pipes -> shlex

2024-10-09 12:50:18 +02:00 · 2024-10-09 12:50:18 +02:00 · a3ba06bcb0
commit a3ba06bcb0
parent 01bcfd8638
4 changed files with 18 additions and 15 deletions
--- a/bundles/nginx/files/nginx.conf
+++ b/bundles/nginx/files/nginx.conf
@ -1,6 +1,6 @@
 pid /var/run/nginx.pid;
 user www-data;
-worker_processes 10;
+worker_processes ${worker_processes};

 % for module in sorted(modules):
 load_module modules/ngx_${module}_module.so;
@ -22,6 +22,8 @@ http {
    tcp_nopush on;
    client_max_body_size 32G;
    ssl_dhparam "/etc/ssl/certs/dhparam.pem";
+    # dont show nginx version
+    server_tokens off;

    % if node.has_bundle('php'):
    upstream php-handler {
--- a/bundles/nginx/items.py
+++ b/bundles/nginx/items.py
@ -32,6 +32,7 @@ files = {
        'content_type': 'mako',
        'context': {
            'modules': node.metadata.get('nginx/modules'),
+            'worker_processes': node.metadata.get('vm/cores'),
        },
        'triggers': {
            'svc_systemd:nginx:restart',
--- a/items/download.py
+++ b/items/download.py
@ -3,7 +3,7 @@ from bundlewrap.exceptions import BundleError
 from bundlewrap.utils.text import force_text, mark_for_translation as _
 from bundlewrap.utils.remote import PathInfo
 import types
-from pipes import quote
+from shlex import quote

 # Downloaded from https://github.com/bundlewrap/plugins/blob/master/item_download/items/download.py
 # No, we can't use plugins here, because bw4 won't support them anymore.
@ -101,16 +101,16 @@ class Download(Item):
            elif self.attributes.get('gpg_signature_url'):
                full_signature_url = self.attributes['gpg_signature_url'].format(url=self.attributes['url'])
                signature_path = f'{self.name}.signature'
-                
+
                self.node.run(f"curl -sSL {self.attributes['gpg_pubkey_url']} | gpg --import -")
                self.node.run(f"curl -L {full_signature_url} -o {quote(signature_path)}")
                gpg_output = self.node.run(f"gpg --verify {quote(signature_path)} {quote(self.name)}").stderr
-                
+
                if b'Good signature' in gpg_output:
                    sdict['verified'] = True
                else:
                    sdict['verified'] = False
-                    
+
        return sdict

    @classmethod
--- a/nodes/home.router.py
+++ b/nodes/home.router.py
@ -43,17 +43,17 @@
                'dhcp_server': True,
            },
        },
-        'nftables': {
-            'forward': {
-                # Drop DHCP client requests (UDP port 68)
-                'udp sport 68 drop',
-                'udp dport 68 drop',
+        # 'nftables': {
+        #     'forward': {
+        #         # Drop DHCP client requests (UDP port 68)
+        #         'udp sport 68 drop',
+        #         'udp dport 68 drop',

-                # Drop DHCP server responses (UDP port 67)
-                'udp sport 67 drop',
-                'udp dport 67 drop',
-            },
-        },
+        #         # Drop DHCP server responses (UDP port 67)
+        #         'udp sport 67 drop',
+        #         'udp dport 67 drop',
+        #     },
+        # },
        'sysctl': {
            'net': {
                'ipv4': {