cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-19 23:44:16 +02:00
parent 3d334dfcaf
commit fb113d1557
8 changed files with 129 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bundles/archive/README.md
View file

@ -1,10 +1,12 @@
``` ```
defaults = { defaults = {
'archive': { 'archive': {
'exclude': [ '/var/important': {
'\.cache/', 'exclude': [
'\.log$', '\.cache/',
], '\.log$',
],
},
}, },
} }
``` ```

2
bundles/archive/files/archive
View file

@ -20,7 +20,7 @@ gsutil ${'\\'}
-r ${'\\'} -r ${'\\'}
-d ${'\\'} -d ${'\\'}
-e ${'\\'} -e ${'\\'}
-x '${'|'.join(conf['exclude'])}' ${'\\'} -x '${'|'.join(conf.get('exclude', []))}' ${'\\'}
'${dir}' ${'\\'} '${dir}' ${'\\'}
'gs://${bucket}/${node.name}${dir}' ${'\\'} 'gs://${bucket}/${node.name}${dir}' ${'\\'}
2>&1 | tee | logger -t gsutil 2>&1 | tee | logger -t gsutil

12
bundles/archive/metadata.py
View file

@ -4,17 +4,19 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'gocryptfs', 'gocryptfs/paths',
) )
def gocryptfs(metadata): def gocryptfs(metadata):
gocryptfs = {} paths = {}
for path in metadata.get('archive'): for path in metadata.get('archive/paths'):
gocryptfs[path] = { paths[path] = {
'mountpoint': f'/mnt/gocryptfs{path}', 'mountpoint': f'/mnt/gocryptfs{path}',
'reverse': True, 'reverse': True,
} }
return { return {
'gocryptfs': gocryptfs, 'gocryptfs': {
'paths': paths,
},
} }

21
bundles/gocryptfs/items.py
View file

@ -1,19 +1,11 @@
from hashlib import sha3_256
from base64 import b64decode, b64encode
from binascii import hexlify
from uuid import UUID
from json import dumps from json import dumps
id = node.metadata.get('id')
directories['/etc/gocryptfs'] = { directories['/etc/gocryptfs'] = {
'purge': True, 'purge': True,
} }
files['/etc/gocryptfs/masterkey'] = { files['/etc/gocryptfs/masterkey'] = {
'content': hexlify(b64decode( 'content': node.metadata.get('gocryptfs/masterkey'),
str(repo.vault.random_bytes_as_base64_for(id, length=32))
)),
'mode': '500', 'mode': '500',
} }
@ -22,9 +14,7 @@ files['/etc/gocryptfs/gocryptfs.conf'] = {
'Version': 2, 'Version': 2,
'Creator': 'gocryptfs 1.6.1', 'Creator': 'gocryptfs 1.6.1',
'ScryptObject': { 'ScryptObject': {
'Salt': b64encode( 'Salt': node.metadata.get('gocryptfs/salt'),
sha3_256(UUID(id).bytes).digest()
).decode(),
'N': 65536, 'N': 65536,
'R': 8, 'R': 8,
'P': 1, 'P': 1,
@ -38,3 +28,10 @@ files['/etc/gocryptfs/gocryptfs.conf'] = {
] ]
}, indent=4, sort_keys=True) }, indent=4, sort_keys=True)
} }
for path, options in node.metadata.get('gocryptfs/paths').items():
directories[options['mountpoint']] = {
'needed_by': [
f'svc_systemd:gocryptfs-{options["id"]}',
],
}

99
bundles/gocryptfs/metadata.py
View file

@ -1,18 +1,103 @@
from hashlib import sha3_256
from base64 import b64decode, b64encode
from binascii import hexlify
from uuid import UUID
defaults = { defaults = {
'gocryptfs': {}, 'apt': {
'packages': {
'gocryptfs': {},
'fuse': {},
'socat': {},
},
},
'gocryptfs': {
'paths': {},
},
} }
@metadata_reactor.provides( @metadata_reactor.provides(
'gocryptfs', 'gocryptfs',
) )
def gocryptfs(metadata): def config(metadata):
gocryptfs = {} return {
'gocryptfs': {
'masterkey': hexlify(b64decode(
str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32))
)).decode(),
'salt': b64encode(
sha3_256(UUID(metadata.get('id')).bytes).digest()
).decode(),
},
}
@metadata_reactor.provides(
'gocryptfs',
)
def paths(metadata):
paths = {}
for path, options in metadata.get('gocryptfs'): for path, options in metadata.get('gocryptfs/paths').items():
gocryptfs[path] = { paths[path] = {
} 'id': hexlify(sha3_256(path.encode()).digest()[:8]).decode(),
}
return {
'gocryptfs': {
'paths': paths,
},
}
@metadata_reactor.provides(
'systemd/services',
)
def systemd(metadata):
services = {}
for path, options in metadata.get('gocryptfs/paths').items():
services[f'gocryptfs-{options["id"]}'] = {
'content': {
'Unit': {
'Description': f'gocryptfs@{path} ({options["id"]})',
'After': {
'filesystem.target',
'zfs.target',
},
},
'Service': {
'RuntimeDirectory': 'gocryptfs',
'Environment': {
'MASTERKEY': metadata.get('gocryptfs/masterkey'),
'SOCKET': f'/var/run/gocryptfs/{options["id"]}',
'PLAIN': path,
'CIPHER': options["mountpoint"]
},
'ExecStart': [
'/usr/bin/gocryptfs -fg -reverse -masterkey $MASTERKEY -ctlsock $SOCKET $PLAIN $CIPHER',
],
'ExecStopPost': [
'/usr/bin/umount $CIPHER'
],
},
},
'needs': [
'pkg_apt:gocryptfs',
'pkg_apt:fuse',
'pkg_apt:socat',
'file:/etc/gocryptfs/masterkey',
'file:/etc/gocryptfs/gocryptfs.conf',
],
'triggers': [
f'svc_systemd:gocryptfs-{options["id"]}:restart',
],
}
return { return {
'gocryptfs': gocryptfs, 'systemd': {
'services': services,
},
} }

12
bundles/systemd/items.py
View file

@ -12,13 +12,7 @@ actions = {
}, },
} }
for name, service in node.metadata.get('systemd', {}).get('services', {}).items(): for name, service in node.metadata.get('systemd/services').items():
# use set() in metadata
for enumerator in [
'preceded_by', 'needs', 'needed_by', 'triggers', 'triggered_by'
]:
assert isinstance(service.get(enumerator, set()), set)
# dont call a service 'service' explicitly # dont call a service 'service' explicitly
if name.endswith('.service'): if name.endswith('.service'):
raise Exception(name) raise Exception(name)
@ -46,7 +40,9 @@ for name, service in node.metadata.get('systemd', {}).get('services', {}).items(
} }
# service depends on unit file # service depends on unit file
service.setdefault('needs', set()).add(f'file:{unit_path}') service\
.setdefault('needs', [])\
.append(f'file:{unit_path}')
# service # service
svc_systemd[name] = service svc_systemd[name] = service

5
bundles/systemd/metadata.py Normal file
View file

@ -0,0 +1,5 @@
defaults = {
'systemd': {
'services': {},
}
}

5
nodes/htz.mails.py
View file

@ -88,5 +88,10 @@
}, },
}, },
}, },
'archive': {
'paths': {
'/var/test': {},
},
},
}, },
} }