wip

2021-07-13 00:42:25 +02:00 · 2021-07-13 00:42:25 +02:00 · e8932df0cb
commit e8932df0cb
parent 99b6171e19
7 changed files with 53 additions and 7 deletions
--- a/bundles/backup-server/metadata.py
+++ b/bundles/backup-server/metadata.py
@ -23,11 +23,19 @@ def zfs(metadata):
            other_node.has_bundle('backup') and
            other_node.metadata.get('backup/server') == node.name
        ):
+            # container
+            datasets[f"tank/{other_node.metadata.get('id')}"] = {
+                'mountpoint': 'none',
+                'readonly': 'on',
+                'backup': False,
+            }
+            # for rsync backups
            datasets[f"tank/{other_node.metadata.get('id')}/fs"] = {
                'mountpoint': f"/mnt/backups/{other_node.metadata.get('id')}",
                'backup': False,
            }
            
+            # for zfs send/recv
            if other_node.has_bundle('zfs'):
                for path in other_node.metadata.get('backup/paths'):
                    for dataset, config in other_node.metadata.get('zfs/datasets').items():
--- a/bundles/backup/metadata.py
+++ b/bundles/backup/metadata.py
@ -9,4 +9,10 @@ defaults = {
        'server': None,
        'paths': [],
    },
+    'systemd-timers': {
+        f'backup': {
+            'command': '/opt/backup/backup_all',
+            'when': 'daily',
+        },
+    },
 }
--- a/bundles/ssh/files/sshd_config
+++ b/bundles/ssh/files/sshd_config
@ -0,0 +1,21 @@
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+PermitRootLogin prohibit-password
+StrictModes yes
+MaxAuthTries 10
+MaxSessions 255
+PubkeyAuthentication yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+AuthorizedKeysFile	.ssh/authorized_keys
+UsePAM yes
+
+PermitTTY yes
+TCPKeepAlive yes
+ClientAliveInterval 30
+ClientAliveCountMax 5
+AcceptEnv LANG LC_*
+Subsystem	sftp	/usr/lib/openssh/sftp-server
--- a/bundles/ssh/items.py
+++ b/bundles/ssh/items.py
@ -0,0 +1,7 @@
+files['/etc/ssh/sshd_config'] = {
+    'triggers': [
+        'svc_systemd:ssh:restart'
+    ],
+}
+
+svc_systemd['ssh'] = {}
--- a/bundles/users/metadata.py
+++ b/bundles/users/metadata.py
@ -4,6 +4,7 @@ defaults = {
    'users': {
        'root': {
            'home': '/root',
+            'password': repo.vault.password_for(f'{node.name} user root'),
        },
    },
 }
@ -29,12 +30,10 @@ def authorized_users(metadata):
    }


-# FIXME: bw bug?
-# @metadata_reactor.provides(
-#     'users',
-# )
-@metadata_reactor
-def user(metadata):
+@metadata_reactor.provides(
+    'users',
+)
+def user_defaults(metadata):
    users = {}

    for name, config in metadata.get('users').items():
--- a/groups/os/linux.py
+++ b/groups/os/linux.py
@ -4,11 +4,12 @@
    ],
    'bundles': [
        'hostname',
+        'hosts',
        'network',
+        'ssh',
        'systemd',
        'systemd-networkd',
        'systemd-timers',
-        'hosts',
    ],
    'metadata': {
        'hosts': {
--- a/nodes/netcup.secondary.py
+++ b/nodes/netcup.secondary.py
@ -9,6 +9,10 @@
    ],
    'metadata': {
        'id': '890848b2-a900-4f74-ad5b-b811fbb4f0bc',
+        'postfix': {
+            'master_node': 'htz.mails',
+            'hostname': 'mail2.sublimity.de',
+        },
        'network': {
            'external': {
                'interface': 'eth0',