8 changed files with 8 additions and 154 deletions
--- a/bundles/icinga2/metadata.py
+++ b/bundles/icinga2/metadata.py
@ -59,7 +59,7 @@ defaults = {
@metadata_reactor.provides(
-    'letsencrypt/domains',
+    'nginx/vhosts',
 )
 def letsencrypt(metadata):
    return {
--- a/bundles/icingaweb2/metadata.py
+++ b/bundles/icingaweb2/metadata.py
@ -118,7 +118,7 @@ defaults = {
@metadata_reactor.provides(
    'icingaweb2/hostname',
-    'icingaweb2/resources.ini/icinga_ido/password',
+    'icingaweb2/resources.ini/icinga_ido/icinga2/password',
    'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
 )
 def stuff(metadata):
--- a/bundles/nginx/metadata.py
+++ b/bundles/nginx/metadata.py
@ -109,7 +109,7 @@ def monitoring(metadata):
        'monitoring': {
            'services': {
                hostname: {
-                    'vars.command': f"/usr/bin/curl -X GET -L --fail --no-progress-meter -o /dev/null {quote(hostname + vhost.get('check_path', ''))}",
+                    'vars.command': f"/usr/bin/curl -X GET -IL --fail {quote(hostname + vhost.get('check_path', ''))}",
                }
                    for hostname, vhost in metadata.get('nginx/vhosts').items()
            },
--- a/bundles/postgresql/metadata.py
+++ b/bundles/postgresql/metadata.py
@ -14,6 +14,11 @@ defaults = {
            '/var/lib/postgresql',
        },
    },
    'nftables': {
        'input': {
            'tcp dport 5432 accept',
        },
    },
    'postgresql': {
        'conf': {},
        'roles': {
--- a/bundles/samba/files/smb.conf
+++ b/bundles/samba/files/smb.conf
@ -1,16 +0,0 @@
 [global]
   workgroup = WORKGROUP
   logging = syslog
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = no
   server min protocol = SMB3
   server smb encrypt = required
 % for name, confs in shares.items():
 [${name}]
 % for key, value in confs.items():
   ${key} = ${value}
 % endfor
 % endfor
--- a/bundles/samba/items.py
+++ b/bundles/samba/items.py
@ -1,59 +0,0 @@
 from shlex import quote
 files = {
    '/etc/samba/smb.conf': {
        'content_type': 'mako',
        'context': {
            'shares': {
                name: {
                    'comment': name,
                    'path': f'/var/lib/samba/usershares/{name}',
                    'valid users': name,
                    'public': 'no',
                    'writable': 'yes',
                    'browsable': 'yes',
                }
                    for name, conf in node.metadata.get('samba/shares').items()
            },
        },
        'needs': [
            'pkg_apt:samba',
        ],
        'triggers': [
            'svc_systemd:smbd.service:restart',
        ],
    },
 }
 directories = {
    '/var/lib/samba/usershares': {
        'mode': '1751',
    },
 }
 svc_systemd = {
    'smbd.service': {},
 }
 for name, conf in node.metadata.get('samba/shares').items():
    quoted_password = quote(str(conf['password']))
    actions[f'samba_password_{name}'] = {
        'command': f"(echo {quoted_password}; echo {quoted_password}) | smbpasswd -s -a {name}",
        'unless': f"echo {quoted_password} | smbclient -U {name} //localhost/{name} -c 'ls'",
        'needs': [
            f'user:{name}',
            'svc_systemd:smbd.service:restart',
        ],
    }
    directories[f'/var/lib/samba/usershares/{name}'] = {
        'owner': name,
        'group': name,
        'needs': [
            f'zfs_dataset:tank/samba/{name}',
        ],
    }
 # TTMx36kcLbdkdgOqvxjlX03tLCjgeyXq
--- a/bundles/samba/metadata.py
+++ b/bundles/samba/metadata.py
@ -1,70 +0,0 @@
 from importlib.metadata import metadata
 defaults = {
    'apt': {
        'packages': {
            'samba': {},
        },
    },
    'nftables': {
        'input': {
            'tcp dport 445 accept',
        },
    },
    'samba': {
        'shares': {},
    },
    'zfs': {
        'datasets': {
            'tank/samba': {
                'mountpoint': '/var/lib/samba',
            },
        },
    },
 }
@metadata_reactor.provides(
    'zfs/datasets',
 )
 def zfs(metadata):
    return {
        'zfs': {
            'datasets': {
                f'tank/samba/{name}': {
                    'mountpoint': f'/var/lib/samba/usershares/{name}',
                }
                    for name in metadata.get('samba/shares')
            },
        },
    }
@metadata_reactor.provides(
    'samba/shares',
 )
 def passwords(metadata):
    return {
        'samba': {
            'shares': {
                name: {
                    'password': repo.vault.password_for(f'samba {name}'),
                }
                    for name, conf in metadata.get('samba/shares').items()
                    if not conf.get('password', None)
            },
        },
    }
@metadata_reactor.provides(
    'users',
 )
 def users(metadata):
    return {
        'users': {
            name: {}
                for name in metadata.get('samba/shares')
        },
    }
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -25,7 +25,6 @@
        'mirror',
        'postgresql',
        'redis',
        'samba',
        'smartctl',
        'steam-chat-logger',
        'steam-chat-viewer',
@ -109,11 +108,6 @@
            'domain': 'homematic.ckn.li',
            'node': 'home.homematic',
        },
        'samba': {
            'shares': {
                'windows-backup': {},
            },
        },
        'steam_chat_logger': {
            'STEAM_USERNAME': 'snake_452',
            'STEAM_ID': 'STEAM_0:0:12376499',