From 753954ebaf799ce997c9ffd9f7564a2de751cf69 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Tue, 2 Nov 2021 21:45:05 +0100
Subject: [PATCH] mosquitto

---
 bundles/letsencrypt/metadata.py      |  3 +-
 bundles/mosquitto/files/managed.conf | 16 +++++++
 bundles/mosquitto/items.py           | 46 ++++++++++++++++++
 bundles/mosquitto/metadata.py        | 14 ++++++
 bundles/systemd-mount/metadata.py    | 72 ++++++++++++++++++++++++++++
 bundles/systemd/items.py             |  4 +-
 bundles/systemd/metadata.py          |  4 +-
 groups/os/linux.py                   |  1 +
 8 files changed, 156 insertions(+), 4 deletions(-)
 create mode 100644 bundles/mosquitto/files/managed.conf
 create mode 100644 bundles/mosquitto/items.py
 create mode 100644 bundles/systemd-mount/metadata.py

diff --git a/bundles/letsencrypt/metadata.py b/bundles/letsencrypt/metadata.py
index 75211ef..631721c 100644
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@@ -48,7 +48,8 @@ def renew(metadata):
 
 
 @metadata_reactor.provides(
-    'letsencrypt/domains'
+    'letsencrypt/domains',
+    'dns',
 )
 def delegated_domains(metadata):
     delegated_domains = {
diff --git a/bundles/mosquitto/files/managed.conf b/bundles/mosquitto/files/managed.conf
new file mode 100644
index 0000000..7b89d07
--- /dev/null
+++ b/bundles/mosquitto/files/managed.conf
@@ -0,0 +1,16 @@
+per_listener_settings true
+
+listener 1883
+
+listener 8883
+dhparamfile /etc/mosquitto/dhparam.pem
+certfile /etc/mosquitto/certs/cert.pem
+cafile /etc/mosquitto/certs/chain.pem
+keyfile /etc/mosquitto/certs/privkey.pem
+
+listener 8083
+protocol websockets
+dhparamfile /etc/mosquitto/dhparam.pem
+certfile /etc/mosquitto/certs/cert.pem
+cafile /etc/mosquitto/certs/chain.pem
+keyfile /etc/mosquitto/certs/privkey.pem
diff --git a/bundles/mosquitto/items.py b/bundles/mosquitto/items.py
new file mode 100644
index 0000000..31800fd
--- /dev/null
+++ b/bundles/mosquitto/items.py
@@ -0,0 +1,46 @@
+directories = {
+    '/etc/mosquitto': {},
+    '/etc/mosquitto/conf.d': {
+        'purge': True,
+    },
+}
+
+files = {
+    '/etc/mosquitto/conf.d/managed.conf': {
+        'content_type': 'mako',
+        'context': {
+            'hostname': node.metadata.get('mosquitto/hostname'),
+        },
+        'needs': [
+            'pkg_apt:mosquitto',
+        ],
+        'needed_by': [
+            'svc_systemd:mosquitto'
+        ],
+        'triggers': [
+            'svc_systemd:mosquitto:restart'
+        ],
+    },
+}
+
+svc_systemd = {
+    'mosquitto': {
+        'needs': [
+            'pkg_apt:mosquitto',
+            'action:moquitto-generate-dhparam',
+        ],
+    },
+}
+
+actions = {
+    'moquitto-generate-dhparam': {
+        'command': 'openssl dhparam -out /etc/mosquitto/dhparam.pem 2048',
+        'unless': 'test -f /etc/mosquitto/dhparam.pem',
+        'needs': [
+            'pkg_apt:mosquitto',
+        ],
+        'triggers': [
+            'svc_systemd:mosquitto:restart'
+        ],
+    },
+}
diff --git a/bundles/mosquitto/metadata.py b/bundles/mosquitto/metadata.py
index 5238450..0a25592 100644
--- a/bundles/mosquitto/metadata.py
+++ b/bundles/mosquitto/metadata.py
@@ -7,6 +7,20 @@ defaults = {
 }
 
 
+@metadata_reactor.provides(
+    'systemd-mount'
+)
+def mount_certs(metadata):
+    return  {
+        'systemd-mount': {
+            '/etc/mosquitto/certs': {
+                'source': '/var/lib/dehydrated/certs/' + metadata.get('mosquitto/hostname'),
+                'user': 'mosquitto',
+            },
+        },
+    }
+
+
 @metadata_reactor.provides(
     'letsencrypt/domains'
 )
diff --git a/bundles/systemd-mount/metadata.py b/bundles/systemd-mount/metadata.py
new file mode 100644
index 0000000..6da5b64
--- /dev/null
+++ b/bundles/systemd-mount/metadata.py
@@ -0,0 +1,72 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'bindfs',
+        },
+    },
+    'systemd-mount': {},
+}
+
+
+@metadata_reactor.provides(
+    'systemd/units',
+    'systemd/services',
+)
+def units(metadata):
+    units = {}
+    services = {}
+    
+    for mountpoint, conf in metadata.get('systemd-mount').items():
+        formatted_name = mountpoint[1:].replace('-', '\\x2d').replace('/', '-') + '.mount'
+        
+        units[formatted_name] = {
+            'Unit': {
+                'Description': f"Mount {conf['source']} -> {mountpoint}",
+                'DefaultDependencies': 'no',
+                'Conflicts': 'umount.target',
+                'Before': 'umount.target',
+            },
+            'Mount': {
+                'What': conf['source'],
+                'Where': mountpoint,
+                'Type': 'fuse.bindfs',
+                'Options': f"nonempty",
+            },
+            'Install': {
+                'WantedBy': {
+                    'local-fs.target',
+                },
+            },
+        }
+        
+        if conf.get('user'):
+            units[formatted_name]['Mount']['Options'] += f",force-user={conf.get('user')}"
+        
+        services[formatted_name] = {}
+
+    return {
+        'systemd': {
+            'units': units,
+            'services': services,
+        }
+    }
+
+
+@metadata_reactor.provides(
+    'systemd/units',
+)
+def zfs(metadata):
+    return {
+        'systemd': {
+            'units': {
+                name: {
+                    'Unit': {
+                        'After': 'zfs-mount.service',
+                        'Requires': 'zfs-mount.service',
+                    },
+                }
+                    for name in metadata.get('systemd/units')
+                    if name.endswith('.mount')
+            },
+        }
+    }
diff --git a/bundles/systemd/items.py b/bundles/systemd/items.py
index 4a95e5e..c7fab56 100644
--- a/bundles/systemd/items.py
+++ b/bundles/systemd/items.py
@@ -18,13 +18,15 @@ for name, unit in node.metadata.get('systemd/units').items():
                 'svc_systemd:systemd-networkd:restart',
             ],
         }
-    elif extension in ['timer', 'service']:
+    elif extension in ['timer', 'service', 'mount']:
         path = f'/etc/systemd/system/{name}'
         dependencies = {
             'triggers': [
                 "action:systemd-reload",
             ],
         }
+        if name in node.metadata.get('systemd/services'):
+            dependencies['triggers'].append(f'svc_systemd:{name}:restart')
 
     files[path] = {
         'content': repo.libs.systemd.generate_unitfile(unit),
diff --git a/bundles/systemd/metadata.py b/bundles/systemd/metadata.py
index 549c602..d8fb272 100644
--- a/bundles/systemd/metadata.py
+++ b/bundles/systemd/metadata.py
@@ -14,7 +14,7 @@ def units(metadata):
     for name, config in metadata.get('systemd/units').items():
         extension = name.split('.')[-1]
 
-        if extension not in ['timer', 'service', 'network', 'netdev']:
+        if extension not in ['timer', 'service', 'network', 'netdev', 'mount']:
             raise Exception(f'unknown extension {extension}')
 
         if not config.get('Install/WantedBy'):
@@ -47,7 +47,7 @@ def services(metadata):
     for name, config in metadata.get('systemd/services').items():
         extension = name.split('.')[-1]
         
-        if extension not in ['timer', 'service']:
+        if extension not in ['timer', 'service', 'mount']:
             raise Exception(f'unknown extension: {extension}')
 
     return {
diff --git a/groups/os/linux.py b/groups/os/linux.py
index 5687c95..c9abd15 100644
--- a/groups/os/linux.py
+++ b/groups/os/linux.py
@@ -10,6 +10,7 @@
         'ssh',
         'systemd',
         'systemd-networkd',
+        'systemd-mount',
         'systemd-timers',
     ],
     'metadata': {