diff --git a/nodes/home.server.py b/nodes/home.server.py
index ea13ec4..50a3d8f 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -111,7 +111,7 @@
         },
         'nextcloud': {
             'hostname': 'cloud.sublimity.de',
-            'version': '29.0.3',
+            'version': '29.0.7',
             'config': {
                 'instanceid': 'oci6dw1woodz',
                 'secret': '!decrypt:encrypt$gAAAAABj96CFynVtEgsje7173zjQAcY7xQG3uyf5cxE-sJAvhyPh_KUykTKdwnExc8NTDJ8RIGUmVfgC6or5crnYaggARPIEg5-Cb0xVdEPPZ3oZ01ImLmynLu3qXT9O8kVM-H21--OKeztMRn7bySsbXdWEGtETFQ==',
diff --git a/nodes/mseibert.freescout.py b/nodes/mseibert.freescout.py
index b96f7b8..5d2f6c5 100644
--- a/nodes/mseibert.freescout.py
+++ b/nodes/mseibert.freescout.py
@@ -1,5 +1,5 @@
 {
-    'dummy': True,
+    #'dummy': True,
     'hostname': '159.69.117.89',
     'groups': [
         'backup',