From fc945d7f04f9f8519d7208db81bb798a5dc576cf Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Fri, 25 Jun 2021 18:19:11 +0200
Subject: [PATCH] wip

---
 bundles/backup-server/metadata.py    | 15 +++++++++++++--
 bundles/backup/metadata.py           |  3 +++
 bundles/users/metadata.py            |  5 +----
 groups/all.py                        |  2 +-
 groups/applications/backup-server.py |  6 ++++++
 nodes/home.backups.py                |  1 +
 6 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 groups/applications/backup-server.py

diff --git a/bundles/backup-server/metadata.py b/bundles/backup-server/metadata.py
index 2d3439d..ceb87bb 100644
--- a/bundles/backup-server/metadata.py
+++ b/bundles/backup-server/metadata.py
@@ -10,5 +10,16 @@ defaults = {
 @metadata_reactor.provides(
     'users/backup-receiver/authorized_keys'
 )
-def backup_authorized_keys():
-    return
+def backup_authorized_keys(metadata):
+    return {
+        'users': {
+            'backup-receiver': {
+                'authorized_keys': [
+                    other_node.metadata.get('users/backup/pubkey')
+                        for other_node in repo.nodes
+                        if other_node.has_bundle('backup')
+                        and other_node.metadata.get('backup/server') == node.name
+                ],
+            },
+        },
+    }
diff --git a/bundles/backup/metadata.py b/bundles/backup/metadata.py
index 5002518..a525f7a 100644
--- a/bundles/backup/metadata.py
+++ b/bundles/backup/metadata.py
@@ -8,4 +8,7 @@ defaults = {
         'server': None,
         'paths': [],
     },
+    'users': {
+        'backup': {},
+    },
 }
diff --git a/bundles/users/metadata.py b/bundles/users/metadata.py
index 7582baf..9c5e2b2 100644
--- a/bundles/users/metadata.py
+++ b/bundles/users/metadata.py
@@ -30,10 +30,7 @@ def user(metadata):
         if not 'shell' in config:
             users[name]['shell'] = '/bin/bash'
             
-        if not 'password_hash' in config:
-            users[name]['password_hash'] = 'x' if node.use_shadow_passwords else '*'
-
-        if not 'privkey' in users[name]:
+        if not 'privkey' in users[name] and not 'pubkey' in users[name]:
             privkey, pubkey = repo.libs.ssh.generate_ad25519_key_pair(
                 b64decode(str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32)))
             )
diff --git a/groups/all.py b/groups/all.py
index a494e82..348263b 100644
--- a/groups/all.py
+++ b/groups/all.py
@@ -5,7 +5,7 @@
     ],
     'metadata': {
         'backup': {
-            'server': 'backups.sublimity.de',
+            'server': 'home.backups',
         },
         'dns': {},
         'users': {
diff --git a/groups/applications/backup-server.py b/groups/applications/backup-server.py
new file mode 100644
index 0000000..1dd9a2f
--- /dev/null
+++ b/groups/applications/backup-server.py
@@ -0,0 +1,6 @@
+{
+    'bundles': [
+        'backup-server',
+        'zfs',
+    ],
+}
diff --git a/nodes/home.backups.py b/nodes/home.backups.py
index b3b2e68..16a2e84 100644
--- a/nodes/home.backups.py
+++ b/nodes/home.backups.py
@@ -2,6 +2,7 @@
     'hostname': '10.0.0.5',
     'groups': [
         'debian-10',
+        'backup-server',
     ],
     'bundles': [
         'zfs',