samba

nginx check less noise
postgres close firewall
2022-09-13 02:20:43 +02:00 · 2022-09-13 00:42:57 +02:00 · 2022-09-13 00:40:46 +02:00 · 2022-09-13 00:40:31 +02:00
8 changed files with 154 additions and 8 deletions
--- a/bundles/icinga2/metadata.py
+++ b/bundles/icinga2/metadata.py
@ -59,7 +59,7 @@ defaults = {
@metadata_reactor.provides(
-    'nginx/vhosts',
+    'letsencrypt/domains',
 )
 def letsencrypt(metadata):
    return {
--- a/bundles/icingaweb2/metadata.py
+++ b/bundles/icingaweb2/metadata.py
@ -118,7 +118,7 @@ defaults = {
@metadata_reactor.provides(
    'icingaweb2/hostname',
-    'icingaweb2/resources.ini/icinga_ido/icinga2/password',
+    'icingaweb2/resources.ini/icinga_ido/password',
    'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
 )
 def stuff(metadata):
--- a/bundles/nginx/metadata.py
+++ b/bundles/nginx/metadata.py
@ -109,7 +109,7 @@ def monitoring(metadata):
        'monitoring': {
            'services': {
                hostname: {
-                    'vars.command': f"/usr/bin/curl -X GET -IL --fail {quote(hostname + vhost.get('check_path', ''))}",
+                    'vars.command': f"/usr/bin/curl -X GET -L --fail --no-progress-meter -o /dev/null {quote(hostname + vhost.get('check_path', ''))}",
                }
                    for hostname, vhost in metadata.get('nginx/vhosts').items()
            },
--- a/bundles/postgresql/metadata.py
+++ b/bundles/postgresql/metadata.py
@ -14,11 +14,6 @@ defaults = {
            '/var/lib/postgresql',
        },
    },
    'nftables': {
        'input': {
            'tcp dport 5432 accept',
        },
    },
    'postgresql': {
        'conf': {},
        'roles': {
--- a/bundles/samba/files/smb.conf
+++ b/bundles/samba/files/smb.conf
@ -0,0 +1,16 @@
 [global]
   workgroup = WORKGROUP
   logging = syslog
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = no
   server min protocol = SMB3
   server smb encrypt = required
 % for name, confs in shares.items():
 [${name}]
 % for key, value in confs.items():
   ${key} = ${value}
 % endfor
 % endfor
--- a/bundles/samba/items.py
+++ b/bundles/samba/items.py
@ -0,0 +1,59 @@
 from shlex import quote
 files = {
    '/etc/samba/smb.conf': {
        'content_type': 'mako',
        'context': {
            'shares': {
                name: {
                    'comment': name,
                    'path': f'/var/lib/samba/usershares/{name}',
                    'valid users': name,
                    'public': 'no',
                    'writable': 'yes',
                    'browsable': 'yes',
                }
                    for name, conf in node.metadata.get('samba/shares').items()
            },
        },
        'needs': [
            'pkg_apt:samba',
        ],
        'triggers': [
            'svc_systemd:smbd.service:restart',
        ],
    },
 }
 directories = {
    '/var/lib/samba/usershares': {
        'mode': '1751',
    },
 }
 svc_systemd = {
    'smbd.service': {},
 }
 for name, conf in node.metadata.get('samba/shares').items():
    quoted_password = quote(str(conf['password']))
    actions[f'samba_password_{name}'] = {
        'command': f"(echo {quoted_password}; echo {quoted_password}) | smbpasswd -s -a {name}",
        'unless': f"echo {quoted_password} | smbclient -U {name} //localhost/{name} -c 'ls'",
        'needs': [
            f'user:{name}',
            'svc_systemd:smbd.service:restart',
        ],
    }
    directories[f'/var/lib/samba/usershares/{name}'] = {
        'owner': name,
        'group': name,
        'needs': [
            f'zfs_dataset:tank/samba/{name}',
        ],
    }
 # TTMx36kcLbdkdgOqvxjlX03tLCjgeyXq
--- a/bundles/samba/metadata.py
+++ b/bundles/samba/metadata.py
@ -0,0 +1,70 @@
 from importlib.metadata import metadata
 defaults = {
    'apt': {
        'packages': {
            'samba': {},
        },
    },
    'nftables': {
        'input': {
            'tcp dport 445 accept',
        },
    },
    'samba': {
        'shares': {},
    },
    'zfs': {
        'datasets': {
            'tank/samba': {
                'mountpoint': '/var/lib/samba',
            },
        },
    },
 }
@metadata_reactor.provides(
    'zfs/datasets',
 )
 def zfs(metadata):
    return {
        'zfs': {
            'datasets': {
                f'tank/samba/{name}': {
                    'mountpoint': f'/var/lib/samba/usershares/{name}',
                }
                    for name in metadata.get('samba/shares')
            },
        },
    }
@metadata_reactor.provides(
    'samba/shares',
 )
 def passwords(metadata):
    return {
        'samba': {
            'shares': {
                name: {
                    'password': repo.vault.password_for(f'samba {name}'),
                }
                    for name, conf in metadata.get('samba/shares').items()
                    if not conf.get('password', None)
            },
        },
    }
@metadata_reactor.provides(
    'users',
 )
 def users(metadata):
    return {
        'users': {
            name: {}
                for name in metadata.get('samba/shares')
        },
    }
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -25,6 +25,7 @@
        'mirror',
        'postgresql',
        'redis',
        'samba',
        'smartctl',
        'steam-chat-logger',
        'steam-chat-viewer',
@ -108,6 +109,11 @@
            'domain': 'homematic.ckn.li',
            'node': 'home.homematic',
        },
        'samba': {
            'shares': {
                'windows-backup': {},
            },
        },
        'steam_chat_logger': {
            'STEAM_USERNAME': 'snake_452',
            'STEAM_ID': 'STEAM_0:0:12376499',
Author	SHA1	Message	Date
cronekorkn	46b29ce4fb	samba	2022-09-13 02:20:43 +02:00
cronekorkn	440f270b25	nginx check less noise	2022-09-13 00:42:57 +02:00
cronekorkn	1797c784af	postgres close firewall	2022-09-13 00:40:46 +02:00
cronekorkn	fef8adad20	fix some metadata provides	2022-09-13 00:40:31 +02:00