Merge branch 'master' into local

2020-04-26 16:42:30 +02:00 · 2020-04-26 16:42:30 +02:00 · 47e1267097
parent cd6c02d16c 04b7f240eb
commit 47e1267097
11 changed files with 140 additions and 36 deletions
--- a/cdist/conf/type/__openldap_server/man.rst
+++ b/cdist/conf/type/__openldap_server/man.rst
@ -92,6 +92,9 @@ tls-ca
    Required if `tls-cert` is defined.
    Path in the remote hosts to the PEM-encoded CA certificate file.
 extra-config
    Custom settings to be added in `slapd.conf(5)`.
 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
--- a/cdist/conf/type/__pf_apply/deprecated
+++ b/cdist/conf/type/__pf_apply/deprecated
@ -0,0 +1 @@
 Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply.
--- a/cdist/conf/type/__pf_apply_anchor/gencode-remote
+++ b/cdist/conf/type/__pf_apply_anchor/gencode-remote
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 #
-# 2012 Jake Guffey (jake.guffey at eprotex.com)
+# 2016 Kamila Součková (coding at kamila.is)
 #
 # This file is part of cdist.
 #
@ -21,10 +21,6 @@
 # Apply pf(4) ruleset on *BSD
 #
 # Debug
 # exec >&2
 #set -x
 ANCHORS_DIR="/etc/pf.d"
 if [ -f "${__object}/parameter/anchor_name" ]; then
@ -35,6 +31,3 @@ fi
 anchor_file="${ANCHORS_DIR}/${anchor_name}"
 echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\""
 # Debug
 #set +x
--- a/cdist/conf/type/__pf_apply_anchor/man.rst
+++ b/cdist/conf/type/__pf_apply_anchor/man.rst
@ -0,0 +1,62 @@
 cdist-type__pf_apply_anchor(7)
 ==============================
 NAME
 ----
 cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host
 DESCRIPTION
 -----------
 This type is used on \*BSD systems to manage anchors for the pf firewall.
 Notice this type does not take care of copying the ruleset, that must be
 done by the user with, e.g. `__file`.
 OPTIONAL PARAMETERS
 -------------------
 anchor_name
   The name of the anchor to apply. If not set, `${__object_id}` is used.
   This type requires `/etc/pf.d/${anchor_name}` to exist on
   `$__target_host`.
 EXAMPLES
 --------
 .. code-block:: sh
    # Copy anchor file to ${__target_host}
    __file "/etc/pf.d/80_dns" --source - <<EOF
    # Managed remotely, changes will be lost
    pass quick proto {tcp,udp} from any to any port domain
    EOF
    # Apply the anchor
    require="__file/etc/pf.d/80_dns" __pf_apply_anchor 80_dns
    # This is roughly equivalent to:
    #   pfctl -a "${anchor_name}" -f "/etc/pf.d/${anchor_name}"
 SEE ALSO
 --------
 :strong:`pf`\ (4)
 AUTHORS
 -------
 Evilham <contact--@--evilham.com>
 Kamila Součková <coding--@--kamila.is>
 Jake Guffey <jake.guffey--@--eprotex.com>
 COPYING
 -------
 Copyright \(C) 2020 Evilham.
 Copyright \(C) 2016 Kamila Součková.
 Copyright \(C) 2012 Jake Guffey. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.
--- a/cdist/conf/type/__pf_ruleset/man.rst
+++ b/cdist/conf/type/__pf_ruleset/man.rst
@ -10,6 +10,9 @@ DESCRIPTION
 -----------
 This type is used on \*BSD systems to manage the pf firewall's ruleset.
 It will also enable and disable the pf firewall as requested in the `state`
 parameter.
 REQUIRED PARAMETERS
 -------------------
@ -20,9 +23,8 @@ state
 OPTIONAL PARAMETERS
 -------------------
 source
-   If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
+   Required when state is "present".
-   Note that this type is almost useless without a ruleset defined, but it's technically not
+   Defines the ruleset to load onto the $__target_host for `pf(4)`.
   needed, e.g. for the case of disabling the firewall temporarily.
 EXAMPLES
@ -30,10 +32,10 @@ EXAMPLES
 .. code-block:: sh
-    # Remove the current ruleset in place
+    # Remove the current ruleset in place and disable pf
    __pf_ruleset --state absent
-    # Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
+    # Enable pf with the ruleset defined in $__manifest/files/pf.conf
    __pf_ruleset --state present --source $__manifest/files/pf.conf
@ -44,11 +46,13 @@ SEE ALSO
 AUTHORS
 -------
 Kamila Součková <coding--@--kamila.is>
 Jake Guffey <jake.guffey--@--eprotex.com>
 COPYING
 -------
 Copyright \(C) 2016 Kamila Součková.
 Copyright \(C) 2012 Jake Guffey. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
--- a/cdist/conf/type/__pf_ruleset/manifest
+++ b/cdist/conf/type/__pf_ruleset/manifest
@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2016 Kamila Součková (kamila at ksp.sk)
+# 2016 Kamila Součková (coding at kamila.is)
 #
 # This file is part of cdist.
 #
@ -21,33 +21,26 @@
 # Manage pf(4) on *BSD
 #
-# Debug
+rcvar="$(cat "${__object}/explorer/rcvar")"
-#exec >&2
+state="$(cat "${__object}/parameter/state")"
-#set -x
+if [ -f "${__object}/parameter/source" ]; then
-
+    source="$(cat "${__object}/parameter/source")"
 rcvar=$(cat "$__object/explorer/rcvar")
 state=$(cat "$__object/parameter/state")
 if [ -f "$__object/parameter/source" ]; then
    source=$(cat "$__object/parameter/source")
 fi
-if [ "$state" = "absent" ]; then
+if [ "${state}" = "absent" ]; then
    action="/etc/rc.d/pf stop"
 else
    action="/etc/rc.d/pf reload || /etc/rc.d/pf start"
 fi
 __key_value __pf_ruleset/rcvar \
-    --state "$state" \
+    --state "${state}" \
    --file /etc/rc.conf \
    --delimiter "=" \
    --key "pf_enable" \
    --value "YES"
-require="${require} __key_value/__pf_ruleset/rcvar" __config_file $rcvar \
+require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \
-    --source "$source" \
+    --source "${source}" \
-    --state "$state" \
+    --state "${state}" \
-    --onchange "$action"
+    --onchange "${action}"
 # Debug
 #exec +x
--- a/cdist/conf/type/__postgres_database/gencode-remote
+++ b/cdist/conf/type/__postgres_database/gencode-remote
@ -43,8 +43,29 @@ if [ "$state_should" != "$state_is" ]; then
         if [ -f "$__object/parameter/owner" ]; then
            owner="-O \"$(cat "$__object/parameter/owner")\""
         fi
         template=""
         if [ -f "$__object/parameter/template" ]; then
            template="--template \"$(cat "$__object/parameter/template")\""
         fi
         encoding=""
         if [ -f "$__object/parameter/encoding" ]; then
            encoding="--encoding \"$(cat "$__object/parameter/encoding")\""
         fi
         lc_collate=""
         if [ -f "$__object/parameter/lc-collate" ]; then
            lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\""
         fi
         lc_ctype=""
         if [ -f "$__object/parameter/lc-ctype" ]; then
            lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\""
         fi
         cat << EOF
-su - '$postgres_user' -c "createdb $owner \"$name\""
+su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype"
 EOF
      ;;
      absent)
--- a/cdist/conf/type/__postgres_database/man.rst
+++ b/cdist/conf/type/__postgres_database/man.rst
@ -14,10 +14,22 @@ This cdist type allows you to create or drop postgres databases.
 OPTIONAL PARAMETERS
 -------------------
 state
-   either 'present' or 'absent', defaults to 'present'.
+   Either 'present' or 'absent', defaults to 'present'.
 owner
-   the role owning this database
+   Specifies the database user who will own the new database.
 encoding
   Specifies the character encoding scheme to be used in this database.
 lc-collate
   Specifies the LC_COLLATE setting to be used in this database.
 lc-ctype
   Specifies the LC_CTYPE setting to be used in this database.
 template
   Specifies the template database from which to build this database.
 EXAMPLES
--- a/cdist/conf/type/__postgres_database/parameter/optional
+++ b/cdist/conf/type/__postgres_database/parameter/optional
@ -1,2 +1,6 @@
 state
 owner
 encoding
 lc-collate
 lc-ctype
 template
--- a/cdist/configuration.py
+++ b/cdist/configuration.py
@ -274,7 +274,8 @@ class Configuration(metaclass=Singleton):
             os.path.isfile(_local_config_file))):
        _local_config_file = os.path.join(
            os.environ.get('XDG_CONFIG_HOME',
-                           os.path.expanduser('~/.config/cdist')),
+                           os.path.expanduser('~/.config/')),
            'cdist',
            _config_basename)
    _dist_config_file = os.path.join(
        os.path.abspath(os.path.join(os.path.dirname(cdist.__file__), "conf")),
--- a/docs/changelog
+++ b/docs/changelog
@ -1,6 +1,16 @@
 Changelog
 ---------
 next:
 	* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
 	* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)
 	* Type __motd: Improve documentation and support for FreeBSD (Evil Ham)
 	* Type __openldap_server: Support extra config parameter (Evil Ham)
 	* Type __postfix: Automagically support more OSs by not checking too much (Evil Ham)
 	* New type: __pf_apply_anchor (Kamila Součková, Evil Ham)
 	* Type __pf_ruleset: Refactor (Kamila Součková, Evil Ham)
 	* Type __pf_apply: Deprecate type (Kamila Součková, Evil Ham)
 6.5.4: 2020-04-11
 	* Explorer init: Do not grep on non-existent init (Steven Armstrong)
 	* Core: Bugfix to preserve conf dirs order (Steven Armstrong)
		`@ -0,0 +1 @@`
							`Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply.`