From 9152574276005f01f5636eda4c6b4efdfaf5d2aa Mon Sep 17 00:00:00 2001 From: mwiegand Date: Thu, 8 Jul 2021 00:32:32 +0200 Subject: [PATCH] wip --- bundles/bind/items.py | 3 +++ bundles/nginx/metadata.py | 4 ++-- bundles/postgresql/items.py | 13 +++++++++++++ bundles/roundcube/metadata.py | 3 ++- groups/applications/mailserver.py | 1 + libs/dns.py | 14 +++++++++++--- nodes/htz.mails.py | 4 +++- 7 files changed, 35 insertions(+), 7 deletions(-) diff --git a/bundles/bind/items.py b/bundles/bind/items.py index 2e1cc87..775e8db 100644 --- a/bundles/bind/items.py +++ b/bundles/bind/items.py @@ -23,6 +23,9 @@ files['/etc/default/bind9'] = { files['/etc/bind/named.conf'] = { 'owner': 'root', 'group': 'bind', + 'needs': [ + 'pkg_apt:bind9', + ], 'needed_by': [ 'svc_systemd:bind9', ], diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 12c0df8..2444ec9 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -90,8 +90,8 @@ def vhosts(metadata): def dns(metadata): return { 'dns': { - domain: repo.libs.dns.get_a_records(metadata) - for domain in metadata.get('nginx/vhosts') + domain: repo.libs.dns.get_a_records(metadata, internal=config.get('internal_dns', True)) + for domain, config in metadata.get('nginx/vhosts').items() }, } diff --git a/bundles/postgresql/items.py b/bundles/postgresql/items.py index 3589587..2468320 100644 --- a/bundles/postgresql/items.py +++ b/bundles/postgresql/items.py @@ -1,5 +1,18 @@ from bundlewrap.utils.dicts import merge_dict +directories = { + '/var/lib/postgresql': { + 'owner': 'postgres', + 'group': 'postgres', + 'needs': [ + 'zfs_dataset:tank/postgresql', + ], + 'needed_by': [ + 'svc_systemd:postgresql', + ], + } +} + svc_systemd['postgresql'] = { 'needs': [ diff --git a/bundles/roundcube/metadata.py b/bundles/roundcube/metadata.py index f35a743..b03906c 100644 --- a/bundles/roundcube/metadata.py +++ b/bundles/roundcube/metadata.py @@ -11,7 +11,8 @@ defaults = { 'php-intl': {}, 'php-mail-mime': {}, 'php-mbstring': {}, - 'php-net-idna2': {}, + # FIXME: not available in bullseye? + # 'php-net-idna2': {}, 'php-net-smtp': {}, 'php-net-socket': {}, 'php-pear': {}, diff --git a/groups/applications/mailserver.py b/groups/applications/mailserver.py index c154897..8025893 100644 --- a/groups/applications/mailserver.py +++ b/groups/applications/mailserver.py @@ -4,6 +4,7 @@ 'dovecot', 'letsencrypt', 'mailserver', + 'nginx', 'php', 'postfix', 'postgresql', diff --git a/libs/dns.py b/libs/dns.py index 7af9cf3..1b65733 100644 --- a/libs/dns.py +++ b/libs/dns.py @@ -1,15 +1,23 @@ from ipaddress import ip_interface -def get_a_records(metadata): +def get_a_records(metadata, internal=True, external=True): + networks = metadata.get('network') + + if not internal: + networks.pop('internal') + + if not external: + networks.pop('external') + return { 'A': [ str(ip_interface(network['ipv4']).ip) - for network in metadata.get('network').values() + for network in networks.values() if 'ipv4' in network ], 'AAAA': [ str(ip_interface(network['ipv6']).ip) - for network in metadata.get('network').values() + for network in networks.values() if 'ipv6' in network ], } diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index 4bc5100..01d3642 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -4,7 +4,7 @@ # 'archive', 'backup', 'hetzner-cloud', - 'debian-10', + 'debian-11', 'mailserver', 'monitored', 'webserver', @@ -65,12 +65,14 @@ 'context': { 'target': 'https://cloud.sublimity.de:443', }, + 'internal_dns': False, }, 'git.sublimity.de': { 'content': 'nginx/proxy_pass.conf', 'context': { 'target': 'https://git.sublimity.de:443', }, + 'internal_dns': False, }, }, },