wip

bundles/apt/items.py

@@ -62,6 +62,7 @@ files = {
     '/usr/lib/nagios/plugins/check_apt_upgradable': {
         'mode': '0755',
     },
+    # /etc/kernel/postinst.d/apt-auto-removal
 }
 
 actions = {

bundles/redis/items.py

@@ -2,12 +2,14 @@ directories = {
     '/etc/redis': {
         'purge': True,
         'owner': 'redis',
+        'mode': '2770',
         'needs': [
             'pkg_apt:redis-server',
         ],
     },
     '/var/lib/redis': {
         'owner': 'redis',
+        'mode': '0750',
         'needs': [
             'pkg_apt:redis-server',
         ],

libs/rsa.py

@@ -1,12 +1,10 @@
 # https://stackoverflow.com/a/18266970
 
 from Crypto.PublicKey import RSA
-from Crypto.Hash import HMAC
 from struct import pack
 from hashlib import sha3_512
 from cryptography.hazmat.primitives.serialization import load_der_private_key
 from functools import cache
-from cache_to_disk import cache_to_disk
 
 
 class PRNG(object):
@@ -22,7 +20,6 @@ class PRNG(object):
         return result
 
 
-@cache_to_disk(30)
 def _generate_deterministic_rsa_private_key(secret_bytes):
     return RSA.generate(2048, randfunc=PRNG(secret_bytes)).export_key('DER')
 

nodes/wb.offsite-backups.py

@@ -1,4 +1,5 @@
 {
+    'dummy': True,
     'hostname': '192.168.179.20',
     'groups': [
         'debian-12',

requirements.txt

@@ -3,5 +3,4 @@ pycryptodome
 PyNaCl
 PyYAML
 pyqrcode
-cache_to_disk
 setuptools