cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-07-13 00:42:25 +02:00
parent 99b6171e19
commit e8932df0cb
7 changed files with 53 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bundles/backup-server/metadata.py
View file

@ -23,11 +23,19 @@ def zfs(metadata):
other_node.has_bundle('backup') and other_node.has_bundle('backup') and
other_node.metadata.get('backup/server') == node.name other_node.metadata.get('backup/server') == node.name
): ):
# container
datasets[f"tank/{other_node.metadata.get('id')}"] = {
'mountpoint': 'none',
'readonly': 'on',
'backup': False,
}
# for rsync backups
datasets[f"tank/{other_node.metadata.get('id')}/fs"] = { datasets[f"tank/{other_node.metadata.get('id')}/fs"] = {
'mountpoint': f"/mnt/backups/{other_node.metadata.get('id')}", 'mountpoint': f"/mnt/backups/{other_node.metadata.get('id')}",
'backup': False, 'backup': False,
} }
# for zfs send/recv
if other_node.has_bundle('zfs'): if other_node.has_bundle('zfs'):
for path in other_node.metadata.get('backup/paths'): for path in other_node.metadata.get('backup/paths'):
for dataset, config in other_node.metadata.get('zfs/datasets').items(): for dataset, config in other_node.metadata.get('zfs/datasets').items():

6
bundles/backup/metadata.py
View file

@ -9,4 +9,10 @@ defaults = {
'server': None, 'server': None,
'paths': [], 'paths': [],
}, },
'systemd-timers': {
f'backup': {
'command': '/opt/backup/backup_all',
'when': 'daily',
},
},
} }

21
bundles/ssh/files/sshd_config Normal file
View file

@ -0,0 +1,21 @@
Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
PermitRootLogin prohibit-password
StrictModes yes
MaxAuthTries 10
MaxSessions 255
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthorizedKeysFile .ssh/authorized_keys
UsePAM yes
PermitTTY yes
TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 5
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

7
bundles/ssh/items.py Normal file
View file

@ -0,0 +1,7 @@
files['/etc/ssh/sshd_config'] = {
'triggers': [
'svc_systemd:ssh:restart'
],
}
svc_systemd['ssh'] = {}

11
bundles/users/metadata.py
View file

@ -4,6 +4,7 @@ defaults = {
'users': { 'users': {
'root': { 'root': {
'home': '/root', 'home': '/root',
'password': repo.vault.password_for(f'{node.name} user root'),
}, },
}, },
} }
@ -29,12 +30,10 @@ def authorized_users(metadata):
} }
# FIXME: bw bug? @metadata_reactor.provides(
# @metadata_reactor.provides( 'users',
# 'users', )
# ) def user_defaults(metadata):
@metadata_reactor
def user(metadata):
users = {} users = {}
for name, config in metadata.get('users').items(): for name, config in metadata.get('users').items():

3
groups/os/linux.py
View file

@ -4,11 +4,12 @@
], ],
'bundles': [ 'bundles': [
'hostname', 'hostname',
'hosts',
'network', 'network',
'ssh',
'systemd', 'systemd',
'systemd-networkd', 'systemd-networkd',
'systemd-timers', 'systemd-timers',
'hosts',
], ],
'metadata': { 'metadata': {
'hosts': { 'hosts': {

4
nodes/netcup.secondary.py
View file

@ -9,6 +9,10 @@
], ],
'metadata': { 'metadata': {
'id': '890848b2-a900-4f74-ad5b-b811fbb4f0bc', 'id': '890848b2-a900-4f74-ad5b-b811fbb4f0bc',
'postfix': {
'master_node': 'htz.mails',
'hostname': 'mail2.sublimity.de',
},
'network': { 'network': {
'external': { 'external': {
'interface': 'eth0', 'interface': 'eth0',