Merge branch 'master' into local

2020-04-26 16:42:30 +02:00 · 2020-04-26 16:42:30 +02:00 · 47e1267097
parent cd6c02d16c 04b7f240eb
commit 47e1267097
11 changed files with 140 additions and 36 deletions
--- a/cdist/conf/type/__openldap_server/man.rst
+++ b/cdist/conf/type/__openldap_server/man.rst
@ -92,6 +92,9 @@ tls-ca
    Required if `tls-cert` is defined.
    Path in the remote hosts to the PEM-encoded CA certificate file.

+extra-config
+    Custom settings to be added in `slapd.conf(5)`.
+

 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
--- a/cdist/conf/type/__pf_apply/deprecated
+++ b/cdist/conf/type/__pf_apply/deprecated
@ -0,0 +1 @@
+Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply.
--- a/cdist/conf/type/__pf_apply_anchor/gencode-remote
+++ b/cdist/conf/type/__pf_apply_anchor/gencode-remote
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 #
-# 2012 Jake Guffey (jake.guffey at eprotex.com)
+# 2016 Kamila Součková (coding at kamila.is)
 #
 # This file is part of cdist.
 #
@ -21,10 +21,6 @@
 # Apply pf(4) ruleset on *BSD
 #

-# Debug
-# exec >&2
-#set -x
-
 ANCHORS_DIR="/etc/pf.d"

 if [ -f "${__object}/parameter/anchor_name" ]; then
@ -35,6 +31,3 @@ fi
 anchor_file="${ANCHORS_DIR}/${anchor_name}"

 echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\""
-
-# Debug
-#set +x
--- a/cdist/conf/type/__pf_apply_anchor/man.rst
+++ b/cdist/conf/type/__pf_apply_anchor/man.rst
@ -0,0 +1,62 @@
+cdist-type__pf_apply_anchor(7)
+==============================
+
+NAME
+----
+cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host
+
+
+DESCRIPTION
+-----------
+This type is used on \*BSD systems to manage anchors for the pf firewall.
+
+Notice this type does not take care of copying the ruleset, that must be
+done by the user with, e.g. `__file`.
+
+
+OPTIONAL PARAMETERS
+-------------------
+anchor_name
+   The name of the anchor to apply. If not set, `${__object_id}` is used.
+   This type requires `/etc/pf.d/${anchor_name}` to exist on
+   `$__target_host`.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Copy anchor file to ${__target_host}
+    __file "/etc/pf.d/80_dns" --source - <<EOF
+    # Managed remotely, changes will be lost
+
+    pass quick proto {tcp,udp} from any to any port domain
+    EOF
+
+    # Apply the anchor
+    require="__file/etc/pf.d/80_dns" __pf_apply_anchor 80_dns
+    # This is roughly equivalent to:
+    #   pfctl -a "${anchor_name}" -f "/etc/pf.d/${anchor_name}"
+
+
+SEE ALSO
+--------
+:strong:`pf`\ (4)
+
+
+AUTHORS
+-------
+Evilham <contact--@--evilham.com>
+Kamila Součková <coding--@--kamila.is>
+Jake Guffey <jake.guffey--@--eprotex.com>
+
+
+COPYING
+-------
+Copyright \(C) 2020 Evilham.
+Copyright \(C) 2016 Kamila Součková.
+Copyright \(C) 2012 Jake Guffey. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
--- a/cdist/conf/type/__pf_ruleset/man.rst
+++ b/cdist/conf/type/__pf_ruleset/man.rst
@ -10,6 +10,9 @@ DESCRIPTION
 -----------
 This type is used on \*BSD systems to manage the pf firewall's ruleset.

+It will also enable and disable the pf firewall as requested in the `state`
+parameter.
+

 REQUIRED PARAMETERS
 -------------------
@ -20,9 +23,8 @@ state
 OPTIONAL PARAMETERS
 -------------------
 source
-   If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
-   Note that this type is almost useless without a ruleset defined, but it's technically not
-   needed, e.g. for the case of disabling the firewall temporarily.
+   Required when state is "present".
+   Defines the ruleset to load onto the $__target_host for `pf(4)`.


 EXAMPLES
@ -30,10 +32,10 @@ EXAMPLES

 .. code-block:: sh

-    # Remove the current ruleset in place
+    # Remove the current ruleset in place and disable pf
    __pf_ruleset --state absent

-    # Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
+    # Enable pf with the ruleset defined in $__manifest/files/pf.conf
    __pf_ruleset --state present --source $__manifest/files/pf.conf


@ -44,11 +46,13 @@ SEE ALSO

 AUTHORS
 -------
+Kamila Součková <coding--@--kamila.is>
 Jake Guffey <jake.guffey--@--eprotex.com>


 COPYING
 -------
+Copyright \(C) 2016 Kamila Součková.
 Copyright \(C) 2012 Jake Guffey. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
--- a/cdist/conf/type/__pf_ruleset/manifest
+++ b/cdist/conf/type/__pf_ruleset/manifest
@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2016 Kamila Součková (kamila at ksp.sk)
+# 2016 Kamila Součková (coding at kamila.is)
 #
 # This file is part of cdist.
 #
@ -21,33 +21,26 @@
 # Manage pf(4) on *BSD
 #

-# Debug
-#exec >&2
-#set -x
-
-rcvar=$(cat "$__object/explorer/rcvar")
-state=$(cat "$__object/parameter/state")
-if [ -f "$__object/parameter/source" ]; then
-    source=$(cat "$__object/parameter/source")
+rcvar="$(cat "${__object}/explorer/rcvar")"
+state="$(cat "${__object}/parameter/state")"
+if [ -f "${__object}/parameter/source" ]; then
+    source="$(cat "${__object}/parameter/source")"
 fi

-if [ "$state" = "absent" ]; then
+if [ "${state}" = "absent" ]; then
    action="/etc/rc.d/pf stop"
 else
    action="/etc/rc.d/pf reload || /etc/rc.d/pf start"
 fi

 __key_value __pf_ruleset/rcvar \
-    --state "$state" \
+    --state "${state}" \
    --file /etc/rc.conf \
    --delimiter "=" \
    --key "pf_enable" \
    --value "YES"

-require="${require} __key_value/__pf_ruleset/rcvar" __config_file $rcvar \
-    --source "$source" \
-    --state "$state" \
-    --onchange "$action"
-
-# Debug
-#exec +x
+require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \
+    --source "${source}" \
+    --state "${state}" \
+    --onchange "${action}"
--- a/cdist/conf/type/__postgres_database/gencode-remote
+++ b/cdist/conf/type/__postgres_database/gencode-remote
@ -43,8 +43,29 @@ if [ "$state_should" != "$state_is" ]; then
         if [ -f "$__object/parameter/owner" ]; then
            owner="-O \"$(cat "$__object/parameter/owner")\""
         fi
+
+         template=""
+         if [ -f "$__object/parameter/template" ]; then
+            template="--template \"$(cat "$__object/parameter/template")\""
+         fi
+
+         encoding=""
+         if [ -f "$__object/parameter/encoding" ]; then
+            encoding="--encoding \"$(cat "$__object/parameter/encoding")\""
+         fi
+
+         lc_collate=""
+         if [ -f "$__object/parameter/lc-collate" ]; then
+            lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\""
+         fi
+
+         lc_ctype=""
+         if [ -f "$__object/parameter/lc-ctype" ]; then
+            lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\""
+         fi
+
         cat << EOF
-su - '$postgres_user' -c "createdb $owner \"$name\""
+su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype"
 EOF
      ;;
      absent)
--- a/cdist/conf/type/__postgres_database/man.rst
+++ b/cdist/conf/type/__postgres_database/man.rst
@ -14,10 +14,22 @@ This cdist type allows you to create or drop postgres databases.
 OPTIONAL PARAMETERS
 -------------------
 state
-   either 'present' or 'absent', defaults to 'present'.
+   Either 'present' or 'absent', defaults to 'present'.

 owner
-   the role owning this database
+   Specifies the database user who will own the new database.
+
+encoding
+   Specifies the character encoding scheme to be used in this database.
+
+lc-collate
+   Specifies the LC_COLLATE setting to be used in this database.
+
+lc-ctype
+   Specifies the LC_CTYPE setting to be used in this database.
+
+template
+   Specifies the template database from which to build this database.


 EXAMPLES
--- a/cdist/conf/type/__postgres_database/parameter/optional
+++ b/cdist/conf/type/__postgres_database/parameter/optional
@ -1,2 +1,6 @@
 state
 owner
+encoding
+lc-collate
+lc-ctype
+template
--- a/cdist/configuration.py
+++ b/cdist/configuration.py
@ -274,7 +274,8 @@ class Configuration(metaclass=Singleton):
             os.path.isfile(_local_config_file))):
        _local_config_file = os.path.join(
            os.environ.get('XDG_CONFIG_HOME',
-                           os.path.expanduser('~/.config/cdist')),
+                           os.path.expanduser('~/.config/')),
+            'cdist',
            _config_basename)
    _dist_config_file = os.path.join(
        os.path.abspath(os.path.join(os.path.dirname(cdist.__file__), "conf")),
--- a/docs/changelog
+++ b/docs/changelog
@ -1,6 +1,16 @@
 Changelog
 ---------

+next:
+	* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
+	* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)
+	* Type __motd: Improve documentation and support for FreeBSD (Evil Ham)
+	* Type __openldap_server: Support extra config parameter (Evil Ham)
+	* Type __postfix: Automagically support more OSs by not checking too much (Evil Ham)
+	* New type: __pf_apply_anchor (Kamila Součková, Evil Ham)
+	* Type __pf_ruleset: Refactor (Kamila Součková, Evil Ham)
+	* Type __pf_apply: Deprecate type (Kamila Součková, Evil Ham)
+
 6.5.4: 2020-04-11
 	* Explorer init: Do not grep on non-existent init (Steven Armstrong)
 	* Core: Bugfix to preserve conf dirs order (Steven Armstrong)
				`@ -0,0 +1 @@`
				`Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply.`