Handle signed-by option in __apt_source

Allow users to specify a GPG key fingerprint or keyring file to be
included as the 'signed-by' option.

cdist/conf/type/__apt_pin/manifest

@@ -57,6 +57,11 @@ __file "/etc/apt/preferences.d/$name" \
     --owner root --group root --mode 0644 \
     --state "$state" \
     --source - << EOF
+# Created by cdist ${__type##*/}
+# Do not change. Changes will be overwritten.
+#
+
+# $name
 Package: $package
 Pin: $pin
 Pin-Priority: $priority

cdist/conf/type/__apt_pin/parameter/default/priority

@@ -0,0 +1 @@
+500

cdist/conf/type/__apt_pin/parameter/optional

@@ -1,2 +1,3 @@
 state
 package
+priority

cdist/conf/type/__apt_pin/parameter/required

@@ -1,2 +1 @@
 distribution
-priority

cdist/conf/type/__apt_source/files/source.list.template

@@ -2,13 +2,14 @@
 set -u
 
 entry="$uri $distribution $component"
+
 cat << DONE
 # Created by cdist ${__type##*/}
 # Do not change. Changes will be overwritten.
 #
 
 # $name
-deb ${forcedarch} $entry
+deb ${options} $entry
 DONE
 if [ -f "$__object/parameter/include-src" ]; then
    echo "deb-src $entry"

cdist/conf/type/__apt_source/man.rst

@@ -23,6 +23,9 @@ OPTIONAL PARAMETERS
 arch
    set this if you need to force and specific arch (ubuntu specific)
 
+signed-by
+   provide a GPG key fingerprint or keyring path for signature checks
+
 state
    'present' or 'absent', defaults to 'present'
 
@@ -56,6 +59,11 @@ EXAMPLES
        --uri http://archive.canonical.com/ \
        --component partner --state present
 
+    __apt_source goaccess \
+       --uri http://deb.goaccess.io/ \
+       --component main \
+       --signed-by C03B48887D5E56B046715D3297BD1A0133449C3D
+   
 
 AUTHORS
 -------

cdist/conf/type/__apt_source/manifest

@@ -31,9 +31,15 @@ fi
 component="$(cat "$__object/parameter/component")"
 
 if [ -f "$__object/parameter/arch" ]; then
-   forcedarch="[arch=$(cat "$__object/parameter/arch")]"
-else
-   forcedarch=""
+   options="arch=$(cat "$__object/parameter/arch")"
+fi
+
+if [ -f "$__object/parameter/signed-by" ]; then
+   options="$options signed-by=$(cat "$__object/parameter/signed-by")"
+fi
+
+if [ "$options" != "" ]; then
+    options="[$options]"
 fi
 
 # export variables for use in template
@@ -41,7 +47,7 @@ export name
 export uri
 export distribution
 export component
-export forcedarch
+export options
 
 # generate file from template
 mkdir "$__object/files"

cdist/conf/type/__apt_source/parameter/optional

@@ -1,4 +1,5 @@
 state
 distribution
 component
-arch
+arch
+signed-by

cdist/conf/type/__fail2ban/gencode-remote

@@ -0,0 +1,24 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+if [ -f "$__object/parameter/path-override" ]; then
+    echo "fail2ban-client reload"
+fi

cdist/conf/type/__fail2ban/man.rst

@@ -0,0 +1,53 @@
+cdist-type__fail2ban(7)
+=======================
+
+NAME
+----
+cdist-type__fail2ban - TODO
+
+
+DESCRIPTION
+-----------
+This space intentionally left blank.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+None.
+
+
+BOOLEAN PARAMETERS
+------------------
+None.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # TODO
+    __fail2ban
+
+
+SEE ALSO
+--------
+:strong:`TODO`\ (7)
+
+
+AUTHORS
+-------
+Daniel Fancsali <fancsali@gmail.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__fail2ban/manifest

@@ -0,0 +1,45 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+   debian|ubuntu|devuan)
+      :
+   ;;
+   *)
+      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+      printf "Please contribute an implementation for it if you can.\n" >&2
+      exit 1
+   ;;
+esac
+
+
+__package_apt fail2ban
+
+export require="__package_apt/fail2ban"
+
+if [ -f "$__object/parameter/path-override" ]; then
+    (
+        echo [DEFAULT]
+        cat "$__object/parameter/path-override"
+    ) |  __file /etc/fail2ban/paths-overrides.local --mode 644 --source -
+fi

cdist/conf/type/__fail2ban/parameter/optional_multiple

@@ -0,0 +1 @@
+path-override

cdist/conf/type/__fail2ban_jail/gencode-remote

@@ -0,0 +1,22 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+echo "fail2ban-client reload"

cdist/conf/type/__fail2ban_jail/man.rst

@@ -0,0 +1,53 @@
+cdist-type__fail2ban_jail(7)
+============================
+
+NAME
+----
+cdist-type__fail2ban_jail - TODO
+
+
+DESCRIPTION
+-----------
+This space intentionally left blank.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+None.
+
+
+BOOLEAN PARAMETERS
+------------------
+None.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # TODO
+    __fail2ban_jail
+
+
+SEE ALSO
+--------
+:strong:`TODO`\ (7)
+
+
+AUTHORS
+-------
+Daniel Fancsali <fancsali@gmail.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__fail2ban_jail/manifest

@@ -0,0 +1,46 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+   debian|ubuntu|devuan)
+      :
+   ;;
+   *)
+      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+      printf "Please contribute an implementation for it if you can.\n" >&2
+      exit 1
+   ;;
+esac
+
+export require="__fail2ban"
+
+__file /etc/fail2ban/jail.local --mode 644
+
+export require="__file/etc/fail2ban/jail.local"
+(
+    echo "[$__object_id]"
+    echo "enabled = true"
+    if [ -f "$__object/parameter/override" ]; then
+        cat "$__object/parameter/override"
+    fi
+) |  __block "/etc/fail2ban/jail.local:$__object_id" --file /etc/fail2ban/jail.local --text -

cdist/conf/type/__fail2ban_jail/parameter/optional_multiple

@@ -0,0 +1 @@
+override

cdist/conf/type/__mysql/man.rst

@@ -0,0 +1,54 @@
+cdist-type__mysql(7)
+====================
+
+NAME
+----
+cdist-type__mysql - Install MySQL or MariaDB server.
+
+
+DESCRIPTION
+-----------
+This type will install the MySQL server package(s) -- or the compatible MariaDB software.
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+None.
+
+
+BOOLEAN PARAMETERS
+------------------
+mariadb
+   Install MariaDB to provide the equivalent functionality instead.
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Install MariaDB and create a user and a database
+    __mysql --mariadb
+    __mysql_database testdb
+    __mysql_user testuser  --password topsecret
+
+
+SEE ALSO
+--------
+:strong:`cdist-type__mysql_database`\ (7), :strong:`cdist-type__mysql_user`\ (7), :strong:`cdist-type__mysql_privileges`\ (7)
+
+
+AUTHORS
+-------
+Daniel Fancsali <fancsali@gmail.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__mysql/manifest

@@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+# 2021 Daniel Fancsali (fancsali@gmail.com)
 #
 # This file is part of cdist.
 #
@@ -18,16 +18,9 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-if [ -f "$__object/parameter/name" ]
-then
-    name="$( cat "$__object/parameter/name" )"
-else
-    name="$__object_id"
-fi
 
-if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ]
-then
-    echo 'present'
+if [ -f "$__object/parameter/mariadb" ]; then
+    __package mariadb-server
 else
-    echo 'absent'
+    __package mysql-server
 fi

cdist/conf/type/__mysql/parameter/boolean

@@ -0,0 +1 @@
+mariadb

cdist/conf/type/__mysql_database/gencode-remote

@@ -18,15 +18,9 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-state_is="$( cat "$__object/explorer/state" )"
 
 state_should="$( cat "$__object/parameter/state" )"
 
-if [ "$state_is" = "$state_should" ]
-then
-    exit 0
-fi
-
 if [ -f "$__object/parameter/name" ]
 then
     name="$( cat "$__object/parameter/name" )"
@@ -34,6 +28,20 @@ else
     name="$__object_id"
 fi
 
+# Figure out the current state
+# Not an explorer, as otherwise there'd be issues around the dependencies
+if [ -n "$( $__remote_exec "$__target_host" "mysql -B -N -e \"show databases like '$name'\"" )" ]
+then
+    state_is="present"
+else
+    state_is="absent"
+fi
+
+if [ "$state_is" = "$state_should" ]
+then
+    exit 0
+fi
+
 case "$state_should" in
     present)
         echo "mysql -e 'create database \`$name\`'"

cdist/conf/type/__mysql_database/manifest

@@ -18,6 +18,11 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
+
+# Whatever the details, we'll need MySQL/MariaDB
+require="__mysql" __nop "$__object_id"
+
+
 if [ -f "$__object/parameter/user" ]
 then
     user="$( cat "$__object/parameter/user" )"

cdist/conf/type/__mysql_privileges/manifest

@@ -0,0 +1,23 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+# We'll need MySQL/MariaDB
+require="__mysql" __nop "$__object_id"

cdist/conf/type/__mysql_user/explorer/state

@@ -1,54 +0,0 @@
-#!/bin/sh -e
-#
-# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-if [ -f "$__object/parameter/name" ]
-then
-    name="$( cat "$__object/parameter/name" )"
-else
-    name="$__object_id"
-fi
-
-if [ -f "$__object/parameter/password" ]
-then
-    password="$( cat "$__object/parameter/password" )"
-else
-    password=''
-fi
-
-host="$( cat "$__object/parameter/host" )"
-
-check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )"
-
-if [ -n "$check_user" ]
-then
-    if [ -n "$password" ]
-    then
-        check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )"
-    fi
-
-    if [ -n "$password" ] && [ -z "$check_password" ]
-    then
-        echo 'change-password'
-    else
-        echo 'present'
-    fi
-else
-    echo 'absent'
-fi

cdist/conf/type/__mysql_user/gencode-remote

@@ -18,15 +18,9 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-state_is="$( cat "$__object/explorer/state" )"
 
 state_should="$( cat "$__object/parameter/state" )"
 
-if [ "$state_is" = "$state_should" ]
-then
-    exit 0
-fi
-
 if [ -f "$__object/parameter/name" ]
 then
     name="$( cat "$__object/parameter/name" )"
@@ -49,6 +43,32 @@ else
     fi
 fi
 
+# Current state
+# Not an exploerer, to avoid issues with mysql not installed YET
+check_user="$( $__remote_exec "$__target_host" "mysql -B -N -e \"select user from mysql.user where user = '$name' and host = '$host'\"" )"
+
+if [ -n "$check_user" ]
+then
+    if [ -n "$password" ]
+    then
+        check_password="$( $__remote_exec "$__target_host" "mysql -B -N -e \"select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )\"" )"
+    fi
+
+    if [ -n "$password" ] && [ -z "$check_password" ]
+    then
+        state_is='change-password'
+    else
+        state_is='present'
+    fi
+else
+    state_is='absent'
+fi
+
+if [ "$state_is" = "$state_should" ]
+then
+    exit 0
+fi
+
 if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ]
 then
     echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'"

cdist/conf/type/__mysql_user/manifest

@@ -0,0 +1,23 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+# We'll need MySQl/MariaDb to be installed
+require="__mysql" __nop "$__object_id"

cdist/conf/type/__nop/man.rst

@@ -0,0 +1,60 @@
+cdist-type__nop(7)
+==================
+
+NAME
+----
+cdist-type__nop - Do nothing, but allow dependencies to be specified.
+
+
+DESCRIPTION
+-----------
+If one has a type without any logic in the ``manifest`` (i.e. only some ``gencode-*`` logic), that depends on some other type, there are two ways make sure the dependencies taken into consideration:
+
+- Either remember to specify them "externally" *every time*, wherever and whenever those types are used
+- Include a ``manifest`` in the *dependent* type, that does something useless (or even nothing)
+
+This type provides a convenient solution for the latter one. It is guaranteed to have no effect on the target host, but it provides an 'anchor point' for type-writers to include in an otherwise empty ``manifest``.
+
+PARAMETERS
+----------
+None.
+
+The ``$__object_id`` is required though, so the type can be used several times.
+
+
+EXAMPLES
+--------
+
+Let's assume type ``__eggs`` depends on type ``__spam``, but has nothing in it's ``manifest``. In the simplest case, it's manifest can contain this:
+
+.. code-block:: sh
+    __spam
+
+If, ``__spam`` has parameters, however, one would resort to this at the place of use:
+
+.. code-block:: sh
+    __spam --foo bar
+    require="__spam" __ham --baz
+
+Or by using the ``__nop`` type, simply do away with the ``require``, and update ``__ham/manifest`` to specify the dependency:
+
+.. code-block:: sh
+    require="__spam" __nop $__object_id
+
+In this case, when the type is used, the depencency is automatic, and one could simply write:
+
+.. code-block:: sh
+    __spam --foo bar
+    __ham --baz
+
+AUTHORS
+-------
+Daniel Fancsali <fancsali@gmail.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.