Commit graph

1570 commits

Author SHA1 Message Date
b276bf8741 Types to install fail2ban
- Install fail2ban server and client
- Configure path overrides
- Enable and configure jails
2021-05-04 17:44:30 +01:00
Dennis Camera
bd8ab8f26f [type/__sshd_config] Document "bug" in state explorer 2021-01-05 17:02:42 +01:00
Dennis Camera
8753b7eedf [type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
They were incorrectly treated as non-singleton options before.

cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2021-01-05 16:59:04 +01:00
Dennis Camera
766198912d [type/__sshd_config] Produce error if invalid config file is generated
Previously, cdist would silently swallow the error (no invalid config file was
generated).

Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.

e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:

    set -e
    cmp -s old new || {
        # check config file and update it
        sshd -t -f new \
        && cat new >old
    }

or compressed:

    set -e
    false || { false && true; }
    echo $?
    # prints 1
2021-01-05 15:50:21 +01:00
Mark Verboom
8dc2c4207c Added optional dirmode parameter to set the mode of (optional) the directory. 2020-12-18 11:16:28 +01:00
f87da8150c Merge branch 'type/__debian_backports' into 'master'
__apt_backports type

See merge request ungleich-public/cdist!964
2020-12-13 16:03:31 +01:00
27aca06fb8 __apt_backports: undo __apt_update_index call
Becuase it is already done by __apt_source.
2020-12-12 17:34:51 +01:00
fca35fc858 __apt_backports: fix explorer call
s/-/_/ because the explorers are following an other convention :-)
2020-12-12 17:29:58 +01:00
645734c629 [explorer/os_version] Improve FreeBSD support.
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.

For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
2020-12-12 12:15:17 +01:00
fafa3d9ea5 __apt_backports: update index if required
This type now automatically calls the type __apt_update_index to update
the package index if something changed.
2020-12-12 10:00:23 +01:00
49aec0b5e4 __apt_backports: list supported OSes
The manpage now lists all OSes where this type supports backports.
2020-12-12 09:40:47 +01:00
c4d19a2319 __debian_backports -> __apt_backports; add wider os support
As discussed in the chat, this type now supports a broader list of OSes
which it supports backports for. Because of this, it was renamed to
something more generic. "apt" should fit in.
2020-12-12 09:36:17 +01:00
0d96b31b56 __debian_backports: pass shellcheck for sourced file
Because the sourced explorer can't be detected by shellcheck, it will be
completely disabled. Changing the path to /etc/os-release isn't
deterministic either.

The shellcheck wiki page suggests to use `source=/dev/null` instead of
`disable=SC1090`, but it was choosen to completely avoid that check ..
2020-12-11 18:13:44 +01:00
a5169ad858 new type __debian_backports
This new type will setup the backports distribution for the current
Debian release.
2020-12-10 21:24:26 +01:00
0546d6e476 Merge branch 'fix/__block/escape' into 'master'
__block: fix escaping in here-doc

Closes #838

See merge request ungleich-public/cdist!962
2020-12-08 19:36:45 +01:00
a1987fe410 Merge branch 'feature/__iptables_rule/ipv6' into 'master'
__iptables*: add IPv6 support

See merge request ungleich-public/cdist!959
2020-12-08 07:10:29 +01:00
c5ca4cd2e1 __block: securly quote via the quote function
Because the function already exists, it will be used for the file to be
changed, too. Therefor, no quotes are required for that value.

The prefix and suffix match was also improved: There is no regex check
any more (the regex did checked the whole line); instead it will do it
simple.
2020-12-07 19:59:05 +01:00
3930f69456 __block: fix escaping in here-doc
This changes the here-document to do not interpret any shell-things. It
also single-quotes some more strings that are printed to code-remote.

Fixes #838
2020-12-06 16:45:58 +01:00
087be130fa __iptables_apply: shorten copyright header
Do we need all the copyright header or is this sufficient? The licence
is given for cdist, but not on the target host. But it should be clear
anyway.
2020-12-04 19:23:49 +01:00
Dennis Camera
2d19856840 [type/__package_pkgng_freebsd] Set ASSUME_ALWAYS_YES instead of -y 2020-12-04 18:26:03 +01:00
ba7d16a155 __iptables_*: correct manpage spelling 2020-12-04 17:57:55 +01:00
a1db5c3d0e __iptables*: Update manpages for execution order
To make some thinks clear if someone needs it ..
2020-12-02 18:22:31 +01:00
bee255c1ae __iptables_apply: man updates 2020-12-02 18:04:50 +01:00
f568462e49 __iptables_rule: fix shellcheck SC2235 2020-12-02 17:48:41 +01:00
84172550df __iptables*: add IPv6 support
Because it currently only support IPv4. To implement this, it falls back
to IPv4 for backward compatibilty, but now supports rules for IPv6 and
both protocols at the same time.
2020-11-30 20:35:19 +01:00
a234445e85 Merge branch 'feature/type/__localedef' into 'master'
__localedef: Add new type to replace __locale

See merge request ungleich-public/cdist!951
2020-11-20 19:42:52 +01:00
58b28d2d75 Merge branch 'feature/type/__sshd_config' into 'master'
__sshd config: New type

See merge request ungleich-public/cdist!958
2020-11-19 19:33:49 +01:00
9d4f69250e __sshd config: New type 2020-11-19 19:33:47 +01:00
6c539d67af Merge branch 'fix/type/__hostname/fix-os-version-detection' into 'master'
__hostname: fix guessing of SuSE OS version

See merge request ungleich-public/cdist!953
2020-11-19 19:31:53 +01:00
Dennis Camera
87faffd875 [type/__localdef] Also check for aliases in state explorer 2020-11-14 11:45:31 +01:00
Dennis Camera
eeb9871919 [type/__localedef] glibc: Also delete aliases when removing a locale 2020-11-14 11:45:31 +01:00
Dennis Camera
575bb62dc5 [type/__localedef] Externalise functions to separate files 2020-11-14 11:45:31 +01:00
Dennis Camera
c1c60e3374 [type/__localedef] Blacklist OpenBSD and NetBSD 2020-11-14 11:45:31 +01:00
Dennis Camera
dcef2c19f5 [type/__localedef] Add support for FreeBSD 2020-11-14 11:45:31 +01:00
Dennis Camera
f44888f192 [type/__localedef] Only install dependencies in manifest. OS checking moved to gencode-remote 2020-11-14 11:45:31 +01:00
Dennis Camera
cc29e54b85 [type/__localedef] Differentiate between OSes and better handling of normalized locale names 2020-11-14 11:45:31 +01:00
Dennis Camera
54e689f7c2 [type/__localedef] Add state explorer 2020-11-14 10:48:18 +01:00
Dennis Camera
f75d477209 Deprecate __locale and replace with __localedef 2020-11-14 10:48:18 +01:00
105797ccb4 Merge branch 'feature/type/__hwclock' into 'master'
__hwclock: New type

See merge request ungleich-public/cdist!956
2020-11-13 06:35:58 +01:00
Dennis Camera
ebf471e8d0 [type/__hwclock] Add new type 2020-11-13 02:32:45 +01:00
Dennis Camera
87a0d91587 [type/__hostname] Fix OS version detection for SuSE
everything should be suse now…
2020-11-11 14:21:35 +01:00
Dennis Camera
702f3eba4f [type/__hostname] Remove opensuse-leap OS string
everything should be suse now…
2020-11-11 14:21:35 +01:00
Dennis Camera
3e48ef9e11 [type/__hostname] Lint
- Error if expected environment variables are unset
- Always wrap variable expansions in {}
2020-11-11 14:21:35 +01:00
a95eab77a5 __locale: add state explorer
.. so it doesn't execute code all the time.
2020-11-08 15:28:14 +01:00
fe8920740f Merge branch 'feature/__package_apt/recommends' into 'master'
__package_apt: add --install-recommends parameter

See merge request ungleich-public/cdist!949
2020-11-08 13:26:39 +01:00
729fdb9c1a Merge branch 'type/__dpkg_architecture' into 'master'
New type __dpkg_architecture

See merge request ungleich-public/cdist!948
2020-11-08 13:24:58 +01:00
1b3e1acd22 Merge branch 'feature/type/__hostname/openwrt-support' into 'master'
__hostname: Add support for OpenWrt

See merge request ungleich-public/cdist!947
2020-11-08 13:23:36 +01:00
77397514ca Merge branch 'fix/type/__file/pre-exists' into 'master'
__file: Fix --state pre-exists (this time for real)

See merge request ungleich-public/cdist!946
2020-11-08 13:22:06 +01:00
9fc6ee0948 __package_apt: add --install-recommends parameter
For a good reason, __package_apt doesn't install recommended packages as
default. But the option --install-recommends comes handy if you want to
install a package where you want to install all recommended packages
(and not to install all of them separately).

Also, the manpage now explains that the type won't install recommended
packages by default.
2020-11-08 13:19:46 +01:00
91bcc2a293 __dpkg_architecture: make type nonparallel
I think it's not good that dpkg or apt is running in parallel.
2020-11-07 21:03:38 +01:00