bundles/bind/items.py

@@ -1,5 +1,7 @@
 from ipaddress import ip_address, ip_interface
 from datetime import datetime
+import json
+from bundlewrap.metadata import MetadataJSONEncoder
 from hashlib import sha3_512
 
 
@@ -130,7 +132,7 @@ for view_name, view_conf in master_node.metadata.get('bind/views').items():
                 'svc_systemd:bind9:restart',
             ],
         }
-
+        
 
 svc_systemd['bind9'] = {}
 

bundles/gitea/files/app.ini

@@ -1,4 +1,3 @@
-[DEFAULT]
 APP_NAME = ckn-gitea
 RUN_USER = git
 RUN_MODE = prod
@@ -14,24 +13,40 @@ MEMBERS_PAGING_NUM = 100
 
 [server]
 PROTOCOL = http
+SSH_DOMAIN = ${domain}
+DOMAIN = ${domain}
 HTTP_ADDR = 0.0.0.0
 HTTP_PORT = 3500
+ROOT_URL = https://${domain}/
 DISABLE_SSH = true
 SSH_PORT = 22
 LFS_START_SERVER = true
 LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
+LFS_JWT_SECRET = ${lfs_secret_key}
 OFFLINE_MODE = true
 START_SSH_SERVER = false
 DISABLE_ROUTER_LOG = true
 LANDING_PAGE = explore
 
+[database]
+DB_TYPE = postgres
+HOST = ${database.get('host')}:${database.get('port')}
+NAME = ${database.get('database')}
+USER = ${database.get('username')}
+PASSWD = ${database.get('password')}
+SSL_MODE = disable
+LOG_SQL = false
+
 [admin]
 DEFAULT_EMAIL_NOTIFICATIONS = onmention
 DISABLE_REGULAR_ORG_CREATION = true
 
 [security]
+INTERNAL_TOKEN = ${internal_token}
 INSTALL_LOCK = true
+SECRET_KEY = ${security_secret_key}
 LOGIN_REMEMBER_DAYS = 30
+DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
 
 [openid]
 ENABLE_OPENID_SIGNIN = false
@@ -47,6 +62,12 @@ REQUIRE_SIGNIN_VIEW = false
 DEFAULT_KEEP_EMAIL_PRIVATE = true
 DEFAULT_ALLOW_CREATE_ORGANIZATION = false
 DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.${domain}
+
+[mailer]
+ENABLED = true
+MAILER_TYPE = sendmail
+FROM = "${app_name}" <noreply@${domain}>
 
 [session]
 PROVIDER = file
@@ -59,6 +80,9 @@ ENABLE_FEDERATED_AVATAR = false
 MODE = console
 LEVEL = warn
 
+[oauth2]
+JWT_SECRET = ${oauth_secret_key}
+
 [other]
 SHOW_FOOTER_BRANDING = true
 SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

bundles/gitea/items.py

@@ -1,7 +1,3 @@
-from os.path import join
-from bundlewrap.utils.dicts import merge_dict
-
-
 version = version=node.metadata.get('gitea/version')
 
 downloads['/usr/local/bin/gitea'] = {
@@ -38,12 +34,7 @@ actions = {
 }
 
 files['/etc/gitea/app.ini'] = {
-    'content': repo.libs.ini.dumps(
+    'content_type': 'mako',
-        merge_dict(
-            repo.libs.ini.parse(open(join(repo.path, 'bundles', 'gitea', 'files', 'app.ini')).read()),
-            node.metadata.get('gitea/conf'),
-        ),
-    ),
     'owner': 'git',
     'context': node.metadata['gitea'],
     'triggers': {

bundles/gitea/metadata.py

@@ -11,7 +11,18 @@ defaults = {
         },
     },
     'gitea': {
-        'conf': {},
+        'database': {
+            'host': 'localhost',
+            'port': '5432',
+            'username': 'gitea',
+            'password': database_password,
+            'database': 'gitea',
+        },
+        'app_name': 'Gitea',
+        'lfs_secret_key': repo.vault.password_for(f'{node.name} gitea lfs_secret_key', length=43),
+        'security_secret_key': repo.vault.password_for(f'{node.name} gitea security_secret_key'),
+        'oauth_secret_key': repo.vault.password_for(f'{node.name} gitea oauth_secret_key', length=43),
+        'internal_token': repo.vault.password_for(f'{node.name} gitea internal_token'),
     },
     'postgresql': {
         'roles': {
@@ -58,45 +69,6 @@ defaults = {
 }
 
 
-@metadata_reactor.provides(
-    'gitea/conf',
-)
-def conf(metadata):
-    domain = metadata.get('gitea/domain')
-
-    return {
-        'gitea': {
-            'conf': {
-                'server': {
-                    'SSH_DOMAIN': domain,
-                    'DOMAIN': domain,
-                    'ROOT_URL': f'https://{domain}/',
-                    'LFS_JWT_SECRET': repo.vault.password_for(f'{node.name} gitea lfs_secret_key', length=43),
-                },
-                'security': {
-                    'INTERNAL_TOKEN': repo.vault.password_for(f'{node.name} gitea internal_token'),
-                    'SECRET_KEY': repo.vault.password_for(f'{node.name} gitea security_secret_key'),
-                },
-                'database': {
-                    'DB_TYPE': 'postgres',
-                    'HOST': 'localhost:5432',
-                    'NAME': 'gitea',
-                    'USER': 'gitea',
-                    'PASSWD': database_password,
-                    'SSL_MODE': 'disable',
-                    'LOG_SQL': 'false',
-                },
-                'service': {
-                    'NO_REPLY_ADDRESS': f'noreply.{domain}',
-                },
-                'oauth2': {
-                    'JWT_SECRET': repo.vault.password_for(f'{node.name} gitea oauth_secret_key', length=43),
-                },
-            },
-        },
-    }
-
-
 @metadata_reactor.provides(
     'zfs/datasets',
 )

bundles/nextcloud/files/managed.config.php

@@ -39,5 +39,4 @@ $CONFIG = array (
   "logfile" => "",
   "loglevel" => 3,
   "default_phone_region" => "DE",
-  "versions_retention_obligation" => "auto, 90",
 );

bundles/nextcloud/files/rescan

@@ -2,4 +2,4 @@
 
 php /opt/nextcloud/occ files:scan --all
 php /opt/nextcloud/occ files:scan-app-data
-#php /opt/nextcloud/occ preview:generate-all
+php /opt/nextcloud/occ preview:generate-all

bundles/samba/files/smb.conf

@@ -1,18 +1,16 @@
 [global]
-  workgroup = WORKGROUP
+   workgroup = WORKGROUP
-  logging = syslog
+   logging = syslog
-  panic action = /usr/share/samba/panic-action %d
+   panic action = /usr/share/samba/panic-action %d
-  server role = standalone server
+   server role = standalone server
-  obey pam restrictions = yes
+   obey pam restrictions = yes
-  unix password sync = no
+   unix password sync = no
-  server min protocol = SMB3
+   server min protocol = SMB3
-  server smb encrypt = required
+   server smb encrypt = required
-  local master = yes
-  preferred master = yes
 
 % for name, confs in shares.items():
 [${name}]
 % for key, value in confs.items():
-  ${key} = ${value}
+   ${key} = ${value}
 % endfor
 % endfor

bundles/ssh/files/ssh_config

@@ -4,7 +4,6 @@ Host *
     GSSAPIAuthentication yes
     StrictHostKeyChecking yes
     GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
-    # fixme: prevents backup server from sleeping
+    ControlMaster auto
-    # ControlMaster auto
+    ControlPath ~/.ssh/multiplex-%C
-    # ControlPath ~/.ssh/multiplex-%C
+    ControlPersist 5m
-    # ControlPersist 5m

libs/ini.py

@@ -1,7 +1,5 @@
 from configparser import ConfigParser
 import json
-from bundlewrap.metadata import MetadataJSONEncoder
-
 
 class Writable():
     data = ''
@@ -16,14 +14,14 @@ class CaseSensitiveConfigParser(ConfigParser):
 def parse(text):
     config = CaseSensitiveConfigParser()
     config.read_string(text)
-
+    
     return {
         section: dict(config.items(section))
             for section in config.sections()
     }
 
 def dumps(dict):
-    sorted_dict = json.loads(json.dumps(dict, sort_keys=True, cls=MetadataJSONEncoder))
+    sorted_dict = json.loads(json.dumps(dict, sort_keys=True))
 
     parser = CaseSensitiveConfigParser()
     parser.read_dict(sorted_dict)

nodes/home.server.py

@@ -63,16 +63,6 @@
             'version': '1.17.1',
             'sha256': 'eafd476ee2a303d758448314272add00898d045439ab0d353ff4286c5e63496f',
             'domain': 'git.sublimity.de',
-            'conf': {
-                'mailer': {
-                    'ENABLED': True,
-                    'FROM': 'gitea@sublimity.de',
-                    'MAILER_TYPE': 'smtp',
-                    'HOST': 'mail.sublimity.de:587',
-                    'USER': 'gitea@sublimity.de',
-                    'PASSWD': '!decrypt:encrypt$gAAAAABjIlbZprmcIe_YktYgTU85VRSRz1MkyA7lNSDptWzGMrZ1N_YUXWoAIjWp4Lrmi8J0XYH9Pazhmz1vaIGUqUEsEnJXNh5n6-0Z0gcpePFC7x-Aj_M=',
-                },
-            },
         },
         'gollum': {
             'domain': 'wiki.sublimity.de',