wip

bundles/mirror/metadata.py

@@ -0,0 +1,17 @@
+defaults = {
+    'mirror': {},
+}
+
+
+@metadata_reactor.provides(
+    'systemd-timers',
+)
+def timers(metadata):
+    return {
+        'systemd-timers': {
+            f'mirror-{name}': {
+                'command': f"/usr/bin/scp -r -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '{config['from']}' '{config['to']}'",
+                'when': 'hourly',
+            } for name, config in metadata.get('mirror').items()
+        }
+    }

bundles/users/items.py

@@ -24,5 +24,5 @@ for name, config in node.metadata.get('users').items():
     }
 
     users[name] = config
-    for option in ['authorized_keys', 'privkey', 'pubkey', 'keytype']:
+    for option in ['authorized_keys', 'authorized_users', 'privkey', 'pubkey', 'keytype']:
         users[name].pop(option, None)

bundles/users/metadata.py

@@ -9,6 +9,29 @@ defaults = {
 }
 
 
+@metadata_reactor.provides(
+    'users',
+)
+def authorized_usersuser(metadata):
+    users = {}
+
+    for name, config in metadata.get('users').items():
+        for authorized_user in config.get('authorized_users', []):
+            authorized_user_name, authorized_user_node = authorized_user.split('@')
+            users\
+                .setdefault(name, {})\
+                .setdefault('authorized_keys', [])\
+                .append(
+                    repo\
+                        .get_node(authorized_user_node)\
+                        .metadata\
+                        .get(f'users/{authorized_user_name}/pubkey')
+                )
+    return {
+        'users': users,
+    }
+
+
 @metadata_reactor.provides(
     'users',
 )

nodes/home.server.py

@@ -11,6 +11,7 @@
         'gitea',
         'grafana',
         'influxdb2',
+        'mirror',
         'postgresql',
         'redis',
         'wireguard',
@@ -18,6 +19,12 @@
     ],
     'metadata': {
         'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
+        'mirror': {
+            'certs': {
+                'from': '10.0.10.2:/var/lib/dehydrated/certs',
+                'to': '/var/lib/dehydrated/certs',
+            },
+        },
         'network': {
             'internal': {
                 'interface': 'enp1s0f0',

nodes/htz.mails.py

@@ -102,6 +102,13 @@
             'version': '1.4.11',
             'installer': True,
         },
+        'users': {
+            'root': {
+                'authorized_users': [
+                    'root@home.server',
+                ],
+            },
+        },
         'vm': {
             'cores': 2,
             'ram': 8096,