cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wol waker only allow wakeonlan command

Browse source
This commit is contained in:
CroneKorkN 2026-01-11 14:52:46 +01:00
parent 59dd4c5877
commit 985a15e5c7
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
13 changed files with 32 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bundles/build-agent/metadata.py
View file

@ -27,7 +27,7 @@ def ssh_keys(metadata):
'users': { 'users': {
'build-agent': { 'build-agent': {
'authorized_users': { 'authorized_users': {
f'build-server@{other_node.name}' f'build-server@{other_node.name}': {}
for other_node in repo.nodes for other_node in repo.nodes
if other_node.has_bundle('build-server') if other_node.has_bundle('build-server')
for architecture in other_node.metadata.get('build-server/architectures').values() for architecture in other_node.metadata.get('build-server/architectures').values()

2
bundles/build-ci/metadata.py
View file

@ -14,7 +14,7 @@ def ssh_keys(metadata):
'users': { 'users': {
'build-ci': { 'build-ci': {
'authorized_users': { 'authorized_users': {
f'build-server@{other_node.name}' f'build-server@{other_node.name}': {}
for other_node in repo.nodes for other_node in repo.nodes
if other_node.has_bundle('build-server') if other_node.has_bundle('build-server')
}, },

2
bundles/download-server/metadata.py
View file

@ -57,7 +57,7 @@ def ssh_keys(metadata):
'users': { 'users': {
'downloads': { 'downloads': {
'authorized_users': { 'authorized_users': {
f'build-server@{other_node.name}' f'build-server@{other_node.name}': {}
for other_node in repo.nodes for other_node in repo.nodes
if other_node.has_bundle('build-server') if other_node.has_bundle('build-server')
}, },

2
bundles/monitored/metadata.py
View file

@ -42,7 +42,7 @@ def user(metadata):
'users': { 'users': {
'sshmon': { 'sshmon': {
'authorized_users': { 'authorized_users': {
'nagios@' + metadata.get('monitoring/icinga2_node'), 'nagios@' + metadata.get('monitoring/icinga2_node'): {},
} }
}, },
}, },

2
bundles/ssh/metadata.py
View file

@ -19,7 +19,7 @@ def users(metadata):
'allow_users': set( 'allow_users': set(
name name
for name, conf in metadata.get('users').items() for name, conf in metadata.get('users').items()
if conf.get('authorized_keys', []) or conf.get('authorized_users', []) if conf.get('authorized_keys', []) or conf.get('authorized_users', {})
), ),
}, },
} }

12
bundles/users/metadata.py
View file

@ -20,11 +20,15 @@ def authorized_users(metadata):
users[name] = { users[name] = {
'authorized_keys': set(), 'authorized_keys': set(),
} }
for authorized_user in config.get('authorized_users', set()): for authorized_user, options in config.get('authorized_users', {}).items():
authorized_user_name, authorized_user_node = authorized_user.split('@') authorized_user_name, authorized_user_node = authorized_user.split('@')
users[name]['authorized_keys'].add( authorized_user_public_key = repo.get_node(authorized_user_node).metadata.get(f'users/{authorized_user_name}/pubkey')
repo.get_node(authorized_user_node).metadata.get(f'users/{authorized_user_name}/pubkey')
) for command in options.get('commands', []):
users[name]['authorized_keys'].add(f'command="{command}" ' + authorized_user_public_key)
else:
users[name]['authorized_keys'].add(authorized_user_public_key)
return { return {
'users': users, 'users': users,
} }

4
bundles/wol-sleeper/metadata.py
View file

@ -44,6 +44,7 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'wol-sleeper/mac',
'wol-sleeper/wake_command', 'wol-sleeper/wake_command',
) )
def wake_command(metadata): def wake_command(metadata):
@ -53,7 +54,8 @@ def wake_command(metadata):
return { return {
'wol-sleeper': { 'wol-sleeper': {
'wake_command': f"ssh -o StrictHostKeyChecking=no wol@{waker_hostname} 'wakeonlan {mac} && while ! ping {ip} -c1 -W3; do true; done'", 'mac': mac,
'wake_command': f"ssh -o StrictHostKeyChecking=no wol@{waker_hostname} '/usr/bin/wakeonlan {mac}' && while ! ping {ip} -c1 -W3; do true; done",
}, },
} }

16
bundles/wol-waker/metadata.py
View file

@ -6,17 +6,25 @@ defaults = {
}, },
} }
@metadata_reactor.provides( @metadata_reactor.provides(
'users/wol', 'users/wol/authorized_users',
) )
def user(metadata): def user(metadata):
return { return {
'users': { 'users': {
'wol': { 'wol': {
'authorized_users': { 'authorized_users': {
f'root@{node.name}' f'root@{ssh_client.name}': {
for node in repo.nodes 'commands': {
if node.dummy == False and node.has_bundle('ssh') '/usr/bin/wakeonlan ' + sleeper.metadata.get('wol-sleeper/mac')
for sleeper in repo.nodes
if sleeper.has_bundle('wol-sleeper')
and sleeper.metadata.get('wol-sleeper/waker') == node.name
}
}
for ssh_client in repo.nodes
if ssh_client.dummy == False and ssh_client.has_bundle('ssh')
}, },
}, },
}, },

2
nodes/home.backups.py
View file

@ -38,7 +38,7 @@
}, },
'wol-sleeper': { 'wol-sleeper': {
'network': 'wakeonlan', 'network': 'wakeonlan',
'waker': 'home.server', 'waker': 'home.router',
}, },
'zfs-mirror': { 'zfs-mirror': {
'server': 'wb.offsite-backups', 'server': 'wb.offsite-backups',

2
nodes/home.homematic.py
View file

@ -25,7 +25,7 @@
'users': { 'users': {
'root': { 'root': {
'authorized_users': { 'authorized_users': {
'root@home.server', 'root@home.server': {},
}, },
}, },
}, },

1
nodes/home.router.py
View file

@ -12,6 +12,7 @@
'kea-dhcpd', 'kea-dhcpd',
'wireguard', 'wireguard',
'pppoe', 'pppoe',
'wol-waker',
], ],
'metadata': { 'metadata': {
'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c', 'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',

1
nodes/home.server.py
View file

@ -31,7 +31,6 @@
'systemd-swap', 'systemd-swap',
'twitch-clip-download', 'twitch-clip-download',
'raspberrymatic-cert', 'raspberrymatic-cert',
'wol-waker',
'zfs', 'zfs',
'routeros-monitoring', 'routeros-monitoring',
], ],

2
nodes/wb.offsite-backups.py
View file

@ -29,7 +29,7 @@
'users': { 'users': {
'root': { 'root': {
'authorized_users': { 'authorized_users': {
'root@home.backups', 'root@home.backups': {},
}, },
}, },
}, },